Replay Attack Detection for Cyber-Physical Control Systems: A Dynamical Delay Estimation Method

Cyber attack detection plays a crucial role in ensuring cyber security of control systems. However, the reported methods for cyber attack detection often rely on large-scale upgrades of field modules or modification of specific monitoring signals. The resulting issues, such as impacts on system control performance or economic losses, make these methods challenging to be widely accepted in practice. To address this challenge, this article proposes a new replay attack detection scheme, combining dynamical system characteristics and data-driven implementation, while the scheme only needs to be implemented in the control and monitoring side. Specifically, considering the effect of replay attacks and the response of the control system, a dynamical delay estimation method is proposed for detecting replay attacks. Thus, the detection logic is established by characterizing and comparing the fluctuation ranges of dynamical delay. A sliding window is adopted for quantifying the dynamical delay between the input and output data of the cyber-physical control system. Moreover, the randomized algorithm method is introduced to determine the initial value of the delay estimation method, while the online updating of dynamical delay estimation is given for real-time replay attack detection. To highlight the replay attack effect, a novel window adaptive strategy is developed to achieve adaptive detection and tracking of replay attacks. Finally, the performance and effectiveness of the proposed detection method are verified through experiments on chlorosilane distillation.