All projects

Ongoing projects

Federated Reinforcement and Imitation Learning for Safe and Scalable Autonomous Driving (2026-2030)

Call: WASP Industrial PhD project grant, funded by the WASP

Awarded to: André Teixeira (PI-UU), together with Mina Alibeigi (PI-Zenseact)

USLC Members: TBA (PhD student at Zenseact)

This project introduces a Federated Reinforcement and Imitation Learning (FRL+FIL) framework for safe, scalable, and privacy-preserving training of planning policies in (semi-)autonomous fleets. The approach enables vehicles to collaboratively learn planning policies without sharing raw data, thus preserving privacy while exploiting the diversity of large fleets. Planning policies will be bootstrapped from expert demonstrations and refined locally through shielded reinforcement learning, with runtime safety mechanisms—such as coarse planners and learned safety filters—ensuring safe exploration. Model updates will be aggregated using robust federated techniques that tolerate faulty or malicious clients with low-quality driving behaviors and support personalization for region-specific adaptations. The framework will be validated on both simulated and real-world driving datasets, paving the way for the industrial deployment of next-generation AD/ADAS systems that are safer, more robust, and human-like in their driving behavior.

SecReCy4You - Young researcher network for security and resilience of critical cyber-physical systems (2026-2029)

Call: EU MSCA Doctoral Network, funded by the European Commission

Awarded to: André Teixeira (PI-UU), together with PIs from 7 other EU universities

USLC Members: TBA

This DN intends to bridge the gap between theory and practice for secure and resilient cyber-physical systems by tackling the problem at its root. It brings together domain experts from control theory, computer science, and major industrial stakeholders to boost the security and resilience of control systems by outlining a sustainable program for training the next generation of innovators in this critical domain. It pursues a holistic approach that combines specialized training (in both academia and industry), while identifying challenging characteristics and security flaws in existing legacy systems, and pinpointing design requirements and solutions in future (networked) control systems.

Prob4Sec - Probabilistic Methods for Secure Learning and Control (2023-2027)

Call: VR Project Grant in Information and Cyber Security, funded by the Swedish Research Council (Vetenskapsrådet)

Awarded to: André Teixeira (PI) and Per Mattsson

USLC Members: Ville Kjellqvist

Prob4Sec aims to develop theory and probabilistic methods for securing cyber-physical systems (CPSs) possessing learning and control capabilities: digital devices that learn from data they collect, and automatically decide how to best interact with the physical world over time. Intelligent CPSs are pervasive in our society. Users rely and trust that these devices will operate in a safe and secure manner. The consequences of incorrect behaviors in CPSs can be dire, threatening the users well being. Securing these systems is of utmost importance. Probabilistic methods are a natural way to deal with the uncertainty of physical systems and unintentional failures. Mathematical and statistical tools enable us to take a small number of samples and still be able to draw general conclusions. However, attacks are not only probabilistic but can have strategic behaviors, tailored to causing harm while avoiding detection. Hence, it is critical to develop systematic approaches that integrate the probabilistic and the strategic aspects of attacks in security analysis. Prob4Sec combines knowledge from security, statistical methods, and AI and control engineering to develop new methods for designing secure CPSs with learning and control functionalities. These methods will be instrumental in preventing future threats to all who benefit from this technology. Prob4Sec will provide further tools based on which trust in new technologies can be built and communicated, from developers to end users.

“Quantifying Security for Networked Control Systems: A Review”.
S. C. Anand, A. T. Nguyen, A. M. H. Teixeira, H. Sandberg, and K. H. Johansson.
Annual Reviews in Control (Submitted)
ABS BIB

Networked Control Systems (NCSs) are integral in critical infrastructures such as power grids, transportation networks, and production systems. Ensuring the resilient operation of these large-scale NCSs against cyber-attacks is crucial for societal well-being. Over the past two decades, extensive research has been focused on developing metrics to quantify the vulnerabilities of NCSs against attacks. Once the vulnerabilities are quantified, mitigation strategies can be employed to enhance system resilience. This article provides a comprehensive overview of methods developed for assessing NCS vulnerabilities and the corresponding mitigation strategies. Furthermore, we emphasize the importance of probabilistic risk metrics to model vulnerabilities under adversaries with imperfect process knowledge. The article concludes by outlining promising directions for future research.
@article{Anand_Review2026, author = {Anand, S. C. and Nguyen, A. T. and Teixeira, A. M. H. and Sandberg, H. and Johansson, K. H.}, journal = {Annual Reviews in Control (Submitted)}, title = {Quantifying Security for Networked Control Systems: A Review}, }
“Stealthy bias injection attack detection based on Kullback-Leibler divergence in stochastic linear systems”.
J. Dong and A. M. H. Teixeira.
Automatica (submitted)
ABS BIB

This paper studies the design of detection observers against stealthy bias injection attacks in stochastic linear systems under Gaussian noise, considering adversaries that exploit noise and inject crafted bias signals into a subset of sensors in a slow and coordinated manner, thereby achieving malicious objectives while remaining stealthy. To address such attacks, we formulate the observer design as a max-min optimization problem to enhance the detectability of worst-case BIAs, which attain a prescribed attack impact with the least detectability evaluated via Kullback-Leibler divergence. To reduce the computational complexity of the derived non-convex design problem, we consider the detectability of worst-case BIAs at three specific time instants: attack onset, one step after attack occurrence, and the steady state. We prove that the Kalman filter is optimal for maximizing the BIA detectability at the attack onset, regardless of the subset of attacked sensors. For the one-step and steady-state cases, the observer design problems are approximated by bi-convex optimization problems, which can be efficiently solved using alternating optimization and alternating direction method of multipliers. Moreover, more tractable linear matrix inequality relaxations are developed. Finally, the effectiveness of the proposed stealth-aware detection framework is demonstrated through an application to a thermal system.
@article{Dong_Automatica2026, author = {Dong, J. and Teixeira, A. M. H.}, journal = {Automatica (submitted)}, title = {Stealthy bias injection attack detection based on Kullback-Leibler divergence in stochastic linear systems}, }
“Constraint-Based Anomaly Detection for Estimation of ARX System Parameters”.
V. Kjellqvist$, P. Mattsson, T. Wigren, and A. M. H. Teixeira.
IEEE Conf. Decision and Control (Submitted)
ABS BIB

The paper discusses the detection of false data injection attacks during data collection experiments for estimation of ARX system parameters from noisy measurements. As the system model is not fully known during the data collection and model estimation, typical model-based detection methods are not applicable. To enable the detection of attacks in such a setting, a hypothesis test is formulated based on a priori known properties of the system and the prediction error method. The asymptotic statistics of the test are derived, both for the case without and with attacks. Given the statistical properties of the hypothesis test, the detectability of attacks is investigated to characterize the set of detectable attacks. Finally, finite sample simulations are shown to validate the theoretical results, and show how key system parameters like the static gain may be protected.
@inproceedings{Kjellqvist_CDC2026, author = {Kjellqvist$, V. and Mattsson, P. and Wigren, T. and Teixeira, A. M. H.}, title = {Constraint-Based Anomaly Detection for Estimation of ARX System Parameters}, booktitle = {IEEE Conf. Decision and Control (Submitted)}, year = {}, }
“An H2-norm approach to performance analysis of networked control systems under multiplicative routing transformations”.
R. Seifullaev and A. M. H. Teixeira.
European Control Conference (Accepted), 2026
ABS BIB

This paper investigates the performance of networked control systems subject to multiplicative routing transformations that alter measurement pathways without directly injecting signals. Such transformations, arising from faults or adversarial actions, modify the feedback structure and can degrade performance while remaining stealthy. An H2-norm framework is proposed to quantify the impact of these transformations by evaluating the ratio between the steady-state energies of performance and residual outputs. Equivalent linear matrix inequality (LMI) formulations are derived for computational assessment, and analytical upper bounds are established to estimate the worst-case degradation. The results provide structural insight into how routing manipulations influence closed-loop behavior and reveal conditions for stealthy multiplicative attacks.
@inproceedings{Seifullaev_ECC2026, author = {Seifullaev, R. and Teixeira, A. M. H.}, title = {An H2-norm approach to performance analysis of networked control systems under multiplicative routing transformations}, booktitle = {European Control Conference (Accepted)}, year = {2026}, }

“Detecting Feedback-path Delay Injection Attacks Using Interacting Multiple Model Filtering”.
L. Eriksson, T. Wigren, D. Zachariah, and A. M. H. Teixeira.
European Control Conference (Accepted), 2026
BIB

@inproceedings{Eriksson_ECC026,
  author = {Eriksson, L. and Wigren, T. and Zachariah, D. and Teixeira, A. M. H.},
  title = {Detecting Feedback-path Delay Injection Attacks Using Interacting Multiple Model Filtering},
  booktitle = {European Control Conference (Accepted)},
  year = {2026},
}

“Bilateral Cognitive Security Games in Networked Control Systems under Stealthy Injection Attacks”.
A. T. Nguyen, Q. Zhu, and A. M. H. Teixeira.
IEEE Conf. on Decision and Control (CDC), 2025
ABS BIB

This paper studies a strategic security problem in networked control systems under stealthy false data injection attacks. The security problem is modeled as a bilateral cognitive security game between a defender and an adversary, each possessing cognitive reasoning abilities. The adversary with an adversarial cognitive ability strategically attacks some interconnections of the system with the aim of disrupting the network performance while remaining stealthy to the defender. Meanwhile, the defender with a defense cognitive ability strategically monitors some nodes to impose the stealthiness constraint with the purpose of minimizing the worst-case disruption caused by the adversary. Within the proposed bilateral cognitive security framework, the preferred cognitive levels of the two strategic agents are formulated in terms of two newly proposed concepts, cognitive mismatch and cognitive resonance. Moreover, we propose a method to compute the policies for the defender and the adversary with arbitrary cognitive abilities. A sufficient condition is established under which an increase in cognitive levels does not alter the policies for the defender and the adversary, ensuring convergence. The obtained results are validated through numerical simulations.
@inproceedings{Nguyen_CDC2025, author = {Nguyen, A. T. and Zhu, Q. and Teixeira, A. M. H.}, title = {Bilateral Cognitive Security Games in Networked Control Systems under Stealthy Injection Attacks}, booktitle = {IEEE Conf. on Decision and Control (CDC)}, year = {2025}, }
“Data-Driven and Stealthy Deactivation of Safety Filters”.
D. Arnström and A. M. H. Teixeira.
Annual Learning for Dynamics & Control Conference (L4DC), 2025
ABS BIB

Safety filters ensure that control actions that are executed are always safe, no matter the controller in question. Previous work has proposed a simple and stealthy false-data injection attack for deactivating such safety filters. This attack injects false sensor measurements to bias state estimates toward the interior of a safety region, making the safety filter accept unsafe control actions. The attack does, however, require the adversary to know the dynamics of the system, the safety region used in the safety filter, and the observer gain. In this work we relax these requirements and show how a similar data-injection attack can be performed when the adversary only observes the input and output of the observer that is used by the safety filter, without any a priori knowledge about the system dynamics, safety region, or observer gain. In particular, the adversary uses the observed data to identify a state-space model that describes the observer dynamics, and then approximates a safety region in the identified embedding. We exemplify the data-driven attack on an inverted pendulum, where we show how the attack can make the system leave a safe set, even when a safety filter is supposed to stop this from happening.
@inproceedings{Arnstrom_L4DC2025, author = {Arnstr\"{o}m, D. and Teixeira, A. M. H.}, title = {Data-Driven and Stealthy Deactivation of Safety Filters}, booktitle = {Annual Learning for Dynamics & Control Conference (L4DC)}, year = {2025}, }
“Data-Driven Identification of Attack-free Sensors in Networked Control Systems”.
S. C. Anand, M. S. Chong, and A. M. H. Teixeira.
European Control Conference, 2025
ABS BIB

This paper proposes a data-driven framework to identify the attack-free sensors in a networked control system when some of the sensors are corrupted by an adversary. An operator with access to offline input-output attack-free trajectories of the plant is considered. Then, a data-driven algorithm is proposed to identify the attack-free sensors when the plant is controlled online. We also provide necessary conditions, based on the properties of the plant, under which the algorithm is feasible. An extension of the algorithm is presented to identify the sensors completely online against certain classes of attacks. The efficacy of our algorithm is depicted through numerical examples.
@inproceedings{Anand_ECC2025, author = {Anand, S. C. and Chong, M. S. and Teixeira, A. M. H.}, title = {Data-Driven Identification of Attack-free Sensors in Networked Control Systems}, booktitle = {European Control Conference}, year = {2025}, }
“Stealthy Deactivation of Safety Filters”.
D. Arnström and A. M. H. Teixeira.
European Control Conference, 2024
ABS BIB

Safety filters ensure that only safe control actions are executed. We propose a simple and stealthy false-data injection attack for deactivating such safety filters; in particular, we focus on deactivating safety filters that are based on control barrier functions. The attack injects false sensor measurements to bias state estimates to the interior of a safety region, which makes the safety filter accept unsafe control actions. To detect such attacks, we also propose a detector that detects biases manufactured by the proposed attack policy, which complements conventional detectors when safety filters are used. The proposed attack policy and detector are illustrated on a double integrator example.
@inproceedings{Arnstrom_ECC2024, author = {Arnstr\"{o}m, D. and Teixeira, A. M. H.}, booktitle = {European Control Conference}, title = {Stealthy Deactivation of Safety Filters}, year = {2024}, }

Learning for decision and control in a population of dynamical systems (2024-2027)

Call: VR Starting grant within natural and engineering sciences, funded by the Swedish Research Council (Vetenskapsrådet)

Awarded to: Per Mattsson (PI)

USLC Members: 1 PhD student

In real-world applications there are often many individual systems with similar dynamics - a population of systems. For example batteries in different cars, different batches in the process industry or different patients in medicine. By taking a population view we can study how the dynamical systems in the population can learn from each other, both when it comes to estimating models and designing controllers, and how to detect systems with anomalous behavior that may need maintenance or replacement. The aim of this project is to develop methods and analysis to tackle these problems in a coherent way. To realize this we have identified three subprojects. In the first we will develop and analyze estimation methods for populations of systems that can also handle anomalous systems. In the second we will study how these models can be used for population-wide monitoring and anomaly detection. In the third we will develop methods for robust data-driven control, where individual systems learn from each other. We already have established collaborations with experts in industry that can provide us with relevant applications and data for evaluation of the developed methods. By considering populations, instead of single systems as traditionally done in control theory, and taking on these three problems in a coherent way we believe that this project will open up new research directions in, and make significant contributions to, data-driven modeling, fault detection and control.

SOCRATES: Sensor and actuator selection for learning, estimation and control of fractional dynamical networks (2024-2027)

Call: VR Project grant within natural and engineering sciences, funded by the Swedish Research Council (Vetenskapsrådet)

Awarded to: Sérgio Pequito (PI)

USLC Members: Alessandro Varalda, André Teixeira

Neurological diseases and disorders significantly burden society, affecting millions of people and costing billions of euros annually. Digital pathology shows great potential in facilitating accurate diagnosis, prognosis, and treatment of these conditions, but models characterizing neural dynamics must be both explainable and efficient while capturing the long-term memory properties that play a crucial role in many neurological diseases and disorders. Fractional-order dynamical networks (FODNs) are a promising class of models, but the lack of necessary and sufficient conditions for learning them has hindered their adoption in practice. The SOCRATES project aims to develop necessary and sufficient conditions for efficient learning of FODNs and identify the minimum sensor and actuator placement for learning, observability, and controllability. The project will be carried out over four years and solved using concepts from dynamical and control systems theory, graph theory, and combinatorial optimization. The SOCRATES project aims to achieve the aforementioned goals, which will develop a new set of tools to improve our understanding of fractional-order dynamical networks, particularly neural dynamics. This enhanced understanding can lead to new therapies using neurostimulation devices for conditions such as epilepsy, chronic pain, and retinitis pigmentosa.

ADVOLCANO - Adverse Voltage Controllers’ Interactions in Active Distribution Networks (2023-2026)

Call: Program ‘The Electrical System of the Future’, funded by the Swedish Energy Agency

Awarded to: Stefan Stanković (PI, RISE), Xiaofeng Xong (KTH), Henrik Sandberg (KTH), André Teixeira

USLC Members: Xinyu Wei

To meet the climate and safety challenges of today and the future, new technology is used that changes the dynamics of the electric power system, but which often also leads to unpredictable system behavior. To support voltage regulation in local distribution systems, but also to assist with voltage regulation in the overhead power transmission system, inverter-based generation is often used. However, these can lead to harmful interactions between voltage regulators that can compromise system security. This project analyzes these interactions. The project focus is on modeling and characterizing the interactions between voltage controllers, as well as developing methods for analyzing them. Based on the analysis, in the project we will propose solutions on how to implement new voltage regulation strategies in active distribution networks while avoiding risks of harmful interactions. The project thus contributes to improved resilience and future secure electricity supply.

Validating a System Development Kit for edge federated learning (2023-2025)

Call: ‘Advanced and innovative digitalisation’, funded by the Sweden’s Innovation Agency (Vinnova)

Awarded to: Andreas Hellander (PI, Scaleout), Salman Toor (Scaleout), André Teixeira

USLC Members: Usama Zafar, Javad Parsa

The project´s primary aim is to increase our understanding of scalability and cyber security in federated machine learning specifically for cloud edge applications. We will also further develop and validate a system development kit for federated machine learning, FEDn, for large-scale applications in fleet intelligence.

