
IEEE/CAA Journal of Automatica Sinica
Citation: | K. K. Zhang, C. Keliris, T. Parisini, B. Jiang, and M. M. Polycarpou, “Passive attack detection for a class of stealthy intermittent integrity attacks,” IEEE/CAA J. Autom. Sinica, vol. 10, no. 4, pp. 898–915, Apr. 2023. doi: 10.1109/JAS.2023.123177 |
CYBER-PHYSICAL systems (CPS) integrate control, computation and communication techniques with physical engineered control systems [1]. Due to the emergence of such a complex integration, more security vulnerabilities in CPS arise and more malicious cyber threats greatly endanger various key aspects of CPS operation. A series of cyber attack events, such as the Stuxnet worm attack on the Iranian nuclear facilities, the attack on the Ukrainian power distribution network, and the recent colonial oil pipeline attack in USA, have taken place in recent years (more details and examples can be found in [2]–[5]). Therefore, state-of-the-art cyber attack diagnostic technologies are required to safeguard the operation of CPS against possible malicious attacks.
Integrity in computer science refers to the trustworthiness of data, whereas in the context of CPS, integrity attacks compromise the integrity of the transmitted data of the CPS [1]. Replay attacks [6], covert attacks [7], [8], zero-dynamics attacks [9] and false-data injection attacks [10] are the most commonly studied stealthy integrity attacks. Several survey papers provide overviews of integrity attacks from a system control perspective (see, e.g., [2], [9], [11] and [12]). Recently, some new types of integrity attacks have also been investigated. For instance, in order to achieve perfect stealthiness, a self-generated approach is developed in [13] for generating particular false data, and [14] considers a class of closed-loop nonlinear systems and develops a stealthy integrity attack formulation approach for such systems. In the aforementioned integrity attack studies, false data are injected into the CPS continuously, whereas the problem of intermittent data-injection is overseen. It is important to note that the intermittent mode of attack injection may greatly affect both the stealthiness of an attack event and the power energy consumed by an attacker.
Intermittent attacks are characterized by piece-wise attack signals. Denial-of-service attacks (DOS) [15]–[18] are typical examples of intermittent attacks. The available power energy to the attacker is optimally managed by scheduling the DoS attack application time instants in [16], [17], whereas the stealthiness of the attack is not considered. In this paper, we consider integrity attacks performed in an intermittent mode; these are referred to as intermittent integrity attacks. Unlike the strategy for typical continuous integrity attacks, the strategy for generating intermittent integrity attacks includes two steps: 1) constructing a stealthy attack model, and 2) scheduling attack-activating and attack-pausing time instants. In terms of attack models, typical stealthy integrity attack models such as zero-dynamics attack models [14], [19], replay attack models [6] and covert attack models [20], [21], can also act as models for intermittent integrity attacks since they are undetectable by typical anomaly detectors. The scheduling of intermittent attacks (activation and pausing time instants) can improve their stealthiness through activating the attacks for a limited amount of time such that anomaly detectors do not have sufficient time to detect them. Using attacks with specially scheduled activating and pausing time instants can also save the adversary’s instantaneous power energy by avoiding attack signal divergence requirements. A counterexample to this is the zero-dynamics attack case, in which the divergence attack signals are used (e.g., [9]), and may consume large instantaneous power energy. Moreover, intermittent integrity attacks can overcome the attack defense strategy such as topology switching in the case of multi-agent systems [22]. Particularly, the adversary may pause the attack prior to the switch of the topology, and then resume and update the attack to maintain the stealthiness in the new topology.
In the past decade, several methods for detecting stealthy integrity attacks have been proposed by the research community, which fell into two categories: active and passive detection methods. In active detection methods, such as the watermarking and moving-target approaches, either authentication signals are injected into the information flows of CPS or secret modules are embedded to CPS loops and series-connected to physical plants (see, e.g., [23]–[27]). On the other hand, in passive attack detection methods, only analytical redundancy approaches are used to detect integrity attacks, without using any authentication signals or secret modules [28]. However, typical passive anomaly detectors are not able to provide desirable attack detection performance. Note that attack detectors are a special type of anomaly detectors specifically designed for detecting attacks. For example, fault detection schemes in [29]–[33] may not be able to detect stealthy integrity attacks (such as [6]–[9] and [13]). Generally, the reason for this is that, in the presence of a stealthy integrity attack, the information resources (sensory measurements and control inputs) of analytical redundancy approaches remain either unchanged or slightly altered and therefore, analytical redundancy approaches that are inherently not sufficiently sensitive to such slight changes, are unable to detect stealthy integrity attacks. In [34], multiple filters are combined to formulate a type of analytical redundancy-based passive attack detector, which can detect various types of stealthy integrity attacks. However, such a detector requires additional physical communication channels, which may not be feasible or realistic. Traditional analytical redundancy-based passive anomaly detectors are enhanced in [35] and [36] for detecting stealthy integrity attacks by using a backward-in-time signal processor. In these studies, even a small change due to a stealthy integrity attack is amplified by a backward-in-time signal processor such that the amplified change becomes sufficiently “large” to be detected. However, stealthy intermittent integrity attacks are not considered in [34]–[36].
The detection of stealthy intermittent integrity attacks remains an open problem and few research works have been published. For example, [37] combines an analytical redundancy-based passive detector and a set-theoretic detector for detecting intermittent integrity attacks. In this method, the transient overshoots of the analytical redundancy and the strict detection guarantees of the set-theoretic detector are integrated to detect promptly the intermittent attacks. However, the stealthiness of the attacks is not considered in [37], which prevents the detection method from applied effectively in the case of stealthy intermittent integrity attacks.
This paper utilizes the backward-in-time approach in the context of intermittent integrity attacks, and proposes an analytical redundancy-based passive detection methodology for detecting a class of stealthy intermittent integrity attacks. Specifically, the contributions of this paper are summarized as follows:
1) A stealthy intermittent integrity attack generation strategy is formulated, which does not require that the adversary has precise knowledge of the system states. A backward-in-time detection residual is formulated, which increases in magnitude each time a new attack occurs;
2) An optimal fixed-point smoother with covariance matrix resetting is proposed to implement the aforementioned backward-in-time residual. Such a smoother guarantees robustness to both disturbances and noise, and can also reset the covariance matrix to maintain sensitivity to intermittent integrity attacks;
3) The corresponding adaptive threshold is designed, and an attack detectability analysis is carried out to characterize quantitatively the class of detectable stealthy intermittent integrity attacks.
In terms of the stealthy intermittent integrity attacks, compared to [22], the attack generation proposed in this paper addresses the practical issue that the adversary does not have precise knowledge of the system states. In addition, in contrast with [38] in which the pausing and resuming time instants of intermittent integrity attacks are scheduled for saving power energy, this paper focuses on designing the attack generation strategy such that the generated attacks are stealthy, regardless of the pausing and resuming time instants.
Compared to the authors’ previous work [36], the intermittency feature of stealthy integrity attacks is considered in this paper. Moreover, the designed smoother in this paper introduces the covariance matrix resetting technique, which is shown to guarantee robustness to both disturbances and noise, and simultaneously guarantee sensitivity to stealthy intermittent integrity attacks.
Consider a vector signal
The rest of this paper is organized as follows. In Section II, the problem is formulated. Section III analyzes the stealthiness of the intermittent integrity attacks formulated in this work. In Section IV, the backward-in-time detection residual is introduced, and its theoretical feasibility to indicate the stealthy intermittent integrity attacks is presented. The design details of the implementable backward-in-time detection methodology are presented in Section V and the attack detectability analysis is shown in Section VI. Section VII presents a simulation example and finally, the conclusions are drawn in Section VIII.
