On model‐based detectors for linear time‐invariant stochastic systems under sensor attacks

A vector-valued model-based cumulative sum (CUSUM) procedure is proposed for identifying faulty/falsified sensor measurements. First, given the system dynamics, the authors derive tools for tuning the CUSUM procedure in the fault/attack-free case to fulfil the desired detection performance (in terms of false alarm rate). They use the widely-used chi-squared fault/attack detection procedure as a benchmark to compare the performance of the CUSUM. In particular, they characterise the state degradation that a class of attacks can induce the system while enforcing that the detectors (CUSUM and chi-squared) do not raise alarms. In doing so, they find the upper bound of state degradation that is possible by an undetected attacker. They quantify the advantage of using a dynamic detector (CUSUM), which leverages the history of the state, over a static detector (chi-squared), which uses a single measurement at a time. Simulations of a chemical reactor with a heat exchanger are presented to illustrate the performance of their tools.