Abstract
In this chapter, we analyze the fundamental stealthiness–distortion trade-offs of linear Gaussian open-loop dynamical systems and (closed-loop) feedback control systems under data injection attacks using a power spectral analysis, whereas the Kullback–Leibler (KL) divergence is employed as the stealthiness measure. Particularly, we obtain explicit formulas in terms of power spectra that characterize analytically the stealthiness–distortion trade-offs as well as the properties of the worst-case attacks. Furthermore, it is seen in general that the attacker only needs to know the input–output behaviors of the systems in order to carry out the worst-case attacks.
Access provided by Autonomous University of Puebla. Download chapter PDF
Similar content being viewed by others
3.1 Introduction
Security issues such as the presence of malicious attacks could cause severe consequences in cyber-physical systems, which are safety-critical in most cases since they are interacting with the physical world. In the trend that cyber-physical systems are becoming more and more prevalent nowadays, it is also increasingly critical to be fully aware of such systems’ performance limits (Fang et al. 2017), e.g., in terms of performance degradation, after taking the security issues into consideration. Accordingly, in this chapter, we focus on analyzing the fundamental limits of resilience in cyber-physical systems, including open-loop dynamical systems and (closed-loop) feedback control systems. More specifically, we examine the fundamental trade-offs between the systems’ performance degradation that can be brought about by a malicious attack and the possibility of it being detected, of which the former is oftentimes measured by the mean squared-error distortion , whereas the latter is fundamentally determined by the Kullback–Leibler (KL) divergence.
The KL divergence was proposed in Kullback and Leibler (1951) (see also Kullback (1997)), and ever since it has been employed in various research areas, including, e.g., information theory (Cover and Thomas 2006), signal processing (Kay 2020), statistics (Pardo 2006), control and estimation theory (Lindquist and Picci 2015), system identification (Stoorvogel and Van Schuppen 1996), and machine learning (Goodfellow et al. 2016). Particularly, in statistical detection theory (Poor 2013), KL divergence provides the optimal exponent in probability of error for binary hypotheses testing problems as a result of the Chernoff–Stein lemma (Cover and Thomas 2006). Accordingly, in the context of determining whether an attack signal is present or not in security problems, the KL divergence has also been employed as a measure of stealthiness for attacks (see detailed discussions in, e.g., Bai et al. (2017a, b)).
In the context of dynamical and control system security (see, e.g., Poovendran et al. (2012), Johansson et al. (2014), Sandberg et al. (2015), Cheng et al. (2017), Giraldo et al. (2018), Weerakkody et al. (2019), Dibaji et al. (2019), Chong et al. (2019) and the references therein), particularly in dynamical and control systems under injection attacks, fundamental stealthiness–distortion trade-offs (with the mean squared-error as the distortion measure and the KL divergence as the stealthiness measure) have been investigated for feedback control systems (see, e.g., Zhang and Venkitasubramaniam (2017), Bai et al. (2017b)) as well as state estimation systems (see, e.g., Bai et al. (2017a), Kung et al. (2016), Guo et al. (2018)). Generally speaking, the problem considered is: Given a constraint (upper bound) on the level of stealthiness, what is the maximum degree of distortion (for control or for estimation) that can be caused by the attacker? This is dual to the following question: Given a least requirement (lower bound) on the degree of distortion, what is the maximum level of stealthiness that can be achieved by the attacker? Answers to these questions can not only capture the fundamental trade-offs between stealthiness and distortion but also characterize what the worst-case attacks are.
In this chapter, unlike the aforementioned works in Bai et al. (2017a, b), Kung et al. (2016), Zhang and Venkitasubramaniam (2017), Guo et al. (2018), we adopt an alternative approach to this stealthiness–distortion trade-off problem using power spectral analysis. The scenarios we consider include linear Gaussian open-loop dynamical systems and (closed-loop) feedback control systems. By using the power spectral approach, we obtain explicit formulas that characterize analytically the stealthiness–distortion trade-offs as well as the properties of the worst-case attacks. It turns out that the worst-case attacks are stationary colored Gaussian attacks with power spectra that are shaped specifically according to the transfer functions of the systems and the power spectra of the system outputs, the knowledge of which is all that the attacker needs to have access to in order to carry out the worst-case attacks. In other words, the attacker only needs to know the input–output behaviors of the systems, whereas it is not necessary to know their state-space models.
The remainder of the chapter is organized as follows. Section 3.2 provides the technical preliminaries. Section 3.3 is divided into two subsections, focusing on open-loop dynamical systems and feedback control systems, respectively. Section 3.4 presents numerical examples. Concluding remarks are given in Sect. 3.5.
More specifically, Theorem 3.1, as the first main result, characterizes explicitly the stealthiness–distortion trade-off and the worst-case attack in linear Gaussian open-loop dynamical systems. Equivalently, Corollary 3.1 considers the dual problem to that of Theorem 3.1. On the other hand, Theorem 3.2, together with Corollary 3.2 (in a dual manner), provides analytical expressions for the stealthiness–distortion trade-off and the worst-case attack in linear Gaussian feedback control systems. In addition, the preliminary results on the implications in control design, as presented in the Conclusion, indicate how the explicit stealthiness–distortion trade-off formula for feedback control systems can be employed to render the controller design explicit and intuitive.
