# Attack-resilient Estimation of Switched Nonlinear Stochastic Cyber-Physical Systems

###### Abstract

This paper studies attack-resilient estimation of a class of switched nonlinear systems subject to stochastic noises. The systems are threatened by both of signal attacks and switching attacks. The problem is formulated as the joint estimation of states, attack vectors and modes of hidden-mode switched systems. We propose an estimation algorithm which is composed of a bank of state and attack vector estimators and a mode estimator. The mode estimator selects the most likely mode based on modes’ posterior probabilities induced by the discrepancies between obtained outputs and predicted outputs. We formally analyze the stability of estimation errors in probability for the proposed estimator associated with the true mode when the hidden mode is time-invariant but remains unknown. For hidden-mode switched linear systems, we discuss a way to reduce computational complexity which originates from unknown signal attack locations. Lastly, we present numerical simulations on the IEEE 68-bus test system to show the estimator performance for time-varying modes with a regular mode set and a reduced mode set.

and and and

The School of Electrical Engineering and Computer Science,
Pennsylvania State University

The College of Information Sciences and Technology,
Pennsylvania State University

201 Old Main, University Park, PA, 16802

^{1}

^{1}footnotetext: This work is partially supported by the National Science Foundation (CNS-1505664).

## 1 Introduction

Cyber-Physical Systems (CPS) are systems which integrate control systems with advanced technologies of sensing, computation and communication. The integration leads to highly automated and collaborative applications such as autonomous vehicles, remote patient monitoring, and smart grid. Due to such potentials, the significance on CPS is emphasized by the President’s Council of Advisors on Science and Technology at 2010 [13].

Security is of vital importance for CPS. Especially, because of the couplings between the cyber layer and physical layer, CPS bear vulnerabilities to cyberattacks which may cause irreparable damage to the physical layer [4]. For example, a natural gas flow control system in Russia was temporarily seized in 2000 and a sewage control system in Australia was attacked in the same year [33]. According to early studies on CPS security, the types of possible attacks on CPS can be categorized into signal attacks and switching attacks. Signal attacks include sensor attacks which tamper with sensor readings and actuator attacks which tamper with control commands. While signal attacks modify the magnitudes or timings [42, 43] of signals, switching attacks alter system structures [36, 39]. The attacks can be launched via communication jamming and malware; e.g., Trojan.

Literature review. One topic in CPS security focuses on identifying fundamental limitations on the detectability of attacks. Paper [25] investigates the possibilities that attacks can bypass detection algorithms for power systems. Undetectable attack spaces on linear systems are characterized in [30]. A number of attack detectors against signal attacks are designed. In particular, attack detection problems for deterministic linear systems are formalized into / optimization problems [7, 30]. Due to non-convexity, the problems are NP-hard [30]. To address the computational challenges, paper [7] proposes convex relaxations of the optimization problems. It is analyzed in [28] that a state estimator based on optimization is robust with respect to modeling errors caused by sampling, computation/actuation jitter, and synchronization. Paper [26] uses the Kalman filter to conduct attack-resilient state estimation in the presence of stochastic noises. Paper [32] proposes a multi-modal Luenberger observer whose memory usage increases linearly with the number of states and outputs. Papers [25, 26, 28, 32] consider sensor attacks, and papers [7, 30] consider both sensor and actuator attacks. Paper [39] designs an attack-resilient estimator for stochastic linear systems in the presence of sensor attacks, actuator attacks, and switching attacks. All aforementioned papers focus on linear systems.

Our attack-resilient estimator design method is based on simultaneous unknown Input and State Estimation (ISE). Early research of this area focuses on state estimation without estimating unknown inputs [5, 14]. Unbiased and minimum variance unknown input and state estimators are designed for linear systems without direct feedthrough matrix [15] and with full-column rank direct feedthrough matrix [9, 38], and with rank-deficient direct feedthrough matrix [40]. Noticeably, this set of papers is restricted to linear systems.

