Introduction

The increasing reliance on networked control systems (NCSs) in industrial automation, power grids, and manufacturing systems has introduced new cybersecurity challenges1,2. These systems integrate physical processes with digital communication networks to enable remote monitoring and control. However, the transition from conventional control architectures to NCSs has exposed critical vulnerabilities in the communication layer, making them susceptible to sophisticated cyber-physical attacks (CPAs)3. Unlike traditional cyber threats, CPAs target both the digital and physical components of the system, potentially leading to catastrophic failures4. Notable incidents, such as the 1982 Soviet pipeline explosion and the 2010 StuxNet attack on an Iranian nuclear facility, underscore the pressing need for robust cybersecurity mechanisms in industrial control environments5.

Among these threats, zero-dynamics attacks (ZDAs) pose a particularly insidious risk. Unlike conventional cyber attacks, ZDAs leverage the inherent zero dynamics of the system to remain undetectable by standard security and monitoring mechanisms6. By carefully designing attack signals that align with the system’s zero dynamics, adversaries can induce unsafe states while evading detection, resulting in production disruptions, equipment malfunctions, or safety hazards. This stealthy nature makes ZDAs especially dangerous for mission-critical infrastructure, including chemical plants, power grids, and automated manufacturing systems.

For example, in a chemical manufacturing facility, an attacker could manipulate the zero dynamics to alter valve positions or fluid levels without triggering alarms, leading to hazardous operational conditions. Similarly, in a power grid, a ZDA could disrupt voltage regulators, inducing instability while bypassing anomaly detection systems. Given the high-risk consequences of such attacks, effective ZDA detection mechanisms are essential to ensuring the security and resilience of industrial NCSs. Despite growing concerns over ZDA threats, existing detection strategies remain largely theoretical and lack validation in both simulated and real-world industrial environments. This study aims to bridge this gap by evaluating the simulation-based effectiveness of two well-established ZDA detection methodologies:

  • Modifying System Dynamics-Techniques that alter the system’s control objectives to expose ZDAs, including actuator gain modification, system matrix perturbation, and additional sensor measurements6.

  • Triggering Data Loss via an Intermittent Unknown Input Kalman Filter (IIKF)-A method that leverages active anomaly detection by deliberately introducing data loss in control signals and utilizing an IIKF-based estimator to monitor system behavior7.

To the best of our knowledge, this is the first study to evaluate these ZDA detection techniques in simulated industrial NCS environments, specifically within the Tennessee Eastman Process (TEP) and the Sextuple Tank Process (STP). Through extensive simulations, we:

  1. 1.

    Analyze the stealth characteristics of ZDAs and their impact on industrial NCSs.

  2. 2.

    Evaluate the practical feasibility of existing ZDA detection methods in high-dimensional industrial processes.

  3. 3.

    Compare the detection accuracy, delay, and computational overhead of passive (system modification) and active (IIKF-based) detection strategies.

  4. 4.

    Provide insights into the trade-offs between detection speed and system redesign requirements for real-world applications.

The remainder of the paper is structured as follows: Section II reviews related work on ZDA detection. Section III provides background on NCSs and their vulnerabilities to ZDAs. Section IV discusses ZDA detection methods, detailing approaches such as modifying system dynamics and triggering data loss. Section V presents simulations conducted on the TEP and the STP to evaluate these detection techniques. Section VI analyzes the results, comparing the effectiveness of different detection strategies. Finally, Section VII concludes the paper with key findings and future research directions.

Related work

Recent advancements have significantly enhanced the detection and understanding of ZDAs in NCSs. The study in6employs a geometric control framework to analyze the stealthiness of ZDAs in linear time-invariant (LTI) systems. It establishes that ZDAs remain undetectable due to their confinement within the system’s unobservable subspace, thereby suggesting that modifying system dynamics can reveal these attacks. Similarly7, introduces an active detection approach using an intermittent unknown input Kalman filter (IIKF), which strategically induces data loss to expose ZDA-induced anomalies. Pasha et al.8 highlight the severity of ZDAs, demonstrating their ability to exploit inherent system vulnerabilities to evade standard detection mechanisms. Their study evaluates two ZDA construction methods and their impact on industrial processes. Hoehn and Zhang9 propose a modulation-based defense strategy, integrating a modulation matrix within the control signal to disrupt the attacker’s reliance on precise system parameters. Back et al.10 extend this concept by analyzing how ZDAs destabilize both minimum-phase and non-minimum-phase systems due to unstable discrete-time zeros. To mitigate this, they introduce a generalized hold approach, effectively stabilizing discrete-time zeros and enhancing system resilience against ZDAs.

The study in11 explores methods to mitigate ZDA in distributed control systems (DCS) with compromised agents and sensors. The authors utilize graph theory to identify structural conditions under which ZDAs can occur, providing a framework for vulnerability analysis. Park et al.12 extend the Byrnes-Isidori normal form to construct covert cyber-physical attacks, distinguishing true zero dynamics from their input-output interactions. This approach reduces dependency on full system knowledge, addressing a key limitation of traditional ZDA models. Baniamerian et al.13 propose a detection framework that integrates an auxiliary system with detection filters, ensuring robustness even against attackers with complete CPS knowledge. Gray et al.14 analyze universal zero dynamics in single-input single-output (SISO) systems using the Chen-Fliess series representation. Their work formalizes minimal phase conditions and explores scenarios where system dynamics can be manipulated to mask attacks. They further illustrate how ZDAs can exploit power generation models, emphasizing the real-world risks of such vulnerabilities. Griffioen et al.15 propose a moving target defense strategy to protect cyber-physical systems from integrity attacks, including ZDA. By introducing stochastic, time-varying components into control systems, this method limits attackers’ ability to model the system accurately, thereby reducing the risk of covert attacks. Their study explores hybrid, extended, and nonlinear moving target defenses, demonstrating their effectiveness in identifying malicious nodes and improving attack detection.

Kim et al.16 tackle the challenge of ZDA detection in NCS by developing a generalized sampler-based defense. This method accurately identifies zero locations in sampled-data systems, rendering attacks ineffective if all zeros remain inside the unit circle. Their results indicate that this approach outperforms conventional techniques and contributes to the development of more resilient intrusion detection systems. Grey et al.17 introduce a data-driven method for detecting ZDA, relying solely on external system inputs and outputs without requiring access to internal states. Their approach models attack signals to enhance detection accuracy and supports the design of effective countermeasures across various system architectures. Wang et al.18 analyze the effect of periodic ZDA on second-order multi-agent systems structured on directed graphs. Their study models the compromised system’s dynamics, focusing on small-scale attacks to evaluate their real-world impact. The research emphasizes the role of rooted agents in consensus formation and introduces a metric to quantify ZDA-induced disruptions. Simulations validate the theoretical predictions but are limited to structured graph-based environments. Lee et al.19 explore how ZDA can exploit encrypted control systems by embedding covert signals within encrypted outputs, effectively bypassing security measures. Their simulations highlight the vulnerability of encrypted systems, underscoring the need for improved cryptographic defenses. Baniamerian et al.20 extend ZDA analysis to linear time-delay systems, introducing new attack models based on infinite-dimensional system theory. Their work broadens the scope beyond conventional finite-dimensional frameworks but lacks experimental validation. Kimura and Ishii21 investigate the impact of quantization errors in sampled-data control systems, showing that attack signal quantization can introduce detectable anomalies in system outputs. They propose dynamic quantization techniques to mitigate these errors, demonstrating their effectiveness through simulations. In response to the challenges posed by model-based ZDA, Kim et al.22 propose a Generalized Hold (GH) strategy to enhance system resilience. Their application to a DC-DC converter demonstrates its potential for mitigating ZDA, providing insights into practical implementation.

