This work considers the problem of detecting corrupted components in a large scale decentralized system via local model information. The electric power system, the transportation system, and generally any computer or network system are examples of large scale systems for which external (cyber) attacks have become an important threat. We consider the case of linear networks, and we model a cyber attack as an exogenous input that compromises the behavior of a set of components. We exploit two distributed methods that rely on two different sets of assumptions to achieve detection and identification. The first method takes advantage of the presence in the network of weakly interconnected subparts, it requires limited knowledge of the network model, and it affords local detection and identification of misbehaving components whose behavior deviates more than a threshold. The second method relies on the presence of a set of trustworthy leaders with better computation and communication capabilities. Only relying on a partial knowledge of the network model, the leaders cooperatively detect and identify misbehaving components. ©2010 IEEE.

Identifying cyber attacks via local model information

CARLI, RUGGERO;
2010

Abstract

This work considers the problem of detecting corrupted components in a large scale decentralized system via local model information. The electric power system, the transportation system, and generally any computer or network system are examples of large scale systems for which external (cyber) attacks have become an important threat. We consider the case of linear networks, and we model a cyber attack as an exogenous input that compromises the behavior of a set of components. We exploit two distributed methods that rely on two different sets of assumptions to achieve detection and identification. The first method takes advantage of the presence in the network of weakly interconnected subparts, it requires limited knowledge of the network model, and it affords local detection and identification of misbehaving components whose behavior deviates more than a threshold. The second method relies on the presence of a set of trustworthy leaders with better computation and communication capabilities. Only relying on a partial knowledge of the network model, the leaders cooperatively detect and identify misbehaving components. ©2010 IEEE.
2010
49th IEEE Conference on Decision and Control
9781424477456
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11577/2419113
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 16
  • ???jsp.display-item.citation.isi??? 8
social impact