Sage Journals: Discover world-class research

Abstract

In this study, a co-design method of dual security control and communication is investigated for a nonlinear cyber–physical system (CPS) with an actuator fault and false data injection (FDI) attacks. First, under the discrete event trigger communication scheme, considering the different effects of actuator fault and FDI attacks on a double-end network, a dual security control strategy with active fault-tolerance and active–passive attack-tolerance is proposed. It can accommodate an actuator fault, actively compensate an actuator FDI attack, and passively resist a sensor FDI attack, respectively, thereby establishing a new dual security control framework with fault-tolerance and attack-tolerance. Moreover, the Takagi–Sugeno (T-S) fuzzy model for the nonlinear CPS is established under this framework. Second, by constructing an appropriate Lyapunov–Krasovskii functional and introducing the time-delay theory and the affine Bessel–Legendre inequality, lesser conservative design methods of a robust augmented observer for the estimation of the state, FDI attacks, and fault as well as a dual security controller are obtained. Finally, a classical quadruple-tank model is used to show the validity and feasibility of the proposed method.

Keywords

Nonlinear cyber-physical system (CPS)false data injection (FDI) attacks dual security control active fault-tolerance active-passive attack-tolerance co-design

Introduction

A cyber–physical system (CPS) is a complex system with the highest degree of integration among cyber and physical systems; it realizes real-time perception and control using computational techniques and by communication and control.^1,2 Because it is commonly applied in intelligent transportation, smart cities, micro-grids, and other fields, CPS has gained increasing interest and become a prominent topic.³ Generally, a CPS is prone to risks and can lose stability because of the following reasons: (1) The system operation needs to be accessed and controlled remotely through an open network, and cyber attacks are easy in this scenario, which increases the risks of the system information being destroyed, tampered, or blocked.^4,5 (2) The actuator, as the core physical component of a CPS, is highly prone to faults because it needs to operate in a relatively harsh environment for a long time.⁶ Therefore, it is significant to study security control for a CPS under the dual threats of cyber attacks and physical faults.^7,8

During application, most of the controlled plants are nonlinear. However, modeling a nonlinear system is difficult because of its complexity and particularity and the requirement of high system performance, to solve this problem, the Takagi–Sugeno (T–S) fuzzy model is an effective approach.⁹ Its basic concept is to decompose a nonlinear system into a series of linear combinations of local subsystems using IF–THEN rules, and subsequently apply the linear system theory for modeling, analysis, and synthesis. Because of its simple modeling process, it has achieved remarkable results.^10–12 There are two aspects of security problems in a nonlinear CPS: physical and cyber security. Physical security refers to the safety and stability maintenance of a CPS when the physical components fail, whereas cyber security refers to the security of the communication network that supports the CPS information perception and interaction.^13,14 In view of physical security, fault-tolerant control is an effective method for dealing with component faults, which has advanced in recent years. Passive, active, and active–passive hybrid fault-tolerant methods were respectively adopted in Li and Li,¹⁵ Lan and Patton,¹⁶ and Xu et al.¹⁷ to investigate physical security. However, the above results do not consider the issue of cyber security. Therefore, studying the dual security control problem for a nonlinear CPS based on the T–S fuzzy model is highly challenging, which is one of the motivations of this study.

With the development of CPSs, the security problems of their cyber systems are becoming constantly exposed, and frequent cyber attacks make the control system more vulnerable. In general, cyber attacks on a CPS mainly include denial-of-service (DoS) and false data injection (FDI) attacks. A DoS attack is simple to implement; however, there is no stealth in space and time; therefore, it is easy to detect and prevent.^18–20 However, a FDI attack has high concealment and is difficult to detect, resulting in a greater potential threat and higher destructiveness than a DoS attack.^21,22 StuxNet virus is a typical example of a FDI attack.²³ For FDI attacks in a CPS, a static output feedback robust control strategy was studied in Su and Ye²⁴ to achieve stable system operation. In An and Yang,²⁵ an improved adaptive resilient controller was designed to tolerate attacks passively. In Corradini and Cristofaro,²⁶ a sliding mode attack-tolerant control strategy was proposed, which effectively realizes a passive defense against FDI attacks. The strategies in Su and Ye,²⁴ An and Yang,²⁵ and Corradini and Cristofaro²⁶ are passive in dealing with FDI attacks, having limited defensive ability, and thus, active defense strategies are more targeted than passive ones. In addition, the above studies only considered cyber attacks in a cyber system. It is well-known that CPS is a combination of physical and cyber systems. Therefore, finding approaches to adopt more active defense strategies to ensure the security of a nonlinear CPS under physical faults and cyber attacks is another research motivation of this study.

In a CPS, the rapidly increasing data generated by its intelligent devices need to be transmitted with limited bandwidth; thus, the inconsistency between the transmission of a large amount of data and the limited communication resources is becoming increasingly important. In the traditional periodic time-triggered communication scheme (PTTCS), the transmission of a large amount of redundant data aggravates the communication burden, and the control strategy design is inappropriately related with the communication. Over the past decade, to solve these problems, a self-triggered communication scheme (STCS),²⁷ a discrete event-triggered communication scheme (DETCS),²⁸ and an adaptive event-triggered communication scheme (AETCS)^29,30 have been proposed. Among them, the AETCS is novel, and its trigger parameter can change adaptively with respect to the dynamic error of a system. However, once the physical and cyber systems in a CPS are damaged, it is difficult to realize the adaptive coordinates between communication and control under the AETCS. Because the DETCS is simple to implement and can achieve good control performance, it is the most representative trigger scheme. In Lu and Yang,³¹ based on the DETCS, a new security observer was designed to estimate a state and an attack. In Li et al.,³² the security consensus problem was considered for multi-agent systems, and an event-triggered control scheme with state dependence was used to update the control input signal. In Gao et al.,³³ an event-triggered dynamic output feedback control problem was studied for a discrete Markov jump system, and a dual-event-triggered scheme was implemented asynchronously on the node of a sensor and a controller. The above studies were based on the DETCS, which can effectively save network resources. However, there are few results on the co-design of dual security control and communication for a nonlinear CPS. This is another motivation of this study.

Based on previous investigations, in this study, we aim to co-design dual security control and communication for a nonlinear CPS under the DETCS. The main contributions are summarized as follows:

A new dual security control strategy with active fault-tolerance and active–passive attack-tolerance is proposed, in which an actuator fault and an actuator FDI attack are compensated actively and a sensor FDI attack is defended passively. Furthermore, a dual security control framework is built, which lays the foundation to realize dual security control for an actual CPS with FDI attacks on the dual-end network and an actuator fault.

A robust augmented observer is obtained to accurately estimate the system state, FDI attacks, and actuator fault in real time using the augmented matrix method.

A new T–S fuzzy model of a closed-loop nonlinear CPS is established under the DETCS, which integrates a trigger condition, FDI attacks, and an actuator fault. Subsequently, a co-design method of dual security control and communication with reduced data transmission is established to achieve a balance between dual security control and communication resources.

In the derivation of the robust augmented observer and the dual security controller, an appropriate Lyapunov–Krasovskii function is constructed and the affine Bessel–Legendre inequality is introduced, thereby reducing the conservatism of the system. By an engineering case verification of a quadruple tank, it is shown that the theoretical strategies of this study can effectively resist the adverse effects of FDI attacks and actuator fault and maintain system stability while saving communication resources.

The remainder of this paper is organized as follows. The problem formulation is presented in Section 2. In Sections 3, the design of the robust observer is described. The co-design of dual security control and communication is presented in Section 4. Section 5 discusses the simulation experiments, and the conclusion is presented in Section 6.

Problem formulation

Framework of dual security control

Based on the DETCS, a new dual security framework with an actuator fault and FDI attacks on a double-end network is established, as shown in Figure 1.

Figure 1.

Framework of dual security control.

As shown in Figure 1, the system consists of five parts: a controlled plant, an intelligent sensing unit, a control unit, an execution unit, and a communication network. In this study, an actuator fault and FDI attacks on the actuator and sensor sides are considered simultaneously.

The intelligent sensing unit includes a sensor, samplers, an augmented observer, and an event generator. Among them, the sensor and sampler 1 are used to observe the system output and conduct the sampling at equal periods, and the augmented observer is used to observe the system state, FDI attacks, and an actuator fault. The estimated results are sampled by sampler 2 at equal periods. The event generator is used to determine whether the current sampling value meets the trigger condition. If it does, the sampling value is transmitted to the control unit through the sensor network; otherwise it is discarded. Evidently, the filtered data are transmitted non-uniformly, and the transmission period is longer than the sampling period $h$ ; therefore, the network resources can be saved.

The control unit calculates the control quantity with active fault-tolerance and active–passive attack-tolerance on the received data, following which the control data are transmitted to the execution unit. It can be seen that the control action is still conducted in a non-uniform periodic manner.

The execution unit includes a zero-order holder (ZOH) and an actuator. The ZOH holds the data in a non-uniform periodic manner, and it transmits the result to the actuator, which acts on the controlled plant.

Assumption 1: The sampling is conducted at equal periods $h$ ; the intelligent sensing unit is clock-driven, and the corresponding sequence is ${i_{k}}, k = 0, 1, 2, \dots$ . Both the control and execution units are event-driven. The sending period of the filtered data by the event generator is denoted as $h_{k}$ , and the corresponding sequence is ${t_{k}}, k = 0, 1, 2, \dots$ .

Assumption 2: FDI attacks are detectable and separable from physical faults.

