Linear System Identification-Oriented Optimal Tampering Attack Strategy and Implementation Based on Information Entropy with Multiple Binary Observations

Abstract

With the rapid development of computer technology, communication technology, and control technology, cyber-physical systems (CPSs) have been widely used and developed. However, there are massive information interactions in CPSs, which lead to an increase in the amount of data transmitted over the network. The data communication, once attacked by the network, will seriously affect the security and stability of the system. In this paper, for the data tampering attack existing in the linear system with multiple binary observations, in the case where the estimation algorithm of the defender is unknown, the optimization index is constructed based on information entropy from the attacker’s point of view, and the problem is modeled. For the problem of the multi-parameter optimization with energy constraints, this paper uses particle swarm optimization (PSO) to obtain the optimal data tampering attack solution set, and gives the estimation method of unknown parameters in the case of unknown parameters. To implement the real-time improvement of online implementation, the BP neural network is designed. Finally, the validity of the conclusions is verified through numerical simulation. This means that the attacker can construct effective metrics based on information entropy without the knowledge of the defense’s discrimination algorithm. In addition, the optimal attack strategy implementation based on PSO and BP is also effective.

1. Introduction

With the rapid development of the internet and cloud computing technology, the demand for the integration of the physical world and the digital world is increasing [1]. The efficient, green, and intelligent characteristics of CPSs are highly compatible with the needs of the times, putting them in a booming and prosperous period under the information age, and are rapidly being applied in areas such as industrial production, national defense and military, smart grids, smart healthcare, and other fields [2,3,4,5]. In industrial production, CPS technology is deeply intertwined with Industry 4.0, based on embedded systems and information technology, and it can monitor the status of physical equipment in factories in real time to deeply perceive the production process, and its development is highly consistent with that of smart factories [6,7]. In recent years, with the rapid promotion of automatic driving, the highly integrated information technology of the car can combine and interact with computer and network technology, and vehicle operation in the physical world using functions such as perception technology, real-time data processing, and control algorithms [8,9].

However, the integration of wireless communication technology in CPSs gives the possibility of remote control of the system, and therefore wireless communication has the advantages of convenient control, but also makes the communication between systems highly open and vulnerable to malicious attackers [10,11,12]. Such attacks can be categorized into data tampering attacks and denial of service (DoS) attacks according to their effects, among which data tampering attacks can be realized in the form of data modification attacks, false data injection (FDI) attacks, and data replay attacks [13]. In CPSs, data tampering attacks can hijack and tamper with the normal data in the communication between the sender and the receiver, so that the data used by the receiver are not the true data of the system, which in turn causes the control link to give the wrong control commands, leading to the malfunctioning of the whole system [14,15,16].

The study of data tampering attacks is conducive to the defender to make timely and appropriate decisions on the attack strategy, issue correct control instructions, and minimize the damage of data tampering attacks on the CPS, so there have been related studies. Ref. [17] proposed a linear spoofing attack strategy for the false data injection attack and gave the corresponding feasibility constraints to ensure that the attacker could successfully inject false data without being detected. Ref. [18] investigated the problem of designing FDI attacks for a class of CPSs with a state estimator and an attack detector, where the desired sequence of non-perfect attacks could be designed by analyzing the maximum eigenvalues of the auxiliary matrices and the corresponding eigenvectors in the absence of a priori knowledge of the estimator. And unlike previous zero-mean Gaussian distribution attack strategies, ref. [19] proposed an optimal attack strategy based on arbitrary mean Gaussian distribution. With an understanding of the attacker’s attack pattern, the study of attack detection from the defender’s perspective focused on how to identify and respond to ongoing or potential attacks. In terms of FDI attack detection, ref. [20] designed a nonlinear local joint estimator, and a learning-based fusion criterion was proposed for multi-sensor FDI attacks to simultaneously estimate the system state and the attack signal. For covert FDI attacks in train ground communication systems, ref. [21] used an authentication mechanism to design an automatically generated multiplicative coding scheme to detect intrusions, dynamically updated the coding sequences online to encrypt and decrypt the raw train measurements, and then built a defense model based on the navigational projection algorithm to reconstruct the train location information corrupted by the attacker. For detecting FDI attacks in smart grids, ref. [22] proposed a CNN-LSTM method based on PSO optimization to improve its security and stability. After an attack exists in the system, research on defenses focus on how to mitigate the impact of the attack. Ref. [23] gave an optimal attack strategy for data tampering attacks in the framework of system identification based on binary observations, and finally a compensation algorithm to defend against data tampering attacks was given and verified. For data tampering attacks in finite impulse response systems, ref. [24] implemented the optimal attack strategy and further proposed an online defense strategy from the perspective of the defender. Ref. [25] designed a robust adaptive sliding mode observer to estimate the state of the power system, utilized the attack reconstruction method to estimate the FDI attack signals, and finally proposed a reliable sliding mode control strategy to eliminate the effects of the FDI attack.