A general structure of a CPS subject to integrity cyber attacks is depicted in Fig. 1. It consists of a physical plant
In order to simplify the notation, the closed-loop CPS including
W:{˙x(t)=Ax(t)+Bu(t)+BΓuau(t)+Dω(t)u(t)=Ky(t)+yref(t)y(t)=Cx(t)+v(t)+Γyay(t) | (1) |
where
In addition, the matrices
Wn:{˙xn(t)=Axn(t)+Bun(t)+Dω(t)un(t)=Kyn(t)+yref(t)yn(t)=Cxn(t)+v(t) | (2) |
where
We consider that the CPS is equipped with a typical anomaly detector
r(t)=D(u(t),y(t),yref(t))−y(t) | (3) |
where
J(t)>Jth,alarmtriggering. | (4) |
It should be noted that the residual
Throughout this work, to simplify the presentation, stealthiness is used to refer to stealthiness with respect to the typical standard anomaly detector
t1,…,tNa,Na∈N+. |
In addition, we consider that the k-th attack is active for a time length
Ωack=[tk,tk+τk),Ωsik=[tk+τk,+∞). | (5) |
Also, we define an action time interval
Ω0k=Ωack∪Ωsik=[tk,+∞). | (6) |
In addition, an auxiliary time interval “attack slot
Ωk=[tk,tk+1),∀k∈{1,…,Na−1},ΩNa=[tNa,+∞). | (7) |
A schematic of
The first aim is to propose an intermittent attack model and then analyze rigorously the stealthiness of the generated intermittent integrity attacks by the model with respect to the typical anomaly detector
This section proposes an intermittent integrity attack model and analyzes the stealthiness (with respect to the typical anomaly detector
˙ζk(t)=(A+BaFk)ζk(t),ζk(tk)=−Δzk |
ak(t)={Fkζk(t),∀t∈Ωack[0,aTy,k((tk+τk)−)]T,∀t∈Ωsik |
a(t)=k∑i=1ai(t),∀t∈Ωk |
where the design parameters
The divergence of
Assumption 1: There exist two scalars
δ_≤|Δzk|≤ˉδ,∀k∈{1,…,Na} | (9) |
where
Remark 1: The lower bound
In [19], it is shown that the stealthiness of zero-dynamics attacks can be violated if
Wn1:{˙xn1(t)=Axn1(t)yn1(t)=Cxn1(t) |
Wn2:{˙xn2(t)=Axn2(t)+Bun(t)+Dω(t)yn2(t)=Cxn2(t)+v(t),∀t∈Ωk |
where the initial conditions are
W1:{˙x1(t)=Ax1(t)+Baa(t)y1(t)=Cx1(t)+Daa(t) |
W2:{˙x2(t)=Ax2(t)+Bu(t)+Dω(t)y2(t)=Cx2(t)+v(t),∀t∈Ωk |
where the initial conditions are
Throughout this paper, the notation
Theorem 1 (Stealthiness): Consider the weakly unobservable subspace of
(A+BaFk)V0⊂V0,(C+DaFk)V0=0 |
Δzk∈V0,∀k∈{1,…,Na} |
then the change of output y of
Δy(t)=k∑i=1Δy2,i(t),∀t∈Ωk | (13) |
where
ΔW2,i:{Δ˙x2,i(t)=(A+BKC)Δx2,i(t),Δx2,i(ti)=ΔziΔy2,i(t)=CΔzi(t),∀t∈Ω0i. | (14) |
Proof: The proof is presented in Appendix A.
Remark 2: Comparing the space
Remark 3: According to the incremental system (14) in Theorem 1, the output change
Theorem 1 shows that
In this section, an equivalent quantity of the system state change at a fixed time prior to the attack occurrence time is introduced, which is referred to as backward-in-time equivalent quantity in this paper. Also, its properties in the context of intermittent integrity attacks, are also rigorously investigated. By using the proposed backward-in-time equivalent quantity, a backward-in-time residual is designed, and the theoretical feasibility of this residual to capture the considered stealthy intermittent integrity attacks is analyzed.
At first, we suppose that the attacker selects a sufficiently large dwell time
ΔW2:{Δ˙z(t)=(A+BKC)Δz(t),Δz(tk)=ΔzkΔy(t)=CΔz(t),∀t∈Ωk | (15) |
where
Intuitively, the backward-in-time equivalent quantity (mathematically defined later) is a virtual quantity of the system state change, due to the attack, at a time prior to the attack occurrence time, which is recovered from the change of the system state posterior to the attack occurrence time. Based on the backward-in-time equivalent quantity for nonlinear systems given in [36], we define a backward-in-time equivalent quantity of
Definition 1: The backward-in-time equivalent quantity of the state
Δz(tb|t)=Φ(tb,t)Δz(t) | (16) |
where Φ is the transition matrix associated with
Φ(t1,t2)=e(A+BKC)(t1−t2),∀t1,t2∈R+. | (17) |
The properties of
Lemma 1: Consider the attack generated by (8) satisfying Assumption 1, and the backward-in-time equivalent quantity
1) The vector
dΔz(tb|t)dt=0,∀t∈Ωk. | (18) |
2) The vector
Δz(tb|t)≠0,∀t∈Ωk. | (19) |
3) (Accumulation property) For the k-th and
|Δzk+1|≥ˉσ(Φ(tb,tk+1))σ_(Φ(tb,tk+1)|Φ(tk+1,tk)Δzk|,∀k∈{1,…,Na−1} | (20) |
where the transition matrix Φ is given in (17).
Proof: The proof is provided in Appendix B.
It is worth pointing out that under Assumption 1, inequality (20) is easy to satisfy. Due to the exponential convergence of the transition matrix
Lemma 1 implies that the stealthy intermittent integrity attack can be indicated by using a residual based on
Δy(tb|t)=CΔz(tb|t). | (21) |
Then, the backward-in-time residual, denoted by
r(tb|t)=r(tb)+Δy(tb|t) | (22) |
where the value
J(tb|t)>Jth,alarmtriggering. | (23) |
Note that the backward-in-time residual
The detection methodology that integrates the residual
Theorem 2: Consider system (1), the intermittent integrity attack generated by (8) with
1) In the absence of the intermittent integrity attack
J(tb|t)≤Jth,∀t≥tb. | (24) |
2) In the presence of the intermittent stealthy integrity attack,
tk−tb>1λ0lnσ_(C)δ_k0(Jth+|r(tb)|) | (25) |
where
Proof: The proof can be found in Appendix C.
Remark 4: Theorem 1 and Lemma 1 provide theoretical results for the ideal case that
In practice, the backward-in-time residual
In this section, the implementable backward-in-time detection methodology is designed. The right hand side of Fig. 3 shows the structure of the detection methodology. The optimal fixed-point smoother in Fig. 3 is first developed to estimate the unknown
A fixed-point smoother provides a backward-in-time estimation procedure, which produces an estimate for a signal using the past time measurements at the first stage, and then updates it using the new measurements as time progresses. Next, a fixed-point smoother in a finite time horizon
Recalling the system splitting given in (11), in the nominal phase (i.e.,
z(tb|t)=Δz(tb|t)+z(tb). | (26) |
Thus, instead of estimating
Now, we start by constructing the fixed-point smoother using the state augmentation approach given in [43]. To perform this task, a new state variable
dϕ(t)dt=˙ϕ(t)=0,∀t∈Ωk. | (27) |
By letting
Δˆy(tb|t)=Cˆϕ(t)−y(tb). | (28) |
Thus, based on (22), the new backward-in-time residual, denoted by
ˆr(tb|t)=r(tb)+Δˆy(tb|t). | (29) |
Motivated by the optimal residual design methodology in [29],
1) Robustness: The robustness considered in this paper is achieved by minimizing a piece-wise linear quadratic (LQ) cost function. Suppose that a set of smoother switching time instants have been determined, which are given as follows:
ts,0,ts,1,…,ts,Ns+1,Ns∈N+ | (30) |
where
ˉΘ0,ˉΘ1,…,ˉΘNs | (31) |
where
Consider the system
[˙q(t)y(tb|t)−ˆy(tb|t)y(t)]=P[q(t)[ω(t)v(t)]ˆy(tb|t)],ˆy(tb|t)=Ky(t). | (32) |
In the above system,
P=[ˉA[ˉD0]0ˉLˉC[00]I[0I]0] |
with
[dp(τ)dτ˜y(tb|τ)˜ω(τ)]=P∼[p(τ)˜ω(τ)˜u(τ)],˜u(τ)=K∼˜ω(τ) | (33) |
where
P∼=[ˉATˉLTˉCT[ˉDT0]0[00][0I]I0]. |
Hence, the piece-wise LQ cost function is readily proposed in the context of the adjoint system (33) as follows:
minK∼J=12Ns∑k=0‖p(τs,k)‖2ˉΘk+12Ns∑k=0∫τs,kτs,k+1‖˜y(tb|τ)‖2Rdτ | (34) |
where
ˉΘk=[PkΣkΣTkΩk],∀k∈{0,1,…,Ns}. | (35) |
Note that by choosing
P0=Σ0=Ω0. | (36) |
Furthermore, note also that the estimation accuracy for ϕ is higher than the one for z due to the smoothing process (see [45], [46]). Therefore, the covariance matrix of
Pk≥Ωk,∀k∈{1,…,Ns}. | (37) |
2) Sensitivity: The
H−=infz−ˆz∫Ttb|ˆy(tb|t)|2dt∫Ttb|z(t)−ˆz(t)|2dt,∀z(t)−ˆz(t)∈L2[tb,T]. | (38) |
Thus, to guarantee the sensitivity requirement, the inequality
H−≥α,∀z(t)−ˆz(t)∈L2[tb,T] | (39) |
must be satisfied, where
Remark 5: It is worth pointing out that typical optimal LQ fixed-point smoothers in [45] and [46] are obtained by minimizing the following LQ cost function given in the context of the adjoint system (33):
minK∼J1=12‖p(tb)‖2ˉΘ0+12∫Ttb‖˜y(tb|τ)‖2Rdτ. |
Such typical LQ smoothers possess inherently the covariance matrix wind-up problem for estimating
Remark 6: The adjoint system (33) facilitates the presentation of the piece-wise LQ cost function given by (34). Note that
By synthesizing the objectives (34) and (39), and the requirements for the covariance matrices given in (35)−(37), a feasible way to solve the optimization problem is given in the following steps:
1) Minimize
2) Restrict
In the sequel, two lemmas are rigorously derived to realize the aforementioned Steps 1) and 2) respectively. The optimal solution to (34), i.e., Step 1), is first presented.
