Elsevier

Automatica

Volume 95, September 2018, Pages 399-412
Automatica

Secure estimation based Kalman Filter for cyber–physical systems against sensor attacks

https://doi.org/10.1016/j.automatica.2018.06.010Get rights and content

Abstract

Cyber–physical systems are found in many applications such as power networks, manufacturing processes, and air and ground transportation systems. Maintaining security of these systems under cyber attacks is an important and challenging task, since these attacks can be erratic and thus difficult to model. Secure estimation problems study how to estimate the true system states when measurements are corrupted and/or control inputs are compromised by attackers. The authors in Fawzi et al. (2014) proposed a secure estimation method when the set of attacked nodes (sensors, controllers) is fixed. In this paper, we extend these results to scenarios in which the set of attacked nodes can change over time. We formulate this secure estimation problem into the classical error correction problem (Candes and Tao, 2005) and we show that accurate decoding can be guaranteed. Furthermore, we propose a combined secure estimation method with our proposed secure estimator and the Kalman Filter for improved practical performance. Finally, we demonstrate the performance of our method through simulations of two scenarios where an unmanned aerial vehicle is under attack.

Introduction

Cyber–physicalsystems (CPS) consist of physical components such as actuators, sensors and controllers that communicate with each other over a network (Kim & Kumar, 2012). For example, unmanned aerial vehicles (UAV) may obtain position measurements from a Global Positioning System (GPS) or communicate with remote control centers. Although communication networks are often protected by security measures, cyber attacks can still take place when a malicious attacker obtains unauthorized access, launching jamming attacks (Gligor, 1984), or spoofing sensor readings and sending erroneous control signals to actuators (Mo & Sinopoli, 2010). For CPS, cyber attacks not only compromise information but can also cause damage in the physical process, ranging from power systems Liu et al. (2011), Teixeira et al. (2010) to UAVs (Hu, Chang, & Tomlin, 2016). This presents new challenges and thus demands new strategies and algorithms (Cardenas, Amin, & Sastry, 2008).

There has been an increase in the number of research and applications on the security of CPS. Each of them relies on specific assumptions about attackers’ strategies and it is rarely the case, if not impossible, that one estimator/detector can protect against all possible attacks. Kosut, Liyan, Thomas, and Tong (2012), Kwon, Liu, and Hwang (2013), Liu et al. (2014) and Teixeira et al. (2010) studied optimal attack strategies for different control systems and applications. From the controller’s point of view, researchers have studied how to detect attacks Blanke et al. (2006), Massoumnia et al. (1989) and how to accurately estimate the states and control the system when it is under attack. One approach for the latter, which is adopted in robust control and filtering methods, is to model the attack signal as process or measurement noise, and assume that they are bounded (Zhou & Doyle, 1998) or follow a certain probabilistic distribution Manandhar et al. (2014), Pasqualetti et al. (2011). An alternative approach uses game theory, where the controller and attacker are players with competing goals in a game Fei et al. (2013), Gueye et al. (2012), Gupta et al. (2010), Manshaei et al. (2013), Roy et al. (2010). Finally, the authors of Kwon and Hwang (2013) proposed a hybrid controller, where each constituent controller protects against a specific type of attack.

Recently, Fawzi, Tabuada, and Diggavi (2014) studied secure estimation of a linear time invariant system where attack signals can be arbitrary and unbounded, thus protecting the system against more general cyber-attacks; Chong and Kuijper (2016) proposed the security index of a discrete time linear time invariant (LTI) system under sensor attacks as a quantitative measure on the security of an observable system. Later, Pajic et al. (2014) and Shoukry et al. (2016) extended this work by relaxing the assumption of having an exact system model and proposing an Satisfiability Modulo Theory (SMT)-based observer that handles large systems with thousands of sensors. One limiting assumption of Fawzi et al. (2014) and Pajic et al. (2014), Shoukry et al. (2016) is that the set of attacked nodes/sensors is fixed and cannot change over time. If a malicious attacker is aware of this, then he or she can exploit this weakness and attack different sensors at different time steps so that such an estimator would fail.

In this paper, we are interested in the case in which the set of attacked nodes can change over time. By doing so, our proposed estimator can protect the system against more general attack scenarios than that presented in Fawzi et al. (2014). We believe this is a significant contribution, because it is difficult, if not impossible, to anticipate cyber attackers’ strategies and behavior, thus an estimator that is able to handle more general attacks is an improvement. Such attacks are found in many practical situations, and can be launched in both the cyber and the physical domain. For example, security studies on the current traffic infrastructure (Ghena, Beyer, Hillaker, Pevarnek, & Halderman, 2014) demonstrated that once a cyber attacker gains access to the traffic network at a single point, the attacker can send commands to any traffic intersection in the network. In other words, the attacker can freely attack a different set of traffic signals (sensors) at any time. Indeed, an attacker who desires to travel through a set of roads as fast as possible would attack different traffic lights to always give him/herself green lights as he/she moves through the road network. Liu, Chen, Zourntos, Kundur, and Butler-Purry (2014) describes a practical situation where a physical attack on a power system with a changing set of attack nodes is desirable: the authors designed a multi-switch attack, in which different switches in a power network are attacked at different times, in order to lead to stealthy and wide-scale cascading failures in the power system.

