隐蔽式攻击下的离散系统区间观测器设计

本文研究了隐蔽式攻击下的网络化控制系统的安全估计问题.首先,根据攻击保持隐蔽的条件,得到了攻击信号的上界和下界.其次,基于边界信息设计了一类原坐标系下的区间观测器,并进一步通过坐标变换放宽增益矩阵的设计条件,给出了变换下的区间观测器设计方法.然后,提出了基于H_∞滤波理论计算隐蔽式攻击下的最优观测器增益的方法,并通过求解线性矩阵不等式获得最优增益矩阵.最后,通过仿真算例验证了所提方法的有效性.     

Detection and mitigation of actuator attacks on small unmanned aircraft systems

Unmanned aircraft systems (UAS) are susceptible to malicious attacks originated by intelligent adversaries, and the actuators constitute one of the critical attack surfaces. In this paper, the problem of detecting and mitigating attacks on the actuators of a small UAS is addressed. Three possible solutions of differing complexity and effectiveness are proposed to address the problem. The first method involves an active detection strategy, whereby carefully designed excitation signals are superimposed on the control commands to increase the detectability of the attack. In the second method, an unknown input observer is designed, which in addition to detecting the attack also estimates the magnitude of the attack. The third method entails designing an actuator system that makes use of variable frequency pulse-width modulated signals to improve the resilience of the actuator against malicious attacks. The effectiveness of the proposed methods is demonstrated using flight experiments and realistic MATLAB simulations that incorporate exogenous disturbances, such as steady winds, atmospheric turbulence, and measurement noise.     

两种最优观测融合方法的功能等价性

对于基于K alm an滤波的多传感器数据融合,有两种最优观测融合方法:第一种是集中式观测融合方法,它是通过增加观测向量的维数合并多传感器数据,而第二种是分布式观测融合方法,它是在线性最小方差准则下,通过加权合并多传感器数据,但观测向量维数不变.在数据融合所用的传感器带有相同观测阵的情形下,本文用K alm an证明了两种观测融合方法是完全功能等价的,即用两种方法得到的K alm an估值器(滤波器,预报器,平滑器),信号估值器和白噪声估值器分别在数值上是相等的.在这种情形下,第二种方法不仅可给出像第一种方法一样的全局最优融合估计,而且可明显减小计算负担,便于实时应用.一个数值例子说明了其正确性.     

Coordinated cyber‐physical attacks considering DoS attacks in power systems

The smart grid faces a variety of physical and cyber attacks. Coordinated cyber‐physical attacks can cause severer consequences than the single cyber or physical attacks, which can be divided into two categories according to whether the physical attack is stealthy or not. Coordinated cyber‐physical attacks considering DoS attacks are investigated due to the lower cost of DoS attacks. In each category of coordinated cyber‐physical attacks, the mathematical models are derived and suitable methods are adopted to solve the corresponding issue. The experimental simulation demonstrates the potentially damaging effects and threats of this newly proposed attack. It is also presented that this newly proposed attack can use lower attack resources to introduce more catastrophic effects on the power system.     

Statistical Tests for Integrity Attacks on Cyber‐Physical Systems

This paper is written to show a new detection method for integrity attack on the measurements. It is proved that the normality of the residual error from Kalman filter is equivalent to that of the measurement. Our method utilizes this property and it could not only detect the distribution changes at current time, but also detect the its time correlations. Overall, it is an improved detection method for a wider range of attacks.     

针对工业信息物理系统中的拒绝服务攻击建立检测模型

无线通信网络的脆弱性使工业信息物理系统(ICPS)的稳定性容易遭受拒绝服务(DoS)攻击的影响.为检测ICPS中的DoS攻击,本文基于反馈控制理论,采用卡尔曼滤波器和χ2检测器结合的检测方案建立攻击检测模型.卡尔曼滤波器用于去除环境噪声,并得到测量残差;χ2检测器通过测量残差得到检测值,再结合攻击检测判决规则,判断系统是否受到DoS攻击.为证明所采用方法的有效性,以球杆系统为被控对象,通过Simulink/TrueTime进行仿真,并使用欧几里得检测器作对比实验.实验结果表明,基于反馈控制理论的攻击检测模型可以有效地检测ICPS中的DoS攻击;相较于欧几里得检测器,χ2检测器能够更好地检测DoS攻击.     

