André M. H. TeixeiraUppsala University | UU · Department of Information Technology
André M. H. Teixeira
Ph. D. in Automatic Control
About
126
Publications
31,270
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
6,066
Citations
Introduction
I am an Associate Professor at the Division of Systems and Control, Uppsala University, Sweden. I received the M.Sc. degree in electrical and computer engineering from the Universidade do Porto, Portugal, in 2009, and the Ph. D. degree in automatic control from the KTH Royal Institute of Technology, Stockholm, Sweden, in 2014. I was awarded a Starting Grant by the Swedish Research Council in 2018, and a Future Research Leaders grant by the Swedish Foundation for Strategic Research in 2020.
Additional affiliations
September 2017 - May 2021
October 2015 - August 2017
November 2014 - September 2015
Education
October 2009 - November 2014
Publications
Publications (126)
This paper addresses the detection of stealthy attacks on sensor measurements. Inspired in authentication schemes with weak cryptographic guarantees, we propose a watermarking approach to validate the data and its source. In particular we propose a multiplicative scheme, where the sensor outputs are watermarked by a bank of filters, then transmitte...
In this chapter, we consider stealthy cyber- and physical attacks against control systems, where malicious adversaries aim at maximizing the impact on control performance, while simultaneously remaining undetected. As an initial goal, we develop security-related metrics to quantify the impact of stealthy attacks on the system. The key novelty of th...
This book presents an in-depth overview of recent work related to the safety, security, and privacy of cyber-physical systems (CPSs). It brings together contributions from leading researchers in networked control systems and closely related fields to discuss overarching aspects of safety, security, and privacy; characterization of attacks; and solu...
This article investigates the design of online stealthy attacks with the aim of moving the system's state to a desired target. Different from the design of offline attacks, which is only based on the system's model, to design the online attack, the attacker also estimates the system's state with the intercepted data at each instant and computes the...
This paper addresses the security allocation problem in a networked control system under stealthy injection attacks. The networked system is comprised of interconnected subsystems which are represented by nodes in a digraph. An adversary compromises the system by injecting false data into several nodes with the aim of maximally disrupting the perfo...
Delay injection attacks on nonlinear control systems may trigger instability mechanisms like finite escape time dynamics. The paper guards against such attacks by showing how a recursive algorithm for identification of nonlinear dynamics and delay can simultaneously provide parameter estimates for controller tuning and detection of delay injection...
This paper considers the problem of security allocation in a networked control system under stealthy attacks. The system is comprised of interconnected subsystems represented by vertices. A malicious adversary selects a single vertex on which to conduct a stealthy data injection attack with the purpose of maximally disrupting a distant target verte...
This paper proposes a data-driven framework to identify the attack-free sensors in a networked control system when some of the sensors are corrupted by an adversary. An operator with access to offline input-output attack-free trajectories of the plant is considered. Then, a data-driven algorithm is proposed to identify the attack-free sensors when...
This paper considers the problem of security allocation in a networked control system under stealthy attacks in which the system is comprised of interconnected subsystems represented by vertices. A malicious adversary selects a single vertex on which to conduct a stealthy data injection attack to maximally disrupt the local performance while remain...
The paper discusses attacks on networked control loops by increased delay, and shows how existing round trip jitter may disguise such attacks. The attackers objective need not be destabilization , the paper argues that making settling time requirements fail can be sufficient. To defend against such attacks, the paper proposes the use of joint recur...
Both intentional attacks and accidental technical failures can lead to abnormal behaviour in components of industrial control systems. In our previous work, we developed a framework for constructing Bayesian Network (BN) models to enable operators to distinguish between those two classes, including knowledge elicitation to construct the directed ac...
This paper proposes a game-theoretic method to address the problem of optimal detector placement in a networked control system under cyber-attacks. The networked control system is composed of interconnected agents where each agent is regulated by its local controller over unprotected communication, which leaves the system vulnerable to malicious cy...
This article considers the problem of risk-optimal allocation of security measures when the actuators of an uncertain control system are under attack. We consider an adversary injecting false data into the actuator channels. The attack impact is characterized by the maximum performance loss caused by a stealthy adversary with bounded energy. Since...
