-
An Adaptive Method for Non-Stationary Stochastic Multi-armed Bandits with Rewards Generated by a Linear Dynamical System
Authors:
Jonathan Gornet,
Mehdi Hosseinzadeh,
Bruno Sinopoli
Abstract:
Online decision-making can be formulated as the popular stochastic multi-armed bandit problem where a learner makes decisions (or takes actions) to maximize cumulative rewards collected from an unknown environment. A specific variant of the bandit problem is the non-stationary stochastic multi-armed bandit problem, where the reward distributions\textemdash which are unknown to the learner\textemda…
▽ More
Online decision-making can be formulated as the popular stochastic multi-armed bandit problem where a learner makes decisions (or takes actions) to maximize cumulative rewards collected from an unknown environment. A specific variant of the bandit problem is the non-stationary stochastic multi-armed bandit problem, where the reward distributions\textemdash which are unknown to the learner\textemdash change over time. This paper proposes to model non-stationary stochastic multi-armed bandits as an unknown stochastic linear dynamical system as many applications, such as bandits for dynamic pricing problems or hyperparameter selection for machine learning models, can benefit from this perspective. Following this approach, we can build a matrix representation of the system's steady-state Kalman filter that takes a set of previously collected observations from a time interval of length $s$ to predict the next reward that will be returned for each action. This paper proposes a solution in which the parameter $s$ is determined via an adaptive algorithm by analyzing the model uncertainty of the matrix representation. This algorithm helps the learner adaptively adjust its model size and its length of exploration based on the uncertainty of its environmental model. The effectiveness of the proposed scheme is demonstrated through extensive numerical studies, revealing that the proposed scheme is capable of increasing the rate of collected cumulative rewards.
△ Less
Submitted 14 June, 2024;
originally announced June 2024.
-
Restless Bandit Problem with Rewards Generated by a Linear Gaussian Dynamical System
Authors:
Jonathan Gornet,
Bruno Sinopoli
Abstract:
Decision-making under uncertainty is a fundamental problem encountered frequently and can be formulated as a stochastic multi-armed bandit problem. In the problem, the learner interacts with an environment by choosing an action at each round, where a round is an instance of an interaction. In response, the environment reveals a reward, which is sampled from a stochastic process, to the learner. Th…
▽ More
Decision-making under uncertainty is a fundamental problem encountered frequently and can be formulated as a stochastic multi-armed bandit problem. In the problem, the learner interacts with an environment by choosing an action at each round, where a round is an instance of an interaction. In response, the environment reveals a reward, which is sampled from a stochastic process, to the learner. The goal of the learner is to maximize cumulative reward. In this work, we assume that the rewards are the inner product of an action vector and a state vector generated by a linear Gaussian dynamical system. To predict the reward for each action, we propose a method that takes a linear combination of previously observed rewards for predicting each action's next reward. We show that, regardless of the sequence of previous actions chosen, the reward sampled for any previously chosen action can be used for predicting another action's future reward, i.e. the reward sampled for action 1 at round $t-1$ can be used for predicting the reward for action $2$ at round $t$. This is accomplished by designing a modified Kalman filter with a matrix representation that can be learned for reward prediction. Numerical evaluations are carried out on a set of linear Gaussian dynamical systems and are compared with 2 other well-known stochastic multi-armed bandit algorithms.
△ Less
Submitted 22 May, 2024; v1 submitted 15 May, 2024;
originally announced May 2024.
-
Beyond PCA: A Probabilistic Gram-Schmidt Approach to Feature Extraction
Authors:
Bahram Yaghooti,
Netanel Raviv,
Bruno Sinopoli
Abstract:
Linear feature extraction at the presence of nonlinear dependencies among the data is a fundamental challenge in unsupervised learning. We propose using a probabilistic Gram-Schmidt (GS) type orthogonalization process in order to detect and map out redundant dimensions. Specifically, by applying the GS process over a family of functions which presumably captures the nonlinear dependencies in the d…
▽ More
Linear feature extraction at the presence of nonlinear dependencies among the data is a fundamental challenge in unsupervised learning. We propose using a probabilistic Gram-Schmidt (GS) type orthogonalization process in order to detect and map out redundant dimensions. Specifically, by applying the GS process over a family of functions which presumably captures the nonlinear dependencies in the data, we construct a series of covariance matrices that can either be used to identify new large-variance directions, or to remove those dependencies from the principal components. In the former case, we provide information-theoretic guarantees in terms of entropy reduction. In the latter, we prove that under certain assumptions the resulting algorithms detect and remove nonlinear dependencies whenever those dependencies lie in the linear span of the chosen function family. Both proposed methods extract linear features from the data while removing nonlinear redundancies. We provide simulation results on synthetic and real-world datasets which show improved performance over PCA and state-of-the-art linear feature extraction algorithms, both in terms of variance maximization of the extracted features, and in terms of improved performance of classification algorithms. Additionally, our methods are comparable and often outperform the non-linear method of kernel PCA.
△ Less
Submitted 5 February, 2024; v1 submitted 15 November, 2023;
originally announced November 2023.
-
Towards Hyperparameter-Agnostic DNN Training via Dynamical System Insights
Authors:
Carmel Fiscko,
Aayushya Agarwal,
Yihan Ruan,
Soummya Kar,
Larry Pileggi,
Bruno Sinopoli
Abstract:
We present a stochastic first-order optimization method specialized for deep neural networks (DNNs), ECCO-DNN. This method models the optimization variable trajectory as a dynamical system and develops a discretization algorithm that adaptively selects step sizes based on the trajectory's shape. This provides two key insights: designing the dynamical system for fast continuous-time convergence and…
▽ More
We present a stochastic first-order optimization method specialized for deep neural networks (DNNs), ECCO-DNN. This method models the optimization variable trajectory as a dynamical system and develops a discretization algorithm that adaptively selects step sizes based on the trajectory's shape. This provides two key insights: designing the dynamical system for fast continuous-time convergence and develo** a time-step** algorithm to adaptively select step sizes based on principles of numerical integration and neural network structure. The result is an optimizer with performance that is insensitive to hyperparameter variations and that achieves comparable performance to state-of-the-art optimizers including ADAM, SGD, RMSProp, and AdaGrad. We demonstrate this in training DNN models and datasets, including CIFAR-10 and CIFAR-100 using ECCO-DNN and find that ECCO-DNN's single hyperparameter can be changed by three orders of magnitude without affecting the trained models' accuracies. ECCO-DNN's insensitivity reduces the data and computation needed for hyperparameter tuning, making it advantageous for rapid prototy** and for applications with new datasets. To validate the efficacy of our proposed optimizer, we train an LSTM architecture on a household power consumption dataset with ECCO-DNN and achieve an optimal mean-square-error without tuning hyperparameters.
△ Less
Submitted 20 October, 2023;
originally announced October 2023.
-
An Equivalent Circuit Workflow for Unconstrained Optimization
Authors:
Aayushya Agarwal,
Carmel Fiscko,
Soummya Kar,
Larry Pileggi,
Bruno Sinopoli
Abstract:
We introduce a new workflow for unconstrained optimization whereby objective functions are mapped onto a physical domain to more easily design algorithms that are robust to hyperparameters and achieve fast convergence rates. Specifically, we represent optimization problems as an equivalent circuit that are then solved solely as nonlinear circuits using robust solution methods. The equivalent circu…
▽ More
We introduce a new workflow for unconstrained optimization whereby objective functions are mapped onto a physical domain to more easily design algorithms that are robust to hyperparameters and achieve fast convergence rates. Specifically, we represent optimization problems as an equivalent circuit that are then solved solely as nonlinear circuits using robust solution methods. The equivalent circuit models the trajectory of component-wise scaled gradient flow problem as the transient response of the circuit for which the steady-state coincides with a critical point of the objective function. The equivalent circuit model leverages circuit domain knowledge to methodically design new optimization algorithms that would likely not be developed without a physical model. We incorporate circuit knowledge into optimization methods by 1) enhancing the underlying circuit model for fast numerical analysis, 2) controlling the optimization trajectory by designing the nonlinear circuit components, and 3) solving for step sizes using well-known methods from the circuit simulation. We first establish the necessary conditions that the controls must fulfill for convergence. We show that existing descent algorithms can be re-derived as special cases of this approach and derive new optimization algorithms that are developed with insights from a circuit-based model. The new algorithms can be designed to be robust to hyperparameters, achieve convergence rates comparable or faster than state of the art methods, and are applicable to optimizing a variety of both convex and nonconvex problems.
△ Less
Submitted 23 May, 2023;
originally announced May 2023.
