Industrial control systems (ICSs) face escalating risks from network-layer cyberattacks. False data injection attacks (FDIAs) undermine operational security by manipulating data transmitted through communication networks, leading the controller to receive compromised state information and subsequently make erroneous decisions. This paper proposes a novel detection framework for FDIAs based on a super-twisting extended state observer (STESO). First, we design a third-order STESO and rigorously prove its finite-time stability through Lyapunov function analysis, enabling rapid and accurate estimation of system states and disturbances. Second, the FDIA detection mechanism is established by constructing a reference model based on disturbance estimate, where deviations between the reference system states and the observed states under steady-state conditions serve as detection indicator. The proposed mechanism effectively avoids false alarms caused by disturbances. In addition, the introduction of the observer reduces the detection system’s reliance on real states, making it more suitable for ICS where state information is often unavailable. Finally, numerical simulations validated the effectiveness of the proposed detection method and insensitivity to disturbances.
AnDZhangFYangQ, et al. (2022) Data integrity attack in dynamic state estimation of smart grid: Attack model and countermeasures. IEEE Transactions on Automation Science and Engineering19(3): 1631–1644.
2.
AntonSDDFraunholzDKrohmerD, et al. (2021) The global state of security in industrial control systems: An empirical analysis of vulnerabilities around the world. IEEE Internet of Things Journal8(24): 17525–17540.
3.
BessaITrapielloCPuigV, et al. (2022) Dual-rate control framework with safe watermarking against deception attacks. IEEE Transactions on Systems, Man, and Cybernetics: Systems52(12): 7494–7506.
4.
CaoGWuYYuD, et al. (2025) Attack detection and location using state forecasting in multivariate time series of ICS. IEEE Transactions on Network Science and Engineering12(4): 2989–3001.
5.
CardenasAAAminSSastryS (2008) Secure control: Towards survivable cyber-physical systems. In: Proceedings of the 2008 the 28th international conference on distributed computing systems workshops, Beijing, China, 17–20 June, pp. 495–500. New York: IEEE.
6.
ChenYKarSMouraJM (2017) Optimal attack strategies subject to detection constraints against cyber-physical systems. IEEE Transactions on Control of Network Systems5(3): 1157–1168.
7.
DengRXiaoGLuR (2015) Defending against false data injection attacks on power system state estimation. IEEE Transactions on Industrial Informatics13(1): 198–207.
8.
GalloAJTuranMSNahataP, et al. (2018) Distributed cyber-attack detection in the secondary control of DC microgrids. In: Proceedings of the 2018 European control conference (ECC), Limassol, Cyprus, 12–15 June, pp. 344–349. New York: IEEE.
9.
GuptaRAChowM (2009) Networked control system: Overview and research trends. IEEE Transactions on Industrial Electronics57(7): 2527–2535.
10.
HuangYTangJChengY, et al. (2014) Real-time detection of false data injection in smart grid networks: An adaptive CUSUM method and analysis. IEEE Systems Journal10(2): 532–543.
11.
HugGGiampapaJA (2012) Vulnerability assessment of AC state estimation with respect to false data injection cyber-attacks. IEEE Transactions on Smart Grid3(3): 1362–1370.
12.
KimJLeeCShimH, et al. (2018) Detection of sensor attack and resilient state estimation for uniformly observable nonlinear systems having redundant sensors. IEEE Transactions on Automatic Control64(3): 1162–1169.
LiangGZhaoJLuoF, et al. (2016) A review of false data injection attacks against modern power systems. IEEE Transactions on Smart Grid8(4): 1630–1638.
15.
LiuSWeiGSongY, et al. (2016) Extended Kalman filtering for stochastic nonlinear systems with randomly occurring cyber attacks. Neurocomputing207: 708–716.
16.
LuLYLiuJHLinSW, et al. (2023) Concurrent cyber deception attack detection of consensus control in isolated AC microgrids. IEEE Transactions on Industry Applications59(6): 7584–7596.
17.
LuYXuL (2019) Internet of things (IoT) cybersecurity research: A review of current research topics. IEEE Internet of Things Journal6(2): 2103–2115.
18.
ManandharKCaoXHuF, et al. (2014) Detection of faults and attacks including false data injection attack in smart grid using Kalman filter. IEEE Transactions on Control of Network Systems1(4): 370–379.
19.
PasqualettiFDörflerFBulloF (2013) Attack detection and identification in cyber-physical systems. IEEE Transactions on Automatic Control58(11): 2715–2729.
20.
SoltaniSKordestaniMAghaeePK, et al. (2017) Improved estimation for well-logging problems based on fusion of four types of Kalman filters. IEEE Transactions on Geoscience and Remote Sensing56(2): 647–654.
21.
SuoYChaiRChaiS, et al. (2024) Attack detection and secure state estimation of collectively observable cyber-physical systems under false data injection attacks. IEEE Transactions on Automatic Control69(3): 2067–2074.
22.
WuCZhaoXZhaoN, et al. (2024) Periodic and dynamic periodic event-triggered control for nonlinear cyber-physical systems under DoS attacks via a hybrid system approach. IEEE Transactions on Control of Network Systems11(1): 221–232.
23.
XuDJinFZhouF, et al. (2024) Active fault diagnosis based on dual-observer for leakage detection and estimation with adaptive auxiliary signal mechanism in industrial gas networks. IEEE Transactions on Instrumentation and Measurement73: 1–11.
24.
XuHYuWGriffithD, et al. (2018) A survey on industrial internet of things: A cyber-physical systems perspective. IEEE Access6: 78238–78259.
25.
XueYPanJGengY, et al. (2024) Real-time intrusion detection based on decision fusion in industrial control systems. IEEE Transactions on Industrial Cyber-Physical Systems2: 143–153.
26.
YaoWWangYXuY, et al. (2023) Cyber-resilient control of an islanded microgrid under latency attacks and random DoS attacks. IEEE Transactions on Industrial Informatics19(4): 5858–5869.
27.
YuanJCaiYChenY, et al. (2024) Efficient detection of cooperative external attacks in wireless localization systems. IEEE Transactions on Wireless Communications23(11): 16666–16682.
28.
ZhangHZhaoNWangS, et al. (2023) Improved event-triggered dynamic output feedback control for networked T–S fuzzy systems with actuator failure and deception attacks. IEEE Transactions on Cybernetics53(12): 7989–7999.
29.
ZhangQZhouCXiongN, et al. (2016) Multimodel-based incident prediction and risk assessment in dynamic cybersecurity protection for industrial control systems. IEEE Transactions on Systems, Man, and Cybernetics: Systems46(10): 1429–1444.
