Application of the unified control and detection framework to detecting stealthy integrity cyber-attacks on feedback control systems

Abstract: This draft addresses issues of detecting stealthy integrity cyber-attacks on automatic control systems in the unified control and detection framework. A general form of integrity cyber-attacks that cannot be detected using the well-established observer-based technique is first introduced as kernel attacks. The well-known replay, zero dynamics and covert attacks are special forms of the kernel attacks. Existence conditions for the kernel attacks are presented. It is demonstrated, in the unified framework of control and detection, that all kernel attacks can be structurally detected when not only the observer-based residual, but also the control signal based residual signals are generated and used for the detection purpose. Based on the analytical results, two schemes for detecting the kernel attacks are then proposed, which allow reliable attack detection without loss of control performance. While the first scheme is similar to the well-established moving target method and auxiliary system aided detection scheme, the second detector is realised with encrypted transmissions of control and monitoring signals in the feedback control system that prevents adversary to gain system knowledge by means of eavesdropping attacks. Both schemes are illustrated by examples of detecting replay, zero dynamics and covert attacks and an experimental study on a three-tank control system.