research article optimal jamming attack scheduling in...

Research ArticleOptimal Jamming Attack Scheduling inNetworked Sensing and Control Systems

Lifu Zhang1 Heng Zhang2 Cunhua Li2 and Buxi Ni1

1Wenzhou Vocational amp Technical College Wenzhou 325000 China2Huaihai Institute of Technology Lianyungang 222000 China

Correspondence should be addressed to Heng Zhang ezhanghenggmailcom

Received 8 June 2015 Revised 19 August 2015 Accepted 16 September 2015

Academic Editor Jianping He

Copyright copy 2015 Lifu Zhang et al This is an open access article distributed under the Creative Commons Attribution Licensewhich permits unrestricted use distribution and reproduction in any medium provided the original work is properly cited

This paper investigates the optimal jamming attack scheduling inNetworked Sensing andControl Systems (NSCS) From viewpointof the attacker we formulate an optimization problem which maximizes the Linear Quadratic Gaussian (LQG) control cost withattacking energy constraint in a finite time horizon For two special cases we obtain that the optimal jamming attack schedule is toconsecutively attack in the given time horizon For the general case we propose an algorithm to find the optimal schedules Finallywe study the effectiveness of our proposed attack strategies on our established semiphysical testbed

1 Introduction

Networked Sensing and Control Systems (NSCS) are controlsystems wherein physical elements that is plants sensorscontrollers and actuators are connected via wireless com-munication networks NSCS have a wide range of appli-cations in factory automation unmanned aerial vehiclesremote surgery intelligent transportation smart grid smartbuilding and so forth [1ndash5] The essential characteristic ofNSCS is that the physical elements and cyberspace are tightlyintegrated to carry out various jobs [6ndash8] However NSCSare vulnerable to an increasing number of malicious cyberattacks [9] For example an Iranian nuclear facility wasattacked by ldquostuxnetrdquo in 2010 and cannot operate normallyin a long time since more than 60 of centrifugal controlsystems were destroyed [10]

In the past few years several literatures have been focusedon evaluating the effect of cyber attacks for example Denial-of-Service (DoS) attacks [11 12] replay attacks [13 14] andfalse data injection attacks [15 16] on NSCS Among theseattacks DoS attack is the most accomplishable one andcan result in serious consequences [11] Thus it has beenwidely studied recently In order to block the communicationbetween system elements DoS attacker can interfere with theradio frequencies on the communication channels [17] Infact jamming is a typical mode of DoS attack [18]

LQG control cost which is used to synthetically considerthe cost of system states and control is an important perfor-mance in NSCS Some researches have put emphasis on thesecurity of LQG control under jamming attack [11 19 20]Amin et al study the optimal controller which minimize theLQG cost with safety and energy constraints when a jammingattacker takes identical independent distributed jammingactions [11] They present semidefinite programming to solvethis problem Gupta et al design an optimal controller todefense the intelligent jamming attack with limited actions[19] Shisheh Foroush andMartinez propose an event-triggercontrol law which can prevent the periodic jamming attackwith energy constraint [20]The commonality of these worksis that they all focus on the design of defense strategiesunder given attack patterns However our work stands in theviewpoint of attacker and finds the optimal attack schedulesto maximize the control performance This is of equalimportance as one can provide effective defensive policiesonly when he grasps the attack strategies

The goal of this paper is to design an optimal offline jam-ming schedule which can maximize the attack effect on theNSCS Specifically in our scenario one sensor observes thestates of plant and sends the measurements to a remote esti-mator via awireless channelThe attacker has a limited energybudget in the given finite time horizon He has to decide

Hindawi Publishing CorporationInternational Journal of Distributed Sensor NetworksVolume 2015 Article ID 206954 7 pageshttpdxdoiorg1011552015206954

2 International Journal of Distributed Sensor Networks

whether or not to jam the channel from sensor to estimatorat each time The main contributions of this paper whichdistinguish it from the related literatures are summarized asfollows

(1) We formulate a jamming attack scheduling problemand look for the optimal jamming schedule thatmaximizes the LQG cost with energy constraint in agiven finite time horizon

(2) We present the close form of the optimal jammingschedule for two special cases and provide an algo-rithm to search the optimal schedules for the generalcase

(3) We study the effectiveness of proposed jammingschedules on the established semiphysical testbed

The remainder of the paper is organized as follows InSection 2 we formulate the problem In Section 3 we studythe system performance under given attack schedule InSection 4 we present the optimal jamming attack schedulesfor special cases and provide an algorithm to search theoptimal attack schedules for the general case In Section 5 wedemonstrate the effectiveness of proposed optimal jammingschedules on the semiphysical testbed Finally Section 6concludes the paper

Notations E[119883] is the mean of random variable119883 and E[119883 |119884] is the mean of random variable 119883 conditioned on 119884respectively tr(sdot) represents the trace of matrix119883 ⪯ 119884meansthat 119884 minus 119883 is nonnegative-definite that is 119884 minus 119883 ⪰ 0

2 Problem Formulation

21 System Architecture Consider the following linear time-invariant system (Figure 1)

119909119905+1= 119860119909119905+ 119906119905+ 119908119905

119910119905= 119862119909119905+ V119905

(1)

where 119909119905isin R119899119909 is the state of plant at time 119905 119910

119905isin R119899119910 is

themeasurement from sensor and119908119905and V119905are uncorrelated

zero mean Gaussian white noises with covariance Σ119908and ΣV

respectively The pair (119860 119862) is assumed to be observable and(119860 Σ12

119908) is controllable

In our scenario the sensor observes the plant and getsthe measurements 119910

119905 According to these measurements it

preestimates the state 119909119905and obtains the minimum mean

squared error (MMSE) estimate that is 119909119904119905= E[119909

119905| 1199101

119910119905] Then the sensor sends these estimates to a remote

estimator through a wireless channel The controller thengenerates a control packet 119906

119905based on the received estimates

and sends the control packet to the actuator through anotherdependable channel

Let 120579119905be the indicator function whether the packet 119909119904

119905is

received or not by the estimator that is

120579119905=

1 if 119909119904119905is received by the estimator

0 otherwise(2)

