Our Research

Our vision is to develop methodologies for designing intelligent autonomous decision-making systems that are secure and resilient against malicious adversaries and natural failures.

To do so, we look into these sytems from a security perspective, under various adversary models. Specifically, we develop techniques to assess the risk (i.e., impact and likelihood) of adversaries and failures, and propose methodologies to design and systematically deploy defense measures to prevent, detect, and mitigate malicious attacks and natural disruptive events. In our research, we combine methodologies from cybersecurity, control theory, optimization and machine learning, game-theory and networked systems.

Have a look at a popular science video about our research on developing secure control systems. You can also find some of our recent research themes described at the end of this page.

Selected research themes

Security metrics for control systems

The aim within this theme is to to create novel methodologies addressing cybersecurity problems under uncertainty in learning and control systems. A core element of this research is the development of novel probabilistic risk metrics and optimization-based design methods that jointly consider the impact and the detectability constraints of attacks, as well as model uncertainty and prior beliefs on the adversary model.

Team members: Sribalaji C. Anand, Anh Tung Nguyen, André M. H. Teixeira

  1. “Scalable metrics to quantify security of large-scale systems”.
    S. C. Anand, C. Grussler, and A. M. H. Teixeira.
    IEEE Conference on Decisions and Control (Accepted), 2024

    ABS BIB
    This paper addresses the issue of data injection attacks on the actuators of positive networked control systems. We introduce an impact metric that quantifies the worst-case performance loss caused by stealthy attacks. By leveraging the properties of positive systems, we show that the impact metric admits an equivalent linear program representation, offering scalability advantages. Under mild assumptions, we prove the existence of a solution for the linear program, thereby proving that the impact metric admits a finite value. Furthermore, we extend such scalable metrics for uncertain systems and provide brief insights into cone positive systems.
    @inproceedings{Anand_CDC024,
      author = {Anand, S. C. and Grussler, C. and Teixeira, A. M. H.},
      title = {Scalable metrics to quantify security of large-scale systems},
      year = {2024},
      booktitle = {IEEE Conference on Decisions and Control (Accepted)},
      published = {1},
      tag = {10001}
    }
  2. “Risk Assessment of Stealthy Attacks on Uncertain Control Systems”.
    S. C. Anand, A. M. H. Teixeira, and A. Ahlén.
    IEEE Trans. Automatic Control, vol. 69, no. 5, pp. 3214–3221, May 2024

    ABS BIB
    In this article, we address the problem of risk assessment of stealthy attacks on uncertain control systems. Considering data injection attacks that aim at maximizing impact while remaining undetected, we use the recently proposed output-to-output gain to characterize the risk associated with the impact of attacks under a limited system knowledge attacker. The risk is formulated using a well-established risk metric, namely the maximum expected loss. Under this setups, the risk assessment problem corresponds to an untractable infinite non-convex optimization problem. To address this limitation, we adopt the framework of scenario-based optimization to approximate the infinite non-convex optimization problem by a sampled non-convex optimization problem. Then, based on the framework of dissipative system theory and S-procedure, the sampled non-convex risk assessment problem is formulated as an equivalent convex semi-definite program. Additionally, we derive the necessary and sufficient conditions for the risk to be bounded. Finally, we illustrate the results through numerical simulation of a hydro-turbine power system.
    @article{Anand_TAC2024,
      author = {Anand, S. C. and Teixeira, A. M. H. and Ahl\'{e}n, A.},
      journal = {IEEE Trans. Automatic Control},
      number = {5},
      pages = {3214--3221},
      title = {Risk Assessment of Stealthy Attacks on Uncertain Control Systems},
      volume = {69},
      month = may,
      year = {2024},
      doi = {10.1109/TAC.2023.3318194},
      published = {1},
      tag = {10001}
    }
  3. “Risk-based Security Measure Allocation Against Actuator Attacks”.
    S. C. Anand and A. M. H. Teixeira.
    IEEE Open Journal of Control Systems, vol. 2, pp. 297–309, 2023

    ABS BIB
    This article considers the problem of risk-optimal allocation of security measures when the actuators of an uncertain control system are under attack. We consider an adversary injecting false data into the actuator channels. The attack impact is characterized by the maximum performance loss caused by a stealthy adversary with bounded energy. Since the impact is a random variable, due to system uncertainty, we use Conditional Value-at-Risk (CVaR) to characterize the risk associated with the attack. We then consider the problem of allocating the security measures which minimize the risk. We assume that there are only a limited number of security measures available. Under this constraint, we observe that the allocation problem is a mixed-integer optimization problem. Thus we use relaxation techniques to approximate the security allocation problem into a Semi-Definite Program (SDP). We also compare our allocation method (i) across different risk measures: the worst-case measure, the average (nominal) measure, and (ii) across different search algorithms: the exhaustive and the greedy search algorithms. We depict the efficacy of our approach through numerical examples.
    @article{Anand_IEEEOJCSys2023,
      author = {Anand, S. C. and Teixeira, A. M. H.},
      journal = {IEEE Open Journal of Control Systems},
      number = {},
      pages = {297--309},
      title = {Risk-based Security Measure Allocation Against Actuator Attacks},
      volume = {2},
      year = {2023},
      doi = {10.1109/OJCSYS.2023.3305831},
      published = {1},
      tag = {10001}
    }
  4. “Risk assessment and optimal allocation of security measures under stealthy false data injection attacks”.
    S. C. Anand, A. M. H. Teixeira, and A. Ahlén.
    IEEE Conference on Control Technology and Applications (CCTA), 2022

