A watermark-based defense strategy to improve the detection rate of false-data-injection attacks

Abstract

A novel proactive method to defend against false-data-injection (FDI) attacks is proposed in this paper. FDI attacks have a high degree of concealment, which can seriously threaten the security of cyber-physical systems (CPS). Therefore, a new watermark-based encryption defense strategy is proposed to improve the attack detection rate. Moreover, the proposed watermark-based approach cannot affect the system performance in the absence of attacks, and the $χ^{2}$ abnormal detector is utilized to detect attacks. Furthermore, FDI attacks are be divided into two different types in this work, that is, additive FDI (A-FDI) attacks and multiplicative FDI (M-FDI) attacks. In addition, three different attack detection scenarios are discussed, and the detection capabilities of the proposed defense method are analyzed. Finally, numerical simulation results are given to illustrate the effectiveness of the main results.

Keywords

cyber-physical systems false-data-injection attacks watermarking state estimation

Introduction

Cyber-Physical Systems (CPS) are complex systems, which use computing, control, and communication to connect the network to the physical environment.^1–3 CPS can improve the ability of traditional engineering systems, and it can be applied to different environments, such as intelligent transportation systems,⁴ water supply systems,⁵ intelligent grids,⁶ etc. On the other hand, the network security of CPS is also facing great challenges. So far, many malicious attacks against CPS have been reported, such as the Stuxnet virus targeting Iranian nuclear facilities in 2010, and an upgraded version targeting Iranian nuclear facilities in 2018.⁷ The Ukrainian power grid was attacked in 2015, causing a massive blackout.⁸ If CPS is attacked, it may cause great loss to the economy, society and security. Therefore, researchers have paid extensive attention to the attack detection.

To ensure the safety of CPS, the defense technology is essential. For example, the authors in⁹ proposed three security vulnerabilities, that is, privacy, integrity, and effectiveness, which are considered to be important for protecting the information. According to,¹⁰ the attacker’s ability depends on the knowledge of the system model, disruptive resources, and disclosure resources. The FDI attack studied in this paper belongs to deception attacks, such as the false data injection attack (FDIA) mentioned in¹¹ and dynamic false data injection attack (DFDIA) mentioned in.¹² which are highly concealed and destructive.^13–16 To ensure that the bad value detection of the detector is bypassed and the control performance of the system is affected, attackers can use information transmission network vulnerabilities to inject false data carefully into sensors and/or actuators. Through careful design, an attacker can destroy the system’s control performance and deceive the abnormal detector. Thus, FDI attacks have a greater threat to the security of CPS.

The approaches to detect malicious attacks can be divided into passive and active detection methods.¹⁷ As we all know, most anomaly detection algorithms are passive, such as the residual-based $χ^{2}$ detector. The optimal linear cyber-attack was designed in,¹⁸ in which attacks can maximize the estimation error covariance and remain stealthy when the $χ^{2}$ detector is employed by the system. Different from the passive detection method, the proactive detection approach changes the parameters of the system and then verifies whether the system changes as expected, which can prevent the adversary from knowing these parameters to resist attacks. For example, a watermark was added to the control signal in.¹⁹ In,²⁰ the random noise with known distribution was served as the watermark in the control signal. In,²¹ the authors proposed a periodic watermarking strategy to reduce control overhead. In,²² a robust physical watermarking and detection algorithm were proposed. However, these results are methods to optimize the detection probability by reducing the control performance. Thus, watermark-based approach can be used to resist man-in-the-middle attacks, and the original data was restored by removing the watermark in.²³ In addition, the authors in²⁴ considered the idea of watermarking and moving target defense, which combine the watermark with a non-linear static auxiliary function to resist covert FDI attacks.

In this paper, a novel proactive watermark-based defense strategy is proposed to improve the detection rate of false-data-injection attacks. The contributions of this paper are summarized as follows:

A new watermark-based encryption strategy is designed, which can guarantee that the system performance cannot be affected by the watermarks in the absence of attacks. Different from the existing static watermarking methods, dynamic watermarking implements encryption through time-varying random parameters, which not only avoids the long-term monitoring and cracking risk, but also ensures the system performance without any attack.

FDI attacks are divided into two different types, namely, additive and multiplicative FDI attacks. Moreover, three different attack detection situations are analyzed and the proactive attack detection method proposed in this work can greatly improve the detection rate.

The rest of the paper is given as follows. Problem formulation is introduced in Section 2 and the main results are provided in Section 3. Attack detection in different scenarios is given in Section 4 and the simulation results are shown in Section 5. Finally, some conclusions are given in Section 6.

Problem formulation

In this section, the system block diagram under a watermarking encryption proactive defense strategy is provided, which is shown in Figure 1. The system uses dynamic watermarking encryption strategy to improve the detection capability of FDI attacks. It is composed of plant, sensor, encoder, decoder, estimator, detector, and attacker modules.

Figure 1.

The system block diagram under the watermarking encryption defense strategy.

After the sensor collects the physical state data $y_{k}$ of the controlled object, the encoder encrypts the data ${\hat{y}}_{k}$ using time-varying parameters ( $a_{k}$ is a random scaling factor, $b_{k}$ is a random noise) to interfere with the attacker’s cracking of the transmitted data. The attacker can change the encrypted data to ${\tilde{y}}_{k}^{'}$ through a man-in-the-middle attack, and the decoder restores the data based on the shared key. If the data is changed, the decrypted $y_{k}^{'}$ will deviate from the true value. An estimator (such as Kalman filter) computes a system state estimate from decrypted data, and a detector identifies anomalies by analyzing residuals (such as $χ^{2}$ detector) and triggers an alarm. The system greatly improves the attack detection rate through the unpredictability of dynamic watermarking, and at the same time ensures that the system performance is not affected when there is no attack, and provides an efficient security protection mechanism for the information physical system.