System description

As shown in Figure 1, the plant is continuous, and the operation of the intelligent sensing and control units is completed by the calculation of a digital quantity; therefore, the system is a typical sampling data system. Considering a class of nonlinear controlled plants, the following state equation of the fuzzy system can be obtained by adopting the T–S fuzzy model:

{\begin{matrix} \overset{\cdot}{x} (t) = \sum_{i = 1}^{r} ξ_{i} (θ (t)) {A_{i} x (t) + B_{i} [u (t) + a^{a} (t)] \\ + E_{fi} f (t) + E_{wi} w (t)} \\ y (i_{k}) = \sum_{i = 1}^{r} ξ_{i} (θ (t)) {C_{i} [x (i_{k}) + a^{s} (i_{k})] + E_{vi} v (i_{k})} \end{matrix}

(1)

where $ξ_{i} (θ (t)) = a_{i} (θ (t)) / \sum_{i = 1}^{N} a_{i} (θ (t))$ , $ξ_{i} (θ (t))$ represents the weight ratio of each fuzzy rule, $a_{i} (θ (t)) = Π_{j = 1}^{N} M_{ij} (θ (t))$ , and $M_{ij} (θ (t))$ is the membership function of $θ_{j} (t)$ with respect to $M_{ij}$ . It is assumed that $a_{i} (θ (t)) \geq 0 (i =$ $1, 2, \dots, N)$ and $\sum_{i = 1}^{N} a_{i} (θ (t)) > 0$ ; therefore $ξ_{i} (θ (t)) \geq 0$ and $\sum_{i = 1}^{N} ξ_{i} (θ (t)) = 1$ , $A_{i}, B_{i}, C_{i}, E_{f i}, E_{w i},$ , and $E_{v i}$ are known matrices with appropriate dimensions. $x (t) \in R^{n}$ is the system state, $u (t) \in R^{n_{u}}$ is the control input (without the sensor FDI attack), $w (t) \in R^{n_{w}}$ is the disturbance, $y (i_{k}) \in R^{m}$ is the sampled output at instant $i_{k}$ , $v (i_{k}) \in R^{n_{v}}$ is the measurement noise, and $a^{a} (t) \in R^{n_{ca}}$ and $a^{s} (i_{k}) \in R^{n_{sc}}$ are the FDI attacks on the double-end network called actuator FDI attack and sensor FDI attack, respectively. ${i_{1}, i_{2}, \dots, i_{k}, \dots}$ is the sampling time sequence and $f (t) \in R^{n_{f}}$ is a time-varying actuator fault. The derivative norms of $f (t)$ and $a^{a} (t)$ are bounded, that is, there are constants $f_{1}$ and $a_{1}$ that satisfy $‖ \overset{\cdot}{f} (t) ‖ \leq f_{1}$ and $‖ {\overset{\cdot}{a}}^{a} (t) ‖ \leq a_{1}$ .

Remark 1: In real systems, actuator fault occurs in physical devices and FDI attack comes from information networks. Although there are essential differences in the source, generation mechanism and effect, actuator fault and FDI attack are eventually deteriorate the system performance or even make the system unstable.

Remark 2: The actuator FDI attack changes the control actions of the system, whereas the sensor FDI attack modifies the measurements of the sensor. They are modeled in equation (1) based on different exerting locations and influences.^34,35

To detect and estimate the FDI attacks and the system state online, system state $x (t)$ , actuator FDI attack $a^{a} (t)$ , and sensor FDI attack $a^{s} (t)$ are augmented into a new state $η (t)$ . Thus, the following augmented state equation can be obtained:

{\begin{matrix} \dot{η} (t) = \sum_{i = 1}^{r} ξ_{i} (θ (t)) [{\tilde{A}}_{i} η (t) + {\tilde{B}}_{i} u (t) + {\tilde{E}}_{f i} f (t) + {\tilde{E}}_{w i} \tilde{w} (t)] \\ y (i_{k}) = \sum_{i = 1}^{r} ξ_{i} (θ (t)) [{\tilde{C}}_{i} η (i_{k}) + E_{v i} v (i_{k})] \end{matrix}

(2)

where,

η (t) = {[\begin{matrix} x^{T} (t) & {a^{a}}^{T} (t) & {a^{s}}^{T} (t) \end{matrix}]}^{T}, \tilde{w} (t) = [\begin{matrix} w^{T} (t) & {\overset{\cdot}{a}}^{a}^{T} (t) \end{matrix}

{{\overset{\cdot}{a}}^{s}^{T} (t)]}^{T}, {\tilde{E}}_{wi} = diag {\begin{matrix} E_{wi} & I & I \end{matrix}}, {\tilde{C}}_{i} = [\begin{matrix} C_{i} & 0 & C_{i} \end{matrix}] .

{\tilde{A}}_{i} = [\begin{matrix} A_{i} & B_{i} & 0 \\ 0 & 0 & 0 \\ 0 & 0 & 0 \end{matrix}], {\tilde{B}}_{i} = [\begin{matrix} B_{i} \\ 0 \\ 0 \end{matrix}], {\tilde{E}}_{f_{i}} = [\begin{matrix} E_{fi} \\ 0 \\ 0 \end{matrix}] .

Trigger condition of DETCS

In this study, we adopt the typical DETCS in Peng and Yang²⁸ to determine whether the current sampling value needs to be transmitted.

{[\hat{x} (i_{k}) - \hat{x} (t_{k})]}^{T} Φ [\hat{x} (i_{k}) - \hat{x} (t_{k})] \leq σ {\hat{x}}^{T} (t_{k}) Φ \hat{x} (t_{k})

(3)

where $σ \in [0, 1)$ is a predefined event trigger parameter that is related to the expected system performance. $Φ$ is the positive definite symmetric matrix to be designed. The state estimation error is defined as $\hat{x} (i_{k}) - \hat{x} (t_{k}) = e (i_{k})$ , where $\hat{x} (i_{k})$ represents the estimated state value by the observer. $\hat{x} (t_{k})$ represents the latest state estimation value, which is calculated by the event generator at the last moment and meets the trigger condition in equation (3), and is transmitted through the network.

Analysis of correlated delay interval

From the above analysis, the estimation of the observer has an equal sampling period, whereas the fault-tolerant/attack-tolerant control is associated with a non-uniform sampling period. Therefore, we treat them as sampling data systems, and subsequently adopt the time-delay theory to deal with these problems.^36,37 Similar to the related delay analysis in Li et al.,³⁸ it will not elaborate here.

The time delay function is defined as

τ_{1} (t) = t - i_{k}, t \in [i_{k}, i_{k + 1}), 0 \leq τ_{1} (t) \leq h_{1} = h .

(4)

where $h$ is the sampling period.

τ_{2} (t) = t - t_{k},

(5)

The upper and lower bounds of the time delay function can be described as follows:

$0 < l_{k} h + τ_{t_{k} + l_{k} h} \leq τ_{2} (t) \leq (l_{k} + 1) h + τ_{t_{k} + (l_{k} + 1) h}$ ≤ $(d_{k} + 1) h$ $+ τ_{t_{k} + (d_{k} + 1) h}$ $= t_{k + 1} - t_{k} + τ_{t_{k} + (d_{k} + 1) h}$ $\leq h_{k_{max}} + τ' = h_{2}$ , that is, $0 \leq τ_{2} (t) \leq h_{2}$ , where $l_{k} = 0, 1, 2, \dots, d_{k},$ $d_{k} h = t_{k + 1} - t_{k} - h,$ $τ_{t_{k} + l_{k} h}$ is the network transmission delay at instant $t_{k} + l_{k} h,$ $h_{2} = h_{k_{max}} + τ' = h_{k_{max}} +$ $max {τ_{t_{k} + (l_{k} + 1) h}}$ , $h_{k_{max}}$ is the maximum transmission period filtered by the event generator, and $τ'$ is the upper bound of $τ_{t_{k} + (d_{k} + 1) h}$ .

Design of robust H_∞ observer for estimation of state, FDI attacks, and actuator fault

Augmented error system

The time delay theory is adopted to analyze the sampling characteristics of the system output in one sampling period; the discrete sampling output equation is held through the ZOH,³⁹ and the measurement output can be obtained as follows:

y (t) = \sum_{i = 1}^{r} ξ_{i} (θ (t)) [{\tilde{C}}_{i} η (t - τ_{1} (t)) + E_{v i} v (t - τ_{1} (t))]

(6)

The following observer is constructed to observe the system state, FDI attacks, and the actuator fault:

{\begin{matrix} \overset{\cdot}{\hat{η}} (t) = \sum_{i = 1}^{r} \sum_{j = 1}^{r} ξ_{i} (θ (t)) ξ_{j} (θ (t)) [{\tilde{A}}_{i} \hat{η} (t) + {\tilde{B}}_{i} u (t) \\ + {\tilde{E}}_{fi} \hat{f} (t) - L_{j} (\hat{y} (t) - y (t))] \\ \hat{y} (t) = \sum_{i = 1}^{r} ξ_{i} (θ (t)) [{\tilde{C}}_{i} \hat{η} (t - τ_{1} (t))] \\ \overset{\cdot}{\hat{f}} (t) = \sum_{j = 1}^{r} ξ_{j} (θ (t)) [- F_{j} e_{y} (t)] \end{matrix}

(7)

The following are defined: $e_{η} (t) = \hat{η} (t) - η (t)$ , $e_{y} (t) = \hat{y} (t) - y (t)$ , and $e_{f} (t) = \hat{f} (t) - f (t) .$ The error system can be obtained as follows:

{\begin{matrix} {\dot{e}}_{η} (t) = \sum_{i = 1}^{r} \sum_{j = 1}^{r} ξ_{i} (θ (t)) ξ_{j} (θ (t)) [{\tilde{A}}_{i} e_{η} (t) + {\tilde{E}}_{f i} e_{f} (t) \\ - L_{j} \tilde{C} e_{η} (i_{k}) + L_{j} E_{v i} v (i_{k}) - {\tilde{E}}_{w i} \tilde{w} (t)] \\ {\dot{e}}_{f} (t) = - \dot{f} (t) + \sum_{i = 1}^{r} \sum_{j = 1}^{r} ξ_{i} (θ (t)) ξ_{j} (θ (t)) [- F_{j} {\tilde{C}}_{i} e_{η} (i_{k}) . \\ + F_{j} E_{v i} v (i_{k})] \\ e_{y} (t) = \sum_{i = 1}^{r} ξ_{i} (θ (t)) [{\tilde{C}}_{i} e_{η} (i_{k}) - E_{v i} v (i_{k})] \end{matrix}

(8)

Thus, the augmented error system with the system state, FDI attacks, and actuator fault is as follows:

\begin{matrix} \overset{\cdot}{\bar{e}} (t) = \sum_{i = 1}^{r} \sum_{j = 1}^{r} ξ_{i} (θ (t)) ξ_{j} (θ (t)) [{\bar{A}}_{i} \bar{e} (t) - {\bar{L}}_{j} {\bar{C}}_{i} \bar{e} (t - τ_{1} (t)) \\ - {\bar{E}}_{wi} \bar{w} (t) + {\bar{L}}_{j} E_{vi} v (t - τ_{1} (t))] \end{matrix}

(9)

Where

\begin{matrix} {\bar{A}}_{i} = [\begin{matrix} {\tilde{A}}_{i} & {\tilde{E}}_{fi} \\ 0 & 0 \end{matrix}], \bar{e} (t) = [\begin{matrix} e_{η} (t) \\ e_{f} (t) \end{matrix}], {\bar{L}}_{j} = [\begin{matrix} L_{j} \\ F_{j} \end{matrix}], \\ {\bar{C}}_{i} = [\begin{matrix} {\tilde{C}}_{i} & 0 \end{matrix}], \end{matrix}

\begin{matrix} \bar{e} (t - τ_{1} (t)) = [\begin{matrix} e_{η} (t - τ_{1} (t)) \\ e_{f} (t - τ_{1} (t)) \end{matrix}], {\bar{E}}_{wi} = [\begin{matrix} {\tilde{E}}_{wi} & 0 \\ 0 & I \end{matrix}], \\ \bar{w} (t) = [\begin{matrix} \tilde{w} (t) \\ \overset{\cdot}{f} (t) \end{matrix}] . \end{matrix}

Remark 3: Using the augmented matrix method, an augmented observer is obtained in equation (7), which can observe the system state, the FDI attacks on the double-end network, and the actuator fault in real time.

