Algorithm to Compute A Coding Matrix

In this section we propose an algorithm to compute a set of feasible coding matrices for the case there exists a sequence of sensor data injections to cause unbounded state estimation error, i.e., the system has unstable eigenvectors of $`A`$.

The coded sensor values should increase the difference between estimation residue of the normal and attacked system – $`\|\Delta z'_k\|_2`$ as $`k \to \infty`$, which is equivalent to keep $`\|Cv-\Sigma^{-1} Cv\|_2`$ or $`\|C\tilde{v}- \Sigma^{-1}C\tilde{v}\|_2`$ for multiple unstable eigenvectors nonzero, by the proof of Theorem [code] and Lemma [code_lemma]. The system satisfies that $`(A, C)`$ is detectable, then with an invertible coding matrix $`\Sigma`$ and the decoded sensor value $`\tilde{y}'_k`$ defined in [y_decode], $`\tilde{y}'_k=y_k`$ when $`y^a_k=0`$. Hence, the state estimator still converges to the true state without attacks and the coding scheme does not sacrifice the performance of state estimator.

For multiple unstable eigenvectors, when we do not know the exact linear combination result of $`\tilde{v}`$ applied by the attacker to design the injection sequence, we can not guarantee that $`\Sigma`$ works for the exact injected sequence $`y^a_k`$ by finding a feasible coding matrix with respect to a specific vector $`v`$. According to Theorem [code] and Lemma [code_lemma], the coding matrix should work for any possible injection sequence $`y^a_k`$ designed based on unstable eigenvectors of the system matrix $`A`$. Hence, we consider to find a coding matrix based on the concept of a rotation matrix without specific knowledge about the value of injected data to sensors.

A Givens rotation is a $`n\times n`$ rotation matrix, with $`1`$’s on the diagonal, $`0`$’s elsewhere, except the intersections of the $`i`$th and $`j`$th rows and columns corresponding to a rotation in the $`(i,j)`$ plane in $`n`$ dimensions. It takes the following form

\begin{align}
G(i,\ j,\ \theta)=\begin{bmatrix}1&\cdots&0&\cdots&0&\cdots&0\\ \vdots &\ddots &\vdots& &\vdots& &\vdots \\ 
0&\cdots & c &\cdots & -s & \cdots &0 \\ \vdots & &\vdots&\ddots&\vdots& &\vdots \\
0&\cdots&s&\cdots&c&\cdots&0 \\ \vdots& &\vdots& &\vdots&\ddots&\vdots \\ 0&\cdots&0&\cdots&0&\cdots&1
\end{bmatrix},
\label{grotate}
\end{align}

where $`c=\cos \theta`$, $`s=\sin \theta`$.

The product $`G(i,j,\theta) x`$ represents a counterclockwise rotation of the vector $`x\in \mathbb{R}^p`$ in the $`i,j`$ plane of $`\theta`$ radians. Hence, only the $`i`$-th and $`j`$-th elements of $`x`$ will be changed. Given system model [system], there are multiple ways to choose a rotation matrix as a coding matrix in general. If a rotation matrix can guarantee that the direction of any possible stealthy injection is changed, it must rotate all nonzero elements in the vector space

\begin{align}
span(Cv_1, \dots, Cv_u)
\label{inject_space}
\end{align}

The following algorithm provides a design process of a rotation matrix given system matrix $`A`$.

