Attack Detection and Identification in
Cyber-Physical Systems
Fabio Pasqualetti, Florian D
¨
orfler, and Francesco Bullo
Abstract
Cyber-physical systems are ubiquitous in power systems, transportation networks, industrial process
control and critical infrastructures. These systems need to operate reliably in the face of unforeseen
failures and external malicious attacks. In this paper (i) we propose a mathematical framework for cyber-
physical systems, attacks, and monitors; (ii) we characterize fundamental monitoring limitations from
system-theoretic and graph-theoretic perspectives; and (iii) we design centralized and distributed attack
detection and identification monitors. Finally, we validate our findings through compelling examples.
I. INTRODUCTION
Cyber-physical systems integrate physical processes, computational resources, and communi-
cation capabilities. Examples of cyber-physical systems include transportation networks, power
generation and distribution networks, water and gas distribution networks, and advanced com-
munication systems. As recently highlighted by the Maroochy water breach [1] in March 2000,
multiple recent power blackouts in Brazil [2], the SQL Slammer worm attack on the Davis-Besse
nuclear plant in January 2003 [3], the StuxNet computer worm [4] in June 2010, and by various
industrial security incidents [5], cyber-physical systems are prone to failures and attacks on their
physical infrastructure, and cyber attacks on their data management and communication layer.
Concerns about security of control systems are not new, as the numerous manuscripts on
systems fault detection, isolation, and recovery testify [6], [7]. Cyber-physical systems, however,
suffer from specific vulnerabilities which do not affect classical control systems, and for which
This material is based upon work supported in part by NSF grant CNS-1135819 and by the Institute for Collaborative
Biotechnologies through grant W911NF-09-0001 from the U.S. Army Research Office.
Fabio Pasqualetti, Florian D
¨
orfler, and Francesco Bullo are with the Center for Control, Dynamical Systems and Computation,
University of California at Santa Barbara, {fabiopas,dorfler,bullo}@engineering.ucsb.edu.
appropriate detection and identification techniques need to be developed. For instance, the
reliance on communication networks and standard communication protocols to transmit measure-
ments and control packets increases the possibility of intentional and worst-case attacks against
physical plants. On the other hand, information security methods, such as authentication, access
control, and message integrity, appear inadequate for a satisfactory protection of cyber-physical
systems. Indeed, these security methods do not exploit the compatibility of the measurements
with the underlying physical process or the control mechanism, and they are therefore ineffective
against insider attacks targeting the physical dynamics [1].
Related work. The analysis of vulnerabilities of cyber-physical systems to external attacks has
received increasing attention in the last years. The general approach has been to study the
effect of specific attacks against particular systems. For instance, in [8] deception and denial
of service attacks against a networked control system are defined, and, for the latter ones, a
countermeasure based on semi-definite programming is proposed. Deception attacks refer to the
possibility of compromising the integrity of control packets or measurements, and they are cast
by altering the behavior of sensors and actuators. Denial of service attacks, instead, compromise
the availability of resources by, for instance, jamming the communication channel. In [9] false
data injection attacks against static state estimators are introduced. False data injection attacks
are specific deception attacks in the context of static estimators. It is shown that undetectable
false data injection attacks can be designed even when the attacker has limited resources. In a
similar fashion, stealthy deception attacks against the Supervisory Control and Data Acquisition
system are studied, among others, in [10]. In [11] the effect of replay attacks on a control
system is discussed. Replay attacks are cast by hijacking the sensors, recording the readings
for a certain amount of time, and repeating such readings while injecting an exogenous signal
into the system. It is shown that these attacks can be detected by injecting a signal unknown
to the attacker into the system. In [12] the effect of covert attacks against control systems is
investigated. Specifically, a parameterized decoupling structure allows a covert agent to alter
the behavior of the physical plant while remaining undetected from the original controller. In
[13] a resilient control problem is studied, in which control packets transmitted over a network
are corrupted by a human adversary. A receding-horizon Stackelberg control law is proposed to
stabilize the control system despite the attack. Recently the problem of estimating the state of a
linear system with corrupted measurements has been studied [14]. More precisely, the maximum
number of tolerable faulty sensors is characterized, and a decoding algorithm is proposed to detect
corrupted measurements. Finally, security issues of specific cyber-physical systems have received
considerable attention, such as power networks [15]–[19], linear networks with misbehaving
components [20], [21], and water networks [22], [23].
Contributions. The contributions of this paper are as follows. First, we describe a unified
modeling framework for cyber-physical systems and attacks (Section II). Motivated by existing
cyber-physical systems and existing attack scenarios, we model a cyber-physical system under
attack as a descriptor system subject to unknown inputs affecting the state and the measurements.
