OT-DETECT: Optimal transport-driven attack detection in cyber-physical systems
This addresses security vulnerabilities in cyber-physical systems, such as industrial control networks, by providing a robust detection method, though it appears incremental as it builds on existing optimal transport and CUSUM techniques.
The paper tackles attack detection in cyber-physical systems by developing OT-DETECT, an optimal transport-driven algorithm that formulates detection as a minmax optimization using 1-Wasserstein ambiguity sets, resulting in a finite-dimensional linear program for worst-case distribution computation and a CUSUM procedure with a non-asymptotic false-positive error bound.
This article presents an optimal-transport (OT)-driven, distributionally robust attack detection algorithm, OT-DETECT, for cyber-physical systems (CPS) modeled as partially observed linear stochastic systems. The underlying detection problem is formulated as a minmax optimization problem using 1-Wasserstein ambiguity sets constructed from observer residuals under both the nominal (attack-free) and attacked regimes. We show that the minmax detection problem can be reduced to a finite-dimensional linear program for computing the worst-case distribution (WCD). Off-support residuals are handled via a kernel-smoothed score function that drives a CUSUM procedure for sequential detection. We also establish a non-asymptotic tail bound on the false-positive error of the CUSUM statistic under the nominal (attack-free) condition, under mild assumptions. Numerical illustrations are provided to evaluate the robustness properties of OT-DETECT.