Data-Driven Methods for Stealthy Attacks on TCP/IP-Based Networked Control Systems Equipped With Attack Detectors.

Most of the existing stealthy attack schemes for cyber-physical systems (CPSs) are presented under the assumption that the model parameters of CPS are known to attackers. Presently, there are only a few model-independent stealthy attack approaches, which, however, need the assumption that attackers know sensor measurements and can modify them. This paper aims to remove the aforementioned conservative assumptions and give a stealthy attack methodology for closed-loop CPS with reference signals, that is, transmission control protocol/Internet protocol (TCP/IP)-based networked control systems. To this end, under the condition that the model parameters of the CPS are unknown, a benchmark platform (consisting of an attack detector and a TCP/IP-based networked dc servo system) used for testing the stealthy attack technology is constructed via data-driven methods. A plan is made, which is utilized for eavesdropping the information of the TCP/IP-based CPS. On this basis, an approach to blocking network communications and injecting the false sensor data into the CPS is explored. A closed-loop recursive identification strategy for the dynamic characteristic matrix of the CPS is designed. By employing all of the above-obtained results, a data-driven stealthy attack scheme for the CPS is proposed and, subsequently, its effectiveness and practicability are validated by experiment.