Monitor-Based Supervisory Control of Labeled Petri Nets Under Sensor Attacks

IF 6.4 2区计算机科学 Q1 AUTOMATION & CONTROL SYSTEMS

IEEE Transactions on Automation Science and Engineering Pub Date : 2024-12-03 DOI:10.1109/TASE.2024.3506574

Ziliang Zhang;Gaiyun Liu;Dimitri Lefebvre;Zhiwu Li

{"title":"Monitor-Based Supervisory Control of Labeled Petri Nets Under Sensor Attacks","authors":"Ziliang Zhang;Gaiyun Liu;Dimitri Lefebvre;Zhiwu Li","doi":"10.1109/TASE.2024.3506574","DOIUrl":null,"url":null,"abstract":"In this paper we investigate a supervisory control problem of discrete event systems under attacks. Specially, we consider a type of sensor deception attacks, called replacement attacks, under which the intruder confuses the observation of events by substituting the occurrence of an observation with another. We use labeled Petri nets as the reference formalism to model a discrete event system and represent control specifications in terms of generalized mutual exclusion constraints (GMECs). The concept of a monitor function is proposed to describe the satisfiability of GMECs given an observation by counting the number of occurrences of each label. Due to the existence of attacks, some labels generated by a plant are prone to be altered by an attacker, interfering with a supervisor such that it cannot make correct control decisions. For assisting the monitor function to estimate the number of occurrences of those altered-prone labels, generated by the plant, the notion of label dependency is introduced. Accordingly, a monitor-based supervisor is designed with low online computational effort, avoiding the marking estimation or the reachability analysis of the system. It is verified that the proposed supervisor not only enforces all GMECs no matter whether or not replacement attacks occur, but also keeps the system's behavior as permissive as possible. Note to Practitioners—Cyber physical systems (CPSs) have exhibited multifaceted applications in various fields such as process control systems, smart grids, distributed robotics, autonomous vehicles. Due to the over-reliance on communication networks, CPSs are vulnerable to attacks that can tamper the data collection processes and interfere safety critical decision making processes, resulting in catastrophic damages to the systems. In the frame of discrete event systems, most of existing supervisory control strategies of CPSs under attacks rely on an exhaustive reachability analysis, which is computationally expensive, making such approaches hardly applicable to large systems. In order to address this issue, this work considers a type of sensor deception attacks, called replacement attacks, and proposes a monitor-based supervisor policy, enforcing the control specifications of the systems in the presence of replacement attacks. Without requiring tedious analysis, the designed online supervisor has low computational effort and control decisions only depend on a direct analysis of the observation sequence.","PeriodicalId":51060,"journal":{"name":"IEEE Transactions on Automation Science and Engineering","volume":"22 ","pages":"9388-9403"},"PeriodicalIF":6.4000,"publicationDate":"2024-12-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Automation Science and Engineering","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10772482/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"AUTOMATION & CONTROL SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

In this paper we investigate a supervisory control problem of discrete event systems under attacks. Specially, we consider a type of sensor deception attacks, called replacement attacks, under which the intruder confuses the observation of events by substituting the occurrence of an observation with another. We use labeled Petri nets as the reference formalism to model a discrete event system and represent control specifications in terms of generalized mutual exclusion constraints (GMECs). The concept of a monitor function is proposed to describe the satisfiability of GMECs given an observation by counting the number of occurrences of each label. Due to the existence of attacks, some labels generated by a plant are prone to be altered by an attacker, interfering with a supervisor such that it cannot make correct control decisions. For assisting the monitor function to estimate the number of occurrences of those altered-prone labels, generated by the plant, the notion of label dependency is introduced. Accordingly, a monitor-based supervisor is designed with low online computational effort, avoiding the marking estimation or the reachability analysis of the system. It is verified that the proposed supervisor not only enforces all GMECs no matter whether or not replacement attacks occur, but also keeps the system's behavior as permissive as possible. Note to Practitioners—Cyber physical systems (CPSs) have exhibited multifaceted applications in various fields such as process control systems, smart grids, distributed robotics, autonomous vehicles. Due to the over-reliance on communication networks, CPSs are vulnerable to attacks that can tamper the data collection processes and interfere safety critical decision making processes, resulting in catastrophic damages to the systems. In the frame of discrete event systems, most of existing supervisory control strategies of CPSs under attacks rely on an exhaustive reachability analysis, which is computationally expensive, making such approaches hardly applicable to large systems. In order to address this issue, this work considers a type of sensor deception attacks, called replacement attacks, and proposes a monitor-based supervisor policy, enforcing the control specifications of the systems in the presence of replacement attacks. Without requiring tedious analysis, the designed online supervisor has low computational effort and control decisions only depend on a direct analysis of the observation sequence.

查看原文本刊更多论文

传感器攻击下基于监控的标记Petri网监控

研究了攻击下离散事件系统的监督控制问题。特别地，我们考虑了一种称为替换攻击的传感器欺骗攻击，在这种攻击下，入侵者通过用另一种观察代替另一种观察来混淆对事件的观察。我们使用标记Petri网作为参考形式来建模离散事件系统，并根据广义互斥约束（GMECs）表示控制规范。提出了监测功能的概念，通过计算每个标签的出现次数来描述给定观察的gmc的满意程度。由于攻击的存在，工厂产生的一些标签很容易被攻击者改变，从而干扰主管，使其无法做出正确的控制决策。为了帮助监测功能估计由工厂产生的那些容易改变的标签的出现次数，引入了标签依赖的概念。因此，设计了基于监控器的监控器，在线计算量小，避免了系统的评分估计和可达性分析。验证了所提出的监管机构不仅执行所有的gmc，无论是否发生替代攻击，而且还保持系统的行为尽可能宽松。网络物理系统（cps）在过程控制系统、智能电网、分布式机器人、自动驾驶汽车等各个领域展示了多方面的应用。由于过度依赖通信网络，cps容易受到攻击，这些攻击可以篡改数据收集过程，干扰安全关键决策过程，从而对系统造成灾难性的破坏。在离散事件系统的框架下，现有的攻击下cps的监控策略大多依赖于详尽的可达性分析，计算成本高，难以适用于大型系统。为了解决这个问题，本工作考虑了一种称为替换攻击的传感器欺骗攻击，并提出了一种基于监视器的主管策略，在存在替换攻击时强制执行系统的控制规范。设计的在线监控器不需要繁琐的分析，计算量低，控制决策只依赖于对观测序列的直接分析。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Automation Science and Engineering 工程技术-自动化与控制系统

CiteScore

12.50

自引率

14.30%

发文量

404

审稿时长

3.0 months

期刊介绍： The IEEE Transactions on Automation Science and Engineering (T-ASE) publishes fundamental papers on Automation, emphasizing scientific results that advance efficiency, quality, productivity, and reliability. T-ASE encourages interdisciplinary approaches from computer science, control systems, electrical engineering, mathematics, mechanical engineering, operations research, and other fields. T-ASE welcomes results relevant to industries such as agriculture, biotechnology, healthcare, home automation, maintenance, manufacturing, pharmaceuticals, retail, security, service, supply chains, and transportation. T-ASE addresses a research community willing to integrate knowledge across disciplines and industries. For this purpose, each paper includes a Note to Practitioners that summarizes how its results can be applied or how they might be extended to apply in practice.