Secure distributed adaptive optimal coordination of nonlinear cyber-physical systems with attack diagnosis
aa r X i v : . [ ee ss . S Y ] S e p Secure distributed adaptive optimal coordination ofnonlinear cyber-physical systems with attack diagnosis ⋆ Liwei An a , Guang-Hong Yang a , b a College of Information Science and Engineering, Northeastern University, Shenyang 110819, P.R.China b State Key Laboratory of Synthetical Automation for Process Industries, Northeastern University, Shenyang 110819, P.R.China
Abstract
This paper studies the problem of distributed optimal coordination (DOC) for a class of nonlinear large-scale cyber-physicalsystems (CPSs) in the presence of cyber attacks. A secure DOC architecture with attack diagnosis is proposed that guaranteesthe attack-free subsystems to achieve the output consensus which minimizes the sum of their objective functions, while theattacked subsystems converge to preset secure states. A two-layer DOC structure is established with emphasis on the interactionsbetween cyber and physical layers, where a command-driven control law is designed that generates provable optimal outputconsensus. Differing from the existing fault diagnosis methods which are generally applicable to given failure types, the focus ofthe attack diagnosis is to achieve detection and isolation for arbitrary malicious behaviors. To this end, double coupling residualsare generated by a carefully-designed distributed filter. The adaptive thresholds with prescribed performance are designedto enhance the detectability and isolability. It is theoretically guaranteed that any attack signal cannot bypass the designedattack diagnosis methodology to destroy the convergence of the DOC algorithm, and the locally-occurring detectable attackcan be isolated from the propagating attacks from neighboring subsystems. Simulation results for the motion coordination ofmultiple remotely operated underwater vehicles illustrate the effectiveness of the proposed architecture.
Key words:
Cyber-physical systems, distributed optimization, attack diagnosis, nonlinear systems, adaptive control.
Recently, Cyber-Physical Systems (CPSs), which closelyconnect cyber and physical worlds, have gained muchresearch interest in many fields, such as computer field,control field, battle field. By utilizing the close interac-tion between cyber and physical parts, the “intelligence”of physical systems can be sufficiently enhanced in orderto fulfil some complex, precise or dangerous tasks, suchas remote diagnosis, deep sea exploration [1]. However,the networked connection between cyber and physicalparts also often leads to large attack space, such thatthe CPSs are vulnerable to various types of adversarialattacks. Some famous examples such as the Maroochywater breach [2] and Stuxnet [3] indicate the CPS secu-rity as a fundamental issue to be studied.With potential applications of distributed optimiza- ⋆ This paper was not presented at any IFAC meeting. Cor-responding author: Guang-Hong Yang. Tel. +XXXIX-VI-mmmxxi. Fax +XXXIX-VI-mmmxxv.
Email addresses: [email protected] (Liwei An), [email protected] (Guang-Hong Yang). tion in large-scale CPSs [21], many important resultson discrete- or continuous-time DO algorithms havebeen reported [4,5,6,7,8]. In these algorithms, each in-dividual (or said agent in multi-agent systems) onlyperforms the designed optimization dynamics, ignoringits own dynamics. Note that the physical dynamic sys-tems are usually indispensable parts for achieving DOtask, such as the cooperative search of radio sources[9], the motion coordination [14] and the distributedoptimal power flow [10,11]. Hence, it is relevant tostudy the distributed optimization problems togetherwith physical dynamics, termed distributed optimal co-ordination (DOC) . In fact, the DOC can be completedbased on the CPS architecture by effectively combiningof cyber computation/communication and physical dy-namics/control [12]. Recently, many important resultsfor DOC have been reported for multi-agent systemwith various physical dynamics by designing integratedclosed-loop control laws, such as integrator-type dynam-ics [13,14,15], continuous-time linear dynamics [16,17],Euler-Lagrangian dynamics [12]. More references forDOC can be found in [18]. Motivated by these andconsidering the non-ignorable nonlinear uncertain dy-namics in many physical agents [40,41,12], this paper
Preprint submitted to Automatica 29 September 2020 nvestigates the DOC problem for a class of certainnonlinear large-scale systems on the CPS platforms.Given the growing threat of malicious attacks in large-scale (and safety-critical) CPSs, the vulnerability ofconsensus-based DOC algorithms is also with respect tocyber attacks. Hence, the other main objective of thispaper is to address the issue of security of consensus-based DOC dynamics by providing certain safety guar-antees based on attack diagnosis. The recent works[20,21,22] also consider the problem of resilient DO un-der different adversarial models than the ones that weconsider here, and the agent’s own physical dynamicsis not considered there. Other related important workson distributed/decentralized sensor fault diagnosis andsecure state estimation against sensor attacks for large-scale CPSs have been reported in [24,25,26,27,28,29,30].In the existing fault diagnosis and fault-tolerant results,the fault detectors are in general designed for given fail-ure types [42,43], such as loss of effectiveness [27], biasfaults [24,25,26]. As we will see later, in our problem for-mulation the attack model can be considered to containinfinite number of failure types and one cannot afford toconstruct a fault detector for each possible failure type.In [28,29,30], the attack-resilient mechanisms are de-signed in the presence of arbitrary adversarial behaviorsunder the framework of distributed estimation, outsideof DOC framework.In this paper, we propose a secure DOC architecture fora class of nonlinear large-scale CPSs in the presence ofcyber attacks. The overall architecture consists of cy-ber and physical parts, and each physical subsystem ismodeled as a nonlinear parametric strict-feedback sys-tem equipped with a dedicated decision-making agentin the cyber superstratum. The cyber core (multi-agentnetwork) focuses on the design of DOC and attack diag-nosis, and the physical part performs the correspondingoptimization task following the cyber-core control com-mand. The objective is to steer the physical systems toachieve the output consensus at the minimizer of a giventeam performance function in a distributed fashion andprovide certain safety guarantees based on attack diag-nosis. The contributions of this paper are threefold.The first contribution of this paper is, differing from theexisting integrated closed-loop control schemes proposedin [12,13,14,15,16,17], to propose a two-layer DOC struc-ture where the cyber-layer optimizer generates a con-trol command which is transmitted to the physical-layercontrol for local regulation. To overcome the difficultycaused by the dynamic mismatch between the tradi-tional DO algorithms [4,5,6,7,8] and adaptive backstep-ping control systems [36,37,38,39], a novel command-driven control strategy is designed. It is proved that theproposed algorithm ensures all subsystems to achievethe optimal consensus under the healthy (attack-free)environment. As the second contribution, we provide the design andanalysis of an attack detection and isolation (ADI)methodology. The existing fault diagnosis schemes areusually designed for given fault types [42,43] and can-not guarantee the detectability for arbitrary maliciousbehaviors in theory. Also, due to the coupling effects ofmultiple propagated attacks on the physical dynamicsand cyber dynamics which are interacted, the attackisolation becomes more challenging. To this end, doublecoupling residuals and analytical redundancy relations(ARRs) are generated by a carefully-designed dis-tributed filter. The adaptive thresholds with prescribedperformance are designed to enhance the detectabilityand isolability. It is theoretically guaranteed that any attack signal cannot bypass the ADI methodology todestroy the convergence of the DOC algorithm, andthe locally-occurring detectable attacks can be isolatedfrom the propagating attacks from the neighboringsubsystems.The last contribution is to develop a secure version of theDOC protocol based on the ADI methodology, which canprovide a safety guarantee in the sense that the healthyphysical subsystems (satisfying ARRs) reach the outputconsensus at the optimal solution of the sum of their ob-jective functions, while the attacked physical subsystems(not satisfying ARRs) converge to preset secure states.
The symbols R and B denote the set of real and Booleannumbers, respectively. C nm represents the set of n -orderdifferentiable m -dimension function vectors. The cardi-nality of a set S is denoted by | S | . ⊗ and ◦ stand forthe Kronecker product and Hadamard product, respec-tively. For a given time interval Ξ, ν (Ξ) represents itsLebesgue measure. sgn( · ) represents the sign function.Denote 1 N = [1 , · · · , T ∈ R N . For a vector sequence { Y ( j ) } Nj =1 , we denote the notation Y = vec( Y (1) , · · · ,Y ( N ) ) if not specified. A weighted undirected graph G = ( V , E , A ) consists of N vertices (or nodes, or agents in multi-agent networks) V = { v , · · · , v N } , a set of edges (or links) E ⊂ V ×V andan adjacency matrix A = { w ij } N × N with nonnegativeelement w ij > v i , v j ) ∈ E and w ij = 0 otherwise.The neighbors of vertex v i ∈ V are denoted by the set N i = { v j ∈ V : ( v j , v i ) ∈ E} . The Laplacian matrix L = ( l ij ) N × N associated with graph G is defined as l ii = P Nj =1 w ij and l ij = − w ij for i = j . For an undirectedgraph, the matrix L is symmetric and semi-positive. Apath from vertex v i to vertex v j in graph G is a sequence2f edges ( v i , v i ) , ( v i , v i ) , · · · , ( v i k , v j ) in the graph withdistinct nodes v i k ∈ V . An undirected graph is connectedif there is a path from every vertex to other vertex in thegraph. Consider a CPS consisting of N subsystems, which aimsat achieving the DOC task. The j th subsystem, j =1 , · · · , N is described by the pair ( P ( j ) , C ( j ) ), where C ( j ) denotes the cyber part which is responsible for taskdecision-making, while P ( j ) denotes the physical partwhich is responsible for task execution. The physical part P ( j ) is modeled as a nonlinear dynamical systemΣ ( j ) : ˙ x ( j ) i ( t ) = x ( j ) i +1 ( t ) + ϕ ( j ) i (¯ x ( j ) i ( t )) θ j ˙ x ( j ) n ( t ) = β j u ( j ) ( t ) + ϕ ( j ) n ( x ( j ) ( t )) θ j ,y ( j ) ( t ) = x ( j )1 ( t ) + a ( j ) ( t ) (1)where i = 1 , · · · , n − x ( j ) i ( t ) ∈ R m , ¯ x ( j ) i ( t ) =vec( x ( j )1 ( t ) , · · · , x ( j ) i ( t )) ∈ R im , x ( j ) ( t ) = vec( x ( j )1 ( t ) , · · · ,x ( j ) n ( t )) ∈ R nm is the measurable state; u ( j ) ( t ) ∈ R m isthe control input; ϕ ( j ) i (¯ x ( j ) ( t )) ∈ R m × p and β j ∈ R m × m are known nonsingular matrix; θ j ∈ R p is unknown con-stant; y ( j ) ( t ) ∈ R m is the output measurement trans-mitted to the cyber superstratum through a wirelessnetwork channel and a ( j ) ( t ) ∈ R m denotes the cyber at-tacks corrupting the sensor transmitting signal. In par-ticular, in order to provide security guarantees against worst case adversarial behavior, we allow the adversarialattacker to know the overall system model, system state,control input and the possible fault detector D (e.g.,distributed adaptive observers [24,25,26]) equipped onthe CPS. Thus, the attack signal can be modeled as a ( j ) ( t ) = κ ( j ) ( t − T ( j ) a ) φ ( j ) ( x ( t ) , u ( t ) , D , t − T ( j ) a )where κ ( j ) ( t ) is the time profile and φ ( j ) ( · , · , · , · ) ∈ R m isan unknown function that occurs at the unknown timeinstant T ( j ) a . We make no assumption on φ ( j ) ( · , · , · , · ),which may be any (such as unbounded, discontinuous)function vector. The time profile of the attack is mod-eled as κ ( j ) ( r ) = 0 if r < κ ( j ) ( r ) = 1 otherwise.Multiple cyber attacks may occur simultaneously or se-quentially, for example, T (1) a ≤ · · · ≤ T ( j ′ ) a with j ′ ≤ N . Remark 1.
