Abstract

Translate

This article addresses the optimal scheduling problem for linear deception attacks in multi-channel cyber–physical systems. The scenario where the attacker can only attack part of the channels due to energy constraints is considered. The effectiveness and stealthiness of attacks are quantified using state estimation error and Kullback–Leibler divergence, respectively. Unlike existing strategies relying on zero-mean Gaussian distributions, we propose a generalized attack model with Gaussian distributions characterized by time-varying means. Based on this model, an optimal stealthy attack strategy is designed to maximize remote estimation error while ensuring stealthiness. By analyzing correlations among variables in the objective function, the solution is decomposed into a semi-definite programming problem and a 0–1 programming problem. This approach yields the modified innovation and an attack scheduling matrix. Finally, numerical simulations validate the theoretical results.

Full text

Turn on search term navigation

Translate

1. Introduction

Cyber–physical systems (CPSs) seamlessly merge computational processes with physical components via real-time networked communication, thereby achieving coordinated collection, processing, and exchange of information [1]. These systems have demonstrated broad applicability across diverse domains [2,3], including vehicle platooning [4], smart grid management [5], and healthcare systems [6]. However, cyberattacks targeting communication channels can destabilize CPSs by compromising their operational integrity. Notable cybersecurity incidents, such as the Stuxnet virus [7] and the Maroochy water services breach [8], further highlight these vulnerabilities. Consequently, the security of CPSs has become a critical research focus.

Attack detection schemes are predominantly categorized into knowledge-driven and data-driven methodologies [9]. Among knowledge-driven systems, residual-based statistical methods stand out as one of the most representative detection strategies. Common implementations include the Chi-square ( $χ^{2}$ ) detector, Euclidean detector, Kullback–Leibler divergence (KLD) detector and so on. The core principle involves generating a residual sequence by comparing sensor measurements with system estimations, followed by evaluating this residual against predefined thresholds to identify potential attacks. For data-driven approaches, machine learning (ML) and deep learning (DL) techniques are employed to model behavioral patterns in CPS. Attacks are flagged when significant deviations arise between observed data and model-predicted associations. ML algorithms, such as support vector machines (SVM), logistic regression, naïve Bayes, K-means clustering, and decision trees, utilize training data to achieve sophisticated pattern-matching capabilities. Notably, Aldallal et al. proposed a hybrid intrusion detection model that synergistically integrates the classification precision of the SVM with the global optimization capability of the genetic algorithm (GA) [10]. By employing a novel fitness function to optimize accuracy evaluation in cloud computing environments, this methodology not only addresses cloud attack detection challenges but also maintains adaptability to evolving dynamic threats.

Existing research mainly categorizes cyberattacks into two classes: denial-of-service (DoS) and deception attacks. Network communication is blocked in DoS attacks, thereby preventing sensors or actuators from obtaining valid data [11,12]. However, if defensive mechanisms reject transmitted data packets, the attack can be readily detected, thereby minimizing its impact on system performance [13,14,15]. Deception attacks are intentionally crafted by adversaries to intercept and modify in-transit data while maintaining stealthiness, thereby degrading system performance. A seminal study on power grid state estimation first introduced the concept of false data injection (FDI) attacks [16]. Attackers can arbitrarily manipulate state estimation results through two strategies: restricting access to measurement devices or exploiting resource constraints to compromise them. To evade detection by the $χ^{2}$ detector, Guo et al. developed a strictly stealthy attack that preserves identical statistical characteristics before and after the attack [17]. Based on this, Ren et al. proposed an enhanced strictly stealthy attack strategy that incorporates all available historical innovation data [18]. However, deception attacks against $χ^{2}$ detectors constitute a class of highly stealth attacks. Such attacks can be effectively identified through KLD detectors with properly configured thresholds. Yang et al. devised a fully stealthy attack strategy for CPSs with KLD detectors, eliminating the impact of attacks on innovation [19]. Recent studies have widely adopted KLD as a metric to quantify attack stealthiness in CPSs across diverse detector architectures. An $ϵ$ -stealth attack strategy balancing a fixed stealthiness level and maximizing estimating performance loss was developed in [20]. A novel linear attack strategy grounded in innovation was proposed in [21], where the KLD between the original innovation and the modified innovation was employed as a measure of attack stealthiness. The attack strategy sacrifices certain stealth in exchange for improved attack performance. Different from the linear attack strategy that required a zero-mean Gaussian distribution [21], an attack scheme based on the innovation of time-invariant mean Gaussian distribution was proposed in [22].

While the aforementioned studies predominantly address deception attacks in single communication channels, the security of multi-channel systems has emerged as a critical research focus. In [23], a game-theoretic framework was employed to analyze resource allocation strategies for defenders and deception attackers in multi-channel systems. In [24], optimal deception attacks were proposed for systems equipped with $χ^{2}$ detectors. These attack strategies utilized KLD as a stealthiness metric and were designed to meet both strict and relaxed stealthiness criteria. In [25,26], multi-channel systems with fixed attack locations across different time steps were considered, a limitation that significantly reduced the practicality of the proposed strategies. Recently, in [27], under the constraint that the KLD value did not exceed the preset threshold, the real energy constraint of the attacker was considered, which limited the attacker to targeting only some of the channels at each time step. In this way, the switching location attack strategy was optimized. In [28], innovations from different channels were linearly combined to derive the remote estimation error. Multi-channel attacks are inherently more complex than their single-channel counterparts, as attack parameters and scheduling variables need to be carefully balanced to maximize remote estimation error. However, these attack strategies have two limitations: (1) The attack model follows a Gaussian distribution with a fixed mean. (2) The objective function focuses on maximizing the estimation error at a specific time step.

Inspired by this, a linear deception attack model based on a Gaussian distribution with a time-varying mean is established, and the optimal attack scheduling under the attacker’s energy constraints is investigated, with KLD utilized as an indicator of attack stealth. To effectively degrade the estimation effect of the system, the optimal stealthy attack scheme is required to maximize the cumulative estimation error during the attack period while maintaining the stealthiness of the attack. The primary contributions of this study are summarized as follows:

This paper introduces the cumulative estimation error over a finite time horizon as a metric to quantify the impact of attacks on the estimation performance degradation of multi-channel CPSs. This method is more complex and more reasonable, as it accounts for the remote estimation error over the entire attack duration rather than at a specific time point.

An attack model based on the Gaussian distribution with a time-varying mean is proposed. Based on this model, the optimal attack strategy for multi-channel systems is investigated. This approach is more general and more complicated as it introduces more decision variables.

The time-varying covariance of the modified innovation results in a significant increase in estimation error. An algorithm for generating optimal stealthy attacks is proposed, enabling offline calculation of attack scheduling to alleviate the pressure of online calculation.

The rest of the article is constructed as follows. Section 2 reviews the related work in this area. Section 3 considers the system structure and the modeling of the research problem. The key findings and the proposed attack scheme are presented in Section 4. Section 5 simulates relevant theorems. Finally, the paper is summarized in Section 6.

2. Related Work

In this section, we provide a concise summary of recent advances in innovation-based deception attack strategies, including their current research status and application scenarios.

2.1. Research Status

In the previous work [21], the innovation-driven attack model under single-channel CPS was explored to maximize the system estimation error at each moment. In [22], a Gaussian attack strategy with time-invariant mean was proposed to maximize the cumulative estimation error over finite-time horizons. On this basis, in [27,28], the architecture was extended to multi-channel CPSs, and the attack strategies were investigated to maximize the terminal estimation error under energy constraint. A critical limitation arises from the proposed attack strategies’ lack of generality, stemming from their fundamental reliance on constant-mean Gaussian distribution assumptions. Since the attacker has knowledge of the attack’s start and end times, it is reasonable that the objective shifts from maximizing the estimation error at specific time steps to maximizing the cumulative estimation error throughout the attack duration. Nevertheless, the formulation of optimal attack scheduling under this objective has not been addressed in the existing literature. A comprehensive synopsis of the comparison among related works is presented in Table 1.

2.2. Application Scenarios

To enhance the applicability of the attack strategy, discussions are provided for several classic CPS scenarios:

Smart Grid: The proposed optimal attack scheduling can degrade state estimation accuracy by disrupting multi-channel measurement consistency. For wide-area measurement systems (WAMS) with high-frequency sampling, the attack strategy requires further optimization of temporal window parameters to evade dynamic residual-based detection mechanisms.

SCADA Systems: The periodic data transmission characteristics of protocols (e.g., Modbus, DNP3) necessitate synchronization between attack scheduling and data update cycles. While the energy constraint model aligns with resource limitations of attackers in industrial control systems (ICS), additional considerations must address the latency sensitivity of real-time control loops.

Vehicle-to-Everything (V2X) Networks: The strategy can extend to multi-vehicle cooperative attack scenarios. By switching attack channels among different vehicles, it disrupts collaborative perception algorithms in traffic flow while leveraging the time-varying mean model to bypass location-correlation-based detection.

This analysis demonstrates the adaptability of the framework across CPS architectures, with scenario-specific parameter tuning ensuring compatibility with domain-specific communication protocols and defense mechanisms.

3. System Framework and Problem Formulation

This paper studies a CPS with m channels, as illustrated in Figure 1. Each sensor is capable of measuring the state of the relevant process and calculating the corresponding innovation, which is then transmitted to the remote estimator via the associated wireless communication channel. The attackers attempt to intercept and forge transmitted innovation signals, deliberately inducing deviations in state estimation while maintaining stealth characteristics against anomaly detectors. The detailed design of each physical component will be described in the following text.

3.1. Process Model

$H = {1, 2, . . ., m}$ is used to represent the index set of sensors. A linear discrete-time process is considered, and the specific model is described as

(1) $x_{k + 1} = A x_{k} + w_{k},$

(2) $y_{k}^{(i)} = C^{(i)} x_{k} + v_{k}^{(i)},$

where

i \in H

k \in N

is the time step index.

x_{k} \in R^{l}

signifies the state of the process at time k.

y_{k}^{(i)} \in R^{n_{i}}

shows the measurement of sensor i at time k.

A \in R^{l \times l}

and

C^{(i)} \in R^{n_{i} \times l}

are the system matrix and measurement matrix, respectively.

w_{k}

and

v_{k}^{(i)}

are Gaussian noises with covariances

Q \geq 0

and

R^{(i)} \geq 0

, respectively. For any time k, the initial state

x_{0}

satisfies

x_{0} \sim N (0, Π_{0})

, and is independent of

w_{k}

and

v_{k}^{(i)}

3.2. State Estimator

The local sensor first transforms the measurement data into an innovation and then transmits it to the remote estimator via the wireless channel. The remote estimators employ Kalman filters (KFs) to estimate the system state by

(3) ${\hat{x}}_{k}^{(i) -} = A {\hat{x}}_{k - 1}^{(i)},$

(4) $P_{k}^{(i) -} = A P_{k - 1}^{(i)} A^{T} + Q,$

(5) $G_{k}^{(i)} = P_{k}^{(i) -} C^{(i) T} {(C^{(i)} P_{k}^{(i) -} C^{(i) T} + R^{(i)})}^{- 1},$

(6) ${\hat{x}}_{k}^{(i)} = {\hat{x}}_{k}^{(i) -} + G_{k}^{(i)} (y_{k}^{(i)} - C^{(i)} {\hat{x}}_{k}^{(i) -}),$

(7) $P_{k}^{(i)} = (I - G_{k}^{(i)} C^{(i)}) P_{k}^{(i) -},$

where

{\hat{x}}_{k}^{(i) -}

and

{\hat{x}}_{k}^{(i)}

are the priori and posteriori minimum mean square error (MMSE) estimates of state

x_{k}

given by the remote estimator, respectively.