    ABS BIB
    This paper firstly addresses the problem of risk assessment under false data injection attacks on uncertain control systems. We consider an adversary with complete system knowledge, injecting stealthy false data into an uncertain control system. We then use the Value-at-Risk to characterize the risk associated with the attack impact caused by the adversary. The worst-case attack impact is characterized by the recently proposed output-to-output gain. We observe that the risk assessment problem corresponds to an infinite non-convex robust optimization problem. To this end, we use dissipative system theory and the scenario approach to approximate the risk-assessment problem into a convex problem and also provide probabilistic certificates on approximation. Secondly, we con-sider the problem of security measure allocation. We consider an operator with a constraint on the security budget. Under this constraint, we propose an algorithm to optimally allocate the security measures using the calculated risk such that the resulting Value-at-risk is minimized. Finally, we illustrate the results through a numerical example. The numerical example also illustrates that the security allocation using the Value-at-risk, and the impact on the nominal system may have different outcomes: thereby depicting the benefit of using risk metrics.
    @inproceedings{AnandCCTA2022,
      address = {},
      author = {Anand, S. C. and Teixeira, A. M. H. and Ahl\'{e}n, A.},
      booktitle = {IEEE Conference on Control Technology and Applications (CCTA)},
      title = {Risk assessment and optimal allocation of security measures under stealthy false data injection attacks},
      year = {2022},
      tag = {10001},
      doi = {10.1109/CCTA49430.2022.9966025},
    }
  5. “Risk-averse controller design against data injection attacks on actuators for uncertain control systems”.
    S. C. Anand and A. M. H. Teixeira.
    American Control Conference, Atlanta, Georgia, USA, 2022

    ABS BIB
    In this paper, we consider the optimal controller design problem against data injection attacks on actuators for an uncertain control system. We consider attacks that aim at maximizing the attack impact while remaining stealthy in the finite horizon. To this end, we use the Conditional Value-at-Risk to characterize the risk associated with the impact of attacks. The worst-case attack impact is characterized using the recently proposed output-to-output ℓ 2 -gain (OOG). We formulate the design problem and observe that it is non-convex and hard to solve. Using the framework of scenario-based optimization and a convex proxy for the OOG, we propose a convex optimization problem that approximately solves the design problem with probabilistic certificates. Finally, we illustrate the results through a numerical example.
    @inproceedings{Anand_ACC2022,
      address = {Atlanta, Georgia, USA},
      author = {Anand, S. C. and Teixeira, A. M. H.},
      booktitle = {American Control Conference},
      title = {Risk-averse controller design against data injection attacks on actuators for uncertain control systems},
      year = {2022},
      doi = {10.23919/ACC53348.2022.9867257},
      tag = {10001},
    }
  6. “Security Metrics for Control Systems”.
    A. M. H. Teixeira.
    in Safety, Security and Privacy for Cyber-Physical Systems, R. M. G. Ferrari and A. M. H. Teixeira, Eds. Cham: Springer International Publishing, 2021, pp. 1–8

    BIB
    @incollection{Teixeira_Springer2021,
      author = {Teixeira, Andr{\'e} M. H.},
      editor = {Ferrari, Riccardo M.G. and Teixeira, Andr{\'e} M. H.},
      title = {Security Metrics for Control Systems},
      booktitle = {Safety, Security and Privacy for Cyber-Physical Systems},
      year = {2021},
      publisher = {Springer International Publishing},
      address = {Cham},
      pages = {1--8},
      isbn = {978-3-030-65048-3},
      doi = {10.1007/978-3-030-65048-3_6},
      tag = {10001}
    }

Secure Federated Machine Learning

Federated machine learning (FedML) has proven to be a suitable approach for privacy-preserving machine learning across a large number of heterogeneous devices. Our group addresses concerns related to security and privacy in federated machine learning against model poisoning and information leakage attacks. The approach is centered around developing new theories and methodologies to achieve two main aims: secure aggregation of local models under poisoning attacks; private distributed aggregation of local models.

Team members: Usama Zafar, Salman Toor, André M. H. Teixeira

  1. “Accelerating Fair Federated Learning: Adaptive Federated Adam”.
    L. Ju, T. Zhang, S. Toor, and A. Hellander.
    IEEE Transactions on Machine Learning in Communications and Networking (Accepted), 2024

    ABS BIB
    Federated learning is a distributed and privacy-preserving approach to train a statistical model collaboratively from decentralized data of different parties. However, when datasets of participants are not independent and identically distributed (non-IID), models trained by naive federated algorithms may be biased towards certain participants, and model performance across participants is non-uniform. This is known as the fairness problem in federated learning. In this paper, we formulate fairness-controlled federated learning as a dynamical multi-objective optimization problem to ensure fair performance across all participants. To solve the problem efficiently, we study the convergence and bias of Adam as the server optimizer in federated learning, and propose Adaptive Federated Adam (AdaFedAdam) to accelerate fair federated learning with alleviated bias. We validated the effectiveness, Pareto optimality and robustness of AdaFedAdam in numerical experiments and show that AdaFedAdam outperforms existing algorithms, providing better convergence and fairness properties of the federated scheme.
    @inproceedings{Ju2024,
      address = {},
      author = {Ju, L. and Zhang, T. and Toor, S. and Hellander, A.},
      booktitle = {IEEE Transactions on Machine Learning in Communications and Networking (Accepted)},
      title = {Accelerating Fair Federated Learning: Adaptive Federated Adam},
      published = {1},
      year = {2024},
      tag = {10003}
    }
  2. “Scalable federated machine learning with FEDn”.
    M. Ekmefjord et al.
    Symposium on Cluster, Cloud and Internet Computing, Taormina, Italy, 2022

