Vulnerability Analysis of Nonlinear Control Systems to Stealthy False Data Injection Attacks

In this work, we focus on analyzing vulnerability of nonlinear dynamical control systems to stealthy false data injection attacks on sensors. We start by defining the stealthiness notion in the most general form where an attack is considered stealthy if it would be undetected by any intrusion detector, i.e., any intrusion detector could not do better than a random guess. Depending on the level of attacker's knowledge about the plant model, controller, and the system states, two different attack models are considered. For each attack model, we derive the conditions for which the system will be vulnerable to stealthy impactful attacks, in addition to finding a methodology for designing such sequence of false data injection attacks. When the attacker has complete knowledge about the system, we show that if the closed loop system is incrementally exponentially stable while the open loop plant is incrementally unstable, then the system is vulnerable to stealthy yet impactful attacks on sensors. However, in the second attack model, with less knowledge about the system, additional conditions need to be satisfied and the level of stealthiness depends on the accuracy of attacker's knowledge about the system. We also consider the impact of stealthy attacks on state estimation, and show that if the closed loop control system including the estimator is incrementally stable, then the state estimation in the presence of attack converges to the attack free estimates. Finally, we illustrate our results on numerical case studies.