Dhananjay Anand, Zheng Wang, Dawn Tilbury, James Moyne, CheeYee Tang
This paper presents an anomaly detection method using a hybrid observer comprised of state observers for both discrete and continuous states. We focus our attention on anomalies caused by intelligent attacks that use knowledge of the system behavior to evade anomaly detection methods that independently classify either the event sequence or the observed residuals as anomalous. In contrast, our approach uses the relation between the continuous and discrete variables to detect conditions we define as conflicts. This paper demonstrates the effectiveness of our conflict-driven anomaly detection method mathematically as well as through an illustrative hybrid model of a Train-Gate (TG) system. We analyze our detection method against three conflict types and give the conditions under which the detection of anomalies is guaranteed.