For the data tampering attack, in order to achieve the optimal attack, the traditional method uses the estimation error as the index, which is based on knowing the defender’s identification algorithm, but how should the attacker construct the optimization index when the attacker has no knowledge of the defender’s identification algorithm? In addition, after constructing the optimization metrics, so how should the attacker solve for the optimal attack strategy? In the actual attack, the data sequences are transmitted in real time in the network channel, how should the attacker meet the real-time requirement of online attack? In this paper, under the framework of system identification with multiple binary observations, the research is carried out from the attacker’s perspective to pave the way for better defense. For the construction of indicators, since the defender mainly uses the information available in the data for identification, if the data contain less information, or if the data distribution is more concentrated due to the attack, then the identification of the defender will deviate more from the true value. Therefore, this paper introduces information entropy as an index to describe the effect of the attack, and at the same time models the problem of selecting the optimal data tampering attack under the multi-binary observations as an information entropy-based optimization problem with energy constraints. Due to the complexity of multi-observations, the optimization problem is a multi-parameter optimization task, so this paper gives the solution set of the optimal attack strategy based on the PSO algorithm. In order to solve the lag problem caused by the computation of the PSO algorithm, this paper carries out real-time optimization based on the BP network, and finally verifies the conclusion through simulation.

In this paper, there are different attack strategies in each communication network, the objective to be optimized is the set of optimal attack strategies, the identification algorithm of the defender is unknown for the attacker, and in addition the online attack needs to meet the real-time requirement of the attack. The contributions of this paper are as follows:

• For the problem of attack indicators in multi-quantified observation linear systems, if the defender identification algorithm is unknown, this paper constructs the indicators based on the average entropy and turns the optimal data tampering attack problem into an optimization problem with energy constraints.
• For the optimization problem where the average entropy expression is multi-parameter single-objective, this paper obtains the optimal solution based on the PSO algorithm and designs the estimation method for the unknown parameters.
• In order to meet the real-time requirements of the attack, the lag of the PSO search solution leads to the inability to carry out the optimal tampering attack in real time, and therefore, in this paper, we use the optimal solution of PSO to construct the dataset, and construct the BP neural network for training in order to obtain the model that can be processed fast to obtain the solution set of the optimal data tampering attack.

The remaining sections of this paper are organized as follows. Section 2 describes the model of the system and the strategies of data tampering attacks; Section 3 constructs the model of the optimization problem under information entropy and obtains the optimal attack strategy based on the PSO algorithm; Section 4 gives the estimation of the unknown parameters as well as the implementation of online attack based on the BP network; Section 5 illustrates the reasonableness of the obtained conclusions through numerical simulations; and Section 6 gives the summary and outlook of this paper.

2. Problem Formulation

Given a system consisting of m mutually independent binary observations, consider the l-th observing system, $l=1,2,\dots ,m$:

$$y_{l,k}=a_1{u}_{l,1}+a_2{u}_{l,2}+\cdots +a_n{u}_{l,n}+d_{l,k}={\varphi }_l^T\theta +d_{l,k},$$

(1)

where $\theta ={[a_1,a_2,\dots ,a_n]}^T$ is the system parameter; ${\varphi }_l=[u_{l,1},u_{l,2}$,…, $u_{l,n}{]}^T$ is the input parameter for each observation system, which is a fixed value that does not change by moment k; and $d_{l,k}$ is the system noise.

