Typical cooperative multi-agent systems (MASs) exchange information to coordinate their motion in proximity-based control consensus schemes to complete a common objective. However, in the event of faults or cyber attacks to on-board positioning sensors of agents, global control performance may be compromised resulting in a hijacking of the entire MAS. For systems that operate in unknown or landmark-free environments (e.g., open terrain, sea, or air) and also beyond range/proximity sensing of nearby agents, compromised agents lose localization capabilities. To maintain resilience in these scenarios, we propose a method to recover compromised agents by utilizing Received Signal Strength Indication (RSSI) from nearby agents (i.e., mobile landmarks) to provide reliable position measurements for localization. To minimize estimation error: i) a multilateration scheme is proposed to leverage RSSI and position information received from neighboring agents as mobile landmarks and ii) a Kalman filtering method adaptively updates the unknown RSSI-based position measurement covariance matrix at runtime that is robust to unreliable state estimates. The proposed framework is demonstrated with simulations on MAS formations in the presence of faults and cyber attacks to on-board position sensors.
@inproceedings{Bonczek_ACC23,abbr={ACC},bibtex_show={true},author={Bonczek, Paul J and Bezzo, Nicola},booktitle={2023 American Control Conference (ACC)},title={RSSI-based Localization with Adaptive Noise Covariance Estimation for Resilient Multi-Agent Formations},year={2023},volume={},number={},pages={4215-4222},doi={10.23919/ACC55779.2023.10156301},pdf={https://ieeexplore.ieee.org/document/10156301}}
2022
IROS
Resilient Detection and Recovery of Autonomous Systems Operating under On-board Controller Cyber Attacks
Paul J Bonczek, and Nicola Bezzo
In IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS), 2022
Cyber-attacks, failures, and implementation errors inside the controller of an autonomous system can affect its correct behavior leading to unsafe states and degraded performance. In this paper, we focus on such problems specifically on cyber-attacks that manipulate controller parameters like the gains in a feedback controller or that triggers different behaviors or block inputs based on specific values of the state and tracking error. If such attacks are undetected, they can lead to the partial or complete loss of system’s control authority, resulting in a hijacking and leading the autonomous system towards unforeseen states. To deal with this problem, we propose a runtime monitoring and recovery scheme in which: 1) we leverage the residual between the expected and the received measurements to detect inconsistencies in the generated inputs and 2) provide a recovery method for counteracting the malicious effects to allow for resilient operations by manipulating the reference signal and state vector provided to the system to avoid the affected regions in the state and error space. We validate our approach with Matlab simulations and experiments on unmanned ground vehicles resiliently performing operations in the presence of malicious attacks to on-board controllers.
@inproceedings{Bonczek_IROS2022,abbr={IROS},bibtex_show={true},author={Bonczek, Paul J and Bezzo, Nicola},booktitle={IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS)},title={Resilient Detection and Recovery of Autonomous Systems Operating under On-board Controller Cyber Attacks},year={2022},volume={},number={},pages={1741-1747},doi={10.1109/IROS47612.2022.9981844},pdf={https://ieeexplore.ieee.org/document/9981844},selected={true}}
T-RO
Detection of Nonrandom Sign-Based Behavior for Resilient Coordination of Robotic Swarms
Paul J Bonczek,
Rahul Peddi,
Shijie Gao, and Nicola Bezzo
Cooperative multirobot systems coordinate their motion by exchanging information through consensus schemes to achieve a common goal. In the event of stealthy cyber attacks, compromised measurements and communication broadcasts can hijack a portion or the entire system toward undesired states. However, in order for these attacks to be effective, they have to exhibit nonrandom characteristics that contradict the expected multirobot system behavior. To deal with these hidden attacks, we propose a runtime monitoring framework that considers the signed residual, defined as the difference between the expected and the received information to identify and isolate unexpected nonrandom behavior within the multirobot system. Specifically, the technique that we propose—named Cumulative Sign detector—monitors and compares changes in signed values of residual with their expected occurrences to detect inconsistencies and trigger alarms when an attack is discovered. Our results are validated theoretically by providing detection bounds and are demonstrated with simulations and experiments on swarms of unmanned ground vehicles under different attacks in comparison with state-of-the-art residual-based detection schemes.
@article{Bonczek_TRO,abbr={T-RO},bibtex_show={true},author={Bonczek, Paul J and Peddi, Rahul and Gao, Shijie and Bezzo, Nicola},journal={IEEE Transactions on Robotics},title={Detection of Nonrandom Sign-Based Behavior for Resilient Coordination of Robotic Swarms},year={2022},volume={38},number={1},pages={92-109},doi={10.1109/TRO.2021.3139592},pdf={https://ieeexplore.ieee.org/document/9686360},selected={true}}
2021
IROS
Detection and Inference of Randomness-based Behavior for Resilient Multi-vehicle Coordinated Operations
Paul J Bonczek, and Nicola Bezzo
In IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS), 2021
A resilient multi-vehicle system cooperatively performs tasks by exchanging information, detecting, and removing cyber attacks that have the intent of hijacking or diminishing performance of the entire system. In this paper, we propose a framework to: i) detect and isolate misbehaving vehicles in the network, and ii) securely encrypt information among the network to alert and attract nearby vehicles toward points of interest in the environment without explicitly broadcasting safety-critical information. To accomplish these goals, we lever-age a decentralized virtual spring-damper mesh physics model for formation control on each vehicle. To discover inconsistent behavior of any vehicle in the network, we consider an approach that monitors for changes in sign behavior of an inter-vehicle residual that does not match with an expectation. Similarly, to disguise important information and trigger vehicles to switch to different behaviors, we leverage side-channel information on the state of the vehicles and characterize a hidden spring-damper signature model detectable by neighbor vehicles. Our framework is demonstrated in simulation and experiments on formations of unmanned ground vehicles (UGVs) in the presence of malicious man-in-the-middle communication attacks.
