Xiuzhen Ye, Iñaki Esnaola, Samir M. Perlaza, Robert F. Harrison
A novel metric that describes the vulnerability of the measurements in power systems to data integrity attacks is proposed. The new metric, coined vulnerability index (VuIx), leverages information theoretic measures to assess the attack effect on the fundamental limits of the disruption and detection tradeoff. The result of computing the VuIx of the measurements in the system yields an ordering of their vulnerability based on the level of exposure to data integrity attacks. This new framework is used to assess the measurement vulnerability of IEEE 9-bus and 30-bus test systems and it is observed that power injection measurements are overwhelmingly more vulnerable to data integrity attacks than power flow measurements. A detailed numerical evaluation of the VuIx values for IEEE test systems is provided.
Victor Quintero, Samir M. Perlaza, Iñaki Esnaola, Jean-Marie Gorce
In this research report, an achievability region and a converse region for the two-user Gaussian interference channel with noisy channel-output feedback (G-IC-NOF) are presented. The achievability region is obtained using a random coding argument and three well-known techniques: rate splitting, superposition coding and backward decoding. The converse region is obtained using some of the existing perfect-output feedback outer-bounds as well as a set of new outer-bounds that are obtained by using genie-aided models of the original G-IC-NOF. Finally, it is shown that the achievability region and the converse region approximate the capacity region of the G-IC-NOF to within a constant gap in bits per channel use.
Victor Quintero, Samir M. Perlaza, Iñaki Esnaola, Jean-Marie Gorce
In this paper, the capacity region of the linear deterministic interference channel with noisy channel-output feedback (LD-IC-NF) is fully characterized. The proof of achievability is based on random coding arguments and rate splitting; block-Markov superposition coding; and backward decoding. The proof of converse reuses some of the existing outer bounds and includes new ones obtained using genie-aided models. Following the insight gained from the analysis of the LD-IC-NF, an achievability region and a converse region for the two-user Gaussian interference channel with noisy channel-output feedback (GIC-NF) are presented. Finally, the achievability region and the converse region are proven to approximate the capacity region of the G-IC-NF to within 4.4 bits.
Mete Ozay, Inaki Esnaola, Fatos T. Yarman Vural, Sanjeev R. Kulkarni, H. Vincent Poor
Attack detection problems in the smart grid are posed as statistical learning problems for different attack scenarios in which the measurements are observed in batch or online settings. In this approach, machine learning algorithms are used to classify measurements as being either secure or attacked. An attack detection framework is provided to exploit any available prior knowledge about the system and surmount constraints arising from the sparse structure of the problem in the proposed approach. Well-known batch and online learning algorithms (supervised and semi-supervised) are employed with decision and feature level fusion to model the attack detection problem. The relationships between statistical and geometric properties of attack vectors employed in the attack scenarios and learning algorithms are analyzed to detect unobservable attacks using statistical learning methods. The proposed algorithms are examined on various IEEE test systems. Experimental analyses show that machine learning algorithms can detect attacks with performances higher than the attack detection algorithms which employ state vector estimation methods in the proposed attack detection framework.
Xiuzhen Ye, Inaki Esnaola, Samir M. Perlaza, Robert F. Harrison
Decentralized stealth attack constructions that minimize the mutual information between the state variables and the measurements are proposed. The attack constructions are formulated as random Gaussian attacks targeting Cyber-physical systems that aims at minimizing the mutual information between the state variables and measurements while constraining the Kullback-Leibler divergence between the distribution of the measurements under attacks and the distribution of the measurements without attacks. The proposed information metrics adopted measure the disruption and attack detection both globally and locally. The decentralized attack constructions are formulated in a framework of normal games. The global and local information metrics yield games with global and local objectives in disruption and attack detection. We have proven the games are potential games and the convexity of the potential functions followed by the uniqueness and the achievability of the Nash Equilibrium, accordingly. We proposed a best response dynamics to achieve the Nash Equilibrium of the games. We numerically evaluate the performance of the proposed decentralized stealth random attacks on IEEE test systems and show it is feasible to exploit game theoretic techniques in decentralized attack constructions.
