Combining switching mechanism with re-initialization and anomaly detection for resiliency of cyber–physical systems

Cyber–physical systems (CPS) play a pivotal role in numerous critical real-world applications that have stringent requirements for safety. To enhance the CPS resiliency against attacks, redundancy can be integrated in real-time controller implementations by designing strategies that switch among multiple controllers. However, existing switching strategies typically overlook remediation measures for compromised controllers, opting instead to simply exclude them. Such a solution reduces the CPS redundancy since only a subset of controllers are used. To address this gap, this work proposes a multi-controller switching strategy with periodic re-initialization to remove attacks. Controllers that finish re-initialization can be reused by the switching strategy, preserving the CPS redundancy and resiliency. The proposed switching strategy is designed to ensure that at each switching moment, a controller that has just completed re-initialization is available, minimizing the likelihood of compromise. Additionally, the controller’s working period decreases with the number of involved controllers, reducing the controller’s exposure time to attacks. An anomaly detector is used to detect CPS attacks during the controller’s working period. Upon alarm activation, the current control signal is set to a predefined value, and a switch to an alternative controller occurs at the earliest switching moment. Our switching strategy is shown to be still effective even if the anomaly detector fails to detect (stealthy) attacks. The efficacy of our strategy is analyzed through three derived conditions under a proposed integrated attack-defense model for mean-square boundedness of the CPS states. Simulation results on a third-order system and a single-machine infinite-bus (SMIB) system confirm that our approach significantly bolsters CPS resiliency by leveraging the advantages of re-initialization, anomaly detection, and switching mechanisms.

信息物理系统（CPS）在众多对安全性有严格要求的关键现实应用中起着关键作用。为了提高CPS抵御攻击的弹性，可以通过设计在多个控制器之间切换的策略，在实时控制器实现中集成冗余。然而，现有的切换策略通常忽略了对受损控制器的修复措施，而是仅仅选择将它们排除在外。这样的解决方案降低了CPS的冗余性，因为只有一部分控制器被使用。为了弥补这一差距，这项工作提出了一种带有定期重新初始化以消除攻击的多控制器切换策略。完成重新初始化的控制器可以被切换策略重新使用，从而保持CPS的冗余性和弹性。所提出的切换策略旨在确保在每个切换时刻，都有一个刚刚完成重新初始化的控制器可用，从而将受损的可能性降至最低。此外，控制器的工作周期随着所涉及的控制器数量的增加而减少，从而减少了控制器遭受攻击的暴露时间。一个异常检测器用于在控制器的工作周期内检测CPS攻击。一旦警报激活，当前控制信号被设置为一个预定义的值，并且在最早的切换时刻切换到一个替代控制器。我们的切换策略即使在异常检测器未能检测到（隐蔽）攻击的情况下也被证明是有效的。在一个针对CPS状态均方有界性提出的综合攻防模型下，通过三个推导条件分析了我们策略的有效性。在一个三阶系统和一个单机无穷大母线（SMIB）系统上的仿真结果证实，我们的方法通过利用重新初始化、异常检测和切换机制的优势，显著增强了CPS的弹性。