CN115793620B - Physical information system attack and fault risk identification method of time-fused backward model state observer - Google Patents
Physical information system attack and fault risk identification method of time-fused backward model state observer Download PDFInfo
- Publication number
- CN115793620B CN115793620B CN202211692786.9A CN202211692786A CN115793620B CN 115793620 B CN115793620 B CN 115793620B CN 202211692786 A CN202211692786 A CN 202211692786A CN 115793620 B CN115793620 B CN 115793620B
- Authority
- CN
- China
- Prior art keywords
- fault
- time
- sensor
- replay attack
- attack
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 78
- 238000001514 detection method Methods 0.000 claims abstract description 12
- 230000004927 fusion Effects 0.000 claims abstract description 5
- 230000004044 response Effects 0.000 claims description 42
- 239000011159 matrix material Substances 0.000 claims description 28
- 238000013461 design Methods 0.000 claims description 23
- 230000007246 mechanism Effects 0.000 claims description 17
- 230000005856 abnormality Effects 0.000 claims description 6
- 230000005540 biological transmission Effects 0.000 claims description 5
- 230000008569 process Effects 0.000 claims description 5
- 230000006870 function Effects 0.000 claims description 4
- 230000003044 adaptive effect Effects 0.000 claims description 3
- 239000003638 chemical reducing agent Substances 0.000 claims description 3
- 230000003111 delayed effect Effects 0.000 claims description 3
- 230000002441 reversible effect Effects 0.000 claims description 3
- 230000002123 temporal effect Effects 0.000 claims description 3
- 230000001902 propagating effect Effects 0.000 claims 2
- 230000007123 defense Effects 0.000 claims 1
- 238000004891 communication Methods 0.000 description 5
- 238000003745 diagnosis Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000002955 isolation Methods 0.000 description 4
- 238000004088 simulation Methods 0.000 description 4
- 230000007717 exclusion Effects 0.000 description 3
- 238000005056 compaction Methods 0.000 description 2
- 239000000243 solution Substances 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 230000004888 barrier function Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000006378 damage Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000007257 malfunction Effects 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000246 remedial effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000013024 troubleshooting Methods 0.000 description 1
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Testing Or Calibration Of Command Recording Devices (AREA)
- Safety Devices In Control Systems (AREA)
Abstract
The invention discloses a physical information system attack and fault risk identification method of a fusion time backward model state observer, which is used for identifying replay attack, sensor bias faults and risk types of coexistence of the replay attack and the sensor bias faults. The invention realizes the identification of risk types based on a backward time model by means of the characteristic that different system increments are caused by attacks and faults. Specifically, firstly, corresponding state observers are respectively established for a system under replay attack and containing sensor offset faults, and a corresponding backward time model is provided. Secondly, designing a dead point smoother to estimate unknown increment when the system is attacked or sensor faults occur, then establishing a backward time signal processor according to the estimated increment, and then designing corresponding residual errors and self-adaptive thresholds. By the method, accurate detection under the mixed condition of replay attack and actuator bias faults can be carried out.
Description
Technical Field
The invention belongs to the technical field of automatic control, and particularly relates to a physical information system attack and fault risk identification method of a time-fused backward model state observer.
Background
Information physical systems (CPS) integrate computing, communication and control technologies, and besides traditional physical failures, CPS brings about various vulnerabilities revealed by malicious network threats due to such integration. With the increasing security and security specifications, as well as the natural trend of network deep interconnections, the need for malicious network attacks and physical fault diagnosis techniques is urgent. Generally, network attacks fall into two main categories, denial of service (DoS) attacks and integrity (or spoofing) attacks. DoS attacks undermine the usability of the data communication network but are inevitably exposed to anomaly detectors, whereas integrity attacks, such as replay attacks, undermine the integrity of the communication network by injecting dummy data, with considerable concealment, since the malicious data of the application comes from the scenario where the system is working properly. An attacker firstly records sensor measurement data from a sensor communication network which normally operates, and then controls the sensor communication network and plays back the recorded data, so that the attack is extremely caused. In addition, replay attacks can mask other non-invisible network attacks, causing greater damage. Fault isolation is used to identify fault type or fault location, and methods based on troubleshooting logic are widely used in fault isolation, each fault condition (e.g., flow and sensor faults) being associated with a residual, corresponding threshold. In this family, if there is a fault, residuals associated with other fault types exceed respective thresholds, one fault type is isolated. However, the method based on the exclusion logic cannot effectively distinguish replay attacks from sensor bias faults, and the mechanism of attack detection cannot effectively detect faults, so how to effectively identify the fault state of the physical information system and the type of attack, and further implement timely remedial measures, which is important for improving the security of the network, becomes a hot research problem in the field of network security.
Currently, with respect to fault isolation and attack detection of physical information systems: (1) An observer-based fault diagnosis method, (2) an attack detection method based on fault diagnosis of the exclusion logic; (3) Based on active detection techniques such as watermarking methods, moving-target methods. In the prior fault isolation method, the method based on the exclusion logic cannot effectively distinguish replay attacks from sensor bias faults, one of the reasons is that the concealment of the replay attacks is insufficient for the residual information caused by the replay attacks to trigger a set fault detection threshold value, and the other reason is that the time response of the detector to the replay attacks is corresponding to the time response to the physical sensor faults. In the past, studies have been conducted on single detection or diagnosis functions, but there have been few studies on risk identification (RD) problems between network attack detection and physical failure/malfunction, and further intensive studies have been urgently required.
Disclosure of Invention
In order to overcome the defects existing in the prior art, the invention provides a physical information system attack and fault risk identification method of a fusion time backward model state observer, which is used for identifying replay attack, sensor bias faults and risk types of coexistence of the replay attack and the sensor bias faults. By means of the characteristic that the increment of the system is different due to attack and faults, the risk type identification method based on the backward time model achieves identification of the risk type.
In order to achieve the above purpose, the present invention adopts the following technical scheme.
A physical information system attack and fault risk identification method integrating a time backward model state observer comprises the following steps:
(1) According to a physical information system containing sensor bias faults and replay attacks, establishing a corresponding system risk model which comprises a single replay attack, a single sensor bias fault and a system risk model under the coexistence of the sensor faults and the attacks;
(2) Respectively designing a single replay attack, and obtaining a single sensor bias fault and a system state observer under the coexistence of the sensor fault and the attack to obtain a system response increment under the coexistence of the attack, the fault and the attack and the fault of the system;
(3) The signal processor based on the time backward model is respectively designed corresponding to replay attack and sensor bias faults suffered by the system, and the detection characteristics of the signal processor under different risk scenes are analyzed;
(4) The risk identification strategy is formulated, comprising a replay attack identification strategy and a sensor bias fault identification strategy, and specifically comprises the following steps:
firstly, designing an estimation mechanism of Deltax and Deltay by a signal smoother based on a fixed point theory, and then designing a backward time signal processor Replay attack discrimination policy and sensor bias fault discrimination policy under replay attack discrimination policyResidual signals corresponding to replay attacks remain below corresponding thresholds, while residual errors corresponding to sensor bias faults exceed the set corresponding thresholds;
the sensor bias fault identification strategy is based on a design backward signal processor
Further, for the implementation of step (1), the following may be specifically mentioned:
(11) Establishing a physical information system containing sensor bias faults and replay attacks, the system being composed of physical devicesOutput feedback controller->Sensor network->Control execution network->The operation of the system is described as the following differential equation:
wherein,for the state of the physical information system +.>For the system information measured by the sensors, via an information transmission network->To the controller to realize feedback control。/>And->Is known matrix information of the defender. Matrix->Is designed such that A p +B p KC is a hellvetz matrix. In the present invention, the subscript n indicates that it is acting on the nominal system.
