Sensor Network Attack Synthesis against Fault Diagnosis of Discrete Event Systems ^†

Abstract

This paper investigates the problem of synthesizing network attacks against fault diagnosis in the context of discrete event systems (DESs). It is assumed that the sensor observations sent to the operator that monitors a system are tampered with by an active attacker. We first formulate the process of online fault diagnosis under attack. Then, from the attack viewpoint, we define a sensor network attacker as successful if it can degrade the fault diagnosis in the case of maintaining itself as undiscovered by the operator. To verify such an attacker, an information structure called a joint diagnoser (JD) is proposed, which describes all possible attacks in a given attack scenario. Based on the refined JD, i.e., stealthy joint diagnoser (SJD), we present an algorithmic procedure for synthesizing a successful attacker if it exists.

1. Introduction

With the advancement in computation and communication technologies, cyber–physical systems (CPSs) have emerged as the new generation of engineering systems and computation devices embedded within physical dynamics [1,2,3,4,5]. Examples of CPSs include sensor networks, networked computer systems, autonomous vehicles, etc. Usually, the undesired behavior of CPS may be caused by the occurrence of component faults. Hence, we wish that a fault can be diagnosed after its occurrence based on data collected by sensors. In a CPS, the transmission of data information relies on communication networks, which may introduce vulnerabilities to cyber-attacks.

In this paper, we study the behavior of a CPS within the framework of discrete event systems (DESs) [6]. One significant advantage of the DES approach to fault diagnosis is that it is a model-based approach. Therefore, DES models naturally capture faults as abrupt events in systems, which facilitates the analysis of faulty behaviors of the system based on limited observations. Another motivation is that, unlike complex models or large data-driven models, DES modeling offers an opportunity to make efficient decisions over an abstract discrete decision space. Specifically, a DES is an event-driven model-based formalism that can provide a time-abstract model for complex systems.

There are two main approaches and tools available for the fault diagnosis of a DES, i.e., automata theory [7,8,9] and Petri nets [10,11,12,13]. A comprehensive survey can be found in [14]. Within the context of automata theory, the underlying structure of a DES is that of a finite state automaton. This will be formally defined in Section 3. Online fault diagnosis in a DES aims to perform model-based inferencing at runtime based on the current observations, and determines if a fault event has occurred or not in the past. In order to achieve this, a process called a diagnoser is proposed in the seminal work [7], which associates to each observed word of events a diagnosis state, such as “negative”, “positive”, or “uncertain”.

2. Related Work

The related literature in the context of robust fault diagnosis against disruptions in the communication channels includes, e.g., [15,16,17]. For a survey of the work in this domain, we refer to [17]. These works are concerned with the loss of observations, i.e., any event in a certain subset of the observable event set may become unobservable due to sensor failures or communication channel constraints. It is shown in [17] that, based on a general diagnosis framework that takes sensor failures into account, a procedure of online diagnosis can be presented. However, such disruptions are not necessarily caused by active attacks.

Motivated by this, our focus is on a specific class of cyber-attacks called sensor network attacks, which may potentially inject false network signals into the communication channels between sensors and the system operator, as shown in Figure 1. As will be clear in the context, in the worst-case scenario, due to the impact of an attacker, the operator cannot diagnose the fault occurrence as it should. Indeed, sensor network attacks have been investigated in the context of attack detection [18,19], state estimation [20,21], and supervisory control [22,23]. However, very few studies have been devoted to fault diagnosis under attack. Apart from our earlier work [24], two recent contributions in this context are [25,26]. In these works, from a defense viewpoint, the authors aim to capture the fact that fault diagnosis can be properly performed against malicious attacks.

Figure 1. Fault diagnosis architecture under attack. To make the architecture more illustrative, different components are represented by different colors.

In this paper, we study from the attacker’s viewpoint, which allows us to determine conditions under which the attacker is harmful and stealthy and synthesize a strategy to satisfy those conditions. Our objective is to verify a successful attacker that can achieve two goals: (i) induce the operator to no longer diagnose the fault occurrence, guaranteeing its harmfulness; (ii) at the same time, maintain itself as undetected by the operator, guaranteeing its stealthiness. To this end, we first propose a bipartite diagnoser called a joint diagnoser (JD) that embeds all possible attacks in a given attack scenario. To capture stealthy attacks only, a refined JD, i.e., stealthy joint diagnoser (SJD), is presented, which finally provides a necessary and sufficient condition for the existence of a successful attacker.

Another contribution of this work is the development of a successful attack synthesis algorithm. To ensure stealthiness, an attacker must consider the race between inserted events and internal system events. In essence, when synthesizing successful attacks, an attack event must be inserted at the desired time. In order to capture this race, we define a pre-empting state of the SJD as those states corresponding to the case where the internal system events are pre-empted by the inserted events. Based on this, a successful attack synthesis algorithm is finally proposed. By providing a general synthesis approach, our ultimate goal is to understand what kinds of attacks systems are not robust to and how to reduce their impact on diagnosis estimation performance. In Table 1, we compare the proposed approach with previous studies.

Table 1. Comparison of related works, where the "✓" symbol indicates the selection of an option.

Reference	Sensor Failures	Sensor Attacks	Attack Detection	Fault Diagnosis	Attack Synthesis
[15,16,17]	✓			✓
[18,19]		✓	✓
[20,21,22,23]		✓	✓		✓
[25,26]		✓		✓
This work		✓	✓	✓	✓

Compared with our conference paper [24] that introduced the diagnosis setting without providing proofs of the results, we here provide formal proofs and detailed examples. Furthermore, we present an approach for online synthesizing a successful attacker.

3. Preliminaries

3.1. Finite-State Automata

We first review some common notations of DESs used throughout this paper; the reader is referred to [6] for more details. It is assumed that a DES to be diagnosed is modeled as a finite-state automaton (automaton for short) $G=(Q,\mathrm{\Sigma },\delta ,q_0)$, where Q is the finite set of states, $\mathrm{\Sigma }$ is the finite set of events, $\delta :Q\times \mathrm{\Sigma }\to Q$ is the partial transition function, and $q_0\in Q$ is the initial state. Suppose that set $\mathrm{\Sigma }$ is divided into the observable event set ${\mathrm{\Sigma }}_o$ and the unobservable event set ${\mathrm{\Sigma }}_{uo}$. The set of active events at state q is defined as $\mathrm{\Gamma }\left(q\right)=\{\sigma \in \mathrm{\Sigma }|\delta (q,\sigma )!\}$, where “!” means “defined”. The language generated by G, denoted by $L\left(G\right)$ or simply L, is defined as $L=\{s\in {\mathrm{\Sigma }}^{*}\mid \delta \left(q_0,s\right)!\}$, where ${\mathrm{\Sigma }}^{*}$ denotes the Kleene closure of $\mathrm{\Sigma }$. Let s denote a word of L. The set of the prefixes of s is denoted as $\overline{s}=\{u\in {\mathrm{\Sigma }}^{*}|(\exists v\in {\mathrm{\Sigma }}^{*})[uv=s]\}$.

The natural projection $P:{\mathrm{\Sigma }}^{*}\to {\mathrm{\Sigma }}_o^{*}$ is defined as (where $\epsilon$ is the empty word)

$$P\left(\epsilon \right)=\epsilon \mathrm{and}P\left(s\sigma \right)=\left\{\begin{array}{ccc}P\left(s\right)\sigma ,\hfill & \mathrm{if}& \sigma \in {\mathrm{\Sigma }}_o;\hfill \\ P\left(s\right),\hfill & \mathrm{if}& \sigma \in {\mathrm{\Sigma }}_{uo}.\hfill \end{array}\right.$$

The inverse projection $P^{-1}:{\mathrm{\Sigma }}_o^{*}\to 2^{{\mathrm{\Sigma }}^{*}}$ is defined as $P^{-1}\left(w\right)=\{s\in L\left(G\right)|P\left(s\right)=w\}$, i.e., $P^{-1}\left(w\right)$ consists of all words s in $L\left(G\right)$ whose observations are w.