This paper proposes a secure state estimation scheme with non-periodic asynchronous measurements for linear continuous-time systems under false data attacks on the measurement transmit channel. After sampling the output of the system, a sensor transmits the measurement information in a triple composed of sensor index, time-stamp, and measurement va...
This article considers the problem of risk-optimal allocation of security measures when the actuators of an uncertain control system are under attack. We consider an adversary injecting false data into the actuator channels. The attack impact is characterized by the maximum performance loss caused by a stealthy adversary with bounded energy. Since...
In this article, we address the problem of risk assessment of stealthy attacks on uncertain control systems. Considering data injection attacks that aim at maximizing impact while remaining undetected, we use the recently proposed output-to-output gain to characterize the risk associated with the impact of attacks under a limited system knowledge a...
In this paper, we propose a new architecture to enhance the privacy and security of networked control systems against malicious adversaries. We consider an adversary which first learns the system dynamics (privacy) using system identification techniques, and then performs a data injection attack (security). In particular, we consider an adversary c...
This paper proposes a game-theoretic approach to address the problem of optimal sensor placement against an adversary in uncertain networked control systems. The problem is formulated as a zero-sum game with two players, namely a malicious adversary and a detector. Given a protected performance vertex, we consider a detector, with uncertain system...
This paper firstly addresses the problem of risk assessment under false data injection attacks on uncertain control systems. We consider an adversary with complete system knowledge, injecting stealthy false data into an uncertain control system. We then use the Value-at-Risk to characterize the risk associated with the attack impact caused by the a...
This paper proposes a game-theoretic approach to address the problem of optimal sensor placement for detecting cyber-attacks in networked control systems. The problem is formulated as a zero-sum game with two players, namely a malicious adversary and a detector. Given a protected target vertex, the detector places a sensor at a single vertex to mon...
This paper proposes a game-theoretic approach to address the problem of optimal sensor placement for detecting cyber-attacks in networked control systems. The problem is formulated as a zero-sum game with two players, namely a malicious adversary and a detector. Given a protected target vertex, the detector places a sensor at a single vertex to mon...
In this paper, we consider the optimal controller design problem against data injection attacks on actuators for an uncertain control system. We consider attacks that aim at maximizing the attack impact while remaining stealthy in the finite horizon. To this end, we use the Conditional Value-at-Risk to characterize the risk associated with the impa...
The addition of a physical watermarking signal to the control input increases the detection probability of data deception attacks at the expense of increased control cost. In this paper, we propose a parsimonious policy to reduce the average number of watermarking events when the attack is not present, which in turn reduces the control cost. We mod...
One of the most studied forms of attacks on the cyber-physical systems is the replay attack. The statistical similarities of the replayed signal and the true observations make the replay attack difficult to detect. In this paper, we address the problem of replay attack detection by adding watermarking to the control inputs and then perform resilien...
This paper proposes a game-theoretic approach to address the problem of optimal sensor placement for detecting cyber-attacks in networked control systems. The problem is formulated as a zero-sum game with two players, namely a malicious adversary and a detector. Given a protected target vertex, the detector places a sensor at a single vertex to mon...
This paper addresses the design of an active cyberattack detection architecture based on multiplicative watermarking, allowing for detection of covert attacks. We propose an optimal design problem, relying on the so-called output-to-output l2-gain, which characterizes the maximum gain between the residual output of a detection scheme and some perfo...
This paper addresses the issue of data injection attacks on control systems. We consider attacks which aim at maximizing system disruption while staying undetected in the finite horizon. The maximum possible disruption caused by such attacks is formulated as a non-convex optimization problem whose dual problem is a convex semi-definite program. We...
This paper addresses the issue of data injection attacks on control systems. We consider attacks which aim at maximizing system disruption while staying undetected in the finite horizon. The maximum possible disruption caused by such attacks is formulated as a non-convex optimization problem whose dual problem is a convex semi-definite program. We...
Water management infrastructures such as floodgates are critical and increasingly operated by Industrial Control Systems (ICS). These systems are becoming more connected to the internet, either directly or through the corporate networks. This makes them vulnerable to cyber-attacks. Abnormal behaviour in floodgates operated by ICS could be caused by...