System model

Consider the following linear time-invariant (LTI) system:

x_{k + 1} = A x_{k} + w_{k}

(1)

y_{k} = C x_{k} + v_{k}

(2)

where $k \in N$ is the time index, $x_{k} \in R^{n}$ is the state of the system, and $y_{k} \in R^{m}$ is the measurement of sensors. $A$ and $C$ are system matrix and measurement matrix with appropriate dimensions, respectively. $w_{k} \in R^{n}$ is the process noise, and $v_{k} \in R^{m}$ is the measurement noise. It is assumed that the system noises are zero-mean Gaussian white noise with covariance $Q \geq 0$ and $R \geq 0$ , that is, $w_{k} ~ N (0, Q)$ and $v_{k} ~ N (0, R)$ . Where $R$ is the diagonal covariance matrix, indicating that the measurement noise of each sensor is independent. $w_{k}$ and $v_{k}$ are independent of each other. Moreover, the initial state $x_{0}$ is a Gaussian random variable with covariance $Σ_{0}$ , that is, $x_{0} ~ N ({\bar{x}}_{0}, Σ_{0})$ . The pair $(A, C)$ is detectable and $(A, \sqrt{Q})$ is stabilizable.

Kalman filter

For the LTI system (1)-(2), Kalman filter is employed to estimate the state $x_{k}$ . The recursive formula of the Kalman filter are given as follows:

\begin{matrix} {\hat{x}}_{k}^{-} = A {\hat{x}}_{k - 1} \\ P_{k}^{-} = A P_{k - 1} A^{T} + Q \\ K_{k} = P_{k}^{-} C^{T} {({CP}_{k}^{-} C^{T} + R)}^{- 1} \\ {\hat{x}}_{k} = {\hat{x}}_{k}^{-} + K_{k} (y_{k} - C {\hat{x}}_{k}^{-}) \\ P_{k} = (I - K_{k} C) P_{k}^{-} \end{matrix}

(3)

where ${\hat{x}}_{k}^{-}$ is the priori state estimate, and ${\hat{x}}_{k}$ is the posterior state estimate. $P_{k}^{-}$ is the priori estimation covariance, and $P_{k}$ is the posterior estimate covariance. $K_{k}$ is the Kalman filter gain. The recursion starts from ${\hat{x}}_{0}^{-} = 0$ and $P_{0}^{-} = Σ_{0} \geq 0$ .

It should be pointed out that if the system is detectable, the Kalman filter gain and error covariance will converge to a stable value in a short period from the any initial conditions.²⁵ Therefore, it is assumed that the filter starts to operate from a steady-state, and the steady-state value of the priori error covariance is defined by

\bar{P} \overset{Δ}{=} \lim_{k \to \infty} P_{k}^{-}

(4)

where $\bar{P}$ is the unique solution of $h ° \tilde{g} = X$ , where

h (X) \overset{Δ}{=} AX A^{T} + Q

(5)

\tilde{g} (X) \overset{Δ}{=} X - X C^{T} {(CX C^{T} + R)}^{- 1} CX .

(6)

For simplicity, the Kalman filter is assumed to start from the steady state, that is, $Σ_{0} = \bar{P}$ . Thus, the fixed gain of steady state Kalman filter can be calculated by

K \overset{Δ}{=} \bar{P} C^{T} {(C \bar{P} C^{T} + R)}^{- 1} .

(7)

$χ^{2}$ detector

The $χ^{2}$ detector is a residue-based detector,^18,26 which is often used to detect whether the system is abnormal. Firstly, Kalman filter residual is given as follows:

r_{k} \overset{Δ}{=} y_{k} - C {\hat{x}}_{k}^{-} .

(8)

When the system is attack-free, the residual $r_{k}$ satisfies $r_{k} \in N (0, P)$ , where $P = CP C^{T} + R$ . Then, according to the statistical characteristics of the system residual, $g_{k}$ can be defined as follows

g_{k} = \sum_{i = k - + 1}^{k} r_{i}^{T} P^{- 1} r_{i} ≶_{H_{1}}^{H_{0}} β

(9)

where $g_{k} \in R_{+}$ is the $χ^{2}$ value with $m J$ degrees of freedom, and $J$ is the window size of detection. $β$ is the detection threshold, which is determined by the confidence coefficient, denoted as $P_{β}$ . The false alarm rate $α$ can be expressed as $1 - P_{β}$ . The hypothesis $H_{0}$ means that the system is normal (attack-free), and the opposite is true for hypothesis $H_{1}$ . Thus, we can obtain that

H_{0} : {\begin{matrix} E [r_{k}] = 0_{p \times 1} \\ E [r_{k} r_{k}^{T}] = P \end{matrix}, H_{1} : {\begin{matrix} E [r_{k}] \neq 0_{p \times 1} \\ E [r_{k} r_{k}^{T}] \neq P \end{matrix} .

(10)

Attacks model

It is assumed that an attacker can intercept the transmission data. Two different attacks will be introduced with the concept of linear man-in-the-middle (MITM) attack in this paper. In,¹⁸ the linear MITM attack is designed as follows

{\tilde{y}}_{k}^{'} = Γ_{k} {\tilde{y}}_{k} + μ_{k}

(11)

where $Γ_{k}$ and $μ_{k}$ are varying-time parameters determined by the attacker.

In this paper, we will re-consider the MITM attack carefully. It can be seen from (11) that when $Γ_{k} = I$ and $μ_{k} = y_{k}^{a}$ , the linear MITM attack becomes the FDI attack, which is called an additive FDI (A-FDI) attack in this paper. The A-FDI attack can be modeled as follows

y_{k}^{'} = {\tilde{y}}_{k} + y_{k}^{a}

(12)

where $y_{k}^{a}$ is the attack vector launched by an adversary. As a result, one can obtain that

y_{k}^{'} = C x_{k} + v_{k} + a_{k}^{- 1} y_{k}^{a}

(13)

where $a_{k}$ is a time-varying parameter given by the defender and will be discussed later.

If the residual $r_{k}^{a} = y_{k}^{'} - C {\hat{x}}_{k}^{-}$ has the same distribution as the residual $r_{k} = y_{k} - C {\hat{x}}_{k}^{-}$ , then $χ^{2}$ detector (9) cannot detect malicious attacks; otherwise, attacks can be detected. In other words, if the detection rate is less than or equal to the false alarm rate $α$ , attacks cannot be detected.²⁰

On the other hand, as studied in,¹⁸ the MITM attack is optimal with $Γ_{k} = - I$ and $μ_{k} = 0$ , which may cause the largest state estimation error without being detected by the defender. In this paper, this kind of attack is defined as a multiplicative FDI (M-FDI) attack. An M-FDI attack can be modeled as follows:

y_{k}^{'} = Γ_{k} y_{k}

(14)

In this paper, the attack matrix $Γ_{k}$ is selected to be $Γ_{k} = - I$ according to the result in.¹⁸ Then, we can derive that

y_{k}^{'} = - (C x_{k} + v_{k}) .

