Efficient Predictive Monitoring of Linear Time-Invariant Systems Under Stealthy Attacks

Attacks on Industrial Control Systems (ICS) can lead to significant physical damage. While offline safety and security assessments can provide insight into vulnerable system components, they may not account for stealthy attacks designed to evade anomaly detectors during long operational transients. In this paper, we propose a predictive online monitoring approach to check the safety of the system under potential stealthy attacks. Specifically, we adapt previous results in reachability analysis for attack impact assessment to provide an efficient algorithm for online safety monitoring for Linear Time-Invariant (LTI) systems. The proposed approach relies on an offline computation of symbolic reachable sets in terms of the estimated physical state of the system. These sets are then instantiated online, and safety checks are performed by leveraging ideas from ellipsoidal calculus. We illustrate and evaluate our approach using the Tennessee-Eastman process. We also compare our approach with the baseline monitoring approaches proposed in previous work and assess its efficiency and scalability. Our evaluation results demonstrate that our approach can predict in a timely manner if a false data injection attack will be able to cause damage, while remaining undetected. Thus, our approach can be used to provide operators with real-time early warnings about stealthy attacks.