A Novel Cyber Attack Detection Method in Networked Control Systems

This paper is concerned with cyber attack detection in a networked control system. A novel cyber attack detection method, which consists of two steps: 1) a prediction step and 2) a measurement update step, is developed. An estimation ellipsoid set is calculated through updating the prediction ellipsoid set with the current sensor measurement data. Based on the intersection between these two ellipsoid sets, two criteria are provided to detect cyber attacks injecting malicious signals into physical components (i.e., sensors and actuators) or into a communication network through which information among physical components is transmitted. There exists a cyber attack on sensors or a network exchanging data between sensors and controllers if there is no intersection between the prediction set and the estimation set updated at the current time instant. Actuators or network transmitting data between controllers and actuators are under a cyber attack if the prediction set has no intersection with the estimation set updated at the previous time instant. Recursive algorithms for the calculation of the two ellipsoid sets and for the attack detection on physical components and the communication network are proposed. Simulation results for two types of cyber attacks, namely a replay attack and a bias injection attack, are provided to demonstrate the effectiveness of the proposed method.

[1]  Tyrone L. Vincent,et al.  An abrupt change detection heuristic with applications to cyber data attacks on power systems , 2014, 2014 American Control Conference.

[2]  Mehul Motani,et al.  Detecting False Data Injection Attacks in AC State Estimation , 2015, IEEE Transactions on Smart Grid.

[3]  Xinghuo Yu,et al.  Survey on Recent Advances in Networked Control Systems , 2016, IEEE Transactions on Industrial Informatics.

[4]  David Ward,et al.  Vulnerable links and secure architectures in the stabilization of networks of controlled dynamical systems , 2012, 2012 American Control Conference (ACC).

[5]  F. Schweppe Recursive state estimation: Unknown but bounded errors and system inputs , 1967 .

[6]  Fei Hu,et al.  Detection of Faults and Attacks Including False Data Injection Attack in Smart Grid Using Kalman Filter , 2014, IEEE Transactions on Control of Network Systems.

[7]  Ying Tan,et al.  On Designing Event-Triggered Schemes for Networked Control Systems Subject to One-Step Packet Dropout , 2016, IEEE Transactions on Industrial Informatics.

[8]  Jun Gao,et al.  Online Adaboost-Based Parameterized Methods for Dynamic Distributed Network Intrusion Detection , 2014, IEEE Transactions on Cybernetics.

[9]  Fuwen Yang,et al.  A novel islanding fault detection for distributed generation systems , 2014 .

[10]  Qing-Long Han,et al.  Security Control for Discrete-Time Stochastic Nonlinear Systems Subject to Deception Attacks , 2018, IEEE Transactions on Systems, Man, and Cybernetics: Systems.

[11]  Qing-Long Han,et al.  A survey on recent advances in distributed sampled-data cooperative control of multi-agent systems , 2018, Neurocomputing.

[12]  Qing-Long Han,et al.  A Dynamic Event-Triggered Transmission Scheme for Distributed Set-Membership Estimation Over Wireless Sensor Networks , 2019, IEEE Transactions on Cybernetics.

[13]  Qing-Long Han,et al.  Distributed networked control systems: A brief overview , 2017, Inf. Sci..

[14]  Fuwen Yang,et al.  Set-Membership Filtering with State Constraints , 2009, IEEE Transactions on Aerospace and Electronic Systems.

[15]  Qing-Long Han,et al.  Event-Based Networked Islanding Detection for Distributed Solar PV Generation Systems , 2017, IEEE Transactions on Industrial Informatics.

[16]  Mo-Yuen Chow,et al.  Networked Control System: Overview and Research Trends , 2010, IEEE Transactions on Industrial Electronics.

[17]  Xinghuo Yu,et al.  Smart Grids: A Cyber–Physical Systems Perspective , 2016, Proceedings of the IEEE.

[18]  Qing-Long Han,et al.  Event-Based Set-Membership Leader-Following Consensus of Networked Multi-Agent Systems Subject to Limited Communication Resources and Unknown-But-Bounded Noise , 2017, IEEE Transactions on Industrial Electronics.

[19]  D. Bertsekas,et al.  Recursive state estimation for a set-membership description of uncertainty , 1971 .