(15)

Remark 1. It is noted that the linear MITM attack is divided into A-FDI and M-FDI attacks in this work. We will show that the proposed proactive defense strategy will have different effects on different types of attacks.

Main results

In this section, the watermarking-based defense strategy is introduced, and the defense algorithm is given. Furthermore, the influence of the designed encryption defense strategy on the system performance is analyzed as well.

Watermarking-based active defense strategy

The watermarking encryption module and decryption module are added to the cyber-physical system, which can be utilized to detect malicious attacks by the system. When sending data, the transmitted data is encrypted into the following form:

{\tilde{y}}_{k} = a_{k} y_{k} + b_{k}

(16)

where ${\tilde{y}}_{k}$ represents the encrypted data at the sending end. It is noted that the parameters $a_{k}$ and $b_{k}$ are served as watermarks in this paper, and $a_{k} \in (0, 1]$ is designed as a random number. In addition, both $a_{k}$ and $b_{k}$ are given by pseudo-random number generators, which can use the same seed number in the sender and the receiver to generate the same random number.^27,28 It should be pointed out that the seed of $b_{k}$ is designed to be different from $a_{k}$ and $b_{k} ~ N (0, Σ_{b})$ . Moreover, $b_{k}$ is independent of $r_{k}$ .

Remark 2. To ensure that the designed watermarks do not affect the system’s performance, it is necessary to keep the watermarks on both sending and receiving sides consistently. The time-varying sequences $a_{k}$ and $b_{k}$ can be obtained by using an encrypted secure pseudo-random number generators. It is worth noting that only the defender knows the seeds of the pseudo-random number generator.

Remark 3. If the watermarks are designed to be constants, that is, $a_{k} \equiv a$ and $b_{k} \equiv b$ , then an attacker can estimate watermarks to obtain $y_{k}$ by monitoring and intercepting the data transmitted in the wireless network for a long time. In this way, an attacker who fully understands the watermarks can bypass the security module. The watermarking-based encryption defense is completely ineffective. Therefore, the watermarks are chosen as time-varying variables instead of constants in this paper.

Note that the decoder will receive ${\tilde{y}}_{k}$ in the absence of attacks. Then, one can obtain that

y_{k}^{'} = {a_{k}}^{- 1} ({\tilde{y}}_{k} - b_{k}) \equiv y_{k}

(17)

where $y_{k}^{'}$ represents the data after reverse calculation. As a result, the encryption algorithm will not affect the system state estimation without attacks.

Based on the dynamic parameter design of the pseudo-random number generator, the attacker cannot crack the watermark through traditional statistical analysis, and the synchronous decryption mechanism of the receiver ensures the accuracy of the state estimation without attack.

Performance analysis when the system is attacked

When the A-FDI attack is considered, then ${\tilde{y}}_{k}^{'}$ can be represented as follows:

{\tilde{y}}_{k}^{'} = {\tilde{y}}_{k} + y_{k}^{a} = a_{k} y_{k} + b_{k} + y_{k}^{a} .

(18)

After the receiving end receives the attacked vector ${\tilde{y}}_{k}^{'}$ , it can calculate $y_{k}^{'}$ as follows:

y_{k}^{'} = a_{k}^{- 1} ({\tilde{y}}_{k}^{'} - b_{k}) = y_{k} + a_{k}^{- 1} y_{k}^{a} .

(19)

As a result, the residual of Kalman filter can be computed as follows:

\begin{matrix} r_{k}^{a} = y_{k}^{'} - C {\hat{x}}_{k}^{-} = y_{k} - C {\hat{x}}_{k}^{-} + a_{k}^{- 1} y_{k}^{a} \\ = r_{k} + {a_{k}}^{- 1} y_{k}^{a} . \end{matrix}

(20)

Theorem 1. For the system (1)–(2), when the watermarks defined in (16) are considered and $a_{k} \to 0$ , the detection rate of the detector (9) can be improved, that is,

\Pr {g_{k}^{A} \geq β} >> \Pr {g_{k} \geq β}

(21)

at time step $k$ , where $g_{k}^{A}$ is the $χ^{2}$ value after being attacked by a malicious A-FDI attack (12).

Proof. At time step $k$ , when the system is attack-free, the expectation of $g_{k}$ can be calculated by

E [g_{k}] = E [r_{k}^{T} P^{- 1} r_{k}] = m .

(22)

When the system is attacked by an A-FDI attack at time step $k$ , then $E [g_{k}^{A}]$ can be calculated by

\begin{matrix} E [g_{k}^{A}] = E [{(r_{k}^{a})}^{T} P^{- 1} (r_{k}^{a})] \\ = E [{(r_{k} + a_{k}^{- 1} y_{k}^{a})}^{T} P^{- 1} (r_{k} + a_{k}^{- 1} y_{k}^{a})] \\ = E [r_{k}^{T} P^{- 1} r_{k} + {(a_{k}^{- 1} y_{k}^{a})}^{T} P^{- 1} (a_{k}^{- 1} y_{k}^{a}) \\ + r_{k}^{T} P^{- 1} (a_{k}^{- 1} y_{k}^{a}) + {(a_{k}^{- 1} y_{k}^{a})}^{T} P^{- 1} r_{k}] \\ = m + E [{(a_{k}^{- 1} y_{k}^{a})}^{T} P^{- 1} (a_{k}^{- 1} y_{k}^{a}) \\ + r_{k}^{T} P^{- 1} (a_{k}^{- 1} y_{k}^{a}) + {(a_{k}^{- 1} y_{k}^{a})}^{T} P^{- 1} r_{k}] \\ = m + E [{(a_{k}^{- 1} y_{k}^{a} + 2 r_{k})}^{T} P^{- 1} (a_{k}^{- 1} y_{k}^{a})] . \end{matrix}

(23)

When the parameter $a_{k}$ is selected such that $a_{k} \to 0$ , then one can derive that $E [{(a_{k}^{- 1} y_{k}^{a} + 2 r_{k})}^{T} P^{- 1} (a_{k}^{- 1} y_{k}^{a})] >> 0$ . Consequently, one can obtain that $E [g_{k}^{A}] >> E [g_{k}] = m$ , which implies $\Pr {g_{k}^{M} \geq β} >> \Pr {g_{k} \geq β}$ when $a_{k} \to 0$ . ▪

When the M-FDI attack is considered, then ${\tilde{y}}_{k}^{'}$ can be computed by

{\tilde{y}}_{k}^{'} = - {\tilde{y}}_{k} = - (a_{k} y_{k} + b_{k}) .

