Identification of System Vulnerability Under a Smart Sensor Attack via Attack Model Reduction

Abstract

In this letter, we investigate how to make use of model reduction techniques to identify the vulnerability of a closed-loop system, consisting of a plant and a supervisor, that might invite attacks. Here, the system vulnerability refers to the existence of key observation sequences that could be exploited by a specific smart sensor attack to cause damage infliction. We consider a nondeterministic smart attack, i.e., there might exist more than one attack choice over each received observation, and adopt our previously proposed modeling framework, where such an attack is captured by a standard finite-state automaton. For a given supervisor S and a smart sensor attack model A, another smart attack model <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">${\mathrm{ A}}'$ </tex-math></inline-formula> is called attack equivalent to A with respect to S, if the resulting compromised supervisor, defined as the composition of the supervisor S and attack model <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">${\mathrm{ A}}'$ </tex-math></inline-formula> , is control equivalent to the original compromised supervisor, defined as the composition of S and A. Following the spirit of supervisor reduction that relies on the concept of control congruence, we will show that, this problem of synthesizing a reduced smart attack model <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">${\mathrm{ A}}'$ </tex-math></inline-formula> that is attack equivalent to A with respect to S, can be transformed to a classical supervisor reduction problem, making all existing synthesis tools available for supervisor reduction directly applicable to our problem. A simplified and ideally minimum-state attack model can reveal all necessary observation sequences for the attacker to be successful, thus, reminds system designers to take necessary precautions in advance, which may improve system resilience significantly. An example is presented to show the effectiveness of our proposed attack model reduction technique.