Lemma 2: Consider linear system
˙ˆz(t)=Aˆz(t)+Bu(t)+P(t)CTR−1(y(t)−Cˆz(t)) |
˙ˆϕ(t)=ΣT(t)CTR−1(y(t)−Cˆz(t)) |
where
˙P(t)=AP(t)+P(t)AT−P(t)CTR−1CP(t)+DDT |
˙Σ(t)=(A−P(t)CTR−1C)Σ(t) |
˙Ω(t)=−ΣT(t)CTR−1CΣ(t). |
In the above differential equations, at each time
P(ts,k)=Pk,Σ(ts,k)=Σk,Ω(ts,k)=Ωk. | (42) |
Moreover, if (37) holds, then the matrices P and Ω satisfy
P(t)≥Ω(t),∀t∈[tb,T]. | (43) |
Proof: Consider the adjoint system (33) and the cost function
dˆp(τ)dτ=(ˉAT−ˉCTR−1ˉCˉΘ(τ))ˆp(τ)+ˉLT˜ω(τ),ˆp(tb)=0˜u(τ)=−R−1ˉCˉΘ(τ)ˆp(τ) |
where the covariance matrix
−dˉΘ(τ)dτ=ˉAˉΘ(τ)+ˉΘ(τ)ˉAT−ˉΘ(τ)ˉCTR−1ˉCˉΘ(τ)+ˉDˉDT |
with the following switches:
ˉΘ(τs,k)=ˉΘk,∀k={0,1,…,Ns}. |
Then, the optimal smoother is obtained as the adjoint system of
˙ˆq(t)=(ˉA−ˉΘ(t)ˉCTR−1ˉC)ˆq(t)+ˉΘ(t)ˉCTR−1y(t) |
ˆy(tb|t)=ˉLˆq(t) |
where
˙ˉΘ(t)=ˉAˉΘ(t)+ˉΘ(t)ˉAT−ˉΘ(t)ˉCTR−1ˉCˉΘ(t)+ˉDˉDT | (45) |
with the following switches:
ˉΘ(ts,k)=ˉΘk,∀k∈{0,1,…,Ns}. | (46) |
Thus, from (44), the smoother (40) can be obtained.
We now proceed to derive the differential equations given in (41) and switches in (42). By letting
ˉΘ(t)=[P(t)Σ(t)ΣT(t)Ω(t)]. |
It follows from (45) that:
[˙P˙Σ˙ΣT˙Ω]=[A−P(t)CTR−1C0−ΣT(t)CTR−1C0][PΣΣTΩ]+[PΣΣTΩ][AT−CTR−1CP(t)−CTR−1CΣ(t)00]+[D−P(t)CTR−10−ΣT(t)CTR−1][IR][DT−R−1CP(t)0−R−1CΣ(t)]. |
By simplifying the above differential Riccati equation, the differential equations (41) can be obtained. In addition, from (35) and (46), the switches in (42) can also be obtained.
Regarding the result (43), by letting
˙Y=AY+YAT+AΩ+ΩAT−YCTR−1CY−ΩCTR−1CY−YCTR−1CΩ−YCTR−1CΩ+ΩCTR−1CΩ+DDT+ΣT(t)CTR−1CΣ(t)=AYY+YATY+DDT+ΣT(t)CTR−1CΣ(t)+[IΩ][0AATCTR−1C][IΩ]. |
The above equation indicates that
˙Y(t)≥AYY(t)+YATY(t),∀t∈[ts,k,ts,k+1),∀k∈{0,…,Ns}. |
Under the condition (37), we can obtain that
It can be observed from (40b) and (41b) that in the case of a typical LQ smoother (obtained by minimizing the cost function
Lemma 3: Consider the piece-wise fixed-point smoother given in Lemma 2 and the switching time instants given in (30). Consider also the differential equations (41) without the switches (42). The requirements (36) and (37) are guaranteed if
Pk=P(ts,k),Σk=Σ(ts,k)=Θk,Ωk=Ω(ts,k),∀k∈{0,…,Ns} | (47) |
where
P(tb)=Σ(tb)=Ω(tb)=Θk,∀k∈{0,…,Ns}. | (48) |
Moreover, the
σ_(Θk)≥ασ_(CR−1CT)σ_(C)σ_(e(A−P(ts,k+1)CTR−1C)(ts,k+1−tb)),∀k∈{0,1,…,Ns}. | (49) |
Proof: According to (47),
According to (40b), we can obtain that
∫Ttb|ˆy(tb|t)|2dt≥σ_2(CΣT(t)CTR−1C)|z(t)−ˆz(t)|2 |
which indicates that the
σ_2(CΣT(t)CTR−1C)≥α2,∀t∈[tb,T]. |
Based on the inequality
σ_2(Σ(t))≥α2σ_2(CTR−1C)σ_2(C),∀t∈[tb,T]. | (50) |
Let
˙X(t)=˙Σ(t)ΣT(t)+Σ(t)˙ΣT(t)=(A−P(t)CTR−1C)X(t)+X(t)(A−P(t)CTR−1C)T |
where the system
X(t)=e(A−P(t)CTR−1C)T(t−tb)X(tb)e(A−P(t)CTR−1C)(t−tb) | (51) |
which indicates that
σ_(X(ts,k+1))≥α2σ_2(CTR−1C)σ_2(C),∀k∈{0,1,…,Ns}. |
It then follows from (51) and
Subsequently, by synthesizing the results in Lemmas 2 and 3, a feasible solution to minimize
Theorem 3: Consider linear system
In this section, the detection residual
˙ez(t)=(A−P(t)CTR−1C)ez(t)+Dω(t)−P(t)CTR−1v(t) |
˙eϕ(t)=−ΣT(t)CTR−1Cez(t)−ΣT(t)CTR−1v(t) |
ey(t)=Ceϕ(t) |
where the initial conditions are
ˆr(tb|t)=r(tb)+Δy(tb|t)−ey(t). | (53) |
As in the case of fault diagnosis literature, the residual evaluation should ensure that in the non-attack case, the value of the evaluation function is close or equal to zero under ideal conditions (e.g., no disturbance, no noise and no modeling uncertainty). Thus, from (53), the evaluation function is proposed as follows:
ˆJ(tb|t)=|ˆr(tb|t)|−|r(tb)| | (54) |
where the correction term
Next, a bound
Lemma 4: Let
|Φk(t,τ)|≤βke−λk(t−τ),∀t,τ∈[ts,k,ts,k+1). | (55) |
Proof: Note that since the pair
In addition, the disturbance
Assumption 2: The disturbance
|ω(t)|≤ˉω,|v(t)|≤ˉv,∀t∈R+ | (56) |
where
Remark 7: Such an assumption is commonly used in anomaly diagnosis literature (see, e.g., [29], [32], [40]) for guaranteeing robustness and avoiding false alarms. The bound
In the following theorem, the adaptive threshold is presented.
