学术文献库

We study the problem of data-driven attack detection for unknown LTI systems using only input-output behavioral data. In contrast with model-based detectors that use errors from an output predictor to detect attacks, we study behavior-based data-driven detectors. We construct a behavior-based chi-squared detector that uses a sequence of inputs and outputs and their covariance. The covariance of the behaviors is estimated using data by two methods. The first (direct) method employs the sample covariance as an estimate of the covariance of behaviors. The second (indirect) method uses a lower dimensional generative model identified from data to estimate the covariance of behaviors. We prove the consistency of the two methods of estimation and provide finite sample error bounds. Finally, we numerically compare the performance and establish a tradeoff between the methods at different regimes of the size of the data set and the length of the detection horizon. Our numerical study indicates that neither method is invariable superior, and reveals the existence of two regimes for the performance of the two methods, wherein the direct method is superior in cases with large data sets relative to the length of the detection horizon, while the indirect method is superior in cases with small data sets.