    ABS BIB
    Federated machine learning promises to overcome the input privacy challenge in machine learning. By iteratively updating a model on private clients and aggregating these local model updates into a global federated model, private data is incorporated in the federated model without needing to share and expose that data. Several open software projects for federated learning have appeared. Most of them focuses on supporting flexible experimentation with different model aggregation schemes and with different privacy-enhancing technologies. However, there is a lack of open frameworks that focuses on critical distributed computing aspects of the problem such as scalability and resilience. It is a big step to take for a data scientist to go from an experimental sandbox to testing their federated schemes at scale in real-world geographically distributed settings. To bridge this gap we have designed and developed a production-grade hierarchical federated learning framework, FEDn. The framework is specifically designed to make it easy to go from local development in pseudo-distributed mode to horizontally scalable distributed deployments. FEDn both aims to be production grade for industrial applications and a flexible research tool to explore real-world performance of novel federated algorithms and the framework has been used in number of industrial and academic R&D projects. In this paper we present the architecture and implementation of FEDn. We demonstrate the framework’s scalability and efficiency in evaluations based on two case-studies representative for a cross-silo and a cross-device use-case respectively.
    @inproceedings{Ekmefjord_CCGrid2022,
      address = {Taormina, Italy},
      author = {Ekmefjord, M. and Ait-Mlouk, A. and Alawadi, S. and Åkesson, M. and Singh, P. and Spjuth, O. and Toor, S. and Hellander, A.},
      booktitle = {Symposium on Cluster, Cloud and Internet Computing},
      title = {Scalable federated machine learning with FEDn},
      year = {2022},
      doi = {10.1109/CCGrid54584.2022.00065},
      tag = {10003},
    }

Secure artificial pancreas

Artificial pancreas are envisioned medical systems whose function is to automatically regulate the blood glucose levels in patients with diabetes, with little to none human initervention. At the core of these systems we have an intellligent device autonomously deciding how much synthetic insulin and glucagon to infuse into the body through infusion pumps, based on data received from sensors located thoughout the body measuring, for instance, blood glucose levels in real-time. Data exchange among the controlling device, the pumps, and the sensors is critical. The whole system must operate safely, even in the presence of adversaries tampering with the communication or devices.

In this line of research, we develop schemes to monitor the sensor reading to detect anomalies, and distinguish them from natural unknown disturbances, such as meal intakes, physical exercise, among others.

Team members: Fatih Emre Tosun, André M. H. Teixeira

  1. “Kullback-Liebler Divergence-Based Observer Design Against Sensor Bias Injection Attacks”.
    F. E. Tosun, A. M. H. Teixeira, J. Dong, A. Ahlén, and S. Dey.
    IEEE Trans. Information Forensics and Security (Submitted)

    ABS BIB
    This paper considers observer-based anomaly detection of bias injection attacks (BIAs) on cyber-physical systems with linear dynamics and driven by Gaussian noise. Despite the perceived simplicity of this attack strategy, BIAs pose a significant risk to systems that have an integrator in their open-loop dynamics, as the residual generated by any linear observer will be identical under attack and normal operation at steadystate. Consequently, such attacks are detectable only for a limited duration during the transient phase. In this paper, we propose a principled way for designing a residual generation filter based on maximizing the Kullback-Liebler divergence (KLD) during the transients and steady-state. This approach significantly increases the signal-to-noise ratio against BIAs. The effectiveness of our method is demonstrated through numerical examples, comparing it to the Kalman filter and a robust multi-objective H−/H2 filter.
    @article{Tosun_TIFS2024,
      author = {Tosun, F. E. and Teixeira, A. M. H. and Dong, J. and Ahlén, A. and Dey, S.},
      journal = {IEEE Trans. Information Forensics and Security (Submitted)},
      number = {},
      pages = {},
      title = {Kullback-Liebler Divergence-Based Observer Design Against Sensor Bias Injection Attacks},
      volume = {},
      year = {},
      published = {0},
      tag = {10002}
    }
  2. “Kullback-Leibler Divergence-Based Detector Design Against Bias Injection Attacks in an Artificial Pancreas System”.
    F. E. Tosun, A. M. H. Teixeira, A. Ahlén, and S. Dey.
    12th IFAC Symposium on Fault Detection, Supervision and Safety for Technical Processes, 2024

    ABS BIB
    This paper considers constant bias injection attacks on the glucose sensor deployed in an artificial pancreas system that has an integrator. The main challenge with such apparently simple attacks is that, if the system is linear and has an integrator, they are only detectable for a limited duration. More formally, they are steady-state stealthy attacks. To address this issue, we propose a residual generation method to increase the detectability of these attacks based on the Kullback–Leibler divergence metric. Illustrative examples with numerical simulations are provided to demonstrate the effectiveness of the proposed method.
    @inproceedings{Tosun_SP024,
      author = {Tosun, F. E. and Teixeira, A. M. H. and Ahlén, A. and Dey, S.},
      booktitle = {12th IFAC Symposium on Fault Detection, Supervision and Safety for Technical Processes},
      title = {Kullback-Leibler Divergence-Based Detector Design Against Bias Injection Attacks in an Artificial Pancreas System},
      year = {2024},
      published = {1},
      doi = {10.1016/j.ifacol.2024.07.269},
      tag = {10002}
    }
  3. “Quickest Detection of Bias Injection Attacks on the Glucose Sensor in the Artificial Pancreas Under Meal Disturbances”.
    F. E. Tosun, A. M. H. Teixeira, M. Abdalmoaty, A. Ahlén, and S. Dey.
    Journal of Process Control, vol. 153, no. 103162, 2024

    ABS BIB
    Modern glucose sensors deployed in closed-loop insulin delivery systems, so-called artificial pancreas use wireless communication channels. While this allows a flexible system design, it also introduces vulnerability to cyberattacks. Timely detection and mitigation of attacks are imperative for device safety. However, large unknown meal disturbances are a crucial challenge in determining whether the sensor has been compromised or the sensor glucose trajectories are normal. We address this issue from a control-theoretic security perspective. In particular, a time-varying Kalman filter is employed to handle the sporadic meal intakes. The filter prediction error is then statistically evaluated to detect anomalies if present. We compare two state-of-the-art online anomaly detection algorithms, namely the χ^2 and CUSUM tests. We establish a robust optimal detection rule for unknown bias injections. Even if the optimality holds only for the restrictive case of constant bias injections, we show that the proposed model-based anomaly detection scheme is also effective for generic non-stealthy sensor deception attacks through numerical simulations
    @article{Tosun_JPC2024,
      author = {Tosun, F. E. and Teixeira, A. M. H. and Abdalmoaty, M. and Ahl\'{e}n, A. and Dey, S.},
      journal = {Journal of Process Control},
      volume = {153},
      number = {103162},
      title = {Quickest Detection of Bias Injection Attacks on the Glucose Sensor in the Artificial Pancreas Under Meal Disturbances},
      year = {2024},
      doi = {10.1016/j.jprocont.2024.103162},
      published = {1},
      tag = {10002}
    }
  4. “Robust Sequential Detection of Non-stealthy Sensor Deception Attacks in an Artificial Pancreas System”.
    F. E. Tosun and A. M. H. Teixeira.
    IEEE Conference on Decisions and Control, 2023