Input: System model parameters $`A,C`$, unstable eigenvalues and eigenvectors $`\lambda_i, v_i,\ i=1,\dots, u`$ of $`A`$.
Initialization: Calculate vectors $`Cv_i \in \mathbb{R}^p`$ for all unstable eigenvectors $`i=1,\dots, u`$. Construct the standard basis $`(e_{p_1},\ e_{p_2}, \dots, e_{p_l})`$, $`e_{p_j} \in \mathbb{R}^p`$ for the vector space defined as [inject_space], where $`1\leq p_1 < p_2 \dots < p_l \leq p`$, and $`e_{p_j}`$ is a vector with the $`p_j`$-th element as $`1`$ and all the other elements as $`0`$. Define rotation step as $`r=1`$, uncovered unstable dimension set as $`S=\{p_1, p_2,\dots, p_l\}`$.
Iteration: When $`S\neq \phi`$
If more than two elements are left in the set $`S`$: randomly picking up a rotation radian $`\theta \in (0, \frac{\pi}{2}]`$, rotation dimension $`p_i, p_j \in S`$, let $`S=S\setminus \{p_i, p_j\}`$;
Else: randomly picking a rotation radian $`\theta \in (0, \frac{\pi}{2}]`$ with uniform distribution, rotation dimension $`p_i\in S`$, $`p_j \in \{1,\dots,p \}`$ and $`p_j \neq p_i`$, let $`S=S\setminus \{p_i\}`$.
Get the rotation matrix $`G_r=G(p_i,p_j,\theta)`$ as defined in [grotate]. Let $`r=r+1`$.
Return: A feasible transform matrix $`\Sigma = G_1 G_2 \dots G_r`$.

The existence condition of a feasible coding matrix designed as a rotation matrix is then explained in the following lemma.

When the dimension of matrix $`C`$ of the system [system] satisfies that $`p \geq 2`$, there always exists a feasible givens rotation matrix $`\Sigma`$ that satisfies the condition of Theorem [code] or Lemma [code_lemma] for the system.

Proof. According to the definition of a Givens matrix [grotate] and the process of calculating a feasible rotation matrix, when $`p \geq 2`$, we apply Algorithm [calculate_g]. Since every rotation has an angle $`\theta \in (0,\ \frac{\pi}{2}]`$ and there are no two rotations in the same plane, vector $`\Sigma Cv`$ is not in the same direction with $`Cv`$. Hence, Algorithm [calculate_g] provides a feasible rotation matrix. ◻

The coding scheme proposed in this work is a low cost approach from computation perspective. Specifically, the proposed coding scheme requires only $`O(n^3+p^3)`$ multiplications and additions, where n and p denote the number of plant states and sensors respectively. As we clarify now in the new version of the manuscript (in Section IV), this is significantly lower than the computation cost for even basic encryption and coding schemes that involve computation of highly complex non-linear primitives .

The coding scheme proposed in this work is also a low cost approach from communication perspective. The coding scheme proposed in this work does not require additional bits for each plaintext message of the sensor measurements, while an encryption method introduces communication overhead for each sensor message transmitted in the communication channel . The sensor outputs coding approaches proposed in this work aim to change the value transmitted over the communication channel instead of correcting errors on bit level compared with error-correcting additional coding bits . Hence, the communication overhead of the proposed scheme in this work is relatively low.

The rotation matrix $`\Sigma`$ calculated by Algorithm [calculate_g] is a sparse matrix in general, since a rotation matrix has many $`0`$ elements, and Algorithm [calculate_g] is a polynomial heuristic algorithm. This means the coding process is computationally efficient.

For systems with structural constraints, two potential schemes can be considered. One is that the structure of $`\Sigma`$ is also limited and we design a coding matrix $`\Sigma`$ with an additional constraint that some components $`\Sigma`$ must be $`0`$ because of the sparsity of the sensors the system equipped with. Another scheme is distributed coding that multiple coding matrices are applied for the whole system. This is a revenue for future work.

When sensor and actuator packets are both injected

We will derive the condition for a feasible coding matrix when the attacker can mount deception attacks to both sensor packets and actuator packets.

Given an attacked system model [attackmodel], assume that the attacker designs a sequence of stealthy sensor and actuator data injection $`(y^a_k, u^a_k), k=0,1,\dots`$, that $`u^a_k`$ is bounded and drives the estimation error to infinity $`\lim_{k\to\infty}\|\Delta e_k\|_2 \to \infty`$. If there exists an invertible matrix $`\Sigma`$ such that $`y_k^a-\Sigma^{-1} y_k^a\neq 0`$ for any $`y_k^a`$, then after injecting $`(y^a_k, u^a_k)`$ the estimation residue change satisfies $`\lim_{k\to\infty}\|\Delta z'_k\|_2 \to \infty`$, by coding sensor outputs [sig_y] with $`\Sigma`$.

