A reachable set-based scheme for the detection of false data injection cyberattacks on dynamic processes

Recent cyberattacks targeting process control systems have demonstrated that reliance on information technology-based approaches alone to address cybersecurity needs is insufficient and that operational technology-based solutions are needed. An attack detection scheme that monitors process operation and determines the presence of an attack represents an operational technology-based approach. Attack detection schemes may be designed to monitor a process operated at or near its steady–state to account for the typical operation of chemical processes. However, transient operation may occur; for example, during process start-up and set–point changes. Detection schemes designed or tuned for steady-state operation may raise false alarms during transient process operation. In this work, we present a reachable set-based cyberattack detection scheme for monitoring processes during transient operation. Both additive and multiplicative false data injection attacks (FDIAs) that alter data communicated over the sensor–controller and controller–actuator communication links are considered. For the class of attacks considered, the detection scheme does not raise false alarms during transient operations. Conditions for classifying attacks based on the ability of the detection scheme to detect the attacks are presented. The application of the reachable set-based detection scheme is demonstrated using two illustrative processes under different FDIAs. For the FDIAs considered, their detectability with respect to the reachable set-based detection scheme is analyzed.