System (1) can represent many practicalsystems such as mobile robots, chemical reactors, windtunnels, and autonomous vehicles [36]. Some extensiveresearches for system (1) in presence of external dis-turbances, actuator failures, etc., have been studiedwell [37,38,39] (these are easily extended to the currentframework and thus no longer considered here). Par-ticularly, the works in [40,41] investigated the adaptiveleader-following consensus control of system (1). In this
Fig. 1. Secure DOC architecture of the j th subsystem of CPSaffected by cyber attacks. paper, the problem of DOC further minimizes a giventeam performance function on the basis of consensus. Remark 2.
In general, the fault detector D is designedfor given failure types and cannot guarantee the de-tectability for arbitrary malicious behaviors in theory.Due to adversary’s strategic design, here we can assumethat the attack signal a ( j ) ( t ) in system (1) denotes a strategic attack model which can potentially bypass thefault detector D to destroy the system convergence basedon the knowledge of system and detector D (see stealthyattack design methods against various fault detectors,e.g., [32,33,34,35] and references therein).The overall DOC architecture of the considered CPSis illustrated in Fig. 1. Similar CPS architectures canalso be found in [31,26]. The cyber part C ( j ) consists ofa decision-making multi-agent network. Each decision-making agent, denoted by D ( j ) , is responsible for send-ing the control command ℑ ( j ) to Σ ( j ) . The agent D ( j ) contains an optimization module and a monitoring mod-ule, denoted by O ( j ) and M ( j ) , respectively. The mod-ule O ( j ) is used to optimize its local objective function,while exchanging its information with its neighbors un-der a network topology G . Since the adversarial attackerscan perform the attack a ( j ) ( t ) to corrupt the communi-cation y ( j ) ( t ) from physical stratum to cyber stratum,a cyber attack in the subsystem ( P ( j ) , C ( j ) ) can also bepropagated to neighbors via the information exchangebetween the agent D ( j ) and its neighboring agents. Thiscomplicates the identification of attacked subsystems.To address it, each module M ( j ) is used to detect andisolate the cyber attack a ( j ) . In the physical part P ( j ) ,the control module K ( j ) consisting of an inner-loop stabi-lizing module K ( I,j ) and an outer-loop tracking module K ( O,j ) drives the physical dynamics in accordance withthe control command ℑ ( j ) coming from the decision-making agent D ( j ) . Fig. 1 illustrates that sufficient in-teraction between cyber and physical parts in the CPSarchitecture.3 bjective of this paper: Design the decision-makingagent D ( j ) (including the optimization module O ( j ) andthe monitoring module M ( j ) ) and the control agent K ( j ) ,such that1) Optimality:
Under the healthy (attack-free) condi-tion, all the physical subsystems cooperatively reach theoptimal output that minimizes the following team per-formance function:min N X j =1 g ( j ) ( s ) , s ∈ R m (2)where g ( j ) : R m → R is a local performance functionprivately known to the agent D ( j ) ; and all the closed-loopsignals of the physical system are uniformly ultimatelybounded (UUB).2) Security:
Detect and isolate multiple cyber attacksoccurring at the network communication between physi-cal stratum and cyber superstratum, and guarantee thatthe attacked subsystem P ( j ) , j ∈ N a converges to agiven secure state y ( j ) s , while the healthy subsystemsachieve the output consensus at the optimal solution ofmin X j ∈ N h g ( j ) ( s ) , s ∈ R m (3)where N h represents the index set of the healthy subsys-tems, i.e., N h = { j ∈ { , · · · , N } : a ( j ) ( t ) = 0 , ∀ t ≥ } ,and N a = { , · · · , N }\ N h .Here we consider the scenario that the communicationfrom physical stratum to cyber superstratum can be at-tacked, while the communication from the cyber super-stratum to the physical stratum is secure [35]. For ex-ample, for the GPS spoofing attacks on multiple Un-manned Aerial Vehicles (UAVs) [45], the GPS attackerin fact can tamper with the location information trans-mitted from the UAV to the ground station, but cannottamper with the control command from the ground sta-tion to the UAV or other communications among theground stations. Indeed, in many practical situations,the adversarial attackers may also tamper with the con-trol command ℑ ( j ) transmitted from cyber superstratumto physical stratum or communication among decision-making agents in the cyber superstratum; however, thedesign of the attack diagnosis and attack-tolerant strat-egy is beyond the scope of this paper. Assumption 1.
The function g ( j ) is differentiable andconvex for all j = 1 , · · · , N . Assumption 2.
The graph G of the network is undi-rected and connected. Remark 3.
Assumptions 1 and 2 are common in theDO or DOC literature [8,12,13,14,15,16,17,21]. In fact, many practical optimization problems can be formalizedby the current convex DOC problem or approximatedby it using convex relaxation, such as the motion co-ordination [14], target aggregation [12], search of radiosources [12], optimal power flow [10], and so on. TheDOC problems for pure-integrator dynamics [13,14,15],Euler-Lagrangian systems [12] and linear time-invariantsystems [16,17] have been studied well. This paper fur-ther considers more complex nonlinear case (system (1)).Note that a simple combination of traditional DO al-gorithms [4,5,6,7,8] and adaptive backstepping controls[36,37,38,39] will cause the mismatch between (cyber)optimization dynamics and physical dynamics and re-sultantly cannot guarantee the overall convergence.Let y ( j ) r denote the estimate of agent D ( j ) about the valueof the solution to (3) and denote y r = vec( y r , · · · , y Nr )and L = L ⊗ I m . Then problem (3) is equivalent tomin g ( y r ) = N X j =1 g ( j ) ( y ( j ) r ) , subject to Ly r = 0 (4)Since g ( y r ) is convex and the constraint in (4) is linear,the constrained optimization problem is feasible. Thefollowing lemma gives the analysis on the optimal solu-tion of (4). Lemma 1 [8].
Under Assumptions 1 and 2, define by G ( y, v ) = g ( y ) + y T Lv + 12 y T Ly.
Then G is differentiable and convex in its first argumentand linear in its second, and:(i) if ( y ∗ , v ∗ ) is a saddle point of G , then y ∗ is a solutionof (4);(ii) if y ∗ is a solution of (4), then there exists v ∗ with Lv ∗ = −∇ g ( y ∗ ) such that ( y ∗ , v ∗ ) is a saddle point of G .In what follows, we present the resilient DOC scheme bythree steps. First, under the healthy conditions, we pro-vide a basic version of DOC protocol (Section 4); Second,under the adversarial conditions, an ADI methodologyis proposed to identify the attacked subsystems (Section5); Third, the final secure DOC scheme is derived by for-mulating appropriate ADI-based attack countermeasurestrategy for the basic version (Section 6). Remark 4.
In the cyber superstratum, all the decision-making agents D ( j ) themselves are assumed to behealthy in the sense that they will follow any algorithmthat we prescribe. However, due to the occurrence ofcyber attack a ( j ) , the agent D ( j ) and its neighbors willreceive false measurements y ( j ) and thus be inducedas “malicious” agents in network topology. Moreover,4hese agents also send false data to other healthy agentsand cause cascading failures [19]. These tamped mea-surements allow the corrupted agents to update theirstates to arbitrary values such that the correspondingphysical subsystems follow false decision commands. Inthis paper, a resilient DOC algorithm will be developed,where the corresponding secure countermeasure basedon an ADI method can effectively avoid the occurrencesof “malicious agents” and cascading failures. This section deals with the designs of the optimizationmodule O ( j ) and control agent K ( j ) that form a basicDOC scheme under healthy conditions, i.e., a ( j ) ( t ) = 0for any t ≥ j ∈ { , · · · , N } . In the sequel, we dropthe time argument of the signals for notational brevity. The model of the optimization module O ( j ) is designedas the following algorithm O ( j ) : ˙ y ( j ) r = − ∇ g ( j ) ( y ( j ) r ) − ˜ v N j − (1 + η ) X i ∈ N j w ji ( y ( j ) − y ( i ) )˙ v ( j ) = X i ∈ N j w ji ( y ( j ) − y ( i ) ) ℑ ( j ) =( y ( j ) r , ∇ g ( j ) ( y ( j ) r ) , ˜ v N j ) (5)where ˜ v N j = P i ∈ N j w ji ( v ( j ) − v ( i ) ) ∈ R m , and y ( j ) r ∈ R m and v ( j ) ∈ R m represent the agent state vectors; ∇ g ( j ) is the gradient of g ( j ) and η > ℑ ( j ) ∈ R m × R m × R m is the output thatserves as a control command transmitted to the phys-ical subsystem P ( j ) .Next, we present the design of control agent K ( j ) whichconsists of inner-loop module K ( I,j ) and outer-loop mod-ule K ( O,j ) following the control command ℑ ( j ) . First, wedefine the following changes of coordinates z ( j )1 = x ( j )1 − y ( j ) r , z i = x ( j ) i − α ( j ) i − , i = 2 , · · · , n (6)where α ( j ) i = α ( j ) i,I + α ( j ) i,O is the virtual control functiondetermined at the i th step and spitted into two parts:inner-loop control α ( j ) i,I and outer-loop control α ( j ) i,O . Sim-ilarly, u ( j ) = u ( j ) I + u ( j ) O is the control input consisting ofinner-loop control u ( j ) I and outer-loop control u ( j ) O . Theycan be respectively expressed as follows: • Inner-loop control K ( I,j ) ( x ( j ) , ℑ ( j ) ) α ( j )1 ,I = − c ( j )1 z ( j )1 − ˆ ρ ( j ) z ( j )1 − ω ( j )1 ˆ λ ( j ) + ˆ π ( j ) − S z ( j )1 δ ( j ) ! α ( j ) i,I = − z ( j ) i − c ( j ) i z ( j ) i − ω ( j ) i ˆ λ ( j ) + Λ ( j ) i (7) u ( j ) I = β − j h − z ( j ) n − c ( j ) n z ( j ) n − ω ( j ) n ˆ λ ( j ) + Λ ( j ) n i (8)The corresponding update laws are given as˙ˆ λ ( j ) = Γ ( j ) τ ( j ) n (9)˙ ρ ( j ) = γ ( j )0 k z ( j )1 k (10)˙ π ( j ) = γ ( j )1 z ( j )1 (11)where τ ( j )1 = ω ( j )1 z ( j )1 , τ ( j ) i = τ ( j ) i − + ω ( j ) i z ( j ) i ω ( j ) i = ψ ( j ) i − i − X k =1 ∂α ( j ) i − ,I ∂x ( j ) k ψ ( j ) k Λ ( j ) i = i − X k =1 ∂α ( j ) i − ,I ∂x ( j ) k x ( j ) k +1 + ∂α ( j ) i − ,I ∂ ˆ λ ( j ) Γ ( j ) τ ( j ) i + i − X k =2 ∂α ( j ) k − ,I ∂ ˆ λ ( j ) Γ ( j ) w ( j ) i z ( j ) k + ∂α ( j ) i − ,I ∂ ˆ π ( j ) ˙ˆ π ( j ) S z ( j )1 δ ( j ) ! = 12 ln z ( j )1 δ ( j ) ! −
12 ln − z ( j )1 δ ( j ) ! with δ ( j ) ( t ) being an exponentially decaying functionwith lower bound k ( j ) b such that | z ( j )1 ,s (0) | < δ ( j ) (0), and z ( j )1 ,s denotes the s th ( s = 1 , · · · , m ) element of z ( j )1 ; ψ ( j )1 = diag { ϕ ( j )1 ( x ( j )1 ) , } , ψ ( j ) i = diag { ϕ ( j ) i (¯ x ( j ) i ) , z ( j ) i } for i = 2 , · · · , N ; and ˆ λ ( j ) , ˆ ρ ( j ) and ˆ π ( j ) are the estimatesof λ ( j ) =: [ θ Tj , µ ] T with µ =: ((1 + η ) k L k + k L k )Π / ρ ( j ) := (2 n − η ) k L k and π ( j ) =: P i ∈ N j ( v ( j ) ∗ − v ( i ) ∗ ),respectively, where Π is defined in the appendix; Γ ( j ) is a positive definite matrix and γ ( j )0 , γ ( j )1 and c ( j ) i for i = 1 , · · · , n are positive constants, all chosen by users.Here the nonlinear function S ( · ) is introduced to con-strain the bound of tracking error z ( j )1 , motivated by theprescribed performance technique [39], which will playan important role in enhancing the sensitivity and ro-bustness of the ADI scheme (refer to Remark 7).5 Outer-loop control K ( O,j ) ( ℑ ( j ) ) α ( j )1 ,O = − ∇ g ( j ) ( y ( j ) r ) − v N j (12) α ( j ) i,O = − ∂α ( j ) i − ,O ∂y ( j ) r h ∇ g ( j ) ( y ( j ) r ) + ˜ v N j i (13) u ( j ) O = − β − j ∂α ( j ) n − ,O ∂y ( j ) r h ∇ g ( j ) ( y ( j ) r ) + ˜ v N j i (14)It can be seen that, the DOC structure consists of two-layer dynamics: the optimization dynamics O ( j ) and thephysical dynamics (Σ ( j ) , K ( j ) ) which interact with eachother over the communication signals y ( j ) and ℑ ( j ) (seeFig. 1). Such an architecture also illustrates the CPS’sfeature that the cyber and physical worlds are inte-grated. In the inner-loop K ( I,j ) , a traditional adaptivebackstepping controller [36] (i.e., let k L k = 0) with slightmodifications is applied to stabilize the nonlinear strict-feedback system; In the outer-loop K ( O,j ) , a trackingcontroller is constructed in order to guarantee that thesystem output can well track the control command y ( j ) r coming from the cyber superstratum. It can be seen thatthe control laws of the physical systems do not changewith the change of the control commands. Summarizingthe above procedure (5)-(14), we derive Algorithm 1 forthe DOC of the overall CPS under healthy environment. In the section, we discuss the convergence of the pro-posed DOC algorithm. The main result is stated in thefollowing theorem whose proof is placed in Appendix I.