-
Model-Free Learning and Optimal Policy Design in Multi-Agent MDPs Under Probabilistic Agent Dropout
Authors:
Carmel Fiscko,
Soummya Kar,
Bruno Sinopoli
Abstract:
This work studies a multi-agent Markov decision process (MDP) that can undergo agent dropout and the computation of policies for the post-dropout system based on control and sampling of the pre-dropout system. The controller's objective is to find an optimal policy that maximizes the value of the expected system given a priori knowledge of the agents' dropout probabilities. Finding an optimal poli…
▽ More
This work studies a multi-agent Markov decision process (MDP) that can undergo agent dropout and the computation of policies for the post-dropout system based on control and sampling of the pre-dropout system. The controller's objective is to find an optimal policy that maximizes the value of the expected system given a priori knowledge of the agents' dropout probabilities. Finding an optimal policy for any specific dropout realization is a special case of this problem. For MDPs with a certain transition independence and reward separability structure, we assume that removing agents from the system forms a new MDP comprised of the remaining agents with new state and action spaces, transition dynamics that marginalize the removed agents, and rewards that are independent of the removed agents. We first show that under these assumptions, the value of the expected post-dropout system can be represented by a single MDP; this "robust MDP" eliminates the need to evaluate all $2^N$ realizations of the system, where $N$ denotes the number of agents. More significantly, in a model-free context, it is shown that the robust MDP value can be estimated with samples generated by the pre-dropout system, meaning that robust policies can be found before dropout occurs. This fact is used to propose a policy importance sampling (IS) routine that performs policy evaluation for dropout scenarios while controlling the existing system with good pre-dropout policies. The policy IS routine produces value estimates for both the robust MDP and specific post-dropout system realizations and is justified with exponential confidence bounds. Finally, the utility of this approach is verified in simulation, showing how structural properties of agent dropout can help a controller find good post-dropout policies before dropout occurs.
△ Less
Submitted 24 April, 2023;
originally announced April 2023.
-
Corrected: On Confident Policy Evaluation for Factored Markov Decision Processes with Node Dropouts
Authors:
Carmel Fiscko,
Soummya Kar,
Bruno Sinopoli
Abstract:
In this work we investigate an importance sampling approach for evaluating policies for a structurally time-varying factored Markov decision process (MDP), i.e. the policy's value is estimated with a high-probability confidence interval. In particular, we begin with a multi-agent MDP controlled by a known policy but with unknown transition dynamics. One agent is then removed from the system - i.e.…
▽ More
In this work we investigate an importance sampling approach for evaluating policies for a structurally time-varying factored Markov decision process (MDP), i.e. the policy's value is estimated with a high-probability confidence interval. In particular, we begin with a multi-agent MDP controlled by a known policy but with unknown transition dynamics. One agent is then removed from the system - i.e. the system experiences node dropout - forming a new MDP of the remaining agents, with a new state space, action space, and new transition dynamics. We assume that the effect of removing an agent corresponds to the marginalization of its factor in the transition dynamics. The reward function may likewise be marginalized, or it may be entirely redefined for the new system. Robust policy importance sampling is then used to evaluate candidate policies for the new system, and estimated values are presented with probabilistic confidence bounds. This computation is completed with no observations of the new system, meaning that a safe policy may be found before dropout occurs. The utility of this approach is demonstrated in simulation and compared to Monte Carlo simulation of the new system.
△ Less
Submitted 4 February, 2023;
originally announced February 2023.
-
CANE: A Cascade-Control Approach for Network-Assisted Video QoE Management
Authors:
Mehdi Hosseinzadeh,
Karthick Shankar,
Maria Apostolaki,
Jay Ramachandran,
Steven Adams,
Vyas Sekar,
Bruno Sinopoli
Abstract:
Prior efforts have shown that network-assisted schemes can improve the Quality-of-Experience (QoE) and QoE fairness when multiple video players compete for bandwidth. However, realizing network-assisted schemes in practice is challenging, as: i) the network has limited visibility into the client players' internal state and actions; ii) players' actions may nullify or negate the network's actions;…
▽ More
Prior efforts have shown that network-assisted schemes can improve the Quality-of-Experience (QoE) and QoE fairness when multiple video players compete for bandwidth. However, realizing network-assisted schemes in practice is challenging, as: i) the network has limited visibility into the client players' internal state and actions; ii) players' actions may nullify or negate the network's actions; and iii) the players' objectives might be conflicting. To address these challenges, we formulate network-assisted QoE optimization through a cascade control abstraction. This informs the design of CANE, a practical network-assisted QoE framework. CANE uses machine learning techniques to approximate each player's behavior as a black-box model and model predictive control to achieve a near-optimal solution. We evaluate CANE through realistic simulations and show that CANE improves multiplayer QoE fairness by ~50% compared to pure client-side adaptive bitrate algorithms and by ~20% compared to uniform traffic sha**.
△ Less
Submitted 13 January, 2023;
originally announced January 2023.
-
ECCO: Equivalent Circuit Controlled Optimization
Authors:
Aayushya Agarwal,
Carmel Fiscko,
Soummya Kar,
Larry Pileggi,
Bruno Sinopoli
Abstract:
We propose an adaptive optimization algorithm for solving unconstrained scaled gradient flow problems that achieves fast convergence by controlling the optimization trajectory shape and the discretization step sizes. Under a broad class of scaling functions, we establish convergence of the proposed approach to critical points of smooth objective functions, while demonstrating its flexibility and r…
▽ More
We propose an adaptive optimization algorithm for solving unconstrained scaled gradient flow problems that achieves fast convergence by controlling the optimization trajectory shape and the discretization step sizes. Under a broad class of scaling functions, we establish convergence of the proposed approach to critical points of smooth objective functions, while demonstrating its flexibility and robustness with respect to hyperparameter tuning. First, we prove convergence of component-wise scaled gradient flow to a critical point under regularity conditions. We show that this controlled gradient flow dynamics is equivalent to the transient response of an electrical circuit, allowing for circuit theory concepts to solve the problem. Based on this equivalence, we develop two optimization trajectory control schemes based on minimizing the charge stored in the circuit: a second order method that uses the true Hessian and an alternate first order method that approximates the optimization trajectory with only gradient information. While the control schemes are derived from circuit concepts, no circuit knowledge is needed to implement the algorithms. To find the value of the critical point, we propose a time step search routine for Forward Euler discretization that controls the local truncation error, a method adapted from circuit simulation ideas. In simulation we find that the trajectory control outperforms uncontrolled gradient flow, and the error-aware discretization out-performs line search with the Armijo condition. Our algorithms are evaluated on convex and non-convex test functions, including neural networks, with convergence speeds comparable to or exceeding Adam.
△ Less
Submitted 19 February, 2023; v1 submitted 15 November, 2022;
originally announced November 2022.
-
Optimal Active Fault Detection in Inverter-Based Grids
Authors:
Mohammad Pirani,
Mehdi Hosseinzadeh,
Joshua A. Taylor,
Bruno Sinopoli
Abstract:
Ground faults in converter-based grids can be difficult to detect because, unlike in grids with synchronous machines, they often do not result in large currents. One recent strategy is for each converter to inject a perturbation that makes faults easier to distinguish from normal operation. In this paper, we construct optimal perturbation sequences for use with the Multiple Model Kalman Filter. Th…
▽ More
Ground faults in converter-based grids can be difficult to detect because, unlike in grids with synchronous machines, they often do not result in large currents. One recent strategy is for each converter to inject a perturbation that makes faults easier to distinguish from normal operation. In this paper, we construct optimal perturbation sequences for use with the Multiple Model Kalman Filter. The perturbations maximize the difference between faulty and fault-free operation while respecting limits on performance degradation. Simulations show that the optimal input sequence increases the confidence of fault detection while decreasing detection time. It is shown that there is a tradeoff between detection and degradation of the control performance, and that the method is robust to parameter variations.
△ Less
Submitted 14 September, 2022;
originally announced September 2022.
-
Reducing Attack Opportunities Through Decentralized Event-Triggered Control
Authors:
Paul Griffioen,
Raffaele Romagnoli,
Bruce H. Krogh,
Bruno Sinopoli
Abstract:
Decentralized control systems are widely used in a number of situations and applications. In order for these systems to function properly and achieve their desired goals, information must be propagated between agents, which requires connecting to a network. To reduce opportunities for attacks that may be carried out through the network, we design an event-triggered mechanism for network connection…
▽ More
Decentralized control systems are widely used in a number of situations and applications. In order for these systems to function properly and achieve their desired goals, information must be propagated between agents, which requires connecting to a network. To reduce opportunities for attacks that may be carried out through the network, we design an event-triggered mechanism for network connection and communication that minimizes the amount of time agents must be connected to the network, in turn decreasing communication costs. This mechanism is a function of only local information and ensures stability for the overall system in attack-free scenarios. Our approach distinguishes itself from current decentralized event-triggered control strategies by considering scenarios where agents are not always connected to the network to receive critical information from other agents and by considering scenarios where the communication graph is undirected and connected. An algorithm describing this network connection and communication protocol is provided, and our approach is illustrated via simulation.
△ Less
Submitted 30 July, 2022;
originally announced August 2022.
-
Cluster-Based Control of Transition-Independent MDPs
Authors:
Carmel Fiscko,
Soummya Kar,
Bruno Sinopoli
Abstract:
This work studies efficient solution methods for cluster-based control policies of transition-independent Markov decision processes (TI-MDPs). We focus on control of multi-agent systems, whereby a central planner (CP) influences agents to select desirable group behavior. The agents are partitioned into disjoint clusters whereby agents in the same cluster receive the same controls but agents in dif…
▽ More
This work studies efficient solution methods for cluster-based control policies of transition-independent Markov decision processes (TI-MDPs). We focus on control of multi-agent systems, whereby a central planner (CP) influences agents to select desirable group behavior. The agents are partitioned into disjoint clusters whereby agents in the same cluster receive the same controls but agents in different clusters may receive different controls. Under mild assumptions, this process can be modeled as a TI-MDP where each factor describes the behavior of one cluster. The action space of the TI-MDP becomes exponential with respect to the number of clusters. To efficiently find a policy in this rapidly scaling space, we propose a clustered Bellman operator that optimizes over the action space for one cluster at any evaluation. We present Clustered Value Iteration (CVI), which uses this operator to iteratively perform "round robin" optimization across the clusters. CVI converges exponentially faster than standard value iteration (VI), and can find policies that closely approximate the MDP's true optimal value. A special class of TI-MDPs with separable reward functions are investigated, and it is shown that CVI will find optimal policies on this class of problems. Finally, the optimal clustering assignment problem is explored. The value functions TI-MDPs with submodular reward functions are shown to be submodular functions, so submodular set optimization may be used to find a near optimal clustering assignment. We propose an iterative greedy cluster splitting algorithm, which yields monotonic submodular improvement in value at each iteration. Finally, simulations offer empirical assessment of the proposed methods.
