skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


This content will become publicly available on June 18, 2026

Title: Defense Mechanisms Against Undetectable Cyberattacks on Encrypted Telerobotic Control Systems
Networkedcontrol systems are vulnerable to manipulation via data injection to observed states and control commands, resulting in undesired state trajectories and system instabilities. Adversarial attacks against such systems can be implemented in the form of undetectable attacks such that an observer never notices deviations from expected behavior. Even when protected by homomorphic encryption, these systems remain vulnerable to stealthy and perfectly undetectable attacks due to the malleability of encrypted data. This research develops a defense architecture against such undetectable attacks through the fusion of two complementary detection protocols working in conjunction with encryption. The mechanism’s strengths and weaknesses are analyzed for affine transformation-based perfectly undetectable attacks and covert attacks. The attacks are implemented against a mobile robot, and defense performance is analyzed, resulting in a robust defense mechanism that outperforms previous undetectable attack detection methods in terms of detection accuracy and reliability across the two representative attack types.  more » « less
Award ID(s):
2112793
PAR ID:
10653724
Author(s) / Creator(s):
 ;  ;  
Publisher / Repository:
IEEE/ASME Transactions on Mechatronics
Date Published:
Journal Name:
IEEE/ASME Transactions on Mechatronics
Volume:
30
Issue:
4
ISSN:
2964 - 2971
Page Range / eLocation ID:
2964 to 2971
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; (, IEEE Transactions on Robotics)
    With the increasing integration of cyber-physical systems (CPS) into critical applications, ensuring their resilience against cyberattacks is paramount. A particularly concerning threat is the vulnerability of CPS to deceptive attacks that degrade system performance while remaining undetected. This article investigates perfectly undetectable false data injection attacks (FDIAs) targeting the trajectory tracking control of a nonholonomic mobile robot. The proposed attack method utilizes affine transformations of intercepted signals, exploiting weaknesses inherent in the partially linear dynamic properties and symmetry of the nonlinear plant. The feasibility and potential impact of these attacks are validated through experiments using a Turtlebot 3 platform, highlighting the urgent need for sophisticated detection mechanisms and resilient control strategies to safeguard CPS against such threats. Furthermore, a novel approach for detection of these attacks called the state monitoring signature function (SMSF) is introduced. An example SMSF, a carefully designed function resilient to FDIA, is shown to be able to detect the presence of an FDIA through signatures based on system states. 
    more » « less
  2. ; ; (, Proceedings of the 10th IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm 2019))
    This work proposes a moving target defense (MTD) strategy to detect coordinated cyber-physical attacks (CCPAs) against power grids. A CCPA consists of a physical attack, such as disconnecting a transmission line, followed by a coordinated cyber attack that injects false data into the sensor measurements to mask the effects of the physical attack. Such attacks can lead to undetectable line outages and cause significant damage to the grid. The main idea of the proposed approach is to invalidate the knowledge that the attackers use to mask the effects of the physical attack by actively perturbing the grid’s transmission line reactances using distributed flexible AC transmission system (D-FACTS) devices. We identify the MTD design criteria in this context to thwart CCPAs. The proposed MTD design consists of two parts. First, we identify the subset of links for D-FACTS device deployment that enables the defender to detect CCPAs against any link in the system. Then, in order to minimize the defense cost during the system’s operational time, we use a game-theoretic approach to identify the best subset of links (within the D-FACTS deployment set) to perturb which will provide adequate protection. Extensive simulations performed using the MATPOWER simulator on IEEE bus systems verify the effectiveness of our approach in detecting CCPAs and reducing the operator’s defense cost. 
    more » « less
  3. (, IEEE Transactions on Industrial Cyber-Physical Systems)
    This paper demonstrates the fundamental vulnerability of networked linear control systems to perfectly undetectable false data injection attacks (FDIAs) based on affine transformations. The work formulates a generalized FDIA framework that coordinates multiplicative and additive data injections targeting both control commands and observables in networked systems. The paper derives mathematical conditions for executing affine transformation based perfectly undetectable attacks (ATPAs) on state-feedback and output-feedback control systems, with attack capabilities varying based on the attacker’s knowledge of plant dynamics and control gains. The paper examines several attack scenarios, including scaling and general affine transformations, and characterizes the range of system knowledge—from minimum to full—required for different attack types. The paper classifies ATPA into four types based on the feedback structure (state or output) and knowledge requirements: those that match plant dynamics without controller knowledge and those that match closed-loop dynamics by exploiting controller information. The paper examines several attack scenarios and shows how carefully ATPAs can create the illusion of normal system operation while the actual system behavior deviates significantly from intended trajectories. 
    more » « less
  4. ; ; (, IEEE Globecom 2024)
    Semantic communication is of crucial importance for the next-generation wireless communication networks. The existing works have developed semantic communication frameworks based on deep learning. However, systems powered by deep learning are vulnerable to threats such as backdoor attacks and adversarial attacks. This paper delves into backdoor attacks targeting deep learning-enabled semantic communication systems. Since current works on backdoor attacks are not tailored for semantic communication scenarios, a new backdoor attack paradigm on semantic symbols (BASS) is introduced, based on which the corresponding defense measures are designed. Specifically, a training framework is proposed to prevent BASS. Additionally, reverse engineering-based and pruning-based defense strategies are designed to protect against backdoor attacks in semantic communication. Simulation results demonstrate the effectiveness of both the proposed attack paradigm and the defense strategies. 
    more » « less
  5. ; (, Electronics)
    Several attacks have been proposed against autonomous vehicles and their subsystems that are powered by machine learning (ML). Road sign recognition models are especially heavily tested under various adversarial ML attack settings, and they have proven to be vulnerable. Despite the increasing research on adversarial ML attacks against road sign recognition models, there is little to no focus on defending against these attacks. In this paper, we propose the first defense method specifically designed for autonomous vehicles to detect adversarial ML attacks targeting road sign recognition models, which is called ViLAS (Vision-Language Model for Adversarial Traffic Sign Detection). The proposed defense method is based on a custom, fast, lightweight, and salable vision-language model (VLM) and is compatible with any existing traffic sign recognition system. Thanks to the orthogonal information coming from the class label text data through the language model, ViLAS leverages image context in addition to visual data for highly effective attack detection performance. In our extensive experiments, we show that our method consistently detects various attacks against different target models with high true positive rates while satisfying very low false positive rates. When tested against four state-of-the-art attacks targeting four popular action recognition models, our proposed detector achieves an average AUC of 0.94. This result achieves a 25.3% improvement over a state-of-the-art defense method proposed for generic image attack detection, which attains an average AUC of 0.75. We also show that our custom VLM is more suitable for an autonomous vehicle compared to the popular off-the-shelf VLM and CLIP in terms of speed (4.4 vs. 9.3 milliseconds), space complexity (0.36 vs. 1.6 GB), and performance (0.94 vs. 0.43 average AUC). 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email