Dual Detection Framework for Faults and Integrity Attacks in Cyber-Physical Control Systems

Anomaly detection plays a vital role in the security and safety of cyber-physical control systems, and accurately distinguishing between different anomaly types is crucial for system recovery and mitigation. This study proposes a dual detection framework for anomaly detection and discrimination. By leveraging the dynamic characteristics of control loops and the stealthiness features of integrity attacks, the closed-loop stealthiness condition is first derived, and two dedicated detectors are designed and deployed on the controller side and the plant side, respectively, enabling joint plant fault and cyber attack detection. Moreover, by jointly analyzing the residual response of the two detectors corresponding to different anomalies, it is proved that the proposed method can distinguish between faults and integrity attacks due to the detectors' individual residual spaces. According to the detector's residual space, the fault and attack detection performance is further improved by a two-stage optimization scheme. Simulation results validate the effectiveness of the proposed approach.