Skip to main content
Thesis defences

PhD Oral Exam - Mahdi Taheri, Electrical and Computer Engineering

Cyber-Attack Detection Methodologies for Cyber-Physical Systems: A System Theoretic Approach

Date & time
Friday, May 17, 2024
10 a.m. – 1 p.m.

This event is free


School of Graduate Studies


Nadeem Butt


Engineering, Computer Science and Visual Arts Integrated Complex
1515 St. Catherine W.
Room 002.301

Wheel chair accessible


When studying for a doctoral degree (PhD), candidates submit a thesis that provides a critical review of the current state of knowledge of the thesis subject as well as the student’s own contributions to the subject. The distinguishing criterion of doctoral graduate research is a significant and original contribution to knowledge.

Once accepted, the candidate presents the thesis orally. This oral exam is open to the public.


Cyber-physical systems (CPS) are the backbone of critical infrastructures such as power networks, transportation systems, water treatment networks, and process control systems. Despite the advancements in developing more secure CPS and monitoring systems, the number of successfully executed cyber-attacks and exploited cyber-vulnerabilities in CPS has increased over the past decade. The mentioned cyber-attacks, which can make CPS unstable, are performed by intelligent adversaries who try to maintain their malicious attacks undetected. This thesis addresses several crucial challenges related to cyber-attacks in CPS and multi-agent systems (MAS).

The first part focuses on simultaneous cyber-attack and fault detection and isolation (CAFDI) for centralized and large-scale interconnected CPS. Proposed methodologies include centralized and distributed CAFDI approaches, incorporating two filters and an unknown input observer (UIO)-based detector. Conditions characterizing the detection of various deception attacks, such as covert, zero dynamics, and replay attacks, are outlined. The distributed CAFDI methodology is illustrated through a hardware-in-the-loop (HIL) simulation of a four-area power network system, demonstrating its effectiveness.

The second part studies stealthy cyber-attacks in CPS, specifically zero dynamics attacks, covert attacks, and controllable attacks. Conditions for executing these attacks are derived based on CPS Markov parameters and system observability matrix elements. In particular, by utilizing the derived conditions, one can determine the required systems knowledge and disruption resources to execute zero dynamics attacks, covert attacks, and controllable cyber-attacks. Dynamic coding schemes are developed and introduced as countermeasures, increasing the minimum number of actuators required for performing cyber-attacks.

The third part investigates zero dynamics and perfectly undetectable cyber-attacks in linear and nonlinear CPS. A novel security metric, security effort (SE), is introduced for linear CPS, determining the minimum number of secured actuators and sensors needed to prevent certain stealthy cyber-attacks. Conditions for weakly unobservable subspaces to become zero are derived which can be used to compute the SE. For nonlinear CPS, zero dynamics and covert cyber-attacks are studied using Koopman operator theory which provides a linear infinite-dimensional representation of a given nonlinear system. Hence, in this work, we utilize the extended dynamic mode decomposition (EDMD) algorithm to compute a data-driven finite-dimensional approximated representation of nonlinear CPS in the Koopman space, i.e., the space of observables of the system. A methodology for identifying sensor measurements that are necessary for adversaries to execute zero dynamics and covert cyber-attacks is developed. Consequently, by securing certain sensor measurements, one can prevent the execution of zero dynamics and covert cyber-attacks in nonlinear CPS.

The fourth part focuses on addressing privacy-preserving consensus control, controllability cyber-attacks, undetectable cyber-attacks, and cyber-attack detection methodologies in MAS. A distributed transformation-based consensus control methodology is developed using isometric isomorphisms which maps dynamics of each agent into a unique space to protect agents' privacy against eavesdroppers. Conditions under which adversaries can gain control over the entire MAS network by attacking a few number of agents are studied. This type of cyber-attacks are formally defined and introduced as controllability cyber-attacks in this work. Furthermore, undetectable cyber-attacks in MAS are defined and conditions for performing them in these systems are explored. In order to detect and monitor cyber-attacks in MAS, an event-triggered detection module is developed and proposed which can be used to detect certain stealthy cyber-attacks in MAS.

Back to top

© Concordia University