P_{k}^{(i) -}

and

P_{k}^{(i)}

are relevant error covariances, which are expressed as follows:

(8) $P_{k}^{(i) -} ≜ E [(x_{k} - {\hat{x}}_{k}^{(i) -}) {(x_{k} - {\hat{x}}_{k}^{(i) -})}^{T}],$

(9) $P_{k}^{(i)} ≜ E [(x_{k} - {\hat{x}}_{k}^{(i)}) {(x_{k} - {\hat{x}}_{k}^{(i)})}^{T}] .$

The iteration starts from ${\hat{x}}_{0}^{(i) -}$ = 0 and $P_{0}^{(i) -} = Π_{0}$ . Under the premise that the pair $(A, C^{(i)})$ is detectable and $(A, \sqrt{Q})$ is stabilizable, the KF will be asymptotically stable for any initial error covariance [29]. The error covariance of the steady state is expressed as ${\bar{P}}^{(i)} ≜ lim_{k \to \infty} P_{k}^{(i) -}$ and the fixed gain is ${\bar{G}}^{(i)} ≜ {\bar{P}}^{(i)} C^{(i) T} {Σ^{(i)}}^{- 1}$ . The local innovation $z_{k}^{(i)}$ is a zero-mean i.i.d. Gaussian variable with covariance $Σ^{(i)} = (C^{(i)} {\bar{P}}^{(i)} C^{(i) T} + R^{(i)})$ , calculated by the sensor i from $z_{k}^{(i)} = y_{k}^{(i)} - C^{(i)} {\hat{x}}_{k}^{(i) -}$ .

Remark 1.

Compared with traditional sensors [30], intelligent sensors enhance computational precision and enable efficient transmission. The decision to transmit the innovation $z_{k}^{(i)}$ to the remote estimator, instead of ${\hat{x}}_{k}^{(i)}$ or $y_{k}^{(i)}$ , stems from the more stable statistical properties of $z_{k}^{(i)}$ . This stability facilitates the detector’s ability to identify whether an attack has modified the innovation.

3.3. Detector and Stealthiness Condition

A detector is needed at the remote end to detect network attacks by checking the statistical properties of the transmitted innovation. We assume that using the well-known $χ^{2}$ detector as the false data detector. This detector evaluates the statistical properties of the innovation sequence via the following function:

(10) $h (z_{k}^{(i)}) = z_{k}^{(i) T} Σ^{{(i)}^{- 1}} z_{k}^{(i)},$

where

Σ^{(i)}

denotes the covariance matrix of the innovation

z_{k}^{(i)}

, and

h (z_{k}^{(i)})

follows the

χ^{2}

distribution with

n_{i}

degrees of freedom. The alarm will be triggered if the statistic exceeds a predefined threshold.

Similar to the stealth evaluation criteria established in [31,32], the KLD between the original sequence and the modified sequence is used as the core stealth metric to strictly quantify the stealth characteristics of the attack. For two Gaussian-distributed variables, the KLD is defined as follows.

Definition 1

(KLD). The KLD quantifies the discrepancy between two probability distributions. Let α and β be characterized by their probability density functions $f_{α}$ and $f_{β}$ , respectively. The KLD from α to β is formally defined as

(11) $D (α ∥ β) = \int_{- \infty}^{+ \infty} log \frac{f_{α} (γ)}{f_{β} (γ)} f_{α} (γ) d γ .$

In particular, if $α$ and $β$ are n-dimensional Gaussian random variables distributed as $α \sim N (μ_{α}, Σ_{α})$ and $β \sim N (μ_{β}, Σ_{β})$ , respectively, (11) reduces to

(12) $\begin{matrix} D (α ∥ β) = & \frac{1}{2} (log \frac{| Σ_{β} |}{| Σ_{α} |} - n + Tr (Σ_{β}^{- 1} Σ_{α}) + {(μ_{β} - μ_{α})}^{T} \\ Σ_{β}^{- 1} (μ_{β} - μ_{α})) . \end{matrix}$

A smaller difference between the two distributions results in a lower KLD value. Notably, $D (α ‖ β) = 0$ if $f_{α} = f_{β}$ .

Definition 2

(Stealthiness Condition). For an arbitrary channel i, the attacker must ensure statistical similarity between the modified and original innovations to avoid triggering the detector’s alarm. Therefore, the stealthiness condition for the attack is given by

(13) $D ({\tilde{z}}_{k}^{(i)} ∥ z_{k}^{(i)}) ⩽ δ,$

where ${\tilde{z}}_{k}^{(i)}$ is the innovation collected on the remote end, and δ is the threshold.

Remark 2.

Since the threshold satisfies $δ > 0$ , the attack is not strictly stealthy [20,21]. In this circumstance, stealthiness has to be compromised to tolerate a larger estimation error. Subsequently, the condition for strict stealthiness was thoroughly investigated in [19].

3.4. Energy Restriction

Definition 3.

Unlike attackers considered in [11,23], who have sufficient energy to manipulate all communication channels, this paper takes into account the actual energy constraint, so that the attacker can only attack a subset of communication channels at each time step. The number of channels targeted for attack at each step is restricted, whereas the location of the attack is random. The specific energy constraint is as follows:

(14) $\sum_{i = 1}^{m} φ_{k}^{(i)} ⩽ σ_{k},$

(15) $φ_{k}^{(i)} = \{\begin{matrix} 1 & if the attacker attacks at time k, \\ 0 & otherwise . \end{matrix},$

where $σ_{k}$ is the maximum number of channels that are attacked at time k. Moreover, the start time of the attack is $k = 0$ and the end time is $k = \overset{ˇ}{k}$ .

3.5. Problem Formulation

First, some assumptions about the malicious attacker are given to facilitate the subsequent analysis of the attack strategy.

Assumption 1.

During data transmission, the attacker can intercept and tamper with the transmitted data.

Assumption 2.

The attacker possesses full knowledge of the system parameters ${\bar{G}}^{(i)}$ , A, $C^{(i)}$ , Q, and $R^{(i)}$ .

Assumption 3.

The attack is launched after the system enters the steady state, where ${\tilde{x}}_{0}^{(i) -} = {\hat{x}}_{0}^{(i) -}$ and $E [(x_{0} - {\tilde{x}}_{0}^{(i) -}) {(x_{0} - {\tilde{x}}_{0}^{(i) -})}^{T}] = {\bar{P}}^{(i)}$ .

During wireless transmission of the innovation, the attacker may intercept and tamper with the original data $z_{k}^{(i)}$ , changing it to $z_{k}^{a (i)}$ . Consequently, the recursion formula when the remote side is attacked becomes

(16) ${\tilde{x}}_{k}^{(i) -} = A {\tilde{x}}_{k - 1}^{(i)},$

(17) ${\tilde{x}}_{k}^{(i)} = {\tilde{x}}_{k}^{(i) -} + {\bar{G}}^{(i)} {\tilde{z}}_{k}^{(i)},$

(18) ${\tilde{z}}_{k}^{(i)} = φ_{k}^{(i)} z_{k}^{a (i)} + (1 - φ_{k}^{(i)}) z_{k}^{(i)} .$

where

{\tilde{x}}_{k}^{(i) -}

and

{\tilde{x}}_{k}^{(i)}

are the priori and posteriori MMSE estimates under remote attacks, respectively. When

φ_{k}^{(i)} = 1

, the local innovation

z_{k}^{(i)}

is tampered with the attack signal

z_{k}^{a (i)}

and the remote estimator obtains an innovation of

{\tilde{z}}_{k}^{(i)}

. Moreover, the error covariance of the remote estimator is

{\tilde{P}}_{k}^{(i)} ≜ E [(x_{k} - {\tilde{x}}_{k}^{(i)}) {(x_{k} - {\tilde{x}}_{k}^{(i)})}^{T}]

Unlike strategies focused on maximizing the terminal estimation error covariance [27], the attacker seeks to maximize the cumulative estimation error over a finite time horizon while maintaining attack stealthiness. This objective is formally expressed as the following constrained optimization problem:

(19) $\begin{matrix} max_{{\tilde{z}}_{k}^{(i)}, φ_{k}^{(i)}} & J = \sum_{i = 1}^{m} ζ^{(i)} \sum_{k = 0}^{\overset{ˇ}{k}} Tr ({\tilde{P}}_{k}^{(i)}), \\ s . t . & D ({\tilde{z}}_{k}^{(i)} ‖ z_{k}^{(i)}) \leq δ, \\ \sum_{i = 1}^{m} φ_{k}^{(i)} \leq σ_{k}, k \in [0, \overset{ˇ}{k}], \end{matrix}$

where

ζ^{(i)}

is the weight coefficient assigned by the attacker to remote estimator i. In multi-channel CPSs, the total system estimation error J is formulated as a weighted sum of the cumulative estimation errors from all remote estimators over the time horizon

[0, \overset{ˇ}{k}]

Remark 3.

In contrast to the attack strategy in [21], the attacker knows when to start and end attacks. For each estimator $i \in H$ , the goal of the attacker is to maximize the sum of $Tr ({\tilde{P}}_{k}^{(i)})$ within a finite time horizon rather than the trace of the estimated error covariance at each time. This approach is more reasonable.

4. Optimal Attack Design

This section presents an optimal attack scheme designed to maximize the remote estimation error while maintaining stealth under energy constraints. By leveraging a Gaussian attack model with a time-varying mean, we first derive the total estimation error over the attack period. Subsequently, structural analysis of the estimation error enables the reformulation of the original non-convex optimization problem (19) into a semidefinite programming (SDP) problem and a 0-1 programming problem. Lastly, a proposed algorithm outlines the execution process for the optimal attack strategy employed by the attacker.

4.1. Attack Model

When the channel i is attacked, the original innovation is transformed by the attacker into $z_{k}^{a (i)}$ , whose formula is given by

(20) $z_{k}^{a (i)} = T_{k}^{(i)} z_{k}^{(i)} + b_{k}^{(i)},$

where

T_{k}^{(i)} \in R^{n^{i} \times n^{i}}

is an attack matrix. The term

b_{k}^{(i)}

denotes a Gaussian random variable with

b_{k}^{(i)} \sim N (μ_{k}^{(i)}, ξ_{k}^{(i)})

and is independent of

z_{k}^{(i)}

. Moreover, it is shown that

z_{k}^{a (i)}

follows a Gaussian distribution with

z_{k}^{a (i)} \sim N (μ_{k}^{(i)}, {\tilde{Σ}}_{k}^{(i)})

. Under this attack model, (18) can be rewritten as

(21) ${\tilde{z}}_{k}^{(i)} = φ_{k}^{(i)} (T_{k}^{(i)} z_{k}^{(i)} + b_{k}^{(i)}) + (1 - φ_{k}^{(i)}) z_{k}^{(i)} .$

4.2. Attack Strategy Formulation

Under the Gaussian attack model with a time-varying mean, an optimal attack scheme is proposed. This scheme aims to maximize the total estimation error over a finite time period while satisfying stealthiness constraints.