Unlike conventional Anomaly Detectors (AD) that cannot detect stealth attacks, advanced anomaly detectors (advanced anomaly detector, AAD) remedy the shortcomings of conventional detectors and are able to detect potential anomalies, attacks and faults, but cannot identify the type of anomaly. In the invention, a risk identification strategy is designed, and the performance of the anomaly detector is further improved.
(12) The present invention considers three typical risk scenarios: (i) single replay attack (subscript: a); (ii) single sensor bias failure (subscript: f); (iii) sensor failure co-exists with attack (subscript: fa).
(i) Single replay attack: replay attacks include recording and replay mechanisms. An attacker first records the sensor networkTime t from middle a -T a piece of sensor data starting from time T a To t a +T replaying recorded sensor data to implement an attack, wherein T a The moment when the replay attack occurs. At time interval t a ,t a +T), the replay attack by the attacker is embodied in the delayed output y of the system n (T-T). To this end, define->And->The virtual attack model may be built as:
in addition, in this replay attack scenario, the closed loop system may be modeled as:
(ii) Single sensor bias failure: multiple sensor bias faults affect multiple elements in the system output y (t), occurring simultaneously at t f Time of day. Define the fault as beta (t-t) f ) f (t), whereinFor fault vector +.>Representing a function of the fault time profile. t is t f Is the time of occurrence of an unknown fault. Thus, for a single sensor bias failure, +.>Can be established as
Note that: the invention also considers the situation of sudden faults, and is embodied as follows: beta=0, t < t f ,β=1,t≥t f .
(iii) Sensor failure and attack co-exist: in this risk scenario, there are two cases: one is a sensor failure after a replay attack occurs, and the other is a sensor failure before a replay attack occurs. After replay attack for sensor failure, i.e. t a ≤t f Equivalent to the two cases of analysis described above: first, it isAnd (3) playing back the attack mode singly, and entering the sensor fault condition after the attack is finished. This is because a sensor failure occurring during a replay attack can pass only after the replay attack is completedPropagation. Alternatively, the sensor bias fault occurs before the replay attack, i.e., t f ≤t a The sensor bias fault can pass +_ during replay attack>Propagation.
The method of the present invention focuses on the coexistence of replay attacks and sensor bias faults (hereinafter referred to as "faults")&Attack coexistence "). Without loss of generality, it is assumed that in this risk scenario, sensor failure occurs before replay attack, i.e., t f ≤t a -T。
Definition of the definitionAnd->Virtual attack model generation signal y in the presence of sensor faults f′ (t) thus, establish->The model is as follows:
further, sensor bias failure and replay attack pass Transmission, in particular
Further, step (2) comprises the sub-steps of:
(21) Based on the physical information system containing the sensor bias fault and replay attack in step (11), the following system state observer is designed:
wherein,is a state quantity of the system state observer. Matrix A , L is defined as +.>Andin addition, a->The design assurance matrix A of (1) is a Hulvitz matrix. For three risk cases, the following system response increment is respectively established:
i) System response delta under single replay attack: when the system is under replay attack, at this point, the input y of the state observer n (t) is defined as y a =y n ′,t∈[t a ,t a +T), observer under system state replay attacksThe design method comprises the following steps:
wherein x is a Is a state observerState quantity in replay attack case. At this time, a definition is introducedFurthermore, when replay attack t E [ t ] a ,t a +T) is added>The design is as follows:
further, based on y a =y′ n ,x a And x' n Definition of (1) can be obtained
In addition, to ensure concealment of replay attacks, Δx a (t) satisfyIn addition, the definition q ε { x } p ,x,y},/>The following description of the risk recognition mechanism is facilitated.
ii) system response delta under single sensor bias fault: input y of observer when sensor bias failure occurs in system n Defined as y f Further, an observerThe design method comprises the following steps:
wherein x is f State observer for system sensor faultState quantity of (3). Further, when a sensor bias fault occurs, the response increment of the system is as follows:
Δy f (t)=CΔx p,f (t)+β(t-t f )f(t),t≥t f
further, Δy f And Deltax f The dynamic relationship of (2) may be established as:
for convenience of explanation hereinafter, system response delta under sensor failure is defined hereinWhere q ε { x } p X, y }. Furthermore, when there is a bias fault in the sensor, there is a sufficiently small scalar delta f > 0 such that:
iii) system response delta for coexistence of sensor failures and attacks: binding Δq a (t),Δq f Definition of (t), at input y n =y fa When defining the following state observer
Wherein x is fa Observer for system state under coexistence of sensor fault and attackState quantity of (3).
Further, based on y n ,y′ f ,y fa Is defined by (a) can be obtained:
introduction definitionObserver in coexistence case +.>The design is as follows:
thus, based on x n ,x′ f ,x fa The response increment x, y of the system satisfies the following dynamic equation:
for convenience of explanation, Δx is defined in the method of the present invention j (t),Δy j (t), j.epsilon. { a, f, fa } to collectively express the three cases.
Further, assume that at T d Abnormality (sensor failure or replay attack, etc.) is detected at the moment, and Δx (t) is defined as follows:
And (3) injection: the time-lapse signal processor acts as a system replay attack response delta amplifier, while the processor is able to scale down the system response delta associated with the sensor bias fault, i.e.,amplifying Δx a Reduce Deltax f To meet the task-distinguishing requirements of risk identification.
For the implementation of step (3), it comprises the following sub-steps:
(31) Before designing the observer, the following temporal forward model is introduced:
where t is the forward execution of time, i.e., t is from a to b. x and w are the state quantity of the system and the system input respectively. F, G are system matrixes respectively. Further, the corresponding time backward model can be described as:
wherein, time t b Operated in the backward direction, i.e. t b From b to a. X is x b Is the system state. Further, for the stationary point sigma (a. Ltoreq.sigma. Ltoreq.b), it is possible to obtain
x b (σ)=x(σ)
(32) For clarity of elucidation of the time-backward mechanism, the variable t is introduced b T, indicating the inverse time variable t from the time terminal t b Thus, x (t b I t) characterizes the reverse-time running of the system state. On the basis of step (31), a time backward signal processor for the replay attack is designed for the replay attack of the system based on the system replay attack forward time model under step (21):
Wherein,is a state variable of the system, and->Representative of the input to the system. The starting point of the backward time model is t b =t, followed by time reversal operation. The initial value of Δx (t) is selected as:
further, it is possible to obtain:
wherein,at this time, it is assumed that an advanced anomaly detector (AAD, see FIG. 1) is at T d Detecting abnormality of the system at moment, wherein a fixed moment t exists b <T d At the initial value +.>Backward time model->Under the condition of (1) system output ρ a (t b T) has the following properties:
(a) Under a single replay attack ρ a (t b T) is bounded, satisfying
Wherein C is i Is row i of C.
(b) Discriminating whether the system is at risk of a single replay attack or a sensorThe sufficient conditions for the coexistence of bias faults and replay attacks are: there is an index i e {1, …, n y Sum of time T f ≥T d The method comprises the following steps:
note that: when satisfying A as Helviz matrix and t b When the time is less than t, the method comprises the following steps,the signal deltax (t) can be amplified because of the backward time model +.>And an amplifier for responding to the increment of the system under the condition of replay attack and sensor bias faults. Under replay attack ρ a (t b I t) is fixed (deltay f =0) while satisfying ∈0>And when a sensor bias fault occurs ρ a (t b The value of t is not fixed (deltay) f Not equal to 0) while being able to override +. >The present invention exploits this difference in bounded nature to distinguish between attacks and faults.
