Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

How Sensor Attacks Transfer Across Lie Groups

Rijad Alisic, Saurabh Amin

Abstract

Sensor spoofing analysis in cyber-physical systems is predominantly confined to linear state spaces, where attack transferability is trivial. On Lie groups, however, the noncommutativity of the dynamics can distort certain sensor attacks, exposing nominally stealthy attacks during complex maneuvers. We present a geometric framework characterizing when a sensor attack can transfer across operating conditions, preserving both its physical impact and stealthiness. We prove that successful transfer requires the attack to commute with the nominal dynamics (a Lie bracket condition), which isolates transferable attacks to an invariant subspace, while attacks outside this subspace identifiably alter residuals. For small deviations from ideal transferable attacks, our decomposition theorem reveals a fundamental asymmetry: the flow's Adjoint action amplifies the physical impact of the bracket-violating component. Furthermore, although the attack perturbs the innovation linearly, the accumulated error drift undergoes distortion via the Adjoint action. Finally, we demonstrate how turning maneuvers on a Dubins unicycle collapse the transferable subspace to a single direction, verifying that imperfect attacks remain within theoretical detection bounds.

How Sensor Attacks Transfer Across Lie Groups

Abstract

Sensor spoofing analysis in cyber-physical systems is predominantly confined to linear state spaces, where attack transferability is trivial. On Lie groups, however, the noncommutativity of the dynamics can distort certain sensor attacks, exposing nominally stealthy attacks during complex maneuvers. We present a geometric framework characterizing when a sensor attack can transfer across operating conditions, preserving both its physical impact and stealthiness. We prove that successful transfer requires the attack to commute with the nominal dynamics (a Lie bracket condition), which isolates transferable attacks to an invariant subspace, while attacks outside this subspace identifiably alter residuals. For small deviations from ideal transferable attacks, our decomposition theorem reveals a fundamental asymmetry: the flow's Adjoint action amplifies the physical impact of the bracket-violating component. Furthermore, although the attack perturbs the innovation linearly, the accumulated error drift undergoes distortion via the Adjoint action. Finally, we demonstrate how turning maneuvers on a Dubins unicycle collapse the transferable subspace to a single direction, verifying that imperfect attacks remain within theoretical detection bounds.

Paper Structure

This paper contains 11 sections, 5 theorems, 29 equations, 3 figures.

Table of Contents

  1. Introduction
  2. Problem Setup
  3. Lie Groups
  4. Dynamical Systems on Lie Groups
  5. Transfer Conditions
  6. Invariant State Transfer
  7. Invariance
  8. Observational Transfer
  9. Main Results
  10. Numerical Example
  11. Conclusions

Key Result

Proposition 1

Let $a_k = \exp(\xi_k) \in \mathcal{G}$ denote the state displacement induced by the sensor attack $\tilde{R}_{a_k}h(x_k) = h(x_k a_k)$, and let $g_{k-1} := \exp(f_e(u_{k-1}))$. The dynamical impact of $\xi_k$ is the same for all $g_{k-1}$ if and only if $\blacktriangleleft$$\blacktriangleleft$

Figures (3)

  • Figure C1: Visualization of the commuting subspace $\Delta_{f_e}$. (Top) A constant lateral attack perfectly commutes during straight-line motion. (Bottom) During turns, only spoofing along the nominal trajectory (purple) remains in $\Delta_{f_e}$. Inconsistent attacks, such as purely body-frame (red) or global (green) offsets, fail to commute and cause observable distortions.
  • Figure E1: Estimator drift under the spoofed attack over a curved trajectory. The true path (blue) diverges from the spoofed measurement (red dashed) by the injected attack vectors (arrows), while the detector prediction (brown dots) is dragged along the spoofed signal. Realized spoofing deviations (orange) remain within the total theoretical bound (dashed blue) at all times. The steady-state tracking error stays below the detection threshold $\tau = 5.0$ m (dashed green), confirming $\tau$-stealthiness. The zoomed inset highlights that lateral residuals preserve their magnitude under the Adjoint, preventing amplification regardless of vehicle velocity.
  • Figure E2: Nominal dynamical impact and detector innovation (dotted, training phase) stay near zero. Upon erroneous transfer with $\epsilon = 0.44$, both quantities (solid lines) grow with translational displacement but remain within the total bound $\|\xi_{\text{ideal}}\| + \epsilon\|\mathrm{Ad}^R_{g_k}\|_2$ (dashed blue), which peaks at the detection threshold $\tau = 5.0$ m, confirming that the margin established during training is sufficient to maintain $\tau$-stealthiness.

Theorems & Definitions (20)

  • Definition 1
  • Example 1
  • Example 2
  • Definition 2
  • Example 3
  • Definition 3
  • Definition 4
  • Proposition 1
  • proof
  • Corollary 1
  • ...and 10 more