**ABSTRACT**

The interaction between information technology and physical world makes Cyber-Physical Systems (CPS) vulnerable to malicious attacks beyond the standard cyber attacks. This has motivated the need for attack-resilient state estimation. Yet, the existing state-estimators are based on the non-realistic assumption that the exact system model is known.

Consequently, in this work we present a method for state estimation in presence of attacks, for systems with noise and modeling errors. When the the estimated states are used by a state-based feedback controller, we show that the attacker cannot destabilize the system by exploiting the difference between the model used for the state estimation and the real physical dynamics of the system.

Furthermore, we describe how implementation issues such as jitter, latency and synchronization errors can be mapped into parameters of the state estimation procedure that describe modeling errors, and provide a bound on the state-estimation error caused by modeling errors. This enables mapping control performance requirements into real-time (i.e., timing related) specifications imposed on the underlying platform. Finally, we illustrate and experimentally evaluate this approach on an unmanned ground vehicle case-study.

**MOTIVATION AND PROBLEM DESCRIPTION**

We first consider setups where all plant’s output are sampled (i.e., measured) at times t_{k}, k ≥ 0, and where all actuators apply newly calculated inputs at times t_{k} + τ_{k}, k ≥ 0, as shown in Fig. 1. We denote the k^{th} sampling period of the plant by T_{s;k} = t_{k+1} t_{k}, and note that the input signal will have the form shown in Fig. 1(b). Using the approach we describe the system as,

where u(t^{+}) is a piecewise continuous function that only changes values at time instances t_{k} + τ_{k}, k ≥ 0.

**RESILIENT STATE ESTIMATION IN PRESENCE OF MODELING ERRORS**

As illustrated, the effects of the input vectors u_{k} are taken into account when computing the matrix Y_{t;N}. Thus, in the rest of this paper (unless otherwise stated) we will assume that u_{k }= 0 for all k ≥ 0. In addition, to further simplify the notation we consider the case for t = N-1, meaning that our goal is to obtain x_{0}, and we denote the matrices Y_{t;N };E_{t;N }and Φ_{N}(x) as Y;E and Φ (x), respectively.

We assume that the state of the plant at k = 0 is x_{0} and that the system evolves for N steps as specified (for uk = 0) for some attack vectors e_{0},…, e_{N-1 }applied on the sensors from set K ={ s_{i1,}…, s_{iq} } ⊆ S, where |K| ≤ q_{max}, and the corresponding matrix E = |e_{0}||e_{1}| …|e_{N-1}|. Furthermore, we assume that |w_{k}|≤ ε_{wk} and |v_{k}| ≤ ε_{vk} for k = 0; 1; :::;N – 1, and we define,

**ROBUSTNESS OF P _{0, Δ}(Y) STATE ESTIMATION**

In this section, we provide robustness analysis for P_{0, Δ}(Y) optimization problem when matrix Δ satisfies conditions from the previous section. We start by showing that the attacker cannot exploit the modeling errors to destabilize the system before we present a method to bound the error caused by noise and modeling errors – i.e., we provide a bound on ||x_{0, Δ }– x_{0}||_{2}.

**EVALUATION**

To evaluate conservativeness of the error bound obtained using Algorithm 1 we consider two types of systems – systems with n = 10 states and p = 5 sensors, and with n = 20 states and p = 11 sensors. For each system type we randomly generated 100 systems with measurement models satisfying that the rows of the C matrix have unit magnitude and matrices had Δ elements between 0 and 2.

In both simulations and Algorithm 1 executions, we considered the case when window size N is equal to the number of system states (i.e., N = n). Comparison between the bounds provided by Algorithm 1 and simulation results are shown in Fig. 2 and Fig. 3.

**CASE STUDY**

We illustrate the development framework on a design of secure cruise control of the Land Shark vehicle, a fully electric Unmanned Ground Vehicle (UGV) shown in Fig.4(a). To obtain a dynamical model of the vehicle we used the standard differential drive vehicle model (Fig. 4(b)). On the Land Shark, the CPU that implements the state estimation and controller procedure is connected to all sensors through independent serial buses, while the motors are connected to the CPU via motor drivers (as presented in Fig. 4(c)).

From the developed GUI we demonstrate that the robot can reach and maintain the desired reference speed even when one of the sensors is under attack, as shown in Fig. 6. Fig. 6(a) presents speed estimates from the encoders and GPS; each of the sensors has been attacked at some point, with attacks such that their measurements would result in the speed estimate equal to 4 m/s, except in the last period of the simulation when we have switched to an alternating attack on the encoder left. However, as shown in Fig. 6(b) when the attack-resilient controller is active the robot reaches and maintains the desired speed of 1 m/s.

In addition, there is a huge discrepancy between sensors’ sampling jitters. For example, encoders’ sampling jitters are bounded by 100 μs (as shown in Fig. 7), while GPS has highly variable jitter with maximal values up to 125 ms. Therefore, it is not possible to use the idealized discrete-time model, but rather the full input compensation has to be done, before the state-estimator is executed.

**CONCLUSION**

In this paper, we have considered the problem of attack resilient state estimation in systems with noise and where the exact model of the system dynamics is not known. We have described a l_{0}-norm based state estimator that can be used for these systems, and showed that the attacker cannot exploit the noise and limitations in model accuracy to destabilize the system.

Furthermore, we have provided an algorithm to derive a bound for the state estimation error caused by noise and modeling errors, and presented a procedure to map these bounds into a set of implementation specifications imposed on the underlying platform. Finally, we have illustrated our approach by designing an attack-resilient constant speed cruise controller for unmanned ground vehicle.

We have shown that the presented l_{0}-norm optimization procedure for state estimation can be formulated as a mixed integer linear program. Although there exist efficient MILP solvers, MILPs are effectively NP hard.

Therefore, the natural next step would include transforming the l_{0} state estimator into a convex program based on l_{1}=l_{r} optimization (e.g., r = 2) as done. In this case, providing a bound for the state-estimation error when the l_{1}=l_{r} convex relaxation is used will be an avenue for future work.

Source: University of Pennsylvania

Authors: Miroslav Pajic | James Weimer | Nicola Bezzo | Paulo Tabuada | Oleg Sokolsky | Insup Lee | George Pappas