Logo: to the web site of Uppsala University

This paper considers observer-based detection of sensor bias injection attacks (BIAs) on linear cyber-physical systems with single output driven by Gaussian noise. Despite their simplicity, BIAs pose a severe risk to systems with integrators, which we refer to as integrator vulnerability. Specifically, the residual generated by any linear observer is indistinguishable under attack and normal operation at steady-state, making BIAs detectable only during transients. To address this, we propose a principled method based on Kullback-Liebler divergence to design a residual generator that significantly increases the signal-to-noise ratio against BIAs. For systems without integrator vulnerability, our method also enables a trade-off between transient and steady-state detectability. The effectiveness of the proposed method is demonstrated through numerical comparisons with three state-of-the-art residual generators.

We focus on the continual learning problem where the tasks arrive sequentially and the aim is to perform well on the newly arrived task without performance degradation on the previously seen tasks. In contrast to the continual learning literature focusing on the centralized setting, we investigate the distributed estimation framework. We consider the well-established distributed learning algorithm COCOA. Our results illustrate the importance of task repetition for continual learning with COCOA. In particular, even when there is a shared solution for all tasks, task repetition may be necessary for satisfactory performance. We show how the dimensions of the offline and centralized problem affects the learning performance substantially; even though COCOA processes only a subset of features and data samples at each iteration.

We consider estimation under scenarios where the signals of interest exhibit change of characteristics over time. In particular, we consider the continual learning problem where different tasks, e.g., data with different distributions, arrive sequentially and the aim is to perform well on the newly arrived task without performance degradation on the previously seen tasks. In contrast to the continual learning literature focusing on the centralized setting, we investigate the problem from a distributed estimation perspective. We consider the well-established distributed learning algorithm CoCoA, which distributes the model parameters and the corresponding features over the network. We provide exact analytical characterization for the generalization error of CoCoA under continual learning for linear regression in a range of scenarios, where overparameterization is of particular interest. These analytical results characterize how the generalization error depends on the network structure, the task similarity and the number of tasks, and show how these dependencies are intertwined. In particular, our results show that the generalization error can be significantly reduced by adjusting the network size, where the most favorable network size depends on task similarity and the number of tasks. We present numerical results verifying the theoretical analysis and illustrate the continual learning performance of CoCoA with a digit classification task.

This paper considers constant bias injection attacks on the glucose sensor deployed in an artificial pancreas system. The main challenge with such apparently simple attacks is that they are detectable for only a limited duration if the system is linear and has an integrator. More formally put, such attacks are steady-state stealthy. To address this issue, we propose a method to design a bias-sensitive Kalman filter based on the Kullback-Leibler divergence metric. The resulting filter outperforms the nominal Kalman filter for attack detection as illustrated by numerical simulations on a realistic model.

Modern glucose sensors deployed in closed -loop insulin delivery systems, so-called artificial pancreas use wireless communication channels. While this allows a flexible system design, it also introduces vulnerability to cyberattacks. Timely detection and mitigation of attacks are imperative for device safety. However, large unknown meal disturbances are a crucial challenge in determining whether the sensor has been compromised or the sensor glucose trajectories are normal. We address this issue from a control -theoretic security perspective. In particular, a time -varying Kalman filter is employed to handle the sporadic meal intakes. The filter prediction error is then statistically evaluated to detect anomalies if present. We compare two state-of-the-art online anomaly detection algorithms, namely the ￜￜￜￜￜￜ2 and CUSUM tests. We establish a robust optimal detection rule for unknown bias injections. Even if the optimality holds only for the restrictive case of constant bias injections, we show that the proposed model -based anomaly detection scheme is also effective for generic non -stealthy sensor deception attacks through numerical simulations.

We consider a sampled-data control system where a wireless sensor transmits its measurements to a controller over a communication channel. We assume that the sensor has a harvesting element to extract energy from the environment and store it in a rechargeable battery for future use. The harvested energy is modelled as a first-order Markovian stochastic process conditioned on a scenario parameter describing the harvesting environment. The overall model can then be represented as a Markov decision process, and a suitable transmission policy providing both good control performance and efficient energy consumption is designed using reinforcement learning approaches. Finally, supervisory control is used to switch between trained transmission policies depending on the current scenario. Also, we provide a tool for estimating an unknown scenario parameter based on measurements of harvested energy, as well as detecting the time instants of scenario changes. The above problem is solved based on Bayesian filtering and smoothing.

