Defense Against Malicious Parameter Identification
System Immersion Coding and Hybrid Multiplicative Watermarking
J. ZHANG (TU Delft - Electrical Engineering, Mathematics and Computer Science)
R. Ferrari – Mentor (TU Delft - Team Riccardo Ferrari)
A.J. Gallo – Mentor (TU Delft - Team Riccardo Ferrari)
P. Palensky – Graduation committee member (TU Delft - Intelligent Electrical Power Grids)
P. Mohajerin Esfahani – Graduation committee member (TU Delft - Team Peyman Mohajerin Esfahani)
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
Cyber-physical systems are vulnerable to malicious attacks, which can lead to severe consequences. Active detection methods have emerged as a promising approach for identifying such attacks. However, existing active detection methods are susceptible to malicious parameter identification attacks, where attackers exploit eavesdropped data to identify and manipulate the active detection mechanisms. In this work, we propose two methods to address the issue of malicious parameter identification: the system immersion coding method and the hybrid multiplicative watermarking method. These approaches have a primal focus on disturbing the identification of attackers and defending against malicious parameter identification. Besides, as active detection methods, both of them are capable of detecting multiple attacks.
The system immersion coding method, derived from the privacy solution in federated learning, is adapted to enhance its capability to detect malicious attacks by merging the input information and defend malicious parameter identification by leveraging its privacy-preserving properties. This method involves mapping the plant output into a higher-dimensional space and introducing carefully defined noise, which can create arbitrarily large disturbances without compromising performance. The introduced disturbance disrupts the attacker's parameter estimation. Theoretical conditions are provided to discuss the detection performance of replay attacks, control-signal-injection zero-dynamics attacks, and sensor-signal-injection zero-dynamics attacks. However, we also identify that the system immersion coding method is vulnerable to known-plaintext attacks.
Watermarking is a promising active diagnosis technique for the detection of highly sophisticated attacks. Motivated by the computational hardness problems of cryptography analysis, we propose a hybrid multiplicative watermarking scheme as an active diagnosis technique. In this scheme, watermarking parameters are periodically updated based on the dynamics of unobservable states in specifically designed piecewise affine (PWA) hybrid systems. We conduct a theoretical analysis to assess the impact of this scheme on closed-loop performance, demonstrating its stability preservation. We also provide conditions to detect replay attacks and control-signal-injection zero-dynamics attacks. Furthermore, we demonstrate that the proposed approach makes it challenging for an eavesdropper to reconstruct watermarking parameters, considering both computational complexity and systems theoretic perspectives.