Content uploaded by Pengyu Li
Author content
All content in this area was uploaded by Pengyu Li on Nov 28, 2022
Content may be subject to copyright.
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 17, 2022 3365
Measurement-Based Optimal Stealthy
Attacks on Remote State Estimation
Pengyu Li and Dan Ye ,Senior Member, IEEE
Abstract— This paper focuses on designing measurement-based1
optimal stealthy attacks for linear cyber-physical systems (CPSs),2
where attackers aim to deteriorate the performance of remote3
state estimation and keep -stealthy to Kullback-Leibler diver-4
gence detector. Instead of constructing a linear attack directly,5
we consider a more general attack model with an arbitrary distri-6
bution to reveal the correlations between attacks and the stealth7
level . By solving a convex optimization problem, the mean8
and variance of optimal attacks on common unprotected systems9
are obtained. Not limited to zero mean Gaussian attacks, the10
derived optimal attacks can also obey non-zero mean Gaussian11
distribution and degenerate to the former in some special cases.12
For protected systems equipped with encryption procedures,13
a general criterion for the selection of attacked channels is given.14
Finally, an unmanned aerial vehicle (UAV) example is provided15
to verify the effectiveness of the theoretical results.16
Index Terms—Cyber-physical systems, measurement-based17
attacks, optimal attack strategy.18
I. INTRODUCTION19
BY CONNECTING the physical devices with the Internet,20
cyber-physical systems (CPSs) realize the capabilities of21
computing, communication, precise control, remote coordina-22
tion and self-management. In various fields, such as smart23
grids, industrial internet, and supervisory control and data24
acquisition (SCADA) systems, the applications of CPSs are25
proving to be increasingly useful [1], [2], [3], [4], [5], [6].26
However, the vulnerability of communication networks gener-27
ally expose the transmitted data to the potential adversary, who28
can eavesdrop on confidential information, degrade system29
performances, and even cause significant economic losses.30
Considering the different scenarios and demands, the pre-31
cisely modeled attacks can be divided into two main cate-32
gories: denial-of-service (DoS) attacks and false data injection33
(FDI) attacks [7]. Dos attacks aim at blocking communication34
channels to prevent the transmission of the data, while FDI35
attacks deteriorate the system performance and remain stealthy36
Manuscript received 31 December 2021; revised 30 June 2022; accepted
25 August 2022. Date of publication 22 September 2022; date of current
version 30 September 2022. This work was supported in part by the National
Natural Science Foundation of China under Grant 62173071 and Grant
U1813214, in part by the Liaoning Revitalization Talents Program under Grant
XLYC1907035, in part by the Fundamental Research Funds for the Central
Universities under Grant N2004027, and in part by the Liaoning BaiQianWan
Talents Program under Grant 202062. The associate editor coordinating the
review of this manuscript and approving it for publication was Dr. Nils Ole
Tippenhauer. (Corresponding author: Dan Ye.)
Pengyu Li is with the College of Information Science and Engineering,
Northeastern University, Shenyang 110819, China (e-mail: 1337513823@
qq.com).
Dan Ye is with the College of Information Science and Engineering and the
State Key Laboratory of Synthetical Automation for Process Industries, North-
eastern University, Shenyang 110819, China (e-mail: yedan@ise.neu.edu.cn).
Digital Object Identifier 10.1109/TIFS.2022.3206419
to detectors. Replay attacks can be also viewed as a special 37
type of FDI attacks, which achieve the purpose of deceiving 38
system operators by replacing the current data with the histor- 39
ical data [8], [9]. For Dos attacks, the researches mainly focus 40
on how to design an optimal allocation strategy to degrade 41
the system performances. Accordingly, the defenders are com- 42
mitted to designing the optimal sensor scheduling strategy. 43
Different from the former, FDI attacks not only deteriorate the 44
system performances but also satisfy the special stealthy con- 45
straints. Therefore, the detection and state estimation against 46
FDI attacks become a challenging issue for defenders [10], 47
[11], [12], [13]. Based on the correlations between the trusted 48
sensors and the suspicious sensors, the detection against the 49
linear deception attacks was analyzed in [14]. By employing 50
a nonstationary stochastic game approach, [15] achieved the 51
tradeoff between control system performance and the detection 52
rate. In addition, a Stackelberg game framework was utilized to 53
study the interactive decision-making process between attack- 54
ers and defenders [16]. 55
The emergence of stealthy attacks brings new challenges to 56
the security of systems. Bai et al. [17], [18], [19] proposed the 57
concept of -stealthiness to quantify the difficulty of detect- 58
ing FDI attacks by using the Kullback–Leibler divergence 59
to constrain the achievable exponent of the probability of 60
false alarms. This pioneering work on scalar systems was 61
then extended to vector systems [20]. Immediately in [21], 62
a linear attack strategy was utilized to deteriorate system 63
performances, where the disrupted innovations were generated 64
by a linear transformation of the nominal innovations. Consid- 65
ering a quadratic cost function as objective functions, a class 66
of switching FDI attacks and stealthy control signal attacks 67
against actuators were studied, respectively [22], [23]. How- 68
ever, in practice scenarios, the attackers’ energy may be limited 69
so that they can only attack a fraction of communication 70
channels [24]. For the resource-constrained situation, a partial 71
FDI attack strategy was analyzed in [25]. To further seek the 72
maximal degradation of system performance, [26] reported 73
optimal linear attacks based on Gaussian distribution with an 74
arbitrary mean. It has also been proven feasible to degrade 75
the estimation performance of systems by using historical 76
innovations [27]. Furthermore, a class of strictly stealthy 77
linear attacks with energy constraint and the corresponding 78
countermeasures were discussed in [28]. Such zero mean linear 79
Gaussian attacks are easy to be implemented but do not char- 80
acterize the correlations between attacks and the stealth level .81
Due to the potential harm of stealth FDI attacks, many 82
works studied system protection methods to reduce the degrees 83
of freedom of attacks. In [29], a coding scheme was intro- 84
duced to detect stealthy FDI attacks, in which the coding 85
1556-6021 © 2022 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See https://www.ieee.org/publications/rights/index.html for more information.
Authorized licensed use limited to: Northeastern University. Downloaded on November 28,2022 at 02:04:03 UTC from IEEE Xplore. Restrictions apply.