    BIB
    @inproceedings{Tosun_CDC2023,
      address = {},
      author = {Tosun, F. E. and Teixeira, A. M. H.},
      booktitle = {IEEE Conference on Decisions and Control},
      title = {Robust Sequential Detection of Non-stealthy Sensor Deception Attacks in an Artificial Pancreas System},
      year = {2023},
      published = {1},
      tag = {10002}
    }
  5. “Detection of Bias Injection Attacks on the Glucose Sensor in the Artificial Pancreas Under Meal Disturbances”.
    F. E. Tosun, A. M. H. Teixeira, A. Ahlén, and S. Dey.
    American Control Conference, Atlanta, Georgia, USA, 2022

    ABS BIB
    The artificial pancreas is an emerging concept of closed-loop insulin delivery that aims to tightly regulate the blood glucose levels in patients with type 1 diabetes. This paper considers bias injection attacks on the glucose sensor deployed in an artificial pancreas. Modern glucose sensors transmit measurements through wireless communication that are vulnerable to cyber-attacks, which must be timely detected and mitigated. To this end, we propose a model-based anomaly detection scheme using a Kalman filter and a χ 2 test. One key challenge is to distinguish cyber-attacks from large unknown disturbances arising from meal intake. This challenge is addressed by an online meal estimator, and a novel time-varying detection threshold. More precisely, we show that the ordinary least squares is the optimal unbiased estimator of the meal size under certain modelling assumptions. Moreover, we derive a novel time-varying threshold for the χ 2 detector to avoid false alarms during meal ingestion. The results are validated by means of numerical simulations.
    @inproceedings{Tosun_ACC2022,
      address = {Atlanta, Georgia, USA},
      author = {Tosun, F. E. and Teixeira, A. M. H. and Ahl\'{e}n, A. and Dey, S.},
      booktitle = {American Control Conference},
      title = {Detection of Bias Injection Attacks on the Glucose Sensor in the Artificial Pancreas Under Meal Disturbances},
      year = {2022},
      doi = {10.23919/ACC53348.2022.9867556},
      tag = {10002},
    }

Delay attacks on networked control systems

Feedback loop delay is known to impose limitations on the achievable performance of control systems. In particular, delays can increase oscillations, reduce regulation accuracy, and may cause destabilization of the control system. Large enough delays may also cause the loss of communication packets between the sensors, the controller, and the actuators, resulting in denial-of-service at the controller. Delays and packet losses are important aspects to be considered in the context of control over wireless communication networks. Unfortunately, delays can also be induced by malicious cyber-attacks that aim to disrupt the system. In the security context, it is important to understand how delays may be induced by adversaries and how the attacks may be disguised as natural properties of the communication channel. Our group investigates novel control-theoretic approaches for understanding, detecting, and mitigating attack-induced delays and packet losses, combining techniques from system identification, anomaly detection, and robust control.

Team members: Torbjörn Wigren, Ruslan Seifullaev, André M. H. Teixeira

  1. “Event-triggered control of nonlinear systems under deception and Denial-of-Service attacks”.
    R. Seifullaev, A. M. H. Teixeira, and A. Ahlén.
    IEEE Conference on Decisions and Control (Accepted), 2024

    BIB
    @inproceedings{Seifullaev_CDC024,
      author = {Seifullaev, R. and Teixeira, A. M. H. and Ahl\'{e}n, A.},
      booktitle = {IEEE Conference on Decisions and Control (Accepted)},
      title = {Event-triggered control of nonlinear systems under deception and Denial-of-Service attacks},
      year = {2024},
      published = {1},
      tag = {10004}
    }
  2. “Delay Attack and Detection in Feedback Linearized Control Systems”.
    T. Wigren and A. M. H. Teixeira.
    European Control Conference, 2024

    ABS BIB
    Delay injection attacks on nonlinear control systems may trigger instability mechanisms like finite escape time dynamics. The paper guards against such attacks by showing how a recursive algorithm for identification of nonlinear dynamics and delay can simultaneously provide parameter estimates for controller tuning and detection of delay injection in the feedback path. The attack methodology is illustrated using a simulated feedback linearized automotive cruise controller where the attack is disguised, but anyway rapidly detected.
    @inproceedings{Wigren_ECC2024,
      author = {Wigren, T. and Teixeira, A. M. H.},
      booktitle = {European Control Conference},
      title = {Delay Attack and Detection in Feedback Linearized Control Systems},
      year = {2024},
      published = {1},
      tag = {10004}
    }
  3. “Convergence in delayed recursive identification of nonlinear systems”.
    T. Wigren.
    European Control Conference, 2024

    ABS BIB
    Early detection of delay attacks on feedback control systems can be achieved by recursive identification of delay and dynamics. The paper contributes with an analysis of the convergence of a multiple-model based algorithm for joint recursive identification of fractional delay and continuous time nonlinear state space dynamics. It is proved that the true parameter vector is in the set of global convergence points, while reasons are given why a standard local stability analysis fails. A numerical example illustrates these results.
    @inproceedings{Wigren_ECC2025,
      author = {Wigren, T.},
      booktitle = {European Control Conference},
      title = {Convergence in delayed recursive identification of nonlinear systems},
      year = {2024},
      published = {1},
      tag = {10004}
    }
  4. “Feedback Path Delay Attacks and Detection”.
    T. Wigren and A. M. H. Teixeira.
    IEEE Conference on Decisions and Control, 2023

