The frequency of cyberattacks against process control systems has increased in recent years. This work considers multiplicative false-data injection attacks involving the multiplication of the data communicated over the sensor-controller communication link by a factor. An active detection method utilizing switching between two control modes is developed to balance the trade-off between closed-loop performance and attack detectability. Under the first mode, the control parameters are selected using traditional control design criteria. Under the second mode, the control parameters are selected to enhance the attack detection capability. A switching condition is imposed to prevent false alarms that could be triggered by the transient response induced by control mode switching. This condition is incorporated into the active detection method to minimize false alarms. The active detection method is applied to illustrative process examples to demonstrate its ability to detect attacks and minimize false alarms.

中文翻译：

---

一种控制切换方法，用于过程系统中的网络攻击检测，具有最小的误报

近年来，针对过程控制系统的网络攻击频率有所增加。这项工作考虑了乘法虚假数据注入攻击，涉及将通过传感器-控制器通信链路传输的数据乘以一个因子。开发了一种利用两种控制模式之间切换的主动检测方法，以平衡闭环性能和攻击可检测性之间的权衡。在第一种模式下，使用传统的控制设计标准选择控制参数。第二种模式下，通过选择控制参数来增强攻击检测能力。施加切换条件以防止可能由控制模式切换引起的瞬态响应触发的错误警报。这种情况被结合到主动检测方法中，以最大限度地减少误报。主动检测方法应用于说明性过程示例，以展示其检测攻击和最小化误报的能力。