“Byzantine-Robust Federated Learning with Learnable Aggregation Weights”.
J. Parsa, A. H. Daghestani, A. M. H. Teixeira, and M. Johansson.
ICLR 2026 (Accepted), 2026
ABS BIB

Federated Learning (FL) enables clients to collaboratively train a global model without sharing their private data. However, the presence of malicious (Byzantine) clients poses significant challenges to the robustness of FL, particularly when data distributions across clients are heterogeneous. In this paper, we propose a novel Byzantine-robust FL optimization problem that incorporates adaptive weighting into the aggregation process. Unlike conventional approaches, our formulation treats aggregation weights as learnable parameters, jointly optimizing them alongside the global model parameters. To solve this optimization problem, we develop an alternating minimization algorithm with strong convergence guarantees under adversarial attack. We analyze the Byzantine resilience of the proposed objective. We evaluate the performance of our algorithm against state-of-the-art Byzantine-robust FL approaches across various datasets and attack scenarios. Experimental results demonstrate that our method consistently outperforms existing approaches, particularly in settings with highly heterogeneous data and a large proportion of malicious clients.
@inproceedings{Parsa_ICLR2026, author = {Parsa, J. and Daghestani, A. H. and Teixeira, A. M. H. and Johansson, M.}, title = {Byzantine-Robust Federated Learning with Learnable Aggregation Weights}, booktitle = {ICLR 2026 (Accepted)}, year = {2026}, }

Secure Federated Machine Learning at Scale (2022-2026)

Call: ‘Joint Strategic Research Activities - Graduate School in Cybersecurity’, funded by the Dept. of Information Technology, Uppsala University

Awarded to: Salman Toor (PI), André Teixeira

USLC Members: Usama Zafar

The overall aims of the project are to mitigate the risk of attacks by providing security and enhanced privacy for a scalable federated training environment. In particular, the project addresses concerns related to security and privacy in federated machine learning against model poisoning and information leakage attacks. The envisioned approach is centered around developing new theories and methodologies to achieve two main aims: secure aggregation of local models under poisoning attacks, and private distributed aggregation of local models.

“Robust Federated Learning Against Poisoning Attacks: A GAN-Based Defense Framework”.
U. Zafar, A. M. H. Teixeira, and S. Toor.
(In preparation)
ABS BIB

Federated Learning (FL) enables collaborative model training across decentralized devices without sharing raw data, but it remains vulnerable to poisoning attacks that compromise model integrity. Existing defenses often rely on external datasets or predefined heuristics (e.g. number of malicious clients), limiting their effectiveness and scalability. To address these limitations, we propose a privacy-preserving defense framework that leverages a Conditional Generative Adversarial Network (cGAN) to generate synthetic data at the server for authenticating client updates, eliminating the need for external datasets. Our framework is scalable, adaptive, and seamlessly integrates into FL workflows. Extensive experiments on benchmark datasets demonstrate its robust performance against a variety of poisoning attacks, achieving high True Positive Rate (TPR) and True Negative Rate (TNR) of malicious and benign clients, respectively, while maintaining model accuracy. The proposed framework offers a practical and effective solution for securing federated learning systems.
@article{Zafar_TDSC2025, title = {Robust Federated Learning Against Poisoning Attacks: A GAN-Based Defense Framework}, journal = {(In preparation)}, author = {Zafar, Usama and Teixeira, André M. H. and Toor, Salman}, year = {}, }

Data-driven Vulnerability Analysis for Critical Infrastructures (2022-2026)

Call: ‘Graduate School in Data-Intensive Science’, funded by the eSSENCE-SciLifeLab

Awarded to: Salman Toor (PI), André Teixeira

USLC Members: Zhenlu Sun

In the last two decades, solutions to address software vulnerabilities have evolved significantly. With predictive schemes, vulnerability analysis has shifted from being reactive to being proactive in terms of early identification of possible risks. A comprehensive vulnerability analysis requires data from application execution patterns, network logs, infrastructure logs, and traces from the source code. Efficient collection, availability and analysis of the log files is a non-trivial task as this data grows rapidly with the execution pattern of the applications. The other sources include infrastructure settings and, most importantly, the information available in public vulnerability databases. All these massive data sources form the basis to call vulnerability analysis a big data challenge. A comprehensive data-driven vulnerability analysis framework will be required to ensure reliable, efficient and uninterrupted mission critical services based on software applications. This project takes a data-intensive approach to analyse and diagnose the presence of cybersecurity vulnerabilities in software applications supporting services within critical computing infrastructures. Our approach consists of combining above-mentioned different data sources with attack modeling frameworks and use explainable machine learning techniques to analyze and diagnose security vulnerabilities in software and network configurations.

“GNN-IDS: Graph Neural Network based Intrusion Detection System”.
Z. Sun, A. M. H. Teixeira, and S. Toor.
The International Conference on Availability, Reliability and Security (ARES), 2024
ABS BIB

Intrusion detection systems (IDSs) are widely used to identify anomalies in computer networks and raise alarms on intrusive behaviors. ML-based IDSs generally take network traces or host logs as input to extract patterns from individual samples, whereas the inter-dependencies of network are often not captured and learned, which may result in a large amount of uncertain predictions, false positives, and false negatives. To tackle the challenges in intrusion detection, we propose a graph neural network based intrusion detection system (GNN-IDS), which is data-driven and machine learning-empowered. In GNN-IDS, the attack graph and real-time measurements, representing the static and dynamic attributes of computer networks, respectively, are incorporated and associated to represent the complex computer networks. Graph neural networks are employed as the inference engine for intrusion detection. By learning network connectivity, graph neural networks can quantify the importance of neighboring nodes and node features to make more reliable predictions. Furthermore, by incorporating an attack graph, GNN-IDS could not only detect anomalies but also identify the malicious actions causing the anomalies. The experimental results on a use case network with two synthetic datasets (one generated from public IDS data) show that the proposed GNN-IDS achieves good performance. The results are analyzed from the aspects of uncertainty, explainability, and robustness.
@inproceedings{Sun_ARES2024, author = {Sun, Z. and Teixeira, A. M. H. and Toor, S.}, booktitle = {The International Conference on Availability, Reliability and Security (ARES)}, title = {GNN-IDS: Graph Neural Network based Intrusion Detection System}, year = {2024}, doi = {10.1145/3664476.3664515}, }

Past projects

ReSiSt - Resilience, Safety, and Security in Tree-structured Civil Networks (2021-2024)

Call: VR Project Grant in Societal Security, funded by the Swedish Research Council (Vetenskapsrådet)

Awarded to: André Teixeira (PI), Alexander Medvedev, Per Mattsson, Stefan Engblom

Civil infrastructure networks (CIN) critically support modern society by distributing resources and protecting communities from hazards. Distributed control and monitoring of CIN to meet network demand under the network efficiency and cost constraints also poses physical security and cyber-security challenges. The resilience of civil infrastructure to disruptive events is the overarching topic of the present project. The project goal is to devise a coherent system theoretical platform for resilience analysis of CIN as well as resilience informed control of those. More specifically, a CIN is modeled as a cyber-physical system (CPS) whose physical layer is a transportation network equipped with actuator and sensor nodes interlaced with a computer network that implements control and monitoring of the physical layer. The scope is limited to the consideration of CPS with a tree-structured physical layer and covers a broad class of pipeline systems, i.e. networked systems transporting single or multi phase fluids. Failures, breakdowns, natural hazards, and cyberattacks are considered potential disruptive events. The project will be conducted along three main threads Mathematical modeling of CIM as CPS Model based assessment of resilience via operational indices Resilience informed control of CIM. The feasibility and efficacy of the developed mathematical models and algorithms will be evaluated with respect to urban water and wastewater networks.

“Quantifying Security for Networked Control Systems: A Review”.
S. C. Anand, A. T. Nguyen, A. M. H. Teixeira, H. Sandberg, and K. H. Johansson.
Annual Reviews in Control (Submitted)
ABS BIB

Networked Control Systems (NCSs) are integral in critical infrastructures such as power grids, transportation networks, and production systems. Ensuring the resilient operation of these large-scale NCSs against cyber-attacks is crucial for societal well-being. Over the past two decades, extensive research has been focused on developing metrics to quantify the vulnerabilities of NCSs against attacks. Once the vulnerabilities are quantified, mitigation strategies can be employed to enhance system resilience. This article provides a comprehensive overview of methods developed for assessing NCS vulnerabilities and the corresponding mitigation strategies. Furthermore, we emphasize the importance of probabilistic risk metrics to model vulnerabilities under adversaries with imperfect process knowledge. The article concludes by outlining promising directions for future research.
@article{Anand_Review2026, author = {Anand, S. C. and Nguyen, A. T. and Teixeira, A. M. H. and Sandberg, H. and Johansson, K. H.}, journal = {Annual Reviews in Control (Submitted)}, title = {Quantifying Security for Networked Control Systems: A Review}, }

“Linking global distances and local structures in networks”.
A. Govaert and A. M. H. Teixeira.
IEEE Transaction on Control of Networked Systems (Submitted)
ABS BIB

@article{Govaert_TCNS2026,
  author = {Govaert, A. and Teixeira, A. M. H.},
  journal = {IEEE Transaction on Control of Networked Systems (Submitted)},
  title = {Linking global distances and local structures in networks},
}

“The diverse and fair structures of growth with scale-free saturations”.
A. Govaert, A. M. H. Teixeira, and E. Tegling.
Under preparation
ABS BIB

Real-world growth processes and scalings have been broadly categorized into three growth regimes with distinctly different properties and driving forces. The first two are characterized by a positive and constant feedback between growth and growth rates which in the context of networks lead to scale-free or single-scale networks. The third, sublinear, regime is characteristic of biological scaling processes and those that that are driven by optimization and efficiency. These systems are characterized by a negative feedback in growth rates and as such naturally exhibit saturations, i.e., areas where growth ceases from a lack of resources. Motivated by this observation, we propose and analyze a simple network growth process that is analogous to this sublinear regime and characterize how its scale-free saturations impact the diversity and fairness of its structural properties and give rise to scaling relations observed throughout complex systems and science.
@article{Govaert_Arxiv2025, author = {Govaert, A. and Teixeira, A. M. H. and Tegling, E.}, journal = {Under preparation}, title = {The diverse and fair structures of growth with scale-free saturations}, }
“Scalable Design of Attack-Resilient Controllers for Positive Systems”.
A. Gurpegui, S. C. Anand, and A. M. H. Teixeira.
IEEE Control Systems Letters (submitted)
ABS BIB

This paper proposes a framework for secure and resilient controller design for positive systems against cyber-attacks. In particular, we consider a network-controlled system where an adversary injects false data into the actuator channels to increase the control cost (performance measure) while minimizing the attack effort (energy) and subject to state-dependent constraints. Using a minimax formulation, we analyze the worst-case performance loss caused by such adversaries, which is given by the solution of a difference equation, and an algebraic equation when the time horizon is infinite. We show that the optimal attack policy, among possible nonlinear policies, is linear. Despite the lack of explicit stealthiness constraints, we also show that when the measured output has an unstable zero which is not an unstable zero of the performance measure, the attacks can induce unbounded performance degradation. The proposed framework is also extended to systems with model uncertainty. Numerical examples illustrate the results and demonstrate how tools from positive systems and linear regulator theory can be used to mitigate cyber-attacks with low computational effort.
@article{Gurpegui_LCSS2026, author = {Gurpegui, A. and Anand, S. C. and Teixeira, A. M. H.}, journal = {IEEE Control Systems Letters (submitted)}, title = {Scalable Design of Attack-Resilient Controllers for Positive Systems}, }
“Secure Filtering against Spatio-Temporal False Data Attacks under Asynchronous Sampling”.
Z. Li, A. T. Nguyen, A. M. H. Teixeira, Y. Mo, and K. H. Johansson.
IEEE Trans. Automatic Control (Submitted)
ABS BIB

This paper addresses the secure state estimation problem for continuous linear time-invariant systems with non-periodic and asynchronous sampled measurements, where the sensors need to transmit not only measurements but also sampling time-stamps to the fusion center. This measurement and communication setup is well-suited for operating large-scale control systems and, at the same time, introduces new vulnerabilities that can be exploited by adversaries through (i) manipulation of measurements, (ii) manipulation of time-stamps, (iii) elimination of measurements, (iv) generation of completely new false measurements, or a combination of these attacks. To mitigate these attacks, we propose a decentralized estimation algorithm in which each sensor maintains its local state estimate asynchronously based on its measurements. The local states are synchronized through time prediction and fused after time-stamp alignment. In the absence of attacks, state estimates are proven to recover the optimal Kalman estimates by solving a weighted least square problem. In the presence of attacks, solving this weighted least square problem with the aid of \ell_1 regularization provides secure state estimates with uniformly bounded error under an observability redundancy assumption. The effectiveness of the proposed algorithm is demonstrated using a benchmark example of the IEEE 14-bus system.
@article{Li_TAC2025, author = {Li, Z. and Nguyen, A. T. and Teixeira, A. M. H. and Mo, Y. and Johansson, K. H.}, journal = {IEEE Trans. Automatic Control (Submitted)}, title = {Secure Filtering against Spatio-Temporal False Data Attacks under Asynchronous Sampling}, }
“Distributed Multiple Fault Detection and Estimation in DC Microgrids with Unknown Power Loads”.
J. Dong, M. S. Sadabadi, P. Mattsson, and A. Teixeira.
IEEE Trans. Control System Technology (Submitted)
ABS BIB

This paper proposes a distributed diagnosis scheme to detect and estimate actuator and power line faults in DC microgrids subject to unknown power loads and stochastic noise. To address actuator faults, we design a fault estimation filter whose parameters are determined through a tractable optimization problem to achieve fault estimation, decoupling from power line faults, and robustness against noise. In contrast, the estimation of power line faults poses greater challenges due to the inherent coupling between fault currents and unknown power loads, which becomes ill-posed when the underlying system is insufficiently excited. To the best of our knowledge, this is the first study to address this critical yet underexplored issue. Our solution introduces a novel differentiate-before-estimate strategy. A set of diagnostic rules based on the temporal characteristics of a constructed residual is developed to distinguish load changes from line faults. Once a power line fault is detected, a regularized least-squares method is activated to estimate the fault currents, for which we further derive an upper bound on the estimation error. Finally, comprehensive simulation results validate the effectiveness of the proposed methods.
@article{Dong_TCST2025, author = {Dong, Jingwei and Sadabadi, Mahdieh S. and Mattsson, Per and Teixeira, Andr\'{e}}, journal = {IEEE Trans. Control System Technology (Submitted)}, volume = {}, number = {}, pages = {}, title = {Distributed Multiple Fault Detection and Estimation in DC Microgrids with Unknown Power Loads}, year = {}, }
“Scalable and Optimal Security Allocation in Networks against Stealthy Injection Attacks”.
A. T. Nguyen, S. C. Anand, and A. M. H. Teixeira.
IEEE Trans. Automatic Control (Accepted), 2026
ABS BIB

This paper addresses the security allocation problem in a networked control system under stealthy injection attacks. The networked system is comprised of interconnected subsystems which are represented by nodes in a digraph. An adversary compromises the system by injecting false data into several nodes with the aim of maximally disrupting the performance of the network while remaining stealthy to a defender. To minimize the impact of such stealthy attacks, the defender, with limited knowledge about attack policies and attack resources, allocates several sensors on nodes to impose the stealthiness constraint governing the attack policy. We provide an optimal security allocation algorithm to minimize the expected attack impact on the entire network. Furthermore, under a suitable local control design, the proposed security allocation algorithm can be executed in a scalable way. Finally, the obtained results are validated through several numerical examples.
@article{Nguyen_TAC2026, author = {Nguyen, A. T. and Anand, S. C. and Teixeira, A. M. H.}, journal = {IEEE Trans. Automatic Control (Accepted)}, title = {Scalable and Optimal Security Allocation in Networks against Stealthy Injection Attacks}, year = {2026}, doi = {10.1109/TAC.2025.3639126}, }
“Bilateral Cognitive Security Games in Networked Control Systems under Stealthy Injection Attacks”.
A. T. Nguyen, Q. Zhu, and A. M. H. Teixeira.
IEEE Conf. on Decision and Control (CDC), 2025
ABS BIB

This paper studies a strategic security problem in networked control systems under stealthy false data injection attacks. The security problem is modeled as a bilateral cognitive security game between a defender and an adversary, each possessing cognitive reasoning abilities. The adversary with an adversarial cognitive ability strategically attacks some interconnections of the system with the aim of disrupting the network performance while remaining stealthy to the defender. Meanwhile, the defender with a defense cognitive ability strategically monitors some nodes to impose the stealthiness constraint with the purpose of minimizing the worst-case disruption caused by the adversary. Within the proposed bilateral cognitive security framework, the preferred cognitive levels of the two strategic agents are formulated in terms of two newly proposed concepts, cognitive mismatch and cognitive resonance. Moreover, we propose a method to compute the policies for the defender and the adversary with arbitrary cognitive abilities. A sufficient condition is established under which an increase in cognitive levels does not alter the policies for the defender and the adversary, ensuring convergence. The obtained results are validated through numerical simulations.
@inproceedings{Nguyen_CDC2025, author = {Nguyen, A. T. and Zhu, Q. and Teixeira, A. M. H.}, title = {Bilateral Cognitive Security Games in Networked Control Systems under Stealthy Injection Attacks}, booktitle = {IEEE Conf. on Decision and Control (CDC)}, year = {2025}, }
“Security Metrics for Uncertain Interconnected Systems under Stealthy Data Injection Attacks”.
A. T. Nguyen, S. C. Anand, and A. M. H. Teixeira.
10th IFAC Conference on Networked Systems (NecSys), 2025
ABS BIB

This paper quantifies the security of uncertain interconnected systems under stealthy data injection attacks. In particular, we consider a large-scale system composed of a certain subsystem interconnected with an uncertain subsystem, where only the input-output channels are accessible. An adversary is assumed to inject false data to maximize the performance loss of the certain subsystem while remaining undetected. By abstracting the uncertain subsystem as a class of admissible systems satisfying an L2 gain constraint, the worst-case performance loss is obtained as the solution to a convex semi-definite program depending only on the certain subsystem dynamics and such an L2 gain constraint. This solution is proved to serve as an upper bound for the actual worst-case performance loss when the model of the entire system is fully certain. The results are demonstrated through numerical simulations of the power transmission grid spanning Sweden and Northern Denmark.
@inproceedings{Nguyen_NecSys2025, author = {Nguyen, A. T. and Anand, S. C. and Teixeira, A. M. H.}, title = {Security Metrics for Uncertain Interconnected Systems under Stealthy Data Injection Attacks}, booktitle = {10th IFAC Conference on Networked Systems (NecSys)}, year = {2025}, }
“Security Allocation in Networked Control Systems under Stealthy Attacks”.
A. T. Nguyen, A. M. H. Teixeira, and A. Medvedev.
IEEE Trans. Control of Network Systems, vol. 12, no. 1, pp. 216–227, Mar. 2025
ABS BIB