Note that this chapter is based upon (Fang and Zhu 2021), which, however, only discusses the case of open-loop dynamical systems. Meanwhile, in this chapter, we also consider (closed-loop) feedback control systems. Note also that the results presented in this book chapter are applicable to discrete-time systems.
Notation: Throughout the chapter, we consider zero-mean real-valued continuous random variables and random vectors, as well as discrete-time stochastic processes. We represent random variables and random vectors using boldface letters, e.g., \(\mathbf {x}\), while the probability density function of \(\mathbf {x}\) is denoted as \(p_\mathbf {x}\). In addition, \(\mathbf {x}_{0,\ldots ,k}\) will be employed to denote the sequence \(\mathbf {x}_{0}, \ldots , \mathbf {x}_{k}\) or the random vector \(\left[ \mathbf {x}_0^{\mathrm {T}},\ldots ,\mathbf {x}_{k}^{\mathrm {T}} \right] ^{\mathrm {T}}\), depending on the context. Note in particular that, for simplicity and with abuse of notations, we utilize \(\mathbf {x} \in \mathbb {R}\) and \(\mathbf {x} \in \mathbb {R}^m\) to indicate that \(\mathbf {x}\) is a real-valued random variable and that \(\mathbf {x}\) is a real-valued m-dimensional random vector, respectively.
3.2 Preliminaries
A stochastic process \(\left\{ \mathbf {x}_{k}\right\} , \mathbf {x}_k \in \mathbb {R}\) is said to be stationary if \( R_{\mathbf {x}}\left( i,k\right) := \mathbb {E}\left[ \mathbf {x}_i \mathbf {x}_{i+k} \right] \) depends only on k, and can thus be denoted as \(R_{\mathbf {x}}\left( k\right) \) for simplicity. The power spectrum of a stationary process \(\left\{ \mathbf {x}_{k} \right\} , \mathbf {x}_{k} \in \mathbb {R}\) is defined as
Moreover, the variance of \(\left\{ \mathbf {x}_{k}\right\} \) is given by
The KL divergence (see, e.g., Kullback and Leibler (1951)) is defined as follows.
Definition 3.1
Consider random vectors \(\mathbf {x} \in \mathbb {R}^m\) and \(\mathbf {y} \in \mathbb {R}^m\) with probability densities \(p_\mathbf {x} \left( \mathbf {u} \right) \) and \(p_\mathbf {y} \left( \mathbf {u} \right) \), respectively. The KL divergence from distribution \(p_\mathbf {x}\) to distribution \(p_\mathbf {y}\) is defined as
The next lemma (see, e.g., Kay (2020)) provides an explicit expression of KL divergence in terms of covariance matrices for Gaussian random vectors; note that herein and in the sequel, all random variables and random vectors are assumed to be zero mean.
Lemma 3.1
Consider Gaussian random vectors \(\mathbf {x} \in \mathbb {R}^m\) and \(\mathbf {y} \in \mathbb {R}^m\) with covariance matrices \(\varSigma _\mathbf {x}\) and \(\varSigma _\mathbf {y}\), respectively. The KL divergence from distribution \(p_\mathbf {x}\) to distribution \(p_\mathbf {y}\) is given by
It is clear that in the scalar case (when \(m=1\)), Lemma 3.1 reduces to the following formula for Gaussian random variables:
The KL divergence rate (see, e.g., Lindquist and Picci (2015)) is defined as follows.
Definition 3.2
Consider stochastic processes \(\left\{ \mathbf {x}_k \right\} , \mathbf {x}_k \in \mathbb {R}^m\) and \(\left\{ \mathbf {y}_k \right\} , \mathbf {y}_k \in \mathbb {R}^m\) with densities \(p_\mathbf {\left\{ \mathbf {x}_k \right\} }\) and \(p_\mathbf {\left\{ \mathbf {y}_k \right\} }\), respectively; note that \(p_\mathbf {\left\{ \mathbf {x}_k \right\} }\) and \(p_\mathbf {\left\{ \mathbf {y}_k \right\} }\) will be denoted by \(p_\mathbf {x}\) and \(p_\mathbf {y}\) for simplicity in the sequel. Then, the KL divergence rate from distribution \(p_\mathbf {x}\) to distribution \(p_\mathbf {y}\) is defined as
The next lemma (see, e.g., Lindquist and Picci (2015)) provides an explicit expression of KL divergence rate in terms of power spectra for stationary Gaussian processes.