Actuator Plant Sensor

Attacker

Controller Estimator

Wirelessnetwork

Figure 1 System architecture

DenoteD119905by all the data received by estimator until time

119905 that is

D119905= 1205791 1205792 120579

119905 1205791119909119904

1 1205792119909119904

2 120579

119905119909119904

119905 (3)

Let 119909119905be the minimum mean square error (MMSE)

estimate in the estimator at time 119905 that is

119909119905= E [119909

119905| D119905] (4)

The corresponding error covariance is

119875119905= E [(119909

119905minus 119909119905) (119909119905minus 119909119905)1015840

| D119905] (5)

Similar to [21] we have

119909119905=

119909119904

119905 if 120579

119905= 1

119860119909119904

119905minus1+ 119861119906119905minus1 otherwise

(6)

In order to minimize the LQG cost function

119869 =

119879minus1

sum119905=0

E [1199091015840

119905119876119909119905+ 1199061015840

119905119877119906119905] + 1199091015840

119879119876119909119879

(7)

in the finite time horizon [1 119879] where 119876 ⪰ 0 and 119877 ≻ 0are two weighting matrices and the expectation is taken over119908119896 we exploit a linear static feedback controller of the form

119906119896= 119871119909

119896 It is assumed that the system is unaware of the

existence of attacker

22 Attack Model In our scenario there is an attacker whowishes to deteriorate the control performance by jamming thesensor-to-estimator wireless channel It is assumed that theattacker has a limited energy budget that is he can attack 119899times at most in the time horizon [1 119879] [22]The attacker hasto decide whether to attack or not at each sampling time inorder to achieve his aim Let 120574

119905be the attack decision variable

at time 119905 that is

120574119905=

1 if attacker jams the wireless channel

0 otherwise(8)

Similar to [18] we assume that the attack action is successfulwith probability 120572 and packet drop variables under attack areindependent

Specifically from the viewpoint of attacker he aims tomaximize the cost function with energy constraint which isas follows

International Journal of Distributed Sensor Networks 3

Problem 1 Consider

max120574isinΘ

E [119869 (120574)]

st119879

sum119905=1

120574119905le 119899

(9)

where 120574 = (1205741 1205742 120574

119879) is the attack schedule on the finite

time horizon [1 119879] and Θ = 120574 | 120574119905isin 0 1 119905 = 1 2 119879

is the attack schedule space

3 Preliminaries

In this section we present some properties of the estimate atthe estimator side and the control performance of plant undera jamming attack

31 State Estimation under Jamming Attack From standardKalman filter the estimate and corresponding error covari-ance at the sensor side can be calculated as follows

119909119904

119905|119905minus1= 119860119909119904

119905minus1+ 119906119905minus1

119875119904

119905|119905minus1= 119860119875119904

119905minus11198601015840+ Σ119908

119870119904

119905= 119875119904

119905|119905minus11198621015840[119862119875119904

119905|119905minus11198621015840+ ΣV]minus1

119909119904

119905= 119860119909119904

119905minus1+ 119870119904

119905(119910119905minus 119862119909119904

119905|119905minus1)

119875119904

119905= (119868 minus 119870

119904

119905119862)119875119904

119905|119905minus1

(10)

where the initial state is 1199090= 0 and 119875119904

0= Π0 From [23] we

can see that the error covariance 119875119904119905converges exponentially

to its steady-state value 119875 Thus we assume that Π0= 119875 It

can be seen that 119875119904119905= 119875 for all 119905 isin [1 119879]

Define functions ℎ ℎ119905 as ℎ(119883) ≜ 1198601198831198601015840 + Σ119908and ℎ119905(119883) ≜

ℎ ∘ ℎ ∘ sdot sdot sdot ∘ ℎ⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟119905 times

(119883)

From [23] the following result holds

Lemma 2 The function ℎ has the following property

119875 ⪯ ℎ (119875) ⪯ ℎ2(119875) ⪯ sdot sdot sdot ⪯ ℎ

119905(119875) ⪯ sdot sdot sdot forall119905 isin Z

+ (11)

From [22] we can obtain the estimate 119909119905and error

covariance 119875119905at estimator side as follows

(119909119905 119875119905)

=

(119860119909119905minus1+ 119906119905minus1 ℎ (119875119905minus1)) if 120574

119905= 1 120579

119905= 1

(119909119904

119905 119875) otherwise

(12)

Define attack sequence (1198961 1198962 119896

119904) as the attack sched-

ules which has the following form

(0 0 1 1⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟1198961times 0 0 1 1⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟

1198962times 0 0 1 1⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟

119896119904times

0 0)

(13)

Similar to [18 22] one can get the following result

Lemma 3 Let 119864(1198961otimes 1198962otimes sdot sdot sdot otimes 119896

119904) be the average expected

error covariance in time horizon [1 119879] under attack sequence(1198961 1198962 119896

119904) at estimator side and let 119864(119896) be the average

expected error covariance under attack sequence (119896) Thefollowing statements are true

(1) 119864(1198961) ⪯ 119864(119896

2) where 119896

1lt 1198962

(2) 119864(1198961otimes1198962otimessdot sdot sdototimes119896

119904) ⪯ 119864(119896) where 119896 = 119896

1+1198962+sdot sdot sdot+119896

119904

(3) 119864(1198961otimes 1198962) ⪯ 119864(119897

1otimes 1198972) where 119896

1+ 1198962= 1198971+ 1198972and

max1198961 1198962 1198971 1198972 is 1198971or 1198972

From Lemma 3 we can see that grouping together asmuch as possible can lead to maximal average error covari-ance

32 Control Performance under Jamming Attack In order tofind the optimal offline jamming attack scheduling we haveto study the control performance when the attack schedule isgiven

According to [5 24] one can obtain the following result

Lemma 4 TheLQG control cost function under a given attackschedule 120574 can be calculated as follows

119869 (120574) = tr (11987801198750) +

119879minus1

sum119905=0

tr (119878119905+1Σ119908)

+

119879minus1

sum119905=0

tr [(1198601015840119878119905+1119860 + 119876 minus 119878

119905) 119864120574(119875119905)]

