arxiv: 2605.05545 · v2 · submitted 2026-05-07 · 🧮 math.OC

Recognition: no theorem link

Optimal Design of Stealthy Attacks in Partially Observed Linear Systems: A Likelihood-Based Approach

Haosheng Zhou , Ruimeng Hu

Authors on Pith no claims yet

Pith reviewed 2026-05-12 01:57 UTC · model grok-4.3

classification 🧮 math.OC

keywords stealthy attackspartially observed linear systemsinnovation processlikelihood ratiostochastic controlseparation principlecyber-physical security

0 comments

The pith

A likelihood-based detection from innovations yields semi-explicit optimal stealthy attacks on partially observed linear systems.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper formulates the design of attacks that degrade the performance of linear control systems while remaining hard to detect. It introduces a detection statistic based on the innovation process and casts stealthiness as a term in an optimization that balances this statistic against the attack's effect on system output. Two information structures are treated: attacks chosen in advance and attacks that adapt using the attacker's own partial observations. The adaptive case is reduced via hierarchical optimization and the separation principle to a standard Markovian control problem whose solutions are semi-explicit. The resulting closed-loop systems are proved well-posed, and the framework shows how limited attacker information constrains the achievable performance-stealth trade-off.

Core claim

Optimal stealthy attacks are obtained by minimizing a cost that combines quadratic performance degradation with a likelihood-based detectability penalty derived from the innovation sequence; under deterministic information the problem is a standard quadratic program, while under adaptive partial observations a hierarchical formulation plus separation reduces it to Markovian control, producing semi-explicit attack policies whose closed-loop systems remain well-posed.

What carries the argument

The likelihood ratio test on the innovation process, which converts stealthiness into an additive term inside a stochastic control objective solved by separation for the adaptive case.

If this is right

Fixed attacks admit direct deterministic optimization without recursion.
Adaptive attacks reduce exactly to a Markov decision process after separation of estimation and control.
Well-posedness guarantees existence of optimal policies for any finite horizon and positive detection weight.
The performance-stealth trade-off curve shifts unfavorably as the attacker's observation quality decreases.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

The same likelihood construction could be used by defenders to tune detection thresholds against worst-case attacks.
If separation extends to mildly nonlinear plants, the framework would immediately supply attack policies for those systems.
Real-time implementation would require only the attacker's local Kalman filter and a precomputed gain sequence.

Load-bearing premise

The separation principle holds for the stochastic control problem whose information structure is endogenous to the attacker's partial observations.

What would settle it

Direct dynamic-programming computation of the adaptive attack policy without separation, compared numerically against the semi-explicit policy obtained via the hierarchical method, to check for any difference in achieved cost.

Figures

Figures reproduced from arXiv: 2605.05545 by Haosheng Zhou, Ruimeng Hu.

**Figure 1.** Figure 1: Trajectories under optimal deterministic attacks view at source ↗

**Figure 3.** Figure 3: Comparison of different attack strategies in the view at source ↗

**Figure 4.** Figure 4: Trajectories under optimal deterministic attacks view at source ↗

**Figure 5.** Figure 5: Trajectories under optimal adaptive attacks ( view at source ↗

read the original abstract

We study the optimal design of stealthy attacks against partially observed linear control systems. We first propose a novel likelihood-based detection mechanism derived from the innovation process, based on which we quantify stealthiness and formulate an attack design problem that trades off performance degradation and detectability. We develop a tractable control-theoretic framework for optimal stealthy attacks under two information structures: deterministic attacks fixed prior to system evolution, and adaptive attacks constructed from available observations. In the adaptive setting, the attacker's partial observation leads to a stochastic control problem with an endogenous information structure. We address this challenge through a hierarchical optimization framework combined with the separation principle, reducing the problem to a Markovian control formulation and yielding semi-explicit optimal attacks. We further establish well-posedness of the resulting systems and illustrate through numerical experiments how information constraints shape the trade-off between attack effectiveness and stealthiness.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

The paper sets up a likelihood-based stealthiness metric from the innovation process and uses hierarchical optimization plus separation to get semi-explicit adaptive attacks under partial observations.