Lemma 3.2
Consider stationary Gaussian processes \(\left\{ \mathbf {x}_k \right\} , \mathbf {x}_k \in \mathbb {R}\) and \(\left\{ \mathbf {y}_k \right\} , \mathbf {y}_k \in \mathbb {R}\) with densities \(p_\mathbf {x}\) and \(p_\mathbf {y}\) as well as power spectra \(S_{\mathbf {x}} \left( \omega \right) \) and \(S_{\mathbf {y}} \left( \omega \right) \), respectively. Suppose that \(S_{\mathbf {y}} \left( \omega \right) / S_{\mathbf {x}} \left( \omega \right) \) is bounded (see Lindquist and Picci (2015) for details). Then, the KL divergence rate from distribution \(p_\mathbf {x}\) to distribution \(p_\mathbf {y}\) is given by
3.3 Stealthiness–Distortion Trade-Offs and Worst-Case Attacks
In this section, we analyze the fundamental stealthiness–distortion trade-offs of linear Gaussian open-loop dynamical systems and (closed-loop) feedback control systems under data injection attacks, whereas the KL divergence is employed as the stealthiness measure. Consider the scenario where attacker can modify the system input, and consequently, the system state and system output will then all be changed. From the attacker’s point of view, the desired outcome is that the change in system state (as measured by state distortion) is large, while the change in system output (as measured by output stealthiness) is relatively small, so as to make the possibility of being detected low. Meanwhile fundamental trade-offs in general exist between state distortion and output stealthiness, since the system’s state and output are correlated. In other words, increase in state distortion may inevitably lead to decrease in output stealthiness, i.e., increase in the possibility of being detected. How to capture such trade-offs? And what is the worst-case attack that can cause the maximum distortion given a certain stealthiness level, or vice versa? The answers are provided subsequently in terms of power spectral analysis.
3.3.1 Open-Loop Dynamical Systems
In this subsection, we focus on open-loop dynamical systems. Specifically, consider the scalar dynamical system depicted in Fig. 3.1 with state-space model given by
where \(\mathbf {x}_{k} \in \mathbb {R}\) is the system state, \(\mathbf {u}_{k} \in \mathbb {R}\) is the system input, \(\mathbf {y}_{k} \in \mathbb {R}\) is the system output, \(\mathbf {w}_{k} \in \mathbb {R}\) is the process noise, and \(\mathbf {v}_{k} \in \mathbb {R}\) is the measurement noise. The system parameters are \( a \in \mathbb {R}\), \( b \in \mathbb {R}\), and \( c \in \mathbb {R}\); we further assume that \(\left| a \right| < 1\) and \(b, c \ne 0\), i.e., the system is stable, controllable, and observable. Accordingly, the transfer function of the system is given by
(It is clear that \(P \left( z \right) \) is minimum phase.) Suppose that \(\left\{ \mathbf {w}_{k} \right\} \) and \(\left\{ \mathbf {v}_{k} \right\} \) are stationary white Gaussian with variances \(\sigma _{\mathbf {w}}^2\) and \(\sigma _{\mathbf {v}}^2\), respectively. Furthermore, \(\left\{ \mathbf {w}_{k} \right\} \), \(\left\{ \mathbf {v}_{k} \right\} \), and \(\mathbf {x}_{0}\) are assumed to be mutually independent. Assume also that \(\left\{ \mathbf {u}_{k} \right\} \) is stationary with power spectrum \(S_{\mathbf {u}} \left( \omega \right) \). As such, \(\left\{ \mathbf {x}_{k} \right\} \) and \(\left\{ \mathbf {y}_{k} \right\} \) are both stationary, and denote their power spectra by \(S_{\mathbf {x}} \left( \omega \right) \) and \(S_{\mathbf {y}} \left( \omega \right) \), respectively.
Consider then the scenario that an attack signal \(\left\{ \mathbf {n}_{k} \right\} , \mathbf {n}_{k} \in \mathbb {R}\), is to be added to the input of the system \(\left\{ \mathbf {u}_{k} \right\} \) to deviate the system state, while aiming to be stealthy in the system output; see the depiction in Fig. 3.2. In addition, denote the true plant input under attack as \(\left\{ \widehat{\mathbf {u}}_{k} \right\} \), where
whereas the system under attack \(\left\{ \mathbf {n}_{k} \right\} \) is given by
Meanwhile, suppose that the attack signal \(\left\{ \mathbf {n}_{k} \right\} \) is independent of \(\left\{ \mathbf {u}_{k} \right\} \), \(\left\{ \mathbf {w}_{k} \right\} \), \(\left\{ \mathbf {v}_{k} \right\} \), and \(\mathbf {x}_{0}\); consequently, \(\left\{ \mathbf {n}_{k} \right\} \) is independent of \(\left\{ \mathbf {x}_{k} \right\} \) and \(\left\{ \mathbf {y}_{k} \right\} \) as well.
The following questions then naturally arise: What is the fundamental trade-off between the degree of distortion caused in the system state (as measured by the mean squared-error distortion \(\mathbb {E} \left[ \left( \widehat{\mathbf {x}}_k - \mathbf {x}_{k} \right) ^{2} \right] \) between the original state \(\left\{ \mathbf {x}_{k} \right\} \) and the state under attack denoted as \(\left\{ \widehat{\mathbf {x}}_k \right\} \)) and the level of stealthiness resulted in the system output (as measured by the KL divergence rate \(\mathrm {KL}_{\infty } \left( p_{\widehat{\mathbf {y}}} \Vert p_{\mathbf {y}} \right) \) between the original output \(\left\{ \mathbf {y}_{k} \right\} \) and the output under attack denoted as \(\left\{ \widehat{\mathbf {y}}_k \right\} \))? More specifically, to achieve a certain degree of distortion in state, what is the maximum level of stealthiness that can be maintained by the attacker? And what is the worst-case attack in this sense? The following theorem, as the first main result of this chapter, answers the questions raised above.