$y_{l,k}$ is the system output of the l-th observing system at the k-th moment, measured by a binary observation sensor with threshold $C_l$, which is expressed as:

$$s_{l,k}^0=I_{\{y_{l,k}\le C_l\}}=\left\{\begin{array}{cc}1,\hfill & y_{l,k}\le C_l;\hfill \\ 0,\hfill & \mathrm{otherwise}.\hfill \end{array}\right.$$

(2)

As shown in Figure 1, $s_{l,k}^0$ denotes the data that were transmitted to the estimation center through the l-th network channel at the moment of k, but were subjected to a cyberattack during transmission, resulting in data tampering. The data received by the estimation center are denoted as $s_{l,k}$, which is related to $s_{l,k}^0$:

$$\left\{\begin{array}{c}Pr\{s_{l,k}=0|s_{l,k}^0=1\}=p_l;\hfill \\ Pr\{s_{l,k}=1|s_{l,k}^0=0\}=q_l.\hfill \end{array}\right.$$

(3)

The data tampering attack strategy of the l-th observation system described in the above equation is abbreviated as $(p_l,q_l)$.

In the given system, the identification algorithm of the unknown parameter $\theta$ needs to be constructed by the defender, while the attacker aims to disrupt the effectiveness of the identification algorithms under multiple binary observations. Since there are multiple communication networks, so the attacker can adopt different attack strategies in different networks, the attacker’s set of tampering strategies is noted as

$$\Omega =\{(p_l,q_l),l=1,2,\dots ,m\}.$$

In this system, the following questions are given and addressed in this paper:

(1)

From the perspective of the attacker, when the system parameters are known, how to adjust the attack strategy so that the system can achieve the maximum attack effect with the minimum energy under the energy constraint.

(2)

How to construct the attacker’s identification algorithm to accomplish the parameter estimation when the system parameters are unknown.

(3)

How to implement the optimal data tampering attacks while meeting the real time.

Assumption 1. 

The system noise $\left\{d_{l,k}\right\}$ is a sequence of independent and identically distributed Gaussian random variables whose probability distribution function and probability density function are denoted as $F(·)$ and $f(·)$, respectively.

Remark 1. 

To solve the case that the attacker does not have the knowledge of the threshold and the system parameters, one can view the distribution and system parameters jointly as uncertainties, and extract the information about the noise distribution from the designed input and relevant output data of the system with a modified algorithm.

Remark 2. 

The system in (1) is a quantized linear system model with multiple observing systems, which has a simplified structure but is easy to extend. In the subsequent research, the nonlinearization module can be used to combine and connect, which can well portray the complex nonlinear system. By adding a static nonlinear function with this system, it can be combined into a Hammerstein system or Wiener system.

3. Optimal Attack Strategy

Since the attacker has no knowledge of the defense’s identification algorithm, it is impossible to construct an explicit expression for solving the optimal attack strategy based on the identification algorithm. The information entropy is used in information theory to express the uncertainty contained in the system, which is only related to the distribution probability of the data in the channel and does not depend on the defense’s identification algorithm, and is often used as a detection index of malicious attacks in CPSs. In this section, the average entropy is introduced to construct the attack effect metrics of the system subjected to tampering attacks from the perspective of reducing the amount of information acquired by the estimation center.

3.1. The Modeling of the Optimal Attack Strategy Problem

For a discrete random variable X, with possible values of $\{x_1,x_2,\dots ,x_n\}$, its probability distribution is $\mathrm{Pr}(X=x_i)=p_i(i=1,2,\dots ,n)$, and then the information entropy of X is defined as:

$$H\left(X\right)=-\sum _{i=1}^n{p}_i{log}_2\left(p_i\right).$$

(4)

Theorem 1. 

Under the Assumption 1 and the tampering strategy (3), the overall average entropy of the system after tampering is

$$\begin{array}{c}\hfill \overline{H}=\frac{1}{m}\sum _{l=1}^m(-{\eta }_l{log}_2{\eta }_l-(1-{\eta }_l){log}_2(1-{\eta }_l)),\end{array}$$

(5)

 where ${\eta }_l=q_l+(1-p_l-q_l)F(C_l-{\varphi }_l^T\theta )$.

