CN108196448A - False data injection attacks method based on inaccurate mathematical model - Google Patents

False data injection attacks method based on inaccurate mathematical model Download PDF

Info

Publication number
CN108196448A
CN108196448A CN201711423638.6A CN201711423638A CN108196448A CN 108196448 A CN108196448 A CN 108196448A CN 201711423638 A CN201711423638 A CN 201711423638A CN 108196448 A CN108196448 A CN 108196448A
Authority
CN
China
Prior art keywords
sensor reading
false
mathematical model
false data
controlled device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711423638.6A
Other languages
Chinese (zh)
Inventor
孙健
侯方圆
陈杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Institute of Technology BIT
Original Assignee
Beijing Institute of Technology BIT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Institute of Technology BIT filed Critical Beijing Institute of Technology BIT
Priority to CN201711423638.6A priority Critical patent/CN108196448A/en
Publication of CN108196448A publication Critical patent/CN108196448A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B13/00Adaptive control systems, i.e. systems automatically adjusting themselves to have a performance which is optimum according to some preassigned criterion
    • G05B13/02Adaptive control systems, i.e. systems automatically adjusting themselves to have a performance which is optimum according to some preassigned criterion electric
    • G05B13/04Adaptive control systems, i.e. systems automatically adjusting themselves to have a performance which is optimum according to some preassigned criterion electric involving the use of models or simulators
    • G05B13/042Adaptive control systems, i.e. systems automatically adjusting themselves to have a performance which is optimum according to some preassigned criterion electric involving the use of models or simulators in which a parameter or coefficient is automatically adjusted to optimise the performance

Abstract

The present invention provides a kind of false data injection attacks method based on inaccurate mathematical model, the performance of control system can be successfully destroyed, without being detected by the detector.Sensor reading and control instruction are stolen in network channel, pick out the inaccurate mathematical model parameter of controlled device, according to the inaccurate mathematical model parameter of identification and the sensor reading and control instruction, design false data attack sequence, the false data attack sequence is injected into sensor reading and forms false sensor reading, the false sensor reading is transferred to controller, whether controller has unusual condition, and generate control instruction according to false sensor reading and send controlled device to according to false sensor reading come detecting system.The present invention is suitable for protection effect of the test control system for false data injection attacks, and the design for defence method provides means of testing.

