Multiple attacks detection on discrete event systems

Cyber-physical systems have emerged as a key technology in the development of distributed and autonomous large scale systems. However, one of their undesirable side effects is the fact that they are particularly exposed to cyber attacks carried out by malicious intruders. Therefore, efficient strategies for cyber security are in high demand. In this paper, we consider the issue of attack detection in the framework of partially observable discrete event systems modeled by finite automata. We assume that the observation produced by a plant can be corrupted by an intruder which, through one or more attack dictionaries, can change events into different strings. The problem we address is that of detecting if a plant has been attacked and, if such is the case, of identifying the nature of the attack, i.e., which attack dictionaries have been used. We show that the problem of attack detection can be reduced to a classical problem of state estimation or fault diagnosis for a new structure which describes the behavior of the plant under attack.