#### Abstract

Stealthy attacks to cyber-physical systems (CPS) refer to the ones that avoid attack detection mechanisms augmented to the systems typically in the form of anomaly detectors. Various types of stealthy attacks have been reported in the literature. Among the attacks with stealthy property, a recently reported multiplicative coordinated attack is particularly dangerous in that it corrupts sensor and actuator data in a coordinated manner, and it does not require precise system knowledge in order to be stealthy. It must be noted that most of these attacks are applicable to CPS, the physical counterparts of which are of linear dynamics. This could be a limitation since most of the physical dynamic systems that are encountered from CPS perspective are of nonlinear nature. In this work, we present a version of multiplicative coordinated stealthy attack for a class of CPS, the physical counterpart of which possesses nonlinear dynamics. Specifically, for the physical systems with homogeneous property, the attack is constructed and the effect is analyzed. Various simulations are carried out to illustrate the effect of the attack.

#### 1. Introduction

The improvement of computing power in embedded systems and significant advances of communication and network technologies have created a new field of cyber-physical systems (CPS) which tightly integrate physical and cyber components. Over the past years, CPS has emerged as an important paradigm to design large-scale distributed systems such as electric power grid systems, water distribution systems, and smart vehicular systems [1, 2]. However, recently, the cases where anonymous attackers penetrate the network systems and compromise CPS have increased [3]. The cyber attacks on CPS have caused considerable damages of the physical processes and brought enormous losses in property. The representative attack cases include the attack on Maroochy Shire Council’s sewage control systems [4] and the Stuxnet worm virus attack on Supervisory Control and Data Acquisition (SCADA) systems [5].

For developing countermeasures for the known attacks [6–9, 10], comprehensive analysis of the feasible cyber attack mechanisms should be preceded. To date, many cyber attack mechanisms have been discovered and analyzed in [11–19]. The representative attack methodologies include Denial of Service (DoS) attack [11], replay attack [12, 13], bias injection attack [14], zero dynamics attack [15], robust zero dynamics attack [16], robust pole dynamics attack [17], data-driven covert attack [18], etc. The DoS attack is a jamming method for obstructing data transmission, which is realized by injecting a considerable amount of requests into specific communication channels. The replay attack is an attack method realized by recording sensor measurement outputs for an extended period of time and replacing the measurements with the stored data. The bias injection attack is a type of false data injection attack, which is achieved by injecting the arbitrary constant in the control or sensor signals. The zero dynamics attack is a model based on stealthy attack method, and the attackers generate the sophisticated attack signals using unstable zero dynamics of the targeted system. While the zero dynamics attack requires the exact model knowledge of the target system, the robust zero dynamics attack was developed based on a robust control tool called as a disturbance observer. The attack corrupts the plant without the needs of the exact model knowledge and maintains the stealthiness for finite period. Robust pole dynamics attack is similar but applicable to linear systems with unstable dynamics. The data-driven covert attack is the attack strategy which can compromise the linear systems with parameter uncertainties. The attack utilizes a least mean square method for the parameter estimation, and the attack signals calculated from the estimated model are simultaneously injected into the input and output channels.

Fortunately, the existing attack methods reported in [11–18] have restrictions. For achieving the DoS attack, the attackers need much resources in that all possible communication channels should be occupied. The replay attack can be easily detected by watermarking the actuator signals. This is because the recorded output signals do not respond to the watermarks coded in the signals. The bias injection attack is not perfectly stealthy, which can be easily detected by anomaly detectors designed for monitoring the anomalous operations. The zero dynamics and robust zero dynamics attacks are dangerous only for the systems with nonminimum phase zeros. Robust pole dynamics attack is only to systems with unstable poles. The data-driven covert attack needs the minimum model knowledge such as the system dimension, although the complete model knowledge is not known to the attackers.

