A Physics-Based Attack Detection Technique in Cyber-Physical Systems: A Model Predictive Control Co-Design Approach

In this paper a novel approach to co-design controller and attack detector for nonlinear cyber-physical systems affected by false data injection (FDI) attack is proposed. We augment the model predictive controller with an additional constraint requiring the future—in some steps ahead—trajectory of the system to remain in some time-invariant neighborhood of a properly designed reference trajectory. At any sampling time, we compare the real-time trajectory of the system with the designed reference trajectory, and construct a residual. The residual is then used in a nonparametric cumulative sum (CUSUM) anomaly detector to uncover FDI attacks on input and measurement channels. The effectiveness of the proposed approach is tested with a nonlinear model regarding level control of coupled tanks.

💡 Research Summary

This paper introduces a novel physics‑based attack detection framework for nonlinear cyber‑physical systems (CPS) that are vulnerable to false data injection (FDI) attacks. Unlike most existing works that treat controller design and anomaly detection as separate tasks, the authors co‑design a model predictive controller (MPC) and a non‑parametric cumulative sum (CUSUM) detector, tightly coupling control performance with security guarantees.

The plant dynamics are modeled as a discrete‑time nonlinear system
x_{k+1}=f(x_k, u_k+u_{a,k}), y_k=x_k+y_{a,k},
where u_{a,k} and y_{a,k} denote malicious perturbations on the input and output channels, respectively. All states are assumed to be measurable, and the attacker is restricted to tampering with either the input or the output at any given instant (but not both simultaneously).

The standard MPC formulation minimizes a finite‑horizon cost
J = Σ_{j=0}^{N‑1} (y_j^T Q y_j + u_j^T R u_j) + V_N(y_{k+N})
subject to the plant dynamics, state and input constraints, and a terminal set ensuring stability. The key innovation is the addition of a trajectory‑tracking constraint: the predicted output sequence {y_j|k}_{j=1}^N must remain inside a time‑invariant neighbourhood E of a reference trajectory ˜y_j|k, i.e., y_j|k ∈ ˜y_j|k ⊕ E for all j.

The reference trajectory is not an external signal; it is generated online from the MPC solution itself. At time k, the optimizer returns the optimal predicted output sequence {y^_{k+1|k}, …, y^{k+N|k}}. The N‑th element of this sequence becomes the reference point for the next horizon: ˜y{k+N}=y^*_{k+N|k}. Consequently, the controller and the reference trajectory evolve together, and the distance between the measured output y_k and the current reference ˜y_k defines the residual r_k = ‖y_k – ˜y_k‖.

The residual feeds a CUSUM statistic:
S_0 = 0, S_{k+1}=max(0, S_k + r_k – δ).
The drift parameter δ is chosen so that, under normal operation, the statistic does not drift upward. An alarm is raised when S_k exceeds a threshold γ, after which the statistic is reset. The threshold γ and drift δ are tuned via extensive Monte‑Carlo simulations to balance false‑alarm rates against detection delay.

To illustrate the approach, the authors consider a nonlinear level‑control problem of two coupled water tanks. The continuous dynamics derived from mass conservation and Bernoulli’s principle are discretized using a forward‑Euler scheme, yielding a two‑state nonlinear system. Simulations show that, in the absence of attacks, the MPC tracks the desired liquid levels while keeping the residual small. When an FDI attack is injected on either the pump command or the level sensor, the residual quickly grows, the CUSUM statistic surpasses γ, and the attack is detected within a few sampling periods.

The paper discusses two main trade‑offs. A smaller neighbourhood E forces the real trajectory to follow the reference more tightly, improving detection sensitivity but potentially degrading control performance due to conservatism. Conversely, a larger E yields better control but weaker security. Similarly, a lower γ reduces detection delay but increases false positives, while a higher γ does the opposite.

Overall, the contribution lies in (i) integrating trajectory‑tracking constraints into MPC to generate a physics‑based reference for residual computation, (ii) employing a stateful, non‑parametric CUSUM detector that leverages the MPC‑generated reference, and (iii) demonstrating the method on a realistic nonlinear CPS. The work opens avenues for further research on distributed MPC‑based detection, handling more sophisticated attack models (e.g., simultaneous multi‑channel attacks), and experimental validation on hardware testbeds.