A cyber-physical system (CPS) is a tight coupling of computational resources, network communication, and physical processes. They are composed of a set of networked components, including sensors, actuators, control processing units, and communication agents that instrument the physical world to make “smarter.” However, cyber components are also the source of new, unprecedented vulnerabilities to malicious attacks. In order to protect a CPS from attacks, three security levels of protection, detection, and identification are considered. In this chapter, we will discuss the identification level, i.e., secure state estimation and attack reconstruction of CPS with corrupted states and measurements. Considering different attack plans that may assault the states, sensors, or both of them, different online attack reconstruction approaches are discussed. Fixed-gain and adaptive-gain finite-time convergent observation algorithms, specifically sliding mode observers, are applied to online reconstruction of sensor and state attacks. Next, the corrupted measurements and states are to be cleaned up online in order to stop the attack propagation to the CPS via the control signal. The proposed methodologies are applied to an electric power network, whose states and sensors are under attack. Simulation results illustrate the efficacy of the proposed observers.
- cyber-physical systems
- sensor attack
- state attack
- sliding mode observers
Cyber-physical systems (CPS) are the integration of the cyber-world of computing and communications with the physical world. In many systems, control of a physical plant is integrated with a wireless communication network, for example, transportation networks, electric power networks, integrated biological systems, industrial automation systems, and economic systems [1, 2]. Since CPSs use open computation and communication platform architectures, they are vulnerable to suffering adversarial physical faults or cyber-attacks. Faults and cyber-attacks are referred to as attacks throughout this chapter.
Recent real-world cyber-attacks, including multiple power blackouts in Brazil , and the Stuxnet attack  in 2010, showed the importance of providing security to CPSs. Identification and modeling process as [5, 6] which are based on data can be seriously affected by corrupted data. As a result, information security techniques  may be not sufficient for protecting systems from sophisticated cyber-attacks. It is suggested in  that information security mechanisms have to be complemented by specially designed resilient control systems. Controlling CPS with sensors and actuators, who are hijacked/corrupted remotely or physically by the attackers, is a challenge. The use of novel control/observation algorithms is proposed in this chapter for recovering CPS performance online if an attacker penetrates the information security mechanisms.
Cyber security of CPS must provide three main security goals: availability, confidentiality, and integrity . This means that the CPS is to be accessible and usable upon demand, the information has to be kept secret from unauthorized users, and the trustworthiness of data has to be guaranteed. Lack of availability, confidentiality, and integrity yields denial of service, disclosure, and deception, respectively. A specific kind of deception attack called a replay attack has been investigated when the system model is unknown to the attackers but they have access to the all sensors [9, 10]. Replay attacks are carried out by “hijacking” the sensors, recording the readings for a certain time, and repeating such readings while injecting them together with an exogenous signal into the system’s sensors. It is shown that these attacks can be detected by injecting a random signal, unknown to the attacker, into the system. In the case when the system’s dynamic model is known to the attacker, another kind of deception attack, called a cover attack, has been studied in , and the proposed algorithm allows cancelling out the effect of this attack on the system dynamics. In systems with unstable modes, false data injection attacks are applied to make some unstable modes unobservable . Denial of service attacks assaults data availability through blocking information flows between different components of the CPS. The attacker can jam the communication channels, modify devices, and prevent them from sending data, violate the routing protocols, etc. . In a stealth attack, the attacker modifies some sensor readings by physically tampering with the individual meters or by getting access to some communication channels [14, 15]. As a result, detecting and isolating of cyber-attacks in CPSs has received immense attention . However, how to ensure the CPS can continue functioning properly if a cyber-attack has happened is another serious problem that should be investigated; therefore, the focus of this chapter is on resilient control of CPS.
In , new adaptive control architectures that can foil malicious sensor and actuator attacks are developed without reconstructing the attacks, by means of feedback control only. A sparse recovery algorithm is applied to reconstruct online the cyber-attacks in . Sliding mode control with advantages of quick response and strong robustness is one of the best approaches to control CPS [19, 20, 21, 22]. In , a finite-time convergent higher-order sliding mode (HOSM) observer, based on a HOSM differentiator and a sparse recovery algorithm, are used to reconstruct online the cyber-attack in a nonlinear system. Detection and observation of a scalar attack by a sliding mode observer (SMO) has been accomplished for a linearized differential-algebraic model of an electric power network when plant and sensor attacks do not occur simultaneously . Cyber-attacks against phasor measurement unit (PMU) networks are considered in , where a risk mitigation technique determines whether a certain PMU should be kept connected to network or removed. In  a sliding mode-based observation algorithm is used to reconstruct the attacks asymptotically. This reconstruction is approximate only, since pseudo-inverse techniques are used.
