Abstract

The deployment of control systems with network-connected components nowadays has made feedback control systems vulnerable to attacks over the network. This paper considers the problem of intrusion detection and prevention in supervisory control systems, where the attacker has the ability to enable vulnerable actuator events that are disabled by the supervisor. We present a mathematical model for the system under such actuator enablement attacks and propose a defense strategy that detects attacks online and disables all controllable events after an attack is detected. We develop an algorithm for verifying whether the system can prevent damage from attacks with the proposed defense strategy, where damage is modeled as the reachability of a pre-defined set of “unsafe” states. The technical condition of interest that is necessary and sufficient in this context is characterized; it is termed “AE-safe controllability”. Finally, we illustrate the methodology with a traffic system example.