Stealthy output injection attacks on control systems with bounded variables

Abhishek Dutta, Cedric Langbort

Research output: Contribution to journalArticlepeer-review


As more and more critical infrastructures such as transportation, power systems and water are being embedded with sensing and control and linked to the Internet, the resulting security vulnerability can be exploited to inflict systematic damage to the connected physical systems. The class of false-data injection attacks is of particular interest as it only requires the ability to compromise the measurements. We construct such attacks, that are stealthy to set-membership-based anomaly detectors over widely used constrained control systems with bounded disturbances. The design of robust controllers and detectors based on the ability to withstand disturbance lets the attacker masquerade itself as disturbance and necessitates the development of a disturbance set-estimator as a soft-constrained optimisation problem. We then formulate another constrained optimisation problem that maximises the state estimation error by manipulating measurements and results in a computable performance loss and derive its explicit solution as the attack vector. These methods are used to demonstrate the vulnerability of a test system, with attacker having limited knowledge of the control system.

Original languageEnglish (US)
Pages (from-to)1389-1402
Number of pages14
JournalInternational Journal of Control
Issue number7
StatePublished - Jul 3 2017


  • Control systems security
  • constrained optimisation
  • predictive control

ASJC Scopus subject areas

  • Control and Systems Engineering
  • Computer Science Applications


Dive into the research topics of 'Stealthy output injection attacks on control systems with bounded variables'. Together they form a unique fingerprint.

Cite this