Mitigating Sensor Attacks Against Industrial Control Systems

This paper describes how to design and implement a mechanism that helps to mitigate sensor attacks on industrial control systems. The proposed architecture is based on concepts from fault-tolerant control techniques. This short note explains how a Kalman filter can be used simultaneously with optimal disturbance decoupling observers to improve the performance of the mitigation mechanism for sensor attacks in cyber-physical control systems. Our proposal mitigates attacks by generating a signal that compensates the change provoked by the attacker, while at the same time reducing the number of false alarms. We demonstrate the effectiveness of our proposal using a three tanks control simulation.


I. INTRODUCTION
Widespread growth of new computing and network technologies has permeated industrial control systems (ICS), facilitating the pervasive use of remote sensors, and their interconnection with centralized control systems.These cyber infrastructures (including remote sensing and activation, digital signal processing, and computing) interact with physical industrial systems, creating a cyber-physical industrial control systems (CP-ICS).The goal of these CP-ICS is to improve the efficiency and reliability of these critical infrastructures; however, the inclusion of these technologies also opens the opportunity for cyber-attacks.The main purpose of these attacks is to modify the control loops to cause misbehaviors, with effects ranging from simple degradations on the performance of the control systems to those that can produce safety critical problems.
Over the years, several cyber security incidents affecting critical infrastructures have been reported [1], [2], including security problems in power plants, water treatment systems, pipelines, and transportation systems.As the threats to these The associate editor coordinating the review of this manuscript and approving it for publication was Zheng Yan.systems continue to increase, the research community has been developing solutions in a variety of fields [3]- [9].
Cyber attacks are classified in two general groups [10]- [12]: i) denial-of-service (DoS); and ii) integrity attacks.The main purpose of DoS attacks is to deny access to sensor or actuator information; mathematical models for these kind of attacks are summarized in [13].Integrity attacks are characterized by the modification of sensor and/or actuator information, compromising their integrity.
Detection and isolation of cyber-attacks in CP-ICS is a growing area of research, but on the other hand, the response and mitigation of these attacks has comparatively received less attention.Detection refers to revealing that there is an anomaly in the system caused by a cyber-attack.On the other hand, isolation focuses on identifying where the anomaly takes place (isolation is also referred as identification in some literature).The limitations of the attack monitors, and some conditions regarding the features of undetectable and unidentifiable attacks have been previously discussed [11].In [14], the dynamical model of an irrigation channel system is used to design a bank of observers to detect and isolate attacks in the system; however, the authors do not work on control actions to mitigate the effect of an attack on the system.Integrity attacks on sensors of SCADA systems are explored in [15], where the authors establish a feasibility condition for replay attacks and how to detect them with a noisy control authentication signal, but they do not discuss how to respond once an attack is identified.It is important to mention that fault-tolerant control (FTC) technology is being used as a tool for dealing with cyber-attacks [16], [17]; however, even these works that leverage the fault-tolerant literature focus on detection and isolation, mainly using unknown input observers (UIOs), they do not state how to mitigate these attacks.
Motivated by this gap in the literature, our previous work looked at the few proposals that focused on response to cyberattacks and identified two types of responses: (i) preventive and (ii) reactive [18].The former one focuses on the identification of vulnerabilities in a system before an attack happens, and its aim is to improve the robustness of ICS to face attacks.The latter generates a response after an alarm is triggered as a consequence of a detected attack, and its goal is to minimize the impact of the attack on the operation of the system.An increase in the resilience of ICSs through a reactive response is composed by detection and mitigation stages [19].These stages mirror the literature in fault diagnosis, where they are known as detection, isolation, and reconfiguration [20].Reconfiguration control actions are described as the mechanisms that trigger the response for maintaining the system stability or ensuring that the system remains in a safe zone, perhaps with some performance degradation.However, attacks and faults have significant differences, which complicates the use of reconfiguration control to face deception attacks [19].This fact opens a gap to adapt the reconfiguration control tools in response to the distinctive features of the attacks.For instance, the adaptation of the controller in networked control systems to prevent and overcome current and future time delay switch attacks is presented in [21].Another strategy for the attack mitigation is based on adaptive control techniques.In [22], the authors propose an adaptive controller able to deal with sensor and actuator attacks, which guarantees stability of the closed-loop dynamical system.
In this paper, we present a novel mechanism to mitigate integrity cyber-attacks on ICSs.This work shows how to produce a reactive response for the mitigation of the effect of sensor attacks on ICSs.This mechanism is validated with some simulations on a multi-input multi-output (MIMO) system testbed.We extend previous work in several ways: i) the addition of measurement noise to the readings of the sensors; ii) the inclusion of optimal disturbances decoupling observers (ODDOs), as the isolation mechanism, with the addition of a false alarms reduction mechanism; and iii) the design of a mechanism to generate a response that is able to mitigate the impact of attacks on sensors.Adding noise is a more realistic example of ICSs, and it is an extension with respect to previous works (e.g., [23]- [25]), where only noiseless scenarios have been considered.Output of ODDOs produces false alarms because usually all outputs of multivariable systems are coupled, and this causes that an attack on a unique sensor is isolated in more than one sensor.For this problem, our approach uses a novel binary logic that reduces the number of false alarms.The response mechanism consists in recovering the true information of the attacked sensor nullifying or reducing the alteration done by the attacker.The mitigation of the attack is achieved when the controller computes a trustworthy control action using the recovered information about the variables of the physical process.Several attacks have been explored, and the evaluation of our proposal is based on a key performance index such as the integral of the absolute error (IAE), which shows that lower values of IAE are obtained using our proposal instead of the conventional way that is more susceptible to false alarms.
The organization of the paper is as follows.In Section II we present the background and problem formulation describing the type of sensor attacks we consider.In Section III, we introduce a mechanism to mitigate the effect of sensor attacks, detailing the procedures to perform the detection and isolation process, the false attacks suppression process, and the control action compensation process.In Section IV we evaluate our proposal with a three-tank benchmark plant.Finally, in Section V we discuss the conclusions and future work to enhance the proposed mechanism.

