A Framework for Joint Attack Detection and Control Under False Data Injection

  • Luyao NiuEmail author
  • Andrew Clark
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11836)


In this work, we consider an LTI system with a Kalman filter, detector, and Linear Quadratic Gaussian (LQG) controller under false data injection attack. The interaction between the controller and adversary is captured by a Stackelberg game, in which the controller is the leader and the adversary is the follower. We propose a framework under which the system chooses time-varying detection thresholds to reduce the effectiveness of the attack and enhance the control performance. We model the impact of the detector as a switching signal, resulting in a switched linear system. A closed form solution for the optimal attack is first computed using the proposed framework, as the best response to any detection threshold. We then present a convex program to compute the optimal detection threshold. Our approach is evaluated using a numerical case study.


False data injection attacks Control system Detection threshold LQG control K-L divergence Stealthiness 


  1. 1.
    Alpcan, T., Basar, T.: An intrusion detection game with limited observations. In: International Symposium on Dynamic Games and Applications (2006)Google Scholar
  2. 2.
    Bai, C.Z., Gupta, V.: On Kalman filtering in the presence of a compromised sensor: Fundamental performance bounds. In: American Control Conference (ACC), pp. 3029–3034. IEEE (2014)Google Scholar
  3. 3.
    Cárdenas, A.A., Amin, S., Sastry, S.: Research challenges for the security of control systems. In: Summit on Hot Topics in Security (HotSec). USENIX (2008)Google Scholar
  4. 4.
    Clark, A., Niu, L.: Linear quadratic gaussian control under false data injection attacks. In: American Control Conference (ACC), pp. 5737–5743. IEEE (2018)Google Scholar
  5. 5.
    Fawzi, H., Tabuada, P., Diggavi, S.: Secure estimation and control for cyber-physical systems under adversarial attacks. IEEE Trans. Autom. Control 59(6), 1454–1467 (2014)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Ghafouri, A., Abbas, W., Laszka, A., Vorobeychik, Y., Koutsoukos, X.: Optimal thresholds for anomaly-based intrusion detection in dynamical environments. In: Zhu, Q., Alpcan, T., Panaousis, E., Tambe, M., Casey, W. (eds.) GameSec 2016. LNCS, vol. 9996, pp. 415–434. Springer, Cham (2016). Scholar
  7. 7.
    Guo, Z., Shi, D., Johansson, K.H., Shi, L.: Worst-case stealthy innovation-based linear attack on remote state estimation. Automatica 89, 117–124 (2018)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Kalman, R.E.: A new approach to linear filtering and prediction problems. ASME J. Basic Eng. 82(1), 35–45 (1960)MathSciNetCrossRefGoogle Scholar
  9. 9.
    Kung, E., Dey, S., Shi, L.: Optimal stealthy attack under KL divergence and countermeasure with randomized threshold. 20th IFAC World Congr. 50(1), 9496–9501 (2017)Google Scholar
  10. 10.
    Liu, Y., Ning, P., Reiter, M.K.: False data injection attacks against state estimation in electric power grids. ACM Trans. Inf. Syst. Secur. (TISSEC) 14(1), 13 (2011)CrossRefGoogle Scholar
  11. 11.
    Miao, F., Zhu, Q.: A moving-horizon hybrid stochastic game for secure control of cyber-physical systems. In: Conference on Decision and Control (CDC), pp. 517–522. IEEE (2014)Google Scholar
  12. 12.
    Mo, Y., Garone, E., Casavola, A., Sinopoli, B.: False data injection attacks against state estimation in wireless sensor networks. In: Conference on Decision and Control (CDC), pp. 5967–5972. IEEE (2010)Google Scholar
  13. 13.
    Pajic, M., et al.: Robustness of attack-resilient state estimators. In: ACM/IEEE International Conference on Cyber-Physical Systems (ICCPS), pp. 163–174. IEEE (2014)Google Scholar
  14. 14.
    Psiaki, M.L., Humphreys, T.E.: GNSS spoofing and detection. Proc. IEEE 104(6), 1258–1270 (2016)CrossRefGoogle Scholar
  15. 15.
    Shoukry, Y., Nuzzo, P., Puggelli, A., Sangiovanni-Vincentelli, A.L., Seshia, S.A., Tabuada, P.: Secure state estimation for cyber-physical systems under sensor attacks: a satisfiability modulo theory approach. IEEE Trans. Autom. Control 62(10), 4917–4932 (2017)MathSciNetCrossRefGoogle Scholar
  16. 16.
    Tambe, M.: Security and Game Theory: Algorithms, Deployed Systems, Lessons Learned. Cambridge University Press, Cambridge (2011)CrossRefGoogle Scholar
  17. 17.
    Tippenhauer, N.O., Pöpper, C., Rasmussen, K.B., Capkun, S.: On the requirements for successful GPS spoofing attacks. In: ACM Conference on Computer and Communications Security, pp. 75–86. ACM (2011)Google Scholar
  18. 18.
    Umsonst, D., Sandberg, H.: A game-theoretic approach for choosing a detector tuning under stealthy sensor data attacks. In: 2018 IEEE Conference on Decision and Control (CDC), pp. 5975–5981. IEEE (2018)Google Scholar
  19. 19.
    Weerakkody, S., Sinopoli, B.: Detecting integrity attacks on control systems using a moving target approach. In: 54th IEEE Conference on Decision and Control (CDC), pp. 5820–5826. IEEE (2015)Google Scholar
  20. 20.
    Weerakkody, S., Sinopoli, B.: A moving target approach for identifying malicious sensors in control systems. In: Annual Allerton Conference on Communication, Control, and Computing (Allerton), pp. 1149–1156. IEEE (2016)Google Scholar
  21. 21.
    Zhang, R., Venkitasubramaniam, P.: A game theoretic approach to analyze false data injection and detection in lqg system. In: Conference on Communications and Network Security (CNS), pp. 427–431. IEEE (2017)Google Scholar
  22. 22.
    Zhu, Q., Başar, T.: Dynamic policy-based IDS configuration. In: Conference on Decision and Control, pp. 8600–8605. IEEE (2009)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Worcester Polytechnic InstituteWorcesterUSA

Personalised recommendations