Proof. 

For a sequence of binary data $\left\{s_{l,k}\right\}$ in the channel after a data tampering attack, with possible values of $\{1,0\}$ and probability distributions of $Pr(s_{l,k}=1)={\eta }_l$ and $Pr(s_{l,k}=0)=1-{\eta }_l$, respectively. When the input vector corresponding to $s_{l,k}$ is ${\varphi }_l^T$, according to (2) and (3), it is obtained that

$$\begin{array}{ccc}\hfill Pr\{s_{l,k}=1\}& =& Pr\{s_{l,k}=1|s_{l,k}^0=1\}Pr\{s_{l,k}^0=1\}+Pr\{s_{l,k}=1|s_{l,k}^0=0\}Pr\{s_{l,k}^0=0\}\hfill \\ & =& (1-p_l)F(C_l-{\varphi }_l^T\theta )+q_l(1-F(C_l-{\varphi }_l^T\theta ))\hfill \\ & =& q_l+(1-p_l-q_l)F(C_l-{\varphi }_l^T\theta )\hfill \\ & =& {\eta }_l.\hfill \end{array}$$

From (4), the information entropy of $s_{l,k}$ is expressed as:

$$\begin{array}{ccc}\hfill H\left(s_{l,k}\right)& =& -{\eta }_l{log}_2{\eta }_l-(1-{\eta }_l){log}_2(1-{\eta }_l).\hfill \end{array}$$

(6)

The overall information entropy of all the data in the system, which is the joint entropy of all the random variables of the system, is expressed according to the chain rule of entropy as:

$$\begin{array}{ccc}\hfill H(s_{1,1},s_{1,2},\dots ,s_{m,N})& =& \sum _{l=1}^m\sum _{k=1}^{N}H\left(s_{l,k}\right|s_{l,k-1},\dots ,s_{1,1})\hfill \\ & =& \sum _{l=1}^m\sum _{k=1}^N(H\left(s_{l,k}\right)-I(s_{l,k};s_{l,k-1},\dots ,s_{1,1})),\hfill \end{array}$$

(7)

where $H\left(s_{l,k}\right|s_{l,k-1},\dots ,s_{1,1})$ is the conditional entropy, which is used to measure the uncertainty or information content of one random variable, $s_{l,k}$, given other random variables, $s_{l,k-1},\dots ,s_{1,1}$ and $I(s_{l,k};s_{l,k-1},\dots ,s_{1,1})$, provide mutual information to quantify the information reduced by $s_{l,k-1},\dots ,s_{1,1}$. Since $s_{l,k}$ are independent of each other, at this point $s_{i,j},i\ne l,j\ne k$ provides no additional information for the elimination of uncertainty in $s_{l,k}$, i.e., $I(s_{l,k};s_{l,k-1},\dots ,s_{1,1})=0$, with $H\left(s_{l,k}\right|s_{l,k-1},\dots ,s_{1,1})=H\left(s_{l,k}\right)$, which leads to $H(s_{1,1},s_{1,2},\dots ,s_{m,N})={\sum }_{l=1}^m{\sum }_{k=1}^{N}H\left(s_{l,k}\right)$.

Combining (6) and (7), there is:

$$\begin{array}{ccc}\hfill \overline{H}& =& \underset{N\to \infty }{lim}\frac{1}{mN}H(s_{1,1},s_{1,2},\dots ,s_{m,N})\hfill \\ & =& \underset{N\to \infty }{lim}\frac{1}{mN}\sum _{l=1}^m\sum _{k=1}^{N}H\left(s_{l,k}\right)\hfill \\ & =& \frac{1}{m}\sum _{l=1}^m(-{\eta }_l{log}_2{\eta }_l-(1-{\eta }_l){log}_2(1-{\eta }_l)).\hfill \end{array}$$

The expression for the average entropy of the system, $\overline{H}$, with respect to the attack strategy $(p_l,q_l)$ is obtained and the theorem is proved.    □

In the actual model, the attack energy is not infinite, so the data tampering attack in this paper needs to satisfy both the total energy constraint and the maximum energy constraint. The total energy constraint is the upper bound of the sum of attack strategies $(p_l,q_l),$ $l=1,2,\dots ,m$ in the set of attack strategies, $\Omega$, denoted as $\epsilon$. There are also restrictions in the attack strategy for a single group attack strategy, and $\overline{p}$ and $\overline{q}$ denote the maximum energy constraints for $p_l$ and $q_l$, respectively.

