Algorithmic detection of false data injection attacks in cyber-physical systems

TL;DR

This paper presents AD-CPS, a data-driven anomaly detection algorithm for identifying false data injection attacks in cyber-physical systems modeled as stochastic linear systems, with theoretical guarantees and experimental validation.

Contribution

The paper introduces AD-CPS, a novel anomaly detection method with theoretical false positive/negative guarantees for cyber-physical systems under data deception attacks.

Findings

Non-asymptotic false positive guarantees for 2-step honest attacks

Low false negative errors for high-energy adversaries

Experimental validation showing competitive performance against CUSUM

Abstract

This article introduces an anomaly detection based algorithm (AD-CPS) to detect false data injection attacks that fall under the category of data deception/integrity attacks, but with arbitrary information structure, in cyber-physical systems (CPSs) modeled as stochastic linear time-invariant systems. The core idea of this data-driven algorithm is based on the fact that an honest state (one not compromised by adversaries) generated by the CPS should concentrate near its weighted empirical mean of the immediate past samples. As the first theoretical result, we provide non-asymptotic guarantees on the false positive error incurred by the algorithm for attacks that are 2-step honest, referring to adversaries that act intermittently rather than successively. Moreover, we establish that for adversaries possessing a certain minimum energy, the false negative error incurred by AD-CPS is low. Extensive experiments were conducted on partially observed stochastic LTI systems to demonstrate these properties and to quantitatively compare AD-CPS with an optimal CUSUM-based test.