II. BACKGROUND AND PROBLEM FORMULATION
An ICS provides the interconnection of equipment used to monitor and control physical equipment in industrial environments.The interconnection is based on a network that differs from the traditional enterprise networks because data is strongly linked with industrial physical processes.
Legacy industrial control systems are systems that were deployed before updated operational or security bestpractices, and are not replaced because of market forces.Making the decision to keep legacy systems requires balancing the costs and risks of maintaining old systems versus the risk and expense of upgrading.However, most of legacy ICSs could work for the whole life cycle and even extend it if their security is improved.A way to achieve this purpose is to improve the security of existing legacy ICSs, with the inclusion of mechanisms to give a response and to mitigate the effect of cyber-attacks.
There are several mechanisms to improve the security of information technology systems (ITS); however, control systems cannot use the same tools for improving their security [26].One of the different tools available in ICS (and not in ITS) is the ability to detect cyber-attacks based on the physical evolution of the state of the controlled system [27].This evolution usually is given by differential equations for continuous-time systems and difference equations for discrete-time systems.In this work we extend this line of work for attack detection and also the attack response actions to mitigate the effect of the attack [3], [18].

A. SYSTEM SETUP
Control algorithms are commonly chosen based on the performance requirements of the controlled system.A widely used control in industry is tracking control, which is based on state feedback together with an integral of the tracking error.Figure 1 illustrates a block diagram of a typical networked control system.
Most of the plants on ICSs are nonlinear processes, therefore nonlinear control is an important issue in industrial practice.These plants usually are modeled using state space representations, which are related with a great number of control techniques.In this work, we assume a nonlinear tracking controlled process, where the plant is modeled using a nonlinear time invariant model given by, where x(t) ∈ R n represents the state of the system, ũ(t) ∈ R m represents the control input vector after the transmission network (i.e., is the equivalent in continuous time of the signal u k that is transmitted through the network, computed by the remote controller, and received by the actuators), and y(t) ∈ R p represents the measurement output vector (to be transmitted).
The network used to send the signals between the controlled system and the remote controller has a random communication delay and packet dropout introduced by its limited communication capacity.Delays and cyber-attacks will affect both the control signal received by the controlled system and the sensor signal received by the remote controller, as where u k is the control action computed by the remote controller prior to transmission, while ũk is the control action after the process and actuators attacks are included, y k is the signal vector from measurements of the physical variables prior to transmission, and ỹk is the sensor signal vector after including the process and sensors attacks are included.
a k ∈ R m and s k ∈ R p represent attacks in actuators and sensors, respectively.
The Kronecker delta function δ(τ k , i) is used to represent the random communication delays and stochastic data missing.Delay time τ is considered as an integer number of the sampling time T s .For the ideal case, there is no communication delay, i.e., τ = 0, and only δ(0, 0) = 1, hence ũk = u k .For a communication delay time greater than zero (1 ≤ i ≤ q), only a term of the summation is equal to 1, hence ũk = u k−i .In the case that the delay produces a timeout error q = −1, there is no terms on the summation, and ũk = 0. Nevertheless, in this work we consider the ideal case where there is no communication delay, but we consider the case where there are cyber-attacks on the sensors.
Networked control is based on digital communication techniques, therefore, a discrete-time model for the plant is required.Typically, it is assumed that the system is operating at some nominal operation point, hence an incremental linear model (an approximation of the nonlinear plant) for the process is used in this case.In this work, the linear discrete-time invariant model of the plant is given by where k ∈ Z + represents the discrete time instant, x k ∈ R n represents the state of the system, ũk ∈ R m represents the control input vector after the transmission network (i.e., is the equivalent of the signal u k that is transmitted through the network, computed by the remote controller, and received by the actuators), y k ∈ R p represents the measurement output vector (to be transmitted), and ζ k and η k are independent zero mean noise vector sequences, with covariance matrices Q and R, respectively.The remote controller is designed to produce disturbance rejection and zero-steady state error for step inputs.For this purpose, an integrator and a state-feedback is implemented.The equation for the discrete-time integrator is given by where z k is the output vector of the integrator, s k ∈ R m represents the reference input vector or set-point, ỹk ∈ R q represents the controlled output vector, and T s represents the sampling time of the discrete-time system.The statefeedback requires the estimation of the state variables, from the available measurements.For this purpose a Kalman filter is used.
The Kalman filter provides the optimal state estimate xk .From the initial estimation of the associated error covariance matrix, P k|k−1 , the Kalman gain is computed as (5) After this, an update of the state estimation -using the measurement vector-and of the covariance error matrix is done Finally, the state estimation and the covariance error matrix is given by As it can be noticed from ( 5), (6), and ( 7), the state estimate xk obtained using the Kalman filter is computed using the information from all inputs u k and all outputs ỹk .The nominal control law of the system u k is given by where K 1 and K 2 are vectors computed to stabilize the closedloop control system, and to achieve the required performance.
Taking into account that the Kalman filter estimation xk is designed to converge to the state x k , the augmented state of the whole system is [x k z k ] , and hence xk in the control law ( 8) can be replaced by x k .