(24)

After the receiving end receives ${\tilde{y}}_{k}^{'}$ , $y_{k}^{'}$ can be obtained

\begin{matrix} y_{k}^{'} = \frac{{\tilde{y}}_{k}^{'} - b_{k}}{a_{k}} = \frac{- (a_{k} y_{k} + b_{k}) - b_{k}}{a_{k}} \\ = - y_{k} - 2 \frac{b_{k}}{a_{k}} . \end{matrix}

(25)

As a result, the residual of Kalman filter $r_{k}$ can be derived as follows

r_{k}^{a} = y_{k}^{'} - C {\hat{x}}_{k}^{-} = r_{k} - 2 (y_{k} + \frac{b_{k}}{a_{k}}) .

(26)

Theorem 2. For the system (1)-(2), when the watermarks defined in (16) is considered and $b_{k} >> a_{k}$ , the detection rate of the detector (9) can be improved, that is,

\Pr {g_{k}^{M} \geq β} >> \Pr {g_{k} \geq β}

(27)

at time step $k$ , where $g_{k}^{M}$ is the $χ^{2}$ value after being attacked by an M-FDI attack (15).

Proof. When the system is attacked by an M-FDI attack (15), then one can obtain that

\begin{matrix} E [g_{k}^{M}] = E [{(r_{k}^{a})}^{T} p (r_{k}^{a})] \\ = m + 2 E [{(y_{k} + b_{k} a_{k}^{- 1} - r_{k})}^{T} \times p^{- 1} (y_{k} + b_{k} a_{k}^{- 1}))] . \end{matrix}

(28)

When the parameters $a_{k}$ and $b_{k}$ satisfy $a_{k} << b_{k}$ , then the value of $b_{k} / a_{k}$ is very large. Moreover, $b_{k} / a_{k} \to \infty$ if $a_{k} \to 0$ and $E [g_{k}^{M}] >> E [g_{k}] = m$ , which implies $\Pr {g_{k}^{M} \geq β} >> \Pr {g_{k} \geq β}$ when $b_{k} >> a_{k}$ .▪

The estimated error covariances of Kalman filter under both A-FDI and M-FDI attacks will be given in the following theorems, and the impact of both types of attacks on system performance is analyzed as well.

Theorem 3. Consider the system in the presence of A-FDI attacks. The estimated error covariance of the state can be calculated by

\begin{matrix} P_{k} = A P_{k - 1} A^{T} + Q + K (C \bar{P} C^{T} + R + L_{k}^{A}) K^{T} \\ - \bar{P} C^{T} K^{T} - KC \bar{P} \end{matrix}

(29)

where $L_{k}^{A} = E [a_{k}^{- 2} y_{k}^{a} {(y_{k}^{a})}^{T}]$ .

Proof. Combining the system (1)–(2), Kalman filter (3), and residual (8), the error covariance of the system under A-FDI attacks can be calculated by

\begin{matrix} P_{k} = E [(x_{k} - {\hat{x}}_{k}) {(x_{k} - {\hat{x}}_{k})}^{T}] \\ = E {[(x_{k} - {\hat{x}}_{k}^{-}) - {Kr}_{k}^{a}] {[(x_{k} - {\hat{x}}_{k}^{-}) - {Kr}_{k}^{a}]}^{T}} \\ = E [(x_{k} - {\hat{x}}_{k}^{-}) {(x_{k} - {\hat{x}}_{k}^{-})}^{T}] + E [K (r_{k}^{a}) {(r_{k}^{a})}^{T} K^{T}] \\ - E [(x_{k} - {\hat{x}}_{k}^{-}) {(r_{k}^{a})}^{T} K^{T}] - E [K (r_{k}^{a}) {(x_{k} - {\hat{x}}_{k}^{-})}^{T}] . \end{matrix}

(30)

For the first term of (30), we can obtain that

\begin{matrix} E [(x_{k} - {\hat{x}}_{k}^{-}) {(x_{k} - {\hat{x}}_{k}^{-})}^{T}] \\ = E [(A x_{k - 1} + w_{k - 1} - A {\hat{x}}_{k}^{-}) {(A x_{k - 1} + w_{k - 1} - A {\hat{x}}_{k}^{-})}^{T}] \\ = A E [(x_{k - 1} - {\hat{x}}_{k - 1}) {(x_{k - 1} - {\hat{x}}_{k - 1})}^{T}] A^{T} + E [w_{k - 1} w_{k - 1}^{T}] \\ = A P_{k - 1} A^{T} + Q \end{matrix}

(31)

For the second term of (30), $r_{k}^{a} = r_{k} + a_{k}^{- 1} y_{k}^{a}$ . Moreover, $r_{k}$ and $y_{k}^{a}$ are independent of each other. As a result, one can obtain $Cov (r_{k}, y_{k}^{a}) = 0$ and

\begin{matrix} E [K (r_{k}^{a}) {(r_{k}^{a})}^{T} K^{T}] \\ = K E [(r_{k} + a_{k}^{- 1} y_{k}^{a}) {(r_{k} + a_{k}^{- 1} y_{k}^{a})}^{T}] K^{T} \\ = K E [r_{k} r_{k}^{T} + (a_{k}^{- 1} y_{k}^{a}) {(a_{k}^{- 1} y_{k}^{a})}^{T}] K^{T} \\ = K (P + L_{k}^{A}) K^{T} \\ = K (C \bar{P} C^{T} + R + L_{k}^{A}) K^{T} . \end{matrix}

(32)