基于ARM虚拟化扩展的Android内核动态度量方法

针对现阶段内核级攻击对Android系统完整性的威胁,提出一种基于ARM虚拟化扩展的Android内核动态度量方法DIMDroid。该方法利用ARM架构中的硬件辅助虚拟化技术,提供度量模块与被度量Android系统的隔离,首先通过分析在Android系统运行时影响内核完整性的因素从而得到静态和动态度量对象,其次在度量层对这些度量对象进行语义重构,最后对其进行完整性分析来判断Android内核是否受到攻击;同时通过基于硬件信任链的启动保护和基于内存隔离的运行时防护来保证DIMDroid自身安全。实验结果表明,DIMDroid能够及时发现破环Android内核完整性的rootkit,且该方法的性能损失在可接受范围内。     

一种基于Q学习的LDoS攻击实时防御机制及其CPN实现

针对低速率拒绝服务攻击具有隐蔽性高、难以检测和及时响应的特点,提出了一种基于Q学习的LDoS攻击实时防御机制.该机制以终端自适应控制系统为保护对象,周期性地提取网络攻击特征参数,将其作为Q学习模块的输入参数,由Q学习模块进行最优防御的选择,优选出来的防御措施交与系统端执行.防御措施基于动态服务资源分配,根据系统当前运行状态对服务资源进行动态调整,从而保障正常服务请求的响应率.最后使用着色Petri网结合BP神经网络对攻击和防御过程进行了建模和仿真,结果表明:该方法具有较好的实时性和较高的灵敏性,能够对LDoS攻击行为进行实时响应,显著提高了系统防御的自动化程度.     

Resilient Control for Networked Control Systems Subject to Cyber/Physical Attacks

In this paper, we investigate a resilient control strategy for networked control systems (NCSs) subject to zero dynamic attacks which are stealthy false-data injection attacks that are designed so that they cannot be detected based on control input and measurement data. Cyber resilience represents the ability of systems or network architectures to continue providing their intended behavior during attack and recovery. When a cyber attack on the control signal of a networked control system is computed to remain undetectable from passive model-based fault detection and isolation schemes, we show that the consequence of a zero dynamic attack on the state variable of the plant is undetectable during attack but it becomes apparent after the end of the attack. A resilient linear quadratic Gaussian controller, having the ability to quickly recover the nominal behavior of the closed-loop system after the attack end, is designed by updating online the Kalman filter from information given by an active version of the generalized likelihood ratio detector.     

新冠肺炎CT影像的DNN对抗攻击研究

在深度学习应用于新型冠状肺炎CT智能识别的研究中,大量研究人员通过构建深度神经网络训练模型,从而理解医学影像数据内容,辅助新冠肺炎诊断。提出AMDRC-Net架构,其中的残差结构,通过恒等映射解决了网络退化问题,与此同时,针对残差结构阻碍新特征探索的新问题,受到注意力机制等最新研究启发,研究了长短注意力引导机制。关注深度学习模型安全性问题,讨论基于梯度上升的对抗攻击方法;为了解决其单一性问题,通过长短注意力机制,增加有效对抗扰动的同时减少冗余扰动,紧接着,提出的对抗攻击算法A-IM-FGSM,将对抗攻击问题转化为自适应约束问题,即可微变换思想用于迭代攻击中,探究注意力引导机制与DNN对抗攻击的相互关系。最后进行的实验中,在新型冠状肺炎CT数据集上,通过AMDRC-Net进行模型训练,设计对比实验、可视化实验、对抗攻击实验。     

统一的快速次优固定区间白噪声Wiener平滑算法

对带相关噪声的线性离散随机控制系统,应用Kalman滤波方法,基于CARMA新息模 型导出了统一的最优固定区间白噪声递推Wiener平滑器,它带有系数阵指数衰减到零的高阶多 项式矩阵.进一步用截断方法提出了相应的快速次优固定区间自噪声Wiener平滑算法,它显著 地减小了计算负担.给出了平滑误差公式和选择截断指数的公式.一个Bernoulli-Gaussian白噪声 的仿真例子说明了所提出的结果的有效性.     

