센서에 대한 악의적 공격, 은밀한 공격, 통합 그리고 기만 공격, 보안성 폐 루프 제어 시스템, 센서 공격으로부터 자율 복원 가능한 제어 시스템
Security of feedback control systems against malicious attacks has received increasing attention recently. This is because, combined with advances in computing and communications, feedback control systems now operate in a more connected manner with remotely located sensors, actuators, and other sub-systems, which increase the system vulnerability for the malicious attacks compared to isolated ones in the past. The main topic of the dissertation is the design of control systems that are resilient against malicious attacks on the sensors. The reason why we address the sensor attacks is that the sensors are vulnerable system components that are directly connected to the feedback loop of control systems. Attacks on sensors fall into two categories: integrity attacks such as bias, random, and periodic signal injection that degrade the performance of the control systems resulting in the output deviation from the desired trajectory; and deception attacks such as replay attack that hide the effect of the attack in the output while driving the state of the system to a undesired region. The most notable characteristic of these attacks is the stealthiness, which is the property of avoiding being detected by a state observer based anomaly detector while the large amount of false data is injected on sensor outputs. Therefore, more advanced countermeasures against stealthy sensor attacks are required for design of the resilient control system.
As a countermeasure for the integrity attack, a resilient state estimation method is proposed that estimates the system states correctly even in the presence of the sensor attacks. The method employs a bank of state observers combined through median operations and achieves asymptotic convergence of the estimation errors despite attacks on some sensors (not all). In addition, the effect of sensor noise and process disturbance is also considered. For bounded sensor noise and process disturbance, the proposed method eliminates the effect of attack, and achieves state estimation error within a bound proportional to those of sensor noise and process disturbance.
For deception attacks, we first show that a novel type of sensor attack exists, and propose a countermeasure (detection mechanism) that enhances the resiliency of the control systems. The novel attack, referred to as pole-dynamics attack, is contrived that is effective on the linear system having unstable pole-dynamics. The strategy of this attack is to excite the unstable modes of the system while canceling the unstable behavior in the sensor output. Consequently, the unstable behaviors are not fed back to the controller so that the closed-loop system loses stability. This attack is similar to the well known zero-dynamics attack on actuators. To construct the pole-dynamics attack, the exact system model knowledge must be given to the adversary. For the situation that only limited knowledge on the target system dynamics is known to the adversary, we further present a robust pole-dynamics attack that impedes the stabilizing function of the feedback controller. This is done by adopting a mechanism similar to a disturbance observer that absorbs the effect of the mismatch between the nominal and actual dynamics until the attack succeeds. The success of the attack is defined by the norm of the system state exceeding a threshold.
As a detection mechanism of the pole-dynamics attack, we employ a switching mechanism of two control modes. The first is the normal control (NC) mode, where a linear controller and a state observer-based anomaly detector are in operation. The second is the attack detection control (ADC) mode where a linear controller and a detector that are different from those used in NC mode are used with an additional secret entity (in the sense that the existence of this entity is not known to the adversary). This secret entity is connected to the physical plant through a channel independent from the corrupted network. When ADC mode is engaged, the overall closed loop system dynamics change, which breaks the stealthiness of the pole dynamics attack. The NC mode has no detection capability but plays a role of concealing the presence of the ADC mode from attackers. Timing of the switching is determined in order to maintain the stability and the performance of the closed loop system. As a result, the detection mechanism gives resiliency against the pole-dynamics attack.
Finally, we present experimental results to illustrate the effectiveness of the proposed state estimation method using magnetic levitation system. The pole-dynamics attack and its detection scheme are illustrated by simulations of quadrotor flight control systems.
Table Of Contents
1 Introduction 1 1.1 Background and Related Work 1 1.2 Problems Addressed 6 1.3 Contribution and Outline of Dissertation 7 2 Resilient State Estimation for Control Systems 11 2.1 Problem Formulation 12 2.2 Resilient State Estimation 15 2.2.1 Median Operation 15 2.2.2 Design of Resilient State Observer 16 2.2.3 Effect of Measurement Noise and Process Disturbance 18 2.3 Experiment 22 2.3.1 Modeling 22 2.3.2 Attack Scenario and State Estimation Results 23 2.3.3 Comparison with Existing Methods 24 2.4 Conclusion 28 3 A Stealthy Sensor Attack for Uncertain Cyber-Physical Systems 29 3.1 Related Work 30 3.1.1 Deception Attack 30 3.1.2 Zero-Dynamics Attack 31 3.1.3 Robust Zero-Dynamics Attack 31 3.2 System Description 32 3.3 Pole-dynamics Attack with Precise Model Knowledge 33 3.4 Robust Pole-dynamics Attack with limited Model Knowledge 35 3.5 Attack Illustrations 38 3.5.1 Control of Quadrotors 38 3.5.2 Control of Inverted Pendulums 41 3.6 Conclusions 45 4 Detection of Stealthy Sensor Attacks for Cyber-Physical Systems: A Secret Entity and Control Mode Switching Approach 49 4.1 System Description 50 4.2 Revealing Pole-Dynamics Attack by the Secret Entity 53 4.3 Design of Mode Switching Periods 56 4.3.1 Problem Statement 56 4.3.2 Main Results 57 4.3.3 Robust Pole-Dynamics Attack under Mode Switching Mechanism 60 4.4 Simulation 62 5 Modeling of Quadrotor Dynamics in a Wind Field 69 5.1 Modeling of Quadrotor Dynamics in a Wind Field 71 5.1.1 Classical Quadrotor Dynamics 71 5.1.2 Force on a Rotating Propeller 72 5.1.3 Drag Force and Drag Torque Modeling 75 5.2 Wind Tunnel Experiment for Parameter Identification 76 5.2.1 Wind Tunnel Experiment Setup 76 5.2.2 Parameter Estimation 79 5.3 Experimental Validation 84 5.3.1 Linearization and Controller Design 84 5.3.2 Analysis and Validation of Stability in the Wind Field 86 5.4 Conclusions 90 6 Conclusions of Dissertation 99 국문초록 114