CASIA OpenIR  > 毕业生  > 博士学位论文
噪声环境下网络化控制系统安全控制研究
刘益发
2023-05-16
Pages124
Subtype博士
Abstract

随着信息技术的进步和工业产业的发展,传统点对点式的控制系统结构愈发难以满足越来越高的控制需求,而将信息通信网络与物理实体紧密结合的网络化控制系统凭借其在资源共享、开放灵活性和可扩展性等方面的优势,得到了快速的发展和广泛的应用。然而带来便利的同时,由于其开放性和逐渐增长的复杂性,网络化控制系统的安全问题也日益突出,尤其是当今面对多种多样恶意攻击威胁的情况下。网络化控制系统具有显著的控制系统特征和物理特性,对其的攻击能够直接造成实体的破坏并带来严重的财产安全损失,仅依靠传统网络安全手段难以完全解决其安全问题,因此基于控制理论实现安全控制对于提升网络化控制系统安全性至关重要。
在众多攻击手段中,有两类值得特别关注。一类是通过给系统提供虚假信息或篡改现有信息来干扰或破坏系统运行的欺骗性攻击,其中以具备良好隐匿性的虚假数据注入攻击最具威胁。另一类是直接破坏或干扰系统中连接、传输或处理等环节而致使该系统无法正常运行的阻断式攻击,这类攻击不追求隐匿但往往直接有效。因此本文从这两类攻击入手以控制理论的角度研究如何应对网络化控制系统中的恶意攻击,进而提升系统安全性。本文主要研究内容和创新点总结如下:
(1)本文研究了不同情景下的隐匿虚假数据注入攻击构造原则,通过提出完全隐匿的攻击策略使系统残差维持几乎处处不变,从而使基于残差信息的检测器失效。本文首先面向通用的带观测器的状态反馈网络化控制系统,设计可以同时绕过先进的“总和检测器”和广泛应用的“𝜒2检测器”的隐匿虚假数据注入攻击策略。对于潜在的改良检测器,本文进一步提出一种可使残差在有限时间后与未受攻击系统中的残差完全一致的攻击策略,使得基于残差信息的检测手段无效,从而证明任何基于残差的检测手段都无法完全检测隐匿攻击。进而通过攻击设计的分析,本文给出了系统对隐匿虚假数据注入攻击的脆弱性原理。在数值仿真中,所提出的攻击策略降低了86.11%的累积残差增量,实现了良好的隐匿效果,同时以指数级幅度提升了攻击效果。
(2)本文提出一种针对输出反馈网络化控制系统的“分离式观测检测器”,改变了虚假数据在网络化控制系统信息流中的传递累积形式,结合变观测增益策略,实现了对完全隐匿虚假数据注入攻击的有效检测。通过分析虚假数据在网络化控制系统的检测器中累积形式单一固定的缺陷,本文揭示了状态反馈网络化控制系统中攻击隐匿性的成因。进而结合实体网络化控制系统多采用冗余测量的特点,针对输出反馈网络化控制系统,本文提出一种“分离式观测检测器”,改善了虚假数据累积形式单一的问题,迫使攻击者以复杂方式设计隐匿攻击,降低了潜在隐匿攻击的鲁棒性。进而通过对整体结构的组合分析得出了此种情形下实现隐匿攻击的关键路径,最后通过引入时变的观测增益,有效地检测到了隐匿虚假数据注入攻击。
(3)针对阻断式攻击,本文从降低潜在损失的角度,利用攻防场景中双方的差异化约束,提出一种鲁棒的最优防御资源分配策略,并结合中心地理论提出一种物理分布可行的网络化控制系统拓扑规划建设方案,将系统面对不确定性攻击的损失降低至立方级别。网络化控制系统面对多种多样的恶意攻击,且其防御措施的规划应在建设之初就予以考虑,以应对随时可能发生的恶意攻击。基于这一事实,本文从保守策略的角度提出鲁棒的最优防御资源分配策略,以降低不确定性威胁下可能的最大损失。基于此最优策略和对应的损失,本文发现网络化控制系统的拓扑结构对损失有很大影响。为进一步降低损失,本文研究了冗余连接的作用,并基于中心地理论这一地理学上的聚落理论,为网络化控制系统建设提供一种物理分布上可行的六边形城市群拓扑结构规划方案,其成本可控并能够实现立方级别的损失降低。

