Data-driven replay attack detection for unknown cyber-physical systems

Abstract

This paper considers a data-driven method to detect stealthy replay attacks on cyber-physical systems (CPSs) whose models are unknown. Most existing attack detection methods assume the system dynamic is known. However, due to the large scale and complexity of the system, it is difficult to get an accurate model of a CPS. This paper uses a moving window subspace identification method to construct a linear discrete time-varying model of CPS. The controllability and observability of the obtained model are proved. On this basis, the replay attack is transformed into a detectable additive attack using the output coding strategy. Then, considering modeling errors, a time-varying H∞ filter is designed, and a detection function based on the output residual is constructed. When the system works without any attacks, the detection function approaches a limited threshold. On the contrary, that function will increase extremely larger than the threshold when the replay attack occurs. The detectability of our scheme for attacks is also mathematically proven. Finally, to verify the effectiveness of the proposed scheme, we provide simulation results on a linear motor system and a nonlinear robotic system.