3366 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 17, 2022
matrices with a time-varying structure increased the difficulty86
of decoding by cunning attackers. In addition, an active data87
modification scheme was proven feasible to defend against88
the two-channel FDI attacks [30]. By combining Paillier cryp-89
tosystem with a quantizer, the encrypted control systems bal-90
anced the cipher strength and processing time [31]. To enhance91
the security of systems, [32] presented a linear encryption92
strategy to weak the influences of attacks. In this scenario,93
how to select the attacked channels for protected systems and94
design the corresponding attack strategies become an urgent95
problem.96
In this paper, we concentrate on designing measurement-97
based optimal stealthy attacks for linear CPSs with and without98
system protections. In particular, the protected systems are99
assumed to be equipped with encryption procedures and have100
limited encryption resources. The main contributions and novel101
findings can be summarized as follows:102
(1) Instead of constructing a linear attack directly [21],103
this paper considers a general attack model with arbitrary104
distributions to reveal the correlations between attacks and the105
stealth level . Moreover, the proposed attack model is feasible106
regardless of the existence of system protection.107
(2) For common unprotected systems, we derive the optimal108
attack strategy by solving a convex optimization problem109
with a single constraint. Not limited to zero mean Gaussian110
attacks [21], [26], [28], [32], [33], [34], the obtained optimal111
attacks can also obey non-zero mean Gaussian distribution and112
degenerate to the former in some special cases.113
(3) For protected systems with the limited encryption114
resources, the objective problem is formulated as a convex115
optimization problem with multiple constraints. Furthermore,116
if the trace of the channel precision matrices has a partial117
order, a general criterion for the selection of attacked channels118
is given.119
The rest of this paper is organized as follows. Section II120
presents problem formulation and preliminaries. In Section III,121
optimal attack strategy on unprotected systems is derived. For122
protected systems with limited encryption resources, a general123
criterion for the selection problem of attacked channels is124
given in Section IV. Moreover, we introduce a numerical125
example to demonstrate the effectiveness of the above strate-126
gies in Section V. Finally, conclusions are given in Section VI.127
Notations: E{·} denotes the expectation. {yj
i}denotes a128
sequence sampling from the instant ito j.Pn
+and Pn
++
129
stand for the set of positive semi-definite and positive definite130
matrices, respectively. If X∈Pn
++,wehave X>0; then131
X≥0 means that X∈Pn
+and X≥Yif X−Y∈Pn
+.For132
amatrixX∈Rn×m,X+represents Moore-Penrose inverse133
of Xand tr(X)denotes the trace of X.diag{···} denotes a134
diagonal matrix. For a finite set S, its cardinality is denoted by135
|S|.pSrepresents the matrix composed of columns of Iwith136
indices belonging to S.N∼(μ, ) denotes the Gaussian137
distribution with mean μand covariance .138
II. PROBLEM FORMULATION AND PRELIMINARIES139
In this section, we first introduce the system architecture for140
unprotected systems, and then present a general attack model141
to deteriorate the estimation performances.142
Fig. 1. System architecture.
A. System Architecture 143
Consider a discrete-time linear time-invariant (LTI) system 144
xk+1=Axk+wk,145
yk=Cxk+vk,(1) 146
where xk∈Rndenotes the system state, yk∈Rmdenotes 147
the sensor measurement, wk∼N(0,Q)and vk∼N(0,R)148
are the uncorrelated process noise and measurement noise, 149
respectively. The initial state x0∼N(0,
0)is dependent 150
of wkand vkfor all k>0. To ensure that system (1) is stable 151
and Kalman gain can achieve convergence, an assumption is 152
given below. 153
Assumption 1: The matrix pairs (A,√Q)and (A,C)are 154
completely controllable and observable, respectively. 155
As shown in Fig. 1, the sensors measure the processes 156
and send the collected data to the remote state estimator via 157
wireless networks, then operators adopt a Kalman filter to 158
estimate the system state:159
Pk|k−1=AP
k−1AT+Q,160
Kk=Pk|k−1CT(CP
k|k−1CT+R)−1,161
Pk=(I−KkC)Pk|k−1,162
ˆxk|k−1=Aˆxk−1,163
ˆxk=ˆxk|k−1+Kk(yk−Cˆxk|k−1), (2) 164
where ˆxk|k−1and ˆxkare the aprioriand a posteriori minimum 165
mean square error (MMSE) estimates of xk, respectively. 166
Pk|k−1and Pkare the corresponding estimation error covari- 167
ances, which are defined as Pk|k−1E[(xk−ˆxk|k−1)(xk−168
ˆxk|k−1)T]and PkE[(xk−ˆxk)(xk−ˆxk)T], respectively. 169
Moreover, we assume that the initial recursion values are set 170
as ˆx0|−1=0andP0|−1=0≥0. 171
According to Assumption 1, the Kalman filter converges 172
exponentially fast from any initial condition. Furthermore, 173
we define the Kalman gain and the steady-state estimation 174
error covariance 175
Plim
k→+∞ Pk|k−1,176
KPCT(CPCT+R)−1,177
where Pis the unique positive semi-definite solution of 178
X=AXAT+Q−AXCT(CXCT+R)−1CXA
T.179
To characterize the difference between disrupted data and 180
nominal data, Kullback-Leibler divergence-based detector is 181
defined as follows. 182
Definition 1 [17]: (Kullback-Leibler divergence) Let ak183
and bkare two random sequences with joint probability density 184
functions fakand fbk, respectively. The Kullback-Leibler 185
divergence (KLD) between akand bkis defined as:186
D(akbk)=+∞
−∞
log fak(tk)
fbk(tk)fak(tk)dtk.187
Authorized licensed use limited to: Northeastern University. Downloaded on November 28,2022 at 02:04:03 UTC from IEEE Xplore. Restrictions apply.
LI AND YE: MEASUREMENT-BASED OPTIMAL STEALTHY ATTACKS ON REMOTE STATE ESTIMATION 3367
Note that the above KLD is non-negative, i.e. D(akbk)≥0188
and D(akbk)=0 if and only if fak=fbk; moreover, the189
KLD is generally non-symmetric, i.e. D(akbk)= D(bkak).190
In practice scenarios, a fixed threshold (also called the191
stealth level by attackers) is chosen to constrain the achievable192
exponent of the probability of false alarms. If the KLD exceeds193
the given threshold, then an alarm will be triggered to reveal194
the existence of the attacks.195
B. Attack Model196
Before introducing the attack model, we first give two197
assumptions about attacker’ resources.198
Assumption 2: The information set available by the attack-199
ers is a
k={A,C,yk
1,(yk−1
1)a,ˆxk
1,(ˆxk−1
1)a}at the kth sam-200
pling instant.201
Assumption 3: The attacks are initiated from steady state,202
i.e. Kk=Kand Pk=P.203
Different from the existing works, such as [21], [26], [27],204
[28], [32], [33], [34], this paper proposes a measurement-based205
attack model. Consider the process206
yk
ak
−→ ya
k,(3)207
where yk∈Rmis calculated as yk∼N(0,
y), with208
yk=CA
k0AkTCT+k−1
i=0CA
iQA
iTCT+R. To bypass209
the KLD detector, the mapping ak
−→ is designed to main-210
tain the statistical characteristics of ya
k. In this scenario, the211
tampered measurement ya
kis allowed to obey an arbitrary212
distribution.213
To bypass the detector, the modified measurement should214
be designed carefully such that the KLD does not exceed the215
pre-set stealth level ,i.e.216
D(ya
kyk)≤,217
based on which attack (3) can deteriorate the system perfor-218
mance without being detected.219
When system (1) suffers from the above attacks, the state220
