A control‐switching approach for cyberattack detection in process systems with minimal false alarms
Shilpa Narasimhan, Nael H. El‐Farra, Matthew J. Ellis
Abstract
Abstract The frequency of cyberattacks against process control systems has increased in recent years. This work considers multiplicative false‐data injection attacks involving the multiplication of the data communicated over the sensor‐controller communication link by a factor. An active detection method utilizing switching between two control modes is developed to balance the trade‐off between closed‐loop performance and attack detectability. Under the first mode, the control parameters are selected using traditional control design criteria. Under the second mode, the control parameters are selected to enhance the attack detection capability. A switching condition is imposed to prevent false alarms that could be triggered by the transient response induced by control mode switching. This condition is incorporated into the active detection method to minimize false alarms. The active detection method is applied to illustrative process examples to demonstrate its ability to detect attacks and minimize false alarms.