Theorem 4 (Robustness): Consider closed-loop CPS
ˆJ(tb|t)≤ˆJth(t),∀t∈[ts,k,ts,k+1) | (57) |
where
εϕ,k(t)=εϕ,k−1(t−s,k)+|Σk|⋅|CTR−1|βk∫tts,ke−λk(τ−ts,k)(εz,k(τ)+ˉv)dτ | (58) |
εz,k(t)=βke−λk(t−ts,k)|ez(t−s,k)|+βk(|D|ˉω+|Pk|⋅|CTR−1|ˉv)λk(1−eλk(ts,k−t)). | (59) |
In the above equations,
Proof: Based on (53) and by using the triangle inequality, the evaluation
ˆJ(tb|t)≤|ey(t)|+|Δy(tb|t)|. | (60) |
Note that in the non-attack case,
ˆJth(t)=supΔy(tb|t)=0ˆJ(tb|t)=supΔy(tb|t)=0|ey(t)|. |
By solving the differential equation (52a),
ez(t)=Φk(t,ts,k)ez(t−s,k)+∫tts,kΦk(t,τ)(Dω(τ)−P(τ)CTR−1v(τ))dτ,∀t∈[ts,k,ts,k+1). |
Note that based on Theorem 3.1.1 in [44],
|ez(t)|≤βke−λk(t−ts,k)|ez(t−s,k)|+∫tts,kβke−λk(t−τ)(|D|ˉω+|Pk|×|CTR−1|ˉv)dτ=βke−λk(t−ts,k)|ez(t−s,k)|+βk(|D|ˉω+|Pk|×|CTR−1|ˉv)λk(1−eλk(ts,k−t)). |
Thus,
eϕ(t)=eϕ(t−s,k)−∫tts,kΣT(τ)CTR−1(ez(τ)+v(τ))dτ,∀t∈[ts,k,ts,k+1). |
Note that it follows from (51) that
|Σ(t)|=√|X(t)|=√|X(ts,k)|×|Φk(t,ts,k)|≤|Σk|βke−λk(t−ts,k),∀t∈[ts,k,ts,k+1). |
Thus, from
|eϕ(t)|≤|eϕ(t−s,k)|+|Σk|βk∫tts,ke−λk(τ−ts,k)|CTR−1|(εz,k(τ)+ˉv)dτ. |
Since
Remark 8: The threshold
Based on the residual
Td(tb)=inf{t>tb|ˆJ(tb|t)>ˆJth(t)}. | (61) |
In addition, as Fig. 3 shows, by combining the residuals
Algorithm 1 provides in concise form the steps required for implementing the smoother, generating the backward-in-time residual
Algorithm 1 Backward-in-Time Attack Detection Algorithm
1: procedure SMOOTHER(
2:
3: repeat // Lemma 3;
4: Choose
5:
6:
7:
8: until
9:
10: Solve differential equations in (41) for
11: return
12:
13: repeat
14:
15: Solve differential equations in (41) for
16: return
17:
18: until
19: Construct the smoother as follows: // (40);
20: end procedure
21: //
22: procedure RESIDUAL(
23: Residual
24: Evaluation
25: end procedure
26: //
27: procedure THRESHOLD(
28:
29: repeat
30: Determine
31: Determine
32: Calculate
33: until
34: Threshold
35: end procedure
36: //
37: procedure DECISION PRINCIPLE(
38: if
39: else no attack is detected;
40: end if
41: end procedure
In this section, the attack detectability of the developed backward-in-time detection methodology characterized by the residual
Theorem 5 (Detectability): Consider closed-loop CPS
t_{k}-t_b>+\dfrac{1}{\lambda_{0}}\ln\dfrac{\underline{\sigma}(C)\underline{\delta}}{k_{0}\left(J_{th}+2\hat{J}_{th}(T_d)+|r(t_b)|\right)} | (62) |
where
Proof: For
\begin{align} |\hat{r}(t_b|T_d)|\geq|r(t_b|T_d)|-|e_y(T_d)|. \end{align} | (63) |
From (54) and
|\hat{r}\left(t_b|T_d\right)|>J_{th}+\hat{J}_{th}(T_d). | (64) |
Then, from (63) and the fact that
\begin{align} |r(t_b|T_d)|>J_{th}+2\hat{J}_{th}(T_d). \end{align} | (65) |
By using the same reasoning logic with the proof of Theorem 2, we can obtain that for the fixed time instant
Theorem 5 is a theoretical result that cannot be checked a priori. It is important to note that according to Theorem 5, the attack detection by the developed implementable backward-in-time detection methodology, characterized by the residual
In this section, a numerical simulation example based on a linear time-invariant system in the form of system (1) is presented. The system matrices are given as follows:
\begin{split} &A = \left[ {\begin{matrix} -3.25&1&0\\ 1&-3&0\\ 0&0&0 \end{matrix}} \right],\; B = \left[ {\begin{matrix} 0\\ 0\\ 1 \end{matrix}} \right]\;\\ &C = \left[ {\begin{matrix} 0&1&1 \end{matrix}} \right],\; D = \left[ {\begin{matrix} 1.0000&0\\ 0&0\\ 1.6667&1.6667 \end{matrix}} \right] \end{split} |
where the pair (
\omega(t) = [0.2\sin(5t),0.1\sin(3t)]^T |
and the measurement noise
In this part, the intermittent integrity attack used in this simulation is given. The attacker is supposed to know the system matrices A, B and C, and is able to compromise all the sensors and actuators, i.e.,
t_1 = 1\, {{\rm{s}}},\;t_2 = 3\, {{\rm{s}}},\;t_3 = 5\, {{\rm{s}}},\;t_4 = 7 \,{{\rm{s}}},\;t_5 = 9 \,{{\rm{s}}},\;t_6 = 11 \,{{\rm{s}}},\;t_7 = 15 \,{{\rm{s}}} |
and the same dwell time is used for all attacks, i.e.,
F_k = \left[ \begin{array}{ccc} 0 & 0 & 1.200\\ 0 & 0 & -1.000 \end{array} \right],\; \forall\; k\in\{1,\ldots,6\}. |
According to the obtained
\Delta {\textit{z}}_1 = [0,0,-0.2091],\; \Delta {\textit{z}}_2 = [0,0,-0.2210] |
\Delta {\textit{z}}_3 = [0,0,-0.1191],\; \Delta {\textit{z}}_4 = [0,0,-0.1531] |
\Delta {\textit{z}}_5 = [0,0,-0.1531],\; \Delta {\textit{z}}_6 = [0,0,-0.1095]. |
Thus, the design parameters of the attack model (8) have been selected and the attack signals for the attack activating time interval
\begin{align*} {a_1}\left( t \right)& = {\left[ {0,-1.2919} \right]^T},\; k = 1,\; \forall t \in \left[ {2\,{\rm{s}},15\,{\rm{s}}} \right) \\ {a_2}\left( t \right)& = {\left[ {0,-1.2392} \right]^T},\; k = 2,\; \forall t \in \left[ {4\,{\rm{s}},15\,{\rm{s}}} \right) \\ {a_3}\left( t \right)& = {\left[ {0,-1.2060} \right]^T},\; k = 3,\; \forall t \in \left[ {6\,{\rm{s}},15\,{\rm{s}}} \right) \\ {a_4}\left( t \right)& = {\left[ {0,-1.0931} \right]^T},\; k = 4,\; \forall t \in \left[ {8\,{\rm{s}},15\,{\rm{s}}} \right) \\ {a_5}\left( t \right)& = {\left[ {0,-1.0931} \right]^T},\; k = 5,\; \forall t \in \left[ {10\,{\rm{s}},15\,{\rm{s}}} \right) \\ {a_6}\left( t \right)& = {\left[ {0,-1.2432} \right]^T},\; k = 6,\; \forall t \in \left[ {12\,{\rm{s}},15\,{\rm{s}}} \right). \end{align*} |
Thus, the intermittent integrity attack signal for the attack activating time interval
The attack signal and its effects on the system are shown in Figs. 4-6, respectively. As it is shown in Fig. 4, the attack signal
Fig. 7 illustrates the anomaly detection results using the equipped anomaly detector
Following Algorithm 1, the parameters for the SMOOTHER procedure are given as follows:
P_1 = \left[\begin{array}{ccc} 0.0162& 0.0025& 0.0484\\ 0.0027& 0.0008& 0.0153\\ 0.0544& 0.0101& 0.2307 \end{array}\right] |
\Sigma_1 = \left[\begin{array}{ccc} 0.0010& 0& 0\\ 0& 0.0182& 0\\ 0& 0& 29.232\\ \end{array}\right]. |
Furthermore,
The residual
In this paper, stealthy intermittent integrity attacks being stealthy with respect to typical anomaly detectors have been formulated. A backward-in-time detection residual that can accumulate at each attack activation time and is able to indicate the stealthy intermittent integrity attacks has been introduced. A fixed-point smoother has been designed as the backward-in-time estimator for estimating the unknown backward-in-time detection residual. A covariance matrix resetting technique has been applied in the design of the smoother to guarantee the required sensitivity to the attacks. The corresponding adaptive threshold generation scheme for detecting the stealthy intermittent integrity attacks has been designed, and the attack detectability has also been investigated rigorously. Some future research works are given as follows:
1) One of our studies work focuses on scheduling the attack pausing and resuming time instants such that the attack can cause significant damage to the system, and at the same time, achieve the power energy saving aim. Game theory may provide a way to solve the trade-off between damaging effects and energy saving [38].
