Resilient and secure remote monitoring for a class of cyber-physical systems against attacks

Resilient and secure remote monitoring for a class of cyber-physical systems against attacks

Resilient and secure remote monitoring for a class of cyber-physical systems against attacks Journal Pre-proof Resilient and secure remote monitorin...

1008KB Sizes 0 Downloads 19 Views

Resilient and secure remote monitoring for a class of cyber-physical systems against attacks

Journal Pre-proof

Resilient and secure remote monitoring for a class of cyber-physical systems against attacks Xiaohua Ge, Qing-Long Han, Xian-Ming Zhang, Derui Ding, Fuwen Yang PII: DOI: Reference:

S0020-0255(19)31025-4 https://doi.org/10.1016/j.ins.2019.10.057 INS 14973

To appear in:

Information Sciences

Received date: Revised date: Accepted date:

30 July 2019 1 October 2019 25 October 2019

Please cite this article as: Xiaohua Ge, Qing-Long Han, Xian-Ming Zhang, Derui Ding, Fuwen Yang, Resilient and secure remote monitoring for a class of cyber-physical systems against attacks, Information Sciences (2019), doi: https://doi.org/10.1016/j.ins.2019.10.057

This is a PDF file of an article that has undergone enhancements after acceptance, such as the addition of a cover page and metadata, and formatting for readability, but it is not yet the definitive version of record. This version will undergo additional copyediting, typesetting and review before it is published in its final form, but we are providing this version to give early visibility of the article. Please note that, during the production process, errors may be discovered which could affect the content, and all legal disclaimers that apply to the journal pertain. © 2019 Published by Elsevier Inc.

Resilient and secure remote monitoring for a class of cyber-physical systems against attacks Xiaohua Gea , Qing-Long Hana,∗, Xian-Ming Zhanga , Derui Dinga , Fuwen Yangb a School

of Software and Electrical Engineering, Swinburne University of Technology, Melbourne, VIC 3122, Australia School of Engineering and Built Environment, Griffith University, Gold Coast, QLD 4222, Australia

b Griffith

Abstract This paper is concerned with the resilient and secure remote monitoring of a cyber-physical system of a discrete timevarying state-space form against attacks. The specific statistical characteristic, magnitude, occurring place and time of the attack signals are not required during the monitor design and attack detection procedures. First, an optimal ellipsoidal state prediction and estimation method is delicately developed in such a way that the recursively computed prediction ellipsoid and estimate ellipsoid can both guarantee the containment of the true system state at each time step regardless of the unknown but bounded input signal. It is expected that the two ellipsoids can resist certain attacks as the calculated state prediction and state estimate are sets in state-space rather than single pointwise vectors, thus potentially enhancing the resilience of the remote monitoring system. Second, a set-based evaluation mechanism in combination with a remedy measure are proposed to provide timely detection of certain attacks. Furthermore, a numerically efficient algorithm is established to achieve resilience and attack detection of the remote monitoring system. Finally, it is shown through several case studies on a water supply distribution system that the proposed methods can provide quantitative analysis and evaluation of the potential consequences of various attacks on the remote monitoring system. Keywords: Cyber-physical system, resilient monitoring, attack detection, ellipsoidal estimation, water supply distribution system, false data injection attack, covert attack.

1. Introduction Cyber-physical systems (CPSs) enable a grand vision for guaranteeing reliable and safe operation of modern critical infrastructure, such as electric power grids, water supply distribution and irrigation systems, gas supply distribution systems, intelligent transportation systems, air traffic control systems and so on [7]. Such a CPS in general involves a cyber layer constituting communication devices, state estimator/monitor, detector, controller and other functions, and a physical layer consisting of a number of physical components such as sensors, actuators and other equipments. CPSs depend heavily on a communication network to provide a two-way communication for exchanging sensor observations and control commands across the cyber and physical layers because of their intrinsic features including geographic dispersal and real-time information exchange. The communication network increases the flexibility and scalability of the entire system configuration by enabling more components to access the network medium, meanwhile, bringing more opportunities to security threats on both the cyber and physical infrastructure. This has been witnessed by several security-related incidents in various industrial CPSs over the past decades, such as the physical insider attack on a communication-control system of the waster water treatment stations in Maroochy Shire, Queensland, Australia in 2000 [29]; the cyber StuxNet virus attack on an industrial supervisory control and data acquisition (SCADA) system of Iran’s nuclear facility in 2010 [19]; the physical pump-off attack on a SCADA control system of the city water utility in Springfield, IL in 2011 [41]; and the malicious cyber attack on a power control centre of ∗ This work was supported in part by the Australian Research Council Discovery Project under Grant DP160103567. Corresponding author: Q.-L. Han, tel.: +61 3 9214 3808; e-mail: [email protected]

Preprint submitted to Information Sciences

November 5, 2019

a Ukrainian electricity distribution company in 2015 [10]. These incidents have greatly raised awareness of the need for resilient and secure monitoring and control solutions for practical CPSs. The basic security mechanisms against attacks can be arguable divided into three categories: prevention, detection and resilience (or survivability). More specifically, prevention mechanisms often rely on information assurance techniques (e.g., cryptography, access control, authentication) to defend data confidentiality [3, 25]. However, these techniques essentially do not exploit the compatibility of data with the dynamics of the underlying physical system and they are ineffective or even inoperative against insider or sophisticated attackers targeting the dynamics of the physical system. In this sense, the system operators need to carefully monitor the physical system so that successful attacks that are undetectable from the computer and IT side can be effectively perceived and timely responded. Therefore, detection mechanisms aim at developing valid attack detection strategies that can alert the anomalies caused by attacks and further allow the system operators to take corrective or recovery actions. Resilience mechanisms, however, incarnate the ability of a CPS to remain in operation or, if not possible, to provide graceful-degradation of performance regardless of attacks on the cyber and physical infrastructure. Classical control theory based approaches such as robust filtering and control provide useful insights and inspiration for the design of resilient monitors (or estimators) so as to withstand the negative impacts of certain attacks on the system performance and operation [14]. This can be done by modeling attack signals as system disturbance and further assuming that attack signals are bounded [14, 21] or follow specific statistical properties [8, 16, 34]. On the other hand, one may treat attacks as random data losses or random topology variations in terms of probability or jumping/switching so that the extensive results in networked control systems subject to random data losses or random network topologies can be employed to evaluate the attack impact, see, e.g., [30] on Bernoulli-type attacks and [5, 37] on Markovian-type attacks. However, it should be stressed that the attack incurred perturbation or data losses need not follow specific statistical properties such as the prescribed probability distribution and probability transition. As a matter of fact, when the statistical characteristics of attack signals are not fully known, the performance of some existing resilient monitors might degrade catastrophically if the actual values of these parameters deviate significantly from those are assumed in the analysis and design [3]. Apart from that, game theory provides another valid approach to achieve the suitable trade-off between system robustness, security and resilience [43]. For example, in such a game-theoretic framework, the interaction between the adversary (e.g., the denial-of-service attacker) and the system operator (e.g., the transmitter or the monitor or the controller) is formulated as a zero-sum dynamic game, see, e.g., [39, 40]. An emphasis can then be laid on deriving an optimal strategy for the adversary such that the impact of the malicious attack on the system performance is maximized. A substantial amount of research has been carried out in analyzing and detecting possible anomalies in CPSs, namely deviations from the nominal system behavior caused by failures or attacks, by resorting to conventional fault diagnosis tools [6, 17, 36] coined over decades ago. These anomaly detectors should be sufficiently sensitive with respect to the anomalies. More specifically, the design of such an anomaly detector involves two steps: residue generation and residue evaluation. A residue is first generated by a state observer or a Kalman filter, and then evaluated via thresholding or statistical hypothesis tests so as to detect and locate existing anomalies, which popularizes the so-called observer-based fault detection filter and Kalman filter based χ2 failure detector. Nevertheless, it should be mentioned that most existing anomaly detectors are sensitive to the generally unknown and non-Guassian disturbance and noise [18, 22, 38]. Besides, they are often designed to detect and react to random or benign faults rather than malicious attacks. Although faults and attacks can both cause unpredictable changes in the dynamical behavior of physical systems and thus can be modeled in a similar manner, they, in most cases, possess inherently distinct characteristics in terms of occurring place, occurring duration, stealthiness, maliciousness and so on. It is also noteworthy that the majority of existing results of attack resilience and attack detection assume either stateless model, linear time-invariant system model, or undisturbed/noiseless system model. This greatly simplifies and favors the monitor and anomaly detector since the evolution of the system is deterministic and any deviation from the predetermined trajectory will be easily detected [22]. Motivated by the observations above, in this paper, we will investigate the problems of resilient monitoring and attack detection of a more realistic CPS where the physical system of time varying state-space model suffers from the simultaneous sophisticated attacks and unknown but bounded (UBB) input signal. In this case it is non-trivial to diagnose the malicious behavior since an adversary may inject an attack that inflicts a large perturbation on the system state, while only causing slight variation in the sensor measurements, as will be shown in the case studies of this paper. In contrast to the specific statistical requirements, only hard bounds of the unknown input signals will be necessary, 2