Proof. The dynamics of change of estimation error, residuals between the normal and compromised system is described as [delta_z], where $`y^a_k, u_k^a`$ is the injected sequence to sensor and actuator packets, respectively. Since $`\|\Delta z_{k+1}\|_2 \leq M`$ for all $`k=0, 1,\dots`$, any pair of $`(y^a_{k+1}, u^a_k)`$ must satisfy

\begin{align}
y^a_{k+1}=-CA\Delta e_k - CBu^a_k+ \epsilon_k,\  \|\epsilon_k\|_2 \leq M.
\label{yak}
\end{align}

For bounded $`u^a_k`$, the injection sequence satisfies that $`\lim_{k\to\infty}\|y^a_k\|_2 \to \infty`$ to make sure $`\lim_{k\to\infty}\|\Delta e_k\|_2 \to \infty`$. When coded sensor values are injected as [sig_ya], and the estimator decodes the value as

\begin{align*}
% \\\centerline{$
\tilde{y}'_k=\Sigma^{-1} Y'_k=Cx_k+v_k+\Sigma^{-1} y^a_k,%$}
\end{align*}

the coded system with the original design of Kalman filter is equivalent to be injected by a sequence of pair $`(\Sigma^{-1}y^a_{k+1}, u^a_k)`$. It is worth noting that the actuator data is not coded, and $`u^a_k`$ keeps the same for both the original and coded system. The dynamics of the change of estimation error, residuals between the normal and compromised coded system are as following

\begin{align*}
\begin{split}
&\Delta e'_{k+1} = (A-KCA) \Delta e'_{k} - K\Sigma^{-1}y^{a}_{k+1}+(B-KCB)u_k^a,\\
&\Delta z'_{k+1}=CA\Delta e'_k+ \Sigma^{-1}y^a_{k+1}+C B u^a_k.
\end{split}
\end{align*}

Without loss of generality, we assume that $`\Delta e_0 =0`$, then

\begin{align*}
\Delta e_k &=\sum_{j=1}^{k} (A-KCA)^{k-j} (- K y^{a}_{j}+(B-KCB)u_{j-1}^a),\\
\Delta e'_k &=\sum_{j=1}^{k} (A-KCA)^{k-j} (- K\Sigma^{-1}y^{a}_{j}+(B-KCB)u_{j-1}^a).
\end{align*}

Plug in the expression of $`\Delta e'_k`$ in the equation of $`\Delta z'_{k+1}`$, with $`CBu^a_k=-y^a_{k+1}-CA\Delta e_k + \epsilon_k`$, we have

\begin{align}
\begin{split}
\Delta z'_{k+1}=& CA\sum_{j=1}^{k} (A-KCA)^{k-j} (- K\Sigma^{-1}y^{a}_{j}\\
                      & +(B-KCB)u_{j-1}^a)+\Sigma^{-1}y^a_{k+1}+C B u^a_k\\
                %  =& CA\sum_{j=1}^{k} (A-KCA)^{k-j-1}K(I-\Sigma^{-1})y^a_j\\
                %   &+CA\Delta e_k -CA\Delta e_k +(\Sigma^{-1}-I) y^a_{k+1}+ \epsilon_k\\
                   =&CA\sum_{j=1}^{k} (A-KCA)^{k-j}K(I-\Sigma^{-1})y^a_j\\
                     &+(\Sigma^{-1}-I) y^a_{k+1}+ \epsilon_k.
                                         %(-K\Sigma^{-1} (-CA\Delta e_{j-1} - Cu^a_{j-1}+ \epsilon)+)
\end{split}
\label{z_uy}
\end{align}

Hence, for $`\Sigma \neq I`$, $`\lim_{k\to\infty}\|y^a_{k+1}\|_2 \to \infty`$, we have $`\lim_{k\to\infty}\|\Delta z'_k\|_2 \to \infty`$ for $`\Delta z'_k`$ defined in [z_uy]. ◻

Redundant Controller/Sensor

random select controller/sensor

Assume we have m controllers $`(C_{1}, ..., C_{M})`$, each designed by some stable or optimal requirement, not necessarily resilient for attack. The advantage of redundant controllers/sensors is : random pick controller can decrease the probability that the active controller is included in the nonzero element of $`B^{a}, \Gamma`$ (or the disclosure/disruption resource of the system, ).

