Dynamic Attack Detection in Cyber-Physical Systems with Side Initial State Information
11 Dynamic Attack Detection in Cyber-Physical Systemswith Side Initial State Information
Yuan Chen, Soummya Kar, and Jos´e M. F. Moura
Abstract —This paper studies the impact of side initial state informationon the detectability of data deception attacks against cyber-physicalsystems. We assume the attack detector has access to a linear functionof the initial system state that cannot be altered by an attacker.First, we provide a necessary and sufficient condition for an attackto be undetectable by any dynamic attack detector under each specificside information pattern. Second, we characterize attacks that can besustained for arbitrarily long periods without being detected. Third, wedefine the zero state inducing attack, the only type of attack that remainsdynamically undetectable regardless of the side initial state informationavailable to the attack detector. Finally, we design a dynamic attackdetector that detects detectable attacks.
I. I
NTRODUCTION
Cyber-physical systems (CPS) monitor and regulate many crit-ical large-scale infrastructures such as the power grid and waterdistribution systems. Events such as the Maroochy Shire CouncilSewage control incident and the Stuxnet malware attack have broughtincreased awareness to the issue of securing large scale systems [1],[2]. Smaller applications such as robotic platforms and the moderncommercial automobile [3] are also equipped with intercommuni-cating sensor, computation, and actuator components for a varietyof control tasks and can fall suspect to cyber attack. A maliciousattacker can hijack the communication channels between the sensor,computation, and actuator components, modify the data values sentbetween components, and manipulate the system’s behavior [4].To ensure proper operation of CPS, it is necessary to design andimplement security measures against attacks. One important aspect ofsecurity is attack detection that allows the system to take correctiveactions and mitigate damaging behavior. Static attack detectors checkthe consistency of the system output at a single time step [5], [6],but are unable to detect any attacks on the actuators since they donot consider system dynamics [7]. Reference [7] describes dynamicattack detectors that use the system dynamics, sensing topology, andthe history of actuator inputs and sensor outputs to determine whetheror not a data deception attack has occurred in a given time window.There are certain attacks, called stealthy or undetectable attacks, thatno dynamic detector can detect. Stealthy dynamic attacks change thesystem output in such a way that the output of the system could arisefrom the system when it is not under attack [7].There are several methods to implement attack detection. In [8]and [9], the authors analyze dynamic attacks that go undetected bydetectors of bad data (e.g., data resulting from sensor failures) fordynamical systems with process and sensor noise. References [10]and [11] provide algorithms to both detect and reconstruct the dy-namic attack. The authors of [12] use sparse optimization techniquesto detect and identify deception attacks in electric power systems.
Yuan Chen { (412)-268-7103 } , Soummya Kar { (412)-268-8962 } , andJos´e M.F. Moura { (412)-268-6341, fax: (412)-268-3890 } are withthe Department of Electrical and Computer Engineering, CarnegieMellon University, Pittsburgh, PA 15217 { yuanche1, soummyak,moura } @andrew.cmu.edu This material is based on research sponsored by DARPA under agreementnumber DARPA FA8750-12-2-0291. The U.S. Government is authorized toreproduce and distribute reprints for Governmental purposes notwithstandingany copyright notation thereon.The views and conclusions contained herein are those of the authors andshould not be interpreted as necessarily representing the official policies orendorsements, either expressed or implied, of DARPA or the U.S. Govern-ment.
Our previous work [13] uses geometric control techniques to analyzethe limitations of detecting sparse sensor attacks. A different classof attack detectors, known as active attack detectors, determine thepresence of a deception attack by randomly perturbing the system’sinput and measuring the output [14]. Reference [15] surveys faultdetection techniques in dynamic systems that are related to attackdetection in CPS. While previous work in attack detection [4], [7],[8], [9], [16] focuses on detectability of attacks, this note preciselyclarifies how attack detector performance is sensitive to availableinformation (specifically initial state information) and time horizons.We present four main contributions. First, we derive a necessaryand sufficient condition for an attack to be undetectable when thedetector has side initial state information given by an uncorruptedlinear function of the initial system state. When the detector has initialstate information, an attack is undetectable if and only if it induces astate in the intersection of the system’s weakly unobservable subspaceand the null space of the side information matrix. Second, we showthat an undetectable attack can be maintained if and only if the sum ofthe change in state produced by the attack and the zero input evolutionof the state induced by the attack belong to the system’s weaklyunobservable subspace. An attack that is undetectable to a certaintime point may become detectable at a future time as the detectorobtains new sensor measurements. Undetectable attacks that can bemaintained indefinitely are a greater security concern than attacksthat become detectable after a finite time period. Third, we introducethe zero state inducing attack that is undetectable regardless of thedetector’s initial state information. We show that such an attack existsif and only if the intersection of the system’s output-nulling reachablesubspace over one time-step and its weakly unobservable subspaceis nonzero. While access to initial state information improves theperformance of attack detectors, it is practically important to identifythe existence of attacks that are undetectable regardless of thedetector’s initial state information. Finally, we design a dynamicattack detector that uses side initial state information, has no falsealarms, and only misses undetectable attacks.The rest of this note is organized as follows. In Section II,we specify the system and attack model, review attack detection,introduce side information, and formally state the problem. Section IIIcontains our main technical contributions. Section IV gives theproofs of our main results, section V provides a numerical exampleillustrating the performance of detectors with side information, andwe conclude in Section VI.II. B
ACKGROUND
A. System Model
The cyber-physical system is modeled by x ( k + 1) = Ax ( k ) + Bu ( k ) + Ba ( k ) ,y ( k ) = Cx ( k ) + Du ( k ) + Da ( k ) , (1)where: x ∈ R n is the system state, y ∈ R p is the system output, k ∈ Z is the time index, u ∈ R m is the known input, and a ( k ) ∈ R s is theunknown attack. Since the input u ( k ) is known, its contribution to theoutput y ( k ) is also known, and therefore, u ( k ) can be ignored. Thus,for the remainder of the paper, unless otherwise stated, we considerthe case of u ( k ) ≡ , ∀ k = 0 , , . . . , without loss of generality.Accordingly, we modify the system model to be x ( k + 1) = Ax ( k ) + Ba ( k ) ,y ( k ) = Cx ( k ) + Da ( k ) . (2)The matrices B and D describe the capabilities of the attacker.We provide details on the attacker in Section II-C. We use the a r X i v : . [ m a t h . O C ] J un notation Σ = (
A, B, C, D ) to represent the system in equation (2).Throughout, we make the following assumption. Assumption 1.
