Disconnection-aware Attack Detection and Isolation with Separation-based Detector Reconfiguration

TL;DR

This paper proposes a method for maintaining attack detection and isolation capabilities in networked control systems even after subsystem disconnection, using a separation-based detector reconfiguration approach grounded in retrofit control techniques.

Contribution

It introduces a disconnection-aware attack detection and isolation scheme with a novel separation-based reconfiguration method utilizing retrofit control.

Findings

The proposed method preserves detection capabilities under disconnection scenarios.

Numerical examples demonstrate effectiveness in power distribution networks.

The approach ensures stability despite network topology changes.

Abstract

This study addresses incident handling during an adverse event for dynamical networked control systems. Incident handling can be divided into five steps: detection, analysis, containment, eradication, and recovery. For networked control systems, the containment step can be conducted through physical disconnection of an attacked subsystem. In accordance with the disconnection, the equipped attack detection unit should be reconfigured to maintain its detection capability. In particular, separating the detection subunit associated with the disconnected subsystem is considered as a specific reconfiguration scheme in this study. This paper poses the problem of disconnection-aware attack detection and isolation with the separation-based detector reconfiguration. The objective is to find an attack detection unit that preserves its detection and isolation capability even under any possible disconnection and separation. The difficulty arises from network topology variation caused by disconnection that can possibly lead to stability loss of the distributed observer inside the attack detection unit. A solution is proposed based on an existing controller design technique referred to as retrofit control. Furthermore, an application to low-voltage power distribution networks with distributed generation is exhibited. Numerical examples evidence the practical use of the proposed method through a benchmark distribution network.