(14)

where 119878119905can be computed from the following recursive equa-

tion

119878119905= 1198601015840119878119905+1119860 + 119876 minus 119860

1015840119878119905+1(119878119905+1+ 119877)minus1

119878119905+1119860

119905 = 0 1 119879 minus 1(15)

In fact (15) converges quickly to a steady state Thus if119879 rarr infin one can see that

119878 = 1198601015840119878119860 + 119876 minus 119860

1015840119878 (119878 + 119877)

minus1119878119860 (16)

where 119878 = lim119879rarrinfin

119878119879 In practice we often choose 119906

119905= 119871119909119905

with control gain 119871 = minus(119878 +119877)minus1119878119860 as the optimal static statefeedback controller to maximize the cost 119869

infin= lim

119879rarrinfin119869


In our scenario we assume that the system has reached steadystate that is 119878

0= 119878 and 119875

0= 119875 Then (14) can be rewritten

as

119869 (120574) = 119869119888+ 119869119890 (17)

where

119869119888= tr (119878119875) + 119873 sdot tr (119878Σ

119908)

119869119890=

119879minus1

sum119905=0

tr [(1198601015840119878119860 + 119876 minus 119878)E120574(119875119905)]

(18)

It can be seen that 119869119888and 119869

119890are the constant part and

varying part of (17) respectively Thus we only have to studythe optimal jamming attack schedule which maximizes 119869

119890

which is as follows

Problem 5 Consider

max120574isinΘ

E [119869119890(120574)]

st119879

sum119905=1

120574119905le 119899

(19)

4 Optimal Jamming Attack Schedules

In this section we firstly study the jamming schedules againstLQG control for two special cases and present the close formof optimal schedulesThenwe investigate the attack strategiesfor the general case

41 Case I 119877 = 0 When 119877 = 0 it can be seen that the LQGcost function becomes

119869 =

119879

sum119905=0

E [1199091015840

119905119876119909119905] (20)

From Lemma 4 we can obtain the following conclusion

Theorem 6 If 119877 = 0 the optimal state feedback controller is119906119905= 119871119909119905= minus119860119909

119905 and the corresponding LQG cost function

under attack schedule 120574 is

119869 = 119869119888+ 119869119890 (21)

where

119869119888= tr (119876119875) + 119873 sdot tr (119876Σ

119908)

119869119890=

119879minus1

sum119905=0

tr [1198601015840119876119860E120574(119875119905)]

(22)

According toTheorem 6 we can see that the attacker onlyneeds tomaximizeE[119869

119890] Since1198601015840119876119860 ⪰ 0 one can obtain that

max120574E[119869119890] is equivalent to max

120574E[sum119873minus1

119905=0119875119905(120574)] Thus from

viewpoint of attacker we only have to solve the followingproblem

Problem 7 Consider

max120574isinΘ

E[119873minus1

sum119905=0

119875119905(120574)]

st119879

sum119905=1

120574119905le 119899

(23)

From [18 22] Problem 7 can be easily solved by thefollowing theorem

Theorem 8 When 119877 = 0 the optimal attack schedules areany consecutive attack 119899 times in time horizon [1 119879] and thecorresponding expected LQG cost function is

E (119869) = 119869119888+ 119869

max119890 (24)

where

119869max119890=

119879

sum119894=1

tr [119892119894(119875)] + (119879 minus 119899120572) tr [119872119875] (25)

with119872 = 1198601015840119876119860 and 119892119894(119875) = 119872ℎ

119894(119875)

42 Case II 1198780= 119878 Define119872 = 1198601015840119878119860 + 119876 minus 119878 and 119892

119894(119875) =

119872ℎ119894(119875) 119894 = 1 2 Then we have following lemma

Lemma 9 The function 119892 has the following property

1198921(119875) ⪯ 119892

2(119875) ⪯ sdot sdot sdot ⪯ 119892

119894(119875) ⪯ sdot sdot sdot (26)

According to Section 32 the objective of Problem 1 isequivalent to max

120574E[sum119873minus1

119905=0119875119905(120574)] Thus from the viewpoint

of attacker we only have to solve Problem 7 for the case1198780= 119878FromLemma 9 andTheorem 31 in [22] we can solve this

problem by the following theorem

Theorem 10 When 1198780= 119878 the optimal attack schedules are

any consecutive attack 119899 times in time horizon [1 119879] and thecorresponding expected LQG cost function is

E (119869) = 119869119888+ 119869

max119890 (27)

where

119869max119890=

119879

sum119894=1

tr [119892119894(119875)] + (119879 minus 119899120572) tr [119872 sdot 119875] (28)

43 General Case Study For the general case it is difficult toobtain a close form of optimal attack schedule Attacker canfind the optimal jamming schedule by exhaustion methodwhich is given in Algorithm 1 Since this schedule can becomputed before the attack action begins the computationof our proposed algorithm will not cost too much

5 Simulation

51 Testbed There are three types testbeds for simulation ofNSCS security that is software simulation testbeds physical


(1) Process begins(2) Input119867time = 119879 Π0 = 119875 119869

lowast= 0

(3) for 1205741+ 1205742+ sdot sdot sdot + 120574

119879= 119899 do

(4) Compute LQG cost (14) under attack schedule 120574 that is 119869 = 119869(120574)(5) if 119869 gt 119869lowast then(6) 119869

lowast= 119869 and 120574lowast = (120574

1 1205742 120574

119879)

(7) end if(8) end for(9) Output optimal attack schedule 120574lowast and corresponding cost 119869lowast

Algorithm 1 Optimal offline attack schedule

Virtualplant

PLC

Wirelessdevice

Wirelessdevice

USRP

Controller

(a) The physical structure

Virtual plantControl

algorithm

Measurementsignal

USRP attackerPLC

Control signal

(b) The schematic diagram

Figure 2 The structure of semiphysical testbed

simulation testbeds and semiphysical simulation testbedsThe software simulation testbeds cannot fully simulate thereal environment The physical simulation testbeds canemploy the same experimental equipment with the realworld to construct the security test platform However theyneed long cycle of construction and great cost Fortunatelysemiphysical simulation testbeds are the good choice forNSCS security since they can simulate the real working envi-ronment and save the cost Thus we choose a semiphysicalsimulation testbed to study the effectiveness of our proposedattack strategy

