Table Of ContentSecure state-estimation for dynamical systems
under active adversaries
Hamza Fawzi
Joint work with Paulo Tabuada and Suhas Diggavi
1/16
Why security for control systems?
(cid:73) Control systems are physical processes (chemical plants, power grid,
mechanical system, etc.)
(cid:73) Control systems becoming larger (large sensor networks) and increasingly
open to the cyber-world (e.g., internet) ⇒ increased vulnerability to
attacks
(cid:73) Examples of real attacks: Sewage control system (Queensland, Australia,
2000), Natural gas pipelines (Russia, 2000), Stuxnet (2010), ...
(cid:73) Need efficient ways to detect attacks on control systems...
Formoreinfoonsecurityforcontrolsystemssee[Cardenas,Amin,Sastry,2008]
2/16
Security for control systems
(cid:73) (Some of the) existing works on adversarial, malicious attacks:
• Optimal control in the presence of intelligent jammer (cf. Gupta, Langbort
and Basar, 2010)
(cid:73) game-theoreticapproach;attacker’sobjectiveistomaximizecostfunction
• Secure state-estimation for power network against malicious attacks (cf.
Pasqualetti, Dorfler, Bullo (2011))
(cid:73) attack-detectionfilterisproposed,butcomputationallyexpensive
(combinatorial,testallpossibleattacksets)
(cid:73) This talk: efficient algorithm to estimate the state of a linear
dynamical system when sensors are attacked
3/16
+ e(t)
(cid:124)(cid:123)(cid:122)(cid:125)
attack
vector
• Ifsensori isattacked,e(t) canbearbitrary (noboundednessassumption,no
i
stochastic model, etc.)
(cid:73) A total of p sensors monitor state of plant: (y(t) ∈Rp)
y(t) =Cx(t)
(cid:73) Some sensors are attacked
• e(t) (cid:54)=0 −→ sensor i is attacked at time t
i
(cid:73) Set of attacked sensors (unknown) is denoted by K ⊂{1,...,p}:
support(e(t))=K ∀t =0,1,...
(cid:73) Number of attacked sensors will be denoted by q: |K|=q
(cid:73) Objective: Given observations y(0),...,y(T−1): recover state x(0) of physical
plant from observations (attack set K is unknown)
The setup
(cid:73) Physical process modeled as a linear dynamical system
x(t+1) =Ax(t)
4/16
• Ifsensori isattacked,e(t) canbearbitrary (noboundednessassumption,no
i
stochastic model, etc.)
+ e(t)
(cid:124)(cid:123)(cid:122)(cid:125)
attack
vector
(cid:73) Some sensors are attacked
• e(t) (cid:54)=0 −→ sensor i is attacked at time t
i
(cid:73) Set of attacked sensors (unknown) is denoted by K ⊂{1,...,p}:
support(e(t))=K ∀t =0,1,...
(cid:73) Number of attacked sensors will be denoted by q: |K|=q
(cid:73) Objective: Given observations y(0),...,y(T−1): recover state x(0) of physical
plant from observations (attack set K is unknown)
The setup
(cid:73) Physical process modeled as a linear dynamical system
x(t+1) =Ax(t)
(cid:73) A total of p sensors monitor state of plant: (y(t) ∈Rp)
y(t) =Cx(t)
4/16
• Ifsensori isattacked,e(t) canbearbitrary (noboundednessassumption,no
i
stochastic model, etc.)
(cid:73) Set of attacked sensors (unknown) is denoted by K ⊂{1,...,p}:
support(e(t))=K ∀t =0,1,...
(cid:73) Number of attacked sensors will be denoted by q: |K|=q
(cid:73) Objective: Given observations y(0),...,y(T−1): recover state x(0) of physical
plant from observations (attack set K is unknown)
The setup
(cid:73) Physical process modeled as a linear dynamical system
x(t+1) =Ax(t)
(cid:73) A total of p sensors monitor state of plant: (y(t) ∈Rp)
y(t) =Cx(t)+ e(t)
(cid:124)(cid:123)(cid:122)(cid:125)
attack
vector
(cid:73) Some sensors are attacked
• e(t) (cid:54)=0 −→ sensor i is attacked at time t
i
4/16
(cid:73) Set of attacked sensors (unknown) is denoted by K ⊂{1,...,p}:
support(e(t))=K ∀t =0,1,...