△ Less
Submitted 26 January, 2023; v1 submitted 11 July, 2022;
originally announced July 2022.
-
Ensuring Resilience Against Stealthy Attacks on Cyber-Physical Systems
Authors:
Paul Griffioen,
Bruce H. Krogh,
Bruno Sinopoli
Abstract:
This article provides a tool for analyzing mechanisms that aim to achieve resilience against stealthy, or undetectable, attacks on cyber-physical systems (CPSs). We consider attackers who are able to corrupt all of the inputs and outputs of the system. To counter such attackers, a response scheme must be implemented that keeps the attacker from corrupting the inputs and outputs of the system for c…
▽ More
This article provides a tool for analyzing mechanisms that aim to achieve resilience against stealthy, or undetectable, attacks on cyber-physical systems (CPSs). We consider attackers who are able to corrupt all of the inputs and outputs of the system. To counter such attackers, a response scheme must be implemented that keeps the attacker from corrupting the inputs and outputs of the system for certain periods of time. To aid in the design of such a response scheme, our tool provides sufficient lengths for these periods of time in order to ensure safety with a particular probability. We provide a conservative upper bound on how long the system can remain under stealthy attack before the safety constraints are violated. Furthermore, we show how a detector limits the set of biases an attacker can exert on the system while still remaining stealthy, aiding a system operator in the design of the detector. Our contributions are demonstrated with an illustrative example.
△ Less
Submitted 30 April, 2022;
originally announced May 2022.
-
Stochastic Multi-armed Bandits with Non-stationary Rewards Generated by a Linear Dynamical System
Authors:
Jonathan Gornet,
Mehdi Hosseinzadeh,
Bruno Sinopoli
Abstract:
The stochastic multi-armed bandit has provided a framework for studying decision-making in unknown environments. We propose a variant of the stochastic multi-armed bandit where the rewards are sampled from a stochastic linear dynamical system. The proposed strategy for this stochastic multi-armed bandit variant is to learn a model of the dynamical system while choosing the optimal action based on…
▽ More
The stochastic multi-armed bandit has provided a framework for studying decision-making in unknown environments. We propose a variant of the stochastic multi-armed bandit where the rewards are sampled from a stochastic linear dynamical system. The proposed strategy for this stochastic multi-armed bandit variant is to learn a model of the dynamical system while choosing the optimal action based on the learned model. Motivated by mathematical finance areas such as Intertemporal Capital Asset Pricing Model proposed by Merton and Stochastic Portfolio Theory proposed by Fernholz that both model asset returns with stochastic differential equations, this strategy is applied to quantitative finance as a high-frequency trading strategy, where the goal is to maximize returns within a time period.
△ Less
Submitted 6 April, 2022;
originally announced April 2022.
-
MPC-Based Emergency Vehicle-Centered Multi-Intersection Traffic Control
Authors:
Mehdi Hosseinzadeh,
Bruno Sinopoli,
Ilya Kolmanovsky,
Sanjoy Baruah
Abstract:
This paper proposes a traffic control scheme to alleviate traffic congestion in a network of interconnected signaled lanes/roads. The proposed scheme is emergency vehicle-centered, meaning that it provides an efficient and timely routing for emergency vehicles. In the proposed scheme, model predictive control is utilized to control inlet traffic flows by means of network gates, as well as configur…
▽ More
This paper proposes a traffic control scheme to alleviate traffic congestion in a network of interconnected signaled lanes/roads. The proposed scheme is emergency vehicle-centered, meaning that it provides an efficient and timely routing for emergency vehicles. In the proposed scheme, model predictive control is utilized to control inlet traffic flows by means of network gates, as well as configuration of traffic lights across the network. Two schemes are considered in this paper: i) centralized; and ii) decentralized. In the centralized scheme, a central unit controls the entire network. This scheme provides the optimal solution, even though it might not fulfil real-time computation requirements for large networks. In the decentralized scheme, each intersection has its own control unit, which sends local information to an aggregator. The main responsibility of this aggregator is to receive local information from all control units across the network as well as the emergency vehicle, to augment the received information, and to share it with the control units. Since the decision-making in decentralized scheme is local and the aggregator should fulfil the above-mentioned tasks during a traffic cycle which takes a long period of time, the decentralized scheme is suitable for large networks, even though it may provide a sub-optimal solution. Extensive simulation studies are carried out to validate the proposed schemes, and assess their performance. Notably, the obtained results reveal that traveling times of emergency vehicles can be reduced up to ~50% by using the centralized scheme and up to ~30% by using the decentralized scheme, without causing congestion in other lanes.
△ Less
Submitted 11 April, 2022;
originally announced April 2022.
-
Implementing Optimization-Based Control Tasks in Cyber-Physical Systems With Limited Computing Capacity
Authors:
Mehdi Hosseinzadeh,
Bruno Sinopoli,
Ilya Kolmanovsky,
Sanjoy Baruah
Abstract:
A common aspect of today's cyber-physical systems is that multiple optimization-based control tasks may execute in a shared processor. Such control tasks make use of online optimization and thus have large execution times; hence, their sampling periods must be large as well to satisfy real-time schedulability condition. However, larger sampling periods may cause worse control performance. The goal…
▽ More
A common aspect of today's cyber-physical systems is that multiple optimization-based control tasks may execute in a shared processor. Such control tasks make use of online optimization and thus have large execution times; hence, their sampling periods must be large as well to satisfy real-time schedulability condition. However, larger sampling periods may cause worse control performance. The goal of our work is to develop a robust to early termination optimization approach that can be used to effectively solve onboard optimization problems involved in controlling the system despite the presence of unpredictable, variable, and limited computing capacity. The significance of the developed approach is that the optimization iterations can be stopped at any time instant with a guaranteed feasible solution; as a result, optimization-based control tasks can be implemented with a small sampling period (and consequently with a minimum degradation in the control performance).
△ Less
Submitted 10 March, 2022;
originally announced March 2022.
-
Exploring the consequences of cyber attacks on Powertrain Cyber Physical Systems
Authors:
Dario Stabili,
Raffaele Romagnoli,
Mirco Marchetti,
Bruno Sinopoli,
Michele Colajanni
Abstract:
This paper proposes a novel approach for the study of cyber-attacks against the powertrain of a generic vehicle. The proposed model is composed by a a generic Internal Combustion engine and a speed controller, that communicate through a Controller Area Network (CAN) bus. We consider a threat model composed by three representative attack scenarios designed to modify the output of the model, thus af…
▽ More
This paper proposes a novel approach for the study of cyber-attacks against the powertrain of a generic vehicle. The proposed model is composed by a a generic Internal Combustion engine and a speed controller, that communicate through a Controller Area Network (CAN) bus. We consider a threat model composed by three representative attack scenarios designed to modify the output of the model, thus affecting the rotational speed of the engine. Two attack scenarios target both vehicle sensor systems and CAN communication, while one attack scenario only requires injection of CAN messages. To the best of our knowledge, this is the first attempt of modeling the consequences of realistic cyber attacks against a modern vehicle.
△ Less
Submitted 1 February, 2022;
originally announced February 2022.
-
ROTEC: Robust to Early Termination Command Governor for Systems with Limited Computing Capacity
Authors:
Mehdi Hosseinzadeh,
Bruno Sinopoli,
Ilya Kolmanovsky,
Sanjoy Baruah
Abstract:
A Command Governor (CG) is an optimization-based add-on scheme to a nominal closed-loop system. It is used to enforce state and control constraints by modifying reference commands. This paper considers the implementation of a CG on embedded processors that have limited computing resources and must execute multiple control and diagnostics functions; consequently, the time available for CG computati…
▽ More
A Command Governor (CG) is an optimization-based add-on scheme to a nominal closed-loop system. It is used to enforce state and control constraints by modifying reference commands. This paper considers the implementation of a CG on embedded processors that have limited computing resources and must execute multiple control and diagnostics functions; consequently, the time available for CG computations is limited and may vary over time. To address this issue, a robust to early termination command governor is developed which embeds the solution of a CG problem into the internal states of a virtual continuous-time dynamical system which runs in parallel to the process. This virtual system is built so that its trajectory converges to the optimal solution (with a tunable convergence rate), and provides a sub-optimal but feasible solution whenever its evolution is terminated. This allows the designer to implement a CG strategy with a small sampling period (and consequently with a minimum degradation in its performance), while maintaining its constraint-handling capabilities. Simulations are carried out to assess the effectiveness of the developed scheme in satisfying performance requirements and real-time schedulability conditions for a practical vehicle rollover example.
△ Less
Submitted 8 January, 2022;
originally announced January 2022.
