False Data Injection Attack Detection for Industrial Control Systems Based on Both Time and Frequency-Domain Analysis of Sensor Data

This article studies the intrusion detection problem for industrial control systems (ICSs) with repetitive machining under false data injection (FDI) attacks. A data-driven intrusion detection method is proposed based on both time- and frequency-domain analysis. The proposed method only utilizes the sensor measurements required in closed-loop control, and does not consume additional system resources or rely on the system model. In addition, features in time and frequency domain are extracted at the same time, having higher reliability than the intrusion detection methods which only utilize the features in time domain. After feature extraction, hidden Markov models (HMMs) are established by using the feature vectors under normal operating conditions of the ICS, and then the trained HMMs are utilized in real-time intrusion detection. Finally, experiments are carried out on a networked multiaxis engraving machine with FDI attacks. The experimental results show the effectiveness and superiority of the proposed intrusion detection method.