A Bilevel Optimization Framework for Adversarial Control of Gas Pipeline Operations

Abstract

Cyberattacks on pipeline operational technology systems pose growing risks to energy infrastructure. This study develops a physics-informed simulation and optimization framework for analyzing cyber–physical threats in petroleum pipeline networks. The model integrates networked hydraulic dynamics, SCADA-based state estimation, model predictive control (MPC), and a bilevel formulation for stealthy false-data injection (FDI) attacks. Pipeline flow and pressure dynamics are modeled on a directed graph using nodal pressure evolution and edge-based Weymouth-type relations, including control-aware equipment such as valves and compressors. An extended Kalman filter estimates the full network state from partial SCADA telemetry. The controller computes pressure-safe control inputs via MPC under actuator constraints and forecasted demands. Adversarial manipulation is formalized as a bilevel optimization problem where an attacker perturbs sensor data to degrade throughput while remaining undetected by bad-data detectors. This attack–control interaction is solved via Karush–Kuhn–Tucker (KKT) reformulation, which results in a tractable mixed-integer quadratic program. Test gas pipeline case studies demonstrate the covert reduction in service delivery under attack. Results show that undetectable attacks can cause sustained throughput loss with minimal instantaneous deviation. This reveals the need for integrated detection and control strategies in cyber–physical infrastructure.

1. Introduction

Critical pipeline infrastructure networks are the backbone of modern energy transportation, which enables the large-scale delivery of oil, gas, and refined petroleum products over vast geographic regions. These networks, composed of interconnected pipelines, pump stations, valves, and storage facilities, operate continuously to meet dynamic energy demands. Their reliable performance is essential for economic stability, national security, and the functioning of industrial and consumer sectors [1].

Over the past two decades, the digitalization of pipeline operations through supervisory control and data acquisition (SCADA) systems, Industrial Control Systems (ICSs), and distributed IoT-based sensors has enhanced operational efficiency, improved situational awareness, and enabled predictive maintenance [2]. However, this integration of cyber and physical components has also expanded the potential attack surface, which exposes critical pipeline systems to sophisticated cyber–physical threats. Malicious actors can exploit vulnerabilities in both information technology (IT) and operational technology (OT) domains, which has the potential to cause severe disruptions to energy supply chains [3].

Real-world incidents have underscored the severity of such risks. For example, the 2021 Colonial Pipeline ransomware attack demonstrated that compromising IT assets, even without directly tampering with OT controls, can lead to precautionary shutdowns of physical operations. This resulted in fuel shortages, price spikes, and cascading supply chain effects [4]. Similarly, targeted manipulation of OT components, such as pumps and valves, can disrupt hydraulic stability, reduce throughput, and damage physical assets. These highlight the urgent need for analytical and simulation tools to assess pipeline system resilience under cyberattack scenarios.

While prior studies have explored cyber–physical vulnerabilities in industrial systems, research specifically addressing pipeline infrastructure networks remains relatively limited. Existing approaches often focus exclusively on either cyberattack detection or physical flow modeling, without integrating both aspects into a unified framework. As a result, there is a lack of simulation platforms capable of representing realistic hydraulic dynamics alongside diverse cyberattack vectors. This gap limits the ability of operators, policymakers, and security analysts to anticipate attack impacts, design robust countermeasures, and evaluate recovery strategies. In this study, we propose a physics-informed, graph-based framework for evaluating cyberattack impacts on pipeline infrastructure networks. The framework models pipeline hydraulics coupled with discrete-time network flow dynamics. A case study on a test pipeline network illustrates how disruptions propagate through the network.

2. Literature Review

2.1. Cybersecurity in Critical Infrastructure Systems

Advances in sensing, communication, and automation have transformed traditional infrastructure systems into highly interconnected, intelligent networks. For example, across diverse sectors such as transportation, energy, healthcare, and the built environment, infrastructure systems are adopting advanced technologies, including connected and autonomous vehicles, real-time monitoring and control, Internet of Things (IoT) devices, and digital modeling, to enhance operational intelligence and connectivity [5]. These smart and connected infrastructures promise significant gains in efficiency and safety. However, they also introduce complex cyber–physical vulnerabilities [6]. Malicious actors can exploit weaknesses in IoT devices, communication protocols, and autonomous control systems to disrupt services, cause physical damage, or compromise safety. Beyond detection and control methods, practical deployment should align with security–privacy frameworks and interoperable industrial AI platforms [7]. Recent incidents illustrate these risks, including the 2016 ransomware attack on the San Francisco Municipal Transportation Agency that disrupted fare collection and transit operations [8], the 2021 Colonial Pipeline ransomware attack that halted fuel delivery across much of the U.S. East Coast [9], and the 2020 ransomware incident at Vermont Medical Center that delayed surgeries and disabled electronic medical records [10]. Most recently, in July 2025, a coordinated attack struck the municipal information systems of the City of St. Paul, Minnesota, forcing officials to shut down critical IT infrastructure [11]. These incidents demonstrate how highly interconnected infrastructures create intricate cyber–physical dependencies, where a digital breach can cascade into operational paralysis and pose significant public safety risks.

Previous studies have identified various cyberattack methods in OT and ICSs [12]. One widely studied type of cyberattack is reconnaissance and lateral movement, in which attackers begin by scanning and analyzing the network to gather information about its structure, devices, and software. After gaining initial access, they move from one part of the system to another by exploiting outdated technologies and the lack of proper separation between enterprise and control networks, aiming to reach critical components without being detected [13]. False-data injection is a commonly studied attack technique in which adversaries modify sensor measurements to mislead the system’s state estimation, causing the controller to make incorrect decisions while passing standard error checks [14]. Replay attacks involve recording legitimate sensor or control signals and then resending them at a later time, which allows attackers to perform unauthorized actions while the system continues to observe data that appears valid [15]. Command and logic manipulation refers to altering control instructions, setpoints, or the internal logic of programmable devices, as demonstrated by malware that rewrites industrial controller code to trigger physical damage without immediate detection [16]. Denial-of-service and resource exhaustion attacks reduce system availability by overwhelming communication channels, computation units, or control loops, which disrupts real-time feedback and prevents operators from monitoring or intervening effectively [17]. Stealthy attacks remain active in the system without triggering alarms by introducing subtle changes that preserve normal operating patterns, making it difficult to detect them using conventional monitoring methods [18].