In our previousous research8, we focused on the development and impact of ZDinoss three industrial processes. This paper extends that work by shifting the focus to ZDA detection, evaluating two established methodologies6,7 in industrial control environments, specifically the TEP and the STP. Unlike previous studies that primarily addressed theoretical attack modeling, this research provides a structured performance analysis of detection techniques, emphasizing their feasibility, scalability, and trade-offs in high-dimensional industrial NCSs.

Background

The integration of Networked Control Systems (NCSs) in industrial sectors introduces new cybersecurity risks, especially from Zero-Dynamics Attacks (ZDAs). These attacks exploit system dynamics to remain undetected, posing significant threats to critical infrastructure. Understanding and detecting such covert threats is crucial. This paper explores methods for detecting ZDAs, starting with the Model of Networked Control Systems, followed by a detailed analysis of detection techniques and simulations.

Model of networked control system

Figure 1 illustrates a NCS under a ZDA. The system comprises a physical process, a geographically distributed communication network linking it to a controller, and an anomaly detection mechanism that utilizes sensor and actuator data to identify anomalies.

Fig. 1
Fig. 1
Full size image

Model of an NCS under ZDA.

The compromised NCS is modeled as a LTI state-space system is represented as:

$$\begin{aligned}&x_{k+1} = Ax_k + B\mu _k + w_k, \end{aligned}$$
(1)
$$\begin{aligned}&y_k = Cx_k + v_k, \end{aligned}$$
(2)
$$\begin{aligned}&\mu _k = u_k + a_k. \end{aligned}$$
(3)

Here, \(x_k \in \mathbb {R}^n\) denotes the system state at time k. The actuator channels transmit the control input \(u_k \in \mathbb {R}^q\) to the plant, while the sensor measurements, \(y_k \in \mathbb {R}^m\), are sent to the controller. The attack vector \(a_k\) is injected into the actuator channels. The process noise \(w_k \in \mathbb {R}^n\) and measurement noise \(v_k \in \mathbb {R}^m\) are uncorrelated Gaussian random sequences with covariance matrix:

$$\text {var}\begin{pmatrix} w_k \\ v_k \end{pmatrix}= \begin{pmatrix} W & 0 \\ 0 & V \end{pmatrix},$$

where W and V are positive definite matrices. The control law is determined by the state feedback gain K and the state estimate \(m_k\) as follows:

$$u_k = -K m_k.$$

The Kalman filter computes the state estimate \(m_k\) as:

$$\begin{aligned} m_k = A m_{k-1} + B u_{k-1} + G\gamma _k. \end{aligned}$$

where the residual \(\gamma _k\) is given by:

$$\begin{aligned} \gamma _k = y_k - C(A m_{k-1} + B u_{k-1}). \end{aligned}$$

The steady-state Kalman gain G is computed using:

$$\begin{aligned}&G = gC^T [CgC^T + V]^{-1},\\&g = AP_{k-1}A^T + W. \end{aligned}$$

The state estimation error covariance matrix at time k is:

$$\begin{aligned} P_k = (I - GC)g. \end{aligned}$$

The NCS employs an anomaly detector that monitors system inputs and outputs, using a \(\chi ^2\) distribution with m degrees of freedom. The anomaly detection algorithm evaluates the anomaly score \(g_k\) based on the residual \(\gamma _k\) as:

$$\begin{aligned} g_k= \Vert \gamma _k\Vert _{P^{-1}_{\gamma ,k}}^{2}, \end{aligned}$$

where

$$\begin{aligned} P_{\gamma ,k} = C(AP_{k-1}A^T + W)C^T + V. \end{aligned}$$

A threshold \(\eta \in \mathbb {R}\) determines whether an anomaly is detected: if \(g_k> \eta\), the system flags an anomaly.

The nominal system, in the absence of an attack, is described by:

$$\begin{aligned}&\bar{x}_{k+1} = A\bar{x}_k + B\bar{u}_k + w_k, \end{aligned}$$
(4)
$$\begin{aligned}&\bar{y}_k = C\bar{x}_k + v_k , \end{aligned}$$
(5)
$$\begin{aligned}&\bar{u}_k = u_k. \end{aligned}$$
(6)

By subtracting equations (4)-(6) from equations (1)-(3), the impact of a non-zero ZDA on actuator channels is captured by:

$$\begin{aligned}&\tilde{x}_{k+1} = A\tilde{x}_k + B(\tilde{u}_k + a_k) , \end{aligned}$$
(7)
$$\begin{aligned}&\tilde{y}_k = C\tilde{x}_k , \end{aligned}$$
(8)
$$\begin{aligned}&\tilde{u}_k = u_k - \bar{u}_k. \end{aligned}$$
(9)

where \(\tilde{x}_k = x_k - \bar{x}_k\) and \(\tilde{y}_k = y_k - \bar{y}_k\). Assuming the attack begins at \(k = 0\), and if \(\bar{x}_0 = x_0\), then \(\tilde{x}_0 = 0\). The following lemma provides conditions for covert attacks.

Lemma 1

If there is an input signal that excites the system states in a manner that satisfies the following conditions:

  • \(\limsup _{k \rightarrow \infty } \Vert \tilde{x}_k \Vert = \infty\)

  • \(\ \Vert \tilde{y}_k\Vert \le \epsilon\), \(\forall k\ge 0\) and \(\epsilon>0\)

then system (1)-(3) becomes vulnerable to undetectable attacks6.

Remark 1

Lemma 1 states that the system is susceptible to stealthy attacks if the attacker can excite the system states geometrically while keeping the system outputs within a constrained range.

Construction of Zero-dynamics attacks

We briefly analyze two approaches to constructing a ZDA. The first method utilizes output feedback, as described in6, based on geometric control theory. The second approach employs state feedback, as detailed in7, leveraging fault detection and isolation techniques.

ZDA via output feedback

Consider an observer for system (7) and (9):

$$\begin{aligned} \hat{x}_{k+1} = A\hat{x}_k+ B\tilde{u}_k+ L(\tilde{y}_k-C\hat{x}_k). \end{aligned}$$
(10)

The observer estimates the state by incorporating predicted state evolution and a correction term. The closed-loop system dynamics are expressed as:

$$\begin{aligned}&\xi _{k+1} = \bar{A}\xi _k + \bar{B} a_k, \quad \xi _0 = 0, \end{aligned}$$
(11)
$$\begin{aligned}&\tilde{y}_k = \bar{C}\xi _k, \end{aligned}$$
(12)

where

$$\begin{aligned}&\xi _k= (\tilde{x}_k^T, \hat{x}_k^T)^T, \bar{A}= \begin{bmatrix} A & -BK \\ LC & A-BK-LC \\ \end{bmatrix},\\&\bar{B}= \begin{bmatrix} B \\ 0 \\ \end{bmatrix}, \bar{C}= \begin{bmatrix} C & 0 \\ \end{bmatrix}. \end{aligned}$$

The ZDA vector \(a_k\) describes the zero dynamics and follows:

$$\begin{aligned}&z_{k+1} = (A+BF)z_k ~~~ z_{o}\in \mathscr {V}_m , \end{aligned}$$
(13)
$$\begin{aligned}&a_k= F z_k . \end{aligned}$$
(14)

Here, \(z_k\) evolves within the system’s internal dynamics, and \(a_k\) ensures the attack remains undetectable in system outputs.