This paper considers the problem of security allocation in a networked control system under stealthy attacks in which the system is comprised of interconnected subsystems represented by vertices. A malicious adversary selects a single vertex on which to conduct a stealthy data injection attack to maximally disrupt the local performance while remaining undetected. On the other hand, a defender selects several vertices on which to allocate defense resources against the adversary. First, the objectives of the adversary and the defender with uncertain targets are formulated in probabilistic ways, resulting in an expected worst-case impact of stealthy attacks. Next, we provide a graph-theoretic necessary and sufficient condition under which the cost for the defender and the expected worst-case impact of stealthy attacks are bounded. This condition enables the defender to restrict the admissible actions to a subset of available vertex sets. Then, we cast the problem of security allocation in a Stackelberg game-theoretic framework. Finally, the contribution of this paper is highlighted by utilizing the proposed admissible actions of the defender in the context of large-scale networks. A numerical example of a 50-vertex networked control system is presented to validate the obtained results.
@article{Nguyen_TCNS2024, author = {Nguyen, A. T. and Teixeira, A. M. H. and Medvedev, A.}, journal = {IEEE Trans. Control of Network Systems}, title = {Security Allocation in Networked Control Systems under Stealthy Attacks}, volume = {12}, number = {1}, pages = {216-227}, doi = {10.1109/TCNS.2024.3462546}, month = mar, year = {2025}, }
“Centrality-based Security Allocation in Networked Control Systems”.
A. T. Nguyen, A. Hertzberg, and A. M. H. Teixeira.
Critical Information Infrastructures Security, Cham, 2025, pp. 212–230
ABS BIB

This paper addresses the security allocation problem within networked control systems, which consist of multiple interconnected control systems under the influence of two opposing agents: a defender and a malicious adversary. The adversary aims to maximize the worst-case attack impact on system performance while remaining undetected by launching stealthy data injection attacks on one or several interconnected control systems. Conversely, the defender’s objective is to allocate security resources to detect and mitigate these worst-case attacks. A novel centrality-based approach is proposed to guide the allocation of security resources to the most connected or influential subsystems within the network. The methodology involves comparing the worst-case attack impact for both the optimal and centrality-based security allocation solutions. The results demonstrate that the centrality measure approach enables significantly faster allocation of security resources with acceptable levels of performance loss compared to the optimal solution, making it suitable for large-scale networks. The proposed method is validated through numerical examples using Erdös-Rényi graphs.
@inproceedings{Nguyen_CRITIS24, author = {Nguyen, A. T. and Hertzberg, A. and Teixeira, A. M. H.}, title = {Centrality-based Security Allocation in Networked Control Systems}, year = {2025}, editor = {Oliva, Gabriele and Panzieri, Stefano and H{\"a}mmerli, Bernhard and Pascucci, Federica and Faramondi, Luca}, booktitle = {Critical Information Infrastructures Security}, publisher = {Springer Nature Switzerland}, address = {Cham}, pages = {212--230}, note = {Presented at the 19th International Conference on Critical Information Infrastructures Security}, doi = {10.1007/978-3-031-84260-3_13}, }
“Security Allocation in Networked Control Systems”.
A. T. Nguyen.
Licentiate thesis, Uppsala University, Uppsala, Sweden, 2023
ABS BIB

Sustained use of critical infrastructure, such as electrical power and water distribution networks, requires efficient management and control. Facilitated by the advancements in computational devices and non-proprietary communication technology, such as the Internet, the efficient operation of critical infrastructure relies on network decomposition into interconnected subsystems, thus forming networked control systems. However, the use of public and pervasive communication channels leaves these systems vulnerable to cyber attacks. Consequently, the critical infrastructure is put at risk of suffering operation disruption and even physical damage that would inflict financial costs as well as pose a hazard to human health. Therefore, security is crucial to the sustained efficient operation of critical infrastructure. This thesis develops a framework for evaluating and improving the security of networked control systems in the face of cyber attacks. The considered security problem involves two strategic agents, namely a malicious adversary and a defender, pursuing their specific and conflicting goals. The defender aims to efficiently allocate defense resources with the purpose of detecting malicious activities. Meanwhile, the malicious adversary simultaneously conducts cyber attacks and remains stealthy to the defender. We tackle the security problem by proposing a game-theoretic framework and characterizing its main components: the payoff function, the action space, and the available information for each agent. Especially, the payoff function is characterized based on the output-to-output gain security metric that fully explores the worst-case attack impact. Then, we investigate the properties of the game and how to efficiently compute its equilibrium. Given the combinatorial nature of the defender’s actions, one important challenge is to alleviate the computational burden. To overcome this challenge, the thesis contributes several system- and graph-theoretic conditions that enable the defender to shrink the action space, efficiently allocating the defense resources. The effectiveness of the proposed framework is validated through numerical examples.
@phdthesis{Nguyen_Lic2023, author = {Nguyen, Anh Tung}, title = {Security Allocation in Networked Control Systems}, school = {Uppsala University}, year = {2023}, address = {Uppsala, Sweden}, month = oct, type = {Licentiate thesis}, }
“Optimal Detector Placement in Networked Control Systems under Cyber-attacks with Applications to Power Networks”.
A. T. Nguyen, S. C. Anand, A. M. H. Teixeira, and A. Medvedev.
IFAC World Congress, 2023
ABS BIB

This paper proposes a game-theoretic method to address the problem of optimal detector placement in a networked control system under cyber-attacks. The networked control system is composed of interconnected agents where each agent is regulated by its local controller over unprotected communication, which leaves the system vulnerable to malicious cyber-attacks. To guarantee a given local performance, the defender optimally selects a single agent on which to place a detector at its local controller with the purpose of detecting cyber-attacks. On the other hand, an adversary optimally chooses a single agent on which to conduct a cyber-attack on its input with the aim of maximally worsening the local performance while remaining stealthy to the defender. First, we present a necessary and sufficient condition to ensure that the maximal attack impact on the local performance is bounded, which restricts the possible actions of the defender to a subset of available agents. Then, by considering the maximal attack impact on the local performance as a game payoff, we cast the problem of finding optimal actions of the defender and the adversary as a zero-sum game. Finally, with the possible action sets of the defender and the adversary, an algorithm is devoted to determining the Nash equilibria of the zero-sum game that yield the optimal detector placement. The proposed method is illustrated on an IEEE benchmark for power systems.
@inproceedings{NguyenIFAC2023, address = {}, author = {Nguyen, A. T. and Anand, S. C. and Teixeira, A. M. H. and Medvedev, A.}, booktitle = {IFAC World Congress}, title = {Optimal Detector Placement in Networked Control Systems under Cyber-attacks with Applications to Power Networks}, year = {2023}, }
“A Single-Adversary-Single-Detector Zero-Sum Game in Networked Control Systems”.
A. T. Nguyen, A. M. H. Teixeira, and A. Medvedev.
IFAC Conference on Networked Systems (NecSys), 2022
ABS BIB

This paper proposes a game-theoretic approach to address the problem of optimal sensor placement for detecting cyber-attacks in networked control systems. The problem is formulated as a zero-sum game with two players, namely a malicious adversary and a detector. Given a protected target vertex, the detector places a sensor at a single vertex to monitor the system and detect the presence of the adversary. On the other hand, the adversary selects a single vertex through which to conduct a cyber-attack that maximally disrupts the target vertex while remaining undetected by the detector. As our first contribution, for a given pair of attack and monitor vertices and a known target vertex, the game payoff function is defined as the output-to-output gain of the respective system. Then, the paper characterizes the set of feasible actions by the detector that ensures bounded values of the game payoff. Finally, an algebraic sufficient condition is proposed to examine whether a given vertex belongs to the set of feasible monitor vertices. The optimal sensor placement is then determined by computing the mixed-strategy Nash equilibrium of the zero-sum game through linear programming. The approach is illustrated via a numerical example of a 10-vertex networked control system with a given target vertex.
@inproceedings{NguyenNecsys2022, address = {}, author = {Nguyen, A. T. and Teixeira, A. M. H. and Medvedev, A.}, booktitle = {IFAC Conference on Networked Systems (NecSys)}, title = {A Single-Adversary-Single-Detector Zero-Sum Game in Networked Control Systems}, year = {2022}, doi = {10.1016/j.ifacol.2022.07.234}, }

Secure and Resilient Control Systems (2020-2025)

Call: SSF Future Research Leaders 7, funded by the Swedish Foundation for Strategic Research (SSF)

Awarded to: André Teixeira (PI)

Reports of cyber-attacks on digitally controlled systems supporting modern societies, such as Stuxnet, have shown their devastating consequences to safety and human lives, and shed light on the attackers modus operandi first learn the system, then tamper the visible information so the attack is undetected, and meanwhile have significant impact on the physical system. It is of the utmost importance to be able to detect and mitigate such malicious cyber-attacks. Unfortunately, existing methods in control engineering consider impact on the physical system and detectability separately, and thus fail to accurately tackle cyber attacks that strategically mix high impact with low detectability. On the other hand, approaches from secure control assume adversaries with perfect knowledge, resulting in overly pessimistic, unrealistic conclusions. The project will produce approaches to analyze and mitigate cyber-attacks on control systems, through the following actions 1) to construct novel sensitivity metrics that jointly consider the impact and detectability of attacks under uncertainty; 2) to design optimal anomaly detectors, controllers, and security measure deployment that minimize the novel sensitivity metrics, and thus increase security; 3) to experimentally validate the developed scientific approaches in testbeds and numerical benchmarks. The developed science and tools will induce a paradigm change in robust control and fault detection, and allow for more effective handling of anomalies.

“Quantifying Security for Networked Control Systems: A Review”.
S. C. Anand, A. T. Nguyen, A. M. H. Teixeira, H. Sandberg, and K. H. Johansson.
Annual Reviews in Control (Submitted)
ABS BIB

Networked Control Systems (NCSs) are integral in critical infrastructures such as power grids, transportation networks, and production systems. Ensuring the resilient operation of these large-scale NCSs against cyber-attacks is crucial for societal well-being. Over the past two decades, extensive research has been focused on developing metrics to quantify the vulnerabilities of NCSs against attacks. Once the vulnerabilities are quantified, mitigation strategies can be employed to enhance system resilience. This article provides a comprehensive overview of methods developed for assessing NCS vulnerabilities and the corresponding mitigation strategies. Furthermore, we emphasize the importance of probabilistic risk metrics to model vulnerabilities under adversaries with imperfect process knowledge. The article concludes by outlining promising directions for future research.
@article{Anand_Review2026, author = {Anand, S. C. and Nguyen, A. T. and Teixeira, A. M. H. and Sandberg, H. and Johansson, K. H.}, journal = {Annual Reviews in Control (Submitted)}, title = {Quantifying Security for Networked Control Systems: A Review}, }
“Stealthy bias injection attack detection based on Kullback-Leibler divergence in stochastic linear systems”.
J. Dong and A. M. H. Teixeira.
Automatica (submitted)
ABS BIB

This paper studies the design of detection observers against stealthy bias injection attacks in stochastic linear systems under Gaussian noise, considering adversaries that exploit noise and inject crafted bias signals into a subset of sensors in a slow and coordinated manner, thereby achieving malicious objectives while remaining stealthy. To address such attacks, we formulate the observer design as a max-min optimization problem to enhance the detectability of worst-case BIAs, which attain a prescribed attack impact with the least detectability evaluated via Kullback-Leibler divergence. To reduce the computational complexity of the derived non-convex design problem, we consider the detectability of worst-case BIAs at three specific time instants: attack onset, one step after attack occurrence, and the steady state. We prove that the Kalman filter is optimal for maximizing the BIA detectability at the attack onset, regardless of the subset of attacked sensors. For the one-step and steady-state cases, the observer design problems are approximated by bi-convex optimization problems, which can be efficiently solved using alternating optimization and alternating direction method of multipliers. Moreover, more tractable linear matrix inequality relaxations are developed. Finally, the effectiveness of the proposed stealth-aware detection framework is demonstrated through an application to a thermal system.
@article{Dong_Automatica2026, author = {Dong, J. and Teixeira, A. M. H.}, journal = {Automatica (submitted)}, title = {Stealthy bias injection attack detection based on Kullback-Leibler divergence in stochastic linear systems}, }
“Scalable Design of Attack-Resilient Controllers for Positive Systems”.
A. Gurpegui, S. C. Anand, and A. M. H. Teixeira.
IEEE Control Systems Letters (submitted)
ABS BIB

This paper proposes a framework for secure and resilient controller design for positive systems against cyber-attacks. In particular, we consider a network-controlled system where an adversary injects false data into the actuator channels to increase the control cost (performance measure) while minimizing the attack effort (energy) and subject to state-dependent constraints. Using a minimax formulation, we analyze the worst-case performance loss caused by such adversaries, which is given by the solution of a difference equation, and an algebraic equation when the time horizon is infinite. We show that the optimal attack policy, among possible nonlinear policies, is linear. Despite the lack of explicit stealthiness constraints, we also show that when the measured output has an unstable zero which is not an unstable zero of the performance measure, the attacks can induce unbounded performance degradation. The proposed framework is also extended to systems with model uncertainty. Numerical examples illustrate the results and demonstrate how tools from positive systems and linear regulator theory can be used to mitigate cyber-attacks with low computational effort.
@article{Gurpegui_LCSS2026, author = {Gurpegui, A. and Anand, S. C. and Teixeira, A. M. H.}, journal = {IEEE Control Systems Letters (submitted)}, title = {Scalable Design of Attack-Resilient Controllers for Positive Systems}, }

“Impact analysis of hidden faults in nonlinear control systems using output-to-output gain”.
R. Seifullaev and A. M. H. Teixeira.
IFAC World Congress (Submitted)
BIB

@inproceedings{Seifullaev_IFACWC2026,
  author = {Seifullaev, R. and Teixeira, A. M. H.},
  title = {Impact analysis of hidden faults in nonlinear control systems using output-to-output gain},
  booktitle = {IFAC World Congress (Submitted)},
  year = {},
}

“On the Boundedness of the Solution to the Output-to-output l2-gain Strategic Stealthy Attacks Problem”.
A. Gallo, A. T. Nguyen, G. Oliva, and A. M. H. Teixeira.
IEEE Trans. Automatic Control (Submitted)
ABS BIB

This paper investigates the output-to-output l2-gain problem in the context of strategic stealthy attacks on networked control systems. We derive necessary and sufficient conditions for the boundedness of the gain by leveraging duality, dissipativity, and applying the semidefinite version of the Farkas Lemma. The analysis yields a rigorous characterization of attack feasibility: we equivalently formulate the problem as a definite programming problem and we show that it admits a solution if and only if the non-minimum phase zeros of the detection subsystem are shared with the performance subsystem. This condition enables the precise assessment of an attacker’s ability to induce maximal disruption while evading detection. The proposed framework offers both theoretical insight and a tractable computational formulation that facilitates practical vulnerability analysis. The obtained results are validated through numerical examples.
@article{Gallo_TAC2025, author = {Gallo, A. and Nguyen, A. T. and Oliva, G. and Teixeira, A. M. H.}, journal = {IEEE Trans. Automatic Control (Submitted)}, number = {}, pages = {}, title = {On the Boundedness of the Solution to the Output-to-output l2-gain Strategic Stealthy Attacks Problem}, volume = {}, year = {}, }
“Secure Filtering against Spatio-Temporal False Data Attacks under Asynchronous Sampling”.
Z. Li, A. T. Nguyen, A. M. H. Teixeira, Y. Mo, and K. H. Johansson.
IEEE Trans. Automatic Control (Submitted)
ABS BIB

This paper addresses the secure state estimation problem for continuous linear time-invariant systems with non-periodic and asynchronous sampled measurements, where the sensors need to transmit not only measurements but also sampling time-stamps to the fusion center. This measurement and communication setup is well-suited for operating large-scale control systems and, at the same time, introduces new vulnerabilities that can be exploited by adversaries through (i) manipulation of measurements, (ii) manipulation of time-stamps, (iii) elimination of measurements, (iv) generation of completely new false measurements, or a combination of these attacks. To mitigate these attacks, we propose a decentralized estimation algorithm in which each sensor maintains its local state estimate asynchronously based on its measurements. The local states are synchronized through time prediction and fused after time-stamp alignment. In the absence of attacks, state estimates are proven to recover the optimal Kalman estimates by solving a weighted least square problem. In the presence of attacks, solving this weighted least square problem with the aid of \ell_1 regularization provides secure state estimates with uniformly bounded error under an observability redundancy assumption. The effectiveness of the proposed algorithm is demonstrated using a benchmark example of the IEEE 14-bus system.
@article{Li_TAC2025, author = {Li, Z. and Nguyen, A. T. and Teixeira, A. M. H. and Mo, Y. and Johansson, K. H.}, journal = {IEEE Trans. Automatic Control (Submitted)}, title = {Secure Filtering against Spatio-Temporal False Data Attacks under Asynchronous Sampling}, }
“Efficiently Computing the Cyclic Output-to-Output Gain”.
D. Arnström and A. M. H. Teixeira.
System & Control Letters, vol. 213, p. 106430, 2026
ABS BIB

The cyclic output-to-output gain is a security metric for control systems. Commonly, it is computed by solving a semidefinite program, which scales badly and inhibits its use for large-scale systems. We propose a method for computing the cyclic output-to-output gain using Hamiltonian matrices, similar to existing methods for the H∞-norm. In contrast to existing methods for the H∞-norm, the proposed method considers generalized singular values rather than regular singular values. Moreover, to ensure that the Hamiltonian matrices exist, we introduce a regularized version of the cyclic output-to-output gain. Through numerical experiments, we show that the proposed method is more efficient, scalable, and reliable than semi-definite programming approaches.
@article{Arnstrom_SCL2025, author = {Arnstr\"{o}m, D. and Teixeira, A. M. H.}, journal = {System \& Control Letters}, volume = {213}, number = {}, pages = {106430}, title = {Efficiently Computing the Cyclic Output-to-Output Gain}, year = {2026}, doi = {10.1016/j.sysconle.2026.106430}, }
“An H2-norm approach to performance analysis of networked control systems under multiplicative routing transformations”.
R. Seifullaev and A. M. H. Teixeira.
European Control Conference (Accepted), 2026
ABS BIB