[20]  Qing-Long Han,et al.  State estimation under false data injection attacks: Security analysis and system protection , 2018, Autom..

[21]  Qing-Long Han,et al.  Fixed-Time Cooperative Control of Multi-Agent Systems , 2019 .

[22]  Qing-Long Han,et al.  Variance-Constrained Distributed Filtering for Time-Varying Systems With Multiplicative Noises and Deception Attacks Over Sensor Networks , 2017, IEEE Sensors Journal.

[23]  Lang Tong,et al.  Malicious Data Attacks on the Smart Grid , 2011, IEEE Transactions on Smart Grid.

[24]  Fuwen Yang,et al.  Set-membership filtering for systems with sensor saturation , 2009, Autom..

[25]  Guo-Ping Liu,et al.  Design and Implementation of Secure Networked Predictive Control Systems Under Deception Attacks , 2012, IEEE Transactions on Control Systems Technology.

[26]  Karolos M. Grigoriadis,et al.  A unified algebraic approach to linear control design , 1998 .

[27]  Pramod K. Varshney,et al.  Collaborative Spectrum Sensing in the Presence of Byzantine Attacks in Cognitive Radio Networks , 2010, IEEE Transactions on Signal Processing.

[28]  Stephen P. Boyd,et al.  Semidefinite Programming , 1996, SIAM Rev..

[29]  D. Simon,et al.  Kalman filtering with state equality constraints , 2002 .

[30]  Bruno Sinopoli,et al.  Physical Authentication of Control Systems: Designing Watermarked Control Inputs to Detect Counterfeit Sensor Outputs , 2015, IEEE Control Systems.

[31]  Guoqiang Hu,et al.  Distributed Secure Coordinated Control for Multiagent Systems Under Strategic Attacks , 2017, IEEE Transactions on Cybernetics.

[32]  Yang Xiang,et al.  A survey on security control and attack detection for industrial cyber-physical systems , 2018, Neurocomputing.

[33]  S.T. Sarasamma,et al.  Min-max hyperellipsoidal clustering for anomaly detection in network security , 2006, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[34]  Bruno Sinopoli,et al.  Detecting Integrity Attacks on SCADA Systems , 2011 .

[35]  Qing-Long Han,et al.  Network-based modelling and dynamic output feedback control for unmanned marine vehicles in network environments , 2018, Autom..

[36]  Qing-Long Han,et al.  An Overview of Recent Advances in Fixed-Time Cooperative Control of Multiagent Systems , 2018, IEEE Transactions on Industrial Informatics.

[37]  Qing-Long Han,et al.  An Overview of Recent Advances in Event-Triggered Consensus of Multiagent Systems , 2018, IEEE Transactions on Cybernetics.

[38]  Fuwen Yang,et al.  Set-Membership Filtering for Discrete-Time Systems With Nonlinear Equality Constraints , 2009, IEEE Transactions on Automatic Control.

[39]  Yunghsiang Sam Han,et al.  Distributed Bayesian Detection in the Presence of Byzantine Data , 2013, IEEE Transactions on Signal Processing.

[40]  Danda B. Rawat,et al.  Detection of False Data Injection Attacks in Smart Grid Communication Systems , 2015, IEEE Signal Processing Letters.

[41]  Q. Han,et al.  Distributed event-triggered networked set-membership filtering with partial information transmission , 2017 .

[42]  Kwangjo Kim,et al.  Data Randomization and Cluster-Based Partitioning for Botnet Intrusion Detection , 2016, IEEE Transactions on Cybernetics.

[43]  S. Shankar Sastry,et al.  Research Challenges for the Security of Control Systems , 2008, HotSec.

[44]  Rafal Rohozinski,et al.  Stuxnet and the Future of Cyber War , 2011 .

[45]  Jill Slay,et al.  Lessons Learned from the Maroochy Water Breach , 2007, Critical Infrastructure Protection.

[46]  Zhu Han,et al.  Detecting False Data Injection Attacks on Power Grid by Sparse Optimization , 2014, IEEE Transactions on Smart Grid.

[47]  Giuseppe Carlo Calafiore,et al.  Robust filtering for discrete-time systems with bounded noise and parametric uncertainty , 2001, IEEE Trans. Autom. Control..