Open Access is an initiative that aims to make scientific research freely available to all. To date our community has made over 100 million downloads. It’s based on principles of collaboration, unobstructed discovery, and, most importantly, scientific progression. As PhD students, we found it difficult to access the research we needed, so we decided to create a new Open Access publisher that levels the playing field for scientists across the world. How? By making research easy to access, and puts the academic needs of the researchers before the business interests of publishers.
We are a community of more than 103,000 authors and editors from 3,291 institutions spanning 160 countries, including Nobel Prize winners and some of the world’s most-cited researchers. Publishing on IntechOpen allows authors to earn citations and find new collaborators, meaning more people see your work not only from your own field of study, but from other related fields too.
To purchase hard copies of this book, please contact the representative in India:
CBS Publishers & Distributors Pvt. Ltd.
www.cbspd.com
|
customercare@cbspd.com
A cyber-physical system (CPS) is a tight coupling of computational resources, network communication, and physical processes. They are composed of a set of networked components, including sensors, actuators, control processing units, and communication agents that instrument the physical world to make “smarter.” However, cyber components are also the source of new, unprecedented vulnerabilities to malicious attacks. In order to protect a CPS from attacks, three security levels of protection, detection, and identification are considered. In this chapter, we will discuss the identification level, i.e., secure state estimation and attack reconstruction of CPS with corrupted states and measurements. Considering different attack plans that may assault the states, sensors, or both of them, different online attack reconstruction approaches are discussed. Fixed-gain and adaptive-gain finite-time convergent observation algorithms, specifically sliding mode observers, are applied to online reconstruction of sensor and state attacks. Next, the corrupted measurements and states are to be cleaned up online in order to stop the attack propagation to the CPS via the control signal. The proposed methodologies are applied to an electric power network, whose states and sensors are under attack. Simulation results illustrate the efficacy of the proposed observers.
*Address all correspondence to: shamila.nateghi.b@gmail.com
1. Introduction
Cyber-physical systems (CPS) are the integration of the cyber-world of computing and communications with the physical world. In many systems, control of a physical plant is integrated with a wireless communication network, for example, transportation networks, electric power networks, integrated biological systems, industrial automation systems, and economic systems [1, 2]. Since CPSs use open computation and communication platform architectures, they are vulnerable to suffering adversarial physical faults or cyber-attacks. Faults and cyber-attacks are referred to as attacks throughout this chapter.
Recent real-world cyber-attacks, including multiple power blackouts in Brazil [3], and the Stuxnet attack [4] in 2010, showed the importance of providing security to CPSs. Identification and modeling process as [5, 6] which are based on data can be seriously affected by corrupted data. As a result, information security techniques [7] may be not sufficient for protecting systems from sophisticated cyber-attacks. It is suggested in [8] that information security mechanisms have to be complemented by specially designed resilient control systems. Controlling CPS with sensors and actuators, who are hijacked/corrupted remotely or physically by the attackers, is a challenge. The use of novel control/observation algorithms is proposed in this chapter for recovering CPS performance online if an attacker penetrates the information security mechanisms.
Cyber security of CPS must provide three main security goals: availability, confidentiality, and integrity [7]. This means that the CPS is to be accessible and usable upon demand, the information has to be kept secret from unauthorized users, and the trustworthiness of data has to be guaranteed. Lack of availability, confidentiality, and integrity yields denial of service, disclosure, and deception, respectively. A specific kind of deception attack called a replay attack has been investigated when the system model is unknown to the attackers but they have access to the all sensors [9, 10]. Replay attacks are carried out by “hijacking” the sensors, recording the readings for a certain time, and repeating such readings while injecting them together with an exogenous signal into the system’s sensors. It is shown that these attacks can be detected by injecting a random signal, unknown to the attacker, into the system. In the case when the system’s dynamic model is known to the attacker, another kind of deception attack, called a cover attack, has been studied in [11], and the proposed algorithm allows cancelling out the effect of this attack on the system dynamics. In systems with unstable modes, false data injection attacks are applied to make some unstable modes unobservable [12]. Denial of service attacks assaults data availability through blocking information flows between different components of the CPS. The attacker can jam the communication channels, modify devices, and prevent them from sending data, violate the routing protocols, etc. [13]. In a stealth attack, the attacker modifies some sensor readings by physically tampering with the individual meters or by getting access to some communication channels [14, 15]. As a result, detecting and isolating of cyber-attacks in CPSs has received immense attention [16]. However, how to ensure the CPS can continue functioning properly if a cyber-attack has happened is another serious problem that should be investigated; therefore, the focus of this chapter is on resilient control of CPS.