(32) Designing a time backward signal processor for the sensor bias fault based on the system sensor bias fault forward time model under step (21):
wherein,for the state of the system->Is the output of the system. The initial value Δx (t) under sensor bias failure satisfies:
based on the characteristics of the time backward model in step (31), ρ f (t b |t)=CΔx(t b ). In connection with the definition of Δx (t) in step (21), t=t is set here b Further, ρ is obtained f (t b The t) is:
wherein,
further, there is a fixed time t b <T d At the initial valueBackward time model->Under the condition of (1) system output ρ f (t b T) has the following properties:
(a) ρ under single sensor bias failure f (t b T) is bounded, satisfying:
(b) The sufficient conditions for judging whether the risk of the system is single replay attack or the coexistence of the sensor bias fault and replay attack are as follows: for replay attacks, there is an index i e {1, …, n y The process is such that:
wherein Deltax (T) d )=Δx a (T d ) For the case under a single replay attack, Δx (T d )=Δx fa (T d ) For the case where a sensor bias fault co-exists with a replay attack.
Note that: when satisfying A as the Hulvitz matrix (|Deltax) f (t b )|≤|Δx f (T d ) I), when t b <T d Time ρ a (t b I t) is the signal Δx a (T d ) At the same time ρ f (t b |t)=CΔx f (t b ) Is the signal Deltax f (T d ) Is a reducer of (a). This indicates that the number of the cells in the cell,the system response increment caused by replay attack is amplified, and meanwhile, the system response increment caused by offset faults of the system sensor can be reduced. In the event of a sensor bias failure ρ f (t b T) satisfies ρ f (t b |t)<|C i |δ f Under replay attack, ρ f (t b |t) can override |C i |δ f Thus, the method of the present invention exploits this bounded nature difference to distinguish replay attacks from sensor bias faults.
(33) Based on the analysis of step (31) and step (32), the designed risk identification strategy is divided into two sub-strategies, namely a replay attack identification strategy and a sensor bias fault identification strategy.
Design-based backward time signal processor under recognition strategy of replay attackThe residual signal corresponding to the replay attack can remain below the corresponding threshold value, while the residual corresponding to the sensor bias fault would exceed the set corresponding threshold value. Sensor bias failureThe recognition strategy is similar to that of replay attacks, but it is based on designing a backward signal processor +.>In addition, both of the above-described risk identification strategies can be implemented for the case where a sensor bias failure and a replay attack coexist. In particular, when the attack identification policy excludes "faults," sensor bias faults and replay attacks are identified. Likewise, under the sensor bias fault identification strategy, if replay attacks are eliminated, it is naturally determined as a sensor bias fault.
Further, the implementation of step (4) includes the following sub-steps:
based on the description of the risk identification schemes in steps (1) - (3), since Δx, Δy are unknown to the defender, an estimation mechanism for reconstructing Δx, Δy is designed, and then the design is based onAnd (3) an attack recognition strategy and a sensor bias fault recognition strategy, and an executable scheme is provided. Based on step (21), by estimating Δx (T d ) To reconstruct Δx (T), Δx (T) d ) For Deltax (T) at a fixed time T d Is a value of (2). Thus, a signal smoother based on the stationary point theory was designed to estimate Δx (T d ) Δy (t), and thus an estimate of the signal Δx (t).
(41) Definition of the definitionThe unified expression of (2) specifically is:
wherein,representing normal condition of physical information system, single replay attack, single sensor bias fault andreplay attacks coexist with sensor bias failures. The fault f (t) satisfies the bounded characteristic of the time-varying system, and simultaneously |f (t) |is less than or equal to alpha,alpha > 0, beta > 0 is known information of the defender. X is x p Y, θ is the corresponding state quantity of the system under the unified model.
(42) Before designing the estimation mechanism, the following system is designed:
wherein,and->Further, a state variable z and a corresponding output y are introduced z The method specifically comprises the following steps:
z(t)=x p (t)-Ω(t)θ(t),y z (t)=Cz(t)
wherein x is p Is a systemState quantity of (3). The following characteristics can be obtained:
(a) Normal state, i.e. no replay attack, sensor bias failure, z (t) =x p,n (t),y z (t)=y n (t),t≥0,x p,n ,y n See physical information system of step (11).
(b) Under a single replay attack, z (t) =x p,n′ (t) and y z (t)=y n′ (t),t≥t a ,x′ p,n ,y′ n See single replay attack system model in step (12).
(c) Under a single sensor bias fault, z (t) =x when the fault vector f (t) is constant p,n (t) and y z (t)=y n (t),t≥0. Furthermore, when the fault vector f (t) is a time-varying situation, the residual is defined as:
e z (t) is bounded, satisfying:
furthermore, by means of the designed variable z, an adaptive estimator is designed to estimate y' n ,y n The method specifically comprises the following steps:
wherein,and->Matrix->Designed as L 0 =B p K. Furthermore, the projection operator->Will estimate the parameters->Constrained in a defined convex compaction set Θ. Gamma > 0 is the corresponding learning gain. The designed estimator starts working at t=0,/->The initial value is +.>θ 0 E theta. Thus, the estimator of z is:
further, a stationary point smoother is designed to estimate Δx (t d ) Defining new state variablesIt is possible to obtain a solution,
thus, the following stationary point smoother can be obtained:
wherein,time-varying gain L φ (t) is designed to:
L φ (t)=-Σ(t)C T ,t≥T d ,
wherein, For the identified matrix, its dynamic model is built as follows:
above p=p T > 0 satisfies
(43) The estimation error of the observer is defined as:
the stationary point smoother designed based on the step (42) can ensure that the estimation error satisfies the following constraint:
wherein,
furthermore, under normal conditions, a single sensor bias fault is satisfiedAnd in the case of a single replay attack->The method meets the following conditions:
(44) Based on step (42)To estimate Deltax (T) d ),Further obtain an estimated Δy:
further, the estimation of Δx (t) is as follows:
driving based on estimated Δx (t)New residuals and thresholds are defined to enable identification of system risk.
(45) Based onActuated->Output by the new system->The generated system residual error is:
wherein g a The definition is at step (32).
Under a single replay attack, there is a fixed time t b And T d (t b <T d ),Is bounded and meets the following conditions:
wherein,the method meets the following conditions:
similarly, inDriven +.>Output by the system->The new residuals generated are:
wherein g f The definition is at step (32). In the case of a single sensor bias fault, there is a fixed time t b And T d (t b <T d ),Is bounded and meets the following conditions:
wherein,
(46) In the case of a single replay attack, if it is satisfiedThe recognition of sensor bias faults and replay attacks is seen in the third entry of the second row in table 1; when offset in a single sensor In the case of a barrier, if it meetsThe recognition of sensor bias faults and replay attacks is seen in the second entry in the third row of table 1.
TABLE 1 signature matrix for risk identification method based on time backward model
Further, by comparison ofAnd +.>The relationship between the three risks is used for realizing the identification of the three risks.