Remark 2

If matrix A is unstable, choose \(z_0\) orthogonal to the eigenvectors of its unstable poles.

The subspace \(\mathscr {V}_m\) is the largest \((A, \mathscr {B})\)-controlled invariant subspace within the null space of C, ensuring state changes within it remain unobservable:

$$\mathscr {V}_m \subseteq \mathscr {C}.$$

From23, Theorem 4.1.2, state feedback can transform a maximal \((A, \mathscr {B})\)-controlled invariant subspace into a simple invariant one:

$$\begin{aligned} (A + BF) \mathscr {V}_m \subseteq \mathscr {V}_m, \end{aligned}$$
(15)

Efficient algorithms in23,24 compute \(\mathscr {V}_m\) and matrix F.

Remark 3

To satisfy the attack condition \(z_0 \in \mathscr {V}_m\), select \(z_0\) near the origin, ensuring minimal system disruption while maintaining attack effectiveness6.

Remark 4

If Lemma 1 holds, the observer remains unaffected by the ZDA, ensuring attack stealth.

Matrix F enables stealthy ZDAs by aligning \(a_k\) with the system’s zero dynamics. Established methods8 construct F, with applications in industrial systems like the TEP and STP.

ZDA via state feedback

For the NCS defined by (7) and (9), applying the attack \(a_k = -K_a\tilde{x}_k\) yields:

$$\begin{aligned}&\tilde{x}_{k+1} = (A-BK_a)\tilde{x}_k+ \delta _{k,o}F_ad_a, \quad \tilde{x}_o=0, \end{aligned}$$
(16)
$$\begin{aligned}&\tilde{y}_k = C\tilde{x}_k. \end{aligned}$$
(17)

The Kronecker delta function \(\delta _{k,0}\) ensures the attack affects only the initial step:

$$\delta _{i,j}= {\left\{ \begin{array}{ll} 1 & \quad \text {if } i=j\\ 0 & \quad \text {if } i\ne j \end{array}\right. },$$

Remark 5

Choosing \(d_a\) near the origin helps initiate the attack while remaining covert.

The attack matrix \(F_a \in \mathbb {R}^{n \times n_z}\) satisfies:

$$CF_a=0,$$

ensuring the control input does not affect unstable zeros. Using the projection theorem:

$$F_a= [I- C^T(CC^T)^{-1} C]\bar{F} ,$$

where any \(\bar{F} \in \mathbb {R}^{n \times n_z}\) and \(d_a \ne 0\) satisfy the condition. Similarly, the gain matrix \(K_a \in \mathbb {R}^{q \times n}\) ensures:

$$C(A-BK_a)=0,$$

keeping the output identically zero. The formulation follows:

$$\begin{aligned}&K_a = [I - B^T C^T \Sigma ^{-1} CB] \bar{K}+ B^T C^T \Sigma ^{-1} CA,\\&\Sigma =(CBB^T C^T). \end{aligned}$$

Using Basile and Marro’s methods23, select \(\bar{F}\) to satisfy:

$$(A - BK_a) F_a = F_a \text {diag}(Z_j)~.$$

Here, \(Z_j\) represents the system’s unstable zeros, ensuring they remain isolated.

Remark 6

If A is unstable, choose \(\bar{F}\) orthogonal to its unstable eigenvectors8.

Detection of zero-dynamics attacks

This section presents two methodologies for detecting ZDAs, a class of covert cyber threats that manipulate the internal dynamics of networked control systems (NCS). Both approaches aim to address the limitations outlined in Lemma 1, which necessitates ensuring state observability within the control-invariant subspace. These methods function by inducing deviations in the system’s output from zero, thereby revealing the presence of a concealed ZDA. A detailed explanation of each methodology is provided, accompanied by workflow representations using flowcharts to improve clarity.

Modifying system dynamics

A primary approach to counteract ZDAs is to modify the system dynamics to ensure non-zero detectability. However, any alteration to the system must be meticulously designed to preserve stability while simultaneously increasing resilience against attacks. By following established modification principles6, these adjustments can be implemented with minimal disturbance to system operations.

To analyze the impact of ZDAs, we construct an augmented system that integrates the equations of the closed-loop system (11)-(12) with the ZDA equations (13)-(14), where \(\zeta _k= (\xi _k^T, z_k^T)^T\). The governing equations for this augmented system are:

$$\begin{aligned}&\zeta _{k+1} = \tilde{A}\zeta _k, \quad \zeta _o=(\xi _o^T, z_o^T)^T, \end{aligned}$$
(18)
$$\begin{aligned}&\tilde{y}_k = \tilde{C}\zeta _k , \end{aligned}$$
(19)

where

$$\tilde{A}= \begin{pmatrix} \bar{A} & \begin{pmatrix} BF \\ 0 \end{pmatrix} \\ 0 & A+BF \\ \end{pmatrix}, \quad \tilde{C}= \begin{pmatrix} \bar{C} & 0 \\ \end{pmatrix}.$$

For effective detection of ZDAs, it is crucial that the attack vector does not render the output of the augmented system ineffective. This requirement translates to violating the Popov-Belevitch-Hautus (PBH) observability test for the autonomous system:

$$\begin{aligned} \begin{bmatrix} \lambda I-A & - BF \\ 0 & \lambda I-(A+BF) \\ C & 0 \end{bmatrix} \begin{bmatrix} v \\ v \end{bmatrix} = 0, \end{aligned}$$
(20)

where v represents the eigenvector associated with \(\lambda\). If equation (20) holds, then \(\lambda\) is an invariant zero of the augmented system. The work in6 establishes detection criteria using the equation \(v=z_o\), leading to three strategic modifications to alter the behaviour of the augmented state \((\tilde{x}_k^T,z_k^T)^T\). These modifications aim to ensure that the initial state \(\tilde{x}_o\) does not reside in the controlled invariant subspace, reducing or eliminating the intersection between the attack subspace \(\mathscr {V}_m\) and the output null space. The three approaches are: perturbing the system matrix, changing the actuator gain, and incorporating additional measurements.

Perturbing the system matrix

Introducing controlled perturbations to the system matrix can prevent the attack vector from neutralizing the system output. Suppose an additive perturbation \(\Delta A\) modifies the system matrix A, yielding \(A' = A + \Delta A\). The system dynamics then evolve as:

$$\begin{aligned}&\zeta _{k+1} = \begin{pmatrix} A' & BF \\ 0 & A+BF \\ \end{pmatrix} \zeta _k,&\\&\tilde{y}_k = \begin{pmatrix} C&0 \end{pmatrix}\zeta _k. \end{aligned}$$

A system remains vulnerable if \(\Delta A z_o=0\), indicating that \(\Delta A\) should be designed such that the largest \((A,\mathscr {B})\)-controlled invariant subspace does not lie in the null space of \(\Delta A\), i.e., \(\mathscr {V}_m\notin \,\)null\((\Delta A)\). This ensures that previously unobservable subspaces become observable, thereby exposing ZDAs. Figure 2 illustrates this process.

Fig. 2
Fig. 2
Full size image

Detection of Zero-Dynamics Attacks via System Matrix Perturbations.

