A randomization-based, zero-trust cyberattack detection method for hierarchical systems

This paper demonstrates a novel randomization-based approach for verifying power system control signals with application to detecting cyberattacks. We consider fully connected hierarchical systems containing multiple local agents and a global "trust" agent. The global agent uses a time-varying randomized assignment scheme to identify corrupt network links based on principles of zero trust and majority rule. To evaluate the performance of this detection approach, we implement our algorithm in MATLAB and run it against nearly 43 million unique attack scenarios spanning a range of system sizes. For each scenario, the algorithm determines whether the identified corruptions satisfy a set of validity constraints reflecting network topology and uses that result to say whether the recovered state value for one or more local agents is malicious. We compare the algorithm's determination to the true state of the system to assess performance and find that classification accuracy converges to 100% as system size increases, suggesting that the validity constraints become more difficult to satisfy for larger systems. We further explore the scenarios that evade detection to understand practical implications for employing this detection approach.