Adaptive Thresholding for Deception Attack
Detection in Networked Control Systems
Taouba Rhouma, Karim Chabir and Mohamed Naceur Abdelkrim
University of Gabes
Research Unit of Modeling, Analysis and Control Systems MACS 06/UR/11-12
National Engineering School of Gabes 6029 Gabes, Tunisia
Email:
[email protected]
,
[email protected]
,
[email protected]
Abstract—Security of Cyber-Physical Systems (CPS) against
Cyber attacks is an important yet challenging problem. This
paper studies the problem of Cyber attack detection in the
Networked Control Systems (NCS) in the presence of network
delays and unknown disturbances. The first part of this paper
describes a dynamic modelling of the NCS under network delays
and deception attack and gives an attack strategy that a malicious
agent located inside the network can use to act on the physical
world. The second part shows how to reveal the presence of the
adversary by using an adaptive threshold. The results of the
detection scheme are illustrated through an illustrative example.
I. I NTRODUCTION
Recent technological advances are revolutionizing our abil-
ity to build distributed Networked Control Systems (NCS)
where the communication network plays an extremely im-
portant role in geographically dispersed NCS, stressed in
[1]. Central, decentralized or distributed NCS are critical to
system operation in various infrastructures such as electric
power grids, transportation systems, communication networks,
oil and gas pipelines, waste-water treatment systems, water
distribution and irrigation networks. Besides failures of com-
ponents, NCS are vulnerable to Cyber physical attacks incor-
porating Cyber and physical activities into a malicious attack.
In recent years, a sharp rise in the number of Cyber attacks has
been reported. Consequently, many researchers have shown
a great concern for the analysis of vulnerabilities of CPS
integrating physical processes, computational resources, and
communication capabilities to external attacks (see [2]).
Cyber physical attacks in CPS summarized in [3] can be di-
vided into three categories as follows: Denial of Service (DoS)
attacks in [4] when adversaries prevent controllers from re-
ceived sensors measurement or the plant from received control
laws, deception attacks in [5] when adversaries inject false data
on control signals or on information transmitted by sensors to
the plant via communication channels, replay attacks in [6],
covert attacks in [7], and finally physical attacks on sensors
and actuators close to faults considered in traditional model-
based Fault Detection and Isolation (FDI) schemes studied by
[8] and [9]. The last generation of malwares of type Stuxnet
infecting Programmable Logic Controllers (PLC) or Replay
attack in [10] can be viewed as deception attack on control
signals coordinated with the generation of artificial delays on
measurements. It has been shown in the literature that the
attack detection and isolation in CPS seems closely related to
the fault detection and isolation problem. Cyber attacks are
modeled as additive signals to both state evolution and sensor
measurement equations. This problem is generally solved by
using the analytical redundancy approach, which consists of
two steps: residual generation and residual evaluation. The
residuals are first generated by using traditional methods (i.e.
the Kalman filter or the parity space approaches) and they are
then evaluated by utilizing change detection techniques (see,
among others, [11], [12]).
Besides Cyber attacks, several network-induced effects arise
when dealing with the NCS, such as time-delays [13], [14],
packet losses [15], [16] and quantization problems [17], [18].
The control issues of NCS have attracted attention of many
researchers particularly taking into account network-induced
effects. Delays are known to degrade drastically the perfor-
mances of the control systems, for this reason, many works
aimed at reducing the effects of induced network delays on
NCS [19], [20]. The effects of a short delay, having duration
less than one sampling period, has been proposed in the
literature. For instance, the authors of [21] formulate the delay
effect as an unknown input with variable distribution matrix
by using Taylor approximation. In [22] mixed delay composed
of constant part and random part is considered. The delay
effect is approximated by a polytopic uncertainties and use the
reference model fault detection technique [23] for the design
of the observer based fault detection. In industrial applications,
the accuracy of both cyber attacks and induced time delays in
Networked Control systems is a possible scenario but only
a few studies have examined this case. Therefore needs to
design a detection scheme for cyber-attack in NCS in the
presence of induced time delays. The objective of this study
is to investigate a deception attack detection strategy in NCS
and reducing the effect of delays caused by the communication
networks.
This paper is organized as follows. A problem formulation is
given in section II. Section III, includes the design of an attack
strategy that a malicious agent can use to successfully realize
his attack. In section IV, an adaptive threshold is implemented
for the detection of the cyber attack. An illustrative example
is given in section V before to conclude in section VI.
 II. M ODEL FOR NCS UNDER ATTACK AND may vary, depending on the network traffic, medium access
COMMUNICATION DELAY protocol and the hardware.
Let us consider the plant model of the NCS with embedded Furthermore, the following assumption are taken into account.
sensors, actuators and the local controller, described by the Assumption 1: for data acquisition it is supposed that the
following linear discrete-time stochastic system sensor is time-driven and the sampling period is denoted by
( T . By event-triggered controller or actuator, we mean that
xk+1 = Axk + Buk + Ba aak + Ex dk calculation of the new control or actuator signal is started as
(1)
yk = Cxk + Da ask + Ey dk soon as the new control or actuator information arrives.
Assumption 2: unknown time-varying network induced de-
where xk ∈ ℜn is the state vector, yk ∈ ℜm the measurement lay at time step k is denoted by τk and τk = τksc + τkca is
output vector, uk ∈ ℜp the control input vector. aak ∈ ℜp smaller than one sampling period τk  T where τksc and τkca
denotes the actuator attack vector, ask ∈ ℜm denotes the sensor are the sensor-to-controller delay and the controller-to-actuator
attack vector and dk is the vector of noises. The matrices delay, respectively. There is no packet dropout in the networks.
A, B, Ex , Ey ,Ba and Da are assumed to be known with Taking into account the network-induced delay, the control
appropriate dimensions. The system is considered to be in input (zero hold is assumed) over a sampling interval [kT, (k+
nominal behavior if aak = 0 and ask = 0 for all k  0. 1)T ] is given by
The state and measurement noises Ex dk and Ey dk are zero (
mean uncorrelated Gaussian random sequences with uk−1 t ∈ [kT, kT + τk ]
ut = (7)
(  T )   uk t ∈ [kT + τk , (k + 1)T ]
Ex dk Ex dj W 0
E = δk,j According to the property of definite integral, if we introduce
Ey dk Ey dj 0 V (2)
the control increment ∆uk = uk−1 − uk , the plant (1) with
with W  0, V > 0 unknown disturbance vector and attack vector can be described
The initial state x0 , assumed to be uncorrelated with Ex dk by
and Ey dk , is na Gaussian random variable with E {x0 } = x̄0 
T
o xk+1 = A xk + B uk + B∆ ∆uk + B∆k dτk

