Optimal injection attack strategy for cyber-physical systems: a dynamic feedback approach

This paper investigates the system security problem of cyber-physical systems (CPSs), which is not only more practical but also more signiﬁcant to deal with than the detecting faults problem. The purpose of this paper is to ﬁnd an optimal attack strategy that maximizes the output error of the attacked system with low energy consumption. Based on a general model of linear time-invariant systems and a key technical lemma, a new optimal attack strategy for the meticulously designed false data injection attack is constructed. It is worth mentioning that compared with the existing model-based attack strategies, the designed one is more general and the corresponding attack strategy is more easily implemented when system states and external input are inaccessible. Key to overcoming the inaccessible information, a dynamic observer in the form of Luenberger is constructed. Finally, a networked magnetic levitation steel ball movement system is applied to illustrate the eﬀectiveness of the proposed scheme.


Introduction
Different from the cyberattack on the side of the offensive, attack detection represents the timely discovery of vulnerabilities in the system and alarm from the perspective of the defender. The detection mechanisms for the corresponding attacks have been extensively studied, such as denial-of-service (DoS) attack detection [16], replay attack detection [17], and false data injection (FDI) attack detection [18,19]. Security defense denotes the security protection of the system from the perspective of the defender. Many researchers have implemented secure control or resilient control strategy under attack to reduce or avoid the damage caused by attackers [20][21][22][23][24][25][26]. All of the aforementioned works on cyber security focus on existing classic attack strategies. Unfortunately, the continuous update of attack strategies makes the existing detection mechanisms and defense strategies ineffective. Therefore, this paper mainly designs an attack strategy on the attacker's side. One of the research motivations was to enable defenders to understand the behavior of unknown attackers more deeply, and then design corresponding defense strategies to better protect the system.
To date, two main categories of cyberattacks exist, namely denial-of-service (DoS) attacks [12,13,27] and deception attacks, among which deception attacks include replay attacks and injection attacks [10,28]. DoS attack is destroying the target object, making it unable to serve normal users, resulting in information packet loss or delay, etc. Massive research results have been reported on DoS attack strategy design and secure control, see [20][21][22] and the references therein. The replay attack refers to injecting external inputs without being detected; the attacker hijacks the sensor, observes and records its readings for a period of time, and then repeats these readings when executing the attack [28]. Since the data of replay attack come from a normal system, it is difficult to be detected. Therefore, some detection mechanisms for replay attacks are proposed in [17,29,30]. For false data injection attack, the attacker injects the meticulously designed false information to disturb the normal operation of the system. More recently, Chen et al. [31] have studied the attack strategy of attackers against CPSs from the vantage point of optimal control. Wu and Jian [32] have also designed a switching data injection attack scheme from the attacker's side. After that, they have further considered the optimal feedback attack problem and the optimal location switching attack problems, respectively [10,11]. The design of the above attack strategies is based on the assumption that the information of the attacked system is completely known. The fact that a part of the information of the attacked system is inaccessible is a natural extension of the attack strategy design that all information can be accessed. Up to now, when the information of the attacked system is completely unknown, that is, the attacked system is model free for the attacker, there is a neural network learning method to design the attack strategy [33]. However, in most cases, it is a natural fact that the attacker is not completely unaware of the attacked system through long-term information eavesdropping. If the attacked system is regarded as a black box and the attack strategy is directly designed by the learning method, the useful information obtained by eavesdropping will be wasted and the adaptability of the obtained attack strategy will be insufficient. Making good use of this information in the design of attack strategy is the main motivation to promote us to study the problems proposed in this paper.
In this paper, a new attack strategy for cyber-physical systems under the system states and external input inaccessible is proposed. The main contributions of this paper are summarized as follows: (1) A new data injection attack method is proposed from the perspective of attackers, in which attackers use system output to construct attack strategy in the form of dynamic feedback. The objective function of attacker is defined as the linear quadratic function and the corresponding algebraic Riccati equation is derived by solving the defined objective function. (2) Since the attacker cannot access the system states and external input information of the attacked system, it is difficult for the attacker to maximize the output error of the attacked system with the least energy consumption. In this paper, a modified Luenberger observer-based method is introduced to solve the aforementioned attack optimization problem. (3) During the design of the attack strategy, the value of the designed observer is adopted as the dynamic auxiliary virtual states to deal with the difficulty that the unknown parameter matrices of the attack strategy cannot be solved directly.
The rest of this paper is organized as follows. The problem formulation about a class of linear timeinvariant system is shown in Section 2. The schemes of dynamic observer and false data injection attack based on dynamic observation and output feedback are described in Section 3. In Section 4, the efficiency of proposed scheme is illustrated by a networked magnetic levitation steel ball movement system example. Finally, this paper is concluded in Section 5.

