Secure distributed filtering for unstable dynamics under compromised observations
Xingkang He, Xiaoqiang Ren, Henrik Sandberg, Karl Henrik Johansson

TL;DR
This paper develops a secure distributed filtering method for linear systems with unstable dynamics, addressing the challenge of compromised observations by malicious agents, and establishes conditions for bounded estimation errors.
Contribution
It introduces a recursive distributed filter with a saturation scheme and consensus step, linking boundedness conditions to network and system properties, including 2s-sparse observability.
Findings
The proposed filter maintains bounded estimation error under certain conditions.
Sufficient conditions depend on network topology, system structure, and compromised agent subset.
Numerical simulations validate the effectiveness of the method.
Abstract
In this paper, we consider a secure distributed filtering problem for linear time-invariant systems with bounded noises and unstable dynamics under compromised observations. A malicious attacker is able to compromise a subset of the agents and manipulate the observations arbitrarily. We first propose a recursive distributed filter consisting of two parts at each time. The first part employs a saturation-like scheme, which gives a small gain if the innovation is too large. The second part is a consensus operation of state estimates among neighboring agents. A sufficient condition is then established for the boundedness of estimation error, which is with respect to network topology, system structure, and the maximal compromised agent subset. We further provide an equivalent statement, which connects to 2s-sparse observability in the centralized framework in certain scenarios, such that…
Click any figure to enlarge with its caption.
Figure 1
Figure 2
Figure 3
Figure 4Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSmart Grid Security and Resilience · Distributed Control Multi-Agent Systems · Distributed Sensor Networks and Detection Algorithms
Secure distributed filtering for unstable dynamics under compromised observations
Xingkang He, Xiaoqiang Ren, Henrik Sandberg, Karl Henrik Johansson The work is supported by Knut & Alice Wallenberg foundation, and by Swedish Research Council.X. He, X. Ren, H. Sandberg and K. H. Johansson are with Division of Decision and Control Systems, School of Electrical Engineering and Computer Science. KTH Royal Institute of Technology, Sweden ((xingkang,xiaoqren,hsan,kallej)@kth.se).
Abstract
In this paper, we consider a secure distributed filtering problem for linear time-invariant systems with bounded noises and unstable dynamics under compromised observations. A malicious attacker is able to compromise a subset of the agents and manipulate the observations arbitrarily. We first propose a recursive distributed filter consisting of two parts at each time. The first part employs a saturation-like scheme, which gives a small gain if the innovation is too large. The second part is a consensus operation of state estimates among neighboring agents. A sufficient condition is then established for the boundedness of estimation error, which is with respect to network topology, system structure, and the maximal compromised agent subset. We further provide an equivalent statement, which connects to 2s-sparse observability in the centralized framework in certain scenarios, such that the sufficient condition is feasible. Numerical simulations are finally provided to illustrate the developed results.
I Introduction
Cyber-physical systems (CPSs) are systems controlled and monitored by computer-based algorithms. Through a CPS, physical processes and cyber components can be effectively integrated. During the recent years, numerous applications of CPSs such as sensor network, vehicle network, process control, smart grid, etc, have been well investigated in academia and industry. With higher integration of large-scale computer networks and complex physical processes, the CPSs are confronting more security issues both in software and physical layers. Thus, the research topics on CPS security are attracting more and more attention.
In a CPS, sensor observations can be utilized to obtain state estimate or to design output feedback signal to control the physical process. Due to the vulnerabilities of sensors, the attacker may insert faulty data into observations of the compromised sensors. Then, the estimates or controller based on the compromised observations will be unreliable, and even bring tremendous damage to the whole system. Thus, some detection and identification schemes are considered to find out whether the sensors are under attack, and if so how to identify the attack signals inserted to the systems. A study on attack detection and identification for CPSs was given in [1], where the design methods and analysis techniques for centralized and distributed monitors were discussed as well. In [2], the joint distributed attack detection and state estimation was investigated in a Bayesian framework. To obtain attack-resilient state estimates, in the centralized framework, some state estimators or observers were proposed based on optimization techniques [3, 4, 5, 6, 7], recursive implementation [8], and probabilistic approach [9]. Compared with centralized methods, on one hand, the distributed ones have advantages in quite a few aspects, such as the structure robustness, energy saving and parallel processing. On the other hand, in the distributed framework, since each agent has limited information from local observations and neighboring communications, the distributed state estimation methods are essentially different from the centralized ones. In the distributed state estimation under compromised sensors, observer-based methods were studied for byzantine attacks, under which the compromised sensors can send faulty information to other normal sensors [10]. In [11], a distributed observer with attack detection layer was proposed to deal with a class of biasing attacks. Distributed estimation for a static parameter under compromised observations was studied in [12], where the sparse-observability condition was required to guarantee the consistency of the estimator.