In this article, we address the problem of risk assessment of stealthy attacks on uncertain control systems. Considering data injection attacks that aim at maximizing impact while remaining undetected, we use the recently proposed output-to-output gain to characterize the risk associated with the impact of attacks in two setups: A full system knowl...
This chapter addresses the problem of detecting stealthy data injection attacks on sensor measurements in a networked control system. A multiplicative watermarking scheme is proposed, where the data from each sensor is post-processed by a time-varying filter called watermark generator. At the controller’s side, the watermark is removed from each ch...
In this introductory chapter, we illustrate the book’s motivation and objective. In particular, the book takes its raison d’être from the need for protecting Cyber-Physical Systems (CPSsCyber-Physical Systems (CPS)) against threats originating either in the cyber or in the physical domain. Exploring the concepts of safetySafety, securitySecurity, a...
In this paper, we propose and analyze an attack detection scheme for securing the physical layer of a networked control system against attacks where the adversary replaces the true observations with stationary false data. An independent and identically distributed watermarking signal is added to the optimal linear quadratic Gaussian (LQG) control i...
One of the most studied forms of attacks on the cyber-physical systems is the replay attack. The statistical similarities of the replay signal and the true observations make the replay attack difficult to detect. In this paper, we have addressed the problem of replay attack detection by adding watermarking to the control inputs and then performed r...
In this article two limitations in current distributed model based approaches for anomaly detection in large-scale uncertain nonlinear systems are addressed. The first limitation regards the high conservativeness of deterministic detection thresholds, against which a novel family of set-based thresholds is proposed. Such set-based thresholds are de...
This paper addresses the issue of data injection attacks on actuators in control systems. Considering attacks that aim at maximizing impact while remaining undetected, the paper revisits the recently proposed output-to-output gain, which is compared to classical sensitivity metrics such as H ∞ and H. In its original formulation, the output-to-outpu...
We propose an actuator security index that can be used to localize and protect vulnerable actuators in a networked control system. Particularly, the security index of an actuator equals to the minimum number of sensors and actuators that need to be compromised, such that a perfectly undetectable attack against that actuator can be conducted. We der...
This paper addresses the issue of data injection attacks on actuators in control systems. Considering attacks that aim at maximizing impact while remaining undetected, the paper revisits the recently proposed output-to-output gain, which is compared to classical sensitivity metrics such as H∞ and H-. In its original formulation, the output-to-outpu...
We consider the problem of control and remote state estimation with battery constraints and energy harvesting at the sensor (transmitter) under DoS/jamming attacks. We derive the optimal non-causal energy allocation policy that depends on current properties of the channel and on future energy usage. The performance of this policy is analyzed under...
To protect industrial control systems from cyberattacks, multiple layers of security measures need to be allocated to prevent critical security vulnerabilities. However, both finding the critical vulnerabilities and then allocating security measures in a cost‐efficient way become challenging when the number of vulnerabilities and measures is large....
Because of modern societies' dependence on industrial control systems, adequate response to system failures is essential. In order to take appropriate measures, it is crucial for operators to be able to distinguish between intentional attacks and accidental technical failures. However, adequate decision support for this matter is lacking. In this
p...
Understanding smart grid cyber attacks is key for developing appropriate protection and recovery measures. Advanced attacks pursue maximized impact at minimized costs and detectability. This paper conducts risk analysis of combined data integrity and availability attacks against the power system state estimation. We compare the combined attacks wit...
Distributed fault diagnosis has been proposed as an effective technique for monitoring large scale, nonlinear and uncertain systems. It is based on the decomposition of the large scale system into a number of interconnected subsystems, each one monitored by a dedicated Local Fault Detector (LFD). Neighboring LFDs, in order to successfully account f...
Over the last years, we have seen several security incidents that compromised system safety, of which some caused physical harm to people. Meanwhile, various risk assessment methods have been developed that integrate safety and security, and these could help to address the corresponding threats by implementing suitable risk treatment plans. However...
Over the last years, we have seen several security incidents that compromised system safety, of which some caused physical harm to people. Meanwhile, various risk assessment methods have been developed that integrate safety and security, and these could help to address the corresponding threats by implementing suitable risk treatment plans. However...