Theorem 3.1
Consider the dynamical system under injection attacks depicted in Fig. 3.2. Suppose that the attacker aims to design the attack signal \(\left\{ \mathbf {n}_{k} \right\} \) to satisfy the following attack goal in terms of state distortion:
Then, the minimum KL divergence rate between the original output and the attacked output is given by
where
and \(S_{\mathbf {y}} \left( \omega \right) \) is given by
Herein, \(\zeta \) is the unique constant that satisfies
while
Moreover, the worst-case (in the sense of achieving this minimum KL divergence rate) attack \(\left\{ \mathbf {n}_{k} \right\} \) is a stationary colored Gaussian process with power spectrum
Proof
\(\square \)To begin with, it can be verified that the power spectrum of \(\left\{ \mathbf {y}_{k} \right\} \) is given by
Note then that due to the property of additivity of linear systems, the system in Fig. 3.2 is equivalent to that of Fig. 3.3, where
and \(\left\{ \widehat{\mathbf {n}}_{k} \right\} \) is the output of the subsystem
as depicted by the upper half of Fig. 3.3; note that in this subsystem, \(\left( \widehat{\mathbf {x}}_{k} - \mathbf {x}_{k} \right) \in \mathbb {R}\) is the system state, \(\mathbf {n}_{k} \in \mathbb {R}\) is the system input, and \(\widehat{\mathbf {n}} \in \mathbb {R}\) is the system output. On the other hand, the distortion constraint
is then equivalent to being with a power constraint
since \(\widehat{\mathbf {n}}_k = \widehat{\mathbf {y}}_{k} - \mathbf {y}_{k}\) and thus
Accordingly, the system in Fig. 3.3 may be viewed as a “virtual channel” modeled as
with noise constraint
where \(\left\{ \mathbf {y}_k \right\} \) is the channel input, \(\left\{ \widehat{\mathbf {y}}_k \right\} \) is the channel output, and \(\left\{ \widehat{\mathbf {n}}_k \right\} \) is the channel noise. In addition, due to the fact that \(\left\{ \mathbf {n}_{k} \right\} \) is independent of \(\left\{ \mathbf {y}_{k} \right\} \), \(\left\{ \widehat{\mathbf {n}}_{k} \right\} \) is also independent of \(\left\{ \mathbf {y}_{k} \right\} \).
The approach we shall take herein, as developed in Cover and Thomas (2006), is to treat the multiple uses of a scalar channel (i.e., a scalar dynamic channel) equivalently as a single use of parallel channels (i.e., a set of parallel static channels). We consider first the case of a finite number of parallel static channels with
where \( \mathbf {y}, \widehat{\mathbf {y}},\widehat{\mathbf {n}} \in \mathbb {R}^m\), and \( \widehat{\mathbf {n}} \) is independent of \( \mathbf {y} \). In addition, \(\mathbf {y}\) is Gaussian with covariance \(\varSigma _{\mathbf {y}}\), and the noise power constraint is given by
where \(\widehat{\mathbf {n}} \left( i \right) \) denotes the i-th element of \(\widehat{\mathbf {n}}\). In addition, according to Fang and Zhu (2020) (see Proposition 2 therein), we have
where \(\widehat{\mathbf {y}}^{\mathrm {G}}\) denotes a Gaussian random vector with the same covariance as \(\widehat{\mathbf {y}}\), and equality holds if \(\widehat{\mathbf {y}}\) is Gaussian. Meanwhile, it is known from Lemma 3.1 that
On the other hand, since \(\mathbf {y}\) and \(\widehat{\mathbf {n}}\) are independent, we have
Consequently,
Denote the eigendecomposition of \(\varSigma _{\mathbf {y}}\) by \(U_{\mathbf {y}} \varLambda _{\mathbf {y}} U^{\mathrm {T}}_{\mathbf {y}} \), where
Then,
where \(\overline{\varSigma }_{\widehat{\mathbf {n}} } =U^{\mathrm {T}}_{\mathbf {y}}\varSigma _{\widehat{\mathbf {n}}} U_{\mathbf {y}} \). Denoting the diagonal terms of \(\overline{\varSigma }_{\widehat{\mathbf {n}} }\) by \(\overline{\sigma }_{\widehat{\mathbf {n}} \left( i \right) }^2, i=1,\ldots ,m\), it is known from (Fang and Zhu 2020) (see Proposition 4 therein) that
where equality holds if \(\overline{\varSigma }_{\widehat{\mathbf {n}}}\) is diagonal. For simplicity, we denote
when \(\overline{\varSigma }_{\widehat{\mathbf {n}} }\) is diagonal. Then, the problem reduces to that of choosing \(\widehat{N}_1,\ldots , \widehat{N}_m\) to minimize
subject to the constraint that
Define the Lagrange function by
and differentiate it with respect to \(\widehat{N}_{i}\), then we have
or equivalently,
where \(\eta \) satisfies
while
For simplicity, we denote \(\zeta = - \eta \), and accordingly,
where \(\zeta \) satisfies
while
Correspondingly,
Consider now a scalar dynamic channel
where \( \mathbf {y}_{k}, \widehat{\mathbf {n}}_{k}, \widehat{\mathbf {y}}_{k} \in \mathbb {R}\), while \( \left\{ \mathbf {y}_{k} \right\} \) and \( \left\{ \widehat{\mathbf {n}}_{k} \right\} \) are independent. In addition, \(\left\{ \mathbf {y}_{k} \right\} \) is stationary colored Gaussian with power spectrum \(S_{\mathbf {y}} \left( \omega \right) \), whereas the noise power constraint is given by \(\mathbb {E} \left[ \widehat{\mathbf {n}}^{2}_{k} \right] \ge c^2 D\). We may then consider a block of consecutive uses from time 0 to k of this channel as \(k+1\) channels in parallel Cover and Thomas (2006). Particularly, let the eigendecomposition of \(\varSigma _{\mathbf {y}_{0,\ldots ,k}}\) be given by
