We consider a security problem for interconnected systems governed by linear,
discrete, time-invariant, stochastic dynamics, where the objective is to detect
exogenous attacks by processing the measurements at different locations. We
consider two classes of detectors, namely centralized and decentralized
detectors, which differ primarily in their knowledge of the system model. In
particular, a decentralized detector has a model of the dynamics of the
isolated subsystems, but is unaware of the interconnection signals that are
exchanged among subsystems. Instead, a centralized detector has a model of the
entire dynamical system. We characterize the performance of the two detectors
and show that, depending on the system and attack parameters, each of the
detectors can outperform the other. In particular, it may be possible for the
decentralized detector to outperform its centralized counterpart, despite
having less information about the system dynamics, and this surprising property
is due to the nature of the considered attack detection problem. To complement
our results on the detection of attacks, we propose and solve an optimization
problem to design attacks that maximally degrade the system performance while
maintaining a pre-specified degree of detectability. Finally, we validate our
findings via numerical studies on an electric power system.Comment: Submitted to IEEE Transactions on Automatic Control (TAC
