Joint attack detection and secure state estimation of cyber‐physical systems

Abstract

SummaryThis paper deals with secure state estimation of cyber‐physical systems subject to switching (on/off) attack signals and injection of fake packets (via either packet substitution or insertion of extra packets). The random set paradigm is adopted in order to model, via random finite sets (RFSs), the switching nature of both system attacks and the injection of fake measurements. The problem of detecting an attack on the system and jointly estimating its state, possibly in the presence of fake measurements, is then formulated and solved in the Bayesian framework for systems with and without direct feedthrough of the attack input to the output. This leads to the analytical derivation of a hybrid Bernoulli filter (HBF) that updates in real time the joint posterior density of a Bernoulli attack RFS and of the state vector. A closed‐form Gaussian mixture implementation of the proposed HBF is fully derived in the case of invertible direct feedthrough. Finally, the effectiveness of the developed tools for joint attack detection and secure state estimation is tested on two case studies concerning a benchmark system for unknown input estimation and a standard IEEE power network application.