which represents the least knowledge of the unknown input [12]. Without limiting to a particular type of attacks, a general attack model will be studied, which does not expose any a priori assumption on the statistical characteristic, magnitude, occurring place or time of the attack signals. This allows one to explore more categories of attacks and evaluate their potential consequences on the resilient monitoring and detection performance. The main contributions are summarized as follows. First, a delicate optimal ellipsoidal prediction and estimation method will be developed to tackle the UBB input signals. Two ellipsoidal sets of state prediction and state estimate will be recursively calculated, which both guarantee to enclose all the admissible system states at each time step during the normal operation of the remote monitoring system. Given the actual state prediction and estimate are sets in state-space rather than single pointwise vectors computed by some traditional estimation methods such as H∞ estimation and Kalman filtering, it is expected that the two bounding ellipsoidal regions can tolerate certain attacks, namely, increasing the resilience of the remote monitoring system. Second, a set-based evaluation mechanism will be presented to alert the attack occurrence in a timely manner. This will be done by checking the intersection of the two ellipsoidal sets at each time step. Third, a computationally efficient resilient and secure monitoring algorithm will be provided to achieve the potential resilience and attack detection performance of the remote monitoring system. Finally, case studies on a SCADA water supply distribution system under various attack scenarios will be conducted to demonstrate the efficiency and limitation of the proposed methods on resilience and security guarantees of the SCADA monitoring system. The reminder of this paper is organized as follows. Section 2 formulates the resilient and secure monitoring problem to be addressed. Section 3 presents the main results on resilient monitoring and attack detection. Section 4 provides an application of the derived results to a SCADA water supply distribution system under various attack scenarios. Section 5 concludes the paper. Notation: Rn stands for the n-dimensional Euclidean space. k · k denotes the induced matrix 2-norm or the Euclidean vector norm as appropriate. The trace of an n × n square matrix P is denoted by trace(P), which represents the sum of the elements on the main diagonal of P. N denotes the set of nonnegative integers. diag{·} represents a diagonal matrix with suitable blocks. [·, ·] stands for a row vector with suitable blocks, while [·; ·] denotes a column T vector with suitable blocks. I is an identity matrix with an appropriate dimension. S 1 S 2 stands for the intersection of two sets S 1 and S 2 . Ø denotes an empty set. The superscript “T ” denotes the transpose of a matrix with vectors as a special case. Matrices, if not explicitly stated, are assumed to have appropriate dimensions. 2. Problem Formulation 2.1. State-Space Model of A Physical System A general architecture of a CPS involves a physical layer, a cyber layer and some communication network meidum. The physical layer consists of a number of physical components such as sensors and actuators, and the cyber layer is comprised of communication devices, and monitoring and controlling elements. In this paper, we consider a physical system which is described by a linear time-varying state-space model of the following general form ( sk+1 = Ak sk + Bk uk + Bdk dk + Bak ak (1) P: yk = Ck sk + Ddk dk + Dak ak where k ∈ N denotes the sampling time; sk ∈ Rns is the system state vector; uk ∈ Rnu represents the known control input implemented to the system through actuators; yk = [y1,k , y2,k , · · · , yny ,k ]T ∈ Rny stands for the stacked system output measurements received by the remote monitor from a set of ny spatially deployed sensors over the communication network; dk ∈ Rnd represents the generally benign unknown input (e.g., external disturbance, process noise, uncertainty, modeling error); ak ∈ Rna denotes the vector of unknown malicious attacks at time k which may affect the system state equation and sensor measurement equation in a coordinated way; s0 is the system’s initial state vector; and Ak , Bk , Bdk , Bak , Ck , Ddk , and Dak are real-valued time-varying matrices. The system P is considered to be in healthy condition or normal operation if ak ≡ 0 for all k ∈ N. Definition 1. For a real vector b ∈ Rn and a real-valued matrix P = PT > 0, an ellipsoid enclosing a real vector a ∈ Rn is denoted by S(P, b) , {a : (a − b)T P−1 (a − b) ≤ 1}, where P represents the shape matrix and b represents the center of the ellipsoid, respectively. 3

Physical attack Unknown input dk Control input uk

System sk+1

S Sensor

Cyber attack Communication yk+1 Remote Monitor & Detector Network

State estimate xk+1|k+1 Alarm

Figure 1: Remote monitoring and detection of a CPS under cyber-physical attacks

Remark 1. An alternative description of the ellipsoid S(P, b) is given by {a : a = b + Ec}, where E ∈ Rn×m satisfying P = EE T > 0 and rank(E) = m ≤ n is a lower triangular matrix with all positive diagonal elements and kck ≤ 1 [15]. In particular, the center can be set as b = 0, which leads to a zero-centered ellipsoid S(P). Besides, the shape matrix can be generally time-varying, which allows the ellipsoidal bounds to be adjusted from time to time. Assumption 1. The input dk is unknown but bounded (UBB) and confined to the following ellipsoid Sdk (R) , {dk : dkT R−1 k dk ≤ 1}

(2)

where Rk = RTk > 0 is a real-valued time-varying matrix. Assumption 2. The initial system state s0 resides in the following ellipsoid S0|0 (x, P) , {s0 : (s0 − x0|0 )T P−1 0|0 (s0 − x0|0 ) ≤ 1}

(3)

where P0|0 = PT0|0 > 0 is a real-valued known matrix and x0|0 denotes the initial state estimate. Remark 2. To monitor the dynamical behavior of the system P subject to unknown input dk , some existing approaches can be roughly classified into two types: stochastic approaches and deterministic approaches. More specifically, the stochastic approach often imposes some a priori assumptions on the statistical properties (such as probability distribution) of the unknown input signal. The emphasis is then laid on minimizing the variance of the state estimate error between the estimated state and the true system state. A typical example using this approach is the state estimator based on Kalman filtering. The deterministic approach, however, only requires some hard bounds of the unknown input signal, under which the state estimate is then characterized as a compact set enclosing all the possible system states that are consistent with the unknown input. Note that different set representations including parallelotopes [4], zonotopes [1, 20, 26], and ellipsoids [2, 12, 15] can be employed to evaluate the bounding estimation performance, while there is a trade-off between the estimation accuracy and the computational complexity. In this paper, ellipsoids are employed because of their formulation simplicity and satisfactory estimation accuracy. Remark 3. It is generally believed that the unknown input appearing in the system state equation and the measurement equation is inherently distinct. For example, the system state evolution normally suffers from the external disturbance input (or the process noise), sensor measurement can be contaminated by measurement (or communication) noise, and both system state and measurement can be affected by the accidental faults caused by equipment wear and tear, environment changes and runtime errors. Denote by wk ∈ Rnw the system’s external disturbance, fk ∈ Rn f the fault, and vk ∈ Rnv the sensor measurement noise, respectively. Furthermore, let dk = [wk ; vk ; fk ], Bdk = [Bwk , 0, Bkf ], and Ddk = [Dwk , Dk , Dkf ]. Then the corresponding system is transformed into (

sk+1 = Ak sk + Bk uk + Bwk wk + Bkf fk + Bak ak yk = Ck sk + Dk vk + Dwk wk + Dkf fk + Dak ak

(4)

which can be regarded as a special case of the system P and thus the subsequent results developed for the system P can also be applied to system (4).