2.2. Pipeline Network Modeling and Control

Pipeline transmission systems are typically represented as graphs whose edges denote pipes and whose nodes denote junctions, supplies, withdrawals, compressors, and regulators, with nodal coupling conditions enforcing mass conservation and element-specific pressure relations [19]. Pipeline networks are commonly modeled by applying physical conservation laws to describe the dynamic relationships among pressure, flow, and gas density. On each pipe, gas transport is typically formulated using one-dimensional compressible flow equations that include the continuity equation for mass conservation and a momentum equation that captures pressure gradients, inertia, and friction effects [20]. The Darcy–Weisbach equation is frequently used to quantify pressure loss due to friction, expressed as a function of velocity, pipe roughness, and diameter [21]. These fundamental equations relate the temporal and spatial variation in pressure and flow rate along each pipeline segment. In cases where temperature variations significantly affect gas behavior, an additional energy balance equation is introduced to model thermal dynamics and heat exchange with surrounding soil [22].

In pipeline networks, Kalman filter-based approaches are widely employed to estimate the distributed hydraulic state by integrating sparse sensor measurements with physical models. These methods rely on variants of the Kalman filter to assimilate telemetry data and infer unmeasured pressures and flows while accounting for noise and model uncertainty [23]. For example, extended Kalman filters (EKFs) are commonly used to handle the nonlinearities in the pipe dynamics by linearizing the system around current estimates [24]. When high-fidelity modeling is required, unscented Kalman filters (UKFs) offer improved performance by capturing nonlinear transformations without explicit linearization [25]. These estimation frameworks can also incorporate composition-dependent variables by augmenting the state vector with gas species balances, enabling joint inference of hydraulic and chemical parameters [26]. In operational settings, residuals between predicted and observed values are often monitored to detect anomalies such as leaks or faults, further demonstrating the utility of Kalman filtering as both a state estimator and a diagnostic tool [27].

Model predictive control (MPC) has been widely applied to optimize gas pipeline operations by adjusting compressor and valve actions over a receding horizon, while satisfying transient hydraulic constraints on pressures, flows, and actuators [28]. Variants such as tracking MPC and economic nonlinear MPC have been developed to update unmeasured states in real time and reduce energy and fuel costs, respectively, while recent work incorporates data-driven models to address plant–model mismatch and improve control under fully transient conditions [29,30,31]. These control strategies rely on supervisory control and data acquisition (SCADA) systems, which collect real-time measurements and issue operational commands through networks of field sensors, remote terminal units, and centralized control centers [32]. SCADA data supports state estimation using Kalman filter variants to infer pressures and flows at uninstrumented locations, feeding critical feedback signals into MPC [23]. Additionally, SCADA historians and alarm systems enable leak detection by comparing real-time measurements with transient model predictions [33], and machine learning methods have been applied to SCADA telemetry to detect rare cyber or process anomalies under class imbalance [34]. As SCADA adopts open protocols and IP networking, the expanded connectivity introduces new cybersecurity risks, making it vital to combine telemetry with physics-based models and residual analysis to enhance anomaly detection and reduce false alarms [35,36].

2.3. Cyber–Physical Modeling of Pipeline Attacks

Prior work has modeled cyberattacks against pipeline SCADA telemetry using various mathematical and machine learning frameworks. For example, Choubineh et al. [34] introduced a cost-sensitive SCADA attack classifier that leverages Fisher’s discriminant analysis to correct extreme class imbalance on a virtual gas pipeline dataset. The modeling encodes misclassification asymmetry through class-dependent costs and forms linear discriminants on windowed telemetry vectors to separate benign and malicious events. Zheng et al. [37] proposed a deep anomaly detector for multi-product pipelines that exploits coupled spatial and temporal correlations in operations. The model constructs feature tensors over pipeline segments and time lags and trains a supervised network to capture coordinated deviations across stations. Xu et al. [38] designed a transformer-based generative adversarial network for SCADA time series that learns normal behavior and flags attacks via reconstruction discrepancies. The generator–discriminator pair uses attention to model long-range dependencies, and an anomaly score blends reconstruction error with discriminator confidence. Altaha and Hong [39] built a protocol-aware intrusion detector for DNP3 traffic by modeling function-code usage and sequencing patterns relevant to pipeline SCADA. The modeling derives statistical profiles over command types and inter-arrival timing and applies unsupervised clustering to expose protocol-level manipulations. Kim et al. [40] presented a comparative benchmarking framework for ICS time-series detectors to guide model selection under operational variability. The framework standardizes preprocessing, sliding-windowing, and thresholding and reports metrics such as F1 and AUROC across representative operating regimes. İsmail Durgut and Leblebicioğlu [23] applied a Kalman filter-based state estimator to transient gas pipelines so that residuals between predictions and measurements act as physics-informed attack indicators.

Another related line of work is secure state estimation under stealthy false-data injection (FDI). The goal is to keep estimation errors bounded even when some sensors are arbitrarily compromised. Many approaches rely on attack sparsity and sensor reconfiguration. For example, adaptive switching observers can isolate corrupted channels when the number of attacked sensors remains below a detectability threshold [41]. Robust estimators with provable performance have also been designed by combining local observers, residual screening, and fusion to approach the fundamental limits under sparse sensor integrity attacks [42]. On the adversary’s side, optimal linear deception strategies for remote state estimation have been analyzed to capture stealth constraints and the trade-off between attack impact and detectability [43]. These studies complement our focus: instead of proposing a new secure estimator, we design stealthy attacks through a bilevel optimization program and measure their closed-loop impact (throughput and RMSE) under a standard EKF–MPC framework. Our setup can also serve as a benchmark environment for testing secure estimation methods under the same attack budget.

The modeling linearizes isothermal pipe dynamics around an operating point and calibrates process and sensor noise to reconstruct unmeasured pressures and flows. Isom et al. [44] combined an unscented Kalman filter with quadratic-program data reconciliation to fuse noisy measurements in gas pipeline networks. The model enforces nodal mass-balance and bound constraints while minimizing adjustment norms, yielding estimates robust to outliers and sensor faults. Marino and Zio [45] proposed a cyber–physical resilience assessment that couples gas transmission hydraulics with SCADA dependencies to quantify disruption and recovery. The modeling integrates network flow or transient physics with a discrete-event layer for communication and control, producing service loss and recovery time metrics under cyber scenarios. Rezazadah et al. [46] formulated a game-theoretic attacker–defender model for oil and gas pipeline security that allocates protective resources and evaluates adversarial incentives. The framework specifies payoff functions in terms of throughput loss and protection cost and computes equilibrium strategies over targets and countermeasures. Fawzi et al. [47] constructed an optimization-based secure estimator that recovers system state under sparse adversarial sensor or actuator corruption. The model poses convex programs with sparsity-promoting penalties and provides identifiability conditions under which corrupted entries are isolated and states are consistently estimated. Teixeira et al. [15] proposed a secure control framework that formalizes replay, bias, and zero-dynamics attacks from resource-limited adversaries. The modeling characterizes reachable sets under constrained attack channels and derives detectability and performance bounds for feedback loops relevant to pipeline control. Pasqualetti et al. [18] contributed graph- and descriptor-system-based monitors for attack detection and identification in constrained networked dynamics. The approach uses structural left-invertibility and residual generators to localize compromised nodes and signals in differential–algebraic models akin to pipeline networks.

