Aerospace and Electronic Systems Magazine May 2017 - 35

Do et al.
The second mathematical model of DoS attacks was introduced by
[69]. The received signals zk are considered the last-arrived signals
(i.e., zk = zk0−1) if the sourced signals zk do not arrive at the receiver.
The mathematical model of this DoS attack strategy can be described as follows:
if k ∉ τ a
 zk
zk = 
.
z
 k0 −1 if k ∈ τ a

(2)

The mathematical models in (1) and (2) refer to perfect DoS attacks in which powerful attackers are able to block the communication channel between the transmitter and the receiver. In practice, malicious adversaries are able to jam the communication link
so that data packets are dropped during the transmission process.
More precisely, some packets may arrive at the receiver, and others
may not [67], [70]. The following model is used to describe such
realistic scenarios [66]:
z
zk =  k
γ k zk

if k ∉ τ a
,
if k ∈ τ a

(3)

where γk ∈ {0, 1}. The authors in [66] proposed an optimal feedback controller (for a discrete-time linear system) that minimizes
an objective function subject to safety and power constraints under
the assumption that the random coefficient γk follows the Bernoulli
distribution.

Simple Integrity Attacks
Let  = [zmin, zmax] be reasonable union of signals, where zmin and
zmax denote, respectively, the minimal and maximal values for both
sourced and targeted signals. To conduct an integrity attack, the attacker captures the sourced signals zk being transmitted over the network, modifies these, and then retransmits compromised signals zk to
the receiver. Some examples of simple integrity attacks are the min
attack, the max attack, the scaling attack, and the additive attack [69].
Min attack: The min attack can be carried out simply by returning minimal values to the receiver. They can be modeled as
follows:
z
zk =  k
 zmin

if k ∉ τ a
if k ∈ τ a

for min attack.

(4)

Max attack: Similar to the min attack, the max attack can be
modeled as follows:
z
zk =  k
 zmax

if k ∉ τ a
for max attack.
if k ∈ τ a

(5)

Scaling attack: For the scaling attack, the adversary captures
the sourced signals zk and multiplies them by a predefined coefficient αk. The model of the scaling attack is described as
 zk

α z
zk =  k k
 zmin
 zmax
MAY 2017

if
if
if
if

k ∉τ a
k ∈ τ a and α k zk ∈ 
,
k ∈ τ a and α k zk < zmin
k ∈ τ a and α k zk > zmax

(6)

where the coefficient αk is defined by the attacker.
Additive attack: Similar to the scaling attack, the additive attack is performed by adding predefined values ak to the sourced
signals zk. The model of the additive attack is
 zk

 z + ak
zk =  k
 zmin
 zmax

if
if
if
if

k ∉τ a
k ∈ τ a and zk + ak ∈ 
,
k ∈ τ a and zk + ak < zmin
k ∈ τ a and zk + ak > zmax

(7)

where the additive value ak is designed by the attacker.

Stealthy Integrity Attacks
It has been pointed out in [7] and [8] that powerful adversaries
equipped with model knowledge, disclosure resources, and disruption capabilities are able to perform stealthy attacks that partially
or completely bypass traditional anomaly detectors. The detectability of an attack strategy depends heavily on the capabilities
of adversaries to coordinate attack vectors on control signals and
sensor measurements. In the following, we recount several wellknown stealthy attacks on NCSs.
Replay attack: The negative effect of a replay attack on a
feedback control system has been studied in [8], [9], and [71].
This attack strategy is carried out in two steps. First, the hacker
records sensor measurements for a certain window of time before performing the attack. In the second step, the hacker replaces actual sensor measurements with previously recorded
signals while modifying control signals to drive system states
out of their normal values. It was shown in [9] and [71] that
a replay attack is able to bypass the classical χ2 detector. Two
countermeasures have been proposed in [9] and [71] to reveal a
replay attack.
False data injection attack: In [10] and [72], the authors have
studied a false data injection attack on a discrete-time state-space
model driven by Gaussian noises. A Kalman filter is used to perform state estimation, and a failure detector is employed to detect
abnormal situations. The goal of the attacker is to fool the state
estimator (i.e., the Kalman filter) by carefully injecting a certain
amount of false data into sensor measurements. However, an analysis in [10], [72], and [73] shows that the false data injection attack
is inapplicable when the system has no unstable pole and some
critical sensors are protected.
Zero-dynamics attack: By utilizing the output-nulling controlled invariant subspace in geometric control theory, the authors in [11] have studied the zero-dynamics attack on NCSs.
This attack strategy requires only the modification of control
signals for its stealth. However, the attack signals added to the
control signals cannot be chosen freely: they must be designed
so that their effect on the output is invisible by exploiting the
output-nulling property in automatic control theory. The disclosure of the zero-dynamics attack strategy has also been considered, including the modification of the system's structure
[11]. In addition, the authors in [74] have proposed a simple

IEEE A&E SYSTEMS MAGAZINE

35



Table of Contents for the Digital Edition of Aerospace and Electronic Systems Magazine May 2017

