An Improved Residual-Based Detection Method for Stealthy Anomalies on Mobile Robots

Abstract

With the expansion of the cyber-physical system (CPS) application area, its importance has become more and more prominent. As one of the typical applications of CPS, the anomaly detections of mobile robots have attracted the attention of all parties. As part of the CPS, mobile robots face the problem that conventional residual-based detection methods cannot identify stealthy anomalies. The conventional residual-based detection methods mainly use the residual signal calculated from the control signal and measure output for detection, which is widely used in fault diagnosis. Still, it is difficult to be useful in deceptive stealthy anomalies purposefully imposed on mobile robots, which are designed to evade the conventional detections by tampering with measure output. Furthermore, they can control the system to deviate from the expected operations, causing degradation of control performance or even damage without being detected. Based on this, by analyzing the system model of CPS and the stealthy conditions of anomalies, the improved residual-based detection method is proposed in this paper. Moreover, three stealthy anomalies purposefully imposed on an omnidirectional mobile robot (OMR) are detected by using the conventional residual-based methods and the improved residual-based method. Finally, the experimental results show that the method proposed can effectively detect the stealthy anomalies purposefully imposed on the OMR.

1. Introduction

In recent years, with the vigorous development of network communication and control technologies, the trend of highly integrating cyberspace and physical objects is becoming more and more obvious. CPS is an intelligent system with highly integrated interaction between computing units and physical objects in a networked environment, supported by the Internet of Things, automatic control and other technologies [1]. As an emerging technology field of the century, CPS involves energy, medicine, transportation, logistics, aerospace and even many other fields, and has become the core technology of the new round of industrial change.

While CPS has brought great convenience and benefits, its increasing openness has also ushered in many challenges and threats due to its growing reliance on technologies such as network communications [2]. Because the information domains of CPS are deeply coupled with the physical domains, cyber-attacks on the system from the network can also penetrate the physical layer, causing serious damage to the physical processes of the system and even security incidents. Thus, anomalies artificially and intentionally imposed on the system can be described as cyber-attacks from another perspective. Correspondingly, stealthy anomalies purposefully imposed on the system can also be described as stealthy cyber-attacks. In recent years, there have been many security incidents against CPS worldwide, which have caused great concern in the world. In 2003, many Web sites and Internet services were rendered inaccessible by the Sapphire (or Slammer) worm responsible for the attack [3]. In 2010, the Stuxnet virus attacked Iran’s nuclear power plant, causing the destruction of its centrifuges and rendering the nuclear reactor inoperable for a long time [4,5]. In 2017, WannaCry attacked the National Health Service, causing huge casualties and economic damage [6]. These show that once an attacker successfully attacks the CPS, it will cause serious damage and spread to all aspects of society, generating huge economic losses and irreversible security incidents.

Among the various cyber-attacks against CPS, integrity attacks are specifically targeted at automatic control systems by injecting attack signals into the input and output channels of the system, causing system performance degradation or even causing security incidents [7,8]. For the detection of integrity attacks, observer-based fault detection techniques are widely accepted and effective [9,10]. However, unlike technical failures, network attacks are artificial and can be designed and generated by attackers. In this case, it is difficult to detect them with known detection methods. Such attacks, which cannot be detected with known detection techniques, are called stealthy [11]. For such stealthy integrity attacks, there have been many studies using observer-based detection methods to detect stealthy integrity attacks such as replay, zero-dynamics, covert attacks, etc. [12,13,14]. However, none of these approaches had a unified observer-based general detection scheme until Ding proposed a unified control and detection framework applied to detect stealthy integrity injection attacks in feedback control systems [15]. Therefore, in this paper, the unified control and detection framework is applied to detect stealthy anomalies purposefully imposed on mobile robots.

The main contributions of this paper can be summarized as follows:

• To address the problem that normal residual detection methods cannot detect the existence of stealthy anomalies purposefully imposed on mobile robots, this paper proposes to apply an improved residual-based detection method to the anomaly detection of mobile robots.
• Three ways to achieve stealthy anomalies purposefully imposed on the OMR, zero-dynamic attacks, covert attacks and replay attacks are implemented on the OMR, and their implementation results are analyzed and summarized, then some new conclusions are obtained.
• The application of the improved residual-based method is implemented on the OMR, and the detection performance of this method can meet the requirements for general anomaly detection.

