The problem of state estimation in the setting of partially-observed discrete event systems subject to cyber attacks is considered. An operator observes a plant through a natural projection that hides the occurrence of certain events. The objective of the operator is that of estimating the current state of the system. The observation is corrupted by an attacker which can insert and erase some sensor readings with the aim of altering the state estimation of the operator. Furthermore, the attacker wants to remain stealthy, namely the operator should not realize that its observation has been corrupted. An automaton, called attack structure, is defined to describe the set of all possible attacks. In more details, first, an unbounded attack structure is obtained by concurrent composition of two state observers, the attacker observer and the operator observer. Then, the attack structure is refined to obtain a supremal stealthy attack substructure. An attack function may be selected from the supremal stealthy attack substructure and it is said harmful when some malicious goal of the attacker is reached, namely if the set of states consistent with the observation produced by the system and the set of states consistent with the corrupted observation belong to a given relation. The proposed approach can be dually used to verify if there exists a harmful attack for the given system: this allows one to establish if the system is safe under attack.
翻译:在设置受到网络攻击的局部离散事件系统中,考虑国家估算的问题。操作员通过自然预测观察工厂,隐藏某些事件的发生。操作员的目标是估计系统的目前状况。观察被攻击者腐蚀,攻击者可以插入和抹去某些传感器读数,以改变操作员的国家估计。此外,攻击者希望保持隐形状态,即操作员不应意识到其观察已经腐蚀。一个称为攻击结构的自动图案被定义为描述所有可能攻击的数据集。首先,通过同时组成两个国家观察员、攻击者观察者和操作者观察者观察员,获得一个未受限制的攻击结构。然后,对攻击结构进行改进,以获得一个超乎寻常的隐形攻击亚结构。攻击功能可以从最恐怖的隐形攻击小结构中挑选出来,如果达到攻击者的某些恶意目标,即如果符合系统观测结果的国家组合,以及所设定的不受约束的攻击结构,如果采用一种有害的攻击方法,则可以建立一种与受腐蚀的系统。