CUSUM and chi-squared attack detection of compromised sensors

A vector-valued model-based cumulative sum (CUSUM) procedure is proposed for identifying falsified sensor measurements. To fulfill a desired detection performance, given the system dynamics, we derive tools for tuning the CUSUM procedure. We characterize the state degradation that a stealthy attacker can induce to the system while remaining undetected by the detection procedure. We quantify the advantage of using a dynamic detector (CUSUM), which leverages the history of the state, over a static detector (chi-squared) which uses a single measurement at a time. Simulation experiments are presented to illustrate the performance of the detection scheme.

[1]  T. Tarn,et al.  Observers for nonlinear stochastic systems , 1975, 1975 IEEE Conference on Decision and Control including the 14th Symposium on Adaptive Processes.

[2]  Charles W. Champ,et al.  A a comparison of the markov chain and the integral equation approaches for evaluating the run length distribution of quality control charts , 1991 .

[3]  D. A. Evans,et al.  An approach to the probability distribution of cusum run length , 1972 .

[4]  Florian Dörfler,et al.  Attack Detection and Identification in Cyber-Physical Systems -- Part II: Centralized and Distributed Monitor Design , 2012, ArXiv.

[5]  George A. Perdikaris Computer Controlled Systems , 1991 .

[6]  Weiyi Liu,et al.  Security analysis for Cyber-Physical Systems against stealthy deception attacks , 2013, 2013 American Control Conference.

[7]  Vijay Gupta,et al.  On Kalman filtering in the presence of a compromised sensor: Fundamental performance bounds , 2014, 2014 American Control Conference.

[8]  Alvaro A. Cárdenas,et al.  Attacks against process control systems: risk assessment, detection, and response , 2011, ASIACCS '11.

[9]  R. Khan Wald's approximations to the average run length in cusum procedures , 1978 .

[10]  William H. Woodall,et al.  The Use (and Misuse) of False Alarm Probabilities in Control Chart Design , 1992 .

[11]  Charles R. Johnson,et al.  Matrix analysis , 1985, Statistical Inference for Engineers and Data Scientists.

[12]  Sheldon M. Ross,et al.  Introduction to Probability Models, Eighth Edition , 1972 .

[13]  William H. Woodall,et al.  The Distribution of the Run Length of One-Sided CUSUM Procedures for Continuous Random Variables , 1983 .

[14]  Fredrik Gustafsson,et al.  Adaptive filtering and change detection , 2000 .

[15]  E. S. Page CONTINUOUS INSPECTION SCHEMES , 1954 .

[16]  Emanuele Garone,et al.  False data injection attacks against state estimation in wireless sensor networks , 2010, 49th IEEE Conference on Decision and Control (CDC).

[17]  Charles R. Johnson,et al.  Matrix Analysis, 2nd Ed , 2012 .

[18]  Changsoon Park,et al.  A Corrected wiener process approximation for cusum arls , 1987 .

[19]  Carlos Murguia,et al.  Characterization of a CUSUM model-based sensor attack detector , 2016, 2016 IEEE 55th Conference on Decision and Control (CDC).

[20]  Vijay Gupta,et al.  Security in stochastic control systems: Fundamental limitations and performance bounds , 2015, 2015 American Control Conference (ACC).

[21]  Karl Johan Åström,et al.  Computer-controlled systems (3rd ed.) , 1997 .

[22]  P. L. Goldsmith,et al.  Cumulative Sum Tests: Theory and Practice , 1969 .

[23]  G. Box,et al.  Cumulative Sum Tests: Theory and Practice , 1968 .

[24]  Richard L. Tweedie,et al.  Markov Chains and Stochastic Stability , 1993, Communications and Control Engineering Series.

[25]  Quanyan Zhu,et al.  Coding sensor outputs for injection attacks detection , 2014, 53rd IEEE Conference on Decision and Control.