B. CYBER-ATTACKS IN CONTROL SYSTEMS
A typical networked controlled tracking system with state feedback is depicted in Figure 1.In the ideal (non-attack) case ỹk = y k and ũk = u k .
When the system is under attack, equation (3) can be extended to include integrity attacks as well as DoS attacks as follows and it is worth noticing that after the transmission, y k becomes Let us remark that attacks on sensors consist on replacing y k (the real sensor measurement) with ỹk = y k + s k (any data value output from the sensor), i.e., the attack adds what we consider as a a new input s k to the system.Attacks on actuators consist on modifying the input of the plant (the control signal sent to the process by the controller or the programmable logic controller) adding a new input, the attack a k .This modification affects directly the action that the actuators may execute.
Integrity attacks and faults on control systems share some similarities in that the sensor or control signals change from the real values and become less trustworthy.However, while faults are typically random and non-strategic, cyber-attacks are strategic, more deceptive, and potentially more dangerous for the safety of the system.The objective of the attacker can be economical profit, stealing private information, or causing malfunction or safety hazards in a control process.Differences between attacks and faults are significant, and, as a consequence, the existing tools of FTC cannot be used directly to detect and mitigate the effect of cyber-attacks on control systems.
In this work, deception attacks, also known as false data injection attacks, or integrity attacks, are described and discussed.For these attacks, we assume the attacker can alter the true information sent by sensors with the goal of deceiving the controller and, therefore, computing a control action that drives the control system to an unsafe or undesired behavior.These attacks can be achieved when the actual system measurements are replaced by data that are compatible with the measurement equation of the system [28], [29].In this work, we assume the attacker knows the valid range of the measurement of sensors, then, he will produce an attack vector not trivially detectable.In [29], it is shown that an attacker can manipulate these measurements without being detected.In this attack, the attacker does not require knowledge about the model of the system, but the knowledge about current values of the measurements is enough.With current values and the span of the measurements it is easy to compute an attack vector.
The false data injection considered in this work are of the form where f (k, x k ) varies depending on the type of attack applied to the system sensors.We establish two kinds of false data injection attacks: i) bias attack; and ii) static attack.
For the bias attack, s k is mathematically defined as where f s 1 and f s 2 are functions used to smooth the initial and final portions of the attacks, such as and t 1 and t 2 are the initial and final times of the attack, f i is the function that shapes the i th attack itself, which is suitably defined to affect only one sensor.The purpose of smoothing functions is to produce a soft transition to the sensor data, in order to try to avoid that a detector of abrupt changes can easily detect the attack.We use (13) when the change is the addition of a positive value and, ( 14) is used when the change is the subtraction of a positive value.
For the static attack, s k is such that ỹk becomes a static value with some noise for the duration of the attack, and it is defined as where η s i k is an independent zero mean noise signal, with the standard deviation equal to the sensor signal characteristics.
The fundamental feature of control systems is to maintain a set of variables with a predefined desired behavior, for instance, tracking a reference input and rejecting some disturbances.However, most control systems have not been designed to be resilient to malicious deliberate actions.Those actions aim to alter the behavior of the controlled plant in order to reach the system instability, to force some variables out of range and, in some cases, to cause harmful damage in the system and its environment.
In order to design attack-resilient systems, we need: i) to detect that an attack is taking place; ii) to isolate (identify) the attacked device; and iii) to reconfigure the system and/or change its operation to mitigate the attack (e.g., replace the sensed measurements by a virtual sensor [3]).

III. ATTACK MITIGATION APPROACH
In this section, we present a mechanism that generates a response to mitigate the effect produced by a false-data injection attack in one sensor of a control system.The mitigation response decreases the deviation in the system outputs, produced by a sensor cyber-attack.When the controller receives misleading information, it computes an incorrect control action, changing the normal operation of the control system.The attack response is based on the computation, and the posterior addition, of a correction signal to the incorrect sensor information.When the above mentioned correction is done on the tampered sensor, the controller can compute a trustworthy control action and the effect of the attack is mitigated.
To obtain trustworthy information, it is necessary to detect and isolate where the anomaly is placed.Some previous works show the use of FTC tools to detect and isolate sensor attacks in control systems [14], [19].In this paper, we go a step further by showing a response mechanism to be used after the anomaly detection and isolation.The attackresponse algorithm computes the required control action with trustworthy information to mitigate the impact that the sensor attack produces in the performance of the control system.