estimate at the remote side is calculated by221
ˆxa
k|k−1=Aˆxa
k−1,222
ˆxa
k=ˆxa
k|k−1+Kk(ya
k−Cˆxa
k|k−1),223
where ˆxa
k|k−1and ˆxa
kis the aprioriand the a posteriori224
MMSE estimates, respectively. To characterize the influences225
caused by attacks, we define ˆ
Pa
k|k−1and ˆ
Pa
kas the apriori226
estimation error covariance and the a posteriori estimation227
error covariance, i.e.228
Pa
k|k−1E[(xk−ˆxa
k|k−1)(xk−ˆxa
k|k−1)T],229
Pa
kE[(xk−ˆxa
k)(xk−ˆxa
k)T].230
Generally speaking, the trace of the remote estimation error231
covariance Tr(Pa
k)is defined as an objective function to232
evaluate the effectiveness of attacks.233
Remark 1: Instead of constructing a zero mean linear234
Gaussian attack directly [21], [26], [28], [32], [33], [34], this235
paper proposes a more general attack model to deteriorate236
the estimation performance of systems. Note that attack (3)237
is allowed to obey an arbitrary distribution, thus its optimal238
solution needs further analysis. Apart from common unpro- 239
tected systems, protected systems equipped with encryption 240
procedures are also utilized to illustrate the superiority of the 241
methods. 242
III. MEASUREMENT-BASED OPTIMAL ATTACK STRATEGY 243
ON UNPROTECTED SYSTEMS 244
In this section, we analyze measurement-based optimal 245
attack strategies for common unprotected systems. Further, 246
attackers aim at maximizing the trace of the remote estimation 247
error covariance without being detected, i.e. 248
P1: max
μya
k,ya
k
Tr(Pa
k)249
s.t. D(ya
kyk)≤, 250
where μya
kand ya
kare the mean and variance of the disrupted 251
measurement ya
k.252
Before deriving the optimal attack strategy, the estimation 253
error covariance is obtained by the following lemma. 254
Lemma 1: For system (1) under attack (3), the error covari- 255
ance at the remote estimator can be described by 256
Pa
k=Pk+E[sksT
k]−2sT
kKμya
k+KT
ya
kKT+Kμya
kμT
ya
kKT,257
(4) 258
where 259
sk=(I−KC)A(ˆxk−1−ˆxa
k−1)+Ky
k(5) 260
is available by attackers in advance. 261
Proof: Under attack (3), the estimation error covariance 262
is given by 263
Pa
k=E[(xk−ˆxa
k)(xk−ˆxa
k)T]264
=E[(xk−ˆxk+ˆxk−ˆxa
k)(xk−ˆxk+ˆxk−ˆxa
k)T]265
=Pk+E[(xk−ˆxk)(xk−ˆxa
k)T]+E[(xk−ˆxa
k)(xk−ˆxk)T]266
+E[(ˆxk−ˆxa
k)( ˆxk−ˆxa
k)T]267
=Pk+E[(ˆxk−ˆxa
k)( ˆxk−ˆxa
k)T],(6) 268
where (6) holds is due to E[xk]=ˆxkand E[(xk−ˆxk)(xk−269
ˆxa
k)T]=E[(xk−ˆxa
k)(xk−ˆxk)T]=0.270
Note that maximizing Pa
kis equivalent to maximizing 271
E[(ˆxk−ˆxa
k)( ˆxk−ˆxa
k)T]. Furthermore, consider the recursion 272
ˆxk=Aˆxk−1+K(yk−CAˆxk−1)(7) 273
and 274
ˆxa
k=Aˆxa
k−1+K(ya
k−CAˆxa
k−1). (8) 275
From (7) and (8), one can obtain 276
ˆxk−ˆxa
k=A(ˆxk−1−ˆxa
k−1)+K(yk−ya
k)277
−KCA(ˆxk−1−ˆxa
k−1)278
=(I−KC)A(ˆxk−1−ˆxa
k−1)+Ky
k−Kya
k.(9) 279
Combine (5), (9) and Assumption 2, it results in 280
E[(ˆxk−ˆxa
k)( ˆxk−ˆxa
k)T]281
=E[(sk−Kya
k)(sk−Kya
k)T]282
=E[sksT
k]−2sT
kKμya
k+KT
ya
kKT+Kμya
kμT
ya
kKT.(10) 283
Authorized licensed use limited to: Northeastern University. Downloaded on November 28,2022 at 02:04:03 UTC from IEEE Xplore. Restrictions apply.
3368 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 17, 2022
From (6) and (10), it can be derived that284
Pa
k=Pk+E[(ˆxk−ˆxa
k)( ˆxk−ˆxa
k)T]285
=Pk+E[sksT
k]−2sT
kKμya
k+KT
ya
kKT+Kμya
kμT
ya
kKT,286
(11)287
which completes the proof.288
Obviously, maximizing the trace of the estimation error289
covariance is equivalent to maximizing the trace of the last290
three terms in (4). Then, attacker’ goals can be updated as291
solving problem292
P2: max
μya
k,ya
k−2sT
kKμya
k+Tr(KT
ya
kKT)+Tr(Kμya
kμT
ya
kKT)293
s.t. D(ya
kyk)≤,294
The optimal solution of problem P2 is calculated in the295
following theorem.296
Theorem 1: For problem P2 subject to attack (3), the opti-297
mal solution is related to the stealth level .298
i) If the stealth level is set large enough such that299
tr[(I−2
vk
KTKyk)−1]+log|I−2
vk
KTKyk|+4sT
kK
v2
k
yk
300
×(I−2
vk
KTKyk)−T(I−2
vk
KTKyk)−1KTsk=2+m301
(12)302
has a unique solution vk, then the optimal mean and variance303
are given by304
μya
k=−2(vk−1
yk−2KTK)−1KTsk,(13)305
ya
k=(−1
yk−2
vk
KTK)−1.(14)306
ii) If the stealth level is set small enough such that (12)307
has no solution, then vkcan be obtained by solving308
tr[(I−2
vk
KTKyk)−1]+log|I−2
vk
KTKyk|=2+m.309
(15)310
Accordingly, the optimal mean and variance are described311
by312
μya
k=0m×1,(16)313
ya
k=(−1
yk−2
vk
KTK)−1.(17)314
Proof: see Appendix.315
Remark 2: Different from zero-mean Gaussian attacks [21],316
[26], [28], [32], [33], [34], Theorem 1 illustrates that non-zero317
mean Gaussian attacks yield a greater estimation performance318
degradation in some cases. In other cases, the latter will degen-319
erate to the former. In this sense, the results in [21], [26], [28],320
[32], [33], and [34] can be seen a special case of our works.321
In addition, Theorem 1 also reveals the correlations between322
attacks and the stealth level , which is rarely considered in323
the above-mentioned works.324
The design of the optimal attack signals can be summarized325
as Algorithm 1. At each time instant k, for a pre-set stealth326
level , the attackers are allowed to obtain an optimal attack327
Algorithm 1 Design of the Optimal Attack Signals
1: for k=0:1:+∞do
2: Compute vkaccording to (12);
3: if vkis not empty then
4: Calculate μya
kfrom (13) and ya
kfrom (14);
5: else
6: Compute vkaccording to (15);
7: Calculate μya
kfrom (16) and ya
kfrom (17);
8: end if
9: return The optimal attack signal ak=ya
k−yk.
10: end for
Fig. 2. Basic structure of SGs.
strategy by Theorem 1. After which, the optimal attack signal 328
akis calculated by ak=ya
k−yk.329
Remark 3: Currently, applications of CPSs can be found 330
everywhere, such as smart grids (SGs), industrial internets, 331
supervisory control and data acquisition systems, etc. To illus- 332
trate the feasibility of the designed attacks in practice, a typical 333
SG model is shown in Fig. 2. In such a framework, the deep 334
reliance of SGs on communication and information network 335
results in many security threats. These uncertain factors range 336
from information leakage, malicious attacks, or natural disas- 337
ters will lead to equipment damage, power supply imbalances, 338
energy market disorders, tripped switches, economic losses, 339
endangered human safety, etc., [36]. 340
As a class of attacks with stealthiness, FDI attacks can 341
manipulate and tamper with the data exchanged among dif- 342
ferent components in SGs which may lead to cascading 343
effects. Intuitively, FDI attackers inject malicious packets into 344
the targeted network to smash network services, by either 345
intruding on the sensor nodes or hijacking the communication 346
channel. In practice, FDI attacks generally take place on 347
specific physical devices or information exchanges, i.e. 348
1) Attackers aim at misleading the target users to make 349
wrong decisions by compromising smart meters or remote 350
terminal units. 351
2) Attackers will try their best to modify SGs’ data without 352
being detected. 353
Therefore, FDI attacks pose a real threat to the normal 354
operation of SGs. A typical example is state estimation in AC 355
grids, where attackers can intentionally degrade real power 356
flow measurement to influence power system stability [37]. 357
Actually, shrewd adversaries should utilize the captured prior 358
Authorized licensed use limited to: Northeastern University. Downloaded on November 28,2022 at 02:04:03 UTC from IEEE Xplore. Restrictions apply.
