Consensus-Based Distributed Target Tracking with False Data Injection Attacks over Radar Network

: For target tracking in radar network, any anomaly in a part of the system can quickly spread over the network and lead to tracking failures. False data injection (FDI) attacks can damage the state estimation mechanism by modifying the radar measurements with unknown and time-varying attack variables, therefore making traditional filters inapplicable. To tackle this problem, we propose a novel consensus-based distributed state estimation (DSE) method for target tracking with FDI attacks, which is effective even when all radars are under FDI attacks. First, a real-time residual-based detector is introduced to the DSE framework, which can effectively detect FDI attacks by analyzing the statistical properties of the residual. Secondly, a simple yet effective attack parameter estimation method is proposed to provide attack parameter estimation based on a pseudo-measurement equation, which has the advantage of decoupled estimation of state and attack parameters compared with augmented state filters. Finally, for timely attack mitigation and global consistency achievement, a novel hybrid consensus method is proposed which can compensate for the estimation error caused by FDI attacks and provide estimation accuracy improvement. The simulation results show that the proposed solution is effective and superior to the traditional DSE method for target tracking in the presence of FDI attacks.


Introduction
In recent years, radar networks have been widely applied in many fields, including indoor tracking [1], air traffic control [2], surveillance [3,4] and autonomous vehicles [5] because of its capability of achieving better performance than conventional radars by utilizing spatial diversity. State estimation over a radar network, if performed in a centralized manner, can achieve optimal estimation results but suffers from heavy communication and computation load, considering the increasing network size. An alternative solution is a distributed scheme [6][7][8][9][10][11][12][13][14][15][16], where a peer-to-peer communication scheme is used instead of collecting raw measurements from every single sensor in the network to a fusion center. Each sensor only exchanges information with its local neighbors. However, there are two main challenges in target tracking using a radar network.
First, the radar network is vulnerable to cyberattacks because the networks between radars can be maliciously compromised [17], therefore bringing the risk of security threats to the systems. Common cyberattacks launched in radar networks include electronic countermeasure jamming [18], false data injection [19], denial-of-service attacks [20], replay attacks [21] and so on. Electronic countermeasure jamming is a way to interfere with radar echoes between a radar and its targets. For the denial-of-service attack, the attacker sends a large amount of fake data to block the communication channel between radars. In the replay attack case, the attacker records and replays radar data to degrade the system's performance. Different from the cyberattacks mentioned before, false data injection (FDI) is a specific type of deception attack [19] which can deteriorate the estimation accuracy of the radar network by modifying the measurements of the attacked radars with unknown and time-varying attack variables. Most existing works about FDI attacks concentrate on the detector's design. Several effective detectors, such as 2 χ detectors, summation detectors [22] and cumulative sum-based detectors [23], have been proposed to detect this kind of attack. The easiest way to deal with the attacked measurements is to discard them so that they will not affect the radar tracking system. Obviously, discarding the measurements leads to information loss, and it will suffer from filter divergence when the attack lasts for a long time. An alternative is to estimate the attack parameter and eliminate its effect. For attack parameter estimation, an augmented state Kalman filter (ASKF) may be used to produce the optimal state estimate, in which the stack vector technique is used by augmenting the attack parameter into the state. However, the computational burden of the ASKF increases dramatically with the augmented state dimension, especially in a large-scale network. Several studies considered distributed state estimation (DSE) with FDI attacks. In [24], a trust-based combination strategy was developed to classify sensors in a network into two clusters: the trusted one and the untrusted one. The sensor measurements in the untrusted cluster are discarded, which is obviously a waste of information. Moreover, the method can only deal with a case where less than half of the sensors are under attack. In [17], a confident covariance intersection-based fusion method was proposed, where the confidence factor is used to weight the estimate confidences of all radars, thus reducing the fusion weights of the injected data. The weight of the injected data is decreased, but the effect of it is not eliminated.
The second challenge in target tracking using radar networks is how to achieve global consistency over the radar network. For DSE, consensus estimation is an effective tool for state estimation in sensor networks that are not fully connected to achieve global consistency. Consensus-based methods can be categorized based on the exchanged quantities among neighboring sensors. For example, sensors can exchange local state estimates (consensus on estimates method (CE)) [11,14], local measurements and innovation covariances (consensus on measurements method (CM)) [10,16] and information vectors and matrices (consensus on information method (CI)) [9,15]. The CE does not exchange error covariance matrices, which makes it suffer from poor performance [12]. The CM can achieve the same accuracy as the centralized method only when the number of consensus steps trends toward infinity. The CI guarantees stability for any number of consensus steps, but its performance can be hampered because of the assumption that the correlations between the estimates from different sensors are completely unknown. Recently, a consensus method named Hybrid CMCI (HCMCI) [12,13] has been proposed, which has the advantages of both the CM and CI methods. The stability analysis of the HCMCI in the case of linear systems has been given, and the effectiveness of the HCMCI has been shown in [12]. For the nonlinear case, Taylor expansion is used. However, to the best of our knowledge, there have been few results concerning consensus-based DSE with FDI attacks, which serves as the main motivation of this paper.
In this paper, we aim to combat FDI attacks on radar networks. The contributions of this paper are summarized as follows: 1. A novel, consensus-based DSE algorithm is proposed to enhance the resilience of radar networks against FDI attacks. Only local information exchange is needed in the proposed method. Different from the existing works, a real-time, residual-based detector is introduced to the DSE framework to detect FDI attacks effectively by analyzing the statistical properties of the residual. The proposed method eliminates the hypothesis in [24]; that is, less than half of the sensors are attacked. Note that even if half of the sensors are under an FDI attack, the proposed method is also effective.
2. To estimate the FDI attack parameters, a simple yet effective attack parameter estimation method is proposed based on a pseudo-measurement equation, which has the advantage of decoupled estimation of the state and attack parameters compared with augmented state filters. 3. To mitigate the FDI attack and achieve global consistency in a timely manner, a novel hybrid consensus method is proposed by combining the CM and CI methods, which can provide estimation accuracy improvement when the number of consensus iterations is moderate.
The paper is outlined as follows. Section 2 formulates the problem. Moreover, the topology structure, target dynamics and radar measurement model are introduced. Section 3 derives the novel DSE algorithm with FDI attacks. In Section 4, the effectiveness of the proposed consensus-based DSE method is demonstrated via simulation. In Section 5, the conclusions are given.