A. ANOMALY DETECTION AND ISOLATION
Anomaly detection and isolation algorithms have two goals i) identifying where the attack is located, i.e., which sensor information is false; and ii) identifying the time the attack is active, i.e., starting and ending time of the attack.For stochastic systems, this can be achieved using optimal filtering and robust anomaly diagnosis including unknown disturbances, which in our case are the sensor attacks.In this work, the attacks are the disturbances that we need to decouple.
For each sensor of the system an observer is designed, and the optimal output estimation can be produced.To detect and isolate anomalies, the output estimation error is used as a residual which is robust against unknown disturbances and has minimal variance.A hypothesis-testing procedure is then applied to examine the likelihood of residuals, and to indicate whether or not an anomaly has occurred in any sensor of the system.
In order to detect and isolate the anomaly, an ODDO is designed for each sensor of the control system.In this work, the attacked sensors are considered as the unknown disturbance that is acting on the system.These ODDOs are used to generate the structured residuals, i.e., residuals that are insensitive to one specific disturbance, and are sensitive to the other ones.The ODDO that is insensitive to anomalies on the j th sensor has as input all components of the control action vector u k and, all but the j th component of the output vector, ỹj k .An optimal state estimation of the system associated to the j th sensor is obtained using an initial estimation of the associated error covariance matrix, just as it is done in the Kalman filter.
Designing the j th ODDO requires a transformation to guarantee the existence of the observer and the anomaly decoupling on the j th sensor, which is done by where E j is the matrix used to decouple the effect of the unknown attack on the j th sensor, C j is the resulting matrix when the j th row is eliminated from the matrix C, I n is an order n identity matrix.Then, a standard Kalman gain is calculated, similarly as in (4), After that, an update of the estimation of the covariance error matrix is done Some other transformation matrices, need to be updated at each iteration, and they are given by where ỹj k is the vector of sensor measurements for time k, when the row correspondent to the j th sensor is suppressed.Finally, the updates for the state estimated and the ahead prediction of the error covariance matrix are performed by The complete procedure is presented, explained, and demonstrated in [30].Associated with the optimal output estimation from the j th ODDO, the r j k residual vector is computed by The residual r j k , associated to the j th sensor, is computed using the information from all inputs u k and all but the j th component of the outputs ỹj k .When there are no anomalies on actuators, and there is only one attack in the j th sensor, the residual satisfies where T j iso is known as the isolation threshold for the j th ODDO.
For an ideal case, the mathematical model of a system describes perfectly its behavior, the observers converge instantaneously, and hence, in absence of any anomaly on a sensor, all residuals would be always exactly equal to zero.However, for practical cases, due to modeling imperfections of the controlled system, and convergence time of observers different than zero, the residuals are not exactly zero when there are not attacks on sensors.For this reason, the threshold is determined based on reducing false isolation of attacks.The threshold determination is done based on the calculation of the residuals with no attacks on sensors of the system.From the residuals without attacks, we can define the threshold as It is worth noticing that when τ j I is chosen to be smaller than the value in (23) some additional false anomalies are isolated, and if it is chosen to be larger than this value, some anomalies may not be detected.
