The outline of this dissertation closely follows the highlighted problems in Figure 1.5. We first present in Chapter 2 a general overview of the related work on CPS safety and security, including nominal state estimation, anomaly detection as well as se- curity approaches (both from a purely cyber and a combined cyber-physical point of view). Chapter 3 addresses the problem of nominal context-aware estimation; we develop two context-aware filters, analyze their theoretical properties and evaluate them, both in simulation and on real data. In Chapter 4, we consider the main prob- lem of this dissertation, namely safety detection in the presence of sensor attacks and faults; we develop sensor fusion techniques and consider multiple ways of improving the output of sensor fusion by incorporating measurement history and by analyz- ing different schedules of measurement transmissions; all techniques are evaluated in simulation and in experiments with the LandShark robot. The guarantees provided by sensor fusion are further strengthened in Chapter 5 where we add another piece of information, namely context measurements; we develop a context-aware sensor fusion algorithm and evaluate it in simulation of a perfectly attackable system that can only detect it is unsafe with the addition of context measurements. Finally, Chapter 6
addresses the third major problem of this dissertation, namely sensor attack detec- tion in the presence of transient faults; we develop a sound detection/identification algorithm and evaluate it on real data from the LandShark sensors. Concluding remarks and some avenues for future work are provided in Chapter 7.
Chapter 2
Related Work
This chapter reviews the related work in the general problem space defined in Chap- ter 1. We begin by presenting the most popular approaches to filtering and state estimation in general before discussing works in the area of fault detection, isolation and reconfiguration (FDIR) and robustness. The chapter concludes with security and attack detection. More specific topics such as sensor fusion, sensor selection and context-aware filtering are reviewed in their respective chapters.
2.1
State Estimation
State estimation is a very well studied problem in the control theory literature. Some of the first approaches were developed in the 1940s with the introduction of the Wiener filter and Wiener theory in general [219]. Consequently, the Wiener filter was extended and transformed into the classical Kalman filter [113], which is still the default choice for estimator in many applications due to its easy recursive implementation and intuitive appeal. Multiple extensions of the Kalman filter have been developed since then depending on the system and its assumptions, including the Gaussian Mixture filter for multimodal distributions [99, 193], the consensus Kalman filter for distributed systems [155, 156] and many others [14, 73, 76, 112].
While the Kalman filter is the best linear unbiased estimator for linear systems
with Gaussian noise [26] (i.e., the functionf is linear in (1.4) and the noiseswin (1.4)
and v in (1.5) have Gaussian distributions), it is challenging to develop algorithms
with such strong properties in other settings, even in the linear-system framework. For example, in linear systems where the noise is distributed according to a trun- cated Gaussian distribution (e.g., in a turbofan engine model [188]) it is difficult to obtain a closed-form filter, and a popular approach is to estimate the posterior probability density function (pdf) using Monte Carlo techniques [69, 188]. Other, heavy tailed, noise distributions have been considered as well, such as a Student-t distribution [97], but they lead to noise disturbances that are not identically dis- tributed, thus preventing researchers from obtaining closed-form estimates. Robust filters for general distributions have been developed as well by deriving an optimal time-varying smoothing boundary layer [84]. Alternatively, instead of a probabilistic approach, one may assume bounds on the noise. For example, one may derive a Kalman-like set membership filter given energy bounds on the noise [27]; if instead the noise is bounded by quadratic inequalities, then the estimation problem can be efficiently approximated by a convex optimization problem [74].
Unlike linear systems where a multitude of problems and setups have been ad- dressed, estimation in general nonlinear systems is in still an open and challenging problem. One of the standard approaches to nonlinear estimation is the extended Kalman filter (EKF) [14], which works by linearizing the system dynamics and ob- servation model and applying the standard Kalman filter to the linearized system. Another popular approach is the unscented Kalman filter (UKF) [112], which recon- structs the posterior mean and covariance matrix by propagating a minimal set of sample (sigma) points. Similarly, the smooth variable structure filter is an iterative algorithm that has also been shown to work well in smooth nonlinear systems [95]. All of these approaches work well in practice for mildly nonlinear systems with Gaussian-like noise but they do not perform as well in highly nonlinear systems. In
such cases, one might use non-parametric approximation methods such as Gaussian Process filtering [99]. Yet another popular approach to nonlinear filtering is particle filtering [87], which employs Monte Carlo techniques in order to approximate non- linear functions with arbitrary probability distributions; particle filters have been shown to work well in practice in robotics applications [62, 148, 202]. Particle filters have also been combined with Kalman filters in special problems where subsets of the state can be estimated in closed form [67, 90]. Finally, similar to the case of linear systems, nonlinear systems with bounded (not probabilistic noise) have been considered as well – e.g., set membership filters have been developed for systems with bounded noise and bounded derivatives of state dynamics and have been shown to outperform the EKF in highly nonlinear systems [139, 141].
A further complication to the estimation task is added by the fact that most sys- tem models are inaccurate or at least parameterized by multiple variables that differ across systems. System identification techniques can be utilized in such cases in order to obtain a model of the system based on observed data [17, 105, 129]. Approaches in this domain can be broadly classified as white-box (i.e., first principles) [151], gray-box [34, 121, 207], or black-box (i.e., data-driven) [111, 191, 197] depending on the assumptions on the underlying model. In addition, it is also possible to iden- tify the model in an iterative fashion by gradually perturbing parameter values and minimizing a given cost function of the difference between predicted and measured states – this technique has been successfully applied in expectation maximization ap- proaches [132, 186] as well as in multiple smoothing algorithms [116, 124, 176, 210]. To summarize, all nonlinear estimation techniques involve approximations, in addition to often being computationally expensive. A main reason for these disad- vantages is the generality of the considered problems – most approaches attempt to develop estimators for all nonlinear systems or broad subsets thereof (e.g., all sys- tems with differentiable dynamics). In contrast, in this dissertation we focus on a specific class of nonlinear measurements, i.e., binary measurements, and derive the
exact posterior distributions in an efficient way.