4

2.2. Model of Attacks A sophisticated adversary is capable of launching various types of attacks at different places of the CPS. For example, the adversary may launch either physical attacks on the system, or cyber attacks on the sensor measurements, or both cyber-physical attacks in a stealthy way so as to compromise the remote monitoring system, as shown in Figure 1. The adversary’s strategy can be arguably characterized by its destructiveness and stealthiness [42]. Further, the destructiveness can be described by the following two factors: the attack duration and the attack profiles. To facilitate the subsequent analysis and design, denote by Ta = {k0 , k0 + 1, · · · , kL } the attack duration and by Fa = {Θ1 , Θ2 , · · · , ΘL } the attack profiles, where k0 denotes the unknown attack start time, kL = k0 + L − 1 represents the unknown attack stop time, and Θ1 , Θ2 , · · · , ΘL ∈ Rna are some unknown and arbitrary non-zero vectors. The adversary performs their malicious actions by designing the attack vector ak as follows ( Θk−k0 +1 , k ∈ Ta ak = (5) 0, k < Ta . Rewrite the attack vector as ak = [aks ; auk ; ayk ], where aks ∈ Rns denotes the attack vector of the system state and auk ∈ Rnu denotes the attack vector of the control signals, which can be designed arbitrarily dependent on the adversary’s purpose and resources available, and ayk ∈ Rny represents the attack vector of the sensor measurements. Since aks and auk both lead to deflections in the system state, they can be grouped into a single attack vector akp = [aks ; auk ]. Accordingly, the attack matrices Bak and Dak in (1) can be decomposed as Bak = [Bkpa , 0] and Dak = [Dkpa , Dya k ]. Remark 4. In real-world applications, the attack matrices Bak and Dak are normally derived from the physical configuration of the system and its components such as sensors and actuators. From this perspective, the adversary may require the a priori system model knowledge, such as having access to the actuators and gaining unrestricted access to the communication networks, to successfully initiate the malicious attacks. Whereas, from the system operators’ perspective, these attack matrices are known in advance. Indeed, with these matrices, the system operators can conveniently characterize the different attack models. For example, by letting Bkpa = [0, Bk ], the system operators are able to investigate the effect of physical attacks on the actuator(s) or cyber attacks on the control data; by letting Bkpa = [Ak , 0], the effect of physical attacks on the system state can be explored; by letting Dkpa = 0 and Dya k = I, the effect of cyber attacks on all sensor measurements can be examined. The stealthiness of an attack relies on the adversary’s a priori system knowledge and available resources. To render an attack fully stealthy and undetectable, the adversary needs to coordinate the attack vector akp and the attack vector ayk for disrupting the CPS. This can be done by applying some pre-defined physical attacks to the plant while using some cyber attacks to cover the changes within the measurements so as to render the attacks stealthy to the detector. In the following, we revisit a covert (stealthy) attack model which was introduced in [31] ( a sk+1 = Ak sak + Bak ak , {sak }k≤k0 = 0 (6) yak = Ck sak + Dak ak where sak = sk − shk ∈ Rns denotes the system state component induced by the attack, shk is the system state component under no attack, and yak is the output of the attack model. The principle of the above covert attack strategy is that the adversary first disrupts the system state from its normal values, causing considerable changes in the sensor measurements, and then manipulates the sensor measurements to conceal these changes in such a way that the actually received measurements at the control center appear the same as those without attack. It should be noted that the covert attack in (6) is stealthy to any anomaly detector if yak = 0 and Dya k = I, i.e., the measurements on all sensors are compromised [9, 31]. 2.3. Remote Monitor We are interested in the problem of remote monitoring of the system P. It is thus assumed that the CPS (1) can be actuated appropriately via some well-designed control inputs/commands uk , as demonstrated in Figure 1. Moreover, the monitor is deployed within a remote control center and therefore only has access to the received current sensor 5

measurement yk+1 and the control command uk to evaluate the dynamical behavior of the system. The remote monitor M is then modeled as     xk+1|k+1 , xk+1|k = M uk , yk+1 (7)

where xk+1|k+1 ∈ Rns represents the state estimate of the system state at time k + 1 and xk+1|k ∈ Rns denotes the one-step ahead state prediction at time k. 2.4. State Prediction Ellipsoid and State Estimate Ellipsoid For any k ∈ N, we define the prediction error as ek+1|k = sk+1 − xk+1|k and the estimate error as ek+1|k+1 = sk+1 − xk+1|k+1 . Then, the following two ellipsoids that guarantee to contain the true system state sk+1 at time k + 1 are introduced. Definition 2. Given the real-valued matrix sequences Pk+1|k = PTk+1|k > 0 and Pk+1|k+1 = PTk+1|k+1 > 0, the following two ellipsoids Sk+1|k (x, P) , {sk+1 : eTk+1|k P−1 k+1|k ek+1|k ≤ 1}

Sk+1|k+1 (x, P) , {sk+1 :

eTk+1|k+1 P−1 k+1|k+1 ek+1|k+1

(8) ≤ 1}

(9)

are referred to as the state prediction ellipsoid and the state estimate ellipsoid at time k + 1, respectively, for the system state sk+1 evolving in the form of (1). With the two well-defined ellipsoids containing all possible system states for system (1), the design problem of the remote monitor M is converted into the recursive computation of the two compact sets Sk+1|k (x, P) and Sk+1|k+1 (x, P). 2.5. A Resilient and Secure Monitoring Problem To deal with the UBB input and the unknown attacks, we divide the resilient and secure monitoring problem to be addressed into the following two subproblems. • (Guaranteed State Prediction and State Estimation) Determine a state prediction ellipsoid of the form Sk+1|k (x, P) and a state estimate ellipsoid of the form Sk+1|k+1 (x, P) at each sampling time k + 1 such that the two bounding ellipsoids are guaranteed to enclose all possible system states sk+1 that are consistent with the UBB input dk ∈ Sdk (R) of the form (2); and • (Attack Detection) Develop an effective attack detection mechanism D of the following form   alarmon|off = D Sk+1|k (x, P), Sk+1|k+1 (x, P)

(10)

such that the attack occurrence can be perceived and alerted in a timely manner.

3. Main Results In this section, we will first provide criteria for designing the desired remote monitor M and thus the two ellipsoidal sets Sk+1|k (x, P) and Sk+1|k+1 (x, P). We will then provide a set-based detection approach to alert the attack occurrence. Furthermore, we will present a numerically efficient resilient and secure monitoring algorithm that solves the concerned problem in a recursive manner.

