Security analysis for Cyber-Physical Systems against stealthy deception attacks

Abstract

Security of Cyber-Physical Systems (CPS) against cyber attacks is an important yet challenging problem. Since most cyber attacks happen in erratic ways, it is difficult to describe them systematically. In this paper, instead of identifying a specific cyber attack model, we are focused on analyzing the system's response during cyber attacks. Deception attacks (or false data injection attacks), which are performed by tampering with system components or data, are not of particular concern if they can be easily detected by the system's monitoring system. However, intelligent cyber attackers can avoid being detected by the monitoring system by carefully design cyber attacks. Our main objective is to investigate the performance of such stealthy deception attacks from the system's perspective. We investigate three kinds of stealthy deception attacks according to the attacker's ability to compromise the system. Based on the information about the dynamics of the system and existing hypothesis testing algorithms, we derive the necessary and sufficient conditions under which the attacker could perform each kind of attack without being detected. In the end, we illustrate the threat of these cyber attacks using an Unmanned Aerial Vehicle (UAV) navigation example.