To analyze the estimation performance of the remote estimator, the iterative formula for the estimation error of the corresponding remote estimator is derived.

Lemma 1.

For the attack model in (20), the estimation error of estimator i over $k \in [0, \overset{ˇ}{k}]$ satisfies

(22) $\begin{matrix} \begin{matrix} {\tilde{P}}_{k}^{(i)} = & A {\tilde{P}}_{k - 1}^{(i)} A^{T} + Q + (1 - φ_{k}^{(i)}) ({\bar{G}}^{(i)} Σ^{(i)} {\bar{G}}^{(i) T} - {\bar{G}}^{(i)} C^{(i)} {\bar{P}}^{(i)} - {\bar{P}}^{(i)} C^{(i) T} {\bar{G}}^{(i) T}) \\ + φ_{k}^{(i)} ({\bar{G}}^{(i)} {\tilde{Σ}}_{k}^{(i)} {\bar{G}}^{(i) T} + {\bar{G}}^{(i)} μ_{k}^{(i)} μ_{k}^{(i) T} {\bar{G}}^{(i) T} - {\bar{G}}^{(i)} T_{k}^{(i)} C^{(i)} {\bar{P}}^{(i)} \\ + \sum_{t = 0}^{k - 1} {\bar{G}}^{(i)} μ_{k}^{(i)} μ_{k}^{(i) T} {\bar{G}}^{(i) T} A^{(t + 1) T} - {\bar{P}}^{(i)} C^{(i) T} T_{k}^{(i) T} {\bar{G}}^{(i) T} + \\ \sum_{t = 0}^{k - 1} A^{(t + 1)} {\bar{G}}^{(i)} μ_{k}^{(i)} μ_{k}^{(i) T} {\bar{G}}^{(i) T}) . \end{matrix} \end{matrix}$

Proof of Lemma 1.

First, based on Equation (25) provided in [27], the key expression is

(23) $\begin{matrix} \begin{matrix} {\tilde{P}}_{k}^{(i)} = & A {\tilde{P}}_{k - 1}^{(i)} A^{T} + Q + φ_{k}^{(i)} E [{\bar{G}}^{(i)} z_{k}^{a (i)} z_{k}^{a (i) T} {\bar{G}}^{(i) T}] - φ_{k}^{(i)} E [{\bar{G}}^{(i)} z_{k}^{a (i)} {(x_{k} - {\tilde{x}}_{k}^{(i) -})}^{T}] \\ - φ_{k}^{(i)} E [(x_{k} - {\tilde{x}}_{k}^{(i) -}) z_{k}^{a (i) T} {\bar{G}}^{(i) T}] + (1 - φ_{k}^{(i)}) E [{\bar{G}}^{(i)} z_{k}^{(i)} z_{k}^{(i) T} {\bar{G}}^{(i) T}] \\ - (1 - φ_{k}^{(i)}) E [{\bar{G}}^{(i)} z_{k}^{(i)} {(x_{k} - {\tilde{x}}_{k}^{(i) -})}^{T}] - (1 - φ_{k}^{(i)}) E [(x_{k} - {\tilde{x}}_{k}^{(i) -}) z_{k}^{(i) T} {\bar{G}}^{(i) T}], \end{matrix} \end{matrix}$

According to Lemma 4.1 in [22], the following holds:

(24) $E [{\bar{G}}^{(i)} z_{k}^{a (i)} z_{k}^{a (i) T} {\bar{G}}^{(i) T}] = {\bar{G}}^{(i)} {\tilde{Σ}}_{k}^{(i)} {\bar{G}}^{(i) T} + {\bar{G}}^{(i)} μ_{k}^{(i)} μ_{k}^{(i) T} {\bar{G}}^{(i) T},$

(25) $E [{\bar{G}}^{(i)} z_{k}^{a (i)} {(x_{k} - {\tilde{x}}_{k}^{(i) -})}^{T}] = {\bar{G}}^{(i)} T_{k}^{(i)} C^{(i)} {\bar{P}}^{(i)} - \sum_{t = 0}^{k - 1} {\bar{G}}^{(i)} μ_{k}^{(i)} μ_{k}^{(i) T} {\bar{G}}^{(i) T} A^{(t + 1) T},$

(26) $E [(x_{k} - {\tilde{x}}_{k}^{(i) -}) z_{k}^{a (i) T} {\bar{G}}^{(i) T}] = {\bar{P}}^{(i)} C^{(i) T} T_{k}^{(i) T} {\bar{G}}^{(i) T} - \sum_{t = 0}^{k - 1} A^{(t + 1)} {\bar{G}}^{(i)} μ_{k}^{(i)} μ_{k}^{(i) T} {\bar{G}}^{(i) T},$

Similarly, following the same approach, we derive

(27) $E [{\bar{G}}^{(i)} z_{k}^{(i)} z_{k}^{(i) T} {\bar{G}}^{(i) T}] = {\bar{G}}^{(i)} Σ^{(i)} {\bar{G}}^{(i) T},$

(28) $E [{\bar{G}}^{(i)} z_{k}^{(i)} {(x_{k} - {\tilde{x}}_{k}^{(i) -})}^{T}] = {\bar{G}}^{(i)} C^{(i)} {\bar{P}}^{(i)},$

(29) $E [(x_{k} - {\tilde{x}}_{k}^{(i) -}) z_{k}^{(i) T} {\bar{G}}^{(i) T}] = {\bar{P}}^{(i)} C^{(i) T} {\bar{G}}^{(i) T} .$

By substituting (24)–(29) into (23), the proof is completed. □

Remark 4.

Since the proposed attack model follows a Gaussian distribution with a time-varying mean, $E [z_{m}^{a (i)} z_{n}^{a (i) T}] \neq 0$ and $E [z_{k}^{a (i)} z_{k}^{a (i) T}] \neq {\tilde{Σ}}_{k}^{(i)}$ hold. Notably, if $μ_{k}^{(i)} = 0$ , the result of Lemma 1 reduces to Lemma 3.1 in [27].

Subsequently, based on Lemma 1, we derive the performance deterioration J for the entire system as follows:

Theorem 1.

For the considered attack model, the performance degradation J across all estimators is given by

(30) $\begin{matrix} \begin{matrix} J = & \sum_{i = 1}^{m} ζ^{(i)} Tr (\sum_{k = 0}^{\overset{ˇ}{k}} {\tilde{P}}_{k}^{(i)}) \\ = & \sum_{i = 1}^{m} ζ^{(i)} Tr [\sum_{r = 0}^{\overset{ˇ}{k}} A^{r} {\bar{P}}^{(i)} A^{r T} + \sum_{j = 0}^{\overset{ˇ}{k} - 1} \sum_{r = 0}^{j} A^{r} Q A^{r T} + \sum_{r = 0}^{\overset{ˇ}{k} - k} φ_{k}^{(i)} A^{r} ({\bar{G}}^{(i)} {\tilde{Σ}}_{k}^{(i)} {\bar{G}}^{(i) T} \\ + {\bar{G}}^{(i)} μ_{k}^{(i)} μ_{k}^{(i) T} {\bar{G}}^{(i) T} - {\bar{G}}^{(i)} T_{k}^{(i)} C^{(i)} {\bar{P}}^{(i)} - {\bar{P}}^{(i)} C^{(i) T} T_{k}^{(i) T} {\bar{G}}^{(i) T}) A^{r T} \\ + \sum_{r = 0}^{\overset{ˇ}{k} - k} φ_{k}^{(i)} (\sum_{t = 0}^{k - 1} A^{(r + t + 1)} {\bar{G}}^{(i)} μ_{k}^{(i)} μ_{k}^{(i) T} {\bar{G}}^{(i) T} A^{r T} + \sum_{t = 0}^{k - 1} A^{r} {\bar{G}}^{(i)} μ_{k}^{(i)} μ_{k}^{(i) T} {\bar{G}}^{(i) T} A^{(r + t + 1) T}) \\ + \sum_{r = 0}^{\overset{ˇ}{k} - k} (1 - φ_{k}^{(i)}) A^{r} ({\bar{G}}^{(i)} Σ^{(i)} {\bar{G}}^{(i) T} - {\bar{G}}^{(i)} C^{(i)} {\bar{P}}^{(i)} - {\bar{P}}^{(i)} C^{(i) T} {\bar{G}}^{(i) T}) A^{r T}] . \end{matrix} \end{matrix}$

Proof of Theorem 1.

Under Assumption 3, the attack is launched after the system enters the steady-state condition. Based on (16)–(18), the initial error covariance is given by

(31) $\begin{matrix} \begin{matrix} {\tilde{P}}_{0}^{(i)} = & E [(x_{0} - {\tilde{x}}_{0}^{(i)}) {(x_{0} - {\tilde{x}}_{0}^{(i)})}^{T}] \\ = & E [(x_{0} - {\tilde{x}}_{0}^{(i) -} - {\bar{G}}^{(i)} {\tilde{z}}_{0}^{(i)}) {(x_{0} - {\tilde{x}}_{0}^{(i) -} - {\bar{G}}^{(i)} {\tilde{z}}_{0}^{(i)})}^{T}] \\ = & {\bar{P}}^{(i)} + (1 - φ_{0}^{(i)}) ({\bar{G}}^{(i)} Σ^{(i)} {\bar{G}}^{(i) T} - {\bar{G}}^{(i)} C^{(i)} {\bar{P}}^{(i)} - {\bar{P}}^{(i)} C^{(i) T} {\bar{G}}^{(i) T}) \\ + & φ_{0}^{(i)} ({\bar{G}}^{(i)} {\tilde{Σ}}_{0}^{(i)} {\bar{G}}^{(i) T} + {\bar{G}}^{(i)} μ_{0}^{(i)} μ_{0}^{(i) T} {\bar{G}}^{(i) T} - {\bar{G}}^{(i)} T_{0}^{(i)} C^{(i)} {\bar{P}}^{(i)} - {\bar{P}}^{(i)} C^{(i) T} T_{0}^{(i) T} {\bar{G}}^{(i) T}), \end{matrix} \end{matrix}$

