A distributed networked approach for fault detection of large-scale systems

Networked systems present some key new challenges in the development of fault diagnosis architectures. This paper proposes a novel distributed networked fault detection methodology for large-scale interconnected systems. The proposed formulation incorporates a synchronization methodology with a filtering approach in order to reduce the effect of measurement noise and time delays on the fault detection performance. The proposed approach allows the monitoring of multi-rate systems, where asynchronous and delayed measurements are available. This is achieved through the development of a virtual sensor scheme with a model-based re-synchronization algorithm and a delay compensation strategy for distributed fault diagnostic units. The monitoring architecture exploits an adaptive approximator with learning capabilities for handling uncertainties in the interconnection dynamics. A consensus-based estimator with timevarying weights is introduced, for improving fault detectability in the case of variables shared among more than one subsystem. Furthermore, time-varying threshold functions are designed to prevent false-positive alarms. Analytical fault detectability sufficient conditions are derived and extensive simulation results are presented to illustrate the effectiveness of the distributed fault detection technique

Distributed fault diagnosis for process and sensor faults in a class of interconnected input-output nonlinear discrete-time systems

This paper presents a distributed fault diagnosis scheme able to deal with process and sensor faults in an integrated way for a class of interconnected input–output nonlinear uncertain discrete-time systems. A robust distributed fault detection scheme is designed, where each interconnected subsystem is monitored by its respective fault detection agent, and according to the decisions of these agents, further information regarding the type of the fault can be deduced. As it is shown, a process fault occurring in one subsystem can only be detected by its corresponding detection agent whereas a sensor fault in a subsystem can be detected by either its corresponding detection agent or the detection agent of another subsystem that is affected by the subsystem where the sensor fault occurred. This discriminating factor is exploited for the derivation of a high-level isolation scheme.Moreover, process and sensor fault detectability conditions characterising quantitatively the class of detectable faults are derived. Finally, a simulation example is used to illustrate the effectiveness of the proposed distributed fault detection scheme

An Adaptive Approach to Sensor Bias Fault Diagnosis and Accommodation for a Class of Input-Output Nonlinear Systems

This paper presents an adaptive sensor fault diagnosis and accommodation scheme for multiple sensor bias faults for a class of input-output nonlinear systems subject to modeling uncertainty and measurement noise. The proposed scheme consists of a nonlinear estimation model that includes an adaptive component which is initiated upon the detection of a fault, in order to approximate the magnitude of the bias faults. A detectability condition characterizing the class of detectable sensor bias faults is derived and the robustness and stability properties of the adaptive scheme are presented. The estimation of the magnitude of the sensor bias faults allows the identification of the faulty sensors and it is also used for fault accommodation purposes. The effectiveness of the proposed scheme is demonstrated through a simulation example

Stealthy integrity attacks for a class of nonlinear cyber-physical systems

This paper proposes a stealthy integrity attack generation methodology for a class of nonlinear cyber-physical systems. Geometric control theory and stability theory of incremental systems are used to design an attack generation scheme with stealthiness properties. An attack model is proposed as a closed-loop dynamical system with an arbitrary input signal. This model is developed based on a controlled invariant subspace that results from geometric control theory and is decoupled with the system outputs and the nonlinear function. The presence of the arbitrary signal in the attack model provides an additional degree of freedom and constitutes a novel component compared with existing results. The stealthiness property of the attack model is rigorously investigated based on the incremental stability of the closed-loop control system, and the incremental input-to-state stability of the anomaly detector. As a result, a sufficient condition in terms of the initial condition of the attack model is derived to guarantee stealthiness. Finally, a case study is presented to illustrate the effectiveness of the developed attack generation scheme

Passive attack detection for a class of stealthy intermittent integrity attacks

This paper proposes a passive methodology for detecting a class of stealthy intermittent integrity attacks in cyber-physical systems subject to process disturbances and measurement noise. A stealthy intermittent integrity attack strategy is first proposed by modifying a zero-dynamics attack model. The stealthiness of the generated attacks is rigorously investigated under the condition that the adversary does not know precisely the system state values. In order to help detect such attacks, a backward-in-time detection residual is proposed based on an equivalent quantity of the system state change, due to the attack, at a time prior to the attack occurrence time. A key characteristic of this residual is that its magnitude increases every time a new attack occurs. To estimate this unknown residual, an optimal fixed-point smoother is proposed by minimizing a piece-wise linear quadratic cost function with a set of specifically designed weighting matrices. The smoother design guarantees robustness with respect to process disturbances and measurement noise, and is also able to maintain sensitivity as time progresses to intermittent integrity attack by resetting the covariance matrix based on the weighting matrices. The adaptive threshold is designed based on the estimated backward-in-time residual, and the attack detectability analysis is rigorously investigated to characterize quantitatively the class of attacks that can be detected by the proposed methodology. Finally, a simulation example is used to demonstrate the effectiveness of the developed methodology

