A novel passive-active detection system for false data injection attacks in industrial control systems

With the increasing occurrence of incidents causing significant damage due to attacks on Industrial Control Systems (ICSs), people pay attention to the cyber security of ICSs. This study improves existing active detection mechanisms and proposes an integrated passive-active detection system to detect False Data Injection Attacks (FDIA) for ICS. Since it is challenging to detect FDIA in current operational practices, the method presented in this research not only compares passive received system data with predefined rules to detect attacks but also launches active detection by controlling actuators to find attackers and achieve comprehensive detection of FDIA targeting ICS. This work dynamically adjusts the frequency of launching active detection through risk assessment, aiming to minimize the impact on operational efficiency during low-risk periods and reduce the time required for detecting attacks during high-risk periods. The experimental results show that using the proposed system, when false data differs by 10 % from accurate data, the detection rate can reach 99.9 %, which is 22.5 % higher than active detection by the random launch method when false data differs by 5 % from accurate data, the detection rate can reach 95.4 %, which is 18.2 % higher than active detect by randomly launch method, and even if false data only differs by 3 % from accurate data, the detection rate can reach 92.9 %, which is 16.5 % higher than active detect by randomly launch method.