The beneficial effects are that: compared with the prior art, the physical information system attack and fault risk identification method of the fusion time backward model state observer considers more challenging fault and attack coexistence scenes on one hand, and on the other hand, the invention designs two different time backward signal processors, which not only can reveal invisible replay attacks, but also can generate distinguishable time response quantities according to the pertinence under the single replay attack condition and the single sensor bias fault condition so as to identify the occurred risk scenes. In addition, a system signal smoother based on the fixed point theory is designed to estimate system response delta (relative to nominal system) due to attacks and faults. And the backward time signal processor is built according to the estimated increment, and further, corresponding residual errors and self-adaptive thresholds are designed, so that the identification capability of the proposed method on replay attack and sensor bias faults is quantitatively proved, and the accurate detection under the mixed condition of the replay attack and the actuator bias faults can be carried out.
Drawings
FIG. 1 is a block diagram of a system attack and fault risk identification method based on a time-lapse model state observer according to the present invention;
FIG. 2 is a block diagram of an information physical system containing sensor bias faults and replay attacks;
fig. 3 is a residual and adaptive threshold for a single replay attack scenario.
Detailed Description
The technical scheme provided by the invention is further described below with reference to the attached drawings.
Fig. 1 is a frame diagram of a system attack and fault risk identification method based on a time-lapse model state observer according to the present invention, and specifically includes the following steps:
step 1: according to the physical information system with sensor bias fault and replay attack, a corresponding system risk model is established for respectively describing three typical situations under the system, including single replay attack, single sensor bias fault, and system model under coexistence of sensor fault and attack.
For the implementation of step 1, the method specifically comprises the following sub-steps:
step 11: establishing a physical information system containing sensor bias faults and replay attacks, the system being composed of physical devices Output feedback controller->Sensor network->Control execution network->The operation of the system is described as the following differential equation:
referring to FIG. 2, FIG. 2 is a block diagram of an information physical system including a sensor bias fault and replay attack. Wherein,for the state of the physical information system +.>For the system information measured by the sensors, via an information transmission network->To the controller to thereby realize feedback control. />And->Is known matrix information of the defender. Matrix->Is designed such that A p +B p KC is a hellvetz matrix. In the present invention, the subscript n indicates that it is acting on the nominal system.
Unlike conventional Anomaly Detectors (AD) that cannot detect stealth attacks, the advanced anomaly detector (advanced anomaly detector, AAD) of fig. 2 compensates for the shortcomings of conventional detectors and is able to detect potential anomalies: attacks and faults, but cannot identify the type of anomaly. In the invention, a risk identification strategy is designed creatively, and the performance of the anomaly detector is further improved.
Step 12: in the present invention, three typical risk scenarios are considered: (i) single replay attack (subscript: a); (ii) single sensor bias failure (subscript: f); (iii) sensor failure co-exists with attack (subscript: fa).
(i) Single unitReplay attack: replay attacks include recording and replay mechanisms. An attacker first records the sensor networkTime t from middle a -T a piece of sensor data starting from time T a To t a +T replaying recorded sensor data to implement an attack, wherein T a The moment when the replay attack occurs. At time interval t a ,t a +T), the replay attack by the attacker is embodied in the delayed output y of the system n (T-T). To this end, define->And->The virtual attack model may be built as: />
In addition, in this replay attack scenario, the closed loop system may be modeled as:
(ii) Single sensor bias failure: multiple sensor bias faults affect multiple elements in the system output y (t), occurring simultaneously at t f Time of day. The invention defines the fault as beta (t-t) f ) f (t), whereinAs a vector of the fault,representing a function of the fault time profile. t is t f Is the time of occurrence of an unknown fault. Thus, for a single sensor bias failure, +.>The method can be established as follows:
the invention also considers the situation of sudden faults, and is embodied as follows: beta=0, t < t f ,β=1,t≥t f 。
(iii) Sensor failure and attack co-exist: in this risk scenario, there are two cases: one is a sensor failure after a replay attack occurs, and the other is a sensor failure before a replay attack occurs. After replay attack for sensor failure, i.e. t a ≤t f Equivalent to the two cases of analysis described above: firstly, a single replay attack mode, and secondly, entering a sensor fault condition after attack is finished. This is because a sensor failure occurring during a replay attack can pass only after the replay attack is completedPropagation. Alternatively, the sensor bias fault occurs before the replay attack, i.e., t f ≤t a The sensor bias fault can pass +_ during replay attack>Propagation. The present invention has been made focusing on the coexistence of replay attacks and sensor bias faults (hereinafter referred to as "faults")&Attack coexistence "). Without loss of generality, it is assumed that in this risk scenario, sensor failure occurs before replay attack, i.e., t f ≤t a -T。
Definition of the inventionAndvirtual attack model generation signal y in the presence of sensor faults f′ (t) thus, establish->The model is as follows:
further, sensor bias failure and replay attack passTransmission, in particular
Step 2: according to the three typical risk models established in the step 1, respectively designing a single replay attack, and obtaining a system response increment of a system under attack, fault and attack & fault coexistence by a single sensor bias fault and a system state observer under the coexistence of the sensor fault and the attack;
The method specifically comprises the following substeps:
step 21: based on the physical information system containing the sensor bias fault and replay attack in step 11, a system state observer is designed as follows:
wherein,is a state quantity of the system state observer. The matrices A, L are defined as +.>Andin addition, a->The design assurance matrix A of (1) is a Hulvitz matrix. />
For three risk situations studied by the invention, the following system response increment is respectively established:
(a) System response delta under single replay attack: when the system is under replay attack, at this point, the input y of the state observer n (t) is defined as y a =y′ n ,t∈[t a ,t a +T), observer under system state replay attacksThe design method comprises the following steps:
wherein x is a Is a state observerState quantity in replay attack case.
At this time, a definition is introducedFurthermore, when replay attack t E [ t ] a ,t a +T) is added>The design is as follows:
further, based on y a =y′ n ,x a And x' n Is defined by (a) can be obtained:
in addition, to ensure concealment of replay attacks, Δx a (t) satisfyIn addition, the definition q ε { x } p ,x,y},/>Facilitating the subsequent elucidation of risk identification mechanisms.
(b) System response delta under single sensor bias fault: input y of observer when sensor bias failure occurs in system n Defined as y f Further, an observerThe design method comprises the following steps:
wherein x is f State observer for system sensor faultState quantity of (3). Further, when a sensor bias fault occurs, the response increment of the system is as follows:
Δy f (t)=CΔx p,f (t)+β(t-t f )f(t),t≥t f
further, Δy f And Deltax f The dynamic relationship of (2) may be established as:
for convenience of explanation hereinafter, system response delta under sensor failure is defined hereinWhere q ε { x } p X, y }. Furthermore, when there is a bias fault in the sensor, there is a sufficiently small scalar delta f > 0 such that:
(c) Sensor failure and attack coexistence system response increment: binding Δq a (t),Δq f Definition of (t), at input y n =y fa When defining the following state observer
Wherein x is fa Observer for system state under coexistence of sensor fault and attackState quantity of (3).
Further, based on y n ,y′ f ,y fa Is defined by (a) can be obtained:
introduction definitionObserver in coexistence case +.>The design is as follows:
thus, based on x n ,x′ f ,x fa The response increment x, y of the system satisfies the following dynamic equation:
/>
for convenience of description hereinafter, the present invention defines Δx j (t),Δy j (t), j.epsilon. { a, f, fa } to collectively express the three cases.