read the letter

The main thing to know is that this paper defines stealthiness through the likelihood ratio on the innovation sequence and then optimizes attacks that trade off system damage against detection risk. For fixed attacks this is direct. For adaptive attacks the attacker works with partial observations, which creates an endogenous information structure because the attack inputs shape what gets observed. They handle it by layering a hierarchical optimization on top of the separation principle, reducing everything to a Markovian control problem that yields semi-explicit solutions. They also prove well-posedness and include numerical examples showing how tighter information constraints change the effectiveness-stealthiness curve. This combination of the likelihood metric with the hierarchical treatment of partial information is the concrete advance over standard LQG attack papers. The numerical runs are useful for seeing the practical trade-offs. The soft spot sits in the adaptive reduction. The separation principle is being applied where the attacker's own observations depend on the attack choice, so the information is not exogenous. The paper claims the hierarchical step fully converts the problem to Markovian form without leftover dependence on the conditional covariance. If the derivations show this cleanly under the given linear-Gaussian assumptions, the tractability claim holds; if any extra conditions on the observation model are needed, the semi-explicit result would be narrower than stated. The rest of the setup looks standard and internally consistent. This is written for control theorists working on cyber-physical security. Someone already comfortable with innovation processes, LQG separation, and attack-detection trade-offs will follow the steps without trouble and can use the framework for extensions. It is specific enough and grounded enough to deserve referee time, even if the adaptive proofs need tightening.

Referee Report

2 major / 3 minor

Summary. The paper proposes a likelihood-based detection mechanism derived from the innovation process to quantify stealthiness in attacks on partially observed linear systems. It formulates an optimization problem trading off performance degradation against detectability. For deterministic attacks fixed prior to system evolution, solutions are developed; for adaptive attacks using available observations, a hierarchical optimization framework combined with the separation principle reduces the endogenous-information stochastic control problem to a Markovian formulation, yielding semi-explicit optimal attacks. Well-posedness of the resulting systems is established, and numerical experiments illustrate the information-constrained trade-off between attack effectiveness and stealthiness.

Significance. If the reduction to Markovian control holds without residual endogeneity, this provides a control-theoretic framework for optimal stealthy attack design under partial observations, which could be significant for security analysis of cyber-physical systems. The likelihood-based stealthiness metric and handling of adaptive attacks represent potentially useful extensions of standard LQG separation techniques. The numerical experiments concretely demonstrate how information structures affect the performance-stealthiness frontier.

major comments (2)

[Abstract and adaptive attack derivation] The central reduction in the adaptive setting (abstract and the hierarchical optimization step) relies on applying the separation principle to a stochastic control problem whose information structure is endogenous because attack inputs affect the attacker's partial observations of the innovation process. Standard separation applies to exogenous information; the manuscript must explicitly verify that the hierarchical decomposition fully eliminates dependence on the conditional covariance in the likelihood-based stealthiness metric, or state the additional assumptions on the observation model required for this to hold. This is load-bearing for the tractability and semi-explicit optimality claims.
[Well-posedness analysis] The well-posedness result for the reduced Markovian systems (abstract) is asserted but lacks a named theorem or explicit conditions guaranteeing existence, uniqueness, and boundedness of solutions to the resulting control problem. This needs to be stated with reference to the specific cost and dynamics after the separation reduction.

minor comments (3)

[Adaptive attacks section] Clarify the precise definition of 'semi-explicit' optimal attacks and provide the explicit form or algorithm used to compute them in the adaptive case.
[Numerical experiments] The numerical experiments would benefit from tabulated parameter values, explicit system matrices, and discussion of sensitivity to initial conditions or noise variances.
Ensure consistent notation for the innovation process, likelihood ratio, and information structures between the deterministic and adaptive cases.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for their thorough review and constructive feedback on our manuscript. We have carefully considered the major comments and provide point-by-point responses below. We believe the revisions will strengthen the paper.

read point-by-point responses

Referee: [Abstract and adaptive attack derivation] The central reduction in the adaptive setting (abstract and the hierarchical optimization step) relies on applying the separation principle to a stochastic control problem whose information structure is endogenous because attack inputs affect the attacker's partial observations of the innovation process. Standard separation applies to exogenous information; the manuscript must explicitly verify that the hierarchical decomposition fully eliminates dependence on the conditional covariance in the likelihood-based stealthiness metric, or state the additional assumptions on the observation model required for this to hold. This is load-bearing for the tractability and semi-explicit optimality claims.

Authors: We appreciate the referee highlighting this critical aspect of the derivation. In our framework, the attacker's observations are the innovations, and the stealthiness metric is the likelihood ratio based on the innovation sequence. The hierarchical optimization first optimizes the nominal innovation trajectory for the outer problem, and the inner problem is the control of the state under the attack. Due to the linear structure and the fact that the innovation covariance is determined by the Kalman filter which is independent of the attack inputs (as attacks enter through the control channel but the filter gain is precomputed), the conditional covariance remains unaffected by the attacks. Thus, the endogeneity is eliminated, and the separation holds without additional assumptions beyond the standard linear Gaussian model. We will add an explicit lemma or remark in the revised manuscript verifying this independence to make the argument self-contained. revision: yes
Referee: [Well-posedness analysis] The well-posedness result for the reduced Markovian systems (abstract) is asserted but lacks a named theorem or explicit conditions guaranteeing existence, uniqueness, and boundedness of solutions to the resulting control problem. This needs to be stated with reference to the specific cost and dynamics after the separation reduction.