Yuchi Tang, Iñaki Esnaola, George Panoutsos
Existing post-hoc model-agnostic methods generate external explanations for opaque models, primarily by locally attributing the model output to its input features. However, they often lack an explicit and systematic framework for quantifying the contribution of individual features. Building on the Taylor expansion framework introduced by Deng et al. (2024) to unify existing local attribution methods, we propose a rigorous set of postulates -- "precision", "federation", and "zero-discrepancy" -- to govern Taylor term-specific attribution. Guided by these postulates, we introduce TaylorPODA (Taylor expansion-derived imPortance-Order aDapted Attribution), which incorporates an additional "adaptation" property. This property enables alignment with task-specific goals, especially in post-hoc settings lacking ground-truth explanations. Empirical evaluations demonstrate that TaylorPODA achieves competitive results against baseline methods, providing principled and visualization-friendly explanations. This work enhances the trustworthy deployment of opaque models by offering explanations with stronger theoretical grounding.
Xiuzhen Ye, Iñaki Esnaola, Samir M. Perlaza, Robert F. Harrison
A novel metric that describes the vulnerability of the measurements in power system to data integrity attacks is proposed. The new metric, coined vulnerability index (VuIx), leverages information theoretic measures to assess the attack effect on the fundamental limits of the disruption and detection tradeoff. The result of computing the VuIx of the measurements in the system yields an ordering of the measurements vulnerability based on the level of exposure to data integrity attacks. This new framework is used to assess the measurements vulnerability of IEEE test systems and it is observed that power injection measurements are overwhelmingly more vulnerable to data integrity attacks than power flow measurements. A detailed numerical evaluation of the VuIx values for IEEE test systems is provided.
Zhiguo Ding, Samir M. Perlaza, Inaki Esnaola, H. Vincent Poor
In this paper, a wireless cooperative network is considered, in which multiple source-destination pairs communicate with each other via an energy harvesting relay. The focus of this paper is on the relay's strategies to distribute the harvested energy among the multiple users and their impact on the system performance. Specifically, a non-cooperative strategy is to use the energy harvested from the i-th source as the relay transmission power to the i-th destination, to which asymptotic results show that its outage performance decays as logSNR over SNR. A faster decaying rate, 1 over SNR, can be achieved by the two centralized strategies proposed this the paper, where the water filling based one can achieve optimal performance with respect to several criteria, with a price of high complexity. An auction based power allocation scheme is also proposed to achieve a better tradeoff between the system performance and complexity. Simulation results are provided to confirm the accuracy of the developed analytical results and facilitate a better performance comparison.
William Casbolt, Iñaki Esnaola, Bryn Jones
The performance of control systems with packet loss as a result of an attack over the actuation communication channel is analysed. The operator is assumed to monitor the state of the channel by measuring the average number of packet losses and an attack detection criteria is established based on the statistic. The performance of the attacker is measured in terms of the increase of the linear quadratic cost function of the operator subject to a given detection constraint. Within that setting, the optimal denial of service (DoS) attack strategy is formulated for UDP-like and TCP-like communication protocols. {For both communication protocols,} DoS attack constructions that are independent and identically distributed (IID) are compared to those that are non-stationary. The main contributions of this paper are (i) explicit characterisation of the expected cost increase of the optimal attack constructions and the associated packet loss parameter for the IID case, (ii) proof, by example, that non-stationary random attacks outperform IID attacks in the presence of detection constraints.
Xiuzhen Ye, Iñaki Esnaola, Samir M. Perlaza, Robert F. Harrison
Information theoretic sparse attacks that minimize simultaneously the information obtained by the operator and the probability of detection are studied in a Bayesian state estimation setting. The attack construction is formulated as an optimization problem that aims to minimize the mutual information between the state variables and the observations while guaranteeing the stealth of the attack. Stealth is described in terms of the Kullback-Leibler (KL) divergence between the distributions of the observations under attack and without attack. To overcome the difficulty posed by the combinatorial nature of a sparse attack construction, the attack case in which only one sensor is compromised is analytically solved first. The insight generated in this case is then used to propose a greedy algorithm that constructs random sparse attacks. The performance of the proposed attack is evaluated in the IEEE 30 Bus Test Case.