Design of robust $H_{\infty}$ observer

Theorem 1: Considering the error system in equation (9), for certain positive constants $h_{1}$ and $γ_{1}$ , if there exist a symmetric positive definite matrix $P$ and appropriate dimension matrices $X, Y_{j}$ such that the following conditions hold:

[\begin{matrix} Π_{11} & Π_{12} & Π_{13} & Π_{14} & 0 \\ * & Π_{22} & Π_{23} & Π_{24} & h_{1} n_{1} {\bar{C}}_{i}^{T} {Y_{j}}^{T} \\ * & * & Π_{33} & Π_{34} & 0 \\ * & * & * & Π_{44} & 0 \\ * & * & * & * & - h_{1} n_{1} P \end{matrix}] < 0

(10)

[\begin{matrix} {Π'}_{11} & {Π'}_{12} & Π_{13} & Π_{14} & X \\ * & {Π'}_{22} & Π_{23} & Π_{24} & X \\ * & * & Π_{33} & Π_{34} & X \\ * & * & * & Π_{44} & X \\ * & * & * & * & - \frac{15 n_{1}}{23 h_{1}} P \end{matrix}] < 0

(11)

[\begin{matrix} Π_{11} + I & Π_{12} & Π_{13} & Π_{14} & Π_{15} & Π_{16} & 0 \\ * & Π_{22} & Π_{23} & Π_{24} & Π_{25} & Π_{26} & h_{1} n_{1} {\bar{C}}_{i}^{T} {Y_{j}}^{T} \\ * & * & Π_{33} & Π_{34} & 0 & 0 & 0 \\ * & * & * & Π_{44} & 0 & 0 & 0 \\ * & * & * & * & - γ_{1}^{2} I & Π_{56} & h_{1} n_{1} E_{vi}^{T} {Y_{j}}^{T} \\ * & * & * & * & * & Π_{66} & 0 \\ * & * & * & * & * & * & - h_{1} n_{1} P \end{matrix}] < 0

(12)

[\begin{matrix} {Π'}_{11} + I & {Π'}_{12} & Π_{13} & Π_{14} & Y_{j} E_{vi} & - P {\bar{E}}_{wi} & X \\ * & {Π'}_{22} & Π_{23} & Π_{24} & 0 & 0 & X \\ * & * & Π_{33} & Π_{34} & 0 & 0 & X \\ * & * & * & Π_{44} & 0 & 0 & X \\ * & * & * & * & - γ_{1}^{2} I & 0 & 0 \\ * & * & * & * & * & - γ_{1}^{2} I & 0 \\ * & * & * & * & * & * & - \frac{15 n_{1}}{23 h_{1}} P \end{matrix}] < 0

(13)

then the error system in equation (9) is asymptotically stable and satisfies the $H_{\infty}$ performance index in equation (14). The augmented state observer gain matrix, $L_{j}$ , and the fault estimation gain matrix, $F_{j}$ , are obtained using ${\bar{L}}_{j} = [\begin{matrix} L_{j} \\ F_{j} \end{matrix}]$ .

‖ \bar{e} (t) ‖_{2}^{2} \leq γ_{1}^{2} [\sum_{k = 0}^{+ \infty} (i_{k + 1} - i_{k}) ‖ v (i_{k}) ‖_{2}^{2} + ‖ \bar{w} (t) ‖_{2}^{2}]

(14)

where

\begin{matrix} Π_{11} = P {\bar{A}}_{i} + {\bar{A}}_{i}^{T} P - n_{2} P + h_{1} n_{2} (P {\bar{A}}_{i} + {\bar{A}}_{i}^{T} P) \\ + h_{1} n_{1} {\bar{A}}_{i}^{T} P {\bar{A}}_{i} \\ - 3 X - 3 X^{T}, Π_{13} = 2 X - 3 X^{T}, Π_{14} = 6 X - 3 X^{T}, \\ Π_{12} = - Y_{j} {\bar{C}}_{i} + n_{2} P - h_{1} n_{1} {\bar{A}}_{i}^{T} Y_{j} {\bar{C}}_{i} - h_{1} n_{2} Y_{j} {\bar{C}}_{i} \\ - h_{1} n_{2} {\bar{A}}_{i}^{T} P + X \\ - 3 X^{T}, Π_{15} = Y_{j} E_{vi} + h_{1} n_{1} {\bar{A}}_{i}^{T} Y_{j} E_{vi} + h_{1} n_{2} Y_{j} E_{vi}, \\ Π_{16} = - P {\bar{E}}_{wi} - h_{1} n_{1} {\bar{A}}_{i}^{T} P {\bar{E}}_{wi} - h_{1} n_{2} P {\bar{E}}_{wi}, \\ Π_{22} = - n_{2} P + h_{1} n_{3} P \\ + h_{1} n_{2} (Y_{j} {\bar{C}}_{i} + {\bar{C}}_{i}^{T} Y_{j}^{T}) + X + X^{T}, Π_{23} = 2 X + X^{T}, \\ Π_{24} = 6 X + X^{T}, Π_{25} = - h_{1} n_{2} Y_{j} E_{vi}, \\ Π_{26} = h_{1} n_{1} {\bar{C}}_{i}^{T} Y_{j}^{T} {\bar{E}}_{wi} \\ + h_{1} n_{2} P {\bar{E}}_{wi}, Π_{33} = 2 X + 2 X^{T}, Π_{34} = 6 X + 2 X^{T}, Π_{44} = \\ 6 X + 6 X^{T}, Π_{66} = - γ_{1}^{2} I + h_{1} n_{1} {\bar{E}}_{wi}^{T} P {\bar{E}}_{wi}, {Π'}_{11} = P {\bar{A}}_{i} + \\ {\bar{A}}_{i}^{T} P - n_{2} P - 3 X - 3 X^{T}, {Π'}_{12} = - Y_{j} {\bar{C}}_{i} + n_{2} P \\ + X - 3 X^{T}, {Π'}_{22} = - n_{2} P - h_{1} n_{3} P + X + X^{T} . \end{matrix}

Proof: To ensure the error system is asymptotically stable in equation (9), we first consider $\bar{w} (t) = 0$ , $v (i_{k}) = 0$ , and construct the Lyapunov–Krasovskii function as follows:

\begin{matrix} V_{1} (t) = {\bar{e}}^{T} (t) P \bar{e} (t) + (h_{1} - τ_{1} (t)) τ_{1} (t) {\bar{e}}^{T} (t - τ_{1} (t)) \\ Q \bar{e} (t - τ_{1} (t)) \\ + (h_{1} - τ_{1} (t)) \int_{t - τ_{1} (t)}^{t} {\overset{\cdot}{\bar{e}}}^{T} (s) R \overset{\cdot}{\bar{e}} (s) ds \\ + (h_{1} - τ_{1} (t)) φ_{1}^{T} (t) S φ_{1} (t) \end{matrix}

(15)

where $φ_{1} (t) = \bar{e} (t) - \bar{e} (i_{k})$ and $P = P^{T} > 0, Q = Q^{T} > 0,$ and $R = R^{T} > 0, S = S^{T} > 0 .$

Differentiating along the trajectory of the system in equation (9), we obtain

\begin{matrix} {\overset{\cdot}{V}}_{1} (t) = 2 {\bar{e}}^{T} (t) P \overset{\cdot}{\bar{e}} (t) + 2 (h_{1} - τ_{1} (t)) {\bar{e}}^{T} \\ (t - τ_{1} (t)) Q \bar{e} (t - τ_{1} (t)) \\ - h_{1} {\bar{e}}^{T} (t - τ_{1} (t)) Q \bar{e} (t - τ_{1} (t)) + 2 (h_{1} - τ_{1} (t)) φ_{1}^{T} (t) S \overset{\cdot}{\bar{e}} (t) \\ - φ_{1}^{T} (t) S φ_{1} (t) - \int_{t - τ_{1} (t)}^{t} {\overset{\cdot}{\bar{e}}}^{T} (s) R \overset{\cdot}{\bar{e}} (s) ds \\ + (h_{1} - τ_{1} (t)) {\overset{\cdot}{\bar{e}}}^{T} (t) R \overset{\cdot}{\bar{e}} (t) \end{matrix}

(16)

The integral term, $- \int_{t - τ_{1} (t)}^{t} {\overset{\cdot}{\bar{e}}}^{T} (t) R \overset{\cdot}{\bar{e}} (s) ds$ , can be processed by the affine Bessel–Legendre inequality with reduced conservatism,⁴⁰ that is,

- \int_{t - τ_{1} (t)}^{t} {\dot{\bar{e}}}^{T} (s) R \dot{\bar{e}} (s) d s \leq - ψ_{1}^{T} (t) Θ ψ_{1} (t)

(17)

where

ψ_{1}^{T} (t) = [{\bar{e}}^{T} (t) {\bar{e}}^{T} (i_{k}) \frac{1}{τ_{1} (t)} Ω_{0}^{T} \frac{1}{τ_{1} (t)} Ω_{1}^{T}],

Θ = X H_{2} + H_{2}^{T} X^{T} - τ_{1} (t) X \bar{R} X^{T}, Ω_{0} = \int_{t - τ_{1} (t)}^{t} \bar{e} (s) d s,

Ω_{1} = \int_{t - τ_{1} (t)}^{t} (2 \frac{s - t + τ_{1} (t)}{τ_{1} (t)} - 1) \bar{e} (s) d s,

H_{2} = [\begin{matrix} I & - I & 0 & 0 \\ I & I & - 2 I & 0 \\ I & - I & 0 & - 6 I \end{matrix}],

\bar{R} = diag {R^{- 1} \frac{1}{3} R^{- 1} \frac{1}{5} R^{- 1}} .

