Design and Deployment of Resilient Control Execution Patterns: A Prediction, Mitigation Approach

Modern Cyber-Physical Systems (CPSs) are often designed as networked, software-based controller implementations which have been found to be vulnerable to network-level and physical-level attacks. A number of research works have proposed CPS-specific attack detection schemes as well as techniques for attack-resilient controller design. However, such schemes also incur platform-level overheads. In this regard, some recent works have leveraged the use of skips in control execution to enhance the resilience of a CPS against false data injection (FDI) attacks. However, skipping the control executions may degrade the performance of the controller. In this paper, we provide an analytical discussion on when and how skipping a control execution can improve the system's resilience against FDI attacks while maintaining the control performance requirement. Our proposed method i) synthesizes a library of such optimal control execution patterns offline, and ii) executes one of them in run-time judging the intent of the attacker. To the best of our knowledge, no previous work has provided any quantitative analysis about the trade-off between attack resilience and control performance for such aperiodic control execution. Finally, we evaluate the proposed method on several safety-critical CPS benchmarks.