A Zero-stealthy Attack for Sampled-data Control Systems via Input Redundancy

TL;DR

This paper reveals a new stealthy attack method on sampled-data control systems with input redundancy, exploiting the system's structure to remain undetected while causing potential catastrophic damage.

Contribution

It introduces a novel vulnerability in cyber-physical systems where input redundancy enables undetectable attacks during sampled-data control.

Findings

Stealthy attacks exist when input redundancy is present.

Attack can pass through the kernel of the output matrix.

Simulation demonstrates potential for disastrous consequences.

Abstract

In this paper, we introduce a new vulnerability of cyber-physical systems to malicious attack. It arises when the physical plant, that is modeled as a continuous-time LTI system, is controlled by a digital controller. In the sampled-data framework, most anomaly detectors monitor the plant's output only at discrete time instants, and thus, nothing abnormal can be detected as long as the sampled output behaves normal. This implies that if an actuator attack drives the plant's state to pass through the kernel of the output matrix at each sensing time, then the attack compromises the system while remaining stealthy. We show that this type of attack always exists when the sampled-data system has an input redundancy, i.e., the number of inputs being larger than that of the outputs or the sampling rate of the actuators being higher than that of the sensors. Simulation results for the X-38 vehicle and for the other numerical examples illustrate this new attack strategy possibly brings disastrous consequences.