The binary variable l j k is used to denote whether or not an attack is active at k instant on the j th sensor, as However, in MIMO systems all outputs are usually coupled, and for this reason, one sensor attack in the i th sensor can be wrongly isolated in another sensor, i.e., l j k = 1 for j = i.As a consequence of that, a mechanism to suppress the isolation of false attacks is presented in the next section.

B. PREVENTING ISOLATION BECAUSE OF FALSE ALERTS
The isolation mechanism described above produces imperfect results.These imperfections are the result of the coupling between all outputs of a MIMO system, i.e., an anomaly/attack on the j th sensor is not just revealed on the residual of the correspond observer, but it is also revealed in the other residuals, usually delayed, and with a smaller amplitude than in the residual r j k .Hence, in this section we introduce a mechanism to correct the isolation results based on previous facts.
The false anomaly suppression is done using the previously defined assumption that establishes that only one sensor attack/anomaly can occur simultaneously, and there is no actuator attack/anomaly acting on the system.The first step of false anomalies/attacks suppression is to disable the isolation of more than one attack/anomaly simultaneously.This correction generate L j k variables, using their past values and the values of l j k : (25) where & represents the AND logic operator, || represents the OR logic operator, and ā represents the NOT logic operator of a. Equation ( 25) means that L j k can be equal to 1, for two different situations: 1) If L j k−1 and l j k are both equals to 1, then at the k − 1 instant an attack was detected in the j th sensor, and the attack remains active at k. 2) If l j k is equal to 1, the previous value of L j k−1 is equal to 0, and l i k = 0, for i = j, then there is no previous attack in the j th sensor, but now there is one, if and only if there is no attack in other sensors at the same time.The second step of false anomalies/attacks suppression is related with the duration of the attack.This is done using a residual based on a Kalman filter, already designed and in use for the feedback control law calculation.This filter is used to produce an optimal estimation of the outputs when measurements are noisy.However, in this estimation, the coupling between all outputs is an advantage because the residual from Kalman filters gives accurate information about the attack/anomaly duration.Associated with the optimal state estimation obtained from the Kalman filter, one residual vector is computed as When there is no anomalies on actuators and there is one attack in any sensor, the residual obeys the next expression where τ D is known as the detection threshold.
In the same way as in ODDOs, due to modeling imperfections of the controlled system and convergence time of the Kalman filter, the residual is not exactly zero when there are no attacks on sensors.The threshold determination is done based on the calculation of the residual with no attacks on sensors of the system.Hence, the supremum of r k , for all k, could be chosen as the detection threshold τ D .If a value smaller than the supremum of r k , for all k, is chosen as the detection threshold some additional false anomalies are detected, and if a value greater than the supremum of r k , for all k, is chosen as the isolation threshold, then some anomalies will not be detected.The binary variable d k is used to denote whether or not an attack is active at k on any sensor of the system.In conclusion, The accurate information about the time duration of the attack on the j th sensor is synthesized in the binary variable a j k , using the results from ( 22), (25), and ( 27) as where a j k indicates that at the k th sampling, on the j th sensor, there is an attack if a j k = 1, or there is no attack if a j k = 0.

