Peak Bounds for the Estimation Error under Sensor Attacks

This paper investigates bounds on the estimation error of a linear system affected by norm-bounded disturbances and full sensor attacks. The system is equipped with a detector that evaluates the norm of the innovation signal to detect faults, and the attacker wants to avoid detection. We utilize induced $L_\infty$ system norms, also called \emph{peak-to-peak} norms, to compare the estimation error bounds under nominal operations and under attack. This leads to a sufficient condition for when the bound on the estimation error is smaller during an attack than during nominal operation. This condition is independent of the attack strategy and depends only on the attacker’s desire to remain undetected and (indirectly) the observer gain. Therefore, we investigate both an observer design method, that seeks to reduce the error bound under attack while keeping the nominal error bound low, and detector threshold tuning. As a numerical illustration, we show how a sensor attack can deactivate a robust safety filter based on control barrier functions if the attacked error bound is larger than the nominal one. We also statistically evaluate our observer design method and the effect of the detector threshold.

💡 Research Summary

The paper addresses the problem of quantifying and mitigating the impact of sensor attacks on the state‑estimation error of linear time‑invariant (LTI) systems subject to bounded disturbances. A standard observer (\hat x) with gain (K) is employed, and a detector monitors the norm of the innovation (r = y - C\hat x). An attack is modeled as a replacement of the true measurement (y) by a falsified signal (\tilde y = C\hat x + a(t)) where the attacker can choose any signal (a(t)) as long as its q‑norm stays below a threshold (\nu) so that the detector does not raise an alarm.

Under nominal conditions, the estimation error dynamics are (\dot e = (A-KC)e + (N_1-KN_2)d). Assuming input‑to‑state stability of the observer, the error is bounded by an induced L∞ (peak‑to‑peak) system norm: (|e|{\infty,q} \le |g{ed}|{1,q},\varepsilon_d =: \varepsilon_e), where (g{ed}) is the impulse response from the disturbance (d) to the error.

When the sensor attack is active, the error dynamics become (\dot{\tilde e}=A\tilde e+N_1 d - K a). The corresponding error can be expressed as a sum of two convolution terms, leading to the bound (|\tilde e|{\infty,q} \le |g{\tilde e d}|{1,q},\varepsilon_d + |g{\tilde e a}|{1,q},\nu =: \varepsilon{\tilde e}).

The authors define a system to be attack‑robust if the attacked error bound does not exceed the nominal bound, i.e., (\varepsilon_{\tilde e} \le \varepsilon_e). They derive a sufficient condition for attack‑robustness that is independent of the actual attack signal:
\