Theorem 1.
Under Assumptions 1 and 2, the closed-loop CPS ( P ( j ) , C ( j ) ) with ( K ( j ) , O ( j ) ), j = 1 , · · · , N achieves output consensus at an optimal solution y ⋆ ofproblem (2), i.e., lim t →∞ y ( j ) ( t ) = y ⋆ and all the closed-loop signals are UUB in the absence of cyber attacks if η > n − Remark 5.
Differing from the previous works [12,13,14,15,16,17]where the integrated closed-loop control laws are de-signed, this paper presents a new two-layer control struc-ture based on the traditional DO algorithms [4,5,6,7,8]and adaptive backstepping controls [36,37,38,39]. Notethat the main challenge focuses on how to eliminate thedynamics mismatch between two layers and generateprovable optimal consensus. From the proof of Theorem1 (see (50), (55) and (60)), the dynamics compensationbetween cyber dynamics O ( j ) and physical dynamics(Σ ( j ) , K ( j ) ) guarantees the convergence of the overallCPS, where the adaptive mechanism (9)–(11) plays akey role. Algorithm 1:
DOC under healthy environment
DO algorithm (Module O ( y ) ): ˙ y r = − ∇ g ( y r ) − Lv − (1 + η ) Ly ˙ v = Ly ℑ =( y r , ∇ g ( y r ) , ˜ v ) (15)where ∇ g ( y r ) = vec( ∇ g (1) ( y (1) r ) , · · · , ∇ g ( N ) ( y ( N ) r )) and ˜ v =vec(˜ v N , · · · , ˜ v N N ). Adaptive tracking control (Module K ( x, ℑ ) ): Inner-loop control K I ( x, ℑ ): α ,I = − C z − ˆ ρz − ω ˆ λ + ˆ π − S (cid:16) z δ (cid:17) (16) α i,I = − z i − C i z i − ω i ˆ λ + i − X k =1 ∂α i − ∂x k x k +1 + ∂α i − ∂ ˆ λ Γ τ i + n − X k =2 ∂α k − ∂ ˆ λ Γ w i z k + ∂α i − ∂ ˆ π ˙ˆ π (17) u I = B − " − z n − C n z n − ω n ˆ λ + n − X k =1 ∂α n − ∂x k x k +1 + ∂α n − ∂ ˆ λ Γ τ n + n − X k =2 ∂α k − ∂ ˆ λ Γ w i z k + ∂α n − ∂ ˆ π ˙ˆ π (18)where C i = diag { c (1) i , · · · , c ( N ) i } , ˆ ρ = diag { ˆ ρ (1) , · · · , ˆ ρ ( N ) } ,Γ = diag { Γ (1) , · · · , Γ ( N ) } , B = diag { β , · · · , β N } , S ( z /δ ) =[ S ( z (1)1 /δ (1) ) , · · · , S ( z ( N )1 /δ ( N ) )], ψ i = diag { ψ (1) i , · · · , ψ ( N ) i } , ω i = diag { ω (1) i , · · · , ω ( N ) i } and τ = ω z τ i = τ i − + ω i z i ω i = ψ i − i − X k =1 ∂α i − ∂x k ψ k Outer-loop control K O ( ℑ ): α ,O = − ∇ g ( y r ) − Lv (19) α i,O = − ∂α i − ,O ∂y r [ ∇ g ( y r ) + Lv ] (20) u O = − B − ∂α n − ,O ∂y r [ ∇ g ( y r ) + Lv ] (21)where i = 2 , · · · , n − = diag { γ (1)0 , · · · , γ ( N )0 } . Update laws: ˙ λ = Γ τ n (22)˙ ρ = Γ z ◦ z (23)˙ π = Γ z (24)where Γ = diag { γ (1)0 , · · · , γ ( N )0 } and Γ = diag { γ (1)1 , · · · ,γ ( N )1 } . Distributed ADI
This section deals with the design of the monitoringmodule M ( j ) , j ∈ { , · · · , N } . The ADI structure fol-lows the standard one of fault detection and isolation(FDI), formulated by the ARRs of residuals and detec-tion thresholds, e.g., [26,25]. However, in this section wewill focus on achieving the detection and isolation for arbitrary malicious behaviors by constructing new resid-uals and thresholds. Also, due to the coupling effects ofmultiple propagated attacks on the physical dynamicsand optimization dynamics, the design of attack diag-nosis becomes more challenging.Before giving the main result of this section, we makethe following assumption. Assumption 3.
The unknown parameter vector Z :=vec( y ∗ , v ∗ , θ, k L k ) lies in a known bounded convex setΥ Z = { Z ∈ R N (2 m + p )+1 : σ ( Z ) ≤ } where σ ( Z ) is a convex function.Assumption 3 is common in the existing results forfault diagnosis [25,26,37], and this is also necessary todetect the attack in transient response phase. It im-plies that the upper bounds of y ∗ , v ∗ , θ and k L k , say, y M , v M , θ M , L M , can be obtained, respectively. Notingthat V (0) depends on the unknown vector Z , then wedefine function Ω( Z ) := V (0) and ¯Ω := sup Z ∈ Υ Z Ω( Z ),where V is the Lyapunov function defined in proof ofTheorem 1. The ADI methodology consists of detection filter, adap-tive threshold and decision logic. Next, we will give de-tailed design procedures.
Now, we design a distributed filter to generate residualsfor detecting attacks. According to the dynamics struc-ture (5) of O ( j ) , the monitoring module M ( j ) is designedas M ( j ) : ˙ˆ y ( j ) r = − ∇ g ( j ) (ˆ y ( j ) r ) − ˜ v N j − (1 + η ) X i ∈ N j w ji (ˆ y ( j ) r − y ( i ) )˙ˆ v ( j ) = X i ∈ N j w ji [(ˆ y ( j ) r − y ( i ) ) − ( v ( j ) − ˆ v ( j ) )](25) where ˆ y ( j ) r ∈ R m and ˆ v ( j ) ∈ R m are the estimates of y ( j ) r and v ( j ) (even y ( j ) r and v ( j ) are available for M ( j ) ), re-spectively, based on the local communication signals y ( i ) and v ( i ) , i ∈ { j } ∪ N j . Further, we define two residuals e ( j ) r = y ( j ) r − ˆ y ( j ) r (26) e ( j ) v = v ( j ) − ˆ v ( j ) (27)Taking (5) and (25) into account, the error dynamics canbe expressed as˙ e ( j ) r = − [ ∇ g ( j ) ( y ( j ) r ) − ∇ g ( j ) (ˆ y ( j ) r )] − η ( j ) ( e ( j ) r + z ( j )1 ) − η ( j ) a ( j ) (28)˙ e ( j ) v = − w N j ( e ( j ) v − e ( j ) r − z ( j )1 ) + w N j a ( j ) (29)where w N j = P i ∈ N j w ji and η ( j ) = (1 + η ) w N j .It is noted that the error dynamics (28)–(29) has a de-centralized form where only own information is used ineach error dynamics. The feature means that the cou-pling effects of the propagated attacks a ( i ) , i ∈ N j onthe residuals e ( j ) r and e ( j ) v caused by the optimizationdynamics have been removed such that the locally oc-curring attack a ( j ) can be isolated. Later, we will furtheraddress the coupling effects of the propagated attackson the residuals caused by the physical dynamics z ( j )1 .Moreover, to enhance the attack detectability and re-move the existence of stealthy attacks, double couplingresiduals have been used here.If the sensor transmitted information y ( j ) is not affectedby local attack a ( j ) , the error dynamics under healthyconditions, denoted by ( e ( j ) r,H , e ( j ) v,H ), can be expressed by˙ e ( j ) r,H = − [ ∇ g ( j ) ( y ( j ) r ) − ∇ g ( j ) (ˆ y ( j ) r )] − η ( j ) ( e ( j ) r,H + z ( j )1 ) (30)˙ e ( j ) v,H = − w N j ( e ( j ) v,H − e ( j ) r,H − z ( j )1 ) (31)The stability of the estimation error dynamics underhealthy conditions is analyzed in the following lemmawhose proof is placed in Appendix II. Lemma 2.
The residuals under the healthy conditions e ( j ) r,H ( t ) and e ( j ) v,H ( t ) satisfy k e ( j ) r,H ( t ) k ≤ e − η ( j ) t e ( j ) r,H (0) + Ψ( η ( j ) , z ( j )1 ( t ) , , t ) (32) k e ( j ) v,H ( t ) k ≤ e − w N j t e ( j ) v,H (0)+ Ψ( w N j , e ( j ) r,H ( t ) + z ( j )1 ( t ) , , t ) (33)where Ψ( a, h ( t ) , t , t ) := a R tτ = t e a ( τ − t ) k h ( τ ) k dτ .7 .1.2 Construction of adaptive thresholds The j th detection thresholds, denoted by ¯ e ( j ) r,H ( t ) and¯ e ( j ) v,H ( t ), are designed based on the bounds of residuals e ( j ) r ( t ) and e ( j ) v ( t ) under the healthy conditions, respec-tively. It is noted that the right-hand sides of (32) and(33) cannot be directly used as the thresholds because z ( j )1 = x ( j )1 − y ( j ) r ( = ˜ z ( j )1 ) is unavailable for the mod-ules O ( j ) and M ( j ) due to the existence of cyber attack a ( j ) . To derive an available and reasonable threshold, aheuristic idea is to give a robust design w.r.t. the un-known “disturbance-like” term z ( j )1 which, intrinsically,reflects the effects of physical dynamics on the residuals.Hence, we bound the j th tracking error z ( j )1 under thehealthy conditions in the following lemma whose proofis placed in Appendix III. Lemma 3.
Under Assumption 3, the servo tracking er-ror z ( j )1 under healthy conditions (i.e., a ( j ) = 0) satis-fies k z ( j )1 ( t ) k / (2 c ( j )1 ) + R tτ =0 k z ( j )1 ( τ ) k dτ ≤ ¯Ω /c ( j )1 and k z ( j )1 ( t ) k < √ mδ ( j ) ( t ). Remark 6.
