Cyber attacks with bounded sensor reading edits for partially-observed discrete event systems

The problem of cyber attacks with bounded sensor reading edits for partially-observed discrete event systems is considered. An operator observes a plant through an observation mask that hides the occurrence of certain events. The objective of the operator is that of estimating if a state in a given set of critical states is reached. The observation is corrupted by an attacker which can insert and erase some sensor readings with the aim of thwarting the effort of the operator. Furthermore, the attacker wants to remain stealthy, namely the operator should not realize that its observation has been corrupted. An automaton, called attack structure, is defined to describe the set of all possible attacks. In more details, first, an unbounded attack structure is obtained by concurrent composition of two state observers, the attacker observer and the operator observer. Then, an n-bounded attack structure, for a given integer value of n, is obtained by concurrent composition of the unbounded attack structure and an n-bounded attack automaton. Finally, the n-bounded attack structure is refined to obtain a supremal stealthy attack substructure. An attack function may be selected from the supremal stealthy attack substructure and may achieve different degrees of effectiveness, such as harmful or potentially harmful. The proposed approach can be dually used to verify if there exists an harmful attack for the given system: this allows one to establish if the system is safe under attack.