Detectability of Intermittent Zero-Dynamics Attack in Networked Control Systems

TL;DR

This paper investigates a sophisticated zero-dynamics attack in networked control systems that adapts to topology switching by pausing attacks, and proposes detection strategies based on system topology and measurement analysis.

Contribution

It introduces a realistic ZDA variation that anticipates topology switching and develops detectability conditions and defense strategies for this scenario.

Findings

Characterized conditions for detectability of the proposed ZDA variation.

Developed defense strategies based on network topology and monitored agents.

Numerical results validate the theoretical detectability conditions.

Abstract

This paper analyzes stealthy attacks, particularly the zero-dynamics attack (ZDA) in networked control systems. ZDA hides the attack signal in the null-space of the state-space representation of the control system and hence it cannot be detected via conventional detection methods. A natural defense strategy builds on changing the null-space via switching through a set of topologies. In this paper, we propose a realistic ZDA variation where the attacker is aware of this topology-switching strategy, and hence employs the policy to avoid detection: "pause (update and resume) attack" before (after) topology switching to evade detection. We first systematically study the proposed ZDA variation, and then develop defense strategies under the realistic assumptions. Particularly, we characterize conditions for detectability of the proposed ZDA variation, in terms of the network topologies to be maintained, the set of agents to be monitored, and the measurements of the monitored agents that should be extracted. We provide numerical results that demonstrate our theoretical findings.