In this paper, we study the secure distributed filtering or estimation problem for linear time-invariant systems with bounded noises and unstable dynamics. The main contributions of this paper are three-fold.
- We investigate the secure distributed filtering problem under compromised observations. Unlike [11], we allow that the malicious attacker manipulates the observations arbitrarily for an unknown subset of the agents. Different from [10, 13] requiring some robustness of communication graph, we simply assume the connectivity of the graph.
- We propose a novel secure distributed filtering framework consisting of two parts, which is essentially different from the centralized methods [3, 4, 5, 6, 7, 9, 8] or the distributed methods [11, 10]. The first part employs a saturation-like scheme, which gives a small gain if the innovation is too large. The second part is a consensus operation of state estimates among neighboring agents.
- Different from the analysis methods for static parameter estimation [12, 14], we provide a new analysis approach for unstable system dynamics, and establish a sufficient condition for the boundedness of estimation error. We further provide an equivalent statement, which connects to 2s-sparse observability in the centralized framework in certain scenarios, such that the sufficient condition is feasible.
The remainder of the paper is organized as follows: Section II is on preliminaries and problem formulation. Section III considers the secure distributed filter. Section IV provides the performance analysis for the filter. Section V gives the numerical simulation results. The conclusions of this paper are given in Section VI.
II Problem Formulation
II-A Notations
The superscript “T” represents the transpose. is the set of real matrices with rows and columns. is the -dimensional Euclidean space. stands for the -dimensional square identity matrix. stands for the -dimensional vector with all elements being one. represents the diagonalization operator. is the Kronecker product of and . is the 2-norm of a vector . is the induced 2-norm, i.e., . and are the second minimal eigenvalue and maximal eigenvalue of , respectively.
II-B Graph Preliminaries
In an undirected graph , stands for the set of nodes, is the set of edges. If there is an edge , node can exchange information with node , and node is called a neighbor of node . Let the neighbor set of agent be . The graph is connected if for any pair of nodes , there exists a path from to consisting of edges . is the Laplacian matrix whose definition is referred to [15]. On the connectivity of a graph, we have
Proposition 1
[15]** The undirected graph is connected if and only if .
II-C System model
Consider the following plant observed by agents (e.g., sensors),
[TABLE]
where is the unknown system state, is the process noise, is the observation noise, and is the attack signal inserted by some malicious attacker, all at time . is the observation of agent . Moreover, is the system state transition matrix, and is the observation vector of agent .
Remark 1
The essential problem is to study the influence of scalar attack signal to the estimation performance with certain number of compromised observation elements, like [12]. Thus, we consider the observation equation with scalar outputs for each agent. This conforms with the centralized framework, where each row vector of centralized observation matrix stands for the observation vector of one agent.
Definition 1
(One-step Collective Observability) The system (1) is called one-step collectively observable if is a positive definite matrix.
Remark 2
*On the relation between one-step collective observability, which requires , and -step collective observability (i.e., is observable, where ): If is a diagonal matrix such as , the two definitions are equivalent. For general system matrices, -step collective observability is milder than the one-step collective observability. Notice also that one-step collective observability does not mean local observability, i.e., could be unobservable or undetectable, . *
In this paper, the following assumptions are in need.
Assumption 1
The following conditions hold
[TABLE]
where is the estimate of by agent . Besides, the bounds are known to each agent.
Assumption 2
The system (1) is one-step collectively observable, i.e., . The observation vector is normalized, i.e., .
Assumption 3
The communication graph is undirected and connected, where
Remark 3
To design a non-trivial filtering algorithm with guaranteed bounded estimator error, we assume in Assumption 1. Otherwise, one can easily design a filter such that estimation errors keep bounded. The proposed methods and results also apply to the case where Assumption 2 requires a collective observability condition utilized in the existing literature on distributed estimation [16, 17, 18]. The normalized observation vectors can be obtained by reconstructing the system (1). Different from [10] requiring some robustness of communication graph, the connectivity of Assumption 3 is a standard condition for distributed estimation. If the graph is not connected, the problem can be studied for the connected subgraphs separately.
