Distributionally Robust Tuning of Anomaly Detectors in Cyber-Physical Systems with Stealthy Attacks

Designing resilient control strategies for mitigating stealthy attacks is a crucial task in emerging cyber-physical systems. In the design of anomaly detectors, it is common to assume Gaussian noise models to maintain tractability; however, this assumption can lead the actual false alarm rate to be significantly higher than expected. We propose a distributionally robust anomaly detector for noise distributions in moment-based ambiguity sets. We design a detection threshold that guarantees that the actual false alarm rate is upper bounded by the desired one by using generalized Chebyshev inequalities. Furthermore, we highlight an important tradeoff between the worst-case false alarm rate and the potential impact of a stealthy attacker by efficiently computing an outer ellipsoidal bound for the attack-reachable states corresponding to the distributionally robust detector threshold. We illustrate this trade-off with a numerical example and compare the proposed approach with a traditional chi-squared detector.

Recommended citation: Renganathan, V., Hashemi, N., Ruths, J., & Summers, T. H. (2020, July). Distributionally robust tuning of anomaly detectors in cyber-physical systems with stealthy attacks. In 2020 American Control Conference (ACC) (pp. 1247-1252). IEEE.
Download Paper