-
Assessing Risks and Modeling Threats in the Internet of Things
Authors:
Paul Griffioen,
Bruno Sinopoli
Abstract:
Threat modeling and risk assessments are common ways to identify, estimate, and prioritize risk to national, organizational, and individual operations and assets. Several threat modeling and risk assessment approaches have been proposed prior to the advent of the Internet of Things (IoT) that focus on threats and risks in information technology (IT). Due to shortcomings in these approaches and the…
▽ More
Threat modeling and risk assessments are common ways to identify, estimate, and prioritize risk to national, organizational, and individual operations and assets. Several threat modeling and risk assessment approaches have been proposed prior to the advent of the Internet of Things (IoT) that focus on threats and risks in information technology (IT). Due to shortcomings in these approaches and the fact that there are significant differences between the IoT and IT, we synthesize and adapt these approaches to provide a threat modeling framework that focuses on threats and risks in the IoT. In doing so, we develop an IoT attack taxonomy that describes the adversarial assets, adversarial actions, exploitable vulnerabilities, and compromised properties that are components of any IoT attack. We use this IoT attack taxonomy as the foundation for designing a joint risk assessment and maturity assessment framework that is implemented as an interactive online tool. The assessment framework this tool encodes provides organizations with specific recommendations about where resources should be devoted to mitigate risk. The usefulness of this IoT framework is highlighted by case study implementations in the context of multiple industrial manufacturing companies, and the interactive implementation of this framework is available at http://iotrisk.andrew.cmu.edu.
△ Less
Submitted 14 October, 2021;
originally announced October 2021.
-
Reference Governor-Based Fault-Tolerant Constrained Control
Authors:
Mehdi Hosseinzadeh,
Ilya Kolmanovsky,
Sanjoy Baruah,
Bruno Sinopoli
Abstract:
This paper presents a fault-tolerant control scheme for constrained linear systems. First, a new variant of the Reference Governor (RG) called At Once Reference Governor (AORG) is introduced. The AORG is distinguished from the conventional RG by computing the Auxiliary Reference (AR) sequence so that to optimize performance over a prescribed time interval instead of only at the current time instan…
▽ More
This paper presents a fault-tolerant control scheme for constrained linear systems. First, a new variant of the Reference Governor (RG) called At Once Reference Governor (AORG) is introduced. The AORG is distinguished from the conventional RG by computing the Auxiliary Reference (AR) sequence so that to optimize performance over a prescribed time interval instead of only at the current time instant; this enables the integration of the AORG with fault detection schemes. In particular, it is shown that, when the AORG is combined with a Multi-Model Adaptive Estimator (MMAE), the AR sequence can be determined such that the tracking properties are guaranteed and constraints are satisfied at all times, while the detection performance is optimized, i.e., faults can be detected with a high probability of correctness. In addition a reconfiguration scheme is presented that ensures system viability despite the presence of faults based on recoverable sets. Simulations on a Boeing 747-100 aircraft model are carried out to evaluate the effectiveness of the AORG scheme in enforcing constraints and tracking the desired roll and side-slip angles. The effectiveness of the presented fault-tolerant control scheme in maintaining the airplane viability in the presence of damaged vertical stabilizer is also demonstrated.
△ Less
Submitted 18 July, 2021;
originally announced July 2021.
-
Physical Watermarking for Replay Attack Detection in Continuous-time Systems
Authors:
Bahram Yaghooti,
Raffaele Romagnoli,
Bruno Sinopoli
Abstract:
Physical watermarking is a well established technique for replay attack detection in cyber-physical systems (CPSs). Most of the watermarking methods proposed in the literature are designed for discrete-time systems. In general, real physical systems evolve in continuous time. In this paper, we analyze the effect of watermarking on sampled-data continuous-time systems controlled via a Zero-Order Ho…
▽ More
Physical watermarking is a well established technique for replay attack detection in cyber-physical systems (CPSs). Most of the watermarking methods proposed in the literature are designed for discrete-time systems. In general, real physical systems evolve in continuous time. In this paper, we analyze the effect of watermarking on sampled-data continuous-time systems controlled via a Zero-Order Hold. We investigate the effect of sampling on detection performance and we provide a procedure to find a suitable sampling period that ensures detectability and acceptable control performance. Simulations on a quadrotor system are used to illustrate the effectiveness of the theoretical results.
△ Less
Submitted 1 March, 2021;
originally announced March 2021.
-
Toward Safe and Efficient Human-Robot Interaction via Behavior-Driven Danger Signaling
Authors:
Mehdi Hosseinzadeh,
Bruno Sinopoli,
Aaron F. Bobick
Abstract:
This paper introduces the notion of danger awareness in the context of Human-Robot Interaction (HRI), which decodes whether a human is aware of the existence of the robot, and illuminates whether the human is willing to engage in enforcing the safety. This paper also proposes a method to quantify this notion as a single binary variable, so-called danger awareness coefficient. By analyzing the effe…
▽ More
This paper introduces the notion of danger awareness in the context of Human-Robot Interaction (HRI), which decodes whether a human is aware of the existence of the robot, and illuminates whether the human is willing to engage in enforcing the safety. This paper also proposes a method to quantify this notion as a single binary variable, so-called danger awareness coefficient. By analyzing the effect of this coefficient on the human's actions, an online Bayesian learning method is proposed to update the belief about the value of the coefficient. It is shown that based upon the danger awareness coefficient and the proposed learning method, the robot can build a predictive human model to anticipate the human's future actions. In order to create a communication channel between the human and the robot, to enrich the observations and get informative data about the human, and to improve the efficiency of the robot, the robot is equipped with a danger signaling system. A predictive planning scheme, coupled with the predictive human model, is also proposed to provide an efficient and Probabilistically safe plan for the robot. The effectiveness of the proposed scheme is demonstrated through simulation studies on an interaction between a self-driving car and a pedestrian.
△ Less
Submitted 10 February, 2021; v1 submitted 9 February, 2021;
originally announced February 2021.
-
Active Attack Detection and Control in Constrained Cyber-Physical Systems Under Prevented Actuation Attack
Authors:
Mehdi Hosseinzadeh,
Bruno Sinopoli
Abstract:
This paper proposes an active attack detection scheme for constrained cyber-physical systems. Despite passive approaches where the detection is based on the analysis of the input-output data, active approaches interact with the system by designing the control input so to improve detection. This paper focuses on the prevented actuation attack, where the attacker prevents the exchange of information…
▽ More
This paper proposes an active attack detection scheme for constrained cyber-physical systems. Despite passive approaches where the detection is based on the analysis of the input-output data, active approaches interact with the system by designing the control input so to improve detection. This paper focuses on the prevented actuation attack, where the attacker prevents the exchange of information between the controller and actuators. The proposed scheme consists of two units: 1) detection, and 2) control. The detection unit includes a set of parallel detectors, which are designed based on the multiple-model adaptive estimation approach to detect the attack and to identify the attacked actuator(s). For what regards the control unit, a constrained optimization approach is developed to determine the control input such that the control and detection aims are achieved. In the formulation of the detection and control objective functions, a probabilistic approach is used to reap the benefits of the \textit{a priori} information availability. The effectiveness of the proposed scheme is demonstrated through a simulation study on an irrigation channel.
△ Less
Submitted 24 January, 2021;
originally announced January 2021.
-
Attack Resilient Interconnected Second Order Systems: A Game-Theoretic Approach
Authors:
Mohammad Pirani,
Joshua A. Taylor,
Bruno Sinopoli
Abstract:
This paper studies the resilience of second-order networked dynamical systems to strategic attacks. We discuss two widely used control laws, which have applications in power networks and formation control of autonomous agents. In the first control law, each agent receives pure velocity feedback from its neighbor. In the second control law, each agent receives its velocity relative to its neighbors…
▽ More
This paper studies the resilience of second-order networked dynamical systems to strategic attacks. We discuss two widely used control laws, which have applications in power networks and formation control of autonomous agents. In the first control law, each agent receives pure velocity feedback from its neighbor. In the second control law, each agent receives its velocity relative to its neighbors. The attacker selects a subset of nodes in which to inject a signal, and its objective is to maximize the $\mathcal{H}_2$ norm of the system from the attack signal to the output. The defender improves the resilience of the system by adding self-feedback loops to certain nodes of the network with the objective of minimizing the system's $\mathcal{H}_2$ norm. Their decisions comprise a strategic game. Graph-theoretic necessary and sufficient conditions for the existence of Nash equilibria are presented. In the case of no Nash equilibrium, a Stackelberg game is discussed, and the optimal solution when the defender acts as the leader is characterized. For the case of a single attacked node and a single defense node, it is shown that the optimal location of the defense node for each of the control laws is determined by a specific network centrality measure. The extension of the game to the case of multiple attacked and defense nodes is also addressed.
△ Less
Submitted 8 May, 2019;
originally announced May 2019.