The pair ( A, C ) is observable. Equation (2) with Assumption 1 is a standard model used in thecyber-physical security literature, e.g., [10], [16].We consider the following sequences: the output sequence (orsystem output trajectory) Y ( T ) = (cid:2) y (0) T y (1) T · · · y ( T ) T (cid:3) T , (3)and the unknown attack sequence E ( T ) = (cid:2) a (0) T a (1) T · · · a ( T ) T (cid:3) T , (4)with T ≥ n − . An attack occurs when E ( T ) (cid:54) = 0 . The outputtrajectory for the deterministic system (1) is Y ( T ) = O T x (0) + M T E ( T ) , (5)where x (0) is the system’s initial state, O T is the extended observ-ability matrix, O T = CCA ... CA T , (6)and M T is the input-output matrix, M T = D · · · CB D · · · CAB CB D · · · ... ... . . . . . . ... CA t B CA t B · · · CB D , (7)where t i = T − i . In our results, we will also work with the extendedcontrollability matrix C T : C T = (cid:2) A T B A T − B · · · B (cid:3) . (8)The change in state produced by an attack E ( T ) is C T E ( T ) .We now consider side initial state information. The detector knowsthe side initial state information y Ω = Ω x (0) , (9)where y Ω ∈ R q and Ω ∈ R q × n . We call Ω the side informationmatrix. The matrix Ω having full column rank corresponds to thecase in which y Ω gives full information about x (0) , i.e., assumingthat we know Ω , we can exactly determine x (0) from y Ω when Ω is full rank. The matrix Ω being the zero matrix corresponds to thecase in which y Ω gives no information about x (0) .The side information y Ω captures knowledge of the initial state x (0) from the physical description of the system. For example,consider a remotely controlled vehicle whose state consists of itsposition and velocity. At t = 0 the initial velocity is known to be , since, by definition, the system was not running before t = 0 .We consider the initial position to be unknown since the vehicle isremotely controlled. We emphasize that the side information y Ω doesnot rely on sensor measurements. For this reason, the attacker cannotmodify the side information y Ω . The term “system” refers to the cyber-physical system and attackercollectively. The cyber-physical system gives the A and C matrices of Σ ,while the attacker gives the B and D matrices of Σ . B. Extended System Subspaces
Throughout this note, we use properties of the system’s extendedobservability and reachability subspaces (defined in [17] and [18]) toderive our results. We review their definitions here.
Definition 1 (Weakly Unobservable Subspace V (Σ) [17]) . Theweakly unobservable subspace of a system Σ , V (Σ) , is the subspaceof all x ∈ R n such that, for a system with initial condition x (0) = x ,there exists an input sequence E ( n − so that the output trajectoryis Y ( n −
1) = 0 . A state x (0) belongs to the weakly unobservable subspace of Σ ifand only if there exists an input sequence E ( T ) such that [17], [18] M T E ( T ) + O T x (0) = 0 for any T = 0 , , , . . . References [18], [17], [19], [20] present approaches to calculate abasis for V (Σ) .Another extended system subspace of interest is the output-nullingreachable subspace over k steps. Definition 2 (Output-nulling Reachable Subspace W k [18]) . Theoutput-nulling reachable subspace over k steps, W k , is the subspaceof all states x ∈ R n such that there exists an input (attack) sequence E ( k − that brings the system from x (0) = 0 to x ( k ) = x whileproducing the output sequence Y ( k −
1) = 0 . The output-nulling reachable subspace over k steps is the subspaceof all states x ∈ R n for which there exists E ( k − ∈ R sk suchthat C k − E ( k −
1) = x and M k − E ( k −
1) = 0 . C. Dynamic Attack Detection: Preliminaries
A dynamic attack detector, ψ , examines the system output Y ( T ) and side initial state information y Ω to determine whether or not anattack has occurred: ψ : R p ( T +1) × R q → { Attack , No Attack } , (10)where “Attack” means that an attack has occurred. We make thefollowing assumptions. Assumption 2.
The detector ψ knows the matrices A and C in (2) a priori. The detector ψ does not know the matrices B and D in (2) a priori. The detector ψ a priori does not know x (0) but knows thematrix Ω in (9) . If we do not impose further restrictions on the detector, then, trivially,we can consider a detector ψ that maps any input to the “Attack”output. For this particular detector, every attack is detectable, butclearly this is not interesting. We restrict our focus to consistent attackdetectors. Definition 3 (Consistent Attack Detector [7]) . An attack detector ψ is consistent if ψ ( O T θ, Ω θ ) = No Attack for all θ ∈ R n . Consistency is a desired property of attack detectors: consistent attackdetectors do not produce false alarms. Another desired property ofattack detectors is soundness.
