Attack Detection and Identification in Cyber-Physical Systems -- Part II: Centralized and Distributed Monitor Design

TL;DR

This paper proposes optimal centralized and distributed attack detection and identification monitors for cyber-physical systems, addressing computational challenges and demonstrating robustness through simulations.

Contribution

It introduces optimal centralized and distributed attack detection/identification methods, including a sub-optimal procedure with performance guarantees for complex identification tasks.

Findings

Optimal centralized attack detection and identification monitors designed.

A distributed attack detection filter based on waveform relaxation.

The attack identification problem is computationally hard, but a sub-optimal method with guarantees is proposed.

Abstract

Cyber-physical systems integrate computation, communication, and physical capabilities to interact with the physical world and humans. Besides failures of components, cyber-physical systems are prone to malicious attacks so that specific analysis tools and monitoring mechanisms need to be developed to enforce system security and reliability. This paper builds upon the results presented in our companion paper [1] and proposes centralized and distributed monitors for attack detection and identification. First, we design optimal centralized attack detection and identification monitors. Optimality refers to the ability of detecting (respectively identifying) every detectable (respectively identifiable) attack. Second, we design an optimal distributed attack detection filter based upon a waveform relaxation technique. Third, we show that the attack identification problem is computationally hard, and we design a sub-optimal distributed attack identification procedure with performance guarantees. Finally, we illustrate the robustness of our monitors to system noise and unmodeled dynamics through a simulation study.