In [17], new adaptive control architectures that can foil malicious sensor and actuator attacks are developed without reconstructing the attacks, by means of feedback control only. A sparse recovery algorithm is applied to reconstruct online the cyber-attacks in [18]. Sliding mode control with advantages of quick response and strong robustness is one of the best approaches to control CPS [19, 20, 21, 22]. In [23], a finite-time convergent higher-order sliding mode (HOSM) observer, based on a HOSM differentiator and a sparse recovery algorithm, are used to reconstruct online the cyber-attack in a nonlinear system. Detection and observation of a scalar attack by a sliding mode observer (SMO) has been accomplished for a linearized differential-algebraic model of an electric power network when plant and sensor attacks do not occur simultaneously [24]. Cyber-attacks against phasor measurement unit (PMU) networks are considered in [25], where a risk mitigation technique determines whether a certain PMU should be kept connected to network or removed. In [26] a sliding mode-based observation algorithm is used to reconstruct the attacks asymptotically. This reconstruction is approximate only, since pseudo-inverse techniques are used.
In this chapter, CPSs controlled by a control input subject to sensor attacks and state/plant attacks are considered. The corrupted measurements propagate the attack signals to the CPS through the control signals causing CPS performance degradation. The main challenge that is addressed in the chapter is online exact reconstruction of the sensor and state attacks with an application to an electric power network. The contribution of this chapter is:
Novel fixed and adaptive-gain SMO for the linearized/linear CPS under attack are proposed for the online reconstruction of sensor attacks. The time-varying attacks are reconstructed via the proposed SMO that includes a newly designed dynamic filter. Note that the well-known SMO proposed in [27] reconstructs the slow-varying perturbations only.
A super twisting SMO is applied to reconstruct the state/plant time-varying attacks of the linearized/linear CPS under attack.
For online state/plant attack reconstruction in nonlinear CPS under attack, a higher-order sliding mode disturbance observer [28] is used.
An algorithm that use sliding mode differentiation techniques [29] in concert with the finite-time convergent observer for the sparse signal recovery is applied to online reconstruction of time-varying attack in nonlinear CPS under attack when we have limited measurements and more possible sources of attack [30].
2. Motivation example: electric power network under attack
In a real-world power network, only a small group of generator rotor angles and rates is directly measured, and typical attacks aim at injecting disturbance signals that mainly affect the sensorless generators [24].
The small-signal version of the classic structure-preserving power network model is adopted to describe the dynamics of a power network. Consider a connected power network consisting of n1 generators g1…gn1 and n2 load buses bn1+1…bn1+n2. The interconnection structure of the power network is encoded by a connected susceptance-weighted graph G. The vertices of G are the generators gi and the buses bi. The edges of G are the transmission lines bibj and the connections gibi weighted by their susceptance values. The Laplacian associated with the susceptance-weighted graph is the symmetric susceptance matrix L∈Rn1+n2×n1+n2 defined by Lθ=Lg,gθLg,lθLl,gθLl,lθ [8].
The CPS that motivates the results presented in this work is the US Western Electricity Coordinating Council (WECC) power system [8] under attack with three generators and six buses, whose electrical schematic is presented in Figure 1. The mathematical model of the power network in Figure 1 under sensor stealth attack and deception attack can be represented as the following descriptor equations that consist of differential and algebraic equations [8]:
where the state vector x=δTωTθTT includes the vector of rotor angles δ∈R3, the vector of generator speed deviations from synchronicity ω∈R3, as well as the vector of voltage angles at the buses θ∈R6. The y∈Rp is the measurement vector, dx∈Rm1 is the Deception attack corrupting the states, and dy∈Rm−m1 is the stealth attack vector spoofing the measurements. Note that the states of the plant are under attack even if they are not attacked directly but via propagation.
The measurement corruption attacks through an output control feedback. The matrices Eg,Mg∈R3×3 are diagonal whose nonzero entries consist of the damping coefficients and the normalized inertias of the generators, respectively:
The inputs Pω and Pθ are due to known changes in the mechanical input power to the generators and real power demands at the loads. The matrices B∈R12×m1 and D∈Rp×m−m1 are the attack distribution matrices, and C∈Rp×12 is the output gain matrix. The Lθ∈R9×9 withLg,gθ∈R3×3,Lg,lθ∈R3×6,Ll,gθ∈R6×3,Ll,lθ∈R6×6 is giving by
Note that ωi→0∀i=1,2,3 in a case of the nominal performance of the studied network. Consider the case when the outputs of system, which are the measurement sensors ω1,ω2,ω3, are corrupted by the following stealth attacks.
d1=−ω1+2sinπt,d2=−ω2+cos0.5πt,d3=−ω3+sinπtE4
The system (1) was simulated with and without above attacks. Based on the simulation results shown in Figures 2 and 3, the stealth attack in (4) yields inappropriate degradation of the power network performance.