Definition 4 (Sound Attack Detector) . A consistent attack detector ψ is sound if ψ ( Y ( T ) , y Ω ) = No Attack for some Y ( T ) and y Ω , then,for any other consistent detector (cid:101) ψ , (cid:101) ψ ( Y ( T ) , y Ω ) = No Attack.
An sound consistent detector is one that detects all possible attackswithout violating the consistency property.We now provide assumptions on the attacker.
Assumption 3.
The matrix (cid:20) BD (cid:21) is injective . Assumption 4.
The attacker knows the matrices
A, B, C, D and Ω and the system initial state x (0) a priori. Assumption 5.
The attacker cannot modify y Ω . Let E ( T ) be an attack, let Y ( T ) be the output of the system Σ under attack E ( T ) , and let y Ω be the side initial state information.Considering only consistent detectors, we define undetectable attacksas follows: Definition 5 (Undetectable Attack) . An attack E ( T ) is unde-tectable if, for every consistent detector ψ and any x (0) ∈ R n , ψ ( Y ( T ) , y Ω ) = No Attack , where Y ( T ) = O T x (0) + M T E ( T ) . A detectable attack is any attack that is not undetectable. We partitionthe set of all possible attacks (including E ( T ) = 0 ), R s ( T +1) , intoa set of undetectable attacks and a set of detectable attacks. Definition 6 (Set of Undetectable Attacks U Ω ,T ) . The set U Ω ,T isthe union of set of all attacks E ( T ) ∈ R s ( T +1) such that E ( T ) isundetectable and the set that only contains E ( T ) = 0 . When the system is not under attack (i.e., E ( T ) = 0 ), consistentdetectors report “No Attack”, so ∈ U Ω ,T .Define an extension of an attack as follows: Definition 7 (Extension of an Attack) . An extension of E ( T ) , E ( T ) (cid:54) = 0 , is an attack of the form (cid:98) E ( T (cid:48) ) = (cid:2) E ( T ) T a ( T + 1) T · · · a ( T (cid:48) ) T (cid:3) T , (11) for T (cid:48) > T . The attack sequence a ( T + 1) , . . . , a ( T (cid:48) ) is allowed to be the zerosequence. We provide a necessary and sufficient condition for whichan undetectable attack E ( T ) has undetectable extensions (cid:98) E ( T (cid:48) ) forall T (cid:48) > T so that the attack sequence never becomes detectable(even as the attack detector obtains new sensor measurements at eachtime step). If E ( T ) does not have an undetectable extension for all times T (cid:48) > T , then, at some time T (cid:48) > T , regardless of the attacksequence a ( T + 1) , . . . , a ( T (cid:48) ) , (cid:98) E ( T (cid:48) ) is detectable.Reference [7] provides a necessary and sufficient condition for anattack sequence E ( T ) to be undetectable when Ω = 0 . Lemma 1 ([7]) . The attack E ( T ) is undetectable if and only if O T x (0) + M T E ( T ) = O T x (cid:48) (0) for some initial states x (0) , x (cid:48) (0) ∈ R n . One particular form of attack that is undetectable against systemswith no side initial state information is known as the zero dynamicsattack.
Definition 8 (Zero Dynamics Attack [4]) . A zero dynamics attack isan attack E ( T ) = (cid:2) a (0) T · · · a ( T ) T (cid:3) T with a ( k ) = λ k g, (12) where g (cid:54) = 0 and λ ∈ C satisfy (cid:20) λI − A − BC D (cid:21) (cid:20) θg (cid:21) = 0 . (13)A zero dynamics attack exists if and only if there exists λ ∈ C for which there is a nonzero solution to (13) [4], [7]. Since, by If this matrix is not injective, we can remove the redundant columns toconstruct an injective matrix. In doing so, we do not change the capabilitiesof the attacker. Thus, this assumption is made without loss of generality.
Assumption 3, the matrix (cid:2) B T D T (cid:3) T is injective, and g (cid:54) = 0 ,we have that θ (cid:54) = 0 . By construction, a zero dynamics attack satisfies M T E ( T ) + O T θ = 0 . Therefore, a zero dynamics attack satisfies the condition given inLemma 1, where θ = x (0) − x (cid:48) (0) . We consider T ≥ n − , so O T is injective since ( A, C ) is observable. Since θ (cid:54) = 0 , a zerodynamics attack produces a nonzero change to the output of thesystem. Zero dynamics attacks are also related to malicious attacksagainst distributed function calculation [21].We introduce the zero state inducing attack: Definition 9 (Zero State Inducing Attack) . An attack sequence E ( T ) is called a zero state inducing attack if it satisfies M T E ( T ) = 0 . The name zero-state inducing attack refers to the property that suchan attack does not change the system sensor output, i.e., the change inoutput is equal to the response of the system when its initial state is x (0) = 0 . We show that the zero state inducing attack is undetectableregardless of the detector’s side information matrix Ω . It is the onlytype of attack to remain undetectable even if Ω is full rank. D. Problem Statement