Substituting the inequality in equation (17) into ${\overset{\cdot}{V}}_{1} (t)$ , we define

M_{11} = [\begin{matrix} I & 0 & 0 & 0 \end{matrix}], M_{12} = [\begin{matrix} I & - I & 0 & 0 \end{matrix}],

M_{13} = [\begin{matrix} {\bar{A}}_{i} & - {\bar{L}}_{j} {\bar{C}}_{i} & 0 & 0 \end{matrix}], M_{14} = [\begin{matrix} 0 & I & 0 & 0 \end{matrix}]

Thus, $φ_{1} (t) = M_{12} ψ_{1} (t), \overset{\cdot}{\bar{e}} (t) = M_{13} ψ_{1} (t), \bar{e} (t) = M_{11} ψ_{1} (t),$ $\bar{e} (t - τ_{1} (t)) = M_{14} ψ_{1} (t) .$ We can further obtain ${\dot{V}}_{1} (t) \leq ψ_{1}^{T} (t) [Σ_{11} + (h_{1} - τ_{1} (t)) Σ_{12} + τ_{1} (t) Σ_{13}] ψ_{1} (t),$

where

\begin{matrix} Σ_{11} = 2 M_{11}^{T} P M_{13} - M_{12}^{T} S M_{12} - X H_{2} - H_{2}^{T} X^{T} \\ - h_{1} M_{14}^{T} Q M_{14}, \end{matrix}

\begin{matrix} Σ_{12} = 2 M_{12}^{T} S M_{13} + M_{13}^{T} R M_{13} + 2 M_{14}^{T} Q M_{14}, \\ Σ_{13} = X \bar{R} X^{T} . \end{matrix}

If $Σ_{11} + (h_{1} - τ_{1} (t)) Σ_{12} + τ_{1} (t) Σ_{13} < 0$ , then ${\overset{\cdot}{V}}_{1} (t) < 0$ ; therefore, the error system in equation (9) is asymptotically stable. According to the linear convex combination lemma in Park et al.,⁴¹ the necessary and sufficient conditions for $Σ_{11} + (h_{1} - τ_{1} (t)) Σ_{12} + τ_{1} (t) Σ_{13} < 0$ are

Σ_{11} + h_{1} Σ_{12} < 0, Σ_{11} + h_{1} Σ_{13} < 0

(18)

Under zero initial conditions, when $\bar{w} (t) \neq 0, v (i_{k}) \neq 0$ , and considering the following $H_{\infty}$ performance index function:

J_{1} = {\overset{\cdot}{V}}_{1} (t) + {\bar{e}}^{T} (t) \bar{e} (t) - γ_{1}^{2} (v^{T} (i_{k}) v (i_{k}) + {\bar{w}}^{T} (t) \bar{w} (t)) < 0

(19)

we define

ψ_{2}^{T} (t) = [\begin{matrix} {\bar{e}}^{T} (t) & {\bar{e}}^{T} (t - τ_{1} (t)) & \frac{1}{τ_{1} (t)} Ω_{0}^{T} & \frac{1}{τ_{1} (t)} Ω_{1}^{T} \end{matrix}

\begin{matrix} v^{T} (t - τ_{1} (t)) & {\bar{w}}^{T} (t) \end{matrix}]

\begin{matrix} M_{21} = [\begin{matrix} I & 0 & 0 & 0 & 0 & 0 \end{matrix}], \\ M_{22} = [\begin{matrix} I & - I & 0 & 0 & 0 & 0 \end{matrix}], \end{matrix}

M_{23} = [\begin{matrix} {\bar{A}}_{i} & - {\bar{L}}_{j} {\bar{C}}_{i} & 0 & 0 & {\bar{L}}_{j} E_{v i} & - {\bar{E}}_{w i} \end{matrix}],

M_{24} = [\begin{matrix} 0 & I & 0 & 0 & 0 & 0 \end{matrix}],

\begin{matrix} M_{25} = [\begin{matrix} I & 0 & 0 & 0 & 0 & 0 \\ 0 & I & 0 & 0 & 0 & 0 \\ 0 & 0 & I & 0 & 0 & 0 \\ 0 & 0 & 0 & I & 0 & 0 \end{matrix}], \\ M_{26} = [\begin{matrix} 0 & 0 & 0 & 0 & I & 0 \\ 0 & 0 & 0 & 0 & 0 & I \end{matrix}], \end{matrix}

$Ω_{0}, Ω_{1}$ are similar to (17); thus, $\bar{e} (t) = M_{21} ψ_{2} (t),$

\begin{matrix} φ_{1} (t) = M_{22} ψ_{2} (t), \overset{\cdot}{\bar{e}} (t) = M_{23} ψ_{2} (t), \bar{e} (t - τ_{1} (t)) = M_{24} ψ_{2} (t), \\ ψ_{1} (t) = M_{25} ψ_{2} (t), {[\begin{matrix} v^{T} (i_{k}) & {\bar{w}}^{T} (t) \end{matrix}]}^{T} = M_{26} ψ_{2} (t) . \end{matrix}

Furthermore, the following equation can be obtained:

J_{1} = ψ_{2}^{T} (t) [Σ_{21} + (h_{1} - τ_{1} (t)) Σ_{22} + τ_{1} (t) Σ_{23}] ψ_{2} (t) < 0

(20)

where $Σ_{21} = 2 M_{21}^{T} P M_{23} - h_{1} M_{24}^{T} Q M_{24} - M_{22}^{T} S M_{22} -$

M_{25}^{T} (X H_{2} + H_{2}^{T} X^{T}) M_{25} + M_{21}^{T} M_{21} - γ_{1}^{2} M_{26}^{T} M_{26},

Σ_{22} = 2 M_{22}^{T} S M_{23} + M_{23}^{T} R M_{23} + 2 M_{24}^{T} Q M_{24},

Σ_{23} = M_{25}^{T} X \bar{R} X^{T} M_{25} .

It can be seen from the linear convex combination lemma that $J_{1} < 0$ is equivalent to

Σ_{21} + h_{1} Σ_{22} < 0, Σ_{21} + h_{1} Σ_{23} < 0

(21)

Because the inequalities in equations (18) and (21) are nonlinear, let $R = n_{1} P, S = n_{2} P, Q = n_{3} P, Y_{j} = P {\bar{L}}_{j}$ ; thus, the nonlinear matrix inequalities can be converted into linear matrix inequalities by applying the Schur complement lemma. Furthermore, the inequalities in equations (10)–(13) can be obtained using the Linear matrix inequality (LMI) toolbox. Among them, parameters $L_{j}, F_{j}$ can be designed by solving ${\bar{L}}_{j} = P^{- 1} Y_{j}$ .

Integrating equation (19) from 0 to $+ \infty$ , we obtain

\begin{matrix} V_{1} (+ \infty) - V_{1} (0) \leq - \int_{0}^{+ \infty} {\bar{e}}^{T} (s) \bar{e} (s) ds + γ_{1}^{2} \\ \int_{0}^{+ \infty} {\bar{w}}^{T} (s) \bar{w} (s) ds \\ + γ_{1}^{2} \sum_{k = 0}^{+ \infty} [(i_{k + 1} - i_{k}) v^{T} (i_{k}) v (i_{k})], \end{matrix}

where $\bar{w} (t) \in L_{2} [0, + \infty), v (i_{k}) \in L_{2} [0, + \infty),$ and $V_{1} (0) = 0,$ $V_{1} (+ \infty) \geq 0 .$

Thus, ${‖ \bar{e} (t) ‖}_{2}^{2} \leq γ_{1}^{2} [\sum_{k = 0}^{+ \infty} (i_{k + 1} - i_{k}) {‖ v (i_{k}) ‖}_{2}^{2} + {‖ \bar{w} (t) ‖}_{2}^{2}]$ is true. Consequently, the relevant $H_{\infty}$ performance index is verified.

Remark 4: When dealing with the integral term, the affine Bessel-Legendre inequality is used in the paper, which reduces the conservativeness of the final result and increases the solution space, resulting in improved system performance and enhanced defense against actuator fault and FDI attacks.

Co-design of robust H_∞ dual security control and communication

The control input can be updated to apply the following equation:

\begin{matrix} u (t) = \sum_{i = 1}^{r} \sum_{j = 1}^{r} ξ_{i} (θ (t)) ξ_{j} (θ (t)) [K_{j} \hat{x} (t_{k}) - B_{j}^{+} E_{fi} \hat{f} (t_{k}) \\ - B_{j}^{+} B_{i} {\hat{a}}^{a} (t_{k})] \end{matrix}

(22)

where $t \in [t_{k}, t_{k + 1})$ and ${t_{1}, t_{2}, \dots, t_{k}, \dots}$ is a sequence of the transmitted data in the event generator backend. $\hat{x} (t_{k}), \hat{f} (t_{k}),$ and ${\hat{a}}^{a} (t_{k})$ are the estimation of the system state, actuator fault, and actuator FDI attack, respectively, which are estimated by the observer. $K_{j} \in R^{m \times n}$ is the designed controller gain matrix. $B_{j}^{+} \in R^{n_{u} \times n}$ is the fault adjustment matrix, and it satisfies $(I - B_{i} B_{j}^{+}) E_{fi} = 0$ , $rank (B_{i}, E_{fi}) = rank (B_{i})$ .

Remark 5. For the actuator fault, an active fault-tolerant control strategy is adopted. For the FDI attacks on the double-end network, different countermeasures are adopted according to their different exerting locations. Specifically, the actuator FDI attack is defended by active compensation, and the sensor FDI attack is passively defended to robustly deal with it by dynamic output feedback control. The combination of active and passive can be called as active–passive attack-tolerant control.

Substituting the control input in equation (22) into the controlled plant model in equation (1), the closed-loop nonlinear CPS model with the actuator fault and the FDI attacks can be obtained as follows:

{\begin{matrix} \overset{\cdot}{x} (t) = \sum_{i = 1}^{r} \sum_{j = 1}^{r} ξ_{i} (θ (t)) ξ_{j} (θ (t)) {A_{i} x (t) + B_{i} [K_{j} \hat{x} (t_{k}) \\ - B_{j}^{+} E_{fi} \hat{f} (t_{k}) - B_{j}^{+} B_{i} {\hat{a}}^{a} (t_{k})] + B_{i} a^{a} (t) + E_{fi} f (t) + E_{wi} w (t)} \\ y (i_{k}) = \sum_{i = 1}^{r} ξ_{i} (θ (t)) {C_{i} [x (i_{k}) + a^{s} (i_{k})] + E_{vi} v (i_{k})} \end{matrix}

(23)

Furthermore, equation (23) can be written as follows:

{\begin{matrix} \overset{\cdot}{x} (t) = \sum_{i = 1}^{r} \sum_{j = 1}^{r} ξ_{i} (θ (t)) ξ_{j} (θ (t)) {A_{i} x (t) + B_{i} K_{j} x (t - τ_{2} (t)) \\ + B_{i} K_{j} e_{x} (t - τ_{2} (t)) - E_{fi} e_{f} (t - τ_{2} (t)) + τ_{2} (t) E_{fi} \overset{\cdot}{f} (t) - \\ B_{i} e_{a^{a}} (t - τ_{2} (t)) + τ_{2} (t) B_{i} {\overset{\cdot}{a}}^{a} (t) + E_{wi} w (t)} \\ y (i_{k}) = \sum_{i = 1}^{r} ξ_{i} (θ (t)) {C_{i} [x (i_{k}) + a^{s} (i_{k})] + E_{vi} v (i_{k})} \end{matrix}

(24)

Remark 6: Theorem 1 ensures that estimation errors $e_{x} (t - τ_{2} (t)), e_{f} (t - τ_{2} (t)), e_{a^{a}} (t - τ_{2} (t))$ are asymptotically convergent for the system state, actuator fault, and actuator FDI attack, whereas $τ_{2} (t) E_{fi} \overset{\cdot}{f} (t)$ and $τ_{2} (t) B_{i} {\overset{\cdot}{a}}^{a} (t)$ are norm-bounded; therefore, they can be treated as external disturbances. In addition, the sensor FDI attack is considered as a special type of disturbance to be tolerated passively in a robust manner.