Further, assume that at T d Abnormality (sensor failure or replay attack, etc.) is detected at the moment, and Δx (t) is defined as follows:
Note that the time-lapse signal processor acts as a system replay attack response delta amplifier, while the processor is able to scale down the system response delta associated with sensor bias faults, i.e., amplify Δx a Reduce Deltax f To meet the task-distinguishing requirements of risk identification.
Step 3: on the basis of the step 2, designing a signal processor based on a time backward model, respectively designing corresponding replay attack and sensor bias faults to which a system is subjected, and analyzing detection characteristics of the system under different risk scenes; the method specifically comprises the following substeps:
step 31: before designing the observer, the following temporal forward model is introduced:
where t is the forward execution of time, i.e., t is from a to b. x and w are the state quantity of the system and the system input respectively. F, G are system matrixes respectively. Further, the corresponding time backward model can be described as:
wherein, time t b Operated in the backward direction, i.e. t b From b to a. X is x b Is the system state. Further, for the stationary point sigma (a. Ltoreq.sigma. Ltoreq.b), it is possible to obtain
x b (σ)=x(σ)
Step 32: for clarity of elucidation of the time-backward mechanism, the variable t is introduced b T, indicating the inverse time variable t from the time terminal t b Thus, the present invention employs x (t) b I t) characterizes the reverse-time running of the system state. On the basis of step 31, for the replay attack to which the system is subjected, a reverse time signal processor under the following replay attack is proposed. Based on the system replay attack forward time model in step 21, a time backward signal processor for replay attack is designed:
wherein,is a state variable of the system, and->Representative of the input to the system. The starting point of the backward time model is t b =t, followed by time reversal operation. The initial value of Δx (t) is selected as:
further, it is possible to obtain:
wherein,
at this time, it is assumed that an advanced anomaly detector (AAD, see FIG. 2) is at T d Detecting abnormality of the system at moment, wherein a fixed moment t exists b <T d At the initial valueBackward time model->Under the condition of (1) system output ρ a (t b T) has the following properties:
1) Under a single replay attack ρ a (t b T) is bounded, satisfying:
wherein C is i Is row i of C.
2) The sufficient conditions for judging whether the risk of the system is single replay attack or the coexistence of the sensor bias fault and replay attack are as follows: there is an index i e {1, …, n y Sum of time T f ≥T d The method comprises the following steps:
note that: when satisfying A as Helviz matrix and t b When the time is less than t, the method comprises the following steps,capable of amplifying a signal Deltax (t) the reason for this is the backward time model +.>And an amplifier for responding to the increment of the system under the condition of replay attack and sensor bias faults. Under replay attack ρ a (t b I t) is fixed (deltay f =0) while satisfying ∈0>And when a sensor bias fault occurs ρ a (t b The value of t is not fixed (deltay) f Not equal to 0) while being able to override +.>The present invention exploits this difference in bounded nature to distinguish between attacks and faults.
Step 32: designing a time backward signal processor for the sensor bias fault based on the system sensor bias fault forward time model in step 21:
wherein,for the state of the system->Is the output of the system. The initial value Δx (t) under sensor bias failure satisfies:
ρ is based on the characteristics of the time-backward model in step 31 f (t b |t)=CΔx(t b ). In connection with the definition of Δx (t) in step 21, t=t is set here b Further, ρ is obtained f (t b The t) is:
wherein,
further, there is a fixed time t b <T d At the initial valueBackward time model->Under the condition of (1) system output ρ f (t b T) has the following properties:
1) ρ under single sensor bias failure f (t b T) is bounded, satisfying:
2) The sufficient conditions for judging whether the risk of the system is single replay attack or the coexistence of the sensor bias fault and replay attack are as follows: for replay attacks, there is an index i e {1, …, n y The process is such that:
wherein Deltax (T) d )=Δx a (T d ) For the case under a single replay attack, Δx (T d )=Δx fa (T d ) For the case where a sensor bias fault co-exists with a replay attack.
Note that: when satisfying A as the Hulvitz matrix (|Deltax) f (t b )|≤|Δx f (T d ) I), when t b <T d Time ρ a (t b I t) is the signal Δx a (T d ) At the same time ρ f (t b |t)=CΔx f (t b ) Is the signal Deltax f (T d ) Is a reducer of (a). This indicates that the number of the cells in the cell,the system response increment caused by replay attack is amplified, and meanwhile, the system response increment caused by offset faults of the system sensor can be reduced. In the event of a sensor bias failure ρ f (t b T) satisfies ρ f (t b |t)<|C i |δ f Under replay attack, ρ f (t b |t) can override |C i |δ f Thus, the present invention exploits this difference in bounded nature to distinguish replay attacks from sensor bias faults.
Step 4: on the basis of the steps 1-3, the risk identification strategy designed by the invention is divided into two sub-strategies: attack identification policy and sensor bias fault identification policy.
Firstly, a signal smoother based on a fixed point theory is designed with an estimation mechanism of Deltax and Deltay, and then, the design depends on a backward time signal processor Under the identification strategy of replay attack, the residual signal of the corresponding replay attack can be kept below the corresponding threshold value, and the residual of the corresponding sensor bias fault exceeds the set corresponding threshold value. The recognition strategy of sensor bias faults is similar to that of replay attacks, but it is based on design backward signal processor +. >The method specifically comprises the following substeps:
based on the description of the risk identification scheme in the steps 1-3, the method comprises the following steps ofIn Deltax, deltay is unknown to the defender, so an estimation mechanism for reconstructing Deltax, deltay is designed, and then the design is based on And (3) an attack recognition strategy and a sensor bias fault recognition strategy, and an executable scheme is provided. Based on step 21, the method of the invention is performed by estimating Δx (T d ) To reconstruct Δx (T), Δx (T) d ) For Deltax (T) at a fixed time T d Is a value of (2). Thus, a signal smoother based on the stationary point theory was designed to estimate Δx (T d ) Δy (t), and thus an estimate of the signal Δx (t).
Step 41: definition of the definitionThe unified expression of (2) specifically is:
wherein,representing the normal condition of a physical information system, a single replay attack, a single sensor bias fault, and a situation where a replay attack coexists with a sensor bias fault. The fault f (t) satisfies the bounded characteristic of the time-varying system, and simultaneously |f (t) |is less than or equal to alpha,alpha > 0, beta > 0 is known information of the defender. X is x p Y, θ is the corresponding state quantity of the system under the unified model.
Step 42: before designing the estimation mechanism, the following system is designed:
wherein,and->Further, a state variable z and a corresponding output y are introduced z The method specifically comprises the following steps:
z(t)=x p (t)-Ω(t)θ(t),y z (t)=Cz(t)
wherein x is p Is a systemState quantity of (3).
The following characteristics can be obtained:
1) Normal state, i.e. no replay attack, sensor bias failure, z (t) =x p,n (t),y z (t)=y n (t),t≥0,x p,n ,y n See physical information system at step 11.
2) Under a single replay attack, z (t) =x p,n′ (t) and y z (t)=y n′ (t),t≥t a ,x′ p,n ,y′ n See single replay attack system model at step 12.
