In this article, an optimal switching integrity attack problem is investigated to study the response of feedback control systems under attack. The authors model the malicious attacks on sensors as additive norm bounded signals. The authors consider an attacker who is only capable of launching attacks to limited number of sensors once a time and changing the combinations of attacked sensors all over the time. The objective of this paper is to find the optimal switching sequence of these combinations and the optimal attack input. The authors solve this problem by transforming it into a traditional optimal control problem with new control variables vary continuously in the range [0, 1]. The optimal solutions of the new control variables are of bang-bang-type. Therefore, an algebraic switching condition and an optimal attack input can be obtained. Finally, numerical results are provided to illustrate the effectiveness of the methods.
This is a preview of subscription content, log in to check access.
Buy single article
Instant access to the full article PDF.
Price includes VAT for USA
Chen T, Stuxnet, the real start of cyber warfare?, IEEE Network, 2010, 24(6): 2–3.
Zhu M and Martinez S, On the performance analysis of resilient networked control systems under replay attacks, IEEE Trans. Automatic Control, 2014, 59(3): 804–808.
Liu Y, Ning P, and Reiter M, False data injection attacks against state estimation in electric power grids, Proceedings of the 16th ACM conference on Computer and communications security Chicago, 2009.
Hoehn A and Zhang P, Detection of covert attacks and zero dynamics attacks in cyber-physical systems, Proceedings of the American Control Conference, Boston, 2016.
Miao F and Zhuo Q, A moving-horizon hybrid stochastic game for secure control of cyber-physical systems, Proceedings of the 53rd IEEE Conference on Decision and Control, Los Angeles, 2014.
Vamvoudakis K, Hespanha J, and Sinopoli Band Mo Y, Detection in adversarial environments, IEEE Trans. Control System Technology, 2014, 59(12): 3209–3223.
Mo Y, Chabukswar R, and Sinopoli B, Detecting integrity attacks on SCADA systems, IEEE Trans. Automatic Control, 2014, 22(4): 1396–1407.
Xie L, Mo Y, and Sinopoli B, False data injection attacks in electricity markets, IEEE Trans. Smart Grid, 2011, 2(4): 659–666.
Pasqualetti F, Dorfler F, and Bullo F, Cyber-physical security via geometric control: Distributed monitoring and malicious attacks, Proceedings of the 51st IEEE Conference on Decision and Control Hawaii, 2012.
Yang Q, Yang J, Yu W, et al., On false data-injection attacks against power system state estimation: Modeling and countermeasures, IEEE Trans. Parallel and Distributed Systems, 2014, 25(3): 717–729.
Kim J, Tong L, and Thomas R, Subspace methods for data attack on state estimation: A data driven approach, IEEE Trans. Signal Processing, 2015, 63(5): 1102–1114.
Hao J, Piechocki R, Kaleshi D, et al., Sparse malicious false data injection attacks and defense mechanisms in smart grids, IEEE Trans. Smart Grid, 2015, 11(5): 1198–1209.
Zhang H, Cheng P, Shi L, et al., Optimal DoS attack scheduling in wireless networked control system, IEEE Trans. Control System Technology, 2016, 24(3): 843–852.
Zhang H, Cheng P, Shi L, et al., Optimal denial-of-service attack scheduling with energy constraint, IEEE Trans. Automatic Control, 2015, 60(11): 3023–3028.
Sa A, Carmo L, and Machado R, Covert attacks in cyber-physical control systems, IEEE Trans. Industrial Informatics, 2017, 13(4): 1641–1651.
Mo Y and Sinopoli B, On the performance degradation of cyber-physical systems under stealthy integrity attacks, IEEE Trans. Automatic Control, 2016, 61(9): 2618–2624.
Shaikh M and Caines P, On the hybrid optimal control problem: Theory and algorithms, IEEE Trans. Automatic Control, 2007, 52(9): 1587–1603.
Heydari A and Balakrishnan S, Optimal switching and control of nonlinear switching systems using approximate dynamic programming, IEEE Trans. Neural Networks and Learning Systems, 2014, 25(6): 1106–1117.
Xu X and Antsaklis P, Optimal control of switched systems based on parameterization of the switching instants, IEEE Trans. Automatic Control, 2014, 49(1): 2–16.
Stellato B, Blobaum S, and Goulart P, Optimal control of switching times in switched linear systems, Proceedings of the 55th IEEE Conference on Decision and Control, Las Vegas, 2016.
Bengea S and DeCarlo R, Optimal control of switching systems, Automatica, 2005, 41(1): 11–27.
Das T and Mukherjee R, Optimally switched linear systems, Automatica, 2008, 44(5): 1437–1441.
Lu W, Balas G, and Lee E, Linear quadratic performance with worst case disturbance rejection, International Journal of Control, 2000, 73(16): 1516–1524.
Johansson K, The quadruple-tank process: A multivariable laboratory process with an adjustable zero, IEEE Trans. Control Systems Technology, 2000, 8(3): 456–465.
Ahmadi A, Salmasi F, Noori-Manzar M, et al., Speed sensorless and sensor-fault tolerant optimal PI regulator for networked DC motor system with unknown time-delay and packet dropout, IEEE Trans. Industrial Electronics, 2013, 61(2): 708–717.
This work was supported in part by the National Natural Science Foundation of China under Grant Nos. 61522303, U1509215, 61621063, Program for Changjiang Scholars and Innovative Research Team in University under Grant No. IRT1208, Changjiang Scholars Program, Program for New Century Excellent Talents in University under Grant No. NCET-13-0045, National Outstanding Youth Talents Support Program.
This paper was recommended for publication by Editor ZHAO Yanlong.
About this article
Cite this article
Wu, G., Sun, J. Optimal Switching Integrity Attacks on Sensors in Industrial Control Systems. J Syst Sci Complex 32, 1290–1305 (2019). https://doi.org/10.1007/s11424-018-8067-y
- Limited number
- optimal control
- switching conditions
- switching integrity attack