Changing the actuator gain

Altering actuator gains influences system controllability, potentially shifting attack vectors into the observable subspace. A diagonal matrix \(\tilde{W}\) modifies the input matrix B as \(B' = B\tilde{W}\), yielding the updated system:

$$\begin{aligned}&\zeta _{k+1}= \begin{pmatrix} A & B'F \\ 0 & A+BF \\ \end{pmatrix}\zeta _k ,\\&\tilde{y}_k = \begin{pmatrix} C&0 \end{pmatrix}\zeta _k . \end{aligned}$$

From the PBH observability test, a ZDA is detectable only if \(B(I-\tilde{W})Fz_o\ne 0\), ensuring that \(\mathscr {V}_m\) is observable. Reference6 suggests selecting \(\tilde{W}=\alpha I\), where \(\alpha \ne 1\), optimizing detection efficiency. This process is depicted in Figure 3.

Fig. 3
Fig. 3
Full size image

Detection of Zero-Dynamics Attacks via Actuator Gain Modifications.

Taking additional measurements

Expanding the measurement vector enhances system observability and detection capabilities. Additional sensor data, unknown to the attacker, modifies the output matrix to \(C'=(C^T, C_i^T)^T\), where \(i=1,2,...,\text {dim}(\mathscr {V}_m)\). The revised system is:

$$\begin{aligned}&\zeta _{k+1} = \begin{pmatrix} A & BF \\ 0 & A+BF \\ \end{pmatrix} \zeta _k.&\\&\tilde{y}_k = \begin{pmatrix} C'&0 \end{pmatrix}\zeta _k. \end{aligned}$$

If additional measurements reduce the intersection between \(\mathscr {V}_m\) and the null space of \(C'\), the attack becomes observable. Figure 4 illustrates this concept.

Fig. 4
Fig. 4
Full size image

Detection of Zero-Dynamics Attacks via Additional Measurements.

Triggering data loss and IIKF

The second approach employs a more refined strategy by intentionally inducing data losses in the control signal and utilizing an intermittent unknown input Kalman filter (IIKF)7 to analyze the system’s behavior. The IIKF differentiates between normal operations and the presence of a zero-dynamics attack (ZDA), specifically addressing scenarios where data losses occur intermittently.

By enabling real-time monitoring despite missing data, the IIKF not only detects the presence of a ZDA but also ensures continuous observation, offering a clear advantage over the first method. To achieve this, an active detector replaces the passive detector (Figure 5) to identify ZDA. This active detector deliberately triggers data loss (modeled as a Bernoulli random process) in the control signal \(\mu _k\), effectively transforming the ZDA into an intermittent unknown input superimposed on the control input. The IIKF then detects the ZDA by treating it as an intermittent unknown input to the system.

Fig. 5
Fig. 5
Full size image

NCS Model for detecting ZDA as an intermittent unknown input signal to the plant.

NCS model for revealing ZDA

At time \(k=t\), an active detector induces data loss \((\rho _k=1)\). If the control signal is blocked by the previous control action (\(\rho _k=1\), i.e., \(\tilde{u}_k=\tilde{u}_{k-1}\)), the defender cannot distinguish whether the system is under attack. The plant dynamics under data loss \((\rho _k=1)\) can be reformulated as follows, where the ZDA signal \(a_k\) represents a hypothetical attack:

  1. (i)

    No attack (Hypothesis \(H_0\)):

    $$\begin{aligned}&\tilde{x}_{k+1}=A \tilde{x}_k, \quad \tilde{x}_{t}= 0. \\&\tilde{y}_k=C\tilde{x}_k. \end{aligned}$$
    (i)
  2. (ii)

    Under attack (Hypothesis \(H_1\)):

    $$\begin{aligned}&\tilde{x}_{k+1}=A \tilde{x}_k, \quad \tilde{x}_{k=t}=F_a\beta ^{t-(k_0+1)} d_a .\\&\tilde{y}_k=C \tilde{x}_k. \end{aligned}$$
    (ii)

The attack initiation time is denoted as \(k_0\), with \(\beta =\text {bdiag}(z_1,...,z_{n_z})\). The system states during the attack follow:

$$\tilde{x}_{k=t}=F_a\beta ^{t-(k_0+1)}d_a, \quad x_{k_0+l}=F_a\beta ^{l-1}d_a, \quad l=t-k_0.$$

Combining equations (i) and ii, the system model is:

$$\begin{aligned}&\tilde{x}_{k+1}=A \tilde{x}_k+\tilde{F}\rho _ka_k .\\&\tilde{y}_k=C \tilde{x}_k. \end{aligned}$$
(iii)

where:

$$\begin{aligned}&a_k = {\left\{ \begin{array}{ll} 0 & \quad \text {under } H_0 \\ \beta ^{t-(K_0+1)}d_a & \quad \text {under } H_1 \end{array}\right. },\\&\tilde{x}_t=0, \quad \tilde{F}= AF_a. \end{aligned}$$

Equation iii clearly distinguishes the stable model from the ZDA component, allowing effective detection. The original NCS can be redefined as:

$$\begin{aligned}&x_{k+1} = Ax_k+B\mu _k+\tilde{F}\rho _ka_k+w_k . \end{aligned}$$
(21)
$$\begin{aligned}&y_k = C x_k+v_k . \end{aligned}$$
(22)
$$\begin{aligned}&\mu _k = \rho _k\mu _{k-1}+(1-\rho _k)u_k . \end{aligned}$$
(23)

Assumption 1

The NCS model (21)-(23) assumes no prior sensor or actuator faults7.

Here, \(\rho _k a_k\) represents the intermittent, unknown attack’s impact, where \(\rho _k\) is a Bernoulli-distributed binary sequence indicating data loss, with an arrival probability \(\omega =Pr[\rho _k=1]\).

Intermittent unknown input Kalman filter

The IIKF, a variant of the unknown input Kalman filter (UIKF), is designed for scenarios where unknown inputs activate or deactivate sequentially or simultaneously25.

Assumption 2

For the IIKF to estimate the intermittent unknown input (ZDA), matrix \(\tilde{F}\) must have full column rank25, i.e., \(rank(\tilde{F} )=n_z\) and \(rank(C\tilde{F})=n_z\).

Remark 7

Assumption 2 ensures the existence condition for computing the IIKF gain25.

The IIKF equations for ZDA monitoring and detection are:

$$\begin{aligned}&\hat{x}_{k|_k}=\sigma (\hat{x}_{k|_{k-1}}+\tilde{F}\hat{a}_k)+L_ky_k . \end{aligned}$$
(24)
$$\begin{aligned}&P_{k|_k}=\sigma (P_{k|_{k-1}}+\tilde{F}Q_k\tilde{F}^T)\sigma ^T +L_kL_k^T. \end{aligned}$$
(25)
$$\begin{aligned}&\hat{x}_{k+1|_k}=A\hat{x}_{k/k}+B u_k. \end{aligned}$$
(26)
$$\begin{aligned}&P_{k+1|_k}=AP_{k|_k}A^T+W. \end{aligned}$$
(27)

where \(L_k=P_{k|_{k-1}}C^TH_{k}^{-1}\), \(H_{k}=(CP_{k|_{k-1}}C^T+I)\), and \(\sigma =(I-L_kC)\). The intermittent unknown input estimate \(\hat{a}_k\) and its covariance matrix \(Q_k\) are updated online:

$$\begin{aligned}&\hat{a}_k=Q_k(C\tilde{F})^TH_k^{-1}(y_k-C\hat{x}_{k/k-1}). \end{aligned}$$
(28)
$$\begin{aligned}&Q_k=\rho _{k-1}[(C\tilde{F})^TH_k^{-1}(C\tilde{F})]^{-1}. \end{aligned}$$
(29)

The IIKF ensures stochastic stability in the presence of data loss25, Theorem 3.2. A \(\chi ^2\) detector with \(n_z\) degrees of freedom is used when \(\rho _{k-1}=1\):

$$\tilde{T}_{k} = \hat{a}_k^TQ_k\hat{a}_k {\begin{array}{ccc } \tilde{H}_1 \\ \gtreqless \\ \tilde{H}_0 \end{array} } \tilde{\eta }, \quad \rho _{k-1} =1.$$

where \(\tilde{\eta }\) is the desired false alarm rate.