LI AND YE: MEASUREMENT-BASED OPTIMAL STEALTHY ATTACKS ON REMOTE STATE ESTIMATION 3369
Fig. 3. System architecture based on encryption countermeasures.
model knowledge to construct stealth attacks with more359
severe consequences, otherwise they will be found out very360
quickly.361
For the establishment of the grid model, the corresponding362
details can be found in some related work (such as [38], [39]).363
Remark 4: In this paper, we consider measurement-based364
stealthy FDI attacks for linear CPSs. Note that nonlinear CPSs365
are more common in practice scenarios. For ease of analysis,366
nonlinear models are generally reduced to linear models367
[Lemma 3, [40]]. In this process, the resulting mismatch in368
the model parameters is characterized by a bounded function369
concerning the state variables.370
In summary, FDI attackers aim to disrupt the normal opera-371
tion of the system without detection by tampering with the data372
or manipulating the measurements of meters. For convenience,373
this paper considers linear CPSs for theoretical analysis.374
IV. OPTIMAL MEASUREMENT-BASED ATTACK375
STRATEGY ON PROTECTED SYSTEMS376
Most stealthy attacks generally ignore the roles of defenders,377
i.e. the considered systems are unprotected systems. If pro-378
tected systems are adopted, the feasible attack space will be379
limited to a certain extent. Therefore, a new concern is how380
to design a general attack strategy in this scenario.381
Different from Section III, this section studies stealthy382
attacks on protected systems equipped with encryption proce-383
dures. Similar to [32], a linear encryption method is proposed384
to constrain attackers’ abilities. Due to resource constraints,385
operators are only allowed to encrypt part of the data.386
In particular, this paper encrypts measurement data rather387
than innovations. The encryption and decryption processes are388
given by389
ηk=L(PT
Syk+kPl,ι),390
PT
Syk=L−1(ηk,ι) −kPl,391
where Ldenotes the encryption function, Sdenotes the set392
of encrypted communication channels and |S|=l,Sdenotes393
the set of attacked parts and |S|=m−l,PT
Sdenotes394
the index matrix corresponding to the encryption set and395
satisfies PSPT
S+PSPT
S=I,ιdenotes the secret key.396
To defend against replay attacks, a timestamp information kPl
397
is introduced into the ciphertext ηk. In practice scenarios, the398
ciphertext ηkand plaintext γk=PT
Sykare transmitted via399
wireless networks. Before the data packets reach the remote400
estimators, the ciphertext ηkis decrypted by the decryption401
module. The above process is shown in Fig. 3.402
By utilizing the prosed method, we ensure the security of403
the encrypted channels, which is equivalent to introducing the404
additional constraint:405
D(PT
Sya
kPT
Syk)=0.406
If operators encrypt all channels: PSPT
S=I, then it leads 407
to PT
Sya
k=ya
k=yk=PT
Syk⇒ ya
k=yk, i.e. no attacks are 408
allowed to be injected. If operators do not adopt encryption: 409
PSPT
S=0m×m, which has been analyzed in Section III. 410
Then, a new optimal problem is obtained by 411
P4: min
μya
k,ya
k
2sT
kKμya
k−Tr(KT
ya
kKT)−Tr(Kμya
kμT
ya
kKT)412
s.t. D(ya
k|yk)≤. 413
pT
iμya
k=0,414
pT
i(ya
k−yk)pj=0,415
i,j∈S.416
The optimal solution of problem P4 is calculated in the 417
following theorem. 418
Theorem 2: For problem P4 subject to attack (3), the opti- 419
mal solution is related to the stealth level .420
i) If the stealth level is set large enough such that 421
tr[(I−2
vk
KTKyk)−1]+log|I−2
vk
KTKyk|422
+4[(1
2PSPT
S−I)(vk−1
yk−2KTK)−1KTsk]T−1
yk423
×[(1
2
PSPT
S−I)×(vk−1
yk−2KTK)−1KTsk]=2+m.424
(18) 425
has a unique solution vk, then the optimal mean and variance 426
are given by 427
μya
k=−2(1
2
PSPT
S−I)(vk−1
yk−2KTK)−1KTsk,428
ya
k=(−1
yk+2
vk·(1
l2
i,j∈S
pT
iKTKpjpipT
j−KTK))−1.429
ii) If the stealth level is set small enough such that (18) 430
has no solution, then vkcan be obtained by solving 431
tr[(I−2
vk
KTKyk)−1]+log|I−2
vk
KTKyk|=2+m.432
(19) 433
Accordingly, the optimal mean and variance are described 434
by 435
μya
k=0m×1,436
ya
k=(−1
yk+2
vk·(1
l2
i,j∈S
pT
iKTKpjpipT
j−KTK))−1.437
Proof: Note that problem P4 is a convex optimization 438
problem with multiple constraints, thus we define the follow- 439
ing Lagrangian function 440
L(ya
k,μya
k)=2sT
kKμya
k−Tr(KT
ya
kKT)−Tr(Kμya
kμT
ya
kKT)441
+vk[1
2tr(−1
ykya
k)+1
2log|yk|
|ya
k|442
+1
2μT
ya
k−1
ykμya
k−m
2−]443
+
i∈S
αipT
iμya
k+
i,j∈S
βij pT
i(ya
k−yk)pj,444
where vk,αiand βij are the Lagrangian multipliers. 445
Authorized licensed use limited to: Northeastern University. Downloaded on November 28,2022 at 02:04:03 UTC from IEEE Xplore. Restrictions apply.