This paper investigates the performance of networked control systems subject to multiplicative routing transformations that alter measurement pathways without directly injecting signals. Such transformations, arising from faults or adversarial actions, modify the feedback structure and can degrade performance while remaining stealthy. An H2-norm framework is proposed to quantify the impact of these transformations by evaluating the ratio between the steady-state energies of performance and residual outputs. Equivalent linear matrix inequality (LMI) formulations are derived for computational assessment, and analytical upper bounds are established to estimate the worst-case degradation. The results provide structural insight into how routing manipulations influence closed-loop behavior and reveal conditions for stealthy multiplicative attacks.
@inproceedings{Seifullaev_ECC2026, author = {Seifullaev, R. and Teixeira, A. M. H.}, title = {An H2-norm approach to performance analysis of networked control systems under multiplicative routing transformations}, booktitle = {European Control Conference (Accepted)}, year = {2026}, }

@inproceedings{Eriksson_ECC026,
  author = {Eriksson, L. and Wigren, T. and Zachariah, D. and Teixeira, A. M. H.},
  title = {Detecting Feedback-path Delay Injection Attacks Using Interacting Multiple Model Filtering},
  booktitle = {European Control Conference (Accepted)},
  year = {2026},
}

“Fundamental limitations of sensitivity metrics for anomaly impact analysis in LTI systems”.
J. Dong, K. Zhang, A. T. Nguyen, and A. M. H. Teixeira.
American Control Conference (Accepted), 2026
ABS BIB

This study establishes a connection between the output-to-output gain (OOG), a sensitivity metric quantifying the impact of stealthy attacks, and a novel input-to-input gain (IIG) introduced to evaluate fault sensitivity under disturbances, and investigates their fundamental performance limitations arising from the transmission zeros of the underlying dynamical system. Inspired by the OOG, which characterizes the maximum performance loss caused by stealthy attacks, the IIG is proposed as a new measure of robust fault sensitivity, and is defined as the maximum energy of undetectable faults for a given disturbance intensity. Then, using right (for OOG) and left (for IIG) co-prime factorizations, both metrics are expressed as the H-inf norm of a ratio of the numerator factors. This unified representation facilitates a systematic analysis of their fundamental limitations. Subsequently, by utilizing the Poisson integral relation, theoretical bounds for the IIG and OOG are derived, explicitly characterizing their fundamental limitations imposed by system \mboxnon-minimum phase (NMP) zeros. Finally, a numerical example is employed to validate the results.
@inproceedings{Dong_ACC2026, author = {Dong, J. and Zhang, K. and Nguyen, A. T. and Teixeira, A. M. H.}, title = {Fundamental limitations of sensitivity metrics for anomaly impact analysis in LTI systems}, booktitle = {American Control Conference (Accepted)}, year = {2026}, }
“Scalable and Optimal Security Allocation in Networks against Stealthy Injection Attacks”.
A. T. Nguyen, S. C. Anand, and A. M. H. Teixeira.
IEEE Trans. Automatic Control (Accepted), 2026
ABS BIB

This paper addresses the security allocation problem in a networked control system under stealthy injection attacks. The networked system is comprised of interconnected subsystems which are represented by nodes in a digraph. An adversary compromises the system by injecting false data into several nodes with the aim of maximally disrupting the performance of the network while remaining stealthy to a defender. To minimize the impact of such stealthy attacks, the defender, with limited knowledge about attack policies and attack resources, allocates several sensors on nodes to impose the stealthiness constraint governing the attack policy. We provide an optimal security allocation algorithm to minimize the expected attack impact on the entire network. Furthermore, under a suitable local control design, the proposed security allocation algorithm can be executed in a scalable way. Finally, the obtained results are validated through several numerical examples.
@article{Nguyen_TAC2026, author = {Nguyen, A. T. and Anand, S. C. and Teixeira, A. M. H.}, journal = {IEEE Trans. Automatic Control (Accepted)}, title = {Scalable and Optimal Security Allocation in Networks against Stealthy Injection Attacks}, year = {2026}, doi = {10.1109/TAC.2025.3639126}, }
“Vulnerability Analysis against Stealthy Integrity Attacks for Nonlinear Systems”.
K. Zhang, A. Kasis, A. M. H. Teixeira, and B. Jiang.
IEEE Conf. on Decision and Control (CDC), 2025
ABS BIB

This paper considers the vulnerability issues of a class of nonlinear systems to stealthy integrity attacks. To characterize the stealthiness of the attack, a forward-invariant set for the system output is introduced. Additionally, a safety set for the system state is established to evaluate the attack’s safety. Our analysis demonstrates that the nonlinear system is non-vulnerable to strictly stealthy integrity attacks if it is uniformly observable. When the uniform observability property is not satisfied, we show that the considered class of nonlinear systems is not vulnerable to stealthy integrity attacks when an output-to-state safe barrier function is admitted. Moreover, for nonlinear systems that are vulnerable to stealthy integrity attacks, we analytically show how these are parameterized. Our analytic results are validated with numerical simulations that demonstrate the applicability of the presented analysis.
@inproceedings{Zhang_CDC2025, author = {Zhang, Kangkang and Kasis, Andreas and Teixeira, A. M. H. and Jiang, Bin}, title = {Vulnerability Analysis against Stealthy Integrity Attacks for Nonlinear Systems}, booktitle = {IEEE Conf. on Decision and Control (CDC)}, year = {2025}, }
“Bilateral Cognitive Security Games in Networked Control Systems under Stealthy Injection Attacks”.
A. T. Nguyen, Q. Zhu, and A. M. H. Teixeira.
IEEE Conf. on Decision and Control (CDC), 2025
ABS BIB

This paper studies a strategic security problem in networked control systems under stealthy false data injection attacks. The security problem is modeled as a bilateral cognitive security game between a defender and an adversary, each possessing cognitive reasoning abilities. The adversary with an adversarial cognitive ability strategically attacks some interconnections of the system with the aim of disrupting the network performance while remaining stealthy to the defender. Meanwhile, the defender with a defense cognitive ability strategically monitors some nodes to impose the stealthiness constraint with the purpose of minimizing the worst-case disruption caused by the adversary. Within the proposed bilateral cognitive security framework, the preferred cognitive levels of the two strategic agents are formulated in terms of two newly proposed concepts, cognitive mismatch and cognitive resonance. Moreover, we propose a method to compute the policies for the defender and the adversary with arbitrary cognitive abilities. A sufficient condition is established under which an increase in cognitive levels does not alter the policies for the defender and the adversary, ensuring convergence. The obtained results are validated through numerical simulations.
@inproceedings{Nguyen_CDC2025, author = {Nguyen, A. T. and Zhu, Q. and Teixeira, A. M. H.}, title = {Bilateral Cognitive Security Games in Networked Control Systems under Stealthy Injection Attacks}, booktitle = {IEEE Conf. on Decision and Control (CDC)}, year = {2025}, }
“Kullback-Leibler Divergence-Based Filter Design Against Bias Injection Attacks”.
F. E. Tosun, A. M. H. Teixeira, J. Dong, A. Ahlén, and S. Dey.
European Journal of Control, p. 101427, 2025
ABS BIB

Cyber-physical systems (CPS) are increasingly deployed in safety-critical applications, making them prime targets for adversarial attacks. Timely detection and mitigation of such attacks are imperative for the safe operation of CPS. This paper proposes a novel residual generator design method for enhanced detection of bias injection attacks (BIAs) in linear CPS driven by white Gaussian noise. Specifically, we define a flexible attack impact metric based on the weighted norm of the injected bias and a detectability metric based on the Kullback-Leibler divergence. Using these two metrics, we characterize the worst-case BIAs as those that minimize detectability while maintaining a specified minimum impact. For residual generation filter synthesis, we formulate two optimization problems: one for maximizing the detectability of worst-case BIAs at the attack onset and the other at steady state. Since these two problems are inherently conflicting, we employ the ϵ-constraint method to obtain Pareto-optimal solutions that balance transient and steady-state detectability. The effectiveness of the proposed filter design method is demonstrated through numerical simulations, with a comparison against two state-of-the-art benchmarks: the Kalman filter and the H_/H2 filter.
@article{Tosun_EJC2025, author = {Tosun, F. E. and Teixeira, A. M. H. and Dong, J. and Ahlén, A. and Dey, S.}, journal = {European Journal of Control}, volume = {}, number = {}, pages = {101427}, title = {Kullback-Leibler Divergence-Based Filter Design Against Bias Injection Attacks}, year = {2025}, doi = {10.1016/j.ejcon.2025.101427}, }
“Security Metrics for Uncertain Interconnected Systems under Stealthy Data Injection Attacks”.
A. T. Nguyen, S. C. Anand, and A. M. H. Teixeira.
10th IFAC Conference on Networked Systems (NecSys), 2025
ABS BIB

This paper quantifies the security of uncertain interconnected systems under stealthy data injection attacks. In particular, we consider a large-scale system composed of a certain subsystem interconnected with an uncertain subsystem, where only the input-output channels are accessible. An adversary is assumed to inject false data to maximize the performance loss of the certain subsystem while remaining undetected. By abstracting the uncertain subsystem as a class of admissible systems satisfying an L2 gain constraint, the worst-case performance loss is obtained as the solution to a convex semi-definite program depending only on the certain subsystem dynamics and such an L2 gain constraint. This solution is proved to serve as an upper bound for the actual worst-case performance loss when the model of the entire system is fully certain. The results are demonstrated through numerical simulations of the power transmission grid spanning Sweden and Northern Denmark.
@inproceedings{Nguyen_NecSys2025, author = {Nguyen, A. T. and Anand, S. C. and Teixeira, A. M. H.}, title = {Security Metrics for Uncertain Interconnected Systems under Stealthy Data Injection Attacks}, booktitle = {10th IFAC Conference on Networked Systems (NecSys)}, year = {2025}, }
“Data-Driven and Stealthy Deactivation of Safety Filters”.
D. Arnström and A. M. H. Teixeira.
Annual Learning for Dynamics & Control Conference (L4DC), 2025
ABS BIB

Safety filters ensure that control actions that are executed are always safe, no matter the controller in question. Previous work has proposed a simple and stealthy false-data injection attack for deactivating such safety filters. This attack injects false sensor measurements to bias state estimates toward the interior of a safety region, making the safety filter accept unsafe control actions. The attack does, however, require the adversary to know the dynamics of the system, the safety region used in the safety filter, and the observer gain. In this work we relax these requirements and show how a similar data-injection attack can be performed when the adversary only observes the input and output of the observer that is used by the safety filter, without any a priori knowledge about the system dynamics, safety region, or observer gain. In particular, the adversary uses the observed data to identify a state-space model that describes the observer dynamics, and then approximates a safety region in the identified embedding. We exemplify the data-driven attack on an inverted pendulum, where we show how the attack can make the system leave a safe set, even when a safety filter is supposed to stop this from happening.
@inproceedings{Arnstrom_L4DC2025, author = {Arnstr\"{o}m, D. and Teixeira, A. M. H.}, title = {Data-Driven and Stealthy Deactivation of Safety Filters}, booktitle = {Annual Learning for Dynamics & Control Conference (L4DC)}, year = {2025}, }
“Data-Driven Identification of Attack-free Sensors in Networked Control Systems”.
S. C. Anand, M. S. Chong, and A. M. H. Teixeira.
European Control Conference, 2025
ABS BIB

This paper proposes a data-driven framework to identify the attack-free sensors in a networked control system when some of the sensors are corrupted by an adversary. An operator with access to offline input-output attack-free trajectories of the plant is considered. Then, a data-driven algorithm is proposed to identify the attack-free sensors when the plant is controlled online. We also provide necessary conditions, based on the properties of the plant, under which the algorithm is feasible. An extension of the algorithm is presented to identify the sensors completely online against certain classes of attacks. The efficacy of our algorithm is depicted through numerical examples.
@inproceedings{Anand_ECC2025, author = {Anand, S. C. and Chong, M. S. and Teixeira, A. M. H.}, title = {Data-Driven Identification of Attack-free Sensors in Networked Control Systems}, booktitle = {European Control Conference}, year = {2025}, }
“Switching Multiplicative Watermark design against Covert Attacks”.
A. J. Gallo, S. C. Anand, A. M. H. Teixeira, and R. M. G. Ferrari.
Automatica, vol. 177, p. 112301, 2025
ABS BIB

Active techniques have been introduced to give better detectability performance for cyber-attack diagnosis in cyber–physical systems (CPS). In this paper, switching multiplicative watermarking is considered, whereby we propose an optimal design strategy to define switching filter parameters. Optimality is evaluated exploiting the so-called output-to-output gain of the closed-loop system, including some supposed attack dynamics. A worst-case scenario of a matched covert attack is assumed, presuming that an attacker with full knowledge of the closed-loop system injects a stealthy attack of bounded energy. Our algorithm, given watermark filter parameters at some time instant, provides optimal next-step parameters. Analysis of the algorithm is given, demonstrating its features, and demonstrating that through initialization of certain parameters outside of the algorithm, the parameters of the multiplicative watermarking can be randomized. Simulation shows how, by adopting our method for parameter design, the attacker’s impact on performance diminishes.
@article{Gallo_Automatica2025, author = {Gallo, A. J. and Anand, S. C. and Teixeira, A. M. H. and Ferrari, R. M.G.}, journal = {Automatica}, title = {Switching Multiplicative Watermark design against Covert Attacks}, volume = {177}, pages = {112301}, year = {2025}, doi = {10.1016/j.automatica.2025.112301}, }
“Kullback-Leibler Divergence-Based Observer Design Against Sensor Bias Injection Attacks in Single-Output Systems”.
F. E. Tosun, A. M. H. Teixeira, J. Dong, A. Ahlén, and S. Dey.
IEEE Trans. Information Forensics and Security, vol. 20, pp. 2763–2777, 2025
ABS BIB

This paper considers observer-based anomaly detection of bias injection attacks (BIAs) on cyber-physical systems with linear dynamics and driven by Gaussian noise. Despite the perceived simplicity of this attack strategy, BIAs pose a significant risk to systems that have an integrator in their open-loop dynamics, as the residual generated by any linear observer will be identical under attack and normal operation at steadystate. Consequently, such attacks are detectable only for a limited duration during the transient phase. In this paper, we propose a principled way for designing a residual generation filter based on maximizing the Kullback-Liebler divergence (KLD) during the transients and steady-state. This approach significantly increases the signal-to-noise ratio against BIAs. The effectiveness of our method is demonstrated through numerical examples, comparing it to the Kalman filter and a robust multi-objective H−/H2 filter.
@article{Tosun_TIFS2025, author = {Tosun, F. E. and Teixeira, A. M. H. and Dong, J. and Ahlén, A. and Dey, S.}, journal = {IEEE Trans. Information Forensics and Security}, volume = {20}, number = {}, pages = {2763-2777}, title = {Kullback-Leibler Divergence-Based Observer Design Against Sensor Bias Injection Attacks in Single-Output Systems}, year = {2025}, doi = {10.1109/TIFS.2025.3546167}, }
“Security Allocation in Networked Control Systems under Stealthy Attacks”.
A. T. Nguyen, A. M. H. Teixeira, and A. Medvedev.
IEEE Trans. Control of Network Systems, vol. 12, no. 1, pp. 216–227, Mar. 2025
ABS BIB

This paper considers the problem of security allocation in a networked control system under stealthy attacks in which the system is comprised of interconnected subsystems represented by vertices. A malicious adversary selects a single vertex on which to conduct a stealthy data injection attack to maximally disrupt the local performance while remaining undetected. On the other hand, a defender selects several vertices on which to allocate defense resources against the adversary. First, the objectives of the adversary and the defender with uncertain targets are formulated in probabilistic ways, resulting in an expected worst-case impact of stealthy attacks. Next, we provide a graph-theoretic necessary and sufficient condition under which the cost for the defender and the expected worst-case impact of stealthy attacks are bounded. This condition enables the defender to restrict the admissible actions to a subset of available vertex sets. Then, we cast the problem of security allocation in a Stackelberg game-theoretic framework. Finally, the contribution of this paper is highlighted by utilizing the proposed admissible actions of the defender in the context of large-scale networks. A numerical example of a 50-vertex networked control system is presented to validate the obtained results.
@article{Nguyen_TCNS2024, author = {Nguyen, A. T. and Teixeira, A. M. H. and Medvedev, A.}, journal = {IEEE Trans. Control of Network Systems}, title = {Security Allocation in Networked Control Systems under Stealthy Attacks}, volume = {12}, number = {1}, pages = {216-227}, doi = {10.1109/TCNS.2024.3462546}, month = mar, year = {2025}, }
“Centrality-based Security Allocation in Networked Control Systems”.
A. T. Nguyen, A. Hertzberg, and A. M. H. Teixeira.
Critical Information Infrastructures Security, Cham, 2025, pp. 212–230
ABS BIB

This paper addresses the security allocation problem within networked control systems, which consist of multiple interconnected control systems under the influence of two opposing agents: a defender and a malicious adversary. The adversary aims to maximize the worst-case attack impact on system performance while remaining undetected by launching stealthy data injection attacks on one or several interconnected control systems. Conversely, the defender’s objective is to allocate security resources to detect and mitigate these worst-case attacks. A novel centrality-based approach is proposed to guide the allocation of security resources to the most connected or influential subsystems within the network. The methodology involves comparing the worst-case attack impact for both the optimal and centrality-based security allocation solutions. The results demonstrate that the centrality measure approach enables significantly faster allocation of security resources with acceptable levels of performance loss compared to the optimal solution, making it suitable for large-scale networks. The proposed method is validated through numerical examples using Erdös-Rényi graphs.
@inproceedings{Nguyen_CRITIS24, author = {Nguyen, A. T. and Hertzberg, A. and Teixeira, A. M. H.}, title = {Centrality-based Security Allocation in Networked Control Systems}, year = {2025}, editor = {Oliva, Gabriele and Panzieri, Stefano and H{\"a}mmerli, Bernhard and Pascucci, Federica and Faramondi, Luca}, booktitle = {Critical Information Infrastructures Security}, publisher = {Springer Nature Switzerland}, address = {Cham}, pages = {212--230}, note = {Presented at the 19th International Conference on Critical Information Infrastructures Security}, doi = {10.1007/978-3-031-84260-3_13}, }
“Scalable metrics to quantify security of large-scale systems”.
S. C. Anand, C. Grussler, and A. M. H. Teixeira.
IEEE Conference on Decisions and Control, 2024
ABS BIB

