IROS 2022

This work has been accepted to the IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS) 2022! Many of our simulation and experiment results can be found in this link to our lab website.

Abstract: Cyber-attacks, failures, and implementation errors inside the controller of an autonomous system can affect its correct behavior leading to unsafe states and degraded performance. In this paper we focus on such problems specifically on cyber-attacks that manipulate feedback control parameters that trigger different behaviors or block inputs based on specific values of the state and tracking error. If such attacks are undetected they can lead to the partial or complete loss of system's control authority hijacking and leading the autonomous system towards unforeseen states. To deal with this problem, we propose a runtime monitoring and recovery scheme in which: 1) we leverage the residual between the expected and the received measurements to detect inconsistencies in the generated inputs and 2) provide a recovery method for counteracting the malicious effects to allow for resilient operations by manipulating the reference signal and state vector provided to the system and avoid the affected regions in the state and error space. We validate our approach with extensive Matlab simulations and experiments on unmanned ground vehicles (UGVs) resiliently performing operations in the presence of malicious attacks to on-board controllers.

Present-day autonomous robotic systems possess increased complexities to support an expanded array of computers and sensors to assist in advanced capabilities such as navigation, warehouse logistics, and industrial operations, towards truly unmanned operations. With such complexity, however, comes higher risks of malicious cyber attacks due to their unsupervised, autonomous applications and the numerous entry points to implement an attack.

While the vast majority of the literature in robotics and cyber-physical systems security deal primarily with attacks on the sensing and communication infrastructure of a system, in this work we consider attacks that interfere with the control logic to hijack a system. For this class of attacks, parameter gains within a controller can be altered to trigger a different behavior under certain states or tracking errors.

A cyber-attack on the on-board controller can cause inconsistencies from the expectation of this input-output model, leading to observable deviations from its nominal behavior. To this end we consider a residual-based monitoring approach that leverages the chi-square detection scheme to reduce the residual vector into a scalar test measure to detect controller integrity inconsistencies. Regions of the state space or the tracking error space that are deemed compromised are monitored for future operations to avoid them. A compensator to alter information provided to the controller (i.e., reference signal and state vector) is built to avoid any compromised regions within the state or tracking error space. Moreover, to deal with this problem of maintaining desirable control performance during operations, the altered information is designed to minimize the difference in the compensated control input signal in comparison to the originally intended (but compromised) control input.

The contribution of this work is twofold: 1) a detection framework to discover compromised regions of the state or tracking error space within a controller that cause anomalous system behavior and 2) a compensator that alters the reference signal and state information provided to the controller in order to bypass compromised regions to achieve desired control performance to resiliently continue operations.