This article addresses the detection of stealthy attacks on sensor measurements. Inspired in authentication schemes with weak cryptographic guarantees, we propose a watermarking approach to validate the data and its source. In particular, we propose a multiplicative scheme, where the sensor outputs are watermarked by a bank of filters, then transmitted through the possibly unsecured communication network. The original measurement data are finally reconstructed by a watermark remover. To allow the detection of replay attacks, the watermarking filters are devised as hybrid switching systems, whose parameters are assumed to be unknown to the adversary. Design rules are provided, guaranteeing that the nominal closed-loop performance is not deteriorated by the watermarking scheme and ensuring robust stability with mismatched filter parameters. Moreover, we design a switching protocol with no communication overhead to allow the watermarking filters to synchronously update their parameters. The detectability properties of cyber-attacks are analyzed, and the results are illustrated through numerical examples for replay and data injection attacks.

中文翻译：

---

用于检测隐形网络攻击的切换乘法水印方案


本文讨论了对传感器测量的隐形攻击的检测。受到弱加密保证的身份验证方案的启发，我们提出了一种水印方法来验证数据及其来源。特别是，我们提出了一种乘法方案，其中传感器输出由一组滤波器加水印，然后通过可能不安全的通信网络进行传输。原始测量数据最终由水印去除器重建。为了允许检测重放攻击，水印过滤器被设计为混合交换系统，其参数被假设为对手未知。提供了设计规则，保证标称闭环性能不会因水印方案而恶化，并确保在滤波器参数不匹配的情况下具有鲁棒稳定性。此外，我们设计了一种没有通信开销的切换协议，以允许水印过滤器同步更新其参数。分析了网络攻击的可检测性特性，并通过重放和数据注入攻击的数值示例说明了结果。