Consider a system
Σ = (
A, B, C, D ) over a time interval , , . . . , T , T ≥ n − , with initial state x (0) and side initial stateinformation y Ω = Ω x (0) . We consider the following four main prob-lems: 1) find the set of all undetectable attacks, U Ω ,T ; 2) determinewhich attacks E ( T ) ∈ U Ω ,T have undetectable extensions up to anytime T (cid:48) > T ; 3) determine if there exists an arbitrarily long zerostate inducing attack against Σ and; 4) design a consistent detectorthat uses side information and detects all detectable attacks.III. M AIN R ESULTS
A. Initial State Information and Undetectable Attacks
First, we find a necessary and sufficient condition for an attackto be undetectable, when the attack detector has side initial stateinformation y Ω . Let N (Ω) be the null space of Ω . Theorem 1 (Undetectable Attacks with Side Initial State Informa-tion) . An attack E ( T ) is undetectable ( E ( T ) ∈ U Ω ,T ) if and only ifthere exists θ ∈ N (Ω) ∩ V (Σ) for which M T E ( T ) = −O T θ . Theorem 1 states that an attack E ( T ) is undetectable over the timeinterval , . . . , T if and only if the output contributed by the attack(i.e., M T E ( T ) ) equals the negative of the output of the systemoperating without attack from an initial state θ , where θ belongsto the intersection of the system’s weakly unobservable subspace, V (Σ) , and the null-space of the side information matrix, N (Ω) . Wecall θ the state induced by the attack. If N (Ω) has dimension strictlyless than n (i.e., if the side initial state information is non-trivial),then, by using the side initial state information y Ω , an attack detectormay be able to detect attacks that would otherwise be undetectable(in the absence of side information).Theorem 1 is valid for any side information matrix Ω . Corollary 1 (No Initial State Information:
Ω = 0 ) . An attack E ( T ) is undetectable if and only if M T E ( T ) = −O T θ for some θ ∈ V (Σ) when Ω = 0 . By construction, a zero dynamics attack E ( T ) satisfies M T E ( T ) + O T θ = 0 , where θ (cid:54) = 0 and g (cid:54) = 0 (which is used to define E ( T ) ) isa solution to equation (13). There may be other undetectable attacksaside from zero dynamics attacks when Ω = 0 . Corollary 2 (Full Initial State Information: Ω has full column rank) . An attack E ( T ) is undetectable if and only if M T E ( T ) = 0 when Ω has full column rank. According to Corollary 2, the only type of attack that is undetectablewhen the initial state is completely known to the detector is the zerostate inducing attack. Figure 1 illustrates the results of Theorem 1 andits corollaries. Undetectable attacks presented in the literature [7],[10], [11] rely on the fact that the initial state is unknown tothe detector in order to be stealthy. As Theorem 1 and Figure 1show, however, that even when the detector knows the initial statecompletely, there may still be undetectable attacks. For the specialcase of
Ω = 0 , Theorem 1 is consistent with the results presentedin [7]. R s ( T +1) U Ω ,T ZS ZD (a)
Ω = 0 R s ( T +1) U Ω ,T ZS ZD (b) Ω (cid:54) = 0 , Ω is not full rank R s ( T +1) U Ω ,T ZS ZD (c) Ω is full rank Fig. 1: The set of all undetectable attacks U Ω ,T depends on the sideinitial state information available to the attack detector. ZS and ZD are the set of all zero state inducing attacks and the set of all zerodynamics attacks, respectively. B. Extensions of Undetectable Attacks
Second, we provide a necessary and sufficient condition for anundetectable attack E ( T ) (with T ≥ n − ) to have an undetectableextension (cid:98) E ( T (cid:48) ) . Consider an attack E ( T ) ∈ U Ω ,T , E ( T ) (cid:54) = 0 . Theorem 2 (Extensions of Undetectable Attacks) . There exists anundetectable extension (cid:98) E ( T (cid:48) ) of E ( T ) for all T (cid:48) > T if and only if (cid:0) C T E ( T ) + A T +1 θ (cid:1) ∈ V (Σ) , where θ satisfies M T E ( T ) = −O T θ and θ ∈ N (Ω) ∩ V (Σ) . Theorem 2 states that an undetectable attack E ( T ) has an unde-tectable extension (cid:98) E ( T (cid:48) ) for any T (cid:48) > T if and only if the sumof the change in state produced by the attack ( C T E ( T ) ) and thezero-input state response of the state induced by the attack ( A T +1 θ )belongs to the system’s weakly unobservable subspace ( V (Σ) ). Ifan attack E ( T ) satisfies the conditions given in Theorem 2, thenfor any time T (cid:48) > T , there exists a particular sequence of attacks a ( T + 1) , . . . , a ( t ) such that (cid:98) E ( T (cid:48) ) is undetectable at time T (cid:48) . Con-versely, if an attack E ( T ) does not satisfy the above condition, thenat some time T (cid:48) > T , all extensions (cid:98) E ( T (cid:48) ) of E ( T ) are detectable.In this case, all extensions (cid:98) E ( T (cid:48) ) are detectable by time T (cid:48) because the detector obtains sensor measurements y ( T + 1) , . . . , y ( T (cid:48) + 1) (even though E ( T ) was undetectable). C. Zero State Inducing Attack