A Distributed Networked Approach for Fault Detection of Large-scale Systems

Networked systems present some key new challenges in the development of fault diagnosis architectures. This paper proposes a novel distributed networked fault detection methodology for large-scale interconnected systems. The proposed formulation incorporates a synchronization methodology with a filtering approach in order to reduce the effect of measurement noise and time delays on the fault detection performance. The proposed approach allows the monitoring of multi-rate systems, where asynchronous and delayed measurements are available. This is achieved through the development of a virtual sensor scheme with a model-based re-synchronization algorithm and a delay compensation strategy for distributed fault diagnostic units. The monitoring architecture exploits an adaptive approximator with learning capabilities for handling uncertainties in the interconnection dynamics. A consensus-based estimator with timevarying weights is introduced, for improving fault detectability in the case of variables shared among more than one subsystem. Furthermore, time-varying threshold functions are designed to prevent false-positive alarms. Analytical fault detectability sufficient conditions are derived and extensive simulation results are presented to illustrate the effectiveness of the distributed fault detection technique

Discrimination between replay attacks and sensor faults for cyber-physical systems via event-triggered communication

In this paper, a threat discrimination methodology is proposed for cyber-physical systems with event-triggered data communication, aiming to identify sensor bias faults from two possible types of threats: replay attacks and sensor bias faults. Event-triggered adaptive estimation and backward-in-time signal processing are the main techniques used. Specifically, distinct incremental systems of the event-triggered cyber-physical system resulting from the considered threat types are established for each threat type, and the difference between their inputs are found and utilized to discriminate the threats. An event-triggered adaptive estimator is then designed by using the event-triggered sampled data based on the system in the attack case, allowing to reconstruct the unknown increments in both the threat cases. The backward-in-time model of the incremental system in the replay attack case is proposed as the signal processor to process the reconstructions of the increments. Such a model can utilize the aforementioned input difference between the incremental systems such that its output has distinct quantitative properties in the attack case and in the fault case. The fault discrimination condition is rigorously investigated and characterizes quantitatively the class of distinguishable sensor bias faults. Finally, a numerical simulation is presented to illustrate the effectiveness of the proposed methodology

Identification of sensor replay attacks and physical faults for cyber-physical systems

This letter proposes a threat discrimination methodology for distinguishing between sensor replay attacks and sensor bias faults, based on the specially designed watermark integrated with adaptive estimation. For each threat type, a watermark is designed based on the changes that the threat imposes on the system. Threat discrimination conditions are rigorously investigated to characterize quantitatively the class of attacks and faults that can be discriminated by the proposed scheme. A simulation is presented to illustrate the effectiveness of our approach

Discrimination between replay attacks and sensor faults for cyber-physical systems via event-triggered communication

In this paper, a threat discrimination methodology is proposed for cyber-physical systems with event-triggered data communication, aiming to identify sensor bias faults from two possible types of threats: replay attacks and sensor bias faults. Event-triggered adaptive estimation and backward-in-time signal processing are the main techniques used. Specifically, distinct incremental systems of the event-triggered cyber-physical system resulting from the considered threat types are established for each threat type, and the difference between their inputs are found and utilized to discriminate the threats. An event-triggered adaptive estimator is then designed by using the event-triggered sampled data based on the system in the attack case, allowing to reconstruct the unknown increments in both the threat cases. The backward-in-time model of the incremental system in the replay attack case is proposed as the signal processor to process the reconstructions of the increments. Such a model can utilize the aforementioned input difference between the incremental systems such that its output has distinct quantitative properties in the attack case and in the fault case. The fault discrimination condition is rigorously investigated and characterizes quantitatively the class of distinguishable sensor bias faults. Finally, a numerical simulation is presented to illustrate the effectiveness of the proposed methodology

Fault diagnosis for uncertain networked systems

Fault diagnosis has been at the forefront of technological developments for several decades. Recent advances in many engineering fields have led to the networked interconnection of various systems. The increased complexity of modern systems leads to a larger number of sources of uncertainty which must be taken into consideration and addressed properly in the design of monitoring and fault diagnosis architectures. This chapter reviews a model-based distributed fault diagnosis approach for uncertain nonlinear large-scale networked systems to specifically address: (a) the presence of measurement noise by devising a filtering scheme for dampening the effect of noise; (b) the modeling of uncertainty by developing an adaptive learning scheme; (c) the uncertainty issues emerging when considering networked systems such as the presence of delays and packet dropouts in the communication networks. The proposed architecture considers in an integrated way the various components of complex distributed systems such as the physical environment, the sensor level, the fault diagnosers, and the communication networks. Finally, some actions taken after the detection of a fault, such as the identification of the fault location and its magnitude or the learning of the fault function, are illustrated