An intuitive method for the ADI design mayassess the change of error signal ˜ z ( j )1 := y ( j ) − y ( j ) r basedon Lemma 3, because ˜ z ( j )1 = z ( j )1 under the healthy con-ditions and ˜ z ( j )1 = z ( j )1 + a ( j ) under cyber attacks. How-ever, we emphasize that the error ˜ z ( j )1 cannot be directlyused as the residual to detect and isolate the cyber at-tacks because y ( j ) r may be simultaneously affected bymultiple propagated attacks a ( i ) , i ∈ N j and the locallyoccurring attack a ( j ) . The adversarial attacker may co-operatively design the stealthy attacks to degrade thesystem performance while avoiding detection [32,33,34].Next, we design the detection threshold based on thebound of z ( j )1 ( t ) under the healthy condition. To bespecific, from Lemma 3, one has z ( j )1 ( t ) ∈ ∆ δ ( j ) z where∆ δ ( j ) z := { z ( t ) ∈ C nm : c ( j )1 k z ( t ) k + R tτ =0 k z ( τ ) k dτ ≤ ¯Ω c ( j )1 , k z ( t ) k ≤ √ mδ ( j ) ( t ) } . Substituting the relation into(32) and (33) yields that k e ( j ) r,H ( t ) k ≤ e − η ( j ) t e ( j ) r,H (0)+ sup z ( j )1 ( t ) ∈ ∆ δ ( j ) z Ψ( η ( j ) , z ( j )1 ( t ) , , t ) k e ( j ) v,H ( t ) k ≤ e − w N j t e ( j ) v,H (0)+ sup z ( j )1 ( t ) ∈ ∆ δ ( j ) z Ψ( w N j , e ( j ) r,H ( t ) + z ( j )1 ( t ) , , t ) Thus, we define the two adaptive thresholds¯ e ( j ) r,H ( t ) = e − η ( j ) t e ( j ) r,H (0) + ¯Ψ ( j )∆ δ ( j ) z ( η ( j ) , , t )¯ e ( j ) v,H ( t ) = e − w N j t e ( j ) v,H (0) + ¯Ψ ( j )∆ δ ( j ) ez ( w N j , , t )where ∆ δ ( j ) ez := { e + z : k e k ≤ ¯ e ( j ) r,H , z ∈ ∆ δ ( j ) z } and¯Ψ ( j )∆ δ ( j ) ( a, t , t ) := sup h ( t ) ∈ ∆ δ ( j ) a R tτ = t e a ( τ − t ) k h ( τ ) k dτ . Remark 7.
From (28) and (29), multiple propagatedattacks have coupling effects on residuals e ( j ) r and e ( j ) v over the physical dynamics. To address it, in the inner-loop control module K ( I,j ) the modified prescribed per-formance technique is used to restrict the bound of track-ing error z ( j )1 (introduce the nonlinear function S into α ( j )1 ,I ). As a result, the detection thresholds, or furtherthe proposed ADI method, are robust against the mul-tiple propagated attacks. Especially, the prescribed per-formance bound constraint k z ( j )1 ( t ) k < √ mδ ( j ) ( t ) is in-corporated and contributes to smaller thresholds (fromthe definition of ¯Ψ ( j )∆ δ ( j ) z ( a, t , t )) and restrain the cou-pling effects of propagated attacks a ( i ) , i ∈ N j on e ( j ) r and e ( j ) v such that the sensitivity and isolability to thecyber attacks are improved. The ADI decision logic implemented in each module M ( j ) is based on the ARR, denoted by ℧ ( j ) ( t ), which isdefined as ℧ ( j ) ( t ) = ℧ ( j,r ) ( t ) ∪ ℧ ( j,v ) ( t ) (34)where ℧ ( j,r ) ( t ) : k e ( j ) r,H ( t ) k ≤ ¯ e ( j ) r,H ( t ) ℧ ( j,v ) ( t ) : k e ( j ) v,H ( t ) k ≤ ¯ e ( j ) v,H ( t ) . If ℧ ( j ) ( t ) is violated, M ( j ) will generate an alarm.The decentralized ADI decision logic is formulated byconsidering the sensitivity w.r.t local cyber attacks a ( j ) and the isolability w.r.t propagated cyber attacks a ( i ) , i ∈ N j , which are summarized in the following theorem. Theorem 2.
Consider the ARR ℧ ( j ) ( t ) defined in (34).The following statements are satisfied: a) Attack sensitivity: If there is a time instant T ( j ) d when ℧ ( j ) ( T ( j ) d ) is not satisfied, then the occurrenceof the local cyber attack a ( j ) is guaranteed. b) Attack isolability: If the transmitted sensor infor-mation y ( j ) is not affected by cyber attack a ( j ) , thenthe ARR ℧ ( j ) ( t ) is always satisfied even in the pres-ence of the propagated cyber attacks a ( i ) , i ∈ N j .8 roof. a) For sake of contradiction, we suppose that nocommunication attack a ( j ) has occurred, then ℧ ( j ) ( t ) isalways satisfied according to Lemma 2.b) Under the condition that a ( j ) = 0, even though thepropagated cyber attack a ( i ) may exist, i ∈ N j , the es-timation error dynamics (28)-(29) reduces to (30)-(31),respectively. Then (32) and (33) are valid and, conse-quently, ℧ ( j ) ( t ) is always satisfied. (cid:4) Compared with the existing FDI results [24,25,26], wehave introduced the following techniques to improve thedetectability and isolability for attacks: • Double coupling residuals are adopted, which will playa key role in removing stealthy attacks (see Lemma 6). • The modified prescribed performance technique is ap-plied to enhance the sensitivity and isolability to thecyber attacks (See Remark 7).
In this section, we will evaluate the attack detectabilityof the proposed ADI methodology. We first give someproperties of functions ¯Ψ ( j )∆ ( j ) z ( a, t , t ) and ¯Ψ ( j )∆ ( j ) ez ( a, t , t )in the adaptive thresholds, which are important for ana-lyzing the detectability performance of the ADI method-ology. Lemma 4.
Let δ ( j ) ( t ) = ( k ( j )0 e − c ( j ) t + k ( j ) b ) / √ m , where k ( j )0 , k ( j ) b and c ( j ) ( = a ) are positive design parameterssuch that | z ( j )1 ,s (0) | < δ ( j ) (0) , s = 1 , · · · , m . Then(a) ¯Ψ ( j )∆ δ ( j ) z ( a, , t ) ≤ k ( j ) b (1 − e − at )+ ak ( j )0 a − c ( j ) ( e − c ( j ) t − e − at );(b) ¯Ψ ( j )∆ δ ( j ) ez ( a, , t ) ≤ k ( j ) b (1 − e − at )+ (2 a − c ( j ) ) ak ( j )0 ( a − c ( j ) ) ( e − c ( j ) t − e − at ) + a (cid:20) k ( j ) b + ak ( j )0 a − c ( j ) + e ( j ) r,H (0) (cid:21) te − at ;(c) R ∞ t =0 ¯Ψ ( j )2∆ δ ( j ) z ( a, , t ) dt ≤ ¯Ω /c ( j )1 , R ∞ t =0 ¯Ψ ( j )2∆ δ ( j ) ez ( a, , t ) dt ≤ /c ( j )1 . Proof. (a) Note that Ψ ( j ) ( a, h ( t ) , , t ) increases as k h ( t ) k increases. Based on the constraint k h ( t ) k ≤ k ( j )0 e − c ( j ) t + k ( j ) b , we have¯Ψ ( j )∆ δ ( j ) z ( a, , t ) ≤ a Z tτ =0 e a ( τ − t ) ( k ( j )0 e − c ( j ) t + k ( j ) b ) dτ By direct computation, the inequality in (a) holds. (b) Based on (a) and using similar analysis, the proofcan be completed.(c) Let h ∗ ( t ) := arg sup h ( t ) ∈ ∆ δ ( j ) z a R tτ =0 e a ( τ − t ) k h ( τ ) k dτ ,i.e., ¯Ψ ( j )∆ δ ( j ) z ( a, t , t ) = a R tτ =0 e a ( τ − t ) k h ∗ ( τ ) k dτ . Since∆ δ ( j ) z is a compact set, h ∗ ( t ) satisfies R ∞ τ =0 k h ∗ ( τ ) k dτ ≤ ¯Ω /c ( j )1 .To show (c), we construct the auxiliary dynamics˙ χ ( t ) = − aχ ( t ) + a k h ∗ ( t ) k , χ (0) = 0 (35)By integrating the dynamics we can find χ ( t ) =¯Ψ ( j )∆ δ ( j ) z ( a, t , t ). On the other hand, considering the Lya-punov function V = χ /
2, its derivative along with (35)satisfies ˙ V = χ ( − aχ + a k h ∗ k ) ≤ − aV + a k h ∗ k , integrating two sides of which yields R ∞ t =0 χ ( t ) dt ≤ ¯Ω /c ( j )1 . Using similar procedure to ¯Ψ ( j )∆ δ ( j ) ez ( a, , t ), it iseasily obtained that R ∞ t =0 ¯Ψ ( j )2∆ δ ( j ) ez ( a, , t ) dt ≤ /c ( j )1 . (cid:4) From Lemma 4-(c), one has lim t →∞ ¯Ψ ( j )∆ δ ( j ) z ( a, , t ) =0 and lim t →∞ ¯Ψ ( j )∆ δ ( j ) ez ( a, , t ) = 0 following Barbalat’sLemma. It means that only if ℧ ( j ) ( t ) is satisfied, thebound functions ¯ e ( j ) r,H ( t ) and ¯ e ( j ) v,H ( t ) will converge tozero, which in turn implies that e ( j ) r ( t ) and e ( j ) v ( t ) con-verge to zero. Lemma 4-(a) and -(b) give prescribedperformance bounds of ¯Ψ ( j )∆ δ ( j ) z and ¯Ψ ( j )∆ δ ( j ) ez . By replac-ing ¯Ψ ( j )∆ δ ( j ) z and ¯Ψ ( j )∆ δ ( j ) ez with the prescribed performancebounds, we can obtain low-complexity thresholds. How-ever, such relaxations will weaken the detectability andextend the detection time. Also, two modified thresh-olds converge to k ( j ) b and 2 k ( j ) b instead of zero, whichmay generate the stealthy attacks. Nevertheless, we canchoose k ( j ) b to be sufficiently small such that the effectsof the stealthy attacks resulted from the relaxation aresufficiently small.To examine the sensitivity of attacks that can be de-tectable by the proposed attack detection scheme, thefollowing attack detectability is analyzed. Lemma 5 (Detectable attacks).
The cyber attack a ( j ) occurring at the CPS ( P ( j ) , C ( j ) ) is detected us-ing the ARR ℧ ( j ) , if there exists some time instant T ( j ) d > T ( j ) a ( T ( j ) a is the first time instant of attack a ( j ) η ( j ) (cid:13)(cid:13)(cid:13)(cid:13)(cid:13)Z T ( j ) d t = T ( j ) a e η ( j ) ( t − T ( j ) d ) a ( j ) ( t ) dt (cid:13)(cid:13)(cid:13)(cid:13)(cid:13) > e η ( j ) ( T ( j ) a − T ( j ) d ) k e ( j ) r ( T ( j ) a ) k + ¯Ψ ( j )∆ δ ( j ) z ( η ( j ) , T ( j ) a , T ( j ) d )+ η ( j ) Z T ( j ) d t = T ( j ) a e η ( j ) ( t − T ( j ) d ) (cid:13)(cid:13)(cid:13) ∇ g ( j ) ( y ( j ) r ( t )) −∇ g ( j ) (ˆ y ( j ) r ( t )) + η ( j ) z ( j )1 ( t ) (cid:13)(cid:13)(cid:13) dt (36)or w N j (cid:13)(cid:13)(cid:13)(cid:13)(cid:13)Z T ( j ) d t = T ( j ) a e w N j ( t − T ( j ) d ) a ( j ) ( t ) dt (cid:13)(cid:13)(cid:13)(cid:13)(cid:13) > e w N j ( T ( j ) a − T ( j ) d ) k e ( j ) v ( T ( j ) a ) k + ¯Ψ ( j )∆ δ ( j ) ez ( w N j , T ( j ) a , T ( j ) d )+ w N j Z T ( j ) d t = T ( j ) a e w N j ( t − T ( j ) d ) (cid:13)(cid:13)(cid:13) e ( j ) r ( t ) + z ( j )1 ( t ) (cid:13)(cid:13)(cid:13) dt (37)then the attack a ( j ) ( t ) is detected at the time t = T ( j ) d . Proof.