Let $G_1=(Q_1,{\mathrm{\Sigma }}_1,{\delta }_1,q_{01})$ and $G_2=(Q_2,{\mathrm{\Sigma }}_2,{\delta }_2,q_{02})$. The parallel composition between $G_1$ and $G_2$ is defined as $G_1\Vert G_2=Ac(Q_1\times Q_2,{\mathrm{\Sigma }}_1\cup {\mathrm{\Sigma }}_2,\delta ,(q_{01},q_{02}))$, where $\delta [(q_1,q_2),\sigma ]=(q_1^{\prime },q_2^{\prime })\mathrm{if}{\delta }_1(q_1,\sigma )=q_1^{\prime }$ and ${\delta }_2(q_2,\sigma )=q_2^{\prime }$; $\delta [(q_1,q_2),\sigma ]=(q_1^{\prime },q_2)\mathrm{if}{\delta }_1(q_1,\sigma )=q_1^{\prime }$ and $\sigma \notin {\mathrm{\Sigma }}_2$; $\delta [(q_1,q_2),\sigma ]=(q_1,q_2^{\prime })\mathrm{if}{\delta }_2(q_2,\sigma )=q_2^{\prime }$ and $\sigma \notin {\mathrm{\Sigma }}_1$; otherwise, it is undefined. In the definition of $G_1\Vert G_2$, $Ac(·)$ denotes the accessible part of an automaton.

3.2. Fault Diagnosis

In the literature of fault diagnosis in DESs, the unobservable event set ${\mathrm{\Sigma }}_{uo}$ is further partitioned into the set of regular unobservable events ${\mathrm{\Sigma }}_{reg}$ and the set of fault events ${\mathrm{\Sigma }}_f$. Let $\mathrm{\Psi }\left({\mathrm{\Sigma }}_f\right)=\{sf\in L\mid s\in {\mathrm{\Sigma }}^{*},f\in {\mathrm{\Sigma }}_f\}$ denote the set of all finite words in L that end with a fault event f. With some abuse of notation, ${\mathrm{\Sigma }}_f\in s$ denotes that $\overline{s}\cap \mathrm{\Psi }\left({\mathrm{\Sigma }}_f\right)\ne \varnothing$. A word s is said to be faulty (resp., normal) if ${\mathrm{\Sigma }}_f\in s$ (resp., ${\mathrm{\Sigma }}_f\notin s$). The fault diagnosis problem in a DES aims to decide, using the current observation $w\in {\mathrm{\Sigma }}_o^{*}$, if a fault has already occurred or not. To solve this problem, one wishes to build a diagnosis function $\gamma :{\mathrm{\Sigma }}_o^{*}\to \{N,F,U\}$ associating each observation to a diagnosis state such that

$$\gamma \left(w\right)=\left\{\begin{array}{c}N,\mathrm{if}\forall s\in P^{-1}\left(w\right),{\mathrm{\Sigma }}_f\notin s;\hfill \\ F,\mathrm{if}\forall s\in P^{-1}\left(w\right),{\mathrm{\Sigma }}_f\in s;\hfill \\ U,\mathrm{otherwise}.\hfill \end{array}\right.$$

In other words, an observation w is called normal if $\gamma \left(w\right)=N$ since, in this case, no word producing w contains a fault; faulty if $\gamma \left(w\right)=F$ since, in this case, all words producing w contain a fault; ambiguous otherwise. A standard way to compute the diagnosis function is by using a diagnoser. The diagnoser of G is defined as

$$Diag\left(G\right)=(Q_d,{\mathrm{\Sigma }}_o,{\delta }_d,q_{d,0}).$$

(1)

Its construction procedure is detailed in [6]. By construction, it holds $L\left(Diag\right(G\left)\right)=P\left(L\right(G\left)\right)$. The diagnoser state space $Q_d$ is a subset of $2^{Q\times \{N,F\}}$. The diagnoser allows one to associate every state to a diagnosis value $\gamma \left(q_d\right)=\gamma \left(w\right)$, where $q_d={\delta }_d(q_{d,0},w)$. The diagnoser state $q_d$ is negative if $\gamma \left(q_d\right)=N$; positive if $\gamma \left(q_d\right)=F$; uncertain if $\gamma \left(q_d\right)=U$. Figure 2a shows a plant G, where ${\mathrm{\Sigma }}_o=\{a,b,d,e\}$, ${\mathrm{\Sigma }}_{uo}=\{c,f\}$, and ${\mathrm{\Sigma }}_f=\left\{f\right\}$. The corresponding diagnoser is shown in Figure 2b.

Figure 2. (a) A plant G and (b) its diagnoser $Diag\left(G\right)$.

4. Sensor Network Attacks

We start by defining a system model to be diagnosed under attack depicted in Figure 3, where the shadowed block denotes a sensor network attacker that intervenes in the communication channels between the sensors and the operator. It is assumed that the attacker can compromise a subset of the sensor network channels. Specifically, it may implement two types of sensor network attacks: (i) Sensor Erasure attack (SE-attack), which erases some readings generated by the plant; (ii) Sensor Insertion attack (SI-attack), which inserts some fake readings that have not occurred in the plant. If a plant generates a word $s\in {\mathrm{\Sigma }}^{*}$, the attacker observes an original observation $w=P\left(s\right)$ and then produces a corrupted observation $w^{\prime }$. The operator computes diagnosis state $\gamma \left(w^{\prime }\right)$ from the corrupted observation $w^{\prime }$.

Figure 3. A fault diagnosis system under attack.

To formally define the attack function in Figure 3, we denote by ${\mathrm{\Sigma }}_{era}\subseteq {\mathrm{\Sigma }}_o$ (resp., ${\mathrm{\Sigma }}_{ins}\subseteq {\mathrm{\Sigma }}_o$) the set of events subject to SE-attacks (resp., SI-attacks). Correspondingly, we define ${\mathrm{\Sigma }}_{-}=\left\{{\sigma }_{-}\mid \sigma \in {\mathrm{\Sigma }}_{era}\right\}$ as the set of erased events and ${\mathrm{\Sigma }}_{+}=\left\{{\sigma }_{+}\mid \sigma \in {\mathrm{\Sigma }}_{ins}\right\}$ as the set of inserted events. We also define ${\mathrm{\Sigma }}_a={\mathrm{\Sigma }}_o\cup {\mathrm{\Sigma }}_{+}\cup {\mathrm{\Sigma }}_{-}$ as the attack alphabet.

Definition 1. 

Given a plant G with sets ${\mathrm{\Sigma }}_{ins}$ and ${\mathrm{\Sigma }}_{era}$, an attack function $\xi :P\left(L\left(G\right)\right)\to {\mathrm{\Sigma }}_a^{*}$ satisfies the following constraints:

(1) $\xi \left(\epsilon \right)\in {\mathrm{\Sigma }}_{+}^{*}$;

(2) $\forall w\sigma \in P\left(L\right(G\left)\right)$, where $w\in {\mathrm{\Sigma }}_o^{*}$ and $\sigma \in {\mathrm{\Sigma }}_o$:

$$\xi \left(w\sigma \right)\in \left\{\begin{array}{cc}\xi \left(w\right)\left\{\sigma \right\}{\mathrm{\Sigma }}_{+}^{*}\hfill & \mathit{if}\sigma \in {\mathrm{\Sigma }}_o\setminus {\mathrm{\Sigma }}_{era},\hfill \\ \xi \left(w\right)\left\{{\sigma }_{-},\sigma \right\}{\mathrm{\Sigma }}_{+}^{*}\hfill & \mathit{if}\sigma \in {\mathrm{\Sigma }}_{era}.\hfill \end{array}\right.$$

(2)

Statement (1) in Definition 1 implies that the attacker may insert an arbitrary word $t\in {\mathrm{\Sigma }}_{+}^{*}$ at the initial state before any generated word of G is observed. By Statement (2), the attacker cannot erase $\sigma$ if $\sigma$ does not belong to ${\mathrm{\Sigma }}_{era}$. However, it may insert an arbitrary word $t\in {\mathrm{\Sigma }}_{+}^{*}$ after $\sigma$. If an event $\sigma \in {\mathrm{\Sigma }}_{era}$ occurs, the attacker may either erase $\sigma$ or leave it intact, and then insert any arbitrary word $t\in {\mathrm{\Sigma }}_{+}^{*}$. Compared with the nondeterministic attack function in [22], the attack function $\xi$ in Definition 1 is deterministic; therefore, in order to provide different classes of attack strategies, we define the set of all possible attack functions depending on relativity to sets ${\mathrm{\Sigma }}_{era}$ and ${\mathrm{\Sigma }}_{ins}$ as $“\mathrm{\Xi }({\mathrm{\Sigma }}_{era},{\mathrm{\Sigma }}_{ins})”$, abbreviated as $\mathrm{\Xi }$.