2.4. Limitation of Existing Research and Motivation

Despite substantial progress in cyberattack detection and modeling within pipeline SCADA systems, a key limitation of existing studies is the lack of a comprehensive modeling framework that connects the full process from sensor-level attacks to their downstream effects on estimation, control, and system performance. Many prior works focus on isolated components, such as anomaly detection in telemetry or analysis of specific attack types in static environments. However, they rarely simulate how malicious perturbations propagate through state estimation algorithms and influence real-time control actions and operational outcomes. This absence of an integrated dynamic framework prevents a full understanding of the operational consequences of cyber threats and limits the development of unified assessment and mitigation strategies.

To address this gap, the present study develops a closed-loop modeling and simulation framework that captures the complete impact of cyberattacks on pipeline network operations. By jointly modeling telemetry perturbations, Kalman filter-based state estimation, and model predictive control under dynamic hydraulic constraints, the framework enables system-level evaluation of attack propagation and response. This unified approach facilitates vulnerability analysis, resilience testing, and control hardening for pipeline cyber–physical security.

3. Methodology

This section presents a dynamic modeling and simulation framework for petroleum pipeline networks under cyberattacks on operational technology systems (Figure 1). The framework captures the network topology, hydraulic and device relationships, supervisory control logic, and monitoring mechanisms, enabling the analysis of how malicious data injections or control manipulations propagate through the system and affect operations. The objective is to evaluate network vulnerability, quantify operational impacts, and assess the effectiveness of mitigation strategies.

The modeling is organized into three layers: (i) Network representation and hydraulics, a graph-based model of nodes and edges with associated flow and pressure relationships. (ii) Control and monitoring, a supervisory controller using model predictive control (MPC) with state estimation from SCADA measurements. (iii) Optimization-based attack and control interaction, a bilevel formulation where the upper level (attacker) designs covert measurement perturbations to disrupt network performance, and the lower level (controller) responds optimally via MPC.

3.1. Network Topology and Hydraulic Modeling

3.1.1. Network Representation

Let $G=(\mathcal{V},\mathcal{E})$ denote a directed graph representing the pipeline network, where $\left|\mathcal{V}\right|=n$ is the number of nodes and $\left|\mathcal{E}\right|=m$ is the number of edges. The nodal pressure vector $\mathbf{p}\left(t\right)\in {\mathbb{R}}^n$ contains the pressures at each node at time t. The edge flow vector $\mathbf{q}\left(t\right)\in {\mathbb{R}}^m$ contains the mass (or standard volumetric) flow rates along the directed edges. The external injection vector $\mathbf{w}\left(t\right)\in {\mathbb{R}}^n$ specifies the supply or withdrawal of energy-carrying gas at each node, with positive values representing injection and negative values representing extraction. In this formulation, nodes correspond to junctions, sources (inlets), sinks (demands), or equipment interfaces, while edges correspond to physical pipelines or equipment connections. Pressures are defined at nodes, and flows are associated with edges.

The oriented incidence matrix $\mathbf{B}\in {\mathbb{R}}^{n\times m}$ encodes the network topology and the orientation of edges in the directed graph $G=(\mathcal{V},\mathcal{E})$. Its entries are defined as

$$B_{ie}=\left\{\begin{array}{cc}+1,\hfill & \mathrm{if}\mathrm{edge}e=(i\to j)\mathrm{is}\mathrm{directed}\mathrm{outward}\mathrm{from}\mathrm{node}i,\hfill \\ -1,\hfill & \mathrm{if}\mathrm{edge}e=(j\to i)\mathrm{is}\mathrm{directed}\mathrm{inward}\mathrm{to}\mathrm{node}i,\hfill \\ 0,\hfill & \mathrm{if}\mathrm{node}i\mathrm{is}\mathrm{not}\mathrm{incident}\mathrm{to}\mathrm{edge}e.\hfill \end{array}\right.$$

(1)

For an edge flow vector $\mathbf{q}\left(t\right)\in {\mathbb{R}}^m$, the product $\mathbf{B}\mathbf{q}\left(t\right)$ gives the net outflow at each node, with positive entries indicating net outflow and negative entries indicating net inflow.

For each node $i\in \mathcal{V}$, the equivalent nodal volume is defined as

$$V_i={\displaystyle \frac{\pi }{8}}\sum _{e\in \mathcal{N}\left(i\right)}{D}_e^2{L}_e,\mathbf{V}=\mathrm{diag}(V_1,\dots ,V_n),$$

(2)

where $\mathcal{N}\left(i\right)$ denotes the set of edges incident to node i, $D_e$ is the internal diameter of edge e, and $L_e$ is its length. This formulation assumes that each pipeline segment shares its physical volume equally between its two endpoint nodes, such that one-half of the volume ${\displaystyle \frac{\pi D_e^2}{4}}{L}_e$ is allocated to each node, giving ${\displaystyle \frac{\pi }{8}}{D}_e^2{L}_e$. The scalar $V_i$ represents the lumped line-pack capacity associated with node i, serving as a local storage proxy in the pressure–flow dynamics. The diagonal matrix $\mathbf{V}$ is subsequently used to scale nodal mass balance equations into pressure dynamics form.

3.1.2. Edge Flow Models

In pipeline network modeling, edge flow models describe the relationship between pressures at the endpoints of an edge and the resulting flow along that edge. These models capture both passive flow in standard pipelines and active control behavior in equipment such as compressors and valves.

In the absence of active equipment such as compressors or control valves, the flow along a pipeline segment $e=(i\to j)$ is modeled using the quasi-steady isothermal compressible Weymouth-type relation [48]:

$$q_e\left(t\right)={\displaystyle \frac{1}{K_e}}\mathrm{sgn}\left(p_i\left(t\right)-p_j\left(t\right)\right)\sqrt{|p_i^2\left(t\right)-p_j^2\left(t\right)|}.$$

(3)

where

• $q_e\left(t\right)$ = the mass (or standard volumetric) flow rate along edge e;
• $p_i\left(t\right)$, $p_j\left(t\right)$ = the pressures at the upstream and downstream nodes, respectively.
• $\mathrm{sgn}\left(·\right)$ = symbol ensures that flow is directed from higher to lower pressure;
• $K_e$ = the composite hydraulic resistance, given by $K_e=\sqrt{{\displaystyle \frac{16f_e{c}^2{L}_e}{{\pi }^2{D}_e^5}}}$, where $f_e$ is the Darcy–Weisbach friction factor, $D_e$ is the internal diameter of the pipe, $L_e$ is the pipe length, and c is the isothermal speed of sound in the transported gas.