Problem Formulation
Assume that a communication-limited network of N radars tracks a common target. The radar network is under malicious FDI attacks, which deteriorate the target estimation by injecting unknown and time-varying attack variables into the radar's measurements. In this paper, we propose a novel DSE method that can combat FDI attacks for radar networks and provide high accuracy target tracking results. In this section, we introduce the topology structure, target dynamics and radar measurement model.

Topology Structure
Define an undirected graph

Target Dynamics and Radar Measurement Model
Consider that the target dynamic is modeled as follows: is the zero-mean Gaussian process noise; and the process noise covariance is We consider the ground-based active radars used to track the target, where the measured values are generally in spherical coordinates. Therefore, the sensing model of the i th radar under an FDI attack is described in spherical coordinates as follows [25,26]: where ( )  is the position of the target in the sensor coordinate system and where r i C is the coordinate transform matrix from the Earth-centered inertial coordinate system to the σ , respectively. The measurement noises are assumed to be mutually independent.
There are three main attack methods for false data injection: (1) the attack variable is a time-varying signal and converges to a constant value gradually; (2) the attack variable is a Gaussian random process; and (3) the attack variable is an arbitrary random variable. In practical application, the second attack is easy to implement and the most widely used. Therefore, in this chapter, the attack variable is modeled as a Gaussian random process, and the attack variable is assumed to be irrelevant to the measurement noise and the state. The false data injection variable is as follows: where ( ) k a denotes the attack variable vector and ( ) k ω is the zero-mean Gaussian noise.
Since the motion equations of the targets are better modeled in Cartesian coordinates [25], we converted the 3D spherical measurements in Equation (3) into Cartesian coordinates. By transforming the measurements into Cartesian coordinates, we could perform the target state estimation within a completely linear framework.
as the measurements in Cartesian coordinates. The measurement model can be written as Substitute Equations (3) into Equation (7), and by using a first order approximation, we can obtain is the attack parameter.
In the following, the subscript i and symbol k of the true measurements in the spherical coordinates are omitted for simplicity, and cos cos sin cos cos sin cos sin sin sin cos cos

Distributed State Estimation Algorithm with False Data Injection Attacks
In this section, a novel DSE algorithm is proposed to deal with the FDI attacks in radar networks. The algorithm consists of three main parts: injected data detection, attack parameter estimation and hybrid consensus. To estimate the attack parameter, every two radars are grouped together in the radar network. The determination for each radar of whether it is attacked is performed by using a real-time, residual-based 2 χ detector.
Then, each group runs a simple-yet-effective attack parameter estimation algorithm based on the detection results and pseudo-measurements of both radars. Finally, each group exchanges values with its neighbors and updates its own value by employing a hybrid consensus method to timely mitigate the FDI attack and achieve global consistency.