A typical distributed filtering problem is to design an online filter or state estimator for each agent (e.g., agent ) to estimate the system state by employing the known local noisy observations and the messages received from neighboring agents. However, if observations of some agents are compromised by a malicious attacker, the observation quality may be tremendously affected, which will bring big challenges in design and analysis of distributed filtering algorithms. In the following, we introduce the attack model.
II-D Attack model
To deteriorate the estimation performance of filtering algorithms, the malicious attacker aims to persistently destroy the observation data of some targeted agents. However, due to resource limitation, the attacker has limited power to attack the set of agents. Assume that the set of compromised agents is fixed over time, and consists of no more than agents. Since the knowledge of the attacker makes a big difference to its ability in deteriorating the estimation performance, we assume the following knowledge scope of the attacker.
Assumption 4
The attacker has full knowledge on the system (1), the network topology, and the filter of all agents. Furthermore, the observation can be arbitrary for a compromised agent .
Under Assumption 4, we have
[TABLE]
where is the set of agents whose observations are compromised by the malicious attacker. is the set of normal agents without being affected by the attacker. Note that the sets and are unknown to each agent.
Remark 4
In Assumption 4, we consider the worst scenario on compromised observations that the attacker can access the full information without requiring any concrete attack models, which is more general than results in the existing literature [11].
We further have the following definitions.
Definition 2
(-sparse observability) The linear system defined by (1) is said to be -sparse observable if for every set with , the pair is observable, where is the remaining matrix by removing from .
Definition 3
(One-step -sparse observability) The linear system defined by (1) is said to be one-step -sparse observable if for every set with , the pair , where is the remaining matrix by removing from .
Remark 5
Definition 2 and Definition 3 correspond to the -step (collective) observability (i.e., is observable) and one-step (collective) observability in Definition 1. If the system matrix is diagonal, Definition 2 and Definition 3 are equivalent. In the centralized framework, if the observations of agents are compromised, the system should be -sparse observable to guarantee the effective estimation of system state [19].
II-E Problems of Interest
We mainly consider the following problems in this paper.
-
How to design secure distributed filter for each agent by employing the local noisy observations potentially compromised by the malicious attacker?
-
What conditions can guarantee the bounded estimation error of the distributed filter in presence of the attacker (2). How can we quantify the estimation performance of the distributed filter?
III Secure Distributed Filter:SDCF
In this section, we will design a secure distributed filter for each agent.
We consider the filtering algorithm with two stages, namely, observation update and consensus. In the stage of local observation update, we design a saturation-like scheme to utilize the observation as follows
[TABLE]
where
[TABLE]
Different from the gain designs of common filters or state estimators, the gain in this work is related to the value of innovation (i.e., ). The design of in (4) makes sense, since if the estimation innovation is very large, the observation is more likely to be compromised. By the designed gain , we have , which guarantee that the attacker has limited influence to the local update stage of the filter.
In the consensus stage, we suppose that each agent can communicate with its neighbors for times between two time instants. For
[TABLE]
with and we denote For each communication, agent will transmit its estimate to its neighbors,
Remark 6
The parameter in (4) reflects the usage tradeoff between normal observations and compromised observations. If is very large, then almost all normal observations will be utilized without scaling. But, it will give much space that the attacker can use to deteriorate the estimation performance. If is very small, although the most possible attack signals may be filtered by the designed gain , many normal observations will contribute little to the estimation performance. As a result, the filtering error of each agent will probably be divergent. The condition on will be discussed in next section.
Remark 7
The term is to make the agents reach consensus. The consensus step is vital to guarantee bounded estimation error of distributed filters especially for the case that each subsystem is not observable (i.e., is not observable). The parameter can increase the consensus speed if it is well designed. It can be proven that if the consensus step goes to infinity and the parameter is properly designed, then the estimates will converge to the same vector. However, the consensus step is not required to approximate infinity in this work. The requirement of the step and the design of , related with the system structure and performance demand, is given in next section.
By (3), (4) and (5), we obtain the secure distributed consensus filter (SDCF) in Algorithm 1.
