Koopman Operator-based Detection-Isolation of Cyberattack: A Case Study on Electric Vehicle Charging
Sanchita Ghosh, Tanushree Roy
TL;DR
The paper tackles cyberattack detection and isolation in CPS using a model‑free Koopman operator framework that learns online from limited measurements. It leverages Koopman eigenfunctions $\phi_i$ and Koopman modes $v_i^h$ to form residuals $r_D$ for attack detection and introduces an isolation metric $r_I$ to distinguish actuation from sensor attacks, including analytical conditions for when attacks can be indistinguishable. A detailed EV charging case study with a Li‑ion battery demonstrates timely detection (within about 1 s) and correct isolation under actuator and sensor attack scenarios, validating the approach with limited data and no full system model. The methodology offers a practical, data‑driven means to secure CPS during charging operations and potentially other cyber‑physical settings that exhibit nonlinear dynamics.
Abstract
One of the key challenges towards the reliable operation of cyber-physical systems (CPS) is the threat of cyberattacks on system actuation signals and measurements. In recent years, system theoretic research has focused on effectively detecting and isolating these cyberattacks to ensure proper restorative measures. Although both model-based and model-free approaches have been used in this context, the latter are increasingly becoming more popular as complexities and model uncertainties in CPS increases. Thus, in this paper we propose a Koopman operator-based model-free cyberattack detection-isolation scheme for CPS. The algorithm uses limited system measurements for its training and generates real-time detection-isolation flags. Furthermore, we present a simulation case study to detect and isolate actuation and sensor attacks in a Lithium-ion battery system of a plug-in electric vehicle during charging.