Under the energy-constrained condition, combined with (5), the question to be investigated in this paper is transformed into: How can the attacking policy reasonably allocate energy to the multi-observation system in order to minimize the average entropy of the system as a whole and obtain the optimal data tampering attack strategy? There are:

$$\begin{array}{cc}& \underset{\Omega }{min}\overline{H},\end{array}$$

(8)

$$\begin{array}{cc}\hfill \mathrm{s}.\mathrm{t}.& {\sum }_{l=1}^m(p_l+q_l)\le \epsilon ,\end{array}$$

(9)

$$\begin{array}{cc}& \underset{l}{max}{p}_l\le \overline{p},\end{array}$$

(10)

$$\begin{array}{cc}& \underset{l}{max}{q}_l\le \overline{q}.\end{array}$$

(11)

For the data tampering attacks in such multiple binary observation systems, ${\Omega }^{*}$ is denoted as the optimal attack strategy, which is also the solution obtained after solving problem (8) with constraints (9)–(11).

3.2. Optimal Attack Strategy Solving Based on PSO

As an attacker, the attack strategy for each observation system is different, and when the system contains multiple observations the expression (5) for the average entropy of the system as a whole has multiple independent variables, and the only dependent variable is the average entropy of the system as a whole, $\overline{H}$. For this kind of optimization problem with multiple independent variables and a single objective, it is difficult to find an explicit solution by ordinary computational methods, so we need an algorithm to solve the problem.

Intelligent optimization algorithms such as PSO and the genetic algorithm (GA) are the most commonly used choices for solving this optimization problem [26,27]. The PSO algorithm is chosen in this paper for the following reasons:

• The PSO algorithm is based on particle optimality and population optimality, where memory and particles with less fitness are saved, while GA has no memory and previous knowledge is destroyed with the change of population.
• For problems with fewer parameters, the PSO algorithm can obtain the optimal solution quickly without losing performance.
• The advantage of GA mainly lies in its global search ability; this paper introduces adaptive mutation in the PSO algorithm, which can help the PSO algorithm to jump out of the local optimum.
• It is easy to adjust the parameters in the PSO algorithm to select the optimal value.

Combining the above factors, this paper selects the PSO algorithm as a method for solving the multi-parameter optimization problems.

In (1), at $l=1,\dots ,m$, if the attacker knows about the system parameters, $\theta$, the threshold, $C_l$, and the input vector, ${\varphi }_l$, this paper is based on PSO for the optimization problem (8) to solve the optimal attack strategy solution set ${\Omega }^{*}=\{p_1^{*},q_1^{*},\dots ,p_m^{*},q_m^{*}\}$.

Optimization design for PSO requires determining the population size, the particle dimensions, the positions and velocities of the particles, the learning factors, the inertia weights, the fitness function, and the maximum number of evolutionary generations.

• Population size. Too large a population size will increase the complexity of the algorithm, resulting in a slow solution, while too small a population size will result in the algorithm failing to find an optimal solution.
• Particle dimension. The particle dimension is set to $2m$ since there are m observational systems, each of which the attacker can choose individually $(p_l,q_l)$.
• Learning factor. The larger the learning factor is, the easier it is to skip the optimal position, while too small a learning factor will result in particles falling into the local optimum easily.
• Inertia weight. The inertia weight is mainly to determine how much the particle is influenced by the velocity vector of the previous moment, and it is enough to choose the appropriate value.
• Fitness function. The fitness value is the function that needs to be optimized as the target. In this paper, the fitness function (5) of the particle is the average entropy of the system, and the optimal position of the population in PSO is the solution to the optimization problem (8) when iterated for many times or when the termination conditions are satisfied.
• Maximum evolutionary algebra. Its effect on the optimization solution process is similar to that of population size; too small a maximum evolutionary generation will cause the algorithm to terminate the iterations early and fail to obtain the optimal solution.