IV Performance analysis
In this section, we will focus on performance analysis of the proposed SDCF algorithm. Specifically, we will study the conditions to guarantee the boundedness of estimation error, and quantify the estimation performance under compromised observations.
For convenience, we denote
[TABLE]
By (3), (5) and (IV), for , we obtain the compact form of recursive state estimates of SDCF in the following
[TABLE]
where is the Laplacian matrix. Define , noting , then we obtain the error dynamics as follows
[TABLE]
where
Remark 8
Since the filtering gain is related to the state estimates and potential compromised observations, the common stability analysis approaches, such as Lyapunov methods, may not be directly utilized to analyze the stability or boundedness of estimation error by its dynamics (IV). This is the main challenge for the problem of distributed recursive filter under compromised observations.
IV-A Boundedness of estimation error
In this subsection, we will study the conditions to guarantee the boundedness of estimation error for the SDCF in Algorithm 1. Denote , where is the agent set such that is minimal within all sets obtained by removing any agents from . Besides, for convenience, we give the following notations
[TABLE]
On the boundedness of estimation error by SDCF in Algorithm 1, we have the following result.
Theorem 1
Let Assumptions 1 - 3 hold and . If there exist a set of scalars , , , such that
[TABLE]
then the estimation error of , i.e., , , satisfies
[TABLE]
Remark 9
The parameters , are given in the implementation of algorithm. Although is a bound of initial estimation error, we can adjust it bigger to meet the requirement.
Remark 10
Theorem 1 shows that by taking proper parameters , the SDCF can guarantee the boundedness of estimator error for a class of unstable dynamics. The condition (10) can be examined offline with global knowledge to provide the parameter design.
IV-B Feasibility of Condition (10)
Since the condition (10) is complex, its feasiblity needs to be testified, i.e., whether there exists a set of positive parameters such that (10) is satisfied. In this subsection, we study the feasibility of (10).
Theorem 2
Condition (10) has a feasible solution on and , if and only if
[TABLE]
Remark 11
Recall , which reflects the one-step sparse observability of the system by removing any agents. Since the compromised subset of agents is fixed over time, we can calculate and compare it with .
The direct relationship between (12) and the one-step sparse observability is given in the following.
Lemma 1
A necessary condition to guarantee is that the system (1) is one-step -sparse observable. If the observation vectors are orthogonal and is a diagonal matrix, then one-step -sparse observability is also a sufficient condition to guarantee .
Remark 12
From Lemma 1 and Theorem 2, on Algorithm 1, we have that if the observations of any agents are under attacks, the system (1) should be one-step -sparse observable to achieve the effective estimation of system state. For the case that is a diagonal matrix, the condition (12) conforms to the centralized framework that the system is -sparse observable [19].
IV-C Proof of Theorem 1
In this subsection, we provide the proof of Theorem 1.
Lemma 2
The following equation holds
[TABLE]
where , .
The following lemma provides an optimal design for the consensus parameter , which is related to the graph topology.
Lemma 3
Under Assumption 3, the following result holds
[TABLE]
with the optimal solution
The following lemma studies the influence of consensus step to the observation innovation part of (IV).
Lemma 4
Let , then the following result holds
[TABLE]
*where *
Let be the estimation error of agent by the filter in Algorithm 1, i.e., . Then we have , where , and and . The idea to analyze the boundedness of estimation error is to find conditions that can guarantee the boundedness of and simultaneously. As a result, the boundedness of can be guaranteed. In the following, Lemma 5 and Lemma 6 study the boundedness of and , respectively.
Lemma 5
Consider Algorithm 1 with , and let Assumptions 1 - 3 hold. If , and then
[TABLE]
where . Furthermore, and
[TABLE]
Remark 13
Lemma 5 shows that the error between each state estimate and the average estimates can be upper bounded by , which is uniformly upper bounded by a constant scalar and has some asymptotic properties w.r.t. consensus step and time .
Lemma 6
Consider Algorithm 1 with , and assume that Assumptions 1 - 3 hold, , and . If
[TABLE]
*then *
[TABLE]
Remark 14
Lemma 6 provides the sufficient condition to guarantee the boundedness of network tracking error (i.e., ). For given and , we can design and based on the condition (15) to guarantee (16).