Recently, a notable stealthy attack mechanism capable of overcoming the said restrictions was developed in [19]. The attack is named a multiplicative coordinated stealthy attack and follows the method which multiplicatively compromises both the sensor and control signals in a coordinated manner. The attack design does not require model knowledge as long as the target system is linear. It is not detected by the watermarking technique. The applicability of the attack is not limited to the systems with nonminimum phase zeros nor unstable dynamics. The current work of the multiplicative coordinated stealthy attack introduced in [19], however, has focused on compromising the CPS, the physical counterpart of which is of linear dynamics. In this paper, as an extension of the attack to a class of CPS whose physical counterpart is of nonlinear dynamics, we specifically show that the multiplicative coordinated stealthy attack can compromise target CPS whose physical counterpart is of linear dynamics or of nonlinear dynamics with homogeneous property [20–22].

Main research interest of this paper is to reveal that a multiplicative coordinated stealthy attack is applicable to CPS with nonlinear physical plants with homogeneous property and to carry out relevant analysis. We show that the multiplicative coordinated attack is capable of forcing the states of target system far away from the desired trajectories without being detected. Attackers only need to know homogeneity degrees of the target systems. The attack can be realized, even if the attackers have incorrect information about the physical plant and have insufficient knowledge of the controller and the anomaly detector. The comparison with existing attacks (e.g., replay attack and false data injection attack) emphasizes that the multiplicative coordinated attack is particularly dangerous. Finally, two methods capable for detecting the multiplicative coordinated stealthy attacks are briefly discussed and demonstrated through simulations.

It should be noted that the security problem of the nonlinear dynamical systems has been rarely discussed in [23–25], while most of the systems have the nonlinearity. The problem of the attack detection and isolation for a class of discrete time nonlinear systems under sensor attack was addressed in [23]. The paper of Kim et al. [24] presented a detection method for the sensor attack and developed a resilient state estimation algorithm for uniformly observable nonlinear systems. The authors in [25] considered the sampled data consensus problem for a class of nonlinear multiagent systems under cyber attack.

The rest of this paper is organized as follows. In Section 2, mathematical preliminaries in order to define homogeneous systems are presented. In Section 3, we introduce a class of the nonlinear CPS and the multiplicative coordinated stealthy attack method for homogeneous nonlinear systems is proposed and analyzed. Various simulations are conducted in Section 4. The detection methods for the attack are briefly discussed in Section 5. Finally, conclusions are formulated in Section 6. All proofs are included in Appendix.

#### 2. Mathematical Preliminaries

Before presenting a stealthy attack method for nonlinear homogeneous systems, we here introduce the basic definitions of homogeneity and the properties. The notion of homogeneity was first introduced in [26] for the stability analysis of a nonlinear system, which has led to interesting results as reported in [20–22]. In order to understand whether any function or system has the homogeneous property or not, the concept of dilation is required, and we simply introduce the definition below.

*Definition 1. *For fixed coordinates and real numbers for , a dilation is defined aswhere with being called as homogeneous weights of *x* [20–22].

Now, by using the dilation, we can define the homogeneous function. Definition 2 shows the definition of the homogeneous function, and Lemma 1 shows that the homogeneous functions have a property.

*Definition 2. *A function is said to be a generalized homogeneous function of degree with respect to a dilation with an exponent *r*, if the following equality holdsfor all . If the exponent *r* is , the function is said to be a classical homogeneous function [20–22].

Lemma 1. *Let be an arbitrary constant. Consider a homogeneous function of degree τ with respect to . Then, is homogeneous of degree with respect to [20–22].*

In next section, we first introduce a CPS and focus on the attack scenario where physical plants are remotely controlled via some unreliable communication network, and the attackers can penetrate such network systems without any restriction. Next, we show that a coordinated attack method can be applied into the nonlinear physical plants with homogeneous properties.