After the first occurrence of the attack a ( j ) , i.e., t > T ( j ) a , the time derivative of e ( j ) r ( t ) becomes˙ e ( j ) r = − [ ∇ g ( j ) ( y ( j ) r ) − ∇ g ( j ) (ˆ y ( j ) r )] − η ( j ) ( e ( j ) r + z ( j )1 ) + η ( j ) a ( j ) Integrating both sides and applying the triangular in-equality yield k e ( j ) r ( T ( j ) d ) k ≥ η ( j ) (cid:13)(cid:13)(cid:13)(cid:13)(cid:13)Z T ( j ) d t = T f e η ( j ) ( t − T ( j ) d ) a ( j ) ( t ) dt (cid:13)(cid:13)(cid:13)(cid:13)(cid:13) − e η ( j ) ( T ( j ) a − T ( j ) d ) k e ( j ) r ( T ( j ) a ) k− η ( j ) Z T ( j ) d t = T ( j ) a e η ( j ) ( t − T ( j ) d ) (cid:13)(cid:13)(cid:13) ∇ g ( j ) ( y ( j ) r ( t )) −∇ g ( j ) (ˆ y ( j ) r ( t )) + η ( j ) z ( j )1 ( t ) (cid:13)(cid:13)(cid:13) dt, substituting (36) into which yields k e ( j ) r ( T ( j ) d ) k >e η ( j ) ( T ( j ) a − T ( j ) d ) e ( j ) r ( T ( j ) a )+ ¯Ψ ( j )∆ δ ( j ) z ( η ( j ) , T ( j ) a , t ) . Following the similar analysis, (37) guarantees k e ( j ) v ( T ( j ) d ) k >e w N j ( T ( j ) a − T ( j ) d ) e ( j ) v ( T ( j ) a )+ ¯Ψ ( j )∆ δ ( j ) ez ( w N j , T ( j ) a , t ) . From the definition of ℧ ( j ) ( t ), the attack a ( j ) ( t ) satisfy-ing (36) or (37) provokes the violation of ARR ℧ ( j ) ( t )and resultantly a ( j ) ( t ) is detected when t = T ( j ) d . (cid:4) The inequalities (36)-(37) characterize the class of de-tectable cyber attacks under the worst-case detectabil-ity. The computation of detection time T ( j ) d may besomewhat conservative. However, differing from thefault, the attacker may strategically design the (worst-case) attack to extend the detection time as much aspossible. Thus, the real-time detection time may suf-ficiently approach to T ( j ) d but not exceed than it. Ingeneral, from (36)-(37), if the cyber attack on the timeinterval [ T ( j ) a , T ( j ) d ] is sufficiently large, then the attackcan be detected. However, a crafty attacker may inge-niously inject the attack signals which are not detectedby the proposed distributed ADI scheme, yet degradethe system performance. The following lemma 6 givesthe property of the undetectable attack. Lemma 6 (Undetectable attacks).
Suppose that thecyber attack a ( j ) ( t ) occurring at the subsystem ( P ( j ) , C ( j ) ) is undetectable by the ARR ℧ ( j ) . Then Z ∞ t = T ( j ) a (cid:18)Z tτ = T ( j ) a e w N j ( τ − t ) k a ( j ) ( τ ) k dτ (cid:19) dt ≤ M (38)where M = 4 k e ( j ) v ( T ( j ) a ) k /w N j + 16 ¯Ω / ( c ( j )1 w N j ). More-over, R ∞ t = T ( j ) a k a ( j ) ( t ) k dt < + ∞ . Proof.
If the attack a ( j ) ( t ) occurring at time T ( j ) a is notdetectable, from Lemma 5, then for any t ≥ T ( j ) a , w N j (cid:13)(cid:13)(cid:13)(cid:13)Z tτ = T ( j ) a e w N j ( τ − t ) a ( j ) ( τ ) dτ (cid:13)(cid:13)(cid:13)(cid:13) ≤ e w N j ( T ( j ) a − t ) k e ( j ) v ( T ( j ) a ) k + 2 ¯Ψ ( j )∆ δ ( j ) ez ( w N j , T ( j ) a , t )(39)Consider the right-hand side of (39). Taking square andintegral consecutively to each term yields4 k e ( j ) v ( T ( j ) a ) k Z ∞ t = T ( j ) a e w N j ( T ( j ) a − t ) dt ≤ k e ( j ) v ( T ( j ) a ) k w N j , Z ∞ t = T ( j ) a ¯Ψ ( j )2∆ δ ( j ) ez ( w N j , T ( j ) a , t ) dt ≤ c ( j )1 . where the second inequality follows from Lemma 4-(c).Then using the Cauchy-Buniakowsky-Schwarz inequal-10ty, one has4 Z ∞ t = T ( j ) a ( e w N j ( T ( j ) a − t ) k e ( j ) v ( T ( j ) a ) k + ¯Ψ ( j )∆ δ ( j ) ez ( w N j , T ( j ) a , t )) dt ≤ k e ( j ) v ( T ( j ) a ) k w N j + 16 c ( j )1 ¯Ω (40)Combining (39) and (40), Eq. (38) follows at once. Fur-ther, lim t →∞ R tτ = T ( j ) a e w N j ( τ − t ) a ( j ) ( τ ) dτ = 0.Next, to prove R ∞ t = T ( j ) a k a ( j ) ( t ) k dt < + ∞ , we considerthe error dynamics˙ e ( j ) v = − w N j ( e ( j ) v − e ( j ) r − z ( j )1 ) + w N j a ( j ) . Noting that ℧ ( j ) is always satisfied, then e ( j ) r , e ( j ) v , z ( j )1 ∈ L from Lemma 4-(c). Therefore, there exist a suffi-ciently big T ≥ T ( j ) a and a time interval Ξ v with ν (Ξ v ) =0 such that a ( j ) s ( t ) e ( j ) v,s ( t ) < , ∀ t ∈ [ T, ∞ ) \ Ξ v which means that there exists a function ¯ φ v ( t ) ≤ k a ( j ) ( t ) k < k e ( j ) v ( t ) k or a ( j ) ( t ) = ¯ φ v ( t )sgn( e ( j ) v ( t )) (41)for any t ∈ [ T, ∞ ) \ Ξ v , where a ( j ) s and e ( j ) v,s represent the s th element of a ( j ) and e ( j ) v . Applying similar procedureto ˙ e ( j ) r = − [ ∇ g ( j ) ( y ( j ) r ) − ∇ g ( j ) (ˆ y ( j ) r )] − η ( j ) ( e ( j ) r + z ( j )1 )+ η ( j ) a ( j ) , there exist ¯ φ r ( t ) ≤ r with ν (Ξ r ) = 0such that k a ( j ) ( t ) k < k e ( j ) r ( t ) k or a ( j ) ( t ) = ¯ φ r ( t )sgn( e ( j ) r ( t )) (42)for any t ∈ [ T, + ∞ ) \ Ξ r .Compared (41) with (42), and noting that the equalitysgn( e ( j ) v ( t )) = sgn( e ( j ) r ( t )) , ∀ t ∈ [ T, + ∞ ) \ (Ξ r ∪ Ξ v )does not hold, it yields that k a ( j ) ( t ) k < k e ( j ) r ( t ) k or k a ( j ) ( t ) k < k e ( j ) v ( t ) k for any t ∈ [ T, + ∞ ) \ (Ξ r ∪ Ξ v ),which guarantees R ∞ t = T ( j ) a k a ( j ) ( t ) k dt < + ∞ . (cid:4) Lemma 6 implies that any undetectable attack must be-long to L . From its proof, we can see the design of dou-ble coupling residuals plays a key role in removing theexistence of stealthy attacks a ( j ) ( t ) = ¯ φ r ( t )sgn( e ( j ) r ( t )) against ℧ ( j,r ) or a ( j ) ( t ) = ¯ φ v ( t )sgn( e ( j ) v ( t )) against ℧ ( j,v ) . Now, we give the main result of this section. Theorem 3.
Under Assumptions 1-3, the closed-loopCPS ( P ( j ) , C ( j ) ) with ( K ( j ) , D ( j ) ( O ( j ) , M ( j ) )) achievesoutput consensus at an optimal solution of problem (2)and all the closed-loop signals are UUB even in the pres-ence of the undetectable attacks if η > n − Proof.
From Lemma 6, one has R ∞ t = T ( j ) a k a ( j ) ( t ) k dt < + ∞ . Following Theorem 1, the proof can be complete. (cid:4) Theorem 3 implies that all the subsystems ( P ( j ) , C ( j ) ), j = 1 , · · · , N can achieve optimal consensus only if theARRs ℧ ( j ) are satisfied. In other words, any attacks can-not bypass the designed ADI methodology to destroythe system convergence. With these results on basic DOC and ADI in hand, wenow provide a secure countermeasure against the cyberattacks and give the final secure DOC algorithm. The security objective is to steer the physical part P ( j ) , j ∈ N A to a secure state y ( j ) s ∈ R m , i.e., lim t →∞ y ( j ) ( t ) = y ( j ) s , while guaranteeing ( P ( j ) , C ( j ) ), j ∈ N H to achievethe output consensus at the optimal solution ofmin X j ∈ N H g ( j ) ( s ) , s ∈ R m (43)where N A represents the set of subsystems ( P ( j ) , C ( j ) )which are affected by detectable attack a ( j ) subject to(36) or (37), and N H , { , · · · , N } \ N A represents theset of the subsystems which are healthy or affected byundetectable attacks satisfying (38). To guarantee theoutput consensus of subsystems P ( j ) , j ∈ N H , the fol-lowing assumption is necessary in accordance with As-sumption 2. Assumption 4.
The network topology induced byagents D ( j ) , j ∈ N H is connected.Assumption 4 captures the communication redundancyof graph G . Note that different notions of network robust-ness have been reported to guarantee the convergence ofresilient distributed algorithms, e.g., [20,21,22,23]. Foran undirected graph, Assumption 4 is in fact necessaryfor achieving the security objective (43).Before giving the secure countermeasure, we first definea notification signal ̥ ( j ) ( t ) such that “ ̥ ( j ) ( t ) = 1” rep-resents the j th subsystem ( P ( j ) , C ( j ) ) is attacked at time t , and “ ̥ ( j ) ( t ) = 0” otherwise. In order to prevent thetransmission data y ( j ) corrupted by the cyber attack a ( j ) ̥ ( j ) ( t ) = ( , if t ≥ T ( j ) d , otherwise (44)where T ( j ) d is the attack detection time for M ( j ) , definedas T ( j ) d = inf t ≥ n t : ℧ ( j ) ( t ) is volated o . If ℧ ( j ) ( t ) is always satisfied, then the detection time isdefined as T ( j ) d = + ∞ .According to the security objective, we modify the out-put of decision-making dynamics (5), i.e., the controlcommand ℑ ( j ) , under adversarial environment as ℑ ( j ) = ( ( y ( j ) r , ∇ g ( j ) ( y ( j ) r ) , ˜ v N j ) , if t < T ( j ) d ( y ( j ) s , , , otherwise (45)The final secure decision-making algorithm foragent D ( j ) based on the notification signal (44) and thecontrol command (45) is summarized as: • Receive ( y ( i ) , v ( i ) , ̥ ( i ) ) to its neighbors D ( i ) , i ∈ N j ; • Set y ( i ) = 0 and v ( i ) = 0 if ̥ ( i ) = 1; • Update state by computing Eq. (5); • Send control command ℑ ( j ) to control module K ( j ) Theorem 4.
