Two-Channel Joint Coding Detection for Cyber-Physical Systems Against Integrity Attacks

MO Xiaolei; ZENG Weixin; FU Jiawei; DOU Keqin; WANG Yanwei; SUN Ximing; LIN Sida; SUI Tianju

doi:10.11999/JEIT250729

Article Contents

Article Navigation > Journal of Electronics & Information Technology > 2025 >

MO Xiaolei, ZENG Weixin, FU Jiawei, DOU Keqin, WANG Yanwei, SUN Ximing, LIN Sida, SUI Tianju. Two-Channel Joint Coding Detection for Cyber-Physical Systems Against Integrity Attacks[J]. Journal of Electronics & Information Technology. doi: 10.11999/JEIT250729

Citation:

MO Xiaolei, ZENG Weixin, FU Jiawei, DOU Keqin, WANG Yanwei, SUN Ximing, LIN Sida, SUI Tianju. Two-Channel Joint Coding Detection for Cyber-Physical Systems Against Integrity Attacks[J]. Journal of Electronics & Information Technology. doi: 10.11999/JEIT250729

Citation:

MO Xiaolei, ZENG Weixin, FU Jiawei, DOU Keqin, WANG Yanwei, SUN Ximing, LIN Sida, SUI Tianju. Two-Channel Joint Coding Detection for Cyber-Physical Systems Against Integrity Attacks[J]. Journal of Electronics & Information Technology. doi: 10.11999/JEIT250729

PDF( 1977 KB)

Two-Channel Joint Coding Detection for Cyber-Physical Systems Against Integrity Attacks

doi: 10.11999/JEIT250729 cstr: 32379.14.JEIT250729

1.
School of Control Science and Engineering, Dalian University of Technology, Dalian 116024, China
2.
AVIC Shenyang Aircraft Design and Research Institute, Shenyang 110035, China
3.
China Industrial Control Systems Cyber Emergency Response Team, Beijing 100040, China
4.
School of Science, Dalian Maritime University, Dalian 116026, China

Funds: The National Natural Science Foundation of China(62322306,62173057), Aeronautical Science Foundation of China(2022Z018063001), KGJ Basic Research and Development Program(JCKY2023110C080), Dalian University of Technology Major Project Research Topics(DUT24ZD412)

Received Date: 2025-08-07
Accepted Date: 2025-11-12
Rev Recd Date: 2025-11-11

Available Online: 2025-11-17

Abstract

Abstract

Objective Cyber-Physical Systems (CPS) are widely applied across infrastructure, aviation, energy, healthcare, manufacturing, and transportation, as computing, control, and sensing technologies advance. Due to the real-time interaction between information and physical processes, such systems are exposed to security risks during data exchange. Attacks on CPS can be grouped into availability, integrity, and reliability attacks based on information security properties. Integrity attacks manipulate data streams to disrupt the consistency between system inputs and outputs. Compared with the other two types, integrity attacks are more difficult to detect because of their covert and dynamic nature. Existing detection strategies generally modify control signals, sensing signals, or system models. Although these approaches can detect specific categories of attacks, they may reduce control performance and increase model complexity and response delay. Methods A joint additive and multiplicative coding detection scheme for the two-channel structure of control and output is proposed. Three representative integrity attacks are tested, including a control-channel bias attack, an output-channel replay attack, and a two-channel covert attack. These attacks remain stealthy by partially or fully obtaining system information and manipulating data so the residual-based χ2 detector output stays below the detection threshold. The proposed method introduces paired additive watermarking signals with positive and negative patterns, together with paired multiplicative coding and decoding matrices on both channels. These additional unknown signals and parameters introduce information uncertainty to the attacker and cause the residual statistics to deviate from the expected values constructed using known system information. The watermarking pairs and matrix pairs operate through different mechanisms. One uses opposite-sign injection, while the other uses a mutually inverse transformation. Therefore, normal control performance is maintained when no attack is present. The time-varying structure also prevents attackers from reconstructing or bypassing the detection mechanism. Results and Discussions Simulation experiments on an aerial vehicle trajectory model are conducted to assess both the influence of integrity attacks on flight paths and the effectiveness of the proposed detection scheme. The trajectory is modeled using Newton’s equations of motion, and attitude dynamics and rotational motion are omitted to focus on positional behavior. Detection performance with and without the proposed method is compared under the three attack scenarios (Fig. 2, Fig. 3, Fig. 4). The results show that the proposed scheme enables effective identification of all attack types and maintains stable system behavior, demonstrating its practical applicability and improvement over existing approaches. Conclusions This study addresses the detection of integrity attacks in CPS. Three representative attack types (bias, replay, and covert attacks) are modeled, and the conditions required for their successful execution are analyzed. A detection approach combining additive watermarking and multiplicative encoding matrices is proposed and shown to detect all three attack types. The design uses paired positive–negative additive watermarks and paired encoding and decoding matrices to ensure accurate detection while maintaining normal control performance. A time-varying configuration is adopted to prevent attackers from reconstructing or bypassing the detection elements. Using an aerial vehicle trajectory simulation, the proposed approach is demonstrated to be effective and applicable to cyber-physical system security enhancement.
- Cyber-Physical Systems (CPS),
- Integrity attacks,
- Physical watermarking,
- Coding matrices

