No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Estimate the States of Multiagent Systems Under Homologous Attacks by Optimization Approaches
Abstract
This article revisits the problem of secure state estimation of multiagent systems under homologous attacks in [1]. We first characterize the condition on agents dynamics such that agents states can be uniquely solved from the attacked measurements of agents outputs. This condition implies that the conclusion in [1] that the attack signal and agents states can be uniquely reconstructed by adding longer time-windowed measurements is incomplete. Based on this condition, when the communication graph of agents is undirected, we propose two different distributed secure state estimators by reformulating the state reconstruction as optimization problems. The first estimator does not need agents to exchange with others their dynamics information, which is used by the second, but requires updating and exchanging more variables. Both estimators are much simpler and easier to understand than that proposed in [1]. Moreover, when the communication graph is directed and strongly connected, we also proposed two distributed state estimators, adjusted from the estimators for undirected graphs. Both of them require no global information of communication graphs but the network size. At last, we verify all the theoretical results with simulation examples.
In this paper, we present a scheme of fully distributed resilient state estimation for linear dynamical systems under sensor attacks. The proposed state observer consists of a network of local observers, where each of them utilizes local measurements and information transmitted from the neighbors. As a fully distributed scheme, it does not necessarily collect a majority of sensing data for the sake of attack identification, but the compromised sensors are eventually identified by the distributed network and excluded from the observers. For this, the overall network (not the individual local observer) is assumed to have redundant sensors and assumed to be connected. The proposed scheme is based on a novel design of a distributed median solver, which approximately recovers the median value of local estimates.
We focus on securely estimating the state of a nonlin-ear dynamical system from a set of corrupted measurements for two classes of nonlinear systems, and propose a technique which enables us to perform secure state estimation for those systems. We then illustrate how the proposed nonlinear secure state estimation technique can be used to perform estimation in the cyber layer of interconnected power systems under cyber-physical attacks and communication failures. In particular, we focus on an interconnected power system comprising several synchronous generators, transmission lines, loads, and energy storage units, and propose a secure estimator that allows us to securely estimate the dynamic states of the power network. Finally, we numerically demonstrate the effectiveness of the proposed secure estimation algorithm, and show that the algorithm enables the cyber layer to accurately reconstruct the attack signals. Index Terms—Cyber-physical systems, secure state estimation, power systems, dynamic state estimation.
We consider the problem of attack-resilient state estimation in the presence of noise. We focus on the most general model for sensor attacks where any signal can be injected via the compromised sensors. An l0-based state estimator that can be formulated as a mixed-integer linear program and its convex relaxation based on the l1 norm are presented. For both l0 and l1-based state estimators, we derive rigorous analytic bounds on the state-estimation errors. We show that the worst-case error is linear with the size of the noise, meaning that the attacker cannot exploit noise and modeling errors to introduce unbounded state-estimation errors. Finally, we show how the presented attack-resilient state estimators can be used for sound attack detection and identification, and provide conditions on the size of attack vectors that will ensure correct identification of compromised sensors.
Motivated by the need to secure cyber-physical systems against attacks, we
consider the problem of estimating the state of a noisy linear dynamical system
when a subset of sensors is arbitrarily corrupted by an adversary. We propose a
secure state estimation algorithm and derive (optimal) bounds on the achievable
state estimation error. In addition, as a result of independent interest, we
give a coding theoretic interpretation for prior work on secure state
estimation against sensor attacks in a noiseless dynamical system.
We address the problem of detecting and mitigating the effect of malicious
attacks to the sensors of a linear dynamical system. We develop a novel,
efficient algorithm that uses a Satisfiability-Modulo-Theory approach to
isolate the compromised sensors and estimate the system state despite the
presence of the attack, thus harnessing the intrinsic combinatorial complexity
of the problem. By leveraging results from formal methods over real numbers, we
provide guarantees on the soundness and completeness of our algorithm. We then
report simulation results to compare its runtime performance with alternative
techniques. Finally, we demonstrate its application to the problem of
controlling an unmanned ground vehicle.
This paper describes two algorithms for state reconstruction from sensor
measurements that are corrupted with sparse, but otherwise arbitrary, "noise".
These results are motivated by the need to secure cyber-physical systems
against a malicious adversary that can arbitrarily corrupt sensor measurements.