Our semiphysical simulation testbed is composed of vir-tual plant physical controller and communication networkFigure 2 shows the system architecture In our testbed real-time system states of the virtual plant are sent to the PLCthrough a wireless network After reading the system statesthe controller calculates the control data and writes themback to the PLC Then the control data are sent back to thevirtual plant via a wired channel

We build an inverted pendulum control system forexperiments which is based on the system presented in [5]The parameters are given as follows

119860 =(

1001 0005 0000 0000

0350 1001 minus0135 0000

minus0001 0000 1001 0005

minus0375 minus0001 0590 1001

)

119861 =(

0001

0540

minus0002

minus1066

)

Σ119908= 1199021199021015840 119902 = (

0003

1000

minus0005

minus2150

)

119876 =(

5 0 0 0

0 1 0 0

0 0 1 0

0 0 0 1

)

(29)

We employ USRP N210 to simulate jamming attack onthe wireless channel from sensor to controller USRP is auniversal software radio peripheral that can send and receiveradio signal We use the software GNU Radio in Ubuntuto manipulate the USRP The frequency spectrum analyzeris adopted to detect the central frequency and waveform oftransmission signals Then we adapt the parameters on GNURadio to configure the USRP Experimental parameters are


1 2 3 4 5 6 7 8 9 100

2

4

6

8

10

12

14

16times105

(a) 119877 = 01 2 3 4 5 6 7 8 9 10

0

2

4

6

8

10

12

14times105

(b) 1198780= 119878

Figure 3 Compare the cost 119869 under different attack strategies The lateral axis is the mark number of attack strategy Attack strategy 10 is theconsecutive attack strategy

Table 1 Attack schedules in our experiment

Marknumber 1 2 3 4 5

Attacksequence No attack (1 2 3 4) (6 3 1) (4 4 2) (5 5)


Attacksequence (4 6) (7 3) (8 2) (9 1) (10)

set as follows center frequency is 433MHz waveform is sawtooth jamming power is 16 dB and jamming signal frequencyis 10k bandwidth is 20MHz

We verify the proposed optimal offline attack strategiesthrough experiments based on the semiphysical testbed Weset 119879 = 250 and the attack times 119899 = 10 in the finite timehorizon [1 250] It means that the attacker can assign the 10times of attack in this period

52 Simulation Results Analysis We study the effectivenessof jamming attack with 10 different schedules when 119877 = 01198780= 119878 respectively (see Table 1) From Figure 3(a) we can

compare the cost 119869 under different attack schedules when119877 =0 It can be seen that the attack schedule with 10 consecutiveattack times can maximize the LQG cost We also presentthe variation of system states and control data under optimalattack schedule in Figure 4 From this figure these data willdeviate the equilibrium points when the wireless channel isunder jamming attack Similarly we can also study the LQGcost 119869 under different attack schedules when 119878

0= 119878 From

Figure 3(b) we also can see that consecutive attack schedule isoptimalThese experimental results can verify the theoreticalconclusions in Section 4

minus200minus100

0100200300

180 190 200 210 220 230 240 250minus2minus1

0123

t

180 190 200 210 220 230 240 250t

u

u

times104

1205791

1205792

120579 (r

ad)

Figure 4 The variation of system states and control data underattack schedule 10 (optimal attack) when 119877 = 0

6 Conclusion

In this paper we considered the optimal jamming attackscheduling which can destroy the system control perfor-mance We formulated an optimization problem that max-imizes the LQG cost subject to attackerrsquos energy constraintin a given finite time horizon Optimal attack schedulehas been presented for two special cases For the generalcase we provided an algorithm to find the optimal attackschedule We also established a semiphysical testbed and


studied the effectiveness of proposed attack schedules bysimulation In the future we will study the evaluation ofcontrol performance when the NSCS is under other typesof cyber attack for example data injection attack and replayattackWewill also design effective defense strategies to avoidthe cyber attacks in NSCS

Conflict of Interests

The authors declare that there is no conflict of interestsregarding the publication of this paper

Acknowledgments

The work was partially supported by Professional Develop-ment Program for Visiting Scholars in Colleges andUniversi-ties under Grant FX2014144 and Zhejiang Provincial NaturalScience Foundation of China under Grant Y16F030011 Thework by H Zhang was supported by NSFC under Grants61203036 61503147 and 71401060 the University ScienceResearch General Project of Jiangsu Province under Grant15KJB510002 Huaihai Institute of Technology DoctoralResearch Funding under Grant KQ15007 and LianyungangScience and Technology Projects under Grants CK1331 andCN1321

References

[1] R A Gupta and M-Y Chow ldquoNetworked control systemoverview and research trendsrdquo IEEE Transactions on IndustrialElectronics vol 57 no 7 pp 2527ndash2535 2010

[2] S He J Chen D K Y Yau and Y Sun ldquoCross-layer optimiza-tion of correlated data gathering in wireless sensor networksrdquoIEEE Transactions onMobile Computing vol 11 no 11 pp 1678ndash1691 2012

[3] L Zhang Y Shi T Chen and B Huang ldquoA new method forstabilization of networked control systemswith randomdelaysrdquoIEEE Transactions on Automatic Control vol 50 no 8 pp 1177ndash1181 2005

[4] SHe J Chen F Jiang D K Y Yau G Xing andY Sun ldquoEnergyprovisioning in wireless rechargeable sensor networksrdquo IEEETransactions onMobile Computing vol 12 no 10 pp 1931ndash19422013

[5] L Schenato B Sinopoli M Franceschetti K Poolla and SS Sastry ldquoFoundations of control and estimation over lossynetworksrdquo Proceedings of the IEEE vol 95 no 1 pp 163ndash1872007

[6] J Chen Q Yu P Cheng Y Sun Y Fan and X ShenldquoGame theoretical approach for channel allocation in wirelesssensor and actuator networksrdquo IEEE Transactions on AutomaticControl vol 56 no 10 pp 2332ndash2344 2011

[7] Y Zhang S He J Chen Y Sun and X Shen ldquoDistributedsampling rate control for rechargeable sensor nodes withlimited battery capacityrdquo IEEE Transactions on Wireless Com-munications vol 12 no 6 pp 3096ndash3106 2013