Practical considerations for industrial applications

The proposed detection methods offer practical benefits with trade-offs. System dynamics modification enables rapid detection but entails costly redesigns. The IIKF provides a cost-effective alternative, integrating into existing monitoring systems with minimal alterations, making it suitable for diverse industries requiring continuous detection.

Simulations

To assess the effectiveness of the stated ZDA detection methodologies, we simulate attacks on two benchmark industrial NCSs:

  1. (i)

    Tennessee Eastman process (TEP) and

  2. (ii)

    Sextuple tank system (STP).

Each process is represented using a discrete-time state-space model, enabling the assessment of both passive and active ZDA detection methodologies. The subsequent subsections explain the system models and detection setups in depth.

Tennessee Eastman Process

The Tennessee Eastman Process (TEP) is a widely recognized benchmark for evaluating process control strategies in industrial chemical engineering26. It is an eighth-order multi-input multi-output (MIMO) system that includes four valves to control reactant flow and four sensors to monitor product flow, pressure, reactant purge quantity, and liquid inventory.

The system state variables \(x_{1,k},...,x_{4,k}\) represent the molar holdup of reactants at time k, while \(x_{5,k},...,x_{8,k}\) correspond to the valve positions for feed 1, feed 2, purge, and product, respectively. The considered model is discretized with a sampling time of \(T_s=0.17\) seconds. The system matrices are defined as:

$$\begin{aligned} A= \text {bdiag}(A_1,A_2,A_3), \end{aligned}$$
(30)

where the block-diagonal matrix consists of three sub-matrices:

$$\begin{aligned} A_1&= \begin{bmatrix} 0.9868 & 0 & 0 \\ 0 & 0.8912 & -0.2363 \\ 0 & 0.0378 & 0.9952 \end{bmatrix}, \\ A_2&= \begin{bmatrix} 1.0000 & 0.0078 \\ 0.0049 & 0.9598 \end{bmatrix}, \\ A_3&= \begin{bmatrix} 0.8178 & -0.0181 & 0 \\ 0.0091 & 0.9999 & 0 \\ 0 & 0 & 1.0101 \end{bmatrix}. \end{aligned}$$

The input-state relationship is governed by matrix B, while the state-measurement relationship is defined by matrix C. These matrices are given as:

$$\begin{aligned} B&= \begin{bmatrix} 0.0199 & 0 & 0 & 0 \\ 0 & 0 & 0 & 0.0756 \\ 0 & 0 & 0 & 0.0015 \\ 0.0445 & 0 & -0.0112 & 0 \\ 0.1250 & 0 & -0.0074 & 0 \\ 0 & 0.0181 & 0 & 0 \\ 0 & 0.0001 & 0 & 0 \\ 0 & 0 & 0 & 0.0101 \end{bmatrix},\\ C^T&= \begin{bmatrix} 1.333 & 0 & 0 & 0 \\ -4.25 & 0 & 0 & 0 \\ 0 & 0 & 0 & 0 \\ 0 & 0 & 0 & 0 \\ 0 & 8 & 0 & 8 \\ 0 & 0 & -0.075 & 0 \\ 0 & 0 & 1.5 & 0 \\ 0 & 0 & 0 & 1 \end{bmatrix}. \end{aligned}$$

The uncertainty in system dynamics and measurement noise is represented by matrices W and V, respectively. These are defined as:

$$\begin{aligned} W = 10^{-5}I_8, \quad V = I_4. \end{aligned}$$
(31)

Revealing Zero-Dynamics Attacks (ZDA) via system dynamics modification

Zero-Dynamics Attacks generated through output feedback rely on the basis matrix of the regulated invariant subspace, denoted as \(Q \in \mathscr {V}_m\), and the friend matrix F. These matrices are computed using23, Algorithm 4.1.2, pp. 204 and23, Algorithm 4.1.3, pp. 205, respectively. The matrix Q consists of two sub-matrices, \(Q_1\) and \(Q_2\), arranged in block-diagonal form, as follows:

$$\begin{aligned}&Q= \begin{bmatrix} Q_1 & 0 \\ 0 & Q_2 \end{bmatrix}\\&Q_1= \begin{bmatrix} 0.9542 & 0 & 0 & 0 \\ 0.2993 & 0 & 0 & 0 \\ 0 & 1 & 0 & 0 \\ 0 & 0 & -1. & 0 \end{bmatrix},\\&Q_2= \begin{bmatrix} 0 & 0 & 0 & 0 \\ 0 & 0.9988 & 0 & 0 \\ 0 & 0 & 0.0499 & 0 \\ 0 & 0 & 0 & 0 \end{bmatrix}. \end{aligned}$$

The friend matrix F plays a crucial role in generating the ZDA signal by transforming the controller’s output into the attack signal injected into the system:

$$\begin{aligned} \begin{aligned}&F= \begin{bmatrix} f_1&f_2 \end{bmatrix},\\&f_1= \begin{bmatrix} -4.3738 & -1.3718 & -37.8590 & 0 \\ 0 & 0 & 0 & 0 \\ -73.8810 & -23.1726 & -639.5106 & 0.6622 \\ 0 & 0 & 0 & 0 \end{bmatrix}, \\&f_2= \begin{bmatrix} 0 & 0 & 0 & 0 \\ 0 & 22.6146 & 1.1307 & 0 \\ 0 & 0 & 0 & 0 \\ 0 & 0 & 0 & 0 \end{bmatrix}. \end{aligned} \end{aligned}$$

The ZDA signal generated via output feedback comprises four components, represented as \(a_k = (a_{1,k}, a_{2,k}, a_{3,k}, a_{4,k})\). Due to the presence of a single unstable zero in the Tennessee Eastman Process (TEP), only the second component, \(a_{2,k}\), exhibits geometric growth, as illustrated in Figure 6(a). However, this component does not affect the detection variable \(T_k\) of the passive detector, as depicted in Figure 6(b). The detection threshold, denoted by \(\eta = 7.8\), is obtained by evaluating the integral \(\int \mathscr {X}(0,4)\) over the interval [0, 0.1], specifically:

$$\begin{aligned} \eta = \int _0^{0.1} \mathscr {X}(0,4) \, dt. \end{aligned}$$
Fig. 6
Fig. 6
Full size image

TEP response under ZDA generated via output feedback.

(i) Revealing ZDA via Perturbation of the System Matrix A

To expose ZDA in the TEP system, a perturbation matrix \(\Delta A\) is introduced into the system matrix A. The perturbation is defined as follows:

$$\begin{aligned} \Delta A= & 0.5\begin{bmatrix} 0&0&0&0&0&a_6&a_7&0 \end{bmatrix}, \\ a_6= & \begin{bmatrix} 0&0&1&0&1&0&1&0 \end{bmatrix}^T, \\ a_7= & \begin{bmatrix} 0&1&0&1&0&0&0&0 \end{bmatrix}^T. \end{aligned}$$

The chosen perturbation matrix \(\Delta A\) ensures that \(\Delta A z_0 \ne 0\), where \(z_0\) represents the initial state of the autonomous system responsible for generating the zero-dynamics signal (ZDS). A nonzero value is required to make the previously unobservable system dynamics detectable, thereby facilitating the identification of ZDA.