For an equipment edge $e=(i\to j)$, a common example of a control-aware constitutive relation (suitable for throttling devices such as control valves or chokes) writes the squared-pressure drop with a control-dependent resistance:

$$q_e\left(t\right)={\displaystyle \frac{1}{\sqrt{w_e\left({\alpha }_e\left(t\right);{\theta }_e\right)}}}\mathrm{sgn}\left(p_i\left(t\right)-p_j\left(t\right)\right)\sqrt{|p_i^2\left(t\right)-p_j^2\left(t\right)|}.$$

(4)

Here ${\alpha }_e\left(t\right)\in [0,1]$ is the device control input (for example a valve opening), $w_e({\alpha }_e;{\theta }_e)>0$ is a resistance coefficient that decreases monotonically with opening, and ${\theta }_e$ collects fixed device parameters (such as valve $C_v$ curve, geometric limits, and calibrated loss factors). Equation (4) reduces to the standard Weymouth-type relation when $w_e({\alpha }_e;{\theta }_e)$ is constant, and they capture the expected behavior that smaller openings yield larger resistance and lower flow for the same pressure drop.

3.1.3. Nodal Pressure Dynamics

Nodal pressure dynamics describe how the pressures at network nodes change over time in response to net inflows, withdrawals, and the storage capacity of connected pipelines. For each node, the net inflow from connected edges changes the amount of fluid stored locally in the surrounding pipes, which in turn changes the local pressure. This leads to the nodal pressure dynamics

$${\dot{p}}_i\left(t\right)=c^2{\displaystyle \frac{1}{V_i}}\left(\sum _{e\in {\mathcal{E}}_i^{\mathrm{in}}}{q}_e\left(t\right)-\sum _{e\in {\mathcal{E}}_i^{\mathrm{out}}}{q}_e\left(t\right)+w_i\left(t\right)\right),i=1,\dots ,n,$$

(5)

where $p_i\left(t\right)$ denotes the nodal pressure at node i, ${\dot{p}}_i\left(t\right)$ denotes its time derivative, ${\mathcal{E}}_i^{\mathrm{in}}$ and ${\mathcal{E}}_i^{\mathrm{out}}$ are the sets of edges directed into and out of node i, $q_e\left(t\right)$ is the flow on edge e (positive in the edge’s own direction), $w_i\left(t\right)$ is the external injection (>0) or withdrawal (<0) at node i, $V_i>0$ is the equivalent nodal volume, and c is the isothermal speed of sound. The difference ${\sum }_{e\in {\mathcal{E}}_i^{\mathrm{in}}}{q}_e\left(t\right)-{\sum }_{e\in {\mathcal{E}}_i^{\mathrm{out}}}{q}_e\left(t\right)$ equals the net inflow into node i.

To enable numerical simulation and optimization, (5) is discretized with a fixed time step $T_s>0$ using a forward Euler scheme:

$$p_i^{k+1}=p_i^k+T_s{c}^2{\displaystyle \frac{1}{V_i}}\left(\sum _{e\in {\mathcal{E}}_i^{\mathrm{in}}}{q}_e^k-\sum _{e\in {\mathcal{E}}_i^{\mathrm{out}}}{q}_e^k+w_i^k\right),i=1,\dots ,n,$$

(6)

where $p_i^k$ is the pressure at node i at step k, $q_e^k$ is the flow on edge e at step k (obtained from the edge constitutive relations), $w_i^k$ is the node injection/withdrawal at step k, and ${\mathcal{E}}_i^{\mathrm{in}}$, ${\mathcal{E}}_i^{\mathrm{out}}$ are the sets of edges directed into and out of node i.

3.2. Control and Monitoring Mechanisms

3.2.1. Measurement Model

In field operation a pipeline is monitored by a SCADA (supervisory control and data acquisition) system that polls pressure transmitters at selected nodes and flow meters on chosen pipe segments. Each scan returns a time-stamped vector of sensor readings that the controller treats as the plant output. To capture this process we introduce the following measurement equation:

$${\mathbf{y}}_k=\mathbf{C}\left[\begin{array}{c}{\mathbf{p}}_k\\ {\mathbf{q}}_k\end{array}\right]+{\mathbf{v}}_k,\mathbf{C}=\left[\begin{array}{cc}{\mathbf{S}}_p& \mathbf{0}\\ \mathbf{0}& {\mathbf{S}}_q\end{array}\right]$$

(7)

where ${\mathbf{y}}_k\in {\mathbb{R}}^{\ell }$ is the vector of raw SCADA readings at step k; ${\mathbf{p}}_k$ and ${\mathbf{q}}_k$ are the nodal pressure and edge flow states introduced earlier; ${\mathbf{v}}_k$ represents zero-mean measurement noise; and ${\mathbf{S}}_p$ and ${\mathbf{S}}_q$ are binary (or scaled) selector matrices whose non-zero rows correspond to the locations of installed pressure and flow sensors. The block-diagonal structure of $\mathbf{C}$ makes explicit that pressures and flows are simply concatenated to ensure consistent units for subsequent state estimation and control tasks.

3.2.2. State Estimation

In practice the operator does not measure pressures at every node. Only a subset of pressures and a few line flow meters are available through SCADA, and these measurements are noisy and may be delayed. Nevertheless, the supervisory controller requires an estimate of the full nodal pressure state to enforce safety limits, run the MPC, and detect anomalies. We therefore estimate the unmeasured states with an extended Kalman filter (EKF) that blends the physics-based model with the sensor data:

$${\widehat{\mathbf{p}}}_{k+1|k+1}=\mathcal{E}\left({\widehat{\mathbf{p}}}_{k|k},{\mathbf{y}}_{k+1}\right)$$

(8)

where ${\widehat{\mathbf{p}}}_{k|k}\in {\mathbb{R}}^n$ is the posterior estimate at step k and ${\mathbf{y}}_{k+1}\in {\mathbb{R}}^{\ell }$ is the SCADA measurement vector at step $k+1$. The operator $\mathcal{E}\left(·\right)$ denotes an EKF tailored to the discrete-time nodal pressure model and the stacked measurement model used in this work. At each step, the EKF (i) propagates a one-step pressure prediction with the discrete-time dynamics; (ii) forms a predicted measurement by stacking selected pressures and flows (flows computed from the hydraulic/device relations); (iii) linearizes the dynamics and measurement maps at the current estimate ${\widehat{\mathbf{p}}}_{k|k}$ via a first-order Taylor expansion, with Jacobians obtained from the same valve conductance and compressor pressure ratio formulas used in the model; (iv) sets the noise covariances using sensor specifications for $\mathbf{R}$ (we take $\mathbf{R}$ diagonal with entries ${\left(0.005\mathrm{MPa}\right)}^2$) and tunes $\mathbf{Q}$ by innovation–covariance matching so the predicted residual variance matches the empirical one; and (v) corrects the prediction with the innovation (actual minus predicted measurements) to return ${\widehat{\mathbf{p}}}_{k+1|k+1}$. To handle nonlinear devices, we evaluate the compressor and valve sensitivities at the operating point, clip derivatives when end pressures are nearly equal, and freeze local slopes when an actuator is at a hard limit.