[8] S He X Li J Chen P Cheng Y Sun and D Simplot-RylldquoEMD energy-efficient p2p message dissemination in delay-tolerant wireless sensor and actor networksrdquo IEEE Journal onSelected Areas in Communications vol 31 no 9 pp 75ndash84 2013

[9] N Bezzo J Weimer M Pajic O Sokolsky G J Pappasand I Lee ldquoAttack resilient state estimation for autonomousrobotic systemsrdquo in Proceedings of the IEEERSJ InternationalConference on Intelligent Robots and Systems (IROS rsquo14) pp3692ndash3698 Chicago Ill USA September 2014

[10] J P Farwell and R Rohozinski ldquoStuxnet and the future of cyberwarrdquo Survival vol 53 no 1 pp 23ndash40 2011

[11] S Amin A A Cardenas and S S Sastry ldquoSafe and securenetworked control systems under denial-of-service attacksrdquo inHybrid Systems Computation and Control vol 5469 of LectureNotes inComputer Science pp 31ndash45 Springer BerlinGermany2009

[12] Y Qi P Cheng L Shi and J Chen ldquoEvent-based attack againstremote state estimationrdquo in Proceedings of the IEEE AnnualConference on Decision and Control (CDC rsquo15) Osaka JapanDecember 2015

[13] F Miao M Pajic and G J Pappas ldquoStochastic game approachfor replay attack detectionrdquo in Proceedings of the 52nd IEEEConference on Decision and Control (CDC rsquo13) pp 1854ndash1859IEEE Firenze Italy December 2013

[14] M Zhu and S Martınez ldquoOn the performance analysis ofresilient networked control systems under replay attacksrdquo IEEETransactions on Automatic Control vol 59 no 3 pp 804ndash8082014

[15] Y Mo R Chabukswar and B Sinopoli ldquoDetecting integrityattacks on SCADA systemsrdquo IEEE Transactions on ControlSystems Technology vol 22 no 4 pp 1396ndash1407 2014

[16] J He P Cheng L Shi and J Chen ldquoSATS secure average-consensus-based time synchronization in wireless sensor net-worksrdquo IEEE Transactions on Signal Processing vol 61 no 24pp 6387ndash6400 2013

[17] R Poisel Modern Communications Jamming Principles andTechniques Artech House 2011

[18] H Zhang P Cheng L Shi and J Chen ldquoOptimal DoS attackpolicy against remote state estimationrdquo in Proceedings of the52nd IEEE Conference on Decision and Control (CDC rsquo13) pp5444ndash5449 Firenze Italy December 2013

[19] A Gupta C Langbort and T Basar ldquoOptimal control in thepresence of an intelligent jammer with limited actionsrdquo inProceedings of the 49th IEEEConference onDecision and Control(CDC rsquo10) pp 1096ndash1101 IEEE Atlanta Ga USA December2010

[20] H Shisheh Foroush and S Martinez ldquoOn event-triggered con-trol of linear systems under periodic denial-of-service jammingattacksrdquo in Proceedings of the 51st IEEE Conference on Decisionand Control (CDC rsquo12) pp 2551ndash2556 IEEE Maui HawaiiUSA December 2012

[21] H Zhang P Cheng L Shi and J Chen ldquoOptimal denial-of-service attack scheduling against linear quadratic gaussiancontrolrdquo in Proceedings of the American Control Conference(ACC rsquo14) pp 3996ndash4001 Portland Ore USA June 2014

[22] H Zhang P Cheng L Shi and J Chen ldquoOptimal denial-of-service attack scheduling with energy constraintrdquo IEEETransactions on Automatic Control 2015

[23] L Shi P Cheng and J Chen ldquoOptimal periodic sensor schedul-ing with limited resourcesrdquo IEEE Transactions on AutomaticControl vol 56 no 9 pp 2190ndash2195 2011

[24] H Zhang P Cheng L Shi and J Chen ldquoOptimal DoSattack scheduling in wireless networked control systemrdquo IEEETransactions on Control Systems Technology 2015

International Journal of

AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

RoboticsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014


Active and Passive Electronic Components

Control Scienceand Engineering

Journal of



RotatingMachinery


Hindawi Publishing Corporation httpwwwhindawicom

Journal ofEngineeringVolume 2014

Submit your manuscripts athttpwwwhindawicom

VLSI Design



Shock and Vibration


Civil EngineeringAdvances in

Acoustics and VibrationAdvances in



Electrical and Computer Engineering

Journal of

Advances inOptoElectronics


Volume 2014

The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014

SensorsJournal of


Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014


Chemical EngineeringInternational Journal of Antennas and

Propagation




Navigation and Observation



DistributedSensor Networks



whether or not to jam the channel from sensor to estimatorat each time The main contributions of this paper whichdistinguish it from the related literatures are summarized asfollows

(1) We formulate a jamming attack scheduling problemand look for the optimal jamming schedule thatmaximizes the LQG cost with energy constraint in agiven finite time horizon

(2) We present the close form of the optimal jammingschedule for two special cases and provide an algo-rithm to search the optimal schedules for the generalcase

(3) We study the effectiveness of proposed jammingschedules on the established semiphysical testbed

The remainder of the paper is organized as follows InSection 2 we formulate the problem In Section 3 we studythe system performance under given attack schedule InSection 4 we present the optimal jamming attack schedulesfor special cases and provide an algorithm to search theoptimal attack schedules for the general case In Section 5 wedemonstrate the effectiveness of proposed optimal jammingschedules on the semiphysical testbed Finally Section 6concludes the paper

Notations E[119883] is the mean of random variable119883 and E[119883 |119884] is the mean of random variable 119883 conditioned on 119884respectively tr(sdot) represents the trace of matrix119883 ⪯ 119884meansthat 119884 minus 119883 is nonnegative-definite that is 119884 minus 119883 ⪰ 0