C. CONTROL ACTION COMPENSATION
Some previous works have developed similar mechanisms as the ones described above [11], [14], [19], [31].These works have been focused on detection and isolation of cyber-attacks on control systems.In this paper we take an additional step, which consists in the addition of a mechanism with the aim of being able to mitigate the effect produced by a sensor cyber-attack of an ICS.Notice that such mechanism is added to improve the security of an existing networked controller.The proposed mechanism is developed in the same hardware where the remote controller is implemented.The purpose of this mechanism is for the system outputs to avoid having a big deviation with respect to the nominal response, when under attack.
Control action compensation is the last stage in the developed approach to mitigate the effect of a sensor cyber-attack in an ICS.It deals with the stage in which the authentic information of the sensor is recovered.The authentic information of the sensor is the signal before the attacker modifies it.In order to restore the nominal control of the system, it is necessary to find the authentic signal of the sensor using analytical redundancy.As it is explained above, the j th ODDO, is designed to be insensitive to sensor attacks in sensor j, and all other ODDOs are sensitive to attacks on sensor j.For this reason, the magnitude of the attack on the j th sensor is given by where C j is the j th row of the C matrix, xj k is a state estimation insensitive to disturbances on j th sensor and xi k is a state estimation sensitive to disturbances on all but the i th sensor.The information given by m k is now masked using (29) to obtain an approximation of s k , which is subtracted from ỹk to obtain where y k is an approximation of the authentic sensor signal, nullifying the addition done by the attacker.

IV. SIMULATION RESULTS
In this section, we show some results from applying the mitigation mechanism proposed in Section III to an existing feedback control system which faces false data injection attacks.
First, we describe the system and its control loop showing its normal operation behavior.Then, we describe a set of false data injection attacks.We also show the effect of the attacks on the system outputs, and we explain how the mitigation mechanism works, i.e., the obtained results step by step of the proposed approach to perform the mitigation.

A. THREE-TANKS BENCHMARK
To illustrate how FTC can be adapted and used to mitigate the effect of attacks on sensors of control systems, an existing ICS (the three tanks benchmark) is used.The nonlinear dynamics of this system are obtained using using first-principles.The approach of first-principles is based on the use of physical laws to describe the dynamic evolution of a system.In this specific case, a balance of mass is used to obtain the differential equations which are the model of the system.The model of the system is the same as the one in [32] given by where the parameter values are shown in Table 1.

TABLE 1.
Parameter values of the three tank system.
The schematic diagram of the system is shown in Fig. 2. The goal of this control system is to track the liquid level of two tanks (L 1 (t) and L 2 (t)) in concordance with the two set-points settled.For this case, we consider the system has three coupled tanks, with a level sensor for tanks 1 and 2 (i.e., two outputs), and two valves to regulate the intake flow in tanks 1 and 2 (i.e. two inputs).However, the state variables are the levels of the three tanks (i.e., there is no measurements in one of the three tanks).
The operation point of the system is obtained fixing the nominal intake flow as u 1 = 3.5 × 10 −5 m 3 /s and u 2 = 3.75 × 10 −5 m 3 /s.Therefore, the operation point for the state variables of the system would be h 1 = 0.4 m, h 2 = 0.2 m, and h 3 = 0.3 m.
Level control of tanks on industrial scenarios is done with tracking controllers that produce disturbance rejection and zero steady state error for step inputs.The proposed control for this system given in [33] is a discrete-time controller (8) with a sampling time T s = 1 s, and feedback gains given by In order to implement the control law, since we have information of two level measurements, it is necessary to implement an estimator.For the open loop simulation we include white noise for the sensors, η k ∼ N (0, 5 × 10 −5 ), and the actuators, ζ k ∼ N (0, 5 × 10 −6 ).Since the measurements include noise measurement, the estimation of the state variables is done using a Kalman filter.For the design of the Kalman filter a discrte-time model for the system is required.This linear model is obtained using input-output data.The data is used to estimate a discrete-time incremental linear state-space model which is an approximation of the physical nonlinear system near the operation point.The discrete-time space state model (3) is obtained using a sampling time T s = 1 s as in [33], together with subspace identification techniques [34]  The state estimation xk is obtained using ( 5), (6), and (7).Therefore, the control action can be computed now, using (8).The behavior of the closed loop system is shown in Fig. 3. There, it is seen how the control works properly for both variables L 1 (t) and L 2 (t), taking them to reach the desired value, every time the set-point varies.It can also be noticed how the system is coupled, because some small changes on the behavior appear when the references are changed.
The IAE between the response without attacks and the setpoint input of the control system is used to quantify the impact of the attacks on the sensors of the system.It is important to highlight that the effect of an attack on the sensor of Level 1 has impact on the response of Level 2, and for this reason, for each attack scenario the IAE, i.e., for Levels 1 and 2 are computed.In the case there is not attacks on the control system, the IAE for Level 1 is: 3.6935, and for Level 2 is: 2.7889.These IAE values without attacks are taking into account as the reference values.Therefore, the bigger the IAE values are the bigger the impact of the attack is.