After selecting suitable initialization parameters, the optimal attack strategy, ${\Omega }^{*}$, can be obtained based on the PSO algorithm, and the algorithm flow is as Algorithm 1. In Algorithm 1, the parameters are initialized firstly. In each iteration round, the velocity and particle position are updated according to the optimal and current positions, while $rand$ is a random value. After that, adaptive mutation is performed according to the threshold $c_m$ to provide the possibility for the particle to jump out of the local optimum. Since the optimization problem in this paper introduces energy constraints, the current position of the particle needs to be corrected, and the optimal position ${\left\{G_{i,\mathrm{best}}\right\}}_{i=1}^S$ and $Z_{\mathrm{best}}$ are updated. After the requirements of iteration accuracy or maximum number of iterations are met, the loop is terminated and the optimal attack strategy, ${\Omega }^{*}$, is given. Under the premise that the attacker knows the threshold, $C_l$, the input vector, ${\varphi }_l$, and the system parameter, $\theta$, in the system, Algorithm 1 can satisfy the energy constraints and obtain Ω*.

Algorithm 1: The PSO algorithm to solve Ω*

4. Implementation of Optimal Attack Strategy

Under the premise of given system parameters, the PSO algorithm can obtain the optimal data tampering attack strategy of the system. But, in the actual model, the system parameters, $\theta$, are encrypted and protected, and cannot easily to be uncovered, so this section gives the estimation algorithm of the system parameter, $\theta$, under the condition that the parameters are unknown. After the identification, the implementation of the online optimal attack is given.

4.1. Estimation of Unknown Parameter

For the l-th observation system, the data $s_{l,k}^0$ output by the binary observation in the structure shown in Figure 1 is binomially distributed. Based on Assumption 1, the probability that $s_{l,k}^0$ is 1 is given by the following equation

$$\begin{array}{ccc}\hfill Pr\{s_{l,k}^0=1\}& =& Pr\{d_{l,k}<C_l-y_{l,k}\}\hfill \\ & =& F(C_l-{\varphi }_l^T\theta )\hfill \end{array}$$

(12)

Denoting ${\xi }_{l,k}=\frac{1}{k}{\sum }_{i=1}^k{s}_{l,k}^0$, when $N\to \infty$, there is ${\xi }_{l,k}=F(C_l-{\varphi }_l^T\theta )$. Thus, for m systems, we have the following m equations

$$\begin{array}{ccc}\hfill {\varphi }_1^T\theta & =& C_1-F^{-1}\left({\xi }_1\right),\hfill \\ & ⋮& \\ \hfill {\varphi }_m^T\theta & =& C_m-F^{-1}\left({\xi }_m\right).\hfill \end{array}$$

Noting that $\Phi ={[{\varphi }_1,\cdots ,{\varphi }_m]}^T$ and ${\omega }_k={[C_1-F^{-1}\left({\xi }_{1,k}\right),\dots ,C_m-F^{-1}\left({\xi }_{m,k}\right)]}^T$, an estimate of the system parameter, $\theta$, can be obtained when the matrix, $\Phi$, has full rank,

$${\widehat{\theta }}_k={\Phi }^{-1}{\omega }_k$$

(13)

4.2. Real-Time Improvement by BP Neural Network

In the case of unknown parameters, the previous subsection gives the expression (13) for the attacker to obtain the estimated value, ${\widehat{\theta }}_k$, based on the data $s_{l,k}^0$ output from the binary observer, and the attacker can estimate the parameters while accepting the data and utilize Algorithm 1 to implement the optimal data tampering attack. Although the PSO algorithm converges every time the global optimal position is calculated, it is still difficult to meet the real-time requirements of the data tampering attack, so this subsection introduces the BP neural network to improve the real-time performance.

Taking different $\theta$ as neural network inputs, the optimal attack strategy, ${\Omega }^{*}$, under different $\theta$ is obtained by PSO, the data of mapping the relationship from $\theta$ to ${\Omega }^{*}$ are used as a dataset, and the model is obtained after BP neural network training, and the trained model is denoted as $\varpi \left(\theta \right)$, which is used for the prediction of optimal attack strategies in online attacks.