An attack function $\xi$ introduces an attack language, denoted as $L(\xi ,G)=\left\{\xi \right(w\left)\right|w\in P\left(L\right(G\left)\right)\}$ (abbreviated as $L\left(\xi \right)$). Let $w_a\in L\left(\xi \right)$ be an attack word. Given an attack word $w_a$, to describe the corrupted observation $w^{\prime }$ received by the operator, an operator mask $\widehat{P}:{\mathrm{\Sigma }}_a^{*}\to {\mathrm{\Sigma }}_o^{*}$ is defined as

$$\widehat{P}\left(\epsilon \right)=\epsilon ,\widehat{P}\left(w_a{\sigma }^{\prime }\right)=\left\{\begin{array}{c}\widehat{P}\left(w_a\right)\sigma \mathrm{if}{\sigma }^{\prime }=\sigma \in {\mathrm{\Sigma }}_o\vee {\sigma }^{\prime }={\sigma }_{+}\in {\mathrm{\Sigma }}_{+},\hfill \\ \widehat{P}\left(w_a\right)\mathrm{if}{\sigma }^{\prime }={\sigma }_{-}\in {\mathrm{\Sigma }}_{-}.\hfill \end{array}\right.$$

(3)

We now define two diagnosis functions on ${\mathrm{\Sigma }}_a$. The attacker diagnosis function ${\gamma }_{att}:{\mathrm{\Sigma }}_a^{*}\to \{N,F,U\}$ is defined as ${\gamma }_{att}\left(w_a\right)=\gamma \left(w\right)$, where $w_a=\xi \left(w\right)$; the operator diagnosis function ${\gamma }_{opr}:{\mathrm{\Sigma }}_a^{*}\to \{N,F,U\}$ is defined as ${\gamma }_{opr}\left(w_a\right)=\gamma \left(w^{\prime }\right)$, where $w^{\prime }=\widehat{P}\left(w_a\right)$.

Definition 2. 

A corrupting function $\varphi :P\left(L\left(G\right)\right)\to {\mathrm{\Sigma }}_o^{*}$ is defined as $\varphi \left(w\right)=\widehat{P}\left(\xi \left(w\right)\right)$, where $\xi :P\left(L\left(G\right)\right)\to {\mathrm{\Sigma }}_a^{*}$ and $\widehat{P}:{\mathrm{\Sigma }}_a^{*}\to {\mathrm{\Sigma }}_o^{*}$ are the attack function and the operator mask, respectively.

In this paper, a sensor network attacker is characterized by a corrupting function that takes an original observation w as input and produces a corrupted observation $w^{\prime }=\varphi \left(w\right)=\widehat{P}\left(\xi \left(w\right)\right)$ as output, as shown in Figure 3. We define $L(\varphi ,G)=\widehat{P}\left(L(\xi ,G)\right)$, abbreviated as $L\left(\varphi \right)$, as the corrupted language induced by function $\varphi$. The set of all possible corrupting functions on ${\mathrm{\Sigma }}_{era}$ and ${\mathrm{\Sigma }}_{ins}$ is defined as $“\mathrm{\Phi }({\mathrm{\Sigma }}_{era},{\mathrm{\Sigma }}_{ins})”$, abbreviated as $\mathrm{\Phi }$.

5. Problem Statement

In this section, we first state the fault diagnosis problem under attack as follows.

Problem 1. 

(Online diagnosis under attack) Given an attack word $w_a\in L\left(\xi \right)$, determine if the diagnosis states based on the corresponding w and $w^{\prime }$ are consistent. 

In the worst-case scenario, a faulty observation w that allows for the detection of a fault (i.e., positive diagnosis state $“F”$) can be corrupted into a normal or ambiguous observation corresponding to the absence of the fault (i.e., negative diagnosis state $“N”$) or to an uncertain situation (i.e., uncertain diagnosis state $“U”$). This leads to the notion of a harmful attacker, defined as follows.

Definition 3. 

An attacker ϕ for a language L is said to be harmful if there exists an observation $w\in P\left(L\right)$ with $\gamma \left(w\right)=\left\{F\right\}$, which may be corrupted into another observation $w^{\prime }=\varphi \left(w\right)$ and $\gamma \left(w^{\prime }\right)\in \{N,U\}$.

Under such a harmful attacker (that receives w), the occurrence of a fault is hidden from the operator (that perceives $w^{\prime }$); that is, a harmful attacker introduces a delay in the detection of the fault. Next, the stealthiness of an attacker is considered. To this end, we introduce an attack detection mechanism [20,22]. If an attacker can always keep its attacks undiscovered by the operator during system execution, we call it stealthy. We now give the condition that implies the stealthiness of an attacker.

Definition 4. 

An attacker ϕ for a language L is stealthy if $L\left(\varphi \right)\subseteq P\left(L\right(G\left)\right)$. 

The stealthiness of an attacker is ensured when any corrupted observation received by the operator is contained in the observed language of G. Associated with Definition 4 are two sets of words $w\in {\mathrm{\Sigma }}_a^{*}$ defined as follows. Given a plant G, the set of stealthy words on ${\mathrm{\Sigma }}_a$ is defined as ${\mathcal{S}}_s=\{w_a\in {\mathrm{\Sigma }}_a^{*}\mid \widehat{P}\left(w_a\right)\in P\left(L\left(G\right)\right)\}$, while the set of exposing words on ${\mathrm{\Sigma }}_a$ is defined as ${\mathcal{S}}_e=\{w_a\sigma \in {\mathrm{\Sigma }}_a^{*}\mid w_a\in {\mathcal{S}}_s,\sigma \in {\mathrm{\Sigma }}_a,w_a\sigma \notin {\mathcal{S}}_s\}$. A stealthy word $w_a$ produces a corrupted observation $w^{\prime }=\widehat{P}\left(w_a\right)\in P\left(L\left(G\right)\right)$, which does not reveal the attacker’s presence. On the contrary, an exposing word results in the exposure of the attacker at the last observable step. Finally, the ideal attacker that can achieve both goals is said to be successful. Finally, from the attack viewpoint, we formalize the successful attacker existence and synthesis problem.

Problem 2. 

(Existence and synthesis of a successful attacker) Given a language L, determine whether there exists a successful attacker ϕ for L. If it exists, synthesize the successful attacker ϕ. 

6. Stealthy Joint Diagnoser

6.1. Attacker Diagnoser and Operator Diagnoser

In our previous work [24], we detail the constructions of two special diagnosers, called Attacker Diagnoser and Operator Diagnoser. The former diagnoser describes all attack words $w_a$ that can be generated under attack. The latter diagnoser describes how all words $w_a\in {\mathrm{\Sigma }}_a^{*}$ are recognized by the operator. Starting from a diagnoser $Diag\left(G\right)=(Q_d,{\mathrm{\Sigma }}_o,{\delta }_d,q_{d,0})$, we build the following:

• Attacker Diagnoser $Dia{g}_{att}\left(G\right)=(Q_d,{\mathrm{\Sigma }}_a,{\delta }_{att},q_{d,0})$ through self-looping each state with all events in ${\mathrm{\Sigma }}_{+}$ and then adding in parallel to each event $\sigma \in {\mathrm{\Sigma }}_{era}$ the corresponding event ${\sigma }_{-}\in {\mathrm{\Sigma }}_{-}$.
• Operator Diagnoser $Dia{g}_{opr}\left(G\right)=(Q_d\cup q_{\varnothing },{\mathrm{\Sigma }}_a,{\delta }_{opr},q_{d,0})$ through self-looping each state with all events in ${\mathrm{\Sigma }}_{-}$, then adding in parallel to each event $\sigma \in {\mathrm{\Sigma }}_{ins}$ the corresponding event ${\sigma }_{+}\in {\mathrm{\Sigma }}_{+}$, and finally adding a dump state $q_{\varnothing }$ that is reached by all undefined transitions.