The rest of the paper is organized as follows. Section 2 demonstrates the system model of CPS and three types of stealthy attacks such as zero-dynamic attacks, covert attacks, and replay attacks. In Section 3, the improved residual-based detection method and implementation process are described. The implementations of three stealthy attacks based on the OMR and the detection experiments of the improved residual-based method are given in Section 4. The conclusions are stated in Section 5.

Remark 1.

In this paper, anomalies artificially and intentionally imposed on the system can be described as cyber-attacks. Correspondingly, stealthy anomalies purposefully imposed on the system can also be described as stealthy cyber-attacks. Moreover, the domain variable z or k may be dropped out when there is no risk of confusion.

2. Materials and Methods

2.1. System Description

In general, in case of an attack, as shown in Figure 1, the CPS discrete state space form is represented as follows.

$$\left\{\begin{array}{c}x(k+1)=Ax\left(k\right)+B{u}^a\left(k\right)+w\left(k\right),x\left(0\right)=x_0\hfill \\ y^a\left(k\right)=Cx\left(k\right)+D{u}^a\left(k\right)+a_y\left(k\right)+v\left(k\right)\hfill \end{array}\right.$$

(1)

In addition, considering closed-loop control,

$$u^a\left(z\right)=K\left(z\right)y^a\left(z\right)+\eta \left(z\right)+a_u\left(z\right)$$

(2)

where, $x\left(k\right)\in {\mathbb{R}}^m$ are the system state variables, $x_0$ is the initial state of the system. $u^a\left(k\right)$ and $y^a\left(k\right)$ are the actuator input and system output respectively after the system is attacked, $a_u\left(k\right)$ and $a_y\left(k\right)$ are the attack signals on the actuators and sensors respectively. $w\left(k\right)$ and $v\left(k\right)$ are the process noise and measurement noise of the system respectively, and satisfy $w\left(k\right)\sim N(0,{\sigma }_w^2)$, $v\left(k\right)\sim N(0,{\sigma }_v^2)$. The matrices $A,B,C,D$ are real constant matrices of the corresponding dimensions, representing the system model parameters. $K\left(z\right)$ is the controller parameter, and $\eta \left(z\right)$ is the reference signal.

According to [16], $K\left(z\right)$ can be parameterized by Youla parameterisation in the following form:

$$K\left(z\right)=-{(X\left(z\right)-Q\left(z\right)\hat{N}\left(z\right))}^{-1}(Y\left(z\right)+Q\left(z\right)\hat{M}\left(z\right))$$

(3)

where, $Q\left(z\right)$ is Youla parameterisation, $\left(\widehat{M}\left(z\right),\widehat{N}\left(z\right)\right)$ and $\left(X\left(z\right),Y\left(z\right)\right)$ are coprime pairs, represented by the parameter matrices as follows. The matrix F makes $A_F$ ($A_F=A+BF$) stable, the matrix L makes $A_L$ ($A_L=A-LC$) stable.

$$\begin{array}{c}\widehat{M}\left(z\right)=\left[\begin{array}{cc}{A}_L& -L\\ C& I\end{array}\right],\widehat{N}\left(z\right)=\left[\begin{array}{cc}{A}_L& B-LD\\ C& D\end{array}\right]\hfill \\ X\left(z\right)=\left[\begin{array}{cc}{A}_L& -(B-LD)\\ F& I\end{array}\right],Y\left(z\right)=\left[\begin{array}{cc}{A}_L& -L\\ F& 0\end{array}\right]\hfill \end{array}$$

(4)

Considering the observer-based residual generator, the matrix L is chosen to make $A_L$ stable. Thus the state space expression of the residual generator can be written in the following form.

$$\left\{\begin{array}{c}\widehat{x}(k+1)=A\widehat{x}\left(k\right)+Bu\left(k\right)+L{r}_0\left(k\right)\hfill \\ {\widehat{y}}^a\left(k\right)=C\widehat{x}\left(k\right)+Du\left(k\right)\hfill \\ r_0\left(k\right)=y^a\left(k\right)-{\widehat{y}}^a\left(k\right)\hfill \end{array}\right..$$

(5)

According to [15], the residual signal $r_0\left(z\right)$ can be expressed in the form of coprime pairs as follows.

$$r_0\left(z\right)=\widehat{M}\left(z\right)y^a\left(z\right)-\widehat{N}\left(z\right)u\left(z\right).$$

(6)

2.2. Stealthy Attacks

Whether a cyber-attack is stealthy or not can be determined based on the following Definition 1.

Definition 1.