FullText(HTML)

References(21)

References

[1]	TEIXEIRA A, PÉREZ D, SANDBERG H, et al. Attack models and scenarios for networked control systems[C]. The 1st International Conference on High Confidence Networked Systems, Beijing, China, 2012: 55–64. doi: 10.1145/2185505.2185515.
[2]	方崇荣. 信息物理系统中数据完整性攻击的检测与防御研究[D]. [博士论文], 浙江大学, 2021. doi: 10.27461/d.cnki.gzjdx.2021.001222. FANG Chongrong. Research on detection and defense of data integrity attacks in cyber-physical systems[D]. [Ph. D. dissertation], Zhejiang University, 2021. doi: 10.27461/d.cnki.gzjdx.2021.001222.
[3]	CÁRDENAS A A, AMIN S, LIN Z Y, et al. Attacks against process control systems: Risk assessment, detection, and response[C]. The 6th ACM Symposium on Information, Computer and Communications Security, Hong Kong, China, 2011: 355–366. doi: 10.1145/1966913.1966959.
[4]	叶丹, 靳凯净, 张天予. 网络攻击下的信息物理系统安全性研究综述[J]. 控制与决策, 2023, 38(8): 2243–2252. doi: 10.13195/j.kzyjc.2023.0386. YE Dan, JIN Kaijing, and ZHANG Tianyu. A survey on security of cyber-physical systems under network attacks[J]. Control and Decision, 2023, 38(8): 2243–2252. doi: 10.13195/j.kzyjc.2023.0386.
[5]	HUANG Xin, LI Jian, and SU Qingyu. An observer with cooperative interaction structure for biasing attack detection and secure control[J]. IEEE Transactions on Systems, Man, and Cybernetics: Systems, 2023, 53(4): 2543–2553. doi: 10.1109/TSMC.2022.3213516.
[6]	赵华. 工业控制系统异常检测算法研究[D]. [硕士论文], 冶金自动化研究设计院, 2013. doi: 10.7666/d.Y2362236. ZHAO Hua. Research on anomaly detection algorithm for industrial control systems[D]. [Master dissertation], Automation Research and Design Institute of Metallurgical Industry, 2013. doi: 10.7666/d.Y2362236.
[7]	MO Yilin and SINOPOLI B. Secure control against replay attacks[C]. 2009 47th Annual Allerton Conference on Communication, Control, and Computing (Allerton), Monticello, USA, 2009: 911–918. doi: 10.1109/ALLERTON.2009.5394956.
[8]	FERRARI R M G and TEIXEIRA A M H. Detection and isolation of replay attacks through sensor watermarking[J]. IFAC-PapersOnLine, 2017, 50(1): 7363–7368. doi: 10.1016/j.ifacol.2017.08.1502.
[9]	FANG Chongrong, QI Yifei, CHENG Peng, et al. Optimal periodic watermarking schedule for replay attack detection in cyber–physical systems[J]. Automatica, 2020, 112: 108698. doi: 10.1016/j.automatica.2019.108698.
[10]	杜大军, 张竞帆, 张长达, 等. 动态水印攻击检测方法的鲁棒性研究[J]. 自动化学报, 2023, 49(12): 2557–2568. doi: 10.16383/j.aas.c200614. DU Dajun, ZHANG Jingfan, ZHANG Changda, et al. Robustness of dynamic-watermarking attack-detection method[J]. Acta Automatica Sinica, 2023, 49(12): 2557–2568. doi: 10.16383/j.aas.c200614.