For $k \geq 1$ , according to Lemma 1, ${\tilde{P}}_{k}^{(i)}$ is rewritten as

(32) $\begin{matrix} \begin{matrix} {\tilde{P}}_{k}^{(i)} = & A^{k} {\bar{P}}^{(i)} A^{k T} + \sum_{r = 0}^{k - 1} A^{r} Q A^{r T} + \sum_{r = 0}^{k} (1 - φ_{k - r}^{(i)}) [A^{r} ({\bar{G}}^{(i)} Σ^{(i)} {\bar{G}}^{(i) T} - {\bar{G}}^{(i)} C^{(i)} {\bar{P}}^{(i)} \\ - {\bar{P}}^{(i)} C^{(i) T} {\bar{G}}^{(i) T}) A^{r T}] + \sum_{r = 0}^{k} φ_{k - r}^{(i)} [A^{r} ({\bar{G}}^{(i)} {\tilde{Σ}}_{k - r}^{(i)} {\bar{G}}^{(i) T} + {\bar{G}}^{(i)} μ_{k - r}^{(i)} μ_{k - r}^{(i) T} {\bar{G}}^{(i) T} \\ - {\bar{G}}^{(i)} T_{k - r}^{(i)} C^{(i)} {\bar{P}}^{(i)} - {\bar{P}}^{(i)} C^{(i) T} T_{k - r}^{(i) T} {\bar{G}}^{(i) T} + \sum_{t = 0}^{k - r - 1} A^{(t + 1)} {\bar{G}}^{(i)} μ_{k - r}^{(i)} μ_{k - r}^{(i) T} {\bar{G}}^{(i) T} \\ + \sum_{t = 0}^{k - r - 1} {\bar{G}}^{(i)} μ_{k - r}^{(i)} μ_{k - r}^{(i) T} {\bar{G}}^{(i) T} A^{(t + 1) T}) A^{r T}], \end{matrix} \end{matrix}$

Furthermore, the cumulative sum of ${\tilde{P}}_{k}^{(i)}$ over $k \in [0, \overset{ˇ}{k}]$ is derived as

(33) $\begin{matrix} \begin{matrix} \sum_{k = 0}^{\overset{ˇ}{k}} {\tilde{P}}_{k}^{(i)} = & {\tilde{P}}_{0}^{(i)} + {\tilde{P}}_{1}^{(i)} + . . . + {\tilde{P}}_{\overset{ˇ}{k}}^{(i)} \\ = & \sum_{r = 0}^{\overset{ˇ}{k}} A^{r} {\bar{P}}^{(i)} A^{r T} + \sum_{j = 0}^{\overset{ˇ}{k} - 1} \sum_{r = 0}^{j} A^{r} Q A^{r T} + \sum_{j = 0}^{\overset{ˇ}{k}} \sum_{r = 0}^{j} (1 - φ_{j - r}^{(i)}) [A^{r} ({\bar{G}}^{(i)} Σ^{(i)} {\bar{G}}^{(i) T} \\ - {\bar{G}}^{(i)} C^{(i)} {\bar{P}}^{(i)} - {\bar{P}}^{(i)} C^{(i) T} {\bar{G}}^{(i) T}) A^{r T}] + \sum_{j = 0}^{\overset{ˇ}{k}} \sum_{r = 0}^{j} φ_{j - r}^{(i)} [A^{r} ({\bar{G}}^{(i)} {\tilde{Σ}}_{j - r}^{(i)} {\bar{G}}^{(i) T} \\ + {\bar{G}}^{(i)} μ_{j - r}^{(i)} μ_{j - r}^{(i) T} {\bar{G}}^{(i) T} - {\bar{G}}^{(i)} T_{j - r}^{(i)} C^{(i)} {\bar{P}}^{(i)} - {\bar{P}}^{(i)} C^{(i) T} T_{j - r}^{(i) T} {\bar{G}}^{(i) T} \\ + \sum_{t = 0}^{j - r - 1} A^{(t + 1)} {\bar{G}}^{(i)} μ_{j - r}^{(i)} μ_{j - r}^{(i) T} {\bar{G}}^{(i) T} + \sum_{t = 0}^{j - r - 1} {\bar{G}}^{(i)} μ_{j - r}^{(i)} μ_{j - r}^{(i) T} {\bar{G}}^{(i) T} A^{(t + 1) T}) A^{r T}], \end{matrix} \end{matrix}$

Combining with the analysis of (33), it follows that J is a function of $ζ^{(i)}$ , ${\bar{P}}^{(i)}$ , ${\tilde{Σ}}_{k}^{(i)}$ , $μ_{k}^{(i)}$ , $T_{k}^{(i)}$ , and $φ_{k}^{(i)}$ . Since $ζ^{(i)}$ and ${\bar{P}}^{(i)}$ are fixed parameters, the remaining optimization variables ${\tilde{Σ}}_{k}^{(i)}$ , $μ_{k}^{(i)}$ , $T_{k}^{(i)}$ , and $φ_{k}^{(i)}$ are to be determined for maximizing J.

In order to facilitate the subsequent solution of ${\tilde{Σ}}_{k}^{(i)}$ , $μ_{k}^{(i)}$ , $T_{k}^{(i)}$ , and $φ_{k}^{(i)}$ at each time, (33) is rewritten as

(34) $\begin{matrix} \begin{matrix} \sum_{k = 0}^{\overset{ˇ}{k}} {\tilde{P}}_{k}^{(i)} = & \sum_{r = 0}^{\overset{ˇ}{k}} A^{r} {\bar{P}}^{(i)} A^{r T} + \sum_{j = 0}^{\overset{ˇ}{k} - 1} \sum_{r = 0}^{j} A^{r} Q A^{r T} + \sum_{r = 0}^{\overset{ˇ}{k} - k} φ_{k}^{(i)} [A^{r} ({\bar{G}}^{(i)} {\tilde{Σ}}_{k}^{(i)} {\bar{G}}^{(i) T} \\ + {\bar{G}}^{(i)} μ_{k}^{(i)} μ_{k}^{(i) T} {\bar{G}}^{(i) T} - {\bar{G}}^{(i)} T_{k}^{(i)} C^{(i)} {\bar{P}}^{(i)} - {\bar{P}}^{(i)} C^{(i) T} T_{k}^{(i) T} {\bar{G}}^{(i) T}) A^{r T}] \\ + \sum_{r = 0}^{\overset{ˇ}{k} - k} φ_{k}^{(i)} [A^{r} (\sum_{t = 0}^{k - 1} A^{(t + 1)} {\bar{G}}^{(i)} μ_{k}^{(i)} μ_{k}^{(i) T} {\bar{G}}^{(i) T}) A^{r T} \\ + A^{r} (\sum_{t = 0}^{k - 1} {\bar{G}}^{(i)} μ_{k}^{(i)} μ_{k}^{(i) T} {\bar{G}}^{(i) T} A^{(t + 1) T}) A^{r T}] \\ + \sum_{r = 0}^{\overset{ˇ}{k} - k} (1 - φ_{k}^{(i)}) A^{r} ({\bar{G}}^{(i)} Σ^{(i)} {\bar{G}}^{(i) T} - {\bar{G}}^{(i)} C^{(i)} {\bar{P}}^{(i)} - {\bar{P}}^{(i)} C^{(i) T} {\bar{G}}^{(i) T}) A^{r T} . \end{matrix} \end{matrix}$

which completes the proof. □

Remark 5.

To facilitate the determination of parameters ${\tilde{Σ}}_{k}^{(i)}$ , $μ_{k}^{(i)}$ , $T_{k}^{(i)}$ , and $φ_{k}^{(i)}$ at each time step, (33) is expanded and terms at identical time steps are aggregated, resulting in its transformation into (34).

The distribution analysis of ${\tilde{z}}_{k}^{(i)}$ in (21) reveals that it is Gaussian-distributed with a time-varying mean. Consequently, the stealthiness condition (13) is formulated as follows:

(35) $\begin{matrix} \begin{matrix} D ({\tilde{z}}_{k}^{(i)} ∥ z_{k}^{(i)}) \overset{(a)}{=} & D (z_{k}^{a (i)} ∥ z_{k}^{(i)}) \\ = & \frac{1}{2} (log \frac{| Σ^{(i)} |}{| {\tilde{Σ}}_{k}^{(i)} |} + Tr (Σ^{{(i)}^{- 1}} {\tilde{Σ}}_{k}^{(i)}) - n^{(i)} + μ_{k}^{(i) T} Σ^{{(i)}^{- 1}} μ_{k}^{(i)}), \end{matrix} \end{matrix}$

where (a) holds due to the fact that

D (z_{k}^{(i)} ∥ z_{k}^{(i)}) = 0

. Furthermore, by substituting (30) and (35) into (19), the optimization problem is transformed into

(36) $\begin{matrix} max_{{\tilde{z}}_{k}^{(i)}, φ_{k}^{(i)}} & J = \sum_{i = 1}^{m} ζ^{(i)} \sum_{k = 0}^{\overset{ˇ}{k}} Tr ({\tilde{P}}_{k}^{(i)}) \\ s . t . & \frac{1}{2} (log \frac{| Σ^{(i)} |}{| {\tilde{Σ}}_{k}^{(i)} |} + Tr (Σ^{{(i)}^{- 1}} {\tilde{Σ}}_{k}^{(i)}) - n^{(i)} + μ_{k}^{(i) T} Σ^{{(i)}^{- 1}} μ_{k}^{(i)}) \leq δ, \\ \sum_{i = 1}^{m} φ_{k}^{(i)} \leq σ_{k}, k \in [0, \overset{ˇ}{k}] . \end{matrix}$

Since the optimal attack strategy involves the co-optimization of attack parameters and the scheduling variable, finding a direct solution to (36) is highly challenging. By analyzing the structure of (30), it is found that the scheduling variable $φ_{k}^{(i)}$ is not correlated with covariance ${\tilde{Σ}}_{k}^{(i)}$ , mean $μ_{k}^{(i)}$ and the attack matrix $T_{k}^{(i)}$ . Consequently, the optimization process of stealthy attacks can be divided into two different stages: solving for the optimal $μ_{k}^{(i)}$ , ${\tilde{Σ}}_{k}^{(i)}$ , $T_{k}^{(i)}$ and the scheduling variable $φ_{k}^{(i)}$ .

For any $φ_{k}^{(i)}$ , according to (30), the problem of solving attack variables $μ_{k}^{(i)}$ , ${\tilde{Σ}}_{k}^{(i)}$ , $T_{k}^{(i)}$ of channel i is transformed into

(37) $\begin{matrix} max_{μ_{k}^{(i)}, {\tilde{Σ}}_{k}^{(i)}, T_{k}^{(i)}} & Tr [\sum_{r = 0}^{\overset{ˇ}{k} - k} (A^{r} ({\bar{G}}^{(i)} {\tilde{Σ}}_{k}^{(i)} {\bar{G}}^{(i) T} + {\bar{G}}^{(i)} μ_{k}^{(i)} μ_{k}^{(i) T} {\bar{G}}^{(i) T} - {\bar{G}}^{(i)} T_{k}^{(i)} C^{(i)} {\bar{P}}^{(i)} \\ - {\bar{P}}^{(i)} C^{(i) T} T_{k}^{(i) T} {\bar{G}}^{(i) T}) A^{r T} + \sum_{t = 0}^{k - 1} A^{(r + t + 1)} {\bar{G}}^{(i)} μ_{k}^{(i)} μ_{k}^{(i) T} {\bar{G}}^{(i) T} A^{r T} \\ + \sum_{t = 0}^{k - 1} A^{r} {\bar{G}}^{(i)} μ_{k}^{(i)} μ_{k}^{(i) T} {\bar{G}}^{(i) T} A^{(r + t + 1) T})], \\ s . t . & \frac{1}{2} (log \frac{| Σ^{(i)} |}{| {\tilde{Σ}}_{k}^{(i)} |} + Tr (Σ^{{(i)}^{- 1}} {\tilde{Σ}}_{k}^{(i)}) - n^{(i)} + μ_{k}^{(i) T} Σ^{{(i)}^{- 1}} μ_{k}^{(i)}) \leq δ . \end{matrix}$

First, for any $T_{k}^{(i)}$ , the distribution of $z_{k}^{a (i)}$ in the worst case is obtained.