B. ATTACKS DEFINITION
In order to prove the effectiveness of the approach proposed, a set of 8 integrity attacks were applied to the system.As we mentioned before, we consider bias attacks and static attacks.Within the set of the applied attacks, there are six bias attacks, like the ones defined by (12), with their specific parameters shown in Table 2.The remaining two are static attacks, like the ones defined by (15), with their specific parameters shown in Table 3.In all of the cases, only one attack in one sensor is applied each time.

C. MITIGATION APPROACH IMPLEMENTATION RESULTS
We now evaluate our attack mitigation approach as outlined in Section III.The anomaly detection and isolation mechanisms are implemented using the existing Kalman filter used to implement the controller, and two ODDOs.The 1 st ODDO is designed to decouple the effect of the attacks on the sensor of tank Level 1; the estimation of the state x1 k is obtained using ( 16), ( 17), (18), and (19); the inputs of this observer are the whole input vector u, and only the output y 2 ; the decoupling of attacks on the sensor for Level 1 is achieved  The effectiveness of our proposal is validated using a set composed by 8 attacks.A summary of the results after applying each of the attacks 1 -8 are shown in Table 4.The first column is utilized to specify the attack number.The Attack Kind column has two possibilities, bias attack or static attack.The sensor data measurement altered by the attacker is in the third column, named Sensor Attacked, and has two options 1 or 2, to show the corresponding level.Columns four to six show IAE values for the two outputs of the system.In these columns there are three cases, the column without reconfiguration labeled w/o.R. that shows the impact of the attack on both outputs.A column with a conventional FTC reconfiguration scheme, which exhibits the reduction of the impact of the attack utilizing FTC techniques directly, and it is labeled C.R. The last column presents the impact of the attack when the mitigation new mechanism proposed is applied, and is labeled N.R.
Results of Table 4, show that both reconfiguration mechanism reduce the impact of the attack on the output corresponding to the attacked sensor.However, in bias injection attacks the conventional reconfiguration causes a bigger impact on the opposite output, while the reconfiguration proposed maintains a better behavior in the opposite output while adjusting the attacked output.In static injection attacks, the result with both mechanisms of reconfiguration produces similar results.