For the third term of (30), the relationship between $x_{k} - {\hat{x}}_{k}^{-}$ and $r_{k}^{a}$ needs to be considered. Combined with the recursion of formula (3), the state estimation error $x_{k} - {\hat{x}}_{k}^{-}$ can be decomposed into the cumulative effect of initial error and process noise. Based on the system dynamics equations and prediction estimates, the error can be recursively expanded as:

x_{k} - {\hat{x}}_{k}^{-} = A (x_{k - 1} - {\hat{x}}_{k - 1}) + ω_{k - 1}

(33)

Further recursive expansion to the initial moment, get:

\begin{matrix} x_{k} - {\hat{x}}_{k}^{-} = A^{k} (x_{0} - {\hat{x}}_{0}^{-}) + \sum_{i = 0}^{k - 1} A^{i} ω_{k - 1 - i} \\ - \sum_{i = 0}^{k - 1} A^{i + 1} K r_{k - i - 1} \end{matrix}

(34)

$U_{k} = A^{k} (x_{0} - {\hat{x}}_{0}^{-}) + \sum_{i = 0}^{k - 1} A^{i} w_{k - 1 - i}$ , represents the linear combination of initial state estimation error and process noise. Then the error can be expressed as:

x_{k} - {\hat{x}}_{k}^{-} = U_{k} - \sum_{i = 0}^{k - 1} A^{i + 1} K r_{k - i - 1}

(35)

According to the definition of $r_{k}^{a}$ , we can derive

\begin{matrix} r_{k}^{a} = y_{k} + a_{k}^{- 1} y_{k}^{a} - C {\hat{x}}_{k}^{-} \\ = C (x_{k} - {\hat{x}}_{k}^{-}) + v_{k} + V_{k}^{1} \\ = C [A x_{k - 1} + w_{k - 1} - A ({\hat{x}}_{k - 1}^{-} + K z_{k - 1})] + V_{k}^{1} \\ = CA (I - KC) (x_{k - 1} - {\hat{x}}_{k - 1}^{-}) + C w_{k - 1} + V_{k} \\ = C [A (I - KC)]^{k} (x_{0} - {\hat{x}}_{0}^{-}) + V_{k} \\ + \sum_{i = 0}^{k - 1} C [A (I - KC)]^{i} w_{k - i - 1} \end{matrix}

(36)

where $V_{k}^{1} = v_{k} + a_{k}^{- 1} y_{k}^{a}$ and $V_{k} = V_{k}^{1} - CAK v_{k - 1}$ . Note that $Cov (r_{k}, r_{k}^{a}) = 0$ and $Cov (U_{k}, V_{k}) = 0$ . Thus, the third term of (30) can be computed by

\begin{matrix} E [(x_{k} - {\hat{x}}_{k}^{-}) {(r_{k}^{a})}^{T} K^{T}] \\ = E [{A^{k} (x_{0} - {\hat{x}}_{0}^{-}) + \sum_{i = 0}^{k - 1} A^{i} w_{k - 1 - i}} \\ \times {C {[A (I - KC)]}^{k} (x_{0} - {\hat{x}}_{0}^{-}) \\ + \sum_{i = 0}^{k - 1} C {[A (I - KC)]}^{i} w_{k - 1 - i}}^{T}] K^{T} \\ = {A^{k} E [(x_{0} - {\hat{x}}_{0}^{-}) {(x_{0} - {\hat{x}}_{0}^{-})}^{T}] {[{(I - KC)}^{T} A^{T}]}^{k} \\ + \sum_{i = 0}^{k - 1} A^{i} E [w_{k - 1 - i} w_{k - 1 - i}^{T}] {[{(I - KC)}^{T} A^{T}]}^{i}} C^{T} K^{T} \\ = {A^{k} \bar{P} {[{(I - KC)}^{T} A^{T}]}^{k} \\ + \sum_{i = 0}^{k - 1} A^{i} Q {[{(I - KC)}^{T} A^{T}]}^{i}} C^{T} K^{T} \\ = \bar{P} C^{T} K^{T} \end{matrix}

(37)

where $\bar{P} = {(h ° \tilde{g})}^{n} (\bar{P})$ is the unique solution of $h ° \tilde{g} = X$ in the last equality, that is,

\begin{array}{l} \bar{P} = {(h ° \tilde{g})}^{n} (\bar{P}) \\ = {[A (I - K C)]}^{n} \bar{P} {(A^{T})}^{n} + \sum_{i = 0}^{n - 1} {[A (I - K C)]}^{i} Q {(A^{T})}^{i} \\ = A^{n} \bar{P} {[{(I - K C)}^{T} A^{T}]}^{n} + \sum_{i = 0}^{n - 1} A^{i} Q {[{(I - K C)}^{T} A^{T}]}^{i} . \end{array}

Similarly, the fourth term of (30) can be derived as follows

E [(x_{k} - {\hat{x}}_{k}^{-}) {(r_{k}^{a})}^{T} K^{T}] = KC \bar{P} .

(38)

Substituting (31)–(32), (37) and (38) into (30) yields

\begin{matrix} P_{k} = A P_{k - 1} A^{T} + Q + K (C \bar{P} C^{T} + R +_{k}^{A}) \\ K^{T} - \bar{P} C^{T} K^{T} - KC \bar{P} . \end{matrix}

(39)

which completes the proof.▪

Theorem 4. Consider the system in the presence of M-FDI attacks. The estimated error covariance of the state can be calculated by

\begin{matrix} P_{k} = A P_{k - 1} A^{T} + Q + K (C \bar{P} C^{T} + R + L_{k}^{M}) K^{T} \\ - \bar{P} C^{T} K^{T} - KC \bar{P} \end{matrix}

(40)

where $L_{k}^{M} = 4 E [(y_{k} + b_{k} a_{k}^{- 1}) {(y_{k} + b_{k} a_{k}^{- 1})}^{T}]$ .

Proof. The proof is similar to the proof of Theorem 3 and is omitted here.▪

Attack detection in different scenarios

In the section, four different situations will be discussed. Note that it is assumed that the attacker already knows the structure of ${\tilde{y}}_{k}$ .

