Replay attack detection and mitigation for cyber–physical systems via RADIR algorithm with encryption scheduling

Abstract

This paper investigates the security state estimation issue facing replay attacks in confidential cyber–physical systems. Smart sensor equipped with a power harvester transmits critical measurements to the remote estimator over wireless networks, in which the transmission modes include encrypted and normal. In order to complete the persistent threats, the adversary launches multi-stage discontinuous replay attacks to compromise the estimation process. In virtue of the designed label detection scheme, we transform attack detection into encryption scheduling optimization under the constraint of sensor energy harvesting and acquire a rigorous relationship between detection probability, attack duration, and encryption ratio. Different from most existing studies only focusing on attack detection, the localization of replay interval measured by detection immediacy is also analyzed. Subsequently, the optimal periodic encryption scheduling strategy is given to maximally determine the attack interval by adopting an optimization-based approach. Further, a complete algorithm of replay attack detection, isolation, and recovery (RADIR) is designed to minimize deterioration from multi-stage attacks, which can guarantee the estimated performance of the system as much as possible. Finally, the unmanned ground vehicle system is applied to validate the theoretical results, where the dataset of replay attacks is obtained by capturing the normal operation data of a moving vehicle. Also, we compare the optimal encryption strategy designed in this paper with general centralized and random scheduling strategies.