Cyber Security of Sensor Systems for State Sequence Estimation: an AI Approach

TL;DR

This paper introduces novel AI-based methods to detect and mitigate sensor data attacks in sensor systems, ensuring accurate state sequence estimation without prior knowledge of attack specifics.

Contribution

It develops the first data-driven, machine learning-based techniques for identifying and eliminating attacked sensor data in sequence estimation, resilient against powerful attack models.

Findings

Simple protection approach performs nearly as well as known-attack methods.

Additional processing reduces worst-case degradation under informed attacks.

Methods rely solely on unattacked training data.

Abstract

Sensor systems are extremely popular today and vulnerable to sensor data attacks. Due to possible devastating consequences, counteracting sensor data attacks is an extremely important topic, which has not seen sufficient study. This paper develops the first methods that accurately identify/eliminate only the problematic attacked sensor data presented to a sequence estimation/regression algorithm under a powerful attack model constructed based on known/observed attacks. The approach does not assume a known form for the statistical model of the sensor data, allowing data-driven and machine learning sequence estimation/regression algorithms to be protected. A simple protection approach for attackers not endowed with knowledge of the details of our protection approach is first developed, followed by additional processing for attacks based on protection system knowledge. In the cases tested for which it was designed, experimental results show that the simple approach achieves performance indistinguishable, to two decimal places, from that for an approach which knows which sensors are attacked. For cases where the attacker has knowledge of the protection approach, experimental results indicate the additional processing can be configured so that the worst-case degradation under the additional processing and a large number of sensors attacked can be made significantly smaller than the worst-case degradation of the simple approach, and close to an approach which knows which sensors are attacked, for the same number of attacked sensors with just a slight degradation under no attacks. Mathematical descriptions of the worst-case attacks are used to demonstrate the additional processing will provide similar advantages for cases for which we do not have numerical results. All the data-driven processing used in our approaches employ only unattacked training data.