Description

False data injection attacks method based on inaccurate mathematical model
Technical field
The present invention relates to a kind of false data injection attacks methods based on inaccurate mathematical model, belong to control system peace Full field is the design of defence method suitable for test information physical system for the protection effect of false data injection attacks Means of testing is provided.
Background technology
Information physical system is that computing resource cooperates with being closely integrated for physical resource with depth, has a wide range of applications neck Domain, such as:Intelligent grid, intelligent transportation, Chemical Engineering Process Control, health care etc..With the extensive use of information physical system, Particularly in the application of critical infrastructures so that the key that safety problem becomes the development of constraint information physical system is asked Topic.It can be in network channel by network traffic, attacker between controller and controlled device in information physical system In steal sensor reading and control instruction, by analyzing and being calculated the mathematical model of controlled device, then design is concealed Attack destroys the performance of control system, without being detected by the detector.Common Stealthier Attacks mainly has:False data injection is attacked Hit, Replay Attack, zero dy namics attack etc..
In recent years, the research of false data injection attacks mainly has:Design false data injection attacks sensor reading;If The encoder matrix of flowmeter sensor reading, active detecting false data injection attacks;Analyze performance and the constraint of ε-Stealthier Attacks.Weight The research for putting attack mainly has:White Gaussian noise is added in control instruction, improves the verification and measurement ratio of Replay Attack;Design optimal control Strategy is made to weigh the verification and measurement ratio of the performance of control system and Replay Attack.The research of zero dy namics attack mainly has:For not true Determine information physical system, design Robust Zero dynamic attacks;By changing system structure, the attack of active detecting zero dy namics.
At present, common false data injection attacks are mainly based upon accurate mathematical model, and attacker is according to accurate Design of Mathematical Model attack sequence successfully destroys the performance of control system, without being detected by the detector.However, it is controlled in the modern times Usually there is higher-dimension, random noise, attacker is difficult to establish accurate mathematical model in system processed.
Invention content
In view of this, the present invention provides a kind of false data injection attacks method based on inaccurate mathematical model, can Success destroys the performance of control system, without being detected by the detector.
A kind of false data injection attacks method based on inaccurate mathematical model, includes the following steps:
Sensor reading and control instruction are stolen in network channel, picks out the inaccurate mathematical model ginseng of controlled device Number, according to the inaccurate mathematical model parameter of identification and the sensor reading and control instruction, design false data attack The false data attack sequence is injected into sensor reading and forms false sensor reading by sequence, by the false biography Sensor reading is transferred to controller, and whether controller has a unusual condition according to false sensor reading come detecting system, and according to False sensor reading generation control instruction sends controlled device to.
Further, the false data attack sequence uses the following formula:
Wherein, Aa、Ba、CaIt is the inaccurate mathematical model parameter of the controlled device picked out, yc(k) it is controlled device Real sensor reading,Be attacker under fire after state estimation, uc(k-1) be control system under fire after Controller sends the control instruction of controlled device to, and γ (k) is that zero-mean covariance matrix is PzaWhite Gaussian noise, wherein Pza=CaPa(k|k-1)Ca T+Ra, Pa(k | k-1) represent that k-1 moment evaluated errors covariance matrix predicts the evaluated error at k moment Covariance matrix, RaIt is the covariance matrix of the measurement noise of the controlled device picked out.
Beneficial effects of the present invention:
1st, attacker steals sensor reading and control instruction in network channel, picks out the inaccurate number of controlled device Model parameter is learned, false data attack sequence is designed according to inaccurate mathematical model parameter, reduces being calculated as attacker This
2nd, the false data attack sequence that attacker designs according to inaccurate mathematical model parameter, after can causing attack Control system residual error is small as possible, successfully hides the testing mechanism of control system.
3rd, the present invention is suitable for protection effect of the test information physical system for false data injection attacks, is defender The design of method provides means of testing, there is very important meaning in practical applications.
Description of the drawings
Fig. 1 is false data injection attacks control system architecture figure of the present invention.
Specific embodiment
The present invention will now be described in detail with reference to the accompanying drawings and examples.
The present invention provides a kind of false data injection attacks method based on inaccurate mathematical model, the designs of this method Principle is:With the angle of attacker, according to the inaccurate Design of Mathematical Model false data attack sequence of identification, it is intended to destroy control The performance of system processed, without being detected by the detector.
It is linear discrete time-invariable system firstly the need of the plant model illustrated in the present invention
Wherein, x (k) ∈ RnIt is state vector, u (k) ∈ RmIt is input vector, y (k) ∈ RqIt is output vector, ω (k) and υ (k) white Gaussian noise that zero-mean covariance is Q and R respectively, n, m are independent from each other, q represents state vector, input respectively The dimension of vector, output vector, A, B, C are respectively the model parameter of controlled device, and k represents the time of running.
Definition status is estimated:
Wherein,Kalman filtering gain K (k) is asked by the following formula Solution:
Define residual error:
Residual error is that zero-mean covariance is PzWhite Gaussian noise
Pz=CP (k | k-1) CT+R (5)
STATE FEEDBACK CONTROL strategy:
Wherein, L controls to obtain by Linear-Quadratic-Gauss.
Chi-square statistic device is the detector based on residual error, the abnormal conditions being widely used in detecting and controlling system, detection Amount is:
Wherein, g (k) is the χ that degree of freedom is m τ2Distribution, τ is window size.If g (k) is bigger than threshold value η, χ2Detector meeting Alarm is triggered, verification and measurement ratio is:
β (k)=P (g (k) > η) (8)
As shown in Figure 1, the false data injection attacks method of the present invention carries out in the following way:
Step 1:Attacker steals a series of sensor readings and control instruction in network channel, by analyzing and counting Calculation show that the mathematical model of controlled device is:
Wherein, xa(k)∈RnIt is state vector, ya(k)∈RqIt is output vector, ωa(k) be zero-mean covariance it is Qa's White Gaussian noise.
Definition status is estimated:
Kalman filtering gain Ka(k) calculating formula is:
Defining residual error is:
Residual error is that zero-mean covariance matrix is PzaWhite Gaussian noise
Pza=CaPa(k|k-1)Ca T+Ra (13)
Step 2: attacker according to the inaccurate mathematical model of identification and the sensor reading stolen in network channel and Control instruction, design false data attack sequence are injected into sensor reading, and false data attack sequence is:
Wherein, yc(k) be controlled device real sensor reading, uc(k-1) it is control after control system is attacked Instruction, γ (k) are that zero-mean covariance is PzaWhite Gaussian noise,It is the state after attacker's system is attacked Estimated value:
According to (6), (15) can be converted into the following formula:
Step 3: after control system is attacked, system dynamic is:
Controller is according to false sensor readingWhether carry out detecting system has a unusual condition, and according toIt is raw Controlled device is sent into control instruction.
State estimation after control system is attacked is:
Define the evaluated error after control system is attacked:
It is combined by (16), (18) and (19):
Wherein, E [] represents it is expected, M=[KCA+ (KCaBa-KCB)L-KCaAa]
If A is unstable, then E [Δ xc(k)] it is diverging, ifStablize, thenIt is convergent.
Residual error after control system is attacked is:
It can be obtained according to (20) and (21):
Wherein,
When stablizing,Covariance converge to following matrix:
Wherein, X is the solution of following Lyapunov Equation
It is independent from each other with γ (k), therefore residual error zc(k) it is zero mean Gaussian white noise, covariance square Battle array meets situations below:
The mathematic expectaion of g (k) is:
Wherein tr represents the mark of matrix.
G after being attackedc(k) mathematic expectaion is:
It is obtained with reference to (25),
Therefore, the verification and measurement ratio after attack:
Therefore, existStablize, A it is unstable andIn the case of, evaluated error is diverging, is detected Rate is lower than setting false alarm rate, i.e., attacker can successfully destroy the performance of control system, without being detected by the detector.
In conclusion the foregoing is merely a prefered embodiment of the invention, it is not intended to limit the scope of the present invention. All within the spirits and principles of the present invention, any modification, equivalent substitution, improvement and etc. done should be included in the present invention's Within protection domain.