Given the attack-containing system model (1), $w\left(k\right)=0$, $v\left(k\right)=0$, an injection cyber-attack is stealthy if the following equation holds:

$$\forall u,r_0\left(z\right)=y^a\left(z\right)-{\widehat{y}}^a\left(z\right)=0.$$

(7)

In the following, zero-dynamic attacks, covert attacks and replay attacks are described respectively according to the definition of stealthy.

2.2.1. Zero-Dynamic Attacks

Zero-dynamic attacks mean that only $a_u\left(z\right)$ attacks the actuators of the plant side, while there are no attacks at the sensors, which finally causes $y\left(z\right)=y^a\left(z\right)$ during the period of detection, and cannot be detected. The zero-dynamic attacks satisfy the following form:

$$r_0\left(z\right)=\left[\begin{array}{cc}-\widehat{N}\left(z\right)& \widehat{M}\left(z\right)\end{array}\right]\left[\begin{array}{c}u\left(z\right)+a_u\left(z\right)\\ y^a\left(z\right)\end{array}\right]=-\widehat{N}\left(z\right)a_u\left(z\right)=0.$$

(8)

2.2.2. Covert Attacks

Covert attacks target both actuators and sensors at the plant side. They apply $a_u\left(z\right)$ to the actuators to affect the control performance of the system, while hiding themselves by tampering with data through attacks on the sensors. Therefore, the covert attacks satisfy the following form:

$$\begin{array}{cc}\hfill & r_0\left(z\right)=\left[\begin{array}{cc}-\widehat{N}\left(z\right)& \widehat{M}\left(z\right)\end{array}\right]\left[\begin{array}{c}u\left(z\right)+a_u\left(z\right)\\ y^a\left(z\right)-a_y\left(z\right)\end{array}\right]=-\widehat{N}\left(z\right)a_u\left(z\right)-\widehat{M}\left(z\right)a_y\left(z\right)=0\hfill \end{array}.$$

(9)

2.2.3. Replay Attacks

Replay attacks are mainly performed by accessing the signal transmission channels, attacking the actuators, and recording and re-covering the measurement data of the sensors. The implementation of the replay attacks is: on the sensor side, the measured data in the steady-state of the system are recorded in advance, and the actual measured values are overwritten with the recorded data when the attacks are carried out (i.e., $y\left(k\right)=y(k-\tau ),\tau >0$); at the same time, on the actuator side, $a_u\left(z\right)$ is designed to influence the control performance of the system. Obviously, in the steady-state of the system, the replay attacks are stealthy.

Remark 2.

Zero-dynamic attacks, covert attacks and replay attacks satisfy the stealthy condition of Definition 1. In addition, zero-dynamic attacks and covert attacks require complete knowledge of the system model to evade the detection mechanism of (5), whereas replay attacks do not, and they are stealthy when the system is stable.

3. Theory and Calculation

From the previous analysis, it is clear that the observer-based residual detector expressed in (5) is not effective in detecting stealthy attacks (e.g., zero-dynamic attacks, covert attacks, replay attacks, et al.). Therefore, when the CPS faces a stealthy attack, a more effective method is needed to detect the attack. This section mainly describes the method of intrusion detection based on the improved residual [15].

3.1. The Construction of Improved Residual Method

From the perspective of preventing attackers from using the data for identification, an encryption strategy acting on control signals is proposed, which makes the data transmitted via the network no longer $u\left(z\right)$ and $y\left(z\right)$.

In the absence of attacks, on the plant side, $u\left(z\right)$ can be obtained by observer-based feedback control,

$$\left\{\begin{array}{c}\widehat{x}(z+1)=A\widehat{x}\left(z\right)+Bu\left(z\right)+L{r}_{0,p}\left(z\right)\hfill \\ u\left(z\right)=F\widehat{x}\left(z\right)-Q\left(z\right)r_{0,p}\left(z\right)+\overline{\eta }\left(z\right)\hfill \\ \overline{\eta }\left(z\right)=(X\left(z\right)-Q\left(z\right)\widehat{N}\left(z\right))\eta \left(z\right)\hfill \end{array}\right..$$

(10)

The following transformation is performed to avoid attackers using $y\left(z\right)$ and $u\left(z\right)$ directly:

$$\left\{\begin{array}{c}u\left(z\right)=F\widehat{x}\left(z\right)+\gamma \left(z\right)\hfill \\ \gamma \left(z\right)=\overline{\eta }\left(z\right)-Q\left(z\right)r_{0,p}\left(z\right)\hfill \end{array}\right.,$$

(11)

where, $r_{0,p}\left(z\right)$ is used as a signal transmitted from the plant side to the controller side instead of $y\left(z\right)$, and $\gamma \left(z\right)$ is used as a signal transmitted from the controller side to the plant side instead of $u\left(z\right)$. $\widehat{x}\left(z\right)$ is observed by setting a state observer on the plant side.