From (10) and , we can have the condition (15). By Lemma 5, Lemma 6 and the notations in (IV-A), the conclusion of Theorem 1 holds.
V Simulation Results
In this section, we carry out a numerical simulation to show the effectiveness of the proposed algorithm.
Regarding the system (1), we assume with . The observation vectors are randomly selected from the set . The process noise and observation noises , all follow the uniform distribution between . The bounds are assumed to be We suppose the time with sampling interval . The sparse network given in Fig. 1 has nodes with and . We choose , the times of Monto Carlo experiments is . Suppose that the attacker will insert the signal if agent is compromised.
We carry out the numerical simulation by employing the SDCF to study its estimation performance under the above setting. For one realization with consensus step and the number of compromised agents , we obtain the network tracking performance in Fig. 2. It shows that each element of the system state, i.e., and , can be well estimated by agents over the network with small bounded estimation error. The influence of consensus step to the mean values (averaged by 100) of maximal errors among all agents is studied in Fig. 3 with the number of compromised agents , which shows that a bigger consensus step can lead to smaller estimation error. In Fig. 4 with , we investigate the influence of compromised agent number to the estimation error. We see that with the increasing of compromised number, the estimation errors will become larger, and even diverge when the number is 66. The phenomena conform with former analysis, since not enough information can support an effective estimator if too many agents are compromised. Based on the above results, the utility of the proposed SDCF is validated.
VI Conclusions
This paper studied the secure distributed filtering problem for linear time-invariant systems with bounded noises and unstable dynamics under compromised observations. We considered a general case that a malicious attacker can compromise a subset of agents and manipulate the observations arbitrarily. First, we proposed a consensus-based distributed filter by employing a saturation-like scheme, which gives a small gain if the innovation is too large. Then, we provided a sufficient condition to guarantee the boundedness of estimation error by each agent. The feasibility condition was analyzed through an equivalent statement, which connects to 2s-sparse observability in the centralized framework in certain scenarios.
The reference list from the paper itself. Each links out to its DOI / PubMed record.
- 1[1] F. Pasqualetti, F. Dörfler, and F. Bullo, “Attack detection and identification in cyber-physical systems,” IEEE Transactions on Automatic Control , vol. 58, no. 11, pp. 2715–2729, 2013.
- 2[2] N. Forti, G. Battistelli, L. Chisci, S. Li, B. Wang, and B. Sinopoli, “Distributed joint attack detection and secure state estimation,” IEEE Transactions on Signal and Information Processing over Networks , vol. 4, no. 1, pp. 96–110, 2018.
- 3[3] M. Pajic, I. Lee, and G. J. Pappas, “Attack-resilient state estimation for noisy dynamical systems,” IEEE Transactions on Control of Network Systems , vol. 4, no. 1, pp. 82–92, 2017.
- 4[4] M. Pajic, J. Weimer, N. Bezzo, O. Sokolsky, G. J. Pappas, and I. Lee, “Design and implementation of attack-resilient cyberphysical systems: With a focus on attack-resilient state estimators,” IEEE Control Systems Magazine , vol. 37, no. 2, pp. 66–81, 2017.
- 5[5] H. Fawzi, P. Tabuada, and S. Diggavi, “Secure estimation and control for cyber-physical systems under adversarial attacks,” IEEE Transactions on Automatic control , vol. 59, no. 6, pp. 1454–1467, 2014.
- 6[6] Y. Shoukry, P. Nuzzo, A. Puggelli, A. L. Sangiovanni-Vincentelli, S. A. Seshia, and P. Tabuada, “Secure state estimation for cyber-physical systems under sensor attacks: A satisfiability modulo theory approach,” IEEE Transactions on Automatic Control , vol. 62, no. 10, pp. 4917–4932, 2017.
- 7[7] D. Han, Y. Mo, and L. Xie, “Convex optimization based state estimation against sparse integrity attacks,” IEEE Transactions on Automatic Control , 2019.
- 8[8] Y. Nakahira and Y. Mo, “Attack-resilient ℋ 2 subscript ℋ 2 \mathcal{H}_{2} , ℋ ∞ subscript ℋ \mathcal{H}_{\infty} , and ℋ 1 subscript ℋ 1 \mathcal{H}_{1} state estimator,” IEEE Transactions on Automatic Control , vol. 63, no. 12, pp. 4353–4360, 2018.
