^{1}

^{2}

^{2}

^{1}

^{2}

Motivated by rapid growth of cyberphysical systems (CPSs) and the necessity to provide secure state estimates against potential data injection attacks in their application domains, the paper proposes a secure and innovative attack detection and isolation fusion framework. The proposed multisensor fusion framework provides secure state estimates by using ideas from interactive multiple models (IMM) combined with a novel fuzzy-based attack detection/isolation mechanism. The IMM filter is used to adjust the system’s uncertainty adaptively via model probabilities by using a hybrid state model consisting of two behaviour modes, one corresponding to the ideal scenario and one associated with the attack behaviour mode. The state chi-square test is then incorporated through the proposed fuzzy-based fusion framework to detect and isolate potential data injection attacks. In other words, the validation probability of each sensor is calculated based on the value of the chi-square test. Finally, by incorporation of the validation probability of each sensor, the weights of its associated subsystem are computed. To be concrete, an integrated navigation system is simulated with three types of attacks ranging from a constant bias attack to a non-Gaussian stochastic attack to evaluate the proposed attack detection and isolation fusion framework.

Cyberphysical Systems (CPSs) [

In this paper, our main focus is to design an attack detection/isolation solution for multisensor state estimation problems in CPSs. The

The paper addresses this drawback. In particular, we propose a multisensor fusion framework which provides secure state estimates by assigning an interactive multiple model (IMM) filter to each sensor modality. The IMM filter adjusts the system’s uncertainty adaptively via model probabilities by constructing a hybrid state model consisting of two modes: one corresponding to the ideal scenario representing clean measurements and one modeling the presence of potential attacks (referred to as the attack behaviour mode). The state

The rest of the paper is organized as follows: first, Section

We consider the following general linear state model to represent the underlying physical system:

In this paper, we consider attack surfaces [

Constant attack where the injected bias (

Time-varying attack where the injected bias changes over time, for instance, trigonometric functions,

Stochastic attack where the injection randomly changes over time with some statistical properties being selected by the adversary and unknown to the detection mechanism.

Our goal in this paper is to devise a novel monitoring solution to detect such attacks in real-time with minimum latency and isolate the compromised sensors. Without loss of generality and for simplicity of the presentation, we consider the following assumption.

In a sensor network with

This assumption is considered to guarantee that at each iteration at least one unattacked sensor is available for performing the state estimation task. Please note that this assumption is not restrictive as, in absence of an unattacked sensor node, the overall fusion framework continues to provide predictive state estimates while the problem is being investigated and attacked sensors are restored.

In the next section, we present our proposed attack detection/isolation framework which at each iteration isolates the attacked signal and performs the estimation task only based on the remaining clean measurements.

In order to design a monitoring framework capable of detecting all the three aforementioned injection attacks, first we model the two possible scenarios, that is, the attack and the ideal behaviour modes, by designing two different error covariance matrices for the state forcing terms. This design methodology introduces structural uncertainty into the state model for which an IMM filter is associated with each active sensor. The IMM filers are used cooperatively to provide the estimate of the underlying states.

Considered as the first protection layer, this setup will increase the accuracy of the fusion model under potential attacks. On the other hand, in order to isolate attacked measurements which are incorporated to update associated probability corresponding to each model within the pool of IMM filters, the information provided by the

Figure

Each node (subsystem) transfers its local measurements to its associated IMM filter which in turn computes an updated estimate of the state vector

This information (

The detection block computes a failure detection value

For the purpose of selecting the best available observation to be utilized for evaluation of the IMM filters’ model probabilities, the available fault detection information is used and the subsystem which has the minimum fault value is considered as the selected subsystem for updating the IMM filters’ model probabilities. At the same time and to update (calibrate) the reference data (i.e.,

Algorithm architecture.

In brief, the proposed attack detection/isolation framework has total of

We use the state

In order to define whether sensor

Without loss of generality and for simplicity of the presentation, in the following discussion, we consider a two-sensor scenario where at each iteration at least one of the sensors is not under attack. The sensor’s validation probability is given by

The computed validation probabilities are then used to adaptively compute the estimated values of the state variables and their associated error covariance matrix. In this adaptive framework, the weights are assigned based on the validation probabilities. The fusion algorithm also incorporates the estimates for the ideal mode without presence of any attacks at iteration

To summarize, the proposed secure state estimation framework can be outlined as follows:

In the first step, the “IMM-Predict” is implemented.

In the second step, the “IMM-Update" will be implemented.

Calculate the failure detection value

In the fourth step, the probability that each sensor belongs to the attack mode is computed based on (

In the fifth step, the adaptive weights associated with each sensor are computed via (

In the sixth step, the second-order statistics based on each sensor is updated using (

In the final step, the combined second-order statistics are computed via (

This completes development of the proposed framework. Next we present our simulation results to validate the effectiveness of the proposed multisensor attack detection/isolation fusion framework.

This section presents our experimental simulations performed to evaluate the performance of the proposed framework against the aforementioned three type of data injection attacks, that is, constant attacks; time-varying attacks; stochastic attacks (possibly non-Gaussian) [

In this experiment and in order to generate the trajectory of the aircraft and its associated inertial measurements, we use the “Inertial Navigation System toolbox” [

We introduce three type attacks into the GPS measurement as shown in Figure

GPS attack timing sequence.

Attack detection curve together based on the proposed fuzzy attack detection/isolation fusion framework.

Model probabilities associated with the attack and ideal behaviour modes.

Position error obtained from the proposed framework.

In this paper, we proposed an improved and innovative secure state estimation framework which combines the IMM filter with a fuzzy-based attack isolation mechanism. In the proposed framework, we consider two separate behaviour modes, one associated with the ideal scenario and one with the attack case, where we compute adaptive weights via a modified observation update mechanism. In order to avoid utilization of attacked measurements and instead use the proper observation for updating the state estimates, local

The authors declare that there are no conflicts of interest regarding the publication of this paper.

This work was partially supported by Natural Sciences & Engineering Research Council (NSERC) of Canada, Discovery Grant RGPIN-2016-049988.