Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

False Data-Injection Attack Detection in Cyber-Physical Systems: A Wasserstein Distributionally Robust Reachability Optimization Approach

Yulin Feng, Dapeng Lan, Chao Shang

TL;DR

This work addresses anomaly detection for cyber-physical systems under stealthy false data-injection attacks with disturbances of unknown distribution. It introduces a Wasserstein distributionally robust detector that optimizes a security metric based on the asymptotic reachable set of state deviations, while enforcing a distributionally robust false alarm constraint. The main contributions include an exact finite reformulation leading to bilinear matrix inequality (BMI)–based optimization solved via sequential minimization, and an extension to rank-deficient attack projections. A three-tank case study demonstrates robust FAR control and competitive attack detection performance under non-Gaussian disturbances, highlighting practical viability for offline detector design in CPS security.

Abstract

Cyber-physical system (CPS) is the foundational backbone of modern critical infrastructures, so ensuring its security and resilience against cyber-attacks is of pivotal importance. This paper addresses the challenge of designing anomaly detectors for CPS under false-data injection (FDI) attacks and stochastic disturbances governed by unknown probability distribution. By using the Wasserstein ambiguity set, a prevalent data-driven tool in distributionally robust optimization (DRO), we first propose a new security metric to deal with the absence of disturbance distribution. This metric is designed by asymptotic reachability analysis of state deviations caused by stealthy FDI attacks and disturbance in a distributionally robust confidence set. We then formulate the detector design as a DRO problem that optimizes this security metric while controlling the false alarm rate robustly under a set of distributions. This yields a trade-off between robustness to disturbance and performance degradation under stealthy attacks. The resulting design problem turns out to be a challenging semi-infinite program due to the existence of distributionally robust chance constraints. We derive its exact albeit non-convex reformulation and develop an effective solution algorithm based on sequential minimization. Finally, a case study on a simulated three-tank is illustrated to demonstrate the efficiency of our design in robustifying against unknown disturbance distribution.

False Data-Injection Attack Detection in Cyber-Physical Systems: A Wasserstein Distributionally Robust Reachability Optimization Approach

TL;DR

This work addresses anomaly detection for cyber-physical systems under stealthy false data-injection attacks with disturbances of unknown distribution. It introduces a Wasserstein distributionally robust detector that optimizes a security metric based on the asymptotic reachable set of state deviations, while enforcing a distributionally robust false alarm constraint. The main contributions include an exact finite reformulation leading to bilinear matrix inequality (BMI)–based optimization solved via sequential minimization, and an extension to rank-deficient attack projections. A three-tank case study demonstrates robust FAR control and competitive attack detection performance under non-Gaussian disturbances, highlighting practical viability for offline detector design in CPS security.

Abstract

Cyber-physical system (CPS) is the foundational backbone of modern critical infrastructures, so ensuring its security and resilience against cyber-attacks is of pivotal importance. This paper addresses the challenge of designing anomaly detectors for CPS under false-data injection (FDI) attacks and stochastic disturbances governed by unknown probability distribution. By using the Wasserstein ambiguity set, a prevalent data-driven tool in distributionally robust optimization (DRO), we first propose a new security metric to deal with the absence of disturbance distribution. This metric is designed by asymptotic reachability analysis of state deviations caused by stealthy FDI attacks and disturbance in a distributionally robust confidence set. We then formulate the detector design as a DRO problem that optimizes this security metric while controlling the false alarm rate robustly under a set of distributions. This yields a trade-off between robustness to disturbance and performance degradation under stealthy attacks. The resulting design problem turns out to be a challenging semi-infinite program due to the existence of distributionally robust chance constraints. We derive its exact albeit non-convex reformulation and develop an effective solution algorithm based on sequential minimization. Finally, a case study on a simulated three-tank is illustrated to demonstrate the efficiency of our design in robustifying against unknown disturbance distribution.

Paper Structure

This paper contains 11 sections, 5 theorems, 54 equations, 11 figures, 1 table, 1 algorithm.

Table of Contents

  1. Introduction
  2. Preliminaries
  3. CPS Configuration
  4. Wasserstein-based Distributionally Robust Detection Design
  5. Main Result
  6. Stealthy Attack Set and Performance Degradation Metric
  7. Derivation of Asymptotical Outer Approximation
  8. Design Problem Formulation and Solution Algorithm
  9. Design under Row Rank-Deficient $W_a$
  10. Case Study
  11. Conclusion

Key Result

Lemma 1

(murguia2020security). Suppose a given constant $\alpha \in (0, 1)$ and a nonnegative function $V(k)$, if $\omega_i(k)^\top M_i\omega_i(k) \leq 1$ with $M_i \succ 0$, $i\in \mathbb{N}_{1:N_{\alpha}}$ and there exist $\alpha_i\in (0, 1),~i\in \mathbb{N}_{1:N}$, satisfying $\sum_{i=1}^{N_{\alpha}} \al then, the bound of $V(k)$ satisfies and its asymptotic upper bound is given by $\lim_{k \to \infty

Figures (11)

  • Figure 1: CPS under FDI attacks.
  • Figure 2: Cross-validation results under different Wasserstein radii $\theta$.
  • Figure 3: Residual evaluation function $J(r)$ of the proposed method with $\beta=0.7$ and the benchmark designs under the attack-free scenario.
  • Figure 4: Residual evaluation function $J(r)$ of the proposed method with $\beta=0.7$ and the benchmark designs, where a sequence of uniformly distributed random attacks $\lVert a(k)\rVert_{\infty}\leq0.35$ is injected after the $250$th time step.
  • Figure 5: Security metric $\log \det(\bar{M})$ of the proposed method versus varying $\varepsilon$ and $\beta$.
  • ...and 6 more figures

Theorems & Definitions (15)

  • Definition 1: FAR ding2008model
  • Definition 2: Wasserstein distance, kantorovich1958space
  • Definition 3: Wasserstein ambiguity set, mohajerin2018data
  • Remark 1
  • Lemma 1
  • Theorem 1
  • proof
  • Lemma 2
  • Theorem 2
  • proof
  • ...and 5 more