[11]	MIAO Fei, ZHU Quanyan, PAJIC M, et al. Coding schemes for securing cyber-physical systems against stealthy data injection attacks[J]. IEEE Transactions on Control of Network Systems, 2017, 4(1): 106–117. doi: 10.1109/TCNS.2016.2573039.
[12]	YE Dan, ZHANG Tianyu, and GUO Ge. Stochastic coding detection scheme in cyber-physical systems against replay attack[J]. Information Sciences, 2019, 481: 432–444. doi: 10.1016/j.ins.2018.12.091.
[13]	张正道, 杨佳佳, 谢林柏. 基于辅助信息补偿和控制信号编码的重放攻击检测方法[J]. 自动化学报, 2023, 49(7): 1508–1518. doi: 10.16383/j.aas.c210092. ZHANG Zhengdao, YANG Jiajia, and XIE Linbo. Replay attack detection method based on auxiliary information compensation and control signal coding[J]. Acta Automatica Sinica, 2023, 49(7): 1508–1518. doi: 10.16383/j.aas.c210092.
[14]	HOEHN A and ZHANG Ping. Detection of covert attacks and zero dynamics attacks in cyber-physical systems[C].2016 American Control Conference (ACC), Boston, USA, 2016: 302–307. doi: 10.1109/ACC.2016.7524932.
[15]	ATTAR M and LUCIA W. An active detection strategy based on dimensionality reduction for false data injection attacks in cyber-physical systems[J]. IEEE Transactions on Control of Network Systems, 2023, 10(4): 1844–1854. doi: 10.1109/TCNS.2023.3244103.
[16]	GRIFFIOEN P, WEERAKKODY S, and SINOPOLI B. An optimal design of a moving target defense for attack detection in control systems[C]. 2019 American Control Conference (ACC), Philadelphia, USA, 2019: 4527–4534. doi: 10.23919/ACC.2019.8814689.
[17]	XU Wangkun, JAIMOUKHA I M, and TENG Fei. Robust moving target defence against false data injection attacks in power grids[J]. IEEE Transactions on Information Forensics and Security, 2023, 18: 29–40. doi: 10.1109/TIFS.2022.3210864.
[18]	WANG Jiazhou, TIAN Jue, LIU Yang, et al. MMTD: Multistage moving target defense for security-enhanced D-FACTS operation[J]. IEEE Internet of Things Journal, 2023, 10(14): 12234–12247. doi: 10.1109/JIOT.2023.3245628.
[19]	ANDERSON B D O and MOORE J B. Optimal Filtering[M]. New York: Dover Publications, 2005: 307–341.
[20]	YE N, EMRAN S M, CHEN Q, et al. Multivariate statistical analysis of audit trails for host-based intrusion detection[J]. IEEE Transactions on Computers, 2002, 51(7): 810–820. doi: 10.1109/TC.2002.1017701.
[21]	KWON C, LIU Weiyi, and HWANG I. Security analysis for cyber-physical systems against stealthy deception attacks[C]. 2013 American Control Conference, Washington, USA, 2013: 3344–3349. doi: 10.1109/ACC.2013.6580348.