There are four main contributions in this paper:

(1) We propose a secure estimator for a linear time invariant system under sensor attacks, where the attacked sensors can change with time, and attack signals can be unbounded and arbitrary. The proposed estimator is based on l1 optimization and is computationally efficient.

(2) We prove the maximum number of sensor attacks that can be corrected with our estimator, which turns out to be the same as that of the estimator proposed in Fawzi et al. (2014) with the mere requirement of a longer time window. This is a very nice result as it shows that, compared to Fawzi et al. (2014), our estimator can protect the system against more general attacks, and at the same time, it does not compromise the number of attacks that can be corrected.

(3) We propose a practical method for estimator design that guarantees accurate decoding. First, we formulate the secure estimation problem into the classical error correction (EC) problem (Candes & Tao, 2005). In EC, accurate decoding can be guaranteed if the coding matrix satisfies the Restricted Isometric Properties (RIP), which is often achieved by randomly choosing a coding matrix a priori. However, this is not possible in our problem setting. Instead of using RIP, in Theorem 1, we provide a sufficient condition for perfect recovery of the system states against sensor attacks.

(4) Finally, we propose to combine our estimator with a Kalman Filter (KF) to improve its practical performance. The KF filters out both occasional estimation errors by the secure estimator and noisy measurements. We demonstrate the effectiveness of our combined estimator using two examples of UAVs under adversarial attacks.

This paper is organized as follows. Section 2 gives an overview of secure estimation for CPS when attacked nodes are fixed, as well as compressive sensing and error correction. Section 3 formulates the problem of secure estimation when attacked nodes can change over time and compares it with the case when attacked nodes are fixed. In Section 4, we describe our estimator design method and assess the estimator’s practical performance through extensive simulations. In addition, we describe how to combine it with a KF to improve its performance in practice. Finally we present two more realistic numerical examples of UAVs subject to adversarial attacks in Section 5.

  • |supp(x)| denotes the support of vector x, i.e., the number of nonzero components in x.2

  • For a matrix MRm×n, N(M)={xRnMx=0} represents the null space of M. R(M) denotes the range space of M, and is defined as the set of all possible linear combinations of its column vectors.

Section snippets

Secure estimation for fixed attacked nodes (Fawzi et al., 2014)

Consider a linear dynamical system in the presence of attacks: x(t+1)=Ax(t),y(t)=Cx(t)+e(t)where x(t)Rn represents the state of the system at time tN, y(t)Rp is the output of the sensors at time t and e(t)Rp represents possibly unbounded and arbitrary attack signals injected by malicious agents at the sensors. In Fawzi et al. (2014), the authors proposed an elegant state estimation algorithm against adversarial attacks but they assumed that the set of attacked nodes K does not change over

Secure estimation when attacked nodes change over time

Consider the linear time invariant system as follows: x(t+1)=Aox(t)+Bu(t),y(t)=Cx(t)+e(t)where x(t)Rn, y(t)Rp and u(t)Rm are the states, measurements and control inputs at time t. e(t)Rp is the attack signal, and we assume that the attacked nodes can change over time. In addition, assume that a local control loop implements secure state feedback: u(t)=Gx(t), i.e., the local control loop is not subject to attacks. The resulting closed loop system matrix is A (=Ao+BG). In

Estimator design

In the classical error correction problem, to ensure accurate decoding, the coding matrix must satisfy the RIP conditions (Candes & Tao, 2005), which are extremely difficult to check in general. In practice, Theorem 1.4 from Candes and Tao (2005) is almost always used to design a coding matrix a priori. This theorem states that a coding matrix whose entries are sampled from independent and identical distributions satisfies the RIP condition with overwhelming probability. In secure estimation,

Numerical examples

On February 15, 2015, the Federal Aviation Administration proposed to allow routine use of certain small, non-recreational UAVs in today’s aviation system (FAA, 0000). Thus in the near future, we may see thousands of UAVs such as Amazon Prime Air (Amazon, 0000) and Google Project Wing vehicles (Google, 0000) sharing the airspace simultaneously. To ensure safety of this immense UAV traffic, UAVs may periodically update their position and velocity measurements wirelessly to a Remote Control

Conclusion

We consider the problem of secure estimation for CPS under adversarial attacks. Unlike Fawzi et al. (2014) where the attacked sensors are assumed to be fixed, we allow the set of attacked sensors to change over time, and propose a computationally efficient secure estimator for the latter scenario that works for arbitrary and unbounded attacks. In addition, we propose to combine the secure estimator with a KF for improved practical performance. We demonstrate through numerical examples, that our

Young Hwan Chang received his Bachelor degree and Master degree in aerospace engineering from Korea Advanced Institute of Science and Technology (KAIST) in 2002, 2004 respectively and the Ph.D. degree in mechanical engineering from the University of California, Berkeley, in 2013. He worked as a postdoctoral researcher at Hybrid Systems Laboratory in the Department of Electrical Engineering and Computer Sciences, UC Berkeley.