3.2.3. Control Strategy

Model predictive control (MPC) is an optimization-based control strategy that, at each sampling instant, solves a finite-horizon optimal control problem based on a dynamic model of the system, applies the first control input, and repeats this process in a receding-horizon fashion.

In this paper, it is assumed that the controller predicts the evolution of the nodal pressures over a finite prediction horizon of length N steps into the future. At the current time k, the notation ${\mathbf{p}}_{k+i|k}$ denotes the predicted pressure vector i steps ahead, obtained using the model and all information available at time k. For example, ${\mathbf{p}}_{k+1|k}$ is the one-step-ahead prediction, while ${\mathbf{p}}_{k+N|k}$ is the N-step-ahead prediction. This multi-step prediction allows the controller to anticipate future violations of constraints and to adjust the current control action accordingly.

At each sampling instant k, the supervisory controller determines the reference actuator commands ${\mathit{\alpha }}_k^{\mathrm{ref}}\in {\mathbb{R}}^{n_u}$, which specify the target settings for all controllable devices in the network (e.g., compressor pressure ratios, and valve openings). These references are computed by solving a finite-horizon optimization problem:

$$\underset{{\left\{{\mathit{\alpha }}_{k+i}\right\}}_{i=0}^{N-1}}{\min }\sum _{i=0}^{N-1}{∥{\mathbf{W}}_p\left({\mathbf{p}}_{k+i+1|k}-{\mathbf{p}}_{k+i+1}^{★}\right)∥}_2^2+\sum _{i=0}^{N-1}{∥{\mathbf{W}}_{\mathit{\alpha }}\Delta {\mathit{\alpha }}_{k+i}∥}_2^2,$$

(9)

subject to

$$\begin{array}{}\mathrm{(10)}& \hfill {\mathbf{p}}_{k+i+1|k}& ={\widehat{\mathbf{p}}}_{k+i|k}+{\mathbf{A}}_{k+i}\left({\mathbf{p}}_{k+i|k}-{\widehat{\mathbf{p}}}_{k+i|k}\right)+{\mathbf{G}}_{k+i}{\mathit{\alpha }}_{k+i}+{\mathbf{d}}_{k+i},i=0,\dots ,N-1,\hfill \mathrm{(11)}& \hfill {\mathbf{p}}_{\min }& \le {\mathbf{p}}_{k+i|k}\le {\mathbf{p}}_{\max },i=0,\dots ,N,\hfill \mathrm{(12)}& \hfill {\mathit{\alpha }}_{\min }& \le {\mathit{\alpha }}_{k+i}\le {\mathit{\alpha }}_{\max },i=0,\dots ,N-1,\hfill \mathrm{(13)}& \hfill \parallel \Delta {\mathit{\alpha }}_{k+i}{\parallel }_{\infty }& \le r_{\max },i=0,\dots ,N-1,\hfill \end{array}$$

where $\Delta {\mathit{\alpha }}_{k+i}={\mathit{\alpha }}_{k+i}-{\mathit{\alpha }}_{k+i-1}$.

The cost function in (9) consists of two terms. The first penalizes deviations in predicted pressures ${\mathbf{p}}_{k+i+1|k}$ from the desired nominal profile ${\mathbf{p}}_{k+i+1}^{★}$, with ${\mathbf{W}}_p$ specifying the relative importance of each pressure component. The second term penalizes actuator changes $\Delta {\mathit{\alpha }}_{k+i}$, with ${\mathbf{W}}_{\mathit{\alpha }}$ controlling the smoothness of compressor ratio and valve opening adjustments.

Constraint (10) comes from the discretized and linearized nodal pressure dynamics. It ensures that the predicted pressures over the MPC horizon evolve according to the approximated system model, linking current pressures, control inputs, and known disturbances. This constraint is needed so that the optimization respects the pipeline’s physical behavior while planning control actions. Constraint (10) enforces consistency between the predicted pressures and the underlying system dynamics over the prediction horizon. It is obtained by linearizing the discrete-time nodal pressure update Equation (6) around the latest state estimate and nominal control input. The matrices ${\mathbf{A}}_{k+i}$ and ${\mathbf{G}}_{k+i}$ represent the Jacobians of the pressure dynamics with respect to pressure and actuator input, respectively, and ${\mathbf{d}}_{k+i}$ collects known terms such as forecasted withdrawals. By imposing this constraint, the optimizer ensures that all predicted pressure trajectories are physically feasible under the local linear model, enabling real-time optimization while preserving model fidelity. Constraint (11) imposes lower and upper bounds ${\mathbf{p}}_{\min }$ and ${\mathbf{p}}_{\max }$ on nodal pressures to ensure safe operating conditions across the network. Constraint (12) enforces physical operating limits on the actuators, with ${\mathit{\alpha }}_{\min }$ and ${\mathit{\alpha }}_{\max }$ defining allowable compressor ratios and valve openings. Constraint (13) limits the maximum absolute change in any actuator between consecutive time steps, where $r_{\max }$ specifies the allowable ramp rate, ensuring smooth actuator transitions and reducing mechanical wear.

3.3. Bilevel Attack–Control Formulation

We formalize the cyber–physical interaction between an adversary and the supervisory controller as a bilevel program. The upper level (attacker) designs small additive signals on sensors only (false-data injection, FDI) to degrade service pressure at demand nodes while remaining stealthy under the SCADA bad-data detector (BDD). The lower level (controller) reacts optimally by solving the MPC problem already defined in (9)–(13), using the discrete-time nodal pressure model (6), the stacked measurement model (7), and the EKF update (8).

$$\begin{array}{cc}\hfill \underset{{\left\{{\mathbf{e}}_k^y\right\}}_{k=0}^h}{\mathrm{maximize}}& -\sum _{k=0}^h\sum _{e\in \mathcal{F}}{q}_{e,k}\hfill \\ \hfill \mathrm{subject}\mathrm{to}& {∥{\mathbf{S}}_p\left({\mathbf{p}}_k-{\widehat{\mathbf{p}}}_{k|k}\right)+{\mathbf{e}}_k^y∥}_2\le {\tau }_S,k=0,\dots ,h,\hfill \\ \hfill & (\mathbf{p},\mathbf{q},\mathit{\alpha })\in \arg \underset{\mathit{\alpha }}{\min }\left\{\mathrm{MPC}\mathrm{problem}\left(9\right)–\left(13\right)\right\}.\hfill \end{array}$$

(14)

Here, the decision variables of the upper level are the additive false-data injection vectors on the pressure sensors, ${\left\{{\mathbf{e}}_k^y\right\}}_{k=0}^h$. The objective in (14) maximizes the negative of the cumulative edge flows $q_{e,k}$ over the selected flow set $\mathcal{F}$, which is equivalent to minimizing the total throughput delivered during the attack horizon $k=0,\dots ,h$. The stealth constraint ensures that the attack remains undetected: ${\widehat{\mathbf{p}}}_{k|k}$ is the EKF posterior from (8), ${\mathbf{S}}_p$ selects the pressure channels monitored by the BDD, and the innovation residual ${\mathbf{S}}_p({\mathbf{p}}_k-{\widehat{\mathbf{p}}}_{k|k})+{\mathbf{e}}_k^y$ must have a Euclidean norm below ${\tau }_S$ to remain within the detector’s acceptance region. The lower level is the MPC problem from (9)–(13), solved at each k over its prediction horizon $i=0,\dots ,N-1$, producing the control sequence $\mathit{\alpha }$ and the resulting state and flow trajectories $(\mathbf{p},\mathbf{q})$.