6

3.1. Guaranteed State Prediction and State Estimation The following two theorems provide sufficient conditions on the existence of the optimal ellipsoidal state prediction set Sk+1|k (x, P) and the ellipsoidal state estimate set Sk+1|k+1 (x, P) at each sampling time k accounting for the UBB input dk . Theorem 1. Given a state estimate ellipsoid Sk|k (x, P) with the center xk|k and the shape matrix Pk|k at sampling time k, if there exist real-valued matrix sequences Pk+1|k > 0, Fk , and scalar sequences m,k > 0, m = 1, 2, such that the following convex optimization problem (OP 1) is solvable minimize

Pk+1|k >0,Fk ,m,k >0,m=1,2

trace(Pk+1|k )

subject to " # −Pk+1|k Φk ≤0 ΦTk Λk

(11)

T where Φk = [(Ak −Fk )xk|k , Ak Ek|k , Bdk ], Λk = diag{1,k +2,k −1, −1,k I, −2,k R−1 k } and E k|k is obtained from Pk|k = E k|k E k|k , then the current system state sk+1 is guaranteed to be enclosed by its state prediction ellipsoid Sk+1|k (x, P) defined in (8) at time k + 1 for any dk ∈ Sdk (R) of the form (2) with its center xk+1|k calculated by the following state predictor ( xk+1|k = Fk xk|k + Bk uk (12) yk+1|k = Ck+1 xk+1|k

where yk+1|k ∈ Rny stands for the measurement prediction and Fk represents the predictor gain parameter obtained from (11). T Proof : Recalling eTk|k P−1 k|k ek|k ≤ 1 at time k, by virtue of Schur complement, one has that (sk − xk|k )(sk − xk|k ) ≤ T Pk|k = Ek|k Ek|k , where Ek|k is a lower triangular matrix whose elements on the diagonal are positive. Setting z sk = −1 Ek|k (sk − xk|k ), we get −T −1 zTsk z sk = eTk|k Ek|k Ek|k ek|k = eTk|k P−1 k|k ek|k ≤ 1

(13)

which means that there exists a vector z sk satisfying kz sk k ≤ 1 such that sk = xk|k + Ek|k z sk . In light of system state equation (1) with ak ≡ 0 and (12) and the first state prediction equation of (12), calculating the one-step ahead prediction error yields ek+1|k = sk+1 − xk+1|k = (Ak − Fk )xk|k + Ak Ek|k z sk + Bdk dk . Denote φk = [1; z sk ; dk ]. Then one has that ek+1|k = Φk φk , where Φk is give in (11). Thus, the quadratic prediction error constraint eTk+1|k P−1 k+1|k ek+1|k ≤ 1 can be rewritten as   φTk ΦTk P−1 k+1|k Φk + diag{−1, 0, 0} φk ≤ 0.

(14)

T On the other hand, from (2) and (13), one has that φTk diag{1, 0, −R−1 k }φk ≥ 0 and φk diag{1, −I, 0}φk ≥ 0. Applying S -procedure, inequality (14) hods if there exist positive scalar sequences m,k > 0, m = 1, 2, such that φTk ΦTk P−1 k+1|k Φk  +diag{−1, 0, 0} +1,k diag{1, −I, 0} +2,k diag{1, 0, −R−1 } φ ≤ 0, which can be rewritten as (11) by resorting to the k k Schur complement. The feasibility of (11) shows how to determine the ellipsoidal state prediction set Sk+1|k (x, P) at each sampling time, while it does not guarantee an optimal ellipsoid. For this purpose, OP 1 is introduced to minimize the trace of the shape matrix Pk+1|k . This completes the proof. 

Theorem 2. Given a state prediction ellipsoid Sk+1|k (x, P) with the center xk+1|k and the shape matrix Pk+1|k at sampling time k + 1, if there exist real-valued matrix sequences Pk+1|k+1 > 0, Gk+1 , Hk+1 , and scalar sequences m,k > 0, m = 3, 4, such that the following convex optimization problem (OP 2) is solvable minimize

Pk+1|k+1 >0,Gk+1 ,Hk+1 ,m,k >0,m=3,4

7

trace(Pk+1|k+1 )

subject to " −Pk+1|k+1 ˜T Φ k

˜k Φ ˜ Λk

#

≤0

(15)

˜ k = diag{3,k + 4,k − 1, −3,k I, −4,k R−1 }, and Ek+1|k ˜ k = [(I − Gk+1 )xk+1|k , (I − Hk+1Ck+1 )Ek+1|k , −Hk+1 Dd ], Λ where Φ k+1 k+1 T is obtained from Pk+1|k = Ek+1|k Ek+1|k , then the current system state sk+1 is guaranteed to reside in its state estimate ellipsoid Sk+1|k+1 (x, P) defined in (9) at time k + 1 for any dk ∈ Sdk (R) of the form (2) with its center xk+1|k+1 given by the following state estimator ( xk+1|k+1 = Gk+1 xk+1|k + Hk+1 rk+1 (16) rk+1 = yk+1 − yk+1|k where rk+1 ∈ Rny stands for the measurement discrepancy at time k + 1, and Gk+1 and Hk+1 are the estimator gain parameters obtained from (15). T T Proof : Recalling eTk+1|k P−1 k+1|k ek+1|k ≤ 1 at time k+1, one has that (sk+1 −xk+1|k )(sk+1 −xk+1|k ) ≤ Pk+1|k = E k+1|k E k+1|k , where Ek+1|k is a lower triangular matrix whose elements on the diagonal are positive. Similarly, there exists a vector zyk satisfying kzyk k ≤ 1 such that sk+1 = xk+1|k + Ek+1|k zyk . In light of (1) with ak ≡ 0 and (16), calculating the one-step ˜ k φ˜ k , where Φ ˜ k is give in (15) and φ˜ k = [1; zyk ; dk+1 ]. The rest of the proof ahead estimate error yields ek+1|k+1 = Φ follows the similar procedure as that of Theorem 1, which leads to (15). This completes the proof. 

Remark 5. It is shown that the proposed guaranteed state prediction and estimation problem can be cast into the feasibility problem of a set of recursive linear matrix inequalities in (11) and (15), through which the gain parameter matrices for the state predictor and state estimator as well as the shape matrices for the two ellipsoids can be recursively solved out. As long as (11) and (15) are feasible, the two ellipsoids guarantee the enclosing of the true system state sk+1 regardless of the UBB input dk . Although the attack impact is not taken into account during the state prediction and estimate procedures, the following two points should be noted: i) The effect of any UBB attack signal in the similar UBB form of dk and additive to the system state equation and sensor measurement equation in (1), can be readily addressed within the proposed ellipsoidal state prediction and estimation framework by enlarging the admissible bound of the unknown input dk . In doing so, the resilience of the remote monitoring system against such a type of UBB attack signals can be intensively managed because a large bound of dk leads to the increasing state prediction and estimate ellipsoids. Whereas it should be underlined that ellipsoids of large size mean a loss of certain estimation accuracy, thereby revealing a trade-off between the estimation accuracy and the resilience performance against the attack; and ii) The designed ellipsoids may be essentially employed to resist some attacks due to the fact that the calculated state estimate and prediction are sets in state-space rather than single vectors determined by some traditional estimation methods such as H∞ estimation [11, 28, 32] and Kalman filtering [24, 27, 35] (we refer the interested readers to [13] and references therein for the differences among these estimation methods). In other words, the proposed ellipsoidal regions Sk+1|k (x, P) and Sk+1|k+1 (x, P) provide certain freedom for mitigating the adversarial impacts of some attacks. It is thus expected that the ellipsoidal prediction and estimation method will lead to a resilient remote monitor against certain attacks, which will be demonstrated in Section 4. 3.2. Attack Detection The two ellipsoidal sets Sk+1|k (x, P) and Sk+1|k+1 (x, P) may increase the resilience of the remote monitoring system to some extent, there exist certain malicious attacks under which the proposed ellipsoidal prediction and estimation method may fail to preserve the system resilience. For example, when the sensor measurement yk+1 is compromised by a malicious false data injection attack ayk+1 , causing abrupt changes in yk+1 , the set Sk+1|k+1 (x, P) will be significantly biased because its center, i.e., the state estimate xk+1|k+1 , is altered implicitly by the attack. In this sense, effective detection mechanisms should be developed to identify the occurrence of malicious attacks. It should be noted that the estimate ellipsoid Sk+1|k+1 (x, P) is severely disrupted due to ayk+1 at time k + 1, while the prediction ellipsoid Sk+1|k (x, P) remains in healthy condition as the previous state estimate xk|k is not manipulated. As a result, the two ellipsoids will have no intersection at time k + 1. In the case that there is no attack (ak ≡ 0) or the adversarial impact is marginal, the two ellipsoidal sets Sk+1|k+1 (x, P) and Sk+1|k (x, P) warrant an intersection at each time step because they 8