-
A Moving Target Defense for Securing Cyber-Physical Systems
Authors:
Paul Griffioen,
Sean Weerakkody,
Bruno Sinopoli
Abstract:
This article considers the design and analysis of multiple moving target defenses for recognizing and isolating attacks on cyber-physical systems. We consider attackers who perform integrity attacks on a set of sensors and actuators in a control system. In such cases, a model aware adversary can carefully design attack vectors to bypass bad data detection and identification filters while causing d…
▽ More
This article considers the design and analysis of multiple moving target defenses for recognizing and isolating attacks on cyber-physical systems. We consider attackers who perform integrity attacks on a set of sensors and actuators in a control system. In such cases, a model aware adversary can carefully design attack vectors to bypass bad data detection and identification filters while causing damage to the control system. To counter such an attacker, we propose the moving target defense which introduces stochastic, time-varying parameters in the control system. The underlying random dynamics of the system limit an attacker's model knowledge and inhibits his/her ability to construct stealthy attack sequences. Moreover, the time-varying nature of the dynamics thwarts adaptive adversaries. We explore three main designs. First, we consider a hybrid system where parameters within the existing plant are switched among multiple modes. We demonstrate how such an approach can enable both the detection and identification of malicious nodes. Next, we investigate the addition of an extended system with dynamics that are coupled to the original plant but do not affect system performance. An attack on the original system will affect the authenticating subsystem and in turn be revealed by a set of sensors measuring the extended plant. Lastly, we propose the use of sensor nonlinearities to enhance the effectiveness of the moving target defense. The nonlinear dynamics act to conceal normal operational behavior from an attacker who has tampered with the system state, further hindering an attacker's ability to glean information about the time-varying dynamics. In all cases mechanisms for analysis and design are proposed. Finally, we analyze attack detectability for each moving target defense by investigating expected lower bounds on the detection statistic. Our contributions are tested via simulation.
△ Less
Submitted 7 July, 2020; v1 submitted 4 February, 2019;
originally announced February 2019.
-
Optimizing Robustness against Cascading Failures under Max-Load Targeted Attack
Authors:
Omur Ozel,
Bruno Sinopoli,
Osman Yagan
Abstract:
Motivated by reliability of networks in critical infrastructures, we consider optimal robustness of a class of flow networks against a \textit{targeted} attack, namely max-load targeted attack, that triggers cascading failures due to removal of largest load carrying portion of lines. The setup involves a network of $N$ lines with initial loads $L_1, \ldots, L_N$, drawn from independent and identic…
▽ More
Motivated by reliability of networks in critical infrastructures, we consider optimal robustness of a class of flow networks against a \textit{targeted} attack, namely max-load targeted attack, that triggers cascading failures due to removal of largest load carrying portion of lines. The setup involves a network of $N$ lines with initial loads $L_1, \ldots, L_N$, drawn from independent and identical uniform distribution, and free-spaces or redundancies $S_1, \ldots, S_N$ to be allocated. In the failure propagation mechanism, a line fails initially due to attack and later due to overloading. The load that was carried at the moment of failing gets redistributed equally among all remaining lines in the system. We analyze robustness of this network against the max-load targeted attack that removes the largest load carrying $p$-fraction of the lines from the system. The system designer allocates $S_i$ as a stochastic function of the load in each line. Assuming an average available resource budget, we show that allocating all lines the free-spaces equally among nodes is optimal under some regulatory assumptions. We provide numerical results verifying that equal free-space allocation to all lines perform optimally in more general targeted attack scenarios.
△ Less
Submitted 26 March, 2019; v1 submitted 19 November, 2018;
originally announced November 2018.
-
Design of Software Rejuvenation for CPS Security Using Invariant Sets
Authors:
Raffaele Romagnoli,
Bruce H. Krogh,
Bruno Sinopoli
Abstract:
Software rejuvenation has been proposed as a strategy to protect cyber-physical systems (CSPs) against unanticipated and undetectable cyber attacks. The basic idea is to refresh the system periodically with a secure and trusted copy of the online software so as to eliminate all effects of malicious modifications to the run-time code and data. Following each software refresh a safety controller ass…
▽ More
Software rejuvenation has been proposed as a strategy to protect cyber-physical systems (CSPs) against unanticipated and undetectable cyber attacks. The basic idea is to refresh the system periodically with a secure and trusted copy of the online software so as to eliminate all effects of malicious modifications to the run-time code and data. Following each software refresh a safety controller assures the CPS is driven to a safe state before returning to the mission control mode when the CPS is again vulnerable attacks. This paper considers software rejuvenation design from a control-theoretic perspective. Invariant sets for the Lyapunov function for the safety controller are used to derive bounds on the time that the CPS can operate in mission control mode before the software must be refreshed and the maximum time the safety controller will require to bring the CPS to a safe operating state. With these results it can be guaranteed that the CPS will remain safe under cyber attacks against the run-time system and will be able to execute missions successfully if the attacks are not persistent. The general approach is illustrated using simulation of the nonlinear dynamics of a quadrotor system. The concluding section discusses directions for further research.
△ Less
Submitted 24 October, 2018;
originally announced October 2018.
-
Software Rejuvenation for Secure Tracking Control
Authors:
Raffaele Romagnoli,
Bruce H. Krogh,
Dionisio de Niz,
Bruno Sinopoli
Abstract:
Software rejuvenation protects cyber-physical systems (CSPs) against cyber attacks on the run-time code by periodically refreshing the system with an uncorrupted software image. The system is vulnerable to attacks when it is communicating with other agents. Security is guaranteed during the software refresh and re-initialization by turning off all communication. Although the effectiveness of softw…
▽ More
Software rejuvenation protects cyber-physical systems (CSPs) against cyber attacks on the run-time code by periodically refreshing the system with an uncorrupted software image. The system is vulnerable to attacks when it is communicating with other agents. Security is guaranteed during the software refresh and re-initialization by turning off all communication. Although the effectiveness of software rejuvenation has been demonstrated for some simple systems, many problems need to be addressed to make it viable for real applications. This paper expands the scope of CPS applications for which software rejuvenation can be implemented by introducing architectural and algorithmic features to support trajectory tracking. Following each software refresh, while communication is still off, a safety controller is executed to assure the system state is within a sufficiently small neighborhood of the current point on the reference trajectory. Communication is then re-established and the reference trajectory tracking control is resumed. A protected, verified hypervisor manages the software rejuvenation sequence and delivers trusted reference trajectory points, which may be received from untrusted communication, but are verified using an authentication process. We present the approach to designing the tracking and safety controllers and timing parameters and demonstrate the secure tracking control for a 6 DOF quadrotor using the PX4 jMAVSim quadrotor simulator. The concluding section discusses directions for further research.
△ Less
Submitted 24 October, 2018;
originally announced October 2018.
-
Distributed Estimation Via a Roaming Token
Authors:
Lucas Balthazar,
João Xavier,
Bruno Sinopoli
Abstract:
We present an algorithm for the problem of linear distributed estimation of a parameter in a network where a set of agents are successively taking measurements. The approach considers a roaming token in a network that carries the estimate, and jumps from one agent to another in its vicinity according to the probabilities of a Markov chain. When the token is at an agent it records the agent's local…
▽ More
We present an algorithm for the problem of linear distributed estimation of a parameter in a network where a set of agents are successively taking measurements. The approach considers a roaming token in a network that carries the estimate, and jumps from one agent to another in its vicinity according to the probabilities of a Markov chain. When the token is at an agent it records the agent's local information. We analyze the proposed algorithm and show that it is consistent and asymptotically optimal, in the sense that its mean-square-error (MSE) rate of decay approaches the centralized one as the number of iterations increases. We show these results for a scenario where the network changes over time, and we consider two different set of assumptions on the network instantiations: they are i.i.d. and connected on the average, or they are deterministic and strongly connected for every finite time window of a fixed size. Simulations show our algorithm is competitive with consensus+innovations type algorithms, achieving a smaller MSE at each iteration in all considered scenarios.
△ Less
Submitted 4 July, 2018;
originally announced July 2018.
-
Robustness of flow networks against cascading failures under partial load redistribution
Authors:
Omur Ozel,
Bruno Sinopoli,
Osman Yagan
Abstract:
We study the robustness of flow networks against cascading failures under a partial load redistribution model. In particular, we consider a flow network of $N$ lines with initial loads $L_1, \ldots, L_N$ and free-spaces (i.e., redundant space) $S_1, \ldots, S_N$ that are independent and identically distributed with joint distribution $P_{LS}(x,y)=\mathbb{P}(L \leq x, S \leq y)$. The capacity…
▽ More
We study the robustness of flow networks against cascading failures under a partial load redistribution model. In particular, we consider a flow network of $N$ lines with initial loads $L_1, \ldots, L_N$ and free-spaces (i.e., redundant space) $S_1, \ldots, S_N$ that are independent and identically distributed with joint distribution $P_{LS}(x,y)=\mathbb{P}(L \leq x, S \leq y)$. The capacity $C_i$ is the maximum load allowed on line $i$, and is given by $C_i=L_i + S_i$. When a line fails due to overloading, it is removed from the system and $(1-\varepsilon)$-fraction of the load it was carrying (at the moment of failing) gets redistributed equally among all remaining lines in the system; hence we refer to this as the {\it partial} load redistribution model. The rest (i.e., $\varepsilon$-fraction) of the load is assumed to be lost or absorbed, e.g., due to advanced circuitry disconnecting overloaded power lines or an inter-connected network/material absorbing a fraction of the flow from overloaded lines. We analyze the robustness of this flow network against random attacks that remove a $p$-fraction of the lines. Our contributions include (i) deriving the final fraction of alive lines $n_{\infty}(p,\varepsilon)$ for all $p, \varepsilon \in (0,1)$ and confirming the results via extensive simulations; (ii) showing that partial redistribution might lead to (depending on the parameter $0<\varepsilon \leq 1$) the order of transition at the critical attack size $p^{*}$ changing from first to second-order; and (iii) proving analytically that flow networks achieve maximum robustness (quantified by the area $\int_{0}^{1} n_{\infty}(p,\varepsilon) \mathrm{d}p$) when all lines have the same free-space regardless of their initial load. The optimality of equal free-space allocation is also confirmed on real-world data from the UK National Power Grid.
△ Less
Submitted 8 October, 2018; v1 submitted 21 February, 2018;
originally announced February 2018.