3.4. Solving the Bilevel Attack and Control Problem

The developed bilevel optimization problem is solved by replacing the lower level MPC with its Karush–Kuhn–Tucker (KKT) optimality conditions and thus obtaining a single-level mixed-integer quadratic program that can be handled by standard solvers. The MPC in (9)–(13) is a convex quadratic program because the cost is quadratic and the linearized dynamics, pressure limits, actuator bounds, and ramp limits are affine. Stacking the horizon variables as

$$\mathbf{z}=\left[{\left\{{\mathbf{p}}_{k+i|k}\right\}}_{i=1}^N;{\left\{{\mathit{\alpha }}_{k+i|k}\right\}}_{i=0}^{N-1}\right]$$

(15)

the lower level can be written compactly as

$$\underset{\mathbf{z}}{\min }\frac{1}{2}{\mathbf{z}}^{\top }\mathbf{H}\mathbf{z}+{\mathbf{h}}^{\top }\mathbf{z}\mathrm{subject}\mathrm{to}\mathbf{G}\mathbf{z}\le \mathbf{g},\mathbf{E}\mathbf{z}=\mathbf{e},$$

(16)

with $\mathbf{H}$ and the matrices $(\mathbf{G},\mathbf{g},\mathbf{E},\mathbf{e})$ assembled directly from (10)–(13) at time k.

For a convex quadratic program, the KKT conditions are necessary and sufficient. Introducing multipliers $\lambda \ge 0$ for the inequalities and $\nu$ for the equalities, the KKT system is

$$\begin{array}{cccc}\hfill & \mathrm{stationarity}\hfill & \hfill & \mathbf{H}\mathbf{z}+\mathbf{h}+{\mathbf{G}}^{\top }\lambda +{\mathbf{E}}^{\top }\nu =0,\hfill \\ \hfill & \mathrm{primal}\mathrm{feasibility}\hfill & \hfill & \mathbf{G}\mathbf{z}\le \mathbf{g},\mathbf{E}\mathbf{z}=\mathbf{e},\hfill \\ \hfill & \mathrm{dual}\mathrm{feasibility}\hfill & \hfill & \lambda \ge 0,\hfill \\ \hfill & \mathrm{complementarity}\hfill & \hfill & \lambda \odot \left(\mathbf{g}-\mathbf{G}\mathbf{z}\right)=\mathbf{0}.\hfill \end{array}$$

(17)

The complementarity relations are linearized with a big M formulation by introducing binaries $\mathbf{s}\in {\{0,1\}}^{m_I}$ for the $m_I$ inequality rows,

$$0\le \lambda \le M\mathbf{s},0\le \mathbf{g}-\mathbf{G}\mathbf{z}\le M(\mathbf{1}-\mathbf{s}),$$

(18)

which yields mixed-integer linear inequalities coupled with the stationarity equation.

Substituting (17) and (18) into the upper level replaces the follower’s $\arg \min$ with its optimality conditions. The stealth requirement $\parallel {\mathbf{S}}_p({\mathbf{p}}_k-{\widehat{\mathbf{p}}}_{k|k})+{\mathbf{e}}_k^y{\parallel }_2\le {\tau }_S$ is retained explicitly as a second-order cone. The resulting single-level model is a mixed-integer quadratic program with a second-order cone constraint in the attack variables together with the primal–dual MPC variables. For the 15-node test network examined in the case study, we employed CPLEX to solve the resulting mixed-integer program.

4. Case Studies

To illustrate the effectiveness of the proposed methodology, we conducted two case studies. The first involved a synthetic gas transmission subnetwork with 15 nodes, while the second used a 24-node network from the GasLib dataset [49]. These testbeds capture key characteristics of real-world pipeline systems yet remain computationally manageable for optimization and simulation analyses.

4.1. Case Study 1

4.1.1. Network Configuration and Parameter Settings

The test network has 15 nodes and 16 directed pipelines. It contains three upstream supply sources, three major demand sinks, and nine internal actuator/junction nodes (three compressors, three backbone junctions, and three controllable branch valves). Control elements comprise three compressors on the transmission trunks and three throttling valves located upstream of the demand centers.

Figure 2 shows a planar 15-node subnetwork with 16 directed pipes arranged in five left-to-right tiers: sources $(S1–S3)$, compressors $(C1–C3)$, backbone junctions $(J1–J3)$, controllable valves $(V1–V3)$, and demands $(D1–D3)$. Each row forms a trunk $S_r\to C_r\to J_r\to V_r\to D_r$ for $r\in \{1,2,3\}$. At the junction level, we added two sideways connections ($J1\leftrightarrow J2,J2\leftrightarrow J3$). These pipes allow flow in both directions, so the different branches can share the load.

The key physical and operational parameters used in the simulation are listed in

Table 1. Key simulation parameters.

Physics and Network
Isothermal sound speed	c	380 m s−1
Friction factor (uniform)	$f_e$	0.012
Pipe diameter (uniform)	$D_e$	0.50 m
Pipe length	$L_e$	10 to 30 km
Initial pressure (all nodes)	$p_0$	3.5 MPa
Limits
Pressure bounds	$p_{\min },p_{\max }$	2.0 MPa, 5.0 MPa
Control bounds	${\mathit{\alpha }}_{\min },{\mathit{\alpha }}_{\max }$	compressor ratio $\in [1.0,1.5]$; valve opening $\in [0,1]$
Ramp limit (per step)	$r_{\max }$	0.05
Sensing and detection
Pressure sensors (count)	${\ell }_p$	6
Measurement noise (pressure)	$\mathbf{R}$	${\sigma }^2\mathbf{I}$, $\sigma =0.01\mathrm{MPa}$
Process noise (pressure)	$\mathbf{Q}$	${10}^{-5}\mathbf{I}$
BDD residual threshold	${\tau }_S$	0.075 MPa
Exogenous profiles and attack
External injections/withdrawals	${\mathbf{w}}_k$	piecewise constant, ∼10 kg s−1
Attack horizon	h	32 steps (8 h)

. These parameters are selected based on commonly adopted engineering practice values [50]. The system is initialized with uniform nodal pressures of 3.5 MPa and zero flows along all pipeline segments. External injections are initialized at the three supply nodes with mass flow rates of 10 kg s⁻¹, 12 kg s⁻¹, and 15 kg s⁻¹, respectively. The SCADA system observes pressures at all demand nodes and records flows on selected transmission lines. Measurement noise is modeled as zero-mean Gaussian noise with the standard deviation given in Table 1.