both enclose the current true state of system (1). Similar to [23], the following set-based attack detection mechanism D is implemented ( T Sk+1|k+1 (x, P) Sk+1|k (x, P) , Ø ⇒ alarmoff T D: Sk+1|k+1 (x, P) Sk+1|k (x, P) = Ø ⇒ alarmon .

Once the occurrence of attack is firstly identified, the detection mechanism above can record the attack occurring time k0 = k + 1 and produce an alarm signal. Nevertheless, let us underline that at time step k0 , the state prediction xk0 +1|k0 will be updated using the disrupted state estimate xk0 |k0 while the current state estimate xk0 +1|k0 +1 may be still under attack. In other words, at the time step k0 +1, the two sets may have an intersection again even though the system is undergoing attack, thus leading to failure of the detection mechanism. Consequently, a suitable remedy measure is demanded in such a way that the system operators can continue to diagnose the occurrence of attack. We next provide a remedy measure which is done by correcting the corrupted sensor measurements once an attack is detected yk+1 = yk0 −1 , ∀ k + 1 ∈ Ta

(17)

where yk+1 denotes the retrieved measurement, which will be fed into the state estimator (16) as its input for recalculating the state estimate xk+1|k+1 and the estimate set Sk+1|k+1 (x, P). Note that when an attack is detected, the current compromised sensor measurement yk+1 contains fraudulent information of the system state and/or sensor measurement, and thus should be discarded, while the previously transmitted sensor measurement yk0 −1 , which is secure, will be used instead for updating the state estimator. The previous secure measurement yk0 −1 can be easily retrieved at the control center by resorting to a buffer (or store) that is deployed for storing the received sensor data [33, 34]. Therefore, this remedy measure has the potential to warrant the continuous detection for remote monitoring systems against some attacks. Remark 6. It is noteworthy that the proposed attack detection mechanism cannot distinguish an attack on the system state, i.e., akp , and an attack on the sensor measurement output, i.e, ayk . Attack identification/isolation, although being a promising research topic, is out of the scope of this paper. Instead, our focus is to develop a suitable attack detection mechanism and remedy in such a way to conduct quantitative analysis and evaluation of the potential consequences of some malicious attacks on remote monitoring systems, which will be demonstrated in Section 4. Remark 7. The rationale behind the proposed attack detection mechanism is that the occurrence of an attack may result in a deflected center of the state estimate ellipsoid Sk+1|k+1 (x, P) at time k + 1. It should be stressed that the UBB input dk of the form (2) will not lead to an empty intersection of the two ellipsoids and the sole cause of an empty intersection is the malicious attack ak . Therefore, one can conclude that an attack must occur at time k + 1 provided that the intersection of the two ellipsoids is empty, which, however, is not always true otherwise. For example, if the effect of an attack does not cause a significant shift of the center of the set Sk+1|k+1 (x, P), then the two sets may still contain an intersection. From this perspective, the sensitivity of the proposed detection mechanism necessitates further improvement, which constitutes our future research. However, it should be also pointed out that in the case that the presence of the attacks does not cause a significantly biased estimate ellipsoid Sk+1|k+1 (x, P), as we noted in Remark 5, the two ellipsoidal sets may be resilient enough to tolerant the attack effects. Remark 8. Given that cyber attacks manipulate the sensor measurements, the contents of the measurements may be deliberately falsified. In this case, the measurements are not trustworthy any more to the system operators, which inevitably poses a challenge to the open-loop remote monitor design. In this sense, it is reasonable to retrieve the disrupted sensor measurements from the previous safe ones because the previous safe measurements represent the only dependable information that can be used for designing the remote monitor. However, it should be also pointed out that the measurement correction based remedy (17) is not the unique solution for dealing with the challenge above. For example, an alternative remedy was implemented in [23] by recovering the corrupted state estimate ellipsoid from its safe state prediction ellipsoid once an attack is detected Sk+1|k+1 (x, P) = Sk0 |k0 −1 (x, P), ∀ k + 1 ∈ Ta .

(18)

Nevertheless, it is noteworthy that such a remedy in (18) may fail to preserve the persistent detection of an attack within its duration period Ta due to the existence of the prescribed control input uk in (12). The detection performance between the above remedy measures will be evaluated under an attack scenario in Section 4.3. 9

SCADA Control Center • • • •

State Estimator Attack Detector Controller Other Functions Cyber Space

Communication

A3

Attacker

A2

Physical Space

A1

Pump (P1)

wk(1)

Sensor (S1)

F1

Storage Reservoir (R1)

Treatment Plant

J2

Consumer (C1)

S2 Junction (J1)

wk(2)

J3

Consumer (C2)

Figure 2: A simple SCADA water supply distribution system

3.3. A Resilient and Secure Monitoring Algorithm We are now in a position to present a numerically efficient algorithm, namely Algorithm 1, through which the ellipsoidal state prediction and estimate sets can be recursively computed and verified. Furthermore, Algorithm 1 allows the system operators to achieve resilient state prediction and state estimate and to detect the occurrence of certain attacks at each sampling time, which is suitable for on-line implementation. Algorithm 1 (Resilient and Secure Monitoring) 1: Initialization. Set k = 0, the simulation time W and alarmoff . Choose s0 , x0|0 , P0|0 and Rk satisfying (2). Find E 0|0 T by P0|0 = E0|0 E0|0 2: while k < W do T 3: Resilient Prediction. Solve OP 1 to determine Pk+1|k and F k . Find E k+1|k by Pk+1|k = E k+1|k E k+1|k and calculate xk+1|k by (12). Compute the prediction ellipsoid Sk+1|k with the center xk+1|k T 4: Resilient Estimation. Solve OP 2 to determine Pk+1|k+1 , G k+1 and Hk+1 . Find E k+1|k+1 by Pk+1|k+1 = E k+1|k+1 E k+1|k+1 and calculate xk+1|k+1 by (16). Compute the estimate ellipsoid Sk+1|k+1 with the center xk+1|k+1 5: Attack Detection. T 6: if Sk+1|k+1 Sk+1|k , Ø 7: Set alarmoff 8: continue the loop 9: else 10: Identify k0 and kL , and set alarmon 11: Retrieve yk+1 ← yk0 −1 , and recalculate xk+1|k+1 and Sk+1|k+1 12: end if 13: end while

4. An Illustrative Example In this section, we apply the proposed ellipsoidal state prediction and estimation method as well as the attack detection method to a SCADA water supply distribution system. We then conduct several case studies under various attack scenarios to show the effectiveness and limitation of the proposed methods.