Example 1. 

Consider the plant G in Figure 2a. Let ${\mathrm{\Sigma }}_{ins}=\left\{e\right\}$ and ${\mathrm{\Sigma }}_{era}=\{a,b\}$. The corresponding $Dia{g}_{att}\left(G\right)$ and $Dia{g}_{opr}\left(G\right)$ are shown in Figure 4a and Figure 4b, respectively. 

Figure 4. (a) $Dia{g}_{att}\left(G\right)$ and (b) $Dia{g}_{opr}\left(G\right)$ for G in Figure 2a.

Proposition 1. 

Given a nominal diagnoser $Diag\left(G\right)=(Q_d,{\mathrm{\Sigma }}_o,{\delta }_d,q_{d,0})$, let $Dia{g}_{att}\left(G\right)=(Q_d,{\mathrm{\Sigma }}_a,{\delta }_{att},q_{d,0})$ be the attacker diagnoser. It holds that

(1) $w_a\in L\left(Dia{g}_{att}\left(G\right)\right)\iff (\exists \xi \in \mathrm{\Xi })(\exists w\in L\left(Diag\left(G\right)\right)[w_a=\xi \left(w\right)]$;

(2) $(\forall \xi \in \mathrm{\Xi })(\forall w\in L\left(Diag\left(G\right)\right))[{\delta }_{att}(q_{d,0},\xi \left(w\right))={\delta }_d(q_{d,0},w)]$.

Proof. 

Consider first Statement (1). (⇐) By the construction of $Dia{g}_{att}\left(G\right)$, given a word $w\in L\left(Diag\right(G\left)\right)$ and $\xi \in \mathrm{\Xi }$, there exists a corresponding attack word $w_a\in L\left(Dia{g}_{att}\left(G\right)\right)$ such that $w_a=\xi \left(w\right)$. (⇒) Consider a word $w_a\in$$L\left(Dia{g}_{att}\left(G\right)\right)$ that reaches a state $Q_d$ and only contains events in $\mathrm{\Sigma }$, implying an original observation. At each state of $Dia{g}_{att}\left(G\right)$, all events ${\sigma }_{+}$ are in a self-loop, which implies that $w_a$ can be corrupted by inserting a word of fake events in ${\mathrm{\Sigma }}_{ins}$. If the word $w_a$ is generated by executing a transition ${\delta }_{att}(Q_d^{\prime },\sigma )=Q_d^{″}$ with $\sigma \in {\mathrm{\Sigma }}_{era}$, it may happen that the “parallel" transition ${\delta }_{att}(Q_d^{\prime },{\sigma }_{-})=Q_d^{″}$ is executed corresponding to an attack that erases $\sigma$. Therefore, there exists a function $\xi \in \mathrm{\Xi }$ and an observation $w\in L\left(Diag\right(G\left)\right)$ such that $\xi \left(w\right)=w_a$. The proof of Statement (2) follows that of Statement (1).    □

By Statement (1) in Proposition 1, the language of the attacker diagnoser consists of all possible attack words w. According to Statement (2), the diagnosis state estimation of $Dia{g}_{att}\left(G\right)$ based on w is the same as that of $Diag\left(G\right)$ based on s, where $w_a=\xi \left(w\right)$.

Proposition 2. 

Given a nominal diagnoser $Diag\left(G\right)=(Q_d,{\mathrm{\Sigma }}_o,{\delta }_d,q_{d,0})$, let $Dia{g}_{opr}\left(G\right)=(Q_d\cup q_{\varnothing },{\mathrm{\Sigma }}_a,{\delta }_{opr},q_{d,0})$ be the operator diagnoser. It holds that

(1) $L\left(Dia{g}_{opr}\left(G\right)\right)={\mathcal{S}}_s\cup {\mathcal{S}}_e$;

(2) $w_a\in {\mathcal{S}}_s\subseteq L\left(Dia{g}_{opr}\left(G\right)\right)\Rightarrow (\exists w^{\prime }\in L\left(Diag\left(G\right)\right))[w^{\prime }=\widehat{P}\left(w_a\right)]$;

(3) $\forall w_a\in L\left(Dia{g}_{opr}\left(G\right)\right)$: if $w_a\in {\mathcal{S}}_s$, ${\delta }_{opr}(q_{d,0},w_a)={\delta }_d(q_{d,0},\widehat{P}\left(w_a\right))$; if $w_a\in {\mathcal{S}}_e$, ${\delta }_{opr}(q_{d,0},w_a)=q_{\varnothing }$.

Proof. 

Statement (1) is first considered. By construction the $Dia{g}_{opr}\left(G\right)$, it includes all the words in ${\mathcal{S}}_s\cup {\mathcal{S}}_e$. The following is to prove that all the words $w_a\in L\left(Dia{g}_{opr}\left(G\right)\right)$ either belong to ${\mathcal{S}}_s$ or ${\mathcal{S}}_e$. Consider a word $w_a\in L\left(Dia{g}_{opr}\left(G\right)\right)$ that reaches a state $q_d\in Q_d$ and only contains events in ${\mathrm{\Sigma }}_o$, implying an original observation received by the operator. At each state, all events ${\sigma }_{-}$ are in a self-loop, which corresponds to the generation of $w_a$. By the definition of $\widehat{P}$, it holds that $\widehat{P}\left(w_a\right)\in P\left(L\left(G\right)\right)$, i.e., $w_a\in {\mathcal{S}}_s$. If the word $w_a$ is generated by executing a transition ${\delta }_{opr}(q_d^{\prime },{\sigma }_{+})=q_d^{″}$ with $\sigma \in {\mathrm{\Sigma }}_{ins}$, it may happen that the “parallel” transition ${\delta }_{att}(q_d^{\prime },\sigma )=q_d^{″}$ is executed and thus $\widehat{P}\left(w_a\right)\in P\left(L\left(G\right)\right)$, i.e., $w\in {\mathcal{S}}_s$. Then, if the word $w_a$ yields $d_{\varnothing }$, then $\widehat{P}\left(w_a\right)\notin P\left(L\left(G\right)\right)$, i.e., $w_a\in {\mathcal{S}}_e$, which completes the proof of Statement (1). The proofs of Statement (2) and (3) follow that of Statement (1).    □

By Statement (1) in Proposition 2, all words in ${\mathcal{S}}_s$ and ${\mathcal{S}}_e$ can be generated by $Dia{g}_{opr}\left(G\right)$. By Statement (2), a word in ${\mathcal{S}}_s$ generated by $Dia{g}_{opr}\left(G\right)$ can correspond to a corrupted observation $w^{\prime }\in P\left(L\left(G\right)\right)$ recognized by the operator. Statement (3) implies that (i) the diagnosis state estimation of $Dia{g}_{opr}\left(G\right)$ based on a stealthy word $w_a\in {\mathcal{S}}_s$ is the same as that of $Diag\left(G\right)$ based on $w^{\prime }$, where $w^{\prime }=\widehat{P}\left(w_a\right)$; (ii) all exposing words $w_a\in {\mathcal{S}}_e$ yield $q_{\varnothing }$.

6.2. Joint Diagnoser and Its Refining

Definition 5. 

