ABSTRACT:

In this paper we consider the integrity attack on Cyber-Physical System (CPS), which is modeled as a discrete linear time-invariant system equipped with a Kalman filter, LQG controller and Χ2 failure detector. An attacker wishes to disturb the system by injecting external control inputs and fake sensor measurements. In order to perform the attack without being detected, the adversary will need to carefully design its actions to fool the failure detector as abnormal sensor measurements will result in an alarm. The adversary's strategy is formulated as a constrained control problem. In this paper, we characterize the reachable set of the system state and estimation error under the attack, which provides a quantitative measure of the resilience of the system. To this end, we will provide an ellipsoidal algorithm to compute the outer approximation of the reachable set. We also prove a necessary condition under which the reachable set is unbounded, indicating that the attacker can successfully destabilize the system.

Full article: http://dl.acm.org/citation.cfm?id=2185514&CFID=108739901&CFTOKEN=40772251