OT-DETECT: Optimal transport-driven attack detection in cyber-physical systems

TL;DR

This paper introduces OT-DETECT, an attack detection method for cyber-physical systems using optimal transport theory, formulated as a minmax problem, with proven robustness and sequential detection capabilities.

Contribution

It develops a novel OT-driven detection algorithm with a finite-dimensional LP formulation and tail bounds for false positives, enhancing robustness in CPS security.

Findings

Robust attack detection demonstrated through numerical experiments.

Finite-dimensional LP reduces computational complexity.

Non-asymptotic tail bounds ensure false-positive control.

Abstract

This article presents an optimal-transport (OT)-driven, distributionally robust attack detection algorithm, OT-DETECT, for cyber-physical systems (CPS) modeled as partially observed linear stochastic systems. The underlying detection problem is formulated as a minmax optimization problem using 1-Wasserstein ambiguity sets constructed from observer residuals under both the nominal (attack-free) and attacked regimes. We show that the minmax detection problem can be reduced to a finite-dimensional linear program for computing the worst-case distribution (WCD). Off-support residuals are handled via a kernel-smoothed score function that drives a CUSUM procedure for sequential detection. We also establish a non-asymptotic tail bound on the false-positive error of the CUSUM statistic under the nominal (attack-free) condition, under mild assumptions. Numerical illustrations are provided to evaluate the robustness properties of OT-DETECT.