#### 3. A Multiplicative Coordinated Stealthy Attack in Cyber-Physical Systems

##### 3.1. A Cyber-Physical System

In this subsection, we briefly discuss a common CPS including a physical plant, a controller, and an anomaly detector. First consider a class of the controllable canonical nonlinear plants on the physical layer which is given bywhere is the plant state, is the control input containing actuator attack signal, is the system output, , , and are continuous and smooth mapping, and denotes the compact set of *x*. The matrices *A* and *B* are, respectively, defined aswhere is the identity matrix and is the zero vector.

Next, we consider a controller given bywhere is the controller state, is the sensor output including sensor attack, is the desired reference assumed to be sufficiently smooth and bounded, is the bounded controller output, and and are continuous and smooth mappings. Without loss of generality, it is assumed that the controller (5) is designed such that the system output follows some desired reference trajectory under attack-free condition and it is capable of forcing *x* to follow the desired reference in .

Before introducing the anomaly detector, we assume that (3) satisfies following Assumption 1. This is necessary for constructing the uniformly nonlinear observer in the anomaly detector [27] and guarantees the observability for all control inputs *u*.

*Assumption 1. *There exists a diffeomorphism function such that (3) is transformed intowhere and for are globally Lipschitz in *s*, and .

For monitoring the system behavior of (3) and detecting the anomalous operations, the anomaly detector is commonly designed. The anomaly detector can be combined with (5) and consists of a full state observer [24, 28], a residue signal monitoring system, and an alarm system, which is represented bywhere is the estimated state for (6), is the observer output, is the residue signal, and is the positive definite solution ofwith the observer design parameter and . The anomaly detector in (7) will trigger the alarm if and only ifwhere is a threshold value which is chosen according to a suitable trade-off between the attack detection and the false alarm rate.

*Remark 1. *Define . When (3) does not have a form of (6), we may choose aswhere is a Lie derivative of along vector field *f* [27–29].

*Remark 2. *Unlike linear systems, the observability of the nonlinear system depends on the control input *u* [27]. Without loss of generality, the system designers will pursue to monitor the system in all regions regardless of *u* and the state observer of (7) may realize it. As reported in [24], some papers related to the nonlinear system security have already used the observer, and this paper also follows the common system setting.

##### 3.2. A Multiplicative Coordinated Stealthy Attack

A smart attacker may hope to corrupt the physical plant of (3) without being detected. Defining we say that this type of attack has stealthy and effective properties, which is given as follows:

Definition 3. *Let * be a permissible predefined maximum error bound, and δ_{T} be a detection bound. An attack is called δ_{T} stealthy and c_{T} effective, if are satisfied in a steady state [19].

In Definition 3, (11) implies that the attack is not detected by the common anomaly detectors of (7). Also, (12) implies that the attack is effective in the sense of degrading the tracking performance in a steady state. To be more specific, here, ϵ in (12) represents the tracking error occurring due to the attack, and we will call as the attack impact in this paper.

In our attack scenario, several assumptions are required to achieve (11) and (12). The assumptions are described below.

*Assumption 2. *The nonlinear functions in (3) have homogenous properties given bywhere , , are the degrees of the homogeneity for , , and with respect to , respectively.

*Assumption 3. *There exists a Lyapunov function for the stability of the nonlinear feedback control system given by

*Assumption 4. *The system outputs and control inputs are available to the malicious attackers.

*Assumption 5. *The reference is not identically zero.

*Assumption 6. *CPS operates in a steady state during attack period.

Assumption 2 indicates that we only consider the nonlinear systems with homogeneity property. Note that all linear systems always satisfy homogenous property. Assumption 3 indicates that for the feedback system of (3) and (5), the equilibrium point at the origin is asymptotically stable. This may be readily satisfied by the designed tracking controllers. Assumption 4 indicates that the attackers can arbitrarily change control input signals and sensor measurements without any restriction. Assumption 5 indicates that we only consider the cases of nonzero reference. This is a necessary condition for the attack to be effective. Assumption 6 means the attacks may occur in steady state.