Third, we provide a necessary and sufficient condition for theexistence of a zero state inducing attack that can be maintained fora arbitrarily long time. We restrict our focus to zero state inducingattacks that begin at time . This is to prevent trivial lengthening byappending a fixed length zero state inducing attack E ( T ) to a zerovector . Theorem 3 (Arbitrarily Long Zero State Inducing Attacks) . Thereexists an attack E ( T ) against the system Σ that begins at time suchthat M T E ( T ) = 0 for any T = 0 , , . . . if and only if W ∩V (Σ) (cid:54) = { } , where W is the output-nulling reachable subspace over onetime step. Theorem 3 states that there exists an arbitrarily long zero stateinducing attack against a system Σ if and only if the intersectionof the system’s weakly unobservable subspace, V (Σ) and its output-nulling reachable subspace over one step, W is nonzero. D. Attack Detection With Side Information
We design a consistent dynamic attack detector that detects allattacks E ( T ) that do not belong to U Ω ,T . Our dynamic detectoroperates sequentially: at every time instant k (with the exception ofan initialization period), the detector collects new sensor outputs y ( k ) and makes a decision on whether or not the system was attacked inthe time period up to time k . Our detector only uses a finite window ofsensor measurements in each time interval, which offers advantageousin implementation over detectors that use the entire history of sensormeasurements.First, define Y ( k ) as the l -length window of sensor measurementsending at time k , where k ≥ l − : Y ( k )= (cid:2) y ( k − l + 1) T y ( k − l + 2) T · · · y ( k ) T (cid:3) T . (14)The attack detector makes a decision at every time instant starting at l − . Second, define (cid:98) Y ( k ) , the input to the attack detector at time k , as follows: (cid:98) Y ( k ) = (cid:40) (cid:2) y T Ω Y ( k ) T (cid:3) T , k = l − Y ( k ) , k = l, l + 1 , . . . . (15)Third, define the orthogonal projection (operator) onto the rangespace of a matrix K (where K has full column rank) as Π K = K (cid:16) K T K (cid:17) − K T . (16)We construct the detector ψ as ψ (cid:16) (cid:98) Y ( k ) (cid:17) = (cid:26) No Attack, (cid:98) Y ( k ) = Π K ( k ) (cid:98) Y ( k ) Attack, Otherwise , (17)where K ( k ) = (cid:26) (cid:2) Ω T O Tl − (cid:3) T , k = l − O l − , k = l, l + 1 , . . . , . (18)The detector decides that no attack has occurred in the time interval , . . . , T if ψ (cid:16) (cid:98) Y ( l − (cid:17) = ψ (cid:16) (cid:98) Y ( l ) (cid:17) = · · · = ψ (cid:16) (cid:98) Y ( T ) (cid:17) = No Attack. This is not a restriction on the definition of the zero state inducing attack.An attack E ( T ) with nonzero first attack time can still be a zero state inducingattack if M T E ( T ) = 0 . Theorem 4 (Consistency and Soundness of ψ ) . For l ≥ n + 1 ,where n is the dimension of the system state space, ψ (cid:16) (cid:98) Y ( l − (cid:17) = ψ (cid:16) (cid:98) Y ( l ) (cid:17) = · · · = ψ (cid:16) (cid:98) Y ( T ) (cid:17) = No Attack if and only if Y ( T ) = O T x (0) and y Ω = Ω x (0) for some x (0) ∈ R n . The detector ψ is consistent and sound when the window length l issufficiently long. The novelty of our detector is its use of the availableside information y Ω . Detectors that do not use side information (e.g.,fault detectors such as those presented in [15]) may still detect someattacks, but, following Theorem 1, such detectors may not be sound.That is, there are certain attacks that are only detectable if the detectoruses side information y Ω .IV. P ROOF OF M AIN R ESULTS
A. Proof of Theorem 1
First, we provide an intermediate result by modifying Lemma 1to account for attack detectors with side information y Ω . Consider asystem Σ = (
A, B, C, D ) equipped with an attack detector that hasside information matrix Ω . Lemma 2.
An attack E ( T ) against the system Σ is undetectable ifand only if M T E ( T ) + O T x (0) = O T x (cid:48) (0) and Ω x (0) = Ω x (cid:48) (0) for some initial states x (0) , x (cid:48) (0) ∈ R n . We use the above Lemma to prove Theorem 1
Proof (Theorem 1): (If)