2 Problem Formulation

21 System Architecture Consider the following linear time-invariant system (Figure 1)

119909119905+1= 119860119909119905+ 119906119905+ 119908119905

119910119905= 119862119909119905+ V119905

(1)

where 119909119905isin R119899119909 is the state of plant at time 119905 119910

119905isin R119899119910 is

themeasurement from sensor and119908119905and V119905are uncorrelated

zero mean Gaussian white noises with covariance Σ119908and ΣV

respectively The pair (119860 119862) is assumed to be observable and(119860 Σ12

119908) is controllable

In our scenario the sensor observes the plant and getsthe measurements 119910

119905 According to these measurements it

preestimates the state 119909119905and obtains the minimum mean

squared error (MMSE) estimate that is 119909119904119905= E[119909

119905| 1199101

119910119905] Then the sensor sends these estimates to a remote

estimator through a wireless channel The controller thengenerates a control packet 119906

119905based on the received estimates

and sends the control packet to the actuator through anotherdependable channel

Let 120579119905be the indicator function whether the packet 119909119904

119905is

received or not by the estimator that is

120579119905=

1 if 119909119904119905is received by the estimator

0 otherwise(2)

Actuator Plant Sensor

Attacker

Controller Estimator

Wirelessnetwork

Figure 1 System architecture

DenoteD119905by all the data received by estimator until time

119905 that is

D119905= 1205791 1205792 120579

119905 1205791119909119904

1 1205792119909119904

2 120579

119905119909119904

119905 (3)

Let 119909119905be the minimum mean square error (MMSE)

estimate in the estimator at time 119905 that is

119909119905= E [119909

119905| D119905] (4)

The corresponding error covariance is

119875119905= E [(119909

119905minus 119909119905) (119909119905minus 119909119905)1015840

| D119905] (5)

Similar to [21] we have

119909119905=

119909119904

119905 if 120579

119905= 1

119860119909119904

119905minus1+ 119861119906119905minus1 otherwise

(6)

In order to minimize the LQG cost function

119869 =

119879minus1

sum119905=0

E [1199091015840

119905119876119909119905+ 1199061015840

119905119877119906119905] + 1199091015840

119879119876119909119879

(7)

in the finite time horizon [1 119879] where 119876 ⪰ 0 and 119877 ≻ 0are two weighting matrices and the expectation is taken over119908119896 we exploit a linear static feedback controller of the form

119906119896= 119871119909

119896 It is assumed that the system is unaware of the

existence of attacker

22 Attack Model In our scenario there is an attacker whowishes to deteriorate the control performance by jamming thesensor-to-estimator wireless channel It is assumed that theattacker has a limited energy budget that is he can attack 119899times at most in the time horizon [1 119879] [22]The attacker hasto decide whether to attack or not at each sampling time inorder to achieve his aim Let 120574

119905be the attack decision variable

at time 119905 that is

120574119905=

1 if attacker jams the wireless channel

0 otherwise(8)

Similar to [18] we assume that the attack action is successfulwith probability 120572 and packet drop variables under attack areindependent

Specifically from the viewpoint of attacker he aims tomaximize the cost function with energy constraint which isas follows


Problem 1 Consider

max120574isinΘ

E [119869 (120574)]

st119879

sum119905=1

120574119905le 119899

(9)

where 120574 = (1205741 1205742 120574




3 Preliminaries



119909119904

119905|119905minus1= 119860119909119904

119905minus1+ 119906119905minus1

119875119904

119905|119905minus1= 119860119875119904

119905minus11198601015840+ Σ119908

119870119904

119905= 119875119904

119905|119905minus11198621015840[119862119875119904

119905|119905minus11198621015840+ ΣV]minus1

119909119904

119905= 119860119909119904

119905minus1+ 119870119904

119905(119910119905minus 119862119909119904

119905|119905minus1)

119875119904

119905= (119868 minus 119870

119904

119905119862)119875119904

119905|119905minus1

(10)


0= Π0 From [23] we






(119883)





+ (11)



(119909119905 119875119905)

=


119905= 1 120579

119905= 1

(119909119904

119905 119875) otherwise

(12)




(0 0 1 1⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟1198961times 0 0 1 1⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟

1198962times 0 0 1 1⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟

119896119904times

0 0)

(13)







(1) 119864(1198961) ⪯ 119864(119896

2) where 119896

1lt 1198962


119904) ⪯ 119864(119896) where 119896 = 119896

1+1198962+sdot sdot sdot+119896

119904

(3) 119864(1198961otimes 1198962) ⪯ 119864(119897

1otimes 1198972) where 119896

1+ 1198962= 1198971+ 1198972and

max1198961 1198962 1198971 1198972 is 1198971or 1198972





119869 (120574) = tr (11987801198750) +

119879minus1

sum119905=0

tr (119878119905+1Σ119908)

+

119879minus1

sum119905=0

tr [(1198601015840119878119905+1119860 + 119876 minus 119878

119905) 119864120574(119875119905)]

(14)


tion

119878119905= 1198601015840119878119905+1119860 + 119876 minus 119860

1015840119878119905+1(119878119905+1+ 119877)minus1

119878119905+1119860

119905 = 0 1 119879 minus 1(15)


119878 = 1198601015840119878119860 + 119876 minus 119860

1015840119878 (119878 + 119877)

minus1119878119860 (16)



119905= 119871119909119905


infin= lim




0= 119878 and 119875


as

119869 (120574) = 119869119888+ 119869119890 (17)

where

119869119888= tr (119878119875) + 119873 sdot tr (119878Σ

119908)

119869119890=

119879minus1

sum119905=0

tr [(1198601015840119878119860 + 119876 minus 119878)E120574(119875119905)]

(18)




119890

which is as follows

Problem 5 Consider

max120574isinΘ

E [119869119890(120574)]

st119879

sum119905=1

120574119905le 119899

(19)




119869 =

119879

sum119905=0

E [1199091015840

119905119876119909119905] (20)





119869 = 119869119888+ 119869119890 (21)

where

119869119888= tr (119876119875) + 119873 sdot tr (119876Σ

119908)

119869119890=

119879minus1

sum119905=0

tr [1198601015840119876119860E120574(119875119905)]

(22)




120574E[sum119873minus1

119905=0119875119905(120574)] Thus from


Problem 7 Consider

max120574isinΘ

E[119873minus1

sum119905=0

119875119905(120574)]

st119879

sum119905=1

120574119905le 119899

(23)



