Secure Event-Triggered Distributed Kalman Filters for State Estimation over Wireless Sensor Networks
Aquib Mustafa, Majid Mazouchi, and Hamidreza Modares

TL;DR
This paper develops a resilient event-triggered distributed Kalman filter for wireless sensor networks, addressing cyber-physical attacks by detecting, mitigating, and discarding corrupted data to ensure secure and efficient state estimation.
Contribution
It introduces a novel attack detection and mitigation framework using an information-theoretic approach and second-order inference, without relying on Gaussian attack assumptions.
Findings
The proposed method effectively detects sensor and communication attacks.
It successfully mitigates attacks by discarding corrupted information.
Simulation results confirm improved robustness and accuracy.
Abstract
In this paper, we analyze the adverse effects of cyber-physical attacks as well as mitigate their impacts on the event-triggered distributed Kalman filter (DKF). We first show that although event-triggered mechanisms are highly desirable, the attacker can leverage the event-triggered mechanism to cause non-triggering misbehavior which significantly harms the network connectivity and its collective observability. We also show that an attacker can mislead the event-triggered mechanism to achieve continuous-triggering misbehavior which not only drains the communication resources but also harms the network's performance. An information-theoretic approach is presented next to detect attacks on both sensors and communication channels. In contrast to the existing results, the restrictive Gaussian assumption on the attack signal's probability distribution is not required. To mitigate attacks, a…
Click any figure to enlarge with its caption.
Figure 1
Figure 2
Figure 3
Figure 4
Figure 5
Figure 6
Figure 7
Figure 8
Figure 9
Figure 10
Figure 11
Figure 12
Figure 13
Figure 14
Figure 15
Figure 16
Figure 17
Figure 18
Figure 19
Figure 20
Figure 21
Figure 22Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Secure Event-Triggered Distributed Kalman Filters for State Estimation over Wireless Sensor Networks
Aquib Mustafa
Majid Mazouchi
Hamidreza Modares
Senior Member, IEEE
Aquib Mustafa, Majid Mazouchi and Hamidreza Modares are with the Department of Mechanical Engineering, Michigan State University, East Lansing, MI, 48863, USA (e-mails: [email protected]; [email protected]; [email protected]).
Abstract
In this paper, we analyze the adverse effects of cyber-physical attacks as well as mitigate their impacts on the event-triggered distributed Kalman filter (DKF). We first show that although event-triggered mechanisms are highly desirable, the attacker can leverage the event-triggered mechanism to cause non-triggering misbehavior which significantly harms the network connectivity and its collective observability. We also show that an attacker can mislead the event-triggered mechanism to achieve continuous-triggering misbehavior which not only drains the communication resources but also harms the network’s performance. An information-theoretic approach is presented next to detect attacks on both sensors and communication channels. In contrast to the existing results, the restrictive Gaussian assumption on the attack signal’s probability distribution is not required. To mitigate attacks, a meta-Bayesian approach is presented that incorporates the outcome of the attack detection mechanism to perform second-order inference. The proposed second-order inference forms confidence and trust values about the truthfulness or legitimacy of sensors’ own estimates and those of their neighbors, respectively. Each sensor communicates its confidence to its neighbors. Sensors then incorporate the confidence they receive from their neighbors and the trust they formed about their neighbors into their posterior update laws to successfully discard corrupted information. Finally, the simulation result validates the effectiveness of the presented resilient event-triggered DKF.
Index Terms:
Wireless sensor network, Event-triggered DKF, Attack analysis, Resilient estimation.
I Introduction
Cyber-physical systems (CPSs) refer to a class of engineering systems that integrate the cyber aspects of computation and communication with physical entities [1]. Integrating communication and computation with sensing and control elements has made CPSs a key enabler in designing emerging autonomous and smart systems with the promise of bringing unprecedented benefits to humanity. CPSs have already had a profound impact on variety of engineering sectors, including, process industries [2], robotics [3], smart grids [4], and intelligent transportation [5], health care system [6], to name a few. Despite their advantages with vast growth and success, these systems are vulnerable to cyber-physical threats and can face fatal consequences if not empowered with resiliency. The importance of designing resilient and secure CPSs can be witnessed from severe damages made by recently reported cyber-physical attacks [7].
I-A Related Work
Wireless sensor networks (WSNs) are a class of CPSs for which a set of sensors are spatially distributed to monitor and estimate a variable of interest (e.g., location of a moving target, state of a large-scale system, etc.), and have various applications such as surveillance and monitoring, target tracking, and active health monitoring [8]. In centralized WSNs, all sensors broadcast their measurements to a center at which the information is fused to estimate the state [9, 10]. These approaches, however, are communication demanding and prone to single-point-of-failure. To estimate the state with reduced communication burden, a distributed Kalman filter (DKF) is presented in [11]-[17], in which sensors exchange their information only with their neighbors, not with all agents in the network or a central agent. Cost constraints on sensor nodes in a WSN result in corresponding constraints on resources such as energy and communications bandwidth. Sensor nodes in a WSN usually carry limited, irreplaceable energy resources and lifetime adequacy is a significant restriction of almost all WSNs. Therefore, it is of vital importance to design event-triggered DKF to reduce the communication burden which consequently improves energy efficiency. To this end, several energy-efficient event-triggered distributed state estimation approaches are presented for which sensor nodes intermittently exchange information [18]-[21]. Moreover, the importance of event-triggered state estimation problem is also reported for several practical applications such as smart grids and robotics [22]-[24]. Although event-triggered distributed state estimation is resource-efficient, it provides an opportunity for an attacker to harm the network performance and its connectivity by corrupting the information that is exchanged among sensors, as well as to mislead the event-triggered mechanism. Thus, it is of vital importance to design a resilient event-triggered distributed state estimation approach that can perform accurate state estimation despite attacks.
