Characterization of Model-Based Detectors for CPS Sensor Faults/Attacks
For CPS security researchers, this work offers a principled method to tune CUSUM detectors and quantifies the advantage of dynamic over static detection, though the improvement is incremental.
The paper proposes a vector-valued model-based CUSUM procedure for detecting sensor faults/attacks in CPS, providing tuning tools and showing that the dynamic CUSUM detector outperforms the static chi-squared detector by achieving a lower upper bound on state degradation from undetected attacks.
A vector-valued model-based cumulative sum (CUSUM) procedure is proposed for identifying faulty/falsified sensor measurements. First, given the system dynamics, we derive tools for tuning the CUSUM procedure in the fault/attack free case to fulfill a desired detection performance (in terms of false alarm rate). We use the widely-used chi-squared fault/attack detection procedure as a benchmark to compare the performance of the CUSUM. In particular, we characterize the state degradation that a class of attacks can induce to the system while enforcing that the detectors (CUSUM and chi-squared) do not raise alarms. In doing so, we find the upper bound of state degradation that is possible by an undetected attacker. We quantify the advantage of using a dynamic detector (CUSUM), which leverages the history of the state, over a static detector (chi-squared) which uses a single measurement at a time. Simulations of a chemical reactor with heat exchanger are presented to illustrate the performance of our tools.