By applying the perturbation at a specific time step, \(k = 100\), the system undergoes a structural modification, leading to altered dynamics. As a result, the modified system no longer retains the original control-invariant subspace \(\mathscr {V}_m\), which previously masked the attack. This perturbation allows the observation of system dynamics that were previously unobservable, thereby exposing the presence of ZDA. The resulting effect is illustrated in Figure 7.

Fig. 7
Fig. 7
Full size image

TEP output after perturbation.

(ii) Detecting Zero-Dynamics Attacks via Actuator Gain Modification

To expose the Zero-Dynamics Attack (ZDA), we define \(\tilde{W}\) as:

$$\tilde{W} = 17 I_4.$$

Setting \(\tilde{W}\) to this specific value ensures that the condition \([B(\tilde{W}-I)F]z_0 \ne 0\) holds. This implies that the previously unobservable control-invariant subspace, which was unaffected by control inputs, becomes observable in the modified system. Consequently, this transformation facilitates the detection of the ZDA. Implementing the modified input matrix \(\tilde{B}\) at time step \(k=100\) results in a system output that is no longer zero, as illustrated in Figure 8.

Fig. 8
Fig. 8
Full size image

System response after actuator gain modification.

(iii) Detecting ZDA via Additional Measurements

To ensure the observability of the subspace \(\mathscr {V}_m\), additional measurements are introduced to satisfy the condition \(c_i z_0 \le 0\), thereby enabling ZDA detection. These additional measurements are defined as follows:

$$\begin{aligned} C_5= & \begin{bmatrix} 1&0&0&1&0&0.01&0.3&0 \end{bmatrix} \\ C_6= & \begin{bmatrix} 0&0&0&0&0.3&0.6&0&0 \end{bmatrix} \\ C_7= & \begin{bmatrix} 0&0.1&0.7&0&0&0.1&0.01&0 \end{bmatrix} \\ C_8= & \begin{bmatrix} 0&0&0&0&0&0.1&0.1&0 \end{bmatrix} \end{aligned}$$

By incorporating these measurements into a modified output matrix, defined as \(C'=[C^T \ C_5^T]^T\), the previously undetectable ZDA becomes observable. This is evidenced by the newly generated output \(y_{5,k}\), depicted in Figure 9. The new output effectively captures the dynamics of the ZDA, making its presence explicitly detectable.

Fig. 9
Fig. 9
Full size image

System response after incorporating additional measurements.

Performance evaluation of passive detection methods

Table 1 presents a comparative performance analysis of three passive detection methods: perturbation-based detection, actuator gain modification, and sensor augmentation. Each approach achieved an accuracy of 83% and a precision of 1.00, with slight variations in recall and F1 scores. Among them, perturbation-based detection exhibited the shortest detection delay (2.003 ms), outperforming sensor augmentation (2.106 ms) and actuator gain modification (3.481 ms). While all three methods successfully identified the attack, the perturbation approach demonstrated superior time efficiency, making it the most suitable choice for time-sensitive applications.

Revealing ZDA via triggering data loss in the control signal

To generate a Zero-Dynamics Attack (ZDA) on the Tennessee Eastman Process (TEP), we define two matrices, denoted as \(K_a\) and \(F_a\). The matrix \(K_a\) governs the dynamics of the ZDA and is expressed as follows:

$$\begin{aligned}&K_a= \begin{bmatrix} k_1&k_2 \end{bmatrix},\\&k_1=\begin{bmatrix} 2.6 & 2.0 & 12.1 & 0\\ 0 & 0 & 0 & 0\\ 42.2 & 33.2 & 196.4 & -0.6\\ 0 & 0 & 0 & 0 \end{bmatrix},\\&k_2=\begin{bmatrix} 0 & 0 & 0 & 24.9 \\ 0 & 6.3 & 135.5 & 0 \\ -5.0 & 0 & 0 & 402.0 \\ 0 & 0 & 0 & 6.3 \end{bmatrix}. \end{aligned}$$

The direction of the ZDA in the zero-dynamics subspace is determined by the friend matrix \(F_a\), which is given by:

$$\begin{aligned}&F_{a}= \begin{bmatrix} 0&0&0&0&0&-0.998&-0.049&0 \end{bmatrix}^T,\\&\tilde{F}= A F_a. \end{aligned}$$
Table 1 Passive Detection Metrics For TEP.
Full size table
Table 2 Active Detection Metrics For TEP.
Full size table
Table 3 Passive Detection Metrics For STP.
Full size table
Table 4 Active Detection Metrics for STP.
Full size table

Here, the vector \(\bar{F}\) in the relation

$$F_a=[I - C^T(CC^T)^{-1} C] \bar{F}$$

is chosen by inspection. Additionally, a scaling factor of \(3.33 \times 10^{-6}\), denoted as \(d_{a}\), is applied to adjust the amplitude of the ZDA.

As observed, the second attack component, \(a_{2,k}\), does not impact the detection variable \(T_k\) of the passive detector, as illustrated in Figure 6(b). To improve detection capabilities, we replace the passive detector with an active detector operating at a data loss arrival rate of \(\omega = 0.35\), enabling the identification of Zero-Dynamics Attacks . Figure 10(a) shows the sequence in which data loss is triggered by the active detector, while Figure 10(b) presents the detection variable used to monitor and identify ZDA. This detection variable provides a clear and distinct indication of the attack’s presence.

Fig. 10
Fig. 10
Full size image

TEP system response under ZDA with State Feedback.

Performance of the active detection method

The performance metrics in Table 2 highlight both the strengths and limitations of the active detection method in the Tennessee Eastman Process (TEP) system. The method achieves high precision (1.00), but its recall is relatively low (0.32), resulting in a moderate F1-score (0.48). An overall accuracy of 77% and a detection interval of 20.076 ms indicate early detection of attacks, albeit with limited recall. These results emphasize the need for improving recall to enhance the robustness of the detection mechanism.

Sextuple tank process

The sextuple tank process (STP), depicted in Figure 11, is a complex multivariable control system with six interconnected water tanks, forming three coupled subsystems. Each subsystem consists of two tanks and a pump with a shared water basin, creating a highly dynamic environment suitable for control experiments. The primary objective is to regulate the pump flow rates to maintain desired water levels in the lower tanks.

Due to the cascading arrangement, water from the upper tanks flows into the lower tanks before returning to the main reservoir. The shared inputs introduce coupling effects, where the flow rate of one pump influences multiple tanks. This interconnected nature allows the system to exhibit both minimum and non-minimum phase behaviors depending on its configuration.

The STP setup consists of three main components: the control system, tanks, and pumps. Each pump is controlled by a voltage signal, with water flow rate proportional to the applied voltage. The manipulated inputs are the pump voltages (\(u_{1k}, u_{2k}, u_{3k}\)), while the controlled outputs are the water levels in the lower tanks (Tanks 2, 4, and 6). Further details on the experimental setup and parameters can be found in27.

Fig. 11
Fig. 11
Full size image

Sextuple Tank Process.