and P0 = E (x0 − x̄0 )(x0 − x̄0 )  0. The pair (A, C) +Ba aak + Ex dk (8)
is detectable, (A, B) stabilizable.  s
yk = Cxk + Da ak + Ey dk

Designed under the assumption that the system is in nominal
behavior, an observer for system (1) can be constructed in the where the delay effect can be considered as an unknown input
form of the following detection filter as with time variant distribution matrix B∆k , see [24] for more
( details of the model parameter calculation.
x̂k+1 = Ax̂k + Buk + L(yk − ŷk ) By defining
(3)
ŷk = C x̂k      
B uk Ex
The residual generator is given by Bka = , uak = a
, Ex,k = ,
B∆ ∆uk B∆k
r̄k = V (yk − ŷk )
   
(4) a Ey a dk
Ey = and dk =
0 dτk
where L and V are the observer gain and postfilter designed to
fulfill attack detection and isolation requirements. Let define it results that the model of (8) is rewritten as:
the estimation error as ε̄k = xk − x̂k . From (3) and (4) it (
xk+1 = Axk + Bka uak + Ba aak + Ex,k a
dak
results that the anomaly detector error dynamic propagates as (9)
follows yk = Cxk + Da ask + Eya dak

ε̄k+1 = (A − LC)ε̄k + (B̄a − LD̄a )ak + (Ex − LEy )dk (5) III. ATTACKER MODEL
In deception attacks, the adversary attempts to prevent the
r̄k = V C ε̄k + V D̄a ak + V Ey dk (6) actuator or the sensor from receiving an integrity data. His goal
where is to modify the control action uk or the sensor measurements
aak
 