Remark 7: In the design of the controller, we consider the dual security control for the actuator fault and the FDI attacks, and it is insensitive to various types of disturbances. In fact, it is a robust controller with active fault-tolerance and active–passive attack-tolerance; therefore, it can be referred to as a dual security controller.

Design goals

Under the DETCS, for the nonlinear CPS with the actuator fault and the FDI attacks, the co-design goals of fault-tolerance and attack-tolerance and communication are as follows:

In the case of no attack and disturbance, we cooperatively obtain security control matrix $K_{j}$ and event trigger matrix $Φ$ , such that the closed-loop nonlinear CPS in equation (24) is asymptotically stable;

In the case of FDI attacks and disturbances, under zero initial conditions $e_{x} (t_{k}) \neq 0$ , $e_{f} (t_{k}) \neq 0$ , $e_{a^{a}} (t_{k}) \neq 0$ , $w (t) \neq 0$ , the system satisfies $‖ x (t) ‖_{2}^{2} \leq$ $γ_{2}^{2} [‖ w (t) ‖_{2}^{2} + \sum_{k = 0}^{+ \infty} (t_{k + 1} - t_{k})$ $(‖ e_{η} (t_{k}) ‖_{2}^{2}$ + $‖ e_{f} (t_{k}) ‖_{2}^{2} + ‖ e_{a^{a}} (t_{k}) ‖_{2}^{2})]$ , where $γ_{2}$ is the disturbance suppression parameter and $‖ • ‖_{2}$ is the $L_{2} [0, \infty)$ norm;

The nonlinear CPS realizes dual security control; the transmitted data are significantly reduced, saving network resources. Moreover, a trade-off is achieved between the security control performance and the communication resource utilization.

Design of dual security controller

Theorem 2 Under the DETCS, for certain positive constants $h_{2}, σ, γ_{2}, n_{1}, n_{2}, n_{3}, m_{1}, m_{2}, m_{3}, m_{4}, m_{5}, m_{6},$ and $σ \in [0, 1)$ , for the system with time-varying actuator fault $f (t)$ and FDI attacks $a^{a} (t), a^{s} (i_{k})$ in equation (24), if there exist symmetric positive definite matrix $P'$ and appropriate dimension matrices $X', K_{1}, Q_{2}, Q_{4}, Q_{6},$ ${Q'}_{2}, {Q'}_{4}, {Q'}_{6}$ , such that the following conditions hold:

[\begin{matrix} Ψ_{11} & Ψ_{12} & Ξ_{13} & Ξ_{14} & 0 & 0 \\ * & Ψ_{22} & Ξ_{23} & Ξ_{24} & Ξ_{25} & h_{2} n_{2} K_{1 j}^{T} \\ * & * & Ξ_{33} & Ξ_{34} & 0 & 0 \\ * & * & * & Ξ_{44} & 0 & 0 \\ * & * & * & * & Ξ_{55} & 0 \\ * & * & * & * & * & - h_{2} n_{2} P' \end{matrix}] < 0

(25)

[\begin{matrix} {Ψ'}_{11} & Ξ_{12} & Ξ_{13} & Ξ_{14} & X' & 0 \\ * & Ξ_{22} & Ξ_{23} & Ξ_{24} & X' & {Ψ'}_{26} \\ * & * & Ξ_{33} & Ξ_{34} & X' & 0 \\ * & * & * & Ξ_{44} & X' & 0 \\ * & * & * & * & - \frac{15 n_{2}}{23 h_{2}} P' & 0 \\ * & * & * & * & * & {Ψ'}_{66} \end{matrix}] < 0

(26)

[\begin{matrix} Ψ ″ & 0 & 0 & {Ξ'}_{10} & {Ξ'}_{11} \\ * & σ Φ & 0 & 0 & 0 \\ * & * & - Φ & 0 & 0 \\ * & * & * & Ξ_{55} & 0 \\ * & * & * & * & - h_{2} n_{2} P' \end{matrix}] < 0

(27)

[\begin{matrix} Ψ ″' & 0 & 0 & {Ξ ″}_{10} & {Ξ ″}_{11} \\ * & σ Φ & 0 & 0 & 0 \\ * & * & - Φ & 0 & 0 \\ * & * & * & - \frac{15 n_{2}}{23 h_{2}} P' & 0 \\ * & * & * & * & Ξ_{55} \end{matrix}] < 0

(28)

\begin{matrix} [\begin{matrix} Q_{2} & E_{fi}^{T} P' \\ * & m_{1} P' \end{matrix}] > 0, [\begin{matrix} Q_{4} & n_{1} E_{fi}^{T} P' \\ * & m_{2} P' \end{matrix}] > 0, [\begin{matrix} Q_{6} & n_{2} E_{fi}^{T} P' \\ * & m_{3} P' \end{matrix}] > 0, \\ [\begin{matrix} {Q'}_{2} & B_{i}^{T} P' \\ * & m_{4} P' \end{matrix}] > 0, [\begin{matrix} {Q'}_{4} & n_{1} B_{i}^{T} P' \\ * & m_{5} P' \end{matrix}] > 0, [\begin{matrix} {Q'}_{6} & n_{2} B_{i}^{T} P' \\ * & m_{6} P' \end{matrix}] > 0 . \end{matrix}

(29)

then the system in equation (24) is asymptotically stable, and it meets the $H_{\infty}$ performance index in equation (30). Dual security controller gain $K_{j} = (P' B_{i})^{+} K_{1 j}$ and event trigger matrix $Φ$ can be obtained cooperatively.

\begin{matrix} ‖ x (t) ‖_{2}^{2} \leq γ_{2}^{2} [‖ w (t) ‖_{2}^{2} + \sum_{k = 0}^{+ \infty} (t_{k + 1} - t_{k}) (‖ e_{η} (t_{k}) ‖_{2}^{2} + \\ ‖ e_{f} (t_{k}) ‖_{2}^{2} + ‖ e_{a^{a}} (t_{k}) ‖_{2}^{2})] \end{matrix}

(30)

\begin{matrix} where Ξ_{11} = P' A_{i} + A_{i}^{T} P' - n_{1} P' \\ + \frac{h_{2}^{2}}{4} (m_{2} + m_{5}) P' - 3 X' \end{matrix}

\begin{matrix} - 3 {X'}^{T} + \frac{h_{2}^{2}}{4} (m_{3} + m_{6}) A_{i}^{T} P' A_{i}, Ξ_{12} \\ = \frac{h_{2}^{2}}{4} (m_{3} + m_{6}) A_{i}^{T} K_{1 j} + \end{matrix}

\begin{matrix} + K_{1 j} + n_{1} P' + X' - 3 {X'}^{T} - \frac{h_{2}^{2}}{4} (m_{2} + m_{5}) P', \\ Ξ_{13} = 2 X' - 3 {X'}^{T}, Ξ_{14} = 6 X' - 3 {X'}^{T}, \\ Ξ_{23} = 2 X' + {X'}^{T}, Ξ_{24} = 6 X' + {X'}^{T}, \\ Ξ_{22} = - n_{1} P' + h_{2} n_{3} P' + \frac{h_{2}^{2}}{4} (m_{2} + m_{5}) P' + X' + {X'}^{T}, \\ Ξ_{55} = - \frac{h_{2}^{2}}{4} (m_{3} + m_{6}) P', Ψ_{11} = Ξ_{11} + h_{2} n_{1} \\ (P' A_{i} + A_{i}^{T} P') + h_{2} n_{2} A_{i}^{T} P' A_{i}, \\ Ψ_{12} = Ξ_{12} + h_{2} n_{1} K_{1 j} - h_{2} n_{1} A_{i}^{T} P' + h_{2} n_{2} A_{i}^{T} K_{1 j}, \\ Ξ_{44} = 6 X' + 6 {X'}^{T}, {Ψ ″}_{11} = Ψ_{11} + I, \\ {Ψ ″}_{12} = Ψ_{12}, {Ψ ″}_{13} = Ξ_{13}, {Ψ ″}_{14} = Ξ_{14}, \end{matrix}

{Ψ'}_{11} = Ξ_{11} + h_{2} (m_{1} + m_{4}) P',

Ψ_{22} = Ξ_{22} - h_{2} n_{1} (K_{1 j} + K_{1 j}^{T}),

\begin{matrix} Ξ_{25} = \frac{h_{2}^{2}}{4} (m_{3} + m_{6}) K_{1 j}^{T}, Ξ_{33} = 2 X' + 2 {X'}^{T}, \\ Ξ_{34} = 6 X' + 2 {X'}^{T}, \end{matrix}

{Ψ'}_{26} = \frac{h_{2}^{2}}{4} (m_{3} + m_{6}) K_{1 j}^{T}, {Ψ'}_{66} = - \frac{h_{2}^{2}}{4} (m_{3} + m_{6}) P',

{Ψ ″}_{15} = {Ψ ″'}_{15} + h_{2} n_{2} A^{T} K_{1 j} + h_{2} n_{1} K_{1 j},

{Ψ ″}_{22} = Ψ_{22}, {Ψ ″}_{23} = Ξ_{23},

{Ψ ″}_{16} = {Ψ ″'}_{16} - h_{2} n_{2} A_{i}^{T} P' E_{fi} - h_{2} n_{1} P' E_{fi},

{Ψ ″}_{25} = - h_{2} n_{1} K_{1 j},

{Ψ ″}_{17} = {Ψ ″'}_{17} - h_{2} n_{2} A_{i}^{T} P' B_{i} - h_{2} n_{1} P' B_{i},

{Ψ ″}_{24} = Ξ_{24},

{Ψ ″}_{18} = {Ψ ″'}_{18} + h_{2} n_{2} A_{i}^{T} P' E_{wi} + h_{2} n_{1} P' E_{wi},

