Optimal Myopic Attacks on Nonlinear Estimation

TL;DR

This paper develops a framework for optimal attack strategies on nonlinear estimation systems, specifically targeting extended Kalman filters, and provides practical methods for real-time attack computation with bounded deviations.

Contribution

It introduces a novel class of optimal attacks on nonlinear estimation, with practical relaxations and bounds, extending security analysis beyond linear systems.

Findings

Optimal attacks reduce detection effectiveness of EKF with $oldsymbol{ ext{chi}}^2$ detection.

Convex quadratically-constrained quadratic programs (QCQPs) characterize attack optimization.

Relaxations enable real-time attack computation with bounded deviation from optimality.

Abstract

Recent high-profile incidents have exposed security risks in control systems. Particularly important and safety-critical modules for security analysis are estimation and control (E&C). Prior works have analyzed the security of E&C for linear, time-invariant systems; however, there are few analyses of nonlinear systems despite their broad use. In an effort to facilitate identifying vulnerabilities in control systems, in this work we establish a class of optimal attacks on nonlinear E&C. Specifically, we define two attack objectives and illustrate that realizing the optimal attacks against the widely-adopted extended Kalman filter with industry-standard $\chi^2$ anomaly detection is equivalent to solving convex quadratically-constrained quadratic programs. Given an appropriate information model for the attacker (i.e.,~a specified amount of attacker knowledge), we provide practical relaxations on the optimal attacks to allow for their computation at runtime. We also show that the difference between the optimal and relaxed attacks is bounded. Finally, we illustrate the use of the introduced attack designs on a case-study.