Consider the closed-loop CPS ( P ( j ) , C ( j ) )with ( K ( j ) , D ( j ) ( O ( j ) , M ( j ) )) in the presence of cyber at-tacks a ( j ) , j ∈ { , · · · , N } . Under Assumptions 1-4, sub-systems ( P ( j ) , C ( j ) ), j ∈ N H achieve the output consen-sus at the optimal solution y ⋆ N H of (43), while the sys-tem output of physical part P ( j ) , j ∈ N A converges toa given state y ( j ) s , i.e., lim t →∞ y ( j ) ( t ) = y ⋆ N H for j ∈ N H and lim t →∞ y ( j ) ( t ) = y ( j ) s for j ∈ N A . Moreover, all theclosed-loop signals are UUB. Proof.
Consider the subsystem ( P ( j ) , C ( j ) ), j ∈ N A .From Lemma 5, ℧ ( j ) is not satisfied and the optimiza-tion module O ( j ) sends the control command ( y ( j ) s , , K ( O,j ) . Then from (12)-(14) theouter-loop control u ( j ) O = 0 and the inner-loop control u ( j ) I (traditional adaptive backstepping control [36]) canguarantee the closed-loop P ( j ) converges to y ( j ) s .Consider the subsystem ( P ( j ) , C ( j ) ), j ∈ N H . Given the Fig. 2. Model of Underwater Robotics Vehicle above secure decision-making, the dynamics (5) becomes ˙ y ( j ) r = − ∇ g ( j ) ( y ( j ) r ) − X i ∈ N j ∩ N H w ji ( v ( j ) − v ( i ) ) − (1 + η ) X i ∈ N j ∩ N H w ji ( y ( j ) − y ( i ) )˙ v ( j ) = X i ∈ N j ∩ N H w ji ( y ( j ) − y ( i ) )Following Theorem 1 and Theorem 3, the output of P ( j ) , j ∈ N H converges to the optimal solution of problem(43) as t → + ∞ , and all the signals are UUB. (cid:4) From (44) and (45), the security performance under thecyber attacks heavily relies on the detection time T ( j ) d .With the increase of ( T ( j ) d − T ( j ) a ), the attacker will havemore time to damage the system performance. As a practical application of the studied problem frame-work, we apply our algorithms to the problem of mo-tion coordination of multiple Remotely Operated Vehi-cles (ROVs). The motion coordination expects the for-mation of ROVs to rendezvous at a location which isoptimal for the formation [16,14]. The dynamic behav-ior of ROVs can be described in two coordinate frames,the body-fixed frame and the earth-fix frame as shownin Fig. 2. The dynamics equation of each ROV can beexpressed as [44]: ˙ η = J ( η ) ν M ˙ ν + C ( ν ) + D ( ν ) ν + g ( η ) = τ + ∆ f (46)where η = [ x, y, z, φ, θ, ψ ] T is the position and orienta-tion described in the earth-fixed frame ( | θ | < π/ | φ | < π/ ν = [ u, v, w, p, q, r ] T is the linear and angu-lar velocity in the body-fixed frame, M = M RB + M A and M is positive definite, C ( ν ) = C RB ( ν )+ C A ( ν ) sat-isfying C ( ν ) = − C T ( ν ), M RB is the rigid-body inertia12atrix, M A is the added inertia matrix; C RB ( ν ) is therigid-body Coriolis and centripetal matrix, C A ( ν ) is thehydrodynamic Coriolis and centripetal matrix in clud-ing added mass, D ( ν ) is hydrodynamic damping and liftmatrix, g ( η ) is a vector of gravitational forces and mo-ment, τ is the control force and torque vector, ∆ f is thebounded disturbance vector. Note that system (46) canbe transformed into the form of system (1) by choosingthe state variables [ x T , x T ] T = [ η T , ν T J T ( η )] T .As reported in [44], in the positioning and trajectorytracking control of ROV, the variables needed to be con-trolled are x, y, z and ψ . Under some cases, for the pur-pose of improving the dynamic stability and decreasingthe influences of φ and θ on other variables, a simple P-controller can be used to control φ and θ . Therefore theorder of the MIMO backstepping robust controller canbe reduced from 6 degrees of freedom (DOF) to 4 DOF.To simplify the controller design, the transformationmatrix J ( η ) can also be approximately obtained by as-suming that φ = θ = p = q = 0, then the corre-sponding matrix parameters of reduced system are M =diag { m ν − X ˙ u , m ν − Y ˙ v , m ν − Z ˙ w , I z − N ˙ r } , D ( ν ) = − diag { X u + X u | u | , Y v + Y v | v | v, Z w + Z w | w | , N r + N r | r | r } , g ( η ) = [0 , , − ( W − B ) , T and J ( η ) = cos ψ − sin ψ ψ cos ψ ,C ( ν ) = − ( m ν − Y ˙ v ) v − ( m ν − X ˙ u ) u m ν − Y ˙ v ) v − ( m ν − X ˙ u ) u . According to [44], the velocity dynamics can be ex-pressed as linear-parametric form M ˙ ν v + C ( ν ) + D ( ν ) ν + g ( η ) = Φ T ( ν , ˙ ν v , η ) σ where σ = [ m ν − X ˙ u , m ν − Y ˙ v , X u , X | u | u , Y v , Y | v | v , m ν − Z ˙ w , Z w , Z w | w | , W − B, I z − N ˙ r , N r , N r | r | ] is unknownsystem parameter vector, ν v is the virtual control andΦ( ν , ˙ ν v , η ) is a known reduced regressor matrix functionwhose specific form can be found in [44] and is omittedhere for saving space.Consider a ROV formation which consists of 4 sameROVs. The parameters of the ROV are shown in Ta-ble I. The communication topology G is given by a 2-regular graph and the edge weight w ji = 1. The problemof multi-agent coordination consisting in finding a dis-tributed control strategy that is able to drive each ROV TABLE I.
Simulation Model Parameters of ROVPar Value Par Value m ν X ˙ u -2140kg I z · m Y ˙ v -1636kg W Z ˙ w -3000kg B N ˙ r -1524kg · m X u -3610kg/s X u | u | -952 kg/m Y v -4660kg/s Y v | v | -1361kg/m Z w -11772kg/s Z w | w | -3561kg/m N r -7848kg · m /(s · rad) N r | r | -773kg · m /(s · rad) from its initial position to rendezvous at the target posi-tion which minimizes the square sum of distances fromthese initial positions. The coordination control objec-tive can be formulated as the following problem:min η ( j ) X j =1 k η ( j ) − η ( j )0 k , s . t . η (1) = · · · = η (4) (47)where η ( j )0 represents the initial state of the j th ROV.Next, we apply the proposed secure DOC control strat-egy to complete the motion coordination task. Considerthe cyber attacks (also including the sensor faults orsome extraneous factors such as ocean currents) occur-ring in the complex underwater environment. Whenthe cyber core detects the existence of the cyber at-tacks, it will drive the attacked ROV to the secure state η s = 0. In the simulation, the initial state conditionsof these four ROVs are set as η (1) (0) = [0 . . T , η (2) (0) = [0 . . . − π/ T , η (3) (0) = [0 0 0 − π/ T and η (4) (0) = [0 . . T . Assume that the4th ROV suffers the cyber attack at t = 30s, and φ (4) ( t ) = e . t − − [sin( t ) cos( t ) − sin( t ) − cos( t )] T .For simplifying calculation, only the ARR ℧ ( j,r ) ( t )rather than ℧ ( j ) ( t ) is used in the proposed ADI ap-proach.The simulation results are shown in Figs. 3-5. Fig. 3 de-scribes the state responses of η ( j ) ( t ) and ν ( j ) ( t ) of thesefour ROVs, j = 1 , · · · ,
4. It can be seen that these fourROVs are arriving at the consensus at the optimal solu-tion of (47) before the attack occurs. The ADI mecha-nism based on the ARR ℧ ( j,r ) ( t ) formulated by e ( j ) r and e ( j ) r,H is shown in Fig. 4, which implies that for j = 1 , , ℧ ( j,r ) ( t ) generated by M ( j ) is still satisfiedeven after the cyber attack occurs, while ℧ (4 ,y ) ( t ) is im-mediately violated (about at t = 31 . O ( j ) will send the controlcommand ℑ ( j ) = ( η s , ,
0) to the 4th ROV based on thesecure decision-making (45). Then the ROV stops send-ing the transmission data η (4) , and converges to the se-cure position η s = 0, while the remaining three ROVs13
20 40 60 8000.51 Z ( m ) ψ (r ad ) X ( m ) Y ( m ) u ( m / s ) v ( m / s ) w ( m / s ) r( m / s ) Fig. 3. Trajectories of η ( t ) and ν ( t ) of four ROVs. R e s i dua l and t h r e s ho l d e (1) r ¯ e r,H R e s i dua l and t h r e s ho l d e (3) r ¯ e (3) r,H R e s i dua l and t h r e s ho l d R e s i dua l and t h r e s ho l d Attack detection of the 4th ROV e (4) r ¯ e (4) r,H e (2) r ¯ e (2) r,H Fig. 4. ADI by the ARR ℧ ( j,r ) ( t ), j = 1 , · · · , τ u τ v τ w τ r τ u τ v τ w τ r τ u τ v τ w τ r Control input of the 4st ROVTime(s) τ u τ v τ w τ r Fig. 5. Control inputs of four ROVs ( τ u :kgf, τ v :kgf, τ w :kgf, τ r :kgf · m). achieve the consensus at the optimal solution ofmin η ( j ) X j =1 k η ( j ) − η ( j )0 k , s . t . η (1) = η (2) = η (3) (48)These have been illustrated in Fig. 3. The control inputsof the overall procedure are plotted in Fig. 5.To further visualize the motion coordination of the ROVformation, also for comparison, the routes of the formu-lation of ROVs under the following three cases are pre-sented in Figs. 7-9, respectively, where the Simulink inMATLAB running time is set as [0s,80s]: Case 1:
Apply the basic/secure version of DOC underattack-free environment;
Case 2:
Apply the basic version of DOC (without theADI mechanism and secure countermeasure, i.e., set z ( m ) X: 0.15Y: 0.25Z: 0.625 y(m) z ( m ) The 1st ROVThe 2nd ROVThe 3rd ROVThe 4th ROV
Fig. 6. 3-dimension routes of four ROVs on [0s,80s] underCase 1. −0.4 −0.2 0 0.2 0.4 0.600.5100.511.5 x(m)y(m) z ( m ) The 1st ROVThe 2nd ROVThe 3rd ROVThe 4th ROV
Fig. 7. 3-dimension routes of four ROVs on [0s,34.45s] underCase 2. z ( m ) y ( m ) x(m) X: 0.1333Y: 0.1684Z: 0.5004 z(m) The 1st ROVThe 2nd ROVThe 3rd ROVThe 4th ROV
Fig. 8. 3-dimension routes of four ROVs on [0s,80s] underCase 3. ℑ ( j ) = ( y ( j ) r , ∇ g ( j ) ( y ( j ) r ) , ˜ v N j ) and F ( j ) = 0 all thetime) under adversarial environment; Case 3:
Apply the secure version of DOC under adver-sarial environment.In Fig. 6, clearly all the ROVs rendezvous at the tar-get position (0 . , . , . t = 34 .
