We consider the problem of stabilizing a plant with a network of resource constrained wireless nodes. In a companion paper, we developed a protocol where each node repeatedly transmits a linear combination of the values in its neighborhood. For certain topologies, we showed that these linear combinations can be designed so that the closed loop system is stable (i.e., the wireless network itself acts as a controller for the plant). In this paper, we design a Intrusion Detection System (IDS) for this control scheme, which observes the transmissions of certain nodes in the network and uses that information to (a) recover the plant outputs (for data-logging and diagnostic purposes) and (b) identify malicious behavior by any of the wireless nodes in the network. We show that if the connectivity of the network is sufficiently high, the IDS only needs to observe a subset of the nodes in the network in order to achieve this objective. Our approach provides a characterization of the set of nodes that should be observed, a systematic procedure for the IDS to use to identify the malicious nodes and recover the outputs of the plant, and an upper bound on the delay required to obtain the necessary information.
Shreyas Sundaram, Miroslav Pajic, Christoforos N Hadjicostis, Rahul Mangharam, et al.. "The Wireless Control Network: Monitoring for Malicious Behavior" (2010)
Available at: http://works.bepress.com/george_pappas/164/