In recent years, secure estimation and secure control of CPSs have received significant attention and remarkable results have been reported for mitigation of cyber-physical attacks, including denial of service (DoS) attacks [25]-[27], false data injection attacks [28]-[32], and bias injection attacks [33]. For the time-triggered distributed scenario, several secure state estimation approaches are presented in [34]-[41]. Specifically, in [34]-[42] authors presented a distributed estimator that allows agents to perform parameter estimation in the presence of attack by discarding information from the adversarial agents. Byzantine-resilient distributed estimator with deterministic process dynamics is discussed in [36]. Then, the same authors solved the resilient distributed estimation problem with communication losses and intermittent measurements in [37]. Attack analysis and detection for distributed Kalman filters are discussed in [38]. Resilient state estimation subject to DoS attacks for power system and robotics applications is presented in [39]-[41]. Although meritable, these aforementioned results for the time-triggered resilient state estimation are not applicable to event-triggered distributed state estimation problems. Recently, authors in [26] addressed the event-triggered distributed state estimation under DoS attacks by employing the covariance intersection fusion approach. Although elegant, the presented approach is not applicable to mitigating the effect of deception attacks. To our knowledge, resilient state estimation for event-triggered DKF under deception attacks is not considered in the literature. For the first time, this work not only detects and mitigate the effect of attacks on sensor and communication channel but also presents a mathematical analysis for different triggering misbehaviors.
I-B Contributions and outline
This paper contributes to analysis, detection, and mitigation of attacks on event-triggered DKF. To our knowledge, it is the first paper to rigorously analyze how an attacker can leverage the event- triggering mechanism to harm the state estimation process over WSNs. It also proposes a novel detection mechanism for detecting attacks on event-triggered DKF that does not require the restrictive Gaussian assumption on the probability density function of the attack signal. To provide mitigation scheme and discard corrupted information, finally, a novel meta-Bayesian mechanism is developed that performs second-order inference to form confidence and trust about the truthfulness or legitimacy of the outcome of its own first-order inference and those of its neighbors, respectively. The details of these contributions are presented as follows:
- •
Attack analysis: It is shown that the attacker can cause emerging non-triggering misbehavior so that the compromised sensors do not broadcast any information to their neighbors. This can significantly harm the network connectivity and its collective observability, which is the necessary condition for solving the distributed state estimation problem. It is also shown that an attacker can achieve continuous-triggering misbehavior which drains the communication resources.
- •
Attack detections: To detect adversarial intrusions a Kullback-Leibler (KL) divergence based detector is presented and estimated via k-nearest neighbors approach to obviate the restrictive Gaussian assumption on the probability density function of the attack signal.
- •
Attack mitigation: To mitigate attacks on event-triggered DKF and discard corrupted information, a meta-Bayesian approach is employed that performs second-order inference to form confidence and trust about the truthfulness or legitimacy of the outcome of its own first-order inference (i.e., the posterior belief about the state estimate) and those of its neighbors, respectively. Each sensor communicates its confidence to its neighbors and also incorporates the trust about its neighbors into its posterior update law to put less weight on untrusted data and thus successfully discard corrupted information.
Outline: The paper is organized as follows. Section II outlines the preliminary background for the event-triggered DKF. Section III formulates the effect of attacks on the event-triggered DKF and analyzes triggering misbehaviors for it. Attack detection mechanism and confidence-trust based secure event-triggered DKF are presented in Section IV and V, respectively. The simulation verifications are provided in Section VI. Finally, concluding remarks are presented in Section VII.
II Notations and Preliminaries
II-A Notations
The data communication among sensors in a WSN is captured by an undirected graph , consists of a pair , where is the set of nodes or sensors and is the set of edges. An edge from node to node represented by , implies that node can broadcast information to node . Moreover, is the set of neighbors of node on the graph An induced subgraph is obtained by removing a set of nodes from the original graph , which is represented by nodes set and contains the edges of with both endpoints in .
Throughout this paper, and represent the sets of real numbers and natural numbers, respectively. denotes transpose of a matrix . and represent trace of a matrix and maximum value in the set, respectively. represents the cardinality of a set S. and represent maximum singular value, maximum eigenvalue of matrix A, and an identity matrix of dimension , respectively. with denotes an uniform distribution between the interval and . Consider as the probability density of the random variable or vector with taking values in the finite set When a random variable is distributed normally with mean and variance we use the notation . and denotes, respectively, the expectation and the covariance of Finally, represents the conditional expectation.
II-B Process Dynamics and Sensor Models
Consider a process that evolves according to the following dynamics
[TABLE]
where denotes the process dynamic matrix, and and are, respectively, the process state and process noise at the time . The process noise is assumed to be independent and identically distributed (i.i.d.) with Gaussian distribution, and represents the initial process state with as mean and as covariance, respectively.
The goal is to estimate the state for the process (1) in a distributed fashion using sensor nodes that communicate through the graph , and their sensing models are given by
[TABLE]
where represents the measurement data with as the i.i.d. Gaussian measurement noise and as the observation matrix of the sensor , respectively.
Assumption 1. The process noise the measurement noise and the initial state are uncorrelated random vector sequences.
Assumption 2. The sequences and are zero-mean Gaussian noise with
[TABLE]
and
[TABLE]
with if , and otherwise. Moreover, and denote the noise covariance matrices for process and measurement noise, respectively and both are finite.
Definition 1. (Collectively observable) [16]. We call the plant dynamics (1) and the measurement equation (2) collectively observable, if the pair is observable where is the stack column vectors of with and .
Assumption 3. The plant dynamics (1) and the measurement equation (2) are collectively observable, but not necessarily locally observable, i.e., is not necessarily observable.