快速次优固定区间Wiener平滑器算法

为了克服带相关噪声控制系统的最优固定区间Kalman平滑算法要求较大计算负担的缺点,应用Kalman滤波方法,基于CARMA新息模型,由稳态最优Kalman平滑器导出了带相关噪声控制系统的最优固定区间Wiener递推状态平滑器,它带有系数阵指数衰减到零的高阶多项式矩阵.用截断系数矩阵近似为零的项的方法提出了相应的快速次优固定区间Wiener平滑算法.它显著地减少了计算负担,便于实时应用,还给出了截断误差公式和选择截断指标的公式.仿真例子说明了快速平滑算法的有效性.     

Secure Synchronization Control for a Class of Cyber-Physical Systems With Unknown Dynamics

This paper investigates the secure synchronization control problem for a class of cyber-physical systems (CPSs) with unknown system matrices and intermittent denial-of-service (DoS) attacks. For the attack free case, an optimal control law consisting of a feedback control and a compensated feedforward control is proposed to achieve the synchronization, and the feedback control gain matrix is learned by iteratively solving an algebraic Riccati equation (ARE). For considering the attack cases, it is difficult to perform the stability analysis of the synchronization errors by using the existing Lyapunov function method due to the presence of unknown system matrices. In order to overcome this difficulty, a matrix polynomial replacement method is given and it is shown that, the proposed optimal control law can still guarantee the asymptotical convergence of synchronization errors if two inequality conditions related with the DoS attacks hold. Finally, two examples are given to illustrate the effectiveness of the proposed approaches.      

Robust moving horizon estimation based output feedback economic model predictive control

In this work, we develop an economic model predictive control scheme for a class of nonlinear systems with bounded process and measurement noise. In order to achieve fast convergence of the state estimates to the actual system state as well as the robustness of the observer to measurement and process noise, a deterministic (high-gain) observer is first applied for a small time period with continuous output measurements to drive the estimation error to a small value; after this initial small time period, a robust moving horizon estimation scheme is used on-line to provide more accurate and smoother state estimates. In the design of the robust moving horizon estimation scheme, the deterministic observer is used to calculate reference estimates and confidence regions that contain the actual system state. Within the confidence regions, the moving horizon estimation scheme is allowed to optimize its estimates. The output feedback economic model predictive controller is designed via Lyapunov techniques based on state estimates provided by the deterministic observer and the moving horizon estimation scheme. The stability of the closed-loop system is analyzed rigorously and conditions that ensure the closed-loop stability are derived. Extensive simulations based on a chemical process example illustrate the effectiveness of the proposed approach.     

The detection mechanism for false data injection attack via the ellipsoidal set-membership approach

The false data injection (FDI) attack detection problem in cyber-physical systems (CPSs) is investigated in this paper. A novel attack detection algorithm is proposed based on the ellipsoidal set-membership approach. In comparison to the existing FDI attack detection methods, the developed attack detection approach in this paper neither requires predefined thresholds nor specific statistical characteristics of the attacks. In order to guarantee that the estimation ellipsoid contains normal states despite the unknown but bounded (UBB) process and measurement noises, the one-step ellipsoidal set-membership estimation method is put forward. In addition, a convex optimization algorithm is introduced to calculate the gain matrix of the observer recursively. Moreover, with the help of the state estimation ellipsoid, the residual ellipsoid can be obtained for attack detection. Whether a detector can detect the FDI attack depends on the relationship between the residual value and residual ellipsoidal set. Finally, the effectiveness of the proposed method is demonstrated by a numerical simulation example.     