The first algorithm reconstructs the state from a batch of sensor measurements
while the second algorithm is able to incorporate new measurements as they
become available, in the spirit of a Luenberger observer. A distinguishing
point of these algorithms is the use of event-triggered techniques to
circumvent some limitations that arise when performing state reconstruction
with sparse signals.
We consider problems where multiple agents cooperate to control their individual state so as to optimize a common objective while communicating with each other to exchange state information. Since communication costs can be significant, especially when the agents are wireless devices with limited energy, we seek conditions under which communication of state information among nodes can be restricted while still ensuring that the optimization process converges. We propose an asynchronous (event-driven) optimization scheme that limits communication to instants when some state estimation error function at a node exceeds a threshold and prove that, under certain conditions, such convergence is guaranteed when communication delays are negligible. We subsequently extend the analysis to include communication delays as long as they are bounded. We apply this approach to a sensor network coverage control problem where the objective is to maximize the probability of detecting events occurring in a given region and show that the proposed asynchronous approach may significantly reduce communication costs, hence also prolonging the system's lifetime, without any performance degradation.
This paper deals with linear algebraic equations where the global coefficient matrix and constant vector are given respectively, by the summation of the coefficient matrices and constant vectors of the individual agents. Our approach is based on reformulating the original problem as an unconstrained optimization. Based on this exact reformulation, we first provide a gradient-based, centralized algorithm which serves as a reference for the ensuing design of distributed algorithms. We propose two sets of exponentially stable continuous-time distributed algorithms that do not require the individual agent matrices to be invertible, and are based on estimating non-distributed terms in the centralized algorithm using dynamic average consensus. The first algorithm works for time-varying weight-balanced directed networks, and the second algorithm works for general directed networks for which the communication graphs might not be balanced. Numerical simulations illustrate our results.
Secure state estimation (SSE) is a problem to defense false-data injection attacks. This study designs an online distributed SSE of heterogeneous multiagent systems under homologous attack. A triple-loop observer is proposed to estimate the state and attack signal simultaneously. The inner loop keeps the estimations of the attack signal the same using average consensus. The middle loop adjusts the estimations via residual information. The outer loop runs when system measurements change. A sufficient condition that estimations asymptotically converge to the real value is obtained and proved. Finally, the proposed observer has been tested on the global positioning system.
Homologous signals widely exist in multi-agent systems, e.g. temperature and the wind power. Due to the limitation of the system hardware or other reasons, homologous attack signals also exist in the system. This study addresses the problem of security state estimation of multi-agent systems affected by homologous attack signal. To solve this problem, a two-loop observer combining average consensus algorithm and recursive algorithm is developed to simultaneously estimate the state and attack signal. One necessary and sufficient condition and several sufficient conditions for the observer being convergent are presented and proved. Furthermore, a generalized framework is presented for the security state estimation of multi-agent system.
The growing complexity of modern Cyber–Physical Systems (CPS) and the frequent communication between their components make them vulnerable to malicious attacks. As a result, secure state estimation is a critical requirement for the control of these systems. Many existing secure state estimation methods suffer from combinatorial complexity which grows with the number of states and sensors in the system. This complexity can be mitigated using optimization-based methods that relax the original state estimation problem, although at the cost of optimality as these methods often identify attack-free sensors as attacked. In this paper, we propose a new optimal graph-search algorithm to correctly identify malicious attacks and to securely estimate the states even in large-scale CPS modeled as linear time-invariant systems The graph consists of layers, each one containing two nodes capturing a truth assignment of any given sensor, and directed edges connecting adjacent layers only. Then, our algorithm searches the layers of this graph incrementally, favoring directions at higher layers with more attack-free assignments, while actively managing a repository of nodes to be expanded at later iterations. The proposed search bias and the ability to revisit nodes in the repository and self-correct, allow our graph-search algorithm to reach the optimal assignment faster and tackle larger problems. We show that our algorithm is complete and optimal provided that process and measurement noises do not dominate the attack signal. Moreover, we provide numerical simulations that demonstrate the ability of our algorithm to correctly identify attacked sensors and securely reconstruct the state. Our simulations show that our method outperforms existing algorithms both in terms of optimality and execution time.