Can we apply “access key” for actuators and sensors that every step only some keys are feasible?

Consider an extreme case, at time k, the system uniformly pick one active controller and the attacker also uniformly pick one controller to compromise, no false data injection to sensors ($`\Gamma = 0`$), then the probability that the active controller is safe is $`P=1-\mathbf{C}_{m}^{1}\times \frac{1}{m^{2}} = 1-\frac{1}{m}`$, and actually we have $`B^{a}=0`$. The necessary condition for the existence of unbounded reachable region is:

v is an eigenvector of $`A`$, the corresponding eigenvalue of which is $`\lambda`$;
$`Cv=0`$ or $`\lambda=0`$.

Note that this depends on the system model [system], if the system is observable, then with at least probability $`P = 1-\frac{1}{m}`$ (since the theorem is a necessary condition) there is no attack $`\zeta^{a}`$ satisfies : $`\|z\|_{k} \leq 1`$ and $`\lim_{k \to \infty} \|x\|=\infty`$, which means the attacker must take a risk to be detected if it wants to bring large bias to the system.

How to define the probability of

Conclusion

In this work, we have proposed a method of coding sensor outputs to detect stealthy data injection attacks that designed by an intelligent attacker with system model knowledge. We show the conditions of a feasible coding scheme to detect a stealthy injection sequence with statistical detectors, and develop an efficient algorithm to compute such feasible coding matrices. The sensor coding scheme is valid for the scenarios where the attacker is capable to estimate the coding matrix via measuring sensor outputs and actuator inputs. Simulation examples show that the adaptive injection sequence designed based on an estimated coding matrix cannot pass the detector without knowledge of the coding matrix applied by the system in general. In the future, we will explore a coding scheme for a system with structural constraints.

System And Attack Model

System diagram, where the system is equipped with an estimator, a detector and a controller. The attacker can inject arbitrary false data vector y_k^a to sensor outputs and u_k^a to actuator inputs.

We will introduce a discrete-time linear time-invariant (LTI) system model, a data injection attack model, and the attacked system model in this section. The system architecture is shown in Figure 1.

Linear system model

Assume that the CPS is composed of a discrete time LTI system with the following form:

\begin{align}
\begin{split}
x_{k+1}=Ax_{k}+Bu_{k}+w_{k},\quad
y_{k}=Cx_{k}+v_{k},
\end{split}
\label{system}
\end{align}

where $`x_{k} \in \mathbb{R}^{n}`$ is the system state vector, $`u_{k} \in \mathbb{R}^{m}`$ is the control input, and $`y_{k} \in \mathbb{R}^{p}`$ is the sensor observations at time $`k`$. We do not have specific restrictions for the linear control input $`u_k`$ here, since the choice of a linear controller does not affect the detection of false data injection, and we will explain the reason later. We assume that $`w_{k}\sim N(0,Q)`$ and $`v_{k}\sim N(0,R)`$ are identical independent (i.i.d.) Gaussian noises.

The optimal Kalman filter used to estimate state $`\hat{x}_{k|k}`$ is:

\begin{align*}
&\hat{x}_{0|-1}=0,\ \ P_{0|-1}=\Theta,
P_{k+1|k}=AP_kA^T+Q,\\
&K_{k+1}=P_{k+1|k}C^T(CP_{k+1|k}C^T+R)^{-1},\\
&P_{k+1}=(I-K_{k+1}C)P_{k+1|k},\\
&z_{k+1}=y_{k+1}-C(A\hat{x}_ {k}+Bu_k),\\
&\hat{x}_{k+1|k}=A\hat{x}_k+Bu_k,\quad
\hat{x}_{k+1}=\hat{x}_{k+1|k}+K_kz_{k+1}.
\end{align*}