For our model, we define the notions of detectability and identifiability of an attack by its effect
on output measurements. Informed by the classic work on geometric control theory [24], [25],
our framework includes the deterministic static detection problem considered in [9], [10], and
the prototypical deception and denial of service [8], stealth [16], (dynamic) false-data injection
[26], replay attacks [11], and covert attacks [12] as special cases.
Second, we show the fundamental limitations of a class of monitors (Section III-A). This
class includes the widely-studied static, dynamic, and active monitors. We prove that (i) a cyber-
physical attack is undetectable by our monitors if and only if the attackers’ signal excites uniquely
the zero dynamics of the input/output system, and (ii) that undetectable and unidentifiable attacks
can be cast without knowing monitoring signals or the system noise.
Third, we provide a graph-theoretic characterization of undetectable attacks (Section III-B).
We borrow some tools from the theory of structured systems, and we identify conditions on the
system interconnection structure for the existence of undetectable attacks. These conditions are
generic, in the sense that they hold for almost all numerical systems with the same structure, and
they can be efficiently verified. As a complementary result, we extend a result of [27] on structural
left-invertibility to regular descriptor systems. Finally, with respect to our earlier work [20], [21],
we consider continuous-time descriptor systems, and we include parameters constraints.
Fourth, we design centralized and distributed monitors (Section IV). Our centralized monitors
and our distributed detection monitor are complete, in the sense that they detect and identify
every (detectable and identifiable) attack. Our centralized monitors are designed by leveraging
on tools from geometric control theory, while our distributed detection monitor relies upon
techniques from distributed control and parallel computation. Additionally, we characterize the
computational complexity of the attack identification problem.
Fifth and finally, we illustrate the potential impact of our theoretical findings through com-
pelling examples. In particular, (i) we design an undetectable state attack to destabilize the
WSSC 3-machine 6-bus power system, (ii) we characterize the resilience to output attacks of the
IEEE 14 bus system, (iii) we show the detection performance of our distributed monitor on the
IEEE 118 bus system, and (iv) we use the RTS 96 network model to illustrate that our methods
are effective also in the presence of system noise, nonlinearities, and modeling uncertainties.
Through these examples we show the advantages of dynamic monitors against static ones, and
we provide insight on the design of attacks.
II. PROBLEM SETUP AND PRELIMINARY RESULTS
In this paper we model cyber-physical systems under attack as linear time-invariant descriptor
systems subject to unknown inputs. This simplified model neglects system nonlinearities and the
presence of noise in the dynamics and the measurements. Nevertheless, such a simplified model
has long proven useful in studying stability, faults, and attacks in, for instance, power networks,
sensor networks, and water networks. It is our premise that more detailed models are unlikely
to change the basic conclusions of this work.
Model of cyber-physical systems under attack. We consider the descriptor system
1
E ˙x(t) = Ax(t) + Bu(t),
y(t) = Cx(t) + Du(t),
(1)
where x(t) ∈ R
n
, u(t) ∈ R
m
, y(t) ∈ R
p
, E ∈ R
n×n
, A ∈ R
n×n
, B ∈ R
n×m
, C ∈ R
p×n
, and D ∈
R
p×m
. Here the matrix E is possibly singular, and the inputs Bu and Du are unknown signals
describing disturbances affecting the plant. Besides reflecting the genuine failure of systems
components, these disturbances model the effect of attacks against the cyber-physical system.
Without loss of generality, we assume that each state and output variable can be independently
compromised by an attacker, and we let B = [I
n×n
0
n×p
] and D = [0
p×n
I
p×p
].
The attack signal t 7→ u(t) ∈ R
n+p
depends upon the specific attack strategy. In particular, if
K ⊆ {1, . . . , n + p} is the attack set, with |K| = k, then all (and only) the entries of u indexed
by K are nonzero over time, that is, for each i ∈ K, there exists a time t such that u
i
(t) 6= 0,
1
The results stated in this paper for continuous-time descriptor systems hold also for discrete-time descriptor systems and
nonsingular systems. Moreover, due to linearity of (1), known inputs do not affect our results.
and u
j
(t) = 0 for all j 6∈ K and at all times. To underline this sparsity relation, we sometimes
use u
K
to denote the attack signal, that is the subvector of u indexed by K. Accordingly, the
pair (B
K
, D
K
), where B
K
and D
K
are the submatrices of B and D with columns in K, denote
the attack signature. Hence, Bu(t) = B
K
u
K
(t), and Du(t) = D
K
u
K
(t). Since the matrix E
may be singular, we make the following assumptions on system (1):
(A1) the pair (E, A) is regular, that is, the determinant |sE − A| does not vanish identically;
(A2) the initial condition x(0) ∈ R
n
is consistent, that is, (Ax(0) + Bu(0)) ∈ Im(E); and
(A3) the input signal u(t) is smooth.