    BIB
    @inproceedings{Wigren_CDC2023,
      address = {},
      author = {Wigren, T. and Teixeira, A. M. H.},
      booktitle = {IEEE Conference on Decisions and Control},
      title = {Feedback Path Delay Attacks and Detection},
      year = {2023},
      published = {1},
      tag = {10004}
    }
  5. “On-line Identification of Delay Attacks in Networked Servo Control”.
    T. Wigren and A. M. H. Teixeira.
    IFAC World Congress, 2023

    ABS BIB
    The paper discusses attacks on networked control loops by increased delay, and shows how existing round trip jitter may disguise such attacks. The attackers objective need not be de-stabilization, the paper argues that making settling time requirements fail can be sufficient. To defend against such attacks, the paper proposes the use of joint recursive prediction error identification of the round trip delay and the networked closed loop dynamics. The proposed identification algorithm allows general defense, since it is designed for delayed nonlinear dynamics in state space form. Simulations show that the method is able to detect a delay attack on a printed circuit board component mounting servo loop, long before the attack reaches full effect.
    @inproceedings{WigrenIFAC2023,
      address = {},
      author = {Wigren, T. and Teixeira, A. M. H.},
      booktitle = {IFAC World Congress},
      title = {On-line Identification of Delay Attacks in Networked Servo Control},
      year = {2023},
      tag = {10004}
    }

Security and resilience of networked dynamical systems

Sustained use of critical infrastructure, such as electrical power and water distribution networks, requires efficient management and control. Facilitated by the advancements in computational devices and non-proprietary communication technology, such as the Internet, the efficient operation of critical infrastructure relies on network decomposition into interconnected subsystems, thus forming networked control systems. However, the use of public and pervasive communication channels leaves these systems vulnerable to cyber attacks. This theme aims to create novel methodologies to enhance the security and resilience of networked dynamical systems under cyber attacks.

Team members: Anh Tung Nguyen, Alain Govaert, André M. H. Teixeira, Sérgio Pequito

  1. “Data-Driven and Stealthy Deactivation of Safety Filters”.
    D. Arnström and A. M. H. Teixeira.
    Annual Learning for Dynamics & Control Conference (L4DC) 2025 (Submitted)

    ABS BIB
    Safety filters ensure that control actions that are executed are always safe, no matter the controller in question. Previous work has proposed a simple and stealthy false-data injection attack for deactivating such safety filters. This attack injects false sensor measurements to bias state estimates toward the interior of a safety region, making the safety filter accept unsafe control actions. The attack does, however, require the adversary to know the dynamics of the system, the safety region used in the safety filter, and the observer gain. In this work we relax these requirements and show how a similar data-injection attack can be performed when the adversary only observes the input and output of the observer that is used by the safety filter, without any a priori knowledge about the system dynamics, safety region, or observer gain. In particular, the adversary uses the observed data to identify a state-space model that describes the observer dynamics, and then approximates a safety region in the identified embedding. We exemplify the data-driven attack on an inverted pendulum, where we show how the attack can make the system leave a safe set, even when a safety filter is supposed to stop this from happening.
    @inproceedings{Arnstrom_L4DC2025,
      author = {Arnstr\"{o}m, D. and Teixeira, A. M. H.},
      title = {Data-Driven and Stealthy Deactivation of Safety Filters},
      booktitle = {Annual Learning for Dynamics & Control Conference (L4DC) 2025 (Submitted)},
      published = {0},
      tag = {10005}
    }
  2. “Data-Driven Identification of Attack-free Sensors in Networked Control Systems”.
    S. C. Anand, M. S. Chong, and A. M. H. Teixeira.
    European Control Conference 2025 (Submitted)

    ABS BIB
    This paper proposes a data-driven framework to identify the attack-free sensors in a networked control system when some of the sensors are corrupted by an adversary. An operator with access to offline input-output attack-free trajectories of the plant is considered. Then, a data-driven algorithm is proposed to identify the attack-free sensors when the plant is controlled online. We also provide necessary conditions, based on the properties of the plant, under which the algorithm is feasible. An extension of the algorithm is presented to identify the sensors completely online against certain classes of attacks. The efficacy of our algorithm is depicted through numerical examples.
    @inproceedings{Anand_SysDo2024,
      author = {Anand, S. C. and Chong, M. S. and Teixeira, A. M. H.},
      title = {Data-Driven Identification of Attack-free Sensors in Networked Control Systems},
      booktitle = {European Control Conference 2025 (Submitted)},
      published = {0},
      tag = {10005}
    }
  3. “Scalable and Optimal Security Allocation in Networks against Stealthy Injection Attacks”.
    A. T. Nguyen, S. C. Anand, and A. M. H. Teixeira.
    IEEE Trans. Automatic Control (Submitted)

    ABS BIB
    This paper addresses the security allocation problem in a networked control system under stealthy injection attacks. The networked system is comprised of interconnected subsystems which are represented by nodes in a digraph. An adversary compromises the system by injecting false data into several nodes with the aim of maximally disrupting the performance of the network while remaining stealthy to a defender. To minimize the impact of such stealthy attacks, the defender, with limited knowledge about attack policies and attack resources, allocates several sensors on nodes to impose the stealthiness constraint governing the attack policy. We provide an optimal security allocation algorithm to minimize the expected attack impact on the entire network. Furthermore, under a suitable local control design, the proposed security allocation algorithm can be executed in a scalable way. Finally, the obtained results are validated through several numerical examples.
    @article{Nguyen_TAC2024,
      author = {Nguyen, A. T. and Anand, S. C. and Teixeira, A. M. H.},
      journal = {IEEE Trans. Automatic Control (Submitted)},
      title = {Scalable and Optimal Security Allocation in Networks against Stealthy Injection Attacks},
      published = {0},
      tag = {10005}
    }
  4. “Security Allocation in Networked Control Systems under Stealthy Attacks”.
    A. T. Nguyen, A. M. H. Teixeira, and A. Medvedev.
    IEEE Trans. Control of Network Systems, 2024

