Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Security Allocation in Networked Control Systems under Stealthy Attacks

Anh Tung Nguyen, André M. H. Teixeira, Alexander Medvedev

TL;DR

This work tackles security allocation in networked control systems subject to stealthy data-injection attacks. It casts defender–attacker interactions as a Stackelberg game, with the defender as leader selecting monitor vertices under a budget and the attacker as follower choosing an attack vertex to maximize the impact on a distant target. A graph-theoretic condition shows that bounding both defense cost and attack impact is achieved when the defender focuses on dominating sets, enabling offline, scalable computation. The approach is validated on a 50-vertex network, demonstrating substantial complexity reduction via dominating-set constraints and a parallelizable mixed-integer SDP for the Stackelberg action, with practical implications for large-scale cyber-physical security.

Abstract

This paper considers the problem of security allocation in a networked control system under stealthy attacks. The system is comprised of interconnected subsystems represented by vertices. A malicious adversary selects a single vertex on which to conduct a stealthy data injection attack with the purpose of maximally disrupting a distant target vertex while remaining undetected. Defense resources against the adversary are allocated by a defender on several selected vertices. First, the objectives of the adversary and the defender with uncertain targets are formulated in a probabilistic manner, resulting in an expected worst-case impact of stealthy attacks. Next, we provide a graph-theoretic necessary and sufficient condition under which the cost for the defender and the expected worst-case impact of stealthy attacks are bounded. This condition enables the defender to restrict the admissible actions to dominating sets of the graph representing the network. Then, the security allocation problem is solved through a Stackelberg game-theoretic framework. Finally, the obtained results are validated through a numerical example of a 50-vertex networked control system.

Security Allocation in Networked Control Systems under Stealthy Attacks

TL;DR

This work tackles security allocation in networked control systems subject to stealthy data-injection attacks. It casts defender–attacker interactions as a Stackelberg game, with the defender as leader selecting monitor vertices under a budget and the attacker as follower choosing an attack vertex to maximize the impact on a distant target. A graph-theoretic condition shows that bounding both defense cost and attack impact is achieved when the defender focuses on dominating sets, enabling offline, scalable computation. The approach is validated on a 50-vertex network, demonstrating substantial complexity reduction via dominating-set constraints and a parallelizable mixed-integer SDP for the Stackelberg action, with practical implications for large-scale cyber-physical security.

Abstract

This paper considers the problem of security allocation in a networked control system under stealthy attacks. The system is comprised of interconnected subsystems represented by vertices. A malicious adversary selects a single vertex on which to conduct a stealthy data injection attack with the purpose of maximally disrupting a distant target vertex while remaining undetected. Defense resources against the adversary are allocated by a defender on several selected vertices. First, the objectives of the adversary and the defender with uncertain targets are formulated in a probabilistic manner, resulting in an expected worst-case impact of stealthy attacks. Next, we provide a graph-theoretic necessary and sufficient condition under which the cost for the defender and the expected worst-case impact of stealthy attacks are bounded. This condition enables the defender to restrict the admissible actions to dominating sets of the graph representing the network. Then, the security allocation problem is solved through a Stackelberg game-theoretic framework. Finally, the obtained results are validated through a numerical example of a 50-vertex networked control system.
Paper Structure (25 sections, 7 theorems, 33 equations, 3 figures, 1 table, 1 algorithm)

This paper contains 25 sections, 7 theorems, 33 equations, 3 figures, 1 table, 1 algorithm.

Table of Contents

  1. Introduction
  2. Problem Description
  3. Networked control system under stealthy attacks
  4. Stealthy attack model
  5. Attack and Defense Strategies
  6. Attack strategy
  7. Defense strategy
  8. Security Allocation Methodology
  9. Characterizing the set of monitor vertices
  10. Evaluating the worst-case impact of stealthy attacks
  11. Infinite invariant zeros
  12. Admissible monitor sets and dominating sets
  13. Stackelberg security game
  14. Game setup
  15. Stackelberg optimal action
  16. ...and 10 more sections

Key Result

Lemma 1

Consider the continuous LTI system $\Sigma_{\mathcal{M}} = (-\bar{L},e_a,C_{\mathcal{M}}^\top,0)$ with a given attack vertex $a$, a target vertex $\rho \in {\mathcal{V}}_{-a}$, and a non-empty monitor vertex set ${\mathcal{M}}$, the worst-case impact Jtau1 has an upper bound: where

Figures (3)

  • Figure 1: An illustration of a networked control system with the (green) target vertex. While the defender places sensors at the (blue) monitor vertices, the adversary conducts a stealthy data injection attack on the (red) attack vertex.
  • Figure 2: Given $n_s = 3$, the number of subsets of the vertex set ${\mathcal{V}}$ with respect to the number of vertices has the same slope as ${\mathcal{O}}(N^3)$. The average number of dominating sets is given through the Monte-Carlo simulation with 500 samples.
  • Figure 3: 50-vertex graph where the optimal monitor vertices are coded blue and the optimal attack vertex is coded red.

Theorems & Definitions (23)

  • Remark 1
  • Remark 2
  • Lemma 1
  • proof
  • Definition 1: Invariant zeros
  • Lemma 2: teixeira2015strategic
  • proof
  • Lemma 3: nguyen2022zero
  • proof
  • Definition 2: Relative degree khalil2002nonlinear
  • ...and 13 more