Autonomous systems are rapidly becoming an integrated part of the modern life. Safe and secure navigation and control of these systems present significant challenges in the presence of uncertainties, physical failures, and cyber attacks. In this paper, we formulate a navigation and control problem for autonomous systems using a multilevel control structure, in which the high‐level reference commands are limited by a saturation function, whereas the low‐level controller tracks the reference by compensating for disturbances and uncertainties. For this purpose, we consider a class of nested, uncertain, multiple‐input–multiple‐output systems subject to reference command saturation, possibly with nonminimum phase zeros. A multirate output‐feedback adaptive controller is developed as the low‐level controller. The sampled‐data (SD) design of this controller facilitates the direct implementation on digital computers, where the input/output signals are available at discrete time instances with different sampling rates. In addition, stealthy zero‐dynamics attacks become detectable by considering a multirate SD formulation. Robust stability and performance of the overall closed‐loop system with command saturation and multirate adaptive control are analyzed. Simulation scenarios for navigation and control of a fixed‐wing drone under failures/attacks are provided to validate the theoretical findings.
In this technical note, we show that the continuous-time saddle-point distributed convex optimization dynamics can be cast as a distributed control system, where each agent implements a control input using an estimate of the average state, generated through an observer. Using this, and by incorporating a continuous-time version of the so-called push-sum algorithm, we relax the graph-theoretic conditions under which the first component of the trajectories of this modified class of saddle-point dynamical systems are asymptotically convergent to the set of optimizers. In particular, we prove that strong connectivity is sufficient under this modified dynamics, relaxing the known weight-balanced assumption. As a by product, we also show that the saddle-point distributed optimization dynamics can be extended to time-varying weight-balanced graphs which satisfy a persistency condition on the min-cut of the sequence of Laplacian matrices.
Cyber–physical systems (CPSs) usually employ distributed sensor networks to gather, process and
exchange information as a team. In contrast to the previous centralized secure state estimation (SSE) for CPSs, this paper proposes a distributed SSE algorithm via consensus-based distributed non�convex optimization protocols. The algorithm is implemented over a multi-agent network where each
agent privately processes own sensing measurements while communicating with its neighbors via a graph topology. The combinatorial problem caused by the sparse sensor attacks is solved well via a transformation technique and a distributed vote location approach. Based on min-switching and check mechanisms, it is proved that the algorithm achieves consensus at the true system state with probability one under the condition of the graph being regular with a certain prescribed connectivity. Simulation results demonstrate the accuracy of the developed algorithm under the condition of attacks.
This paper investigates the secure state estimation problem of cyber–physical systems (CPSs) under sparse sensor attacks. First, a novel algorithm, which uses a switched gradient descent technique to harness the intrinsic combinatorial complexity of the secure state estimation problem, is proposed to estimate the state. The computational complexity is reduced through improving the convergence rate, reducing the number of candidates to be searched, reducing the search times, and reducing the computing resources consumed by each incorrect candidate selection simultaneously. Second, based on the proposed switched gradient descent algorithm, an observer-based algorithm is proposed to efficiently update the state estimation while new measurements are available. Compared with the existing methods, the computational complexity is reduced greatly without introducing any constraint except the basic observability assumption by adopting the proposed algorithms.
Secure state estimation for cyber-physical systems (CPSs) under sparse sensor attacks is the problem of estimating the state from the corrupted measurements. Although such problem can be addressed by brute force search, combinatorial candidates lead to excessive time requirement which hinders the scalability. For reducing the computational complexity, this paper provides an alternative approach (called set cover approach) to reduce the number of candidates by at least half with the help of a greedy algorithm. Then, a switched observer, with less candidate observers, is designed to estimate the state from the corrupted measurements under the basic observability requirement. Meanwhile, a modified greedy algorithm is proposed to reduce the number of candidates further based on the observer design conditions. Finally, the effectiveness of the proposed set cover approach is demonstrated by two simulations showing an order of magnitude decrease in execution time.