{Ψ ″}_{33} = Ξ_{33},

\begin{matrix} {Ψ ″}_{26} = {Ψ ″'}_{26} - h_{2} n_{2} K_{1 j}^{T} E_{fi} + h_{2} n_{1} P' E_{fi}, \\ {Ψ ″}_{34} = Ξ_{34}, {Ψ ″}_{27} = \end{matrix}

\begin{matrix} {Ψ ″'}_{27} - h_{2} n_{2} K_{1 j}^{T} B_{i} + h_{2} n_{1} P' B_{i}, {Ψ ″}_{28} = {Ψ ″'}_{28} \\ + h_{2} n_{2} K_{1 j}^{T} E_{wi} - h_{2} n_{1} P' E_{wi}, {Ψ ″}_{44} = Ξ_{44}, \\ {Ψ ″}_{55} = {Ψ ″'}_{55}, {Ψ ″}_{56} = {Ψ ″'}_{56} - h_{2} n_{2} K_{1 j}^{T} E_{fi} \\ {Ψ ″}_{57} = {Ψ ″'}_{57} - h_{2} n_{2} K_{1 j}^{T} B_{i}, \\ {Ψ ″}_{58} = {Ψ ″'}_{58} + h_{2} n_{2} K_{1 j}^{T} E_{wi}, \end{matrix}

\begin{matrix} {Ψ ″}_{68} = {Ψ ″'}_{68} - h_{2} n_{2} E_{fi}^{T} P' E_{wi}, {Ψ ″}_{66} = {Ψ ″'}_{66} \\ + h_{2} n_{2} E_{fi}^{T} P' E_{fi}, \end{matrix}

\begin{matrix} {Ψ ″}_{67} = {Ψ ″'}_{67} + h_{2} n_{2} E_{fi}^{T} P' B_{i}, {Ψ ″}_{77} = {Ψ ″'}_{77} \\ + h_{2} n_{2} B_{i}^{T} P' B_{i}, \end{matrix}

\begin{matrix} {Ψ ″}_{78} = {Ψ ″'}_{78} - h_{2} n_{2} B_{i}^{T} P' E_{wi}, {Ψ ″}_{88} = {Ψ ″'}_{88} \\ + h_{2} n_{2} E_{wi}^{T} P' E_{wi}, \end{matrix}

\begin{matrix} {Ξ'}_{211} = {Ξ'}_{511} = Ξ_{25}, {Ξ'}_{212} = {Ξ'}_{512} = h_{2} n_{2} K_{1 j}^{T}, \\ {Ψ ″'}_{11} = {Ψ'}_{11} + I, \end{matrix}

\begin{matrix} {Ψ ″'}_{12} = {Ψ'}_{12}, {Ψ ″'}_{13} = Ξ_{13}, {Ψ ″'}_{14} = Ξ_{14}, \\ {Ψ ″'}_{22} = {Ψ'}_{22}, \end{matrix}

{Ψ ″'}_{15} = K_{1 j} + \frac{h_{2}^{2}}{4} (m_{3} + m_{6}) A_{i}^{T} K_{1 j},

{Ψ ″'}_{16} = - P' E_{fi} -

\begin{matrix} \frac{h_{2}^{2}}{4} (m_{3} + m_{6}) A_{i}^{T} P' E_{fi}, {Ψ ″'}_{17} = - \frac{h_{2}^{2}}{4} (m_{3} + m_{6}) A_{i}^{T} P' B_{i} \\ - P' B_{i}, \end{matrix}

{Ψ ″'}_{23} = Ξ_{23}, {Ψ ″'}_{24} = Ξ_{24}, {Ψ ″'}_{33} = Ξ_{33}, {Ψ ″'}_{34} = Ξ_{34},

{Ψ ″'}_{18} = P' E_{wi} + \frac{h_{2}^{2}}{4} (m_{3} + m_{6}) A_{i}^{T} P' E_{wi}, {Ψ ″'}_{26} = - \frac{h_{2}^{2}}{4}

\begin{matrix} (m_{3} + m_{6}) K_{1 j}^{T} E_{fi}, {Ψ ″'}_{44} = Ξ_{44}, {Ψ ″'}_{55} = - γ_{2}^{2} I, \\ {Ψ ″'}_{77} = - γ_{2}^{2} I + \end{matrix}

\begin{matrix} \frac{h_{2}^{2}}{4} (m_{3} + m_{6}) B_{i}^{T} P' B_{i}, {Ψ ″'}_{88} = - γ_{2}^{2} I \\ + \frac{h_{2}^{2}}{4} (m_{3} + m_{6}) E_{wi}^{T} P' E_{wi}, \end{matrix}

\begin{matrix} {Ψ ″'}_{27} = - \frac{h_{2}^{2}}{4} (m_{3} + m_{6}) K_{1 j}^{T} B_{i}, {Ψ ″'}_{28} \\ = \frac{h_{2}^{2}}{4} (m_{3} + m_{6}) K_{1 j}^{T} E_{wi}, \end{matrix}

\begin{matrix} {Ψ ″'}_{56} = - \frac{h_{2}^{2}}{4} (m_{3} + m_{6}) K_{1 j}^{T} E_{fi}, {Ψ ″'}_{67} \\ = \frac{h_{2}^{2}}{4} (m_{3} + m_{6}) E_{fi}^{T} P' B_{i} \end{matrix}

\begin{matrix} {Ψ ″'}_{57} = - \frac{h_{2}^{2}}{4} (m_{3} + m_{6}) K_{1 j}^{T} B_{i}, {Ψ ″'}_{58} \\ = \frac{h_{2}^{2}}{4} (m_{3} + m_{6}) K_{1 j}^{T} E_{wi}, \end{matrix}

\begin{matrix} {Ψ ″'}_{66} = - γ_{2}^{2} I + \frac{h_{2}^{2}}{4} (m_{3} + m_{6}) E_{fi}^{T} P' E_{fi}, {Ψ ″'}_{68} \\ = - \frac{h_{2}^{2}}{4} m_{3} E_{fi}^{T} P' E_{wi}, \end{matrix}

{Ψ ″'}_{78} = - \frac{h_{2}^{2}}{4} (m_{3} + m_{6}) B_{i}^{T} P' E_{wi},

{Ξ ″}_{111} = {Ξ ″}_{211} = {Ξ ″}_{311} = {Ξ ″}_{411} = X', {Ξ ″}_{212} = {Ξ ″}_{512} = Ξ_{25} .

Proof: The proof process of Theorem 2 is similar to that of Theorem 1, it will not be repeated here.

Remark 8: In the proofs of Theorems 1 and 2, the affine Bessel–Legendre inequality with reduced conservativeness is adopted. Thus, the designed robust observer and the dual security controller can estimate the system state, actuator fault, and FDI attacks accurately. Moreover, it has the dual security control capabilities of fault-tolerance and attack-tolerance, and more importantly, it can enhance the performance of the nonlinear CPS.

Simulation experiment and results

To demonstrate the feasibility and effectiveness of the proposed method in this study, we adopted a classical quadruple-tank model described in Johansson.⁴²

In the simulation, $x_{i} (i = 1, 2, 3, 4)$ represents the water level variations of the Nth tank and $y_{i}$ denotes the observation of the variation. The tank is supplied by two pumps, and $u_{1}$ and $u_{2}$ are the voltages applied to them, respectively. The disturbance, $w (t)$ , and the noise, $v (i_{k_{1}})$ , are the independent white noise processes that obey $N (0.1, 0.01)$ . The initial state is $x (0) = [\begin{matrix} 4 & 4 & 2 & 2 \end{matrix}]^{T}$ , and the sampling period is $h_{1} = 0.1 s$ .

The fuzzy membership function is assumed to be $M_{1} (x_{4}) = si n^{2} x_{4}$ , $M_{2} (x_{4}) = co s^{2} x_{4}$ , $M_{3} (x_{4}) = si n^{2} x_{4}$ , $M_{4} (x_{4}) = co s^{2} x_{4}$ , and the nonlinear system is expressed as a T-S fuzzy system with four rules.

Rule $i$ : if $x_{i}$ is $M_{i}, i = 1, 2, 3, 4,$ then

{\begin{matrix} \overset{\cdot}{x} (t) = A_{i} x (t) + B_{i} u (t) + E_{f i} f (t) + E_{w i} w (t) \\ y (i_{k_{1}}) = C_{i} x (i_{k_{1}}) + E_{v i} v (i_{k_{1}}) \end{matrix}

A_{1} = [\begin{matrix} - 0.016 & 0 & 0.042 & 0 \\ 0 & - 0.011 & 0 & 0.033 \\ 0 & 0 & - 0.042 & 0 \\ 0 & 0 & 0 & - 0.033 \end{matrix}],

A_{2} = [\begin{matrix} - 0.022 & 0 & 0.061 & 0 \\ 0 & - 0.018 & 0 & 0.049 \\ 0 & 0 & - 0.064 & 0 \\ 0 & 0 & 0 & - 0.049 \end{matrix}],

A_{3} = [\begin{matrix} - 0.031 & 0 & 0.053 & 0 \\ 0 & - 0.021 & 0 & 0.067 \\ 0 & 0 & - 0.083 & 0 \\ 0 & 0 & 0 & - 0.061 \end{matrix}],

A_{4} = [\begin{matrix} - 0.039 & 0 & 0.106 & 0 \\ 0 & - 0.0276 & 0 & 0.0826 \\ 0 & 0 & - 0.107 & 0 \\ 0 & 0 & 0 & - 0.0827 \end{matrix}],

B_{1} = [\begin{matrix} 0.083 & 0 \\ 0 & 0.063 \\ 0 & 0.048 \\ 0.031 & 0 \end{matrix}], B_{2} = [\begin{matrix} 0.1246 & 0 \\ 0 & 0.093 \\ 0 & 0.071 \\ 0.045 & 0 \end{matrix}],

B_{3} = [\begin{matrix} 0.165 & 0 \\ 0 & 0.125 \\ 0 & 0.097 \\ 0.063 & 0 \end{matrix}], B_{4} = [\begin{matrix} 0.2076 & 0 \\ 0 & 0.1576 \\ 0 & 0.13 \\ 0.0776 & 0 \end{matrix}],

E_{ω 1} = [\begin{matrix} 0.01 \\ 0.01 \\ 0 \\ 0.01 \end{matrix}], E_{ω 2} = [\begin{matrix} 0.016 \\ 0.016 \\ 0 \\ 0.016 \end{matrix}], E_{ω 3} = [\begin{matrix} 0.02 \\ 0.02 \\ 0 \\ 0.02 \end{matrix}],

E_{ω 4} = [\begin{matrix} 0.024 \\ 0.024 \\ 0 \\ 0.024 \end{matrix}], E_{f 1} = - {[\begin{matrix} 0.083 & 0 & 0 & 0.031 \end{matrix}]}^{T},

E_{f 2} = - {[\begin{matrix} 0.1246 & 0 & 0 & 0.0464 \end{matrix}]}^{T},

E_{f 3} = - {[\begin{matrix} 0.167 & 0 & 0 & 0.061 \end{matrix}]}^{T},

E_{f 4} = - {[\begin{matrix} 0.2076 & 0 & 0 & 0.0774 \end{matrix}]}^{T},

\begin{matrix} C_{1} = diag {\begin{matrix} 0.5 & 0.5 & 0.5 & 0.5 \end{matrix}}, \\ C_{2} = diag {\begin{matrix} 0.48 & 0.48 & 0.48 & 0.48 \end{matrix}}, \\ C_{3} = diag {\begin{matrix} 0.46 & 0.46 & 0.46 & 0.46 \end{matrix}}, \\ C_{4} = diag {\begin{matrix} 0.52 & 0.52 & 0.52 & 0.52 \end{matrix}}, \end{matrix}

E_{v 1} = {[\begin{matrix} 0.015 & 0 & 0.015 & 0.015 \end{matrix}]}^{T},

E_{v 2} = {[\begin{matrix} 0.0224 & 0 & 0.0224 & 0.0224 \end{matrix}]}^{T},

E_{v 3} = {[\begin{matrix} 0.030 & 0 & 0.025 & 0.027 \end{matrix}]}^{T},

E_{v 4} = {[\begin{matrix} 0.0374 & 0 & 0.031 & 0.0326 \end{matrix}]}^{T},

Let $n_{1} = 0.01$ , $n_{2} = 0.5$ , $n_{3} = 0.01$ , and $γ_{1} = 7.3$ , then observer gain matrix $L_{j}$ and fault estimation gain matrix $F_{j}$ can be obtained by Theorem 1.