Assumptions and are standard assumptions in Kalman filters. Assumption 3 states that the state of the target in (1) cannot be observed by measurements of any single sensor, i.e., the pairs cannot be observable (see for instances [16] and [42]). It also provides the necessary assumption of collectively observable for the estimation problem to be solvable. Also note that under Assumption 2, i.e., the process and measurement covariance are finite, the stochastic observability rank condition coincides with the deterministic observability [Theorem 1, 43]. Therefore, deterministic observability rank condition holds true irrespective of the process and measurement noise.
II-C Overview of Event-triggered Distributed Kalman Filter
This subsection presents the overview of the event-triggered DKF for estimating the process state in (1) from a collection of noisy measurements in (2).
Let the prior and posterior estimates of the target state for sensor node at time be denoted by and , respectively. In the centralized Kalman filter, a recursive rule based on Bayesian inference is employed to compute the posterior estimate based on its prior estimate and the new measurement . When the next measurement comes, the previous posterior estimate is used as a new prior and it proceeds with the same recursive estimation rule. In the event-triggered DKF, the recursion rule for computing the posterior incorporates not only its own prior and observations, but also its neighbors’ predictive state estimate. Sensor communicates its prior state estimate to its neighbors and if the norm of the error between the actual output and the predictive output becomes greater than a threshold after a new observation arrives. That is, it employs the following event-triggered mechanism for exchange of data with its neighbors
[TABLE]
where denotes a predefined threshold for event-triggering. Moreover, denotes the predictive state estimate for sensor and follows the update law
[TABLE]
with as the transmit function. Note that the predictive state estimate update equation in (4) depends on the value of the transmit function which is either zero or one depending on the triggering condition in (3). When , then the prior and predictive state estimates are the same, i.e., . When however, the predictive state estimate depends on its own previous state estimate, i.e.,
Incorporating (4), the following recursion rule is used to update the posterior state estimate in the event-triggered DKF [18], [20] for sensor as
[TABLE]
where
[TABLE]
is the prior update. Moreover, the second and the third terms in (5) denote, respectively, the innovation part (i.e., the estimation error based on the sensor new observation and its prior prediction) and the consensus part (i.e., deviation of the sensor state estimates from its neighbor’s state estimates). We call this recursion rule as the Bayesian first-order inference on the posterior, which provides the belief over the value of the state.
Moreover, and in (5), respectively, denote the Kalman gain and the coupling coefficient. The Kalman gain in (5) depends on the estimation error covariance matrices associated with the prior and the posterior for the sensor . Let define the prior and posterior estimated error covariances as
[TABLE]
which are simplified as [18], [20]
[TABLE]
and
[TABLE]
with Then, the Kalman gain is designed to minimize the estimation covariance and is given by [18], [20]
[TABLE]
Let the innovation sequence for the node be defined as
[TABLE]
where with
[TABLE]
Note that for the notional simplicity, henceforth we denote the prior and posterior state estimations as and respectively. Also, the prior covariance and the posterior covariance are, respectively, denoted by and .
Based on equations (6)-(10), the event-triggered DKF algorithm becomes
Time updates:
[TABLE]
Measurment updates:
[TABLE]
Remark 1. Based on the result presented in [17, Th.1], the event triggered DKF (12)-(13) ensures that the estimation error is exponentially bounded in the mean square sense
Remark 2. The consensus gain in (5) is designed such that the stability of the event-triggered DKF in (13)-(14) is guaranteed. Specifically, as shown in [Theorem 2, 19], if
[TABLE]
where denotes the Laplacian matrix associated with the graph and with then the stability of the event-triggered DKF in (13)-(14) is guaranteed. However, the design of event-triggered DKF itself is not the concern of this paper and this paper mainly analyzes the adverse effects of cyber-physical attacks on the event-triggered DKF and proposes an information-theoretic approach based attack detection and mitigation mechanism. Note that the presented attack analysis and mitigation can be extended to other event-triggered methods such as [19] and [21] as well.
II-D Attack Modeling
In this subsection, we model the effects of attacks on the event-triggered DKF. An attacker can design a false data injection attack to affect the triggering mechanism presented in (3) and consequently compromise the system behavior.
Definition 2. (Compromised and intact sensor node). We call a sensor node that is directly under attack as a compromised sensor node. A sensor node is called intact if it is not compromised. Throughout the paper, and denote, respectively, the set of compromised and intact sensor nodes.
Consider the sensing model (2) for sensor node under the effect of the attack as
[TABLE]
where and are, respectively, the sensor ’ actual and corrupted measurements and represents the adversarial input on sensor node For a compromised sensor node let be the subset of measurements disrupted by the attacker.
Let the false data injection attack on the communication link be given by
[TABLE]
Using (14)-(15), in the presence of an attack on sensor node and/or its neighbors, its state estimate equations in (13)-(12) becomes
[TABLE]
where
[TABLE]
with
[TABLE]
The Kalman gain in presence of attack is given by
[TABLE]
The first part in (17) represents the direct attack on sensor node and the second part denotes the aggregative effect of adversarial input on neighboring sensors, i.e., . Moreover, and denote, respectively, the corrupted posterior, prior, and predictive state estimates. The Kalman gain depends on the following corrupted prior state estimation error covariance
[TABLE]
where the corrupted posterior state estimation error covariance evolution is shown in the following theorem.
Theorem 1**.**
Consider the process dynamics (1) with compromised sensor model (14). Let the state estimation equation be given by (16) in the presence of attacks modeled by in (17). Then, the corrupted posterior state estimation error covariance is given by
[TABLE]
where and denote the attacker’s input dependent covariance matrices and with as the Kalman gain and as the prior state estimation error covariance update in (18) and (19), respectively. Moreover, and are cross-correlated estimation error covariances updated according to (81)-(83).
Proof.