Theorem 2.

For any certain $T_{k}^{(i)}$ , the solution to the optimal covariance ${\tilde{Σ}}_{k}^{(i)}$ at time step k is as follows:

(38) ${\tilde{Σ}}_{k}^{(i)} = {(Σ^{{(i)}^{- 1}} - \frac{2}{η} \sum_{r = 0}^{\overset{ˇ}{k} - k} {\bar{G}}^{(i) T} A^{r T} A^{r} {\bar{G}}^{(i)})}^{- 1},$

Let $λ_{m a x}$ represent the maximum eigenvalue of $Θ Σ^{(i)}$ , where $Θ$ is defined as follows:

(39) $\begin{matrix} Θ_{k}^{(i)} = & 2 \sum_{r = 0}^{\overset{ˇ}{k} - k} \sum_{t = 0}^{k - 1} ({\bar{G}}^{(i) T} A^{r T} A^{(r + t + 1)} {\bar{G}}^{(i)} + {\bar{G}}^{(i) T} A^{(r + t + 1) T} A^{r} {\bar{G}}^{(i)}) \\ + 2 \sum_{r = 0}^{\overset{ˇ}{k} - k} {\bar{G}}^{(i) T} A^{r T} A^{r} {\bar{G}}^{(i)}, \end{matrix}$

and η can be obtained according to the following two situations.

(i) If $λ_{m a x} \leq 0$ , the innovation $z_{k}^{a (i)}$ follows a Gaussian distribution with zero-mean, and η is given by

(40) $\begin{matrix} 2 δ + n^{(i)} = & \sum_{τ = 1}^{n^{(i)}} (log (1 - \frac{2}{η} λ_{τ}) + \frac{1}{1 - \frac{2}{η} λ_{τ}}), \end{matrix}$

where $λ_{τ}$ denotes the eigenvalue of $\sum_{r = 0}^{\overset{ˇ}{k} - k} {\bar{G}}^{(i) T} A^{r T} A^{r} {\bar{G}}^{(i)} Σ^{(i)}$ .

(ii) If $λ_{m a x} > 0$ and $Θ_{k}^{(i)} Σ^{(i)}$ possesses q positive eigenvalues, the optimal η and $μ_{k}^{(i)}$ are as follows:

(41) $\begin{matrix} (η, μ_{k}^{(i)}) = \underset{λ_{i}, α_{i}}{arg max} J {({\tilde{Σ}}_{k}^{(i)} (λ_{1}), α_{1}), \dots, ({\tilde{Σ}}_{k}^{(i)} (λ_{q}), α_{q}), ({\tilde{Σ}}_{k}^{(i)} (λ_{0}), 0)} . \end{matrix}$

where $λ_{i}$ is the positive eigenvalue and $α_{i}$ is the corresponding eigenvector of $Θ_{k}^{(i)} Σ^{(i)}$ . Moreover, $λ_{0}$ is the solution of (40).

Proof of Theorem 2.

For any $T_{k}^{(i)}$ , the solution for obtaining the distribution of $z_{k}^{a (i)}$ can be transformed into

(42) $\begin{matrix} min_{μ_{k}^{(i)}, {\tilde{Σ}}_{k}^{(i)}} & - Tr [\sum_{r = 0}^{\overset{ˇ}{k} - k} (A^{r} ({\bar{G}}^{(i)} {\tilde{Σ}}_{k}^{(i)} {\bar{G}}^{(i) T} + {\bar{G}}^{(i)} μ_{k}^{(i)} μ_{k}^{(i) T} {\bar{G}}^{(i) T}) A^{r T} \\ + \sum_{t = 0}^{k - 1} A^{(r + t + 1)} {\bar{G}}^{(i)} μ_{k}^{(i)} μ_{k}^{(i) T} {\bar{G}}^{(i) T} A^{r T} + \sum_{t = 0}^{k - 1} A^{r} {\bar{G}}^{(i)} μ_{k}^{(i)} μ_{k}^{(i) T} {\bar{G}}^{(i) T} A^{(r + t + 1) T})], \\ s . t . & \frac{1}{2} (log \frac{| Σ^{(i)} |}{| {\tilde{Σ}}_{k}^{(i)} |} + Tr (Σ^{{(i)}^{- 1}} {\tilde{Σ}}_{k}^{(i)}) - n^{(i)} + μ_{k}^{(i) T} Σ^{{(i)}^{- 1}} μ_{k}^{(i)}) \leq δ . \end{matrix}$

Since the fact is that $Tr (M N) = Tr (N M)$ , (42) is rewritten as a typical convex optimization problem.

(43) $\begin{matrix} min_{μ_{k}^{(i)}, {\tilde{Σ}}_{k}^{(i)}} & - Tr [\sum_{r = 0}^{\overset{ˇ}{k} - k} ({\bar{G}}^{(i) T} A^{r T} A^{r} {\bar{G}}^{(i)} {\tilde{Σ}}_{k}^{(i)} + μ_{k}^{(i) T} {\bar{G}}^{(i) T} A^{r T} A^{r} {\bar{G}}^{(i)} μ_{k}^{(i)} \\ + \sum_{t = 0}^{k - 1} μ_{k}^{(i) T} {\bar{G}}^{(i) T} A^{r T} A^{(r + t + 1)} {\bar{G}}^{(i)} μ_{k}^{(i)} + \sum_{t = 0}^{k - 1} μ_{k}^{(i) T} {\bar{G}}^{(i) T} A^{(r + t + 1) T} A^{r} {\bar{G}}^{(i)} μ_{k}^{(i)})], \\ s . t . & \frac{1}{2} (log \frac{| Σ^{(i)} |}{| {\tilde{Σ}}_{k}^{(i)} |} + Tr (Σ^{{(i)}^{- 1}} {\tilde{Σ}}_{k}^{(i)}) - n^{(i)} + μ_{k}^{(i) T} Σ^{{(i)}^{- 1}} μ_{k}^{(i)}) \leq δ . \end{matrix}$

The Lagrangian multiplier $η$ is added to construct the Lagrangian function.

(44) $\begin{matrix} L ({\tilde{Σ}}_{k}^{(i)}, μ_{k}^{(i)}, η) = & - Tr [\sum_{r = 0}^{\overset{ˇ}{k} - k} ({\bar{G}}^{(i) T} A^{r T} A^{r} {\bar{G}}^{(i)} {\tilde{Σ}}_{k}^{(i)} + μ_{k}^{(i) T} {\bar{G}}^{(i) T} A^{r T} A^{r} {\bar{G}}^{(i)} μ_{k}^{(i)} \\ + \sum_{t = 0}^{k - 1} (μ_{k}^{(i) T} {\bar{G}}^{(i) T} A^{r T} A^{(r + t + 1)} {\bar{G}}^{(i)} μ_{k}^{(i)} \\ + μ_{k}^{(i) T} {\bar{G}}^{(i) T} A^{(r + t + 1) T} A^{r} {\bar{G}}^{(i)} μ_{k}^{(i)}))] \\ + \frac{η}{2} (log \frac{| Σ^{(i)} |}{| {\tilde{Σ}}_{k}^{(i)} |} + Tr (Σ^{{(i)}^{- 1}} {\tilde{Σ}}_{k}^{(i)}) - n^{(i)} + μ_{k}^{(i) T} Σ^{{(i)}^{- 1}} μ_{k}^{(i)} - 2 δ), \end{matrix}$

where the Lagrangian multiplier

η > 0

, and the KKT conditions are given by

(45) $\begin{matrix} \frac{\partial L ({\tilde{Σ}}_{k}^{(i)}, μ_{k}^{(i)}, η)}{\partial {\tilde{Σ}}_{k}^{(i)}} = - \sum_{r = 0}^{\overset{ˇ}{k} - k} {\bar{G}}^{(i) T} A^{r T} A^{r} {\bar{G}}^{(i)} + \frac{η}{2} (Σ^{{(i)}^{- 1}} - {\tilde{Σ}}_{k}^{{(i)}^{- 1}}) = 0, \end{matrix}$

(46) $\begin{matrix} \frac{\partial L ({\tilde{Σ}}_{k}^{(i)}, μ_{k}^{(i)}, η)}{\partial μ_{k}^{(i)}} = & - 2 \sum_{r = 0}^{\overset{ˇ}{k} - k} μ_{k}^{(i) T} {\bar{G}}^{(i) T} A^{r T} A^{r} {\bar{G}}^{(i)} - 2 \sum_{r = 0}^{\overset{ˇ}{k} - k} \sum_{t = 0}^{k - 1} μ_{k}^{(i) T} ({\bar{G}}^{(i) T} A^{r T} A^{(r + t + 1)} {\bar{G}}^{(i)} \\ + {\bar{G}}^{(i) T} A^{(r + t + 1) T} A^{r} {\bar{G}}^{(i)}) + η μ_{k}^{(i) T} Σ^{{(i)}^{- 1}} \\ = & - μ_{k}^{(i) T} Θ_{k}^{(i)} + η μ_{k}^{(i) T} Σ^{{(i)}^{- 1}} = 0, \end{matrix}$

and

(47) $\begin{matrix} \frac{η}{2} (log \frac{| Σ^{(i)} |}{| {\tilde{Σ}}_{k}^{(i)} |} + Tr (Σ^{{(i)}^{- 1}} {\tilde{Σ}}_{k}^{(i)}) - n^{(i)} + μ_{k}^{(i) T} Σ^{{(i)}^{- 1}} μ_{k}^{(i)} - 2 δ) = 0, \end{matrix}$

where

(48) $\begin{matrix} Θ_{k}^{(i)} = & 2 \sum_{r = 0}^{\overset{ˇ}{k} - k} \sum_{t = 0}^{k - 1} ({\bar{G}}^{(i) T} A^{r T} A^{(r + t + 1)} {\bar{G}}^{(i)} + {\bar{G}}^{(i) T} A^{(r + t + 1) T} A^{r} {\bar{G}}^{(i)}) \\ + 2 \sum_{r = 0}^{\overset{ˇ}{k} - k} {\bar{G}}^{(i) T} A^{r T} A^{r} {\bar{G}}^{(i)} . \end{matrix}$

From (45), it can be obtained that

(49) ${\tilde{Σ}}_{k}^{(i)} = {(Σ^{{(i)}^{- 1}} - \frac{2}{η} \sum_{r = 0}^{\overset{ˇ}{k} - k} {\bar{G}}^{(i) T} A^{r T} A^{r} {\bar{G}}^{(i)})}^{- 1} .$

Based on (46), the mean of the modified innovation is given by

(50) $\begin{matrix} {(Θ_{k}^{(i)} Σ^{(i)})}^{T} μ_{k}^{(i)} = η μ_{k}^{(i)} . \end{matrix}$

Let $λ_{m a x}$ denote the maximum eigenvalue of $Θ Σ^{(i)}$ . The solution to the problem is divided into the following two situations.