    ABS BIB
    This paper considers the problem of security allocation in a networked control system under stealthy attacks in which the system is comprised of interconnected subsystems represented by vertices. A malicious adversary selects a single vertex on which to conduct a stealthy data injection attack to maximally disrupt the local performance while remaining undetected. On the other hand, a defender selects several vertices on which to allocate defense resources against the adversary. First, the objectives of the adversary and the defender with uncertain targets are formulated in probabilistic ways, resulting in an expected worst-case impact of stealthy attacks. Next, we provide a graph-theoretic necessary and sufficient condition under which the cost for the defender and the expected worst-case impact of stealthy attacks are bounded. This condition enables the defender to restrict the admissible actions to a subset of available vertex sets. Then, we cast the problem of security allocation in a Stackelberg game-theoretic framework. Finally, the contribution of this paper is highlighted by utilizing the proposed admissible actions of the defender in the context of large-scale networks. A numerical example of a 50-vertex networked control system is presented to validate the obtained results.
    @article{Nguyen_TCNS2024,
      author = {Nguyen, A. T. and Teixeira, A. M. H. and Medvedev, A.},
      journal = {IEEE Trans. Control of Network Systems},
      number = {},
      pages = {},
      title = {Security Allocation in Networked Control Systems under Stealthy Attacks},
      volume = {},
      doi = {10.1109/TCNS.2024.3462546},
      year = {2024},
      published = {1},
      tag = {10005}
    }
  5. “Centrality-based Security Allocation in Networked Control Systems”.
    A. T. Nguyen, A. Hertzberg, and A. M. H. Teixeira.
    The 19th International Conference on Critical Information Infrastructures Security (Accepted), 2024

    ABS BIB
    This paper addresses the security allocation problem within networked control systems, which consist of multiple interconnected control systems under the influence of two opposing agents: a defender and a malicious adversary. The adversary aims to maximize the worst-case attack impact on system performance while remaining undetected by launching stealthy data injection attacks on one or several interconnected control systems. Conversely, the defender’s objective is to allocate security resources to detect and mitigate these worst-case attacks. A novel centrality-based approach is proposed to guide the allocation of security resources to the most connected or influential subsystems within the network. The methodology involves comparing the worst-case attack impact for both the optimal and centrality-based security allocation solutions. The results demonstrate that the centrality measure approach enables significantly faster allocation of security resources with acceptable levels of performance loss compared to the optimal solution, making it suitable for large-scale networks. The proposed method is validated through numerical examples using Erdös-Rényi graphs.
    @inproceedings{Nguyen_CRITIS24,
      author = {Nguyen, A. T. and Hertzberg, A. and Teixeira, A. M. H.},
      title = {Centrality-based Security Allocation in Networked Control Systems},
      year = {2024},
      booktitle = {The 19th International Conference on Critical Information Infrastructures Security (Accepted)},
      published = {1},
      tag = {10005}
    }
  6. “Security Allocation in Networked Control Systems”.
    A. T. Nguyen.
    Licentiate thesis, Uppsala University, Uppsala, Sweden, 2023

    ABS BIB
    Sustained use of critical infrastructure, such as electrical power and water distribution networks, requires efficient management and control. Facilitated by the advancements in computational devices and non-proprietary communication technology, such as the Internet, the efficient operation of critical infrastructure relies on network decomposition into interconnected subsystems, thus forming networked control systems. However, the use of public and pervasive communication channels leaves these systems vulnerable to cyber attacks. Consequently, the critical infrastructure is put at risk of suffering operation disruption and even physical damage that would inflict financial costs as well as pose a hazard to human health. Therefore, security is crucial to the sustained efficient operation of critical infrastructure. This thesis develops a framework for evaluating and improving the security of networked control systems in the face of cyber attacks. The considered security problem involves two strategic agents, namely a malicious adversary and a defender, pursuing their specific and conflicting goals. The defender aims to efficiently allocate defense resources with the purpose of detecting malicious activities. Meanwhile, the malicious adversary simultaneously conducts cyber attacks and remains stealthy to the defender. We tackle the security problem by proposing a game-theoretic framework and characterizing its main components: the payoff function, the action space, and the available information for each agent. Especially, the payoff function is characterized based on the output-to-output gain security metric that fully explores the worst-case attack impact. Then, we investigate the properties of the game and how to efficiently compute its equilibrium. Given the combinatorial nature of the defender’s actions, one important challenge is to alleviate the computational burden. To overcome this challenge, the thesis contributes several system- and graph-theoretic conditions that enable the defender to shrink the action space, efficiently allocating the defense resources. The effectiveness of the proposed framework is validated through numerical examples.
    @phdthesis{Nguyen_Lic2023,
      author = {Nguyen, Anh Tung},
      title = {Security Allocation in Networked Control Systems},
      school = {Uppsala University},
      year = {2023},
      address = {Uppsala, Sweden},
      month = oct,
      type = {Licentiate thesis},
      tag = {10005}
    }
  7. “On the trade-offs between accuracy, privacy, and resilience in average consensus algorithms”.
    G. Ramos, A. M. H. Teixeira, and S. Pequito.
    IEEE Conference on Decisions and Control, 2023

    BIB
    @inproceedings{Ramos_CDC2023,
      author = {Ramos, G. and Teixeira, A. M. H. and Pequito, S.},
      booktitle = {IEEE Conference on Decisions and Control},
      title = {On the trade-offs between accuracy, privacy, and resilience in average consensus algorithms},
      year = {2023},
      published = {1},
      tag = {10005},
      taga = {10006}
    }
  8. “Secure State Estimation with Asynchronous Measurements against Malicious Measurement-data and Time-stamp Manipulation”.
    Z. Li, A. T. Nguyen, A. M. H. Teixeira, Y. Mo, and K. H. Johansson.
    IEEE Conference on Decisions and Control, 2023

