Detection and Mitigation of Classes of Attacks in Supervisory Control Systems

TL;DR

This paper develops a mathematical framework and defense strategy for detecting and mitigating specific classes of cyber-attacks in supervisory control systems, ensuring safety by preventing unsafe states.

Contribution

It introduces GF-safe controllability, a new verification condition, and provides algorithms for online attack detection and system safety assurance in networked control environments.

Findings

The proposed method effectively detects attacks in real-time.

Verification of GF-safe controllability can be automated.

Application to traffic control demonstrates practical utility.

Abstract

The deployment of control systems with network-connected components has made feedback control systems vulnerable to attacks over the network. This paper considers the problem of intrusion detection and mitigation in supervisory control systems, where the attacker has the ability to enable or disable vulnerable actuator commands and erase or insert vulnerable sensor readings. We present a mathematical model for the system under certain classes of actuator enablement attacks, sensor erasure attacks, or sensor insertion attacks. We then propose a defense strategy that aims to detect such attacks online and disables all controllable events after an attack is detected. We develop an algorithmic procedure for verifying whether the system can prevent damage from the attacks considered with the proposed defense strategy, where damage is modeled as the reachability of a pre-defined set of unsafe system states.The technical condition of interest that is necessary and sufficient in this context, termed "GF-safe controllability", is characterized. We show that the verification of GF-safe controllability can be performed using diagnoser or verifier automata. Finally, we illustrate the methodology with a traffic control system example.