Both $a_{k}$ and $b_{k}$ are not available to an attacker

In this case, the attacker can guess the values of $a_{k}$ and $b_{k}$ . It is assumed that the guessed values of $a_{k}$ and $b_{k}$ are $a_{k}^{guess}$ and $b_{k}^{guess}$ , respectively. Then, it is assumed that the attacker wants to guess the real measurement of sensors. The guessed value of sensor measurement $y_{k}^{guess}$ can be derived as

y_{k}^{guess} = \frac{{\tilde{y}}_{k} - b_{k}^{guess}}{a_{k}^{guess}} .

(41)

Then, the MITM attack can be designed as

\begin{matrix} {\tilde{y}}_{k}^{'} = a_{k}^{guess} (Γ_{k} y_{k}^{guess} + μ_{k}) + b_{k}^{guess} \\ = Γ_{k} {\tilde{y}}_{k} + a_{k}^{guess} μ_{k} + (I - Γ_{k}) b_{k}^{guess} . \end{matrix}

(42)

For the A-FDI attack, $Γ_{k} = I$ and $μ_{k} = y_{k}^{a}$ , we can derive that

{\tilde{y}}_{k}^{'} = {\tilde{y}}_{k} + a_{k}^{guess} y_{k}^{a} .

(43)

Thus, one can get

y_{k}^{'} = \frac{{\tilde{y}}_{k}^{'} - b_{k}}{a_{k}} = y_{k} + \frac{a_{k}^{guess}}{a_{k}} y_{k}^{a}

(44)

From (29), the estimated error covariance of the state can be calculated by

\begin{matrix} P_{k} = A P_{k - 1} A^{T} + Q + K (C \bar{P} C^{T} + R + L_{k}^{A}) K^{T} \\ - \bar{P} C^{T} K^{T} - KC \bar{P} \end{matrix}

(45)

where $L_{k}^{A} = E [{(a_{k}^{guess} a_{k})}^{- 2} y_{k}^{a} {(y_{k}^{a})}^{T}]$ .

Furthermore, one can obtain that

E [g_{k}^{A}] = m + E [{(\frac{a_{k}^{guess}}{a_{k}} y_{k}^{a} + 2 r_{k})}^{T} P^{- 1} (\frac{a_{k}^{guess}}{a_{k}} y_{k}^{a})] .

In order to bypass the detector, the A-FDI attack should satisfy $E [g_{k}^{A}] < β$ . Since the specific value of $a_{k}$ is not known and $a_{k}$ is selected to be small, the stealthy A-FDI attack is difficult to launch.

On the other hand, for the M-FDI attack, $Γ_{k} = - I$ and $μ_{k} = 0$ , one can derive that

{\tilde{y}}_{k}^{'} = - {\tilde{y}}_{k} + 2 b_{k}^{guess}

(46)

and

y_{k}^{'} = \frac{{\tilde{y}}_{k}^{'} - b_{k}}{a_{k}} = - y_{k} + 2 \frac{b_{k}^{guess} - b_{k}}{a_{k}} .

(47)

The estimation error covariance can be obtained similar to (40), where

L_{k}^{M} = 2 E [(\frac{b_{k}^{guess} - b_{k}}{a_{k}} - y_{k}) {(\frac{b_{k}^{guess} - b_{k}}{a_{k}} - y_{k})}^{T}] .

Furthermore, one can derive that

E [g_{k}^{M}] = m + 4 E [{(M_{k} + r_{k})}^{T} P^{- 1} (M_{k})] .

(48)

where $M_{k} = - y_{k} + (b_{k}^{guess} - b_{k}) a_{k}^{- 1}$ . In order to bypass the detector, the M-FDI attack should satisfy $E [g_{k}^{M}] < β$ . Since the specific value of $b_{k}$ is not known and $a_{k}$ is selected to be small, the stealthy M-FDI attack is difficult to launch.

Corollary 1. Assume that the attacker only knows the structure of ${\tilde{y}}_{k}$ and does not know the specific values of $a_{k}$ and $b_{k}$ . It is difficult for an adversary to launch stealthy A-FDI and M-FDI attacks when the watermark-based strategy is utilized by the system.

Only $a_{k}$ is available to an attacker

In this case, it is assumed that the attacker has obtained the watermark $a_{k}$ . The guessed value $y_{k}^{g u e s s}$ can be given by

y_{k}^{guess} = \frac{{\tilde{y}}_{k} - b_{k}^{guess}}{a_{k}} .

(49)

Then, the MITM attack can be represented by

\begin{matrix} {\tilde{y}}_{k}^{'} = a_{k} (Γ_{k} y_{k}^{guess} + μ_{k}) + b_{k}^{guess} \\ = Γ_{k} {\tilde{y}}_{k} + a_{k} μ_{k} + (I - Γ_{k}) b_{k}^{guess} . \end{matrix}

(50)

For the A-FDI attack, one can derive that

{\tilde{y}}_{k}^{'} = {\tilde{y}}_{k} + a_{k} y_{k}^{a}

(51)

and

y_{k}^{'} = \frac{{\tilde{y}}_{k}^{'} - b_{k}}{a_{k}} = y_{k} + y_{k}^{a} .

(52)

Furthermore, one can calculate

E [g_{k}^{A}] = m + E [{(y_{k}^{a} + 2 r_{k})}^{T} P^{- 1} y_{k}^{a}] .

(53)

It can be seen from (53) that if $y_{k}^{a} = - 2 r_{k}$ , then an attacker can launch stealthy A-FDI attacks. However, the exact value of $r_{k}$ is unknown to an adversary since the watermark $b_{k}$ is unavailable to him or her.

On the other hand, for the M-FDI attack, one can derive

{\tilde{y}}_{k}^{'} = - {\tilde{y}}_{k} + 2 b_{k}^{guess} .

(54)

It is noted that this situation is the same as discussed in (46), that is, $E [g_{k}^{M}] = m + 4 E [{(M_{k} + r_{k})}^{T} P^{- 1} (M_{k})]$ , where $M_{k} = - y_{k} + (b_{k}^{guess} - b_{k}) a_{k}^{- 1}$ .

Corollary 2. Consider the scenario that an attacker already knows the structure of ${\tilde{y}}_{k}$ and the specific value of $a_{k}$ , but cannot obtain the information of $b_{k}$ . The designed watermarks can only have effect on the detection rate of M-FDI attacks.