The first step is the selection of the dataset. The BP network is a data-driven machine learning algorithm, and training requires a large amount of sufficiently motivated data, so we need to uniformly sample the input, $\theta$, in the sample space, and then utilize the PSO algorithm to obtain the optimal output of different inputs, that is, the optimal data tampering attack strategy. The input vector, $\theta$, in the training set needs to be sampled uniformly within the upper and lower bounds, so the input data are obtained as follows:

Assume an n-dimensional vector $\theta =(a_1,a_2,\cdots ,a_n)$, where each dimension, $a_i$, takes values ranging between ${\alpha }_i$ and ${\beta }_i$. Here ${\alpha }_i$ is the lower bound and ${\beta }_i$ is the upper bound.

• Initialization, for the i-th dimension, $a_i$, the range of values is $[{\alpha }_i,{\beta }_i]$.
• The value of $a_i$ can be expressed as follows:

  $$a_i={\alpha }_i+(k_i-1){\Delta }_i,$$

  where $k_i$ is an integer indicating the index of the sampling point in the i-th dimension, and ${\Delta }_i$ is the interval between each step, that is, the step length of the uniform sampling, which is computed by the formula ${\Delta }_i=\frac{{\beta }_i-{\alpha }_i}{N_i-1}$, where $N_i$ is the total number of samples in the i-th dimension.
• Eventually, after sampling each dimension uniformly in the n-dimensional space, all possible combinations of values of the vector $\theta$ are the combinations in each dimension $\theta =(a_1,a_2,\cdots ,a_n)$, where each $a_i$ follows the uniform sampling rule described above.

After obtaining the dataset, the structure of the BP network is designed as a two-layer hidden layer. The BP neural network used to generate the dataset has the following architecture:

• Input: the input to the network is a 3-dimensional vector, which is the parameter estimation of ${\widehat{\theta }}_k$ at the moment k.
• Output: the output of the network is a 6-dimensional vector, which is the optimal data tampering attack strategy, ${\Omega }^{*}$.
• Parameters:

  -

  Input layer: three neurons, corresponding to the 3-dimensional input vector.

  -

  Hidden layer 1: 20 neurons, activation function is tansig.

  -

  Hidden layer 2: 20 neurons, activation function is tansig.

  -

  Output layer: six neurons, activation function is purelin.

  -

  Other parameters: epoch: 1000; optimizer: Levenberg–Marquardt.

The training process of the BP network model is shown in Figure 2.

4.3. Implementation of Online Attack

The model saved after training can be directly invoked in the online attack, and the corresponding attack strategy is generated in real time according to the current moment, ${\widehat{\theta }}_k$. Therefore, the flow of online attack is as follows

$$\begin{array}{ccc}& & {\xi }_{l,k}=\frac{1}{k}({\xi }_{l,k-1}(k-1)+s_{l,k}^0),\hfill \end{array}$$

(14)

$$\begin{array}{ccc}& & w_k={[C-F^{-1}\left({\xi }_{1,k}\right),\dots ,C-F^{-1}\left({\xi }_{m,k}\right)]}^T,\hfill \end{array}$$

(15)

$$\begin{array}{ccc}& & {\widehat{\theta }}_k={\Phi }^{-1}{w}_k,\hfill \end{array}$$

(16)

$$\begin{array}{ccc}& & {\Omega }_k^{*}=\varpi \left({\widehat{\theta }}_k\right),\hfill \end{array}$$

(17)

where the initially given value ${\xi }_{l,0}$ is obtained from ${\xi }_{l,k}$ by $s_{l,k}^0$ at k moments and ${\xi }_{l,k-1}$, and after the parameter estimation, ${\widehat{\theta }}_k$, is obtained, the estimated value is inputted into the trained model to obtain the current optimal attack strategy, ${\Omega }_k^{*}$, and the optimal attack is implemented at the current moment.

