Denial-of-Service Attack And Defense Strategy For Remote State Estimation In Cyber Physical Systems

Cyber-Physical Systems(CPS)usually comprise components that can implement control,communication,and computation.Their scope of application ranges im-mensely from transportation systems and power networks to smart buildings and process industry.In CPS,wireless sensors are progressively used as communication compo-nents and the alternative to wired sensors in tradition due to their easy deployment and maintenance.This,however,exposes systems to malicious threats.The recent years have seen a surge of security issues of CPS.Researchers have devoted efforts in study-ing security issues in CPS.Remote state estimation as the key componet of control in CPS also got a lot of attention.Besides,it matters a lot to classify different attacks.Attacks can be typically classified into two categories:Denial-of-Service(DoS)attacks and deception attacks,and therein,DoS attack is the most reachable attack pattern.But the DoS attacker subject to the limited energy budget cannot launch attacks arbitrarily so that it is not easy to design the corresponding defense strategies against the unknown attack policies.Therefore,this dissertation investigates the optimal DoS attack pol-icy against remote state estimation and the corresponding defense strategies.The main research contents in this dissertation are closely related.First,the optimal static DoS attack scheduling problem is investigated,and we obtain the corresponding theoreti-cal results on which the second main research content about the optimal static DoS attack energy allocation is further built.Then the optimal dynamic DoS attack energy allocation problem is introduced based on the second main research content.Finally,motivated by the aforementioned research contents on DoS attacks,the optimal defense strategy against DoS attacks is presented.The specific research contents are listed as follows:1)We study the optimal static DoS attack scheduling in the scenario of remote state estimation.A remote estimator receives the data packet sent by a sensor over a wire-less network at each time instant,and an energy-constrained attacker that cannot launch DoS attacks all the time designs the optimal DoS attack scheduling to maximize the attacking effect on the remote estimation performance.Most of the existing works con-cerning DoS attacks focus on the ideal scenario in which data packets can be received successfully if there is no DoS attack.To capture the unreliability nature of practical networks,we study the packet-dropping network in which packet dropouts may occur even in the absence of attack.We derive the optimal attack scheduling scheme that maximizes the average expected estimation error,and the one which maximizes the ex-pected terminal estimation error over packet-dropping networks.Besides,we consider the optimal static DoS attack scheduling problem under the multiple-sensor case.The asscociated optimal static DoS attack scheduling for the terminal error is derived when some conditions are satisfied.2)The problem of optimal static DoS attack energy allocation against remote state estimation is investigated.A DoS attacker with the limited power resource and the pur-pose of degrading the remote state estimation performance,jams the targeted wireless network through which the packet from a sensor is sent to a remote estimator.To de-grade the estimation quality most effectively with a given energy budget,the attacker aims to solve the problem of how much power to obstruct the channel each time,which is the optimal static DoS attack energy allocation problem.The existing works are built on an ideal network model in which the packet dropout never occurs when the attack is absent.To encompass wireless transmission losses,we work on the signal-to-interference-plus-noise ratio-based communication channel,and focus on the case when the attacker employs the constant power level.To maximize the expected termi-nal estimation error at the remote estimator,we provide some more relaxed sufficient conditions compared with the existing work for the existence of an explicit solution to the optimal static attack energy allocation problem and the solution is constructed.For the other important index of estimation performance,the average expected estimation error,the associated sufficient conditions are also derived based on a different analysis approach with the existing work.And a feasible method is presented for both indexes to seek the optimal constant attack power level when the system fails to meet the proposed sufficient conditions.3)The problem of optimal dynamic DoS attack energy allocation against remote state estimation is investigated.When the real-time Acknowledgement(ACK)infor-mation can be acquired,the DoS attacker could figure out whether the packet dropout occured at the previous time instant.And the DoS attack could dynamically allocate the total energy,which could lead to greater estimation performance degradation in com-parison with the static energy allocation.To this end,a Markov decision process(MDP)based algorithm is designed to search the optimal dynamic jamming power allocation strategy.We further study the optimal tradeoff between attack energy and estimation performance degradation.Specifically,by moving the energy constraint into the ob-jective function to maximize the system index and minimize the energy consumption simultaneously,the other MDP based algorithm is proposed to find the optimal dynamic attack power policy which is further shown to have a monotone structure.4)Optimal defense strategy against DoS attacks for remote state estimation is in-vestigated.The sensor sends the data packet to the remote estimator through the wire-less communication link in the scenario of remote state estimation.The packet dropout probability will increase greatly if the transmission is under DoS attacks.A typical de-fense strategy is increasing the transmission power of the sensor.However,the battery-powered sensor has a limited energy budget,and thus has the issue of how to allocate the total energy.For the terminal error,the 0-1 sensor scheduling problem has been solved while the corresponding problem for the average error remains unsolved.We de-rived the optimal static sensor scheduling for the average error when the probability of packet dropout is greater than some lower bound.And the optimal static sensor energy allocation for the terminal error is proposed.