Biblio

The security problem of networked control systems (NCSs) suffering denial of service(DoS) attacks with incomplete information is investigated in this paper. Data transmission among different components in NCSs may be blocked due to DoS attacks. We use the concept of security level to describe the degree of security of different components in an NCS. Intrusion detection system (IDS) is used to monitor the invalid data generated by DoS attacks. At each time slot, the defender considers which component to monitor while the attacker considers which place for invasion. A one-shot game between attacker and defender is built and both the complete information case and the incomplete information case are considered. Furthermore, a repeated game model with updating beliefs is also established based on the Bayes' rule. Finally, a numerical example is provided to illustrate the effectiveness of the proposed method.

The rapid development of the Cloud Computing Technologies (CCTs) has amended the conventional design of resource-constrained Network Control System (NCS) to the powerful and flexible design of Cloud-Based Networked Control System (CB-NCS) by relocating the processing part to the cloud server. This arrangement has produced many internets based exquisite applications. However, this new arrangement has also raised many network security challenges for the cloud-based control system related to cyber-physical part of the system. In the absence of robust verification methodology, an attacker can launch the modification attack in order to destabilize or take control of NCS. It is desirable that there shall be a solution authentication methodology used to verify whether the incoming solutions are coming from the cloud or not. This paper proposes a methodology used for the verification of the receiving solution to the local control system from the cloud using Karush-Kuhn-Tucker (KKT) conditions, which is then applied to actuator after verification and thus ensure the stability in case of modification attack.

In the present paper, the problem of networked control system (NCS) cyber security is considered. The geometric approach is used to evaluate the security and vulnerability level of the controlled system. The proposed results are about the so-called false data injection attacks and show how imperfectly known disturbances can be used to perform undetectable, or at least stealthy, attacks that can make the NCS vulnerable to attacks from malicious outsiders. A numerical example is given to illustrate the approach.

The importance of Networked Control Systems (NCS) is steadily increasing due to recent trends such as smart factories. Correct functionality of such NCS needs to be protected as malfunctioning systems could have severe consequences for the controlled process or even threaten human lives. However, with the increase in NCS, also attacks targeting these systems are becoming more frequent. To mitigate attacks that utilize captured sensor data in an NCS, transferred data needs to be protected. While using well-known methods such as Transport Layer Security (TLS) might be suitable to protect the data, resource constraint devices such as sensors often are not powerful enough to perform the necessary cryptographic operations. Also, as we will show in this paper, applying simple encryption in an NCS may enable easy Denial-of-Service (DoS) attacks by attacking single bits of the encrypted data. Therefore, in this paper, we present a hardware-based approach that enables sensors to perform the necessary encryption while being robust against (injected) bit failures.

In the present paper, a networked control system under both cyber and physical attacks Is considered. An adapted formulation of the problem under physical attacks, data deception and false data injection attacks, is used for controller synthesis. Based on the classical fault tolerant detection (FTD) tools, a residual generator for attack/fault detection based on observers is proposed. An event-triggered and Bilinear Matrix Inequality (BMI) implementation is proposed in order to achieve novel and better security strategy. The purpose in using this implementation would be to reduce (limit) the total number of transmissions to only instances when the networked control system (NCS) needs attention. It is important to note that the main contribution of this paper is to establish the adequate event-triggered and BMI-based methodology so that the particular structure of the mixed attacked/faulty structure can be re-formulated within the classical FTD paradigm. Experimental results are given to illustrate the developed approach efficiency on a pilot three-tank system. The plant model is presented and the proposed control design is applied to the system.