Security verification against covert learning attackers

IF 4.8 2区计算机科学 Q1 AUTOMATION & CONTROL SYSTEMS

Automatica Pub Date : 2025-04-25 DOI:10.1016/j.automatica.2025.112344

Ruochen Tai , Liyong Lin , Rong Su

{"title":"Security verification against covert learning attackers","authors":"Ruochen Tai , Liyong Lin , Rong Su","doi":"10.1016/j.automatica.2025.112344","DOIUrl":null,"url":null,"abstract":"<div><div>This work investigates the security verification problem against covert learning attackers. These are attackers that do not know the supervisor model and thus may require passive learning by collecting observations of the system’s runs. From the attacker’s point of view, any supervisor consistent with the set of observations may have been deployed; thus, a successful attacker needs to remain covert and inflict damage against every supervisor consistent with the set of observations. In such a setting, a supervisor is said to be secure if no covert learning attacker can be successful. We then consider two different setups for the security verification. In the first setup, the attacker can only observe plant events. It is shown that the security verification in this setup can be reduced to verifying the existence of an attacker that is covert and damage-reachable against every supervisor that is consistent with the monitor language (without an explicit tracking of control commands). This is then solved by extending the existing observation-assisted covert attacker synthesis algorithm to the case where the set of observations is a regular set captured by a finite-state automaton. In the second setup, the attacker can observe both plant events and control commands. For this setup, we construct a new structure called unique monitor-embedded bipartite supervisor and prove that the security verification problem can be reduced to checking the existence of an attacker that is covert and damage-reachable against the unique monitor-embedded bipartite supervisor, which can be solved by invoking the existing covert attacker synthesis algorithm against a given supervisor whose model is known to the attacker.</div></div>","PeriodicalId":55413,"journal":{"name":"Automatica","volume":"177 ","pages":"Article 112344"},"PeriodicalIF":4.8000,"publicationDate":"2025-04-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Automatica","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0005109825002377","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"AUTOMATION & CONTROL SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

This work investigates the security verification problem against covert learning attackers. These are attackers that do not know the supervisor model and thus may require passive learning by collecting observations of the system’s runs. From the attacker’s point of view, any supervisor consistent with the set of observations may have been deployed; thus, a successful attacker needs to remain covert and inflict damage against every supervisor consistent with the set of observations. In such a setting, a supervisor is said to be secure if no covert learning attacker can be successful. We then consider two different setups for the security verification. In the first setup, the attacker can only observe plant events. It is shown that the security verification in this setup can be reduced to verifying the existence of an attacker that is covert and damage-reachable against every supervisor that is consistent with the monitor language (without an explicit tracking of control commands). This is then solved by extending the existing observation-assisted covert attacker synthesis algorithm to the case where the set of observations is a regular set captured by a finite-state automaton. In the second setup, the attacker can observe both plant events and control commands. For this setup, we construct a new structure called unique monitor-embedded bipartite supervisor and prove that the security verification problem can be reduced to checking the existence of an attacker that is covert and damage-reachable against the unique monitor-embedded bipartite supervisor, which can be solved by invoking the existing covert attacker synthesis algorithm against a given supervisor whose model is known to the attacker.

查看原文本刊更多论文

求助全文

约1分钟内获得全文求助全文

来源期刊

Automatica 工程技术-工程：电子与电气

CiteScore

10.70

自引率

7.80%

发文量

617

审稿时长

5 months

期刊介绍： Automatica is a leading archival publication in the field of systems and control. The field encompasses today a broad set of areas and topics, and is thriving not only within itself but also in terms of its impact on other fields, such as communications, computers, biology, energy and economics. Since its inception in 1963, Automatica has kept abreast with the evolution of the field over the years, and has emerged as a leading publication driving the trends in the field. After being founded in 1963, Automatica became a journal of the International Federation of Automatic Control (IFAC) in 1969. It features a characteristic blend of theoretical and applied papers of archival, lasting value, reporting cutting edge research results by authors across the globe. It features articles in distinct categories, including regular, brief and survey papers, technical communiqués, correspondence items, as well as reviews on published books of interest to the readership. It occasionally publishes special issues on emerging new topics or established mature topics of interest to a broad audience. Automatica solicits original high-quality contributions in all the categories listed above, and in all areas of systems and control interpreted in a broad sense and evolving constantly. They may be submitted directly to a subject editor or to the Editor-in-Chief if not sure about the subject area. Editorial procedures in place assure careful, fair, and prompt handling of all submitted articles. Accepted papers appear in the journal in the shortest time feasible given production time constraints.