A joint diagnoser (JD for short) J-$Diag\left(G\right)$ is defined as J-$Diag\left(G\right)=(X,{\mathrm{\Sigma }}_a,{\delta }_a,x_0)$$=Dia{g}_{att}\left(G\right)$$\parallel Dia{g}_{opr}\left(G\right)$. 

As defined, every state of J-$Diag\left(G\right)$ is a pair $x=(q_d,{\overline{q}}_d)$. The states of J-$Diag\left(G\right)$ can be partitioned into stealthy states and exposing states as follows.

Definition 6. 

Given a joint diagnoser J-$Diag\left(G\right)=(X,{\mathrm{\Sigma }}_a,{\delta }_a,x_0)$, the set of exposing states is defined as $X_e=\{x=(q_d,{\overline{q}}_d)\in X|{\overline{q}}_d=q_{\varnothing }\}$; the set of stealthy states is defined as $X_s=X\setminus X_e$. 

If an exposing word $w_a\in {\mathcal{S}}_e$ yields an exposing state, we conclude that the attacker that produces $w_a$ is stealthy. However, if a stealthy word $w_a\in {\mathcal{S}}_s$ yields a stealthy state, it can only be inferred that the attacker producing $w_a$ is currently undiscovered. There is a case where, following the future evolution of G, the attacker will be inevitably discovered. This leads to the notion of a weakly exposing region, denoted as $X_{we}\supseteq X_e$, which can be computed iteratively by a procedure in [21]. In the first iteration,

$$\begin{array}{cc}\hfill & X_{we}:=\{x\in X\mid (\exists \sigma \in {\mathrm{\Sigma }}_o)[{\delta }_a(x,\sigma )\in X_e\Rightarrow \sigma \notin {\mathrm{\Sigma }}_{era}\wedge (\forall {\sigma }^{\prime }\in {\mathrm{\Sigma }}_{ins})[{\delta }_a(x,{\sigma }^{\prime })\in X_e]]\}.\hfill \end{array}$$

(4)

The remaining iterations are executed similarly to Equation (4). We do not present the complete procedure here for the sake of brevity but illustrate it via Example 2. Dually, we define the strongly stealthy region as $X_{ss}=X\setminus X_{we}\subseteq X_s$.

Example 2. 

The joint diagnoser for the preceding G is shown in Figure 5, where the exposing states in $X_{we}$ are highlighted in brown while the stealthy states in $X_{we}$ are highlighted in gray. Let us focus on a stealthy state $\left(\right\{3F\},\{1N,2F\left\}\right)$. In the case that the occurrence of event d will take $\left(\right\{3F\},\{1N,2F\left\}\right)$ to an exposing state $(\left\{4F\right\},\left\{q_{\varnothing }\right\})$, we find that i) d cannot be erased; ii) the inserted event $e\in {\mathrm{\Sigma }}_{ins}$ will reach another exposing state $(\left\{3F\right\},\left\{q_{\varnothing }\right\})$. By Equation (4), $(\left\{3F\right\},\{1N,2F\})\in X_{we}$ holds. In plain words, once such a stealthy state is reached, all attempts of an attacker to prevent it from reaching a subsequent exposing state will fail. 

Figure 5. J-$Diag\left(G\right)$ in Example 2.

Definition 7. 

The stealthy joint diagnoser (SJD, for short) with respect to a joint diagnoser J-$Diag\left(G\right)=$$(X,{\mathrm{\Sigma }}_a,{\delta }_a,x_0)$ is defined as $SJ$-$Diag\left(G\right)=Ac(X_{ss},{\mathrm{\Sigma }}_a,{\delta }_{sa},x_0)$, where $X_{ss}=X\setminus X_{we}$ and ${\delta }_{sa}={\left.{\delta }_a\right|}_{X_{ss}\times {\mathrm{\Sigma }}_a\to X_{ss}}$. 

The resulting SJD is obtained by removing all states in $X_{we}$ from a JD and taking its accessible part. Then, we define a subset of the states of $SJ$-$Diag\left(G\right)$, called pre-empting states, which will be used in the procedure to extract an attack function from $SJ$-$Diag\left(G\right)$.

Definition 8. 

Given a JD J-$Diag\left(G\right)=$$(X,{\mathrm{\Sigma }}_a,{\delta }_a,x_0)$ with the corresponding SJD $SJ$-$Diag\left(G\right)=(X_{ss},{\mathrm{\Sigma }}_a,{\delta }_{sa},x_0)$, the set of pre-empting states of $SJ$-$Diag\left(G\right)$ is defined as

$$X_p=\{x_{ss}\in X_{ss}|(\exists \sigma \in {\mathrm{\Sigma }}_o)[{\delta }_a(x_{ss},\sigma )\in X\setminus X_{ss}\wedge (\sigma \notin {\mathrm{\Sigma }}_{era}\vee {\delta }_a(x_{ss},{\sigma }_{-})\in X\setminus X_{ss})]\};$$

the set of non-pre-empting states of $SJ$-$Diag\left(G\right)$ is defined as $X_{np}=X_{ss}\setminus X_p$. 

A state $x_{ss}\in X_{ss}$ is pre-empting if i) there exists an event $\sigma \in {\mathrm{\Sigma }}_o$ whose occurrence (even if erased) causes J-$Diag\left(G\right)$ to lead outside $X_{ss}$; ii) however, $\sigma$ can be definitely pre-empted by inserting an appropriate word of events in ${\mathrm{\Sigma }}_{+}$ to reach a state in the strongly stealthy state. This state captures the races between inserted events and internal system events. Specifically, at a pre-empting state, the inserted word must be performed before the execution of event $\sigma$. In Example 2, state $\left(\right\{3F\},\{0N\left\}\right)$ is a pre-empting state (highlighted in green), where event d must be pre-empted by inserting a fake event $e_{+}$ to reach a state $(\left\{3F\right\},\{5N,6N\})\in X_{ss}$; otherwise, the occurrence of $d\in {\mathrm{\Sigma }}_o\setminus {\mathrm{\Sigma }}_{era}$ will take $\left(\right\{3F\},\{0N\left\}\right)$ to an exposing state $(\left\{4F\right\},\left\{d_{\varnothing }\right\})$.

6.3. Synthesis of Attackers

In order to synthesize an attacker, the following definition is first required.

Definition 9. 

Let $x_{ss}\in X_{ss}$ be a state and $X_{np}$ be the set of non-pre-empting states in the SJD $SJ$-$Diag\left(G\right)=(X_{ss},{\mathrm{\Sigma }}_a,{\delta }_{sa},x_0)$.

(1) The set of events in ${\mathrm{\Sigma }}_a$ enabled at $x_{ss}$ is defined as ${\mathrm{\Gamma }}_{SJ}\left(x_{ss}\right)=\{\sigma \in {\mathrm{\Sigma }}_a|{\delta }_{sa}(x_{ss},\sigma )!\}$.

(2) The set of words consisting of events in ${\mathrm{\Sigma }}_{+}$ that originate from $x_{ss}$ and lead to a non-pre-empting state is defined as $L_{+}(SJ$-$Diag\left(G\right),x_{ss})=\{w_{a,+}\in {\mathrm{\Sigma }}_{+}^{*}|{\delta }_{sa}(x_{ss},w_{a,+})\in X_{np}\}$. 

The following objective is to show how an attacker may determine an attack function from an SJD. In [21], an algorithmic procedure is presented for this purpose. The main idea is to select attack words that do not end in any state that has an inserted event as a successor transition, of course, including the pre-empting state. Compared with [21], it is now expected to synthesize the attack function producing an attack word that only does not end in pre-empting states. This means that an attacker cannot stay in the pre-empting state when determining its attack function. Now, we provide the following attacker synthesis algorithm, i.e., Algorithm 1.