-
A Bernoulli-Gaussian Physical Watermark for Detecting Integrity Attacks in Control Systems
Authors:
Sean Weerakkody,
Omur Ozel,
Bruno Sinopoli
Abstract:
We examine the merit of Bernoulli packet drops in actively detecting integrity attacks on control systems. The aim is to detect an adversary who delivers fake sensor measurements to a system operator in order to conceal their effect on the plant. Physical watermarks, or noisy additive Gaussian inputs, have been previously used to detect several classes of integrity attacks in control systems. In t…
▽ More
We examine the merit of Bernoulli packet drops in actively detecting integrity attacks on control systems. The aim is to detect an adversary who delivers fake sensor measurements to a system operator in order to conceal their effect on the plant. Physical watermarks, or noisy additive Gaussian inputs, have been previously used to detect several classes of integrity attacks in control systems. In this paper, we consider the analysis and design of Gaussian physical watermarks in the presence of packet drops at the control input. On one hand, this enables analysis in a more general network setting. On the other hand, we observe that in certain cases, Bernoulli packet drops can improve detection performance relative to a purely Gaussian watermark. This motivates the joint design of a Bernoulli-Gaussian watermark which incorporates both an additive Gaussian input and a Bernoulli drop process. We characterize the effect of such a watermark on system performance as well as attack detectability in two separate design scenarios. Here, we consider a correlation detector for attack recognition. We then propose efficiently solvable optimization problems to intelligently select parameters of the Gaussian input and the Bernoulli drop process while addressing security and performance trade-offs. Finally, we provide numerical results which illustrate that a watermark with packet drops can indeed outperform a Gaussian watermark.
△ Less
Submitted 8 October, 2017; v1 submitted 3 October, 2017;
originally announced October 2017.
-
Optimal Threshold Policies for Robust Data Center Control
Authors:
Paul Weng,
Zeqi Qiu,
John Costanzo,
Xiaoqi Yin,
Bruno Sinopoli
Abstract:
With the simultaneous rise of energy costs and demand for cloud computing, efficient control of data centers becomes crucial. In the data center control problem, one needs to plan at every time step how many servers to switch on or off in order to meet stochastic job arrivals while trying to minimize electricity consumption. This problem becomes particularly challenging when servers can be of vari…
▽ More
With the simultaneous rise of energy costs and demand for cloud computing, efficient control of data centers becomes crucial. In the data center control problem, one needs to plan at every time step how many servers to switch on or off in order to meet stochastic job arrivals while trying to minimize electricity consumption. This problem becomes particularly challenging when servers can be of various types and jobs from different classes can only be served by certain types of server, as it is often the case in real data centers. We model this problem as a robust Markov Decision Process (i.e., the transition function is not assumed to be known precisely). We give sufficient conditions (which seem to be reasonable and satisfied in practice) guaranteeing that an optimal threshold policy exists. This property can then be exploited in the design of an efficient solving method, which we provide. Finally, we present some experimental results demonstrating the practicability of our approach and compare with a previous related approach based on model predictive control.
△ Less
Submitted 23 January, 2018; v1 submitted 23 August, 2017;
originally announced August 2017.
-
Detecting Integrity Attacks on Control Systems using a Moving Target Approach
Authors:
Sean Weerakkody,
Bruno Sinopoli
Abstract:
Maintaining the security of control systems in the presence of integrity attacks is a significant challenge. In literature, several possible attacks against control systems have been formulated including replay, false data injection, and zero dynamics attacks. The detection and prevention of these attacks may require the defender to possess a particular subset of trusted communication channels. Al…
▽ More
Maintaining the security of control systems in the presence of integrity attacks is a significant challenge. In literature, several possible attacks against control systems have been formulated including replay, false data injection, and zero dynamics attacks. The detection and prevention of these attacks may require the defender to possess a particular subset of trusted communication channels. Alternatively, these attacks can be prevented by kee** the system model secret from the adversary. In this paper, we consider an adversary who has the ability to modify and read all sensor and actuator channels. To thwart this adversary, we introduce external states dependent on the state of the control system, with linear time-varying dynamics unknown to the adversary. We also include sensors to measure these states. The presence of unknown time-varying dynamics is leveraged to detect an adversary who simultaneously aims to identify the system and inject stealthy outputs. Potential attack strategies and bounds on the attacker's performance are provided.
△ Less
Submitted 25 June, 2017;
originally announced June 2017.
-
Joint attack detection and secure state estimation of cyber-physical systems
Authors:
Nicola Forti,
Giorgio Battistelli,
Luigi Chisci,
Bruno Sinopoli
Abstract:
This paper deals with secure state estimation of cyber-physical systems subject to switching (on/off) attack signals and injection of fake packets (via either packet substitution or insertion of extra packets). The random set paradigm is adopted in order to model, via Random Finite Sets (RFSs), the switching nature of both system attacks and the injection of fake measurements. The problem of detec…
▽ More
This paper deals with secure state estimation of cyber-physical systems subject to switching (on/off) attack signals and injection of fake packets (via either packet substitution or insertion of extra packets). The random set paradigm is adopted in order to model, via Random Finite Sets (RFSs), the switching nature of both system attacks and the injection of fake measurements. The problem of detecting an attack on the system and jointly estimating its state, possibly in the presence of fake measurements, is then formulated and solved in the Bayesian framework for systems with and without direct feedthrough of the attack input to the output. This leads to the analytical derivation of a hybrid Bernoulli filter (HBF) that updates in real-time the joint posterior density of a Bernoulli attack RFS and of the state vector. A closed-form Gaussian-mixture implementation of the proposed hybrid Bernoulli filter is fully derived in the case of invertible direct feedthrough. Finally, the effectiveness of the developed tools for joint attack detection and secure state estimation is tested on two case-studies concerning a benchmark system for unknown input estimation and a standard IEEE power network application.
△ Less
Submitted 24 February, 2019; v1 submitted 26 December, 2016;
originally announced December 2016.
-
A Moving Target Approach for Identifying Malicious Sensors in Control Systems
Authors:
Sean Weerakkody,
Bruno Sinopoli
Abstract:
In this paper, we consider the problem of attack identification in cyber-physical systems (CPS). Attack identification is often critical for the recovery and performance of a CPS that is targeted by malicious entities, allowing defenders to construct algorithms which bypass harmful nodes. Previous work has characterized limitations in the perfect identification of adversarial attacks on determinis…
▽ More
In this paper, we consider the problem of attack identification in cyber-physical systems (CPS). Attack identification is often critical for the recovery and performance of a CPS that is targeted by malicious entities, allowing defenders to construct algorithms which bypass harmful nodes. Previous work has characterized limitations in the perfect identification of adversarial attacks on deterministic LTI systems. For instance, a system must remain observable after removing any 2q sensors to only identify q attacks. However, the ability for an attacker to create an unidentifiable attack requires knowledge of the system model. In this paper, we aim to limit the adversary's knowledge of the system model with the goal of accurately identifying all sensor attacks. Such a scheme will allow systems to withstand larger attacks or system operators to allocate fewer sensing devices to a control system while maintaining security. We explore how changing the dynamics of the system as a function of time allows us to actively identify malicious/faulty sensors in a control system. We discuss the design of time varying system matrices to meet this goal and evaluate performance in deterministic and stochastic systems.
△ Less
Submitted 13 March, 2017; v1 submitted 28 September, 2016;
originally announced September 2016.
-
On the Efficiency and Fairness of Multiplayer HTTP-based Adaptive Video Streaming
Authors:
Xiaoqi Yin,
Mihovil Bartulović,
Vyas Sekar,
Bruno Sinopoli
Abstract:
User-perceived quality-of-experience (QoE) is critical in internet video delivery systems. Extensive prior work has studied the design of client-side bitrate adaptation algorithms to maximize single-player QoE. However, multiplayer QoE fairness becomes critical as the growth of video traffic makes it more likely that multiple players share a bottleneck in the network. Despite several recent propos…
▽ More
User-perceived quality-of-experience (QoE) is critical in internet video delivery systems. Extensive prior work has studied the design of client-side bitrate adaptation algorithms to maximize single-player QoE. However, multiplayer QoE fairness becomes critical as the growth of video traffic makes it more likely that multiple players share a bottleneck in the network. Despite several recent proposals, there is still a series of open questions. In this paper, we bring the problem space to light from a control theory perspective by formalizing the multiplayer QoE fairness problem and addressing two key questions in the broader problem space. First, we derive the sufficient conditions of convergence to steady state QoE fairness under TCP-based bandwidth sharing scheme. Based on the insight from this analysis that in-network active bandwidth allocation is needed, we propose a non-linear MPC-based, router-assisted bandwidth allocation algorithm that regards each player as closed-loop systems. We use trace-driven simulation to show the improvement over existing approaches. We identify several research directions enabled by the control theoretic modeling and envision that control theory can play an important role on guiding real system design in adaptive video streaming.
△ Less
Submitted 29 August, 2016;
originally announced August 2016.
