Optimal Switching Integrity Attacks on Sensors in Industrial Control Systems

  • Guangyu Wu
  • Jian SunEmail author


In this article, an optimal switching integrity attack problem is investigated to study the response of feedback control systems under attack. The authors model the malicious attacks on sensors as additive norm bounded signals. The authors consider an attacker who is only capable of launching attacks to limited number of sensors once a time and changing the combinations of attacked sensors all over the time. The objective of this paper is to find the optimal switching sequence of these combinations and the optimal attack input. The authors solve this problem by transforming it into a traditional optimal control problem with new control variables vary continuously in the range [0, 1]. The optimal solutions of the new control variables are of bang-bang-type. Therefore, an algebraic switching condition and an optimal attack input can be obtained. Finally, numerical results are provided to illustrate the effectiveness of the methods.


Limited number optimal control switching conditions switching integrity attack 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    Chen T, Stuxnet, the real start of cyber warfare?, IEEE Network, 2010, 24(6): 2–3.CrossRefGoogle Scholar
  2. [2]
    Zhu M and Martinez S, On the performance analysis of resilient networked control systems under replay attacks, IEEE Trans. Automatic Control, 2014, 59(3): 804–808.MathSciNetCrossRefzbMATHGoogle Scholar
  3. [3]
    Liu Y, Ning P, and Reiter M, False data injection attacks against state estimation in electric power grids, Proceedings of the 16th ACM conference on Computer and communications security Chicago, 2009.Google Scholar
  4. [4]
    Hoehn A and Zhang P, Detection of covert attacks and zero dynamics attacks in cyber-physical systems, Proceedings of the American Control Conference, Boston, 2016.Google Scholar
  5. [5]
    Miao F and Zhuo Q, A moving-horizon hybrid stochastic game for secure control of cyber-physical systems, Proceedings of the 53rd IEEE Conference on Decision and Control, Los Angeles, 2014.Google Scholar
  6. [6]
    Vamvoudakis K, Hespanha J, and Sinopoli Band Mo Y, Detection in adversarial environments, IEEE Trans. Control System Technology, 2014, 59(12): 3209–3223.MathSciNetzbMATHGoogle Scholar
  7. [7]
    Mo Y, Chabukswar R, and Sinopoli B, Detecting integrity attacks on SCADA systems, IEEE Trans. Automatic Control, 2014, 22(4): 1396–1407.Google Scholar
  8. [8]
    Xie L, Mo Y, and Sinopoli B, False data injection attacks in electricity markets, IEEE Trans. Smart Grid, 2011, 2(4): 659–666.CrossRefGoogle Scholar
  9. [9]
    Pasqualetti F, Dorfler F, and Bullo F, Cyber-physical security via geometric control: Distributed monitoring and malicious attacks, Proceedings of the 51st IEEE Conference on Decision and Control Hawaii, 2012.Google Scholar
  10. [10]
    Yang Q, Yang J, Yu W, et al., On false data-injection attacks against power system state estimation: Modeling and countermeasures, IEEE Trans. Parallel and Distributed Systems, 2014, 25(3): 717–729.CrossRefGoogle Scholar
  11. [11]
    Kim J, Tong L, and Thomas R, Subspace methods for data attack on state estimation: A data driven approach, IEEE Trans. Signal Processing, 2015, 63(5): 1102–1114.MathSciNetCrossRefzbMATHGoogle Scholar
  12. [12]
    Hao J, Piechocki R, Kaleshi D, et al., Sparse malicious false data injection attacks and defense mechanisms in smart grids, IEEE Trans. Smart Grid, 2015, 11(5): 1198–1209.Google Scholar
  13. [13]
    Zhang H, Cheng P, Shi L, et al., Optimal DoS attack scheduling in wireless networked control system, IEEE Trans. Control System Technology, 2016, 24(3): 843–852.CrossRefGoogle Scholar
  14. [14]
    Zhang H, Cheng P, Shi L, et al., Optimal denial-of-service attack scheduling with energy constraint, IEEE Trans. Automatic Control, 2015, 60(11): 3023–3028.MathSciNetCrossRefzbMATHGoogle Scholar
  15. [15]
    Sa A, Carmo L, and Machado R, Covert attacks in cyber-physical control systems, IEEE Trans. Industrial Informatics, 2017, 13(4): 1641–1651.CrossRefGoogle Scholar
  16. [16]
    Mo Y and Sinopoli B, On the performance degradation of cyber-physical systems under stealthy integrity attacks, IEEE Trans. Automatic Control, 2016, 61(9): 2618–2624.MathSciNetCrossRefzbMATHGoogle Scholar
  17. [17]
    Shaikh M and Caines P, On the hybrid optimal control problem: Theory and algorithms, IEEE Trans. Automatic Control, 2007, 52(9): 1587–1603.MathSciNetCrossRefzbMATHGoogle Scholar
  18. [18]
    Heydari A and Balakrishnan S, Optimal switching and control of nonlinear switching systems using approximate dynamic programming, IEEE Trans. Neural Networks and Learning Systems, 2014, 25(6): 1106–1117.CrossRefGoogle Scholar
  19. [19]
    Xu X and Antsaklis P, Optimal control of switched systems based on parameterization of the switching instants, IEEE Trans. Automatic Control, 2014, 49(1): 2–16.MathSciNetCrossRefzbMATHGoogle Scholar
  20. [20]
    Stellato B, Blobaum S, and Goulart P, Optimal control of switching times in switched linear systems, Proceedings of the 55th IEEE Conference on Decision and Control, Las Vegas, 2016.Google Scholar
  21. [21]
    Bengea S and DeCarlo R, Optimal control of switching systems, Automatica, 2005, 41(1): 11–27.MathSciNetzbMATHGoogle Scholar
  22. [22]
    Das T and Mukherjee R, Optimally switched linear systems, Automatica, 2008, 44(5): 1437–1441.MathSciNetCrossRefzbMATHGoogle Scholar
  23. [23]
    Lu W, Balas G, and Lee E, Linear quadratic performance with worst case disturbance rejection, International Journal of Control, 2000, 73(16): 1516–1524.MathSciNetCrossRefzbMATHGoogle Scholar
  24. [24]
    Johansson K, The quadruple-tank process: A multivariable laboratory process with an adjustable zero, IEEE Trans. Control Systems Technology, 2000, 8(3): 456–465.CrossRefGoogle Scholar
  25. [25]
    Ahmadi A, Salmasi F, Noori-Manzar M, et al., Speed sensorless and sensor-fault tolerant optimal PI regulator for networked DC motor system with unknown time-delay and packet dropout, IEEE Trans. Industrial Electronics, 2013, 61(2): 708–717.CrossRefGoogle Scholar

Copyright information

© Institute of Systems Science, Academy of Mathematics and Systems Science, Chinese Academy of Sciences and Springer-Verlag GmbH Germany, part of Springer Nature 2018

Authors and Affiliations

  1. 1.The Key Laboratory of Intelligent Control and Decision of Complex SystemBeijing Institute of TechnologyBeijingChina

Personalised recommendations