*Remark 3. *Based on Assumption 4, the malicious attackers can inspect the measurements in real time and can know whether Assumption 5 and Assumption 6 are satisfied or not. If the intercepted measurements remain the nonzero constant for a long period, the CPS works in a steady state and the attacks can occur.

Under Assumptions 1, 2, 3, 4, 5, and 6, we introduce the multiplicative coordinated attack posed on the cyber layer. The attack signals selected by attackers take the multiplicative form given bywhere and are the attack signals for actuator and sensor, respectively.

Now, using (15), the stealthy condition of and for covertly compromising the nonlinear systems is derived. Let us find the equilibrium points of the nonlinear systems under the attack and attack-free cases. Recall that is satisfied in attack-free case for all *t*. We first define an attack-free nonlinear physical system aswhere is the plant state, is the system output, and is the corrupted system output. Define equilibrium points of *x*, *y*, , , , , and u as , , , , , , and , respectively. Then, (3) and (16) are given in a steady state by

Without loss of generality, for guaranteeing the stealthiness, the received output should have the value identical with the attack-free output, i.e., , and this results in

Then, Assumption 2 and (18) yieldand by using (17) and (19), we have

Then, (20) yields a relational expression of and given byand based on this equation, we can present the multiplicative coordinated stealthy attack method for compromising the nonlinear systems with the homogeneity property.

Theorem 1. *Let Assumptions 1, 2, 3, 4, 5, and 6 hold. The stealthy and effective attack for (3) is achieved, if malicious attackers choosewhere is some positive constant.*

*Proof. *see Appendix A.

The multiplicative coordinated attack in Theorem 1 has the stealthy property of (11) and the effective property of (12). Now, we quantitatively calculate the attack impact, i.e., . From Theorem 1, we can find a relation equation in a steady state given by . By using this, is finally obtained aswhere . The attack impact, i.e., , is proportional to , and this is represented in the function determined by the parameters of *κ* and *ω*. While *ω* in is determined by the homogeneous properties of the system, i.e., , , , the attack design parameter *κ* is arbitrarily chosen by attackers. As *κ* is largely chosen under , the attack impact, i.e., , increases accordingly. The property of is shown in Figure 1, and it is indeed observed that by choosing large κ, increases. Clearly, the attackers should adjust *κ* for increasing , and from the proper selection of *κ*, the attack impact can be made greater than . Here, it should be noted that even if attackers do not have sufficient information about controller (5) and anomaly detector (7), the coordinated attack can be accomplished. Indeed, the attack method of (22) only requires the information on homogeneous degree of physical plant, i.e., , , .

*Remark 4. *In a practical view, the attackers may have to consider the saturation of systems [30, 31]. If the attackers have specific information about the permissible input range of the actuator, the attack signal , i.e., , should stay in a region given bywhere and are the lower and upper limits of the saturating actuator, respectively. Then, is restricted byfor the admissible range of *κ* in (24).

Corollary 1. *Let Assumptions 1, 2, 3, 4, 5, and 6 hold. If the control input stays in zero, malicious attackers can choose a stealthy and effective attack signal aswhere ν is some constant.*

*Proof. *see Appendix B.

The method in Corollary 1 implies that the attackers may compromise (3) only by using the output signal without any needs of the control input signal. The attackers can only use the single communication channel (output channel), and this relieves Assumption 4. Also, in the creation of the attack signal, the homogenous properties, i.e., *ω*, are not used. This means that the riskiness of the attack can be increased in that the attackers do not need the system model knowledge. If the target system is linear and has one or more poles at the original point of -domain, the attacker may use Corollary 1.

It is worth noting that the stealthy attack technique for the linear systems can also be verified from Theorem 1. We define the linear system aswhere , , and are the matrices with appropriate dimensions. By following the canonical form of (3), the functions of (27) can be represented bywhere for all *i*, *b*, and for all *j* are some constants. The homogeneity degrees of (28) satisfy and with respect to , which yields . Therefore, from Theorem 1, the attack signals should be chosen as and , and we can propose Corollary 2 as the method for stealthily compromising the linear systems.