    yk from their real values by sending a false information from
D̄a = 0 Da , B̄a = Ba 0 and ak = . The
ask controllers or sensors. The false information can be a wrong
observer gain L is designed to stabilize the matrix (A − LC). sender identity, an incorrect sensor measurement or control
In addition to the bad effects of a successful Cyber-attack on input, an incorrect time when a measurement was observed.
the networked control system, induced time delays can be a The attacker can also inject a bias data that cannot be detected
source of instability and degradation of control performance. in the system and launch these attacks by obtaining the secret
When the system is controlled over a network, we have to keys or by compromising some controllers or sensors. In
take into account the sensor to controller delays and controller this section, we assume that the malicious agent can inject a
to actuator delays. Note that delays, in general, cannot be false control input into the actuator channels or a false sensor
considered as constant and known. Network induced delays measurement into the sensor channels at the intrusion time k0 .
The attacker prefers to perform his malicious action within a properties of robustness against network delay effects. Let us
short period due to the limit resources. Assume that to compute define the following vector, described by
the appropriate attack policy the attacker has access to the  
x
detailed model of the system. The deception attack on the zk = k . (12)
εk
actuator can be then modeled as

 Ba = B The overall system dynamics, which includes the plant and
ρak ∈ {0, 1}, ∀ k (10) the residual generator, can be expressed as
 a
ak = ρak bak − ρak uk
(
zk+1 = Ãzk + B̃k uak + B̃a ak + Ẽx,k a
dak
(13)
where bak is a deceptive data that the adversary attempts to rk = V C̃zk + V D̄a ak + V Eya dak
launch on the actuator and where the binary variable ρak    a
represents the acknowledgement signal indicating the status A 0 Bk  
where à = , B̃k = , C̃ = 0 C ,
of the presence or not of an attack with ρak = 1 ∀k  k0  0 A − LC  0 
when the system is under actuator deception attack and ρak = 0 a Ex ˜ B̄ a
Ẽx,k = a and B a =
otherwise. Ex,k − LEy B̄a − LD̄a
The deception attack on the sensor can be then modeled as It is assumed that the plant is mean square stable. Since the

 Da = C observer gain matrix L has no influence on the system in (13).
ρsk ∈ {0, 1}, ∀ k (11) The overall system dynamic including the plant and residual
 s
ak = ρsk bsk − ρsk xk generator is mean square stable. The dynamics of the residual
generator can be expressed as
where bsk is a deceptive data that the adversary attempts
to launch on the sensor and where the binary variable ρsk a
εk+1 = (Ã − LC̃)εk + (0 B̃k )uak + B̃a ak + Ẽx,k dak (14)
represents the acknowledgement signal indicating the status
of the presence or not of a sensor Cyber attack with ρsk = 1 rk+1 = V (C̃εk + D̄a ak + Eya dak ) (15)
∀k  k0 when the system is under sensor deception attack The post-filter V and the observer gain matrix L are the
and ρsk = 0 otherwise. design parameters for the residual signal. The main objective
Remark 1: If bak = 0 or bsk = 0 then a special case of the design of the residual generator is to improve the
of cyber attacks called Denial of Service (DoS) attack on sensitivity of the FD system to abnormal behavior while
the actuators or on the sensors occurs, where the objective keeping robustness against disturbances. Thus, the selection
of the adversary is to prevent the actuator from receiving of the design parameters L, V can be formulated as an
control commands or the controller from receiving sensor optimization problem such as
measurements, respectively.
Remark 2: As it has been shown in many works, [6], k Gra
z k2
sup J = sup (16)
[7], [25], that the attack vectors aak and ask can be designed L, V k Grd
z k∞
to disrupt the system while bypassing traditional anomaly
where
detectors. Thus, it becomes necessary to find the security  −1
analysis process that makes such attacks detectable. Some Grd = V C̃ zI − Ã + L C̃ a
Ẽx,k + V Eya (17)
z
proposed solutions to make these stealthy attacks detectable
have been presented in [26] or [27] and show that the stealthy  −1
strategy of the adversary is destroyed by modifying the sys- Gra
z = V C̃ zI − Ã + L C̃ B˜a + V D̄a (18)
tem’s structure or by data losses on the control signals due to the optimal solution to the optimisation problem defined in
unreliable communication networks. In this paper, we consider (16) can be carried out using the so-called unified solution as
the problem of detectable attacks detection. mentioned in [28].
IV. D ECEPTION ATTACK D ETECTION S CHEME B. Adaptive threshold
It has been shown that the attack detection and isolation Based on the obtained system model (13), we design in this
is closely related to the fault detection and isolation problem section an adaptive threshold allowing to detect the deception
that can be generally solved by using the analytical redun- attack. The decision for successful attack detection is based
dancy approach, which consists of residual generation and on the comparison between the results obtained from the
residual evaluation. In this section, our objective is to design residual evaluation function and the determined threshold. The
the anomaly detector to detect the deception attack while following residual evaluation function is adopted
considering network induced effects.

