FDI Attack,Detection And Its Implementation On Tipical Networked Control Systems

With the rapid development of communication,control,sensing and other technologies,networked control system(NCS)has played an important role in industrial automation,power grid,transportation and other infrastructures because of its high flexibility and reliability.However,due to the openness of the NCS,its sensors and actuators are vulnerable to attack,which can lead to data tampering and channel blocking.In recent years,there have been a large number of attacks against NCS infrastructures in the world,which have caused incalculable impacts.Therefore,it has important theoretical and practical application value to study security problems of NCS.Among many attack methods against NCS,the false data injection(FDI)attack is a new type of attack method,which can offset the data by tampering with the packets transmitted in the NCS,and can avoid the traditional bad data detection mechanism.Thus,it can destroy the stability of NCS.In this thesis,we analyze the security of NCS from perspective of attack and detection.Furthermore,we study the problem of NCS intrusion detection and attack value estimation under FDI attack by designing attack and detection scheme,finally we verify the feasibility of the scheme in typical NCS.The main work of this thesis is as follows:(1)To address the problem of how to realize network intrusion in NCS system,we design the attack method in the form of "man in the middle" attack.Firstly,we use Ettercap to achieve packet interception and forwarding.Further,we combined with Lua to achieve analysis of NCS data,especially encrypted data while injecting attack value in the form of bias attack to achieve tampering data.Finally,we verify the feasibility of the design method by simulating engraving machine data transmission experiment,and provide the basis for subsequent attack detection.(2)To address the problem of how to detect false data,we transform the problem of detecting false data into two classification problems.Then we use the support vector machine(SVM)method to distinguish the data injected with the attack value and verify the feasibility of the method by simulation experiment of network engraving machine.Meanwhile,to address the problem of determining the size of the attack value in intrusion detection,we introduce an adaptive kalman filtering method based on recursive least squares and a multi-sensor fusion estimation method to model the injected attack value as an unknown quantity in the state equation.We use joint state parameter estimation to track the attack value.Furthermore,we combine the adaptive kalman filter based on innovation,analyze the determination of the covariance difference based on the adaptive kalman filter method,and realize the adaptive measurement noise.Finally,we verify the effectiveness of the three methods through simulation experiments.(3)Through the networked inverted pendulum platform,the proposed network attack method and detection method are verified.The experimental results show that our network attack method is able to change the current state of the system.The accuracy of the intrusion detection method we use is basically above 90%.The introduced attack value estimation method can track the injected bias value more stably.Finally,we summarize the full thesis,and then point out the shortcomings as well as look forward to the future research directions.