Sensitivity analysis of the sequential test for detecting cyber-physical attacks

Abstract

This paper deals with the problem of detecting cyber-physical attacks on Supervisory Control And Data Acquisition (SCADA) systems. The discrete-time state space model is used to describe the systems. The attacks are modeled as additive signals of short duration on both state evolution and sensor measurement equations. The steady-state Kalman filter is employed to generate the sequence of innovations. Next, these independent random variables are used as entries of the Variable Threshold Window Limited CUmulative SUM (VTWL CUSUM) test. It has been shown that the optimal choice of thresholds with respect to (w.r.t.) the transient change detection criterion leads to the Finite Moving Average (FMA) test. The main contribution of this paper is a sensitivity analysis of the FMA test. This analysis is based on a numerical calculation of the probabilities of wrong decision under the variation of operational parameters. Theoretical results are applied to the detection of an attack scenario on a SCADA water network.