This paper addresses the issue of data injection attacks on the actuators of positive networked control systems. We introduce an impact metric that quantifies the worst-case performance loss caused by stealthy attacks. By leveraging the properties of positive systems, we show that the impact metric admits an equivalent linear program representation, offering scalability advantages. Under mild assumptions, we prove the existence of a solution for the linear program, thereby proving that the impact metric admits a finite value. Furthermore, we extend such scalable metrics for uncertain systems and provide brief insights into cone positive systems.
@inproceedings{Anand_CDC024, author = {Anand, S. C. and Grussler, C. and Teixeira, A. M. H.}, title = {Scalable metrics to quantify security of large-scale systems}, year = {2024}, booktitle = {IEEE Conference on Decisions and Control}, doi = {10.1109/CDC56724.2024.10886808}, }
“Event-triggered control of nonlinear systems under deception and Denial-of-Service attacks”.
R. Seifullaev, A. M. H. Teixeira, and A. Ahlén.
IEEE Conference on Decisions and Control, 2024
ABS BIB

We address the problem of event-triggered networked control of nonlinear systems under simultaneous deception and Denial-of-Service (DoS) attacks. By DoS attacks, we refer to disruptions in the communication channel that prevent sensor measurements from reaching the controller. When the system undergoes a deception attack, the controller receives a modified output, deviating from the sensor’s original measurement. We implement the input delay approach and the Lyapunov-Krasovskii technique to obtain sufficient conditions, expressed in terms of linear matrix inequalities (LMIs), that characterize the duration of the DoS interruptions under which input-to-state stability (ISS) of the closed-loop system is preserved. Furthermore, we explore scenarios involving simultaneous attacks, where the DoS is modeled as a stochastic Bernoulli process. The closed-loop system is then considered as a stochastic impulsive system. In a similar manner, we derive conditions to ensure mean-square ISS for this case. A numerical example illustrates the efficiency of the results.
@inproceedings{Seifullaev_CDC024, author = {Seifullaev, R. and Teixeira, A. M. H. and Ahl\'{e}n, A.}, booktitle = {IEEE Conference on Decisions and Control}, title = {Event-triggered control of nonlinear systems under deception and Denial-of-Service attacks}, year = {2024}, doi = {10.1109/CDC56724.2024.10886155}, }
“Stealthy Deactivation of Safety Filters”.
D. Arnström and A. M. H. Teixeira.
European Control Conference, 2024
ABS BIB

Safety filters ensure that only safe control actions are executed. We propose a simple and stealthy false-data injection attack for deactivating such safety filters; in particular, we focus on deactivating safety filters that are based on control barrier functions. The attack injects false sensor measurements to bias state estimates to the interior of a safety region, which makes the safety filter accept unsafe control actions. To detect such attacks, we also propose a detector that detects biases manufactured by the proposed attack policy, which complements conventional detectors when safety filters are used. The proposed attack policy and detector are illustrated on a double integrator example.
@inproceedings{Arnstrom_ECC2024, author = {Arnstr\"{o}m, D. and Teixeira, A. M. H.}, booktitle = {European Control Conference}, title = {Stealthy Deactivation of Safety Filters}, year = {2024}, }
“Delay Attack and Detection in Feedback Linearized Control Systems”.
T. Wigren and A. M. H. Teixeira.
European Control Conference, 2024
ABS BIB

Delay injection attacks on nonlinear control systems may trigger instability mechanisms like finite escape time dynamics. The paper guards against such attacks by showing how a recursive algorithm for identification of nonlinear dynamics and delay can simultaneously provide parameter estimates for controller tuning and detection of delay injection in the feedback path. The attack methodology is illustrated using a simulated feedback linearized automotive cruise controller where the attack is disguised, but anyway rapidly detected.
@inproceedings{Wigren_ECC2024, author = {Wigren, T. and Teixeira, A. M. H.}, booktitle = {European Control Conference}, title = {Delay Attack and Detection in Feedback Linearized Control Systems}, year = {2024}, }
“Convergence in delayed recursive identification of nonlinear systems”.
T. Wigren.
European Control Conference, 2024
ABS BIB

Early detection of delay attacks on feedback control systems can be achieved by recursive identification of delay and dynamics. The paper contributes with an analysis of the convergence of a multiple-model based algorithm for joint recursive identification of fractional delay and continuous time nonlinear state space dynamics. It is proved that the true parameter vector is in the set of global convergence points, while reasons are given why a standard local stability analysis fails. A numerical example illustrates these results.
@inproceedings{Wigren_ECC2025, author = {Wigren, T.}, booktitle = {European Control Conference}, title = {Convergence in delayed recursive identification of nonlinear systems}, year = {2024}, }
“Kullback-Leibler Divergence-Based Detector Design Against Bias Injection Attacks in an Artificial Pancreas System”.
F. E. Tosun, A. M. H. Teixeira, A. Ahlén, and S. Dey.
12th IFAC Symposium on Fault Detection, Supervision and Safety for Technical Processes, 2024
ABS BIB

This paper considers constant bias injection attacks on the glucose sensor deployed in an artificial pancreas system that has an integrator. The main challenge with such apparently simple attacks is that, if the system is linear and has an integrator, they are only detectable for a limited duration. More formally, they are steady-state stealthy attacks. To address this issue, we propose a residual generation method to increase the detectability of these attacks based on the Kullback–Leibler divergence metric. Illustrative examples with numerical simulations are provided to demonstrate the effectiveness of the proposed method.
@inproceedings{Tosun_SAFEPROCESS2024, author = {Tosun, F. E. and Teixeira, A. M. H. and Ahlén, A. and Dey, S.}, booktitle = {12th IFAC Symposium on Fault Detection, Supervision and Safety for Technical Processes}, title = {Kullback-Leibler Divergence-Based Detector Design Against Bias Injection Attacks in an Artificial Pancreas System}, year = {2024}, doi = {10.1016/j.ifacol.2024.07.269}, }
“Quickest Detection of Bias Injection Attacks on the Glucose Sensor in the Artificial Pancreas Under Meal Disturbances”.
F. E. Tosun, A. M. H. Teixeira, M. Abdalmoaty, A. Ahlén, and S. Dey.
Journal of Process Control, vol. 153, no. 103162, 2024
ABS BIB

Modern glucose sensors deployed in closed-loop insulin delivery systems, so-called artificial pancreas use wireless communication channels. While this allows a flexible system design, it also introduces vulnerability to cyberattacks. Timely detection and mitigation of attacks are imperative for device safety. However, large unknown meal disturbances are a crucial challenge in determining whether the sensor has been compromised or the sensor glucose trajectories are normal. We address this issue from a control-theoretic security perspective. In particular, a time-varying Kalman filter is employed to handle the sporadic meal intakes. The filter prediction error is then statistically evaluated to detect anomalies if present. We compare two state-of-the-art online anomaly detection algorithms, namely the χ^2 and CUSUM tests. We establish a robust optimal detection rule for unknown bias injections. Even if the optimality holds only for the restrictive case of constant bias injections, we show that the proposed model-based anomaly detection scheme is also effective for generic non-stealthy sensor deception attacks through numerical simulations
@article{Tosun_JPC2024, author = {Tosun, F. E. and Teixeira, A. M. H. and Abdalmoaty, M. and Ahl\'{e}n, A. and Dey, S.}, journal = {Journal of Process Control}, volume = {153}, number = {103162}, title = {Quickest Detection of Bias Injection Attacks on the Glucose Sensor in the Artificial Pancreas Under Meal Disturbances}, year = {2024}, doi = {10.1016/j.jprocont.2024.103162}, }
“Security Allocation in Networked Control Systems”.
A. T. Nguyen.
Licentiate thesis, Uppsala University, Uppsala, Sweden, 2023
ABS BIB

Sustained use of critical infrastructure, such as electrical power and water distribution networks, requires efficient management and control. Facilitated by the advancements in computational devices and non-proprietary communication technology, such as the Internet, the efficient operation of critical infrastructure relies on network decomposition into interconnected subsystems, thus forming networked control systems. However, the use of public and pervasive communication channels leaves these systems vulnerable to cyber attacks. Consequently, the critical infrastructure is put at risk of suffering operation disruption and even physical damage that would inflict financial costs as well as pose a hazard to human health. Therefore, security is crucial to the sustained efficient operation of critical infrastructure. This thesis develops a framework for evaluating and improving the security of networked control systems in the face of cyber attacks. The considered security problem involves two strategic agents, namely a malicious adversary and a defender, pursuing their specific and conflicting goals. The defender aims to efficiently allocate defense resources with the purpose of detecting malicious activities. Meanwhile, the malicious adversary simultaneously conducts cyber attacks and remains stealthy to the defender. We tackle the security problem by proposing a game-theoretic framework and characterizing its main components: the payoff function, the action space, and the available information for each agent. Especially, the payoff function is characterized based on the output-to-output gain security metric that fully explores the worst-case attack impact. Then, we investigate the properties of the game and how to efficiently compute its equilibrium. Given the combinatorial nature of the defender’s actions, one important challenge is to alleviate the computational burden. To overcome this challenge, the thesis contributes several system- and graph-theoretic conditions that enable the defender to shrink the action space, efficiently allocating the defense resources. The effectiveness of the proposed framework is validated through numerical examples.
@phdthesis{Nguyen_Lic2023, author = {Nguyen, Anh Tung}, title = {Security Allocation in Networked Control Systems}, school = {Uppsala University}, year = {2023}, address = {Uppsala, Sweden}, month = oct, type = {Licentiate thesis}, }
“Risk Assessment of Stealthy Attacks on Uncertain Control Systems”.
S. C. Anand, A. M. H. Teixeira, and A. Ahlén.
IEEE Trans. Automatic Control, vol. 69, no. 5, pp. 3214–3221, May 2024
ABS BIB

In this article, we address the problem of risk assessment of stealthy attacks on uncertain control systems. Considering data injection attacks that aim at maximizing impact while remaining undetected, we use the recently proposed output-to-output gain to characterize the risk associated with the impact of attacks under a limited system knowledge attacker. The risk is formulated using a well-established risk metric, namely the maximum expected loss. Under this setups, the risk assessment problem corresponds to an untractable infinite non-convex optimization problem. To address this limitation, we adopt the framework of scenario-based optimization to approximate the infinite non-convex optimization problem by a sampled non-convex optimization problem. Then, based on the framework of dissipative system theory and S-procedure, the sampled non-convex risk assessment problem is formulated as an equivalent convex semi-definite program. Additionally, we derive the necessary and sufficient conditions for the risk to be bounded. Finally, we illustrate the results through numerical simulation of a hydro-turbine power system.
@article{Anand_TAC2024, author = {Anand, S. C. and Teixeira, A. M. H. and Ahl\'{e}n, A.}, journal = {IEEE Trans. Automatic Control}, number = {5}, pages = {3214--3221}, title = {Risk Assessment of Stealthy Attacks on Uncertain Control Systems}, volume = {69}, month = may, year = {2024}, doi = {10.1109/TAC.2023.3318194}, }
“Risk-based Security Measure Allocation Against Actuator Attacks”.
S. C. Anand and A. M. H. Teixeira.
IEEE Open Journal of Control Systems, vol. 2, pp. 297–309, 2023
ABS BIB

This article considers the problem of risk-optimal allocation of security measures when the actuators of an uncertain control system are under attack. We consider an adversary injecting false data into the actuator channels. The attack impact is characterized by the maximum performance loss caused by a stealthy adversary with bounded energy. Since the impact is a random variable, due to system uncertainty, we use Conditional Value-at-Risk (CVaR) to characterize the risk associated with the attack. We then consider the problem of allocating the security measures which minimize the risk. We assume that there are only a limited number of security measures available. Under this constraint, we observe that the allocation problem is a mixed-integer optimization problem. Thus we use relaxation techniques to approximate the security allocation problem into a Semi-Definite Program (SDP). We also compare our allocation method (i) across different risk measures: the worst-case measure, the average (nominal) measure, and (ii) across different search algorithms: the exhaustive and the greedy search algorithms. We depict the efficacy of our approach through numerical examples.
@article{Anand_IEEEOJCSys2023, author = {Anand, S. C. and Teixeira, A. M. H.}, journal = {IEEE Open Journal of Control Systems}, number = {}, pages = {297--309}, title = {Risk-based Security Measure Allocation Against Actuator Attacks}, volume = {2}, year = {2023}, doi = {10.1109/OJCSYS.2023.3305831}, }

“On the trade-offs between accuracy, privacy, and resilience in average consensus algorithms”.
G. Ramos, A. M. H. Teixeira, and S. Pequito.
IEEE Conference on Decisions and Control, 2023
BIB

@inproceedings{Ramos_CDC2023,
  author = {Ramos, G. and Teixeira, A. M. H. and Pequito, S.},
  booktitle = {IEEE Conference on Decisions and Control},
  title = {On the trade-offs between accuracy, privacy, and resilience in average consensus algorithms},
  year = {2023},
}

“Robust Sequential Detection of Non-stealthy Sensor Deception Attacks in an Artificial Pancreas System”.
F. E. Tosun and A. M. H. Teixeira.
IEEE Conference on Decisions and Control, 2023
BIB

@inproceedings{Tosun_CDC2023,
  address = {},
  author = {Tosun, F. E. and Teixeira, A. M. H.},
  booktitle = {IEEE Conference on Decisions and Control},
  title = {Robust Sequential Detection of Non-stealthy Sensor Deception Attacks in an Artificial Pancreas System},
  year = {2023},
}

“Secure State Estimation with Asynchronous Measurements against Malicious Measurement-data and Time-stamp Manipulation”.
Z. Li, A. T. Nguyen, A. M. H. Teixeira, Y. Mo, and K. H. Johansson.
IEEE Conference on Decisions and Control, 2023
ABS BIB

This paper proposes a secure state estimation scheme with non-periodic asynchronous measurements for linear continuous-time systems under false data attacks on the measurement transmit channel. After sampling the output of the system, a sensor transmits the measurement information in a triple composed of sensor index, time-stamp, and measurement value to the fusion center via vulnerable communication channels. The malicious attacker can corrupt a subset of the sensors through (i) manipulating the time-stamp and measurement value; (ii) blocking transmitted measurement triples; or (iii) injecting fake measurement triples. To deal with such attacks, we propose the design of local estimators based on observability space decomposition, where each local estimator updates the local state and sends it to the fusion center after sampling a measurement. Whenever there is a local update, the fusion center combines all the local states and generates a secure state estimate by adopting the median operator. We prove that local estimators of benign sensors are unbiased with stable covariance. Moreover, the fused central estimation error has bounded expectation and covariance against at most p corrupted sensors as long as the system is 2p-sparse observable. The efficacy of the proposed scheme is demonstrated through an application on a benchmark example of the IEEE 14-bus system.
@inproceedings{Li_CDC2023, address = {}, author = {Li, Z. and Nguyen, A. T. and Teixeira, A. M. H. and Mo, Y. and Johansson, K. H.}, booktitle = {IEEE Conference on Decisions and Control}, title = {Secure State Estimation with Asynchronous Measurements against Malicious Measurement-data and Time-stamp Manipulation}, year = {2023}, }

“Feedback Path Delay Attacks and Detection”.
T. Wigren and A. M. H. Teixeira.
IEEE Conference on Decisions and Control, 2023
BIB

@inproceedings{Wigren_CDC2023,
  address = {},
  author = {Wigren, T. and Teixeira, A. M. H.},
  booktitle = {IEEE Conference on Decisions and Control},
  title = {Feedback Path Delay Attacks and Detection},
  year = {2023},
}

“Quickest Detection of Deception Attacks on Cyber-Physical Systems with a Parsimonious Watermarking Policy”.
A. Naha, A. M. H. Teixeira, A. Ahlén, and S. Dey.
Automatica, vol. 155, p. 111147, 2023
ABS BIB

The addition of a physical watermarking signal to the control input increases the detection probability of data deception attacks at the expense of increased control cost. In this paper, we propose a parsimonious policy to reduce the average number of watermarking events when the attack is not present, which in turn reduces the control cost. We model the system as a stochastic optimal control problem and apply the dynamic programming to minimize the average detection delay (ADD) for fixed upper bounds on false alarm rate (FAR) and increased control cost. The optimal solution results in a two threshold policy on the posterior probability of attack, which is derived from the Shiryaev statistics for sequential change detection assuming the change point is a random variable with a geometric distribution. We derive approximate expressions of ADD and FAR applying the non-linear renewal theory. The relationship between the average number of watermarking added before the attack and the increase in control cost is also derived. We design the optimal watermarking that maximizes the Kullback-Leibler divergence for a fixed increase in the control cost. Simulation studies are performed to illustrate and validate the theoretical results.
@article{Naha_AUTOMATICA2023, author = {Naha, A. and Teixeira, A. M. H. and Ahl\'{e}n, A. and Dey, S.}, journal = {Automatica}, number = {}, pages = {111147}, title = {Quickest Detection of Deception Attacks on Cyber-Physical Systems with a Parsimonious Watermarking Policy}, volume = {155}, year = {2023}, doi = {10.1016/j.automatica.2023.111147}, }
“Quickest Physical Watermarking-Based Detection of Measurement Replacement Attacks in Networked Control Systems”.
A. Naha, A. M. H. Teixeira, A. Ahlén, and S. Dey.
European Journal of Control, vol. 71, p. 100804, 2023
ABS BIB