    ABS BIB
    This paper proposes a secure state estimation scheme with non-periodic asynchronous measurements for linear continuous-time systems under false data attacks on the measurement transmit channel. After sampling the output of the system, a sensor transmits the measurement information in a triple composed of sensor index, time-stamp, and measurement value to the fusion center via vulnerable communication channels. The malicious attacker can corrupt a subset of the sensors through (i) manipulating the time-stamp and measurement value; (ii) blocking transmitted measurement triples; or (iii) injecting fake measurement triples. To deal with such attacks, we propose the design of local estimators based on observability space decomposition, where each local estimator updates the local state and sends it to the fusion center after sampling a measurement. Whenever there is a local update, the fusion center combines all the local states and generates a secure state estimate by adopting the median operator. We prove that local estimators of benign sensors are unbiased with stable covariance. Moreover, the fused central estimation error has bounded expectation and covariance against at most p corrupted sensors as long as the system is 2p-sparse observable. The efficacy of the proposed scheme is demonstrated through an application on a benchmark example of the IEEE 14-bus system.
    @inproceedings{Li_CDC2023,
      address = {},
      author = {Li, Z. and Nguyen, A. T. and Teixeira, A. M. H. and Mo, Y. and Johansson, K. H.},
      booktitle = {IEEE Conference on Decisions and Control},
      title = {Secure State Estimation with Asynchronous Measurements against Malicious  Measurement-data and Time-stamp Manipulation},
      year = {2023},
      published = {1},
      tag = {10005}
    }
  9. “Optimal Detector Placement in Networked Control Systems under Cyber-attacks with Applications to Power Networks”.
    A. T. Nguyen, S. C. Anand, A. M. H. Teixeira, and A. Medvedev.
    IFAC World Congress, 2023

    ABS BIB
    This paper proposes a game-theoretic method to address the problem of optimal detector placement in a networked control system under cyber-attacks. The networked control system is composed of interconnected agents where each agent is regulated by its local controller over unprotected communication, which leaves the system vulnerable to malicious cyber-attacks. To guarantee a given local performance, the defender optimally selects a single agent on which to place a detector at its local controller with the purpose of detecting cyber-attacks. On the other hand, an adversary optimally chooses a single agent on which to conduct a cyber-attack on its input with the aim of maximally worsening the local performance while remaining stealthy to the defender. First, we present a necessary and sufficient condition to ensure that the maximal attack impact on the local performance is bounded, which restricts the possible actions of the defender to a subset of available agents. Then, by considering the maximal attack impact on the local performance as a game payoff, we cast the problem of finding optimal actions of the defender and the adversary as a zero-sum game. Finally, with the possible action sets of the defender and the adversary, an algorithm is devoted to determining the Nash equilibria of the zero-sum game that yield the optimal detector placement. The proposed method is illustrated on an IEEE benchmark for power systems.
    @inproceedings{NguyenIFAC2023,
      address = {},
      author = {Nguyen, A. T. and Anand, S. C. and Teixeira, A. M. H. and Medvedev, A.},
      booktitle = {IFAC World Congress},
      title = {Optimal Detector Placement in Networked Control Systems under Cyber-attacks with Applications to Power Networks},
      tag = {10005},
      year = {2023},
    }
  10. “A Zero-Sum Game Framework for Optimal Sensor Placement in Uncertain Networked Control Systems under Cyber-Attacks”.
    A. T. Nguyen, S. C. Anand, and A. M. H. Teixeira.
    IEEE Conference on Decision and Control (CDC), 2022

    ABS BIB
    This paper proposes a game-theoretic approach to address the problem of optimal sensor placement against an adversary in uncertain networked control systems. The problem is formulated as a zero-sum game with two players, namely a malicious adversary and a detector. Given a protected performance vertex, we consider a detector, with uncertain system knowledge, that selects another vertex on which to place a sensor and monitors its output with the aim of detecting the presence of the adversary. On the other hand, the adversary, also with uncertain system knowledge, chooses a single vertex and conducts a cyber-attack on its input. The purpose of the adversary is to drive the attack vertex as to maximally disrupt the protected performance vertex while remaining undetected by the detector. As our first contribution, the game payoff of the above-defined zero-sum game is formulated in terms of the Value-at-Risk of the adversary’s impact. However, this game payoff corresponds to an intractable optimization problem. To tackle the problem, we adopt the scenario approach to approximately compute the game payoff. Then, the optimal monitor selection is determined by analyzing the equilibrium of the zero-sum game. The proposed approach is illustrated via a numerical example of a 10-vertex networked control system.
    @inproceedings{NguyenCDC2022,
      address = {},
      author = {Nguyen, A. T. and Anand, S. C. and Teixeira, A. M. H.},
      booktitle = {IEEE Conference on Decision and Control (CDC)},
      title = {A Zero-Sum Game Framework for Optimal Sensor Placement in Uncertain Networked Control Systems under Cyber-Attacks},
      year = {2022},
      doi = {10.1109/CDC51059.2022.9992468},
      tag = {10005}
    }
  11. “A Single-Adversary-Single-Detector Zero-Sum Game in Networked Control Systems”.
    A. T. Nguyen, A. M. H. Teixeira, and A. Medvedev.
    IFAC Conference on Networked Systems (NecSys), 2022

    ABS BIB
    This paper proposes a game-theoretic approach to address the problem of optimal sensor placement for detecting cyber-attacks in networked control systems. The problem is formulated as a zero-sum game with two players, namely a malicious adversary and a detector. Given a protected target vertex, the detector places a sensor at a single vertex to monitor the system and detect the presence of the adversary. On the other hand, the adversary selects a single vertex through which to conduct a cyber-attack that maximally disrupts the target vertex while remaining undetected by the detector. As our first contribution, for a given pair of attack and monitor vertices and a known target vertex, the game payoff function is defined as the output-to-output gain of the respective system. Then, the paper characterizes the set of feasible actions by the detector that ensures bounded values of the game payoff. Finally, an algebraic sufficient condition is proposed to examine whether a given vertex belongs to the set of feasible monitor vertices. The optimal sensor placement is then determined by computing the mixed-strategy Nash equilibrium of the zero-sum game through linear programming. The approach is illustrated via a numerical example of a 10-vertex networked control system with a given target vertex.
    @inproceedings{NguyenNecsys2022,
      address = {},
      author = {Nguyen, A. T. and Teixeira, A. M. H. and Medvedev, A.},
      booktitle = {IFAC Conference on Networked Systems (NecSys)},
      title = {A Single-Adversary-Single-Detector Zero-Sum Game in Networked Control Systems},
      year = {2022},
      doi = {10.1016/j.ifacol.2022.07.234},
      tag = {10005},
    }