In this chapter, CPSs controlled by a control input subject to sensor attacks and state/plant attacks are considered. The corrupted measurements propagate the attack signals to the CPS through the control signals causing CPS performance degradation. The main challenge that is addressed in the chapter is online exact reconstruction of the sensor and state attacks with an application to an electric power network. The contribution of this chapter is:
Novel fixed and adaptive-gain SMO for the linearized/linear CPS under attack are proposed for the online reconstruction of sensor attacks. The time-varying attacks are reconstructed via the proposed SMO that includes a newly designed dynamic filter. Note that the well-known SMO proposed in  reconstructs the slow-varying perturbations only.
A super twisting SMO is applied to reconstruct the state/plant time-varying attacks of the linearized/linear CPS under attack.
For online state/plant attack reconstruction in nonlinear CPS under attack, a higher-order sliding mode disturbance observer  is used.
An algorithm that use sliding mode differentiation techniques  in concert with the finite-time convergent observer for the sparse signal recovery is applied to online reconstruction of time-varying attack in nonlinear CPS under attack when we have limited measurements and more possible sources of attack .
2. Motivation example: electric power network under attack
In a real-world power network, only a small group of generator rotor angles and rates is directly measured, and typical attacks aim at injecting disturbance signals that mainly affect the sensorless generators .
The small-signal version of the classic structure-preserving power network model is adopted to describe the dynamics of a power network. Consider a connected power network consisting of generators and load buses . The interconnection structure of the power network is encoded by a connected susceptance-weighted graph G. The vertices of G are the generators and the buses . The edges of G are the transmission lines and the connections weighted by their susceptance values. The Laplacian associated with the susceptance-weighted graph is the symmetric susceptance matrix defined by .
The CPS that motivates the results presented in this work is the US Western Electricity Coordinating Council (WECC) power system  under attack with three generators and six buses, whose electrical schematic is presented in Figure 1. The mathematical model of the power network in Figure 1 under sensor stealth attack and deception attack can be represented as the following descriptor equations that consist of differential and algebraic equations :
where the state vector includes the vector of rotor angles , the vector of generator speed deviations from synchronicity , as well as the vector of voltage angles at the buses . The is the measurement vector, is the Deception attack corrupting the states, and is the stealth attack vector spoofing the measurements. Note that the states of the plant are under attack even if they are not attacked directly but via propagation.
The measurement corruption attacks through an output control feedback. The matrices are diagonal whose nonzero entries consist of the damping coefficients and the normalized inertias of the generators, respectively:
The inputs and are due to known changes in the mechanical input power to the generators and real power demands at the loads. The matrices and are the attack distribution matrices, and is the output gain matrix. The withis giving by
Note that in a case of the nominal performance of the studied network. Consider the case when the outputs of system, which are the measurement sensors , are corrupted by the following stealth attacks.
The system (1) was simulated with and without above attacks. Based on the simulation results shown in Figures 2 and 3, the stealth attack in (4) yields inappropriate degradation of the power network performance.
This motivates why online reconstruction of the attacks followed by cleanup of the measurements prior to using them in control signal is of prime importance for retaining the performance of the power network (as it will be shown in Section VI where the proposed SMO is applied to achieve this goal). The case study of the power network (1) will be further discussed in details in Section 6.
3. Cyber-physical system dynamics
Consider the following completely observable and asymptotically stable system
where is the state vector, is a smooth vector field, denotes the attack/fault vector which is additive and matched to the control signal, is the measurement vector, , is the output smooth vector field, and denote the attack/fault distribution matrices. For notational convenience, and without affecting generality, the input distribution matrices can be partitioned as
where where .
Assumption (A1): are of full rank.
