| CPC H04L 63/1416 (2013.01) [H04L 41/145 (2013.01)] | 4 Claims |
|
1. A method for detecting a data stealthy attack on a networked system with differential privacy protection, comprising:
(a) modeling a networked system and designing an attack detection scheme based on system noise parameters;
(b) designing an optimal data stealthy attack scheme for an attacker according to known system information; and
(c) determining a moment of adding a privacy noise through a privacy noise scheduling scheme while ensuring privacy of sensitive data on the networked system, wherein in step (b), the designing an optimal data stealthy attack scheme for an attacker comprises:
aggregating measurement data collected by a sensor from time 0 to k into a normal vector;
 in Eq (2),
 (0)T,  (1)T, . . . ,  (k)T refer to the transpose of the measurement data collected by the sensor from time 0 to k, respectively; the measurement data at each time is independent and subject to a Gaussian distribution with a mean of  and a variance of σ2; the attacker aims to find an optimal attack signal distribution f*a, whereby an expectation of a difference between an attack vector Yu and a normal vector Y is maximal: a deviation between an attack signal distribution fa and a normal signal distribution fn is maintained within an acceptable threshold γ:
s.t.DKL(fa|fn)<γ (4);
also, ∫fadx=1 (5);
in Eqs. (3)-(5), |⋅|1 represents a 1 norm of a matrix;
 represents KL divergence between the attack signal distribution fa and the normal signal distribution fn;
the normal signal distribution fn represents a normal system data distribution or a data distribution disturbed by a differential privacy scheme based on a privacy protection demand, and to solve a constrained optimization problem, a Lagrange function of the optimization problem is denoted as:
Γ(x)=∫(x−2μ)xfa(x)dx+σ2+μ2+
 in Eq. (6), μ and σ2 refer to the mean and variance of the Gaussian distribution in Eq. (2); x is an integral variable, k1, k2, is a Lagrange multiplier, and a variance relationship between the normal signal distribution and the optimal attack signal distribution is obtained by taking a partial derivative of parameters of the Lagrange function:
 Eq. (7) is solved to derive:
 in Eq. (8), the Lagrange multiplier is obtained by substituting the optimal attack signal distribution into Eqs. (3), (4) and (5) and solving the equations, and a specific value of the Lagrange multiplier is related to a form of adding a differential privacy noise and the acceptable threshold γ of the attacker;
a measurement value is disturbed with a noise of the Gaussian distribution, and a probability density function of a disturbance Gaussian noise is:
 in Eq. (9), μ0,σ0 are a mean and standard deviation of the disturbance Gaussian noise, respectively; furthermore a probability density function of a normal signal is:
 the optimal attack signal distribution is finally solved as:
 the optimal data stealthy attack scheme is a method for sampling an attack signal from the optimal attack signal distribution to attack the networked system;
in step (c), the determining a moment of adding a privacy noise through a privacy noise scheduling scheme comprises:
adding a random noise ηk, conforming to the Gaussian distribution into a real-time measurement value
 k requiring privacy protection to obtain disturbance data  k, wherein the variance of the random noise ηk is: in Eqs. (12) and (13), Δf is global sensitivity; D and D′ are adjacent data sets obtained from statistical characteristics of the real-time measurement value, namely ∥D−D′∥≤1; ϵ is a privacy budget at each time; δ is another privacy parameter of a (ϵ,δ)-differential privacy protection scheme having a value range of 0<δ<1; a disturbed real-time measurement value after adding the disturbance Gaussian noise is:
 in Eq. (14), ηk and
 k have the same dimension;the following state feedback mode is considered:
 k=L k (15)in Eq. (15), L is a feedback gain,
 k is a system state estimation value at time k, a state residual is ek= k− k, and an expanded system state is rewritten as: an iteration form of the expanded system state is as follows:
 in Eq. (17), zk+1 represents the expanded system state at time k+1; I is an identity matrix of the same dimension as A, and K represents a Kalman gain matrix;
 in Eq. (18), F is a first auxiliary matrix, G is a second auxiliary matrix, and
 k is a third auxiliary matrix;a covariance matrix of
 k is: in Eq. (19), E represents the expectation;
if the expectation and covariance of the expanded system state are
 k,  k, respectively,an iteration form of is:
  k+1=FnkFT+R k (20)the covariance matrix of
 k after adding the differential privacy noise is rewritten as: in Eq. (21), Rηk=σ02·I is the covariance matrix of the added differential privacy noise;
the covariance of the expanded system state is:
nk+1=FnkFT+R
 k+Rηk (22)if the covariance of the expanded system state at a start time is n0,
 when Fk represents a kth power of a Kalman gain matrix F, Fk-i represents a k−ith power of the Kalman gain matrix F, and i is a summation variable, if all eigenvalues of F are less than 1, namely (A+BK)(A−LC)<1, nk win converge to a constant N, and the variance of an added actual noise satisfies:
Rηk>(σ′)2I−NCCT−Rv (24)
in Eq. (24), (σ′)2 is a total noise scale for achieving differential privacy protection;
the goal is to maximize a detection rate of a stealthy attack at an acceptable control cost:
 in Eq. (25),
 is a sequence of privacy noises added within a time period M, wherein 1 represents noise addition, and 0 represents no noise addition; J represents the control cost; and Ω represents an upper limit of the acceptable control cost.
|