Bayesian Networks (BNs) are an increasingly popular modelling technique in cyber security especially due to their capability to overcome data limitations. This is also exemplified by the growth of BN models development in cyber security. However, a comprehensive comparison and analysis of these models is missing. In this paper, we conduct a systema...
Bayesian Networks (BNs) are an increasingly popular modelling technique in cyber security especially due to their capability to overcome data limitations. This is also exemplified by the growth of BN models development in cyber security. However, a comprehensive comparison and analysis of these models is missing. In this paper, we conduct a systema...
A class of data integrity attack, known as false data injection (FDI) attack, has been studied with a considerable amount of work. It has shown that with perfect knowledge of the system model and the capability to manipulate a certain number of measurements, the FDI attacks can coordinate measurements corruption to keep stealth against the bad data...
It is challenging to assess the vulnerability of a cyber-physical power system to data attacks from an integral perspective. In order to support vulnerability assessment except analytic analysis, suitable platform for security tests needs to be developed. In this paper we analyze the cyber security of energy management system (EMS) against data att...
In this paper, we address the problem of distributed reconfiguration of networked control systems upon the removal of misbehaving sensors and actuators. In particular, we consider systems with redundant sensors and actuators cooperating to recover from faults. Reconfiguration is performed while minimizing a steady-state estimation error covariance...
This paper addresses the detection and isolation of replay attacks on sensor measurements. As opposed to previously proposed additive watermarking, we propose a multiplicative watermarking scheme, where each sensor’s output is separately watermarked by being fed to a SISO watermark generator. Additionally, a set of equalizing filters is placed at t...
Low-voltage distribution grids experience a rising penetration of inverter-based, distributed generation. In order to not only contribute to but also solve voltage problems, these inverters are increasingly asked to participate in intelligent grid controls. Communicating inverters implement distributed voltage droop controls. The impact of cyber-at...
This paper introduces combined data integrity and availability attacks to expand the attack scenario against power system state estimation. The goal of the adversary, who uses the combined attack, is to perturb the state estimates while remaining hidden from the observer. We propose security metrics that quantify vulnerability of power systems to c...
Over the last years, we have seen several security incidents that compromised system safety, of which some caused physical harm to people. Meanwhile, various risk assessment methods have been developed that integrate safety and security, and these could help to address the corresponding threats by implementing suitable risk treatment plans. However...
In the cybersecurity community it is common to think of security as a design feature for systems and infrastructures that may be difficult to balance with other requirements. What is less studied is how security requirements come about, for which reasons, and what their influence is on the actions the system facilitates. Security is for example oft...
In this paper, we investigate detectability and identifiability of attacks on linear dynamical systems that are subjected to external disturbances. We generalize a concept for a security index, which was previously introduced for static systems. The generalized index exactly quantifies the resources necessary for targeted attacks to be undetectable...
We introduce a model of estimation in the presence of strategic, self-interested sensors. We employ a game-Theoretic setup to model the interaction between the sensors and the receiver. The cost function of the receiver is equal to the estimation error variance while the cost function of the sensor contains an extra term which is determined by its...
In this chapter, we survey cyber security solutions for control and monitoring systems that are used to manage the Smart Grid. We start with a short review of the history and use of Industrial Control Systems (ICSs) and Supervisory Control and Data Acquisition (SCADA) systems, and how cyber security in control systems has recently become a major co...
We derive the optimal step-size and over-relaxation parameter that minimizes the convergence time of two ADMM-based algorithms for distributed averaging. Our study shows that the convergence times for given step-size and over-relaxation parameters depend on the spectral properties of the normalized Laplacian of the underlying communication graph. M...
We propose and evaluate a down-sampled controller which reduces the network usage while providing a guaranteed desired linear quadratic control performance. This method is based on fast and slow sampling intervals, as the closed-system benefits by being brought quickly to steady-state conditions while behaving satisfactorily when being actuated at...
Critical infrastructures must continuously operate safely and reliably, despite a variety of potential system disturbances. Given their strict operating requirements, such systems are automated and controlled in real time by several digital controllers receiving measurements from sensors and transmitting control signals to actuators. Since these ph...