The subject of attack detection for industrial cyber-physical systems (IPCSs) is covered in this paper, which addresses threats from transient covert attacks (TCAs), also referred to as the second version of replay attacks with a specific frequency and short duration. A comprehensive model of the TCAs is built using the active instant and period of the attacks, as well as the dynamics of a virtual system to replicate IPCS function and produce attack signals. Though watermarking-based detection algorithms have been shown to be effective in detecting TCAs, the induced system performance loss is too significant, and as such, our primary goal is to minimize system performance degradation while maintaining the detection rate. Because the active periods of TCAs are substantially shorter than their sleep ones, or even because they are practically always silent, it makes sense that reducing superfluous watermarking will facilitate system performance. So, using an “event-triggered” strategy, a unique recursive watermarking-based detection algorithm is proposed. Here, the trigger modes of watermarking are divided into three types: forced, high probability, and low probability. The design principles are proven via algorithms and criteria, and a theoretical analysis of the detection rate and the system performance loss is also supplied. The advantages of the suggested algorithms are finally demonstrated by numerical simulations of a quadruple-water-tank system and experiments with a permanent magnet synchronous motor on the dSpace platform.

中文翻译：

---

基于递归水印的工业 CPS 瞬态隐蔽攻击检测


本文涵盖了工业网络物理系统（IPCS）的攻击检测主题，解决了瞬态隐蔽攻击（TCA）的威胁，也称为特定频​​率和短持续时间的第二版重放攻击。利用攻击的活跃时刻和周期以及虚拟系统的动态来构建 TCA 的综合模型，以复制 IPCS 功能并产生攻击信号。虽然基于水印的检测算法已被证明可以有效地检测 TCA，但引起的系统性能损失太大，因此，我们的主要目标是在保持检测率的同时最大限度地减少系统性能下降。因为 TCA 的活动周期比它们的睡眠周期短得多，或者甚至因为它们实际上总是安静的，所以减少多余的水印将提高系统性能是有道理的。因此，采用“事件触发”策略，提出了一种独特的基于递归水印的检测算法。这里，水印的触发方式分为强制、高概率和低概率三种。通过算法和标准证明了设计原理，并提供了检测率和系统性能损失的理论分析。最后通过四水箱系统的数值模拟和 dSpace 平台上的永磁同步电机实验证明了所提出算法的优点。