We introduce a scalable observer architecture, which can efficiently estimate the states of a discrete-time linear-time-invariant system whose sensors are manipulated by an attacker, and is robust to measurement noise. Given an upper bound on the number of attacked sensors, we build on previous results on necessary and sufficient conditions for state estimation, and propose a novel Multi-Modal Luenberger (MML) observer based on efficient Satisfiability Modulo Theory (SMT) solving. We present two techniques to reduce the complexity of the estimation problem. As a first strategy, instead of a bank of distinct observers, we use a family of filters sharing a single dynamical equation for the states, but different output equations, to generate estimates corresponding to different subsets of sensors. Such an architecture can reduce the memory usage of the observer from an exponential to a linear function of the number of sensors. We then develop an efficient SMT-based decision procedure that is able to reason about the estimates of the MML observer to detect at runtime which sets of sensors are attack-free, and use them to obtain a correct state estimate. Finally, we discuss two optimization-based algorithms that can efficiently select the observer parameters with the goal of minimizing the sensitivity of the estimates with respect to sensor noise. We provide proofs of convergence for our estimation algorithm and report simulation results to compare its runtime performance with alternative techniques. We show that our algorithm scales well for large systems (including up to 5,000 sensors) for which many previously proposed algorithms are not implementable due to excessive memory and time requirements. Finally, we illustrate the effectiveness of our approach, both in terms of resiliency to attacks and robustness to noise, on the design of large-scale power distribution networks.
This paper investigates the problem of secure state estimation for cyber-physical systems (CPSs) modeled by continuous or discrete-time linear systems when some sensors are corrupted by an attacker. A novel state observer is proposed with adaptive switching mechanism. Attack tolerance principle is established based on adaptively truncating the injection channels of attacks. To implement it, a switching function matrix is introduced into the observer design. Driven by a well-defined performance index, the switching function matrix automatically reaches and remains in the desired entry mode and turns off the input channels of attacks. Based on the equivalence between s-strong detectability of the observation error system and 2s-sparse detectability of the original system, the observation error system is proven to be asymptotically stable even under the cyber attacks. Compared with the existing complex static batch optimization algorithms, the proposed adaptive observer can be derived only by off-line solving a set of simple linear matrix inequalities (LMIs). Simulation examples are given to illustrate the estimation performance and the computational efficiency of the proposed method
Distributed node counting in wireless sensor networks can be important in various applications such as network maintenance and information aggregation. In this paper, a distributed consensus algorithm for estimating the number of nodes in a wireless sensor network in the presence of communication noise is introduced. In networks with a fusion center, counting the number of nodes can be easily done by letting each node transmits a fixed constant value to the fusion center. In a network without a fusion center, where nodes do not know the graph structure, estimating the number of nodes is not straightforward. The proposed algorithm is based on distributed average consensus, and norm estimation. Different sources of error are explicitly discussed, the Fisher information and the distribution of the final estimate are derived. Several design parameters and how they affect the performance of the algorithm are studied, which provide guidelines towards making the estimation error smaller. Simulation results corroborating the theory are also provided.
Several recent incidents have clearly illustrated the susceptibility of cyber-physical systems (CPS) to attacks, raising attention to security challenges in these systems. The tight interaction between information technology and the physical world has introduced new vulnerabilities that cannot be addressed with the use of standard cryptographic security techniques. Accordingly, the problem of state estimation in the presence of sensor and actuator attacks has attracted significant attention in the past. Unlike the existing work, in this paper we consider the problem of attack-resilient state estimation in the presence of bounded-size noise. We focus on the most general model for sensor attacks where any signal can be injected via compromised sensors. Specifically, we present an l0-based state estimator that can be formulated as a mixed-integer linear program and its convex relaxation based on the l1 norm. For both attack-resilient state estimators, we derive rigorous analytic bounds on the stateestimation errors caused by the presence of noise. Our analysis shows that the worst-case error is linear with the size of the noise, and thus the attacker cannot exploit the noise to introduce unbounded state-estimation errors. Finally, we show how the l0 and l1-based attack-resilient state estimators can be used for sound attack detection and identification; we provide conditions on the size of attack vectors that ensure correct identification of compromised sensors.