2) Another future research direction involves the modification of typical fixed-point smoothers to improve the sensitivity to stealthy integrity attacks. The forgetting factor for the covariance matrix used in [51] is a potential way to achieve this improvement.
3) Resilience control against intermittent integrity attacks is also one potential research direction. Some control issues, such as quantized sensor measurements well handled by the model reference control methodologies in [52], [53] and high order nonlinearities in [54], [55] will be investigated.
4) Stealthy intermittent integrity attack generation and detection issues for nonlinear systems and large-scale systems such as in [56] will be considered in our future research. Note that a way for generating stealthy intermittent attacks for nonlinear systems and large-scale systems is to use the geometric approach proposed in [14].
Proof : Let
\begin{aligned} \Delta{\cal{W}}_{1}:&\; \left\{ \begin{aligned}\Delta\dot{x}_{1}(t)& = A\Delta x_{1}(t)+B_aa(t)\\ \Delta y_{1}(t)& = C\Delta x_{1}(t)+D_aa(t)\end{aligned}\right. \end{aligned} | (66) |
\begin{align} \Delta{\cal{W}}_{2}:&\; \left\{ \begin{aligned}\Delta\dot{x}_2(t)& = A\Delta x_2(t)+B\Delta u(t)\\ \Delta y_{2}(t)& = C\Delta x_2(t)\end{aligned}\right. \end{align} | (67) |
where
\begin{align} \Delta x(t)& = \Delta x_{1}(t)+\Delta {\textit{z}}(t) \;\;\;\end{align} | (68) |
\begin{align} \Delta y(t)& = \Delta y_{1}(t)+\Delta y_{2}(t). \end{align} | (69) |
Consider
\begin{align} {\cal{W}}^n_{1,k}:&\; \left\{ \begin{aligned}\dot{x}^n_{1,k}(t)& = Ax^n_{1,k}(t)+\sum\limits_{i = 1}^{k-1}B_aa_k(t)\\ y^n_{1,k}(t)& = Cx^n_{1,k}(t)+\sum\limits_{i = 1}^{k-1}D_aa_k(t)\end{aligned} \right. \end{align} | (70) |
\begin{align} {\cal{W}}^n_{2,k}:&\; \left\{ \begin{aligned} \dot{x}_{2,k}^n(t)& = Ax_{2,k}^n(t)+Bu_{k}^n(t)+D\omega(t)\\ y^n_{2,k}(t)& = Cx_{2,k}^n(t)+v(t) \end{aligned} \right. \end{align} | (71) |
where the initial conditions can be chosen as
Let
\begin{align} \Delta{\cal{W}}_{1,k}:&\; \left\{ \begin{aligned}\Delta\dot{x}_{1,k}(t)& = A\Delta x_{1,k}(t)+B_aa_k(t)\\ \Delta y_{1,k}(t)& = C\Delta x_{1,k}(t)+D_aa_k(t)\end{aligned}\right. \end{align} | (72) |
\begin{align} \Delta{\cal{W}}_{2,k}:&\; \left\{ \begin{aligned}\Delta\dot{x}_{2,k}(t)& = A\Delta x_{2,k}(t)+B\Delta u_{k}(t)\\ \Delta y_{2,k}(t)& = C\Delta x_{2,k}(t)\end{aligned}\right. \end{align} | (73) |
where
Therefore, based on the superposition principle for linear systems (
\begin{align} \Delta x_1(t)& = \sum\limits_{i = 1}^{k} \Delta x_{1,i}(t),\; \Delta x_2(t) = \sum\limits_{i = 1}^{k} \Delta x_{2,i}(t) \end{align} | (74) |
\begin{align} \Delta y(t)& = \sum\limits_{i = 1}^{k} \left(\Delta y_{1,i}(t)+\Delta y_{2,i}(t)\right),\; \forall\; t\in\Omega_{k}. \end{align} | (75) |
In the sequel, the responses of
1) Activating Time Interval
\begin{align*} &{\Delta\dot {\bar{x}}}_{1,k}(t) = A\Delta\bar{x}_{1,k}(t)\\ & {\dot \zeta_k}(t)= ({A + B_aF_k})\zeta_k(t)\\ &\Delta y_{1,k}(t) = C\Delta\bar{x}_{1,k}(t)+(C+D_aF_k)\zeta_k(t) \end{align*} |
where
\zeta_k(t)\in{\cal{V}}_0,\; (C+D_aF_k)\zeta_k(t) = 0,\; \forall\; t\in\Omega^{\mathrm{ac}}_k. |
Thus, we obtain
\Delta y_{1,k}(t) = 0,\; \forall\; t\in\Omega^{\mathrm{ac}}_k. | (76) |
2) Silence Time Interval
\Delta\dot{x}_{1,k}(t) = A\Delta x_{1,k}(t),\; \Delta x_{1,k}(t_k+\tau_k)\in{\cal{V}}_0. |
Also,
\begin{split} \Delta y_{1,k}(t_k+\tau_k)& = C\Delta x_{1,k}(t)+a_{y,k}((t_k+\tau_k)^-)\\ & = \Delta y_{1,k}((t_k+\tau_k)^-) = 0. \end{split} | (77) |
Thus, it follows from
\begin{align} \Delta\dot{y}_{1,k}(t) = CA\Delta x_{1,k}(t) = 0,\; \forall\; t\in\Omega^{\mathrm{si}}_k. \end{align} | (78) |
Thus, by combining (77) and (78), we have
\begin{align} \Delta y_{1,k}(t) = 0,\; \forall\; t\in\Omega^{\mathrm{si}}_k. \end{align} | (79) |
Hence, from the result (76) in the activating time interval and the result (79) in the silence time interval, we can conclude
\begin{equation*} \Delta y_{1,k}(t) = 0,\; \forall\; t\in\Omega^0_k. \end{equation*} |
Therefore, it follows from (75) that the change
Proof:
1) By using the transition matrix Φ in (17), the solution of the system
\Delta {\textit{z}}(t) = \Phi(t,t_k)\Delta {\textit{z}}_{k},\; \forall\; t\in\Omega_k. |
Thus, from Definition 1,
\begin{align} {\Delta {\textit{z}}}(t_b|t) = \Phi({t_b,t})\Phi(t,t_k)\Delta {\textit{z}}_{k} = \Phi(t_b,t_k)\Delta {\textit{z}}_{k},\; \forall\; t\in\Omega_k. \end{align} | (80) |
Since both
2) Since
3) From (80), for the consecutive attack slots
\begin{align*} \Delta {\textit{z}}(t_b|t)& = \Phi(t_b,t_k)\Delta {\textit{z}}_k,\; \forall\; t\in\Omega_{k}\\ \Delta {\textit{z}}(t_b|t)& = \Phi(t_b,t_{k+1})\Delta {\textit{z}}_{k+1},\; \forall\; t\in\Omega_{k+1}. \end{align*} |
By using
\begin{align*} \Delta {\textit{z}}(t_b|t) = \Phi(t_b,t_{k+1})\Phi(t_{k+1},t_{k})\Delta {\textit{z}}_{k},\; \forall\; t\in\Omega_{k}. \end{align*} |
Then, we can derive
\begin{align*} |\Delta {\textit{z}}(t_b|t)|^2&\leq\bar{\sigma}^2(\Phi(t_b,t_{k+1})|\Phi(t_{k+1},t_{k})\Delta {\textit{z}}_{k}|^2,\; \forall\; t\in\Omega_{k}\\ |\Delta {\textit{z}}(t_b|t)|^2&\geq\underline{\sigma}^2(\Phi(t_b,t_{k+1}))|\Delta {\textit{z}}_{k+1}|^2,\; \forall\; t\in\Omega_{k+1}. \end{align*} |