@inproceedings{Bonczek_IROS2021,abbr={IROS},bibtex_show={true},author={Bonczek, Paul J and Bezzo, Nicola},booktitle={IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS)},title={Detection and Inference of Randomness-based Behavior for Resilient Multi-vehicle Coordinated Operations},year={2021},volume={},number={},pages={5844-5850},doi={10.1109/IROS51168.2021.9635899},pdf={https://arxiv.org/pdf/2104.15101.pdf},selected={true}}
ACC
Detection of Hidden Attacks on Cyber-Physical Systems from Serial Magnitude and Sign Randomness Inconsistencies
Stealthy false data injection attacks on cyber-physical systems (CPSs) introduce erroneous measurement information to on-board sensors with the purpose to degrade system performance. An intelligent attacker is able to leverage knowledge of the system model and noise characteristics to alter sensor measurements while remaining undetected. To achieve this objective, the stealthy attack sequence is designed such that the detector performs similarly in the attacked and attack-free cases. Consequently, an attacker that wants to remain hidden will leave behind traces of inconsistent behavior, contradicting the system model. To deal with this problem, we propose a runtime monitor to find these inconsistencies in sensor measurements by monitoring for serial inconsistencies of the detection test measure. Specifically, we employ the chi-square fault detection procedure to monitor the magnitude and signed sequence of its chi-square test measure. We validate our approach with simulations on an unmanned ground vehicle (UGV) under stealthy attacks and compare the detection performance with various state-of-the-art anomaly detectors.
@inproceedings{Bonczek_ACC2021,abbr={ACC},bibtex_show={true},author={Bonczek, Paul J and Bezzo, Nicola},booktitle={American Control Conference (ACC)},title={Detection of Hidden Attacks on Cyber-Physical Systems from Serial Magnitude and Sign Randomness Inconsistencies},year={2021},volume={},number={},pages={3281-3287},doi={10.23919/ACC50511.2021.9482962},pdf={https://arxiv.org/pdf/2104.15097.pdf},selected={true}}
2020
IFAC
Memoryless Cumulative Sign Detector for Stealthy CPS Sensor Attacks
Paul J Bonczek, and Nicola Bezzo
In 21st International Federation on Automatic Control (IFAC) World Congress, 2020
Stealthy false data injection attacks on cyber-physical systems introduce erroneous measurements onto sensors with the intent to degrade system performance. An intelligent attacker can design stealthy attacks with knowledge of the system model and noise characteristics to evade detection from state-of-the-art fault detectors by remaining within detection thresholds. However, during these hidden attacks, an attacker with the intention of hijacking a system will leave traces of non-random behavior that contradict with the expectation of the system model. Given these premises, in this paper we propose a run-time monitor called Cumulative Sign (CUSIGN) detector, for identifying stealthy falsified measurements by identifying if measurements are no longer behaving in a random manner. Specifically, our proposed CUSIGN monitor considers the changes in sign of the measurement residuals and their expected occurrence in order to detect if a sensor could be compromised. Moreover, our detector is designed to be a memoryless procedure, eliminating the need to store large sequences of data for attack detection. We characterize the detection capabilities of the proposed CUSIGN technique following the well-known X2 failure detection scheme. Additionally, we show the advantage of augmenting CUSIGN to the model-based Cumulative Sum (CUSUM) detector, which provides magnitude bounds on attacks, for enhanced detection of sensor spoofing attacks. Our approach is validated with simulations on an unmanned ground vehicle (UGV) during a navigation case study.
@inproceedings{Bonczek_IFAC2020,abbr={IFAC},bibtex_show={true},author={Bonczek, Paul J and Bezzo, Nicola},booktitle={21st International Federation on Automatic Control (IFAC) World Congress},title={Memoryless Cumulative Sign Detector for Stealthy CPS Sensor Attacks},year={2020},volume={53},number={2},pages={838-844},doi={10.1016/j.ifacol.2020.12.840},pdf={https://www.sciencedirect.com/science/article/pii/S2405896320311642}}
ACC
Model-based Randomness Monitor for Stealthy Sensor Attacks
Malicious attacks on modern autonomous cyber-physical systems (CPSs) can leverage information about the system dynamics and noise characteristics to hide while hijacking the system toward undesired states. Given attacks attempting to hide within the system noise profile to remain undetected, an attacker with the intent to hijack a system will alter sensor measurements, contradicting with what is expected by the system’s model. To deal with this problem, in this paper we present a framework to detect non-randomness in sensor measurements on CPSs under the effect of sensor attacks. Specifically, we propose a run-time monitor that leverages two statistical tests, the Wilcoxon Signed-Rank test and Serial Independence Runs test to detect inconsistent patterns in the measurement data. For the proposed statistical tests we provide formal guarantees and bounds for attack detection. We validate our approach through simulations and experiments on an unmanned ground vehicle (UGV) under stealthy attacks and compare our framework with other anomaly detectors.
@inproceedings{Bonczek_ACC2020,abbr={ACC},bibtex_show={true},author={Bonczek, Paul J and Gao, Shijie and Bezzo, Nicola},booktitle={American Control Conference (ACC)},title={Model-based Randomness Monitor for Stealthy Sensor Attacks},year={2020},volume={},number={},pages={2036-2042},doi={10.23919/ACC45564.2020.9147412},pdf={https://ieeexplore.ieee.org/document/9147412}}