In this paper, we propose and analyze an attack detection scheme for securing the physical layer of a networked control system (NCS) with a wireless sensor network against attacks where the adversary replaces the true observations with stationary false data. An independent and identically distributed watermarking signal is added to the optimal linear quadratic Gaussian (LQG) control inputs, and a cumulative sum (CUSUM) test is carried out using the joint distribution of the innovation signal and the watermarking signal for quickest attack detection. We derive the expressions of the supremum of the average detection delay (SADD) for a multi-input and multi-output (MIMO) system under the optimal and sub-optimal CUSUM tests. The SADD is asymptotically inversely proportional to the expected KullbackLeibler divergence (KLD) under certain conditions. The expressions for the MIMO case are simplified for multi-input and single-output systems and explored further to distil design insights. We provide insights into the design of an optimal watermarking signal to maximize KLD for a given fixed increase in LQG control cost when there is no attack. Furthermore, we investigate how the attacker and the control system designer can accomplish their respective objectives by changing the relative power of the attack signal and the watermarking signal. Simulations and numerical studies are carried out to validate the theoretical results.
@article{Naha_EJC2023, author = {Naha, A. and Teixeira, A. M. H. and Ahl\'{e}n, A. and Dey, S.}, journal = {European Journal of Control}, number = {}, pages = {100804}, title = {Quickest Physical Watermarking-Based Detection of Measurement Replacement Attacks in Networked Control Systems}, volume = {71}, year = {2023}, doi = {10.1016/j.ejcon.2023.100804}, }
“Privacy and Security in Network Controlled Systems via Dynamic Masking”.
M. Abdalmoaty, S. C. Anand, and A. M. H. Teixeira.
IFAC World Congress, 2023
ABS VID BIB

In this paper, we propose a new architecture to enhance the privacy and security of networked control systems against malicious adversaries. We consider an adversary which first learns the system dynamics (privacy) using system identification techniques, and then performs a data injection attack (security). In particular, we consider an adversary conducting zero-dynamics attacks (ZDA) which maximizes the performance cost of the system whilst staying undetected. However, using the proposed architecture, we show that it is possible to (i) introduce significant bias in the system estimates of the adversary: thus providing privacy of the system parameters, and (ii) efficiently detect attacks when the adversary performs a ZDA using the identified system: thus providing security. Through numerical simulations, we illustrate the efficacy of the proposed architecture.
@inproceedings{AbdalmoatyIFAC2023, address = {}, author = {Abdalmoaty, M. and Anand, S. C. and Teixeira, A. M. H.}, booktitle = {IFAC World Congress}, title = {Privacy and Security in Network Controlled Systems via Dynamic Masking}, year = {2023}, video = {https://youtu.be/uuz5ppriWLk}, }
“Optimal Detector Placement in Networked Control Systems under Cyber-attacks with Applications to Power Networks”.
A. T. Nguyen, S. C. Anand, A. M. H. Teixeira, and A. Medvedev.
IFAC World Congress, 2023
ABS BIB

This paper proposes a game-theoretic method to address the problem of optimal detector placement in a networked control system under cyber-attacks. The networked control system is composed of interconnected agents where each agent is regulated by its local controller over unprotected communication, which leaves the system vulnerable to malicious cyber-attacks. To guarantee a given local performance, the defender optimally selects a single agent on which to place a detector at its local controller with the purpose of detecting cyber-attacks. On the other hand, an adversary optimally chooses a single agent on which to conduct a cyber-attack on its input with the aim of maximally worsening the local performance while remaining stealthy to the defender. First, we present a necessary and sufficient condition to ensure that the maximal attack impact on the local performance is bounded, which restricts the possible actions of the defender to a subset of available agents. Then, by considering the maximal attack impact on the local performance as a game payoff, we cast the problem of finding optimal actions of the defender and the adversary as a zero-sum game. Finally, with the possible action sets of the defender and the adversary, an algorithm is devoted to determining the Nash equilibria of the zero-sum game that yield the optimal detector placement. The proposed method is illustrated on an IEEE benchmark for power systems.
@inproceedings{NguyenIFAC2023, address = {}, author = {Nguyen, A. T. and Anand, S. C. and Teixeira, A. M. H. and Medvedev, A.}, booktitle = {IFAC World Congress}, title = {Optimal Detector Placement in Networked Control Systems under Cyber-attacks with Applications to Power Networks}, year = {2023}, }
“On-line Identification of Delay Attacks in Networked Servo Control”.
T. Wigren and A. M. H. Teixeira.
IFAC World Congress, 2023
ABS BIB

The paper discusses attacks on networked control loops by increased delay, and shows how existing round trip jitter may disguise such attacks. The attackers objective need not be de-stabilization, the paper argues that making settling time requirements fail can be sufficient. To defend against such attacks, the paper proposes the use of joint recursive prediction error identification of the round trip delay and the networked closed loop dynamics. The proposed identification algorithm allows general defense, since it is designed for delayed nonlinear dynamics in state space form. Simulations show that the method is able to detect a delay attack on a printed circuit board component mounting servo loop, long before the attack reaches full effect.
@inproceedings{WigrenIFAC2023, address = {}, author = {Wigren, T. and Teixeira, A. M. H.}, booktitle = {IFAC World Congress}, title = {On-line Identification of Delay Attacks in Networked Servo Control}, year = {2023}, }
“An Online Kullback-Leibler Divergence-Based Stealthy Attack against Cyber-Physical Systems”.
Q. Zhang, K. Liu, A. M. H. Teixeira, Y. Li, S. Chai, and Y. Xia.
IEEE Trans. Automatic Control, vol. 68, no. 6, pp. 3672–3679, 2023
ABS BIB

This article investigates the design of online stealthy attacks with the aim of moving the system’s state to a desired target. Different from the design of offline attacks, which is only based on the system’s model, to design the online attack, the attacker also estimates the system’s state with the intercepted data at each instant and computes the optimal attack accordingly. To ensure stealthiness, the Kullback-Leibler divergence between the innovations with and without attacks at each instant should be smaller than a threshold. We show that the attacker should solve a convex optimization problem at each instant to compute the mean and covariance of the attack. The feasibility of the attack policy is also discussed. Furthermore, for the strictly stealthy case with zero threshold, the analytic expression of the unique optimal attack is given. Finally, a numerical example of the longitudinal flight control system is adopted to illustrate the effectiveness of the proposed attack.
@article{Zhang_TAC2023, author = {Zhang, Q. and Liu, K. and Teixeira, A. M. H. and Li, Y. and Chai, S. and Xia, Y.}, journal = {IEEE Trans. Automatic Control}, number = {6}, pages = {3672--3679}, title = {An Online Kullback-Leibler Divergence-Based Stealthy Attack against Cyber-Physical Systems}, volume = {68}, year = {2023}, doi = {10.1109/TAC.2022.3192201}, }
“Sequential detection of Replay attacks”.
A. Naha, A. M. H. Teixeira, A. Ahlén, and S. Dey.
IEEE Trans. Automatic Control, vol. 68, no. 3, pp. 1941–1948, 2023
ABS BIB

One of the most studied forms of attacks on the cyber-physical systems is the replay attack. The statistical similarities of the replayed signal and the true observations make the replay attack difficult to detect. In this paper, we address the problem of replay attack detection by adding watermarking to the control inputs and then perform resilient detection using cumulative sum (CUSUM) test on the joint statistics of the innovation signal and the watermarking signal, whereas existing work considers only the marginal distribution of the innovation signal. We derive the expression of the Kullback-Liebler divergence (KLD) between the two joint distributions before and after the replay attack, which is, asymptotically, inversely proportional to the detection delay. We perform a structural analysis of the derived KLD expression and suggest a technique to improve the KLD for the systems with relative degree greater than one. A scheme to find the optimal watermarking signal variance for a fixed increase in the control cost to maximize the KLD under the CUSUM test is presented. We provide various numerical simulation results to support our theory. The proposed method is also compared with a state-ofthe-art method based on the Neyman-Pearson detector, illustrating the smaller detection delay of the proposed sequential detector.
@article{NahaTAC2022, author = {Naha, A. and Teixeira, A. M. H. and Ahl\'{e}n, A. and Dey, S.}, journal = {IEEE Trans. Automatic Control}, number = {3}, pages = {1941--1948}, title = {Sequential detection of Replay attacks}, volume = {68}, year = {2023}, doi = {10.1109/TAC.2022.3174004}, }
“A Zero-Sum Game Framework for Optimal Sensor Placement in Uncertain Networked Control Systems under Cyber-Attacks”.
A. T. Nguyen, S. C. Anand, and A. M. H. Teixeira.
IEEE Conference on Decision and Control (CDC), 2022
ABS BIB

This paper proposes a game-theoretic approach to address the problem of optimal sensor placement against an adversary in uncertain networked control systems. The problem is formulated as a zero-sum game with two players, namely a malicious adversary and a detector. Given a protected performance vertex, we consider a detector, with uncertain system knowledge, that selects another vertex on which to place a sensor and monitors its output with the aim of detecting the presence of the adversary. On the other hand, the adversary, also with uncertain system knowledge, chooses a single vertex and conducts a cyber-attack on its input. The purpose of the adversary is to drive the attack vertex as to maximally disrupt the protected performance vertex while remaining undetected by the detector. As our first contribution, the game payoff of the above-defined zero-sum game is formulated in terms of the Value-at-Risk of the adversary’s impact. However, this game payoff corresponds to an intractable optimization problem. To tackle the problem, we adopt the scenario approach to approximately compute the game payoff. Then, the optimal monitor selection is determined by analyzing the equilibrium of the zero-sum game. The proposed approach is illustrated via a numerical example of a 10-vertex networked control system.
@inproceedings{NguyenCDC2022, address = {}, author = {Nguyen, A. T. and Anand, S. C. and Teixeira, A. M. H.}, booktitle = {IEEE Conference on Decision and Control (CDC)}, title = {A Zero-Sum Game Framework for Optimal Sensor Placement in Uncertain Networked Control Systems under Cyber-Attacks}, year = {2022}, doi = {10.1109/CDC51059.2022.9992468}, }
“Structural analyses of a parsimonious watermarking policy
for data deception attack detection in networked control systems”.
A. Naha, A. M. H. Teixeira, A. Ahlén, and S. Dey.
IEEE Conference on Decisions and Control (CDC), 2022
ABS BIB

In this paper, we perform structural analyses of a parsimonious watermarking policy, which minimizes the average detection delay (ADD) to detect data deception attacks on networked control systems (NCS) for a fixed upper bound on the false alarm rate (FAR). The addition of physical watermarking to the control input of a NCS increases the probability of attack detections with an increase in the control cost. Therefore, we formulate the problem of data deception attack detection for NCS with the facility to add physical watermarking as a stochastic optimal control problem. Then we solve the problem by applying dynamic programming value iterations and find a parsimonious watermarking policy that decides to add watermarking and detects attacks based on the estimated posterior probability of attack. We analyze the optimal policy structure and find that it can be a one, two or three threshold policy depending on a few parameter values. Simulation studies show that the optimal policy for a practical range of parameter values is a two-threshold policy on the posterior probability of attack. Derivation of a threshold-based policy from the structural analysis of the value iteration method reduces the computational complexity during the runtime implementation and offers better structural insights. Furthermore, such an analysis provides a guideline for selecting the parameter values to meet the design requirements.
@inproceedings{NahaCDC2022, address = {}, author = {Naha, A. and Teixeira, A. M. H. and Ahl\'{e}n, A. and Dey, S.}, booktitle = {IEEE Conference on Decisions and Control (CDC)}, title = {Structural analyses of a parsimonious watermarking policy for data deception attack detection in networked control systems}, year = {2022}, doi = {10.1109/CDC51059.2022.9993201}, }
“Risk assessment and optimal allocation of security measures under stealthy false data injection attacks”.
S. C. Anand, A. M. H. Teixeira, and A. Ahlén.
IEEE Conference on Control Technology and Applications (CCTA), 2022
ABS BIB

This paper firstly addresses the problem of risk assessment under false data injection attacks on uncertain control systems. We consider an adversary with complete system knowledge, injecting stealthy false data into an uncertain control system. We then use the Value-at-Risk to characterize the risk associated with the attack impact caused by the adversary. The worst-case attack impact is characterized by the recently proposed output-to-output gain. We observe that the risk assessment problem corresponds to an infinite non-convex robust optimization problem. To this end, we use dissipative system theory and the scenario approach to approximate the risk-assessment problem into a convex problem and also provide probabilistic certificates on approximation. Secondly, we con-sider the problem of security measure allocation. We consider an operator with a constraint on the security budget. Under this constraint, we propose an algorithm to optimally allocate the security measures using the calculated risk such that the resulting Value-at-risk is minimized. Finally, we illustrate the results through a numerical example. The numerical example also illustrates that the security allocation using the Value-at-risk, and the impact on the nominal system may have different outcomes: thereby depicting the benefit of using risk metrics.
@inproceedings{AnandCCTA2022, address = {}, author = {Anand, S. C. and Teixeira, A. M. H. and Ahl\'{e}n, A.}, booktitle = {IEEE Conference on Control Technology and Applications (CCTA)}, title = {Risk assessment and optimal allocation of security measures under stealthy false data injection attacks}, year = {2022}, doi = {10.1109/CCTA49430.2022.9966025}, }
“A Single-Adversary-Single-Detector Zero-Sum Game in Networked Control Systems”.
A. T. Nguyen, A. M. H. Teixeira, and A. Medvedev.
IFAC Conference on Networked Systems (NecSys), 2022
ABS BIB

This paper proposes a game-theoretic approach to address the problem of optimal sensor placement for detecting cyber-attacks in networked control systems. The problem is formulated as a zero-sum game with two players, namely a malicious adversary and a detector. Given a protected target vertex, the detector places a sensor at a single vertex to monitor the system and detect the presence of the adversary. On the other hand, the adversary selects a single vertex through which to conduct a cyber-attack that maximally disrupts the target vertex while remaining undetected by the detector. As our first contribution, for a given pair of attack and monitor vertices and a known target vertex, the game payoff function is defined as the output-to-output gain of the respective system. Then, the paper characterizes the set of feasible actions by the detector that ensures bounded values of the game payoff. Finally, an algebraic sufficient condition is proposed to examine whether a given vertex belongs to the set of feasible monitor vertices. The optimal sensor placement is then determined by computing the mixed-strategy Nash equilibrium of the zero-sum game through linear programming. The approach is illustrated via a numerical example of a 10-vertex networked control system with a given target vertex.
@inproceedings{NguyenNecsys2022, address = {}, author = {Nguyen, A. T. and Teixeira, A. M. H. and Medvedev, A.}, booktitle = {IFAC Conference on Networked Systems (NecSys)}, title = {A Single-Adversary-Single-Detector Zero-Sum Game in Networked Control Systems}, year = {2022}, doi = {10.1016/j.ifacol.2022.07.234}, }
“Detection of Bias Injection Attacks on the Glucose Sensor in the Artificial Pancreas Under Meal Disturbances”.
F. E. Tosun, A. M. H. Teixeira, A. Ahlén, and S. Dey.
American Control Conference, Atlanta, Georgia, USA, 2022
ABS BIB

The artificial pancreas is an emerging concept of closed-loop insulin delivery that aims to tightly regulate the blood glucose levels in patients with type 1 diabetes. This paper considers bias injection attacks on the glucose sensor deployed in an artificial pancreas. Modern glucose sensors transmit measurements through wireless communication that are vulnerable to cyber-attacks, which must be timely detected and mitigated. To this end, we propose a model-based anomaly detection scheme using a Kalman filter and a χ 2 test. One key challenge is to distinguish cyber-attacks from large unknown disturbances arising from meal intake. This challenge is addressed by an online meal estimator, and a novel time-varying detection threshold. More precisely, we show that the ordinary least squares is the optimal unbiased estimator of the meal size under certain modelling assumptions. Moreover, we derive a novel time-varying threshold for the χ 2 detector to avoid false alarms during meal ingestion. The results are validated by means of numerical simulations.
@inproceedings{Tosun_ACC2022, address = {Atlanta, Georgia, USA}, author = {Tosun, F. E. and Teixeira, A. M. H. and Ahl\'{e}n, A. and Dey, S.}, booktitle = {American Control Conference}, title = {Detection of Bias Injection Attacks on the Glucose Sensor in the Artificial Pancreas Under Meal Disturbances}, year = {2022}, doi = {10.23919/ACC53348.2022.9867556}, }
“Sequential Detection of Replay Attacks with a Parsimonious Watermarking Policy”.
A. Naha, A. M. H. Teixeira, A. Ahlén, and S. Dey.
American Control Conference, Atlanta, Georgia, USA, 2022
ABS BIB

In this paper, we have proposed a technique for Bayesian sequential detection of replay attacks on networked control systems with a constraint on the average number of watermarking (ANW) events used during normal system operations. Such a constraint limits the increase in the control cost due to watermarking. To determine the optimal sequence regarding the addition or otherwise of watermarking signals, first, we formulate an infinite horizon stochastic optimal control problem with a termination state. Then applying the value iteration approach, we find an optional policy that minimizes the average detection delay (ADD) for fixed upper bounds on the false alarm rate (FAR) and ANW. The optimal policy turns out to be a two thresholds policy on the posterior probability of attack. We derive approximate expressions of ADD and FAR as functions of the two derived thresholds and a few other parameters. A simulation study on a single-input single-output system illustrates that the proposed method improves the control cost considerably at the expense of small increases in ADD. We also perform simulation studies to validate the derived theoretical results.
@inproceedings{Naha_ACC2022, address = {Atlanta, Georgia, USA}, author = {Naha, A. and Teixeira, A. M. H. and Ahl\'{e}n, A. and Dey, S.}, booktitle = {American Control Conference}, title = {Sequential Detection of Replay Attacks with a Parsimonious Watermarking Policy}, year = {2022}, doi = {10.23919/ACC53348.2022.9867703}, }
“Risk-averse controller design against data injection attacks on actuators for uncertain control systems”.
S. C. Anand and A. M. H. Teixeira.
American Control Conference, Atlanta, Georgia, USA, 2022
ABS BIB

In this paper, we consider the optimal controller design problem against data injection attacks on actuators for an uncertain control system. We consider attacks that aim at maximizing the attack impact while remaining stealthy in the finite horizon. To this end, we use the Conditional Value-at-Risk to characterize the risk associated with the impact of attacks. The worst-case attack impact is characterized using the recently proposed output-to-output ℓ 2 -gain (OOG). We formulate the design problem and observe that it is non-convex and hard to solve. Using the framework of scenario-based optimization and a convex proxy for the OOG, we propose a convex optimization problem that approximately solves the design problem with probabilistic certificates. Finally, we illustrate the results through a numerical example.
@inproceedings{Anand_ACC2022, address = {Atlanta, Georgia, USA}, author = {Anand, S. C. and Teixeira, A. M. H.}, booktitle = {American Control Conference}, title = {Risk-averse controller design against data injection attacks on actuators for uncertain control systems}, year = {2022}, doi = {10.23919/ACC53348.2022.9867257}, }

