skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Optimal Attack Strategies Subject to Detection Constraints Against Cyber-Physical Systems

Abstract

This paper studies an attacker against a cyberphysical system (CPS) whose goal is to move the state of a CPS to a target state while ensuring that his or her probability of being detected does not exceed a given bound. The attacker’s probability of being detected is related to the nonnegative bias induced by his or her attack on the CPS’s detection statistic. We formulate a linear quadratic cost function that captures the attacker’s control goal and establish constraints on the induced bias that reflect the attacker’s detection-avoidance objectives. When the attacker is constrained to be detected at the false-alarm rate of the detector, we show that the optimal attack strategy reduces to a linear feedback of the attacker’s state estimate. In the case that the attacker’s bias is upper bounded by a positive constant, we provide two algorithms – an optimal algorithm and a sub-optimal, less computationally intensive algorithm – to find suitable attack sequences. Lastly, we illustrate our attack strategies in numerical examples based on a remotely-controlled helicopter under attack.

Authors:
ORCiD logo [1]; ORCiD logo [1];  [1]
  1. Carnegie Mellon Univ., Pittsburgh, PA (United States)
Publication Date:
Research Org.:
Carnegie Mellon Univ., Pittsburgh, PA (United States)
Sponsoring Org.:
USDOE Office of Electricity Delivery and Energy Reliability (OE)
OSTI Identifier:
1406998
Alternate Identifier(s):
OSTI ID: 1433649
Grant/Contract Number:
OE0000779
Resource Type:
Journal Article: Accepted Manuscript
Journal Name:
IEEE Transactions on Control of Network Systems
Additional Journal Information:
Journal Volume: PP; Journal Issue: 99; Journal ID: ISSN 2325-5870
Publisher:
IEEE
Country of Publication:
United States
Language:
English
Subject:
32 ENERGY CONSERVATION, CONSUMPTION, AND UTILIZATION

Citation Formats

Chen, Yuan, Kar, Soummya, and Moura, Jose M. F. Optimal Attack Strategies Subject to Detection Constraints Against Cyber-Physical Systems. United States: N. p., 2017. Web. doi:10.1109/TCNS.2017.2690399.
Chen, Yuan, Kar, Soummya, & Moura, Jose M. F. Optimal Attack Strategies Subject to Detection Constraints Against Cyber-Physical Systems. United States. doi:10.1109/TCNS.2017.2690399.
Chen, Yuan, Kar, Soummya, and Moura, Jose M. F. Fri . "Optimal Attack Strategies Subject to Detection Constraints Against Cyber-Physical Systems". United States. doi:10.1109/TCNS.2017.2690399. https://www.osti.gov/servlets/purl/1406998.
@article{osti_1406998,
title = {Optimal Attack Strategies Subject to Detection Constraints Against Cyber-Physical Systems},
author = {Chen, Yuan and Kar, Soummya and Moura, Jose M. F.},
abstractNote = {This paper studies an attacker against a cyberphysical system (CPS) whose goal is to move the state of a CPS to a target state while ensuring that his or her probability of being detected does not exceed a given bound. The attacker’s probability of being detected is related to the nonnegative bias induced by his or her attack on the CPS’s detection statistic. We formulate a linear quadratic cost function that captures the attacker’s control goal and establish constraints on the induced bias that reflect the attacker’s detection-avoidance objectives. When the attacker is constrained to be detected at the false-alarm rate of the detector, we show that the optimal attack strategy reduces to a linear feedback of the attacker’s state estimate. In the case that the attacker’s bias is upper bounded by a positive constant, we provide two algorithms – an optimal algorithm and a sub-optimal, less computationally intensive algorithm – to find suitable attack sequences. Lastly, we illustrate our attack strategies in numerical examples based on a remotely-controlled helicopter under attack.},
doi = {10.1109/TCNS.2017.2690399},
journal = {IEEE Transactions on Control of Network Systems},
number = 99,
volume = PP,
place = {United States},
year = {Fri Mar 31 00:00:00 EDT 2017},
month = {Fri Mar 31 00:00:00 EDT 2017}
}