See Appendix A. ∎
Note that the corrupted state estimation error covariance recursion in (20) depends on the attacker’s input distribution. Since the state estimation depends on compromised estimation error covariance therefore, the attacker can design its attack signal to blow up the estimates of the desired process state and damage the system performance.
III Effect of Attack on Triggering Mechanism
This section presents the effects of cyber-physical attacks on the event-triggered DKF. We show that although event-triggered approaches are energy efficient, they are prone to triggering misbehaviors, which can harm the network connectivity, observability and drain its limited resources.
III-A * Non-triggering Misbehavior*
In this subsection, we show how an attacker can manipulate the sensor measurement to mislead the event-triggered mechanism and damage network connectivity and collective observability by causing non-triggering misbehavior as defined in the following Definition 3.
**Definition 3 **(Non-triggering Misbehavior). The attacker designs an attack strategy such that a compromised sensor node does not transmit any information to its neighbors by misleading the triggering mechanism in (3), even if the actual performance deviates from the desired one.
The following theorem shows how a false data injection attack, followed by an eavesdropping attack, can manipulate the sensor reading to avoid the event-triggered mechanism (3) from being violated while the actual performance could be far from the desired one. To this end, we first define the vertex cut of the graph as follows.
Definition 4 (Vertex cut). A set of nodes is a vertex cut of a graph if removing the nodes in the set results in disconnected graph clusters.
Theorem 2**.**
Consider the process dynamics (1) with sensor nodes (2) communicating over the graph . Let sensor be under a false data injection attack given by
[TABLE]
where is the actual sensor measurement at time instant and denotes the last triggering time instant. Moreover, is a scalar uniformly distributed random variable in the interval with
[TABLE]
where and denote, respectively, the predictive state estimate and an arbitrary scalar value less than the triggering threshold Then,
The triggering condition (3) will not be violated for the sensor node and it shows non-triggering misbehavior; 2. 2.
The original graph is clustered into several subgraphs, if all sensors in a vertex cut are under attack (21).
Proof.
Taking norms from both sides of (21), the corrupted sensor measurement becomes
[TABLE]
Using the triangular inequality for (23) yields
[TABLE]
Based on the bounds of , given by (22), (24) becomes
[TABLE]
which yields
[TABLE]
This implies that the condition
[TABLE]
always holds true. Therefore, under (21)-(22), the corrupted sensor node shows non-triggering misbehavior, which proves part 1.
We now prove part 2. Let be the set of sensor nodes showing non-triggering misbehavior. Then, based on the presented result in part 1, under the attack signal (21), sensor nodes in the set are misled by the attacker and consequently do not transmit any information to their neighbors which make them to act as sink nodes. Since the set of sensor nodes is assumed to be a vertex cut. Then, the non-triggering misbehavior of sensor nodes in prevents information flow from one portion of the graph to another portion of the graph and thus clusters the original graph into subgraphs. This completes the proof. ∎
Remark 3. Note that to design the presented strategic false data injection attack signal given in (21) an attacker needs to eavesdrop the actual sensor measurement and the last transmitted prior state estimate through the communication channel. The attacker then determines the predictive state estimate using the dynamics in (5) at each time instant to achieve non-triggering misbehavior for the sensor node .
We provide Example for further illustration of the results of Theorem 2.
Example 1. Consider a graph topology for a distributed sensor network given in fig. 1. Let the vertex cut be under the presented false data injection attack in Theorem and show non-triggering misbehavior. Then, the sensor nodes in do not transmit any information to their neighbors under the designed false data injection attack. Moreover, the sensor nodes in act as sink nodes and prevent information flow from subgraph to subgraph which clusters the graph into two non-interacting subgraphs and as shown in Fig. 1. This example shows that the attacker can compromise the vertex cut of the original graph such that it shows non-triggering misbehavior and harm the network connectivity or cluster the graph into various non-interacting subgraphs.
We now analyze the effect of non-triggering misbehavior on the collective observability of the sensor network. To do so the following definitions are needed.
**Definition 5 (Potential Set). ** A set of nodes is said to be a potential set of the graph if the pair is not collectively observable.
Definition 6 (Minimal Potential Set). A set of nodes is said to be a minimal potential set if is a potential set and no subset of is a potential set.
Remark 4. Note that if the attacker knows the graph structure and the local pair. Then, the attacker can identify the minimum potential set of sensor nodes in the graph and achieves non-triggering misbehavior for Thus, the set of sensor nodes does not exchange any information with its neighbors and becomes isolated in the graph .
Corollary 1. Let the set of sensors that shows non-triggering misbehavior be the minimal potential set . Then, the network is no longer collectively observable and the process state reconstruction from the distributed sensor measurements is impossible.
Proof.
According to the statement of the corollary, represents a minimal potential set of the graph and shows non-triggering misbehavior. Then, the sensor nodes in the set do not transmit any information to their neighbors and they act as sink nodes, i.e., they only absorb information. Therefore, the exchange of information happen just between the remaining sensor nodes in the graph . Hence, after excluding the minimum potential nodes , the pair becomes unobservable based on the Definitions and , and thus makes the state reconstruction impossible. This completes the proof. ∎
III-B Continuous-triggering Misbehavior
In this subsection, we discuss how an attacker can compromise the actual sensor measurement to mislead the event-triggered mechanism and achieves continuous-triggering misbehavior and thus results in a time-driven DKF that not only drains the communication resources but also continuously propagates the adverse effect of attack in the network.
Definition 7 (Continuous-triggering Misbehavior). Let the attacker design an attack strategy such that it deceives the triggering mechanism in (3) at each time instant. This turns the event-driven DKF into a time-driven DKF that continuously exchanges corrupted information among sensor nodes. We call this a continuous-triggering misbehavior.
