This work considers the problem of detecting corrupted components in a large scale decentralized system via local model information. The electric power system, the transportation system, and generally any computer or network system are examples of large scale systems for which external (cyber) attacks have become an important threat. We consider the case of linear networks, and we model a cyber attack as an exogenous input that compromises the behavior of a set of components. We exploit two distributed methods that rely on two different sets of assumptions to achieve detection and identification. The first method takes advantage of the presence in the network of weakly interconnected subparts, it requires limited knowledge of the network model, and it affords local detection and identification of misbehaving components whose behavior deviates more than a threshold. The second method relies on the presence of a set of trustworthy leaders with better computation and communication capabilities. Only relying on a partial knowledge of the network model, the leaders cooperatively detect and identify misbehaving components. ©2010 IEEE.
Identifying cyber attacks via local model information
CARLI, RUGGERO;
2010
Abstract
This work considers the problem of detecting corrupted components in a large scale decentralized system via local model information. The electric power system, the transportation system, and generally any computer or network system are examples of large scale systems for which external (cyber) attacks have become an important threat. We consider the case of linear networks, and we model a cyber attack as an exogenous input that compromises the behavior of a set of components. We exploit two distributed methods that rely on two different sets of assumptions to achieve detection and identification. The first method takes advantage of the presence in the network of weakly interconnected subparts, it requires limited knowledge of the network model, and it affords local detection and identification of misbehaving components whose behavior deviates more than a threshold. The second method relies on the presence of a set of trustworthy leaders with better computation and communication capabilities. Only relying on a partial knowledge of the network model, the leaders cooperatively detect and identify misbehaving components. ©2010 IEEE.Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.