45s and terminates). However,by applying the secure DOC scheme, the ROVs 1, 2and 3 rendezvous at the target position (0 . , . , . , , Conclusions
This paper presented a secure DOC method for a classof uncertain nonlinear CPSs. First, a basic DOC underthe healthy conditions was proposed. By interacting andcoordinating between cyber dynamics and physical dy-namics, the consensus and optimality were guaranteed.In the presence of multiple cyber attacks, we proposeda distributed ADI approach to identify the locally oc-curring attacks from multiple propagating attacks. Itis shown that any attack signal cannot bypass the de-signed ADI approach to destroy the convergence of theDOC algorithm. Finally, a secure countermeasure strat-egy against cyber attacks was described, which guaran-tees that all healthy physical subsystems complete theDOC objective, while the attacked physical subsystemsconverge to a given secure state.
Appendix IProof of Theorem 1.
First, we give the convergenceanalysis on the cyber dynamics (15) and physical dy-namics (1) based on the Lyapunov method, respectively.
Cyber dynamics:
Let y ∗ = 1 N ⊗ y ⋆ be a solution of(4). By Lemma 1-(ii), there exists v ∗ ∈ R Nm such that ∇ g ( y ∗ r ) + Lv ∗ + (1 + η ) Ly ∗ r = 0 holds, and ( y ∗ , v ∗ ) isthe saddle of G . Consider the Lyapunov function of thecyber dynamics V c = 12 ( k y r − y ∗ k + k v − v ∗ k )Note that z = y − y r under the healthy conditions. Then(15) becomes˙ y r = − ∇ g ( y r ) − Lv − (1 + η ) Ly r − (1 + η ) Lz ˙ v = Ly r + Lz (49)The time derivative of V c along with (49) is˙ V c =( y r − y ∗ ) T [ −∇ g ( y r ) − Lv − (1 + η ) Ly r ]+ ( v − v ∗ ) T Ly r − (1 + η ) z T Ly r + ( v − v ∗ ) T Lz a ) = ( y ∗ − y r ) T [ ∇ g ( y r ) + Lv + Ly r ] − y Tr Ly r + G ( y r , v ) − G ( y r , v ∗ ) − (1 + η ) z T Ly r + ( v − v ∗ ) T Lz b ) ≤ G ( y ∗ , v ) − G ( y ∗ , v ∗ ) + G ( y ∗ , v ∗ ) − G ( y, v ∗ ) − ηy Tr Ly r − (1 + η ) z T Ly r + ( v − v ∗ ) T Lz c ) ≤ − ηy Tr Ly r − (1 + η ) z T Ly r + v T Lz − z T π (50)where the equalities: ( a ) follows from Ly ∗ = 0 and thelinearity of G in its second argument; ( b ) follows from the convexity of G in the first argument; ( c ) follows fromthe fact that ( y ∗ , v ∗ ) is the saddle point of G . Note thatthe mismatching terms v T Lz and − z T π will be com-pensated by the following physical dynamics. Physical system:
The convergence analysis is dis-cussed based on backstepping procedure. Rewrite (1)into a compact form P : ˙ x i = x i +1 + ϕ i (¯ x i ) θ, i = 1 , · · · , n − x n = Bu + ϕ n ( x ) θ,y = x (51)where ϕ i (¯ x i ) = diag { ϕ (1) i (¯ x (1) i ) , · · · , ϕ ( N ) i (¯ x ( N ) i ) } and θ = vec( θ , · · · , θ N ).The error dynamics can be expressed as ˙ z = α + ϕ (¯ x ) θ − ˙ y r + z ˙ z i = α i + ϕ i (¯ x i ) θ − ˙ α i − + z i +1 ˙ z n = Bu + ϕ n ( x ) θ − ˙ α n − (52)which can be spitted into inner-loop and outer-loop sub-systems: ˙ z ,I = α ,I + ψ (¯ x ) λ + z ˙ z i,I = α i,I + ψ i (¯ x i ) λ − ˙ α i − ,I + z i +1 − µz i ˙ z n,I = Bu I + ψ n ( x ) λ − ˙ α n − ,I − µz n (53)and ˙ z ,O = α ,O − ˙ y r ˙ z i,O = α i,O − ˙ α i − ,O ˙ z n,O = Bu O − ˙ α n − ,O (54)where z i = z i,I + z i,O for i = 1 , · · · , n .Next, we provide the Lyapunov analysis of the physicaldynamics by considering V p = 12 n X i =1 k z i k + ˜ λ T Γ − ˜ λ + ˜ ρ T Γ − ˜ ρ + ˜ π T Γ − ˜ π ! where ˜ λ = λ − ˆ λ , ˜ ρ = ρ − ˆ ρ , ˜ π = π − ˆ π .The derivative of V p can be computed as˙ V p = n X i =1 z i ˙ z i − ˜ λ T Γ − ˙ˆ λ − ˜ ρ T Γ − ˙ˆ ρ − ˜ π T Γ − ˙ˆ π = ˙ V I + ˙ V O where ˙ V I = P ni =1 z i ˙ z i,I − ˜ λ T Γ − ˙ˆ λ − ˜ ρ T Γ − ˙ˆ ρ − ˜ π T Γ − ˙ˆ π and ˙ V O = P ni =1 z i ˙ z i,O represent the inner-loop andouter-loop Lyapunov derivatives, respectively.15onsider the inner-loop error dynamics (53) with con-trols (16)-(18) and adaptive laws (22)-(24). Followingthe traditional backstepping procedure [36], along with(53), we can obtain˙ V I ≤ − n X i =1 z Ti C i z i − µ n X i =2 k z i k − ρ k z k + z T π − z T S (cid:16) z δ (cid:17) . (55)Now we consider the outer-loop error dynamics (54) withcontrols (19)-(21). Step 1.
In view of (54) and (15), we have˙ z ,O = α ,O + ∇ g ( y r ) + Lv + (1 + η ) Ly (56)To stabilize (56), consider the Lyapunov derivative˙ V ,O = z ˙ z ,O . Then using the virtual control (19), wehave˙ V ,O = z T [ α ,O + ∇ g ( y r ) + Lv + (1 + η ) Ly ]= − z T Lv + (1 + η ) z T Ly = − z T Lv + (1 + η ) z T L ( y r + z ) ≤ − z T Lv + (1 + η ) z T Ly r + (1 + η ) k L kk z k (57) Step i (2 ≤ i ≤ n ) . Note that the arguments of the func-tion α i − ,O involve y r and v . From (54) and (15), wehave˙ z i,O = α i,O + ∂α i − ,O ∂y r [ ∇ g ( y r ) + Lv + (1 + η ) Ly ] − ∂α i − ,O ∂y r L y = (cid:20) (1 + η ) ∂α i − ,O ∂y r L − ∂α i − ,O ∂y r L (cid:21) ( y r + z ) (58)By using the triangular inequality, one has(1 + η ) z Ti ∂α i − ,O ∂y r Ly r ≤
14 (1 + η ) k L k z Ti (cid:18) ∂α i − ,O ∂y r (cid:19) z i + y r Ly r (1 + η ) z Ti ∂α i − ,O ∂y r Lz ≤
14 (1 + η ) k L k z Ti (cid:18) ∂α i − ,O ∂y r (cid:19) z i + k L kk z k − ∂α i − ,O ∂y r L y r ≤ k L k z Ti (cid:18) ∂α i − ,O ∂y r (cid:19) z i + y r Ly r − ∂α i − ,O ∂y r L z ≤ k L k z Ti (cid:18) ∂α i − ,O ∂y r (cid:19) z i + k L kk z k Also, on the compact set { V ( t ) ≤ V (0) } , there existsa positive constant such that k ∂α i,O /∂y r k ≤ Π for all i = 1 , · · · , n −
1. Based on these facts, the Lyapunovderivative ˙ V i,O = z i ˙ z i,O along with (58) can be expressedas˙ V i,O = z Ti (cid:20) (1 + η ) ∂α i − ,O ∂y r L − ∂α i − ,O ∂y r L (cid:21) ( y r + z ) ≤ µ k z i k + 2 k L kk z k + 2 y Tr Ly r (59)Combining (57) and (59), the outer-loop Lyapunovderivative satisfies˙ V O ≤ − z T Lv + (1 + η ) z T Ly r + ρ k z k + 2( n − y Tr Ly r + µ n X i =2 k z i k (60)Finally, construct the Lyapunov function V = V c + V p forthe overall CPS. Taking (50), (55) and (60) into account,its time derivative satisfies˙ V ≤ − ( η − n − y Tr Ly r − n X i =1 z Ti C i z i − N X j =1 z ( j ) T S z ( j )1 δ ( j ) ! ≤ − ( η − n − y Tr Ly r − n X i =1 z Ti C i z i (61)where the fact z ( j ) T S ( z ( j )1 /δ ( j ) ) ≥ η > n − V ≤
0. Thus, { V ( t ) ≤ V (0) } is an invariant set. It implies that z ( t ), y r ( t ), v ( t ),ˆ λ ( t ), ˆ ρ ( t ), ˆ π ( t ) and z ( j ) T S ( z ( j )1 /δ ( j ) ) are bounded. Then y ( t ) = z ( t )+ y r ( t ) is bounded. Along with the backstep-ping procedure, α i ( t ), u i ( t ) and x i ( t ) are also bounded.Noting ˙ y r ( t ) , ˙ v ( t ) ∈ L ∞ and y Tr ( t ) Ly r ( t ) , z i ( t ) ∈ L . Ac-cording to Barbalat’s Lemma, lim t →∞ y Tr ( t ) Ly r ( t ) = 0and lim t →∞ z i ( t ) = 0. Finally, following the proof of [[8].Theorem 4.1], one obtains that lim t →∞ y r ( t ) = y ∗ . Thus,we can conclude that lim t →∞ [ y ( t ) − y ∗ ] = lim t →∞ [ y ( t ) − y r ( t ) + y r ( t ) − y ∗ ] = 0. (cid:4) Appendix IIProof of Lemma 2.
To analyze the stability of (30),we first construct an auxiliary system˙˜ e ( j ) r,H = − η ( j ) (˜ e ( j ) r,H + z ( j )1 ) , ˜ e ( j ) r,H (0) = e ( j ) r,H (0) (62)By directly computing (62), we obtain that k ˜ e ( j ) r,H ( t ) k ≤ e − η ( j ) t e ( j ) r,H (0) + Ψ( η ( j ) , z ( j )1 ( t ) , , t ) . U ( j ) (˜ e ( j ) r,H ) = k ˜ e ( j ) r,H k / U ( j ) (˜ e ( j ) r,H ) = − η ( j ) ˜ e ( j ) Tr,H (˜ e ( j ) r,H + z ( j )1 ) (63)On the other hand, the time derivative of U ( j ) ( e ( j ) r,H )along with (30) can be expressed as˙ U ( j ) ( e ( j ) r,H ) = − e ( j ) Tr,H [ ∇ g ( j ) ( y ( j ) r ) − ∇ g ( j ) (ˆ y ( j ) r )] − η ( j ) e ( j ) Tr,H ( e ( j ) r,H + z ( j )1 ) ≤ − η ( j ) e ( j ) Tr,H ( e ( j ) r,H + z ( j )1 ) (64)where the inequality follows from the convexity of g ( j ) .Using the comparison principle [46], under the same ini-tial condition ˜ e ( j ) r,H (0) = e ( j ) r,H (0), (63) and (64) imply U ( j ) ( e ( j ) r,H ) ≤ U ( j ) (˜ e ( j ) r,H ), or equivalently, k e ( j ) r,H ( t ) k ≤k ˜ e ( j ) r,H ( t ) k ≤ e − η ( j ) t e ( j ) r,H (0) + Ψ( η ( j ) , z ( j )1 ( t ) , t , t ).Directly solving (31) and applying the triangular in-equality, k e ( j ) v,H ( t ) k can be bounded by (33). Appendix IIIProof of Lemma 3.
