A Comparison of Stealthy Sensor Attacks on Control Systems

TL;DR

This paper analyzes stealthy sensor attacks on control systems, demonstrating how attackers can manipulate system states while evading detection by fault detection methods.

Contribution

It compares two types of stealthy attacks and shows how they can manipulate system states under chi-squared detection constraints.

Findings

Attackers can evade detection by zero-alarm or hidden attack strategies.

The reachable set of system states can be manipulated stealthily.

Detection constraints influence attack design and effectiveness.

Abstract

As more attention is paid to security in the context of control systems and as attacks occur to real control systems throughout the world, it has become clear that some of the most nefarious attacks are those that evade detection. The term stealthy has come to encompass a variety of techniques that attackers can employ to avoid detection. Here we show how the states of the system (in particular, the reachable set corresponding to the attack) can be manipulated under two important types of stealthy attacks. We employ the chi-squared fault detection method and demonstrate how this imposes a constraint on the attack sequence either to generate no alarms (zero-alarm attack) or to generate alarms at a rate indistinguishable from normal operation (hidden attack).