N
!T N
! 12
 1 X 1
A. Robust residual generation X 
Jke = k rk k 2,N = rk−i rk−i
The objective here is to design a robust residual generator  N N 
i=1 i=1
similar to the one given by equation (3) with the additional (19)
where N is the length of the evaluation window. In the absence
of the attack, the mean of rk can be expressed (when ak = 0)
as
a
εk+1 = (Ã − LC̃)εk + Ẽx,k dak (20)
rk+1 = V (C̃εk + Eya dak ) (21)
The estimation of bound of mean of rk + 1 can be carried
out using the following theorem
Theorem 1: Given system (20)-(21) and the constants
α1 > 0, α2 > 0, and assume that ε0 = 0,
kdak k2 ≤ δd,2 , {(dak )T (dak )} 2 ≤ δd,∞
1
then ∀k
r̄kT r̄k = α1 δd,2 + α2 δd,∞
if the following two LMI’s hold for some P > 0
 
a
P P (Ã − LC̃) P Ẽx,k
 (Ã − LC̃)T P P 0 >0 (22)
 
The proof of Theorem2 is similar to the one mentioned in
[23], hence it is omitted. Note that ∆uk is set to the allowed
upper bound of the control input max(∆uk ). Based on the
results on the bounds of the static feature of the residual signal
described previously, the threshold can be determined as
1
Jkth = {αN sup(σrk )} 2 (27)
where
k
X
(∆uTj ∆uj )) + γ2 δd,∞ + ∆uTk ∆uk


sup(σrk ) = γ1 (δd,2 +
j=0
(28)
The parameter 0 < αN < 1 is a constant value depends on the
length of the evaluation window N used to reduce the false
alarm rate. The constant parameters γ1 and γ2 represents the
bounds on the variance of the residual signal.
Note that because the residual signal is a white noise

Ẽ ax,k T P 0 I process, the threshold will depends on the statistical part of

" # it (which means the variance of residual signal). After the
P C̃ T V T determination of a threshold, a decision has to be performed, if
>0 (23) an attack occurs. The decision logic can be defined as follows:
V C̃ α1 I
1 Jke > Jkth =⇒ Attack
Note that α22 is the maximum singular value of the matrix
(V Eya ). Jke ≤ Jkth =⇒ No Attack
The variance of the residual signal rk+1 is given by
The threshold Jkth is adaptive and is influenced from ∆uk ,
T
σrk = E[(rk+1 − r̄k+1 ) (rk+1 − r̄k+1 )] which has to be calculated online.
where r̄k+1 = E[rk+1 ]. Under the assumption that the V. A PPLICATION AND NUMERICAL EXAMPLE
unknown disturbance dak and the control input uak are L2 In order to illustrate the obtained results, we take as an
bounded, the estimation of the bound on the variance of rk+1 illustration example a WARD-LEONARD group constituted
can be obtained according to the following Theorem. of a generator with D.C. current, driven at constant speed
Theorem 2: Given system (13) and the constants γ1 > 0, by an asynchronous machine, who supplies an engine Motor
γ2 > 0, and assume that with D.C. current. The engine involves a load made up at first
kdak k2 ≤ δd,2 , {(dak )T (dak )} 2 ≤ δd,∞
1
∀k (24) approximation with pure inertia J. the inductor of the engine
is fed under a constant tension, and the reaction of armature
then ∀k, will be neglected. Considering the control input v and the state
k−1
X variables, x1 = i1 (armature current) and x2 = Ω (velocity),
σrk ≤ γ1 (daT a aT a aT a aT a
j dj + uj uj ) + γ2 (dk dk + uk uk ) the electromechanical dynamics of the system can be described
j=0 by the following state-space model.
holds if there exists P > 0 so that   − Lr


i̇1 0 i1
  1 
L
 = 

  + v
2
 a
 ka k Ω
−P P Ã0 P (B̃0 + σ1 B̃1 ) P Ẽx,0 Ω̇ J(RG +Rm ) − J(RG +Rm ) 0
ÃT0 P −P 0 0
 