Authors: We agree that the well-posedness should be stated more explicitly. In the manuscript, this is addressed in Section 4.3 where we show that the reduced problem is a standard linear-quadratic Gaussian control problem with Markovian state (the conditional mean), and existence and uniqueness follow from the positive definiteness of the quadratic cost matrices and the stabilizability of the system. We will name this result as Theorem 4.1 and provide the precise conditions: the pair (A, B) is stabilizable, the cost weights Q and R are positive semi-definite and positive definite respectively, ensuring the Riccati equation has a unique positive definite solution and the optimal control is bounded. This will be cross-referenced in the abstract and introduction. revision: yes

Circularity Check

0 steps flagged

No circularity: standard separation principle applied to endogenous structure without reduction to inputs

full rationale

The derivation chain invokes the separation principle and hierarchical optimization to reduce the stochastic control problem with endogenous information (arising from attack-affected observations) to a Markovian formulation. This is presented as a direct application of existing control-theoretic results rather than a self-definitional fit, renamed empirical pattern, or load-bearing self-citation. No equations or claims in the provided text reduce a prediction to a fitted parameter by construction, nor does any uniqueness theorem originate solely from the authors' prior work in a way that forces the result. The framework remains self-contained against external benchmarks in stochastic control.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The paper rests on standard linear Gaussian assumptions from LQG control theory; no new free parameters, invented entities, or ad-hoc axioms are introduced in the abstract description.

axioms (1)

domain assumption System dynamics are linear with additive Gaussian noise, enabling innovation process and separation principle.
Implicit throughout the detection mechanism and adaptive control reduction.

pith-pipeline@v0.9.0 · 5445 in / 1222 out tokens · 46728 ms · 2026-05-12T01:57:44.951656+00:00 · methodology

Review history (2 revisions) →

discussion (0)

Reference graph

Works this paper leans on

38 extracted references · 38 canonical work pages

[1]

Birkh¨ auser, 2012

Hisham Abou-Kandil, Gerhard Freiling, Vlad Ionescu, and Gerhard Jank.Matrix Riccati equations in control and systems theory. Birkh¨ auser, 2012

work page 2012
[2]

Forecasting and manipulating the forecasts of others.arXiv:2603.12140, 2026

Sam Babichenko. Forecasting and manipulating the forecasts of others.arXiv:2603.12140, 2026

work page arXiv 2026
[3]

Springer, 2009

Alan Bain and Dan Crisan.Fundamentals of stochastic filtering, volume 3. Springer, 2009

work page 2009
[4]

Stochastic control of partially observable systems.Cambridge, Cambridge, 1992

Alain Bensoussan. Stochastic control of partially observable systems.Cambridge, Cambridge, 1992

work page 1992
[5]

Application of SVM and ANN for intrusion detection

Wun-Hwa Chen, Sheng-Hsun Hsu, and Hwang-Pin Shen. Application of SVM and ANN for intrusion detection. Computers & Operations Research, 32(10):2617–2634, 2005

work page 2005
[6]

Optimal attack strategies subject to detection constraints against cyber-physical systems.IEEE Transactions on Control of Network Systems, 5(3):1157–1168, 2017

Yuan Chen, Soummya Kar, and Jos´ e MF Moura. Optimal attack strategies subject to detection constraints against cyber-physical systems.IEEE Transactions on Control of Network Systems, 5(3):1157–1168, 2017

work page 2017
[7]

Almost sure detection of the presence of malicious components in cyber–physical systems.Automatica, 167:111789, 2024

Souvik Das, Priyanka Dey, and Debasish Chatterjee. Almost sure detection of the presence of malicious components in cyber–physical systems.Automatica, 167:111789, 2024

work page 2024
[8]

M. H. A. Davis.Linear Estimation and Stochastic Control. Chapman and Hall Ltd, 1977

work page 1977
[9]

Stealthy actuator signal attacks in stochastic control systems: performance and limitations.IEEE Transactions on Automatic Control, 65(9):3927–3934, 2019

Chongrong Fang, Yifei Qi, Jiming Chen, Rui Tan, and Weixing Zheng. Stealthy actuator signal attacks in stochastic control systems: performance and limitations.IEEE Transactions on Automatic Control, 65(9):3927–3934, 2019

work page 2019
[10]