Assumption (A1) assures the existence of a unique solution x(t) to (1). Assumptions (A2) and
(A3) guarantee smoothness of the state trajectory x(t) and the measurements y(t), [28, Lemma
2.5]. If assumptions (A2) and (A3) are dropped, then there are inconsistent initial conditions and
impulsive inputs by which a powerful attacker can avoid detection; see Remark 4. Throughout
the paper, the cardinality k of the attack set, or an upper bound, is assumed to be known.
Remark 1: (Examples of cyber-physical systems requiring advanced security mechanisms)
Future power grids will combine physical dynamics with a sophisticated coordination infrastruc-
ture. The cyber-physical security of the grid has been identified as an issue of primary concern,
see [19], [29] and [10], [16]–[18], [30], [31].
Mass transport networks are cyber-physical systems, such as gas transmission and distribution
networks [32], large-scale process engineering plants [33], and water networks. Examples of
water networks include open channel flows [34] for irrigation purposes and municipal water
networks [35], [36]. The vulnerability of open channel networks to cyber-physical attacks has
been studied in [12], [22], and municipal water networks are also known to be susceptible to
attacks on the hydraulics [1] and biochemical contamination threats [23].
Power networks and mass transport network under attack can be modeled by descriptor systems
with unknown inputs. For instance, the small-signal version of the classical structure-preserving
power network model reads as [30], [31]
I 0 0
0 M
g
0
0 0 0
˙
δ(t)
˙ω(t)
˙
θ(t)
=−
0 −I 0
L
gg
D
g
L
gl
L
lg
0 L
ll
δ(t)
ω(t)
θ(t)
+
0
P
ω
(t)
P
θ
(t)
, (2)
where δ and ω denote the generator rotor angles and frequencies, θ are the voltage angles at the
buses, L =
h
L
gg
L
gl
L
lg
L
ll
i
is the network susceptance matrix, M
g
and D
g
are the diagonal matrices
![Fig. 6. Distributed detection of an output attack in the IEEE 118 system: The attacker compromises the measurements of all generators in area 1 from time 30s with a signal uniformly distributed in the interval [0, 0.5]. The residuals in Fig. 6(a) show that the attack is correctly detected, because the residual functions do not decay to zero. For the simulation, we run k = 100 iterations of the attack detection method. The plot in Fig. 6(b) represents the error of our waveform relaxation based filter (15) with respect to the corresponding decentralized filter. As predicted by Theorem 4.3, the error is convergent.](/figures/fig-6-distributed-detection-of-an-output-attack-in-the-ieee-1wyx7fro.webp)
![Fig. 1. A block diagram illustration of prototypical attacks is here reported. In Fig. 1(a) the attacker corrupts the measurements y with the signal DKuK ∈ Im(C). Notice that in this attack the dynamics of the system are not considered. In Fig. 1(b) the attacker affects the output so that y(t) = y(x(0), [ūT uT]T, t) = y(x̃(0), 0, t). The covert attack in Fig. 1(c) is a feedback version of the replay attack, and it can be explained analogously. In Fig. 1(d) the attack is such that the unstable pole p is made unobservable.](/figures/fig-1-a-block-diagram-illustration-of-prototypical-attacks-x39q4hj5.webp)
![Fig. 5. For the IEEE 14 bus system in Fig. 5, if the voltage angle of one bus is measured exactly, then a cyber attack against the measurements data is always detectable by our dynamic detection procedure. In contrary, as shown in [9], a cyber attack may remain undetected by a static procedure if it compromises as few as four measurements.](/figures/fig-5-for-the-ieee-14-bus-system-in-fig-5-if-the-voltage-31p6tyg2.webp)
![Fig. 2. Fig. 2(a) shows the WSSC power system with 3 generators and 6 buses. The numerical value of the network parameters can be found in [30]. The digraph associated with the network in Fig. 2(a). The self-loops of the vertices {δ1, δ2, δ3}, {ω1, ω2, ω3}, and {θ1, . . . , θ6} are not drawn. The inputs u1 and u2 affect respectively the bus b4 and the bus b5. The measured variables are the rotor angle and frequency of the first generator.](/figures/fig-2-fig-2-a-shows-the-wssc-power-system-with-3-generators-2mm29nkx.webp)