3370 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 17, 2022
Based on the Karush-Kuhn-Tucker (KKT) condition, the446
derivative of L(ya
k,μya
k)with respect to ya
kand μya
kas well447
as the stealthy constraint can be described by448
∂L(ya
k,μya
k)
∂ya
k=−KTK+vk
2(−1
yk−−1
ya
k
)449
+
i,j∈S
βij pipT
j=0,(20)450
∂L(ya
k,μya
k)
∂μya
k=2KTsk−2KTKμya
k+vk−1
ykμya
k,451
+
i∈S
αipi=0,(21)452
and453
1
2tr(−1
ykya
k)+1
2log|yk|
|ya
k|+1
2μT
ya
k−1
ykμya
k−m
2−=0,
454
(22)455
pT
iμya
k=0,(23)456
pT
i(ya
k−yk)pj=0.(24)457
Let (20) multiply the left side by m∈SpT
mand the right458
side by n∈SpT
n, it results in459
i,j∈S
βij =1
l2
m,n∈S
pT
mKTKp
n.(25)460
From (20) and (25), it can obtain461
ya
k=(−1
yk+2
vk·(1
l2
m,n∈S
pT
mKTKp
n
462
×
i,j∈S
pipT
j−KTK))−1.(26)463
Similarly, (21) and (23) imply that464
μya
k=−2(1
2
PSPT
S−I)(vk−1
yk−2KTK)−1KTsk.(27)465
Substituting (26) and (27) into (22), it leads to466
tr[(I−2
vk
KTKyk)−1]+log|I−2
vk
KTKyk|467
+4[(1
2
PSPT
S−I)(vk−1
yk−2KTK)−1KTsk]T−1
yk
468
×[(1
2
PSPT
S−I)(vk−1
yk−2KTK)−1KTsk]=2+m.469
(28)470
In particular, the existence of the solution of (28) is similar471
to that of (38), thus it will not be further discussed.472
In summary, the solution of (28) contains the following two473
practical scenarios:474
i) if the stealth level is set large enough such that (28)475
has a unique solution vk, then the optimal variance and mean476
are obtained by (26) and (27);477
ii) if the stealth level is set small enough such that (28)478
has no solution, then vkcan be obtained by solving479
tr[(I−2
vk
KTKyk)−1]+log|I−2
vk
KTKyk|=2+m.480
Accordingly, the optimal mean and variance are described 481
by 482
μya
k=0m×1,483
ya
k=(−1
yk+2
vk·(1
l2
i,j∈S
pT
iKTKpjpipT
j−KTK))−1.484
485
Despite the system protection being adopted, Theorem 2 486
illustrates that attack (3) is still feasible. Immediately, three 487
new concerns arise: 488
(1) Does the existence of protected systems suppress the 489
influence of the stealthy attack (3)? 490
(2) When the encryption resources are restricted, how many 491
channels should be attacked? 492
(3) If the number of attacked channels is further limited, 493
which channels should be selected to launch attacks? 494
The stated problems will be discussed and analyzed in the 495
following corollary and theorem. 496
Corollary 1: For system (1) subject to attack (3), it can be 497
derived that 498
(1) let J1and J2denote the optimal performance degrada- 499
tion with and without encryption, respectively. Then, it always 500
follows that: J1<J2.501
(2) For protected systems with the limited encryption 502
resources, the adversaries should attack channels as much as 503
possible. 504
Proof: The two proofs are similar to the proof processes 505
of (42) to (51), thus they will not be further discussed. 506
To obtain an optimal attack scheduling, the trace of the 507
channel precision matrices θSi(i=1,···,N,N=Cl
m,508
l≤m) is introduced, where Siis the set of encrypted 509
communication channels. In specific, if i) (18) has a unique 510
solution, θSican be defined as θSi
=tr[1
2PSiPT
Si·−1
yk·511
(7
2I+1
2PSi
PT
Si
)(vi−1
yk−2KTK)−1·KTsksT
kK·(vi−1
yk−512
2KTK)−1].513
ii) (18) has no solutions, the corresponding θSiis degener- 514
ated to θSi
=|1/tr[(−1
yk+2
vk·(1
l2i,j∈SpT
iKTKpjpipT
j−515
KTK))−1]|.516
Theorem 3: Assume that the trace of the channel precision 517
matrices θSihas a partial order, without loss of generality, let 518
θS1≤θS2≤ ··· ≤ θSN,thenS1is the optimal selection of 519
attacked channels. 520
Proof: Considering Ndifferent encryption sets Siwith 521
N=Cl
mand |Si|=l,ifis set large enough such that (18) 522
have a solution, it results in 523
tr[(I−2
vi
KTKyk)−1]+log|I−2
vi
KTKyk|524
+4[(1
2
PSPT
S−I)(vi−1
yk−2KTK)−1KTsk]T−1
yk525
×[(1
2
PSPT
S−I)(vi−1
yk−2KTK)−1KTsk]=2+m.526
(29) 527
Notice that the trace of the channel precision matrices θSi528
has a partial order:529
θS1≤θS2≤···≤θSN.(30) 530
Authorized licensed use limited to: Northeastern University. Downloaded on November 28,2022 at 02:04:03 UTC from IEEE Xplore. Restrictions apply.
LI AND YE: MEASUREMENT-BASED OPTIMAL STEALTHY ATTACKS ON REMOTE STATE ESTIMATION 3371
From (29), (30) and the monotonicity analysis, one can531
easily obtain that532
v1≥v2≥···≥vN.533
Similar to the proof of (44) to (51), it follows that534
J1≥J2≥···≥ JN.(31)535
If is set small enough such that (18) have no solutions,536
θSihas a partial order implies that537
tr(ya
1)≥tr(ya
2)≥···≥tr(ya
N),538
i.e.,539
J1≥J2≥···≥ JN.(32)540
From (31) and (32), S1is the optimal selection of attacked541
channels. The proof is completed.542
Remark 5: The above results are consistent with intuition.543
Although protected systems equipped with encryption proce-544
dures reduce the feasible attack space, the shrewd attackers can545
still attack channels as much as possible and launch a non-zero546
mean Gaussian attack with a smaller θSito deteriorate the547
estimation performance.548
Remark 6: By introducing the concept of the partial order,549
Theorem 3 reflects which channels are more worthy of priority550
attack or defense. In this scenario, defenders can weaken the551
influence of attacks by reasonably allocating the available552
resources. Hence, defenders can also employ the exact oppo-553
site strategy to suppress the attackers’ abilities and protect554
system performances.555
V. S IMULATION EXAMPLES556
In this section, an unmanned aerial vehicle (UAV) with two557
communication channels is provided to illustrate theoretical558
results [41]. The UAV systems can be modeled by559
˙
V=−gμ+1
m
Pmax
100 ×δc
T−1
m(qS
aCD0+km2g2n2
y
qS
a
)560
˙μ=g
V×nc
y−g
V
561
˙ϕ=gny
V×γc
562
where V,μ,ϕ,δ
c
T,nc
yand γcare the UAV velocity, track563
angle, track azimuth, normal overload, roll angle, and thrust,564
respectively.565
According to [42], the UAV model is linearised with para-566
meter matrix567
A=⎛
⎝
0.9−0.98 0
010.194
001.125
⎞
⎠,
568
then other parameters of system (1) is set as C=I,569
Q=R=I. Moreover, 1,000 Monte Carlo tests are provided570
to verify the theoretical results.571
Assume that attacks initiate from t=20 and last until572
t=60. We first test the attack performance on unprotected573
systems. Specifically, three stealthy attacks are considered:574
random attack, zero-mean Gaussian attack and non-zero mean575
Fig. 4. Attacks on unprotected systems. (a) =0. (b) =10.
Fig. 5. Attacks on protected systems with =20.
Gaussian attack. In addition, all stealthy attacks satisfy the 576
constraint (II-B). 577
Fig. 4 reveals the influences of the stealth level on different 578
attack strategies. If is set large enough (such as =10) 579
so that (12) has a unique solution, non-zero mean Gaussian 580
attack is better in deteriorating the estimation performance. 581
Oppositely, =0 will result in that non-zero mean Gaussian 582
attack degenerates into zero-mean Gaussian attack. This is in 583
accordance with Theorem 1 and Remark 2. 584
Then, we analyze the attackers’ countermeasure against the 585
encryption methods. Without loss of generality, the stealth 586
level satisfies =20. For the encrypted channel sets Si587
(i=1,···,6), the corresponding index matrixes are defined 588
as 589
PS1PT
S1=diag{1,0,0},PS2PT
S2=diag{0,1,0},590
PS3PT
S3=diag{0,0,1},PS4PT
S4=diag{1,1,0},591
Authorized licensed use limited to: Northeastern University. Downloaded on November 28,2022 at 02:04:03 UTC from IEEE Xplore. Restrictions apply.