Detection and isolation of routing attacks through sensor watermarking

Riccardo Ferrari and Andr´ e Teixeira. Detection and isolation of routing attacks through sensor watermarking. In2017 American Control Conference, pages 5436–5442. IEEE, 2017

work page 2017
[11]

Optimal control of McKean-Vlasov systems under partial observation and hidden Markov switching.arXiv:2601.09311, 2026

Marco Fuhrman, Huyˆ en Pham, and Silvia Ruda. Optimal control of McKean-Vlasov systems under partial observation and hidden Markov switching.arXiv:2601.09311, 2026

work page arXiv 2026
[12]

Finite- agent stochastic differential games on large graphs: I

Ruimeng Hu, Jihao Long, and Haosheng Zhou. Finite- agent stochastic differential games on large graphs: I. the linear-quadratic case.Applied Mathematics & Optimization, 92(2):31, 2025

work page 2025
[13]

Strategic inference in Stackelberg games: Optimal control for revealing adversary intent.arXiv:2510.05641, 2025

Ruimeng Hu, Daniel Ralston, Xu Yang, and Haosheng Zhou. Strategic inference in Stackelberg games: Optimal control for revealing adversary intent.arXiv:2510.05641, 2025

work page arXiv 2025
[14]

Attack detection in dynamic games with quadratic measurements.arXiv:2510.00241, 2025

Muyan Jiang and Anil Aswani. Attack detection in dynamic games with quadratic measurements.arXiv:2510.00241, 2025

work page arXiv 2025
[15]

Optimal innovation-based stealthy attacks in networked LQG systems with attack cost.IEEE Transactions on Cybernetics, 54(2):787–796, 2022

Kaijing Jin and Dan Ye. Optimal innovation-based stealthy attacks in networked LQG systems with attack cost.IEEE Transactions on Cybernetics, 54(2):787–796, 2022

work page 2022
[16]

Security analysis for cyber-physical systems against stealthy deception attacks

Cheolhyeon Kwon, Weiyi Liu, and Inseok Hwang. Security analysis for cyber-physical systems against stealthy deception attacks. In2013 American Control Conference, pages 3344–

work page
[17]

Analysis and design of stealthy cyber attacks on unmanned aerial systems.Journal of Aerospace Information Systems, 11(8):525–539, 2014

Cheolhyeon Kwon, Weiyi Liu, and Inseok Hwang. Analysis and design of stealthy cyber attacks on unmanned aerial systems.Journal of Aerospace Information Systems, 11(8):525–539, 2014

work page 2014
[18]

Cyber-attacks against critical infrastructure

Martti Lehto. Cyber-attacks against critical infrastructure. InCyber security: Critical infrastructure protection, pages 3–42. Springer, 2022

work page 2022
[19]

A survey on cyber- attacks for cyber-physical systems: Modeling, defense, and design.IEEE Internet of Things Journal, 12(2):1471–1483, 2024

Zhi Lian, Peng Shi, and Mou Chen. A survey on cyber- attacks for cyber-physical systems: Modeling, defense, and design.IEEE Internet of Things Journal, 12(2):1471–1483, 2024

work page 2024
[20]

General theory, volume 5

Robert S Liptser and Albert N Shiryaev.Statistics of random processes: I. General theory, volume 5. Springer Science & Business Media, 2013

work page 2013
[21]

Sufficient conditions for the optimal control of nonlinear systems.SIAM Journal on Control, 4(1):139–152, 1966

Olvi L Mangasarian. Sufficient conditions for the optimal control of nonlinear systems.SIAM Journal on Control, 4(1):139–152, 1966

work page 1966
[22]

False data injection attacks against state estimation in wireless sensor networks

Yilin Mo, Emanuele Garone, Alessandro Casavola, and Bruno Sinopoli. False data injection attacks against state estimation in wireless sensor networks. In49th IEEE Conference on Decision and Control (CDC), pages 5967–5972. IEEE, 2010

work page 2010
[23]

Online model-free cyber attack detection in smart grid using dynamic mode decomposition.IEEE Transactions on Network Science and Engineering, 11(5):4305–4314, 2024

Ehsan Mobini, Amir Hossein Abolmasoumi, and Abolghasem Daeichian. Online model-free cyber attack detection in smart grid using dynamic mode decomposition.IEEE Transactions on Network Science and Engineering, 11(5):4305–4314, 2024

work page 2024
[24]