Problem formulation
Consider a class of linear time-invariant system described bẏ where x ∈ R n is the state, u ∈ R l is the control input, y ∈ R m is the measured output, d(t) ∈ R p is the external disturbance, and A, B, C, D, E, and F are known constant matrices with compatible dimensions. External disturbance d(t) is generated by linear autonomous differential equation expressed where d 0 is arbitrary initial value. The tracking error of system (1) can be expressed as where y r (t) is the desired output, and y r (t) is given bẏ where y r0 is an arbitrary initial value.
Combining the system state of system (1) and the tracking error (3), the trajectory tracking system can be written asẋ where where 0 and I are the zero and identity matrix of appropriate dimensions, respectively. Through the linear quadratic tracker (LQT), the control input is designed as where K 1 and K 2 are known constant matrices with compatible dimensions.
For system (5), the following assumption is needed.
Remark 1. The first part of Assumption 1 is quite standard in the literature to design the attack strategy because it is meaningful for the attackers to destroy stable systems. The latter part of Assumption 1 is necessary for the design of the attack strategy in this paper, when it is undetectable, the attack strategy to achieve the maximum deviation of the system output from the desired output cannot be designed due to the lack of information related to the desired output.
3 Design of optimal data injection attack strategy

Attack structure
Since the controller transmits the control signal to the actuator through the wireless transmission channel, the attacker achieves the purpose by intercepting the control signal transmitted through the wireless transmission channel and tampering with the signal. The false data injection attack is expressed as whereũ(t) is the attacked control input, Γ a is the attack weight matrix with compatible dimension, and u a (t) ∈ R q is the attack input.
The key design of the data injection attack structure is described as where A a , B a , and C a are the designed attack matrices with compatible dimensions, u a (0) is an arbitrarily small initial value and η(t) is the designed auxiliary virtual state of the attack input.
The following assumptions are needed to design an attack strategy for the attacker.
Assumption 2. The attacker has complete knowledge of system (5) matrices through eavesdropping the system information for sufficient time.
Assumption 3. In the FDI attack, the attacker has the ability to inject the calculated false data vector u a (t) into the actuators synchronously with the system input signals.
The purpose of the attacker in this subsection is to use as little energy as possible to make the system tracking error maximum deviate from 0. The objective function can be described as where t 0 and t f are the start time and end time of the injection attack, respectively. It is worth mentioning that u T a (t)Ru a (t) represents the energy consumption of the attacker. Then, the problem of data injection attack can be expressed as the optimal problem.

Page 4 of 16
Security and Safety, Vol. 1,2022005 Due to inaccessible system states and external input data information from the perspective of the attacker, Problem 1 cannot be solved. Therefore, the dynamic observer is applied in the design of the attack strategy.

Design of dynamic observer
Note that system statex(t), external disturbance d(t), and desired output y r (t) are unknown to the attacker. Thus, the attacker can use the modified Luenberger observer to observe state x(t) and external input ζ(t), the observer is designed aṡ where Proof. Combined withũ(t),û(t), the attacked system (8) and the observer (11), the derivative of the observation error e xξ (t) can be expressed aṡ thus, through the theory of observer design, when Re eig Ā − LC + (B − LD)[K 1 , K 2 ] < 0 is satisfied, lim t→∞ e xξ (t) = 0, which indicates that when t → ∞, the estimation ξ(t) is equal to [x(t), ζ(t)] T . This is end of proof It is worth pointing out that the designed auxiliary virtual state η(t) is determined by the attacker. When observation ξ(t) is selected by the attacker as the designed auxiliary virtual state η(t), Problem 1 can be transformed into Problem 2.
u a (t) = C a η(t), The block diagram of the attacked system is shown in Figure 1. As can be seen from Figure 1, the attacker first obtains the system outputỹ(t) by eavesdropping, which is transmitted from the plant to the controller using the sensor. Then, system outputỹ(t) and the estimated value of the designed observer are applied to construct (9). Next, optimal attack input u a (t) can be obtained by solving Problem 2. Finally, optimal attack input u a (t) is injected into control input u(t) wirelessly transmitted from the controller to the actuator so that the control input obtained by the actuator is tampered withũ(t) to complete the attack.