Under the assumption that $`(A,B)`$ is stabilizable, $`(A,C)`$ is detectable, we get a steady state Kalman filter, with the error covariance matrix $`P`$ and Kalman gain matrix $`K`$:

\begin{align*}
P \triangleq \lim \limits_{k \to \infty} P_{k|k-1}, K\triangleq PC^T(CPC^T+R)^{-1}.
\end{align*}

Without attacks, the estimation residue $`z_{k}`$ follows a Gaussian distribution $`N\sim (0, CPC^{T}+R)`$. Define the quantities $`g_{k}`$ as $`g_{k}=z_{k}^{T}P^{-1}z_{k}`$, where $`P`$ is the error covariance matrix of Kalman filter, then $`g_k`$ satisfies a $`\chi^{2}`$ distribution with $`p`$ degrees of freedom. A $`\chi^{2}`$ failure detector considers the standardized residue sequence $`\eta_{k}= P^{-\frac{1}{2}}z_{k}`$ for a monitoring system, and assumes that there exists a $`\delta_{\eta}`$ such that $`\lim_{k\to \infty} \|E{\eta_{k}}\| \leq \delta_{\eta}.`$ We denote $`\alpha`$ as the threshold for detecting a fault, meaning that the alarm is triggered when $`g_{k}> \alpha.`$

False data injection attack model

The system model under sensor data injection attack is described as [attackmodel]

\begin{align}
\begin{split}
x'_{k+1}&=Ax'_{k}+B(u'_k+u^a_k)+w_{k}, \\
y'_{k}&=Cx'_{k}+y^{a}_{k}+v_{k},
\end{split}
\label{attackmodel}
\end{align}

where $`y^a_k \in \mathbb{R}^p`$, $`u^a_k \in \mathbb{R}^m`$ are arbitrary vectors injected to sensor outputs, actuator inputs by the attacker at time $`k`$ respectively. When $`u^a_k=0`$, only sensor values are changed by the attacker. Assume the adversary has knowledge of the system model described in Section 10.1, and is able to inject data over communication network between sensors and the estimator/detector/controller.

Without attack, according to the system dynamics and the definition of Kalman filter, the estimation error is

\begin{align*}
&e_{k} \triangleq x_k-\hat{x}_k,\\
&e_{k+1} = (A-KCA) e_{k}-Kv_k+ (I-KC)w_k.
\end{align*}

When matrix $`(A-KCA)`$ is stable and $`\mathbb{E}w_k=\mathbb{E}v_k=0`$, the expectation of estimation error converges to $`0`$ with a static Kalman filter, i.e., $`\lim_{k\to\infty} \mathbb{E}[e_k]\to 0`$. Meanwhile, the residual $`z_k`$ stays in the subspace that does not trigger the alarm with a high probability.

To illustrate how the sensor injection sequence $`y^a_k`$ will affect the estimation and monitoring system, we examine how the estimation error and residue will change with $`y^a_k`$. Denote the estimation residuals of attacked system as

\begin{align*}
z'_{k}=y'_{k+1}-C(A\hat{x}'_ {k}+Bu'_k),
\end{align*}

where $`\hat{x}'_{k}`$ is the state estimation of the compromised system. Similarly, we define the estimation error under attack as

\begin{align*}
 e'_{k} \triangleq x'_k-\hat{x}'_k,
\end{align*}

The probability that the sensor injection sequence $`y^a_k,\ k=0,1,\dots`$ is detectable is given by

\begin{align*}
 Pr(g'_{k}=(z'_{k})^{T}P^{-1}z'_{k} >\alpha \ \text{for any}\  k).
\end{align*}

The difference between the normal and the compromised systems can be captured by:

\begin{align}
%\begin{split}
%&, \quad \\
\Delta e_{k} \triangleq e'_{k}-e_{k}, \quad \Delta z_{k} \triangleq z'_{k}-z_{k}.
%\end{split}
\label{e}
\end{align}