5. Numerical Simulation

In this paper, we consider the system based on (1)

$$\left\{\begin{array}{c}{y}_{l,k}={\varphi }_l^T\theta +d_{l,k},\hfill \\ s_{l,k}=I_{\{y_{l,k}\le C_l\}},k=1,\dots ,N,l=1,\dots ,m,\hfill \end{array}\right.$$

(18)

where the sample length $N=5000$; system parameters $\theta ={[3,2,-1]}^T$; the threshold of binary sensor $[C_1,C_2,C_3]=[7,-2,3]$; the attack energy constraint is $\overline{p}=\overline{q}=0.8$, the total energy constraint $ϵ=2$; and the noise satisfies Assumption 1, and is a Gaussian distribution with mean 0 and standard deviation 10. The initial number of populations for PSO is set to 50, the spatial dimension is 6, the maximum number of iterations is 100, the inertia weight is set to 0.8, and the self-learning factor and population learning factor are both 0.3.

The BP neural network used contains two hidden layers, the number of nodes in the input and output layers is related to the dimension of the input and output data, the intermediate hidden layers are set to 20 neuron nodes, and the data in the training set are used in the PSO optimization algorithm to generate 1000 groups of $\theta$ and their corresponding ${\Omega }^{*}$. The training and testing sets are divided into 7:3.

While $\theta$ is given, we compared Algorithm 1 with GA. Both have their populations set to 50, the maximum number of iterations is 100, and the fitness function to be optimized is the average entropy in (5). As shown in Figure 3, it can be seen that the algorithm converges to the optimal value in advance under Algorithm 1, and the average entropy of the global optimal value converged to is better compared with the GA.

Figure 4 plots the average entropy under the optimal attack strategy based on Algorithm 1, and the other two groups of attack strategies are{0.1, 0.3, 0.2, 0.6, 0.5, 0.2} and {0.1, 0.2, 0.3, 0.2, 0.4, 0.4} in comparison. The two groups are in offline form and cannot be updated in real time according to the change of system parameters, and it can be seen that the average entropy of Algorithm 1 is the smallest, which means that the attack is the most effective. In addition, in Figure 5, the estimation error calculated by 2-norm between the true and estimated values of the system parameter, $\theta$, under different attack strategies are shown, at which time the attack based on Algorithm 1 is better than the other two groups of attack strategies.

However, it is difficult for Algorithm 1 to meet the attacker’s requirements for real-time performance in actual attacks, and thus the BP network is needed to optimize the real-time performance of online attacks. In this simulation, 1000 sets of mapping data from different $\theta$ to the optimal attack strategy solution set, ${\Omega }^{*}$, are used as the training set, and the network model is obtained after iterative training of the BP network. In the process of online attack, the attacker utilizes the trained model and takes the real-time value of parameter estimation, ${\widehat{\theta }}_k$, as the network input to obtain the output value, ${\Omega }_k^{*}$, and uses it to carry out the attack strategy for the current attack. In the simulation experiments, the average entropy of the improved online attacks based on the BP network are smaller than the other two sets of strategies, as shown in Figure 6, and, under the same conditions, Figure 7 represents the comparison of the estimation errors between the true values of the system parameters and the estimation values of the proposed network model in this paper, which are larger than the estimation errors of other two sets of data. In addition, under the same hardware platform, in MATLAB environment, the comparison of the time consumption of the two for 5000 sets of data is nearly 19:1, as shown in

Table 1. The comparison of algorithm runtime with $N=5000$.

Algorithm	Algorithm 1 without BP	BP Model
Runtime(s)	890.4995	46.72

, and therefore the BP model is faster than Algorithm 1 and meets the real-time requirements.

6. Conclusions

In this paper, we study the optimal attack strategy when the attacker implements the data tampering attack under the linear system with multi-binary observations, use PSO to solve the attack strategy for minimizing the average entropy of the system, and propose a real-time estimation method for the unknown system parameters. By training the BP network, this paper implements the fast prediction of the attack strategy and improves the real-time performance of the online attack. Finally, the effectiveness of the method is verified based on numerical simulation. In this paper, the system adopts multi-binary observations. Each observation system has different system threshold information and input vectors, but its parameters are all the same, so we can consider the multi-system identification problem under different system parameters in the future.