We now show how a reply attack, followed by an eavesdropping attack, can manipulate the sensor reading to cause continuous violation of the event-triggered mechanism (3).
Theorem 3**.**
*Consider the process dynamics (1) with sensor nodes (2) communicating over the graph Let the sensor node in (2) be under a replay attack given by
[TABLE]
where represents the last transmitted prior state and denotes a scalar disruption signal. denotes the last triggering time instant when intact prior state estimate was transmitted. Then, the sensor node shows continuous-triggering misbehavior if the attacker selects
Proof.
To mislead a sensor to cause a continuous-triggering misbehavior, the attacker needs to design the attack signal such that the event-triggered condition (3) is constantly being violated, i.e., all the time. The attacker can eavesdrop the last transmitted prior state estimate and design the strategic attack signal given by (25). Then, one has
[TABLE]
Taking the norm from both sides of (26) yields
[TABLE]
Since for ,
[TABLE]
If the attacker selects in (28) such that , then the attack signal (25) ensures triggering at time instant Then, based on similar argument for (27),
[TABLE]
which ensures continuous triggering misbehavior. This completes the proof. ∎
To achieve continuous-triggering misbehavior the attacker needs to eavesdrop prior state estimates at each triggering instant and selects the large enough such that always holds true.
Note that continuous-triggering misbehavior can completely ruin the advantage of event-triggered mechanisms and turn it into time-driven mechanisms. This significantly increases the communication burden. Since nodes in the WSNs are usually powered through batteries with limited energy, the attacker can drain sensors limited resources by designing the above-discussed attack signals to achieve continuous-triggering misbehavior, and, consequently can make them non-operating in the network along with the deteriorated performance of the network.
Note that although we classified attacks into non-triggering misbehavior and continuous-triggering misbehavior, to analyze how the attacker can leverage the event-triggered mechanism, the following analysis, detection and mitigation approaches are not restricted to any class of attacks.
IV Attack Detection
In this section, we present an entropy estimation-based attack detection approach for the event-triggered DKF.
The KL divergence is a non-negative measure of the relative entropy between two probability distributions which is defined as follows.
Definition 8 (KL Divergence) [33]. Let and be two random variables with probability density function and , respectively. The KL divergence measure between and is defined as
[TABLE]
with the following properties [43]
2. 2.
if and only if, 3. 3.
In the existing resilient literature, the entropy-based anomaly detectors need to know the probability density function of sequences, i.e., and in (29) to determine the relative entropy. In most of the cases, authors assume that the probability density function of corrupted innovation sequence remains Gaussian (see [33] and [44] for instance). Since, the attacker’s input signal is unknown, it is restrictive to assume that the probability density function of the corrupted sequence remains Gaussian. To relax this restrictive assumption on probability density function of the corrupted sequence, we estimate the relative entropy between two random sequences and using nearest neighbor based divergence estimator [46].
Let and be i.i.d. samples drawn independently from and respectively with . Let be the Euclidean distance between and its in The of a sample in is where such that
[TABLE]
More specifically, the Euclidean distance is given by [45]
[TABLE]
The based relative entropy estimator is given by [46]
[TABLE]
The innovation sequences represent the deviation of the actual output of the system from the estimated one. It is known that innovation sequences approach a steady state quickly and thus it is reasonable to design innovation-based anomaly detectors to capture the system abnormality [33]. Using the innovation sequence of each sensor and the innovation sequences that it estimates for its neighbors, we present innovation based divergence estimator and design detectors to capture the effect of the attacks on the event-triggered DKF.
Based on innovation expression (11), in the presence of attack, one can write the compromised innovation for sensor node with disrupted measurement in (14) and state estimation based on (16) as
[TABLE]
Let and be i.i.d. p-dimensional samples of corrupted and nominal innovation sequences with probability density function and respectively. The nominal innovation sequence follows defined in (11). Using based relative entropy estimator (30), one has [46]
[TABLE]
Define the average of the estimated KL divergence over a time window of as
[TABLE]
Now, in the following theorem, it is shown that the effect of attacks on the sensors can be captured using (33).
Theorem 4**.**
Consider the distributed sensor network (1)-(2) under attack on sensor. Then,
in the absence of attack, 2. 2.
in the presence of attack, where and denotes, respectively, a predefined threshold and the time instant at which the attack happen.
Proof.
In the absence of attack, the samples of innovation sequences and are similar. Then, the Euclidean distance and one has
[TABLE]
Based on (34), one has
[TABLE]
where in (42) depends on the sample size of innovation sequence and . Therefore, the predefined threshold can be selected with some such that the condition in (42) is always satisfied. This complete the proof of part 1.
In the presence of attack, the samples of innovation sequences and are different, i.e., . More specifically, due to change in the corrupted innovation sequence. Therefore, based on (32) the estimated relative entropy between sequences becomes
[TABLE]
with as the change in Euclidean distance due to corrupted innovation sequence. Based on (36), one has
[TABLE]
Thus, one has
[TABLE]
where and denote the sliding window size and the predefined design threshold. This completes the proof. ∎
Based on Theorem 4, one can use the following condition for attack detection.
[TABLE]
where denotes the designed threshold for detection, the null hypothesis represents the intact mode of sensor nodes and denotes the compromised mode of sensor nodes.
Remark 5. Note that in the absence of an attack, the innovation sequence has a known zero-mean Gaussian distribution due to the measurement noise. Based on the prior system knowledge, one can always consider that the nominal innovation sequence is zero-mean Gaussian distribution with predefined covariance. The bound on the predefined covariance can be determined during normal operation of the event-triggered DKF. This assumption for the knowledge of the nominal innovation sequence for attack detection is standard in the existing literature (see [44] for instance). The designed threshold in (39) is a predefined parameter and chosen appropriately for the detection of the attack signal. Moreover, the selection of detection threshold based on expert knowledge is standard in the existing literature. For example, several results on adversary detection and stealthiness have considered similar thresholds [33]-[34].
