Practical detectors to identify worst-case attacks

Recent work into quantifying the impact of attacks on control systems has motivated the design of worst-case attacks that define the envelope of the attack impact possible while remaining stealthy to model-based anomaly detectors. Such attacks - although stealthy for the considered detector test - tend to produce detector statistics that are easily identifiable by the naked eye. Although seemingly obvious, human operators cannot simultaneously monitor all process control variables of a large-scale cyber-physical system. What is lacking in the literature is a set of practical detectors that can identify such unusual attacked behavior. In defining these, we enable automated detection of to-date stealthy attacks and also further constrain the impact of attacks stealthy to a set of combined detectors, both existing and new.

Recommended citation: Umsonst, D., Hashemi, N., Sandberg, H., & Ruths, J. (2022, August). Practical detectors to identify worst-case attacks. In 2022 IEEE Conference on Control Technology and Applications (CCTA) (pp. 197-204). IEEE.
Download Paper