F_{1} = [\begin{matrix} - 1.2716 & - 0.6144 & 0.2420 & - 1.5065 \end{matrix}]

F_{2} = [\begin{matrix} - 1.1902 & - 0.6781 & 0.2930 & - 1.5697 \end{matrix}]

F_{3} = [\begin{matrix} - 1.1059 & - 0.6915 & 0.3017 & - 1.6578 \end{matrix}]

F_{4} = [\begin{matrix} - 0.8862 & - 0.5902 & 0.2100 & - 1.3947 \end{matrix}]

L_{1} = [\begin{matrix} 2.6355 & 0.4829 & - 0.2241 & 0.5439 \\ 0.3320 & 2.6460 & 0.6552 & - 0.1770 \\ - 0.0924 & 1.5548 & 0.5863 & - 0.0603 \\ 0.8471 & 0.3874 & - 0.1849 & 0.6825 \\ 0.7107 & 0.1025 & - 0.1288 & 1.3247 \\ - 0.0696 & 3.1329 & 1.7009 & - 0.1940 \\ 0.1856 & - 0.4020 & 0.2143 & - 0.3981 \\ - 0.3127 & 0.2842 & - 0.5992 & 0.1661 \\ 0.9434 & - 1.5113 & 2.2896 & 0.0464 \\ - 0.8176 & - 0.3989 & 0.1762 & 2.1892 \end{matrix}]

L_{2} = [\begin{matrix} 2.8710 & 0.5154 & - 0.2426 & 0.5969 \\ 0.3479 & 2.7649 & 0.7053 & - 0.1668 \\ - 0.0821 & 1.6116 & 0.6325 & - 0.0629 \\ 0.8670 & 0.4102 & - 0.2061 & 0.7224 \\ 0.8554 & 0.0738 & - 0.1027 & 1.2795 \\ - 0.0622 & 3.2076 & 1.7437 & - 0.1811 \\ 0.2302 & - 0.4159 & 0.2273 & - 0.4186 \\ - 0.3291 & 0.3666 & - 0.6108 & 0.1823 \\ 0.0791 & - 1.5287 & 2.3747 & 0.0560 \\ - 0.8352 & - 0.3990 & 0.1995 & 2.2851 \end{matrix}]

L_{3} = [\begin{matrix} 2.8823 & 0.4989 & - 0.2577 & 0.6072 \\ 0.3646 & 2.8056 & 0.7348 & - 0.1610 \\ - 0.0628 & 1.6379 & 0.6538 & - 0.0688 \\ 0.8362 & 0.4206 & - 0.2103 & 0.7527 \\ 0.8651 & 0.0759 & - 0.1099 & 1.2083 \\ - 0.0427 & 3.2158 & 1.7477 & - 0.1883 \\ 0.2365 & - 0.4073 & 0.2235 & - 0.4034 \\ - 0.3437 & 0.4649 & - 0.6309 & 0.1786 \\ 0.0598 & - 1.5451 & 2.4820 & 0.0593 \\ - 0.8049 & - 0.4076 & 0.1996 & 2.3784 \end{matrix}]

L_{4} = [\begin{matrix} 2.4360 & 0.4444 & - 0.1796 & 0.5654 \\ 0.2824 & 2.3767 & 0.5576 & - 0.1256 \\ - 0.0585 & 1.3831 & 0.5124 & - 0.0588 \\ 0.6865 & 0.3584 & - 0.1464 & 0.6607 \\ 0.7270 & 0.0553 & - 0.0958 & 1.0525 \\ - 0.0426 & 2.6693 & 1.3866 & - 0.1620 \\ 0.2097 & - 0.3514 & 0.1865 & - 0.3711 \\ - 0.2683 & 0.4371 & - 0.5139 & 0.1432 \\ 0.0651 & - 1.3403 & 2.2300 & 0.0466 \\ - 0.6698 & - 0.3475 & 0.1351 & 2.0881 \end{matrix}]

In Theorem 2, let $n_{1} = 6$ , $n_{2} = 0.01$ , $n_{3} = 0.2$ , $m_{1} = m_{2} = m_{3} = m_{4} = m_{5} = m_{6} = 0.01$ , $δ = 0.001$ , $h_{2} = 1.9 s$ , $γ_{1} = 5.2$ , the state feedback gain matrix, $K_{j}$ , and the event trigger weight matrix, $Φ$ , can be obtained cooperatively using Theorem 2.

K_{1} = [\begin{matrix} 0.5009 & 0.2171 & - 0.1319 & 2.5949 \\ 0.1105 & 0.3758 & 2.0049 & - 0.1598 \end{matrix}]

K_{2} = [\begin{matrix} 0.6119 & 0.2112 & - 0.1395 & 2.7603 \\ 0.0992 & 0.3786 & 2.0347 & - 0.1979 \end{matrix}]

K_{3} = [\begin{matrix} 0.4413 & 0.2260 & - 0.1040 & 2.5043 \\ 0.1238 & 0.3623 & 1.9801 & - 0.1368 \end{matrix}]

K_{4} = [\begin{matrix} 0.5016 & 0.2386 & - 0.0354 & 2.5823 \\ 0.1314 & 0.3052 & 1.8374 & - 0.1476 \end{matrix}]

Φ = diag {\begin{matrix} 0.2551 & 0.2551 & 0.2551 & 0.2551 \end{matrix}}

Estimation of state, actuator fault, and FDI attacks

In the simulation, we consider the worst case in which the actuator fault and the FDI attacks occur simultaneously.

Suppose that the fault occurs in the first channel, then the time-varying fault of the system is as follows:

f (t) = {\begin{matrix} 0, t \leq 100 \\ 2 + 2 \sin 0.01 π (t - 100), 100 < t \leq 800 \end{matrix}

For the actuator FDI attack, we assume that its first channel is constant at zero, and the second channel satisfies the following equation:

a^{a} (t) = {\begin{matrix} 0, t \leq 100 \\ 1 + \sin 0.01 π (t - 100), 100 < t \leq 800 \end{matrix}

For the sensor FDI attack, we assume that each channel satisfies the following equation:

a^{s} (t) = {\begin{matrix} 0, t \leq 100 \\ 1 + \sin 0.01 π (t - 100), 100 < t \leq 800 \end{matrix}

To observe the above system fault and FDI attacks more clearly, the estimations and corresponding errors of the fault and the actuator and sensor FDI attacks are respectively shown in Figures 2 to 9.

Figure 2.

Continuous time-varying fault and its estimation.

Figure 3.

Fault estimation error.

Figure 4.

Actuator FDI attack and its estimation.

Figure 5.

Estimation error of actuator FDI attack.

Figure 6.

Sensor FDI attack and its estimation.

Figure 7.

Estimation error of sensor FDI attack.

Figure 8.

States and their estimations.

Figure 9.

State estimation errors.

It can be seen from Figures 2 to 9 that the estimation errors of the fault, actuator FDI attack, sensor FDI attack, and state have a larger fluctuation at 100s when the FDI attacks and the actuator fault are exerted. The remaining time they are within the normal range. Among them, the fault estimation error does not exceed $\pm 0.05$ , and the estimation error of the actuator FDI attack does not exceed $\pm 0.1$ . The estimation error of the sensor FDI attack fluctuates between $\pm 0.02$ , and the state estimation error fluctuates between $\pm 0.01$ . These results show that the designed robust observer using the proposed method can timely and accurately estimate the state, FDI attacks, and actuator fault.

Analysis of impact of event-trigger parameters on CPS security and communication resource

To further analyze the influence of the trigger parameter on the CPS security and communication resources, the data transmission amount and the system security state under different trigger parameters are listed in Table 1.

Table 1.

Comparison of data transmission amount and system state under different trigger parameters.

$δ$	$n$	$\bar{n}$ (%)	$\bar{h}$ (s)	System state
0.006	716	8.95	1.117	Stable
0.008	693	8.66	1.154	Stable
0.001	652	8.15	1.227	Stable
0.0012	639	7.99	1.252	Unstable

where $n$ is data transmission amount, $\bar{n}$ is data transmission rate, and $\bar{h}$ is average transmission period.

It can be seen that with the increase in trigger parameter $δ$ , data transmission amount $n$ is decreased and average transmission period $\bar{h}$ is increased; however, the system becomes unstable when $δ = 0.0012$ . Therefore, although the increase in $δ$ reduces the amount of data transmission and the network resources are saved, it is at the expense of system security. Therefore, it is significant to choose the appropriate trigger parameter $δ$ to balance the relationship between system security and network resources. In this study, trigger parameter $δ = 0.001$ is selected based on the trade-off between them.

Comparison of different control methods

In the following, the active–passive attack tolerance method proposed in this paper and the passive attack tolerance method in Li et al.³⁸ (to tolerate FDI attacks on double-end network passively and actuator fault actively) are adopted. The output responses with these different attack-tolerance methods are presented in Figure 10(a) and (b). In addition, the data transmission amounts are specified in Table 2.

Figure 10.

System output responses with different control methods: (a) system output response with active-passive attack-tolerant and (b) system output response with passive attack-tolerant.

Table 2.

Comparison of data transmission amounts with different attack-tolerance methods.

Methods	$n$	$\bar{n}$ (%)	$\bar{h}$ (s)
Passive attacktolerance	1564	19.5	0.5115
Active-passiveattack tolerance	652	8.15	1.227

It can be seen that the system output in Figure 10(a) remains stable after 400 s, whereas that in Figure 10(b) becomes divergent after 500 s, which suggests that the method proposed in this paper is more effective in defending FDI attacks than that proposed in Li et al.³⁸ Table 2 shows that the amount of data transmission is lesser by the method proposed in this paper than that by the other methods. This shows that the former method is also more effective in saving network communication resources than the latter.