“Design of multiplicative watermarking against covert attacks”.
A. J. Gallo, S. C. Anand, A. M. H. Teixeira, and R. M. G. Ferrari.
IEEE Conf. Decision and Control, Austin, Texas, USA, 2021
BIB

@inproceedings{Gallo_CDC2021,
  address = {Austin, Texas, USA},
  author = {Gallo, A. J. and Anand, S. C. and Teixeira, A. M. H. and Ferrari, R. M. G.},
  booktitle = {IEEE Conf. Decision and Control},
  title = {Design of multiplicative watermarking against covert attacks},
  year = {2021},
  doi = {10.1109/CDC45484.2021.9683075},
}

“Stealthy Cyber-Attack Design Using Dynamic Programming”.
S. C. Anand and A. M. H. Teixeira.
IEEE Conf. Decision and Control, Austin, Texas, USA, 2021
BIB

@inproceedings{Anand_CDC2021,
  address = {Austin, Texas, USA},
  author = {Anand, S. C. and Teixeira, A. M. H.},
  booktitle = {IEEE Conf. Decision and Control},
  title = {Stealthy Cyber-Attack Design Using Dynamic Programming},
  year = {2021},
  doi = {10.1109/CDC45484.2021.9683451},
}

“Deception Attack Detection Using Reduced Watermarking”.
A. Naha, A. M. H. Teixeira, A. Ahlén, and S. Dey.
Eur. Control Conf., Rotterdam, The Netherlands, 2021
BIB

@inproceedings{Naha_ECC2021,
  address = {Rotterdam, The Netherlands},
  author = {Naha, A. and Teixeira, A. M. H. and Ahl\'{e}n, A. and Dey, S.},
  booktitle = {Eur. Control Conf.},
  title = {Deception Attack Detection Using Reduced Watermarking},
  year = {2021},
  doi = {10.23919/ECC54610.2021.9654843},
}

“Introduction to the Book”.
R. M. G. Ferrari and A. M. H. Teixeira.
in Safety, Security and Privacy for Cyber-Physical Systems, R. M. G. Ferrari and A. M. H. Teixeira, Eds. Cham: Springer International Publishing, 2021, pp. 1–8
BIB

@incollection{FerrariTeixeira_Springer2021,
  author = {Ferrari, Riccardo M. G. and Teixeira, Andr{\'e} M. H.},
  editor = {Ferrari, Riccardo M.G. and Teixeira, Andr{\'e} M. H.},
  title = {Introduction to the Book},
  booktitle = {Safety, Security and Privacy for Cyber-Physical Systems},
  year = {2021},
  publisher = {Springer International Publishing},
  address = {Cham},
  pages = {1--8},
  isbn = {978-3-030-65048-3},
  doi = {10.1007/978-3-030-65048-3_1},
}

“Security Metrics for Control Systems”.
A. M. H. Teixeira.
in Safety, Security and Privacy for Cyber-Physical Systems, R. M. G. Ferrari and A. M. H. Teixeira, Eds. Cham: Springer International Publishing, 2021, pp. 1–8
BIB

@incollection{Teixeira_Springer2021,
  author = {Teixeira, Andr{\'e} M. H.},
  editor = {Ferrari, Riccardo M.G. and Teixeira, Andr{\'e} M. H.},
  title = {Security Metrics for Control Systems},
  booktitle = {Safety, Security and Privacy for Cyber-Physical Systems},
  year = {2021},
  publisher = {Springer International Publishing},
  address = {Cham},
  pages = {1--8},
  isbn = {978-3-030-65048-3},
  doi = {10.1007/978-3-030-65048-3_6},
}

“Detection of Cyber-Attacks: A Multiplicative Watermarking Scheme”.
R. M. G. Ferrari and A. M. H. Teixeira.
in Safety, Security and Privacy for Cyber-Physical Systems, R. M. G. Ferrari and A. M. H. Teixeira, Eds. Cham: Springer International Publishing, 2021, pp. 1–8
BIB

@incollection{Ferrari_Springer2021,
  author = {Ferrari, Riccardo M. G. and Teixeira, Andr{\'e} M. H.},
  editor = {Ferrari, Riccardo M.G. and Teixeira, Andr{\'e} M. H.},
  title = {Detection of Cyber-Attacks: A Multiplicative Watermarking Scheme},
  booktitle = {Safety, Security and Privacy for Cyber-Physical Systems},
  year = {2021},
  publisher = {Springer International Publishing},
  address = {Cham},
  pages = {1--8},
  isbn = {978-3-030-65048-3},
  doi = {10.1007/978-3-030-65048-3_9},
}

“Privatized Distributed Anomaly Detection for Large-Scale Nonlinear Uncertain Systems”.
V. Rostampour, R. M. G. Ferrari, A. M. H. Teixeira, and T. Keviczky.
IEEE Trans. Automatic Control, vol. 66, no. 11, pp. 5299–5313, 2021
BIB

@article{Rostampour_TAC2020,
  author = {Rostampour, V. and Ferrari, R. M.G. and Teixeira, A. M. H. and Keviczky, T.},
  journal = {IEEE Trans. Automatic Control},
  number = {11},
  pages = {5299--5313},
  title = {Privatized Distributed Anomaly Detection for Large-Scale Nonlinear Uncertain Systems},
  volume = {66},
  year = {2021},
  doi = {10.1109/TAC.2020.3040251},
}

“A Switching Multiplicative Watermarking Scheme for Detection of Stealthy Cyber-Attacks”.
R. Ferrari and A. M. H. Teixeira.
IEEE Trans. Automatic Control, vol. 66, no. 6, pp. 2558–2573, 2020
BIB

@article{Ferrari_TAC2020,
  author = {Ferrari, R. and Teixeira, A. M. H.},
  journal = {IEEE Trans. Automatic Control},
  number = {6},
  pages = {2558--2573},
  title = {A Switching Multiplicative Watermarking Scheme for Detection of Stealthy Cyber-Attacks},
  volume = {66},
  year = {2020},
}

ADSec - Analysis and Design of Secure and Resilient Control Systems (2019-2023)

Call: VR Starting Grant, funded by the Swedish Research Council (Vetenskapsrådet)

Awarded to: André Teixeira (PI)

Reports on cyber-attacks, such as Stuxnet, have shown their devastating consequences on digitally controlled systems supporting modern societies. It is therefore of the utmost importance for control systems to be able to early detect and mitigate malicious cyber-attacks, which aim at having a significant impact on the system while remaining undetected. Unfortunately, existing techniques in control theory consider impact and detectability separately, and thus fail to accurately tackle malicious cyber-attacks. The aim of this project is to develop novel security metrics that jointly consider the impact and detectability of attacks, and that support the analysis and design of anomaly detectors and controllers for improved security and resilience.

“Risk Assessment of Stealthy Attacks on Uncertain Control Systems”.
S. C. Anand, A. M. H. Teixeira, and A. Ahlén.
IEEE Trans. Automatic Control, vol. 69, no. 5, pp. 3214–3221, May 2024
ABS BIB

In this article, we address the problem of risk assessment of stealthy attacks on uncertain control systems. Considering data injection attacks that aim at maximizing impact while remaining undetected, we use the recently proposed output-to-output gain to characterize the risk associated with the impact of attacks under a limited system knowledge attacker. The risk is formulated using a well-established risk metric, namely the maximum expected loss. Under this setups, the risk assessment problem corresponds to an untractable infinite non-convex optimization problem. To address this limitation, we adopt the framework of scenario-based optimization to approximate the infinite non-convex optimization problem by a sampled non-convex optimization problem. Then, based on the framework of dissipative system theory and S-procedure, the sampled non-convex risk assessment problem is formulated as an equivalent convex semi-definite program. Additionally, we derive the necessary and sufficient conditions for the risk to be bounded. Finally, we illustrate the results through numerical simulation of a hydro-turbine power system.
@article{Anand_TAC2024, author = {Anand, S. C. and Teixeira, A. M. H. and Ahl\'{e}n, A.}, journal = {IEEE Trans. Automatic Control}, number = {5}, pages = {3214--3221}, title = {Risk Assessment of Stealthy Attacks on Uncertain Control Systems}, volume = {69}, month = may, year = {2024}, doi = {10.1109/TAC.2023.3318194}, }
“Risk-based Security Measure Allocation Against Actuator Attacks”.
S. C. Anand and A. M. H. Teixeira.
IEEE Open Journal of Control Systems, vol. 2, pp. 297–309, 2023
ABS BIB

This article considers the problem of risk-optimal allocation of security measures when the actuators of an uncertain control system are under attack. We consider an adversary injecting false data into the actuator channels. The attack impact is characterized by the maximum performance loss caused by a stealthy adversary with bounded energy. Since the impact is a random variable, due to system uncertainty, we use Conditional Value-at-Risk (CVaR) to characterize the risk associated with the attack. We then consider the problem of allocating the security measures which minimize the risk. We assume that there are only a limited number of security measures available. Under this constraint, we observe that the allocation problem is a mixed-integer optimization problem. Thus we use relaxation techniques to approximate the security allocation problem into a Semi-Definite Program (SDP). We also compare our allocation method (i) across different risk measures: the worst-case measure, the average (nominal) measure, and (ii) across different search algorithms: the exhaustive and the greedy search algorithms. We depict the efficacy of our approach through numerical examples.
@article{Anand_IEEEOJCSys2023, author = {Anand, S. C. and Teixeira, A. M. H.}, journal = {IEEE Open Journal of Control Systems}, number = {}, pages = {297--309}, title = {Risk-based Security Measure Allocation Against Actuator Attacks}, volume = {2}, year = {2023}, doi = {10.1109/OJCSYS.2023.3305831}, }

“Feedback Path Delay Attacks and Detection”.
T. Wigren and A. M. H. Teixeira.
IEEE Conference on Decisions and Control, 2023
BIB

@inproceedings{Wigren_CDC2023,
  address = {},
  author = {Wigren, T. and Teixeira, A. M. H.},
  booktitle = {IEEE Conference on Decisions and Control},
  title = {Feedback Path Delay Attacks and Detection},
  year = {2023},
}

“Quickest Detection of Deception Attacks on Cyber-Physical Systems with a Parsimonious Watermarking Policy”.
A. Naha, A. M. H. Teixeira, A. Ahlén, and S. Dey.
Automatica, vol. 155, p. 111147, 2023
ABS BIB

The addition of a physical watermarking signal to the control input increases the detection probability of data deception attacks at the expense of increased control cost. In this paper, we propose a parsimonious policy to reduce the average number of watermarking events when the attack is not present, which in turn reduces the control cost. We model the system as a stochastic optimal control problem and apply the dynamic programming to minimize the average detection delay (ADD) for fixed upper bounds on false alarm rate (FAR) and increased control cost. The optimal solution results in a two threshold policy on the posterior probability of attack, which is derived from the Shiryaev statistics for sequential change detection assuming the change point is a random variable with a geometric distribution. We derive approximate expressions of ADD and FAR applying the non-linear renewal theory. The relationship between the average number of watermarking added before the attack and the increase in control cost is also derived. We design the optimal watermarking that maximizes the Kullback-Leibler divergence for a fixed increase in the control cost. Simulation studies are performed to illustrate and validate the theoretical results.
@article{Naha_AUTOMATICA2023, author = {Naha, A. and Teixeira, A. M. H. and Ahl\'{e}n, A. and Dey, S.}, journal = {Automatica}, number = {}, pages = {111147}, title = {Quickest Detection of Deception Attacks on Cyber-Physical Systems with a Parsimonious Watermarking Policy}, volume = {155}, year = {2023}, doi = {10.1016/j.automatica.2023.111147}, }
“Quickest Physical Watermarking-Based Detection of Measurement Replacement Attacks in Networked Control Systems”.
A. Naha, A. M. H. Teixeira, A. Ahlén, and S. Dey.
European Journal of Control, vol. 71, p. 100804, 2023
ABS BIB

In this paper, we propose and analyze an attack detection scheme for securing the physical layer of a networked control system (NCS) with a wireless sensor network against attacks where the adversary replaces the true observations with stationary false data. An independent and identically distributed watermarking signal is added to the optimal linear quadratic Gaussian (LQG) control inputs, and a cumulative sum (CUSUM) test is carried out using the joint distribution of the innovation signal and the watermarking signal for quickest attack detection. We derive the expressions of the supremum of the average detection delay (SADD) for a multi-input and multi-output (MIMO) system under the optimal and sub-optimal CUSUM tests. The SADD is asymptotically inversely proportional to the expected KullbackLeibler divergence (KLD) under certain conditions. The expressions for the MIMO case are simplified for multi-input and single-output systems and explored further to distil design insights. We provide insights into the design of an optimal watermarking signal to maximize KLD for a given fixed increase in LQG control cost when there is no attack. Furthermore, we investigate how the attacker and the control system designer can accomplish their respective objectives by changing the relative power of the attack signal and the watermarking signal. Simulations and numerical studies are carried out to validate the theoretical results.
@article{Naha_EJC2023, author = {Naha, A. and Teixeira, A. M. H. and Ahl\'{e}n, A. and Dey, S.}, journal = {European Journal of Control}, number = {}, pages = {100804}, title = {Quickest Physical Watermarking-Based Detection of Measurement Replacement Attacks in Networked Control Systems}, volume = {71}, year = {2023}, doi = {10.1016/j.ejcon.2023.100804}, }
“Privacy and Security in Network Controlled Systems via Dynamic Masking”.
M. Abdalmoaty, S. C. Anand, and A. M. H. Teixeira.
IFAC World Congress, 2023
ABS VID BIB

In this paper, we propose a new architecture to enhance the privacy and security of networked control systems against malicious adversaries. We consider an adversary which first learns the system dynamics (privacy) using system identification techniques, and then performs a data injection attack (security). In particular, we consider an adversary conducting zero-dynamics attacks (ZDA) which maximizes the performance cost of the system whilst staying undetected. However, using the proposed architecture, we show that it is possible to (i) introduce significant bias in the system estimates of the adversary: thus providing privacy of the system parameters, and (ii) efficiently detect attacks when the adversary performs a ZDA using the identified system: thus providing security. Through numerical simulations, we illustrate the efficacy of the proposed architecture.
@inproceedings{AbdalmoatyIFAC2023, address = {}, author = {Abdalmoaty, M. and Anand, S. C. and Teixeira, A. M. H.}, booktitle = {IFAC World Congress}, title = {Privacy and Security in Network Controlled Systems via Dynamic Masking}, year = {2023}, video = {https://youtu.be/uuz5ppriWLk}, }
“On-line Identification of Delay Attacks in Networked Servo Control”.
T. Wigren and A. M. H. Teixeira.
IFAC World Congress, 2023
ABS BIB

The paper discusses attacks on networked control loops by increased delay, and shows how existing round trip jitter may disguise such attacks. The attackers objective need not be de-stabilization, the paper argues that making settling time requirements fail can be sufficient. To defend against such attacks, the paper proposes the use of joint recursive prediction error identification of the round trip delay and the networked closed loop dynamics. The proposed identification algorithm allows general defense, since it is designed for delayed nonlinear dynamics in state space form. Simulations show that the method is able to detect a delay attack on a printed circuit board component mounting servo loop, long before the attack reaches full effect.
@inproceedings{WigrenIFAC2023, address = {}, author = {Wigren, T. and Teixeira, A. M. H.}, booktitle = {IFAC World Congress}, title = {On-line Identification of Delay Attacks in Networked Servo Control}, year = {2023}, }
“An Online Kullback-Leibler Divergence-Based Stealthy Attack against Cyber-Physical Systems”.
Q. Zhang, K. Liu, A. M. H. Teixeira, Y. Li, S. Chai, and Y. Xia.
IEEE Trans. Automatic Control, vol. 68, no. 6, pp. 3672–3679, 2023
ABS BIB

This article investigates the design of online stealthy attacks with the aim of moving the system’s state to a desired target. Different from the design of offline attacks, which is only based on the system’s model, to design the online attack, the attacker also estimates the system’s state with the intercepted data at each instant and computes the optimal attack accordingly. To ensure stealthiness, the Kullback-Leibler divergence between the innovations with and without attacks at each instant should be smaller than a threshold. We show that the attacker should solve a convex optimization problem at each instant to compute the mean and covariance of the attack. The feasibility of the attack policy is also discussed. Furthermore, for the strictly stealthy case with zero threshold, the analytic expression of the unique optimal attack is given. Finally, a numerical example of the longitudinal flight control system is adopted to illustrate the effectiveness of the proposed attack.
@article{Zhang_TAC2023, author = {Zhang, Q. and Liu, K. and Teixeira, A. M. H. and Li, Y. and Chai, S. and Xia, Y.}, journal = {IEEE Trans. Automatic Control}, number = {6}, pages = {3672--3679}, title = {An Online Kullback-Leibler Divergence-Based Stealthy Attack against Cyber-Physical Systems}, volume = {68}, year = {2023}, doi = {10.1109/TAC.2022.3192201}, }
“Sequential detection of Replay attacks”.
A. Naha, A. M. H. Teixeira, A. Ahlén, and S. Dey.
IEEE Trans. Automatic Control, vol. 68, no. 3, pp. 1941–1948, 2023
ABS BIB

One of the most studied forms of attacks on the cyber-physical systems is the replay attack. The statistical similarities of the replayed signal and the true observations make the replay attack difficult to detect. In this paper, we address the problem of replay attack detection by adding watermarking to the control inputs and then perform resilient detection using cumulative sum (CUSUM) test on the joint statistics of the innovation signal and the watermarking signal, whereas existing work considers only the marginal distribution of the innovation signal. We derive the expression of the Kullback-Liebler divergence (KLD) between the two joint distributions before and after the replay attack, which is, asymptotically, inversely proportional to the detection delay. We perform a structural analysis of the derived KLD expression and suggest a technique to improve the KLD for the systems with relative degree greater than one. A scheme to find the optimal watermarking signal variance for a fixed increase in the control cost to maximize the KLD under the CUSUM test is presented. We provide various numerical simulation results to support our theory. The proposed method is also compared with a state-ofthe-art method based on the Neyman-Pearson detector, illustrating the smaller detection delay of the proposed sequential detector.
@article{NahaTAC2022, author = {Naha, A. and Teixeira, A. M. H. and Ahl\'{e}n, A. and Dey, S.}, journal = {IEEE Trans. Automatic Control}, number = {3}, pages = {1941--1948}, title = {Sequential detection of Replay attacks}, volume = {68}, year = {2023}, doi = {10.1109/TAC.2022.3174004}, }
“Structural analyses of a parsimonious watermarking policy
for data deception attack detection in networked control systems”.
A. Naha, A. M. H. Teixeira, A. Ahlén, and S. Dey.
IEEE Conference on Decisions and Control (CDC), 2022
ABS BIB