<0
 Let T = 0.125, being the sampling period. The parameters
 (B̃0 + σ1 B̃1 )T P

0 −I 0  of the group used in this paper are shown in the following
a T
(Ẽx,0 ) P 0 0 −I T ableI. This process is controlled via a network, where the
" # (25) communication delay τ between the system and the controller
−P V C̃ belongs to the set [τmin , τmax ]. Suppose that τ is a random
<0 (26)
T T
C̃ V γ1 I sequence uniformly distributed between [0.07, 0.12].
For illustration, a false data injection attack with a constant
Bpa
   
A 0 amplitude applied to the input signals has been simulated
Ãp = , B̃p =
0 A − ρ1 LC ρ2 Bpa during the time instants [1400, 2000]. The parameter of the
  generation feedback gain Kk is calculated adaptively and on-
C̃p = 0 ρ1 C line. The upper bounds on the unknown inputs are δd,2 = 0.17
 TABLE I 0.5
M ODEL PARAMETERS
0.45 evaluated residual
adaptive threshold
Parameter Description Value 0.4

J Inertia 2 kg m2 0.35

0.3
Back-EMF 1 Vs/rad = 1
k constant Nm/A 0.25

Rm Resistance 0.4 ohm 0.2

RG Resistance 0.4 ohm 0.15

a Constant 100 0.1

L Inductance 5H 0.05

0
r Resistance 20 ohms 0 500 1000 1500 2000
time

Fig. 3. Evaluated residual under Attack

and δd,∞ = 0.3. The length of the evaluation window is set
to 50 and αN is set to 0.3. The parameters of the Threshold
are computed as γ1 = 0.0061 and γ2 = 0.05. The threshold is VI. C ONCLUSION
then to adaptive online during the simulation. The variation of
In this study Cyber-physical attack detection for networked
control inputs is shown in Figure 1. The residual signal as well
control systems is discussed. After having represented the
as the threshold in the absence of the attack are illustrated in
plant under deception attack and network delays, we presented
Figure 2. The evaluated residual signal exceeds the threshold
a detection strategy by using a post-filter and compared to
as described in Figure 3. It is shown that the threshold is
an adaptive threshold that considers the variation of control
adaptive to the change of residual signal due to the variation of
inputs as well as unknown inputs. The problem of threshold
control input which leads that the false alarm rate is extremely
design is established in terms of linear matrix inequalities and
minimized.
the validation results show the effectiveness of the obtained
results.
2