In this article, we address the problem of risk assessment of stealthy attacks on uncertain control systems. Considering the data injection attacks that aim at maximizing the impact while remaining undetected, we use the recently proposed output-to-output gain to characterize the risk associated with the impact of attacks under a limited system knowledge attacker. The risk is formulated using a well-established risk metric, namely the maximum expected loss. Under this setup, the risk assessment problem corresponds to an untractable infinite nonconvex optimization problem. To address this limitation, we adopt the framework of scenario-based optimization to approximate the infinite nonconvex optimization problem by a sampled nonconvex optimization problem. Then, based on the framework of dissipative system theory and S-procedure, the sampled nonconvex risk assessment problem is formulated as an equivalent convex semidefinite program. Additionally, we derive the necessary and sufficient conditions for the risk to be bounded. Finally, we illustrate the results through numerical simulation of a hydro-turbine power system.

The idea of covert communication is to conceal the presence of a transmission from an illegitimate receiver, known as a warden. This paper tackles the problem of finite blocklength covert communication in the presence of multiple colluding wardens. The system consists of Alice, who aims to covertly transmit to Bob with the help of a cooperative jammer (henceforth known as Jammer), and a Fusion Center (FC) in charge of combining the wardens' information and deciding on the presence of Alice's transmission accordingly. In our proposed approach, we utilize a two-player zero-sum game to model the interaction between Alice and Jammer jointly as one player and FC as the second player. In this game, Alice and Jammer cooperatively randomize over a range of transmitting and jamming powers to confuse FC. In contrast, FC randomly changes the detection threshold to confuse Alice. The main focus of the paper is to study the impact of employing multiple wardens on the trade-off between the probability of error at FC and the outage probability at Bob. We derive a pay-off function that can be efficiently computed using linear programming to find the optimal distributions of transmitting and jamming powers as well as thresholds used by FC. The benefit of using a cooperative jammer in neutralizing the advantage of employing multiple wardens is shown by analytical results and numerical simulations.

We consider estimation under model misspecification where there is a model mismatch between the underlying system, which generates the data, and the model used during estimation. We propose a model misspecification framework which enables a joint treatment of the model misspecification types of having fake features as well as incorrect covariance assumptions on the unknowns and the noise. We present a decomposition of the output error into components that relate to different subsets of the model parameters corresponding to underlying, fake and missing features. Here, fake features are features which are included in the model but are not present in the underlying system. Under this framework, we characterize the estimation performance and reveal trade-offs between the number of samples, number of fake features, and the possibly incorrect noise level assumption. In contrast to existing work focusing on incorrect covariance assumptions or missing features, fake features is a central component of our framework. Our results show that fake features can significantly improve the estimation performance, even though they are not correlated with the features in the underlying system. In particular, we show that the estimation error can be decreased by including more fake features in the model, even to the point where the model is overparametrized, i.e., the model contains more unknowns than observations.

Adding a physical watermarking signal to the control input of a networked control system increases the detection probability of data deception attacks at the expense of increased control cost. This paper proposes a parsimonious policy to limit the average number of watermarking events when the attack is not present, which in turn reduces the control cost. We model the system as a stochastic optimal control problem and apply dynamic programming to minimize the average detection delay (ADD) for fixed upper bounds on false alarm rate (FAR) and an average number of watermarking events (ANW) before the attack. Under practical circumstances, the optimal solution results in a two threshold policy on the posterior probability of attack, derived from the Shiryaev statistics for sequential change detection and assuming the change point is a random variable. We derive asymptotically approximate analytical expressions of ADD and FAR, applying the non-linear renewal theory for non-independent and identically distributed data. The derived expressions reveal that ADD reduces with the increase in the Kullback-Leibler divergence (KLD) between the post-and pre-attack distributions of the test statistics. Therefore, we further design the optimal watermarking that maximizes the KLD for a fixed increase in the control cost. The relationship between the ANW and the increase in control cost is also derived. Simulation studies are performed to illustrate and validate the theoretical results.