3372 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 17, 2022
Fig. 6. Trace of the channel precision matrices.
PS5PT
S5=diag{1,0,1},PS6PT
S6=diag{0,1,1}.592
The comparison of attack performances for protected systems593
is illustrated in Fig. 5. To maximize the degradation of system594
performance, the adversaries should attack channels as much595
as possible. In addition, if the encryption sources are limited,596
such as |S|=1, attacking the first and second channel597
is always an optimal choice. This is because the trace of598
the channel precision matrices has a partial order, which is599
illustrated in Fig. 6.600
VI. CONCLUSION601
In this paper, measurement-based optimal stealthy attacks602
for linear CPSs are analyzed to reveal the correlations between603
attacks and the stealth level . To illustrate the superiority of604
the methods, the convex optimization problems with and with-605
out system protections are formulated, respectively. By ana-606
lyzing the existence of solutions to the objective problems,607
the optimal mean and variance of the disrupted measurements608
are derived. Different from the existing zero-mean Gaussian609
attacks, the derived stealthy attacks can also obey non-zero610
mean Gaussian distribution and degenerate to the former in611
some special cases. Furthermore, if the trace of the channel612
precision matrices has a partial order, closed-form optimal613
selections are given. In the future, we can design non-linear614
encryption strategies for defenders to weaken the impact of615
attacks. Besides, the optimal decision between attackers and616
defenders based on the game-theoretic approach is also worthy617
of further investigation.618
APPENDIX619
Proof: [Proof of Theorem 1] Considering the property of620
differential entropies [35], the stealthy constraint in problem621
P2 can be rewritten as622
D(ya
kyk)≤1
2tr(−1
ykya
k)+1
2log|yk|
|ya
k|+μT
ya
k−1
ykμya
k−m
2
623
≤,624
where D(ya
kyk)=holds if and only if ya
kobeys a certain625
Gaussian distribution.626
Therefore, solving problem P2 is equivalent to solving627
P3: min
μya
k,ya
k
2sT
kKμya
k−Tr(KT
ya
kKT)−Tr(Kμya
kμT
ya
kKT)628
s.t. D(ya
kyk)≤1
2tr(−1
ykya
k)+1
2log|yk|
|ya
k|629
+1
2μT
ya
k−1
ykμya
k−m
2
630
≤. 631
Notice that problem P3 is a convex optimization prob- 632
lem with a single constraint, thus we define the following 633
Lagrangian function 634
L(ya
k,μya
k)=2sT
kKμya
k−Tr(KT
ya
kKT)−Tr(Kμya
kμT
ya
kKT)635
+vk[1
2tr(−1
ykya
k)+1
2log|yk|
|ya
k|636
+1
2μT
ya
k−1
ykμya
k−m
2−],637
where vk>0 is the Lagrangian multiplier. 638
Based on the Karush-Kuhn-Tucker (KKT) condition, the 639
derivative of L(ya
k,μya
k)concerning ya
kand μya
kas well 640
as the stealthy constraint can be described by 641
∂L(ya
k,μya
k)
∂ya
k=−KTK+vk
2−1
yk−vk
2−1
ya
k=0,(33) 642
∂L(ya
k,μya
k)
∂μya
k=2KTsk−2KTKμya
k+vk−1
ykμya
k=0,643
(34) 644
and 645
1
2tr(−1
ykya
k)+1
2log|yk|
|ya
k|+1
2μT
ya
k−1
ykμya
k−m
2−=0.646
(35) 647
From (33) and (34), one can obtain 648
ya
k=(−1
yk−2
vk
KTK)−1,(36) 649
μya
k=−2(vk−1
yk−2KTK)−1KTsk.(37) 650
Substituting (36) and (37) into (35), it results in 651
tr[(I−2
vk
KTKyk)−1]+log|I−2
vk
KTKyk|+4sT
kK
v2
k
yk652
×(I−2
vk
KTKyk)−T(I−2
vk
KTKyk)−1KTsk=2+m.653
(38) 654
Then, we analyze the existence of the solution of (38). Let 655
λi>0(i∈{1,···,m})be the eigenvalues of KTKyk,itis 656
easy to see 657
tr[(I−2
vk
KTKyk)−1]+log|I−2
vk
KTKyk|658
=
m
i=1[1
1−2
vkλi]+log|1−2
vk
λi|.(39) 659
For simplicity, let x=1−2
vkλiand x∈(−∞,1),thefirst 660
derivative of (39) is given by 661
m
i=1
(log|x|+1
x)=
m
i=1
x−1
x2<0.(40) 662
Authorized licensed use limited to: Northeastern University. Downloaded on November 28,2022 at 02:04:03 UTC from IEEE Xplore. Restrictions apply.
LI AND YE: MEASUREMENT-BASED OPTIMAL STEALTHY ATTACKS ON REMOTE STATE ESTIMATION 3373
The negativity of (40) means (39) is strictly monotonically663
decreasing with respect to 1 −2
vkλi. Moreover, since x=664
1−2
vkλiis strictly monotonically increasing with respect to665
vk, which directly leads to tr[(I−2
vkKTKyk)−1]+log|I−666
2
vkKTKyk|is strictly monotonically decreasing with respect667
to vk. The conclusion implies tr[(I−2
vkKTKyk)−1]+log|I−668
2
vkKTKyk|is bounded, i.e.669
tr[(I−2
vk
KTKyk)−1]+log|I−2
vk
KTKyk|∈(m,+∞).670
We now prove that the last term on the left side of (38) is671
also strictly monotonically decreasing concerning vk. Suppose672
v1>v
2, it follows that673
tr[(v2I−2KTKyk)−T(v2I−2KTKyk)−1
674
−(v1I−2KTKyk)−T(v1I−2KTKyk)−1]>0.675
Moreover, it is observed that [(v2I−2KTKyk)−T(v2I−676
2KTKyk)−1−(v1I−2KTKyk)−T(v1I−2KTKyk)−1]is677
a positive definite matrix. Therefore, it can be derived that678
4tr[sT
kKyk(v1I−2KTKyk)−T(v1I679
−2KTKyk)−1KTsk]680
<4tr[sT
kKyk(v2I−2KTKyk)−T(v2I681
−2KTKyk)−1KTsk],682
which implies that the last term on the left side of (38) is also683
strictly monotonically decreasing concerning vk.684
Immediately, a meaningful problem is that how the value685
of affects the existence of solution of (38).686
Notice that:687
(1) the left side of (38) is strictly monotonically decreasing688
with respect to vk;689
(2) tr[(I−2
vkKTKyk)−1]+log|I−2
vkKTKyk|∈690
(m,+∞);691
(3) 4sT
kK
v2
k
yk×(I−2
vkKTKyk)−T(I−692
2
vkKTKyk)−1KTsk=μT
ya
k
−1
ykμya
k>0.693
For a given stealth level , the solution of (38) contains the694
following two practical scenarios.695
i) If (38) has no solution, it implies that the optimal mean696
μya
k= 0m×1does not hold. Then, the optimal mean and the697
variance of the disrupted measurement ya
kare given by698
μya
k=0m×1,699
ya
k=(−1
yk−2
vk
KTK)−1.700
where vkis the solution of the following equation:701
tr[(I−2
vk
KTKyk)−1]+log|I−2
vk
KTKyk|=2+m.702
(41)703
ii) If (38) has a unique real solution, then (41) will also704
have a solution, which leads to two different attack strategies.705
