Attack-Resilient State Estimation for Noisy Dynamical Systems

2015 54th IEEE Conference on Decision and Control (CDC), 2015

We consider the problem of attack-resilient state estimation in the presence of noise. We focus on the most general model for sensor attacks where any signal can be injected via the compromised sensors. An l0-based state estimator that can be formulated as a mixed-integer linear program and its convex relaxation based on the l1 norm are presented. For both l0 and l1-based state estimators, we derive rigorous analytic bounds on the state-estimation errors. We show that the worst-case error is linear with the size of the noise, meaning that the attacker cannot exploit noise and modeling errors to introduce unbounded state-estimation errors. Finally, we show how the presented attack-resilient state estimators can be used for sound attack detection and identification, and provide conditions on the size of attack vectors that will ensure correct identification of compromised sensors. This material is based on research sponsored by DARPA under agreement number FA8750-12-2-0247. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of DARPA or the U.

2015 IEEE International Symposium on Information Theory (ISIT), 2015

Motivated by the need to secure cyber-physical systems against attacks, we consider the problem of estimating the state of a noisy linear dynamical system when a subset of sensors is arbitrarily corrupted by an adversary. We propose a secure state estimation algorithm and derive (optimal) bounds on the achievable state estimation error. In addition, as a result of independent interest, we give a coding theoretic interpretation for prior work on secure state estimation against sensor attacks in a noiseless dynamical system. arXiv:1504.05566v2 [math.OC]

2020 American Control Conference (ACC), 2020

This paper addresses the problem of secure state estimation in the presence of attacks on sensor measurements of a linear time invariant (LTI) system. We assume that the system is equipped with a common l0-based attack-resilient state estimator and a sound anomaly detector. We introduce the notion of perfect attackability (PA) for LTI systems with bounded noise, when the attacker may introduce an unbounded estimation error while remaining undetected by the anomaly detector. Finally, necessary and sufficient conditions for perfectly attackable systems are provided, and illustrated on examples.

2014 ACM/IEEE International Conference on Cyber-Physical Systems (ICCPS), 2014

The interaction between information technology and physical world makes Cyber-Physical Systems (CPS) vulnerable to malicious attacks beyond the standard cyber attacks. This has motivated the need for attackresilient state estimation. Yet, the existing state-estimators are based on the non-realistic assumption that the exact system model is known. Consequently, in this work we present a method for state estimation in presence of attacks, for systems with noise and modeling errors. When the the estimated states are used by a state-based feedback controller, we show that the attacker cannot destabilize the system by exploiting the difeerence between the model used for the state estimation and the real physical dynamics of the system. Furthermore, we describe how implementation issues such as jitter, latency and synchronization errors can be mapped into parameters of the state estimation procedure that describe modeling errors, and provide a bound on the stateestimation error caused by modeling errors. This enables mapping control performance requirements into real-time (i.e., timing related) specifications imposed on the underlying platform. Finally, we illustrate and experimentally evaluate this approach on an unmanned ground vehicle case-study.

2017 IEEE 56th Annual Conference on Decision and Control (CDC), 2017

This work investigates the effects of signal attacks possibly combined with network deception attacks injecting fake measurements on stochastic cyber-physical systems. The goal of the attacker is to maximize the estimation error based on the information available about the system and the measurement models, preferably without being detected. This problem is formulated following a worst-case approach characterizing the maximum degradation the attacker can induce at each time instant when a Bayesian filter developed within the random finite set (RFS) framework is employed for simultaneous attack detection and resilient state estimation. A novel concept of error which captures the switching (Bernoulli) nature of the signal attack is proposed as an appropriate distance measure for joint detection-estimation. Furthermore, the notion of stealthiness is introduced in order to derive attack policies useful to synthesize undetectable perturbations that can deceive a Maximum Aposteriori Probability (MAP) detector implemented for security.

2020 59th IEEE Conference on Decision and Control (CDC), 2020

The state estimation of continuous-time nonlinear systems in which a subset of sensor outputs can be maliciously controlled through injecting a potentially unbounded additive signal is considered in this paper. Analogous to our earlier work for continuous-time linear systems in [1], we term the convergence of the estimates to the true states in the presence of sensor attacks as 'observability under M attacks', where M refers to the number of sensors which the attacker has access to. Unlike the linear case, we only provide a sufficient condition such that a nonlinear system is observable under M attacks. The condition requires the existence of asymptotic observers which are robust with respect to the attack signals in an inputto-state stable sense. We show that an algorithm to choose a compatible state estimate from the state estimates generated by the bank of observers achieves asymptotic state reconstruction. We also provide a constructive method for a class of nonlinear systems to design state observers which have the desirable robustness property. The relevance of this study is illustrated on monitoring the safe operation of a power distribution network.

2020

Network-based attacks on control systems may alter sensor data delivered to the controller, effectively causing degradation in control performance. As a result, having access to accurate state estimates, even in the presence of attacks on sensor measurements, is of critical importance. In this paper, we analyze performance of resilient state estimators (RSEs) when any subset of sensors may be compromised by a stealthy attacker. Specifically, we consider systems with the well-known l0-based RSE and two commonly used sound intrusion detectors (IDs). For linear time-invariant plants with bounded noise, we define the notion of perfect attackability (PA) when attacks may result in unbounded estimation errors while remaining undetected by the employed ID (i.e., stealthy). We derive necessary and sufficient PA conditions, showing that a system can be perfectly attackable even if the plant is stable. While PA can be prevented with the use the standard cryptographic mechanisms (e.g., message...

Information Sciences, 2017

Secure state estimation is the problem of estimating the state of a dynamical system from a set of noisy and adversarially-corrupted measurements. Intrinsically a combinatorial problem, secure state estimation has been traditionally addressed either by brute force search, suffering from scalability issues, or via convex relaxations, using algorithms that can terminate in polynomial time but are not necessarily sound. In this paper, we present a novel algorithm that uses a satisfiability modulo theory approach to harness the complexity of secure state estimation. We leverage results from formal methods over real numbers to provide guarantees on the soundness and completeness of our algorithm. Moreover, we discuss its scalability properties, by providing upper bounds on the runtime performance. Numerical simulations support our arguments by showing an order of magnitude decrease in execution time with respect to alternative techniques. Finally, the effectiveness of the proposed algorithm is demonstrated by applying it to the problem of controlling an unmanned ground vehicle.

2014 American Control Conference, 2014

This work addresses the design of resilient estimators for stochastic systems. To this end, we introduce a minimum mean-squared error resilient (MMSE-R) estimator whose conditional mean squared error from the state remains finitely bounded and is independent of additive measurement attacks. An implementation of the MMSE-R estimator is presented and is shown as the solution of a semidefinite programming problem, which can be implemented efficiently using convex optimization techniques. The MMSE-R strategy is evaluated against other competing strategies representing other estimation approaches in the presence of small and large measurement attacks. The results indicate that the MMSE-R estimator significantly outperforms (in terms of mean-squared error) other realizable resilient (and non-resilient) estimators.

Automatica, 2019

This paper investigates the state estimation problem for multi-sensor systems under undetectable attacks. The system outputs are transmitted to the estimator via a non-secure network in the presence of adversary. A necessary and sufficient condition is established for the scenario that the attacks are undetectable by the detector of the multi-sensor system. The attack parameters can be obtained by solving an optimization problem such that the attack can not only circumvent detection but also degrade the estimation performance. By considering the estimation error dynamics with uncertainties, an estimator redesign method is derived for the case that the estimator believes there may exist undetectable attacks in the communication network. An illustrative example is presented to demonstrate the effectiveness and potential of the proposed attacker design and estimator redesign techniques.