where
Then, we have
where
Herein, \(\zeta \) satisfies
or equivalently,
while
In addition, since the processes \( \left\{ \mathbf {y}_{k} \right\} \), \( \left\{ \widehat{\mathbf {n}}_{k} \right\} \), and \( \left\{ \widehat{\mathbf {y}}_{k} \right\} \) are stationary, we have
On the other hand, since the processes are stationary, the covariance matrices are Toeplitz (Grenander and Szegö 1958), and their eigenvalues approach their limits as \(k \rightarrow \infty \). Moreover, the densities of eigenvalues on the real line tend to the power spectra of the processes (Gutiérrez-Gutiérrez and Crespo 2008; Lindquist and Picci 2015; Pinsker 1964). Accordingly,
where
and \(\zeta \) satisfies
while
Lastly, note that
and hence
This concludes the proof. \(\blacksquare \)
It is clear that \(S_{\mathbf {n}} \left( \omega \right) \) may be rewritten as
This means that the attacker only needs the knowledge of the power spectrum of the original system output \(\left\{ \mathbf {y}_{k} \right\} \) and the transfer function of the system (from \(\left\{ \mathbf {n}_{k} \right\} \) to \(\left\{ \widehat{\mathbf {y}}_{k} \right\} \)), i.e., \(P \left( z \right) \), in order to carry out this worst-case attack. It is worth mentioning that the power spectrum of \(\left\{ \mathbf {y}_{k} \right\} \) can be estimated based on its realizations (see, e.g., Stoica and Moses (2005)), while the transfer function of the system can be approximated by system identification (see, e.g., Ljung (1999)).
Note that it can be verified (Kay 2020) that the (minimum) output KL divergence rate \(\mathrm {KL}_{\infty } \left( p_{\widehat{\mathbf {y}}} \Vert p_{\mathbf {y}} \right) \) increases strictly with the state distortion bound D. In other words, in order for the attacker to achieve larger distortion, the stealthiness level of the attack will inevitably decrease.
On the other hand, the dual problem to that of Theorem 3.1 would be: Given a certain stealthiness level in output, what is the maximum distortion in state that can be achieved by the attacker? And what is the corresponding attack? The following corollary answers these questions.
Corollary 3.1
Consider the dynamical system under injection attacks depicted in Fig. 3.2. Then, in order for the attacker to ensure that the KL divergence rate between the original output and the attacked output is upper bounded by a (positive) constant R as
the maximum state distortion \(\mathbb {E} \left[ \left( \widehat{\mathbf {x}}_k - \mathbf {x}_{k} \right) ^{2} \right] \) that can be achieved is given by
where \(\zeta \) is the unique constant that satisfies
while
Note that herein \(S_{\mathbf {y}} \left( \omega \right) \) is given by (3.8). Moreover, this maximum distortion is achieved when the attack signal \(\left\{ \mathbf {n}_{k} \right\} \) is chosen as a stationary colored Gaussian process with power spectrum
3.3.2 Feedback Control Systems
We will now proceed to examine (closed-loop) feedback control systems in this subsection. Specifically, consider the feedback control system depicted in Fig. 3.4, where the state-space model of the plant is given by
while \(K \left( z \right) \) is the transfer function of the (dynamic) output controller. Herein, \(\mathbf {x}_{k} \in \mathbb {R}\) is the plant state, \(\mathbf {u}_{k} \in \mathbb {R}\) is the plant input, \(\mathbf {y}_{k} \in \mathbb {R}\) is the plant output, \(\mathbf {w}_{k} \in \mathbb {R}\) is the process noise, and \(\mathbf {v}_{k} \in \mathbb {R}\) is the measurement noise. The system parameters are \( a \in \mathbb {R}\), \( {b} \in \mathbb {R}\), and \( {c} \in \mathbb {R}\). Note that the plant is not necessarily stable. Meanwhile, we assume that \(b,c \ne 0\), i.e., the plant is controllable and observable, and thus can be stabilized by controller \(K \left( z \right) \). On the other hand, the transfer function of the plant is given by
Suppose that \(\left\{ \mathbf {w}_{k} \right\} \) and \(\left\{ \mathbf {v}_{k} \right\} \) are stationary white Gaussian with variances \(\sigma _{\mathbf {w}}^2\) and \(\sigma _{\mathbf {v}}^2\), respectively. Furthermore, \(\left\{ \mathbf {w}_{k} \right\} \), \(\left\{ \mathbf {v}_{k} \right\} \), and \(\mathbf {x}_{0}\) are assumed to be mutually independent. Assume also that \(K \left( z \right) \) stabilizes \(P \left( z \right) \), i.e., the closed-loop system is stable. Accordingly, \(\left\{ \mathbf {x}_{k} \right\} \) and \(\left\{ \mathbf {y}_{k} \right\} \) are both stationary, and denote their power spectra by \(S_{\mathbf {x}} \left( \omega \right) \) and \(S_{\mathbf {y}} \left( \omega \right) \), respectively.