3) Under a single sensor bias fault, z (t) =x when the fault vector f (t) is constant p,n (t) and y z (t)=y n (t), t is more than or equal to 0. Furthermore, when the fault vector f (t) is a time-varying situation, the residual is defined as:
/>
e z (t) is bounded, satisfying:
further, by means of designIs designed as follows to estimate y' n ,y n The method specifically comprises the following steps:
wherein,and->Matrix->Designed as L 0 =B p K. Furthermore, the projection operator->Will estimate the parameters->Constrained in a defined convex compaction set Θ. Gamma > 0 is the corresponding learning gain. The designed estimator starts working at t=0,/->The initial value is +.>θ 0 E theta. Thus, the estimator of z is:
further, a stationary point smoother is designed to estimate Δx (t d ) Defining a new shapeState variableThe method can obtain:
thus, the following stationary point smoother can be obtained:
wherein,time-varying gain L φ (t) is designed to:
L φ (t)=-Σ(t)C T ,t≥T d ,
Wherein,for the identified matrix, its dynamic model is built as follows:
above p=p T > 0 satisfiesQ=Q T >0。
Step 43: the estimation error of the observer is defined as:
the stationary point smoother designed based on step 42 can ensure that the estimation error satisfies the following constraint:
wherein,furthermore, under normal conditions, the single sensor bias fault satisfies +.>And in the case of a single replay attack->The method meets the following conditions:
/>
step 44: based on step 42To estimate Deltax (T) d ) Further obtaining an estimated Δy:
further, the estimation of Δx (t) is as follows:
driving based on estimated Δx (t)New residuals and thresholds are defined to enable identification of system risk.
Step 45: based onActuated->Output by the new system->The generated system residual error is:
wherein g a The definition is at step 32. Under a single replay attack, there is a fixed time t b And T d (t b <T d ),Is bounded and meets
Wherein,the method meets the following conditions:
similarly, inDriven +.>Output by the system->The new residual generated is
Wherein g f The definition is at step 32. In the case of a single sensor bias fault, there is a fixed time t b And T d (t b <T d ),Is bounded and meets
Wherein,
step 46: in the case of a single replay attack, if it is satisfiedThe recognition of sensor bias faults and replay attacks is seen in the third entry of the second row in table 1; when in the case of a single sensor bias failure, if +. >The recognition of sensor bias faults and replay attacks is seen in the second entry in the third row of table 1. Furthermore, by comparison->And +.>The relationship between them realizes the three kinds of the inventionAnd (5) identifying risks.
TABLE 1 signature matrix for risk identification method based on time backward model
Examples
In the embodiment, the simulation experiment is carried out on the physical information system attack and fault risk identification method of the time-fused backward model state observer:
step 1: consider a longitudinal navigation system of an air-breathing hypersonic aircraft:
wherein:
gain matrix K and observer gain L of closed loop system p The method comprises the following steps of:
furthermore, considering the concealment of replay attacks, in this simulation example, δ a =10,δ f =11. The fault vector f (t) is less than or equal to 20 and is equal to |f (t) | and is ++>Meanwhile, α=20, β=10. The parameters in the stationary point smoother are γ=5, +.>Based on matrix A 0 And q=0.01I 3×3 ,/>At the same time, the parameter pair (k 0 ,λ 0 ) And (k, lambda) is selected as (k) 0 ,λ 0 ) = (0.9535,0.505) and (k, λ) = (1.9565,0.1). Furthermore, the moment T at which the attack and/or fault is detected by the anomaly detector d =52s, at the same time t b Satisfy t b =50s。
Step 2: the purpose of the risk identification method designed by the present invention is to determine which of the three risk types under consideration has occurred. These three types of risks are distinguished in the simulation. In this simulation example, taking the case of single replay attack recognition as an example, the specific steps are as follows:
In the case of a single replay attack, as shown in FIG. 3 below, the replay attack data is recorded from 0.5s and then the replay attack time t is performed a =50s, duration t=49.5 s. The risk identification result of the system is shown in FIG. 3 below, where T > T a When meetingComparing the failure signature matrix in table 1, it can be determined that replay attack has occurred at this time.
The above is only a preferred embodiment of the present invention, and the protection scope of the present invention is not limited to the above examples, and all technical solutions belonging to the concept of the present invention belong to the protection scope of the present invention. It should be noted that modifications and adaptations to the invention without departing from the principles thereof are intended to be within the scope of the invention as set forth in the following claims.
Claims (3)
1. A physical information system attack and fault risk identification method integrating a time backward model state observer is characterized by comprising the following steps:
(1) According to a physical information system containing sensor bias faults and replay attacks, establishing a corresponding system risk model which comprises a single replay attack, a single sensor bias fault and a system risk model under the coexistence of the sensor faults and the attacks;
The physical information system is expressed as follows:
the system is composed of physical devicesOutput feedback controller->Sensor network->Control execution network->The operation of the system is described as the following differential equation:
wherein,for the state of the physical information system +.>For the system information measured by the sensors, via an information transmission network->To the controller to achieve feedback control; />And->Known matrix information for defenses; matrix->Is designed such that A p +B p KC is a Hulvitz matrix; subscript n indicates that it is acting on the nominal system;
the system risk model comprises the following conditions:
(i) Single replay attack: an attacker first records the sensor networkTime t from middle a -a segment of sensor data starting from time T to time T a To t a +T replaying recorded sensor data to implement an attack, wherein T a The moment when replay attack occurs; at time interval t a ,t a +T), the replay attack by the attacker is embodied in the delayed output y of the system n (T-T);
definition of the definitionAnd->The virtual attack model may be built as:
in addition, in this replay attack scenario, the closed loop system may be modeled as:
(ii) Single sensor bias failure: multiple sensor bias faults affect multiple elements in the system output y (t), occurring simultaneously at t f Time;
define the fault as beta (t-t) f ) f (t), whereinFor fault vector +.>Function, t, representing a fault time profile f For an unknown moment of occurrence of a fault, the fault is biased for a single sensor, +.>The method can be established as follows:
in the above formula, the situation of sudden failure is considered, which is represented as follows: beta=0, t < t f ,β=1,t≥t f ;
(iii) Sensor failure and attack co-exist: without loss of generality, it is assumed that in this risk scenario, sensor failure occurs before replay attack, i.e., t f ≤t a -T, the process is as follows:
definition of the definitionAnd->Virtual attack model generation signal y in the presence of sensor faults f′ (t) thus, establish->The model is as follows:
sensor bias fault and replay attack passThe transmission is specifically as follows:
in this risk scenario, there are two cases: one is a sensor failure after a replay attack occurs, and the other is a sensor failure before a replay attack occurs; after replay attack for sensor failure, i.e. t a ≤t f Equivalent to the two cases of analysis described above: firstly a single replay attack mode and secondly entering the case of a sensor fault after the attack has ended, since the sensor fault occurring during the replay attack can only pass after the replay attack has ended Propagating; alternatively, the sensor bias fault occurs before the replay attack, i.e., t f ≤t a The sensor bias fault can pass +_ during replay attack>Propagating;
(2) And respectively designing a single replay attack, and a single sensor bias fault and a system state observer under the coexistence of the sensor fault and the attack to obtain a system response increment under the coexistence of the attack, the fault and the attack and the fault of the system, wherein the system response increment is specifically as follows:
(21) Based on the physical information system, a system state observer is designed as follows:
wherein,for the state quantity of the system state observer, the matrices A, L are defined as +.>Andthe design assurance matrix A of (1) is a Hulvitz matrix;
