TY - JOUR
T1 - Causality Countermeasures for Anomaly Detection in Cyber-Physical Systems
AU - Shi, Dawei
AU - Guo, Ziyang
AU - Johansson, Karl Henrik
AU - Shi, Ling
N1 - Publisher Copyright:
© 1963-2012 IEEE.
PY - 2018/2
Y1 - 2018/2
N2 - The problem of attack detection in cyber-physical systems is considered in this paper. Transfer-entropy-based causality countermeasures are introduced for both sensor measurements and innovation sequences, which can be evaluated in a data-driven fashion without relying on a model of the underlying dynamic system. The relationships between the countermeasures and the system parameters as well as the noise statistics are investigated, based on which conditions that guarantee the time convergence of the countermeasures are obtained. The effectiveness of the transfer entropy countermeasures in attack detection is evaluated via theoretical analysis, numerical demonstrations, as well as comparative simulations with classical χ2 detectors. Four types of attacks are considered: denial-of-service, replay, innovation-based deception, and data injection attacks. Abnormal behavior of the transfer entropy can be observed after the occurrence of each of these attacks.
AB - The problem of attack detection in cyber-physical systems is considered in this paper. Transfer-entropy-based causality countermeasures are introduced for both sensor measurements and innovation sequences, which can be evaluated in a data-driven fashion without relying on a model of the underlying dynamic system. The relationships between the countermeasures and the system parameters as well as the noise statistics are investigated, based on which conditions that guarantee the time convergence of the countermeasures are obtained. The effectiveness of the transfer entropy countermeasures in attack detection is evaluated via theoretical analysis, numerical demonstrations, as well as comparative simulations with classical χ2 detectors. Four types of attacks are considered: denial-of-service, replay, innovation-based deception, and data injection attacks. Abnormal behavior of the transfer entropy can be observed after the occurrence of each of these attacks.
KW - Anomaly detection
KW - causality countermeasures
KW - cyber-physical systems
KW - transfer entropy
UR - http://www.scopus.com/inward/record.url?scp=85021740831&partnerID=8YFLogxK
U2 - 10.1109/TAC.2017.2714646
DO - 10.1109/TAC.2017.2714646
M3 - Article
AN - SCOPUS:85021740831
SN - 0018-9286
VL - 63
SP - 386
EP - 401
JO - IEEE Transactions on Automatic Control
JF - IEEE Transactions on Automatic Control
IS - 2
M1 - 7946131
ER -