A Bilevel Optimization Framework for Adversarial Control of Gas Pipeline Operations
Tejaswini Sanjay Katale, Lu Gao, Yunpeng Zhang, Alaa Senouci
TL;DR
This paper addresses cyber-physical risks in gas pipeline operations by integrating network hydraulics with SCADA-based state estimation and model predictive control (MPC). A bi-level optimization problem models a stealthy attacker injecting false data into sensor measurements while the lower level MPC optimizes control; the follower is reformulated via Karush–Kuhn–Tucker (KKT) conditions to yield a single mixed-integer quadratic program (MIQP) for tractable solution. Two case studies on a 15-node network and the GasLib-24 network show that undetectable sensor attacks can cause persistent throughput reductions with only modest instantaneous deviations, underscoring the need for integrated detection and robust control strategies. The framework provides a foundation for resilience analysis and could be extended with more realistic physics and scalable solution techniques for real-world deployment.
Abstract
Cyberattacks on pipeline operational technology systems pose growing risks to energy infrastructure. This study develops a physics-informed simulation and optimization framework for analyzing cyber-physical threats in petroleum pipeline networks. The model integrates networked hydraulic dynamics, SCADA-based state estimation, model predictive control (MPC), and a bi-level formulation for stealthy false-data injection (FDI) attacks. Pipeline flow and pressure dynamics are modeled on a directed graph using nodal pressure evolution and edge-based Weymouth-type relations, including control-aware equipment such as valves and compressors. An extended Kalman filter estimates the full network state from partial SCADA telemetry. The controller computes pressure-safe control inputs via MPC under actuator constraints and forecasted demands. Adversarial manipulation is formalized as a bi-level optimization problem where an attacker perturbs sensor data to degrade throughput while remaining undetected by bad-data detectors. This attack-control interaction is solved via Karush-Kuhn-Tucker (KKT) reformulation, which results in a tractable mixed-integer quadratic program. Test gas pipeline case studies demonstrate the covert reduction of service delivery under attack. Results show that undetectable attacks can cause sustained throughput loss with minimal instantaneous deviation. This reveals the need for integrated detection and control strategies in cyber-physical infrastructure.