TY - JOUR
T1 - Combining switching mechanism with re-initialization and anomaly detection for resiliency of cyber–physical systems
AU - Fu, Hao
AU - Krishnamurthy, Prashanth
AU - Khorrami, Farshad
N1 - Publisher Copyright:
© 2024 Elsevier Ltd
PY - 2025/2
Y1 - 2025/2
N2 - Cyber–physical systems (CPS) play a pivotal role in numerous critical real-world applications that have stringent requirements for safety. To enhance the CPS resiliency against attacks, redundancy can be integrated in real-time controller implementations by designing strategies that switch among multiple controllers. However, existing switching strategies typically overlook remediation measures for compromised controllers, opting instead to simply exclude them. Such a solution reduces the CPS redundancy since only a subset of controllers are used. To address this gap, this work proposes a multi-controller switching strategy with periodic re-initialization to remove attacks. Controllers that finish re-initialization can be reused by the switching strategy, preserving the CPS redundancy and resiliency. The proposed switching strategy is designed to ensure that at each switching moment, a controller that has just completed re-initialization is available, minimizing the likelihood of compromise. Additionally, the controller's working period decreases with the number of involved controllers, reducing the controller's exposure time to attacks. An anomaly detector is used to detect CPS attacks during the controller's working period. Upon alarm activation, the current control signal is set to a predefined value, and a switch to an alternative controller occurs at the earliest switching moment. Our switching strategy is shown to be still effective even if the anomaly detector fails to detect (stealthy) attacks. The efficacy of our strategy is analyzed through three derived conditions under a proposed integrated attack-defense model for mean-square boundedness of the CPS states. Simulation results on a third-order system and a single-machine infinite-bus (SMIB) system confirm that our approach significantly bolsters CPS resiliency by leveraging the advantages of re-initialization, anomaly detection, and switching mechanisms.
AB - Cyber–physical systems (CPS) play a pivotal role in numerous critical real-world applications that have stringent requirements for safety. To enhance the CPS resiliency against attacks, redundancy can be integrated in real-time controller implementations by designing strategies that switch among multiple controllers. However, existing switching strategies typically overlook remediation measures for compromised controllers, opting instead to simply exclude them. Such a solution reduces the CPS redundancy since only a subset of controllers are used. To address this gap, this work proposes a multi-controller switching strategy with periodic re-initialization to remove attacks. Controllers that finish re-initialization can be reused by the switching strategy, preserving the CPS redundancy and resiliency. The proposed switching strategy is designed to ensure that at each switching moment, a controller that has just completed re-initialization is available, minimizing the likelihood of compromise. Additionally, the controller's working period decreases with the number of involved controllers, reducing the controller's exposure time to attacks. An anomaly detector is used to detect CPS attacks during the controller's working period. Upon alarm activation, the current control signal is set to a predefined value, and a switch to an alternative controller occurs at the earliest switching moment. Our switching strategy is shown to be still effective even if the anomaly detector fails to detect (stealthy) attacks. The efficacy of our strategy is analyzed through three derived conditions under a proposed integrated attack-defense model for mean-square boundedness of the CPS states. Simulation results on a third-order system and a single-machine infinite-bus (SMIB) system confirm that our approach significantly bolsters CPS resiliency by leveraging the advantages of re-initialization, anomaly detection, and switching mechanisms.
KW - Anomaly detection
KW - Control system
KW - Cyber–physical system
KW - Re-initialization
KW - Redundancy
KW - Switching strategy
UR - http://www.scopus.com/inward/record.url?scp=85209596399&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85209596399&partnerID=8YFLogxK
U2 - 10.1016/j.automatica.2024.111994
DO - 10.1016/j.automatica.2024.111994
M3 - Article
AN - SCOPUS:85209596399
SN - 0005-1098
VL - 172
JO - Automatica
JF - Automatica
M1 - 111994
ER -