Hence,
Proof:
1) Based on Lemma 1, in the absence of the attack,
2) By using the reverse triangle inequality and based on (21) and (22), a sufficient condition to guarantee
|C\Delta {\textit{z}}({t_b}|t)|> \dfrac{J_{th}+|r(t_b)|}{\underline{\sigma}(C)},\; \forall\; t\in\bigcup\limits_{i = k}^{N_a}\Omega_i. | (81) |
Note that based on result 1) in Lemma 1,
|\Delta {\textit{z}}({t_b}|t_k)|> \dfrac{J_{th}+|r(t_b)|}{\underline{\sigma}(C)}. | (82) |
Based on Definition 1, we can write
|\Phi(t_{k},t_b)|< \dfrac{\underline{\sigma}(C)|\Delta {\textit{z}}_k|}{J_{th}+|r(t_b)|}. | (83) |
Note that according to [40], for the Hurwitz matrix
\begin{equation*} |\Phi(t_{k},t_b)|\leq k_{0} e^{-\lambda_{0}(t_{k}-t_b)}. \end{equation*} |
Thus, the time
[1] |
A. A. Cardenas, S. Amin, and S. Sastry, “Secure control: Towards survivable cyber-physical systems,” in Proc. 28th Int. Conf. Distributed Computing Systems Workshops, Beijing, China, 2008, pp. 495–500.
|
[2] |
S. M. Dibaji, M. Pirani, D. B. Flamholz, A. M. Annaswamy, K. H. Johansson, and A. Chakrabortty, “A systems and control perspective of CPS security,” Annu. Rev. Control, vol. 47, pp. 394–411, Jan. 2019. doi: 10.1016/j.arcontrol.2019.04.011
|
[3] |
V. L. Do, L. Fillatre, I. Nikiforov, and P. Willett, “Security of SCADA systems against cyber-physical attacks,” IEEE Aerosp. Electron. Syst. Mag., vol. 32, no. 5, pp. 28–45, May 2017. doi: 10.1109/MAES.2017.160047
|
[4] |
A. Hobbs, “The colonial pipeline hack: Exposing vulnerabilities in U.S. cybersecurity,” 2021. [Online]. Available: https://sk.sagepub.com/cases/colonial-pipeline-hack-exposing-vulnerabilities-us-cybersecurity.
|
[5] |
W. L. Duo, M. C. Zhou, and A. Abusorrah, “A survey of cyber attacks on cyber physical systems: Recent advances and challenges,” IEEE/CAA J. Autom. Sinica, vol. 9, no. 5, pp. 784–800, May 2022. doi: 10.1109/JAS.2022.105548
|
[6] |
Y. L. Mo and B. Sinopoli, “Secure control against replay attacks,” in Proc. 47th Annu. Allerton Conf. Communication, Control, and Computing, Monticello, USA, 2009, pp. 911–918.
|
[7] |
R. S. Smith, “Covert misappropriation of networked control systems: Presenting a feedback structure,” IEEE Control Syst. Mag., vol. 35, no. 1, pp. 82–92, Feb. 2015. doi: 10.1109/MCS.2014.2364723
|
[8] |
A. Barboni, H. Rezaee, F. Boem, and T. Parisini, “Detection of covert cyber-attacks in interconnected systems: A distributed model-based approach,” IEEE Trans. Autom. Control, vol. 65, no. 9, pp. 3728–3741, Sept. 2020. doi: 10.1109/TAC.2020.2998765
|
[9] |
A. Teixeira, I. Shames, H. Sandberg, and K. H. Johansson, “A secure control framework for resource-limited adversaries,” Automatica, vol. 51, pp. 135–148, Jan. 2015. doi: 10.1016/j.automatica.2014.10.067
|
[10] |
Q. R. Zhang, K. Liu, D. Y. Han, G. Z. Su, and Y. Q. Xia, “Design of stealthy deception attacks with partial system knowledge,” IEEE Trans. Autom. Control, vol. 68, no. 2, pp. 1069–1076, Feb. 2023. doi: 10.1109/TAC.2022.3146079
|
[11] |
A. Teixeira, K. C. Sou, H. Sandberg, and K. H. Johansson, “Secure control systems: A quantitative risk management approach,” IEEE Control Syst. Mag., vol. 35, no. 1, pp. 24–45, Feb. 2015. doi: 10.1109/MCS.2014.2364709
|
[12] |
H. S. Sánchez, D. Rotondo, T. Escobet, V. Puig, and J. Quevedo, “Bibliographical review on cyber attacks from a control oriented perspective,” Annu. Rev. Control, vol. 48, pp. 103–128, Sept. 2019. doi: 10.1016/j.arcontrol.2019.08.002
|
[13] |
T. Y. Zhang and D. Ye, “False data injection attacks with complete stealthiness in cyber-physical systems: A self-generated approach,” Automatica, vol. 120, p. 109117, Oct. 2020. doi: 10.1016/j.automatica.2020.109117
|
[14] |
K. K. Zhang, C. Keliris, T. Parisini, and M. M. Polycarpou, “Stealthy integrity attacks for a class of nonlinear cyber-physical systems,” IEEE Trans. Autom. Control, vol. 67, no. 12, pp. 6723–6730, Dec. 2022. doi: 10.1109/TAC.2021.3131656
|
[15] |
A. Y. Lu and G. H. Yang, “Input-to-state stabilizing control for cyber-physical systems with multiple transmission channels under denial of service,” IEEE Trans. Autom. Control, vol. 63, no. 6, pp. 1813–1820, 2018. doi: 10.1109/TAC.2017.2751999
|
[16] |
H. Zhang, P. Cheng, L. Shi, and J. M. Chen, “Optimal denial-of-service attack scheduling with energy constraint,” IEEE Trans. Autom. Control, vol. 60, no. 11, pp. 3023–3028, Nov. 2015. doi: 10.1109/TAC.2015.2409905
|
[17] |
H. Zhang, Y. F. Qi, J. F. Wu, L. K. Fu, and L. D. He, “DoS attack energy management against remote state estimation,” IEEE Trans. Control Netw. Syst., vol. 5, no. 1, pp. 383–394, Mar. 2018. doi: 10.1109/TCNS.2016.2614099
|
[18] |
S. Amin, A. A. Cárdenas, and S. S. Sastry, “Safe and secure networked control systems under denial-of-service attacks,” in Proc. 12th Int. Workshop on Hybrid Systems: Computation and Control, San Francisco, USA, 2009, pp. 31–45.
|
[19] |
A. Teixeira, I. Shames, H. Sandberg, and K. H. Johansson, “Revealing stealthy attacks in control systems,” in Proc. 50th Annu. Allerton Conf. Communication, Control, and Computing, Monticello, USA, 2012, pp. 1806–1813.