E (119869) = 119869119888+ 119869

max119890 (24)

where

119869max119890=

119879

sum119894=1

tr [119892119894(119875)] + (119879 minus 119899120572) tr [119872119875] (25)

with119872 = 1198601015840119876119860 and 119892119894(119875) = 119872ℎ

119894(119875)


119894(119875) =



1198921(119875) ⪯ 119892

2(119875) ⪯ sdot sdot sdot ⪯ 119892

119894(119875) ⪯ sdot sdot sdot (26)


120574E[sum119873minus1






E (119869) = 119869119888+ 119869

max119890 (27)

where

119869max119890=

119879

sum119894=1

tr [119892119894(119875)] + (119879 minus 119899120572) tr [119872 sdot 119875] (28)


5 Simulation




lowast= 0


119879= 119899 do



1 1205742 120574

119879)



Virtualplant

PLC

Wirelessdevice

Wirelessdevice

USRP

Controller



algorithm

Measurementsignal

USRP attackerPLC

Control signal






119860 =(

1001 0005 0000 0000

0350 1001 minus0135 0000

minus0001 0000 1001 0005

minus0375 minus0001 0590 1001

)

119861 =(

0001

0540

minus0002

minus1066

)

Σ119908= 1199021199021015840 119902 = (

0003

1000

minus0005

minus2150

)

119876 =(

5 0 0 0

0 1 0 0

0 0 1 0

0 0 0 1

)

(29)



1 2 3 4 5 6 7 8 9 100

2

4

6

8

10

12

14

16times105

(a) 119877 = 01 2 3 4 5 6 7 8 9 10

0

2

4

6

8

10

12

14times105

(b) 1198780= 119878






Attacksequence (4 6) (7 3) (8 2) (9 1) (10)





0= 119878 From


minus200minus100

0100200300

180 190 200 210 220 230 240 250minus2minus1

0123

t

180 190 200 210 220 230 240 250t

u

u

times104

1205791

1205792

120579 (r

ad)


6 Conclusion






Acknowledgments


References



























RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation










Problem 1 Consider

max120574isinΘ

E [119869 (120574)]

st119879

sum119905=1

120574119905le 119899

(9)

where 120574 = (1205741 1205742 120574




3 Preliminaries



119909119904

119905|119905minus1= 119860119909119904

119905minus1+ 119906119905minus1

119875119904

119905|119905minus1= 119860119875119904

119905minus11198601015840+ Σ119908

119870119904

119905= 119875119904

119905|119905minus11198621015840[119862119875119904

119905|119905minus11198621015840+ ΣV]minus1

119909119904

119905= 119860119909119904

119905minus1+ 119870119904

119905(119910119905minus 119862119909119904

119905|119905minus1)

119875119904

119905= (119868 minus 119870

119904

119905119862)119875119904

119905|119905minus1

(10)


0= Π0 From [23] we






(119883)





+ (11)



(119909119905 119875119905)

=


119905= 1 120579

119905= 1

(119909119904

119905 119875) otherwise

(12)




(0 0 1 1⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟1198961times 0 0 1 1⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟

1198962times 0 0 1 1⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟⏟

119896119904times

0 0)

(13)







(1) 119864(1198961) ⪯ 119864(119896

2) where 119896

1lt 1198962


119904) ⪯ 119864(119896) where 119896 = 119896

1+1198962+sdot sdot sdot+119896

119904

(3) 119864(1198961otimes 1198962) ⪯ 119864(119897

1otimes 1198972) where 119896

1+ 1198962= 1198971+ 1198972and

max1198961 1198962 1198971 1198972 is 1198971or 1198972





119869 (120574) = tr (11987801198750) +

119879minus1

sum119905=0

tr (119878119905+1Σ119908)

+

119879minus1

sum119905=0

tr [(1198601015840119878119905+1119860 + 119876 minus 119878

119905) 119864120574(119875119905)]

(14)


tion

119878119905= 1198601015840119878119905+1119860 + 119876 minus 119860

1015840119878119905+1(119878119905+1+ 119877)minus1

119878119905+1119860

119905 = 0 1 119879 minus 1(15)


119878 = 1198601015840119878119860 + 119876 minus 119860

1015840119878 (119878 + 119877)

minus1119878119860 (16)



119905= 119871119909119905


infin= lim




0= 119878 and 119875


as

119869 (120574) = 119869119888+ 119869119890 (17)

where

119869119888= tr (119878119875) + 119873 sdot tr (119878Σ

119908)

119869119890=

119879minus1

sum119905=0

tr [(1198601015840119878119860 + 119876 minus 119878)E120574(119875119905)]

(18)




119890

which is as follows

Problem 5 Consider

max120574isinΘ

E [119869119890(120574)]

st119879

sum119905=1

120574119905le 119899

(19)




119869 =

119879

sum119905=0

E [1199091015840

119905119876119909119905] (20)





119869 = 119869119888+ 119869119890 (21)

where

119869119888= tr (119876119875) + 119873 sdot tr (119876Σ

119908)

119869119890=

119879minus1

sum119905=0

tr [1198601015840119876119860E120574(119875119905)]

(22)




120574E[sum119873minus1

119905=0119875119905(120574)] Thus from


Problem 7 Consider

max120574isinΘ

E[119873minus1

sum119905=0

119875119905(120574)]

st119879

sum119905=1

120574119905le 119899

(23)



E (119869) = 119869119888+ 119869

max119890 (24)

where

119869max119890=

119879

sum119894=1

tr [119892119894(119875)] + (119879 minus 119899120572) tr [119872119875] (25)

with119872 = 1198601015840119876119860 and 119892119894(119875) = 119872ℎ

119894(119875)


119894(119875) =



1198921(119875) ⪯ 119892

2(119875) ⪯ sdot sdot sdot ⪯ 119892

119894(119875) ⪯ sdot sdot sdot (26)


120574E[sum119873minus1






E (119869) = 119869119888+ 119869

max119890 (27)

where

119869max119890=

119879

sum119894=1

tr [119892119894(119875)] + (119879 minus 119899120572) tr [119872 sdot 119875] (28)


5 Simulation




lowast= 0


119879= 119899 do



1 1205742 120574

119879)