Other Abstract

With the advance of information technology and industrial development, the traditional point-to-point control system structures are gradually unable to satisfy higher control demands. Networked control systems that tightly integrate information and communication networks with physical entities have rapidly developed and are widely applied due to their advantages in resource sharing, flexibility, and extensibility. However, the security issues of networked control systems have become increasingly prominent due to the openness and growing complexity of networked control systems, especially in the presence of various malicious threats. Attacks on networked control systems can directly cause physical damage and serious property and security losses. Traditional network security approach alone is not sufficient to solve security problems. Therefore, implementing secure control based on control theory is crucial for enhancing the security of networked control systems. Two types of attacks are particularly noteworthy: deceptive attacks that interfere with or disrupt system operation by providing false information or tampering with existing information, with false data injection attacks being the most threatening due to their good stealthiness; and blocking attacks that directly sabotage or disrupt system connectivity, transmission, processing, and others, rendering the system unable to function normally, without seeking stealthiness but often directly effective. This dissertation discusses how to enhance the security of networked control systems against malicious attacks from the perspective of control theory, starting with these two kinds of attacks. The main contributions of this dissertation are:
(1) This dissertation studies the construction principles of stealthy false data injection attacks under different scenarios and proposes corresponding stealthy attack strategies. By proposing a completely stealthy false data injection attack strategy to maintain the residual information almost unchanged, the effectiveness of the residual-based detection methods are invalided, and the vulnerability principle of the system to stealthy false data injection attacks is obtained. Based on a general observer-based state feedback networked control system model, this dissertation designs stealthy attack strategies that can bypass both the advanced summation detector and the widely used chi-square detector simultaneously. As for the possibility of detector improvement, this dissertation negates any detection method based on residual information by proposing an attack strategy that makes the residual completely consistent with the un-attacked system after a limited time.In the numerical simulation, the cumulative residual increment is reduced by 86.11% while the attack effect is significantly exponentially improved.
(2)This dissertation proposes a separable variable gain observer under output feedback, changes the accumulation form of false data transmission in networked control systems, and effectively detects completely stealthy attacks. By analyzing the defect of the fixed cumulative form of false data in detection, this dissertation reveals the cause of attack stealthiness. Based on that and combining the properties of networked control systems, this dissertation proposes a separable observable detection method on output feedback networked control systems to improve the fixed accumulation form of false data in detection, thereby forcing attackers to design stealthy attacks in a complex way. Then, through the analysis of the combined structure, the critical paths of stealthy false data injection attacks in this case are obtained. Finally, the detection of stealthy false data injection attacks is effectively realized by introducing variable observation gain.
(3)From the perspective of reducing potential losses against a blocking attack, this dissertation proposes a robust optimal defense resource allocation strategy based on the differentiated constraints of both sides in the attack-defense scenario, and combines geographic theory to propose a feasible networked control system topology planning scheme that reduces the loss of the system under uncertain attacks to cubic level. Networked control systems face a variety of malicious attacks, and their defense measures should be considered to cope with possible attacks at the beginning of construction. Therefore, from a conservative strategy perspective, this dissertation proposes a robust optimal defense strategy to reduce the maximum potential loss under uncertainty threats. Based on this optimal strategy, the impact of networked control system topology on loss reduction is further studied, and based on cluster theory in geography, a feasible hexagonal topology planning and construction scheme is proposed for networked control systems, which is geographically-feasible and economically-viable and can achieve a cubic-level loss reduction.

Keyword网络化控制系统 虚假数据注入攻击 安全控制 攻击检测 资源分配 最优化 损失降低
Language中文
Sub direction classification复杂系统理论与方法
planning direction of the national heavy laboratory复杂系统建模与推演
Paper associated data
Document Type学位论文
Identifierhttp://ir.ia.ac.cn/handle/173211/52269
Collection毕业生_博士学位论文
复杂系统认知与决策实验室_先进机器人
多模态人工智能系统全国重点实验室
Corresponding Author刘益发
Recommended Citation
GB/T 7714
刘益发. 噪声环境下网络化控制系统安全控制研究[D],2023.
Files in This Item:
File Name/Size DocType Version Access License
202018014628071刘益发毕业(5228KB)学位论文 限制开放CC BY-NC-SA
Related Services
Recommend this item
Bookmark
Usage statistics
Export to Endnote
Google Scholar
Similar articles in Google Scholar
[刘益发]'s Articles
Baidu academic
Similar articles in Baidu academic
[刘益发]'s Articles
Bing Scholar
Similar articles in Bing Scholar
[刘益发]'s Articles
Terms of Use
No data!
Social Bookmark/Share
All comments (0)
No comment.
 

Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.