(i) If $λ_{m a x} \leq 0$ , it is easy to see that the optimal mean $μ_{k}^{(i)}$ is 0 since $η > 0$ . In other words, the optimal modified innovation follows a Gaussian distribution with a zero mean. According to Theorem 3.3 in reference [27], the unique solution to $η$ can be obtained.

(51) $\begin{matrix} 2 δ + n^{(i)} = & \sum_{τ = 1}^{n^{(i)}} (log (1 - \frac{2}{η} λ_{τ}) + \frac{1}{1 - \frac{2}{η} λ_{τ}}), \end{matrix}$

where

λ_{τ}

denotes the eigenvalue of

\sum_{r = 0}^{\overset{ˇ}{k} - k} {\bar{G}}^{(i) T} A^{r T} A^{r} {\bar{G}}^{(i)} Σ^{(i)}

(ii) If $λ_{m a x} > 0$ and $Θ_{k}^{(i)} Σ^{(i)}$ has q positive eigenvalues, it can be seen from (50) that the $η$ is the eigenvalue and the $μ_{k}^{(i)}$ is the corresponding eigenvector. Suppose that the positive eigenvalue of $Θ_{k}^{(i)} Σ^{(i)}$ is $λ_{i} (i \in [1, . . ., q])$ , and the corresponding eigenvector is $α_{i} (i \in [1, . . ., q])$ . For each pair $(λ_{i}, α_{i})$ , we obtain the related ${\tilde{Σ}}_{k}^{(i)}$ , $μ_{k}^{(i)}$ according to (49), (50) and calculate the corresponding J. The optimal values of $η$ and $μ_{k}^{(i)}$ are obtained based on the pair $(λ_{i}, α_{i})$ that maximizes J. Specifically, the optimal $η$ and $μ_{k}^{(i)}$ are as follows:

(52) $\begin{matrix} (η, μ_{k}^{(i)}) = \underset{λ_{i}, α_{i}}{arg max} J {({\tilde{Σ}}_{k}^{(i)} (λ_{1}), α_{1}), \dots, ({\tilde{Σ}}_{k}^{(i)} (λ_{q}), α_{q}), ({\tilde{Σ}}_{k}^{(i)} (λ_{0}), 0)} . \end{matrix}$

where

λ_{0}

is the solution of (51), and the proof is complete. □

Remark 6.

The optimal attack strategy studied in this paper follows a Gaussian distribution with a time-varying mean, generalizing the zero-mean case in [27]. The solution process introduces additional time-varying parameters, resulting in greater complexity.

Remark 7.

Compared with related works in [21,22], the time-varying covariance ${\tilde{Σ}}_{k}^{(i)}$ and mean $μ_{k}^{(i)}$ lead to additional decision variables in the optimization problem, resulting in a greater remote estimation error.

After obtaining the covariance ${\tilde{Σ}}_{k}^{(i)}$ and the mean $μ_{k}^{(i)}$ , the attack matrix $T_{k}^{(i)}$ will be derived.

Theorem 3.

With the covariance ${\tilde{Σ}}_{k}^{(i)}$ and mean $μ_{k}^{(i)}$ of the modified innovation, the optimal attack matrix $T_{k}^{(i)}$ can be obtained by solving the following SDP problem using the CVX toolbox in MATLAB (https://www.mathworks.com/products/matlab.html).

(53) $\begin{matrix} min_{T_{k}^{(i)}} & Tr (\sum_{r = 0}^{\overset{ˇ}{k} - k} C^{(i) T} A^{r T} {\bar{P}}^{(i)} {\bar{P}}^{(i)} A^{r} C^{(i)} Σ^{{(i)}^{- 1}} T_{k}^{(i)}), \\ s . t . & [\begin{matrix} {\tilde{Σ}}_{k}^{(i)} & T_{k}^{(i)} \\ T_{k}^{(i) T} & Σ^{{(i)}^{- 1}} \end{matrix}] ⩾ 0 . \end{matrix}$

Proof of Theorem 3.

The distribution of the attacked innovation can be derived from Theorem 2. Based on the attack mode (20), the constraint becomes $T_{k}^{(i)} Σ^{(i)} T_{k}^{(i) T} + ξ_{k}^{(i)} = {\tilde{Σ}}_{k}^{(i)}$ , which must satisfy the following conditions:

(54) $ξ_{k}^{(i)} = {\tilde{Σ}}_{k}^{(i)} - T_{k}^{(i)} Σ^{(i)} T_{k}^{(i) T} \geq 0,$

where

ξ_{k}^{(i)}

is the covariance of

b_{k}^{(i)}

. By combining (54), solving for the optimal

T_{k}^{(i)}

is equivalent to the following constrained optimization problem:

(55) $\begin{matrix} min_{T_{k}^{(i)}} & Tr (\sum_{r = 0}^{\overset{ˇ}{k} - k} A^{r} {\bar{G}}^{(i)} T_{k}^{(i)} C^{(i)} {\bar{P}}^{(i)} A^{r T}), \\ s . t . & {\tilde{Σ}}_{k}^{(i)} - T_{k}^{(i)} Σ^{(i)} T_{k}^{(i) T} \geq 0 . \end{matrix}$

To proceed, the objective in (55) is reformulated into a standard convex optimization form, and the constraints are transformed using the Schur complement. This completes the proof. □

After the optimal distribution and attack matrix are obtained, the next step is to solve an integer programming problem to acquire the attack scheduling matrix $φ_{k}^{(i)}$ for each $k \in [0, \overset{ˇ}{k}]$ . The specific details of designing $φ_{k}^{(i)}$ are as follows.

Theorem 4.

For each $k \in [0, \overset{ˇ}{k}]$ , the optimal attack scheduling matrix is derived through the resolution of the 0–1 integer programming problem (56).

(56) $\begin{matrix} min_{φ_{k}^{(i)}} & - \sum_{i = 1}^{m} ζ^{(i)} φ_{k}^{(i)} (Φ_{k}^{(i)} - Ψ_{k}^{(i)}), \\ s . t . & \sum_{i = 1}^{m} φ_{k}^{(i)} \leq σ_{k}, \\ φ_{k}^{(i)} \in {0, 1}, \end{matrix}$

where

(57) $\begin{matrix} Φ_{k}^{(i)} = & Tr [\sum_{r = 0}^{\overset{ˇ}{k} - k} (A^{r} ({\bar{G}}^{(i)} {\tilde{Σ}}_{k}^{(i)} {\bar{G}}^{(i) T} + {\bar{G}}^{(i)} μ_{k}^{(i)} μ_{k}^{(i) T} {\bar{G}}^{(i) T} - {\bar{G}}^{(i)} T_{k}^{(i)} C^{(i)} {\bar{P}}^{(i)} \\ - {\bar{P}}^{(i)} C^{(i) T} T_{k}^{(i) T} {\bar{G}}^{(i) T}) A^{r T} + \sum_{t = 0}^{k - 1} A^{(r + t + 1)} {\bar{G}}^{(i)} μ_{k}^{(i)} μ_{k}^{(i) T} {\bar{G}}^{(i) T} A^{r T} \\ + \sum_{t = 0}^{k - 1} A^{r} {\bar{G}}^{(i)} μ_{k}^{(i)} μ_{k}^{(i) T} {\bar{G}}^{(i) T} A^{(r + t + 1) T})], \end{matrix}$

(58) $\begin{matrix} Ψ_{k}^{(i)} = Tr (\sum_{r = 0}^{\overset{ˇ}{k} - k} A^{r} ({\bar{G}}^{(i)} Σ^{(i)} {\bar{G}}^{(i) T} - {\bar{G}}^{(i)} C^{(i)} {\bar{P}}^{(i)} - {\bar{P}}^{(i)} C^{(i) T} {\bar{G}}^{(i) T}) A^{r T}) . \end{matrix}$

Proof of Theorem 4.

First, (30) is transformed as follows:

(59) $\begin{matrix} \begin{matrix} J = & \sum_{i = 1}^{m} ζ^{(i)} Tr [\sum_{r = 0}^{\overset{ˇ}{k}} A^{r} {\bar{P}}^{(i)} A^{r T} + \sum_{j = 0}^{\overset{ˇ}{k} - 1} \sum_{r = 0}^{j} A^{r} Q A^{r T} + \sum_{r = 0}^{\overset{ˇ}{k} - k} φ_{k}^{(i)} (A^{r} ({\bar{G}}^{(i)} {\tilde{Σ}}_{k}^{(i)} {\bar{G}}^{(i) T} \\ + {\bar{G}}^{(i)} μ_{k}^{(i)} μ_{k}^{(i) T} {\bar{G}}^{(i) T} - {\bar{G}}^{(i)} T_{k}^{(i)} C^{(i)} {\bar{P}}^{(i)} - {\bar{P}}^{(i)} C^{(i) T} T_{k}^{(i) T} {\bar{G}}^{(i) T}) A^{r T} \\ + \sum_{t = 0}^{k - 1} A^{(r + t + 1)} {\bar{G}}^{(i)} μ_{k}^{(i)} μ_{k}^{(i) T} {\bar{G}}^{(i) T} A^{r T} + \sum_{t = 0}^{k - 1} A^{r} {\bar{G}}^{(i)} μ_{k}^{(i)} μ_{k}^{(i) T} {\bar{G}}^{(i) T} A^{(r + t + 1) T}) \\ + \sum_{r = 0}^{\overset{ˇ}{k} - k} (1 - φ_{k}^{(i)}) A^{r} ({\bar{G}}^{(i)} Σ^{(i)} {\bar{G}}^{(i) T} - {\bar{G}}^{(i)} C^{(i)} {\bar{P}}^{(i)} - {\bar{P}}^{(i)} C^{(i) T} {\bar{G}}^{(i) T}) A^{r T}], \end{matrix} \end{matrix}$

Since the terms

Tr (\sum_{r = 0}^{\overset{ˇ}{k}} A^{r} {\bar{P}}^{(i)} A^{r T} + \sum_{j = 0}^{\overset{ˇ}{k} - 1} \sum_{r = 0}^{j} A^{r} Q A^{r T})

and

Ψ_{k}^{(i)}

do not depend on

φ_{k}^{(i)}

, the attack scheduling problem reduces to solving the following 0–1 integer programming problem:

(60) $\begin{matrix} max_{φ_{k}^{(i)}} & \sum_{i = 1}^{m} ζ^{(i)} φ_{k}^{(i)} (Φ_{k}^{(i)} - Ψ_{k}^{(i)}), \\ s . t . & \sum_{i = 1}^{m} φ_{k}^{(i)} \leq σ_{k}, \\ φ_{k}^{(i)} \in {0, 1}, k \in [0, \overset{ˇ}{k}], \end{matrix}$

which can be transformed into (56), and the proof is complete. □

Remark 8.

The distribution and attack matrix of the modified innovation are derived from Theorems 2 and 3. Consequently, ${\tilde{Σ}}_{k}^{(i)}$ , $μ_{k}^{(i)}$ and $T_{k}^{(i)}$ become known parameters in (56). Given that the energy constraint limits the number of damaged channels at each time step, the intlinprog function in MATLAB is employed to solve (56).

Finally, by summarizing the above work, an algorithm that can generate the optimal attack is proposed.