Only $b_{k}$ is available to an attacker

When the adversary can only obtain the information of $b_{k}$ , the guessed value $y_{k}^{guess}$ is given by

y_{k}^{guess} = \frac{{\tilde{y}}_{k} - b_{k}}{a_{k}^{guess}}

(55)

which implies

\begin{matrix} {\tilde{y}}_{k}^{'} = a_{k}^{guess} (Γ_{k} y_{k}^{guess} + μ_{k}) + b_{k} \\ = Γ_{k} {\tilde{y}}_{k} + a_{k}^{guess} μ_{k} + (1 - Γ_{k}) b_{k} . \end{matrix}

(56)

For the A-FDI attack, one can derive that

{\tilde{y}}_{k}^{'} = {\tilde{y}}_{k} + a_{k}^{guess} y_{k}^{a} .

(57)

and

y_{k}^{'} = \frac{{\tilde{y}}_{k}^{'} - b_{k}}{a_{k}} = y_{k} + \frac{a_{k}^{guess}}{a_{k}} y_{k}^{a}

(58)

It is noted that (58) is the same as given in (44), which implies

E [g_{k}^{A}] = m + E [{(\frac{a_{k}^{guess}}{a_{k}} y_{k}^{a} + 2 r_{k})}^{T} P^{- 1} (\frac{a_{k}^{guess}}{a_{k}} y_{k}^{a})] .

Similarly, when the M-FDI attack is considered, one can compute

{\tilde{y}}_{k}^{'} = - {\tilde{y}}_{k} + 2 b_{k} .

(59)

and

y_{k}^{'} = \frac{{\tilde{y}}_{k}^{'} - b_{k}}{a_{k}} = - y_{k}

(60)

which implies that the corresponding M-FDI attack is the optimal linear attack without being detected.

Corollary 3. Consider the case that an attacker already knows the structure of ${\tilde{y}}_{k}$ and the specific value of $b_{k}$ , but cannot obtain the value of $a_{k}$ . The designed watermarks can only have effect on the detection rate of A-FDI attacks.

Numerical examples

In this section, numerical simulation will be given to illustrate the effectiveness of the proposed results. For the linear system described by (1)–(2), we adopt the same system parameters as that utilized in,²⁹ where

A = [\begin{matrix} 0.716 & 0.245 & 0.211 & 0.031 \\ 0.113 & 0.341 & 0.234 & 0.109 \\ 0.039 & 0.231 & 0.467 & 0.019 \\ 0.019 & 0.171 & 0.012 & 0.321 \end{matrix}],

C = [\begin{matrix} 0.121 & 0.828 & 0.164 & 0.245 \\ 0.635 & 0.413 & 0.517 & 0.131 \\ 0.234 & 0.598 & 0.658 & 0.325 \\ 0.351 & 0.765 & 0.126 & 0.989 \end{matrix}],

Q = diag {0.228, 0.316, 0.683, 0.461},

R = diag {0.131, 0.138, 0.123, 0.102} .

The window size $J$ of the $χ^{2}$ detector is set to 1, the confidence coefficient is 95%, and the degree of freedom is 4. According to the critical value table of the $χ^{2}$ distribution, $β = 9.488$ can be obtained. Assume that $a_{k} \in (0, 0.001]$ and $b_{k} ~ N (0, 1)$ , generated dynamically within a bounded interval, are given in Figures 2 and 3, respectively. In addition, it is assumed that the attacker launches attacks during the time intervals [20,35] and [60,75]. In addition, the attack vector $y_{k}^{a} \in [0, 1]$ launched by the adversary is shown in Figure 4.

Figure 2.

The watermark $a_{k}$ .

Figure 3.

The watermark $b_{k}$ on each channel.

Figure 4.

The attack vector $y_{k}^{a}$ on each channel.

Case 1: Both $a_{k}$ and $b_{k}$ are not available to an attacker

In this situation, both watermarks $a_{k}$ and $b_{k}$ are not available to an attacker and the simulation result is given in Figure 5. It is can be seen from Figure 5 that almost all A-FDI and M-FDI attacks can be detected, which implies that it is difficult for an adversary to launch stealthy A-FDI and M-FDI attacks. In this section, 0 and 1 represent that the system is attack-free and attacked, respectively.

Figure 5.

The attack detection result when both $a_{k}$ and $b_{k}$ are not available.

Case 2: Only $a_{k}$ is available to an attacker

When an attacker can only obtain the knowledge of $a_{k}$ , the simulation result is given in Figure 6. It can be seen from Figure 6 that the designed watermark-based defense strategy is only effective for detecting M-FDI attacks. On the other hand, since the A-FDI attack cannot be detected, the remote estimator uses the sensor data including the attack to estimate the state of the system, which implies that the system can be threatened by the A-FDI attacks.

Figure 6.

The attack detection result when only $a_{k}$ is available to an attacker.

Case 3: Only $b_{k}$ is available to an attacker

In this case, an adversary can only obtain the information of $b_{k}$ and the simulation result is given in Figure 7. It can be seen from Figure 7 that the designed watermarks are only effective for detecting A-FDI attacks. On the other hand, since the M-FDI attack cannot be detected, the remote estimator uses the sensor data including the attack to estimate the state of the system, which implies that the system can be deteriorated by malicious M-FDI attacks.

Figure 7.

The attack detection result when only $b_{k}$ is available to an attacker.

Conclusions

In this paper, a proactive defense strategy based on dynamic watermark encryption is proposed to detect both A-FDI and M-FDI attacks. In addition, the data output by the sensor is encrypted and decrypted, which could greatly improve the attack detection rate. Moreover, the watermarks do not affect the system performance in the absence of attacks. When the watermarks are well designed, the attack detection rate of $χ^{2}$ detector can be greatly improved. Furthermore, three different attack detection scenarios have been analyzed and the corresponding results are demonstrated through numerical simulation examples. The results show that the detection rate of both A-FDI and M-FDI attacks can be greatly improved if the watermarks $a_{k}$ and $b_{k}$ are not available to an adversary.

Footnotes

ORCID iD

Junjie Lu

Informed consent/Patient consent

Written informed consent for publication was obtained from all participants

Funding

The author(s) disclosed receipt of the following financial support for the research, authorship, and/or publication of this article: This work is supported by the project of Wenhua College(2024T01)

Declaration of conflicting interests

The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Data availability statement

Data sharing not applicable to this article as no datasets were generated or analyzed during the current study.