The dynamics of the above difference vectors satisfy

\begin{align}
\begin{split}
%\Delta \tilde{x}_{k+1}=&\begin{bmatrix}A+BL&-BL\\
    %                                                0&A-KCA\\
        %                                            \end{bmatrix}\Delta \tilde{x}_{k} +
            %                                        \begin{bmatrix}0\\
                %                                                                   -Ky^{a}_{k+1}\end{bmatrix} \\ \fi
&\Delta e_{k+1} = (A-KCA) \Delta e_{k} - Ky^{a}_{k+1}+(B-KCB)u_k^a,\\
&\Delta z_{k+1}= CA\Delta e_k+ y^a_k+CBu_k^a,
%\Delta z_{k+1}=&\begin{bmatrix}0&CA\end{bmatrix}\Delta \tilde x_{k} +\begin{bmatrix}0 & I\end{bmatrix} \begin{bmatrix}0 \\y^{a}_{k+1}\end{bmatrix}.                                                                                                                                       
\end{split}    
\label{delta_z}
\end{align}

Hence the difference vectors between normal and compromised systems, $`\Delta z_{k}(y^{a}, u^a), \Delta e_{k}(y^{a},u^a)`$, are functions of the injection sequences $`y^{a}\triangleq (y^{a}_0, y^{a}_1,\dots)`$, $`u^a \triangleq(u^a_0, u^a_1,\dots)`$. To simplify the notations, we concisely denote these vectors as $`\Delta z_{k}, \Delta e_{k}`$, respectively.

The objectives of the attacker include increasing the estimation error $`e'_k`$ without triggering the alarm, and destabilizing the system with infinite state estimation error $`e'_k`$ in the long run. Note that these types of attacks on control systems have been illustrated in the recent years. For instance, the estimated trajectories of Unmanned Ground Vehicle (UGV) and Unmanned Aerial Vehicle (UAV) navigation systems under stealthy data injection attacks (e.g., by GPS spoofing) deviate from the actual trajectories of the autonomous vehicles before being detected. Thus the attacker’s objective is equivalent to increasing $`\|\Delta e_k\|_2`$ (the difference between estimation error of the normal and compromised systems) to infinity without increasing $`\|\Delta z_k\|_2`$ much as time goes by. Since computing the detecting statistic of compromised system $`g'_{k}`$ is to integrate a Gaussian distribution on an ellipsoid, the stealthy requirement can be approximated by keeping $`\|z'_k\|_2`$ small. Residues of the normal system $`z_k`$ are bounded, and the attacker should keep the change of residues bounded make the injection stealthy. It means the following inequality should hold

\begin{align}
\|\Delta z_{k}\|_2 \leq M,
\label{residue}
\end{align}

where $`M`$ is a residue norm change threshold designed by the attacker. The compromised estimation residue should be close to that of the normal system, to deceive the monitoring system. ¹ When $`y^{a}_k`$ can be an arbitrary vector, a necessary and sufficient condition for a stealthy injection $`y^a_k`$ that can increase $`\|e'_k\|_2`$, $`\|x'_k\|_2`$ to infinity while keep $`\|z'_k\|_2`$, $`\|\Delta z_{k}\|_2`$ bounded is derived in , . The condition that $`Cv \in span (I)`$, i.e., there exists $`y^{*}`$ satisfying $`y^{*} =Cv`$ is always satisfied by the attack model [attackmodel]. Hence, we have the following proposition.

There exists a stealthy sequence $`y^a_k, k=0, 1, \dots,`$ given the attacked system model [attackmodel], if and only if matrix $`A`$ has an unstable eigenvalue $`\lambda`$ and the corresponding eigenvector $`v`$, such that $`v \in span (Q_{oa})`$, where $`Q_{oa}`$ is the controllability matrix associated with the pair $`(A-KCA, K)`$.

Both sensors and actuators are compromised

A necessary condition for [attackmodel] to cause unbounded system state $`x[k]`$:

The reachable region $`\mathcal{R}`$ is unbounded only if there exists a vector $`v \in \mathbb{R}^{n}`$ and a matrix $`L^{a} \in \mathbb{R}^{q\times n}`$, such that

v is an eigenvector of $`A+B^{a}L^{a}`$, the corresponding eigenvalue of which is $`\lambda`$;
$`Cv`$ belongs to the column space of $`\Gamma`$ or $`\lambda=0`$.