Claims (2)

  1. A kind of 1. false data injection attacks method based on inaccurate mathematical model, which is characterized in that
    Sensor reading and control instruction are stolen in network channel, picks out the inaccurate mathematical model parameter of controlled device, According to the inaccurate mathematical model parameter of identification and the sensor reading and control instruction, false data attack sequence is generated The false data attack sequence is injected into sensor reading and forms false sensor reading by row, by the false sensing Device reading is transferred to controller, and whether controller has unusual condition, and according to void according to false sensor reading come detecting system False sensor reading generation control instruction sends controlled device to.
  2. 2. a kind of false data injection attacks method based on inaccurate mathematical model as described in claim 1, feature exist In the false data attack sequence uses the following formula:
    Wherein, Aa、Ba、CaIt is the inaccurate mathematical model parameter of the controlled device picked out, yc(k) be controlled device practical biography Sensor reading,Be attacker under fire after state estimation, uc(k-1) it is control system under fire rear controller Send the control instruction of controlled device to, γ (k) is that zero-mean covariance matrix is PzaWhite Gaussian noise, wherein Pza=CaPa (k|k-1)Ca T+Ra, Pa(k | k-1) represent that k-1 moment evaluated errors covariance matrix predicts the evaluated error covariance at k moment Matrix, RaIt is the covariance matrix of the measurement noise of the controlled device picked out.
CN201711423638.6A 2017-12-25 2017-12-25 False data injection attacks method based on inaccurate mathematical model Pending CN108196448A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711423638.6A CN108196448A (en) 2017-12-25 2017-12-25 False data injection attacks method based on inaccurate mathematical model

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711423638.6A CN108196448A (en) 2017-12-25 2017-12-25 False data injection attacks method based on inaccurate mathematical model

Publications (1)

Publication Number Publication Date
CN108196448A true CN108196448A (en) 2018-06-22

Family

ID=62583840

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711423638.6A Pending CN108196448A (en) 2017-12-25 2017-12-25 False data injection attacks method based on inaccurate mathematical model

Country Status (1)