4.1.2. Results

We evaluate the proposed estimation and control and attack framework, which includes the discrete-time network dynamics, the SCADA measurement model, the EKF update, the MPC controller, and the bilevel interaction. Figure 3 shows pressures at four representative nodes under the baseline case, which is the normal operating condition of the network without disturbances or adversarial actions. Solid curves are the true pressures and dashed curves are the Kalman filter (KF) estimates. The light band marks the nominal operating range. The small panel inside the figure reports the minimum and the average pressure across all nodes. At the upstream source node S1, the pressure rises gradually because sustained injections build pressure near the source and the effect propagates through the network. At the intermediate and downstream nodes J2, V2, and D3, the pressure declines as withdrawals reduce the local line pack and the decrease diffuses along the pipes toward a new steady level. The close overlap of solid and dashed curves indicates that the KF tracks the state accurately at the baseline noise level. This figure is physically consistent with gas flow behavior and shows that the estimator is reliable for our operating conditions. These trajectories serve as the baseline for later scenarios, where deviations from them quantify the impact on service and on estimation performance.

Figure 4 documents how the single MPC coordinates two actuated devices while predicting and regulating pressure at a representative location. The upper panel plots the two control inputs computed at every sampling instant: the compressor setpoint at C2 (node 4) and the valve opening at V2 (node 10). Both trajectories remain within the prescribed bounds $({\mathit{\alpha }}_{\min },{\mathit{\alpha }}_{\max })$ and satisfy the ramp limit $r_{\max }$. Short flat segments appear when a bound becomes active. Functionally, C2 raises midline pressure upstream of the demand corridor, whereas V2 throttles the branch toward D2 to shape the distribution. Their coordinated motion also redistributes flow through the lateral ties between J1, J2, and J3.

The lower panel focuses on node 10 (V2) and compares, at every time k, the N-step-ahead pressure predictions ${\left\{p_{k+i|k}\right\}}_{i=1}^N$ (thin fans) with the realized pressure $p_k$ (solid curve). Because predictions are recomputed after each SCADA scan via the estimator, successive fans re-center around the latest state and tighten as constraints become active. The realized pressure stays inside the admissible band $[p_{\min },p_{\max }]$, with only small transients attributable to process noise and model mismatch.

Figure 5 evaluates the stealthiness of the proposed bilevel attack strategy. The residuals are whitened at each time step so that their statistical properties are normalized, and the resulting test statistic is compared against a ${\chi }^2$-based detection threshold at a high confidence level ($p=0.999$). The lower panel shows that, during the entire shaded attack window, the residual norm consistently remains below the detection threshold, indicating that the attack is not flagged by the bad-data detector. In contrast, the upper panel illustrates that the pressure sensors are subject to a deliberate perturbation, introduced with a smooth ramp-up and ramp-down profile. This means that the attack successfully manipulates sensor readings to influence system behavior, while at the same time staying hidden within the detector’s acceptance region. Such results confirm that the proposed attack formulation satisfies the stealth requirement, which achieves covert manipulation without triggering standard anomaly detection mechanisms.

Figure 6 illustrates how a sensor data attack affects the overall volume of flow delivered by the system, expressed here as throughput. In the top panel, the blue and orange curves initially coincide, showing that under normal operation the attacked system and the baseline system deliver nearly the same output. Once the attack begins, within the shaded interval, the curves start to diverge. Although the deviation is small and not immediately obvious, the inset confirms that the average reduction in delivered flow is about four percent, with most losses below eight percent and a maximum below nine percent. This means that the attack does not create a dramatic change that would be visible to operators at a glance, but it still produces a persistent reduction in output. The middle panel summarizes this effect by plotting the smoothed percentage loss at each instant. The loss follows the same raised-cosine shape as the injected disturbance, rising gradually, reaching a peak within the attack window, and then falling back as the disturbance ends. The close alignment between the loss curve and the attack profile confirms that the degradation in service is directly caused by the manipulated sensor data. The bottom panel shows the cumulative impact of this small but sustained loss. Each short-term reduction, though modest on its own, accumulates over time to produce a noticeable deficit in total service. By the end of the simulation, the area under the loss curve translates into a significant cumulative reduction. Together, these three views demonstrate that the attack produces subtle but systematic performance degradation. The effect is difficult to detect in real time because instantaneous deviations are small, yet the overall loss becomes material once the attack persists long enough.

Table 2. Throughput summary.

Case	Baseline Mean [Units/s]	Attacked Mean [Units/s]	Mean Drop [%]	Peak Drop [%]	Median Drop [%]	Cumulative Loss [Area]
FDI	0.004044	0.003876	4.15	8.57	4.02	0.110773

summarizes throughput under the FDI attack. Compared with the baseline, the average delivery drops by about 4% with a peak reduction of nearly 9%. The cumulative loss indicates a sustained impact over the attack window, highlighting that even stealthy attacks can cause measurable degradation in service.

4.2. Case Study 2

Network Configuration and Parameter Settings

In this case study, we use the GasLib 24-node dataset [49], which provides realistic topologies and device classes derived from European pipeline data. The network consists of 24 nodes and 34 interconnecting pipes, including 3 supply (entry) nodes, 5 demand (exit) nodes, and 16 junctions. Four edges are actively controllable: three compressor stations and one control valve. For monitoring, we assume a representative SCADA subset of sensors, including pressure transmitters at selected nodes and flow meters on selected lines, as shown in Figure 7.

Table 3. Key simulation parameters for the GasLib-24 case study.