Remark 3.

The positions of the observers in (5) and (10) are different. The observer given in (5) is constructed on the controller side and the observer given in (10) is constructed on the plant side. Therefore, $r_0\left(z\right)$ is computed by estimating from $u\left(z\right)$ and $y^a\left(z\right)$, $r_{0,p}\left(z\right)$ is computed by estimating from $u^a\left(z\right)$ and $y\left(z\right)$.

Referring to (2), (3) and (10), and considering that in the absence of attacks, the following equation holds:

$$\begin{array}{cc}\hfill & X\left(z\right)u\left(z\right)+Y\left(z\right)y\left(z\right)-\gamma \left(z\right)\hfill \\ \hfill & =X\left(z\right)u\left(z\right)+Y\left(z\right)y\left(z\right)-\overline{\eta }\left(z\right)+Q\left(z\right)r_{0,p}\left(z\right)\hfill \\ \hfill & =u\left(z\right)-F\widehat{x}\left(z\right)-\gamma \left(z\right)=0\hfill \end{array}.$$

(12)

Therefore, the detection encryption signal $\beta \left(z\right)$ is set in the form shown below:

$$\begin{array}{cc}\hfill & \beta \left(z\right)=u\left(z\right)-F_{\sigma }\widehat{x}\left(z\right)-\left(u\left(z\right)-F\widehat{x}\left(z\right)\right)=R_{\sigma }\left(z\right)\gamma \left(z\right)+Q_{\sigma }\left(z\right)r_{0,p}\left(z\right)\hfill \end{array},$$

(13)

where $F_{\sigma }$ is the set of arbitrary state feedback matrices that make $A_{F_{\sigma }}$ ($A_{F_{\sigma }}=A+B{F}_{\sigma }$) stable, and F is one of them, the following relation exists:

$$R_{\sigma }\left(z\right)=\left[\begin{array}{cc}{A}_F& B\\ F-F_{\sigma }& O\end{array}\right],Q_{\sigma }\left(z\right)=\left[\begin{array}{cc}{A}_F& L\\ F-F_{\sigma }& O\end{array}\right].$$

(14)

The residual signal $r_{\beta }\left(z\right)$ is constructed as follows:

$$r_{\beta }\left(z\right)=\beta \left(z\right)-R_{\sigma }\left(z\right)\gamma \left(z\right).$$

(15)

Obviously, according to (13) and (15), when there is no attack,

$$r_{\beta }\left(z\right)=Q_{\sigma }\left(z\right)r_{0,p}\left(z\right).$$

(16)

When there is a stealthy attack,

$$r_{\beta }\left(z\right)=R_{\sigma }\left(z\right)X\left(z\right)a_{\gamma }\left(z\right)+Q_{\sigma }\left(z\right)r_{0,p}\left(z\right).$$

(17)

It can be found that stealthy attacks can be effectively detected by $r_{\beta }\left(z\right)$, and the detection process is described in Algorithm 1.

Algorithm 1: Detection Process Based on $r_{\beta }\left(z\right)$

(1) Construct a state observer on the plant side and calculate $\beta \left(z\right)$, $r_{0,p}\left(z\right)$. $$\widehat{x}(k+1)=\left(A+BF\right)\widehat{x}\left(k\right)+B{\gamma }^a\left(k\right)+L{r}_{0,p}\left(k\right)$$ where $r_{0,p}\left(z\right)$ and $\beta \left(z\right)$ are calculated according to (10) and (13). (2) $r_{0,p}\left(z\right)$ and $\beta \left(z\right)$ are transmitted from the plant side to the controller side via the network. $${\beta }^a\left(z\right)=\beta \left(z\right)+a_{\beta }\left(z\right),r_{0,p}^a\left(z\right)=r_{0,p}\left(z\right)+a_{r_{0,p}}\left(z\right)$$ (3) The signals $\gamma \left(z\right)$ and $r_{\beta }\left(z\right)$ are derived on the controller side by (11) and (15). (4) $\gamma \left(z\right)$ is transmitted from the controller side to the plant side via the network. $${\gamma }^a\left(z\right)=\gamma \left(z\right)+a_{\gamma }\left(z\right)$$

