Strategies to Inject Spoofed Measurement Data
This work addresses the problem of designing stealthy attacks against Kalman filters from the attacker's perspective, which is relevant for control systems security.
The paper studies how an attacker can inject minimal spoofed measurement data to mislead a Kalman filter while evading detection by a χ² detector, and provides theoretical proofs and simulation results demonstrating the strategy's effectiveness.
We study the problem of designing false measurement data that is injected to corrupt and mislead the output of a Kalman filter. Unlike existing works that focus on detection and filtering algorithms for the observer, we study the problem from the attacker's point-of-view. In our model, the attacker can corrupt the measurements by injecting additive spoofing signals. The attacker seeks to create a separation between the estimate of the Kalman filter with and without spoofed signals. We present a number of results on how to inject spoofing signals while minimizing the magnitude of the injected signals. The resulting strategies are evaluated through simulations along with theoretical proofs. We also evaluate the spoofing strategy in the presence of a $χ^2$ spoof detector. The results show that the proposed strategy can successfully mislead a Kalman filter while ensuring it is not detected.