Figure 2.
Comparing corrupted sensor measurements (ω1,ω2,ω3 under attack) and sensor measurements when there is no attack.
Figure 3.
Comparing corrupted states (δ1,δ2,δ3 under attack) and stats when there is no attack.
This motivates why online reconstruction of the attacks followed by cleanup of the measurements prior to using them in control signal is of prime importance for retaining the performance of the power network (as it will be shown in Section VI where the proposed SMO is applied to achieve this goal). The case study of the power network (1) will be further discussed in details in Section 6.
Consider the following completely observable and asymptotically stable system
ẋ=fx+Bxdty=Cx+DdtE5
where x∈Rn is the state vector, fx∈Rn is a smooth vector field, dt∈Rm denotes the attack/fault vector which is additive and matched to the control signal, y∈Rp is the measurement vector, p≥m, Cx∈Rp is the output smooth vector field, Bx∈Rn×m and D∈Rp×m denote the attack/fault distribution matrices. For notational convenience, and without affecting generality, the input distribution matrices can be partitioned as
Bx=B1x01,D=02D1E6
where B1x∈Rn×m1,D1∈Rp×m−m1,01∈Rn×m−m1,02∈Rp×m1 where m1≤m.
Assumption (A1):B1x,D1 are of full rank.
The attack/fault vector is partitioned accordingly as
where dxt, dyt represent the state and the sensor attack vectors, respectively. Different attack strategies are shown in Table 1 and discussed in Section 1.
Attack plan
dxt≠0
dyt≠0
Access to all sensors
Need to know the system model
Stealth attack
√
Deception attack
√
Reply attack
√
√
√
Covert attack
√
√
√
False data injection attack
√
√
Table 1.
Cyber-attack strategies.
Since p≥m−m1, the system (8) can be partitioned using a nonsingular transformation M∈Rp×p
y=My¯E9
selected so that
M−1D1=0p−m−m1×m−m1D¯1m−m1×m−m1E10
Taking into account (10), system (8) is reduced to
ẋ=fx+B1xdxty¯1=C1x,y¯2=C2x+D¯1dytE11
where y¯1∈Rp1 with p1=p−m−m1 and y¯2∈Rp2 where p2=m−m1. Note that the state attack vector dxt is additive and matched to the control input that is embedded in system Eq. (11) already.
Assumption (A2): Attacks are detectable, i.e., the invariant zeros of Eq. (11) are stable.
The problem is to protect the closed loop system (11) from the sensor attack dy∈Rm−m1 and state/plant attack dxt∈Rm1 by means of designing fixed-gain and adaptive-gain SMOs that allow: (a) reconstructing online the sensor attack dy, the state/plant attack dxt, and the plant states x so that
d̂xt→dxt,d̂yt→dyt,x̂→xE12
as time increases and.
(b) “cleanup” of the plant and sensors so that the dynamics of the CPS under attack (11) approaches,
In this chapter, for the linearized case of the system in Eq. (5), two SMOs for state estimation and attack reconstruction are discussed. Two other SMO strategies for nonlinear system (5) are also proposed and investigated.
5.1 Attack reconstruction in linear system via filtering by adaptive sliding mode observer
Consider the linearized system in Eq. (5) with Cx=Cx and Bx=B
ẋ=Ax+Bdt,y=Cx+DdtE14
5.1.1 System’s transformation
Considering system Eq. (14) and assuming assumption (A1) holds, then as show in [29] there exists a matrix N∈Rn−p×n such that the square matrix
Tc=NCE15
is nonsingular and the change of coordinates x↦Tcx creates, without loss of generality, a new state-space representation A′B′C′D where
A′=TcATc−1,B′=TcB,C′=CTc−1=0p×n−pIp×pE16
After the linear changing of coordinate, the CPS Eq. (14) is rewritten as
with x1∈Rn−p,x2∈Rp, B1∈Rn−p×m, B2∈Rp×m, A11∈Rn−p×n−p, A12∈Rn−p×p, A21∈Rp×n−p,A22∈Rp×p. It is well known that AC is observable if and only if A11A21 is observable [31].