1.5 R EFERENCES
1
[1] J. Hespanha, P. Naghshtabrizi, and Y. Xu, “A survey of recent results
0.5 in networked control systems,” Proceedings of the IEEE, vol. 95, no. 1,
pp. 138–162, 2007.
0
[2] A. A. Cardenas, S. Amin, and S. Sastry, “Secure control: Towards sur-
−0.5 vivable cyber-physical systems,” in The 28th International Conference
on Distributed Computing Systems Workshops. IEEE, 2008, pp. 495–
−1
500.
−1.5 [3] F. Pasqualetti, “Secure control systems: A control-theoretic approach to
cyber-physical security,” Ph.D. dissertation, Citeseer, 2012.
−2
0 500 1000 1500 2000 [4] S. Amin, A. A. Cárdenas, and S. S. Sastry, “Safe and secure networked
time
control systems under denial-of-service attacks,” in Hybrid Systems:
Computation and Control. Springer, 2009, pp. 31–45.
Fig. 1. Control input variation [5] Y. Liu, P. Ning, and M. K. Reiter, “False data injection attacks against
state estimation in electric power grids,” in Proceedings of the 16th ACM
Conference on Computer and Communications Security, ser. CCS ’09.
New York, NY, USA: ACM, 2009, pp. 21–32.
[6] Y. Mo and B. Sinopoli, “Secure control against replay attacks,” in
Communication, Control, and Computing, 2009. Allerton 2009. 47th
0.5
Annual Allerton Conference on, Sept 2009, pp. 911–918.
0.45 evaluated residual [7] R. S. Smith, “A decoupled feedback structure for covertly appropriating
adaptive threshold
0.4 networked control systems,” Proc. IFAC World Congress, pp. 90–95,
0.35 2011.
0.3
[8] R. J. Patton and J. Chen, “Robust model-based fault diagnosis for
dynamic systems,” 1999.
0.25
[9] J.-Y. Keller and D. Sauter, “Restricted diagonal detection filter and up-
0.2
dating strategy for multiple fault detection and isolation,” International
0.15 Journal of Adaptive Control and Signal Processing, vol. 25, no. 1, pp.
0.1 68–87, 2011.
0.05
[10] Y. Mo and B. Sinopoli, “Secure control against replay attacks,” in
Communication, Control, and Computing, 2009. Allerton 2009. 47th
0
0 500 1000 1500 2000 Annual Allerton Conference on. IEEE, 2009, pp. 911–918.
time
[11] M. Basseville, I. Nikiforov et al., Detection of abrupt changes: theory
and application. Prentice Hall Englewood Cliffs, NJ, 1993, vol. 104.
Fig. 2. Evaluated residual under no Attack [12] J. Chen and R. Patton, “Robust residual generation using unknown input
observers,” Robust model-based fault diagnosis for dynamic systems, pp.
65–108, 1999.
[13] A. Schöllig, U. Münz, and F. Allgöwer, “Topology-dependent stability
of a network of dynamical systems with communication delays,” in
Proceedings of the European Control Conference, Kos, Greece, 2007,
pp. 1197–1202.
[14] J. Yi, Q. Wang, D. Zhao, and J. Wen, “Bp neural network prediction-
based variable-period sampling approach for networked control sys-
tems,” Applied Mathematics and Computation, vol. 185, no. 2, pp. 976–
988, 2007.
[15] J. Xiong and J. Lam, “Stabilization of linear systems over networks with
bounded packet loss,” Automatica, vol. 43, no. 1, pp. 80–87, 2007.
[16] M. Sahebsara, T. Chen, and S. Shah, “Optimal filtering with random
sensor delay, multiple packet dropout and uncertain observations,”
International journal of control, vol. 80, no. 2, pp. 292–301, 2007.
[17] L. Montestruque and P. Antsaklis, “Static and dynamic quantization
in model-based networked control systems,” International Journal of
Control, vol. 80, no. 1, pp. 87–101, 2007.
[18] H. Fang, H. Ye, and M. Zhong, “Fault diagnosis of networked control
systems,” Annual Reviews in Control, vol. 31, no. 1, pp. 55–68, 2007.
[19] M. Yu, L. Wang, T. Chu, and F. Hao, “An lmi approach to networked
control systems with data packet dropout and transmission delays,” in
Decision and Control, 2004. CDC. 43rd IEEE Conference on, vol. 4.
IEEE, 2004, pp. 3545–3550.
[20] S. LI, Y. WANG, X. FENG, and Y. SUN, “Guaranteed cost control of
networked control systems with time-delays and packet losses,” Interna-
tional Journal of wavelets, multiresolution and information processing,
vol. 4, no. 04, pp. 691–706, 2006.
[21] D. Sauter, S. Li, and C. Aubrun, “Robust fault diagnosis of networked
control systems,” International Journal of Adaptive Control and Signal
Processing, vol. 23, no. 8, pp. 722–736, 2009.
[22] Y. Wang, S. Ding, Y. Hao, and W. Guizeng, “A new fault detection
scheme for networked control systems subject to uncertain time-varying
delay,” IEEE Transactions on Signal Processing, vol. 56, no. 10, pp.
5258–5268, 2008.
[23] S. X. Ding, Model-based fault diagnosis techniques: design schemes,
algorithms, and tools. Springer Science & Business Media, 2008.
[24] K. Chabir, M. Sid, and D. Sauter, “Fault diagnosis in ncs under
communication constraints: A quadrotor helicopter application.”
[25] Y. Mo, E. Garone, A. Casavola, and B. Sinopoli, “False data injection
attacks against state estimation in wireless sensor networks,” in Decision
and Control (CDC), 2010 49th IEEE Conference on, Dec 2010, pp.
5967–5972.
[26] A. Teixeira, I. Shames, H. Sandberg, and K. H. Johansson, “Revealing
stealthy attacks in control systems,” in Communication, Control, and
Computing (Allerton), 2012 50th Annual Allerton Conference on. IEEE,
2012, pp. 1806–1813.
[27] C. Kwon, W. Liu, and I. Hwang, “Security analysis for cyber-physical
systems against stealthy deception attacks,” in American Control Con-
ference (ACC), 2013. IEEE, 2013, pp. 3344–3349.
[28] S. Ding, T. Jeinsch, P. Frank, and E. Ding, “A unified approach to
the optimization of fault detection systems,” International journal of
adaptive control and signal processing, vol. 14, no. 7, pp. 725–745,
2000.