(22) For three risk cases, the following system response increment is respectively established:
system response delta under single replay attack: when the system is under replay attack, at this point, the input y of the state observer n (t) is defined as y a =y′ n ,t∈[t a ,t a +T), observer under system state replay attacksThe design method comprises the following steps:
wherein x is a Is a state observerThe state quantity in the case of replay attacks, at this time, the definition +.>Furthermore, when replay attack t E [ t ] a ,t a +T) is added>The design is as follows:
further, based on y a =y′ n ,x a And x' n Is defined by (a) can be obtained:
In addition, to guarantee the concealment of replay attacks, the delta Deltax of system state a (t) satisfyIn addition, the definition q ε { x } p ,x,y},/>For elucidating risk recognition mechanisms;
system response delta under single sensor bias fault: input y of observer when sensor bias failure occurs in system n Defined as y f Further, an observerThe design method comprises the following steps:
wherein x is f State observer for system sensor faultState quantity of (2); further, when a sensor bias fault occurs, the response increment of the system is as follows:
Δy f (t)=CΔx p,f (t)+β(t-t f )f(t),t≥t f
further, Δy f And Deltax f The dynamic relationship of (2) may be established as:
defining system response delta under sensor failureWhere q ε { x } p X, y, and in addition, there is a sufficiently small scalar delta when there is a bias fault in the sensor f > 0 such that:
sensor failure and attack coexistence system response increment: binding Δq a (t),Δq f Definition of (t), at input y n =y fa When defining the following state observer
Wherein x is fa Observer for system state under coexistence of sensor fault and attackState quantity of (2);
further, based on y n ,y′ f ,y fa Is defined by (a) can be obtained:
introduction definitionObserver in coexistence case +.>The design is as follows:
thus, based on x n ,x′ f ,x fa The response increment x, y of the system satisfies the following dynamic equation:
Definition of Deltax j (t),Δy j (t), j E { a, f, fa } to collectively express the three cases;
(3) The signal processor based on the time backward model is respectively designed corresponding to replay attack and sensor bias faults suffered by the system, and the detection characteristics of the signal processor under different risk scenes are analyzed;
the method comprises the following specific steps:
(31) Before designing the observer, the following temporal forward model is introduced:
where t is the forward execution of time, i.e., t is from a to b; x, w are the state quantity of the system and the system input respectively; f, G are system matrixes respectively; further, the corresponding time backward model can be described as:
wherein, time t b Operated in the backward direction, i.e. t b From b execution toa,x b Is a system state; the method is applicable to the motionless points sigma (a is less than or equal to sigma is less than or equal to b):
x b (σ)=x(σ)
(32) For clarity of elucidation of the time-backward mechanism, the variable t is introduced b T represents the inverse time variable t from the time terminal t b Using x (t) b T) characterizes the reverse time run of the system state; for replay attack and system replay attack time forward model, the time backward signal processor for replay attack is designed as follows:
wherein,is a state variable of the system, and->Representing the input of the system, the starting point of the time backward model is t b =t, then run in reverse time;
the initial value of Δx (t) is selected as:
the method can obtain:
wherein,
(33) Based on the system sensor bias fault time forward model, a time backward model aiming at the sensor bias fault is designed:
wherein,for the state of the system->Is the output of the system; the initial value Δx (t) under sensor bias failure satisfies:
characteristic obtainable rho based on time backward model f (t b |t)=CΔx(t b );
Where t=t is set b Can obtain ρ f (t b The t) is:
wherein,
(4) The risk identification strategy is formulated, comprising a replay attack identification strategy and a sensor bias fault identification strategy, and the process comprises the following steps:
firstly, designing an estimation mechanism of Deltax and Deltay by a signal smoother based on a fixed point theory, and then, designing a model based on time backward Under the identification strategy of replay attack, the residual signal of the corresponding replay attack is kept below a corresponding threshold value, and the residual of the corresponding sensor bias fault exceeds the set corresponding threshold value;
the identification strategy of the sensor bias fault is based on a design time backward model
The method comprises the following steps:
(41) Definition of the definitionThe unified expression of (2) specifically is:
wherein, Representing the normal condition of the physical information system, single replay attack, single sensor bias fault and the coexistence of replay attack and sensor bias fault, the fault f (t) satisfies the bounded characteristic of the time-varying system, and |f (t) |is less than or equal to alpha,alpha is more than 0, beta is more than 0 is known information of defenders, x p Y, theta is the corresponding state quantity of the system under the unified model;
(42) Before designing the estimation mechanism, the following system is designed:
wherein,and->Further, a state variable z and a corresponding output y are introduced z The method specifically comprises the following steps:
z(t)=x p (t)-Ω(t)θ(t),y z (t)=Cz(t)
wherein x is p Is a systemState quantity of (2);
the following characteristics can be obtained:
(i) In the normal state, i.e. in the absence of replay attacks, sensor bias faults, z (t) =x p,n (t),y z (t)=y n (t),t≥0,x p,n ,y n See physical information system;
(ii) Under a single replay attack, z (t) =x p,n′ (t) and y z (t)=y n′ (t),t≥t a ,x′ p,n ,y′ n See single replay attack system model;
(iii) Under a single sensor bias fault, z (t) =x when the fault vector f (t) is constant p,n (t) and y z (t)=y n (t), t.gtoreq.0, and in addition, when the fault vector f (t) is a time-varying case, the residual is defined as:
e z (t) is bounded, satisfying:
further, based on the designed variable z, an adaptive estimator is designed to estimate y 'as follows' n ,y n The method specifically comprises the following steps:
Wherein,and->Matrix->Designed as L 0 =B p K, performing K; furthermore, the projection operator->Will estimate the parameters->Constraint in the defined convex tight set Θ, γ > 0 is the corresponding learning gain;
the designed estimator starts working at t=0,the initial value is +.>Thus, the estimator of z is:
further, a stationary point smoother is designed to estimate Δx (t d ) Defining new state variablesThe method can obtain:
thus, the following stationary point smoother can be obtained:
wherein,
time-varying gain L φ (t) is designed to:
L φ (t)=-Σ(t)C T ,t≥T d ,
wherein,for the identified matrix, its dynamic model is built as follows:
above p=p T > 0 satisfies
(43) The estimation error of the observer is defined as:
the stationary point smoother designed based on the step (42) can ensure that the estimation error satisfies the following constraint:
wherein,
furthermore, under normal conditions, a single sensor bias fault is satisfiedAnd in the case of a single replay attack->The method meets the following conditions:
(44) Based on step (42)To estimate Deltax (T) d ) Further obtaining an estimated Δy:
further, the estimation of Δx (t) is as follows:
driving based on estimated Δx (t)Defining new residuals and thresholds to enable identification of system risk;
(45) Based onActuated->Output by the new system->The generated system residual error is:
Wherein g a Defined in step (32); under a single replay attack, there is a fixed time t b And T d (t b <T d ),Is bounded and meets the following conditions:
wherein,the method meets the following conditions:
similarly, inDriven +.>Output by the system->The new residuals generated are:
wherein g f Defined in step (32); in the case of a single sensor bias fault, there is a fixed time t b And T d (t b <T d ),Is bounded and meets
Wherein:
(46) In a single replay attackIn the case that it satisfiesThe recognition of sensor bias faults and replay attacks is seen in the third entry of the second row in table 1;
when in a single sensor bias failure condition, if satisfiedThe recognition of sensor bias faults and replay attacks is found in the second entry in the third row of table 1, table 1 as follows:
TABLE 1 signature matrix for risk identification method based on time backward model
The method is carried out by comparingAnd +.>The relationship between the two risks is used for realizing identification of three risks.