Consider then the scenario that an attack signal \(\left\{ \mathbf {n}_{k} \right\} , \mathbf {n}_{k} \in \mathbb {R}\), is to be added to the input of the plant \(\left\{ \mathbf {u}_{k} \right\} \) to deviate the plant state, while aiming to be stealthy in the plant output; see the depiction in Fig. 3.5. In fact, this corresponds to actuator attack. Note in particular that since we are now considering a closed-loop system, the presence of \(\left\{ \mathbf {n}_{k} \right\} \) will eventually distort the original \(\left\{ \mathbf {u}_{k} \right\} \) (through feedback) as well, which is an essential difference form the open-loop system setting considered in Sect. 3.3.1, and the distorted \(\left\{ \mathbf {u}_{k} \right\} \) will be denoted as \(\left\{ \overline{\mathbf {u}}_{k} \right\} \). In addition, we denote the true plant input under attack as \(\left\{ \widehat{\mathbf {u}}_{k} \right\} \), where
whereas the plant under attack \(\left\{ \mathbf {n}_{k} \right\} \) is given by
Meanwhile, suppose that the attack signal \(\left\{ \mathbf {n}_{k} \right\} \) is independent of \(\left\{ \mathbf {w}_{k} \right\} \), \(\left\{ \mathbf {v}_{k} \right\} \), and \(\mathbf {x}_{0}\); consequently, \(\left\{ \mathbf {n}_{k} \right\} \) is independent of \(\left\{ \mathbf {x}_{k} \right\} \) and \(\left\{ \mathbf {y}_{k} \right\} \) as well.
The following theorem, as the second main result of this chapter, characterizes the fundamental trade-off between the distortion in state and the stealthiness in output for feedback control systems.
Theorem 3.2
Consider the feedback control system under injection attacks depicted in Fig. 3.5. Suppose that the attacker needs to design the attack signal \(\left\{ \mathbf {n}_{k} \right\} \) to satisfy the following attack goal in terms of state distortion:
Then, the minimum KL divergence rate between the original output and the attacked output is given by
where
and \(S_{\mathbf {y}} \left( \omega \right) \) is given by
Herein, \(\zeta \) is the unique constant that satisfies
while
Moreover, the worst-case attack \(\left\{ \mathbf {n}_{k} \right\} \) is a stationary colored Gaussian process with power spectrum
Proof
\(\square \)Note first that when the closed-loop system is stable, the power spectrum of \(\left\{ \mathbf {y}_{k} \right\} \) is given by
Note then that since the systems are linear, the system in Fig. 3.5 is equivalent to that of Fig. 3.6, where
and \(\left\{ \widehat{\mathbf {n}}_{k} \right\} \) is the output of the closed-loop system composed by the controller \(K \left( z \right) \) and the plant
as depicted by the upper half of Fig. 3.6. Meanwhile, as in the case of Fig. 3.3, the system in Fig. 3.6 may also be viewed as a “virtual channel” modeled as
with noise constraint
where \(\left\{ \mathbf {y}_k \right\} \) is the channel input, \(\left\{ \widehat{\mathbf {y}}_k \right\} \) is the channel output, and \(\left\{ \widehat{\mathbf {n}}_k \right\} \) is the channel noise that is independent of \(\left\{ \mathbf {y}_k \right\} \). Then, following procedures similar to those in the proof of Theorem 3.1, it can be derived that
where
and \(\zeta \) is the unique constant that satisfies
while
In addition, since
we have
This concludes the proof. \(\blacksquare \)
It is worth mentioning that the \(S_{\mathbf {y}} \left( \omega \right) \) for Theorem 3.2 is given by (3.24), which differs significantly from that given by (3.8) for Theorem 3.1, although the notations are the same. Accordingly, \(\eta \), \(S_{\mathbf {n}} \left( \omega \right) \), and so on, will all be different between the two cases in spite of the same notations.
Note also that \(S_{\mathbf {n}} \left( \omega \right) \) can be rewritten as
which indicates that the attacker only needs to know the power spectrum of the original system output \(\left\{ \mathbf {y}_k \right\} \) and the transfer function of the closed-loop system (from \(\left\{ \mathbf {n}_k \right\} \) to \(\left\{ \widehat{\mathbf {y}}_k \right\} \)), i.e.,
in order to carry out this worst-case attack.
Again, we may examine the dual problem as follows.
