This paper proposes a stealthy integrity attack detection methodology for a class of nonlinear cyber–
physical systems subject to disturbances. An equivalent increment of the system at a time prior to the
attack occurrence time is introduced, which is theoretically proved to be effective to detect stealthy
integrity attacks. A backward-in-time estimator is developed via the fixed-point smoother design
tool to exploit this equivalent increment and allow the detection of the attack. More specifically, an
asymptotically stable incremental system is introduced to characterize stealthy integrity attacks, and
its backward-in-time solution at a fixed time prior to the attack occurrence formulates the equivalent
increment. When running reversely in time, the divergence property of such an asymptotically stable
incremental system enables the equivalent increment to detect stealthy integrity attacks. A fixedpoint
smoother is introduced to estimate the unknown equivalent increment for a class of Lipschitz
nonlinear physical plants, such that the estimation error satisfies the H∞ performance objective.
Based on the equivalent increment and its estimation provided by the smoother, suitable residual and
threshold signals are generated, allowing the detection of the considered stealthy integrity attacks. A
detectability analysis is conducted to rigorously characterize the class of detectable attacks. Finally,
a case study is presented to illustrate the effectiveness of the developed backward-in-time attack
detection methodology.
