Data-Driven Attack Detection for Linear Systems

This paper studies the attack detection problem in a data-driven and model-free setting, for deterministic systems with linear and time-invariant dynamics. Differently from existing studies that leverage knowledge of the system dynamics to derive security bounds and monitoring schemes, we focus on the case where the system dynamics, as well as the attack strategy and attack location, are unknown. We derive fundamental security limitations as a function of only the observed data and without estimating the system dynamics (in fact, no assumption is made on the identifiability of the system). In particular, (i) we derive detection limitations as a function of the informativity and length of the observed data, (ii) provide a data-driven characterization of undetectable attacks, and (iii) construct a data-driven detection monitor. Surprisingly, and in accordance with recent studies on data-driven control, our results show that model-based and data-driven security techniques share the same fundamental limitations, provided that the collected data remains sufficiently informative.