Country Link
CN (1) CN108196448A (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109361678A (en) * 2018-11-05 2019-02-19 浙江工业大学 A kind of intelligent network connection automobile automatic cruising system false data detection method for injection attack
CN109375514A (en) * 2018-11-30 2019-02-22 沈阳航空航天大学 A kind of optimal track control device design method when the injection attacks there are false data
CN109670302A (en) * 2018-12-19 2019-04-23 浙江工业大学 A kind of classification method of the false data injection attacks based on SVM
CN109814381A (en) * 2019-01-08 2019-05-28 华东理工大学 A kind of Controller Design for Networked Control Systems method based on event triggering
CN109873833A (en) * 2019-03-11 2019-06-11 浙江工业大学 A kind of Data Injection Attacks detection method based on chi-Square measure KNN
CN110855683A (en) * 2019-11-18 2020-02-28 东北电力大学 Method for carrying out attack detection and reconstruction on electric power information physical system
CN110865616A (en) * 2019-11-07 2020-03-06 河南农业大学 Design method of event trigger zone memory DOF controller under random FDI attack
CN111079271A (en) * 2019-12-02 2020-04-28 浙江工业大学 Industrial information physical system attack detection method based on system residual fingerprint
CN111208731A (en) * 2020-01-12 2020-05-29 东北电力大学 Method for carrying out attack detection and reconstruction on electric power information physical system
CN111698257A (en) * 2020-06-17 2020-09-22 武汉科技大学 Industrial information physical system security detection method for multi-class malicious attacks
CN111708350A (en) * 2020-06-17 2020-09-25 华北电力大学(保定) Hidden false data injection attack method for industrial control system
CN112327632A (en) * 2020-11-23 2021-02-05 哈尔滨理工大学 Multi-agent system tracking control method for false data injection attack
TWI777117B (en) * 2020-01-02 2022-09-11 財團法人資訊工業策進會 Device, method and non-transitory tangible machine-readable medium for testing a cyber defense mechanism of a device under test

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102522743A (en) * 2011-11-08 2012-06-27 西安交通大学 Method for defending false-data injection attack in direct-current state estimation of electrical power system
CN102761122A (en) * 2012-07-06 2012-10-31 华北电力大学 Defense method of false data injection attack of power state estimation system
CN104573510A (en) * 2015-02-06 2015-04-29 西南科技大学 Smart grid malicious data injection attack and detection method
CN106099920A (en) * 2016-07-13 2016-11-09 武汉大学 A kind of modern power transmission network false data attack method based on parameter estimation
CN107016236A (en) * 2017-03-23 2017-08-04 新疆电力建设调试所 Power network false data detection method for injection attack based on non-linear measurement equation

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102522743A (en) * 2011-11-08 2012-06-27 西安交通大学 Method for defending false-data injection attack in direct-current state estimation of electrical power system
CN102761122A (en) * 2012-07-06 2012-10-31 华北电力大学 Defense method of false data injection attack of power state estimation system
CN104573510A (en) * 2015-02-06 2015-04-29 西南科技大学 Smart grid malicious data injection attack and detection method
CN106099920A (en) * 2016-07-13 2016-11-09 武汉大学 A kind of modern power transmission network false data attack method based on parameter estimation
CN107016236A (en) * 2017-03-23 2017-08-04 新疆电力建设调试所 Power network false data detection method for injection attack based on non-linear measurement equation

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
PANG ZHONGHUA等: "False Data Injection Attacks for Output Tracking Control Systems", 《PROCEEDINGS OF THE 34TH CHINESE CONTROL CONFERENCE》 *
侯方圆: "输出跟踪控制系统的虚假数据注入攻击设计", 《中国优秀硕士学位论文全文库 信息科技辑》 *

