Abstract

Recently, researchers found a new type of attacks, called time synchronization attack (TS attack), in cyber-physical systems. Instead of modifying the measurements from the system, this attack only changes the time stamps of the measurements. Studies show that these attacks are realistic and practical. However, existing detection techniques, e.g. bad data detection (BDD) and machine learning methods, may not be able to catch these attacks. In this paper, we develop a "first difference aware" machine learning (FDML) classifier to detect this attack. The key concept behind our classifier is to use the feature of "first difference", borrowed from economics and statistics. Simulations on IEEE 14-bus system with real data from NYISO have shown that our FDML classifier can effectively detect both TS attacks and other cyber attacks.