A necessary and sufficient condition for stealth attack when both sensors and actuators are attacked is provided by :

For the given model [attackmodel], there exist a non-zeros attack pair sequence $`u^a_{k},y^a_{k}, k\in \{1,2, \cdots\}`$ which can cause the unbounded error while maintaining a small residue condition [residue], if and only if

\begin{align}
span\{CQ_{ca}\} \subset span\{\Gamma\}
\label{saspan}
\end{align}

where $`Q_{ca}`$ is the controllability matrix of the pair $`(A,B^a)`$.

Both Sensors and Actuators are vulnerable

\begin{align}
G(i,\ j,\ \theta)=\begin{bmatrix}1&\cdots&0&\cdots&0&\cdots&0\\ \vdots &\ddots &\vdots& &\vdots& &\vdots \\ 
0&\vdots & c &\cdots & -s & \cdots &0 \\ \vdots & &\vdots&\ddots&\vdots& &\vdots \\
0&\cdots&s&\cdots&c&\cdots&0 \\ \vdots& &\vdots& &\vdots&\ddots&\vdots \\ 0&\cdots&0&\cdots&0&\cdots&1
\end{bmatrix},
\end{align}

where $`c=\cos \theta`$, $`s=\sin \theta`$ appear

The dynamics of change of estimation error, residuals between the normal and compromised system is

\begin{align}
\begin{split}
&\Delta e_{k+1} = (A-KCA) \Delta e_{k} - Ky^{a}_{k+1},\\
&\Delta z_{k+1}=CA\Delta e_k+ y^a_k,
\end{split}
\end{align}

When Sensor Networks Have Structural Constraints

Illustrative Examples

Coding scheme detect stealthy data injection

We show the effects of coding sensor outputs by examples of two-dimensional LTI systems.

Consider a detectable 2-dimensional linear system with parameters:

$`\mathbf{A}=\begin{bmatrix}0.8&0\\0.5&1\end{bmatrix}, \mathbf{B}=\begin{bmatrix}1\\0.5\end{bmatrix}, \mathbf{C}=\begin{bmatrix}2&0.5\\0&1\end{bmatrix}, \mathbf{D}=0,`$

where $`A`$ has an unstable eigenvalue $`\lambda=1`$ and eigenvector $`v=[0\ 1]^T`$. One stealth attack sequence is: $`y_0^a =[0.0588\ 0.0588 ]^T`$, $`y^a_1=[0.1286\ -0.9706]^T`$, $`y_k=y_{k-2}^a-y_0^a, k \geq 2`$. Multiple solutions of feasible coding matrices that satisfy Theorem [code] exist in general. For instance, for the above system, $`\Sigma_1=\begin{bmatrix}2&-0.5\\-0.5&1\end{bmatrix}`$ and $`\Sigma_2=\begin{bmatrix}1&-1\\2&0\end{bmatrix}`$ are both feasible.

Comparison of ∥Δz_k∥₂ of the original system and ∥Δz_k^′∥₂ of the coded system with Σ₁.

Comparison of norm of residue change between the original system and coded system, Δz_k and Δz_k^′, for Σ₂ that satisfies Theorem [code].

Comparison of norm of estimation error change between the original system and coded system, Δe_k and Δe_k^′, for Σ₂ that satisfies Theorem [code].

Figure 3 shows that for the sensor outputs transformed by $`\Sigma_2`$, $`\Delta z'_k`$ increases with time $`k`$, while the original system $`\Delta z_k`$ stays inside a bounded range. For the transformed sensor outputs, the change of the estimation error $`\Delta e'_k`$ increases even slower than $`\Delta e_k`$ under data injection attack as shown in Figure 4. By comparing the change of estimation error $`\Delta e_k`$ and $`\Delta e'_k`$, we show that estimation error of a coded system does not necessarily increase faster than the original system.