The discrete-time state-space model of the STP, with a sampling time of \(T_s = 0.1s\), is given by:

$$A= \text {bdiag}(A_1,A_2,A_3),$$

where each submatrix \(A_i\) represents the dynamics of a specific subsystem:

$$\begin{aligned}&A_1 = \begin{bmatrix} 0.9628 & 0 \\ 0.0365 & 0.9628 \end{bmatrix}, \\ &A_2 = \begin{bmatrix} 0.9628 & 0 \\ 0.0365 & 0.9628 \end{bmatrix}, \\ &A_3 = \begin{bmatrix} 0.9628 & 0 \\ 0.0365 & 0.9628 \end{bmatrix}. \end{aligned}$$

The input matrix B quantifies the effect of the input signals on state variables, while the output matrix C specifies the measured state variables. These matrices define the system’s dynamic behavior.

$$\begin{aligned}&B=10^{-4}\begin{bmatrix} 0 & 0 & 4\\ 0.3 & 0 & 0.08\\ 15& 0 & 0\\ 0.3 & 1 & 0\\ 0 & 15& 0\\ 0 & 0.3 & 11\\ \end{bmatrix}, \\&C= \begin{bmatrix} 0 & 1 & 0 & 0& 0 & 0\\ 0 & 0 & 0 & 1 & 0 & 0\\ 0& 0 & 0& 0 & 0& 1\\ \end{bmatrix}. \end{aligned}$$

The covariance matrices for process and measurement noise are defined as follows: \(W=10^{-4}I_3\) and \(V=I_3\). These matrices quantify the magnitude of noise affecting both the system’s dynamics (process noise) and the output measurements (measurement noise). The identity matrices indicate that the noise is uncorrelated across different state variables and has uniform intensity.

Detection of Zero-dynamics attacks via system dynamics alteration

The friend matrix F and the basis matrix Q corresponding to the controlled invariant subspace \(\mathscr {V}_m\) are computed using established algorithms. These matrices are given as:

$$\begin{aligned}&Q= \begin{bmatrix} Q_1 \\ Q_2 \end{bmatrix} , Q_1= \begin{bmatrix} -1 & 0 & 0\\ 0 & 0 & 0\\ 0 & 1 & 0 \end{bmatrix},\\&Q_2= \begin{bmatrix} 0 & 0 & 0\\ 0 & 0 & 1\\ 0& 0& 0\\ \end{bmatrix}, \\&F= \begin{bmatrix} -1.2140& 0 & -0.0026& 0 & 0.0088& 0\\ 0.3642 & 0 & -0.3642 & 0 & -0.0026 & 0\\ -0.0099 & 0& 0.0099 & 0& -0.0331 & 0 \end{bmatrix}. \end{aligned}$$

The zero dynamics of the system involve the state variables \(h_1\), \(h_3\), and \(h_5\), which remain unobservable under normal conditions but are highly susceptible to perturbations from an attack. During a zero-dynamics attack (ZDA), these states become excited, leading to deviations in the system’s internal behavior that are challenging to detect using conventional methods.

The ZDA signal generated via the output feedback mechanism consists of three components, with the attack vector \(a_k\) defined as \((a_{1,k}, a_{2,k}, a_{3,k})\). These attack components exhibit exponential growth over time, as shown in Figure 12(a). The impact of this attack on the detection variable, \(T_k\), is illustrated in Figure 12(b). The detection threshold, \(\eta =2.6\), was determined using the integral formulation:

$$\begin{aligned} \eta =\int _0^{0.1}\mathscr {X}(0,3). \end{aligned}$$
(32)
Fig. 12
Fig. 12
Full size image

State Trajectories and Detection Response under a Zero-Dynamics Attack.

(i) Detecting ZDA via System Matrix Perturbation

Introducing a perturbation in the system matrix \(\Delta A\) in the form:

$$\Delta A = [a_1\ 0\ a_2\ 0\ a_3\ 0]_{n \times n}, \quad \text {where } a_i \ne 0,$$

enables the detection of Zero-Dynamics Attacks (ZDA). Specifically, we define:

$$\begin{aligned} \Delta A=0.1\begin{bmatrix} 1 & 0 & 0 & 0 & 0 & 0\\ 0 & 0 & 0 & 0 & 0 & 0\\ 0 & 0 & 1 & 0 & 0 & 0\\ 0 & 0 & 0 & 0 & 0 & 0\\ 0 & 0 & 0 & 0 & 1 & 0\\ 0 & 0 & 0 & 0 & 0 & 0 \end{bmatrix}. \end{aligned}$$
(33)

To ensure all ZDAs are identified, \(\Delta A\) should be chosen such that \(\Delta A z_0 \ne 0\). At time instance \(k=100\), this perturbation is introduced, transforming the system and rendering the previously unobservable control-invariant subspace \(\mathscr {V}_m\) observable, as illustrated in Figure 13.

Fig. 13
Fig. 13
Full size image

STP output after introducing perturbation.

(ii) Detecting ZDA via Actuator Gain Modification

Another approach to revealing ZDA involves modifying the actuator gain. By setting \(\sigma = 1.49\), the system’s modified non-invertible matrix \(\tilde{W}\) is:

$$\tilde{W} = 1.49 I_3.$$

For this choice of \(\tilde{W}\), the condition

$$[B(\tilde{W}-I)F]z_0 \ne 0$$

is satisfied, confirming the presence of an attack. At \(k=100\), the modified input matrix \(\tilde{B}\) is introduced, altering the system response. The resulting system output is depicted in Figure 14.

Fig. 14
Fig. 14
Full size image

STP output after modifying actuator gain.

(iii) Detecting ZDA via Additional Measurements

ZDA detection can also be achieved by incorporating additional measurements that satisfy the condition \(c_i z_0 \ne 0\). These measurements ensure that the modified system’s subspace \(\mathscr {V}_m\) becomes observable. The additional measurement matrices are defined as:

$$\begin{aligned} C_4&= \begin{bmatrix} 1&0&0&1&0&0 \end{bmatrix}, \\ C_5&= \begin{bmatrix} 0.1&0&0&2&0&0 \end{bmatrix}, \\ C_6&= \begin{bmatrix} 0&0&7&0&0.1&0 \end{bmatrix}. \end{aligned}$$

The modified output matrix, \(C'\), is formed by augmenting the existing matrix C with \(C_6\). The attack presence is confirmed by observing the altered system outputs \(y_{4,k}\), as illustrated in Figure 15.

Fig. 15
Fig. 15
Full size image

STP output after incorporating additional measurements.

Performance of passive detection methods

Table 3 summarizes the performance of three passive detection techniques: system perturbation, actuator gain modification, and sensor augmentation within the STP system for ZDA detection. All methods achieved an accuracy of 83%, a precision of 1.00, a recall of 0.80, and an F1-score of 0.89.

Detection delays varied slightly, with system perturbation demonstrating the shortest detection time of 2.160 ms, followed by sensor addition at 2.374 ms, and actuator gain modification at 3.135 ms. While all methods successfully detected the attack, the perturbation approach proved to be the most time-efficient, making it particularly suitable for real-time applications.

