Distributionally Robust Tuning of Anomaly Detectors in Cyber-Physical Systems with Stealthy Attacks

TL;DR

This paper introduces a distributionally robust anomaly detection method for cyber-physical systems that accounts for noise uncertainty, ensuring false alarm rates are controlled even under stealthy attacks, and explores the trade-offs involved.

Contribution

It proposes a novel distributionally robust detection threshold using moment-based ambiguity sets and Chebyshev inequalities, addressing false alarm control under uncertain noise distributions.

Findings

Guarantees false alarm rate upper bound under distributional uncertainty

Provides an efficient method to compute attack-reachable states bounds

Demonstrates improved detection robustness over traditional chi-squared detectors

Abstract

Designing resilient control strategies for mitigating stealthy attacks is a crucial task in emerging cyber-physical systems. In the design of anomaly detectors, it is common to assume Gaussian noise models to maintain tractability; however, this assumption can lead the actual false alarm rate to be significantly higher than expected. We propose a distributionally robust anomaly detector for noise distributions in moment-based ambiguity sets. We design a detection threshold that guarantees that the actual false alarm rate is upper bounded by the desired one by using generalized Chebyshev inequalities. Furthermore, we highlight an important trade-off between the worst-case false alarm rate and the potential impact of a stealthy attacker by efficiently computing an outer ellipsoidal bound for the attack-reachable states corresponding to the distributionally robust detector threshold. We illustrate this trade-off with a numerical example and compare the proposed approach with a traditional chi-squared detector.