Detectability of Intermittent Zero-Dynamics Attack in Networked Control Systems

Abstract

This paper analyzes stealthy attacks, particularly the zero-dynamics attack (ZDA) in networked control systems. ZDA hides the attack signal in the null-space of the state-space representation of the control system and hence it cannot be detected via conventional detection methods. A natural defense strategy builds on changing the null-space via switching through a set of topologies. In this paper, we propose a realistic ZDA variation where the attacker is aware of this topology-switching strategy, and hence employs the policy to avoid detection: "pause (update and resume) attack" before (after) topology switching to evade detection. We first systematically study the proposed ZDA variation, and then develop defense strategies under the realistic assumptions. Particularly, we characterize conditions for detectability of the proposed ZDA variation, in terms of the network topologies to be maintained, the set of agents to be monitored, and the measurements of the monitored agents that should be extracted. We provide numerical results that demonstrate our theoretical findings.