Algorithm 1 Synthesis of the corrupting function $\varphi$

Require: $G=(Q,\mathrm{\Sigma },\delta ,q_0)$ and $SJ$-$Diag\left(G\right)=(X_{ss},{\mathrm{\Sigma }}_a,{\delta }_{sa},$$x_0)$ Ensure: corrupting function $\varphi \in \Phi$ 1: $\varphi \leftarrow Synth\left(SJD\right)$ 2: procedure Synth($SJD$) 3:       initialization: $w\leftarrow \epsilon$ 4:       select a word $w_{a,+}\in L_{+}(SJ$-$Diag\left(G\right),x_0)$ 5:       $\xi \left(w\right):=w_{a,+}$; $\varphi \left(w\right):=\widehat{P}\left(\xi \left(w\right)\right)$ 6:       $x_{ss}:={\delta }_{sa}\left(x_0,w_{a,+}\right)$ 7:       while a new observable event $\sigma \in {\mathrm{\Sigma }}_o$ is produced by G do 8:            $I:=\varnothing$ 9:            if $\sigma \in {\mathrm{\Gamma }}_{SJ}\left(x_{ss}\right)$ then $I:=I\cup \left\{\sigma \right\}$ 10:          if ${\sigma }_{-}\in {\mathrm{\Gamma }}_{SJ}\left(x_{ss}\right)$ then $I:=I\cup \left\{{\sigma }_{-}\right\}$ 11:          select an event ${\sigma }^{\prime }\in I$ and a word $w_{a,+}\in L_{+}(SJ$-$Diag\left(G\right),{\delta }_{sa}(x_{ss},{\sigma }^{\prime }))$ 12:          let $w_a:={\sigma }^{\prime }{w}_{a,+}$ and $w_a^{\prime }\in \{{\sigma }^{\prime },w_a\}$ 13:          let $x_{ss}:={\delta }_{sa}(x_{ss},{\sigma }^{\prime })$ 14:          if $x_{ss}\in X_{np}$ then $\xi \left(w\sigma \right)\in \xi \left(w\right)w_a^{\prime }$ and $x_{ss}:={\delta }_{sa}(x_{ss},w_a^{\prime })$ 15:          if $x_{ss}\in X_p$ then $\xi \left(w\sigma \right):=\xi \left(w\right)w_a$ and $x_{ss}:={\delta }_{sa}(x_{ss},w_a)$ 16:          $\varphi \left(w\sigma \right):=\widehat{P}\left(\xi \left(w\sigma \right)\right)$ 17:          $w\leftarrow w\sigma$ 18:     end while 19: end procedure

This algorithm may recursively associate each observation generated by G with a corresponding attack word. We now briefly explain how it works. When no event is generated by G, the attacker may insert a suitable word $w_{a,+}$ in the set $L_{+}(SJ$-$Diag\left(G\right),x_0)$ (Steps 3 and 4). In Step 5, $\xi \left(\epsilon \right)$ is computed, and the new current state $x_{ss}$ of $SJ$-$Diag\left(G\right)$ is updated. Then, we wait for G to generate a new observable event $\sigma$ (Step 7). A new set I initialized at the empty set is defined. If $\sigma$ is enabled at $x_{ss}$, $\sigma$ is added to I. If ${\sigma }_{-}$ is enabled at $x_{ss}$, ${\sigma }_{-}$ is added to I (Steps 8 to 10). In Step 11, an event ${\sigma }^{\prime }\in I$ and the insertion of a word $w_{a,+}\in L_{+}(SJ$-$Diag\left(G\right),{\delta }_{sa}(x_{ss},{\sigma }^{\prime }))$ are selected. If the current state $x_{ss}$ with the occurrence of ${\sigma }^{\prime }$ is a non-pre-empting state, an attack word $w_a^{\prime }$ is produced, which is either ${\sigma }^{\prime }$ or the concatenation of ${\sigma }^{\prime }$ and $w_{a,+}\in L_{+}(SJ$-$Diag\left(G\right),{\delta }_{sa}(x_{ss},{\sigma }^{\prime }))$ (Step 14). Otherwise, another attack word $w_a$ is produced as the concatenation of ${\sigma }^{\prime }$ and $w_{a,+}$ (Step 15). The corresponding corrupting function is computed in Step 16. Step 17 updates the observation w to $w\sigma$. This procedure goes to Step 7 when a new observable event is generated by G.

Proposition 3. 

Given a plant G, function ϕ is stealthy if and only if, for all $w\in P\left(L\right(G\left)\right)$, the corrupted observation $\varphi \left(w\right)$ can be computed by Algorithm 1.

According to the property of the SJD, the above results trivially hold, which means that the corrupting function synthesized by Algorithm 1 must be stealthy. Using the notion of pre-empting states, we provide a characterization of the SJD as follows.

Theorem 1. 

Given a plant G, let $Diag\left(G\right)$$=(Q_d,{\mathrm{\Sigma }}_o,{\delta }_d,q_{d,0})$ be the diagnoser and $SJ$-$Diag\left(G\right)$$=(X_{ss},{\mathrm{\Sigma }}_a,{\delta }_{sa},x_0)$ be the SJD. The following implication holds:

$$\begin{array}{cc}\hfill & (\exists \xi \left(w\right)\in {\mathrm{\Sigma }}_a^{*})[{\delta }_{sa}(x_0,\xi \left(w\right))=x_{ss}=(q_d,{\overline{q}}_d)\wedge x_{ss}\in X_{np}]\hfill \\ \hfill & \iff (\exists w\in P(L\left(G\right)\left)\right),(\exists \xi \mathit{synthesized}\mathit{by}\mathit{Algorithm} 1)\hfill \\ & [q_d={\delta }_d(q_{d,0},w)\wedge {\overline{q}}_d={\delta }_d(q_{d,0},\widehat{P}\left(\xi \left(w\right)\right))={\delta }_d(q_{d,0},\varphi \left(w\right))].\hfill \end{array}$$

Proof. 

(If) Assume that there exists an observation $w\in P\left(L\right(G\left)\right)$ and an attack function $\xi$ such that $q_d={\delta }_d(q_{d,0},w)$ and ${\overline{q}}_d={\delta }_d(q_{d,0},\widehat{P}\left(\xi \left(w\right)\right))$, where the attack function $\xi$ is synthesized by Algorithm 1. By Proposition 3, the attack word $\xi \left(w\right)$ is a stealthy word, i.e., $\xi \left(w\right)\in {\mathcal{S}}_s$. By Propositions 1 and 2, we have ${\delta }_{att}(q_{d,0},w_a)={\delta }_d(q_{d,0},w)$ and ${\delta }_{opr}(q_{d,0},w_a)={\delta }_d(q_{d,0},\widehat{P}\left(w_a\right))$, i.e., $q_d={\delta }_{att}(q_{d,0},w_a)$ and ${\overline{q}}_d={\delta }_{opr}(q_{d,0},w_a)$. By J-$Diag\left(G\right)=Dia{g}_{att}\left(G\right)$$\parallel Dia{g}_{opr}\left(G\right)$, and by the definition of $SJ$-$Diag\left(G\right)$, we have ${\delta }_{sa}(x_0,w_a)=x_{ss}=(q_d,{\overline{q}}_d)$. Since $\xi \left(w\right)$ is computed by selecting $w_a$, which ends in $x_{ss}$, by Algorithm 1, $x_{ss}\in X_{np}$.

(Only if) Assume that there exists an attack word $\xi \left(w\right)\in {\mathrm{\Sigma }}_a^{*}$ in $SJ$-$Diag\left(G\right)$ such that ${\delta }_{sa}(x_0,\xi \left(w\right))=x_{ss}=(q_d,{\overline{q}}_d)$ and $x_{ss}\in X_{np}$. By J-$Diag\left(G\right)=Dia{g}_{att}\left(G\right)$$\parallel Dia{g}_{opr}\left(G\right)$, and by the definition of $SJ$-$Diag\left(G\right)$, it holds that ${\delta }_{att}(q_{d,0},\xi \left(w\right))=q_d$ and ${\delta }_{opr}(q_{d,0},\xi \left(w\right))={\overline{q}}_d$. By Propositions 1 and 2, we have ${\delta }_{att}(q_{d,0},\xi \left(w\right))={\delta }_d(q_{d,0},w)$ and ${\delta }_{opr}(q_{d,0},\xi \left(w\right))={\delta }_d(q_{d,0},\widehat{P}\left(\xi \left(w\right)\right))$, i.e., $q_d={\delta }_d(q_{d,0},w)$ and ${\overline{q}}_d={\delta }_d(q_{d,0},\widehat{P}\left(\xi \left(w\right)\right))$.    □

According to the above result, a state pair $x_{ss}=(q_d,{\overline{q}}_d)$ in the joint diagnoser reached by an attack word $w_a$ represents the joint diagnosis state estimation, where $q_d$ describes the original diagnosis state estimation of the attacker based on the original observation w, where $w_a=\xi \left(w\right)$, and ${\overline{q}}_d$ describes the corrupted diagnosis state estimation of the operator based on the corrupted observation $w^{\prime }=\widehat{P}\left(w_a\right)$.