The attack/fault vector is partitioned accordingly as
Therefore, Eq. (5) can be rewritten as
where , represent the state and the sensor attack vectors, respectively. Different attack strategies are shown in Table 1 and discussed in Section 1.
|Attack plan||Access to all sensors||Need to know the system model|
|False data injection attack||√||√|
Since , the system (8) can be partitioned using a nonsingular transformation
selected so that
where with and where . Note that the state attack vector is additive and matched to the control input that is embedded in system Eq. (11) already.
4. Problem formulation
Assumption (A2): Attacks are detectable, i.e., the invariant zeros of Eq. (11) are stable.
The problem is to protect the closed loop system (11) from the sensor attack and state/plant attack by means of designing fixed-gain and adaptive-gain SMOs that allow: (a) reconstructing online the sensor attack , the state/plant attack , and the plant states so that
as time increases and.
(b) “cleanup” of the plant and sensors so that the dynamics of the CPS under attack (11) approaches,
as time increases, to.
Note that Eq. (13) represents the compensated CPS that converges to CPS without attack as time increases.
5. Results: secure state estimation
In this chapter, for the linearized case of the system in Eq. (5), two SMOs for state estimation and attack reconstruction are discussed. Two other SMO strategies for nonlinear system (5) are also proposed and investigated.
5.1 Attack reconstruction in linear system via filtering by adaptive sliding mode observer
Consider the linearized system in Eq. (5) with and
5.1.1 System’s transformation
is nonsingular and the change of coordinates creates, without loss of generality, a new state-space representation where
After the linear changing of coordinate, the CPS Eq. (14) is rewritten as
with , , , , , . It is well known that is observable if and only if is observable .
Defining a further change of coordinates where is the design matrix, then the system Eq. (17) can be rewritten as
where , , , , . Since is observable, there exist choices of the matrix so that the matrix is Hurwitz.
Assumption (A3): The attack and its derivative are norm bounded, i.e.,
and where and are known.
Since , there exists a nonsingular scaling matrix such that
where is nonsingular. Define as the scaling of the measured outputs according to . Partition the output of the CPS into unpolluted measurements and polluted measurements as
Scale state component and define . Then Eq. (18) can be rewritten as
where , , , , , and . Define , where and . Consequently the system in Eq. (21) can be written in partitioned form as
where is Hurwitz and the virtual measurement presents the protected measurements and shows the attacked/corrupted measurements.
5.1.2 Attack observation
A SMO is proposed to reconstruct the attack in order to clean up the measurements and states and to allow the use of clean measurement in the control signal.
Define a (sliding mode) observer for the system Eq. (22) as
are the gain matrices where , , , , , and the matrices and are user-selected Hurwitz matrices, while is symmetric negative definite. The injection signal is defined as
where scalar gain will be defined in the sequel, and is a positive design scalar.
Assumption (A4): Matrix is invertible, where .
Defining , then it follows where , , . It follows
The idea is to force a sliding motion on
The first main results, based on the SMO with the fixed-gain injection term, is formulated in the following theorem.
Theorem 1: Assuming (A3)–(A4) hold and satisfies the condition
Proof of the Theorem 1 is omitted for brevity.
Remark 1: The SMO (31) is a dynamic filter that allows reconstructing the time-varying attack . This filter is the main novel feature of the proposed observer.
5.1.3 Adaptive-gain attack observer design
In Eq. (29), it was assumed that the perturbation term is locally norm-bounded and in Eq. (25) is known. In many practical cases, the boundary of attacks is unknown, and the gain of the sliding mode injection term Eq. (25) in the fixed-gain observer in Eq. (23) can be overestimated. The gain overestimation could increase chattering that is difficult to attenuate.
The constant gain can be replaced by an adaptive-gain by applying the dual layer nested adaptive sliding mode observation algorithm , i.e.,
A sufficient condition to ensure sliding on in finite time is
An error signal is defined as
where the time-varying scalar satisfies an adaptive scheme. It is assumed that has the structure
where is a fixed positive scalar. The evolution of is chosen to satisfy an adaptive law :
where are design scalars. The second main results are summarized in Theorem 2 as:
Theorem 2: Consider the system in Eq. (27) and
for any given , , and, , then the injection term (32) exploiting the dual layer adaptive scheme given by Eqs. (35)–(37) drives to a domain in finite time and consequently ensures a sliding motion can be reached in finite time and sustained thereafter. The gains and remain bounded. The sensor attack signal is reconstructed as in Eq. (30) with the equivalent adaptive injection term or .
