This work addresses the problem of cyber-attack isolation within a distributed diagnosis architecture for large-scale interconnected systems. Considering a distributed control architecture, malicious agents are capable of compromising the data exchanged between distributed controllers. Building on a distributed detection strategy existent in literature, in this paper we propose a distributed isolation algorithm to identify the attacked communication link. After presenting the isolation algorithm, we give a necessary and a sufficient condition for isolation to occur, relating to the structure of the physical interconnection matrices. We demonstrate the effectiveness of the proposed technique through numerical simulations
