Department of Electrical and Electronic Engineering, Imperial College London
Doi
Abstract
Ubiquity of embedded computers and network connectivity have made control systems vulnerable to potential cyber-attacks. This has become a relevant problem after real-world cyber-security breaches targeting automation equipment, and notable research effort has been made in order to model such attacks and to render these systems more secure. However, particularly resourceful agents can design attacks that cannot be detected by existing monitoring system, and are therefore called stealthy. In this work, we address the case when these attacks are deployed on part of a Large-Scale System (LSS), which can be partitioned into a collection of Linear Time Invariant (LTI) systems. We provide a local characterisation of stealthy attacks for LSSs, including modelling in the state-space domain, analysis of the way physical interconnections affect detectability, and control resilience. For detectable attacks, we develop a general detection method that is distributed and scalable by design, as it relies only on neighbour-to-neighbour communication. The core principle is that, if one system is misbehaving, its neighbours can exploit the physical coupling to reveal such otherwise stealthy anomaly. Of this general idea, we devise two different implementations, depending on the types of disturbances affecting the system, namely disturbances with known bounds and stochastic Gaussian noise. In both cases, we design a residual generator which is sensitive to attacks in neighbouring systems, and provide theoretical analysis of its detection capabilities. Next, we give additional insights on the isolation properties ensuing our proposed methodology, obtaining conditions under which it is feasible. We prove that there are, in fact, some system topologies that do not allow for attack isolation. For those cases, we suitably augment the proposed detection algorithm and show that it is possible to isolate attacks in all cases, at the price of increased communication complexity. Isolation is a necessary step to allow for accommodation of the considered class of attacks. By this, we mean the design of an attack-tolerant control system that can counterbalance an attack’s effects once one is detected. Finally, in the last part of this work, we present early results in the disturbance-free case on how accommodation can be implemented. We provide existence conditions depending on the structure of the interconnections, and propose an algorithm that covers all cases. Each one of the methods proposed in this work is accompanied by a simulation example that demonstrates its effectiveness.Open Acces