Proof of Theorem 2 is based on the results in  and is omitted for brevity.
5.2 State estimation and attack reconstruction in linear systems by using super twisting SMO
Consider the completely observable linearized system Eq. (11) with , , , that is,
where , , .
Assumption (A5): The number of uncorrupted/protected measurements is equal or larger than the number of state/plant attack, i.e., .
The system Eq. (40) is assumed to have an input-output vector relative degree , where relative degree for is defined as follows:
Without loss of generality, it is assumed that .
5.2.1 Attack observation
Assumption (A6): there exists a full rank matrix.
where integers are such that and are chosen such that is minimal.
where the matrices of appropriate dimensions and are to be designed, and is an injection vector
where is larger than the upper bound of unknown input .
The definition of the symmetric positive definite matrix can be found in . The auxiliary output is defined by
where the constituent signals in Eq. (45) are given from the continuous second-order sliding mode observer as
for , with
The scalar function is defined as
and the continuous injection term is given by the super twisting algorithm :
Theorem 3: Assuming the assumptions (A5) and (A6) hold for system Eq. (40), then state/plant attacks are reconstructed as follows:
Proof: Defining the state estimation error as and the augmented output estimation error with
then it follows that
By choosing suitable gains and in the output injections Eq. (49), then.
Since and by assumption the invariant zeros of the triple lie in the left half plane, based on the design methodologies in , It follows that is an asymptotically stable equilibrium point of Eq. (52) and dynamics are independent of once a sliding motion on the sliding manifold has been attained. During the sliding mode , it is
as ; then
where is the equivalent output error injection required to maintain the system on the sliding manifold. Since is full rank, the attack reconstruction is obtained as (50).
According to (A1), is full rank; then sensor attacks in Eq. (40) are reconstructed
5.3 The state and disturbance observer for nonlinear systems using higher-order sliding mode differentiator
Consider the locally stable system Eq. (11) where and are , , are smooth vector fields defined on an open . According to (A5), we consider here. The following properties introduced by Isidori  are assumed for .
Assumption (A7): The system in Eq. (11) is assumed to have vector relative degree and total relative degree , i.e.,
Assumption (A8): The following Lie derivative matrix is of full rank.
Assumption (A9): The distribution is involutive .
The system given by Eq. (11) with the involutive distribution and total relative degree can be rewritten as
With an involutive distribution as defined in (A9), it is always possible to identify the variables which satisfy
Assumption (A10): The norm-bounded solution of the internal dynamics is assumed to be locally asymptotically stable .
If assumption (A9) is satisfied, then it is always possible to find functions such that
is a local diffeomorphism in a neighborhood of any point , i.e.,
In order to estimate the derivatives of the output.
in finite time, higher-order sliding mode differentiators  are used here
for . By construction,
Therefore, the following exact estimates are available in finite time:
Next, integrate Eq. (60) with replaced by ; estimate of internal dynamics is
and with some initial condition from the stability domain of the internal dynamics, a asymptotic estimate can be obtained locally
Therefore, the asymptotic estimate for the mapping (63) is identified as
Since the finite-time exact estimates of , are available via the higher-order sliding mode differentiator, and using the estimates for , an asymptotic estimate of disturbance in Eq. (11) is identified as .
where . Finally, and are obtained.
Remark 3: The convergence can be achieved only locally and as time increases due to the local asymptotic stability of the norm-bounded solution of the internal dynamics . However convergence will be achieved in finite time if the total relative degree and no internal dynamics exist.
Considering Eq. (11) and is full rank, sensor attack can be reconstructed as
5.4 Attack reconstruction in nonlinear system by sparse recovery algorithm
In some applications, there are a limited number of measurements, , and more sources of attack, . Previously, we investigated the cases where . Now, consider system (5) with more attacks than measurements, .
Notice that a more general format of (5) is considered here where matrix is a function of as well.
Assumption (A11): Assume that the attack vector is sparse, meaning that numerous attacks are possible, but the attacks are not coordinated, and only few nonzero attacks happen at the same time.