Trial registration number/date

Not applicable

References

Jin

, et al. Twisting-based finite-time consensus for Euler-Lagrange systems with an event-triggered strategy. IEEE Trans Netw Sci Eng 2020; 7(3): 1007–1018.

Feng

Cyber-physical zero trust architecture for industrial cyber-physical systems. IEEE Trans Ind Cyber Phys Syst 2023; 1: 394–405.

Gheitasi

Lucia

A worst-case approach to safety and reference tracking for cyber-physical systems under network attacks. IEEE Trans Automat Contr 2023; 68(7): 1–4397.

Liu

Yang

Zhao

, et al. Multi-tree compact hierarchical tensor recurrent neural networks for intelligent transportation system edge devices. IEEE Trans Intell Transp Syst 2024; 25(8): 8719–8729.

Han

, et al. Novel long short-term memory model based on the attention mechanism for the leakage detection of water supply processes. IEEE Trans Syst Man Cybern Syst 2024; 54(5): 2786–2796.

Pang

, et al. Enabling efficient and malicious secure data aggregation in smart grid with false data detection. IEEE Trans Smart Grid 2024; 15(2): 2203–2213.

Langner

Stuxnet: dissecting a cyberwarfare weapon. IEEE Secur Priv Mag 2011; 9(3): 49–51.

Wang

Tai

Tang

, et al. A review on false data injection attack toward cyber-physical power system. Acta Automatica Sinica 2019; 45(1): 101–183.

Dibaji

Pirani

Flamholz

, et al. A systems and control perspective of cps security. Annu Rev Control 2019; 47: 394–411.

10.

Teixeira

Shames

Sandberg

, et al. A secure control framework for resource-limited adversaries. Automatica 2015; 51: 135–148.

11.

ZG.

Constrained-differential-evolution-based stealthy sparse cyber-attack and countermeasure in an ac smart grid. IEEE Trans Ind Inform 2022; 18(8): 5275–5285.

12.

Huang

Differential evolution-based three stage dynamic cyber-attack of cyber-physical power systems. IEEE/ASME Trans Mechatron 2023; 28(2): 1137–1148.

13.

Yang

Lao

Chen

, et al. Resilient distributed control against false data injection attacks for demand response. IEEE Trans Power Syst 2024; 39(2): 2837–2853.

14.

Liu

Tang

Deng

, et al. Joint meter coding and moving target defense for detecting stealthy false data injection attacks in power system state estimation. IEEE Trans Ind Inform 2024; 20(3): 3371–3381.

15.

Yang

Wang

, et al. Detection of false data injection attack in power system based on Hellinger distance. IEEE Trans Ind Inform 2024; 20(2): 2119–2128.

16.

Rahman

Yan

Thepie Fapi

Adversarial artificial intelligence in blind false data injection in smart grid ac state estimation. IEEE Trans Ind Inform 2024; 20(6): 8873–8883.

17.

Sargolzaei

Yazdani

Abbaspour

, et al. Detection and mitigation of false data injection attacks in networked control systems. IEEE Trans Ind Electron 2020; 16(6): 4281–4292.

18.

Guo

Shi

Johansson

, et al. Optimal linear cyber-attack on remote state estimation. IEEE Trans Control Netw Syst 2017; 4(1): 4–13.

19.

Satchidanandan

Kumar

PR.

Dynamic watermarking: active defense of networked cyber-physical systems. Proc IEEE 2017; 105(2): 219–240.

20.

Sinopoli

Secure control against replay attacks. In: 2009 47th annual Allerton conference on communication, control, and computing (Allerton), 2009, pp.911–918.

21.

Fang

Cheng

, et al. Optimal periodic watermarking schedule for replay attack detection in cyber-physical systems. Automatica 2020; 112: 108698.

22.

Weerakkody

Sinopoli

. Detecting integrity attacks on control systems using robust physical watermarking. In: Proceedings of the IEEE conference on decision and control, 2015, pp.3757–3764.

23.

Huang

DWC

, et al. Secure remote state estimation against linear man-in-the-middle attacks using watermarking. Automatica 2020; 121: 109182.

24.

Ghaderi

Gheitasi

Lucia

A blended active detection strategy for false data injection attacks in cyber-physical systems. IEEE Trans Control Netw Syst 2021; 8(1): 168–176.

25.

Anderson

BDO

Moore

Eslami

. Optimal filtering. IEEE Trans Syst Man Cybern 2007; 12(2): 235–236.

26.

Mehra

Peschon

An innovations approach to fault detection and diagnosis in dynamic systems. Automatica 1971; 7(5): 637–640.

27.

Courtois

. The dark side of security by obscurity - and cloning MiFare classic rail and building passes, anywhere, anytime. In: International conference on secrypt, 2015.

28.

Cleveland

. IEC TC57 security standards for the power system’s information infrastructure - beyond simple encryption. In: Transmission & distribution conference & exhibition, 2006.

29.

Shang

Chen

Optimal linear encryption against stealthy attacks on remote state estimation. IEEE Trans Automat Contr 2021; 66(8): 3592–3607.

A watermark-based defense strategy to improve the detection rate of false-data-injection attacks

Abstract

Keywords

Introduction

Problem formulation

System model

Kalman filter

χ 2 detector

Attacks model

Main results

Watermarking-based active defense strategy

Performance analysis when the system is attacked

Attack detection in different scenarios

Both a k and b k are not available to an attacker

Only a k is available to an attacker

Only b k is available to an attacker

Numerical examples

Case 1: Both a k and b k are not available to an attacker

Case 2: Only a k is available to an attacker

Case 3: Only b k is available to an attacker

Conclusions

Footnotes

ORCID iD

Informed consent/Patient consent

Funding

Declaration of conflicting interests

Data availability statement

Trial registration number/date

References

$χ^{2}$ detector

Both $a_{k}$ and $b_{k}$ are not available to an attacker

Only $a_{k}$ is available to an attacker

Only $b_{k}$ is available to an attacker

Case 1: Both $a_{k}$ and $b_{k}$ are not available to an attacker

Case 2: Only $a_{k}$ is available to an attacker

Case 3: Only $b_{k}$ is available to an attacker