Finally, we conclude this section by the complexity analysis of the proposed approach. Let $Diag\left(G\right)$ be a nominal diagnoser with $|Q_d|$ states. By construction, the attacker diagnoser $Dia{g}_{att}\left(G\right)$ has the same set of states of $Diag\left(G\right)$, and so does the operator diagnoser $Dia{g}_{opr}\left(G\right)$ except for the dump state $d_{\varnothing }$. Since the JD J-$Diag\left(G\right)$ is the parallel composition of $Dia{g}_{att}\left(G\right)$ and $Dia{g}_{att}\left(G\right)$, its maximum number of states is $|Q_d|\times |Q_d+1|$. Hence, the complexity of building an SJD is $O\left(\right|Q_d{|}^2)$, which is polynomial in the number of states of the nominal diagnoser. However, it is well known that the construction of the diagnoser is worst-case exponential in the number of states in the system. Hence, the overall computational complexity of an SJD is exponential in the number of states of G.

7. Fault Diagnoisis under Attack

We first address Problem 1, i.e., online fault diagnosis under attack. Similar to the nominal setting, we begin with the definition of a diagnosis function pair.

Definition 10. 

Given an attack word $w_a$, a diagnosis pair function $r:{\mathrm{\Sigma }}_a^{*}\to \{N,F,U\}\times \{N,F,U\}$ associating to $w_a\in {\mathrm{\Sigma }}_a^{*}$ a diagnosis state pair is defined as $r\left(w_a\right)=({\gamma }_{att}\left(w_a\right),{\gamma }_{opr}\left(w_a\right))$, where ${\gamma }_{att}$ and ${\gamma }_{opr}$ are the attacker and operator diagnosis functions, respectively. 

From the definitions of ${\gamma }_{att}$ and ${\gamma }_{opr}$, it holds that $r\left(w_a\right)=({\gamma }_{att}\left(w_a\right),{\gamma }_{opr}\left(w_a\right))=(\gamma \left(w\right),\gamma \left(w^{\prime }\right))$, where $w_a=\xi \left(w\right)$ and $w^{\prime }=\widehat{P}\left(w_a\right)$. A more systematic way to compute the diagnosis pair function is by using an SJD. Let $x_{ss}=(q_d,{\overline{q}}_d)={\delta }_{sa}(x_0,w_a)$. By Theorem 1, the SJD allows one to associate every state to a diagnosis state pair $r\left(x_{ss}\right)=r\left(w_a\right)$, i.e., $\gamma \left(q_d\right)=\gamma \left(w\right)$ and $\gamma \left({\overline{q}}_d\right)=\gamma \left(w^{\prime }\right)$ are the diagnosis state of the attacker and operator, respectively. Therefore, Problem 1 can be solved by tracking the current state in SJD reached by the attack word $w_a$. The set of all diagnosis state pairs is defined as $R=\{N,F,U\}\times \{N,F,U\}$, which can be partitioned into $R=R_c\cup R_w\cup R_h$, where $R_c=\{(N,N),(U,U),(F,F)\}$, $R_w=\{(N,U),(N,F),(U,N),(U,F)\}$, and $R_h=\{(F,N),(F,U)\}$.

Definition 11. 

Let $SJ$-$Diag\left(G\right)$ be an SJD. A state $x_{ss}$ is correct if $r\left(x_{ss}\right)\in R_c$; wrong non-harmful if $r\left(x_{ss}\right)\in R_w$; harmful if $r\left(x_{ss}\right)\in R_h$. Denote the set of correct states, the set of wrong non-harmful states, and the set of harmful states by $X_{sc}$, $X_{sw}$, and $X_{sh}$, respectively. 

When the SJD is in a correct state, the operator correctly computes the diagnosis state regardless of the fact that an attack has occurred. When the SJD reaches a wrong non-harmful state, the operator computes a wrong diagnosis state from the corrupted observation due to an attack, which is inconsistent with the diagnosis state based on the original observation. Note that, in such a case, the fault diagnosis is manipulated due to the attack but does not pose a harmful danger. For example, there exists a special case where an attacker induces the operator to think that a fault has occurred, while the system is actually under nominal behavior. The false positive may make the operator decide to take some unnecessary actions, e.g., shut down the system and start it again, which may increase the operational expenses of operating a system.

Finally, harmful states of the SJD correspond to the detection of a fault based on the original observation, while no detection is based on corrupted observation. Its physical interpretation is that the attacker itself has already confirmed that the fault has occurred, but it induces the operator to be unable to claim the fault occurrence.

7.1. Verification of Successful Attackers

As discussed above, it is intuitive that the presence of a harmful state in the SJD is related to Problem 2, the existence of a successful attacker.

Theorem 2. 

Given a plant G, there exists a successful attacker if and only if the SJD $SJ$-$Diag\left(G\right)$ contains a harmful state, i.e., $X_{sh}\ne \varnothing$.

Proof. 

(If) Suppose that $SJ$-$Diag\left(G\right)$ contains a harmful state $x_{ss}$ such that $r\left(x_{ss}\right)\in R_h$, where $x_{ss}={\delta }_{sa}(x_0,w_a)$. By Theorem 1, associated with $x_{ss}$ is an attack word $w_a$ such that $r\left(w_a\right)=r\left(x_{ss}\right)\in R_h$. Hence, there exists an attacker $\varphi$ that alters the observation w into $w^{\prime }$ such that $(\gamma \left(w\right),\gamma \left(w^{\prime }\right))=({\gamma }_{att}\left(w_a\right),{\gamma }_{opr}\left(w_a\right))=r\left(w_a\right)$, i.e., $(\gamma \left(w\right),\gamma \left(w^{\prime }\right))\in \{(F,N),(F,U)\}$. By Definition 3, the attacker $\varphi$ is harmful. By the construction of $SJ$-$Diag\left(G\right)$, $\varphi$ must satisfy stealthiness. Hence, the attacker $\varphi$ is successful.

(Only if) Suppose that there exists a successful attacker $\varphi$. From Definition 3, there exists an observation w such that w is corrupted into $w^{\prime }$ satisfying $(\gamma \left(w\right),\gamma \left(w^{\prime }\right))\in \{(F,N),(F,U)\}$. By Theorem 1, there exists a reachable state $x_{ss}$ in $SJ$-$Diag\left(G\right)$ with the occurrence of $w_a$ such that $r\left(x_{ss}\right)=(\gamma \left(q_d\right),\gamma \left({\overline{q}}_d\right))=(\gamma \left(w\right),\gamma \left(w^{\prime }\right))\in \{(F,N),(F,U)\}$.    □

Example 3. 

Let us continue with Example 2. After refining, the SJD is shown in Figure 6. Let $w_{a,1}=a_{-}{e}_{+}$ be an attack word that yields the wrong non-harmful state $\left(\right\{1N,2F\},\{5N,6N\left\}\right)$. This implies that the diagnosis state of the attacker based on $w=a$ is $“U”$ while the diagnosis state of the operator based on $w^{\prime }=e$ is $“N”$. At this point, the attacker has doubted if the fault has occurred or not; however, the operator is certain that the fault has not occurred.

Figure 6. $SJ$-$Diag\left(G\right)$ in Example 3.