-
Networked Constrained Cyber-Physical Systems subject to malicious attacks: a resilient set-theoretic control approach
Authors:
Walter Lucia,
Bruno Sinopoli,
Giuseppe Franze'
Abstract:
In this paper a novel set-theoretic control framework for Networked Constrained Cyber-Physical Systems is presented. By resorting to set-theoretic ideas and the physical watermarking concept, an anomaly detector module and a control remediation strategy are formally derived with the aim to contrast severe cyber attacks affecting the communication channels. The resulting scheme ensures Uniformly Ul…
▽ More
In this paper a novel set-theoretic control framework for Networked Constrained Cyber-Physical Systems is presented. By resorting to set-theoretic ideas and the physical watermarking concept, an anomaly detector module and a control remediation strategy are formally derived with the aim to contrast severe cyber attacks affecting the communication channels. The resulting scheme ensures Uniformly Ultimate Boundedness and constraints fulfillment regardless of any admissible attack scenario. Simulation results show the effectiveness of the proposed strategy both against Denial of Service and False Data Injection attacks.
△ Less
Submitted 25 March, 2016;
originally announced March 2016.
-
Information Flow for Security in Control Systems
Authors:
Sean Weerakkody,
Bruno Sinopoli,
Soummya Kar,
Anupam Datta
Abstract:
This paper considers the development of information flow analyses to support resilient design and active detection of adversaries in cyber physical systems (CPS). The area of CPS security, though well studied, suffers from fragmentation. In this paper, we consider control systems as an abstraction of CPS. Here, we extend the notion of information flow analysis, a well established set of methods de…
▽ More
This paper considers the development of information flow analyses to support resilient design and active detection of adversaries in cyber physical systems (CPS). The area of CPS security, though well studied, suffers from fragmentation. In this paper, we consider control systems as an abstraction of CPS. Here, we extend the notion of information flow analysis, a well established set of methods developed in software security, to obtain a unified framework that captures and extends system theoretic results in control system security. In particular, we propose the Kullback Liebler (KL) divergence as a causal measure of information flow, which quantifies the effect of adversarial inputs on sensor outputs. We show that the proposed measure characterizes the resilience of control systems to specific attack strategies by relating the KL divergence to optimal detection techniques. We then relate information flows to stealthy attack scenarios where an adversary can bypass detection. Finally, this article examines active detection mechanisms where a defender intelligently manipulates control inputs or the system itself in order to elicit information flows from an attacker's malicious behavior. In all previous cases, we demonstrate an ability to investigate and extend existing results by utilizing the proposed information flow analyses.
△ Less
Submitted 17 March, 2016;
originally announced March 2016.
-
A Graph Theoretic Characterization of Perfect Attackability and Detection in Distributed Control Systems
Authors:
Sean Weerakkody,
Xiaofei Liu,
Sang H. Son,
Bruno Sinopoli
Abstract:
This paper is concerned with the analysis and design of secure Distributed Control Systems in the face of integrity attacks on sensors and controllers by external attackers or insiders. In general a DCS consists of many heterogenous components and agents including sensors, actuators, controllers. Due to its distributed nature, some agents may start misbehaving to disrupt the system. This paper fir…
▽ More
This paper is concerned with the analysis and design of secure Distributed Control Systems in the face of integrity attacks on sensors and controllers by external attackers or insiders. In general a DCS consists of many heterogenous components and agents including sensors, actuators, controllers. Due to its distributed nature, some agents may start misbehaving to disrupt the system. This paper first reviews necessary and sufficient conditions for deterministic detection of integrity attacks carried out by any number of malicious agents, based on the concept of left invertibility of structural control systems. It then develops a notion equivalent to structural left invertibility in terms of vertex separators of a graph. This tool is then leveraged to design minimal communication networks for DCSs, which ensure that an adversary cannot generate undetectable attacks. Numerical examples are included to illustrate these results.
△ Less
Submitted 15 October, 2015;
originally announced October 2015.
-
Minimum Sensor Placement for Robust Observability of Structured Complex Networks
Authors:
Xiaofei Liu,
Sergio Pequito,
Soummya Kar,
Bruno Sinopoli,
A. Pedro Aguiar
Abstract:
This paper addresses problems on the robust structural design of complex networks. More precisely, we address the problem of deploying the minimum number of dedicated sensors, i.e., those measuring a single state variable, that ensure the network to be structurally observable under disruptive scenarios. The disruptive scenarios considered are as follows: (i) the malfunction/loss of one arbitrary s…
▽ More
This paper addresses problems on the robust structural design of complex networks. More precisely, we address the problem of deploying the minimum number of dedicated sensors, i.e., those measuring a single state variable, that ensure the network to be structurally observable under disruptive scenarios. The disruptive scenarios considered are as follows: (i) the malfunction/loss of one arbitrary sensor, and (ii) the failure of connection (either unidirectional or bidirectional communication) between a pair of agents. First, we show these problems to be NP-hard, which implies that efficient algorithms to determine a solution are unlikely to exist. Secondly, we propose an intuitive two step approach: (1) we achieve an arbitrary minimum sensor placement ensuring structural observability; (2) we develop a sequential process to find minimum number of additional sensors required for robust observability. This step can be solved by recasting it as a weighted set covering problem. Although this is known to be an NP-hard problem, feasible approximations can be determined in polynomial-time that can be used to obtain feasible approximations to the robust structural design problems with optimality guarantees.
△ Less
Submitted 10 June, 2016; v1 submitted 26 July, 2015;
originally announced July 2015.
-
Analyzing TCP Throughput Stability and Predictability with Implications for Adaptive Video Streaming
Authors:
Yi Sun,
Xiaoqi Yin,
Nanshu Wang,
Junchen Jiang,
Vyas Sekar,
Yun **,
Bruno Sinopoli
Abstract:
Recent work suggests that TCP throughput stability and predictability within a video viewing session can inform the design of better video bitrate adaptation algorithms. Despite a rich tradition of Internet measurement, however, our understanding of throughput stability and predictability is quite limited. To bridge this gap, we present a measurement study of throughput stability using a large-sca…
▽ More
Recent work suggests that TCP throughput stability and predictability within a video viewing session can inform the design of better video bitrate adaptation algorithms. Despite a rich tradition of Internet measurement, however, our understanding of throughput stability and predictability is quite limited. To bridge this gap, we present a measurement study of throughput stability using a large-scale dataset from a video service provider. Drawing on this analysis, we propose a simple-but-effective prediction mechanism based on a hidden Markov model and demonstrate that it outperforms other approaches. We also show the practical implications in improving the user experience of adaptive video streaming.
△ Less
Submitted 17 June, 2015;
originally announced June 2015.
-
Distributed inference over directed networks: Performance limits and optimal design
Authors:
Dragana Bajović,
José M. F. Moura,
João Xavier,
Bruno Sinopoli
Abstract:
We find large deviations rates for consensus-based distributed inference for directed networks. When the topology is deterministic, we establish the large deviations principle and find exactly the corresponding rate function, equal at all nodes. We show that the dependence of the rate function on the stochastic weight matrix associated with the network is fully captured by its left eigenvector cor…
▽ More
We find large deviations rates for consensus-based distributed inference for directed networks. When the topology is deterministic, we establish the large deviations principle and find exactly the corresponding rate function, equal at all nodes. We show that the dependence of the rate function on the stochastic weight matrix associated with the network is fully captured by its left eigenvector corresponding to the unit eigenvalue. Further, when the sensors' observations are Gaussian, the rate function admits a closed form expression. Motivated by these observations, we formulate the optimal network design problem of finding the left eigenvector which achieves the highest value of the rate function, for a given target accuracy. This eigenvector therefore minimizes the time that the inference algorithm needs to reach the desired accuracy. For Gaussian observations, we show that the network design problem can be formulated as a semidefinite (convex) program, and hence can be solved efficiently. When observations are identically distributed across agents, the system exhibits an interesting property: the graph of the rate function always lies between the graphs of the rate function of an isolated node and the rate function of a fusion center that has access to all observations. We prove that this fundamental property holds even when the topology and the associated system matrices change randomly over time, with arbitrary distribution. Due to generality of its assumptions, the latter result requires more subtle techniques than the standard large deviations tools, contributing to the general theory of large deviations.
△ Less
Submitted 28 April, 2015;
originally announced April 2015.
-
Multi-Sensor Scheduling for State Estimation with Event-Based, Stochastic Triggers
Authors:
Sean Weerakkody,
Yilin Mo,
Bruno Sinopoli,
Duo Han,
Ling Shi
Abstract:
In networked systems, state estimation is hampered by communication limits. Past approaches, which consider scheduling sensors through deterministic event-triggers, reduce communication and maintain estimation quality. However, these approaches destroy the Gaussian property of the state, making it computationally intractable to obtain an exact minimum mean squared error estimate. We propose a stoc…
▽ More
In networked systems, state estimation is hampered by communication limits. Past approaches, which consider scheduling sensors through deterministic event-triggers, reduce communication and maintain estimation quality. However, these approaches destroy the Gaussian property of the state, making it computationally intractable to obtain an exact minimum mean squared error estimate. We propose a stochastic event-triggered sensor schedule for state estimation which preserves the Gaussianity of the system, extending previous results from the single-sensor to the multi-sensor case.
△ Less
Submitted 10 February, 2015;
originally announced February 2015.
-
Stochastic Event-triggered Sensor Schedule for Remote State Estimation
Authors:
Duo Han,
Yilin Mo,
Junfeng Wu,
Sean Weerakkody,
Bruno Sinopoli,
Ling Shi
Abstract:
We propose an open-loop and a closed-loop stochastic event-triggered sensor schedule for remote state estimation. Both schedules overcome the essential difficulties of existing schedules in recent literature works where, through introducing a deterministic event-triggering mechanism, the Gaussian property of the innovation process is destroyed which produces a challenging nonlinear filtering probl…
▽ More
We propose an open-loop and a closed-loop stochastic event-triggered sensor schedule for remote state estimation. Both schedules overcome the essential difficulties of existing schedules in recent literature works where, through introducing a deterministic event-triggering mechanism, the Gaussian property of the innovation process is destroyed which produces a challenging nonlinear filtering problem that cannot be solved unless approximation techniques are adopted. The proposed stochastic event-triggered sensor schedules eliminate such approximations. Under these two schedules, the MMSE estimator and its estimation error covariance matrix at the remote estimator are given in a closed-form. Simulation studies demonstrate that the proposed schedules have better performance than periodic ones with the same sensor-to-estimator communication rate.
