Cyber–physical systems (CPS) make real-time interactions and effective coordinations among human, machine, object, environment, information, and other elements of physical and virtual/cyber worlds. Because of on-demand response, rapid iteration, and dynamic optimization of resource allocation and system operation, applications of CPS have been in diverse areas such as industrial control systems, air transportation, healthcare, civil infrastructure, power grid, and intelligent buildings.
Since communication networks are often distributed over wide geographic area and thus exposed to a variety of adversaries and many components in CPS such as radio frequency identification sensors are low-cost devices, the security problem and the defense methodology for CPS are critical and necessary. Although there are various forms of cyber attacks, they fall into two main categories: 1) denial-of-service (DoS) attacks; and 2) deception attacks. This manuscript focuses on the latter in the system identification with binary-valued observations. In practice, there are many ways to implement data tampering attacks, such as data injection attacks, data replay attacks, man-in-the-middle attacks, and so on. Different from DoS attacks which cause data loss, data tampering attacks can effectively keep away from system monitoring and defense detection and illegally tamper with data that is transmitted in CPS network. Receiving falsified data will inevitably cause errors in production scheduling, quality controlling, and other decision making, which may bring about great loss to industrial production and people’s life, even major accidents. Therefore, the research on defense approach against data tampering attacks is of great significance.
There are a large number of embedded sensors for collecting information in CPS. Due to the limitation of the sensor’s accuracy and cost, in practice, sometimes it is difficult to capture the precise value of the quantity to be measured, and only some rough quantized information can be obtained. For example, switching sensors for exhaust gas oxygen, photoelectric sensors for positions, and so on. Moreover, CPS heavily rely on the network communication, and the information digitization is the basic requirement. The quantization can immensely reduce the amount of information transmitted under the premise of ensuring the availability through different quantization methods, thereby reducing the transmission cost and saving the network bandwidth. Different from the accurate data (or with a certain additivity measurement noise) considered in the conventional control theory, the quantized data can only provide very limited information since the relationship between the quantized signal and the system state/output is highly nonlinear. It has attracted a great attention to utilize the quantized information for developing new control theory.
The system identification with quantized observations has achieved many excellent results during the past decade. Under both stochastic and deterministic frameworks, handled the system identification equipped with only binary-valued sensors, and the estimation algorithms were designed and the corresponding properties were discussed, including the optimal input design, time complexity, the identification error, and so on. The authors in solved the problem of using binary-valued sensors for system identification in a worst-case set-membership setting and gave a solution to the optimal input design problem for scalar gain identification. Under quantized output observations and general quantized inputs, constructed two-stage identification algorithms and key convergence properties were derived from the strong convergence to the asymptotic efficiency. Bottegal, Hjalmarsson and Pillonetto proposed a novel identification method for linear systems with quantized output data, where the impulse response was modeled as a zero-mean Gaussian process. Pouliquen et al. studied the infinite impulse response systems identification with binary-valued measurements by transforming the initial identification problem into the one under the framework of set-membership.
This article addresses the defense problem against the data tampering attack under the framework of system identification with binary-valued observations. From the perspective of the attacker, it is shown that how to achieve the maximum hit effect with the least attack energy. From the perspective of the defender, a so-called compensation-oriented defense approach is proposed, and the corresponding identification algorithm is designed. The strong consistency of the algorithm is proved, and the asymptotic normality is obtained, based on which the optimal defense scheme is established. A simulation example is provided to illustrate the effectiveness of the defense algorithm and the main theoretical results.
Publication:
- IEEE Transactions on Automatic Control, 66, 8, 3825-3832 (2021).
Authors:
- Jin Guo (University of Science and Technology Beijing)
- Xuebin Wang (University of Science and Technology Beijing
- Wenchao Xue (Institute of Systems Science, AMSS, Chinese Academy of Sciences)
- Yanlong Zhao (Institute of Systems Science, AMSS, Chinese Academy of Sciences)