Mengran Xue

Security and Discoverability of Spread Dynamics in Cyber-Physical Networks

Motivated by the increasing need for developing automated decision-support tools for cyber-physical networks subject to uncertainties, we have been pursuing development of a new control-theoretic framework for network security and vulnerability. In this paper, we build on the proposed framework to put forth concrete definitions for security and (dually) discoverability, for a class of models that can represent dynamics of numerous cyber-physical networks of interest: namely, dynamical network spread models. These security and discoverability definitions capture whether or not, and to what extent, a stakeholder can infer the temporal dynamics of the spread from localized and noisy measurements. We then equivalence these security and security-level definitions to the control-theoretic notions of observability and optimal estimation, and so obtain explicit algebraic and spectral conditions for security and analyses of the security level. Further drawing on graph-theory constructs, a series of graphical conditions for security, as well as characterizations of security levels, are derived. A case study on zoonotic disease spread is also included, to illustrate concrete application of the analyses in management of cyber-physical infrastructure networks.

Initial-Condition Estimation in Network Synchronization Processes: Algebraic and Graphical Characterizations of the Estimator

A graph-theoretic analysis of state inference for a class of network synchronization (or diffusive) processes is pursued. Precisely, estimation is studied for a nonrandom initial condition of a canonical synchronization dynamic defined on a graph, from noisy observations at a single network node. By characterizing the maximum-likelihood estimation of the initial condition and the associated Cramer–Rao bound, graph properties are identified (e.g., symmetries, interconnection strengths, spectral measures) that determine (1) whether or not estimation is possible and (2) the quality of the estimate.

On the structure of graph edge designs that optimize the algebraic connectivity

We take a structural approach to the problem of designing the edge weights in an undirected graph subject to an upper bound on their total, so as to maximize the algebraic connectivity. Specifically, we first characterize the eigenvector(s) associated with the algebraic connectivity at the optimum, using optimization machinery together with eigenvalue sensitivity notions. Using these characterizations, we fully address optimal design in tree graphs that is quadratic in the number of vertices, and also obtain a suite of results concerning the topological and eigen-structure of optimal designs for bipartite and general graphs.

Security and Vulnerability of Cyber-Physical Infrastructure Networks: A Control-Theoretic Approach

New methods are badly needed for modeling and resolving threats and uncertainties in modern cyber-physical networks, that can account for the hybrid and integrative nature of both the network dynamics and the threats/uncertainties themselves. In this chapter, we introduce a network control theory framework for representing security and vulnerability in cyber-physical networks, which is promising for representing both information violations in the cyber world and impacts on dynamics in the physical world. After the motivation of the control-theoretic framework, we present (1) a formal definition of security as an indication of how easily a sentient adversary can identify network dynamics from noisy local measurements; (2) a definition of vulnerability as an impact measure for a sentient or natural adversary; and (3) a discussion of the complex interplay of security and vulnerability notions in threat/uncertainty analysis for cyber-physical networks. As an illustration of these definitions, an example conceptualizing their use in air traffic management applications is included. Finally, we provide a tutorial on several new control- and graph-theoretic tools for dynamical networks that can be used to characterize security and vulnerability according to the introduced definitions.

Designing Asymptotics and Transients of Linear Stochastic Automaton Networks

Stochastic automaton networks are widely used in both modeling and computation. Motivated by several of these applications (e.g., weather modeling), we study the problem of designing stochastic automaton networks to shape their transient and/or asymptotic responses. Specifically, for a broad but specially tractable class of stochastic automata networks known as influence models, we consider designing parameters of the interactions among the network components (as specified by a known graph), so that statistics of the network’s state at particular time-snapshots meet requirements. In this paper, we address such snapshot design for the asymptotic case in some generality, while focusing on an illustrative example (originating from the weather-modeling application) in designing transients.

Security of airborne network dynamics and algorithms: a graph-theoretic perspective

A comprehensive framework for analyzing the security and robustness of airborne networks is envisioned, that acknowledges both their physical dynamics and cyber- functions. The framework is developed in three aspects, first by developing models for meshed physical- and cyber- dynamics, then envisioning possible adversarial conduct, and finally defining security and robustness formally. After introducing the framework, we overview promising tools for characterizing/designing security and robustness; these tools critically expose the role of the networks sensing/communication topology in its threat response.

On generating sets of binary random variables with specified first- and second- moments

We study the problem of generating sets of binary random variables with specified means and pairwise correlations (i.e., specified individual- and pairwise-joint- probabilities). We propose a low-complexity algorithm for generating such correlated random variables, that involves first generating a set of mutually independent “source” binary random variables and then constructing the desired random variables by randomly selecting from and probabilistically copying or anticopying the source variables. We show that the parameters of this data-generation algorithm can be easily designed to achieve the desired statistics, under broad conditions.

Spectral and graph-theoretic bounds on steady-state-probability estimation performance for an ergodic Markov chain

We pursue a spectral and graph-theoretic performance analysis of a classical estimator for Markov-chain steady-state probabilities. Specifically, we connect a performance measure for the estimate to the structure of the underlying graph defined on the Markov chains state transitions. To do so, 1) we present a series of upper bounds on the performance measure in terms of the subdominant eigenvalue of the state transition matrix, which is closely connected with the graph structure; 2) as an illustration of the graph-theoretic analysis, we then relate the subdominant eigenvalue to the connectivity of the graph, including for the strong-connectivity case and the weak-link case. We also apply the results to characterize estimation in Markov chains with rewards.

A graph-theoretic understanding of network-wide implications of local cyber protections for mission assurance

Modern Department of Defense mission systems are very complex and therefore arduous to defend, especially in the cyber domain. A major cause for this concern arises from the fact that implementation of security protections occur at a local scale, while the important operational security issues stem from a global perspective of the system, e.g., mission assurance. Being able to understand network-wide implications of local cyber protections has the potential to significantly impact the strategies we use to protect modern mission systems. In this work, we present a graph-theoretic perspective on this problem, which is based on a framework for modeling and assessing the integrated cyber-physical dynamics of complex systems. Under the framework, these dynamics (and their relationships) are modeled as a graph and then analyzed using processing techniques from graphtheory. We demonstrate the utility of this framework by conducting insider-attack threat analysis and show how the application of security protections at a local scale impact network-wide security properties from an insider perspective. As a test case, we study the problem of search and rescue (SAR) using unmanned aerial vehicle teams. Unmanned vehicle teams engaged in SAR are prototypical cyber-physical systems, in which local intrusions may cause global disruptions. Here, we describe how the insider modeling framework for cyber-physical dynamics applies to this problem and present results of a network-wide assessment of security properties of the system. We use this assessment to design a security protection for the system in which we use cryptographically secure computation techniques to limit the amount of information sharing required between system components without degrading the correct operation of the system. We show how the application of these techniques on a local scale impacts the security properties of the system on a global scale.

Feedback control systems with cyber fault-management mechanisms: Modeling and tradeoff analysis for simple examples

The impacts of cyber-fault resolution techniques on the dynamics of feedback control systems are explored, using simple case studies. Specifically, for a three-state DC motor model, simple control schemes implemented using embedded microcontrollers are modeled as being subject to freeze faults, which are resolved using watchdog-timer technologies. Simulations are undertaken to characterize the impacts of the faults and fault-resolution mechanisms. Also, a formal analysis of freeze faults and fault resolution is undertaken for a singlepole plant with proportional control. It is found that watchdog timers can reduce severe impacts of faults occurring during the control systems transient, but may increase susceptibility to other faults.