Under the healthy conditions, in-tegrating both sides of Eq. (61) yields V ( t ) − V (0) ≤ − ( η − n + 2) Z tτ =0 y Tr ( τ ) Ly r ( τ ) dτ − n X i =1 Z tτ =0 z Ti ( τ ) C i z i ( τ ) dτ which implies that12 k z ( j )1 ( t ) k + c ( j )1 Z tτ =0 k z ( j )1 ( τ ) k dτ ≤ V (0) . Given Assumption 3 and definition of ¯Ω, we have12 c ( j )1 k z ( j )1 ( t ) k + Z tτ =0 k z ( j )1 ( τ ) k dτ ≤ ¯Ω /c ( j )1 In addition, from Theorem 1 we know z ( j ) T S ( z ( j )1 /δ ( j ) )is bounded, which yields | z ( j )1 ,s ( t ) | < δ ( j ) ( t ) for any t ≥ s ∈ { , · · · , m } such that | z ( j )1 ,s ( t ) | ≥ δ ( j ) ( t ) > k ( j ) b .According to the form of S and the prescribed perfor-mance technique [39], k S ( z ( j )1 /δ ( j ) ) k converges to + ∞ . Then z ( j ) T S ( z ( j )1 /δ ( j ) ) ≥ k ( j ) b k S ( z ( j )1 /δ ( j ) ) k → + ∞ as t → ∞ , a contradiction, which in turn implies k z ( j )1 ( t ) k < √ mδ ( j ) ( t ). References [1] P. Antsaklis, “Goals and challenges in cyber-physical systemsresearch editorial of the editor in chief,”
IEEE Trans.Automat. Control , vol. 59, no. 12, pp. 3117–3119, Dec. 2014.[2] J. Slay and M.Miller, “Lessons learned from the MaroochyWater Breach,” in Critical Infrastructure Protection . NewYork, NY, USA: Springer, 2007.[3] J. P. Farwell and R. Rohozinski, “Stuxnet and the future ofcyber war,”
Survival , vol. 53, no. 1, pp. 23–40, 2010.[4] A. Nedic and A. Ozdaglar, “Distributed subgradient methodsfor multiagent optimization,”
IEEE Trans. Autom. Control ,vol. 54, no. 1, pp. 48–61, 2009.[5] I. Lobel and A. Ozdaglar, “Distributed subgradient methodsfor convex optimization over random networks,”
IEEE Trans.Autom. Control , vol. 56, no. 6, pp. 1291–1306, June 2011.[6] M. Zhu and S. Martlnez, “On distributed convex optimizationunder inequality and equality constraints,”
IEEE Trans.Autom. Control , vol. 57, no. 1, pp. 151–164, 2012.[7] B. Johansson, T. Keviczky, M. Johansson, and K. H.Johansson, “Subgradient methods and consensus algorithmsfor solving convex optimization problems,” in Proc. IEEEConf. Decision Control , Cancun, Mexico, Dec. 2008, pp.4185–4190.[8] B. Gharesifard and J. Cortes, “Distributed continuous-timeconvex optimization on weight-balanced digraphs,”
IEEETrans. Autom. Control , vol. 59, no. 3, pp. 781–786, Mar.2014.[9] C. Y. Kim, D. Z. Song, Y. L. Xu, J. G. Yi, and X. Y.Wu. “Cooperative search of multiple unknown transient radiosources using multiple paired mobile robots,”
IEEE Trans.Robotics , vol. 30, no. 5, pp. 1161–1173, 2014.[10] E. Dall’Anese, H. Zhu, and G. B. Giannakis, “Distributedoptimal power flow for smart microgrids,”
IEEE Trans.Smart Grid , vol. 4, no. 3, pp. 1464–1475, 2013.[11] S. Bose, S. H. Low, T. Teeraratkul, and B. Hassibi,“Equivalent relaxations of optimal power flow,”
IEEE Trans.Autom. Control , vol. 60, no. 3, pp. 729–742, 2015.[12] Y. Zhang, Z. Deng, and Y. Hong, “Distributed optimalcoordination for multiple heterogeneous Euler-Lagrangiansystems,”
Automatica , vol. 79, pp. 207–213, 2017.[13] P. Lin, W. Ren, Y. Song, and J.A. Farrell, “Distributedoptimization with the consideration of adaptivity and finite-time convergence,” in Proc. Conf. Amer. Control , 2014, pp.3177–3182.[14] Y. Xie and Z. Lin,“Global optimal consensus for higher-ordermulti-agent systems with bounded controls,”
Automatica ,vol. 99, pp. 301–307, 2019.[15] Y. Zhang and Y. Hong, “Distributed optimization designfor high-order multi-agent systems,” in Proc. Conf. Chin.Control , 2015, pp. 7251–7256.[16] Y. Zhao, Y. Liu, G. Wen, and G. Chen, “Distributedoptimization for linear multiagent systems: edge- and node-based adaptive designs,”
IEEE Trans. Autom. Control , vol.62, no. 7, pp. 3602-3609, 2017.
17] Z. Li, Z. Wu, Z. Li, and Z. Ding, “Distributed optimalcoordination for heterogeneous linear multi-agent systemswith event-triggered mechanisms,”
IEEE Trans. Autom.Control , 10.1109/TAC.2019.2937500.[18] T. Yang, X. Yi, J. Wu, Y. Yuan, D. Wu, Z. Meng, Y. Hong,H. Wang, Z. Lin, K. H. Johansson, “A survey of distributedoptimization,”
Ann. Rev. Control , vol. 47, pp. 278–305, 2019.[19] O. Yaggan, D. Qian, J. Zhang, and D. Cochran, “Optimalallocation of interconnecting links in cyber-physical systems:interdependence, cascading failures, and robustness,”
IEEETrans. Paral. Distr. Syst. , vol. 23, no. 9, pp. 1708–1721, 2015.[20] L. Su and N. Vaidya, “Byzantine multi-agent optimization,” arXiv:1506.04681 , 2015.[21] S. Sundaram and B. Gharesifard, “Distributed optimizationunder adversarial nodes,”
IEEE Trans. Autom. Control , vol.64, no. 3, pp. 1063–1076, 2019.[22] C. Zhao, J. He, and Q.-G. Wang, “Resilient distributedoptimization algorithm against adversarial attacks,”
IEEETrans. Autom. Control , 10.1109/TAC.2019.2954363.[23] W. Fu, J. Qin, Y. Shi, W. Zheng, and Y. Kang,“Resilient consensus of discrete-time complex cyber-physicalnetworks under deception attacks,”
IEEE Trans. Ind. Inf. ,10.1109/TII.2019.2933596.[24] Q. Zhang and X. Zhang, “Distributed sensor fault diagnosisin a class of interconnected nonlinear uncertain systems,” inProc. 8th IFAC SAFEPROCESS , Mexico City, Mexico, 2012,pp. 1101–1106.[25] V. Reppa, M. M. Polycarpou, and C. G. Panayiotou,“Decentralized isolation of multiple sensor faults in large-scale interconnected nonlinear systems,”
IEEE Trans.Autom. Control , vol. 60, no. 6, pp. 1582–1596, Mar. 2015.[26] V. Reppa, M. M. Polycarpou, and C. G. Panayiotou,“Distributed sensor fault diagnosis for a network ofinterconnected cyber-physical systems,”
IEEE Trans.Control Netw. Syst. , vol. 2, no. 1, pp. 11–23, Mar. 2015.[27] L. Zhang and G.-H. Yang, “Observer-based fuzzy adaptivesensor fault compensation for uncertain nonlinear strict-feedback systems,”
IEEE Trans. Fuzzy Syst. , vol. 26, no. 4,pp. 2301–2310, 2018.[28] F. Pasqualetti, F. Dorfler, and F. Bullo, “Attack detectionand identification in cyber-physical systems,”
IEEE Trans.Autom. Control , vol. 58, no. 11, pp. 2715–2729, 2013[29] L. An and G.-H. Yang, “Distributed secure stateestimation for cyber-physical systems under sensor attacks,”
Automatica , vol. 107, pp. 526–538, 2019.[30] J. Zhang, R. Blum, X. Lu, and D. Conus, “Asymptoticallyoptimum distributed estimation in the presence of attacks,”
IEEE Trans. Signal Process. , vol. 63, no. 5, pp. 1086–1101,Mar. 2015.[31] M. Zhu and S. Martnez, “Attack-resilient distributedformation control via online adaptation,” in Proc. IEEEConf. Dec. Control Eur. Control (CDC-ECC) , Orlando,USA,, 2011, pp. 6624–6629.[32] L. An and G.-H. Yang, “Data-driven coordinated attackpolicy design based on adaptive L -gain optimal theory,” IEEE Trans. Autom. Control , vol. 63, no. 6, pp. 1760–1767,2018.[33] Y. Liu, M.K. Reiter, and P. Ning, “False data injectionattacks against state estimation in electric power grids,” in Proc. the 16th ACM conf. Computer communicationssecurity , 2009, pp. 21–32. [34] Y. Chen, S. Kar, and J.M.F. Moura, “Optimal attackstrategies subject to detection constraints against cyber-physical systems,”
IEEE Trans. Control Netw. Syst. , vol. 5,no. 3, pp. 1157–1168, 2019.[35] T.-Y. Zhang and D. Ye, “False data injection attacks withcomplete stealthiness in cyber-physical systems: A self-generated approach,”
Automatica , vol. 120, Oct. 2020, Art.no. 109117.[36] M. Krstic, P. V. Kokotovic, I. Kanellakopoulos,
Nonlinearand Adaptive Control Design . New York: Wiley, 1995.[37] H. Ouyang, Y. Lin, “Adaptive fault-tolerant control foractuator failures: A switching strategy,”
Automatica , vol. 81,pp. 87–95, 2017.[38] X. D. Tang, G. Tao, and S. M. Joshi, “Adaptive actuatorfailure compensation for parametric strict feedback systemsand an aircraft application,”
Automatica , vol. 39, pp. 1975–1982, 2003.[39] W. Wang and C. Wen, “Adaptive actuator failurecompensation control of uncertain nonlinear systems withguaranteed transient performance,”
Automatica , vol. 46, pp.2082–2091, 2010.[40] W. Wang, C. Wen, J. Huang, “Distributed adaptiveasymptotically consensus tracking control of nonlinear multi-agent systems with unknown parameters and uncertaindisturbances,”
Automatica , vol. 77, pp. 133–142, 2017.[41] W. Liu and J. Huang, “Adaptive leader-following consensusfor a class of higher-order nonlinear multi-agent systems withdirected switching networks,”
Automatica , vol. 79, pp. 84–92,2017.[42] M. Massoumnia, G. Verghese, and A. Willsky, “Failuredetection and identification,”
IEEE Trans. Autom. Control ,vol. 34, no. 3, pp. 316–321, 1989.[43] H. Fawzi, P. Tabuada, and S. Diggavi, “Secure estimation andcontrol for cyber-physical systems under adversarial attacks,”
IEEE Trans. Automat. Control , vol. 59, no. 6, pp. 1454–1467,Jun. 2014.[44] K. Zhu, L. Gu, “A MIMO nonlinear robust controllerfor work-class ROVs positioning and trajectory trackingcontrol,” in Proc. Annu. Conf. Control Decision , Hangzhou,China, 2011, pp. 2565–2570.[45] A. Eldosouky, A. Ferdowsi, and W. Saad, “Drones in distress:a game-theoretic countermeasure for protecting UAVs againstGPS spoofing,”
IEEE Int. Things Journal , vol. 7, no. 4,2840–2854, 2020.[46] H. Khalil, Nonlinear Systems, third ed., Prentice Hall,Hoboken, New Jersey, 2002., vol. 7, no. 4,2840–2854, 2020.[46] H. Khalil, Nonlinear Systems, third ed., Prentice Hall,Hoboken, New Jersey, 2002.