In this scenario, a brief comparison is given as follows.706
For convenience, we rewrite (38) and (41) by introducing707
v1and v2,i.e.708
tr[(I−2
v1
KTKyk)−1]+log|I−2
v1
KTKyk|+4sT
kK
v2
1
yk
709
×(I−2
v1
KTKyk)−T(I−2
v1
KTKyk)−1KTsk=2+m,710
(42) 711
tr[(I−2
v2
KTKyk)−1]+log|I−2
v2
KTKyk|=2+m.712
(43) 713
Due to 4sT
kK
v2
1
yk×(I−2
v1KTKyk)−T(I−714
2
v1KTKyk)−1KTsk=μT
ya
k
−1
ykμya
k>0, from (42), 715
(43) and the monotonicity analysis, it results in 716
v1>v
2.(44) 717
Furthermore, it follows that 718
log|I−2
v2
KTKyk|>log|I−2
v1
KTKyk|.(45) 719
From (42), (43) and (45), it can be obtained that 720
tr[(I−2
v1
KTKyk)−1]+4sT
kK
v2
1
yk×(I−2
v1
KTKyk)−T721
×(I−2
v1
KTKyk)−1KTsk>tr[(I−2
v2
KTKyk)−1],722
which is equivalent to 723
tr(−1
ykya
k)|v1+μT
ya
k−1
ykμya
k|v1>tr(−1
ykya
k)|v2.(46) 724
From problem P2, the objective function under two attack 725
strategies can be denoted by 726
J1=[−2sT
kKμya
k+Tr(KT
ya
kKT)+Tr(Kμya
kμT
ya
kKT)]|v1727
(47) 728
and 729
J2=[Tr(KT
ya
kKT)]|v2.(48) 730
Moreover, (46) implies that 731
[tr(KT
ya
kKT)+tr(Kμya
kμT
ya
kKT)]|v1>tr(KT
ya
kKT)|v2.732
(49) 733
Notice that 734
−2sT
kKμya
k|v1=2sT
kK×(−2(v1−1
yk−2KTK)−1KTsk)735
=4sT
kK(v1−1
yk−2KTK)−1KTsk>0.(50) 736
From (47), (48), (49) and (50), it can be derived that 737
J1>J2.(51) 738
Obviously, the first attack strategy is always better in the 739
scenario. The proof is completed. 740
741
REFERENCES 742
[1] P. Zhuang, R. Deng, and H. Liang, “False data injection attacks 743
against state estimation in multiphase and unbalanced smart distribution 744
systems,” IEEE Trans. Smart Grid, vol. 10, no. 6, pp. 6000–6013, 745
Nov. 2019. 746
[2] Y. Mo, R. Chabukswar, and B. Sinopoli, “Detecting integrity attacks on 747
SCADA systems,” IEEE Trans. Control Syst. Technol., vol. 22, no. 4, 748
pp. 1396–1407, Sep. 2014. 749
Authorized licensed use limited to: Northeastern University. Downloaded on November 28,2022 at 02:04:03 UTC from IEEE Xplore. Restrictions apply.
3374 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 17, 2022
[3] D. Ye and T. Y. Zhang, “Summation detector for false data-injection750
attack in cyber-physical systems,” IEEE Trans. Cybern., vol. 50, no. 6,751
pp. 2338–2445, Jun. 2020.752
[4] T. Y. Zhang and D. Ye, “False data injection attacks with complete753
stealthiness in cyber–physical systems: A self-generated approach,”754
Automatica, vol. 120, Oct. 2020, Art. no. 109117.755
[5] X. Ge, Q.-L. Han, M. Zhong, and X.-M. Zhang, “Distributed Krein756
space-based attack detection over sensor networks under deception757
attacks,” Automatica, vol. 109, Nov. 2019, Art. no. 108557.758
[6] Z. Zhang, R. Deng, D. K. Yau, P. Cheng, and J. Chen, “Analysis of759
moving target defense against false data injection attacks on power grid,”760
IEEE Trans. Inf. Forensics Security, vol. 15, pp. 2320–2335, 2019.761
[7] A. Teixeira, I. Shames, H. Sandberg, and K. H. Johansson, “A secure762
control framework for resource-limited adversaries,” Automatica,763
vol. 51, pp. 135–148, Jan. 2015.764
[8] D. Ye, T.-Y. Zhang, and G. Guo, “Stochastic coding detection scheme765
in cyber-physical systems against replay attack,” Inf. Sci., vol. 481,766
pp. 432–444, May 2019.767
[9] Y. Mo and B. Sinopoli, “Secure control against replay attacks,” in768
Proc. 47th Annu. Allerton Conf. Commun., Control, Comput. (Allerton),769
Sep. 2009, pp. 911–918.770
[10] M. N. Kurt, Y. Yılmaz, and X. Wang, “Real-time detection of hybrid771
and stealthy cyber-attacks in smart grid,” IEEE Trans. Inf. Forensics772
Security, vol. 14, no. 2, pp. 498–513, Feb. 2019.773
[11] K. M. Ding, X. Q. Ren, D. E. Quevedo, S. Dey, and L. Shi, “Defensive774
deception against reactive jamming attacks in remote state estimation,”775
Automatica, vol. 113, Mar. 2020, Art. no. 108680.776
[12] D. Wang, J. Huang, Y. Tang, and F. Li, “A watermarking strategy777
against linear deception attacks on remote state estimation under K–L778
divergence,” IEEE Trans. Ind. Informat., vol. 17, no. 5, pp. 3273–3281,779
May 2021.780
[13] S. Ghosh, M. R. Bhatnagar, W. Saad, and B. K. Panigrahi, “Defending781
false data injection on state estimation over fading wireless channels,”782
IEEE Trans. Inf. Forensics Security, vol. 16, pp. 1424–1439, 2021.783
[14] Y. Li, L. Shi, and T. Chen, “Detection against linear deception attacks on784
multi-sensor remote state estimation,” IEEE Trans. Control Netw. Syst.,785
vol. 5, no. 3, pp. 846–856, Sep. 2018.786
[15] F. Miao, M. Pajic, and G. J. Pappas, “Stochastic game approach for787
replay attack detection,” in Proc. 52nd IEEE Conf. Decis. Control,788
Dec. 2013, pp. 1854–1859.789
[16] H. Yuan, Y. Xia, J. Zhang, H. Yang, and M. S. Mahmoud, “Stackelberg-790
game-based defense analysis against advanced persistent threats on791
cloud control system,” IEEE Trans. Ind. Informat., vol. 16, no. 3,792
pp. 1571–1580, Mar. 2020.793
[17] C.-Z. Bai, F. Pasqualetti, and V. Gupta, “Security in stochastic control794
systems: Fundamental limitations and performance bounds,” in Proc.795
Amer. Control Conf. (ACC), Jul. 2015, pp. 195–200.796
[18] C. Z. Bai, F. Pasqualetti, and V. Gupta, “Data-injection attacks in797
stochastic control systems: Detectability and performance tradeoffs,”798
Automatica, vol. 82, pp. 251–260, Aug. 2017.799
[19] C.-Z. Bai, V. Gupta, and F. Pasqualetti, “On Kalman filtering with800
compromised sensors: Attack stealthiness and performance bounds,”801
IEEE Trans. Autom. Control, vol. 62, no. 12, pp. 6641–6648, Dec. 2017.802
[20] E. Kung, S. Dey, and L. Shi, “The performance and limitations of –803
stealthy attacks on higher order systems,” IEEE Trans. Autom. Control,804
vol. 62, no. 2, pp. 941–947, Feb. 2017.805
[21] Z. Guo, D. Shi, K. H. Johansson, and L. Shi, “Optimal linear cyber-806
attack on remote state estimation,” IEEE Trans. Control Netw. Syst.,807
