The impact of zero-dynamics stealthy attacks on control systems: stealthy attack success probability and attack prevention

Abstract

Many critical infrastructures rely heavily on automated control systems, making them the target of cyber attacks. Vulnerabilities in control systems are especially dangerous, as they directly affect the physical world. Zero-dynamics stealthy attacks are a subset of False Data Injection Attacks (FDIAs) that are designed specifically to diverge the states of a controlled cyber-physical system, while producing no discernible changes to the system's output -- making these attacks theoretically undetectable. While perfect knowledge of the system model should consistently lead to successful and undetectable attacks, in practice the success of zero-dynamics attacks is limited by the attacker's imperfect knowledge of the system parameters and states, as well as by the system's components' physical limitations. The success of such an attack thus relies no longer on the attack remaining undetectable, but rather on the attacker's ability to significantly diverge the states of the system before detection. This dissertation explores how the probability of zero-dynamics stealthy attack success is affected by the attacker's knowledge of the system's state space model. Using the quadruple-tank process as an experimental testbed, our results show that it is essential for the attacker to learn an accurate state space representation if they want to have a high probability of a successful attack. Moreover, we show that when the limitations of physical components of the system are considered, the attacker is forced to use an especially accurate state space representation to achieve a reasonable probability of success. Utilizing a grey box approach to system identification, we show that even when the attacker is able to learn a state space model close enough to have a high probability of a successful attack, making small improvements to the system's anomaly detector causes the probability of success to drop drastically. Finally, we study the trade-offs between making the system less susceptible to zero-dynamics attacks and maintaining its controllability, by increasing the sampling time of the system, thus providing the attacker fewer samples to learn a state space model. Additionally, results are provided, using a three inverter power system model, showing that strategically choosing model parameters in the design phase of the system can prevent the possibility of zero-dynamics stealthy attacks altogether.