2018 Annual American Control Conference (ACC) 2018
DOI: 10.23919/acc.2018.8431582
|View full text |Cite
|
Sign up to set email alerts
|

On Reachable Sets of Hidden CPS Sensor Attacks

Abstract: For given system dynamics, observer structure, and observer-based fault/attack detection procedure, we provide mathematical tools -in terms of Linear Matrix Inequalities (LMIs) -for computing outer ellipsoidal bounds on the set of estimation errors that attacks can induce while maintaining the alarm rate of the detector equal to its attack-free false alarm rate. We refer to these sets to as hidden reachable sets. The obtained ellipsoidal bounds on hidden reachable sets quantify the attacker's potential impact … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

0
62
0

Year Published

2018
2018
2023
2023

Publication Types

Select...
5
3
1

Relationship

3
6

Authors

Journals

citations
Cited by 31 publications
(62 citation statements)
references
References 20 publications
0
62
0
Order By: Relevance
“…To illustrate the trade-off between the rate of false alarms and attack capability, we provide a comparison of each of the detection algorithms using a 2 dimensional model from [11]: with the addition of a watermark with covariance Σ e = 10 −2 I. Thresholds for the false alarm rates between 0.01 Fig. 2.…”
Section: A Simulation-based Comparison Of Attack Capabilitymentioning
confidence: 99%
“…To illustrate the trade-off between the rate of false alarms and attack capability, we provide a comparison of each of the detection algorithms using a 2 dimensional model from [11]: with the addition of a watermark with covariance Σ e = 10 −2 I. Thresholds for the false alarm rates between 0.01 Fig. 2.…”
Section: A Simulation-based Comparison Of Attack Capabilitymentioning
confidence: 99%
“…The first, based on Linear Matrix Inequalities (LMIs), constructs a convex optimization problem, the solution of which is the ellipsoid that bounds the states driven by attacks. This approach provides more conservative estimates of the reachable set, but allows for the opportunity to simultaneously design system components, such as estimator and controller gain matrices, to reduce the size of the reachable set (see, e.g., [10], [15]). The second approach provides extremely tight bounds for the reachable set through the use of geometric ellipsoidal methods.…”
Section: Reachable Set Boundsmentioning
confidence: 99%
“…Because the state equation depends on the estimation error, in general, we must first identify the reachable estimation error due to noise and due to attack. Interestingly, the noise equations (15) and (17) have a special symmetry due to the zero initial conditions, i.e., x v 1 = e v 1 = 0. By writing out e v k and x v k for each k = 1, 2, .…”
Section: Reachable Set Boundsmentioning
confidence: 99%
“…To assess feasibility of our framework, we study its applicability to Linear Time-Invariant (LTI) systems, a standard physical modelling framework commonly used in process control. We adapt existing reachability analysis tools [10] to compute the suspicion metric. We alleviate the computational cost of performing real-time reachability analysis by computing symbolic reachable sets of system states offline [11].…”
Section: Introductionmentioning
confidence: 99%