Contributions. In this paper, we consider a class of switched nonlinear stochastic systems under signal attacks and switching attacks. We formulate the attack-resilient estimation problem as the simultaneous estimation of states, attack vectors and hidden modes. The proposed algorithm associates an estimator to each mode and the estimators share the same structure. Each estimator recursively produces the estimates of states and attack vectors. The mode estimator selects the most likely mode based on modes’ posteriori probabilities found by the discrepancies between obtained outputs and predicted outputs. For the special case where the hidden mode is fixed but remains unknown, it is shown that the estimation errors of states and attack vectors of the true mode satisfy Practically Exponentially Stable in probability (PESp) like properties. In addition, we discuss a way to reduce computational complexity by reducing the number of modes for switched linear stochastic systems, which maintains the minimal number of modes to achieve the same detection capabilities as the power set. On the IEEE 68-bus test system, numerical simulations are conducted to show the effectiveness of the proposed algorithm on time-varying modes with a regular mode set and a reduced mode set. Towards our best knowledge, this is the first time to systematically study unknown input, state, and mode estimation of switched nonlinear stochastic systems.

This paper is enriched from preliminary version [18] and includes a set of new results. In particular, this paper discusses how to reduce computational complexity caused by unknown signal attack locations. An additional numerical simulation is conduct to show the estimator performance for reduced mode sets. Lastly, this paper contains all the proofs which were omitted in [18].

Paper organization. A motivating example of CPS model and attack model is introduced in Section 2. Section 3 introduces system model, attack model and defender’s knowledge. Moreover, the state, attack vector, and mode estimation problem is formulated in the same section. We propose Nonlinear unknown Input, State and Mode Estimator (NISME) to solve the estimation problem in Section 4. The stability of the proposed estimator is formally analyzed in Section 5. Section 6 discusses a way to reduce computational complexity caused by unknown signal attack locations, for switched stochastic linear systems. Section 7 offers numerical simulations on the IEEE 68-bus test system to show the performance of the proposed NISME with a regular mode set and a reduced mode set. We present the derivations and proofs of the proposed estimator in Section 8.

Notations. Given a vector , we use and to denote an estimate of and induced estimation error , respectively. Its error covariance is defined by , and cross error covariance with is .

We use the following definition for filter stability of nonlinear systems.

###### Definition 1.1

Stochastic process is said to be Practically Exponentially Stable in probability (PESp) if for any , there exist positive constants , , , and such that, for any , the following holds for all :

PESp is a special case of stochastic input-to-state stability [24] when input is absent and class function is exponential in and linear in . In addition, PESp is also extended from global asymptotic stability in probability (Definition 3.1 in [22]). Notice that the stability notions in [22, 24] are global and PESp is local.

As for linear systems, one of the sufficient conditions for filter stability is uniform observability.

###### Definition 1.2

[3] The pair is uniformly observable if and only if there exist positive constants , for all , such that, for all , where is the observability gramian and is the state transition matrix.

Uniform observability reduces to observability if the linear system is time-invariant.

## 2 Motivating example

A power network is represented by undirected graph with the set of buses and the set of transmission lines . The set of neighboring buses of is . Each bus is either a generator bus , or a load bus . The dynamic of bus with attacks is described as the following switched nonlinear system:

(1) |

with the output model

(2) |

adopted from Chapter 9 in [37] adding a phase angle measurement as [6, 31]. System states , are phase angle and angular frequency, respectively. Mode index represents on/off of the power line connection between buses and ; i.e., power flow is , and . The values , and denote power demand, and electrical power output, respectively. Since power demand can be obtained by many load forecasting methods [1, 11], it is assumed to be known.

Mechanical power is the control input for and is assumed to be zero at load bus . Power demand can be divided into elastic demand and inelastic demand as shown in [2]; i.e., . Elastic demand can be controlled via power pricing. Since we assume that the current load is known, we simplify that load bus uses as load controller.

The measurements are sampled at discrete instants due to hardware constraints. We use subscript to denote an instantaneous value at the discrete sampling time ; e.g., .

An attacker is assumed to be able to modify the sensor measurements, control commands, and trigger the power flow line switches. The possible attacks are modeled as vectors , , and hidden mode switch which represent sensor attacks [26, 30], actuator attacks [7, 30, 43], and circuit breaking/switching attacks [36, 39], respectively.