Virtualplant

PLC

Wirelessdevice

Wirelessdevice

USRP

Controller



algorithm

Measurementsignal

USRP attackerPLC

Control signal






119860 =(

1001 0005 0000 0000

0350 1001 minus0135 0000

minus0001 0000 1001 0005

minus0375 minus0001 0590 1001

)

119861 =(

0001

0540

minus0002

minus1066

)

Σ119908= 1199021199021015840 119902 = (

0003

1000

minus0005

minus2150

)

119876 =(

5 0 0 0

0 1 0 0

0 0 1 0

0 0 0 1

)

(29)



1 2 3 4 5 6 7 8 9 100

2

4

6

8

10

12

14

16times105

(a) 119877 = 01 2 3 4 5 6 7 8 9 10

0

2

4

6

8

10

12

14times105

(b) 1198780= 119878






Attacksequence (4 6) (7 3) (8 2) (9 1) (10)





0= 119878 From


minus200minus100

0100200300

180 190 200 210 220 230 240 250minus2minus1

0123

t

180 190 200 210 220 230 240 250t

u

u

times104

1205791

1205792

120579 (r

ad)


6 Conclusion






Acknowledgments


References



























RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation











0= 119878 and 119875


as

119869 (120574) = 119869119888+ 119869119890 (17)

where

119869119888= tr (119878119875) + 119873 sdot tr (119878Σ

119908)

119869119890=

119879minus1

sum119905=0

tr [(1198601015840119878119860 + 119876 minus 119878)E120574(119875119905)]

(18)




119890

which is as follows

Problem 5 Consider

max120574isinΘ

E [119869119890(120574)]

st119879

sum119905=1

120574119905le 119899

(19)




119869 =

119879

sum119905=0

E [1199091015840

119905119876119909119905] (20)





119869 = 119869119888+ 119869119890 (21)

where

119869119888= tr (119876119875) + 119873 sdot tr (119876Σ

119908)

119869119890=

119879minus1

sum119905=0

tr [1198601015840119876119860E120574(119875119905)]

(22)




120574E[sum119873minus1

119905=0119875119905(120574)] Thus from


Problem 7 Consider

max120574isinΘ

E[119873minus1

sum119905=0

119875119905(120574)]

st119879

sum119905=1

120574119905le 119899

(23)



E (119869) = 119869119888+ 119869

max119890 (24)

where

119869max119890=

119879

sum119894=1

tr [119892119894(119875)] + (119879 minus 119899120572) tr [119872119875] (25)

with119872 = 1198601015840119876119860 and 119892119894(119875) = 119872ℎ

119894(119875)


119894(119875) =



1198921(119875) ⪯ 119892

2(119875) ⪯ sdot sdot sdot ⪯ 119892

119894(119875) ⪯ sdot sdot sdot (26)


120574E[sum119873minus1






E (119869) = 119869119888+ 119869

max119890 (27)

where

119869max119890=

119879

sum119894=1

tr [119892119894(119875)] + (119879 minus 119899120572) tr [119872 sdot 119875] (28)


5 Simulation




lowast= 0


119879= 119899 do



1 1205742 120574

119879)



Virtualplant

PLC

Wirelessdevice

Wirelessdevice

USRP

Controller



algorithm

Measurementsignal

USRP attackerPLC

Control signal






119860 =(

1001 0005 0000 0000

0350 1001 minus0135 0000

minus0001 0000 1001 0005

minus0375 minus0001 0590 1001

)

119861 =(

0001

0540

minus0002

minus1066

)

Σ119908= 1199021199021015840 119902 = (

0003

1000

minus0005

minus2150

)

119876 =(

5 0 0 0

0 1 0 0

0 0 1 0

0 0 0 1

)

(29)



1 2 3 4 5 6 7 8 9 100

2

4

6

8

10

12

14

16times105

(a) 119877 = 01 2 3 4 5 6 7 8 9 10

0

2

4

6

8

10

12

14times105

(b) 1198780= 119878






Attacksequence (4 6) (7 3) (8 2) (9 1) (10)





0= 119878 From


minus200minus100

0100200300

180 190 200 210 220 230 240 250minus2minus1

0123

t

180 190 200 210 220 230 240 250t

u

u

times104

1205791

1205792

120579 (r

ad)


6 Conclusion






Acknowledgments


References



























RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation











lowast= 0


119879= 119899 do



1 1205742 120574

119879)



Virtualplant

PLC

Wirelessdevice

Wirelessdevice

USRP

Controller



algorithm

Measurementsignal

USRP attackerPLC

Control signal






119860 =(

1001 0005 0000 0000

0350 1001 minus0135 0000

minus0001 0000 1001 0005

minus0375 minus0001 0590 1001

)

119861 =(

0001

0540

minus0002

minus1066

)

Σ119908= 1199021199021015840 119902 = (

0003

1000

minus0005

minus2150

)

119876 =(

5 0 0 0

0 1 0 0

0 0 1 0

0 0 0 1

)

(29)



1 2 3 4 5 6 7 8 9 100

2

4

6

8

10

12

14

16times105

(a) 119877 = 01 2 3 4 5 6 7 8 9 10

0

2

4

6

8

10

12

14times105

(b) 1198780= 119878






Attacksequence (4 6) (7 3) (8 2) (9 1) (10)





0= 119878 From


minus200minus100

0100200300

180 190 200 210 220 230 240 250minus2minus1

0123

t

180 190 200 210 220 230 240 250t

u

u

times104

1205791

1205792

120579 (r

ad)


6 Conclusion






Acknowledgments


References



























RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation










1 2 3 4 5 6 7 8 9 100

2

4

6

8

10

12

14

16times105

(a) 119877 = 01 2 3 4 5 6 7 8 9 10

0

2

4

6

8

10

12

14times105

(b) 1198780= 119878






Attacksequence (4 6) (7 3) (8 2) (9 1) (10)





0= 119878 From


minus200minus100

0100200300

180 190 200 210 220 230 240 250minus2minus1

0123

t

180 190 200 210 220 230 240 250t

u

u

times104

1205791

1205792

120579 (r

ad)


6 Conclusion






Acknowledgments


References



























RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation













Acknowledgments


References



























RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation











RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation









research article optimal jamming attack scheduling in...

Documents