Cyber attacks with bounded sensor reading edits for partially-observed discrete event systems
The problem of cyber attacks with bounded sensor reading edits for partially-observed discrete event systems is considered. An operator observes a plant through an observation mask that does not allow him to detect the occurrence of certain events (silent events). The observation is corrupted by an attacker who can insert and erase some sensor readings. The operator observes the system evolution in order to validate if a state in a given set of unsafe states is reached. The attacker corrupts the observation with the aim of preventing the operator to verify when an interesting state has been reached. Furthermore, the attacker wants to remain stealthy, namely he wants the operator does not realize that someone is corrupting his observation. An automaton, called attack structure is proposed, which supports the attacker in defining an effective attack. In more detail, first, the unbounded attack structure is obtained by doing the concurrent composition of two state observers, the attacker observer and the operator observer. Then, the n-bounded attack structure, for a given integer value of n, is obtained by doing the concurrent composition of the unbounded attack structure and an n-bounded attack automaton. Finally, the n-bounded attack structure can be made supremal and stealthy by appropriately trimming the previous attack structure. A stealthy attacker can elaborate his strategy looking at the supremal stealthy attack substructure and may result in different degrees of effectiveness: strong, weak or vain. The proposed approach can be dually used to verify if such an attack could be effective for the given system, thus to establish if the system is safe under attack.
READ FULL TEXT