We address the problem of state estimation for multi-output continuous-time linear systems, for which an attacker may have control over some of the sensors and inject (potentially unbounded) additive noise into some of the measured outputs. To characterize the resilience of a system against such sensor attacks, we introduce a new notion of observability - termed "observability under attacks" - that addresses the question of whether or not it is possible to uniquely reconstruct the state of the system by observing its inputs and outputs over a period of time, with the understanding that some of the available system's outputs may have been corrupted by the opponent. We provide computationally efficient tests for observability under attacks that amount to testing the (standard) observability for an appropriate finite set of systems. In addition, we propose two state estimation algorithms that permit the state reconstruction in spite of the attacks. One of these algorithms uses observability Gramians and a finite window of measurements to reconstruct the initial state. The second algorithm takes the form of a switched observer that asymptotically converges to the correct state estimate in the absence of additive noise and disturbances, or to a neighborhood of the correct state estimate in the presence of bounded noise and disturbances.
Cyberphysical systems integrate physical processes, computational resources, and communication capabilities. Cyberphysical systems have permeated modern society, becoming prevalent in many domains, including energy production, health care, and telecommunications. Examples of cyberphysical systems include sensor networks, industrial automation systems, and critical infrastructures such as transportation networks, power generation and distribution networks, water and gas distribution networks, and advanced manufacturing systems. The integration of cybertechnologies with physical processes increases system efficiencies and, at the same time, introduces vulnerabilities that undermine the reliability of critical infrastructures. As recently highlighted by the Maroochy water breach in March 2000 [1], multiple recent power blackouts in Brazil [2], the SQL Slammer worm attack on the Davis-Besse nuclear plant in January 2003 [3], the StuxNet computer worm in June 2010 [4], and various industrial security incidents [5], cyberphysical systems are prone to failures and attacks on their physical infrastructure and cyberattacks on their data management and communication layer [6], [7].
Many properties of interest in graph structures are based on the nodes' average degree (i.e., the average number of edges incident to/from each node). In this work, we present asynchronous distributed algorithms, based on ratio consensus, that can be used to accurately estimate the number of nodes in a multi-component system whose communication topology is described by a directed graph. In addition, we describe an asynchronous distributed algorithm that allows each node to introduce or terminate links in order to reach a target average degree in the network. Such an approach can be useful in many realistic scenarios; for example, for the introduction and removal of renewable energy resources in a power network, while maintaining an average degree that fulfils some structural and dynamical properties and/or optimises some performance indicators of the network. The effectiveness of the proposed algorithms is demonstrated via illustrative examples.
Cyber-secure networked control is modeled, analyzed, and experimentally
illustrated in this paper. An attack space defined by the adversary's system
knowledge, disclosure, and disruption resources is introduced. Adversaries
constrained by these resources are modeled for a networked control system
architecture. It is shown that attack scenarios corresponding to
denial-of-service, replay, zero-dynamics, and bias injection attacks can be
analyzed using this framework. Furthermore, the attack policy for each scenario
is described and the attack's impact is characterized using the concept of safe
sets. An experimental setup based on a quadruple-tank process controlled over a
wireless network is used to illustrate the attack scenarios, their
consequences, and potential counter-measures.
The vast majority of today's critical infrastructure is supported by numerous
feedback control loops and an attack on these control loops can have disastrous
consequences. This is a major concern since modern control systems are becoming
large and decentralized and thus more vulnerable to attacks. This paper is
concerned with the estimation and control of linear systems when some of the
sensors or actuators are corrupted by an attacker. In the first part we look at
the estimation problem where we characterize the resilience of a system to
attacks and study the possibility of increasing its resilience by a change of
parameters. We then propose an efficient algorithm to estimate the state
despite the attacks and we characterize its performance. Our approach is
inspired from the areas of error-correction over the reals and compressed
sensing. In the second part we consider the problem of designing
output-feedback controllers that stabilize the system despite attacks. We show
that a principle of separation between estimation and control holds and that
the design of resilient output feedback controllers can be reduced to the
design of resilient state estimators.
Last year marked a turning point in the history of cybersecurity-the arrival of the first cyber warfare weapon ever, known as Stuxnet. Not only was Stuxnet much more complex than any other piece of malware seen before, it also followed a completely new approach that's no longer aligned with conven tional confidentiality, integrity, and availability thinking. Con trary to initial belief, Stuxnet wasn't about industrial espionage: it didn't steal, manipulate, or erase information. Rather, Stuxnet's goal was to physically destroy a military target-not just meta phorically, but literally. Let's see how this was done.