Security analysis of control system anomaly detectors

Abstract

Two anomaly detectors for control systems are analyzed with respect to their sensitivity to malicious data injection attacks. A stateless anomaly detector based on the current residual signal is compared to a cumulative sum detector. The worst-case impact of a stealthy time-limited data injection attack is characterized for both detectors by a non-convex optimization problem and compared to determine which detector limits the impact the most. We prove that the problem can be solved by means of a set of convex optimization problems. Simulations verify that finding the right configuration for the cumulative sum is crucial to limit the worst-case attack impact more than with a stateless anomaly detector.