Physics and Network
Isothermal sound speed	c	350 ms−1
Friction factor (typical)	$f_e$	0.010–0.012
Pipe diameter (range)	$D_e$	0.50–2.10 m
Pipe length (range)	$L_e$	10 m–100 km
Initial pressure (all nodes)	$p_0$	5.0 MPa
Limits
Pressure bounds	$p_{\min },p_{\max }$	3.0 MPa, 7.0 MPa
Control bounds	${\mathit{\alpha }}_{\min },{\mathit{\alpha }}_{\max }$	compressor ratio $\in [1.0,1.60]$; valve opening $\in [0,1]$
Ramp limit (per step)	$r_{\max }$	0.10
Sensing and detection
Pressure sensors (count)	${\ell }_p$	12
Measurement noise (pressure)	$\mathbf{R}$	${\sigma }^2\mathbf{I}$, $\sigma =0.005 \mathrm{M}\mathrm{Pa}$
Process noise (pressure)	$\mathbf{Q}$	(0.02 MPa)2 $\mathbf{I}$
BDD residual threshold	${\tau }_S$	0.005 MPa
Exogenous profiles and attack
External injections/withdrawals	${\mathbf{w}}_k$	piecewise constant, ∼5–15 kgs−1
Attack horizon	h	20 steps

summarizes the parameters used in the GasLib-24 case study. Where available, parameter ranges (e.g., device classes and pipe diameters/lengths) follow the public GasLib data. The remaining values (e.g., noise levels) use standard engineering settings for simulation and are reported explicitly below. The physical network is modeled with an isothermal sound speed of c = 350 m s⁻¹, a friction factor between 0.010 and 0.012, pipe diameters ranging from 0.50 m to 2.10 m, and pipe lengths between 10 m and 100 km. All nodes start at an initial pressure of p₀ = 5.0 MPa. Operational limits require pressures to stay within $[p_{\min },p_{\max }]=[3.0 \mathrm{M}\mathrm{Pa},7.0 \mathrm{M}\mathrm{Pa}]$, compressor ratios within [1.0, 1.60], valve openings within [0, 1], and actuator changes to respect a per-step ramp limit of $r_{\max }=0.10$. The sensing and detection setup includes ${\ell }_p=12$ pressure sensors, measurement noise $\mathbf{R}={\sigma }^2\mathbf{I}$ with $\sigma =0.005 \mathrm{M}\mathrm{Pa}$, process noise $\mathbf{Q}={\left(0.02 \mathrm{M}\mathrm{Pa}\right)}^2\mathbf{I}$, and a bad-data detection threshold ${\tau }_S=0.005 \mathrm{M}\mathrm{Pa}$. External injections and withdrawals ${\mathbf{w}}_k$ are modeled as piecewise constant profiles between 5 and 15 ks s⁻¹.

4.3. Results

Figure 8 shows that the attack reduces delivery. The no-attack curve stays above the attacked curve for most of the horizon. The gap grows after a few steps and then narrows slightly near the end. This indicates the stealth FDI biases the estimator enough to steer MPC to less favorable operating points while keeping constraints satisfied.

Figure 9 evaluates a standard anomaly detection baseline under the same stealthy FDI sequence generated by our bilevel attack design. The detector is the conventional residual threshold test layered on a standard Kalman filter: at each time step we compute the measurement–prediction mismatch, normalize it by its predicted uncertainty, and declare an alarm only when this standardized residual exceeds a fixed threshold. The threshold is calibrated on no-attack data to achieve a target false-alarm rate of about 1% and then kept constant for the entire run. All settings, including nodal model, sensor placement, MPC inputs, noise statistics, and initialization, are identical to those used in the previous example. The figure indicates that most standardized residuals are below the set threshold. There are only occasional instances where this threshold is exceeded. As a result, the baseline detector does not effectively identify the bilevel-designed attack. This confirms the stealth property of our attack relative to a widely used detection strategy.

Figure 10 shows our framework under a denial-of-service (DoS) measurement-dropping attack. We use the same network, sensors, and control settings as in the FDI study and generate the DoS sequence within the same bilevel optimization framework. In this case, the DoS attack operates by randomly dropping half of the sensor measurements at each time step. The figure reports a residual score over time (a unitless measure of the mismatch between measurements and model predictions) together with a fixed threshold calculated from no-attack data. Under the optimized DoS policy, the residual score stays below the threshold at almost all steps, so a standard residual threshold detector would not raise alarms. This shows that our bilevel design produces stealthy and effective attacks beyond additive FDI, which extends to availability-type disruptions such as DoS.

4.4. Computational Performance and Scalability

We evaluated the KKT-based MIQP on two networks (15-node and GasLib-24) under identical solver settings (CPLEX 22.1.1, MIP gap = 1%, time limit = 5400 s, 2 threads) on Google Colab. For each configuration we ran 20 trials with different noise seeds and report median and interquartile ranges. On the 15-node case, the median per-solve time is about 42 min; on GasLib-24 the median time is about 60 min, with a final optimality gap under 1%. This longer runtime mainly stems from the MIQP’s branch-and-bound over many binary decisions (from the KKT/complementarity reformulation) being solved with limited threads.

5. Conclusions

This paper presented a physics-informed modeling and optimization framework to analyze cyber-induced impacts on gas pipeline operations. The network was represented on a graph with nodal pressure dynamics and edge flow relations of Weymouth type, augmented with control-aware elements such as valves and compressors. A SCADA measurement model and an extended Kalman filter were used to reconstruct unmeasured pressures and flows, which enabled model predictive control to compute actuator commands under pressure limits, actuator bounds, and ramp constraints. Adversarial manipulation was formulated as a bilevel problem in which an attacker perturbs sensor readings while remaining below a bad-data detection threshold, and the controller responds by solving an optimal control problem. The attacker–controller interaction was reformulated via KKT conditions into a single mixed-integer quadratic program. Two case studies were conducted. One involved a network with 15 nodes. The other involved a network with 24 nodes. The case studies showed that sensor-level attacks can stay statistically undetected yet cause persistent throughput reduction with small instantaneous deviations. The case studies employ simplifying assumptions, such as isothermal flow, uniform friction factor, and constant diameter, to enhance clarity. However, these assumptions may restrict direct application to real-world scenarios. Future work could address this limitation by incorporating real-world data.

Future work will focus on three areas: (1) The physical modeling will be improved by adding more realistic features such as temperature changes, elevation effects, gas composition variations, and more accurate equations of state. (2) The control and attack strategies will be expanded so that control will be made more robust using advanced model predictive control methods that can handle uncertainty and errors in state estimation. The attack model will cover more complex threats, including coordinated attacks on sensors and actuators, replay attacks, denial-of-service events, and protocol manipulation, even under limited attacker knowledge. (3) To ensure practical use, future work will focus on making the method faster and scalable using techniques like decomposition, warm-starting, and parallel computing. The framework will also be tested on large-scale, realistic pipeline systems using actual SCADA data and operator-in-the-loop studies to support real-world risk assessment and guide better system design decisions. Moreover, the proposed bilevel framework assumes the attacker’s model matches the real system. In practice, the attacker may have an imperfect model, which usually reduces attack impact and can even make detection easier. To address this, future work will (i) relax the perfect-knowledge assumption by introducing model uncertainty into the upper level and testing attacks with misspecified dynamics and (ii) explore defender strategies that exploit mismatch, such as parameter variation or adaptive thresholds.