Corollary 3.2
Consider the feedback control system under injection attacks depicted in Fig. 3.5. Then, in order for the attacker to ensure that the KL divergence rate between the original output and the attacked output is upper bounded by a (positive) constant R as
the maximum state distortion \(\mathbb {E} \left[ \left( \widehat{\mathbf {x}}_k - \mathbf {x}_{k} \right) ^{2} \right] \) that can be achieved is given by
where \(\zeta \) satisfies
while
Note that herein \(S_{\mathbf {y}} \left( \omega \right) \) is given by (3.24). Moreover, this maximum distortion is achieved when the attack signal \(\left\{ \mathbf {n}_{k} \right\} \) is chosen as a stationary colored Gaussian process with power spectrum
3.4 Simulation
In this section, we will utilize (toy) numerical examples to illustrate the fundamental stealthiness–distortion trade-offs in linear Gaussian open-loop dynamical systems as well as (closed-loop) feedback control systems.
Consider first open-loop dynamical systems as in Sect. 3.3.1. Let \(a=0.5, b = 1, c = 1\), \(\sigma _{\mathbf {w}}^2 = 1, \sigma _{\mathbf {v}}^2 = 1\), and \(S_{\mathbf {u}} \left( \omega \right) = 1\) therein for simplicity. Accordingly, we have
In such a case, the relation between the minimum KL divergence rate \(\mathrm {KL}_{\infty } \left( p_{\widehat{\mathbf {y}}} \Vert p_{\mathbf {y}} \right) \) (denoted as KL in the figure) and the distortion bound D is illustrated in Fig. 3.7. It is clear that KL increases (strictly) with D, i.e., in order for the attacker to achieve larger distortion, the stealthiness level of the attack will inevitably decrease.
Note that the relation between the maximum distortion \(\mathbb {E} \left[ \left( \widehat{\mathbf {x}}_k - \mathbf {x}_{k} \right) ^{2} \right] \) and the KL divergence rate bound R in Corollary 3.1 is essentially the same as that between the distortion bound D and the minimum KL divergence rate \(\mathrm {KL}_{\infty } \left( p_{\widehat{\mathbf {y}}} \Vert p_{\mathbf {y}} \right) \) in Theorem 3.1.
Consider then feedback control systems as in Sect. 3.3.2. Let \(a = 2, b = 1, c = 1\), \(\sigma _{\mathbf {w}}^2 = 1, \sigma _{\mathbf {v}}^2 = 1\), and \(K \left( z \right) = 2\) therein for simplicity. Accordingly, we have
In such a case, the relation between the minimum KL divergence rate \(\mathrm {KL}_{\infty } \left( p_{\widehat{\mathbf {y}}} \Vert p_{\mathbf {y}} \right) \) (denoted as KL in the figure) and the distortion bound D is illustrated in Fig. 3.8. Again, KL increases (strictly) with D, whereas the relationship between the maximum distortion \(\mathbb {E} \left[ \left( \widehat{\mathbf {x}}_k - \mathbf {x}_{k} \right) ^{2} \right] \) and the KL divergence rate bound R in Corollary 3.2 is essentially the same as that between the distortion bound D and the minimum KL divergence rate \(\mathrm {KL}_{\infty } \left( p_{\widehat{\mathbf {y}}} \Vert p_{\mathbf {y}} \right) \) in Theorem 3.2.
3.5 Conclusion
In this chapter, we have presented the fundamental stealthiness–distortion trade-offs of linear Gaussian open-loop dynamical systems and (closed-loop) feedback control systems under data injection attacks, and explicit formulas have been obtained in terms of power spectra that characterize analytically the stealthiness–distortion trade-offs as well as the properties of the worst-case attacks.
So why do we care about explicit formulas in the first place? One value of the explicit stealthiness–distortion trade-off formula for feedback control systems, for instance, is that they render the subsequent controller design explicit (and intuitive) as well. To be more specific, given a threshold on the output stealthiness, it is already known from Corollary 3.2 what the maximum distortion in state that can be achieved by the attacker is. Then, one natural control design criterion will be to design the controller \(K \left( z \right) \) so as to minimize this maximum distortion. Mathematically, this minimax problem can be formulated as follows:
where
whereas the infimum is taken over all \(K \left( z \right) \) that stabilizes the plant \(P \left( z \right) \). Herein, \(\zeta \) can be treated as a tuning parameter as long as it satisfies
We will, however, leave more detailed investigations of this formulation to future research.
Other potential future research directions include the investigation of such trade-offs for state estimation systems. It might also be interesting to examine the security–privacy trade-offs (see, e.g., Farokhi and Esfahani (2018), Fang and Zhu (2020, 2021).
