David Umsonst1, Ehsan Nekouei1, André M. H. Teixeira2, Henrik Sandberg1
11:20 - 11:40 | Wed 10 Jul | Room 401-402 | WeA11.5
A malicious attacker with access to the sensor channel in a feedback control system can severely affect the physical system under control, while simultaneously being hard to detect. A properly designed anomaly detector can restrict the impact of such attacks, however. Anomaly detectors with an internal state (stateful detectors) have gained popularity because they seem to be able to mitigate these attacks more than detectors without a state (stateless detectors). In the analysis of attacks against control systems with anomaly detectors, it has been assumed that the attacker has access to the detector's internal state, or designs its attack such that it is not detected regardless of the detector's state. In this paper, we show how an attacker can realize the first case by breaking the confidentiality of a stateful detector state evolving with linear dynamics, while remaining undetected and imitating the statistics of the detector under nominal conditions. The realization of the attack is posed in a convex optimization framework using the notion of Kullback-Leibler divergence. Further, the attack is designed such that the maximum mean estimation error of the Kalman filter is maximized at each time step by exploiting dual norms. A numerical example is given to illustrate the results.