Remark 9.

Analysis of Algorithm 1 reveals that in a single-channel scenario, the attacker calculates the optimal attack matrix $T_{k}$ at each time step based on the distribution parameters ${\tilde{Σ}}_{k}$ and $μ_{k}$ of the modified innovation, substituting it into $z_{k}^{a} = T_{k} z_{k} + b_{k}$ to alter the original innovation (the derivation of ${\tilde{Σ}}_{k}$ , $μ_{k}$ and $T_{k}$ follows Theorems 2 and 3 and is omitted for brevity). In multi-channel scenarios, the attack scheduling matrix $φ_{k}^{(i)}$ is precomputed offline. When $φ_{k}^{(i)} = 1$ , online computation is triggered to modify the original innovation to $z_{k}^{a (i)}$ , thereby reducing the online computational burden.

Algorithm 1 Construction of the optimal innovation-based attacks.

1:. Input: A, $C^{(i)}$ , Q, $R^{(i)}$ , $x_{0}$ , $P_{0}^{(i)}$ , $σ_{k}$ , $δ$ , $ζ^{(i)}$ ;

2:. Obtain the covariance ${\tilde{Σ}}_{k}^{(i)}$ and the mean $μ_{k}^{(i)}$ of $z_{k}^{a (i)}$ in the worst case based on Theorem 2;

3:. Acquire the optimal attack matrix $T_{k}^{(i)}$ by solving (53);

4:. Determine attack scheduling $φ_{k}^{(i)}$ according to Theorem 4;

5:. for $k = 0$ ; $k \leq \overset{ˇ}{k}$ ; $k + +$ do

6:. for $i = 1$ ; $i \leq m$ ; $i + +$ do

7:. if $φ_{k}^{(i)} = 1$ then

8:. Modify the innovation of channel i at time k to $z_{k}^{a (i)}$ ;

9:. end if

10:. end for

11:. end for

12:. Output: $φ_{k}^{(i)}$ , $z_{k}^{a (i)}$ ;

5. Illustrative Examples

To verify the theoretical results, simulations are conducted on a CPS with two independent channels. The parameter selection aims to balance theoretical tractability and practical relevance. Specifically, matrix A guarantees system stability, while the noise covariance matrices Q and $R^{(i)}$ capture the actual measurement and process disturbances. $x_{0}$ is required to follow a zero-mean Gaussian distribution, and $P_{0}^{(i)}$ is set as the identity matrix. These choices ensure that the system attains a steady-state condition prior to the onset of the attack, as stated in Assumption 3. The specific parameters are designed as follows: $A = [\begin{matrix} 0.65 & 0.2 \\ 0.05 & 0.7 \end{matrix}]$ , $Q = [\begin{matrix} 0.5 & 0 \\ 0 & 0.7 \end{matrix}]$ , $C^{(1)} = [\begin{matrix} 0.5 & - 0.8 \\ 0 & 0.7 \end{matrix}]$ , $R^{(1)} = [\begin{matrix} 1 & 0 \\ 0 & 0.8 \end{matrix}]$ , $C^{(2)} = [\begin{matrix} 0.5 & - 0.8 \\ 0 & 0.7 \end{matrix}]$ , $R^{(2)} = [\begin{matrix} 1 & 0 \\ 0 & 0.9 \end{matrix}]$ .

The initial states are set as $x_{0} = {[0.54, 1.83]}^{T}$ and $P_{0}^{(1)} = P_{0}^{(2)} = [\begin{matrix} 1 & 0 \\ 0 & 1 \end{matrix}]$ . The experiment runs from $k = 0$ to the terminal step $\overset{ˇ}{k} = 90$ , with the attack initiated at $k = 50$ . Due to energy constraints, the attacker modifies at most $σ_{k} = 1$ channel per time step.

First, the influence exerted by diverse attack strategies on the estimation performance of the CPSs is illustrated in Figure 2 with parameters $ζ^{1} = ζ^{2} = 1$ and $δ = 1.5$ , while Figure 3 presents the empirical estimation error from 10,000 Monte Carlo simulations under these conditions. The black triangular line describes the estimation error induced by the proposed optimal attack. By contrast, the red plus line reflects the influence of the zero-mean Gaussian attack scheme in [27] on remote estimation performance. Owing to the time-varying mean of the Gaussian distribution in the optimal attack strategy, the resulting estimation error is significantly larger than that of [27]. The blue square line corresponds to the estimation error caused by the attack strategy in [21], which shares the attack scheduling parameter $φ_{k}^{(i)}$ with our approach. The green fork-marked line denotes the estimation error under random Gaussian noise when all channels are continuously attacked, i.e., $φ_{k}^{(1)} = φ_{k}^{(2)} = 1$ . Comparative analysis of Figure 2 and Figure 3 confirms that the optimal stealthy attack leads to the most significant degradation in estimation performance.

Figure 4 illustrates the impact of various attacks on the estimation error under the parameters $ζ^{(1)} = 1$ , $ζ^{(2)} = 0$ , and $δ = 1.5$ , corresponding to $φ_{k}^{(1)} = 1$ and $φ_{k}^{(2)} = 0$ at each time step k. The empirical estimation error from 10,000 Monte Carlo simulations under these conditions is shown in Figure 5. Compared to the orange five-pointed star-marked line, the optimal attack strategy is found to induce a greater estimation error at each attack time step. Due to the time-invariant covariance of the modified innovation proposed in [21], the generated attack fails to significantly disrupt the remote estimation. The simulation setup in Figure 4 and Figure 5 represents a single-channel attack scenario, where the optimal attack strategy demonstrates substantial effectiveness in degrading estimation performance.

The stealth performance of different attack schemes is further analyzed in Figure 6 under the parameter configuration $ζ^{(1)} = ζ^{(2)} = 1$ and $δ = 1.5$ . The blue dotted and solid lines depict the stealthiness of attacks on channels 1 and 2, respectively, at each time step, while the purple dotted and solid lines correspond to the attack scheme proposed in [27]. Figure 6 demonstrates that the KLD of all channels remains below the threshold $δ = 1.5$ under the optimal stealthy attacks, ensuring stealthiness throughout the attack duration. A comparative analysis of Figure 2 and Figure 6 reveals that the proposed attack design achieves superior stealth performance compared to the method in [27], while simultaneously inducing a significantly larger remote estimation error.

For enhanced clarity of the simulation framework, Table 2 summarizes the comparative analysis.

Finally, Figure 7 demonstrates the influence of varying thresholds $δ$ on the estimation error under the proposed attack strategy, evaluated through 10,000 Monte Carlo simulations. The black asterisk-marked, blue dashed, magenta dash-dot, and red solid lines represent the estimation errors for $δ = 2$ , $δ = 1.5$ , $δ = 1$ , and $δ = 0$ , respectively. A larger $δ$ corresponds to weaker stealth performance but amplifies the attack’s impact on degrading estimation performance. This highlights the critical role of selecting an appropriate $δ$ to balance stealthiness and attack effectiveness. Notably, even when $δ = 0$ , the optimal attack scheme remains feasible and significantly degrades the remote estimation performance.

6. Conclusions

In this paper, we investigate the design problem of optimal deception attacks in multi-channel CPS, aiming to maximize the estimation error while ensuring attack stealthiness. Due to energy constraints, the attacker can only modify the transmission data of a subset of channels at each attack time. The innovation-based linear deception attack model is constructed, where the modified innovation follows a Gaussian distribution with a time-varying mean, to derive the total estimation error during the attack period. By leveraging the statistical interdependencies among variables in the objective function, the original problem is transformed into tractable semidefinite and 0–1 integer programming formulations. Moreover, we propose an algorithm to guide attackers in strategically devising the optimal attack approach. Numerical simulations validate the effectiveness of the proposed strategy, demonstrating its superiority in balancing stealth and attack impact compared to existing methods. The computational complexity of attack scheduling optimization grows exponentially with the number of communication channels. We plan to explore heuristic approaches (e.g., GA, particle swarm optimization (PSO)) to address real-time implementation in large-scale systems, thereby mitigating this complexity while maintaining acceptable performance levels. Moreover, the current attack strategy does not sufficiently consider the temporal dynamics of network traffic and the impact of network environment variations. Future research could integrate time-series analysis with online learning algorithms to design more robust attack strategies with enhanced adaptability to dynamic network conditions.

Author Contributions

X.Y. established the model of the system, simulated the experiment, and wrote the first draft. Z.R. participated in the construction of the paper framework and fund acquisition. J.Z. proposed amendments to the paper. J.H. managed the overall project. All authors have read and agreed to the published version of the manuscript.

Data Availability Statement

Data are contained within the article.

Conflicts of Interest

The authors declare no conflicts of interest.

Nomenclature

The symbolic variables used in this paper are shown in nomenclature:

Symbol	Definition
$N$	Natural number
$R$	Real number
$R^{n}$	n-dimensional Euclidean space
$Y^{T}$	Transpose of matrix Y
$Y^{- 1}$	Inverse of matrix Y
$\| Y \|$	Determinant of matrix Y
$log y$	Natural logarithm of y
$Tr (.)$	Trace of matrix
$ξ \sim N (μ_{ξ}, Σ_{ξ})$	Gaussian distribution with covariance $Σ_{ξ}$ and mean $μ_{ξ}$
$x_{k}$	System state vector at time k
$y_{k}^{(i)}$	Measurement of sensor i at time k
A	System state transition matrix
$C^{(i)}$	Measurement matrix of sensor i
$w_{k}$	Process noise
$v_{k}^{(i)}$	Measurement noise of sensor i
${\hat{x}}_{k}^{(i) -}$	Prior estimate of state $x_{k}$ by estimator i
${\hat{x}}_{k}^{(i)}$	Posterior estimate of state $x_{k}$ by estimator i
$P_{k}^{(i) -}$	Prior estimation error covariance
$P_{k}^{(i)}$	Posterior estimation error covariance
$G_{k}^{(i)}$	Kalman gain matrix
$z_{k}^{(i)}$	Local innovation
$Σ^{(i)}$	Covariance of innovation $z_{k}^{(i)}$
$z_{k}^{a (i)}$	Modified innovation under attack
${\tilde{Σ}}_{k}^{(i)}$	Covariance of innovation $z_{k}^{a (i)}$
$T_{k}^{(i)}$	Attack matrix
$φ_{k}^{(i)}$	Attack scheduling matrix
$b_{k}^{(i)}$	Attack noise
$μ_{k}^{(i)}$	Mean of attack noise $b_{k}^{(i)}$
$Ξ_{k}^{(i)}$	Covariance of attack noise $b_{k}^{(i)}$
$δ$	KLD threshold
$σ_{k}$	Maximum number of attacked channels at time k

Footnotes

Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Figures and Tables

Figure 1 System structure.

Figure 2 The theoretical estimation error induced by various attack strategies with $ζ^{1} = ζ^{2} = 1$ [21,27].

Figure 3 The empirical estimation error induced by various attack strategies with $ζ^{1} = ζ^{2} = 1$ [21,27].

Figure 4 The theoretical estimation error induced by various attack strategies with $ζ^{1} = 1, ζ^{2} = 0$ [21,27].