Based on the results presented in Theorem 4 and Algorithm 1, one can capture attacks on both sensors and communication links, but it cannot identify the specific compromised communication link as modelled in (15). To detect the source of attacks, we present an estimated entropy-based detector to capture the effect of attacks on the specific communication channel. More specifically, the relative entropy between the estimated innovation sequences for the neighbors at particular sensor node and the nominal innovation sequence of the considered sensor node is estimated using (30).
Define the estimated innovation sequences for a neighbor under attacks on communication channel from the sensor node side as
[TABLE]
where is the corrupted communicated state estimation of neighbor at sensor node at the last triggering instant.
Let be i.i.d. p-dimensional samples of neighbor’s estimated innovation at the sensor node with probability density function Using based relative entropy estimator (30), one has
[TABLE]
Note that in the presence of attacks on the communication channels, the neighbor’s actual innovation differs the neighbor’s estimated innovation at sensor . In the absence of the attack, the mean value of all the sensor state estimates converge to the mean of the desired process state at steady state, and, therefore, the innovation sequences and have the same zero mean Gaussian distributions. In the presence of attack, however, as shown in Theorem 5 and Algorithm 2, their distributions diverge.
Define the average of the KL divergence over a time window of as
[TABLE]
Theorem 5**.**
Consider the distributed sensor network (1)-(2) under attack on communication links (15). Then, in the presence of an attack, where denotes a predefined threshold.
Proof.
The result follows a similar argument as given in the proof of part of Theorem 4. ∎
V Secure Distributed Estimation Mechanism
This section presents a meta-Bayesian approach for secure event-triggered DKF, which incorporates the outcome of the attack detection mechanism to perform second-order inference and consequently form beliefs over beliefs. That is, the second-order inference forms confidence and trust about the truthfulness or legitimacy of the sensors’ own state estimate (i.e., the posterior belief of the first-order Bayesian inference) and those of its neighbor’s state estimates, respectively. Each sensor communicates its confidence to its neighbors. Then sensors incorporate the confidence of their neighbors and their own trust about their neighbors into their posterior update laws to successfully discard the corrupted information.
V-A Confidence of sensor nodes
The second-order inference forms a confidence value for each sensor node which determines the level of trustworthiness of the sensor about its own measurement and state estimate (i.e., the posterior belief of the first-order Bayesian inference). If a sensor node is compromised, then the presented attack detector detects the adversary and it then reduces its level of trustworthiness about its own understanding of the environment and communicates it with its neighbors to inform them the significance of its outgoing information and thus slow down the attack propagation.
To determine the confidence of the sensor node , based on the divergence from Theorem 4, we first define
[TABLE]
with represents a predefined threshold to account for the channel fading and other uncertainties. Then, in the following lemma, we formally present the results for the confidence of sensor node .
Lemma 1. Let be the confidence of the sensor node which is updated using
[TABLE]
where is defined in (43), and is a discount factor. Then, and
** 2. 2.
**
Proof.
Based on the expression (43), since , one has . Then, using (44), one can infer that .
Now according to Theorem 4, if the sensor node is under attack, then in (43), which makes close to zero. Then, based on expression (44) with the discount factor the confidence in (44) approaches zero, and thus the sensor’s belief about the trustworthiness of its own information would be low. This completes the proof of part 1.
On the other hand, based on Theorem 4, in the absence of attacks, as , which makes close to one and, consequently, becomes close to one. This indicates that the sensor node is confident about its own state estimate. This completes the proof of part 2. ∎
Note that the expression for the confidence of sensor node in (44) can be implemented using the following difference equation
[TABLE]
Note also that the discount factor in (44) determines how much we value the current experience with regards to past experiences. It also guarantees that if the attack is not persistent and disappears after a while, or if a short-period adversary rather than attack (such as packet dropout) causes, the belief will be recovered, as it mainly depends on the current circumstances.
V-B Trust of sensor nodes about their incoming information
Similar to the previous subsection, the second-order inference forms trust of sensor nodes to represent their level of trust on their neighboring sensor’s state estimates. Trust decides the usefulness of the neighboring information in the state estimation of sensor node .
The trust of the sensor node on its neighboring sensor can be determined based on the divergence in (40) from Theorem 5, from which we define
[TABLE]
where represents a predefined threshold to account for the channel fading and other uncertainties. Then, in the following lemma, we formally present the results for the trust of the sensor node on its neighboring sensor
Lemma 2. Let be the trust of the sensor node on its neighboring sensor which is updated using
[TABLE]
where is defined in (45), and is a discount factor. Then, and
** 2. 2.
**
Proof.
The result follows a similar argument as given in the proof of Lemma 1. ∎
Note that the trust of sensor node in (46) can be implemented using the following difference equation
[TABLE]
Using the presented idea of trust, one can identify the attacks on the communication channel and discard the contribution of compromised information for the state estimation.
V-C Attack mitigation mechanism using confidence and trust of sensors
This subsection incorporates the confidence and trust of sensors to design a resilient event-triggered DKF. To this end, using the presented confidence in (44) and trust in (46), we design the resilient form of the event-triggered DKF as
[TABLE]
where the weighted neighbor’s state estimate is defined as
[TABLE]
where denotes the deviation between the weighted neighbor’s state estimate and the actual process state . Note that in (48) the weighted state estimate depends on the trust values and the confidence values Since the weighted state estimate depends only on the information from intact neighbors, then one has for some For the sake of mathematical representation, we approximate the weighted state estimate in terms of the actual process state , i.e., We call this a meta-Bayesian inference that integrates the first-order inference (state estimates) with second-order estimates or belief (trust and confidence on the trustworthiness of state estimate beliefs).