Let x (0) be the initial state of thesystem. Let E ( T ) be an attack such that M T E ( T ) = −O T θ for θ ∈ N (Ω) ∩ V (Σ) . Let x (cid:48) (0) = x (0) − θ . Then M T E ( T ) + O T x (0) = O T x (cid:48) (0) . In addition, since θ ∈ N (Ω) , Ω x (cid:48) (0) =Ω ( x (0) − θ ) = Ω x (0) . Thus, for any x (0) , there exists x (cid:48) (0) such that M T E ( T ) + O T x (0) = O T x (cid:48) (0) and Ω x (0) = Ω x (cid:48) (0) ,which means, by Lemma 2, E ( T ) is an undetectable attack. Thus, E ( T ) ∈ U Ω ,T . (Only If) Let x (0) be the initial state of the system. Let E ( T ) ∈U Ω ,T . Then, by Lemma 2, there exists x (cid:48) (0) ∈ R n such that M T E ( T ) + O T x (0) = O T x (cid:48) (0) and Ω x (0) = Ω x (cid:48) (0) . Let θ = x (0) − x (cid:48) (0) . Substituting for θ we have that M T E ( T ) = −O T θ and Ω θ = 0 . Thus, M T E ( T ) = −O T θ for θ ∈ N (Ω) ∩ V (Σ) . B. Proof of Theorem 2Proof: (Only If)
We show that if there exists an unde-tectable extension (cid:98) E ( T (cid:48) ) for all T (cid:48) > T , then, necessarily, (cid:0) C T E ( T ) + A T +1 θ (cid:1) ∈ V (Σ) . Let (cid:98) E ( T (cid:48) ) = (cid:2) E ( T ) T a ( T + 1) T · · · a ( T (cid:48) ) T (cid:3) T be an undetectable extension of E ( T ) . Since (cid:98) E ( T (cid:48) ) is undetectable,then, by Theorem 1, it must satisfy M T (cid:48) (cid:98) E ( T (cid:48) ) + O T (cid:48) θ (cid:48) = 0 forsome θ (cid:48) ∈ N (Ω) ∩ V (Σ) .We first show that θ (cid:48) = θ . We partition the matrix M T (cid:48) as follows: M T (cid:48) = (cid:20) M T Q TT (cid:48) M T (cid:48) − T − (cid:21) , (19)where Q TT (cid:48) = O T (cid:48) − T − C T . Substituting for the partitioned versionsof M T (cid:48) and partitioning O T (cid:48) , we have (cid:20) M T O T Q TT (cid:48) M T (cid:48) − T − O T (cid:48) − T − A T +1 (cid:21)(cid:20) (cid:98) E ( T (cid:48) ) θ (cid:48) (cid:21) = 0 . (20)From the first block row of equation (20), we have M T E ( T ) + O T θ (cid:48) = 0 , and, from the definition of E ( T ) , we have M T E ( T ) + O T θ = 0 . Thus, O T θ (cid:48) = O T θ . Since T ≥ n − and Σ is observable, O T is injective, and θ (cid:48) = θ . Substituting θ = θ (cid:48) , the second block row of equation (20) gives O T (cid:48) − T − (cid:16) C T E ( T ) + A T +1 θ (cid:17) + M T (cid:48) − T − a ( T + 1) ... a ( T (cid:48) ) = 0 . (21)Since there exists an undetectable extension (cid:98) E ( T (cid:48) ) of E ( T ) forall T (cid:48) > T , equation (21) must be satisfied for all T (cid:48) > T . Inparticular, equation (21) is true for T (cid:48) = T + n , which shows that (cid:0) C T E ( T ) + A T +1 θ (cid:1) ∈ V (Σ) . (If) If (cid:0) C T E ( T ) + A T +1 θ (cid:1) ∈ V (Σ) , then, for all T (cid:48) > T , thereexists an attack sequence (cid:2) a ( T + 1) T · · · a ( T (cid:48) ) T (cid:3) T such thatequations (21) is satisfied. For all T (cid:48) > T , we construct (cid:98) E ( T (cid:48) ) byappending (cid:2) a ( T + 1) T · · · a ( T (cid:48) ) T (cid:3) T to E ( T ) . By definitionof E ( T ) , we have M T E ( T )+ O T θ = 0 , where θ ∈ N (Ω) ∩V (Σ) .Combining this fact with equation (21), we see that (cid:20) (cid:98) E ( T (cid:48) ) θ (cid:48) (cid:21) satisfies equation (20) with θ (cid:48) = θ . Thus, we have M T (cid:48) (cid:98) E ( T (cid:48) ) + O T (cid:48) θ = 0 , which shows that (cid:98) E ( T (cid:48) ) is an undetectable extension of E ( T ) . C. Proof of Theorem 3Proof: (If)
We construct a zero state inducing attack E ( T ) that begins at time against Σ of arbitrary length T under thecondition that W ∩ V (Σ) (cid:54) = { } . The initial state of the system Σ , x (0) , does not affect its extended observability and reachabilitysubspaces, so, without loss of generality, let the system have initialstate x (0) = 0 . If W ∩ V (Σ) (cid:54) = { } , there exists an attack a (0) (cid:54) = 0 such that x (1) = Ba (0) , y (0) = Da (0) = 0 , and x (1) ∈ V (Σ) . Since x (1) ∈ V (Σ) , for any T , there exists a sequenceof attacks (cid:2) a (1) T a (2) T · · · a ( T ) T (cid:3) T such that the output (cid:2) y (1) T y (2) T · · · y ( T ) T (cid:3) T is . Thus, for any T , thereexists an attack E ( T ) = (cid:2) a (0) T a (1) T · · · a ( T ) T (cid:3) T with a (0) (cid:54) = 0 such that M T E ( T ) = 0 . (Only If) We show that if there exists a zero state inducing attackthat begins at time for any T against the system Σ , then W (Σ) ∩V (Σ) (cid:54) = { } . Such an attack exists for any T , so it exists for T = n .Let E ( n ) = (cid:2) a (0) T a (1) T · · · a ( n ) T (cid:3) T be a zero state inducing attack with a (0) (cid:54) = 0 . Since E ( n ) induces thezero state, we have M n E ( n ) = 0 , which implies that Da (0) = 0 .Since (cid:20) BD (cid:21) is injective and Da (0) = 0 , we have x (1) = Ba (0) (cid:54) =0 and x (1) ∈ W . The sequence (cid:2) a (1) T a (2) T · · · a ( n ) T (cid:3) T is an input sequence over n steps such that a system with state x (1) = Ba (0) produces zero output over the time period , . . . , n . Since suchan input sequence exists, x (1) ∈ V (Σ) and x (1) ∈ W ∩V (Σ) . Since x (1) (cid:54) = 0 , W ∩ V (Σ) (cid:54) = { } . D. Proof of Theorem 4Proof: (If)
