Research on Attack Node Localization in Cyber–Physical Systems Based on Residual Analysis and Cooperative Game Theory

Abstract

With the widespread application of cyber–physical systems (CPS) in the field of automation, security concerns have become increasingly prominent. One critical and urgent challenge is the accurate identification of sensor nodes compromised by false data injection (FDI) attacks in multiple-input multiple-output (MIMO) control systems. Building on the implementation of multi-step sampling and residual-based anomaly detection using a support vector machine (SVM), this paper further introduces the Shapley value evaluation method from cooperative game theory and a voting mechanism, and proposes a method for node attack localization. First, multi-step sampling is conducted within each control period to provide a large amount of effective data for the localization of attacked sensor nodes. Next, the residual between the estimated value of the MIMO system’s full response and the actual value received by the controller is calculated, and an SVM model is used to detect anomalies in the residual. Finally, the Shapley value contribution of each residual to the SVM anomaly detection result is evaluated based on cooperative game theory and combined with a voting mechanism to achieve accurate localization of the attacked sensor nodes. Simulation results demonstrate that the proposed method achieves an anomaly detection accuracy of 96.472% and can accurately localize attacked nodes in both single-node and multi-node attack scenarios, indicating strong robustness and practical applicability.