Defining a further change of coordinates x¯1=x1+Lx2 where L∈Rn−p×p is the design matrix, then the system Eq. (17) can be rewritten as
where A˜11=A11+LA21,A˜12=−A11L+A12−LA21L+LA22, B˜1=B1+LB2, A˜21=A21, A˜22=A22−A21L, B˜2=B2. Since A11A21 is observable, there exist choices of the matrix L so that the matrix A˜11=A11+LA21 is Hurwitz.
Assumption (A3): The attack dt and its derivative are norm bounded, i.e.,
d<kd and ḋ<ld where kd,ld>0 and are known.
Since p>m, there exists a nonsingular scaling matrix Q∈Rp×p such that
QD=0p−m×mD2E19
where D2∈Rm×m is nonsingular. Define y¯ as the scaling of the measured outputs y according to y¯=Qy. Partition the output of the CPS into unpolluted measurements y¯1∈Rp−m and polluted measurements y¯2∈Rm as
y¯=y¯1y¯2=Q1x2Q2x2+D2d=Qx2+0p−m×mD2dE20
Scale state component x2 and define x¯2=Qx2. Then Eq. (18) can be rewritten as
where A¯11=A˜11, A¯12=A˜12Q−1, B¯1=B˜1, A¯21=QA˜21, A¯22=QA˜22Q−1, and B¯2=QB˜2. Define x¯2=colx¯21x¯22, where x¯21∈Rp−m and x¯22∈Rm. Consequently the system in Eq. (21) can be written in partitioned form as
where A¯11 is Hurwitz and the virtual measurement y¯1 presents the protected measurements and y¯2 shows the attacked/corrupted measurements.
5.1.2 Attack observation
A SMO is proposed to reconstruct the attack in order to clean up the measurements and states and to allow the use of clean measurement in the control signal.
Define a (sliding mode) observer for the system Eq. (22) as
z¯̇=A¯z¯+G¯1y¯1−z¯21+G¯2y¯2−z¯22−GnυE23
where z¯=colz¯1z¯21z¯22 is conformal with the partition of x¯ in Eq. (22). In Eq. (23), υ is a nonlinear injection signal that depends on y¯2−z¯22 and is used to induce a sliding motion in the estimation error space, and
are the gain matrices where A¯12a∈Rn−p×p−m, A¯22a∈Rp−m×p−m, A¯12b∈Rn−p×m, A¯22b∈Rp−m×m, A¯22d∈Rm×m, and the matrices A22s∈Rp−m×p−m and A33s∈Rm×m are user-selected Hurwitz matrices, while A33s is symmetric negative definite. The injection signal υ∈Rm is defined as
υ=−ρ+ηy¯2−z¯22y¯2−z¯22,ρ,η>0E25
where scalar gain ρ will be defined in the sequel, and η is a positive design scalar.
Assumption (A4): Matrix sI−A∗ is invertible, where A∗=A¯−B¯D2−1C¯2−G¯1C¯1.
Defining e¯=x¯−z¯, then it follows e¯=cole¯1e¯21e¯22 where e¯1=x¯1−z¯1, e¯21=x¯21−z¯21, e¯22=x¯22−z¯22. It follows
ey2=y¯2−z¯22=e¯22+D2dE26
and by direct substitution from Eqs. (22) and (23) that
Then, as soon as the sliding mode is established in finite time in Eq. (27) on the sliding surface Eq. (28) by means of the injection term Eq. (25) with ρ=m0kd+D2∞ld, the attack d is asymptotically estimated as
where υeq is the equivalent injection term [31] and a close approximation and υ¯eq can be obtained in real time by low-pass filtering of the switching signal Eq. (25) [29]. Replacing υeq by υ¯eq in Eq. (30) gives
d̂¯=G∗sυ¯eqE31
Proof of the Theorem 1 is omitted for brevity.
Remark 1: The SMO (31) is a dynamic filter that allows reconstructing the time-varying attack dt. This filter is the main novel feature of the proposed observer.
5.1.3 Adaptive-gain attack observer design
In Eq. (29), it was assumed that the perturbation term φ is locally norm-bounded and ρ>0 in Eq. (25) is known. In many practical cases, the boundary of attacks is unknown, and the gain of the sliding mode injection term Eq. (25) in the fixed-gain observer in Eq. (23) can be overestimated. The gain overestimation could increase chattering that is difficult to attenuate.
The constant gain ρ>0 can be replaced by an adaptive-gain ρt by applying the dual layer nested adaptive sliding mode observation algorithm [32], i.e.,
υ=−ρt+ηy¯2−z¯22y¯2−z¯22E32
A sufficient condition to ensure sliding on ey2=0 in finite time is
ρt>A33sey2+ϕ+D2ḋE33
An error signal is defined as
σt=ρt−1αυ¯eqt−εE34
where the scalars 0<α<1, ε>0. The adaptation dynamics of ρt in Eq. (32) is defined as [32].
