Design of Stealthy Joint Attacks Against Cyber-Physical Systems: A Reachable Set Approach

Download PDF
Open Webpage

Qirui Zhang, Wei Dai, Kun Liu, Lanhao Wang, Chunyu Yang

Published: 01 Jan 2025, Last Modified: 13 May 2025IEEE Trans Autom. Sci. Eng. 2025EveryoneRevisionsBibTeXCC BY-SA 4.0
Abstract: This article studies the joint design of stealthy actuator and sensor attacks against cyber-physical systems with the aim of keeping the system’s state in an unsafe region. The Kullback-Leibler divergence is adopted as the metric of the joint attacks’ stealthiness. The attacker’s objective is realized by making the system’s ellipsoidal invariant reachable set under stealthy joint attacks belong to the unsafe set. Firstly, the relationship between the actuator attack and the shape of the ellipsoid is analyzed and it can be characterized by a non-convex optimization problem. Parameters of the actuator attack are obtained by solving another convex optimization problem constructed through applying a linear transformation to the original problem. Then, the sensor attack is analytically solved from a non-convex optimization problem to move the center of the ellipsoid to the desired target and increase the controller’s cost. Finally, an example of the flotation industrial process is illustrated to demonstrate effectiveness of the attack. Note to Practitioners—This paper aims to study security of cyber-physical systems from the perspective of attackers, which can help defenders fully understand the behavior of attackers. Existing works have not investigated which kind of stealthy attacks can move the state to the unsafe region. In this article, novel stealthy joint attacks are proposed such that the state of the attacked system is kept in the unsafe region. In detail, the actuator attack is to reshape the system’s ellipsoidal invariant reachable set and the sensor attack is to move the center of the ellipsoid to the desired target. In practical applications, the attacker need to obtain the system’s parameters and eavesdrop the input and output data, then solve the actuator attack from a convex optimization problem and compute the sensor attack by analytically solving a non-convex optimization problem. The attacks’ effectiveness is verified through the flotation industrial process. In the future, we will further investigate the design of stealthy attack strategies for nonlinear systems.