10

4.1. A SCADA Water Supply Distribution System A typical SCADA water supply distribution system includes a great number of treatment plants, reservoirs, tanks, water pipelines, sensors, junctions, pumps and other hydraulic components in the physical layer for providing water transmission and distribution from production plants to end-users, and a SCADA control center involving communication devices, anomaly detectors and controllers in the cyber layer for monitoring and supervising the operation of the system. In the following, it is assumed that the SCADA water supply distribution system consists of a treatment plant, a storage reservoir (R1), a pump (P1), two end-consumers (C1 and C2), and several junctions (J1, J2 and J3) and pipelines, as shown in Figure 2. Suppose that two pressure sensors (S1 and S2) are deployed to observe and measure the pressure heads at R1 and J1, respectively. The SCADA control center is capable of gathering the real-time measured data from S1 and S2, and regulating the pressure head at R1 through P1. As shown in [9], the linearized model of the above SCADA system can be described by (1), where sk represents the pressure head at R1; uk denotes the control input from the SCADA control center to regulate the flow rate F1 through P1; dk = [dk(1) ; dk(2) ] is the external unknown input for simulating the customers’ consumption fluctuations at J2 and J3. For demonstration purposes, it is assumed that the two consumers’ demands both fluctuate randomly between 0.45m3 /s and 0.55m3 /s. Furthermore, the system parameters are chosen as Ak = 1 and Bk = 0.1 + 0.01pk , where pk = sin(20k) models the parameter variation in the control input matrix caused by environment changes, equipment wear and tear and malfunction. Let Bdk = [−0.1, −0.1], Ck = [1; 1], Ddk = [0, 0; −10, −10], Rk = diag(0.8, 0.8), and P0|0 = 10. The initial pressure head at R1 is set as 100m and its estimate is assumed to be x0|0 = 98m. The simulation time is W = 100. During normal operation of the system, it is assumed that R1 is supplied with a constant flow rate F1 = 1m3 /s. 4.2. Guaranteed State Prediction and Estimation without Attack When the system is free of attack, i.e., ak ≡ 0, it is our aim to verify the guaranteed state prediction and estimation performance of the SCADA monitoring system against the UBB consumers’ demands dk(1) and dk(2) . Solving OP 1 and OP 2, and implementing the designed ellipsoidal predictor and estimator to the system, we have the state evolutions of the system, the predictor and the estimator, as demonstrated in Figure 3(a) and 3(b). It can be clearly observed that the pressure head sk is guaranteed to reside in the calculated bounding ellipsoidal state prediction ellipsoid Sk+1|k (x, P) and state estimate ellipsoid Sk+1|k+1 (x, P) at each sampling time k. During normal operation of the system, the pressure head at the reservoir fluctuates around 100m because the flow rate into the reservoir R1 approximates to the two consumers’ demands, while the pressure head at junction J1 fluctuates around 90m due to variations in consummation, as depicted in Figure 3(c). For a comparison purpose, we impose a constraint on the OP 2 by restricting Pk+1|k+1 ≤ Pk|k in such a way to guarantee the non-increasing property of the state estimate ellipsoid Sk+1|k+1 (x, P) at each time step and thus to preserve increasingly accurate state estimates. It is found that the refined OP 2 is solvable at each sampling time. Figure 3(d) shows the comparison of the bound width of the state estimate ellipsoid with/without the constraint, through which it can be seen that the size of the state estimate ellipsoid Sk+1|k+1 (x, P) with the constraint is reduced at each time step compared with that without the constraint. This may provide a potential technique for improving the sensitivity of the proposed detection mechanism. We next consider that a malicious adversary appears to launch either physical attacks on the pump (attack place A1 in Figure 2) and the reservoir (attack place A2 in Figure 2) or cyber attacks on the sensor measurements (attack place A3 in Figure 2) or both cyber-physical attacks in a stealthy way so as to degrade or fail the SCADA monitoring system. From the system operators’ perspective, it is our aim to conduct quantitative analysis of the potential consequences of the attacks and to evaluate the resilience and security guarantees of the SCADA monitoring system under the proposed methods. The following attack scenarios are studied. 4.3. Physical Attack - Turning Off the Pump P1 This attack scenario is evidenced by a real-world security attack on the city water utility in Springfield, Illinois where the water pump was destroyed by the hackers, as reported in [41]. The negative effect of such a physical “pump-off attack” on the system can be quantitatively assessed by choosing the matrices Bak = [0, 0.1, 0, 0], Dak ≡ 0, and modeling the attack vector as ak = [0; −1; 0; 0] in such a way that the control input term Bk uk in the system state equation of (1) can be neutralized. For simulation purposes, it is assumed that the attack occurs during k = 35, 36, · · · , 49. We first test the resilience of the remote monitoring system against such an attack. Solving OP 1 11

102

102

101

101

100

100

99 98

99 100.02

100.1

97

98 97

99.9 20

95 0

40 20

60 40

(a)

80 60

99.98 20

100 80

100

100.0115

100

100

96

100.012

100.04

100.2

96 100 0 10-4 4

40

60

80

20

40

20

40

100

100.011 39.9

40

40.1

(b)

60

80

100

(d)

60

80

100

100.05 98

3 100

96

0

20

40

60

80

100

2

94 92

1

90 0

20

40

(c)

60

80

100

0

0

Time (k)

Time (k)

Figure 3: The attack free scenario: (a) Guaranteed state prediction; (a) Guaranteed state estimate; (c) Received sensor measurements; (d) Comparison of the bound width of the state estimate ellipsoid Sk+1|k+1 (x, P) with/without the constraint Pk+1|k+1 ≤ Pk|k on the OP 2

and OP 2, and applying the designed ellipsoidal predictor and estimator to the system, the true system state and its prediction and estimate at each time k are shown in Figure 4(a) and 4(b), from which one can see that the resilience of the remote monitoring system can be preserved in the presence of the “pump-off attack”. However, the remedy (17) and remedy (18) both fail in this system attack scenario, as shown in Figure 4(d), due to the fact that the pressure heads at R1 and J1 reduce significantly from its last safe sensor measurements since the attack start time, as demonstrated in Figure 4(c). 4.4. Physical Attack - Stealing Water from the Reservoir R1 Water theft is the most common goal of the adversary in the water supply distribution system. Under such a physical “water theft attack”, water is withdrawn from the reservoir and two consumers’ demands remain usual, causing pressure and water level in R1 to decrease significantly. To simulate such an attack and to quantitatively evaluate its effect, we let Bak = [1, 0, 0, 0], Dak ≡ 0, and ak = [−0.2; 0; 0; 0] during k = 40, 41, · · · , 59, corresponding to a water stealing flow rate 0.2m3 /s. Solving OP 1 and OP 2 yields the state evolutions of the system and remote monitor in Figure 5(a) and 5(b), which verifies the resilient monitoring performance in the presence of such a “water theft attack”. Similar to the “pump off attack”, the remedy (17) and remedy (18) are invalid to identify the occurrence of this physical “water theft attack”, as demonstrated in Figure 5(c) and 5(d). 4.5. Cyber Attack - Injecting False Data on Sensors S1 and S2 A false data injection attack represents a typical integrity attack on sensor data when they are transmitted over the communication network. This is done by injecting some erroneous and misleading information into the sensor data so as to compromise their integrity. In the sequel, the two sensors’ measurements suffer deliberate modifications. Let Bak ≡ 0, Dak = [0, 0, 1, 0; 0, 0, 0, 1], and the attack vector ak = [0; 0; 2; −1.5] for k = 30, 31, · · · , 39 and ak = [0; 0; −1.6; −1.2] for k = 55, 56, · · · , 64, during two duration periods. First, without adopting the proposed detection mechanism and remedy, the proposed ellipsoidal prediction and estimation method fails to guarantee the resilience of the SCADA system in the presence of this attack, as shown in Figure 6 (a) and 6 (b). We next verify the detection performance by resorting to the proposed remedy (17) and the remedy (18). It is found that such a “false sensor data injection attack” can be detected and identified immediately and successfully after its occurrence by using the proposed remedy (17), as demonstrated in Figure 6 (c). However, the attack cannot be successfully identified by using the remedy (18), as depicted in Figure 6 (d), because of the accumulated control input effect of uk on the state prediction ellipsoid. 12