Main results
Before presenting the main result, the key lemma is first introduced.
Lemma 2 ( [34,35]). The optimal problem is expressed as min u(t) If requirement Q ≥ 0 is not satisfied, a necessary and sufficient condition to provide a unique solution to the affine-quadratic continuous-time optimal problem is where P is the solution of the following Algebraic Riccati Equation Theorem 1. Under Assumptions 1-3, if R − Γ T a D T QDΓ a > 0 holds and the observation ξ(t) is selected by the attacker as the designed auxiliary virtual state η(t), the matrices of the optimal attack strategy designed as (9) can be obtained by solving Problem 2, which are expressed as where P satisfies the following equation and Proof. If the attacker utilizes observation ξ(t) as designed auxiliary virtual state η(t), then attacked control input (7) based on the observation of [x(t), ζ(t)] T can be rewritten aŝ whereK is described in Theorem 1.
Combining (9), (11) and (15), one haṡ therefore, the integrated term of the objective function (10) can be reorganized as then, the Hamilton function is defined as where λ(t) is the co-state vector.
Through the optimal theory [35], ∂H ∂ua(t) = 0 is applied, the optimal attack input is obtained as

Page 7 of 16
Security and Safety, Vol. 1,2022005 combined with the co-state equation, letting λ(t) = P η(t), (21) and (22) can be rewritten as thus, C a is obtained, anḋ Since (22) and (24) are equal, the preliminary algebraic Riccati equation can be described as by means of Lemma 2, the optimal solution for Problem 2 is unique if and only if R − Γ T a D T QDΓ a > 0. Since A a contains C a , C a contains P , and (25) contains A a , in order to avoid the unknown matrix when solving in (25), combining (16), (23), and (25), one can obtain then, B a = L andC e = [C, F ζ ] + DK are used to simplify (26) to obtain (14). This is end of proof.
The application of Theorem 1 is transformed into the false data injection attack algorithm based on dynamic observation feedback, as shown in Algorithm 1.

Simulation example
A networked magnetic levitation steel ball movement system [36] is applied to illustrate the effectiveness of the designed attack strategy. The schematic diagram of the networked magnetic levitation steel ball movement system which is attacked is shown in Figures 2 and 3, where the networked magnetic levitation steel ball motion system can be described aṡ where the physical meaning and unit represented by each variable are shown in Table 1, external disturbance input d(t), desired system output y r (t), and tracking error e(t) can be expressed aṡ  The designed attack strategy matrix is obtained as follows, It is worth noting that the output of the networked magnetic levitation steel ball movement system can be eavesdropped by the attacker, but the system states, desired output, and external disturbance input cannot be obtained for the attacker.
The results in Figures 4, 5 and 8 show the comparison of system states, output, and output error under healthy and attacked conditions. It can be seen that the damage effect of the attack       is large. In addition, in Figures 5 and 8, the error between the real output and the output based on observation is small enough; the real output error and output error based on observation indicates that the observation error of the designed observer is small. The result in Figure 7 shows the designed attack strategy and the total energy consumption of the attacker, the total energy consumption of the attacker converges to the optimal value 8607.9, and the result in Figure 9 that the variation form of the cost function based on the real output error and the observed output error is basically the same or even better, and converges to the same optimal value, J * = −23992. It can be known from Table 2 that the attack strategy designed in this paper relaxes the requirements for obtaining the state information of the attacked system under the assumption that the system matrix information is known. When the system state and external input of the system cannot be stolen by the attacker, the attack strategy involved in Wu et al. [10,11,32] cannot be adopted by the attacker. Since the attack strategy in this paper is based on the integrated strategy of dynamic observation and output feedback, it can effectively solve the problem that the part of the attacked system information can be known.

Conclusion
This paper has proposed a new optimal attack strategy based on dynamic observation and output feedback to achieve the attack purpose that maximizes the output error of the attacked system under the minimum energy consumption of the attacker. The proposed attack strategy does not require the full state information and external input information of the attacked system. Future work includes the design of attack strategy using dynamic output feedback under non-observation, and the design of attack strategy when there is an unknown time delay in the attack.