1) RESULTS DISCUSSION -ATTACK #5
Now, in order to gain a better understanding of the results, we present a detailed description of two of the eight attacks utilized to show the effectiveness of our proposal.The first attack scenario analyzed is related with bias attacks.All of the attacks 1 -6 have similar behavior, therefore without loss of generality, the attack #5 is now analyzed.The effect of the attack #5 in the outputs of the system is shown in Fig. 4. When this attack takes place, the IAE for Level 1 increases from 3.6935 to 6.7904, but the IAE for Level 2 has a little deviation from 2.7889 to 2.8494.The next stage on the mitigation process is the detection and isolation of the attack.This process is explained in Subsection III-A.Fig. 5 shows the result of this process.The red continuous line shows a true detection of the attack on Level 1. Due to the soft variation at the beginning and the end of the attack, the attack is detected and isolated with some delay, between 862 s and 1136 s.However, a false isolation of an attack on Level 2 is also obtained (dashed blue line).The last is a consequence of the fact that the output named l 1 is obtained without the tampered information of the sensor of Level 1 (let us remember that the 1 st ODDO does not use the information of y 1 ), but the output l 2 is obtained using that tampered information.
The correction of the previous results of detection and isolation is done based on two facts.The first fact is that the Kalman filter, used for state feedback, is also useful to extract accurate information about the attack duration.This result is shown in Fig. 6.The second fact is that there is no simultaneous attacks on the two sensors of the system.The procedure explained in III-B is used to obtain the definitive attack isolation, and it is shown in Fig. 7.A comparison between the utilization of the conventional FTC tools and the improved response obtained with our proposal is shown in the Fig. 8.It is clear that the main problem of the conventional FTC method is the degradation of the output of Level 2, when the attack on the sensor for Level 1 is mitigated.Using IAE values to compare the system behavior for the Level 1, without reconfiguration mechanism the value is 6.7904, with the conventional mechanism the value is 4.3649 and, with the improved mechanism it is 4.2625.In the same way, IAE the value for Level 2 without reconfiguration is 2.8494, with reconfiguration using the conventional FTC tools the value is 3.8014, and with our proposal it is 2.8262.IAE values, and visual inspection of Level 2 in Fig 8, show that the approach proposed keep the behavior of Level 1, where the attack takes place, and improves the behavior   of Level 2, where the conventional reconfiguration process affects the system in a negative way.

2) RESULTS DISCUSSION -ATTACK #8
Similarly to the first scenario, attacks 7 and 8 have a similar behavior, and the second attack scenario corresponds to the detailed analysis of attack #8.The effect of the attack #8 in the outputs of the system is shown in Fig. 9, and the results of attack detection and isolation are shown in Fig. 10.The attack duration and the attack isolation are shown in Figs.11 and 12. Finally, the results of the two mechanisms of reconfiguration are shown in Fig. 13.Attack #8 also has effect on the IAE index; for Level 1 (sensor without attack) there is a little

FIGURE 1 .
FIGURE 1. Block diagram of a typical networked tracking control system with state feedback.

FIGURE 2 .
FIGURE 2. Schematic diagram of three tanks system.
and a similarity transformation.Therefore, the parameters of the model are given by

FIGURE 3 .
FIGURE 3. Response of closed loop control system without attacks.

using the matrix E 1 = 1 I = 3 . 3 × 10 −3 and τ 2 I = 1 . 5 × 10 − 3 .
[10 −5 1 10 −5 ] .The design of the 2 nd ODDO, to decouple attacks on Level 2 sensor, is similar to the 1 st ODDO; in this case, the inputs of the observer are the whole input vector u, and only the output y 1 ; the decoupling matrix is E 2 = [1 10 −5 10 −5 ] .With the state estimation from each ODDO, we can now compute the residuals r 1 k and r 2 k .For our simulations the thresholds obtained for ODDOs are: τ The threshold for residual obtained with the Kalman filter is τ D = 1.5 × 10 −6 .

FIGURE 4 .
FIGURE 4. Effect of the attack #5 in the response of the control system.

FIGURE 5 .
FIGURE 5. Detection and isolation of the attack #5, red line denotes isolation on Level 1, and blue line denotes isolation on Level 2.

FIGURE 6 .
FIGURE 6. Attack duration, computed using of the Kalman filter, that is a part of the original control system, under attack #5.

FIGURE 7 .
FIGURE 7. Definitive attack isolation for attack #5, red line denotes the existence and duration of an attack on the sensor of the Level 1.

FIGURE 8 .
FIGURE 8. Mitigation response to sensor of Level 1 attack #5 without mitigation response and with two different mechanisms of reconfiguration.

FIGURE 9 .
FIGURE 9. Effect of the attack #8 in the response of the control system.

FIGURE 10 .
FIGURE 10.Detection and isolation of the attack #8, red line denotes isolation on Level 1, and blue line denotes isolation Level 2.

TABLE 2 .
Bias attacks applied on the system.

TABLE 3 .
Static attacks applied on the system.

TABLE 4 .
Key performance index comparisons of different attacks applied on system sensors.