3.2. Detection Logic and Scheme Realization

In order to achieve the detection of cyber-attacks, the detection logic is set as follows.

$$\left\{\begin{array}{c}J\left(r\left(k\right)\right)\le J_{th}\Rightarrow attack-free\hfill \\ J\left(r\left(k\right)\right)>J_{th}\Rightarrow attacked\hfill \end{array}\right.$$

(18)

where $J(·)$ is the residual evaluation function, $r\left(k\right)$ stands for $r_0\left(k\right)$ or $r_{\beta }\left(k\right)$, and $J_{th}$ is the set threshold value, which is a given upper-bound of false alarm rate $\alpha$. The relevant definitions are as follows:

$$\left\{\begin{array}{c}J\left(r\left(k\right)\right)={∥r\left(k\right)∥}_p,r\left(k\right)=r_0\left(k\right)or{r}_{\beta }\left(k\right)\hfill \\ J_{th}={\chi }_{1-\alpha }^2\left(m\right)\hfill \end{array}\right..$$

(19)

Therefore, the realization of the detection scheme can be summarized as shown in Figure 2.

4. Results and Discussions

The method for constructing $r_{\beta }\left(k\right)$ for detecting stealthy attacks is presented previously to address the problem that stealthy attacks evade the detector based on $r_0\left(k\right)$. To better demonstrate the method, a 4-round omnidirectional mobile robot (OMR) is used for experimental verification, as shown in Figure 3. The OMR has sensor modules such as an RGB-D camera, a single-line LIDAR, and an odometer. It is equipped with two controllers, a Jetson Nano and an STM32 controller, which communicate with each other through the serial ports to transfer data. Ubuntu is installed on the Jetson Nano to run ROS, and the STM32 controller is used to control the motion chassis and collect various sensor information. In practice, it is usually connected to the WIFI of the OMR through another PC to remotely log into the ROS system of the OMR, thus issuing commands on the remote PC to operate the OMR movement and display the motion trajectory. Among them, WIFI uses the IEEE 802.11n wireless transmission standard protocol.

The transmission process of signals is described as follows. The signals are exchanged between the control system and the OMR via WIFI. The control commands are transmitted from the control system to the OMR via the network, thus driving the four motors and enabling the OMR to move as instructed. The sensor signals (i.e., position information of the OMR) are transmitted from the OMR to the control system via the network, which updates the control commands. The frequency of the signal transmission in the OMR is 50 Hz.

The state variables $x={\left[\dot{x},\dot{y},\dot{\theta }\right]}^T$ of the OMR are the X-axis and Y-axis travel velocity and rotation angular velocity in the robot coordinate system. The attacker attacks the control commands and sensor data through the WIFI transmission channel. In the experiment, it is assumed that only the odometer of the OMR works properly. Meanwhile, the expected movement strategy of the OMR is to travel in a straight line with a speed of 0.5 m/s. The attacker performs a stealthy attack during the driving process and gets the driving data of the OMR.

4.1. Realization of the Stealthy Attacks

4.1.1. Realization of Zero-Dynamic Attacks

Zero-dynamic attacks directly attack the control voltage of the OMR until the input voltages of motors reach the upper limit, causing motors to be damaged and unable to function properly. In this paper, the target of zero-dynamic attacks is the rotation angular velocity $\dot{\theta }$ of the OMR.

Recalling (8), zero-dynamic attacks satisfy $\widehat{N}\left(z\right)a_u\left(z\right)=0$, which is not implemented in engineering well. However, according to [17], they also satisfy $a_u\left(k\right)={\upsilon }^{k}g$, which is generally easy to implement in engineering. Where the system zero $\upsilon$ and the corresponding input-zero direction g can be calculated by solving the following equation:

$$\left[\begin{array}{cc}\upsilon I-A& -B\\ C& 0\end{array}\right]\left[\begin{array}{c}{x}_0\\ g\end{array}\right]=\left[\begin{array}{c}0\\ 0\end{array}\right]$$

(20)

where, $x_0$ is the initial state of the system for which the input sequence $a_u\left(k\right)$ results in an identically zero output.