When the attacker tries to estimate the coding matrix

In this example, the system applies the coding matrix designed based on Algorithm [calculate_g], a scaled rotation matrix $`2*G(1,2, \frac{\pi}{4})`$ with a rotation radian $`\theta=\frac{\pi}{4}`$ in the $`(1,2)`$ plane $`\Sigma=\begin{bmatrix}0.7 & 0.5 \\-0.5 & 0.7 \end{bmatrix}.`$ When the attacker estimates $`\Sigma`$ according to $`N=20`$ steps of sensor and actuator measurements via Algorithm [attacker_alg], the estimated result is $`\hat{\Sigma}`$ and the attacker designs a new injection sequence $`\hat{\Sigma} y^a_k`$ based on $`\hat{\Sigma}`$

\begin{align*}
%\\\centerline{$
\hat{\Sigma}=\begin{bmatrix}2.80&-0.15\\-0.89&0.05 \end{bmatrix}.%$}
\end{align*}

In Figure 5, we compare the residue change for: the original system under injection sequence $`y^a_k`$, the coded system under data injection $`y^a_k`$, and the coded system under injection sequence $`\hat{\Sigma} y^a_k`$. Assume the threshold for $`\|\Delta z_k\|_2`$ is set as $`M=2`$, in Figure 5 we can see that the attack will be detected after injecting a sequence of data $`y^a_k`$ (designed for the original system) for $`12`$ seconds to the coded system, i.e., $`T_s(y^a_k)=12`$. In contrast, $`T_s(\hat{\Sigma}y^a_k)=50`$ seconds, however, $`\hat{\Sigma}`$ is estimated via $`N=20`$ seconds of measurements of sensor and actuator values. Hence, the attacker does not have enough time to get such $`\hat{\Sigma}`$ before being detected.

Comparison of norm of estimation residue change between the original system—Δz_k, coded system—Δz_k^′ when the system applies Σ and the attacker injects y_k^a designed for the original system, and the sensor data injection sequence designed with estimated coding matrix— Δz_sk when the attacker injects Σ̂y_k^a and the true coding matrix is Σ. When M = 2, T_s(y_k^a) = 12 seconds, T_s(Σ̂y_k^a) = 50 seconds.

Number of measurements to estimate the coding matrix

Figure 6 shows how the estimation of $`\hat{\Sigma}`$ changes with the number measurement steps $`N`$. In general, when $`N`$ increases, the difference between $`\hat{\Sigma}`$ and $`\Sigma`$ decreases, and the norm of residue change $`\|\Delta z_k\|_2`$ increases slower with sensor injection sequence $`\hat{\Sigma}y^a_k`$. However, as shown in Figure 6, for both $`N=25`$ and $`N=200`$, $`\|\Delta z_k\|_2`$ are almost the same, hence, the attacker does not infer a better coding matrix to keep stealthy with a greater measurement time. Comparing the time of keeping stealthy with estimated coding matrix, we have $`T_s(\hat{\Sigma}y^a_k)=20`$ for $`N=2`$, $`T_s(\hat{\Sigma}y^a_k)=30`$ for $`N=5`$, and approximately $`T_s(\hat{\Sigma}y^a_k)=51`$ for $`N\geqslant 25`$. From the perspective of the system, if we set the threshold $`\tilde{\alpha} (N_{\Sigma})=1.5`$ in this case, and $`\frac{T_s( \hat{\Sigma}(N)y^a_k)-T_s(y^a_k)}{T_s (y^a_k)}=\frac{30-12}{12}=1.5`$, by the heuristic Algorithm [change_time], the system can change the coding matrix every $`5`$ seconds.

Comparison of norm of estimation residue change when the attacker designs a sensor injection sequence according to Σ̂ estimated with different measurement number N. When attacker injects Σ̂y_k^a and the system applies coding, the detection time, i.e., the time ∥Δz_sk∥₂ ≥ 2 is labeled for different measurement time N: N = 2, T_s(Σ̂y_k^a) = 20; N = 5, T_s(Σ̂y_k^a) = 30. For N = 25 and N = 200, T_s(Σ̂y_k^a) are almost the same value: 51.

The relation between the scale or norm of the injection sequence and the alarm trigger threshold $`\alpha`$ is shown in Theorem 1 in . ↩︎