2. The method for identifying physical information system attacks and failure risk of fusion time backward model state observer according to claim 1, wherein the method is assumed to be at T d Abnormality is detected at the moment, and Δx (t) is defined as follows:
it is described herein that the time-lapse signal processor acts as a system replay attack response delta amplifier while the processor is capable of reducing the system response associated with sensor bias faults Increment, i.e. amplifying Δx a Reduce Deltax f To meet the task-distinguishing requirements of risk identification.
3. The method for identifying physical information system attack and fault risk of fusion time backward model state observer according to claim 1, wherein two characteristics exist in the step (3), specifically:
(a) Assume that advanced anomaly detector is at T d Detecting abnormality of the system at moment, wherein a fixed moment t exists b <T d At the initial valueTime backward model->Under the condition of (1) system output ρ a (t b T) has the following properties:
1) Under a single replay attack ρ a (t b T) is bounded, satisfying:
wherein C is i Is row i of C;
2) The sufficient conditions for judging whether the risk of the system is single replay attack or the coexistence of the sensor bias fault and replay attack are as follows: there is an index i e {1, …, n y Sum of time T f ≥T d The method comprises the following steps:
in the characteristic (a), when t, when A is satisfied as a Hulvitz matrix b When the time is less than t, the method comprises the following steps,the signal deltax (t) can be amplified because of the time-backward model +.>An amplifier for system response increment under replay attack and sensor bias fault; under replay attack ρ a (t b I t) is fixed, i.e. deltay f =0, simultaneously satisfy->And when a sensor bias fault occurs ρ a (t b The value of t) is not fixed, i.e. deltay f Not equal to 0, while being able to override +.>The method exploits this difference in bounded properties to distinguish between attacks and faults;
(b) There is a fixed time t b <T d At the initial valueModel>Under the condition of (1) system output ρ f (t b T) has the following properties:
1) ρ under single sensor bias failure f (t b T) is bounded, satisfying:
2) The sufficient conditions for judging whether the risk of the system is single replay attack or the coexistence of the sensor bias fault and replay attack are as follows: for replay attacks, there is an index i e {1, …, n y The process is such that:
wherein Deltax (T) d )=Δx a (T d ) For the case under a single replay attack, Δx (T d )=Δx fa (T d ) A situation in which a sensor bias fault co-exists with a replay attack;
in the characteristic (b), when satisfying that A is a Hulvitz matrix, i.e., |Deltax f (t b )|≤|Δx f (T d ) I, when t b <T d Time ρ a (t b I t) is the signal Δx a (T d ) At the same time ρ f (t b |t)=CΔx f (t b ) Is the signal Deltax f (T d ) Is shown by the reducer of (a)The system response increment caused by replay attack is amplified, and meanwhile, the system response increment caused by offset faults of the system sensor can be reduced; in the event of a sensor bias failure ρ f (t b T) satisfies ρ f (t b |t)<|C i |δ f Under replay attack, ρ f (t b |t) can override |C i |δ f Thus, the method exploits this bounded nature difference to distinguish replay attacks from sensor bias faults.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211692786.9A CN115793620B (en) | 2022-12-28 | 2022-12-28 | Physical information system attack and fault risk identification method of time-fused backward model state observer |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211692786.9A CN115793620B (en) | 2022-12-28 | 2022-12-28 | Physical information system attack and fault risk identification method of time-fused backward model state observer |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115793620A CN115793620A (en) | 2023-03-14 |
| CN115793620B true CN115793620B (en) | 2024-01-26 |
Family
ID=85428005
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211692786.9A Active CN115793620B (en) | 2022-12-28 | 2022-12-28 | Physical information system attack and fault risk identification method of time-fused backward model state observer |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115793620B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117075638B (en) * | 2023-09-26 | 2024-02-06 | 南京航空航天大学 | Cluster unmanned aerial vehicle cooperative toughness control method for DoS network attack |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111727432A (en) * | 2018-02-20 | 2020-09-29 | 通用电气公司 | Network attack detection, localization and neutralization for drones |
| CN114629698A (en) * | 2022-03-02 | 2022-06-14 | 南京航空航天大学 | Automatic driving network attack detection system and method based on vehicle state estimation |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11487598B2 (en) * | 2019-09-18 | 2022-11-01 | General Electric Company | Adaptive, self-tuning virtual sensing system for cyber-attack neutralization |
-
2022
- 2022-12-28 CN CN202211692786.9A patent/CN115793620B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111727432A (en) * | 2018-02-20 | 2020-09-29 | 通用电气公司 | Network attack detection, localization and neutralization for drones |
| CN114629698A (en) * | 2022-03-02 | 2022-06-14 | 南京航空航天大学 | Automatic driving network attack detection system and method based on vehicle state estimation |
Non-Patent Citations (2)
| Title |
|---|
| Discrimination between Replay Attacks and Sensor Faults for Cyber-Physical Systems via Event-triggered Communication;Kangkang Zhang等;《EUROPEAN JOURNAL OF CONTROL》;正文第1-11页 * |
| Discrimination between replay attacks and sensor faults for cyber-physical systems via event-triggered communication;Zhang Kang Kang;《EUROPEAN JOURNAL OF CONTROL》;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115793620A (en) | 2023-03-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Yang et al. | Distributed filtering under false data injection attacks | |
| Li et al. | Optimal stealthy false data injection attacks in cyber-physical systems | |
| Murguia et al. | Cusum and chi-squared attack detection of compromised sensors | |
| Guo et al. | Secure state estimation against integrity attacks: A Gaussian mixture model approach | |
| CN115793620B (en) | Physical information system attack and fault risk identification method of time-fused backward model state observer | |
| Weerakkody et al. | Detecting integrity attacks on control systems using robust physical watermarking | |
| Guo et al. | An output-coding-based detection scheme against replay attacks in cyber-physical systems | |
| Weerakkody et al. | Information flow for security in control systems | |
| Li et al. | A dynamic encryption–decryption scheme for replay attack detection in cyber–physical systems | |
| Li et al. | Stochastic detection against deception attacks in CPS: Performance evaluation and game-theoretic analysis | |
| Wu et al. | Optimal innovation-based deception attack on remote state estimation | |
| WO2022078196A1 (en) | Malware detection by distributed telemetry data analysis | |
| Anwar et al. | Stealthy and blind false injection attacks on SCADA EMS in the presence of gross errors | |
| CN111698257A (en) | Industrial information physical system security detection method for multi-class malicious attacks | |
| Guo et al. | Stealthy false data injection attacks with resource constraints against multi-sensor estimation systems | |
| Yao et al. | On attack mitigation in supervisory control systems: A tolerant control approach | |
| Ahmed et al. | A practical physical watermarking approach to detect replay attacks in a CPS | |
| Hua et al. | Fusion and detection for multi-sensor systems under false data injection attacks | |
| CN113822337A (en) | Industrial control abnormity detection method based on multi-dimensional sequence | |
| Zhang et al. | Discrimination between replay attacks and sensor faults for cyber-physical systems via event-triggered communication | |
| Liu et al. | Optimal encryption strategy for cyber-physical systems against stealthy attacks with energy constraints: A Stackelberg game approach | |
| Yang et al. | A robust circle-criterion observer-based estimator for discrete-time nonlinear systems in the presence of sensor attacks | |
| KR20070068162A (en) | System and method of forensics evidence collection at the time of infringement occurrence | |
| Vaidyan et al. | Towards Quantum Artificial Intelligence Electromagnetic Prediction Models for Ladder Logic Bombs and Faults in Programmable Logic Controllers | |
| Salimi et al. | Sequential detection of deception attacks in networked control systems with watermarking |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |