Optimal Switching Integrity Attacks on Sensors in Industrial Control Systems


In this article, an optimal switching integrity attack problem is investigated to study the response of feedback control systems under attack. The authors model the malicious attacks on sensors as additive norm bounded signals. The authors consider an attacker who is only capable of launching attacks to limited number of sensors once a time and changing the combinations of attacked sensors all over the time. The objective of this paper is to find the optimal switching sequence of these combinations and the optimal attack input. The authors solve this problem by transforming it into a traditional optimal control problem with new control variables vary continuously in the range [0, 1]. The optimal solutions of the new control variables are of bang-bang-type. Therefore, an algebraic switching condition and an optimal attack input can be obtained. Finally, numerical results are provided to illustrate the effectiveness of the methods.

This is a preview of subscription content, log in to check access.


  1. [1]

    Chen T, Stuxnet, the real start of cyber warfare?, IEEE Network, 2010, 24(6): 2–3.

    Article  Google Scholar 

  2. [2]

    Zhu M and Martinez S, On the performance analysis of resilient networked control systems under replay attacks, IEEE Trans. Automatic Control, 2014, 59(3): 804–808.

    MathSciNet  Article  Google Scholar 

  3. [3]

    Liu Y, Ning P, and Reiter M, False data injection attacks against state estimation in electric power grids, Proceedings of the 16th ACM conference on Computer and communications security Chicago, 2009.

    Google Scholar 

  4. [4]

    Hoehn A and Zhang P, Detection of covert attacks and zero dynamics attacks in cyber-physical systems, Proceedings of the American Control Conference, Boston, 2016.

    Google Scholar 

  5. [5]

    Miao F and Zhuo Q, A moving-horizon hybrid stochastic game for secure control of cyber-physical systems, Proceedings of the 53rd IEEE Conference on Decision and Control, Los Angeles, 2014.

    Google Scholar 

  6. [6]

    Vamvoudakis K, Hespanha J, and Sinopoli Band Mo Y, Detection in adversarial environments, IEEE Trans. Control System Technology, 2014, 59(12): 3209–3223.

    MathSciNet  MATH  Google Scholar 

  7. [7]

    Mo Y, Chabukswar R, and Sinopoli B, Detecting integrity attacks on SCADA systems, IEEE Trans. Automatic Control, 2014, 22(4): 1396–1407.

    Google Scholar 

  8. [8]

    Xie L, Mo Y, and Sinopoli B, False data injection attacks in electricity markets, IEEE Trans. Smart Grid, 2011, 2(4): 659–666.

    Article  Google Scholar 

  9. [9]

    Pasqualetti F, Dorfler F, and Bullo F, Cyber-physical security via geometric control: Distributed monitoring and malicious attacks, Proceedings of the 51st IEEE Conference on Decision and Control Hawaii, 2012.

    Google Scholar 

  10. [10]

    Yang Q, Yang J, Yu W, et al., On false data-injection attacks against power system state estimation: Modeling and countermeasures, IEEE Trans. Parallel and Distributed Systems, 2014, 25(3): 717–729.

    Article  Google Scholar 

  11. [11]

    Kim J, Tong L, and Thomas R, Subspace methods for data attack on state estimation: A data driven approach, IEEE Trans. Signal Processing, 2015, 63(5): 1102–1114.

    MathSciNet  Article  Google Scholar 

  12. [12]

    Hao J, Piechocki R, Kaleshi D, et al., Sparse malicious false data injection attacks and defense mechanisms in smart grids, IEEE Trans. Smart Grid, 2015, 11(5): 1198–1209.

    Google Scholar 

  13. [13]

    Zhang H, Cheng P, Shi L, et al., Optimal DoS attack scheduling in wireless networked control system, IEEE Trans. Control System Technology, 2016, 24(3): 843–852.

    Article  Google Scholar 

  14. [14]

    Zhang H, Cheng P, Shi L, et al., Optimal denial-of-service attack scheduling with energy constraint, IEEE Trans. Automatic Control, 2015, 60(11): 3023–3028.

    MathSciNet  Article  Google Scholar 

  15. [15]

    Sa A, Carmo L, and Machado R, Covert attacks in cyber-physical control systems, IEEE Trans. Industrial Informatics, 2017, 13(4): 1641–1651.

    Article  Google Scholar 

  16. [16]

    Mo Y and Sinopoli B, On the performance degradation of cyber-physical systems under stealthy integrity attacks, IEEE Trans. Automatic Control, 2016, 61(9): 2618–2624.

    MathSciNet  Article  Google Scholar 

  17. [17]

    Shaikh M and Caines P, On the hybrid optimal control problem: Theory and algorithms, IEEE Trans. Automatic Control, 2007, 52(9): 1587–1603.

    MathSciNet  Article  Google Scholar 

  18. [18]

    Heydari A and Balakrishnan S, Optimal switching and control of nonlinear switching systems using approximate dynamic programming, IEEE Trans. Neural Networks and Learning Systems, 2014, 25(6): 1106–1117.

    Article  Google Scholar 

  19. [19]

    Xu X and Antsaklis P, Optimal control of switched systems based on parameterization of the switching instants, IEEE Trans. Automatic Control, 2014, 49(1): 2–16.

    MathSciNet  Article  Google Scholar 

  20. [20]

    Stellato B, Blobaum S, and Goulart P, Optimal control of switching times in switched linear systems, Proceedings of the 55th IEEE Conference on Decision and Control, Las Vegas, 2016.

    Google Scholar 

  21. [21]

    Bengea S and DeCarlo R, Optimal control of switching systems, Automatica, 2005, 41(1): 11–27.

    MathSciNet  MATH  Google Scholar 

  22. [22]

    Das T and Mukherjee R, Optimally switched linear systems, Automatica, 2008, 44(5): 1437–1441.

    MathSciNet  Article  Google Scholar 

  23. [23]

    Lu W, Balas G, and Lee E, Linear quadratic performance with worst case disturbance rejection, International Journal of Control, 2000, 73(16): 1516–1524.

    MathSciNet  Article  Google Scholar 

  24. [24]

    Johansson K, The quadruple-tank process: A multivariable laboratory process with an adjustable zero, IEEE Trans. Control Systems Technology, 2000, 8(3): 456–465.

    Article  Google Scholar 

  25. [25]

    Ahmadi A, Salmasi F, Noori-Manzar M, et al., Speed sensorless and sensor-fault tolerant optimal PI regulator for networked DC motor system with unknown time-delay and packet dropout, IEEE Trans. Industrial Electronics, 2013, 61(2): 708–717.

    Article  Google Scholar 

Download references

Author information



Corresponding author

Correspondence to Jian Sun.

Additional information

This work was supported in part by the National Natural Science Foundation of China under Grant Nos. 61522303, U1509215, 61621063, Program for Changjiang Scholars and Innovative Research Team in University under Grant No. IRT1208, Changjiang Scholars Program, Program for New Century Excellent Talents in University under Grant No. NCET-13-0045, National Outstanding Youth Talents Support Program.

This paper was recommended for publication by Editor ZHAO Yanlong.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Wu, G., Sun, J. Optimal Switching Integrity Attacks on Sensors in Industrial Control Systems. J Syst Sci Complex 32, 1290–1305 (2019). https://doi.org/10.1007/s11424-018-8067-y

Download citation


  • Limited number
  • optimal control
  • switching conditions
  • switching integrity attack