Corollary 2. *Let Assumptions 1, 3, 4, 5, and 6 hold. The stealthy and effective attack for linear systems in (27) is achieved, if malicious attackers choosewhere is some constant value.*

*Proof. *see [19] for more detailed proof.

When the attackers compromise the linear systems, any model knowledge about the system dynamics is not required. However, for the stealthy attacks of the nonlinear systems, the attackers may need the minimum knowledge of homogeneity degrees in the nonlinear dynamics.

Until now, we presented the attack methods for the specific systems which have the forms of (3) and (27). However, rigorously, Theorem 1 and Corollary 2 do not confine the attack targets into the specific systems of (3) and (27). This means if a target system can be changed into the forms of (3) and (27), the stealthy attack may be achieved. In other words, if there exists new state variable given bywhere is a diffeomorphism function such that the system transformed has the forms of (3) or (27), the stealthy attack can be achieved. Here, it should be pointed out that if the attackers use the coordinate changes of (30), considerable model knowledge may be required compared with the existing methods proposed in Theorem 1 and Corollary 2. The additional description will be proposed in the simulation of Section 4.

It is worth noting that the multiplicative coordinated stealthy attack may not be easily detected by the existing watermarking detection methods. This is because the response of the probing signals can be obtained without any modification under the attack. Comparing with the replay attacks being easily detected by the probing signals [12, 13], the coordinated attack methods are much dangerous. The additional description will be also presented in Section 4.

From attacker’s perspective, we introduce several efficient attack methods. Below is, for the nonlinear systems, the extended version of the linear attack method introduced in [19].

*Remark 5. *When the attacks occur, the abrupt changes of the control input and system output may incur the poor transient performance such as the peaking phenomenon of undershoot or overshoot [32]. This means that the stealthiness can be hindered at the initial time of attack. As a remedy, we introduce the attack method that can guarantee the transient performance aswhere is the stable low-pass filter with unity dc-gain.

*Remark 6. *In order to destroy the nonlinear systems (3), the attackers may hope to employ the increasing time-varying signals, i.e., . The attack may be achieved, if is slowly increasing such thatis satisfied.

#### 4. Examples

##### 4.1. Example 1

In this section, we conduct various simulations and study the multiplicative coordinated stealthy attack. Let us consider a nonlinear forced physical system given bywhere . For following a desired reference , we design a feedback linearized tracking controller introduced in [33] aswhere . The nonlinear observer in the anomaly detector is designed as

The homogeneous degrees of (33) are determined as , , and with respect to . We assume that the attackers who aspire to corrupt (33) choose the attack signals asfor .

The simulation results are shown in Figure 2. The output signal, the corrupted output signal, and the residue signal are shown in Figures 2(a)–2(c), respectively. Before the attack, it is observed that the output signal in Figure 2(a) follows the reference. However, after the attack, due to the attack signals injected into the target system, the actual plant output does not track the reference. The attack impact occurs in control system. The received system output in Figure 2(b) seems as if the output signal asymptotically follows the reference. The anomaly detector which receives the corrupted output signal does not trigger the alarm. Indeed, as shown in Figure 2(c), the residue signal does not exceed the threshold value. From the results, we can claim that the attack has effective and stealthy properties.

**(a)**

**(b)**

**(c)**

For the system of (33)–(36), calculating the attack impacts over several attack signals *κ* may be worthy work. The result is illustrated in Figure 3. The attack impact is calculated as 0.7544, which is identical with the size of the tracking error shown in Figure 2(a).

In this simulation, it needs to be emphasized that the attackers may have imprecise model knowledge about (33) aswhere for are uncertain parameters. However, even if the attackers have the uncertain parameters, the attack signal in (36) can be formulated.

