Papers
Topics
Authors
Recent
Search
2000 character limit reached

Moving Horizon FDIA: Stealthy Attack Design

Updated 1 April 2026
  • The paper introduces MH-FDIA, a methodology that designs attack sequences over a moving horizon to maximize estimator bias while maintaining stealth.
  • It leverages a receding window optimization that ensures recursive feasibility, with validations on linear power grid and nonlinear autonomous vehicle case studies.
  • The approach offers theoretical guarantees and utilizes projected gradient iterations, highlighting both attack strategies and potential defender countermeasures.

Moving-Horizon False Data Injection Attack (MH-FDIA) is a systematic methodology for constructing stealthy and effective attack sequences targeting moving horizon estimators (MHE) in cyber-physical systems (CPS). It addresses fundamental weaknesses of conventional (static) false data injection attacks (FDIA) by designing the attack over a receding time window, explicitly enforcing recursive feasibility and stealthiness constraints across the moving horizon. The methodology provides theoretical guarantees and outperforms prior FDIA methods when evaluated on linear power grid and nonlinear autonomous vehicle case studies (Zheng et al., 2023).

1. System and Estimator Framework

MH-FDIA is developed for discrete-time linear time-invariant (LTI) systems described by: xk+1=Axk+Buk+wk,yk=Cxk+vk,x_{k+1} = A\,x_k + B\,u_k + w_k, \qquad y_k = C\,x_k + v_k, where xkx_k is the state, uku_k the input, yky_k the measurement, and wkw_k, vkv_k are bounded process and measurement noise.

A moving-horizon estimator (MHE) of fixed window length NN reconstructs the state trajectory XkN+1:k=[xkN+1,,xk]X_{k-N+1:k} = [x_{k-N+1}^\top,\dots,x_k^\top]^\top at each time kk by solving the optimization: X^kN+1:k=argminXkN+1:k{xkN+1xˉP12+i=kN+1kyiCxiR12}\hat X_{k-N+1:k} = \arg\min_{X_{k-N+1:k}} \left\{ \|x_{k-N+1} - \bar{x}\|^2_{P^{-1}} + \sum_{i=k-N+1}^k \|y_i - C x_i\|^2_{R^{-1}} \right\} subject to xkx_k0.

After estimation, a residual-based bad data detector (BDD) computes: xkx_k1 where xkx_k2, triggering an alarm if xkx_k3.

2. Limitations of Conventional FDIA

Classical FDIAs operate at a single time step, seeking xkx_k4 to maximize bias: xkx_k5 and enforce stealthiness under a static (single-sample) BDD.

These static designs exploit the algebraic structure of xkx_k6, constructing xkx_k7 in the range of xkx_k8 to evade BDD. However, in MHE, the BDD operates over a moving window, and the constraint becomes: xkx_k9 As the time window recedes, past attack injections that satisfied the single-sample test may cause the sliding-window residual to exceed threshold, breaking stealthiness and recursive feasibility. Thus, static FDIAs are generally ineffective against MHE.

3. MH-FDIA Optimization Formulation

MH-FDIA formulates attack design over the moving window. The attacker selects an injection sequence uku_k0 to maximize state estimate bias while maintaining stealth throughout the horizon. The formal optimization is: uku_k1 where the stage cost uku_k2 (with uku_k3 being the stacked vector of attack injections) measures the MHE bias.

This approach explicitly incorporates the attack history and window-wide stealthiness, ensuring recursive feasibility as the MHE horizon shifts.

4. Theoretical Properties and Guarantees

Under standard assumptions—uku_k4 stable, uku_k5 observable, bounded noise, and restricted attack support (only selected rows of uku_k6 are compromised)—MH-FDIA provides:

  • Complete Parameterization: All stealthy attacks over a fixed window can be described, via singular value decomposition uku_k7, as uku_k8, characterizing attack success in uku_k9.
  • Recursive Feasibility: Letting yky_k0 span the null of un-attacked rows, feasibility of yky_k1 is equivalent to yky_k2.
  • Projected Gradient Iteration: The bias function yky_k3 can be iteratively increased via yky_k4 with yky_k5 in the gradient direction of yky_k6 and step-size yky_k7 adjusted to keep the residual constraint active but not violated.
  • Monotonicity and Feasibility: Steps can be constructed so that each iterate increases attack bias without ever violating stealth constraints.

This systematic methodology guarantees that the attack sequence remains stealthy under the receding-horizon BDD and continually increases influence on the MHE state estimate.

5. Representative Numerical Studies

MH-FDIA is validated through simulations on both linear and nonlinear CPS benchmarks:

a) IEEE-14 Bus System

  • Linearized swing dynamics, window yky_k8, sampling yky_k9 s, stealth threshold wkw_k0, attack support wkw_k1 of measurements.
  • Baseline: static eigenvalue-maximization FDIA (Liu–Ning–Reiter method)
  • Metrics: steady-state estimator bias wkw_k2, maximum BDD residual
  • Results: MH-FDIA achieves up to wkw_k3 higher bias while keeping residuals below detection threshold, fully utilizing the feasible region unlike the static baseline. Projected-gradient iterations typically converge within a few thousand steps, with convergence speed significantly improved by increasing the step-size parameter wkw_k4.

b) Autonomous Vehicle Path-Tracking (Nonlinear DDWMR Model)

  • Kinematics with UKF state estimation, sliding-window linearization, window wkw_k5, stealth threshold wkw_k6 per step (wkw_k7).
  • Attacks on 2 encoder channels, with trajectories including straight, circular, and figure-8 paths.
  • Metrics: path deviation wkw_k8, BDD residual.
  • Results: Robot systematically deviates from its planned path post-injection, while BDD residual remains within detectability limits. The trajectory’s qualitative shape persists, as the MH-FDIA accounts for attack history and system evolution.

6. Implications for Attacker and Defender Strategies

MH-FDIA conclusively demonstrates that recursive feasibility is essential for stealthy attack success against MHE. Any attack sequence not designed with the fullhorizon window in mind is almost certainly detectable after a few steps.

Recommended countermeasures for defenders include:

  • Randomizing MHE window length wkw_k9 or detection threshold vkv_k0
  • Sensor “probing” via known artificial offsets
  • Cross-window consistency checks or higher-order residual computations
  • Parallel observers with staggered onset times and comparison of corresponding estimates

A plausible implication is that broadened MHE window management and sensor fusion may provide enhanced resilience if implemented with these countermeasures.

7. Open Research Directions

Extensions and open questions highlighted in the literature include:

  • Generalization of MH-FDIA to nonlinear MHE without reliance on windowed linearization
  • Data-driven MH-FDIA design that circumvents the need for full model knowledge, enabling practical applicability to partially-known CPSes
  • Rigorous stability analysis of closed-loop systems under attack, including the interplay between attack-induced bias and control system performance

These research directions suggest the continuing evolution of MH-FDIA approaches will shape both resilient estimator design and advanced anomaly detection in complex cyber-physical systems (Zheng et al., 2023).

Definition Search Book Streamline Icon: https://streamlinehq.com
References (1)

Topic to Video (Beta)

No one has generated a video about this topic yet.

Whiteboard

No one has generated a whiteboard explanation for this topic yet.

Follow Topic

Get notified by email when new papers are published related to Moving Horizon FDIA (MH-FDIA).