Cyber-physical systems face cyberattacks that hinder performance, increase cost, or even collapse the system. Thus, rapid and accurate attack detection is crucial for quick activation of defense mechanisms. Model-based attack detection approaches are known for their precision; however, the unavailability of the exact system model poses a challenge. In response, model-free approaches have gained increased attention as a practical alternative. In this paper, an online model-free algorithm for detecting false data injection and jamming attacks on CPSs is proposed. The method leverages principal component analysis to reconstruct the expected observations in a reduced dimension space, emphasizing the most effective principal components. Then, deciding on attacked or normal operation relies on analyzing either the Euclidean distance or the cosine similarity of the discrepancy between the expected and actual observations. The proposed metrics effectively expose subtle deviations from expected behavior, as any alteration in these components augments the distance between the observed and reconstructed values. The proposed method was compared with the conventional cumulative sum discriminator and Kalman-based algorithm, using an IEEE-14, IEEE-30, and IEEE-118 bus systems. The results demonstrate the superiority of the proposed algorithm in terms of various evaluation metrics, including F-score, precision, recall, and miss detection ratio.
Read full abstract