Journal Article:
Free Publicly Available Full Text
Publisher's Version of Record

Save / Share:
  • This paper studies an attacker against a cyberphysical system (CPS) whose goal is to move the state of a CPS to a target state while ensuring that his or her probability of being detected does not exceed a given bound. The attacker’s probability of being detected is related to the nonnegative bias induced by his or her attack on the CPS’s detection statistic. We formulate a linear quadratic cost function that captures the attacker’s control goal and establish constraints on the induced bias that reflect the attacker’s detection-avoidance objectives. When the attacker is constrained to be detected at the false-alarmmore » rate of the detector, we show that the optimal attack strategy reduces to a linear feedback of the attacker’s state estimate. In the case that the attacker’s bias is upper bounded by a positive constant, we provide two algorithms – an optimal algorithm and a sub-optimal, less computationally intensive algorithm – to find suitable attack sequences. Finally, we illustrate our attack strategies in numerical examples based on a remotely-controlled helicopter under attack.« less
  • Abstract— Secure high-speed communication is required to ensure proper operation of complex power grid systems and prevent malicious tampering activities. In this paper, artificial neural networks with temporal dependency are introduced for false data identification and mitigation for broadcasted IEC 61850 SMV messages. The fast responses of such intelligent modules in intrusion detection make them suitable for time- critical applications, such as protection. However, care must be taken in selecting the appropriate intelligence model and decision criteria. As such, this paper presents a customizable malware script to sniff and manipulate SMV messages and demonstrates the ability of the malware tomore » trigger false positives in the neural network’s response. The malware developed is intended to be as a vaccine to harden the intrusion detection system against data manipulation attacks by enhancing the neural network’s ability to learn and adapt to these attacks.« less
  • The operation of cyber infrastructures relies on both cyber and physical components, which are subject to incidental and intentional degradations of different kinds. Within the context of network and computing infrastructures, we study the strategic interactions between an attacker and a defender using game-theoretic models that take into account both cyber and physical components. The attacker and defender optimize their individual utilities expressed as sums of cost and system terms. First, we consider a Boolean attack-defense model, wherein the cyber and physical sub-infrastructures may be attacked and reinforced as individual units. Second, we consider a component attack-defense model wherein theirmore » components may be attacked and defended, and the infrastructure requires minimum numbers of both to function. We show that the Nash equilibrium under uniform costs in both cases is computable in polynomial time, and it provides high-level deterministic conditions for the infrastructure survival. When probabilities of successful attack and defense, and of incidental failures are incorporated into the models, the results favor the attacker but otherwise remain qualitatively similar. This approach has been motivated and validated by our experiences with UltraScience Net infrastructure, which was built to support high-performance network experiments. In conclusion, the analytical results, however, are more general, and we apply them to simplified models of cloud and high-performance computing infrastructures.« less
  • Cyber security and resiliency of Wide-Area Monitoring, Protection and Control (WAMPAC) applications is critically important to ensure secure, reliable, and economic operation of the bulk power system. WAMPAC relies heavily on the security of measurements and control commands transmitted over wide-area communication networks for real-time operational, protection, and control functions. Also, the current “N-1 security criteria” for grid operation is inadequate to address malicious cyber events and therefore it is important to fundamentally redesign WAMPAC and to enhance Energy Management System (EMS) applications to make them attack-resilient. In this paper, we propose an end-to-end defense-in-depth architecture for attack-resilient WAMPAC thatmore » addresses resilience at both the infrastructure layer and the application layers. Also, we propose an attack-resilient cyber-physical security framework that encompasses the entire security life cycle including risk assessment, attack prevention, attack detection, attack mitigation, and attack resilience. The overarching objective of this paper is to provide a broad scope that comprehensively describes most of the major research issues and potential solutions in the context of cyber-physical security of WAMPAC for the power grid.« less