100.5

100

100 99.5

98.52

99.5 98.5 99

99

98.48 60

98.5

98.5 0

20

(a)

40

60

80

100

0

20

40

0

20

40

(b)

80

100

60

80

100

60

80

100

100 1

98 96 94 92 90

0

88 0

20

40

(c)

60

80

100

(d) Time (k)

Time (k)

Figure 4: The physical “pump off attack” scenario: (a) Resilient state prediction (without detection); (b) Resilient state estimate (without detection); (c) Real sensor measurements and corrected measurements under remedy (17); (d) Detection performance with identified alarm instants under remedy (17) and remedy (18)

100

100

99

99

98

98

97

97 96 0

20

(a)

40

96 60

80

100

0

20

40

0

20

40

(b)

60

80

100

60

80

100

100 1 95

90

0 85

0

20

40

(c)

60

80

100

Time (k)

(d) Time (k)

Figure 5: The physical “water theft attack” scenario: (a) Resilient state prediction (without detection); (b) Resilient state estimate (without detection); (c) Real sensor measurements and corrected measurements under remedy (17); (d) Detection performance with identified alarm instants under remedy (17) and remedy (18)

13

102

102

101

101

100

100

99

99 0

20

40

(a)

60

80

100

1

0

20

40

0

20

40

(b)

60

80

100

(d)

60

80

100

1 1

0 30

35

40

45

50

55

60

65

0

0 0

20

40

(c)

60

80

100

Time (k)

Time (k)

Figure 6: The cyber “false sensor data injection attack” scenario: (a) Disrupted state prediction (without detection); (b) Disrupted state estimate (without detection); (c) Detection performance with identified alarm instants under remedy (17); (d) Detection performance with identified alarm instants under remedy (18)

4.6. Cyber-Physical Attack - Launching Covert Attacks The central goal of the adversary in this scenario is to steal water without being monitored and detected (i.e., fail the resilience and/or detection performance of the SCADA system). A specific attack strategy is that water is first pumped out from the reservoir while the water level measurements are then altered so that the attack remained stealthy. To simulate such a covert attack, we first consider the following case, i.e., CA- Case 1: Let Bak = [1, 0.1, 0, 0] and Dak = [0, 0, 1, 0; 0, 0, 0, 1], and assume that the adversary can skillfully coordinate the attack vector as ak = [−0.2; −1; 0.3(k − 35); 0.3(k − 35)] during k = 35, 36, · · · , 45. The first element in ak denotes the physical “water theft attack” with a constant water stealing flow rate 0.2m3 /s. The second element in ak represents the physical “pump-off attack”. The last two elements in ak reflect the modification of the sensor readings. From the convert attack model (6), it can be verified that the pressure heads at R1 and J1 will reduce significantly from the attack start time k0 = 35 because water is stolen and the pump is off, while the received sensor measurements at the remote monitor will be covered by the misleading signals (the last two elements in ak ) so that they have the same values as those in normal operation until the attack stop time kL = 45, as clearly demonstrated in Figure 7 (a). In this case, it is found that the resilient estimation of the remote monitoring system can not be preserved, as shown in Figure 7 (b). Furthermore, such a covert attack can not be detected or identified because a covert attack is stealthy to any anomaly detector when yak in (6) equals zero and the adversary compromises all the sensor measurements [9, 31]. To tackle such a covert attack, one intuitive countermeasure is to physically protect some or even all the sensor measurements. For example, if one chooses to secure the measurement on S1, which means that y(1) k is always safe and can be successfully transmitted to the remote monitor, while y(2) is still falsified. This leads to CA-Case 2: Let k Dak = [0, 0, 0, 0; 0, 0, 0, 1] and ak = [−0.2; −1; 0.3(k −35); 0.3(k −35)] during k = 35, 36, · · · , 45. It can then be verified that the proposed ellipsoidal prediction and estimation method can guarantee the resilience of the SCADA monitoring system regardless of the concealed measurement on S2, as shown in Figure 7 (c) and Figure 7 (d). However, it is found that selecting to protect S2 and its measurement violates the resilience of the remote monitoring system. In this sense, one may refer to S1 as the critical sensor for monitoring this system. Whereas, the issue of choosing which sensor to be protected or which sensor is a critical sensor for practical remote monitoring systems is beyond of the scope of this paper.

14

100 100 99.5 95

99 98.5 98

90

97.5 97

85 100.5

0

20

40

(a)

60

80

96.5 100 0 100.5

100

100

99.5

99.5

99

99

98.5

98.5

98

98

97.5

97.5

97

97

96.5

96.5

0

20

40

(c)

60

80

100

Time (k)

0

20

40

20

40

(b)

60

80

100

(d)

60

80

100

Time (k)

Figure 7: The covert (stealthy) attack scenario: (a) Real sensor measurements of the system and concealed measurements received at the remote monitor; (b) Compromised state estimate in CA-Case 1 (without detection); (c) Resilient state prediction in CA-Case 2 (without detection); (d) Resilient state estimate in CA-Case 2 (without detection)

5. Conclusion The resilient and secure remote monitoring of a CPS have been studied, where simultaneous malicious attacks as well as UBB input have been considered. A general attack model which does not require any assumption on the statistical characteristic, magnitude, occurring place or time of the attack signals has been explored. To achieve resilient monitoring of the CPS, an ellipsoidal state prediction and estimation method has been skillfully developed in such a way that two ellipsoidal sets have been recursively calculated to combat the negative impact of certain attacks on the remote monitoring system. In the case that the malicious attacks compromise the intersection of the two sets, a set-based detection mechanism together with a remedy measure have been proposed to alert the attack occurrence. The effectiveness and limitation of the proposed methods have been verified through several case studies on a SCADA water supply distribution system under various attack scenarios. References [1] T. Alamo, J. Bravo, E. Camacho, Guaranteed state estimation by zonotopes, Automatica 41 (6) (2005) 1035-1043. [2] G. Calafiore, Reliable localization using set-valued nonlinear filters, IEEE Trans. Syst., Man, Cybern. A, Syst., Humans 35 (2) (2005) 189197. [3] A. C´ardenas, S. Amin, S. Sastry, Secure control: Towards survivable cyber-physical systems, in Proc. 28th Int. Conf. Distrib. Comput. Syst. Workshops, 2008, pp. 495-500. [4] L. Chisci, L. Ghaoui, G. Zappa, Recursive state bounding by parallelotopes, Automatica 32 (7) (1996) 1049-1055. [5] C. De Persis, P. Tesi, Resilient control under denial-of-service, in Proc. 19th IFAC World Congress, Cape Town, South Africa, , 2014, pp. 134-139. [6] S. Ding, Model-Based Fault Diagnosis Techniques: Design Schemes, Springer Verlag, 2008. [7] D. Ding, Q.-L. Han, Z. Wang, X. Ge, A survey on model-based distributed control and filtering for industrial cyber-physical systems, IEEE Trans. Ind. Informat. 15 (5) (2019) 2483-2499. [8] D. Ding, Z. Wang, D. Ho, G. Wei, Distributed recursive filtering for stochastic systems under uniform quantizations and deception attacks through sensor networks, Automatica, 78 (2017) 231-240. [9] V. Do, L. Fillatre, I. Nikiforov, Sequential monitoring of SCADA systems against cyber/physical attacks, IFAC-PapersOnLine 48 (21) (2015) 746-753. [10] Electricity Information Sharing and Analysis Center, Analysis of the Cyber Attack on the Ukrainian Power Grid - Defense Use Case, 2016. [11] X. Ge, Q.-L. Han, Z. Wang, A threshold-parameter-dependent approach to designing distributed event-triggered H∞ consensus filters over sensor networks, IEEE Trans. Cybern. 49 (4) (2019) 1148-1159. [12] X. Ge, Q.-L. Han, Z. Wang, A dynamic event-triggered transmission scheme for distributed set-membership estimation over wireless sensor networks, IEEE Trans. Cybern. 49 (1) (2019) 171-183.