Detection of false data injection attacks in smart grid communication systems

Danda B Rawat and Chandra Bajracharya. Detection of false data injection attacks in smart grid communication systems. IEEE Signal Processing Letters, 22(10):1652–1656, 2015

work page 2015
[25]

Kullback–Leibler divergence-based optimal stealthy sensor attack against networked linear quadratic Gaussian systems.IEEE Transactions on Cybernetics, 52(11):11539–11548, 2021

Xiu-Xiu Ren and Guang-Hong Yang. Kullback–Leibler divergence-based optimal stealthy sensor attack against networked linear quadratic Gaussian systems.IEEE Transactions on Cybernetics, 52(11):11539–11548, 2021

work page 2021
[26]

Sufficient conditions in optimal control theory.International Economic Review, pages 367–391, 1977

Atle Seierstad and Knut Sydsaeter. Sufficient conditions in optimal control theory.International Economic Review, pages 367–391, 1977

work page 1977
[27]

Fault detection and localization in distributed systems using invariant relationships

Abhishek B Sharma, Haifeng Chen, Min Ding, Kenji Yoshihira, and Guofei Jiang. Fault detection and localization in distributed systems using invariant relationships. In 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pages 1–8. IEEE, 2013

work page 2013
[28]

The vulnerability of cyber-physical system under stealthy attacks.IEEE Transactions on Automatic Control, 66(2):637–650, 2020

Tianju Sui, Yilin Mo, Dami´ an Marelli, Ximing Sun, and Minyue Fu. The vulnerability of cyber-physical system under stealthy attacks.IEEE Transactions on Automatic Control, 66(2):637–650, 2020

work page 2020
[29]

Secure state estimation for continuous-time cyber-physical systems under stochastic attacks and faults.IEEE Transactions on Automatic Control, 2025

Qingdong Sun and Guang-Hong Yang. Secure state estimation for continuous-time cyber-physical systems under stochastic attacks and faults.IEEE Transactions on Automatic Control, 2025

work page 2025
[30]

Brief survey on attack detection methods for cyber-physical systems.IEEE Systems Journal, 14(4):5329– 5339, 2020

Sen Tan, Josep M Guerrero, Peilin Xie, Renke Han, and Juan C Vasquez. Brief survey on attack detection methods for cyber-physical systems.IEEE Systems Journal, 14(4):5329– 5339, 2020

work page 2020
[31]

American Mathematical Soc., 2012

Gerald Teschl.Ordinary differential equations and dynamical systems, volume 140. American Mathematical Soc., 2012

work page 2012
[32]

World Scientific, 2008

Christiane Tretter.Spectral theory of block operator matrices and applications. World Scientific, 2008

work page 2008
[33]

Risk-sensitive linear/quadratic/Gaussian control.Advances in Applied Probability, 13(4):764–777, 1981

Peter Whittle. Risk-sensitive linear/quadratic/Gaussian control.Advances in Applied Probability, 13(4):764–777, 1981

work page 1981
[34]

A generalized likelihood ratio approach to the detection and estimation of jumps in linear systems.IEEE Transactions on Automatic control, 21(1):108–112, 2003

Alan Willsky and H Jones. A generalized likelihood ratio approach to the detection and estimation of jumps in linear systems.IEEE Transactions on Automatic control, 21(1):108–112, 2003

work page 2003
[35]

A survey of design methods for failure detection in dynamic systems.Automatica, 12(6):601–611, 1976

Alan S Willsky. A survey of design methods for failure detection in dynamic systems.Automatica, 12(6):601–611, 1976

work page 1976
[36]

A survey on attack detection, estimation and control of industrial cyber–physical systems

Dan Zhang, Qing-Guo Wang, Gang Feng, Yang Shi, and Athanasios V Vasilakos. A survey on attack detection, estimation and control of industrial cyber–physical systems. ISA transactions, 116:1–16, 2021

work page 2021
[37]

Integrating sequential hypothesis testing into adversarial 12 games: A Sun Zi-inspired framework

Haosheng Zhou, Daniel Ralston, Xu Yang, and Ruimeng Hu. Integrating sequential hypothesis testing into adversarial 12 games: A Sun Zi-inspired framework. In2025 IEEE 64th Conference on Decision and Control (CDC), pages 4540–

work page
[38]

ρt τt # +α t dt+V t

Haosheng Zhou, Daniel Ralston, Xu Yang, and Ruimeng Hu. Adversarial decision-making in partially observable multi- agent systems: A sequential hypothesis testing approach. Accepted by IEEE Transactions on Control of Network Systems, 2026. A Proof of Proposition 1 in Section 2 PROOF.[Proof of Proposition 1] By the separation principle [8], solving the part...

work page 2026