Injected Data Detection
In cyber-physical systems, attack detectors based on the analysis of the statistical properties of the residual are developed to detect FDI attacks [22,23,27]. In this paper, we adopt the real-time, residual-based 2 χ detector to determine whether FDI attacks exist in the radar network by analyzing the statistical properties of the residual.
If there are no attacks for radar i , the measurement equation can be expressed as Denote the estimation error as ( ) ( ) ( ) x and the residual of radar i as . We adopted the real-time, residual-based detector to determine whether FDI attacks exist, and the detection criterion is given as in [22]: Note that since Additionally, note that the SUM detector can be used to detect carefully crafted FDI attacks (see [22]).

Attack Parameter Estimation
Very few papers focus on how to estimate the unknown and time-varying attack parameters and eliminate its effect on tracking performance. Inspired by the sensor bias estimation method proposed in [25], we propose a simple-yet-effective attack parameter estimation solution based on a pseudo-measurement equation. Every two radars in the network are seen as a group. Taking the radar m , n group as an example, assuming that the radar m is the leader of the group, the detailed derivation is given as follows.
Define the pseudo-measurement as where the pseudo-measurement matrix is expressed as The attack parameter vector is The pseudo-measurement noise is expressed as Note that the measurement noise ( ) are zero-mean Gaussian noise. Thus, the pseudo-measurement noise covariance is The time-varying attack parameter can be modeled as where ( ) . Based on the linear pseudo-measurement equation, the standard Kalman filter can be used to obtain the estimation of the attack parameter. Assume that the attack parameter estimate is ( ) is available. The attack parameter can be recursively estimated as follows.
Calculate the predicted attack parameter based on Equation (19): Calculate the predicted covariance as follows: Obtain the measurements from both radars, and calculate the pseudo-measurement Calculate the gain as follows: Update the attack parameter estimation and the associated covariance to be

Remark 1. The above derivation is based on the assumption that radar m is under FDI attacks.
If the detection result shows that there is no radar under attack, then ( ) k k  is a zero vector.

Time Update for Each Group
Before employing the consensus method, each group carries out the time update simultaneously. The time update consists of two steps, prediction and information calculation, which are given as follows.

Hybrid Consensus
For DSE, consensus estimation is an effective way for state estimation in a radar network that is not fully connected to achieve global consistency for all radars. Existing consensus methods, including the CE, CM, CI and HCMCI methods, were proposed and applied in [9][10][11][12][13][14][15][16]. However, the above methods do not take into account the occurrence of FDI attacks. To address this problem, a novel hybrid consensus method, which can mitigate the FDI attacks and achieve global consistency in a timely manner, is proposed.
In the proposed hybrid consensus procedure, each group is treated as a whole part. If the detection results show that there is no radar under attack in a group, we call the group as not being under attack; otherwise, we call the group as being under attack. Denote i ζ as the exchanged information of group i . Each group receives iterative exchange information with its neighbors and updates its own information as follows: where t denotes the iteration number and The group under an FDI attack can be expressed as The group which is not under an FDI attack can be expressed as  After T iterations, the information state and information matrix can be updated as are the scalar weights.
Similarly, the CI method employs the consensus method to The t th iteration of consensus for the CI method is given as follows: 1. Calculate the updated information matrix To improve the estimation accuracy, we combined the CM and CI methods to obtain a hybrid consensus algorithm, in which each group broadcasted its information Then, we employed the consensus approach to the exchanged information: Therefore, each group updates its information state and information matrix: The complete DSE algorithm with FDI attacks is summarized in Table 1.