The reason is that the method in Li et al.³⁸ regards FDI attacks on double-end network as types of special disturbances and suppresses them passively in a robust manner. The control strategy proposed in this paper is different; specifically, a highly targeted active compensation is made for the actuator FDI attack according to its estimation, and the passive attack tolerance method is used only for the sensor FDI attack. Therefore, for a highly serious FDI attack, in terms of both the defense ability and the saving of communication resources, the system performance with the method proposed in this paper is better than that by the other method.

Compared to the PTTCS, which needs to transmit 8000 data, the DETCS only transmits 652 data in Table 2, with transmitted data rate of 8.15% and an average transmission period of $\bar{h} = 1.227 s$ . This result further shows that the method proposed in this paper not only ensures excellent performance but also effectively saves the network communication resources and achieves a trade-off between dual security control and communication resource.

Conclusion

Based on the DETCS, this study investigated a co-design method of dual security control and communication for a nonlinear CPS with an actuator fault and FDI attacks. First, a dual security control framework with active fault-tolerance and active–passive attack-tolerance was built, and a T–S fuzzy model of a closed-loop CPS was established, which integrated a trigger condition, the actuator fault, and the FDI attacks. Second, by introducing the appropriate Lyapunov–Krasovskii function, time delay theory, affine Bessel–Legendre inequality, and LMI technique, a robust observer for the estimation of the state, FDI attacks, and fault as well as a dual security controller with active fault-tolerance and active–passive attack-tolerance were obtained. This consequently achieved the co-design goal of dual security control and communication. Finally, a simulation of a quadruple-tank was conducted. It showed that the method proposed in this paper can timely and accurately estimate the system state, actuator fault, and FDI attacks as well as tolerate the fault actively and the FDI attacks actively-passively, simultaneously saving the network communication resources effectively. The proposed results can also provide a theoretical basis for dual security design of a nonlinear CPS in practical engineering. Particularly when a system is subject to FDI attacks and actuator fault simultaneously, the active–passive attack tolerance strategy is expected to be an effective defense method.

However, this study deals with the FDI attack at the sensor-end passively, and the defense capability of passive attack-tolerance is very limited. Therefore, how to establish a more effective defense strategy to actively deal with FDI attacks on a double-end network and further improve the CPS security defense capability will be investigated in the next research study.

Footnotes

Declaration of conflicting interests

The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding

The author(s) disclosed receipt of the following financial support for the research, authorship, and/or publication of this article: This study was financially supported by the National Natural Science of China (Grant Nos. 62163022, 61763027), Higher Education Innovation Capacity Improvement Project of Gansu in China (Grant No. 2019B-152), and Youth Science and Technology Fund of Gansu Province (Grant Nos. 21JR1RM339, 21JR7RM192).

ORCID iD

Li Zhao

References

Zhang

Wang

Feng

, et al. A survey on attack detection, estimation and control of industrial cyber-physical systems. ISA Trans 2021; 116: 1–16.

Kim

Kumar

PR.

Cyber–physical systems: a perspective at the centennial. Proc IEEE 2012; 100(13): 1287–1308.

Colombo

Karnouskos

Kaynak

, et al. Industrial cyberphysical systems: a backbone of the fourth industrial revolution. IEEE Ind Electron Mag 2017; 11(1): 6–16.

Aydos

Vural

Tekerek

Assessing risks and threats with layered approach to Internet of Things security. Meas Control 2019; 52(5–6): 338–353.

Wan

Long

Deng

, et al. Distributed event-based control for thermostatically controlled loads under hybrid cyber attacks. IEEE Trans Cybern 2021; 51(11): 5314–5327.

Wolf

Serpanos

Safety and security in cyber-physical systems and internet-of-things systems. Proc IEEE 2018; 106(1): 9–20.

Dibaji

Pirani

Flamholz

, et al. A systems and control perspective of CPS security. Annu Rev Control 2019; 47: 394–411.

Yue

Xie

, et al. A unified modeling of muti-sources cyber-attacks with uncertainties for CPS security control. J Franklin Inst 2021; 358(1): 89–113.

Takagi

Sugeno

Fuzzy identification of systems and its applications to modeling and control. IEEE Trans Syst Man Cybern 1985; 15(1): 116–132.

10.

Chaibi

El Aiss

El Hajjaji

, et al. Stability analysis and robust H∞ controller synthesis with derivatives of membership functions for T-S fuzzy systems with time-varying delay: input-output stability approach. Int J Control Autom Syst 2020; 18(7): 1872–1884.

11.

Wang

Lam

HK.

H∞ control for continuous-time Takagi–Sugeno fuzzy model by applying generalized Lyapunov function and introducing outer variables. Automatica 2021; 125: 109409.

12.

Shi

Park

, et al. Robust H∞ stabilization for T-S fuzzy systems with time-varying delays and memory sampled-data control. Appl Math Comput 2019; 346: 500–512.

13.

Liu

Tian

Wang

, et al. Integrated security threats and defense of cyber-physical systems. Zidonghua Xuebao 2019; 45(1): 5–24.

14.

Mahmoud

Hamdan

Baroudi

UA.

Modeling and control of cyber-physical systems subject to cyber attacks: a survey of recent advances and challenges. Neurocomputing 2019; 338(21): 101–115.

15.

Co-design between

α

H_{\infty}

fault-tolerant control of networked control system and network communication. J Jilin Univ (Eng Technol Ed) 2016; 46(6): 2010–2020.

16.

Lan

Patton

RJ.

A new strategy for integration of fault estimation within fault-tolerant control. Automatica 2016; 69: 48–59.

17.

Tan

Wang

, et al. Mixed active/passive robust fault detection and isolation using set-theoretic unknown input observers. IEEE Trans Autom Sci Eng 2018; 15(2): 863–871.

18.

Zhao

Co-design of dual security control and communication for nonlinear CPS under DoS attack. IEEE Access 2020; 8: 19271–19285.

19.

Wang

Liu

Observer–based H∞ control for cyber–physical systems encountering DoS jamming attacks: an attack-tolerant approach. ISA Trans 2020; 104: 1–14.

20.

Che

Deng

. Dynamic event-triggered model-free adaptive control for nonlinear CPSs under aperiodic DoS attacks. Inf Sci 2022; 589: 790-801.

21.

Tang

False data injection attack for cyber-physical systems with resource constraint. IEEE Trans Cybern 2020; 50(2): 729–738.

22.

Zhang

False data injection attacks with complete stealthiness in cyber–physical systems: a self-generated approach. Automatica 2020; 120: 109117.

23.

Langner

Stuxnet: dissecting a cyberwarfare weapon. IEEE Secur Priv 2011; 9(3): 49–51.

24.

Static output feedback control for discrete-time hidden Markov jump systems against deception attacks. Int J Robust Nonlinear Control 2019; 29(18): 6616–6637.

25.

Yang

GH.

Improved adaptive resilient control against sensor and actuator attacks. Inf Sci 2018; 423: 145–156.

26.

Corradini

Cristofaro

Robust detection and reconstruction of state and sensor attacks for cyber-physical systems using sliding modes. IET Control Theory Appl 2017; 11(11): 1756–1766.

27.

Anta

Tabuada

To sample or not to sample: self-triggered control for nonlinear systems. IEEE Trans Automat Contr 2010; 55(9): 2030–2042.

28.

Peng

Yang

TC.

Event-triggered communication and H∞ control co-design for networked control systems. Automatica 2013; 49(5): 1326–1332.

29.

Zhang

Peng

, et al. Adaptive event-triggered communication scheme for networked control systems with randomly occurring nonlinearities and uncertainties. Neurocomputing 2016; 174: 475–482.

30.

Yan

, et al. Adaptive Event-triggered control for unknown second-order nonlinear multiagent systems. IEEE Trans Cybern 2021; 51(12): 6131-6140.

31.

Yang

GH.

Event-triggered secure observer-based control for cyber-physical systems under adversarial attacks. Inf Sci 2017; 420: 96–109.

32.

Zhou

, et al. Event-triggered consensus control for multi-agent systems against false data-injection attacks. IEEE Trans Cybern 2020; 50(5): 1856–1866.

33.

Gao

Zhao

Wang

, et al. Event-triggered output feedback control for discrete markov jump systems under deception attack. J Franklin Inst 2020; 357(11): 6435–6452.

34.

Peng

Dong

Cai

, et al. On the stability of cyber-physical systems under false data injection attacks. Acta Automatica Sinica 2019; 45(1): 196–205.

35.

Bezzaoucha Rebaï

Voos

Darouach

. Attack-tolerant control and observer-based trajectory tracking for cyber-physical systems. Eur J Control 2019; 47: 30–36.

36.

Xiao

, et al. Output tracking control for sampled-data networked control systems in T-S fuzzy model. Acta Autom Sin 2015; 41(3): 661–668.

37.

Fridman

A refined input delay approach to sampled-data control. Automatica 2010; 46(2): 421–427.

38.

Shi

Research on secure control and communication for cyber-physical systems under cyber-attacks. Trans Inst Meas Contr 2019; 41(12): 3421–3437.

39.

Qiu

JP.

Optimal integrated design of time-varying fault estimation and accommodation for non-uniform sampled data systems. Acta Autoatica Sinica 2014; 40(7): 1493–1504.

40.

Lee

Park

Affine Bessel–Legendre inequality: application to stability analysis for systems with time-varying delays. Automatica 2018; 93: 535–539.

41.

Park

Jeong

Reciprocally convex approach to stability of systems with time-varying delays. Automatica 2011; 47: 235–238.

42.

Johansson

KH.

The quadruple-tank process: a multivariable laboratory process with an adjustable zero. IEEE Trans Control Syst Technol 2000; 8(3): 456–465.

Research on co-design of dual security control and communication for nonlinear CPS with actuator fault and FDI attacks

Abstract

Keywords

Introduction

Problem formulation

Framework of dual security control

System description

Trigger condition of DETCS

Analysis of correlated delay interval

Design of robust H∞ observer for estimation of state, FDI attacks, and actuator fault

Augmented error system

Design of robust H ∞ observer

Co-design of robust H∞ dual security control and communication

Design goals

Design of dual security controller

Simulation experiment and results

Estimation of state, actuator fault, and FDI attacks

Analysis of impact of event-trigger parameters on CPS security and communication resource

Comparison of different control methods

Conclusion

Footnotes

Declaration of conflicting interests

Funding

ORCID iD

References

Design of robust H_∞ observer for estimation of state, FDI attacks, and actuator fault

Design of robust $H_{\infty}$ observer

Co-design of robust H_∞ dual security control and communication