Vulnerability Analysis of Nonlinear Control Systems to Stealthy False Data Injection Attacks

TL;DR

This paper analyzes how nonlinear control systems can be vulnerable to undetectable false data injection attacks, providing conditions for vulnerability and methods for designing such stealthy attacks, with implications for system security.

Contribution

It introduces a general notion of stealthiness for false data injection attacks and derives conditions under which nonlinear control systems are vulnerable, considering different attacker knowledge levels.

Findings

Vulnerable systems are those with incrementally exponentially stable closed loops and unstable open loops.

Stealthy attacks can be designed based on system knowledge and stability properties.

State estimation remains accurate under attack if the closed loop with estimator is stable.

Abstract

In this work, we focus on analyzing vulnerability of nonlinear dynamical control systems to stealthy false data injection attacks on sensors. We start by defining the stealthiness notion in the most general form where an attack is considered stealthy if it would be undetected by any intrusion detector, i.e., any intrusion detector could not do better than a random guess. Depending on the level of attacker's knowledge about the plant model, controller, and the system states, two different attack models are considered. For each attack model, we derive the conditions for which the system will be vulnerable to stealthy impactful attacks, in addition to finding a methodology for designing such sequence of false data injection attacks. When the attacker has complete knowledge about the system, we show that if the closed loop system is incrementally exponentially stable while the open loop plant is incrementally unstable, then the system is vulnerable to stealthy yet impactful attacks on sensors. However, in the second attack model, with less knowledge about the system, additional conditions need to be satisfied and the level of stealthiness depends on the accuracy of attacker's knowledge about the system. We also consider the impact of stealthy attacks on state estimation, and show that if the closed loop control system including the estimator is incrementally stable, then the state estimation in the presence of attack converges to the attack free estimates. Finally, we illustrate our results on numerical case studies.