Define the prior and predictive state estimation errors as
[TABLE]
Using the threshold in triggering mechanism (3), one has
[TABLE]
where denotes the bound on
Other notations used in the following theorem are given by
[TABLE]
Assumption 4. At least neighbors of the sensor node are intact.
Assumption 4 is similar to the assumption found in the secure estimation and control literature [28], [35]. Necessary and sufficient condition for any centralized or distributed estimator to resiliently estimate actual state is that the number of attacked sensors is less than half of all sensors.
Remark 6. Note that the proposed notion of trust and confidence for hybrid attacks on sensor networks for event-triggered DKF can also be seen as the weightage in the covariance fusion approach. Although covariance intersection-based Kalman consensus filters have been widely used in the literature to deal with unknown correlations in sensor networks (for instants see [11]-[14] and [39]-[41]), most of these results considered the time-triggered distributed state estimation problem with or without any adversaries. Compared with the existing results, however, a novelty of this work lies in detecting and mitigating the effect of attacks on sensors and communication channels for event-triggered DKF and providing a rigorous mathematical analysis for different triggering misbehaviors.
Theorem 6**.**
Consider the resilient event triggered DKF (47) with the triggering mechanism (3). Let the time-varying graph be such that at each time instant Assumptions 3 and 4 are satisfied. Then,
The following uniform bound holds on state estimation error in (49), despite attacks
[TABLE]
where
[TABLE]
with denotes the confidence and trust dependent time-varying graph Laplacian matrix, and bound defined in (48); 2. 2.
The uniform bound on the state estimation error (52) becomes
[TABLE]
Moreover, other notations used in (53) are defined in (51).
Proof.
Using the presented resilient estimator (47), one has
[TABLE]
Substituting (48) into (55) and using (49), the state estimation error dynamics becomes
[TABLE]
where and .
Using (56) and notations defined in (51), the global form of error dynamics becomes
[TABLE]
Note that Assumption 4 implies that the total number of the compromised sensors is less than half of the total number of sensors in the network. That is, if neighbors of an intact sensor node are attacked and collude to send the same value to mislead it, there still exists intact neighbors that communicate values different from the compromised ones. Moreover, since at least half of the intact sensor’s neighbors are intact, it can update its beliefs to discard the compromised neighbor’s state estimates. Furthermore, since the time-varying graph resulting from isolating the compromised sensors, based on Assumptions 3 and 4, the entire network is still collectively observable. Using the trust and confidence of neighboring sensors, the incoming information from the compromised communication channels is discarded.
Now taking norm of equation (57) from both sides and then using the triangular inequality, one has
[TABLE]
Using (48), (58) can be rewritten as
[TABLE]
After some manipulations, equation (59) becomes
[TABLE]
with defined in (51). Then, using (50), one can write (60) as
[TABLE]
After solving (61), one has
[TABLE]
where and are given in (53). This completes the proof of part 1. Based on Assumption 3, the distributed sensor network is always collectively observable. Thus, based on result provided in [47], one can conclude that in (62) is always Schur and then the upper bound on state estimation error becomes (54). This completes the proof. ∎
Remark 7. To recap, Theorems 1-3 aim to provide us theoretical analysis to show the vulnerability of event-triggered DKF mechanism to deception attack consist of reply attack and false data injection attack. Moreover, Theorems 4-5 aim to build a mechanism to detect these types of attacks on event-triggered DKF and to mitigate the effects of them. To this aim, the results of Theorems 4 and 5 are essential to develop an entropy estimation-based attack detection approach for the event-triggered DKF, and Theorem 6 and corresponding Algorithm 3 complete the machinery required for mitigation scheme by estimating the actual state based on the attack detection approach presented in Algorithms 1 and 2.
VI Simulation Results
In this section, we discuss simulation results to demonstrate the efficacy of presented attack detection and mitigation mechanism.
Consider the following simple longitudinal-direction cruise dynamics of an autonomous underwater vehicle (AUV)
[TABLE]
where is the longitudinal position, is the velocity in -direction, is mass, is an coefficient corresponding to friction and hydrodynamic drag, is disturbance force (with Gaussian distribution) generated by underwater and tidal currents, and is the force applied by engine.
Now, consider a scenario in which a sensor network installed undersea with the communication graph topology shown in Fig 2 to estimate the longitudinal position and velocity of an AUV cruising undersea.
The closed-loop dynamical system (73) can be seen as an autonomous exogenous system (exosystem [48]) as
[TABLE]
where Z(k)={\left[{\begin{array}[]{*{20}{c}}{x(k)}&{v(k)}\end{array}}\right]^{T}}. Now, let the observation matrix in (2), noise covariances, and initial state, respectively, be chosen as
[TABLE]
As one can see, the pairs are not observable which indicates that each one of these sensors cannot estimate the longitudinal position and velocity of an AUV individually. Note that, however, (74) and (2) with given in (75) are collectively observable.
For intact sensor network, based on the dynamics (74) with covariances given in (75), as depicted in Fig. 5, the state estimation errors converge to zero (in the mean square sense) for each sensor node and as the result the state estimations of sensors converge to the true states. Moreover, the event generation based on the event-triggering mechanism in (3) with the triggering threshold is shown in Fig. 5.
Now, assume that sensor node in the network is compromised with the adversarial input after the time instance . Fig. 8 shows the attacker’s effect on sensor node and one can see that the compromised sensors and other sensors in the network deviates from desired target state and results in non-zero estimation error based on attacker’s input.
Fig. 8 illustrates the event generation based on the event-triggering mechanism in (3) in the presence of attack. Fig. 8 shows that after injection of the attack on sensor node , the event-triggered system becomes time-triggered and demonstrates continuous-triggering misbehavior. This result follows the analysis presented for the continuous-triggering misbehavior. The results for non-triggering misbehavior for sensor node is depicted in Figs. 11-11 which follow the presented analysis.
