Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Centrality-Based Security Allocation in Networked Control Systems

Anh Tung Nguyen, Andreas Hertzberg, André MH Teixeira

Abstract

This paper addresses the security allocation problem within networked control systems, which consist of multiple interconnected control systems under the influence of two opposing agents: a defender and a malicious adversary. The adversary aims to maximize the worst-case attack impact on system performance while remaining undetected by launching stealthy data injection attacks on one or several interconnected control systems. Conversely, the defender's objective is to allocate security resources to detect and mitigate these worst-case attacks. A novel centrality-based approach is proposed to guide the allocation of security resources to the most connected or influential subsystems within the network. The methodology involves comparing the worst-case attack impact for both the optimal and centrality-based security allocation solutions. The results demonstrate that the centrality measure approach enables significantly faster allocation of security resources with acceptable levels of performance loss compared to the optimal solution, making it suitable for large-scale networks. The proposed method is validated through numerical examples using Erdos-Renyi graphs.

Centrality-Based Security Allocation in Networked Control Systems

Abstract

This paper addresses the security allocation problem within networked control systems, which consist of multiple interconnected control systems under the influence of two opposing agents: a defender and a malicious adversary. The adversary aims to maximize the worst-case attack impact on system performance while remaining undetected by launching stealthy data injection attacks on one or several interconnected control systems. Conversely, the defender's objective is to allocate security resources to detect and mitigate these worst-case attacks. A novel centrality-based approach is proposed to guide the allocation of security resources to the most connected or influential subsystems within the network. The methodology involves comparing the worst-case attack impact for both the optimal and centrality-based security allocation solutions. The results demonstrate that the centrality measure approach enables significantly faster allocation of security resources with acceptable levels of performance loss compared to the optimal solution, making it suitable for large-scale networks. The proposed method is validated through numerical examples using Erdos-Renyi graphs.

Paper Structure

This paper contains 14 sections, 2 theorems, 23 equations, 6 figures, 1 table.

Table of Contents

  1. Introduction
  2. Problem Description
  3. Networked control systems under false data injection attacks
  4. Network performance and monitoring
  5. The purposes of adversary and defender
  6. Risk analysis and evaluation
  7. Security Allocation
  8. Optimal security allocation
  9. Centrality-based security allocation
  10. Results
  11. Erdős–Rényi random graphs
  12. IEEE 14-bus system
  13. Conclusion

Key Result

Theorem 1

The worst-case impact of stealthy FDI attacks is always bounded and computed by the following semi-definite programming (SDP) problem. $\triangleleft$

Figures (6)

  • Figure 1: Relative gap of the worst-case attack impact between the optimal value and the value given by choosing monitor vertices based on centrality measures. The network size $N = \{ 10, \, 12, \, 14 \}$, the attack budget $n_a = \{1,\,2\}$, and the monitor budget $n_s = 1$. For each network size, $30$ Erdős–Rényi random graphs where an edge is included to connect two vertices with a probability of 0.5.
  • Figure 2: Relative gap of the worst-case attack impact between the optimal value and the value given by choosing monitor vertices based on centrality measures. The network size $N = \{ 16, \, 18, \, 20 \}$, the attack budget $n_a = \{1,\,2\}$, and the monitor budget $n_s = 1$. For each network size, $30$ Erdős–Rényi random graphs where an edge is included to connect two vertices with a probability of 0.5.
  • Figure 3: Relative gap of the solving time between the optimal value and the value given by choosing monitor vertices based on centrality measures. The network size $N = \{ 10, \, 12, \, 14 \}$, the attack budget $n_a = \{1,\,2\}$, and the monitor budget $n_s = 1$. For each network size, $30$ Erdős–Rényi random graphs where an edge is included to connect two vertices with a probability of 0.5.
  • Figure 4: Relative gap of the solving time between the optimal value and the value given by choosing monitor vertices based on centrality measures. The network size $N = \{ 16, \, 18, \, 20 \}$, the attack budget $n_a = \{1,\,2\}$, and the monitor budget $n_s = 1$. For each network size, $30$ Erdős–Rényi random graphs where an edge is included to connect two vertices with a probability of 0.5.
  • Figure 5: IEEE 14-bus system.
  • ...and 1 more figures

Theorems & Definitions (6)

  • Remark 1
  • Theorem 1
  • proof
  • Theorem 2
  • proof
  • Definition 1: Centrality measures Golbeck2013Chapter3