References
C.-Z. Bai, V. Gupta, F. Pasqualetti, On Kalman filtering with compromised sensors: attack stealthiness and performance bounds. IEEE Trans. Autom. Control 62(12), 6641–6648 (2017)
C.-Z. Bai, F. Pasqualetti, V. Gupta, Data-injection attacks in stochastic control systems: detectability and performance tradeoffs. Automatica 82, 251–260 (2017)
P. Cheng, L. Shi, B. Sinopoli, Guest editorial special issue on secure control of cyber-physical systems. IEEE Trans. Control Netw. Syst. 4(1), 1–3 (2017)
M.S. Chong, H. Sandberg, A.M. Teixeira, A tutorial introduction to security and privacy for cyber-physical systems, in Proceedings of the European Control Conference (ECC) (2019), pp. 968–978
T.M. Cover, J.A. Thomas, Elements of Information Theory (Wiley, 2006)
S.M. Dibaji, M. Pirani, D.B. Flamholz, A.M. Annaswamy, K.H. Johansson, A. Chakrabortty, A systems and control perspective of CPS security. Ann. Rev. Control 47, 394–411 (2019)
S. Fang, J. Chen, H. Ishii, Towards Integrating Control and Information Theories: From Information-Theoretic Measures to Control Performance Limitations (Springer, 2017)
S. Fang, Q. Zhu, Channel leakage, information-theoretic limitations of obfuscation, and optimal privacy mask design for streaming data (2020), arXiv:2008.04893
S. Fang, Q. Zhu, Fundamental limits of obfuscation for linear Gaussian dynamical systems: an information-theoretic approach, in Proceedings of the American Control Conference (2021)
S. Fang, Q. Zhu, Fundamental stealthiness-distortion tradeoffs in dynamical systems under injection attacks: a power spectral analysis, in Proceedings of the European Control Conference (2021)
S. Fang, Q. Zhu, Independent Gaussian distributions minimize the Kullback–Leibler (KL) divergence from independent Gaussian distributions (2020), arXiv: 2011.02560
F. Farokhi, P.M. Esfahani, Security versus privacy, in Proceedings of the IEEE Conference on Decision and Control (2018), pp. 7101–7106
J. Giraldo, D. Urbina, A. Cardenas, J. Valente, M. Faisal, J. Ruths, N.O. Tippenhauer, H. Sandberg, R. Candell, A survey of physics-based attack detection in cyber-physical systems. ACM Comput. Surv. (CSUR) 51(4), 76 (2018)
I. Goodfellow, Y. Bengio, A. Courville, Y. Bengio, Deep Learning (MIT Press, 2016)
U. Grenander, G. Szegö, Toeplitz Forms and Their Applications (University of California Press, 1958)
Z. Guo, D. Shi, K.H. Johansson, L. Shi, Worst-case stealthy innovation-based linear attack on remote state estimation. Automatica 89, 117–124 (2018)
J. Gutiérrez-Gutiérrez, P.M. Crespo, Asymptotically equivalent sequences of matrices and Hermitian block Toeplitz matrices with continuous symbols: applications to MIMO systems. IEEE Trans. Inf. Theory 54(12), 5671–5680 (2008)
K.H. Johansson, G.J. Pappas, P. Tabuada, C.J. Tomlin, Guest editorial special issue on control of cyber-physical systems. IEEE Trans. Autom. Control 59(12), 3120–3121 (2014)
S.M. Kay, Information-Theoretic Signal Processing and its Applications (Sachuest Point Publishers, 2020)
S. Kullback, Information Theory and Statistics (Courier Corporation, 1997)
S. Kullback, R.A. Leibler, On information and sufficiency. Ann. Math. Stat. 22(1), 79–86 (1951)
E. Kung, S. Dey, L. Shi, The performance and limitations of \(\epsilon \)-stealthy attacks on higher order systems. IEEE Trans. Autom. Control 62(2), 941–947 (2016)
A. Lindquist, G. Picci, Linear Stochastic Systems: A Geometric Approach to Modeling. Estimation and Identification. (Springer, 2015)
L. Ljung, System Identification: Theory For the User (Prentice Hall, 1999)
L. Pardo, Statistical Inference Based on Divergence Measures (CRC Press, 2006)
M.S. Pinsker, Information and Information Stability of Random Variables and Processes (Holden Day, San Francisco, CA, 1964)
H.V. Poor, An Introduction to Signal Detection and Estimation (Springer, 2013)
R. Poovendran, K. Sampigethaya, S.K.S. Gupta, I. Lee, K.V. Prasad, D. Corman, J.L. Paunicka, Special issue on cyber-physical systems [scanning the issue]. Proc. IEEE 100(1), 6–12 (2012)
H. Sandberg, S. Amin, K.H. Johansson, Cyberphysical security in networked control systems: an introduction to the issue. IEEE Control Syst. Mag. 35(1), 20–23 (2015)
P. Stoica, R. Moses, Spectral Analysis of Signals (Prentice Hall, 2005)
A. Stoorvogel, J. Van Schuppen, System identification with information theoretic criteria, in Identification, Adaptation, Learning: The Science of Learning Models from Data, ed. by S. Bittanti, G. Picci (Springer, 1996)
S. Weerakkody, O. Ozel, Y. Mo, B. Sinopoli, Resilient control in cyber-physical systems: countering uncertainty, constraints, and adversarial behavior, Foundations and Trends®. Syst. Control 7(1–2), 1–252 (2019)
R. Zhang, P. Venkitasubramaniam, Stealthy control signal attacks in linear quadratic Gaussian control systems: detectability reward tradeoff. IEEE Trans. Inf. Foren. Secur. 12(7), 1555–1570 (2017)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Fang, S., Zhu, Q. (2022). Fundamental Stealthiness–Distortion Trade-Offs in Cyber-Physical Systems. In: Abbaszadeh, M., Zemouche, A. (eds) Security and Resilience in Cyber-Physical Systems. Springer, Cham. https://doi.org/10.1007/978-3-030-97166-3_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-97166-3_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-97165-6
Online ISBN: 978-3-030-97166-3
eBook Packages: EngineeringEngineering (R0)