Abstract
In this work, we address the problem of synthesis of covert attackers in the setup where the model of the plant is available, but the model of the supervisor is unknown, to the adversary. To compensate the lack of knowledge on the supervisor, we assume that the adversary has recorded a (prefix-closed) finite set of observations of the runs of the closed-loop system, which can be used for assisting the synthesis. We present a heuristic algorithm for the synthesis of covert damage-reachable attackers, based on the model of the plant and the (finite) set of observations, by a transformation into solving an instance of the partial-observation supervisor synthesis problem. The heuristic algorithm developed in this paper may allow the adversary to synthesize covert attackers without having to know the model of the supervisor, which could be hard to obtain in practice. For simplicity, we shall only consider covert attackers that are able to carry out sensor replacement attacks and actuator disablement attacks. The effectiveness of our approach is illustrated on a water tank example adapted from the literature.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
From the adversary’s point of view, any supervisor that is consistent with the given set of observations may have been deployed.
It is worth mentioning that sensor replacement attacks can help achieve both of the damage-infliction goal and the covertness goal; actuator disablement attack can help achieve the covertness goal.
As usual, we also view the partial transition function \(\delta : Q \times {{{\varSigma }}} \rightarrow Q\) as a relation \(\delta \subseteq Q \times {{{\varSigma }}} \times Q\).
For example, if σ ∈Σ1 −Σ2 and δ1(q1,σ) is undefined, we treat δ(q,σ) as undefined. This convention is adopted throughout the work.
If \({{{\varSigma }}}={{{\varSigma }}}^{\prime }\), then we have \(UR_{G, \varnothing }(q_{0})\), which is by definition equal to {q0}.
We here remark that actuator disablement attacks cannot cause the covertness to be broken, following (Lin et al. 2020). Indeed, the supervisor is not sure whether some event σ ∈Σc,A has been disabled by an attacker, even if disabling σ may result in deadlock, as the supervisor is never sure whether: 1) deadlock has occurred due to actuator attack, or 2) σ will possibly fire soon (according to the internal mechanism of the plant), without an explicit timing mechanism.
Recall that qbad is the goal state for the attacker.
Since the control constraint is \(({{{\varSigma }}}_{a, A} \cup {{{\varSigma }}}_{s, A}^{\#}, {{{\varSigma }}}_{o} \cup {{{\varSigma }}}_{s, A}^{\#})\) (see Section 3.3), the normality property based synthesis approach effectively only allows the attacker to control those events in \(({{{\varSigma }}}_{a, A} \cap {{{\varSigma }}}_{o}) \cup {{{\varSigma }}}_{s, A}^{\#}\).
References
Bergeron A (1993) A unified approach to control problems in discrete event processes. RAIRO-Theoret Inform Appl 27(6):555–573
Carvalho LK, Wu YC, Kwong R, Lafortune S (2016) Detection and prevention of actuator enablement attacks in supervisory control systems. Int Workshop Discrete Event Syst 298–305
Carvalho LK, Wu YC, Kwong R, Lafortune S (2018) Detection and mitigation of classes of attacks in supervisory control systems. Automatica 97:121–133
Cassandras C, Lafortune S (1999) Introduction to discrete event systems. Kluwer, Boston
Feng L, Wonham WM (2006) Tct: a computation tool for supervisory control synthesis. Workshop Discrete Event Syst 388–389
Hopcroft JE, Ullman JD, theory Introduction to automata (1979) Languages, and computation. Addison-Wesley, Reading, Massachusetts
Khoumsi A (2019) Sensor and actuator attacks of cyber-physical systems: a study based on supervisory control of discrete event systems. Conf Syst Control 176–182
Lima PM, Alves MVS, Carvalho LK, Moreira MV (2017) Security against network attacks in supervisory control systems. IFAC 50(1):12333–12338
Lima PM, Carvalho LK, Moreira MV (2018) Detectable and undetectable network attack security of cyber-physical systems. IFAC 51(7):179–185
Lin L (2015) Towards decentralized and parameterized supervisor synthesis, Ph.D thesis, School of Electrical and Electronic Engineering, Nanyang Technological Unversity. [Online] Available: https://dr.ntu.edu.sg/handle/10356/65641
