(576a) Data-Driven Estimation of Controller-Actuator False Data Injection Attacks in Process Systems

Modern industrial processes rely on networked control systems, replacing dedicated feedback controller links with real-time shared communication networks. In recent years, cyberattacks that aim to maliciously alter the data transmitted over communication networks have increased both in frequency and severity [1]. False data injection attacks (FDIAs) represent a specific type of cyberattacks aimed at injecting deceptive or falsified data into the control system, thereby manipulating its decision-making process and leading to undesirable outcomes. If left unaddressed, these cybersecurity risks can potentially lead to high recovery costs, injury, death, or physical damage, and are therefore a critical problem to address. This has motivated a significant and growing body of research work on the design of cyber-resilient process control systems (PCS) [2].

The design of cyber-resilient PCS involves three essential components: a detection scheme for detecting the presence of attacks, an identification scheme for categorizing attacks and/or estimating their severity, and a mitigation scheme to implement corrective actions based on this information [3]. While significant research work has focused on developing attack detection schemes (e.g., [4]), the problem of designing attack identification schemes has received comparatively less attention. Examples of contributions in this direction include model-based approaches utilizing linear observers for attack estimation (e.g., [5]) and data-based methods such as neural network-based classification methods (e.g., [6, 7]). The latter approaches typically define a discrete set of operating modes representing the nominal process operation as well as process operation under different types of attacks. Classification schemes have also been used to estimate the magnitudes of multiplicative sensor-controller attacks by associating each discrete attack mode with a range of attack magnitudes [8]. Course-graining attack classes, however, imposes limitations on the accuracy of the attack magnitude estimates, and this may not be sufficient for mitigation, thus necessitating the use of more accurate estimation schemes. Additionally, while these prior works have focused exclusively on sensor-controller communication link attacks, attacks on controller-actuator communication links require separate attention.

This work aims to address the problem of estimation of FDIAs on controller-actuator communication links in PCS. To this end, a data-driven estimation scheme that utilizes a neural network (NN) is first proposed for two prevalent types of FDIAs, including additive and multiplicative FDIAs. Given the absence of historical process data under different attack magnitudes for training the NN, an offline training of the NN using a dataset generated through simulations is employed. Furthermore, guided by the realization that cyber-attackers are becoming increasingly sophisticated and may simultaneously employ a combination of attack types, the proposed estimation scheme is expanded to address simultaneous attacks involving both additive and multiplicative FDIAs. To this end, we identify the challenges that the co-presence of additive and multiplicative attacks impose on the ability of the
estimation scheme to uniquely estimate such attacks and present a reformulation of the estimation problem to address these challenges. Using an illustrative process example, the training and implementation of the NN-based estimation scheme is demonstrated. Numerous simulations are conducted for the nominal model of the process under the influence of varying magnitudes of attack parameters. Subsequently, the effectiveness of the estimation scheme is evaluated in the presence of measurement noise and process disturbances.

References

[1] W. Duo, M. Zhou, and A. Abusorrah, “A survey of cyber attacks on cyber physical systems: Recent advances and challenges,” IEEE/CAA Journal of Automatica Sinica, vol. 9, pp. 784–800, 2022.

[2] S. Parker, Z. Wu, and P. D. Christofides, “Cybersecurity in process control, operations, and supply chain,” Computers & Chemical Engineering, p. 108169, 2023.

[3] M. Kordestani and M. Saif, “Observer-based attack detection and mitigation for cyber-physical systems: A review,” IEEE Systems, Man, and Cybernetics Magazine, vol. 7, pp. 35–60, 2021.

[4] N. Mtukushe, A. K. Onaolapo, A. Aluko, and D. G. Dorrell, “Review of cyberattack implementation, detection, and mitigation methods in cyber-physical systems,” Energies, vol. 16, p. 5206, 2023.

[5] L. Li, W. Wang, Q. Ma, K. Pan, X. Liu, L. Lin, and J. Li, “Cyber attack estimation and detection for cyber-physical power systems,” Applied Mathematics and Computation, vol. 400, p. 126056, 2021.

[6] Z. Wu, F. Albalawi, J. Zhang, Z. Zhang, H. Durand, and P. D. Christofides, “Detecting and handling cyber-attacks in model predictive control of chemical processes,” Mathematics, vol. 6, no. 10, p. 173, 2018.

[7] S. Chen, Z. Wu, and P. D. Christofides, “Cyber-attack detection and resilient operation of nonlinear processes under economic model predictive control,” Computers & Chemical Engineering, vol. 136, p. 106806, 2020.

[8] A. Zedan and N. H. El-Farra, “A machine-learning approach for identification and mitigation of cyberattacks in networked process control systems,” Chemical Engineering Research and Design, vol. 176, pp. 102–115, 2021.