Let Y ( T ) = O T x (0) and y Ω = Ω x (0) for some x (0) ∈ R n . Then, by construction of (cid:98) Y ( k ) , (cid:98) Y ( k ) = K ( k ) A k − l +1 x (0) . (22)for all k = l − , l, . . . , T , which means that Π K ( k ) (cid:98) Y ( k ) = (cid:98) Y ( k ) , (23) for all k = l − , l, . . . , T . Thus, ψ (cid:16) (cid:98) Y ( l − (cid:17) = ψ (cid:16) (cid:98) Y ( l ) (cid:17) = · · · = ψ (cid:16) (cid:98) Y ( T ) (cid:17) = No Attack . (Only If) We resort to induction.Base Case: In the base case, we show that if ψ (cid:16) (cid:98) Y ( l − (cid:17) = ψ (cid:16) (cid:98) Y ( l ) (cid:17) = No Attack , then Y ( l ) = O l x (0) and y Ω = Ω x (0) for some x (0) ∈ R n . Since ψ (cid:16) (cid:98) Y ( l − (cid:17) = No Attack, we have (cid:98) Y ( l −
1) = Π K ( l − (cid:98) Y ( l − , (24)which means that (cid:98) Y ( l −
1) = K ( l − x (0) , (25) = (cid:20) Ω O l − (cid:21) x (0) , (26)for some x (0) ∈ R n . Since ψ (cid:16) (cid:98) Y ( l ) (cid:17) = No Attack, we have (cid:98) Y ( l ) = O l − x (cid:48) (0) . (27)for some x (cid:48) (0) ∈ R n . From equation (26), we have (cid:2) y (1) T · · · y ( l − T (cid:3) T = O l − Ax (0) , (28)and from equation (27), we have (cid:2) y (1) T · · · y ( l − T (cid:3) T = O l − x (cid:48) (0) . (29)The pair ( A, C ) is observable and l ≥ n + 1 , so the matrix O l − isinjective. Thus, combining equations (28) and (29), we have x (cid:48) (0) = Ax (0) . By definition of (cid:98) Y ( l ) and substituting x (cid:48) (0) = Ax (0) intoequation (27), we have that y ( l ) = CA l x (0) . Note that Y ( l ) = (cid:2) Y ( l − T y ( l ) T (cid:3) T . Thus, Y ( l ) = O l x (0) and y Ω = Ω x (0) for some x (0) ∈ R n .Induction Step: In the induction step, we assume that if ψ (cid:16) (cid:98) Y ( l − (cid:17) = · · · = ψ (cid:16) (cid:98) Y ( T − (cid:17) = No Attack , then Y ( T −
1) = O T − x (0) and y Ω = Ω x (0) for some x (0) ∈ R n .We show that if ψ (cid:16) (cid:98) Y ( T ) (cid:17) = No Attack as well, then Y ( T ) = O T x (0) and y Ω = Ω x (0) for some x (0) ∈ R n .Since ψ (cid:16) (cid:98) Y ( T ) (cid:17) = No Attack, we have (cid:98) Y ( T ) = O l − x (cid:48) (0) , (30)for some x (cid:48) (0) ∈ R n . From the induction hypothesis, we have that Y ( T −
1) = O T − x (0) , which means that (cid:2) y ( T − l + 1) T · · · Y ( T − T (cid:3) T = O l − A T − l +1 x (0) . (31)From equation (30), we have (cid:2) y ( T − l + 1) T · · · Y ( T − T (cid:3) T = O l − x (cid:48) (0) . (32)The pair ( A, C ) is observable and l ≥ n + 1 , so the matrix O l − is injective. As a result, x (cid:48) (0) = A T − l +1 x (0) . Substituting θ (cid:48) = A T − l +1 into equation (32), we have y ( T ) = CA T x (0) . Note that Y ( T ) = (cid:2) Y ( T − T y ( T ) T (cid:3) T . Thus, Y ( T ) = O T x (0) and y Ω = Ω x (0) for some x (0) ∈ R n . V. N UMERICAL E XAMPLE
We illustrate our results with an example of a remotely pilotedaircraft subject to both nonzero state inducing attacks and zero stateinducing attacks. Reference [22] provides a numerical model of thelongitudinal dynamics of a remotely piloted aircraft that accountsfor the aircraft’s physical parameters. We describe the longitudinaldynamics of the aircraft using four state variables: horizontal velocity( x ), vertical velocity ( x ), pitch rate ( x ), and pitch angle ( x ). Theaircraft we consider has two actuators: the elevator ( u ) and the thrust( u ). The aircraft also has three sensors: the horizontal velocity sensor( y ), the vertical velocity sensor ( y ), and the pitch angle sensor ( y ).The evolution of the state variables x , . . . , x is determined byphysical principles governing the longitudinal flight of the aircraftand depends on physical parameters of the aircraft such as its massand its pitch moment. The model is linearized about an equilibriumpoint, so the state variables x , . . . , x represent values of the internalstates relative to a fixed point (e.g., x in the linearized model is thehorizontal velocity of the aircraft relative to an equilibrium horizontalvelocity). The linearized, discretized model for the aircraft gives thefollowing dynamics and sensing matrices [22]: A = .
992 0 . − . − . .
025 0 .
684 1 . − . . − .
100 0 . − . . − .
006 0 .
068 0 . , (33) C = . (34)The pair ( A, C ) in this example is observable.We consider an attacker modeled by the following B and D matrices: B = .
001 0 .
025 0 0 − . − .
035 0 0 − . − .
021 0 0 − . − .
