(279f) Optimal Construction of Data Injection Attacks on Process Systems

The increasing reliance on data in process systems has posed engineering systems to cyberattacks. Malicious attacks disrupt, manipulate, and exploit the interactions between physical processes and computational control units from their multiple potential points of entry [1]. The studies on cyberattacks in chemical processes have been investigated with emphasis on data injection attacks (DIAs), replay attacks, denial of service (DoS), Man-in-the-Middle (MitM), etc. [2, 3].

This work focuses on DIAs from an attacker’s standpoint, adopting an information-theoretic framework to model and analyze such threats targeting sensor measurements. The objective of the attack design is to simultaneously disrupt the stationary distributions of the process variables and remain undetected. In this context, information-theoretic measures serve as rigorous quantitative metrics [4] and provide an effective framework to fundamentally analyze the impact of DIAs [5, 6]. In particular, the problem is posed as the optimal design of a multivariate Gaussian distribution of the attack, which maximizes the Kullback-Leibler (KL) divergence between the stationary distributions of the states under attacks and without attacks. The stealthiness of the attacks is captured by the divergence of the sensor measurement distributions under attacks and without attacks.

We first consider the case where the attacker has access to all the measurements in the system, which yields full attacks followed by the corresponding convexity analysis and an explicit solution. Then, a sparsity constraint is considered where the attacker has limited access to the measurements, which yields k-sparse attacks. We tackle such a combinatorial problem by incorporating one-at-a-time additional measurement that yields a sequential sensor selection problem. The sparse attacks inspire a vulnerability metric of the measurements. The metric assesses the achievable attack disruption and attack detection for each measurement, as well as for each unit in a chemical process. Illustrative examples in a two-reactor system are presented numerically.

References

[1] Yu, Z., et al. “A survey on cyber-physical systems security.” IEEE IoT J. 10.24 (2023): 21670-21686.

[2] Mo, Y., and Bruno S. “Secure control against replay attacks.” IEEE 47th Annual Allerton Conference on Communication, Control, and Computing. 2009.

[3] Duo, W., Zhou, M., and Abdullah A. “A survey of cyberattacks on cyber physical systems: Recent advances and challenges.” IEEE/CAA J. Autom. Sin. 9.5 (2022): 784-800.

[4] Cover, T. M. Elements of information theory. John Wiley & Sons, 1999.

[5] Ye, X., et al. “Stealth data injection attacks with sparsity constraints.” IEEE Trans. Smart Grid 14.4 (2023): 3201-3209.

[6] Ye, X., et al. “Information theoretic data injection attacks with sparsity constraints.” IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids. 2020.