William Casbolt, Bryn Jones, Iñaki Esnaola
The performance of control systems with input packet losses on the controller to plant communication channel is analysed. The main contribution of this work is a proof that linear optimal control systems operating with UDP-like communication protocols have a larger quadratic cost than the same systems operating with TCP-like protocols. The proof is derived for the general case of multidimensional and independent actuation communication channels. In doing so, our results extend previous work to systems with multiple distributed actuators. The difference in cost between two communication protocols is analysed, enabling the maximal difference between the two protocols to be quantified. Numerical examples are presented to highlight the difference in costs induced by the choice of communication protocol.
Ke Sun, Iñaki Esnaola, Antonia M. Tulino, H. Vincent Poor
Information-theoretic stealth attacks are data injection attacks that minimize the amount of information acquired by the operator about the state variables, while simultaneously limiting the Kullback-Leibler divergence between the distribution of the measurements under attack and the distribution under normal operation with the aim of controling the probability of detection. For Gaussian distributed state variables, attack construction requires knowledge of the second order statistics of the state variables, which is estimated from a finite number of past realizations using a sample covariance matrix. Within this framework, the attack performance is studied for the attack construction with the sample covariance matrix. This results in an analysis of the amount of data required to learn the covariance matrix of the state variables used on the attack construction. The ergodic attack performance is characterized using asymptotic random matrix theory tools, and the variance of the attack performance is bounded. The ergodic performance and the variance bounds are assessed with simulations on IEEE test systems.
Ke Sun, Iñaki Esnaola, H. Vincent Poor
Data injection attacks (DIAs) pose a significant cybersecurity threat to the Smart Grid by enabling an attacker to compromise the integrity of data acquisition and manipulate estimated states without triggering bad data detection procedures. To mitigate this vulnerability, the moving target defense (MTD) alters branch admittances to mismatch the system information that is available to an attacker, thereby inducing an imperfect DIA construction that results in degradation of attack performance. In this paper, we first analyze the existence of stealth attacks for the case in which the MTD strategy only changes the admittance of a single branch. Equipped with this initial insight, we then extend the results to the case in which multiple branches are protected by the MTD strategy. Remarkably, we show that stealth attacks can be constructed with information only about which branches are protected, without knowledge about the particular admittance value changes. Furthermore, we provide a sufficient protection condition for the MTD strategy via graph-theoretic tools that guarantee that the system is not vulnerable to DIAs. Numerical simulations are implemented on IEEE test systems to validate the obtained results.
Francisco Daunas, Iñaki Esnaola, Samir M. Perlaza
The dual formulation of empirical risk minimization with f-divergence regularization (ERM-fDR) is introduced. The solution of the dual optimization problem to the ERM-fDR is connected to the notion of normalization function introduced as an implicit function. This dual approach leverages the Legendre-Fenchel transform and the implicit function theorem to provide a nonlinear ODE expression to the normalization function. Furthermore, the nonlinear ODE expression and its properties provide a computationally efficient method to calculate the normalization function of the ERM-fDR solution under a mild condition.
George Crowley, Iñaki Esnaola
We prove generalised concentration inequalities for a class of scaled self-bounding functions of independent random variables, referred to as ${(M,a,b)}$ self-bounding. The scaling refers to the fact that the component-wise difference is upper bounded by an arbitrary positive real number $M$ instead of the case $M=1$ previously considered in the literature. Using the entropy method, we derive symmetric bounds for both the upper and lower tails, and study the tightness of the proposed bounds. Our results improve existing bounds for functions that satisfy the ($a,b$) self-bounding property.