001 0 0 , (35) D = . (36)The attacker can attack both actuators (elevator, u , and thrust, u ) and the horizontal velocity ( y ) and vertical velocity ( y )sensors. There exists a zero dynamics attack against the system Σ = (
A, B, C, D ) .In this numerical example, we compare the performance of adetector that does not use side information (i.e., the detector’s sideinformation matrix is Ω = 0 ) and the performance of a detector thatuses side information matrix
Ω = (cid:2) (cid:3) . The detector with nontrivial side information knows the initialhorizontal velocity x (0) . Both detectors are implementations of thewindowed detector presented in Section III-D; the only differencebetween the use of side initial state information.We construct a zero dynamics attack (as defined in [4] and [7])against the remotely piloted aircraft. Following equation (12), weconstruct the zero dynamics attack component wise as a ( k ) = (10)( . k (cid:2) . − . . (cid:3) T , (37)where k = 0 , . . . , . The performance of the two detectors areshown in Figure 2. The detector without side information is unableto detect the zero dynamics attack – the detector outputs , equivalentto “No Attack” for all times. The detector with side information is Fig. 2: Detector performance without side information (top) and withside information (bottom) against zero dynamics attack.able to detect the zero dynamics attack – the detector has an outputof , equivalent to “Attack” at time t= 3.VI. C ONCLUSION
In this paper, we studied the effect of side initial state informationon the dynamic detection of data deception attacks against cyber-physical systems. First, an undetectable attack induces a state in theintersection of the system’s weakly unobservable subspace, V (Σ) ,and the null space of the side information matrix, N (Ω) . Second,an undetectable attack E ( T ) has an undetectable extension to any T (cid:48) > T if and only if the sum of the change in state producedby the attack, C T E ( T ) , and the zero-input state response of thestate induced by the attack, A T +1 θ , belongs to the system’s weaklyunobservable subspace, V (Σ) . Third, there exists an arbitrarily longzero state inducing attack if and only if the intersection of thesystem’s weakly unobservable subspace, V (Σ) , and the system’soutput-nulling reachable subspace over one step, W , is nonzero.Finally, we designed an attack detector that uses side informationand detects all attacks that are not undetectable.R EFERENCES [1] A. A. C´ardenas, S. Amin, and S. Sastry, “Research challenges for thesecurity of control systems,” in
Proceedings of the 3rd Conference onHot Topics in Security , San Jos´e, CA, Jul. 2008, pp. 1–6.[2] A. A. C´ardenas, S. Amin, Z. Lin, Y. H. and. C. Huang, and S. Sastry,“Attacks against process control systems: Risk assessment, detection, andresponse,” in
Proceedings of the 6th ACM Symposium on Information,Computer and Communications Security , Hong Kong, Mar. 2011, pp.355–366.[3] K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway,D. McCoy, B. Kantor, D. Anderson, H. Shacham, and S. Savage,“Experimental security analysis of a modern automobile,” in
Proceedingsof the 2010 IEEE Symposium on Security and Privacy , Oakland, CA,May 2010, pp. 447–462.[4] A. Teixeira, D. P´erez, H. Sandberg, and K. H. Johansson, “Attack modelsand scenarios for networked control systems,” in
Proceedings of the 1stACM International Conference on High Confidence Networked Systems ,Beijing, China, Apr. 2012, pp. 55–64.[5] Y. Liu, M. K. Reiter, and P. Ning, “False data injection attacks againstpower systems in electric power grids,” in
Proceedings of the 16th ACMConference on Computer and Communications Security , Chicago, IL,Nov. 2009, pp. 21–32.[6] O. Kosut, L. Jia, R. Thomas, and L. Tong, “Limiting false data attackson power system state estimation,” in
Proceedings of the 2010 IEEEConference on Information Sciences and Systems , Princeton, NJ, Mar.2010, pp. 1–6. [7] F. Pasqualetti, F. Dorfler, and F. Bullo, “Attack detection and identi-fication in cyber-physical systems,”
IEEE Transactions on AutomaticControl , vol. 58, no. 11, pp. 2715–2729, Nov. 2013.[8] Y. Mo and B. Sinopoli, “Integrity attacks on cyber-physical systems,”in
Proceedings of the 1st ACM International Conference on HighConfidence Networked Systems , Beijing, China, Apr. 2012, pp. 47–54.[9] ——, “False data injection attacks in control systems,” in
Proceedingsof the 1st Workshop on Secure Control Systems , Stockholm, Sweden,Apr. 2010, pp. 56–62.[10] H. Fawzi, P. Tabuada, and S. Diggavi, “Secure estimation and control forcyber-physical systems under adversarial attacks,”
IEEE Transactions onAutomatic Control , vol. 59, no. 6, pp. 1454–1467, Jun. 2014.[11] Y. Shoukry and P. Tabuada, “Event-triggered state observers for sparsesensor noise/attack,”
ArXiv e-prints , Sep. 2013.[12] L. Liu, M. Esmalifalak, Q. Ding, V. A. Emesih, and Z. Han, “Detectingfalse data injection attacks on power grid by sparse optimization,”
IEEETransactions on Smart Grid , vol. 5, no. 2, pp. 612–621, Mar. 2014.[13] Y. Chen, S. Kar, and J. M. F. Moura, “Cyber-physical systems: Dynamicsensor attacks and strong observability,” in
Proceedings of the 40thInternational Conference on Acoustics, Speech and Signal Processing ,Brisbane, Australia, Apr. 2015, pp. 1752–1756.[14] Y. Mo and B. Sinopoli, “Secure control against replay attacks,” in
Proceedings of the 47th Annual Allerton Conference , Monticello, IL,Sep. 2009, pp. 911–918.[15] A. S. Willsky, “A survey of design methods for failure detection indynamic systems,”
Automatica , vol. 12, no. 6, pp. 601–611, Nov. 1976.[16] A. Teixeira, I. Shames, H. Sandberg, and K. H. Johansson, “Revealingstealthy attacks in control systems,” in
Proceedings of the 50th AnnualAllerton Conference , Monticello, IL, Oct. 2012, pp. 1806–1813.[17] H. L. Trentelman, A. A. Stoorvogel, and M. Hautus,
Control Theory forLinear Systems . Springer, 2001, ch. 7.[18] B. P. Molinari, “Extended controllability and observability for linearsystems,”
IEEE Transactions on Automatic Control , vol. 21, no. 1, pp.136–137, Feb. 1976.[19] ——, “A strong controllability and observability in linear multivariatecontrol,”
IEEE Transactions on Automatic Control , vol. 21, no. 5, pp.761–764, Oct. 1976.[20] D. Rappaport and L. M. Silverman, “Structure and stability of discrete-time optimal systems,”
IEEE Transactions on Automatic Control , vol. 16,no. 3, pp. 227–233, Jun. 1971.[21] S. Sundaram and C. N. Hadjicostis, “Distributed function calculationvia linear iterations in the presence of malicious agents,” in
Proceedingsof the 2008 American Control Conference , Seattle, WA, Jun. 2008, pp.1350–1355.[22] R. D. Linehan, K. J. Burnham, and D. J. G. James, “4-Dimensionalcontrol of a remotely piloted vehicle,” in