|
[20] |
F. Pasqualetti, F. Dörfler, and F. Bullo, “Attack detection and identification in cyber-physical systems,” IEEE Trans. Autom. Control, vol. 58, no. 11, pp. 2715–2729, Nov. 2013. doi: 10.1109/TAC.2013.2266831
|
[21] |
R. S. Smith, “A decoupled feedback structure for covertly appropriating networked control systems,” IFAC Proc. Vol., vol. 44, no. 1, pp. 90–95, Jan. 2011. doi: 10.3182/20110828-6-IT-1002.01721
|
[22] |
Y. B. Mao, H. Jafarnejadsani, P. Zhao, E. Akyol, and N. Hovakimyan, “Novel stealthy attack and defense strategies for networked control systems,” IEEE Trans. Autom. Control, vol. 65, no. 9, pp. 3847–3862, Sept. 2020. doi: 10.1109/TAC.2020.2997363
|
[23] |
Y. L. Mo, R. Chabukswar, and B. Sinopoli, “Detecting integrity attacks on SCADA systems,” IEEE Trans. Control Syst. Technol., vol. 22, no. 4, pp. 1396–1407, Jul. 2014. doi: 10.1109/TCST.2013.2280899
|
[24] |
R. M. G. Ferrari and A. M. H. Teixeira, “A switching multiplicative watermarking scheme for detection of stealthy cyber-attacks,” IEEE Trans. Autom. Control, vol. 66, no. 6, pp. 2558–2573, Jun. 2021. doi: 10.1109/TAC.2020.3013850
|
[25] |
A. Hoehn and P. Zhang, “Detection of covert attacks and zero dynamics attacks in cyber-physical systems,” in Proc. American Control Conf., Boston, USA, 2016, pp. 302–307.
|
[26] |
S. Weerakkody and B. Sinopoli, “Detecting integrity attacks on control systems using a moving target approach,” in Proc. 54th IEEE Conf. Decision and Control, Osaka, Japan, 2015, pp. 5820–5826.
|
[27] |
P. Griffioen, S. Weerakkody, and B. Sinopoli, “A moving target defense for securing cyber-physical systems,” IEEE Trans. Autom. Control, vol. 66, no. 5, pp. 2016–2031, May 2021. doi: 10.1109/TAC.2020.3005686
|
[28] |
M. M. Polycarpou and A. J. Helmicki, “Automated fault detection and accommodation: A learning systems approach,” IEEE Trans. Syst. Man Cybern., vol. 25, no. 11, pp. 1447–1458, Nov. 1995. doi: 10.1109/21.467710
|
[29] |
S. X. Ding, Model-Based Fault Diagnosis Techniques: Design Schemes, Algorithms, and Tools. 2nd ed. London, UK: Springer, 2013.
|
[30] |
M. Blanke, M. Kinnaert, J. Lunze, and M. Staroswiecki, Diagnosis and Fault-Tolerant Control. 2nd ed. Berlin, Germany: Springer, 2006.
|
[31] |
Y. K. Wu, B. Jiang, and N. Y. Lu, “A descriptor system approach for estimation of incipient faults with application to high-speed railway traction devices,” IEEE Trans. Syst. Man Cybern. Syst., vol. 49, no. 10, pp. 2108–2118, Oct. 2019. doi: 10.1109/TSMC.2017.2757264
|
[32] |
K. K. Zhang, B. Jiang, X. G. Yan, and Z. H. Mao, “Incipient fault detection for traction motors of high-speed railways using an interval sliding mode observer,” IEEE Trans. Intell. Transport. Syst., vol. 20, no. 7, pp. 2703–2714, Jul. 2019. doi: 10.1109/TITS.2018.2878909
|
[33] |
C. Keliris, M. M. Polycarpou, and T. Parisini, “An integrated learning and filtering approach for fault diagnosis of a class of nonlinear dynamical systems,” IEEE Trans. Neural Netw. Learning Syst., vol. 28, no. 4, pp. 988–1004, Apr. 2017. doi: 10.1109/TNNLS.2015.2504418
|
[34] |
M. Taheri, K. Khorasani, I. Shames, and N. Meskin, Cyber Attack and machine induced fault detection and isolation methodologies for cyber-physical systems, 2020. [Online]. Available: https://arxiv.org/abs/2009.06196.
|
[35] |
K. K. Zhang, M. M. Polycarpou, and T. Parisini, “Enhanced anomaly detector for nonlinear cyber-physical systems against stealthy integrity attacks,” IFAC-PapersOnLine, vol. 53, no. 2, pp. 13682–13687, Jan. 2020. doi: 10.1016/j.ifacol.2020.12.870
|
[36] |
K. K. Zhang, C. Keliris, M. M. Polycarpou, and T. Parisini, “Detecting stealthy integrity attacks in a class of nonlinear cyber-physical systems: A backward-in-time approach,” Automatica, vol. 141, p. 110262, Jul. 2022. doi: 10.1016/j.automatica.2022.110262
|
[37] |
E. Kontouras, A. Tzes, and L. Dritsas, “Hybrid detection of intermittent cyber-attacks in networked power systems,” Energies, vol. 12, no. 24, p. 4625, Dec. 2019. doi: 10.3390/en12244625
|
[38] |
S. Gao, H. Zhang, Z. P. Wang, C. Huang, and H. C. Yan, “Optimal injection attack strategy for cyber-physical systems under resource constraint: A game approach,” IEEE Trans. Control Netw. Syst., to be published.
|
[39] |
J. Chen and R. J. Patton, Robust Model-Based Fault Diagnosis for Dynamic Systems. Springer, 2012.
|
[40] |
X. D. Zhang, M. M. Polycarpou, and T. Parisini, “Fault diagnosis of a class of nonlinear uncertain systems with Lipschitz nonlinearities using adaptive estimation,” Automatica, vol. 46, no. 2, pp. 290–299, 2010. doi: 10.1016/j.automatica.2009.11.014
|
[41] |
K. K. Zhang, B. Jiang, X. G. Yan, and J. Shen, “Interval sliding mode observer based incipient sensor fault detection with application to a traction device in China railway high-speed,” IEEE Trans. Veh. Technol., vol. 68, no. 3, pp. 2585–2597, 2019. doi: 10.1109/TVT.2019.2894670
|
[42] |
M. Basseville and I. V. Nikiforov, Detection of Abrupt Changes: Theory and Application. Englewood Cliffs: Prentice-Hall, 1993.
|
[43] |
B. D. Anderson and J. B. Moore, Optimal Filtering. North Chelmsford, USA: Courier Corporation, 2012.
|
[44] |
M. Green and D. J. N. Limebeer, Linear Robust Control. New York, USA: Dover Publications, 2012.
|
[45] |
D. Simon, Optimal State Estimation: Kalman, H∞, and Nonlinear Approaches. Hoboken, USA: John Wiley & Sons, 2006.
|
[46] |
G. A. Einicke, Smoothing, Filtering and Prediction: Estimating the Past, Present and Future. Rijeka: IntechOpen, 2012.
|
[47] |
X. B. Li and K. M. Zhou, “A time domain approach to robust fault detection of linear time-varying systems,” Automatica, vol. 45, no. 1, pp. 94–102, Jan. 2009. doi: 10.1016/j.automatica.2008.07.017
|
[48] |
R. N. Banavar and J. L. Speyer, “A linear-quadratic game approach to estimation and smoothing,” in Proc. American Control Conf., Boston, USA, 1991, pp. 2818–2822.
|
[49] |
H. Abou-Kandil, G. Freiling, V. Ionescu, and G. Jank, Matrix Riccati Equations in Control and Systems Theory. Birkhäuser Verlag, Basel, 2012.
|
[50] |
G. Basile and G. Marro, Controlled and Conditioned Invariants in Linear System Theory. Englewood Cliffs: Prentice Hall, 1992.