##### 4.2. Example 2

In this section, we show that the multiplicative coordinated stealthy attack may be more dangerous than the replay attack. For the demonstration, the nonlinear system of (33) is considered again and we assume that probing signals is combined with the desired reference . The probing signals are selected as various sine waves with different amplitudes over time interval. The new reference denoted by is given by

We design a controller capable for tracking as

The anomaly detector identical with (35) is used in this simulation. In order to show the generation of various attack signals, we assume that the attack signals for corrupting (33) are slowly varying asfor .

The results are shown in Figure 4. Unlike the replay attack, the corrupted output reacts to the watermarking signals although the attack occurs.

**(a)**

**(b)**

**(c)**

For clarity, we show the simulation result for the replay attack. It is assumed that the output is recorded from 20 s until 80 s for the replay attack and the recorded output is injected after 90 s. As expected, the recorded output shown in Figure 5 does not respond to the watermarking signals. Through the simulation, the riskiness of the coordinated attack is definitely highlighted.

In addition, we conduct comparison with the false data injection (sensor) attack [14, 15] by simulations. The system considered is the same as before, and we choose the sensor attack signal asand it is assumed to be added into *y* after 50 s, i.e., . The simulation results are shown in Figure 6. As expected, the false data injection attack renders the corrupted output deviate from the desired reference. Unlike the multiplicative coordinated attack, the false data injection attack is easily detected by the anomaly detector. Hence, the potential danger posed by the multiplicative coordinated attack is illustrated.

**(a)**

**(b)**

##### 4.3. Example 3

Consider a nonlinear system given bywhere and .

The nonlinear system in (42) does not follow the specific form of (3) and (27). The attackers may not cause severe damage in the system of (42) using methods of Theorem 1 and Corollary 2. However, from the specific coordinate transformation, the smart attackers may find the new fact that (42) can be a target system. Define a new state variable as and . Then, we have a linear system given by

Now, the attackers can compromise (42) from Corollary 2. This clearly shows that the multiplicative coordinated attack can be applied into various nonlinear systems. We show that the multiplicative coordinated stealthy attack in Corollary 2 can make the system states of (42) far away from the desired trajectories with the stealthiness. The simulation results are obtained by setting as a constant. The system states, the system output, and the corrupted system output are illustrated in Figure 7. The system states and for are shown in Figure 7(a). As *κ* increases, the system states gradually deviate with the nonlinear nature from the desired trajectories, i.e., when . While the actual system output varies for *κ*, the corrupted output remains steady, as shown in Figure 7(b). The effectiveness is validated.

**(a)**

**(b)**

*Remark 7. *It is worth noting that in order to demonstrate the effectiveness of the attack, the experiment using a quadrotor called AR-drone was conducted in [19]. For more detailed description, see [19].

#### 5. Discussion for Detection Methods

Although this paper mainly focuses on how to formulate the attack signals, proposing detection methods for multiplicative coordinated stealthy attack can be worthy work. In this section, we briefly suggest two detection methods using smart sensors and eliminating homogeneous properties.

##### 5.1. Use Smart Sensors

Using a detection method introduced in [19] may be a solution for detecting the coordinated attacks in the nonlinear systems. Although the detection method has been developed for the linear systems, it seems to be applicable to the nonlinear systems. The detection method proposed in [19] follows design procedure below:(1)Before transmitting the sensor measurements *y*, the smart sensor with calculation capability adds secret nonzero values *χ* to the sensor measurements(2)After the transmission, data receivers construct the transmitted signal for securing original signal by subtracting *χ*

For clarity, we mathematically represent the transmitted signal and the constructed signal as

If the multiplicative coordinated attack does not occur, the receiver secures the original signal, i.e.,

However, when the transmitted signal is modified by the coordinated attacks, the constructed signal is changed intoand this shows that the attackers may not accomplish the stealthy attacks because of the new term, i.e., . Here, it should be noted that affects the residue signal and as the system designers choose large *χ*, the new term, i.e., , increases accordingly. Indeed, we can show thatholds for . If the system designers hope to detect the attack, *χ* needs to be chosen as large value.