vol. 4, no. 1, pp. 4–13, Mar. 2017.808
[22] G. Y. Wu, J. Sun, and J. Chen, “Optimal data injection attacks in cyber-809
physical systems,” IEEE Trans. Cybern., vol. 48, no. 12, pp. 3302–3312,810
Dec. 2018.811
[23] R. Zhang and P. Venkitasubramaniam, “Stealthy control signal attacks812
in linear quadratic Gaussian control systems: Detectability reward trade-813
off,” IEEE Trans. Inf. Forensics Security, vol. 12, no. 7, pp. 1555–1570,814
Jul. 2017.815
[24] A.-Y. Lu and G.-H. Yang, “Switched projected gradient descent algo-816
rithms for secure state estimation under sparse sensor attacks,” Automat-817
ica, vol. 103, pp. 503–514, May 2019.818
[25] Z. H. Pang, L. Z. Fan, Z. Dong, Q. L. Han, and G. P. Liu, “False819
data injection attacks against partial sensor measurements of networked820
control systems,” IEEE Trans. Circuits Syst. II, Exp. Briefs, vol. 69,821
no. 3, pp. 1507–1511, Mar. 2022.822
[26] Y.-G. Li and G.-H. Yang, “Optimal stealthy false data injection attacks823
in cyber-physical systems,” Inf. Sci., vol. 481, pp. 474–490, May 2019.824
[27] Y.-G. Li and G.-H. Yang, “Optimal stealthy innovation-based attacks 825
with historical data in cyber-physical systems,” IEEE Trans. Syst., Man, 826
Cybern., Syst., vol. 51, no. 6, pp. 3401–3411, Jun. 2021. 827
[28] H. Song, P. Shi, C.-C. Lim, W.-A. Zhang, and L. Yu, “Attack and 828
estimator design for multi-sensor systems with undetectable adversary,” 829
Automatica, vol. 109, Nov. 2019, Art. no. 108545. 830
[29] F. Miao, Q. Zhu, M. Pajic, and G. J. Pappas, “Coding schemes for 831
securing cyber-physical systems against stealthy data injection attacks,” 832
IEEE Trans. Control Netw. Syst., vol. 4, no. 1, pp. 106–117, Mar. 2017. 833
[30] Z.-H. Pang, L.-Z. Fan, J. Sun, K. Liu, and G.-P. Liu, “Detection of 834
stealthy false data injection attacks against networked control systems 835
via active data modification,” Inf. Sci., vol. 546, pp. 192–205, Feb. 2021. 836
[31] M. Kishida, “Encrypted control system with quantiser,” IET Control 837
Theory Appl., vol. 13, no. 1, pp. 146–151, Jan. 2019. 838
[32] J. Shang, M. Chen, and T. Chen, “Optimal linear encryption against 839
stealthy attacks on remote state estimation,” IEEE Trans. Autom. Control,840
vol. 66, no. 8, pp. 3592–3607, Aug. 2021. 841
[33] C. Fang, Y. Qi, J. Chen, R. Tan, and W. X. Zheng, “Stealthy actuator sig- 842
nal attacks in stochastic control systems: Performance and limitations,” 843
IEEE Trans. Autom. Control, vol. 65, no. 9, pp. 3927–3934, Sep. 2020. 844
[34] Z. Guo, D. Shi, K. H. Johansson, and L. Shi, “Worst-case stealthy 845
innovation-based linear attack on remote state estimation,” Automatica,846
vol. 89, pp. 117–124, Mar. 2018. 847
[35] E. Kung, S. Dey, and L. Shi, “Optimal stealthy attack under KL 848
divergence and countermeasure with randomized threshold,” IFAC- 849
PapersOnLine, vol. 50, no. 1, pp. 9496–9501, Jul. 2017. 850
[36] C. Peng, H. Sun, M. Yang, and Y.-L. Wang, “A survey on security com- 851
munication and control for smart grids under malicious cyber attacks,” 852
IEEE Trans. Syst., Man, Cybern., Syst., vol. 49, no. 8, pp. 1554–1569, 853
Aug. 2019. 854
[37] T. Lan, W. Wang, and G. M. Huang, “False data injection attack in smart 855
grid topology control: Vulnerability and countermeasure,” in Proc. IEEE 856
Power Energy Soc. Gen. Meeting, Chicago, IL, USA, Jul. 2017, pp. 1–5. 857
[38] B. Qu, Z. Wang, B. Shen, and H. Dong, “Distributed state estimation 858
for renewable energy microgrids with sensor saturations,” Automatica,859
vol. 131, Sep. 2021, Art. no. 109730. 860
[39] C. Deng, Y. Wang, C. Wen, Y. Xu, and P. Lin, “Distributed resilient 861
control for energy storage systems in cyber–physical microgrids,” IEEE 862
Trans. Ind. Informat., vol. 17, no. 2, pp. 1331–1341, Feb. 2021. 863
[40] B. Qu, Z. Wang, and B. Shen, “Fusion estimation for a class of multi-rate 864
power systems with randomly occurring SCADA measurement delays,” 865
Automatica, vol. 125, Mar. 2021, Art. no. 109408. 866
[41] L. Guo, H. Yu, and F. Hao, “Optimal allocation of false data injec- 867
tion attacks for networked control systems with two communication 868
channels,” IEEE Trans. Control Netw. Syst., vol. 8, no. 1, pp. 2–14, 869
Mar. 2021. 870
[42] G. Sun et al., “Cooperative formation control of multiple aerial vehicles 871
based on guidance route in a complex task environment,” Chin. J. 872
Aeronaut., vol. 33, no. 2, pp. 701–720, Feb. 2020. 873
Pengyu Li received the B.S. degree from the North 874
University of China, Taiyuan, China, in 2017, and 875
the M.S. degree from the School of Information Sci- 876
ence and Engineering, Lanzhou University, Lanzhou, 877
China, in 2020. He is currently pursuing the Ph.D. 878
degree in control science and engineering with 879
the College of Information Science and Engineer- 880
ing, Northeastern University, Shenyang, China. His 881
current research interests include the security of 882
cyber-physical systems and network systems. 883
Dan Ye (Senior Member, IEEE) received the B.S. 884
and M.S. degrees in mathematics and applied mathe- 885
matics from Northeast Normal University, China, in 886
2001 and 2004, respectively, and the Ph.D. degree 887
in control theory and engineering from Northeastern 888
University, China, in 2008. She was a Lecturer with 889
Northeastern University from 2008 to 2010. She is 890
currently a Professor with the College of Information 891
Science and Engineering, Northeastern University. 892
Her research interests include fault-tolerant control, 893
robust control, adaptive control, and the security of 894
cyber-physical systems. 895
Authorized licensed use limited to: Northeastern University. Downloaded on November 28,2022 at 02:04:03 UTC from IEEE Xplore. Restrictions apply.