Lin L, Su R (2020) Bounded synthesis of resilient supervisors. IEEE Transactions on Automatic Control under review
Lin L, Su R (2020) Synthesis of covert actuator and sensor attackers as supervisor synthesis. Workshop on Discrete Event Systems 1–6
Lin L, Su R (2021) Synthesis of covert actuator and sensor attackers. Automatica, vol 130:109714
Lin L, Thuijsman S, Zhu Y, Ware S, Su R, Reniers M (2019) Synthesis of successful actuator attackers on supervisors. American Control Conf 5614–5619
Lin L, Zhu Y, Su R (2019) Towards bounded synthesis of resilient supervisors. Conf Dec Control 7659–7664
Lin L, Zhu Y, Su R (2020) Synthesis of covert actuator attackers for free, Discrete Event Dynamic Systems:Theory and Applications, https://doi.org/10.1007/s10626-020-00312-2
Lin L, Zhu Y, Tai R, Ware S, Su R (2020) Networked supervisor synthesis against lossy channels with bounded network delays as non-networked synthesis, Automatica under review
Lin L, Tai R, Zhu Y, Su R (2021) Heuristic synthesis of covert attackers against unknown supervisors. Conference on Decision and Control accepted
Malik R, Akesson K, Flordal H, Fabian M (2017) Supremica–an efficient tool for large-scale discrete event systems. IFAC-PapersOnLine 50:5794–5799
Meira-Goes R, Marchand H (2019) S. Lafortune Towards resilient supervisors against sensor deception attacks. Conf Dec Control 5144–5149
Meira-Goes R, Kang E, Kwong R, Lafortune S (2017) Stealthy deception attacks for cyber-physical systems. Conf Decision Control 4224–4230
Meira-Goes R, Kang E, Kwong R, Lafortune S (2020) Synthesis of sensor deception attacks at the supervisory layer of cyber–physical systems. Automatica 121:109172
Mohajerani S, Meira-Goes R, Lafortune S (2020) Efficient synthesis of sensor deception attacks using observation equivalence-based abstraction. Workshop Discrete Event Syst 28–34
Su R (2018) Supervisor synthesis to thwart cyber-attack with bounded sensor reading alterations. Automatica 94:35–44
Su R (2020) On decidability of existence of nonblocking supervisors resilient to smart sensor attacks. arXiv:2009.02626v1
SuSyNA (2011) Supervisor synthesis for non-deterministic automata. [Online]. Available:https://www.ntu.edu.sg/home/rsu/Downloads.htm
Wakaiki M, Tabuada P, Hespanha JP (2019) Supervisory control of discrete-event systems under attacks. Dynamic Games Appl 9:965–983
Wang Y, Pajic M (2019) Supervisory control of discrete event systems in the presence of sensor and actuator attacks. Conf Decision Control 5350–5355
Wang Y, Pajic M (2019) Attack-resilient supervisory control with intermittently secure communication. Conf Dec Control 2015–2020
Wang D, Lin L, Li Z, Wonham WM (2018) State-based control of discrete-event systems under partial observation. IEEE Access 6(1):42084–42093
Wonham WM, Cai K (2018) Supervisory control of discrete-event systems, Monograph Series Communications and Control Engineering. Springer, Berlin
Yin X, Lafortune S (2016) Synthesis of maximally permissive supervisors for partially observed discrete event systems. IEEE Trans Autom Control 61 (5):1239–1254
Zhu Y, Lin L, Su R (2019) Supervisor obfuscation against actuator enablement attack. Europ Control Conf 1760–1765
Zhu Y, Lin L, Ware S, Su R (2019) Supervisor synthesis for networked discrete event systems with communication delays and lossy events. Conf Decision Control 6730–6735
Acknowledgements
The research of the project was supported by Ministry of Education, Singapore, under grant AcRF TIER 1-2018-T1-001-245 (RG 91/18) and supported by the funding from Singapore National Research Foundation via Delta-NTU Corporate Lab Program (DELTA-NTU CORP LAB-SMA-RP2 SU RONG M4061925.043). We would like to thank the anonymous reviewers for comments that help us improve the quality of the paper.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
This article belongs to the Topical Collection: Topical Collection on Cybersecurity Guest Editors: Rong Su and Carlos Basilio
Rights and permissions
About this article
Cite this article
Lin, L., Tai, R., Zhu, Y. et al. Observation-assisted heuristic synthesis of covert attackers against unknown supervisors. Discrete Event Dyn Syst 32, 495–520 (2022). https://doi.org/10.1007/s10626-021-00356-y
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10626-021-00356-y