On applying fault detectors against false data injection attacks in cyber-physical control systems

Abstract

Much recent work has applied existing fault detectors against attacks in cyber-physical control systems. The results demonstrate effectiveness in detecting simplistic attacks that cause fault-like disruptions. However, they do not address motivated and knowledgeable attackers who craft attacks using knowledge of the system including its method of detecting attacks. In this paper, we analyze the conditions for an attacker to bypass a dissipativity-theoretic fault detector adopted in the prior work. We show that the attacker can use a quadratic programming solver to efficiently compute false data injection attacks to bypass the detector. We show further that, by applying an OR gate to fuse binary detection results from a number of the detectors, with carefully chosen parameters, we can achieve an integrated detector bank that cannot be bypassed by an attacker, if the attacker can tamper with either the sensor or control data of the system. For an n-dimensional linear time-invariant system, the number of needed fault detectors is O(n!). This number can be dramatically reduced to O(n) under a realistic assumption that the system has converged before the attack starts. Simulations for voltage control based on an IEEE 39-bus power system model validate our analysis.