He is currently an assistant professor in the department of biomedical

References (39)

  • GoodallColin R.

    Computation using the qr decomposition

    Handbook of Statistics

    (1993)
  • LiuYao et al.

    False data injection attacks against state estimation in electric power grids

    ACM Transactions on Information and System Security (TISSEC)

    (2011)
  • Amazon. Amazon Prime Air....
  • BlankeMogens et al.

    Diagnosis and fault-tolerant control

    (2006)
  • Bouffard, Patrick (2012). On-board model predictive control of a quadrotor helicopter: Design, implementation, and...
  • CandesE.J. et al.

    Decoding by linear programming

    IEEE Transactions on Information Theory

    (2005)
  • Cardenas, Alvaro A., Amin, Saurabh, & Sastry, Shankar (2008). Secure control: towards survivable cyber-physical...
  • ChongMichelle S. et al.

    Characterising the vulnerability of linear control systems under sensor attacks using a system’s security index

  • DonohoDavid L. et al.

    Optimally sparse representation in general (nonorthogonal) dictionaries via l1 minimization

    Proceedings of the National Academy of Sciences

    (2003)
  • EladMichael et al.

    A generalized uncertainty principle and sparse representation in pairs of rn bases

    IEEE Transactions on Information Theory

    (2002)
  • FAA. Press release –DOT and FAA propose new rules for small unmanned aircraft systems....
  • FallatShaun M. et al.

    Totally nonnegative matrices

    (2011)
  • FawziH. et al.

    Secure estimation and control for cyber-physical systems under adversarial attacks

    IEEE Transactions on Automatic Control

    (2014)
  • Fei, Miao, Pajic, Miroslav, & Pappas, George J. (2013). Stochastic game approach for replay attack detection. In 52nd...
  • Ghena, Branden, Beyer, William, Hillaker, Allen, Pevarnek, Jonathan, & Halderman, Alex J. (2014). Green lights forever:...
  • GligorVirgil D.

    A note on denial-of-service in operating systems

    IEEE Transactions on Software Engineering

    (1984)
  • Google, Google project wing....
  • GribonvalR. et al.

    Sparse representations in unions of bases

    IEEE Transactions on Information Theory

    (2003)
  • Gueye, Assane, Marbukh, Vladimir, & Walrand, Jean C. (2012). Towards a metric for communication network vulnerability...
  • Cited by (106)

    • Secure nonlinear fusion estimation for cyber–physical systems under FDI attacks

      2023, Automatica
      Citation Excerpt :

      As a result, successful FDI attacks may result in serious industrial accidents and economic losses (Pang, Liu, Zhou, Hou, & Sun, 2016). Therefore, the secure state estimation which estimates the system state from compromised measurements has become one of the vital research directions (Chang, Hu, & Tomlin, 2018; Shinohara, Namerikawa, & Qu, 2019). Although the secure estimation problem was investigated in Chang et al. (2018) and Shinohara et al. (2019), these works only considered the single-sensor condition, while multi-sensor fusion can provide more redundant information for the security and accuracy of state estimation.

    • Remote state estimator design under the round-Robin protocol

      2024, International Journal of Robust and Nonlinear Control
    View all citing articles on Scopus

    Young Hwan Chang received his Bachelor degree and Master degree in aerospace engineering from Korea Advanced Institute of Science and Technology (KAIST) in 2002, 2004 respectively and the Ph.D. degree in mechanical engineering from the University of California, Berkeley, in 2013. He worked as a postdoctoral researcher at Hybrid Systems Laboratory in the Department of Electrical Engineering and Computer Sciences, UC Berkeley.

    He is currently an assistant professor in the department of biomedical engineering and computational biology program, Oregon Health and Science University (OHSU). His current research interests include control systems, with applications to systems biology, quantitative image analysis and cyber–physical systems.

    Qie Hu received her Bachelor and Master degrees in Control and Information Sciences from University of Cambridge, U.K., in 2008. She was a Control and Instrument Engineer at TOTAL Exploration and Production U.K., from 2008 to 2010. She is a researcher at the University of California, Berkeley, USA, where she obtained her Ph.D. in 2017.

    Claire J. Tomlin is a Professor of Electrical Engineering and Computer Sciences at the University of California at Berkeley, where she holds the Charles A. Desoer Chair in Engineering. She held the positions of Assistant, Associate, and Full Professor at Stanford from 1998–2007, and in 2005 joined Berkeley. She received the Erlander Professorship of the Swedish Research Council in 2009, a MacArthur Fellowship in 2006, and the Eckman Award of the American Automatic Control Council in 2003. She works in hybrid systems and control, with applications to air traffic systems, robotics, and biology.

    This work was supported by the NSF CPS project ActionWebs under grant number 0931843, NSF CPS project FORCES under grant number 1239166. The material in this paper was presented at the 30th Congress of the International Council of the Aeronautical Sciences, September 25–30, 2016, DCC, Daejeon, Korea. This paper was recommended for publication in revised form by Associate Editor Wei Xing Zheng under the direction of Editor Torsten Söderström.

    1

    These authors contributed equally.

    View full text