Disconnection-Aware Attack Detection and Isolation With Separation-Based Detector Reconfiguration

Abstract

This study addresses incident handling during an adverse event for dynamical networked control systems. Incident handling can be divided into five steps: detection, analysis, containment, eradication, and recovery. For networked control systems, the containment step can be conducted through physical disconnection of an attacked subsystem. In accordance with the disconnection, the equipped attack detection unit should be reconfigured to maintain its detection capability. In particular, separating the detection subunit associated with the disconnected subsystem is considered as a specific reconfiguration scheme in this study. This article poses the problem of disconnection-aware attack detection and isolation with the separation-based detector reconfiguration. The objective is to design an attack detection unit that preserves its detection and isolation capability even under any possible disconnection and separation. The difficulty arises from network topology variation caused by disconnection that can possibly lead to stability loss of the distributed observer inside the attack detection unit. A solution is proposed based on an existing controller design technique referred to as retrofit control. Furthermore, an application to low-voltage power distribution networks with distributed generation is exhibited. Numerical examples evidence the practical use of the proposed method through a benchmark distribution network.