Disconnection-aware Attack Detection and Isolation with Separation-based Detector Reconfiguration
Abstract
This study addresses incident handling during an adverse event for dynamical networked control systems. Incident handling can be divided into five steps: detection, analysis, containment, eradication, and recovery. For networked control systems, the containment step can be conducted through physical disconnection of an attacked subsystem. In accordance with the disconnection, the equipped attack detection unit should be reconfigured to maintain its detection capability. In particular, separating the detection subunit associated with the disconnected subsystem is considered as a specific reconfiguration scheme in this study. This paper poses the problem of disconnection-aware attack detection and isolation with the separation-based detector reconfiguration. The objective is to find an attack detection unit that preserves its detection and isolation capability even under any possible disconnection and separation. The difficulty arises from network topology variation caused by disconnection that can possibly lead to stability loss of the distributed observer inside the attack detection unit. A solution is proposed based on an existing controller design technique referred to as retrofit control. Furthermore, an application to low-voltage power distribution networks with distributed generation is exhibited. Numerical examples evidence the practical use of the proposed method through a benchmark distribution network.
- Publication:
-
arXiv e-prints
- Pub Date:
- September 2020
- DOI:
- 10.48550/arXiv.2009.11205
- arXiv:
- arXiv:2009.11205
- Bibcode:
- 2020arXiv200911205S
- Keywords:
-
- Electrical Engineering and Systems Science - Systems and Control
- E-Print:
- accepted at IEEE Transactions on Control Systems Technology