The problem of state estimation in the setting of partially-observed discrete
event systems subject to cyber attacks is considered. An operator observes a
plant through a natural projection that hides the occurrence of certain events.
The objective of the operator is that of estimating the current state of the
system. The observation is corrupted by an attacker which can insert and erase
some sensor readings with the aim of altering the state estimation of the
operator. Furthermore, the attacker wants to remain stealthy, namely the
operator should not realize that its observation has been corrupted. An
automaton, called attack structure, is defined to describe the set of all
possible attacks. In more details, first, an unbounded attack structure is
obtained by concurrent composition of two state observers, the attacker
observer and the operator observer. Then, the attack structure is refined to
obtain a supremal stealthy attack substructure. An attack function may be
selected from the supremal stealthy attack substructure and it is said harmful
when some malicious goal of the attacker is reached, namely if the set of
states consistent with the observation produced by the system and the set of
states consistent with the corrupted observation belong to a given relation.
The proposed approach can be dually used to verify if there exists a harmful
attack for the given system: this allows one to establish if the system is safe
under attack.

By admin