△ Less
Submitted 3 February, 2014;
originally announced February 2014.
-
Consensus and Products of Random Stochastic Matrices: Exact Rate for Convergence in Probability
Authors:
Dragana Bajovic,
Joao Xavier,
Jose M. F. Moura,
Bruno Sinopoli
Abstract:
Distributed consensus and other linear systems with system stochastic matrices $W_k$ emerge in various settings, like opinion formation in social networks, rendezvous of robots, and distributed inference in sensor networks. The matrices $W_k$ are often random, due to, e.g., random packet dropouts in wireless sensor networks. Key in analyzing the performance of such systems is studying convergence…
▽ More
Distributed consensus and other linear systems with system stochastic matrices $W_k$ emerge in various settings, like opinion formation in social networks, rendezvous of robots, and distributed inference in sensor networks. The matrices $W_k$ are often random, due to, e.g., random packet dropouts in wireless sensor networks. Key in analyzing the performance of such systems is studying convergence of matrix products $W_kW_{k-1}... W_1$. In this paper, we find the exact exponential rate $I$ for the convergence in probability of the product of such matrices when time $k$ grows large, under the assumption that the $W_k$'s are symmetric and independent identically distributed in time. Further, for commonly used random models like with gossip and link failure, we show that the rate $I$ is found by solving a min-cut problem and, hence, easily computable. Finally, we apply our results to optimally allocate the sensors' transmission power in consensus+innovations distributed detection.
△ Less
Submitted 28 February, 2012;
originally announced February 2012.
-
Large Deviations Performance of Consensus+Innovations Distributed Detection with Non-Gaussian Observations
Authors:
Dragana Bajovic,
Dusan Jakovetic,
Jose M. F. Moura,
Joao Xavier,
Bruno Sinopoli
Abstract:
We establish the large deviations asymptotic performance (error exponent) of consensus+innovations distributed detection over random networks with generic (non-Gaussian) sensor observations. At each time instant, sensors 1) combine theirs with the decision variables of their neighbors (consensus) and 2) assimilate their new observations (innovations). This paper shows for general non-Gaussian dist…
▽ More
We establish the large deviations asymptotic performance (error exponent) of consensus+innovations distributed detection over random networks with generic (non-Gaussian) sensor observations. At each time instant, sensors 1) combine theirs with the decision variables of their neighbors (consensus) and 2) assimilate their new observations (innovations). This paper shows for general non-Gaussian distributions that consensus+innovations distributed detection exhibits a phase transition behavior with respect to the network degree of connectivity. Above a threshold, distributed is as good as centralized, with the same optimal asymptotic detection performance, but, below the threshold, distributed detection is suboptimal with respect to centralized detection. We determine this threshold and quantify the performance loss below threshold. Finally, we show the dependence of the threshold and performance on the distribution of the observations: distributed detectors over the same random network, but with different observations' distributions, for example, Gaussian, Laplace, or quantized, may have different asymptotic performance, even when the corresponding centralized detectors have the same asymptotic performance.
△ Less
Submitted 15 April, 2012; v1 submitted 19 November, 2011;
originally announced November 2011.
-
Stochastic Sensor Scheduling for Energy Constrained Estimation in Multi-Hop Wireless Sensor Networks
Authors:
Yilin Mo,
Emanuele Garone,
Alessandro Casavola,
Bruno Sinopoli
Abstract:
Wireless Sensor Networks (WSNs) enable a wealth of new applications where remote estimation is essential. Individual sensors simultaneously sense a dynamic process and transmit measured information over a shared channel to a central fusion center. The fusion center computes an estimate of the process state by means of a Kalman filter. In this paper we assume that the WSN admits a tree topology wit…
▽ More
Wireless Sensor Networks (WSNs) enable a wealth of new applications where remote estimation is essential. Individual sensors simultaneously sense a dynamic process and transmit measured information over a shared channel to a central fusion center. The fusion center computes an estimate of the process state by means of a Kalman filter. In this paper we assume that the WSN admits a tree topology with fusion center at the root. At each time step only a subset of sensors can be selected to transmit observations to the fusion center due to a limited energy budget. We propose a stochastic sensor selection algorithm that randomly selects a subset of sensors according to certain probability distribution, which is opportunely designed to minimize the asymptotic expected estimation error covariance matrix. We show that the optimal stochastic sensor selection problem can be relaxed into a convex optimization problem and thus solved efficiently. We also provide a possible implementation of our algorithm which does not introduce any communication overhead. The paper ends with some numerical examples that show the effectiveness of the proposed approach.
△ Less
Submitted 8 July, 2011;
originally announced July 2011.
-
Distributed Detection over Random Networks: Large Deviations Performance Analysis
Authors:
Dragana Bajovic,
Dusan Jakovetic,
Joao Xavier,
Bruno Sinopoli,
Jose M. F. Moura
Abstract:
We study the large deviations performance, i.e., the exponential decay rate of the error probability, of distributed detection algorithms over random networks. At each time step $k$ each sensor: 1) averages its decision variable with the neighbors' decision variables; and 2) accounts on-the-fly for its new observation. We show that distributed detection exhibits a "phase change" behavior. When the…
▽ More
We study the large deviations performance, i.e., the exponential decay rate of the error probability, of distributed detection algorithms over random networks. At each time step $k$ each sensor: 1) averages its decision variable with the neighbors' decision variables; and 2) accounts on-the-fly for its new observation. We show that distributed detection exhibits a "phase change" behavior. When the rate of network information flow (the speed of averaging) is above a threshold, then distributed detection is asymptotically equivalent to the optimal centralized detection, i.e., the exponential decay rate of the error probability for distributed detection equals the Chernoff information. When the rate of information flow is below a threshold, distributed detection achieves only a fraction of the Chernoff information rate; we quantify this achievable rate as a function of the network rate of information flow. Simulation examples demonstrate our theoretical findings on the behavior of distributed detection over random networks.
△ Less
Submitted 21 December, 2010;
originally announced December 2010.
-
Sensor Selection for Event Detection in Wireless Sensor Networks
Authors:
Dragana Bajovic,
Bruno Sinopoli,
Joao Xavier
Abstract:
We consider the problem of sensor selection for event detection in wireless sensor networks (WSNs). We want to choose a subset of p out of n sensors that yields the best detection performance. As the sensor selection optimality criteria, we propose the Kullback-Leibler and Chernoff distances between the distributions of the selected measurements under the two hypothesis. We formulate the maxmin ro…
▽ More
We consider the problem of sensor selection for event detection in wireless sensor networks (WSNs). We want to choose a subset of p out of n sensors that yields the best detection performance. As the sensor selection optimality criteria, we propose the Kullback-Leibler and Chernoff distances between the distributions of the selected measurements under the two hypothesis. We formulate the maxmin robust sensor selection problem to cope with the uncertainties in distribution means. We prove that the sensor selection problem is NP hard, for both Kullback-Leibler and Chernoff criteria. To (sub)optimally solve the sensor selection problem, we propose an algorithm of affordable complexity. Extensive numerical simulations on moderate size problem instances (when the optimum by exhaustive search is feasible to compute) demonstrate the algorithm's near optimality in a very large portion of problem instances. For larger problems, extensive simulations demonstrate that our algorithm outperforms random searches, once an upper bound on computational time is set. We corroborate numerically the validity of the Kullback-Leibler and Chernoff sensor selection criteria, by showing that they lead to sensor selections nearly optimal both in the Neyman-Pearson and Bayes sense.
△ Less
Submitted 22 November, 2010;
originally announced November 2010.
-
Distributed Detection over Time Varying Networks: Large Deviations Analysis
Authors:
Dragana Bajovic,
Dusan Jakovetic,
Joao Xavier,
Bruno Sinopoli,
Jose M. F. Moura
Abstract:
We apply large deviations theory to study asymptotic performance of running consensus distributed detection in sensor networks. Running consensus is a stochastic approximation type algorithm, recently proposed. At each time step k, the state at each sensor is updated by a local averaging of the sensor's own state and the states of its neighbors (consensus) and by accounting for the new observation…
▽ More
We apply large deviations theory to study asymptotic performance of running consensus distributed detection in sensor networks. Running consensus is a stochastic approximation type algorithm, recently proposed. At each time step k, the state at each sensor is updated by a local averaging of the sensor's own state and the states of its neighbors (consensus) and by accounting for the new observations (innovation). We assume Gaussian, spatially correlated observations. We allow the underlying network be time varying, provided that the graph that collects the union of links that are online at least once over a finite time window is connected. This paper shows through large deviations that, under stated assumptions on the network connectivity and sensors' observations, the running consensus detection asymptotically approaches in performance the optimal centralized detection. That is, the Bayes probability of detection error (with the running consensus detector) decays exponentially to zero as k goes to infinity at the Chernoff information rate-the best achievable rate of the asymptotically optimal centralized detector.
△ Less
Submitted 25 October, 2010;
originally announced October 2010.