Modern dynamical systems are large and inevitably comprise dierent subsystems
that are often integrated with cyber (computation and communication) components. The
applications of these systems are far reaching, ranging from power and water networks, to
telecommunication and transportation systems etc. Recently, researchers and hackers have
shown that these systems are vulnerable to attacks targeting their physical infrastructure
or the signals exchanged between the physical and cyber layers. Given the interconnected
nature of dynamical systems, and the fact that each subsystem usually has only partial
knowledge or measurements of other interconnected units, the security question arises as
to whether sophisticated attackers can hide their action to the individual subsystems while
inducing system-wide critical perturbations.
This thesis addresses problems concerning security of interconnected systems that
are subject to random (stochastic) disturbances. Our contribution is twofold. First, we
investigate whether, and to what extent, coordination among different subsystems and
knowledge of the global system dynamics is necessary to detect attacks in interconnected systems. We consider centralized and decentralized detectors, which dier primarily in
their knowledge of the system model, and characterize the performance of the two detectors
and show that, depending on the system and attack parameters, each of the detectors can
outperform the other. Hence, it may be possible for the decentralized detector to outperform
its centralized counterpart, despite having less information about the system dynamics. We
provide an explanation for this counter-intuitive result and illustrate our results through
simulations. Second, we study an attack design problem for interconnected systems where
the attacker compromises a subsystem at each time, based on a pre-computed probabilistic
rule. The goal of the attacker is to degrade the system performance, which is measured based
on a quadratic function of the system state, while remaining undetected from a centralized
detector. We show that selectively compromising dierent subsystems over time increases
the severity of the attacks with respect to compromising a fixed subsystem at each time.
We study another related security problem for network systems, where changes
in the statistical properties of an input driving certain network nodes has to be detected
by remotely located sensors. To detect the changes, we associate a maximum-a-posteriori
detector for a given set of sensors, and study its detection performance as function of the
network topology, and the graphical distance between the input and sensor locations. We
derive conditions under which the detection performance obtained when sensors are located
on a network cut is not worse (resp. not better) than the performance obtained by measuring
all nodes of the subnetwork induced by the cut and not containing the input nodes. Our
results provide insights into the sensor placement from a detection-theoretic point of view.