5.4.1 Sparse recovering algorithm
The problem of recovering an unknown input signal from measurements is well known, as a left invertibility problem, as seen in several works [30, 37], but this problem was only treated in the case where the number of measurements is equal or greater than the number of unknown inputs. The left invertibility problem in the case of fewer measurements than unknown inputs has no solution or more exactly has an infinity of solutions.
In particular, the objective of exact recovery under sparse assumptions denoted for the sake of simplicity as “sparse recovery” (SR) is to find a concise representation of a signal using a few atoms from some specified (over-complete) dictionary,
where are the unknown inputs with no more than nonzero entries, are the measurements, is a measurement noise, and is the dictionary where .
Definition 1: The Restricted Isometry Property (RIP) condition of -order with constant (is as small as possible for computational reasons) of the matrix yields
where is the sub-matrix of with active nodes.
The problem of SR is often cast as an optimization problem that minimizes a cost function constructed by leveraging the observation error term and the sparsity inducing term , i.e.,
In Eq. (77) the original sparsity term is the quasi norm ; but as long as the RIP conditions hold, it can be replaced by . Note that in Eq. (77) is the balancing parameter and is the critical point, i.e., the solution of Eq. (74). Typically, for sparse vectors with j-sparsity, where must be equal or smaller than , the solution to the SR problem is unique and coincides with the critical point of Eq. (74) providing that RIP condition for with order is verified. In other words, in order to guarantee the existence of a unique solution to the optimization problem Eq. (74), should satisfy restricted isometry property .
Under the sparse assumption of and the fulfillment of the j-RIP condition of the matrix , the estimation algorithm proposed in  is
where is the state vector, represents the estimate of the sparse signal of (74), and is a time-constant determined by the physical properties of the implementing system. and where is a continuous soft thresholding function:
where is chosen with respect to the noise and the minimum absolute value of the nonzero terms.
5.4.2 Attack reconstruction
The measured output under attack of the system Eq. (5) is fed to the input of the low-pass filter that facilitates filtering out the possible measurement noise
where , and
If assumption (A2), (A7), and (A9) hold for system Eq. (81), i.e., the relative degree vector of Eq. (81) is , the distribution is involutive, and if zero dynamics exist, they are assumed asymptotically stable and may be left alone. Here it is assumed that there are no zero dynamics in system Eq. (81) and it is presented as
for , where is the entry of vector and satisfies
Then, the following algebraic equation is found from Eq. (84):
where , , and
6. Case study
Consider the mathematical models (1)–(4) of the US Western Electricity Coordinating Council (WECC) power system  with three generators and six buses (Figure 1) when the sensors of the generator speed deviations from synchronicity are under stealth attack and plant is under deception attack.
Assumption (A12): The matrix in (3) is nonsingular.
If (A12) holds, then the variable can be rewritten as
6.1 Simulation setup
The three sensors of rotor angles, , are assumed protected from attack, but the three sensors of the generator speed deviations from synchronicity, , are assumed to be attacked.
The are given, and then Eq. (88) is reduced to
Remark 5: satisfies RIP condition defined in Eq. (75).
In the first step of attack reconstruction, is estimated by using protected measurements and the SMO described in Section 5.2. It is easy to verify that
There are six sources attacking three measurements , and at any time, just one out of six attack signals is nonzero. The SR algorithm in Section 5.2 is applied to find . The following attacks are considered for simulation.
Deception attacks , , and are reconstructed very accurately as shown in Figures 4–6. The only nonzero sensor attack is detected and accurately estimated by using the SR algorithm as shown in Figure 7. In Figure 8a and 8b, the corrupted system outputs (which are system states in our case) are compared to the “cleaned” outputs that are computed by subtracting the estimated attacks from the corrupted sensors and actuators and to the system outputs when the system is not under attack.
The critical infrastructures like power grid, water resources, etc. are large interconnected cyber-physical systems whose reliable operation depends critically on their cyber substructure. In this chapter, cyber-physical systems when their sensors and/or states are under attack or experiencing faults are investigated. The sensor and states/plant attacks are reconstructed online by using a fixed-gain and adaptive-gain sliding mode observers. As soon as the attacks are reconstructed, corrupted measurements and states are cleaned from attacks, and the control signal that uses cleaned measurements provides cyber-physical system performance close to the one without attack. The effectiveness of the proposed approach is shown by simulation results of a real electrical power network with sensors under stealth attack and states under deception attacks.