Zak Hodgson, Inaki Esnaola, Bryn Jones
This paper presents a model based adaptive monitoring method for the estimation of flow tracers, with application to mapping, prediction and observation of oil spills in the immediate aftermath of an incident. Autonomous agents are guided to optimal sensing locations via the solution of a PDE constrained optimisation problem, obtained using the adjoint method. The proposed method employs a dynamic model of the combined ocean and oil dynamics, with states that are updated in real-time using a Kalman filter that fuses agent-based measurements with a reduced-order model of the ocean circulation dynamics. In turn, the updated predictions from the fluid model are used to identify and update the reduced order model, in a process of continuous feedback. The proposed method exhibits a 30% oil presence mapping and prediction improvement compared to standard industrial oil observation sensor guidance and model use.
Iñaki Esnaola, Samir M. Perlaza, Ke Sun
In this chapter we review some of the basic attack constructions that exploit a stochastic description of the state variables. We pose the state estimation problem in a Bayesian setting and cast the bad data detection procedure as a Bayesian hypothesis testing problem. This revised detection framework provides the benchmark for the attack detection problem that limits the achievable attack disruption. Indeed, the trade-off between the impact of the attack, in terms of disruption to the state estimator, and the probability of attack detection is analytically characterized within this Bayesian attack setting. We then generalize the attack construction by considering information-theoretic measures that place fundamental limits to a broad class of detection, estimation, and learning techniques. Because the attack constructions proposed in this chapter rely on the attacker having access to the statistical structure of the random process describing the state variables, we conclude by studying the impact of imperfect statistics on the attack performance. Specifically, we study the attack performance as a function of the size of the training data set that is available to the attacker to estimate the second-order statistics of the state variables.
Zak Hodgson, David Browne, Inaki Esnaola, Bryn Jones
This paper presents a combined ocean and oil model for adaptive placement of sensors in the immediate aftermath of oilspills. A key feature of this model is the ability to correct its predictions of spill location using continual measurement feedback from a low number of deployed sensors. This allows for a model of relatively low complexity compared to existing models, which in turn enables fast predictions. The focus of this paper is upon the modelling aspects and in-particular the trade-off between complexity and numerical efficiency. The presented model contains relevant ocean, wind and wave dynamics for short-term spill predictions. The model is used to simulate the 2019 Grande America spill, with results compared to satellite imagery. The predictions show good agreement, even after several days from the initial incident. As a precursor to future work, results are also presented that demonstrate how sensor feedback mitigates the effects of model inaccuracy.
Francisco Daunas, Iñaki Esnaola, Samir M. Perlaza, H. Vincent Poor
The effect of the relative entropy asymmetry is analyzed in the empirical risk minimization with relative entropy regularization (ERM-RER) problem. A novel regularization is introduced, coined Type-II regularization, that allows for solutions to the ERM-RER problem with a support that extends outside the support of the reference measure. The solution to the new ERM-RER Type-II problem is analytically characterized in terms of the Radon-Nikodym derivative of the reference measure with respect to the solution. The analysis of the solution unveils the following properties of relative entropy when it acts as a regularizer in the ERM-RER problem: i) relative entropy forces the support of the Type-II solution to collapse into the support of the reference measure, which introduces a strong inductive bias that dominates the evidence provided by the training data; ii) Type-II regularization is equivalent to classical relative entropy regularization with an appropriate transformation of the empirical risk function. Closed-form expressions of the expected empirical risk as a function of the regularization parameters are provided.
Xinying Zou, Samir M. Perlaza, Iñaki Esnaola, Eitan Altman
In this paper, the worst-case probability measure over the data is introduced as a tool for characterizing the generalization capabilities of machine learning algorithms. More specifically, the worst-case probability measure is a Gibbs probability measure and the unique solution to the maximization of the expected loss under a relative entropy constraint with respect to a reference probability measure. Fundamental generalization metrics, such as the sensitivity of the expected loss, the sensitivity of the empirical risk, and the generalization gap are shown to have closed-form expressions involving the worst-case data-generating probability measure. Existing results for the Gibbs algorithm, such as characterizing the generalization gap as a sum of mutual information and lautum information, up to a constant factor, are recovered. A novel parallel is established between the worst-case data-generating probability measure and the Gibbs algorithm. Specifically, the Gibbs probability measure is identified as a fundamental commonality of the model space and the data space for machine learning algorithms.