针对隐蔽学习攻击者的安全验证

IF 4.8 2区计算机科学 Q1 AUTOMATION & CONTROL SYSTEMS

Automatica Pub Date : 2025-04-25 DOI:10.1016/j.automatica.2025.112344

Ruochen Tai , Liyong Lin , Rong Su

{"title":"针对隐蔽学习攻击者的安全验证","authors":"Ruochen Tai , Liyong Lin , Rong Su","doi":"10.1016/j.automatica.2025.112344","DOIUrl":null,"url":null,"abstract":"<div><div>This work investigates the security verification problem against covert learning attackers. These are attackers that do not know the supervisor model and thus may require passive learning by collecting observations of the system’s runs. From the attacker’s point of view, any supervisor consistent with the set of observations may have been deployed; thus, a successful attacker needs to remain covert and inflict damage against every supervisor consistent with the set of observations. In such a setting, a supervisor is said to be secure if no covert learning attacker can be successful. We then consider two different setups for the security verification. In the first setup, the attacker can only observe plant events. It is shown that the security verification in this setup can be reduced to verifying the existence of an attacker that is covert and damage-reachable against every supervisor that is consistent with the monitor language (without an explicit tracking of control commands). This is then solved by extending the existing observation-assisted covert attacker synthesis algorithm to the case where the set of observations is a regular set captured by a finite-state automaton. In the second setup, the attacker can observe both plant events and control commands. For this setup, we construct a new structure called unique monitor-embedded bipartite supervisor and prove that the security verification problem can be reduced to checking the existence of an attacker that is covert and damage-reachable against the unique monitor-embedded bipartite supervisor, which can be solved by invoking the existing covert attacker synthesis algorithm against a given supervisor whose model is known to the attacker.</div></div>","PeriodicalId":55413,"journal":{"name":"Automatica","volume":"177 ","pages":"Article 112344"},"PeriodicalIF":4.8000,"publicationDate":"2025-04-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Security verification against covert learning attackers\",\"authors\":\"Ruochen Tai , Liyong Lin , Rong Su\",\"doi\":\"10.1016/j.automatica.2025.112344\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>This work investigates the security verification problem against covert learning attackers. These are attackers that do not know the supervisor model and thus may require passive learning by collecting observations of the system’s runs. From the attacker’s point of view, any supervisor consistent with the set of observations may have been deployed; thus, a successful attacker needs to remain covert and inflict damage against every supervisor consistent with the set of observations. In such a setting, a supervisor is said to be secure if no covert learning attacker can be successful. We then consider two different setups for the security verification. In the first setup, the attacker can only observe plant events. It is shown that the security verification in this setup can be reduced to verifying the existence of an attacker that is covert and damage-reachable against every supervisor that is consistent with the monitor language (without an explicit tracking of control commands). This is then solved by extending the existing observation-assisted covert attacker synthesis algorithm to the case where the set of observations is a regular set captured by a finite-state automaton. In the second setup, the attacker can observe both plant events and control commands. For this setup, we construct a new structure called unique monitor-embedded bipartite supervisor and prove that the security verification problem can be reduced to checking the existence of an attacker that is covert and damage-reachable against the unique monitor-embedded bipartite supervisor, which can be solved by invoking the existing covert attacker synthesis algorithm against a given supervisor whose model is known to the attacker.</div></div>\",\"PeriodicalId\":55413,\"journal\":{\"name\":\"Automatica\",\"volume\":\"177 \",\"pages\":\"Article 112344\"},\"PeriodicalIF\":4.8000,\"publicationDate\":\"2025-04-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Automatica\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0005109825002377\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"AUTOMATION & CONTROL SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Automatica","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0005109825002377","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"AUTOMATION & CONTROL SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

本文研究了针对隐蔽学习攻击者的安全验证问题。这些攻击者不知道管理器模型，因此可能需要通过收集系统运行的观察来被动学习。从攻击者的角度来看，任何与观察结果一致的监控程序都可能已经被部署；因此，一个成功的攻击者需要保持隐蔽，并对每一个与观察结果一致的管理者造成损害。在这样的设置中，如果没有隐蔽的学习攻击者可以成功，那么主管被认为是安全的。然后我们考虑两种不同的安全验证设置。在第一个设置中，攻击者只能观察植物事件。结果表明，该设置中的安全验证可以简化为验证攻击者的存在，该攻击者是隐蔽的，并且可以针对与监视器语言一致的每个监视器（没有对控制命令的显式跟踪）进行破坏。然后通过将现有的观测辅助隐蔽攻击者合成算法扩展到观测集是由有限状态自动机捕获的规则集的情况来解决这个问题。在第二种设置中，攻击者可以同时观察工厂事件和控制命令。对于这种设置，我们构造了一个称为唯一监视器-嵌入式二部监督器的新结构，并证明了安全验证问题可以简化为针对唯一监视器-嵌入式二部监督器检查是否存在隐蔽且可达的攻击者，这可以通过调用现有的隐蔽攻击者综合算法来解决，针对攻击者已知模型的给定监督器。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Security verification against covert learning attackers

This work investigates the security verification problem against covert learning attackers. These are attackers that do not know the supervisor model and thus may require passive learning by collecting observations of the system’s runs. From the attacker’s point of view, any supervisor consistent with the set of observations may have been deployed; thus, a successful attacker needs to remain covert and inflict damage against every supervisor consistent with the set of observations. In such a setting, a supervisor is said to be secure if no covert learning attacker can be successful. We then consider two different setups for the security verification. In the first setup, the attacker can only observe plant events. It is shown that the security verification in this setup can be reduced to verifying the existence of an attacker that is covert and damage-reachable against every supervisor that is consistent with the monitor language (without an explicit tracking of control commands). This is then solved by extending the existing observation-assisted covert attacker synthesis algorithm to the case where the set of observations is a regular set captured by a finite-state automaton. In the second setup, the attacker can observe both plant events and control commands. For this setup, we construct a new structure called unique monitor-embedded bipartite supervisor and prove that the security verification problem can be reduced to checking the existence of an attacker that is covert and damage-reachable against the unique monitor-embedded bipartite supervisor, which can be solved by invoking the existing covert attacker synthesis algorithm against a given supervisor whose model is known to the attacker.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Automatica 工程技术-工程：电子与电气

CiteScore

10.70

自引率

7.80%

发文量

617

审稿时长

5 months

期刊介绍： Automatica is a leading archival publication in the field of systems and control. The field encompasses today a broad set of areas and topics, and is thriving not only within itself but also in terms of its impact on other fields, such as communications, computers, biology, energy and economics. Since its inception in 1963, Automatica has kept abreast with the evolution of the field over the years, and has emerged as a leading publication driving the trends in the field. After being founded in 1963, Automatica became a journal of the International Federation of Automatic Control (IFAC) in 1969. It features a characteristic blend of theoretical and applied papers of archival, lasting value, reporting cutting edge research results by authors across the globe. It features articles in distinct categories, including regular, brief and survey papers, technical communiqués, correspondence items, as well as reviews on published books of interest to the readership. It occasionally publishes special issues on emerging new topics or established mature topics of interest to a broad audience. Automatica solicits original high-quality contributions in all the categories listed above, and in all areas of systems and control interpreted in a broad sense and evolving constantly. They may be submitted directly to a subject editor or to the Editor-in-Chief if not sure about the subject area. Editorial procedures in place assure careful, fair, and prompt handling of all submitted articles. Accepted papers appear in the journal in the shortest time feasible given production time constraints.