Page 86 - RAC_CIAW_ a_I_n_01

Page 86 - RAC_CIAW_ a_I_n_01_2021.pdf

P. 86

distribution. Therefore, P mod results from the displace-
ment of the individuals of P in the directions defined
by the vector (P − P ). The crossover stage creates
hist
P new . To do so, it randomly combines the individuals of
P and P following a uniform distribution.
mod
Finally, the Selection-II stage creates the final ver-
sion of the BSA population in a given iteration. First,
it evaluates the individuals of P based on the objec-
new
tive function ℱ. Then, it selects the elements of P
new Fig. 1. Controlled data loss attack in the NCS links.
with better fitness than those in P and replaces them
in P. So, this operation inserts in P only new individu-
als that evolved in the current iteration. The algorithm According to [7], one way to harm a plant and
continues iterating until the stopping condition is met, degrade its functioning, for instance, is by causing
when it returns the best solution found. overshoots on it. Indeed, overshoots can cause stress
on several physical systems, reduce their performance,
as well as cause damages. In the original approach, to
cause the intended overshot on the plant, the attack
uses an evolutionary algorithm (BSA) to find a suitable
sequence of frames that need to be dropped (referred
to as attack solution) due to the attacker’s action. Des-
pite the high attack accuracy obtained in [7] and the
significantly reduced number of frames that the atta-
cker needs to cause the loss in the original approach,
it is shown here that there is still room to optimize it.
Consider that S = { ( ), ( + 1), …, ( + ℎ − 1)}
ct
and S = { ( ), ( + 1), …, ( + ℎ − 1)} are sets of
fb
frames of the control and feedback signals, respective-
ly. Each set contains a sequence of h frames and each
OPTIMIZED DATA LOSS ATTACK frame carries one sample of the control/feedback sig-

This section presents a strategy capable of optimi- nal. Among these frames the attacker needs to choose
zing the stealth controlled data loss attack originally the specific ones that must be lost to cause the intended
described in [7], making it more efficient and subtle. overshoot on the plant. Now, let W = {b , b , …,
ct,1
ct,0
ct
The original attack was designed to produce harmful b ct,h-1 ,} and W = {b , b , …, b fb,h-1 ,} be words of h
fb,1
fb
fb,0
changes in plant behavior by causing the loss of few bits used to denote the frames of S and S respective-
ct
fb
selected frames in the communication links of a Line- ly, that should be lost or preserved from the attacker’s
ar Time-Invariant (LTI) Networked Control System perspective. A bit of [W , W ] is set to 1 if the attacker
ct
fb
(NCS). Its design takes special care to avoid the indis- should preserve the corresponding frame in [S , S ].
fb
ct
criminate loss of frames in the NCS, as well as to avoid Contrariwise, the bit is set to 0 if the attacker should
the complete denial of communication (which would cause the loss of the corresponding frame in [S , S ].
ct
fb
facilitate the disclosure of the attack). In such attack In [7], originally, the challenge to be solved by the
model, to cause selective loss of frames and produce attacker is to find an attack solution [W , W ] that
ct
fb
specific malicious behaviors in the plant, the attacker causes the intended overshoot on the plant. Here the
needs access to the links through which the control and challenge is increased, consisting of finding the words
feedback signals are transmitted, as shown in Fig. 1. [W , W ] that causes the intended overshoot on the
ct fb
plant, also reducing the number of frames to be lost.
In this paper, this task is performed by two alternative
soft computing approaches (the optimization algori-
thms PSO and BSA), which are compared.
In this sense, let x = [W , W ] be the coordi-
j ct, j fb, j
86 REVISTA ACADÊMICA CIENTÍFICA DO CIAW

81 82 83 84 85 86 87 88 89 90