Let the evolution continue. Another word $w_{a,2}=a_{-}{e}_{+}{b}_{-}d$ yields a harmful state $\left(\right\{4F\},\{7N\left\}\right)$ in $SJ$-$Diag\left(G\right)$. By Theorem 2, there exists a successful attacker for G that produces the attack word $w_{a,2}=a_{-}{e}_{+}{b}_{-}d$. At this point, the attacker is certain that the fault has occurred based on $w=abd$; however, based on the corrupted observation $w^{\prime }=ed$, the operator persists in its opinion that the fault has not occurred. 

7.2. Synthesis of Successful Attackers

We first provide the following proposition to ensure that a successful attacker can be synthesized from the SJD.

Proposition 4. 

Let G be a plant and $SJ$-$Diag\left(G\right)=(X_{ss},{\mathrm{\Sigma }}_a,$${\delta }_{sa},x_0)$ be the SJD. A successful corrupting function ϕ can be computed if and only if $X_{sh}\cap X_{np}\ne \varnothing$.

Proof. 

(If) Suppose that a state $x_{ss}\in X_{sh}\cap X_{np}$ in $SJ$-$Diag\left(G\right)$ satisfies $x_{ss}={\delta }_{sa}(x_0,w_a)$ and $w_a=\xi \left(w\right)$, where $w\in P\left(L\right(G\left)\right)$. By $x_{ss}\in X_{np}$, the attack word $w_a$ does not end in a pre-empting state. According to Algorithm 1 and Proposition 3, we see that $\varphi$ is stealthy. Since $x_{ss}=(q_d,{\overline{q}}_d)\in X_{sh}$, by Theorem 1, we have $x_{ss}={\delta }_{sa}(x_0,w_a)=(q_d,{\overline{q}}_d)$ such that ${\delta }_d(q_{d,0},w)=q_d$ and ${\delta }_d(q_{d,0},w^{\prime })={\overline{q}}_d$ with $w^{\prime }=\varphi \left(w\right)$, where the attacker $\varphi$ alters the observation w into $w^{\prime }$ such that $(\gamma \left(w\right),\gamma \left(w^{\prime }\right))=({\gamma }_{att}\left(w_a\right),{\gamma }_{opr}\left(w_a\right))=r\left(w_a\right)=r\left(x_{ss}\right)\in R_h$, i.e., $(\gamma \left(w\right),\gamma \left(w^{\prime }\right))\in \{(F,N),(F,U)\}$. According to Definition 3, the corrupting function $\varphi$ is also harmful.

(Only if) Suppose that $\varphi$ is a successful corrupting function that can be computed. Since function $\varphi$ is stealthy, by Algorithm 1 and Proposition 3, the attack word $w_a=\xi \left(w\right)$ does not end in a pre-empting state of $SJ$-$Diag\left(G\right)$, i.e., $x_{ss}={\delta }_{sa}(x_0,\xi \left(w\right))\in X_{np}$. On the other hand, as function $\varphi$ is harmful, according to Definition 3, there exists an observation $w\in P\left(L\right(G\left)\right)$ that can be changed into an observation $w^{\prime }=\varphi \left(w\right)\in P\left(L\left(G\right)\right)$, and $(\gamma \left(w\right),\gamma \left(w^{\prime }\right))\in \{(F,N),(F,U)\}$. By $w,w^{\prime }\in P\left(L\left(G\right)\right)$, it holds that ${\delta }_d(q_{d,0},w)=q_d$ and ${\delta }_d(q_{d,0},w^{\prime })={\overline{q}}_d$. Since $SJ$-$Diag\left(G\right)$ contains all possible stealthy attacks, by Theorem 1, there must exist a state $x_{ss}=(q_d,{\overline{q}}_d)$ in $SJ$-$Diag\left(G\right)$ with the occurrence of $w_a=\xi \left(w\right)$ such that ${\delta }_d(q_{d,0},w)=q_d$ and ${\delta }_d(q_{d,0},w^{\prime })={\overline{q}}_d$. By $r\left(x_{ss}\right)=r\left(w_a\right)=({\gamma }_{att}\left(w_a\right),{\gamma }_{opr}\left(w_a\right))=(\gamma \left(w\right),\gamma \left(w^{\prime }\right))\in \{(F,N),(F,U)\}$, i.e., $r\left(x_{ss}\right)\in R_h$, we see that the state $r_{ss}$ is harmful. It holds that $x_{ss}\in X_{sh}\cap X_{np}$, i.e., $X_{sh}\cap X_{np}\ne \varnothing$.    □

This proposition implies that, from the synthesis viewpoint, only a successful attacker that determines an attack word yielding a non-pre-empting harmful state can make sense. We now give Algorithm 2 to synthesize a successful attacker from an SJD. In Algorithm 2, the condition $x_{ss}\in X_{sh}\cap X_{np}$ (Step 3) for selecting a state r guarantees the harmfulness of the stealthy corrupting function synthesized by Algorithm 1.

Algorithm 2 Synthesis of the successful corrupting function $\varphi$

Require: $G=(Q,\mathrm{\Sigma },\delta ,q_0)$ and $SJ$-$Diag\left(G\right)=(X_{ss},{\mathrm{\Sigma }}_a,{\delta }_{sa},$$x_0)$ Ensure: successful corrupting function $\varphi$ 1: $\varphi \leftarrow Synthsuc\left(SJD\right)$ 2: procedure Synthsuc($SJD$) 3:      if $X_{sh}\cap X_{np}$ then choose a harmful state $x_{ss}\in X_{sh}\cap X_{np}$ with $x_{ss}={\delta }_{sa}(x_0,w_a)$ 4:      compute the observation w such that $w_a=\xi \left(w\right)$ 5:      while there is an observation $w^{*}\in \overline{w}\cap P\left(L\left(G\right)\right)$ do 6:            compute the corrupted observation $\varphi \left(w^{*}\right)$ by Algorithm 1 7:      end while 8: end procedure

Example 4. 

Following Algorithm 2, choose a harmful state $(4F,7N)\in X_{sh}\cap X_{np}$. Associated with the state is an attack word $w_a=a_{-}{b}_{-}{e}_{+}d\in L(SJ$-$Diag\left(G\right))$. It corresponds to an observation $w=abd$. For all $w^{*}\in \overline{w}\cap P\left(L\left(G\right)\right)$, the attack function ξ is computed by Algorithm 1—$\xi \left(\epsilon \right)=\epsilon$, $\xi \left(a\right)=a_{-}$, $\xi \left(ab\right)=a_{-}{b}_{-}{e}_{+}$, and $\xi \left(abd\right)=a_{-}{b}_{-}{e}_{+}d$—and the corrupting function is synthesized accordingly: $\varphi \left(\epsilon \right)=\epsilon$, $\varphi \left(a\right)=\epsilon$, $\varphi \left(ab\right)=e$, and $\varphi \left(abd\right)=ed$. The key point is that the attack word $a_{-}{b}_{-}$ is not selected in the synthesis procedure, i.e., it holds that $\xi \left(ab\right)=a_{-}{b}_{-}{e}_{+}$ rather than $\xi \left(ab\right)=a_{-}{b}_{-}$. This means that the attacker implements its attacks by first erasing the occurrence of event a, then erasing event b, and finally inserting $e_{+}$ while observing $abd$.

8. Conclusions and Future Work

This paper investigated the problem of fault diagnosis under sensor network attacks. The notion of a successful attacker is proposed; it can degrade fault diagnosis without being discovered by the operator. We construct a joint diagnoser (JD) to describe all the behavior of the system under all possible sensor attacks. Then, the SD is refined to stealthy joint diagnoser (SJD), which includes stealthy attacks only. Based on it, a necessary and sufficient condition for the existence of a successful attacker is presented. Finally, we propose an algorithmic procedure to synthesize successful attacks from the SJD. In the future, we plan to extend the proposed diagnoser-based approach to diagnosability verification under attack. On the other hand, the decentralized setting should be further considered.