In the experiment, $x_0={[0,0,0]}^T$, based on the parameters (i.e., A, B and C) of the OMR model, $\upsilon$ and g are obtained according to (20) as follows:

$$\begin{array}{cc}\hfill & \upsilon =1.006\hfill \\ \hfill & g=[-0.080405739446990,\hfill & \hfill -0.080405742373845,\\ \hfill & 0.080405942390918,\hfill & \hfill 0.080405939501639]\end{array}$$

(21)

Figure 4 shows the situation when the OMR is subjected to zero-dynamic attacks. The OMR travels forward in a straight line at 0.5 m/s as scheduled. At 3.34 s, zero-dynamic attacks are injected into the OMR, directly attacking the input voltages of four wheels, which is excepted to make the OMR end up uncontrolled and rotate rapidly in place until it stops.

Remark 4.

The variables appearing with subscript c in the legend of Figure 4 all refer to the expected speed issued in the control system, while those without subscript c refer to the actual speed of the OMR. And, the situations are similar in the figures appearing later in the paper.

The input voltages of wheels for the whole process are shown in Figure 4a. From the figure, in the early stage (3.34 s~6.40 s) of zero-dynamic attacks, we can find that $a_u\left(k\right)$ have been hidden in the input voltages of the normal control, which can also be seen in $a_u\left(k\right)={\upsilon }^{k}g$ and (21), at this point the attack signal $a_u\left(k\right)$ are very small. At 6.40 s, $a_u\left(k\right)$ cancel out with the input voltages of the normal control, which causes the OMR to stop and start rotating. After that, $a_u\left(k\right)$ start to grow exponentially until the input voltages reach the maximum voltage (the maximum voltage of the OMR is 15 V).

Figure 4b,c show the three state variables (i.e., $\dot{x}$, $\dot{y}$ and $\dot{\theta }$) for the actual travel of the OMR. From Figure 4b, it can also be found that the OMR stops at 6.90 s, which corresponds to the input voltages in Figure 4a. Figure 4c also shows that the OMR performed a rapid rotation in place after stopping. Finally, the following summary of the zero-dynamic attacks can be obtained.

Conclusion 1.

Zero-dynamic attacks directly attack the actuators and are always increased by a small margin and remain stealthy in the early stages. By the time attacks have revealed their impact on the control system, the best time to protect against them has been missed. Therefore, a good detection method requires that attacks can be detected before there is a huge impact on the system.

4.1.2. Realization of Covert Attacks

From the understanding of (9), covert attacks, after designing $a_u\left(k\right)$, accordingly need to design $a_y\left(k\right)$ appropriately to make them evade the general detection mechanism. In the experiment, once attacks are injected into the OMR, attack signals start to take over the OMR, and at the same time return the position information of the OMR driving according to the predetermined control commands to the control system, giving it the illusion that the OMR is still in the normal driving state.

Figure 5 shows the situation when the OMR is subjected to covert attacks. The expected movement of the OMR is divided into four stages: in the first stage, the OMR travels in a straight line at 0.5 m/s for awhile and then stops; in the second stage, it turns left after stopping; in the third stage, it turns right after stopping; in the fourth stage, it travels in a straight line at 0.5 m/s for a short distance and then accelerates to 0.6 m/s and continues to travel in a straight line. Correspondingly, covert attacks are injected into each stage of the OMR, thus causing the OMR to deviate from the expected trajectory. The expected movement of the OMR and the corresponding covert attacks are shown in

Table 1. The expected movement of the OMR and the corresponding covert attacks.

The Expected Movements of the OMR	Descriptions of Movements	Time of Movement	Time of Attacks	Types of Attacks	Attack Effects
the first stage	straight ahead at 0.5 m/s	0 s~2.9 s	1.0 s~2.9 s	attack #c1	pan to the left at 0.23 m/s
the second stage	turn left	3.2 s~4.8 s	3.2 s~4.8 s	attack #c2	turn right under attacks
the third stage	turn right	5.0 s~6.6 s	5.0 s~6.6 s	attack #c3	turn left under attacks
the fourth stage	straight ahead at different speeds	6.8 s~10.0 s	8.0 s~10.0 s	attack #c4	accelerate rotation in place

.

In Table 1, the OMR is at a stop during the interval of the four stages (e.g., 2.9 s~3.2 s). Combining Figure 5 and Table 1, it can be found that the covert attacks can cause stealthy attacks on the system by designing suitable signals as long as the system model is known, regardless of whether the system is in a stable state or not, which is different from the replay attacks.