带有色厚尾量测噪声的鲁棒高斯近似滤波器和平滑器

为了解决带有色厚尾量测噪声的非线性状态估计问题,本文提出了新的鲁棒高斯近似（Gaussian approximate,GA）滤波器和平滑器.首先,基于状态扩展方法将量测差分后带一步延迟状态和白色厚尾量测噪声的非线性状态估计问题,转化成带厚尾量测噪声的标准非线性状态估计问题.其次,针对量测差分后模型中的噪声尺度矩阵和自由度（Degrees of freedom,DOF）参数未知问题,设计了新的高斯近似滤波器和平滑器,通过建立未知参数和待估计状态的共轭先验分布,并利用变分贝叶斯方法同时估计未知的状态、尺度矩阵、自由度参数.最后,利用目标跟踪仿真验证了本文提出的带有色厚尾量测噪声的鲁棒高斯近似滤波器和平滑器的有效性以及与现有方法相比的优越性.     

Detecting stealth DHCP starvation attack using machine learning approach

Dynamic Host Configuration Protocol (DHCP) is used to automatically configure clients with IP address and other network configuration parameters. Due to absence of any in-built authentication, the protocol is vulnerable to a class of Denial-of-Service (DoS) attacks, popularly known as DHCP starvation attacks. However, known DHCP starvation attacks are either ineffective in wireless networks or not stealthy in some of the network topologies. In this paper, we first propose a stealth DHCP starvation attack which is effective in both wired and wireless networks and can not be detected by known detection mechanisms. We test the effectiveness of proposed attack in both IPv4 and IPv6 networks and show that it can successfully prevent other clients from obtaining IP address, thereby, causing DoS scenario. In order to detect the proposed attack, we also propose a Machine Learning (ML) based anomaly detection framework. In particular, we use some popular one-class classifiers for the detection purpose. We capture IPv4 and IPv6 traffic from a real network with thousands of devices and evaluate the detection capability of different machine learning algorithms. Our experiments show that the machine learning algorithms can detect the attack with high accuracy in both IPv4 and IPv6 networks.     

多传感器信息融合Wiener滤波器和平滑器

应用现代时间序列分析方法,基于ARMA新息模型和增广状态空间模型,应用标量加权最优融合准则,对于带白色和有色观测噪声的ARMA信号,提出了多传感器分布式最优信息融合Wiener滤波器和平滑器,其中给出了计算局部平滑误差方差和互协方差的计算公式,它们可被用于计算最优加权系数。同单传感器情形相比,可提高平滑器的精度。一个三传感器目标跟踪系统的仿真例子说明其有效性。     

Stealthy output injection attacks on control systems with bounded variables

As more and more critical infrastructures such as transportation, power systems and water are being embedded with sensing and control and linked to the Internet, the resulting security vulnerability can be exploited to inflict systematic damage to the connected physical systems. The class of false-data injection attacks is of particular interest as it only requires the ability to compromise the measurements. We construct such attacks, that are stealthy to set-membership-based anomaly detectors over widely used constrained control systems with bounded disturbances. The design of robust controllers and detectors based on the ability to withstand disturbance lets the attacker masquerade itself as disturbance and necessitates the development of a disturbance set-estimator as a soft-constrained optimisation problem. We then formulate another constrained optimisation problem that maximises the state estimation error by manipulating measurements and results in a computable performance loss and derive its explicit solution as the attack vector. These methods are used to demonstrate the vulnerability of a test system, with attacker having limited knowledge of the control system.     

隐秘攻击与入侵检测的体系结构

入侵检测系统（IDS）是目前研究的一个热点，IDS从攻吉者的角度来看待系统安全，已经成为安全体系结构中不可缺少的一个环节，但是目前的IDS检测技术还不够成熟，存在一些方法使得攻击者可能绕开IDS的检测，文章探讨了一种所谓的隐秘攻击技术，这种方法用以攻击传统的基于关键字匹配的IDS，然后从如何检测隐秘攻击的角度出发讨论了IDS的安全体系结构。