No label
Aerospace and Electronic Systems Magazine May 2017 - No label
Aerospace and Electronic Systems Magazine May 2017 - Cover2
Aerospace and Electronic Systems Magazine May 2017 - 1
Aerospace and Electronic Systems Magazine May 2017 - 2
Aerospace and Electronic Systems Magazine May 2017 - 3
Aerospace and Electronic Systems Magazine May 2017 - 4
Aerospace and Electronic Systems Magazine May 2017 - 5
Aerospace and Electronic Systems Magazine May 2017 - 6
Aerospace and Electronic Systems Magazine May 2017 - 7
Aerospace and Electronic Systems Magazine May 2017 - 8
Aerospace and Electronic Systems Magazine May 2017 - 9
Aerospace and Electronic Systems Magazine May 2017 - 10
Aerospace and Electronic Systems Magazine May 2017 - 11
Aerospace and Electronic Systems Magazine May 2017 - 12
Aerospace and Electronic Systems Magazine May 2017 - 13
Aerospace and Electronic Systems Magazine May 2017 - 14
Aerospace and Electronic Systems Magazine May 2017 - 15
Aerospace and Electronic Systems Magazine May 2017 - 16
Aerospace and Electronic Systems Magazine May 2017 - 17
Aerospace and Electronic Systems Magazine May 2017 - 18
Aerospace and Electronic Systems Magazine May 2017 - 19
Aerospace and Electronic Systems Magazine May 2017 - 20
Aerospace and Electronic Systems Magazine May 2017 - 21
Aerospace and Electronic Systems Magazine May 2017 - 22
Aerospace and Electronic Systems Magazine May 2017 - 23
Aerospace and Electronic Systems Magazine May 2017 - 24
Aerospace and Electronic Systems Magazine May 2017 - 25
Aerospace and Electronic Systems Magazine May 2017 - 26
Aerospace and Electronic Systems Magazine May 2017 - 27
Aerospace and Electronic Systems Magazine May 2017 - 28
Aerospace and Electronic Systems Magazine May 2017 - 29
Aerospace and Electronic Systems Magazine May 2017 - 30
Aerospace and Electronic Systems Magazine May 2017 - 31
Aerospace and Electronic Systems Magazine May 2017 - 32
Aerospace and Electronic Systems Magazine May 2017 - 33
Aerospace and Electronic Systems Magazine May 2017 - 34
Aerospace and Electronic Systems Magazine May 2017 - 35
Aerospace and Electronic Systems Magazine May 2017 - 36
Aerospace and Electronic Systems Magazine May 2017 - 37
Aerospace and Electronic Systems Magazine May 2017 - 38
Aerospace and Electronic Systems Magazine May 2017 - 39
Aerospace and Electronic Systems Magazine May 2017 - 40
Aerospace and Electronic Systems Magazine May 2017 - 41
Aerospace and Electronic Systems Magazine May 2017 - 42
Aerospace and Electronic Systems Magazine May 2017 - 43
Aerospace and Electronic Systems Magazine May 2017 - 44
Aerospace and Electronic Systems Magazine May 2017 - 45
Aerospace and Electronic Systems Magazine May 2017 - 46
Aerospace and Electronic Systems Magazine May 2017 - 47
Aerospace and Electronic Systems Magazine May 2017 - 48
Aerospace and Electronic Systems Magazine May 2017 - 49
Aerospace and Electronic Systems Magazine May 2017 - 50
Aerospace and Electronic Systems Magazine May 2017 - 51
Aerospace and Electronic Systems Magazine May 2017 - 52
Aerospace and Electronic Systems Magazine May 2017 - 53
Aerospace and Electronic Systems Magazine May 2017 - 54
Aerospace and Electronic Systems Magazine May 2017 - 55
Aerospace and Electronic Systems Magazine May 2017 - 56
Aerospace and Electronic Systems Magazine May 2017 - 57
Aerospace and Electronic Systems Magazine May 2017 - 58
Aerospace and Electronic Systems Magazine May 2017 - 59
Aerospace and Electronic Systems Magazine May 2017 - 60
Aerospace and Electronic Systems Magazine May 2017 - 61
Aerospace and Electronic Systems Magazine May 2017 - 62
Aerospace and Electronic Systems Magazine May 2017 - 63
Aerospace and Electronic Systems Magazine May 2017 - 64
Aerospace and Electronic Systems Magazine May 2017 - Cover3
Aerospace and Electronic Systems Magazine May 2017 - Cover4
http://www.brightcopy.net/allen/aesm/34-2s
http://www.brightcopy.net/allen/aesm/34-2
http://www.brightcopy.net/allen/aesm/34-1
http://www.brightcopy.net/allen/aesm/33-12
http://www.brightcopy.net/allen/aesm/33-11
http://www.brightcopy.net/allen/aesm/33-10
http://www.brightcopy.net/allen/aesm/33-09
http://www.brightcopy.net/allen/aesm/33-8
http://www.brightcopy.net/allen/aesm/33-7
http://www.brightcopy.net/allen/aesm/33-5
http://www.brightcopy.net/allen/aesm/33-4
http://www.brightcopy.net/allen/aesm/33-3
http://www.brightcopy.net/allen/aesm/33-2
http://www.brightcopy.net/allen/aesm/33-1
http://www.brightcopy.net/allen/aesm/32-10
http://www.brightcopy.net/allen/aesm/32-12
http://www.brightcopy.net/allen/aesm/32-9
http://www.brightcopy.net/allen/aesm/32-11
http://www.brightcopy.net/allen/aesm/32-8
http://www.brightcopy.net/allen/aesm/32-7s
http://www.brightcopy.net/allen/aesm/32-7
http://www.brightcopy.net/allen/aesm/32-6
http://www.brightcopy.net/allen/aesm/32-5
http://www.brightcopy.net/allen/aesm/32-4
http://www.brightcopy.net/allen/aesm/32-3
http://www.brightcopy.net/allen/aesm/32-2
http://www.brightcopy.net/allen/aesm/32-1
http://www.brightcopy.net/allen/aesm/31-12
http://www.brightcopy.net/allen/aesm/31-11s
http://www.brightcopy.net/allen/aesm/31-11
http://www.brightcopy.net/allen/aesm/31-10
http://www.brightcopy.net/allen/aesm/31-9
http://www.brightcopy.net/allen/aesm/31-8
http://www.brightcopy.net/allen/aesm/31-7
https://www.nxtbookmedia.com