4.1.3. Realization of Replay Attacks

According to the principle of replay attacks, their implementation is relatively simple, and the key point is the recording and replay of sensor data in the steady state of the OMR. The situation when the OMR is subjected to replay attacks is shown in Figure 6. In the early stage, a set of stable sensor data of the OMR travelling in a straight line at 0.5 m/s is recorded. During the attack phase, the control system sends commands and expects to control the OMR to travel in a straight line at a speed of 0.5 m/s. Then, replay attacks send the data recorded in advance to the control system, overwriting the actual running data of the OMR, i.e., making the control system believe that the OMR has normally been travelling in a straight line at 0.5 m/s. At the same time, attacks with different effects are injected into the OMR at each of the three time periods to make the OMR deviate from the expected trajectory. The attacks are described in

Table 2. The description and duration of replay attacks.

The Expected Movement	Time of Attacks	Types of Attacks	Attack Effects
the OMR travels in a straight line at 0.5 m/s	1.0 s~3.4 s	attack #r1	pan to the left at 0.23 m/s
	4.4 s~6.0 s	attack #r2	pan to the left at 0.44 m/s
	7.0 s~10.4 s	attack #r3	accelerate rotation in place

.

Obviously, the principle of replay attacks is equivalent to constructing a virtual control object in the control system, making it mistakenly believe that it is in normal control. The key to this lies in how to overwrite the received data of the control system without being detected.

By analyzing the principles and implementation results of the above three stealthy attacks, the following conclusion can be obtained, which will help in understanding the detection method introduced in Section 3.

Conclusion 2.

Zero-dynamic attacks, covert attacks, and replay attacks all evade the general detection mechanism by manipulating the sensor data received in the control system. However, because attacks aim to affect the plant, the influence on the$u\left(k\right)$received in the plant due to attacks cannot be eliminated. This gives us an insight into the detection of stealthy attacks in terms of determining whether there are anomalies in the control signals of the plant side.

4.2. Analysis of the Detection Results

For stealthy attacks, the previous sections analyzed that they are theoretically stealthy for the detector based on $r_0\left(k\right)$ and not for the detector based on $r_{\beta }\left(k\right)$. In the following, two detection methods are experimented and analyzed.

4.2.1. Detection Mechanism

According to the theory of ${\chi }^2$ detection, the residual evaluation function $J\left(r_0\left(k\right)\right)$ and $J\left(r_{\beta }\left(k\right)\right)$ are constructed as follows.

$$\left\{\begin{array}{c}J\left(r_0\left(k\right)\right)=r_0^T\left(k\right){\Sigma }_{r_0}{r}_0\left(k\right)\hfill \\ J\left(r_{\beta }\left(k\right)\right)=r_{\beta }^T\left(k\right){\Sigma }_{r_{\beta }}{r}_{\beta }\left(k\right)\prime \hfill \end{array}\right.$$

(22)

where ${\Sigma }_{r_0}$ and ${\Sigma }_{r_{\beta }}$ are the covariance matrices of $r_0\left(k\right)$ and $r_{\beta }\left(k\right)$, respectively.

Therefore, the test statistics used for the two detection methods (i.e., based on $r_0\left(k\right)$ and based on $r_{\beta }\left(k\right)$) are expressed as follows.

$$\left\{\begin{array}{c}{J}_1\left(k\right)=J\left(r_0\left(k\right)\right)\sim {\chi }^2\left(m\right)\hfill \\ J_2\left(k\right)=J\left(r_{\beta }\left(k\right)\right)+J\left(r_0\left(k\right)\right)\sim {\chi }^2\left(n\right)\hfill \end{array}\right.$$

(23)

where $J_1\left(k\right)$ is corresponding to the detection method based on $r_0\left(k\right)$ and $J_2\left(k\right)$ is corresponding to the detection method based on $r_{\beta }\left(k\right)$; m and n are the corresponding degrees of freedom respectively, where $m=3$ (i.e., three state variables), $n=4$ (i.e., four control variables).

Set the false alarm rate $\alpha =0.05$, and the corresponding threshold values of $J_1\left(k\right)$ and $J_2\left(k\right)$ are 7.815 and 9.488 respectively by querying the ${\chi }^2$ distribution table.

4.2.2. Detection Results

Three stealthy attacks are detected and analyzed based on the aforementioned detection mechanism. The detection results of the three stealthy attacks are shown in Figure 7, Figure 8 and Figure 9, respectively.

