A Moving Target Approach for Identifying Malicious Sensors in Control Systems

TL;DR

This paper proposes a dynamic, moving target approach that varies system parameters over time to improve the identification of malicious sensors in control systems, even with limited attacker knowledge.

Contribution

It introduces a method of using time-varying system matrices to enhance attack detection and identification in cyber-physical systems.

Findings

Effective in both deterministic and stochastic systems.

Allows identification of more attacks with fewer sensors.

Limits attacker’s ability to remain unidentifiable.

Abstract

In this paper, we consider the problem of attack identification in cyber-physical systems (CPS). Attack identification is often critical for the recovery and performance of a CPS that is targeted by malicious entities, allowing defenders to construct algorithms which bypass harmful nodes. Previous work has characterized limitations in the perfect identification of adversarial attacks on deterministic LTI systems. For instance, a system must remain observable after removing any 2q sensors to only identify q attacks. However, the ability for an attacker to create an unidentifiable attack requires knowledge of the system model. In this paper, we aim to limit the adversary's knowledge of the system model with the goal of accurately identifying all sensor attacks. Such a scheme will allow systems to withstand larger attacks or system operators to allocate fewer sensing devices to a control system while maintaining security. We explore how changing the dynamics of the system as a function of time allows us to actively identify malicious/faulty sensors in a control system. We discuss the design of time varying system matrices to meet this goal and evaluate performance in deterministic and stochastic systems.