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109361678A (en) * 2018-11-05 2019-02-19 浙江工业大学 A kind of intelligent network connection automobile automatic cruising system false data detection method for injection attack
CN109361678B (en) * 2018-11-05 2021-10-12 浙江工业大学 False data injection attack detection method for intelligent networked automobile automatic cruise system
CN109375514A (en) * 2018-11-30 2019-02-22 沈阳航空航天大学 A kind of optimal track control device design method when the injection attacks there are false data
CN109670302A (en) * 2018-12-19 2019-04-23 浙江工业大学 A kind of classification method of the false data injection attacks based on SVM
CN109670302B (en) * 2018-12-19 2023-04-18 浙江工业大学 SVM-based classification method for false data injection attacks
CN109814381A (en) * 2019-01-08 2019-05-28 华东理工大学 A kind of Controller Design for Networked Control Systems method based on event triggering
CN109814381B (en) * 2019-01-08 2022-07-12 华东理工大学 Network control system controller design method based on event triggering
CN109873833A (en) * 2019-03-11 2019-06-11 浙江工业大学 A kind of Data Injection Attacks detection method based on chi-Square measure KNN
CN109873833B (en) * 2019-03-11 2021-08-03 浙江工业大学 Data injection attack detection method based on chi-square distance KNN
CN110865616B (en) * 2019-11-07 2020-09-25 河南农业大学 Design method of event trigger zone memory DOF controller under random FDI attack
CN110865616A (en) * 2019-11-07 2020-03-06 河南农业大学 Design method of event trigger zone memory DOF controller under random FDI attack
CN110855683B (en) * 2019-11-18 2021-08-10 东北电力大学 Method for carrying out attack detection and reconstruction on electric power information physical system
CN110855683A (en) * 2019-11-18 2020-02-28 东北电力大学 Method for carrying out attack detection and reconstruction on electric power information physical system
CN111079271A (en) * 2019-12-02 2020-04-28 浙江工业大学 Industrial information physical system attack detection method based on system residual fingerprint
CN111079271B (en) * 2019-12-02 2024-03-22 浙江工业大学 Industrial information physical system attack detection method based on system residual fingerprint
TWI777117B (en) * 2020-01-02 2022-09-11 財團法人資訊工業策進會 Device, method and non-transitory tangible machine-readable medium for testing a cyber defense mechanism of a device under test
CN111208731A (en) * 2020-01-12 2020-05-29 东北电力大学 Method for carrying out attack detection and reconstruction on electric power information physical system
CN111208731B (en) * 2020-01-12 2022-05-24 东北电力大学 Method for attack detection and reconstruction of electric power information physical system
CN111698257A (en) * 2020-06-17 2020-09-22 武汉科技大学 Industrial information physical system security detection method for multi-class malicious attacks
CN111708350A (en) * 2020-06-17 2020-09-25 华北电力大学(保定) Hidden false data injection attack method for industrial control system
CN112327632A (en) * 2020-11-23 2021-02-05 哈尔滨理工大学 Multi-agent system tracking control method for false data injection attack

Similar Documents

Publication Publication Date Title
CN108196448A (en) False data injection attacks method based on inaccurate mathematical model
US10817394B2 (en) Anomaly diagnosis method and anomaly diagnosis apparatus
Kurt et al. Online cyber-attack detection in smart grid: A reinforcement learning approach
Ahmed et al. Noise matters: Using sensor and process noise fingerprint to detect stealthy cyber attacks and authenticate sensors in cps
Ahmed et al. Noiseprint: Attack detection using sensor and process noise fingerprint in cyber physical systems
Amin et al. Cyber security of water SCADA systems—Part II: Attack detection using enhanced hydrodynamic models
CN108803565B (en) Real-time detection method and device for industrial control system hidden attack
Shoukry et al. Secure state reconstruction in differentially flat systems under sensor attacks using satisfiability modulo theory solving
CN111079271B (en) Industrial information physical system attack detection method based on system residual fingerprint
CN108494802A (en) Key message infrastructure security based on artificial intelligence threatens Active Defending System Against
CN110889862B (en) Combined measurement method for multi-target tracking in network transmission attack environment
Griffioen et al. An optimal design of a moving target defense for attack detection in control systems
CN108234430B (en) Abnormal flow monitoring method for distributed control system
Li et al. Security estimation under denial-of-service attack with energy constraint
CN109936568B (en) Malicious attack prevention sensor data acquisition method based on recurrent neural network
Shafique et al. Intelligent security measures for smart cyber physical systems
Eyisi et al. Energy-based attack detection in networked control systems
Zhu et al. Revisit dynamic arima based anomaly detection
CN111698257A (en) Industrial information physical system security detection method for multi-class malicious attacks
WO2022015246A1 (en) Method and system for characterising a programmable logic controller (plc) and/or attack detection in a networked control system
CN107273728B (en) Smart watch unlocking and authentication method based on motion sensing behavior characteristics
Koley et al. Formal synthesis of monitoring and detection systems for secure cps implementations
CN115022031A (en) Security consistency control method for solving influence of FDI attack on multi-agent system
Mboweni et al. A machine learning approach to intrusion detection in water distribution systems–A review
Bonczek et al. Detection of hidden attacks on cyber-physical systems from serial magnitude and sign randomness inconsistencies

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20180622

WD01 Invention patent application deemed withdrawn after publication