For the detection of zero-dynamic attacks, in Figure 7, we can find that the detection method based on $r_0\left(k\right)$ basically cannot detect the existence of zero-dynamic attacks either before the OMR stops or when the OMR starts to rotate. It may detect zero-dynamic attacks only when the motors finally fail completely, but at that point it is of little significance. Accordingly, the detection method based on $r_{\beta }\left(k\right)$ performs very satisfactorily, detecting zero-dynamic attacks at 6.72 s, which is much more meaningful in practice. Although this method does not immediately detect zero-dynamic attacks at the moment they are injected, it can detect them before they start to affect the normal operation of the OMR, which can also play an early warning role.

Moreover, as seen in Figure 4, the injection of zero-dynamic attacks in the early stage does not have a great impact on the normal operation of the OMR, and its main function in this stage is to take over the actuators stealthily in preparation for the subsequent major attacks on the system. Therefore, it is of practical significance for the method based on $r_{\beta }\left(k\right)$ to detect the zero-dynamic attacks before they have a large impact on the system.

For the detection of covert attacks, in Figure 8, we can find that, after injecting covert attacks, the detection method based on $r_0\left(k\right)$ does not detect the existence of the attacks at all. In contrast, the detection method based on $r_{\beta }\left(k\right)$ can detect the attacks obviously and can detect the attacks continuously with the existence time of the attacks, which will make the covert attacks invisible.

Any one of the four covert attacks (see Table 1) can cause the OMR to deviate from its expected trajectory, but due to the detection of the method based on $r_{\beta }\left(k\right)$, the control system can be aware of the attacks on the OMR in time and thus make preventive as well as rescue measures. Among them, there is a small period before $J_2\left(k\right)$ for both turn attacks (i.e., attack #c2 and attack #c3) reach the alarm threshold. This is because the $\dot{x}$, $\dot{x_c}$ are basically the same when the OMR is turning left and right, and only the $\dot{y}$, $\dot{y_c}$ and $\dot{\theta }$, $\dot{{\theta }_c}$ are different, see Figure 5. So $J_2\left(k\right)$ take a small time to reach the alarm threshold. However, this is enough to prove the effectiveness of the method based on $r_{\beta }\left(k\right)$.

For the detection of replay attacks, in Figure 9, we can find that the method based on $r_0\left(k\right)$ does not detect the existence of the attacks at all, which is exactly in line with the stealthy nature of replay attacks. As for the method based on $r_{\beta }\left(k\right)$, it not only detects replay attacks but also tracks them in time. Of course, the prerequisite is that the data of the steady-state of the OMR are recorded in advance, and the control system expects to control the OMR in the same steady-state. Otherwise, when the steady state of the OMR changes, the expected control commands also change, and the attacks can be detected by using the method based on $r_0\left(k\right)$ at this time.

Moreover, the method based on $r_{\beta }\left(k\right)$ can show the relative size of the attack magnitudes to some extent. For example, for attack #r1 and attack #r2, they cause the effect of making the OMR move flat to the left but at different speeds, i.e., with different attack magnitudes. And by calculating the $J_2\left(k\right)$ of the two attacks, it can be found that the $J_2\left(k\right)$ of attack #r2, which has a larger speed, is also relatively larger. This feature may be applied in evaluating the attack hazard level in the future.

5. Conclusions

For the problem that three stealthy attacks (i.e., zero-dynamic attacks, covert attacks, replay attacks) based on mobile robots cannot be detected by normal residual signal $r_0\left(k\right)$, this paper introduces an improved residual-based detection method that can achieve the detection of the attacks. First, the stealthy conditions of the three attacks are explained and defined, and their theoretical representations are given. In addition, the improved detection method based on the residual $r_{\beta }\left(k\right)$ is introduced, and the implementation process is summarized. Then, the process of implementing the three attacks on OMR and the results are given, and the characteristics of each attack are analyzed and summarized. Finally, based on the ${\chi }^2$ detection mechanism, the three attacks are detected by using two residual signals, $r_0\left(k\right)$ and $r_{\beta }\left(k\right)$. It is found that the detection effect of the improved detection method based on $r_{\beta }\left(k\right)$ is consistent with the conclusion given in the theoretical part, which can successfully detect the three stealthy attacks.

Further, after successfully detecting stealthy attacks, the ultimate goal is to maintain the stable operation of the system. Therefore, based on the detection results, how to perform security state estimation and recovery control to ensure that the system can still maintain the normal state after the attacks should be studied, which are the future research directions.