In this paper, we perform structural analyses of a parsimonious watermarking policy, which minimizes the average detection delay (ADD) to detect data deception attacks on networked control systems (NCS) for a fixed upper bound on the false alarm rate (FAR). The addition of physical watermarking to the control input of a NCS increases the probability of attack detections with an increase in the control cost. Therefore, we formulate the problem of data deception attack detection for NCS with the facility to add physical watermarking as a stochastic optimal control problem. Then we solve the problem by applying dynamic programming value iterations and find a parsimonious watermarking policy that decides to add watermarking and detects attacks based on the estimated posterior probability of attack. We analyze the optimal policy structure and find that it can be a one, two or three threshold policy depending on a few parameter values. Simulation studies show that the optimal policy for a practical range of parameter values is a two-threshold policy on the posterior probability of attack. Derivation of a threshold-based policy from the structural analysis of the value iteration method reduces the computational complexity during the runtime implementation and offers better structural insights. Furthermore, such an analysis provides a guideline for selecting the parameter values to meet the design requirements.
@inproceedings{NahaCDC2022, address = {}, author = {Naha, A. and Teixeira, A. M. H. and Ahl\'{e}n, A. and Dey, S.}, booktitle = {IEEE Conference on Decisions and Control (CDC)}, title = {Structural analyses of a parsimonious watermarking policy for data deception attack detection in networked control systems}, year = {2022}, doi = {10.1109/CDC51059.2022.9993201}, }
“Risk assessment and optimal allocation of security measures under stealthy false data injection attacks”.
S. C. Anand, A. M. H. Teixeira, and A. Ahlén.
IEEE Conference on Control Technology and Applications (CCTA), 2022
ABS BIB

This paper firstly addresses the problem of risk assessment under false data injection attacks on uncertain control systems. We consider an adversary with complete system knowledge, injecting stealthy false data into an uncertain control system. We then use the Value-at-Risk to characterize the risk associated with the attack impact caused by the adversary. The worst-case attack impact is characterized by the recently proposed output-to-output gain. We observe that the risk assessment problem corresponds to an infinite non-convex robust optimization problem. To this end, we use dissipative system theory and the scenario approach to approximate the risk-assessment problem into a convex problem and also provide probabilistic certificates on approximation. Secondly, we con-sider the problem of security measure allocation. We consider an operator with a constraint on the security budget. Under this constraint, we propose an algorithm to optimally allocate the security measures using the calculated risk such that the resulting Value-at-risk is minimized. Finally, we illustrate the results through a numerical example. The numerical example also illustrates that the security allocation using the Value-at-risk, and the impact on the nominal system may have different outcomes: thereby depicting the benefit of using risk metrics.
@inproceedings{AnandCCTA2022, address = {}, author = {Anand, S. C. and Teixeira, A. M. H. and Ahl\'{e}n, A.}, booktitle = {IEEE Conference on Control Technology and Applications (CCTA)}, title = {Risk assessment and optimal allocation of security measures under stealthy false data injection attacks}, year = {2022}, doi = {10.1109/CCTA49430.2022.9966025}, }
“A Single-Adversary-Single-Detector Zero-Sum Game in Networked Control Systems”.
A. T. Nguyen, A. M. H. Teixeira, and A. Medvedev.
IFAC Conference on Networked Systems (NecSys), 2022
ABS BIB

This paper proposes a game-theoretic approach to address the problem of optimal sensor placement for detecting cyber-attacks in networked control systems. The problem is formulated as a zero-sum game with two players, namely a malicious adversary and a detector. Given a protected target vertex, the detector places a sensor at a single vertex to monitor the system and detect the presence of the adversary. On the other hand, the adversary selects a single vertex through which to conduct a cyber-attack that maximally disrupts the target vertex while remaining undetected by the detector. As our first contribution, for a given pair of attack and monitor vertices and a known target vertex, the game payoff function is defined as the output-to-output gain of the respective system. Then, the paper characterizes the set of feasible actions by the detector that ensures bounded values of the game payoff. Finally, an algebraic sufficient condition is proposed to examine whether a given vertex belongs to the set of feasible monitor vertices. The optimal sensor placement is then determined by computing the mixed-strategy Nash equilibrium of the zero-sum game through linear programming. The approach is illustrated via a numerical example of a 10-vertex networked control system with a given target vertex.
@inproceedings{NguyenNecsys2022, address = {}, author = {Nguyen, A. T. and Teixeira, A. M. H. and Medvedev, A.}, booktitle = {IFAC Conference on Networked Systems (NecSys)}, title = {A Single-Adversary-Single-Detector Zero-Sum Game in Networked Control Systems}, year = {2022}, doi = {10.1016/j.ifacol.2022.07.234}, }
“Detection of Bias Injection Attacks on the Glucose Sensor in the Artificial Pancreas Under Meal Disturbances”.
F. E. Tosun, A. M. H. Teixeira, A. Ahlén, and S. Dey.
American Control Conference, Atlanta, Georgia, USA, 2022
ABS BIB

The artificial pancreas is an emerging concept of closed-loop insulin delivery that aims to tightly regulate the blood glucose levels in patients with type 1 diabetes. This paper considers bias injection attacks on the glucose sensor deployed in an artificial pancreas. Modern glucose sensors transmit measurements through wireless communication that are vulnerable to cyber-attacks, which must be timely detected and mitigated. To this end, we propose a model-based anomaly detection scheme using a Kalman filter and a χ 2 test. One key challenge is to distinguish cyber-attacks from large unknown disturbances arising from meal intake. This challenge is addressed by an online meal estimator, and a novel time-varying detection threshold. More precisely, we show that the ordinary least squares is the optimal unbiased estimator of the meal size under certain modelling assumptions. Moreover, we derive a novel time-varying threshold for the χ 2 detector to avoid false alarms during meal ingestion. The results are validated by means of numerical simulations.
@inproceedings{Tosun_ACC2022, address = {Atlanta, Georgia, USA}, author = {Tosun, F. E. and Teixeira, A. M. H. and Ahl\'{e}n, A. and Dey, S.}, booktitle = {American Control Conference}, title = {Detection of Bias Injection Attacks on the Glucose Sensor in the Artificial Pancreas Under Meal Disturbances}, year = {2022}, doi = {10.23919/ACC53348.2022.9867556}, }
“Sequential Detection of Replay Attacks with a Parsimonious Watermarking Policy”.
A. Naha, A. M. H. Teixeira, A. Ahlén, and S. Dey.
American Control Conference, Atlanta, Georgia, USA, 2022
ABS BIB

In this paper, we have proposed a technique for Bayesian sequential detection of replay attacks on networked control systems with a constraint on the average number of watermarking (ANW) events used during normal system operations. Such a constraint limits the increase in the control cost due to watermarking. To determine the optimal sequence regarding the addition or otherwise of watermarking signals, first, we formulate an infinite horizon stochastic optimal control problem with a termination state. Then applying the value iteration approach, we find an optional policy that minimizes the average detection delay (ADD) for fixed upper bounds on the false alarm rate (FAR) and ANW. The optimal policy turns out to be a two thresholds policy on the posterior probability of attack. We derive approximate expressions of ADD and FAR as functions of the two derived thresholds and a few other parameters. A simulation study on a single-input single-output system illustrates that the proposed method improves the control cost considerably at the expense of small increases in ADD. We also perform simulation studies to validate the derived theoretical results.
@inproceedings{Naha_ACC2022, address = {Atlanta, Georgia, USA}, author = {Naha, A. and Teixeira, A. M. H. and Ahl\'{e}n, A. and Dey, S.}, booktitle = {American Control Conference}, title = {Sequential Detection of Replay Attacks with a Parsimonious Watermarking Policy}, year = {2022}, doi = {10.23919/ACC53348.2022.9867703}, }
“Risk-averse controller design against data injection attacks on actuators for uncertain control systems”.
S. C. Anand and A. M. H. Teixeira.
American Control Conference, Atlanta, Georgia, USA, 2022
ABS BIB

In this paper, we consider the optimal controller design problem against data injection attacks on actuators for an uncertain control system. We consider attacks that aim at maximizing the attack impact while remaining stealthy in the finite horizon. To this end, we use the Conditional Value-at-Risk to characterize the risk associated with the impact of attacks. The worst-case attack impact is characterized using the recently proposed output-to-output ℓ 2 -gain (OOG). We formulate the design problem and observe that it is non-convex and hard to solve. Using the framework of scenario-based optimization and a convex proxy for the OOG, we propose a convex optimization problem that approximately solves the design problem with probabilistic certificates. Finally, we illustrate the results through a numerical example.
@inproceedings{Anand_ACC2022, address = {Atlanta, Georgia, USA}, author = {Anand, S. C. and Teixeira, A. M. H.}, booktitle = {American Control Conference}, title = {Risk-averse controller design against data injection attacks on actuators for uncertain control systems}, year = {2022}, doi = {10.23919/ACC53348.2022.9867257}, }

@inproceedings{Gallo_CDC2021,
  address = {Austin, Texas, USA},
  author = {Gallo, A. J. and Anand, S. C. and Teixeira, A. M. H. and Ferrari, R. M. G.},
  booktitle = {IEEE Conf. Decision and Control},
  title = {Design of multiplicative watermarking against covert attacks},
  year = {2021},
  doi = {10.1109/CDC45484.2021.9683075},
}

“Stealthy Cyber-Attack Design Using Dynamic Programming”.
S. C. Anand and A. M. H. Teixeira.
IEEE Conf. Decision and Control, Austin, Texas, USA, 2021
BIB

@inproceedings{Anand_CDC2021,
  address = {Austin, Texas, USA},
  author = {Anand, S. C. and Teixeira, A. M. H.},
  booktitle = {IEEE Conf. Decision and Control},
  title = {Stealthy Cyber-Attack Design Using Dynamic Programming},
  year = {2021},
  doi = {10.1109/CDC45484.2021.9683451},
}

“Deception Attack Detection Using Reduced Watermarking”.
A. Naha, A. M. H. Teixeira, A. Ahlén, and S. Dey.
Eur. Control Conf., Rotterdam, The Netherlands, 2021
BIB

@inproceedings{Naha_ECC2021,
  address = {Rotterdam, The Netherlands},
  author = {Naha, A. and Teixeira, A. M. H. and Ahl\'{e}n, A. and Dey, S.},
  booktitle = {Eur. Control Conf.},
  title = {Deception Attack Detection Using Reduced Watermarking},
  year = {2021},
  doi = {10.23919/ECC54610.2021.9654843},
}

@incollection{FerrariTeixeira_Springer2021,
  author = {Ferrari, Riccardo M. G. and Teixeira, Andr{\'e} M. H.},
  editor = {Ferrari, Riccardo M.G. and Teixeira, Andr{\'e} M. H.},
  title = {Introduction to the Book},
  booktitle = {Safety, Security and Privacy for Cyber-Physical Systems},
  year = {2021},
  publisher = {Springer International Publishing},
  address = {Cham},
  pages = {1--8},
  isbn = {978-3-030-65048-3},
  doi = {10.1007/978-3-030-65048-3_1},
}

@incollection{Teixeira_Springer2021,
  author = {Teixeira, Andr{\'e} M. H.},
  editor = {Ferrari, Riccardo M.G. and Teixeira, Andr{\'e} M. H.},
  title = {Security Metrics for Control Systems},
  booktitle = {Safety, Security and Privacy for Cyber-Physical Systems},
  year = {2021},
  publisher = {Springer International Publishing},
  address = {Cham},
  pages = {1--8},
  isbn = {978-3-030-65048-3},
  doi = {10.1007/978-3-030-65048-3_6},
}

@incollection{Ferrari_Springer2021,
  author = {Ferrari, Riccardo M. G. and Teixeira, Andr{\'e} M. H.},
  editor = {Ferrari, Riccardo M.G. and Teixeira, Andr{\'e} M. H.},
  title = {Detection of Cyber-Attacks: A Multiplicative Watermarking Scheme},
  booktitle = {Safety, Security and Privacy for Cyber-Physical Systems},
  year = {2021},
  publisher = {Springer International Publishing},
  address = {Cham},
  pages = {1--8},
  isbn = {978-3-030-65048-3},
  doi = {10.1007/978-3-030-65048-3_9},
}

@article{Rostampour_TAC2020,
  author = {Rostampour, V. and Ferrari, R. M.G. and Teixeira, A. M. H. and Keviczky, T.},
  journal = {IEEE Trans. Automatic Control},
  number = {11},
  pages = {5299--5313},
  title = {Privatized Distributed Anomaly Detection for Large-Scale Nonlinear Uncertain Systems},
  volume = {66},
  year = {2021},
  doi = {10.1109/TAC.2020.3040251},
}

@article{Ferrari_TAC2020,
  author = {Ferrari, R. and Teixeira, A. M. H.},
  journal = {IEEE Trans. Automatic Control},
  number = {6},
  pages = {2558--2573},
  title = {A Switching Multiplicative Watermarking Scheme for Detection of Stealthy Cyber-Attacks},
  volume = {66},
  year = {2020},
}

“Actuator Security Indices Based on Perfect Undetectability: Computation, Robustness, and Sensor Placement”.
J. Milosevic, A. M. H. Teixeira, H. Sandberg, and K. H. Johansson.
IEEE Trans. Automatic Control, vol. 65, no. 9, pp. 3816–3831, 2020
BIB

@article{Milosevic_TAC2020,
  author = {Milosevic, J. and Teixeira, A. M. H. and Sandberg, H. and Johansson, K. H.},
  doi = {10.1109/TAC.2020.2981392},
  journal = {IEEE Trans. Automatic Control},
  number = {9},
  pages = {3816--3831},
  title = {Actuator Security Indices Based on Perfect Undetectability: Computation, Robustness, and Sensor Placement},
  volume = {65},
  year = {2020},
}

“Effects of Jamming Attacks on a Control System With Energy Harvesting”.
S. Knorn and A. M. H. Teixeira.
IEEE Control Systems Letters, vol. 3, no. 4, pp. 829–834, 2019
BIB

@article{Knorn_CSL2019,
  author = {Knorn, S. and Teixeira, A. M. H.},
  journal = {IEEE Control Systems Letters},
  number = {4},
  pages = {829--834},
  title = {Effects of Jamming Attacks on a Control System With Energy Harvesting},
  volume = {3},
  year = {2019},
}

“Joint controller and detector design against
data injection attacks on actuators”.
S. C. Anand and A. M. H. Teixeira.
IFAC World Congress, Berlin, Germany, 2020
BIB

@inproceedings{Anand_2020,
  address = {Berlin, Germany},
  author = {Anand, S. C. and Teixeira, A M H},
  booktitle = {IFAC World Congress},
  title = {Joint controller and detector design against
  data injection attacks on actuators},
  year = {2020},
}

“Optimal stealthy attacks on actuators for strictly proper systems”.
A. M. H. Teixeira.
IEEE Conf. Decision and Control, Nice, France, 2019
BIB

@inproceedings{Teixeira_CDC2019,
  address = {Nice, France},
  author = {Teixeira, A. M. H.},
  booktitle = {IEEE Conf. Decision and Control},
  title = {Optimal stealthy attacks on actuators for strictly proper systems},
  year = {2019},
}

“A Tutorial Introduction to Security and Privacy for Cyber-Physical Systems”.
M. S. Chong, H. Sandberg, and A. M. H. Teixeira.
Eur. Control Conf., Napoles, Italy, 2019
BIB

@inproceedings{Chong_ECC2019,
  address = {Napoles, Italy},
  author = {Chong, M. S. and Sandberg, H. and Teixeira, A. M. H.},
  booktitle = {Eur. Control Conf.},
  title = {A Tutorial Introduction to Security and Privacy for Cyber-Physical Systems},
  year = {2019},
}

“Data Injection Attacks against Feedforward Controllers”.
A. M. H. Teixeira.
Eur. Control Conf., Napoles, Italy, 2019
BIB

@inproceedings{Teixeira_ECC2019,
  address = {Napoles, Italy},
  author = {Teixeira, A. M. H.},
  booktitle = {Eur. Control Conf.},
  title = {Data Injection Attacks against Feedforward Controllers},
  year = {2019},
}

LifeSec - Don’t Hack my Body (2018-2023)

Call: SSF Cyber Security Framework Program, funded by the Swedish Foundation for Strategic Research (SSF)

Awarded to: Thiemo Voigt (UU, PI), Robin Augustin (UU), Anders Ahlén (UU), Subhrakanti Dey (UU)

Implanted devices must be effectively secured to avoid life-threatening scenarios where attackers control implanted devices such as pacemakers or insuline pumps, or install malware inside a human body. This project devises a security architecture for networked implanted medical devices that also enables a secure connection of the in-body network to the Internet. Our architecture ensures confidentiality, integrity and availability of the implanted devices considering also patients’ privacy.

Secure Our Safety: Building Cyber Security for Flood Management (2015-2019)

Call: Cyber Security research program, funded by the Dutch Research Council

Awarded to: Pieter van Gelder (TU Delft), Wolter Pieters (TU Delft)

Cyber attacks on critical infrastructures can have devastating consequences for environment, health and even human lives. To improve the protection and resilience, various approaches for security risk assessment, attack detection and safety monitoring have been developed. However, the links between cyber security and safety management are poorly understood, and relevant information is not shared, creating space for malicious activities to pass undetected. The project has two objectives. Firstly, the project will enrich network security monitoring with safety context information. Secondly, the project will improve safety incident response by procedures that include information from security monitoring in assessing the expected effectiveness of responses. The integration of the two innovations will enable adequate responses to flood defense security threats.