A Novel Cyber Attack Detection Method in Networked Control Systems

This paper is concerned with cyber attack detection in a networked control system. A novel cyber attack detection method, which consists of two steps: 1) a prediction step and 2) a measurement update step, is developed. An estimation ellipsoid set is calculated through updating the prediction ellipsoid set with the current sensor measurement data. Based on the intersection between these two ellipsoid sets, two criteria are provided to detect cyber attacks injecting malicious signals into physical components (i.e., sensors and actuators) or into a communication network through which information among physical components is transmitted. There exists a cyber attack on sensors or a network exchanging data between sensors and controllers if there is no intersection between the prediction set and the estimation set updated at the current time instant. Actuators or network transmitting data between controllers and actuators are under a cyber attack if the prediction set has no intersection with the estimation set updated at the previous time instant. Recursive algorithms for the calculation of the two ellipsoid sets and for the attack detection on physical components and the communication network are proposed. Simulation results for two types of cyber attacks, namely a replay attack and a bias injection attack, are provided to demonstrate the effectiveness of the proposed method.