Privacy of networked dynamical systems

Guaranteeing privacy in dynamical networks is particularly important in the pressing concern of privacy in distributed optimization scenarios common in machine learning and artificial intelligence. The intrinsic design of these networks traditionally depends on implicit trust among agents, raising significant privacy issues. We propose a novel approach that integrates control theory and optimization techniques to address these privacy concerns. Our approach aims to refine network architectures and communication protocols, ensuring that the privacy of individual agents is preserved while maintaining the efficacy of collective decision-making processes. This advancement in network design is poised to substantially improve the handling of privacy in dynamical networks, facilitating their reliable and private application in various settings.

Team members: André M. H. Teixeira, Sérgio Pequito

  1. “Average consensus with resilience and privacy guarantees without losing accuracy”.
    G. Ramos, D. Silvestre, A. M. H. Teixeira, and S. Pequito.
    Automatica (Submitted)

    ABS BIB
    @article{Ramos_Automatica2024,
      author = {Ramos, G. and Silvestre, D. and Teixeira, A. M. H. and Pequito, S.},
      journal = {Automatica (Submitted)},
      number = {},
      pages = {},
      title = {Average consensus with resilience and privacy guarantees without losing accuracy},
      volume = {},
      year = {},
      published = {0},
      tag = {10006}
    }
  2. “Privacy preserving average consensus through network augmentation”.
    G. Ramos, A. P. Aguiar, S. Kar, and S. Pequito.
    IEEE Trans. Automatic Control (Accepted), 2023

    BIB
    @article{Ramos_TAC2024,
      author = {Ramos, G. and Aguiar, A. P. and Kar, Soummya and Pequito, S.},
      journal = {IEEE Trans. Automatic Control (Accepted)},
      title = {Privacy preserving average consensus through network augmentation},
      year = {2023},
      published = {1},
      tag = {10006}
    }
  3. “Designing communication networks for discrete-time consensus for performance and privacy guarantees”.
    G. Ramos and S. Pequito.
    Systems & Control Letters, vol. 180, p. 105608, 2023

    ABS BIB
    Discrete-time consensus plays a key role in multi-agent systems and distributed protocols. Unfortunately, due to the self-loop dynamics of the agents (an agent’s current state depends only on its own immediately previous state, i.e., one time-step in the past), they often lack privacy guarantees. Therefore, in this paper, we propose a novel design that consists of a network augmentation, where each agent uses the previous iteration values and the newly received ones to increase the privacy guarantees. To formally evaluate the privacy of a network of agents, we define the concept of privacy index, which intuitively measures the minimum number of agents that should work in coalition to recover all the initial states. Moreover, we aim to explore if there is a trade-off between privacy and accuracy (rate of convergence) or if we can increase both. We unveil that, with the proposed method, we can design networks with higher privacy index and faster convergence rates. Remarkably, we further ensure that the network always reaches consensus even when the original network does not. Finally, we illustrate the proposed method with examples and present networks that lead to higher privacy levels and, in the majority of the cases, to faster consensus rates.
    @article{Ramos_CSL2024,
      author = {Ramos, G. and Pequito, S.},
      journal = {Systems & Control Letters},
      volume = {180},
      pages = {105608},
      year = {2023},
      title = {Designing communication networks for discrete-time consensus for performance and privacy guarantees},
      doi = {10.1016/j.sysconle.2023.105608},
      published = {1},
      tag = {10006}
    }
  4. “On the trade-offs between accuracy, privacy, and resilience in average consensus algorithms”.
    G. Ramos, A. M. H. Teixeira, and S. Pequito.
    IEEE Conference on Decisions and Control, 2023

    BIB
    @inproceedings{Ramos_CDC2023,
      author = {Ramos, G. and Teixeira, A. M. H. and Pequito, S.},
      booktitle = {IEEE Conference on Decisions and Control},
      title = {On the trade-offs between accuracy, privacy, and resilience in average consensus algorithms},
      year = {2023},
      published = {1},
      tag = {10005},
      taga = {10006}
    }
  5. “Privacy and Security in Network Controlled Systems via Dynamic Masking”.
    M. Abdalmoaty, S. C. Anand, and A. M. H. Teixeira.
    IFAC World Congress, 2023

    ABS VID BIB
    In this paper, we propose a new architecture to enhance the privacy and security of networked control systems against malicious adversaries. We consider an adversary which first learns the system dynamics (privacy) using system identification techniques, and then performs a data injection attack (security). In particular, we consider an adversary conducting zero-dynamics attacks (ZDA) which maximizes the performance cost of the system whilst staying undetected. However, using the proposed architecture, we show that it is possible to (i) introduce significant bias in the system estimates of the adversary: thus providing privacy of the system parameters, and (ii) efficiently detect attacks when the adversary performs a ZDA using the identified system: thus providing security. Through numerical simulations, we illustrate the efficacy of the proposed architecture.
    @inproceedings{AbdalmoatyIFAC2023,
      address = {},
      author = {Abdalmoaty, M. and Anand, S. C. and Teixeira, A. M. H.},
      booktitle = {IFAC World Congress},
      title = {Privacy and Security in Network Controlled Systems via Dynamic Masking},
      year = {2023},
      video = {https://youtu.be/uuz5ppriWLk},
      tag = {10006}
    }

 

… and more.