Quickest Detection of False Data Injection Attack in Distributed Process Tracking
Saqib Abbas Baba, Arpan Chattopadhyay
TL;DR
The paper investigates quickest detection of false data injection attacks in a distributed tracking network that uses Kalman consensus information filters (KCIF) without a central fusion center. It develops Bayesian and non-Bayesian QCD frameworks that operate on non-IID KCIF outputs at each node, providing recursive updates for attack-posteriors and local detection thresholds. The work derives conditional distributions and moments under pre- and post-attack scenarios, enabling local Shriyaev-style detection and MSPRT/WL-GLR strategies for detection and isolation of the attacked node. Numerical results demonstrate that the proposed distributed detectors substantially reduce detection delay compared to a windowed $\chi^2$ detector across Bayesian and non-Bayesian settings, highlighting the practical benefits for real-time CPS security. Overall, the approach enhances robustness of distributed process tracking against stealthy FDI by enabling prompt, local, and identifiable attack detection.
Abstract
This paper addresses the problem of detecting false data injection (FDI) attacks in a distributed network without a fusion center, represented by a connected graph among multiple agent nodes. Each agent node is equipped with a sensor, and uses a Kalman consensus information filter (KCIF) to track a discrete time global process with linear dynamics and additive Gaussian noise. The state estimate of the global process at any sensor is computed from the local observation history and the information received by that agent node from its neighbors. At an unknown time, an attacker starts altering the local observation of one agent node. In the Bayesian setting where there is a known prior distribution of the attack beginning instant, we formulate a Bayesian quickest change detection (QCD) problem for FDI detection in order to minimize the mean detection delay subject to a false alarm probability constraint. While it is well-known that the optimal Bayesian QCD rule involves checking the Shriyaev's statistic against a threshold, we demonstrate how to compute the Shriyaev's statistic at each node in a recursive fashion given our non-i.i.d. observations. Next, we consider non-Bayesian QCD where the attack begins at an arbitrary and unknown time, and the detector seeks to minimize the worst case detection delay subject to a constraint on the mean time to false alarm and probability of misidentification. We use the multiple hypothesis sequential probability ratio test for attack detection and identification at each sensor. For unknown attack strategy, we use the window-limited generalized likelihood ratio (WL-GLR) algorithm to solve the QCD problem. Numerical results demonstrate the performances and trade-offs of the proposed algorithms.