|
[51] |
Q. J. Xia, M. Rao, Y. Q. Ying, and X. M. Shen, “Adaptive fading Kalman filter with an application,” Automatica, vol. 30, no. 8, pp. 1333–1338, Aug. 1994. doi: 10.1016/0005-1098(94)90112-0
|
[52] |
Y. J. Zhang, J. F. Zhang, X. K. Liu, and Z. Liu, “Quantized-output feedback model reference control of discrete-time linear systems,” Automatica, vol. 137, p. 110027, Mar. 2022. doi: 10.1016/j.automatica.2021.110027
|
[53] |
J. Guo, Y. J. Zhang, J. F. Zhang, and X. K. Liu, “Finite quantized-output feedback tracking control of possibly non-minimum phase linear systems,” IEEE Control Syst. Lett., vol. 6, pp. 2407–2412, Mar. 2022. doi: 10.1109/LCSYS.2022.3159130
|
[54] |
M. L. Lv, W. W. Yu, J. D. Cao, and S. Baldi, “A separation-based methodology to consensus tracking of switched high-order nonlinear multiagent systems,” IEEE Trans. Neural Netw. Learn. Syst., vol. 33, no. 10, pp. 5467–5479, Oct. 2022. doi: 10.1109/TNNLS.2021.3070824
|
[55] |
M. L. Lv, B. De Schutter, C. Shi, and S. Baldi, “Logic-based distributed switching control for agents in power-chained form with multiple unknown control directions,” Automatica, vol. 137, p. 110143, Mar. 2022. doi: 10.1016/j.automatica.2021.110143
|
[56] |
Y. Liu, D. Y. Yao, L. J. Wang, and S. J. Lu, “Distributed adaptive fixed-time robust platoon control for fully heterogeneous vehicles,” IEEE Trans. Syst. Man Cybern. Syst., vol. 53, no. 1, pp. 264–274, Jan. 2023. doi: 10.1109/TSMC.2022.3179444
|
[1] | Mengli Wei, Wenwu Yu, Duxin Chen, Mingyu Kang, Guang Cheng. Privacy Distributed Constrained Optimization Over Time-Varying Unbalanced Networks and Its Application in Federated Learning[J]. IEEE/CAA Journal of Automatica Sinica, 2025, 12(2): 335-346. doi: 10.1109/JAS.2024.124869 |
[2] | Xuyang Wang, Dengxiu Yu, Xiaodi Li. Impulsive Consensus of MASs With Input Saturation and DoS Attacks[J]. IEEE/CAA Journal of Automatica Sinica, 2025, 12(2): 414-424. doi: 10.1109/JAS.2024.124944 |
[3] | Shouyan Chen, Weitian He, Zhijia Zhao, Yun Feng, Zhijie Liu, Keum-Shik Hong. Adaptive Control of a Flexible Manipulator With Unknown Hysteresis and Intermittent Actuator Faults[J]. IEEE/CAA Journal of Automatica Sinica, 2025, 12(1): 148-158. doi: 10.1109/JAS.2024.124653 |
[4] | Xiang Chen, Yujuan Wang, Yongduan Song. Unifying Fixed Time and Prescribed Time Control for Strict-Feedback Nonlinear Systems[J]. IEEE/CAA Journal of Automatica Sinica, 2025, 12(2): 347-355. doi: 10.1109/JAS.2024.124401 |
[5] | Ruotian Liu, Yihui Hu, Agostino Marcello Mangini, Maria Pia Fanti. K-Corruption Intermittent Attacks for Violating the Codiagnosability[J]. IEEE/CAA Journal of Automatica Sinica, 2025, 12(1): 159-172. doi: 10.1109/JAS.2024.124680 |
[6] | Feisheng Yang, Jiaming Liu, Xiaohong Guan. Distributed Fixed-Time Optimal Energy Management for Microgrids Based on a Dynamic Event-Triggered Mechanism[J]. IEEE/CAA Journal of Automatica Sinica, 2024, 11(12): 2396-2407. doi: 10.1109/JAS.2024.124686 |
[7] | Dan Zhang, Jiabin Hu, Jun Cheng, Zheng-Guang Wu, Huaicheng Yan. A Novel Disturbance Observer Based Fixed-Time Sliding Mode Control for Robotic Manipulators With Global Fast Convergence[J]. IEEE/CAA Journal of Automatica Sinica, 2024, 11(3): 661-672. doi: 10.1109/JAS.2023.123948 |
[8] | Mahdi Taheri, Khashayar Khorasani, Nader Meskin. On Zero Dynamics and Controllable Cyber-Attacks in Cyber-Physical Systems and Dynamic Coding Schemes as Their Countermeasures[J]. IEEE/CAA Journal of Automatica Sinica, 2024, 11(11): 2191-2203. doi: 10.1109/JAS.2024.124692 |
[9] | Xinli Shi, Xiangping Xu, Guanghui Wen, Jinde Cao. Fixed-Time Gradient Flows for Solving Constrained Optimization: A Unified Approach[J]. IEEE/CAA Journal of Automatica Sinica, 2024, 11(8): 1849-1864. doi: 10.1109/JAS.2023.124089 |
[10] | Xiangmin Tan, Chunyan Hu, Guanzhen Cao, Qinglai Wei, Wei Li, Bo Han. Fixed-Time Antidisturbance Consensus Tracking for Nonlinear Multiagent Systems With Matching and Mismatching Disturbances[J]. IEEE/CAA Journal of Automatica Sinica, 2024, 11(6): 1410-1423. doi: 10.1109/JAS.2024.124461 |
[11] | Jianquan Yang, Chunxi Yang, Xiufeng Zhang, Jing Na. Fixed-Time Sliding Mode Control With Varying Exponent Coefficient for Modular Reconfigurable Flight Arrays[J]. IEEE/CAA Journal of Automatica Sinica, 2024, 11(2): 514-528. doi: 10.1109/JAS.2023.123645 |
[12] | Qiuyu Zhang, Lipeng Wang, Hao Meng, Wen Zhang, Genghua Huang. A LiDAR Point Clouds Dataset of Ships in a Maritime Environment[J]. IEEE/CAA Journal of Automatica Sinica, 2024, 11(7): 1681-1694. doi: 10.1109/JAS.2024.124275 |
[13] | Qun Lu, Xiang Wu, Jinhua She, Fanghong Guo, Li Yu. Disturbance Rejection for Systems With Uncertainties Based on Fixed-Time Equivalent-Input-Disturbance Approach[J]. IEEE/CAA Journal of Automatica Sinica, 2024, 11(12): 2384-2395. doi: 10.1109/JAS.2024.124650 |
[14] | Dongdong Yue, Simone Baldi, Jinde Cao, Qi Li, Bart De Schutter. Distributed Adaptive Resource Allocation: An Uncertain Saddle-Point Dynamics Viewpoint[J]. IEEE/CAA Journal of Automatica Sinica, 2023, 10(12): 2209-2221. doi: 10.1109/JAS.2023.123402 |
[15] | Yongbao Wu, Ziyuan Sun, Guangtao Ran, Lei Xue. Intermittent Control for Fixed-Time Synchronization of Coupled Networks[J]. IEEE/CAA Journal of Automatica Sinica, 2023, 10(6): 1488-1490. doi: 10.1109/JAS.2023.123363 |
[16] | Jiayu Chai, Qiang Lu, Xudong Tao, Dongliang Peng, Botao Zhang. Dynamic Event-Triggered Fixed-Time Consensus Control and Its Applications to Magnetic Map Construction[J]. IEEE/CAA Journal of Automatica Sinica, 2023, 10(10): 2000-2013. doi: 10.1109/JAS.2023.123444 |
[17] | Hongru Ren, Hui Ma, Hongyi Li, Zhenyou Wang. Adaptive Fixed-Time Control of Nonlinear MASs With Actuator Faults[J]. IEEE/CAA Journal of Automatica Sinica, 2023, 10(5): 1252-1262. doi: 10.1109/JAS.2023.123558 |
[18] | Xiaohua Ge, Qing-Long Han, Qing Wu, Xian-Ming Zhang. Resilient and Safe Platooning Control of Connected Automated Vehicles Against Intermittent Denial-of-Service Attacks[J]. IEEE/CAA Journal of Automatica Sinica, 2023, 10(5): 1234-1251. doi: 10.1109/JAS.2022.105845 |
[19] | Ruizhuo Song, Liao Zhu. Optimal Fixed-Point Tracking Control for Discrete-Time Nonlinear Systems via ADP[J]. IEEE/CAA Journal of Automatica Sinica, 2019, 6(3): 657-666. doi: 10.1109/JAS.2019.1911453 |
[20] | Wenhui Liu, Feiqi Deng, Jiarong Liang, Haijun Liu. Distributed Average Consensus in Multi-agent Networks with Limited Bandwidth and Time-delays[J]. IEEE/CAA Journal of Automatica Sinica, 2014, 1(2): 193-203. |