##### 5.2. Eliminate Homogeneous Properties

Eliminating homogeneous properties may become another detection method. We propose modifying system dynamics by augmenting new nonlinear dynamics which the attackers do not cognize with (3). This may be realized by connecting the new nonlinear systems into (3) as a parallel way. For clear description, we define the modified nonlinear system aswhere , , and are smooth mapping functions, is new state with , and the matrices and are defined as

If the system designers can reconfigure (3) as a system without homogeneous characteristics, i.e.,the attackers may not accomplish the stealthy attack clearly.

Now, we validate the effectiveness of the detection method using smart sensors and consider the systems of Example 1 again. We conduct simulations for several *χ*, and the results are obtained in Figure 8. In the case when the proposed detection method is not applied, i.e., , the anomaly detector cannot detect the attack. However, when the detection method is employed, i.e., , the anomaly detector detects the attack as shown in Figures 8(b) and 8(c). The results applying the proposed method in Example 2 are shown in Figure 9. As displayed in Figure 8, we can observe that the coordinated attack is detected. The effectiveness of the proposed method is clearly demonstrated. The detailed analysis for the detection methods will be considered as a future work, and we expect that using smart sensors and eliminating homogeneous properties by modifying system dynamics become appropriate solutions for the attack detection.

**(a)**

**(b)**

**(c)**

**(a)**

**(b)**

#### 6. Conclusions

The multiplicative coordinated stealthy attack was developed for corrupting the homogeneous nonlinear systems. We analyzed the attack and validated the dangerousness through several simulations. Also, the detection methods were briefly discussed. We hope that the current research results would help to CPS security.

Limits of current study are summarized as follows. This paper only considers single input single output nonlinear systems. Extending the multiplicative coordinated attacks into multiple input multiple output dynamics will be future work. Finally, although this work conceives a method of attack design, discussions on countermeasures are limited. A more comprehensive detection method will be necessary.

#### Appendix

#### A. Proof of Theorem 1

We show that (22) satisfies the stealthy property. The transformed nonlinear system (6) under attack is given by

Define . Then,

Define estimation error as . Then, the estimation error dynamics is represented bywhere for is defined as

The following proof is based on [34]. Let us define , where . By Assumption 1 and boundedness of the control input, we set for such that is satisfied. Then, , where

By choosing an unique positive definite solution satisfying , we can derive a dynamics of *ξ* as . The time derivative of is given bywhere and are minimum and maximum eigenvalue of . By choosing , we havewhere is a nondecreasing function and is some positive constant. The inequality (A.7) guarantees , i.e., . The stealthiness is guaranteed in a steady state.

Next, we show that (22) satisfies the effective property. In a steady state, *y* is identical with . By definition of , we can derive

This shows that choosing proper *κ* makes . The effectiveness is guaranteed.

#### B. Proof of Corollary 1

Since input signal is zero in a steady state, we have, from (20),

This shows that no stealthy condition is formulated for . Therefore, the sensor attack signal can be arbitrarily selected.

#### Data Availability

The data used to support the findings of this study are included within the article.

#### Disclosure

A preliminary version of this manuscript, i.e., [19], was presented in IEEE Conference on Control Technology and Applications (CCTA 2018). Unlike the preliminary version focusing on linear systems, current version includes new results obtained from the extension of nonlinear systems.

#### Conflicts of Interest

The authors declare that they have no conflicts of interest.

#### Acknowledgments

This work was partly supported by the Institute for Information and Communications Technology Promotion (IITP) grant funded by the Korea government (MSIP) (2014-0-00065, Resilient Cyber-Physical Systems Research) and partly supported by the Global Research Laboratory Program through the National Research Foundation of Korea (NRF-2013K1A1A2A02078326). This work was also supported by the DGIST R&D Programs of the Ministry of Science and ICT (18-ST-02 and 18-EE-01).