Figure 5 The empirical error estimation error induced by various attack strategies with $ζ^{1} = 1, ζ^{2} = 0$ [21,27].

Figure 6 The stealthiness under different attack strategies [27].

Figure 7 The estimation errors under different thresholds $δ$ .

Table 1

Comparative analysis of related research metrics.

Related Works	Channel Type	Objective	Mean	Covariance
This Paper	Multi-Channel	Maximize the CumulativeEstimation Error	Time-Varying	Time-Varying
Guo et al. [21]	Single-Channel	Maximize the EstimationError at Each Moment	Zero	Time-Invariant
Li et al. [27,28]	Multi-Channel	Maximize the TerminalEstimation Error	Zero	Time-Varying
Li et al. [22]	Single-Channel	Maximize the CumulativeEstimation Error	Time-Invariant	Time-Invariant

Table 2

Key comparisons of attack strategies.

Metric	Proposed Optimal Attack	Attack in [27]	Attack in [21]
Channel Type	Multi-Channel	Multi-Channel	Single-Channel
Objective	Maximize the CumulativeEstimation Error	Maximize the TerminalEstimation Error	Maximize the EstimationError at Each Moment
Mean	Time-Varying	Zero	Zero
Covariance	Time-Varying	Time-Varying	Time-Invariant
Single-channel	Larger Estimation Error	-	Smaller Estimation Error
Multi-channel	Larger Estimation Error;Superior Stealthiness	Smaller Estimation Error;Poorer Stealthiness	-
Limitations	Static Distributions	Constant Mean	Single-Channel;Constant Mean and Covariance

References

1. Antsaklis, P. Goals and challenges in cyber-physical systems research editorial of the editor in chief. IEEE Trans. Autom. Control; 2014; 59, pp. 3117-3119. [DOI: https://dx.doi.org/10.1109/TAC.2014.2363897]

2. Ma, X.J.; Wang, H. Blind false data injection attacks in smart grids subject to measurement outliers. J. Control. Decis.; 2022; 9, pp. 445-454. [DOI: https://dx.doi.org/10.1080/23307706.2021.2016077]

3. Zhang, D.; Wang, Q.G.; Feng, G.; Shi, Y.; Vasilakos, A.V. A survey on attack detection, estimation and control of industrial cyber-physical systems. ISA Trans.; 2021; 116, pp. 1-16. [DOI: https://dx.doi.org/10.1016/j.isatra.2021.01.036] [PubMed: https://www.ncbi.nlm.nih.gov/pubmed/33581894]

4. Dutta, R.G.; Hu, Y.; Yu, F.; Zhang, T.; Jin, Y. Design and analysis of secure distributed estimator for vehicular platooning in adversarial environment. IEEE trans. Intell. Transp. Syst.; 2022; 23, pp. 3418-3429. [DOI: https://dx.doi.org/10.1109/TITS.2020.3036376]

5. Ren, Z.; Cheng, P.; Shi, L.; Dai, Y. State estimation over delayed mutihop network. IEEE Trans. Automat. Control; 2018; 63, pp. 3545-3550. [DOI: https://dx.doi.org/10.1109/TAC.2018.2797189]

6. Qiu, H.; Qiu, M.; Liu, M.; Memmi, G. Secure health data sharing for medical cyber-physical systems for the healthcare 4.0. IEEE J. Biomed. Health Inform.; 2020; 24, pp. 2499-2505. [DOI: https://dx.doi.org/10.1109/JBHI.2020.2973467]

7. Lindsay, J.R. Stuxnet and the limits of cyber warfare. Secur. Stud.; 2013; 22, pp. 365-404. [DOI: https://dx.doi.org/10.1080/09636412.2013.816122]

8. Slay, J.; Miller, M. Lessons learned from the maroochy water breach. Proceedings of the International Conference on Critical Infrastructure Protection; Hanover, NH, USA, 19–21 March 2007; pp. 73-82.

9. Paridari, K.; O’Mahony, N.; Mady, A.E.-D.; Chabukswar, R.; Boubekeur, M.; Sandberg, H. A framework for attack- resilient industrial control systems: Attack detection and controller reconfiguration. Proc. IEEE.; 2018; 106, pp. 113-128. [DOI: https://dx.doi.org/10.1109/JPROC.2017.2725482]

10. Aldallal, A.; Alisa, F. Effective intrusion detection system to secure data in cloud using machine learning. Symmetry; 2021; 13, 2306. [DOI: https://dx.doi.org/10.3390/sym13122306]

11. Qin, J.; Li, M.; Shi, L.; Yu, X. Optimal denial-of-service attack scheduling with energy constraint over packet-dropping networks. IEEE Trans. Autom. Control; 2018; 63, pp. 1648-1663. [DOI: https://dx.doi.org/10.1109/TAC.2017.2756259]

12. Wang, D.; Jia, P.; Lian, J.; Pei, X. An Optimal DoS Attack Strategy With Pause and Restart Rules Under Energy Constraints. IEEE Trans. Control. Netw. Syst.; 2022; 10, pp. 1291-1302. [DOI: https://dx.doi.org/10.1109/TCNS.2022.3225282]

13. Ai, Z.; Peng, L.; Cao, M. Optimal attack schedule for two sensors state estimation under jamming attack. IEEE Access; 2019; 7, pp. 75741-75748. [DOI: https://dx.doi.org/10.1109/ACCESS.2019.2922272]

14. Deng, C.; Jin, X.Z.; Wu, Z.G.; Che, W.W. Data-Driven-Based Cooperative Resilient Learning Method for Nonlinear MASs Under DoS Attacks. IEEE Trans. Neural Netw. Learn. Syst.; 2023; 35, pp. 12107-12116. [DOI: https://dx.doi.org/10.1109/TNNLS.2023.3252080]

15. Jin, X.; Lu, S.; Qin, J.; Zheng, W.X.; Liu, Q. Adaptive ELM-Based Security Control for a Class of Nonlinear- Interconnected Systems With DoS Attacks. IEEE Trans. Cybern.; 2023; 53, pp. 5000-5012. [DOI: https://dx.doi.org/10.1109/TCYB.2023.3257133]

16. Liu, Y.; Ning, P.; Reiter, M.K. False data injection attacks against state estimation in electric power grids. ACM Trans. Inf. Syst. Secur.; 2011; 14, pp. 1-33. [DOI: https://dx.doi.org/10.1145/1952982.1952995]

17. Guo, Z.; Shi, D.; Johansson, K.H.; Shi, L. Optimal linear cyber-attack on remote state estimation. IEEE Trans. Control Netw. Syst.; 2016; 4, pp. 4-13. [DOI: https://dx.doi.org/10.1109/TCNS.2016.2570003]

18. Ren, X.X.; Yang, G.H.; Zhang, X.G. Optimal stealthy attack with historical data on cyber–physical systems. Automatica; 2023; 151, 110895. [DOI: https://dx.doi.org/10.1016/j.automatica.2023.110895]

19. Yang, G.Y.; Li, X.J. Complete stealthiness false data injection attacks against dynamic state estimation in cyber-physical systems. Inf. Sci.; 2022; 586, pp. 408-423. [DOI: https://dx.doi.org/10.1016/j.ins.2021.11.079]

20. Tu, W.; Dong, J.; Zhai, D. Optimal ϵ-stealthy attack in cyber-physical systems. J. Franklin Inst.; 2021; 358, pp. 151-171. [DOI: https://dx.doi.org/10.1016/j.jfranklin.2019.02.010]

21. Guo, Z.; Shi, D.; Johansson, K.H.; Shi, L. Worst-case stealthy innovation-based linear attack on remote state estimation. Automatica; 2018; 89, pp. 117-124. [DOI: https://dx.doi.org/10.1016/j.automatica.2017.11.018]

22. Li, Y.G.; Yang, G.H. Optimal stealthy false data injection attacks in cyber-physical systems. Inf. Sci.; 2019; 481, pp. 474-490. [DOI: https://dx.doi.org/10.1016/j.ins.2019.01.001]

23. Li, Y.; Shi, D.; Chen, T. False data injection attacks on networked control systems: A Stackelberg game analysis. IEEE Trans. Autom. Control; 2018; 63, pp. 3503-3509. [DOI: https://dx.doi.org/10.1109/TAC.2018.2798817]

24. Zhou, J.; Shang, J.; Chen, T. Optimal Deception Attacks Against Remote State Estimation: An Information-Based Approach. IEEE Trans. Automat. Control; 2023; 68, pp. 3947-3962. [DOI: https://dx.doi.org/10.1109/TAC.2022.3200963]

25. Guo, H.; Sun, J.; Pang, Z.H. Stealthy false data injection attacks with resource constraints against multi-sensor estimation systems. ISA Trans.; 2022; 127, pp. 32-40. [DOI: https://dx.doi.org/10.1016/j.isatra.2022.02.045]

26. Li, Y.; Yang, Y.; Zhao, Z.; Zhou, J.; Quevedo, D.E. Deception Attacks on Remote Estimation with Disclosure and Disruption Resources. IEEE Trans. Autom. Control; 2023; 68, pp. 4096-4112. [DOI: https://dx.doi.org/10.1109/TAC.2022.3202981]

27. Li, Y.G.; Yang, G.H. Optimal stealthy switching location attacks against remote estimation in cyber-physical systems. Neurocomputing; 2021; 421, pp. 183-194. [DOI: https://dx.doi.org/10.1016/j.neucom.2020.08.007]

28. Li, Y.G.; Yang, G.H.; Wang, X. Optimal energy constrained deception attacks in cyber-physical systems with multiple channels: A fusion attack approach. ISA Trans.; 2023; 137, pp. 1-12. [DOI: https://dx.doi.org/10.1016/j.isatra.2023.01.020]

29. Anderson, B.D.; Moore, J.B. Optimal filtering, 1st ed; Prentice-Hall: New York, NY, USA, 1979; pp. 103-133.

30. Favennec, J.M. Smart sensors in industry. J. Phys. E: Sci. Instrum.; 1987; 20, pp. 1087-1090. [DOI: https://dx.doi.org/10.1088/0022-3735/20/9/003]

31. Zhang, Q.; Liu, K.; Xia, Y.; Ma, A. Optimal stealthy deception attack against cyber-physical systems. IEEE Trans. Cybern.; 2020; 50, pp. 3963-3972. [DOI: https://dx.doi.org/10.1109/TCYB.2019.2912622]

32. Ren, X.X.; Yang, G.H. Kullback–Leibler divergence-based optimal stealthy sensor attack against networked linear quadratic Gaussian systems. IEEE Trans. Cybern.; 2021; 52, pp. 11539-11548. [DOI: https://dx.doi.org/10.1109/TCYB.2021.3068220]

© 2025 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.

Optimal Innovation-Based Deception Attacks on Multi-Channel Cyber–Physical Systems

Content area

Abstract

Full text

1. Introduction

2. Related Work

2.1. Research Status

2.2. Application Scenarios

3. System Framework and Problem Formulation

3.1. Process Model

3.2. State Estimator

3.3. Detector and Stealthiness Condition

3.4. Energy Restriction

3.5. Problem Formulation

4. Optimal Attack Design

4.1. Attack Model

4.2. Attack Strategy Formulation

5. Illustrative Examples

6. Conclusions