(cid:73) Number of attacked sensors will be denoted by q: |K|=q
(cid:73) Objective: Given observations y(0),...,y(T−1): recover state x(0) of physical
plant from observations (attack set K is unknown)
The setup
(cid:73) Physical process modeled as a linear dynamical system
x(t+1) =Ax(t)
(cid:73) A total of p sensors monitor state of plant: (y(t) ∈Rp)
y(t) =Cx(t)+ e(t)
(cid:124)(cid:123)(cid:122)(cid:125)
attack
vector
(cid:73) Some sensors are attacked
• e(t) (cid:54)=0 −→ sensor i is attacked at time t
i
• Ifsensori isattacked,e(t) canbearbitrary (noboundednessassumption,no
i
stochastic model, etc.)
4/16
(cid:73) Number of attacked sensors will be denoted by q: |K|=q
(cid:73) Objective: Given observations y(0),...,y(T−1): recover state x(0) of physical
plant from observations (attack set K is unknown)
The setup
(cid:73) Physical process modeled as a linear dynamical system
x(t+1) =Ax(t)
(cid:73) A total of p sensors monitor state of plant: (y(t) ∈Rp)
y(t) =Cx(t)+ e(t)
(cid:124)(cid:123)(cid:122)(cid:125)
attack
vector
(cid:73) Some sensors are attacked
• e(t) (cid:54)=0 −→ sensor i is attacked at time t
i
• Ifsensori isattacked,e(t) canbearbitrary (noboundednessassumption,no
i
stochastic model, etc.)
(cid:73) Set of attacked sensors (unknown) is denoted by K ⊂{1,...,p}:
support(e(t))=K ∀t =0,1,...
4/16
(cid:73) Objective: Given observations y(0),...,y(T−1): recover state x(0) of physical
plant from observations (attack set K is unknown)
The setup
(cid:73) Physical process modeled as a linear dynamical system
x(t+1) =Ax(t)
(cid:73) A total of p sensors monitor state of plant: (y(t) ∈Rp)
y(t) =Cx(t)+ e(t)
(cid:124)(cid:123)(cid:122)(cid:125)
attack
vector
(cid:73) Some sensors are attacked
• e(t) (cid:54)=0 −→ sensor i is attacked at time t
i
• Ifsensori isattacked,e(t) canbearbitrary (noboundednessassumption,no
i
stochastic model, etc.)
(cid:73) Set of attacked sensors (unknown) is denoted by K ⊂{1,...,p}:
support(e(t))=K ∀t =0,1,...
(cid:73) Number of attacked sensors will be denoted by q: |K|=q
4/16
The setup
(cid:73) Physical process modeled as a linear dynamical system
x(t+1) =Ax(t)
(cid:73) A total of p sensors monitor state of plant: (y(t) ∈Rp)
y(t) =Cx(t)+ e(t)
(cid:124)(cid:123)(cid:122)(cid:125)
attack
vector
(cid:73) Some sensors are attacked
• e(t) (cid:54)=0 −→ sensor i is attacked at time t
i
• Ifsensori isattacked,e(t) canbearbitrary (noboundednessassumption,no
i
stochastic model, etc.)
(cid:73) Set of attacked sensors (unknown) is denoted by K ⊂{1,...,p}:
support(e(t))=K ∀t =0,1,...
(cid:73) Number of attacked sensors will be denoted by q: |K|=q
(cid:73) Objective: Given observations y(0),...,y(T−1): recover state x(0) of physical
plant from observations (attack set K is unknown)
4/16
Description:Secure state-estimation for dynamical systems under active adversaries. Hamza Fawzi. Joint work with Paulo Tabuada and Suhas Diggavi. 1/16
