The widespread adoption of modern cyber-physical systems in critical domains, such as autonomous vehicle platoons and Machine-Learning-as-a-Service, underscores the pressing need to safeguard them against malicious adversaries. The reliance on open operating environments and wireless communication exposes significant vulnerabilities that can be exploited. Machine learning methods are expected to play a significant role in detecting and countering malicious attacks. However, these powerful algorithms themselves can be targeted by advanced adversaries, leading to the emergence of “adversarial machine learning” as a research field. This talk will present an overview of our latest research results on cyber-physical security, especially focusing on autonomous vehicle platoons and networked computing deployments. Our proposed defence formulation uniquely combines advances in (adversarial) machine learning, game theory, and control theory. The potential for real-world applications of our approach will be demonstrated by sophisticated simulation and emulation results.

Cyber-physical systems have become ubiquitous across various application domains such as home automation, vehicles, smart grids, and medical devices, to name a few. However, their widespread integration also exposes them to the risk of adversarial attacks. An adversarial takeover can lead the system to undesirable states or can even permanently damage the system, resulting in service disruption and potential loss of lives. Although most analysis frameworks designed to recommend security measures cover various classes of attacks and systems, a vast majority of these usually do not address the effects of a complete takeover by one of the players (e.g., the defender resorting to a complete reset after an attack, but at a price).

Inspired by the FlipIt model of resource takeovers, we will examine a model in which the resource that both players (a defender and an attacker) are interested in is governed by a dynamical system. The overall system is then represented by a hybrid state, in which the discrete state indicates which player currently controls the system. At each time instance, both players make decisions on whether or not to invest energy in order to gain/retain control of the system, and the choice of the control action. Our main results include analytic expressions for the costs-to-go as a function of the hybrid state. For the case of a continuous system state with linear dynamics and quadratic costs, we will address Nash equilibrium solutions for the game. In particular, for scalar continuous states, we will characterize a closed-form expression of the takeover and control actions. For higher dimensional systems, we will present approximate solutions for the game and the corresponding player policies.

In this talk, we discuss opinion dynamics in social networks with bounded confidence for agents operating in an unreliable environment where adversaries are spreading.  The dynamics of the adversarial spreading processes follow the susceptible-infected-recovered (SIR) model, where the infection induces faulty behaviors in the agents and affects their opinions. Consensus is to be formed locally at the time of the pandemic and infected individuals may deviate from their true opinions. We assume that a local policymaker announces the local level of infection in real-time, which can be adopted by the agents for their preventative measures. We introduce conditions on the network structures for different policies regarding the announced infection levels and the strength of the epidemic. 

Complex adaptive systems are systems of high complexity and heterogeneity, consisting of various digital and analog components that communicate with one another through a plethora of communication channels. Due to their ability to incorporate complex structures, CAS can be extensively traced in military applications; hence they are an enticing target for adversarial attacks that seek to create damage, confusion, and deception. In this talk, I will show how such attacks can be effectively designed with low computational burden, using tools from control and optimization theory. In particular, I will show how such attacks can be used to poison the dynamics of a learning algorithm used to find the optimal policy for the CAS and mislead it to converge closer to a gain with deleterious properties. In addition, I will show how these attacks can be used to directly attack the CAS itself optimally, inflicting maximum damage while remaining undetected. In both cases, the deceptive attack design is theoretically justified and numerically verified via simulations on an aircraft model.

Cyber networks and Internet of Robotic Things are frequently targeted by resourceful attackers, who identify system vulnerabilities through reconnaissance and craft customized, multistage attacks.  To counter the sophisticated attackers, deception and dynamic defense can help to complement traditional security mechanisms (e.g., intrusion detection and randomized patrolling strategies). This talk presents our recent work on synthesizing deceptive strategies in multi-stage attack-defend interactions. It is centered on deceptive resource allocation questions in both proactive and reactive defense: How to deploy limited deception resources to mislead the attackers into committing an attack strategy favored by the defender? How to jointly design the deception resource allocation and the defender’s strategy to ensure provably secured systems? The presentation highlights the importance of integrating game theory, formal methods, and optimization theory into the technical solutions for cyber-physical security.

 Encrypted control is the recently emerging cryptography-integrated control reconstruction methodology for secure cyber-physical systems. The security threats to cyber-physical systems are increasing by the day; therefore, the importance of control engineering in enabling the safe operation of automation and control systems is growing. Within the field of control engineering, security measures for cyber-physical systems have begun to be more actively discussed in terms of implementing information security (confidentiality, integrity, and availability). This has resulted in several theoretical and practical approaches that have successfully demonstrated the ability to develop secure control systems and improve the detection of cyber-attacks to enhance security. The encrypted control methodology includes the ability to maintain confidentiality and integrity by integrating homomorphic encryption into controller processing. 

In this talk, I present new families of algorithms for the repeated play of two-agent (near) zero-sum games and two-agent zero-sum stochastic games. For example, the family includes fictitious play and its variants as members. Commonly, the algorithms in this family are all uncoupled, rational, and convergent even in heterogeneous cases, e.g., where the dynamics may differ in terms of learning rates, full, none or temporal access to opponent actions, and model-based vs model-free learning. The convergence of heterogeneous dynamics is of practical interest especially in competitive environments since agents may have no means or interests in following the same dynamic with the same parameters. We prove that any mixture of such asymmetries does not impact the algorithms' convergence to equilibrium (or near equilibrium if there is experimentation) in zero-sum games with repeated play and in zero-sum (irreducible) stochastic games with sufficiently small discount factors.

This is a joint work with Yuksel Arslantas, Ege Yuceel, and Yigit Yalin.

Model Predictive Control (MPC) schemes have increasingly become the method of choice for a variety of applications. Despite their popularity, these schemes have often been developed without sufficient attention to potential security vulnerabilities, creating opportunities for malicious entities to leverage these weaknesses in cyber-attacks. The aim of this presentation is to increase awareness about this pressing issue. We will review the inherent vulnerabilities of MPC methods and explore various defense mechanisms to deal with cybersecurity issues in the context of MPC.

Game theory and risk management are well-suited frameworks to tackle security challenges involving adversaries and defenders. A fundamental part of applying these frameworks in security is to formulate adequate models for both players, as well as the respective pay-off functions and information structure. In this talk, we explore connections between risk management and game theory, as well as the subtle interplays between adversary models, security metrics, and uncertainty, in the context of securing control systems. We begin by viewing risk management as a three-player game involving an adversary, a defender, and nature. From this perspective, and in contrast to classical robust control formulations, we argue for the importance of treating uncertainty as a random “Nature player” by showing how slight variations in the information structures between nature and the adversary can lead to significantly different quantification of security risks. Then, considering specific security metrics that jointly consider the impact and detectability of attacks, we describe methods to compute the risks associated with stealthy attacks and strategically deploy protection to secure the system, by integrating scenario-based approaches with convex optimization. Our examples also illustrate how uncertainty can hamper the adversary and help in reducing security risks, establishing connections with moving-target defense principles.