15

[13] X. Ge, Q.-L. Han, X.-M. Zhang, L. Ding, F. Yang, Distributed event-triggered estimation over sensor networks: A survey, IEEE Trans. Cybern. (2019) https://doi.org/10.1109/TCYB.2019.2917179. [14] X. Ge, Q.-L. Han, M. Zhong, X.-M. Zhang, Distributed Krein space-based attack detection over sensor networks under deception attacks, Automatica 109 (2019) 108557. [15] L. Ghaoui, G. Calafiore, Robust filtering for discrete-time systems with bounded noise and parameteric uncertainty, IEEE Trans. Autom. Control 46 (7) (2001) 1084-1089. [16] L. Hu, Z. Wang, Q.-L. Han, X. Liu, State estimation under false data injection attacks: Security analysis and system protection, Automatica 87 (2018) 176-183. 2018. [17] I. Hwang, S. Kim, Y. Kim, C. Seah, A survey of fault detection, isolation, reconfiguration methods, IEEE Trans. Control Syst. Technol. 18 (3) (2010) 636-653. [18] C. Kwon, W. Liu, I. Hwang, Security analysis for cyber-physical systems against stealthy deception attacks, in Proc. 2013 American Control Conf., Washington, DC, USA, 2013, pp. 1806-1813. [19] R. Langer, Stuxnet: Dissecting a cyberwarfare weapon, IEEE Secur. Priv. 9 (3) (2011) 49-51. [20] V. Le, C. Stoica, T. Alamo, E. Camacho, D. Dumur, Zonotopic guaranteed state estimation for uncertain systems, Automatica 49 (11) (2013) 3418-3424. [21] L. Ma, Z. Wang, Q.-L. Han, H.-K. Lam, Variance-constrained distributed filtering for time-varying systems with multiplicative noises and deception attacks over sensor networks, IEEE Sens. J. 17 (7) (2017) 2279-2288. [22] Y. Mo, S. Weerakkody, B. Sinopoli, Physical authentication of control systems: Designing watermarked control inputs to detect counterfeit sensor outputs, IEEE Control Syst. Mag. 35 (1) (2015) 93-109. [23] E. Mousavinejad, F. Yang, Q.-L. Han, X. Ge, L. Vlacic, Distributed cyber attack detection and recovery mechanism for vehicle platooning, IEEE Trans. Intell. Transp. Syst. (2019) https://doi.org/10.1109/TITS.2019.2934481. [24] R. Olfati-Saber, Distributed Kalman filtering for sensor networks, in Proc. of the 46th IEEE Conference on Decision and Control, New Orleans, LA, USA, 2007, pp. 5492-5498. [25] C. Peng, H. Sun, M. Yang, Y.-L. Wang, A survey on security communication and control for smart grids under malicious cyber attacks, IEEE Trans. Syst., Man, Cybern., Syst. 49 (8) (2019) 1554-1569. [26] V. Puig, P. Cuguer´o, J. Quevedo, Worst-case estimation and simulation of uncertain discrete-time systems using zonotopes, in Proc. of Europeen Control Conference, Porto, Portugal, 2001, pp. 1691-1697. [27] H. Rezaei, R. Esfanjani, M. Sedaaghi, Improved robust finite-horizon Kalman filtering for uncertain networked time-varying systems, Inf. Sci. 293 (2015) 263-274. [28] U. Shaked, N. Berman, H∞ nonlinear filtering of discrete-time processes, IEEE Trans. Signal Process. 43 (9) (1995) 2205-2209. [29] J. Slay, M. Miller, Lessons learned from the maroochy water breach, in Proc. Critical Infrastructure Protection, 2007, pp. 73-82. [30] L. Su, D. Ye, A cooperative detection and compensation mechanism against denial-of-service attack for cyber-physical systems, Inf. Sci. 444 (2018) 122-134. [31] A. Teixeira, I. Shames, H. Sandberg, K. Johansson, Revealing stealthy attacks in control systems, in Proc. 50th Annual Allerton Conference, Allerton House, UIUC, Illinois, USA, 2012, pp. 1806-1813. [32] L. Wang, Z. Wang, G. Wei, F. Alsaadi, Variance-constrained H∞ state estimation for time-varying multi-rate systems with redundant channels: The finite-horizon case, Inf. Sci. 501 (2019) 222-235. [33] J. Wu, T. Chen, Design of networked control systems with packet dropouts, IEEE Trans. Autom. Control 52 (7) (2007) 1314-1319. [34] S. Xiao, Q.-L. Han, X. Ge, Y. Zhang, Secure distributed finite-time filtering for positive systems over sensor networks under deception attacks, IEEE Trans. Cybern. (2019) https://doi.org/10.1109/TCYB.2019.2900478. [35] L. Xie, Y. Soh, C. de Souza, Robust Kalman filtering for uncertain discrete-time systems, IEEE Trans. Autom. Control 39 (6) (1994) 13101314. [36] H. Yang, Q.-L. Han, X. Ge, L. Ding, Y. Xu, B. Jiang, D. Zhou, Fault tolerant cooperative control of multi-agent systems: A survey of trends and methodologies, IEEE Trans. Ind. Informat. (2019) https://doi.org/10.1109/TII.2019.2945004. [37] Y. Yang, H. Xu, D. Yue, Observer-based distributed secure consensus control of a class of linear multi-agent systems subject to random attacks, IEEE Trans. IEEE Trans. Circuits Syst. I, Reg. Papers 66 (8) (2019) 3089-3099. [38] D. Ye, T.-Y. Zhang, Summation detector for false data-injection attack in cyber-physical systems, IEEE Trans. Cybern. (2019) https://doi.org/10.1109/TCYB.2019.2915124. [39] H. Yuan, Y. Xia, Resilient strategy design for cyber-physical system under DoS attack over a multi-channel framework, Inf. Sci. 454-455 (2018) 312-327. [40] H. Yuan, Y. Xia, H. Yang, Y. Yuan, Resilient control for wireless networked control systems under DoS attack via a hierarchical game, Int. J. Robust Nonlinear Control. 28 (2018) 4604-4623. [41] K. Zetter, H(acker)2 O: Attack on city water station destroys pump, https://www.wired.com/2011/11/hackers-destroy-water-pump/, 2011. [42] X.-M. Zhang, Q.-L. Han, X. Ge, D. Ding, L. Ding, D. Yue, C. Peng, Networked control systems: A survey of trends and techniques, IEEE/CAA J. Automatica Sinica (2019) https://doi.org/10.1109/JAS.2019.1911651. [43] Q. Zhu, T. Basar, Game-theoretic methods for robustness, security, and resilience of cyber-physical control systems: Games-in-games principle for optimal cross-layer resilient control systems, IEEE Control Syst. Mag. 35 (1) (2018) 46-65.

16

Declaration of interests The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.