Security Allocation in Networked Control Systems under Stealthy Attacks

TL;DR

This paper addresses security resource allocation in networked control systems under stealthy attacks, using graph theory and game theory to optimize defense strategies against adversaries aiming to maximize disruption.

Contribution

It introduces a probabilistic framework for attack and defense objectives, and provides graph-theoretic conditions and a Stackelberg game approach for optimal security allocation.

Findings

Bounded worst-case impact under certain graph conditions

Defense strategies restricted to dominating sets

Validated approach on a 50-vertex network

Abstract

This paper considers the problem of security allocation in a networked control system under stealthy attacks. The system is comprised of interconnected subsystems represented by vertices. A malicious adversary selects a single vertex on which to conduct a stealthy data injection attack with the purpose of maximally disrupting a distant target vertex while remaining undetected. Defense resources against the adversary are allocated by a defender on several selected vertices. First, the objectives of the adversary and the defender with uncertain targets are formulated in a probabilistic manner, resulting in an expected worst-case impact of stealthy attacks. Next, we provide a graph-theoretic necessary and sufficient condition under which the cost for the defender and the expected worst-case impact of stealthy attacks are bounded. This condition enables the defender to restrict the admissible actions to dominating sets of the graph representing the network. Then, the security allocation problem is solved through a Stackelberg game-theoretic framework. Finally, the obtained results are validated through a numerical example of a 50-vertex networked control system.