Numerical Simulation
In order to show the effectiveness of the proposed DSE algorithm with FDI attacks, two cases are presented. In Section 4.1, assume there are two radars under FDI attacks in an eight-radar network. A comparison between the traditional hybrid consensus-based DSE method [12] (denoted as DSE) and the proposed DSE algorithm with FDI attacks (denoted as DSE-FDI) was made, which shows that DSE-FDI performed better than DSE method. In Section 4.2, the results are given for when four radars were under FDI attacks in an eight-radar network.
By assuming modeling of the target dynamics by the constant velocity model [29], then the matrix can be given by where w σ is the standard deviation of the process noise and t Δ is the time step.
In the scenario, the target is tracked by an eight-radar network divided into four groups, as shown in Figure 1. The adjacency matrix of the groups is expressed as ( )

Two Radars under Attack
Consider the case that radar 1 and radar 3 are under an FDI attack. The attack begins at time 5 t = and ends at time 20 t = . We first verify the effectiveness of the injected data detection method with DSE-FDI. Figure 2 plots the 2 χ distribution variable ( ) i J k over time for radars 1-8. It can be seen that for the attacked radars (radar 1 and radar 3), the alarm triggering condition in Equation (9) In most of the time, with only some false alarms occurring. Note that false alarms will affect the detection flag, resulting in a false trigger of the estimation method. However, as long as the alarm triggering threshold is set properly, the false alarm will not last. Thus, false alarm had little effect on the estimation accuracy. In order to reduce the false alarms, the alarm triggering threshold can be increased appropriately.  In order to verify the superiority of the proposed attack parameter estimation method in DSE-FDI, the RMSEs of the attack parameter estimations (APE) were obtained by 100 Monte Carlo runs. Figures 3 and 4 plot the RMSE of the estimated range, elevation and azimuth APE for radars 1-4 and radars 5-8 over time, respectively. It can be seen that the APE of all the radars were close to zero during time 5 t < . The reason for this was that there were no attacks in this time interval. When the simulation time 5 t > , the attack parameters of radar 1 and radar 3 were estimated, and the RMSEs of the APE converged fast. Note that the RMSEs of APE of other radars were not zero when no attack existed, which was due to the false alarms in the 100 Monte Carlo runs.  After verifying the effectiveness of the proposed injected data detection and attack parameter estimation method, we compared DSE-FDI with the DSE method. Figure 5 plots the RMSE of the estimated position and velocity over time for DSE-FDI and the DSE method. It can be seen that DSE-FDI performed the same as the DSE method when no attack existed, but it performed much better than the DSE method when suffering from an FDI attack.

Four Radars under Attack
In this part scene with four radars under attack was considered to test the estimation accuracy when half the radars in the network were under attack. Radar 1 and radar 3 were attacked starting from simulation time 5 t = , and radar 5 and radar 7 were attacked starting from simulation time 10 t = . Figure 6 shows the injected data detection results for all the radars. It can be seen that the attacks could be detected in a timely manner.   To illustrate the superiority of the proposed DSE-FDI method, a comparison with other methods is given. The methods include (1) the traditional hybrid consensus-based DSE method [12] (denoted as DSE); (2) the traditional hybrid consensus-based DSE method with injected data detection, in which the attacked measurements are discarded directly (denoted as DSE-D); and (3) the CM-based method [10] with FDI compensation proposed in this paper (denoted as CM-FDI). Figure 9 shows that DSE-D diverged as time went on, which was caused by information loss. The performance of DSE decreased as the number of attacked radars increased, and the performance of DSE-FDI was almost unaffected by FDI attacks. Moreover, DSE-FDI performed better than CM-FDI, which verifies the superiority of hybrid consensus over consensus in the measurements.

Discussion
This paper studied distributed target tracking with FDI attacks. A novel DSE algorithm was proposed to deal with FDI attacks in a radar network which consisted of three main parts: injected data detection, attack parameter estimation and hybrid consensus. In the proposed algorithm, a real time residual-based detector was designed to effectively detect FDI attacks by analyzing the statistical properties of the residual. A simple yet effective attack parameter estimation method was proposed to estimate the unknown and time-varying attack parameter and state independently. A novel hybrid consensus method was proposed to compensate the estimation error caused by an attack and provide estimation accuracy improvement when the number of consensus iterations was moderate. The simulation results show that the proposed algorithm was superior to other algorithms in the presence of FDI attacks. In the future, we will focus on dealing with other kinds of malicious attacks.