Revealing Zero-Dynamics Attacks (ZDA) via triggered data loss in the control signal

To generate the ZDA using state feedback, the matrices \(K_{a}\) and \(F_a\) are designed as follows:

$$\begin{aligned}&K_a= 10^{-3} \begin{bmatrix} k_1&k_2 \end{bmatrix},\\&k_1=\begin{bmatrix} 121.4 & 3202.3 & 0.3\\ -36.4 & -960.7 & 36.4\\ 1.0 & 26.2 & -1.0 \end{bmatrix},\\&k_2=\begin{bmatrix} 7.0 & -0.9 & -23.3 \\ 960.7 & 0.3 & 7.0 \\ -26.2 & 3.3 & 87.3 \end{bmatrix},\\&F_{a}=\text {bdiag}(E_1,E_1,E_1)\bar{F}, \quad E_1= \begin{bmatrix} 1 & 0 \\ 0 & 0 \end{bmatrix}, \\&\bar{F} = \begin{bmatrix} f_1&f_2 \end{bmatrix}^T,\\&f_1=\begin{bmatrix} -0.024-i0.042 & 0 & -0.154+i0.27\\ -0.024+i0.429 & 0 & -0.154-i0.27 \end{bmatrix},\\&f_2=\begin{bmatrix} 0 & 0.95 & 0 \\ 0 & 0.95 & 0 \end{bmatrix}. \end{aligned}$$

For this setup, a disturbance input \(d_{a}=[0.5 , 0.5]\) was chosen. An active detector, operating with a data loss arrival rate\(\omega =0.5\), successfully identifies the presence of ZDA, whereas a passive detector fails to do so. Figure 16(a) illustrates the sequence of data loss triggered by the active detector. Figure 16(b) shows the detection variable used for monitoring and detecting ZDA.

Fig. 16
Fig. 16
Full size image

State Tracking Performance (STP) under ZDA with State Feedback.

Performance of active detection method

The results in Table 4 illustrate the performance of the active detection method applied to the STP system. The method achieves a precision of 1.00, signifying no false positives; however, the recall value of 0.22 highlights a significant limitation in detecting all attack instances. Consequently, the F1 score is low at 0.36. The method attains an accuracy of 74% with a detection interval of 19.443 ms, indicating timely detection but incomplete coverage. These findings underscore the need for further refinements to improve recall and enhance overall detection reliability.

Comparative analysis of active and passive detection methods

Detection delay plays a crucial role in real-time Zero-Dynamics Attack (ZDA) identification. The results indicate that active detection techniques suffer from prolonged detection delays, measured at 20.076 ms for the Tennessee Eastman Process (TEP) and 19.443 ms for the Sextuple Tank Process (STP). In contrast, passive detection approaches demonstrate significantly faster response times. Introducing perturbations achieves the lowest detection delay, recorded at 2.003 ms for TEP and 2.160 ms for STP. Other passive techniques, such as actuator gain modification and sensor integration, also achieve minimal detection delays, ranging from 2.106 ms to 3.481 ms across both systems. These findings underscore the superior real-time performance of passive methods over active approaches.

Passive detection methods consistently outperform active detection in accuracy. The accuracy of passive techniques remains at 83% for both TEP and STP, whereas active detection achieves only 77% for TEP and 74% for STP. This suggests that passive methods offer higher reliability in identifying ZDA attacks with reduced misclassification. Furthermore, both detection methodologies achieve perfect precision (1.00) across all techniques and systems, ensuring zero false positives. However, recall-an indicator of the system’s ability to detect actual attacks-varies significantly between the two methodologies. Passive detection methods consistently attain high recall scores of 0.79 to 0.80 for both systems. In contrast, active detection performs poorly, with recall values of 0.32 for TEP and only 0.22 for STP, indicating its inefficacy in identifying a substantial proportion of attacks.

The F1 score, which balances precision and recall to provide a comprehensive measure of detection performance, further highlights the advantages of passive detection. Passive techniques achieve high F1 scores between 0.88 and 0.89 for both TEP and STP, demonstrating their ability to maintain both precision and recall. Conversely, active detection techniques show significantly lower F1 scores, at 0.48 for TEP and 0.36 for STP, reinforcing their overall subpar performance.

These findings highlight the distinct advantages of passive detection over active detection in both systems. Passive detection strategies, particularly those incorporating perturbations, exhibit superior detection performance in terms of recall, F1 score, and detection delay. The faster detection speed and increased reliability of passive methods make them more suitable for real-time ZDA mitigation. In contrast, active detection suffers from considerable latency and poor recall, making it ineffective in detecting a large number of attacks.

In conclusion, passive detection techniques-especially those involving perturbations-are strongly recommended for ZDA detection in TEP and STP systems. Their high accuracy, low detection latency, and strong recall ensure timely and reliable attack identification. While active detection may serve as a supplementary method, it is insufficient as a standalone approach for real-time or high-stakes applications. Future research should explore the integration of passive detection with other complementary techniques to further enhance detection performance and minimize response times in industrial systems.

Analysis of results

This study provides crucial insights into the identification of ZDAs in industrial systems, including chemical plants, power grids, and other networked control environments. Two established detection methodologies-system dynamics modification and data loss monitoring-are evaluated within the Tennessee Eastman Process and Sextuple Tank Process. The results demonstrate the operational efficiency and practical benefits of these strategies.

The proposed methods show significant improvements in detection accuracy and latency compared to existing techniques. Modifying system dynamics results in an 83% detection accuracy with a minimal delay of 2.003 ms, effectively addressing the shortcomings of techniques lacking quantitative performance metrics, as highlighted in28. The IIKF-based approach efficiently monitors intermittent data loss, ensuring seamless integration into industrial systems with minimal operational disruptions.

A key advantage of these methods is their scalability to high-dimensional systems such as TEP and STP, surpassing the limitations of smaller-scale models used in previous research21,28,29,30,31. Additionally, the IIKF-based method exhibits strong resilience against noise and model uncertainties, further enhancing its practical applicability.

Modifying system dynamics provides a proactive cybersecurity strategy, albeit requiring system redesign in complex environments. In contrast, the IIKF-based approach offers a cost-effective and minimally invasive solution, making it more suitable for industries prioritizing continuous operations. Table 5 summarizes the comparative strengths of these methods in terms of detection accuracy, scalability, robustness, and feasibility. These findings bridge theoretical research with practical implementation, offering robust and scalable solutions for ZDA detection in industrial settings.

Table 5 Comparison of ZDA Detection Methods.
Full size table

Conclusion

This study evaluates the detection of zero-dynamics attacks in industrial networked control systems (NCSs) by implementing two well-known methodologies: modifying system dynamics and triggering data loss via an intermittent unknown input Kalman filter (IIKF). Through application in the TEP and STP, our findings reveal that modifying system dynamics achieves 83% accuracy with a detection delay of only 2.003 ms, making it a highly effective approach but requiring system redesign. In contrast, the IIKF-based approach enables continuous monitoring without system modifications, making it more practical for real-time applications, though it suffers from increased detection delays in noisy conditions. These results highlight the trade-off between detection speed and operational feasibility, emphasizing the need for industry-specific implementation strategies.

From an industrial perspective, system modification is best suited for high-security environments where rapid attack detection is critical, whereas IIKF-based methods are preferable in industries with existing infrastructure constraints that require minimal disruption. The selection of an appropriate detection method should be guided by operational requirements, weighing the need for speed, adaptability, and resource availability.

While these methods provide robust detection capabilities, several areas require further research. Hybrid detection approaches that integrate passive and active methods can enhance detection accuracy while minimizing false negatives. Additionally, extending these methodologies to nonlinear and non-minimum phase systems would address real-world complexities not captured in current models. The implementation of these techniques in physical industrial facilities remains crucial for validating their effectiveness under real operating conditions. Furthermore, as cyber attacks evolve, the development of adaptive detection algorithms capable of countering sophisticated model-free adversarial attacks is essential for future cybersecurity resilience.

By addressing these challenges, future research can enhance the security of industrial NCSs, ensuring robust, scalable, and practical protection against emerging cyber-physical attacks. This work serves as an important step toward bridging the gap between theoretical cybersecurity strategies and their real-world applications, contributing to the resilience of critical industrial infrastructures in an increasingly digitized landscape.