Sequential Detection of Replay Attacks

Abstract

One of the most studied forms of attacks on the cyber-physical systems is the replay attack. The statistical similarities of the replayed signal and the true observations make the replay attack difficult to detect. In this article, we address the problem of replay attack detection by adding watermarking to the control inputs and then perform resilient detection using cumulative sum (CUSUM) test on the joint statistics of the innovation signal and the watermarking signal, whereas existing work considers only the marginal distribution of the innovation signal. We derive the expression of the Kullback–Liebler divergence (KLD) between the two joint distributions before and after the replay attack, which is, asymptotically, inversely proportional to the detection delay. We perform a structural analysis of the derived KLD expression and suggest a technique to improve the KLD for the systems with relative degree greater than one. A scheme to find the optimal watermarking signal variance for a fixed increase in the control cost to maximize the KLD under the CUSUM test is presented. We provide various numerical simulation results to support our theory. The proposed method is also compared with a state-of-the-art method based on the Neyman–Pearson detector, illustrating the smaller detection delay of the proposed sequential detector.