Learning-based attacks in Cyber-Physical Systems: Exploration, Detection, and Control Cost trade-offs

TL;DR

This paper analyzes the interplay between learning-based cyber-physical attacks and detection strategies in linear systems, establishing bounds on attack detection time, attacker learning duration, and energy expenditure for reliable detection.

Contribution

It provides tight bounds on deception time, attacker learning duration, and detection energy costs, advancing understanding of attack-defense trade-offs in cyber-physical systems.

Findings

Derived tight bounds on expected deception time.

Established probabilistic lower bounds on attacker learning duration.

Quantified energy expenditure needed for reliable attack detection.

Abstract

We study the problem of learning-based attacks in linear systems, where the communication channel between the controller and the plant can be hijacked by a malicious attacker. We assume the attacker learns the dynamics of the system from observations, then overrides the controller's actuation signal, while mimicking legitimate operation by providing fictitious sensor readings to the controller. On the other hand, the controller is on a lookout to detect the presence of the attacker and tries to enhance the detection performance by carefully crafting its control signals. We study the trade-offs between the information acquired by the attacker from observations, the detection capabilities of the controller, and the control cost. Specifically, we provide tight upper and lower bounds on the expected $\epsilon$-deception time, namely the time required by the controller to make a decision regarding the presence of an attacker with confidence at least $(1-\epsilon\log(1/\epsilon))$. We then show a probabilistic lower bound on the time that must be spent by the attacker learning the system, in order for the controller to have a given expected $\epsilon$-deception time. We show that this bound is also order optimal, in the sense that if the attacker satisfies it, then there exists a learning algorithm with the given order expected deception time. Finally, we show a lower bound on the expected energy expenditure required to guarantee detection with confidence at least $1-\epsilon \log(1/\epsilon)$.