## 3 Problem formulation

System model. Consider the hidden-mode nonlinear stochastic system

(3) |

where , , , and are state, output, input, and hidden-mode, respectively. We use subscript to denote an instantaneous value at the discrete sampling time . Vectors , and are actuator attack vector and sensor attack vector, respectively. Sets , denote flow set and jump set, respectively, and is a mode transition function. For each mode, process noise and measurement noise are uncorrelated with each other. The system is a continuous-discrete system because, while the physical dynamic evolves in continuous time, sensor measurements are obtained at their corresponding sampling instants due to hardware constraints. We define a uniform sampling period as . It is assumed that the system (3) has a unique solution. One of the sufficient condition for the unique solution is weak one-sided local Lipschitz condition on function in the open time interval of each mode duration [35] and other conditions can be found in the references therein. The system model (3) includes the power system model (1) with (2) as a special case.

Attack model. Signal attacks are comprised of signal magnitude attacks (i.e., the attacker injects attack signals), and signal location attacks (i.e., the attacker chooses targeted sensors/actuators). Signal attacks are modeled by and where zero values indicate that the corresponding actuators and sensors are free of attacks and non-zero values represent attack magnitudes. Switching attacks change system modes following .

Knowledge of the defender. The defender is unaware of which actuators/sensors are under attacks and what the current mode is. The defender knows dynamic system model and output model (4) for each mode but not the mode transition function . Mode set is also known to the defender. The attack vectors , , mode and its transitions are inaccessible to the defender. Noise vectors , are unknown but their auto covariance matrices are known.

Objective.
The defender aims to answer the following three questions:

(a) if any sensor or actuator is attacked;

(b) if so, which ones are attacked, and how much sensor readings and control commands are tampered with;

(c) what current system states are.

The above problem can be formulated as a joint estimation of states, attack vectors and modes of hidden-mode switched systems (3).

## 4 Estimator design

In order to reflect real world, system (3) models the attacks from the attacker’s point of view and captures attack sources. In order to solve the estimation problem, we need to model the attacks from the defender’s point of view and captures attack consequences. In particular, we rewrite system (3) as follows:

(4) |

where , , , , , , and . The defender models the signal location attacks as mode of diagonal matrix

where if mode assumes that the location is under attack; otherwise, . Thus, stands for the both signal location attacks and switching attacks .

###### Remark 4.1

For the sake of generality, we will consider arbitrary in the remaining of this section and Sections 5.

To solve the problem, we propose Nonlinear unknown Input, State and Mode Estimator (NISME). The NISME consists of a bank of Nonlinear unknown Input and State estimators (NISE) and a mode estimator as shown in Figure 1.

Each NISE is associated with a particular mode and recursively estimates the states and attack vectors under the fixed mode. The mode estimator calculates the posteriori probabilities of the modes by observing output discrepancies from predicted outputs, and chooses the most likely one. Lastly, the NISME outputs the estimates of the states and the attack vectors of the selected mode.

We first introduce some preliminaries for the NISE in Section 4.1. The NISME is presented in Section 4.2.

### 4.1 Preliminaries

In this section, we introduce an output decomposition used in the NISE. Since each NISE is associated with a particular mode, we omit the mode index for notational simplicity.

We first discretize and linearize system (4) as follows with constant sampling period :

(5) |

where refers to discretization error, and , ,

We define the autocovariance matrices for noise vectors as , and .

Now we introduce two coordinate transformations. The first one is based on the singular value decomposition

where is a full rank diagonal matrix. The first coordinate transformation is defined by

(6) |

Likewise, the singular value decomposition

with full-rank diagonal matrix induces the second coordinate transformation

(7) |

where . From coordinate transformations (6) and (7), the output in (5) can be decomposed as follows:

(8) |

where and . Attack vector is decomposed into a sum of and where they are orthogonal to each other. Note that and are different from and , and introduced for the purpose of analysis. In this case, it holds that with and . Output is the portion of which is attacked at ; i.e., includes in (8). Outputs and are the portions of and are free of attacks at , where output reflects indirectly because . Thus, decomposed outputs , , and are used to estimate , , and , respectively.

Because is not measured by , output in (8) is instead used to estimate ; i.e., matrices and must be known to estimate attack vector . However, in (5), matrix is obtained by linearizing using , and matrix is obtained by linearizing using , where these linearizations cannot be done without knowing . Thus, we have the following assumption.

###### Assumption 4.1

Dynamic system model (4) can be expressed as

(9) |