ItemOn Model-Based Detectors for Linear Time-Invariant Stochastic Systems Under Sensor Attacks(Institution of Engineering and Technology, 2019-05-13) Murguia, Carlos; Ruths, Justin; Murguia, Carlos; Ruths, JustinA vector-valued model-based cumulative sum (CUSUM) procedure is proposed for identifying faulty/falsified sensor measurements. First, given the system dynamics, the authors derive tools for tuning the CUSUM procedure in the fault/attack-free case to fulfil the desired detection performance (in terms of false alarm rate). They use the widely-used chi-squared fault/ attack detection procedure as a benchmark to compare the performance of the CUSUM. In particular, they characterise the state degradation that a class of attacks can induce the system while enforcing that the detectors (CUSUM and chi-squared) do not raise alarms. In doing so, they find the upper bound of state degradation that is possible by an undetected attacker. They quantify the advantage of using a dynamic detector (CUSUM), which leverages the history of the state, over a static detector (chi-squared), which uses a single measurement at a time. Simulations of a chemical reactor with a heat exchanger are presented to illustrate the performance of their tools. © The Institution of Engineering and Technology 2019 ItemTuning Windowed Chi-Squared Detectors for Sensor Attacks(Institute of Electrical and Electronics Engineers Inc.) Tunga, Rohit; Murguia, C.; Ruths, Justin; Tunga, Rohit; Ruths, JustinA model-based windowed chi-squared procedure is proposed for identifying falsified sensor measurements. We employ the widely-used static chi-squared and the dynamic cumulative sum (CUSUM) fault/attack detection procedures as benchmarks to compare the performance of the windowed chi-squared detector. In particular, we characterize the state degradation that a class of attacks can induce to the system while enforcing that the detectors do not raise alarms (zero-alarm attacks). We quantify the advantage of using dynamic detectors, which leverage the history of the state, over a static detectors which uses a single measurement at a time. Simulations using a chemical reactor are presented to illustrate the performance of our tools. © 2018 AACC. ItemOn Reachable Sets of Hidden CPS Sensor Attacks(Institute of Electrical and Electronics Engineers Inc.) Murguia, C.; Ruths, Justin; Ruths, JustinFor given system dynamics, observer structure, and observer-based fault/attack detection procedure, we provide mathematical tools - in terms of Linear Matrix Inequalities (LMIs) - for computing outer ellipsoidal bounds on the set of estimation errors that attacks can induce while maintaining the alarm rate of the detector equal to its attack-free false alarm rate. We refer to these sets to as hidden reachable sets. These bounds quantify the attacker's potential impact when it is constrained to stay hidden from the detector. We provide tools for minimizing the volume of these ellipsoidal bounds (minimizing thus the reachable sets) by redesigning the observer. Simulation results are presented to illustrate the performance of our tools. © 2018 AACC. ItemPerformance Bounds for Optimal Feedback Control in Networks(Institute of Electrical and Electronics Engineers Inc.) Summers, Tyler H.; Ruths, Justin; Summers, Tyler H.; Ruths, JustinMany important complex networks, including critical infrastructure and emerging industrial automation systems, are becoming increasingly intricate webs of interacting feedback control loops. A fundamental concern is to quantify the control properties and performance limitations of the network as a function of its dynamical structure and control architecture. We study performance bounds for networks in terms of optimal feedback control costs. We provide a set of complementary bounds as a function of the system dynamics and actuator structure. For unstable network dynamics, we characterize a tradeoff between feedback control performance and the number of control inputs, in particular showing that optimal cost can increase exponentially with the size of the network. We also derive a bound on the performance of the worst-case actuator subset for stable networks, providing insight into dynamics properties that affect the potential efficacy of actuator selection. We illustrate our results with numerical experiments that analyze performance in regular and random networks. ©2018 AACC. ItemConstraining Attacker Capabilities through Actuator Saturation(Institute of Electrical and Electronics Engineers Inc.) Kafash, Sahand Hadizadeh; Giraldo, Jairo; Murguia, C.; Cardenas, Alvaro A.; Ruths, Justin; Kafash, Sahand Hadizadeh; Giraldo, Jairo; Cardenas, Alvaro A.; Ruths, JustinFor LTI control systems, we provide mathematical tools - in terms of Linear Matrix Inequalities - for computing outer ellipsoidal bounds on the reachable sets that attacks can induce in the system when they are subject to the physical limits of the actuators. Next, for a given set of dangerous states, states that (if reached) compromise the integrity or safe operation of the system, we provide tools for designing new artificial limits on the actuators (smaller than their physical bounds) such that the new ellipsoidal bounds (and thus the new reachable sets) are as large as possible (in terms of volume) while guaranteeing that the dangerous states are not reachable. This guarantees that the new bounds cut as little as possible from the original reachable set to minimize the loss of system performance. Computer simulations using a platoon of vehicles are presented to illustrate the performance of our tools. ItemA Comparison of Stealthy Sensor Attacks on Control Systems(Institute of Electrical and Electronics Engineers Inc.) Hashemi, Navid; Murguia, C.; Ruths, Justin; Hashemi, Navid; Ruths, JustinAs more attention is paid to security in the context of control systems and as attacks occur to real control systems throughout the world, it has become clear that some of the most nefarious attacks are those that evade detection. The term stealthy has come to encompass a variety of techniques that attackers can employ to avoid detection. Here we show how the states of the system (in particular, the reachable set corresponding to the attack) can be manipulated under two important types of stealthy attacks. We employ the chi-squared fault detection method and demonstrate how this imposes a constraint on the attack sequence either to generate no alarms (zero-alarm attack) or to generate alarms at a rate indistinguishable from normal operation (hidden attack).