Using the presented attack detection mechanism, one can detect the effect of the attack on the sensor nodes. Fig. 12 illustrates the result for estimated KL divergence-based attack detection mechanism and it shows that after the injection of attack signal into sensor node 2 at the estimated KL divergence starts increasing for compromised sensor node 2. The estimated divergence for the compromised sensor, i.e., sensor node 2 grows after attack injection at which follows the result presented in Theorem 4.
The confidence of the sensor is evaluated based on the Lemma 1 with the discount factor and the uncertainty threshold as . Fig. 13 shows the confidence of sensors in the presence of the considered attack which is close to one for healthy sensors and tends to zero for the compromised one. Then, the belief based proposed resilient estimator is implemented and Fig. 14 shows the result for the state estimation using the resilient estimator (47). After the injection of attack, within a few seconds, the sensors reach consensus on the state estimates, i.e., the state estimates of sensors converge to the actual position of the target. The result in Fig. 14 follows Theorem 6.
VII Conclusion
In this paper, first, we analyze the adverse effects of cyber-physical attacks on the event-triggered distributed Kalman filter (DKF). We show that attacker can adversely affect the performance of the DKF. We also show that the event-triggered mechanism in the DKF can be leveraged by the attacker to result in a non-triggering misbehavior that significantly harms the network connectivity and its collective observability. Then, to detect adversarial intrusions in the DKF, we relax restrictive Gaussian assumption on probability density functions of attack signals and estimate the Kullback-Leibler (KL) divergence via -nearest neighbors approach. Finally, to mitigate attacks, a meta-Bayesian approach is presented that incorporates the outcome of the attack detection mechanism to perform second-order inference and consequently form beliefs over beliefs, i.e., confidence and trust of a sensor. Each sensor communicates its confidence to its neighbors. Sensors then incorporate the confidence of their neighbors and their own trust about their neighbors into their posterior update laws to successfully discard corrupted sensor information. Then, the simulation result illustrates the performance of the presented resilient event-triggered DKF. Future research will focus on addressing the effect of accuracy of the proposed attack detection mechanism on the proposed mitigation mechanism.
Appendix A Proof of Theorem 1
Note that for the notional simplicity, in the following proof, we keep the sensor index but ignore the time-indexing . Without the time index, we represent the prior at time as and follow the same for other variables.
Using the process dynamics in (1) and the corrupted prior state estimate in (16), one has
[TABLE]
where the compromised posterior state estimate follows the dynamics (16). Similarly, using (16), the corrupted posterior state estimation error becomes
[TABLE]
Then, one can write (76)-(77) as
[TABLE]
where
[TABLE]
Based on (4), we define the predictive state estimation error, respectively, under attack as
[TABLE]
Using (78), the corrupted covariance of the prior state estimation error becomes
[TABLE]
Using the corrupted predictive state estimate error in (80) with , one can write the cross-correlated predictive state estimation error covariance as
[TABLE]
where and be the cross-correlated estimation error covariances and their updates are given in (83)-(84).
The cross-correlated estimation error covariance in (82) is given by
[TABLE]
where and denote the cross-correlated estimation error covariances evolve according to (82) and (84). Similarly, is updated based on the expression given by
[TABLE]
Now using (77)-(80), one can write the covariance of posterior estimation error as
[TABLE]
Using (81) and measurement noise covariance, the first two terms of (85) become
[TABLE]
According to Assumption 1, the measurement noise is i.i.d. and uncorrelated with state estimation errors, therefore, the third and fourth terms in (85) become zero. Now in (79) and Assumption 1, the last two terms in (85) can be simplified as
[TABLE]
and
[TABLE]
where the cross-correlated term is updated according to (83). Using (85)-(88), the posterior state estimation error under attacks is given by
[TABLE]
with This completes the proof.
The reference list from the paper itself. Each links out to its DOI / PubMed record.
- 1[1] R. Alur, Principles of Cyber-physical Systems , MIT Press, 2015.
- 2[2] J. Lee, B. Bagheri, and H. Kao, “A cyber-physical systems architecture for industry 4.0-based manufacturing systems” , Manufacturing Letters , vol. 3, pp. 18-23, 2015.
- 3[3] J. Fink, A. Ribeiro, and V. Kumar, “Robust control for mobility and wireless communication in cyber-physical systems with application to robot teams” , Proceedings of the IEEE , vol. 100, no. 1, pp. 164-178, 2012.
- 4[4] A. Mustafa, B. Poudel, A. Bidram and H. Modares, “Detection and Mitigation of Data Manipulation Attacks in AC Microgrids” , IEEE Transactions on Smart Grid , vol. 11, no. 3, pp. 2588-2603, 2020.
- 5[5] C. M. Silva, W. Meira and J. F. M. Sarubbi, “Non-Intrusive Planning the Roadside Infrastructure for Vehicular Networks” , IEEE Transactions on Intelligent Transportation Systems , vol. 17, no. 4, pp. 938-947, 2016.
- 6[6] F. Tatari, M-R Akbarzadeh-T, M. Mazouchi, “A self-organized multi agent decision making system based on fuzzy probabilities: the case of aphasia diagnosis” , Iranian Journal of Fuzzy Systems , vol. 11, no. 6, pp. 21-46, 2014.
- 7[7] K.E. Hemsley, and E. Fisher, History of industrial control system cyber incidents , Idaho National Lab, Idaho Falls, 2015.
- 8[8] P. Rawat, K. D. Singh, H. Chaouchi, and J. M. Bonnin, “Wireless sensor networks: a survey on recent developments and potential synergies” , The Journal of Supercomputing , vol. 68, no. 1, pp. 1-48, 2014.