ρ̇t=−rtsignσtE35
where the time-varying scalar rt>0 satisfies an adaptive scheme. It is assumed that rt has the structure
rt=ℓ0+ℓtE36
where ℓ0 is a fixed positive scalar. The evolution of ℓt is chosen to satisfy an adaptive law [32]:
ℓ̇t=γσtifσt>σ00otherwiseE37
where γ>0,σ0>0 are design scalars. The second main results are summarized in Theorem 2 as:
and assume that at<a0,ȧt<a1, where a0 and a1 are finite but unknown. A SMO is designed as in Eq. (23) with the adaptive injection term in Eqs. (32)–(37). If ε>0 in (34) is chosen to satisfy
14ε2>σ02+1γqa1α2E39
for any given σ0, q>1, and, 0<α<1, then the injection term (32) exploiting the dual layer adaptive scheme given by Eqs. (35)–(37) drives σt to a domain σt<ε/2 in finite time and consequently ensures a sliding motion ey=0 can be reached in finite time and sustained thereafter. The gains rt and ρt remain bounded. The sensor attack signal dt is reconstructed as in Eq. (30) with the equivalent adaptive injection term υeq or υ¯eq.
Proof of Theorem 2 is based on the results in [32] and is omitted for brevity.
Remark 2: The proposed unit vector injection gain-adaptation algorithm in Eqs. (32)–(37) does not require the knowledge of the boundaries kd,ld>0 in d<kd and ḋ<ld.
5.2 State estimation and attack reconstruction in linear systems by using super twisting SMO
Consider the completely observable linearized system Eq. (11) with C1x=C1x, C2x=C2x, B1x=B, that is,
ẋ=Ax+B1dxt,y¯1=C1x,y¯2=C2x+D¯1dytE40
where B1∈Rn×m1, C1∈Rp−m−m1×n, C2∈Rm−m1×n.
Assumption (A5): The number of uncorrupted/protected measurements is equal or larger than the number of state/plant attack, i.e., p1=p−m−m1≥m1.
The system Eq. (40) is assumed to have an input-output vector relative degree r=r1r2…rp1, where relative degreeri for i=1,2,…,p1 is defined as follows:
C1iAjB1=0forallj<ri−1C1iAri−1B1≠0E41
Without loss of generality, it is assumed that r1≤…≤rp1.
5.2.1 Attack observation
Assumption (A6): there exists a full rank matrix.
Ca=C1⋮C1Arα1−1⋮Cp1⋮Cp1Arαp1−1E42
where integers 1≤rαi≤ri are such that rankCaB=rankB and rαi are chosen such that ∑i=1p1rαi is minimal.
The following SMO [33] is used to estimate the states of system Eq. (40):
x̂̇=Ax̂+Glya−Cax̂+Gnυcya−Cax̂E43
where the matrices of appropriate dimensions Gl and Gn are to be designed, and υc. is an injection vector
By choosing suitable gains λs and βs in the output injections Eq. (49), then.
ya=CaxE53
for all t>T [33]. Then, the error dynamics Eq. (52) is rewritten as
ė=A¯−GlCae+B¯1dxt−GnυcCaeE54
Since rankCaB¯1=rankB¯1 and by assumption the invariant zeros of the triple ABCa lie in the left half plane, based on the design methodologies in [35], It follows that e=0 is an asymptotically stable equilibrium point of Eq. (52) and dynamics are independent of dxt once a sliding motion on the sliding manifold s=Cae=0 has been attained. During the sliding mode ṡ=s=0, it is
ṡ=Caė=CaA¯−GlCae+CaB¯1dxt−CaGnυcCae=0E55
as e→0; then
CaGnυceq→CaB¯1dxtE56
where υceq is the equivalent output error injection required to maintain the system on the sliding manifold. Since CaB¯1 is full rank, the attack reconstruction is obtained as (50).
According to (A1), D¯1 is full rank; then sensor attacks in Eq. (40) are reconstructed
d̂yt=D¯1−1y¯2−C2x̂E57
5.3 The state and disturbance observer for nonlinear systems using higher-order sliding mode differentiator
Consider the locally stable system Eq. (11) where y¯1 and B1x are y¯1=y1y2,…,yp1T, B=b1b2…bm1∈Rn×m1, bi∈Rn,∀i=1,…,m1 are smooth vector fields defined on an open Ω⊂Rn. According to (A5), we consider p1=m1 here. The following properties introduced by Isidori [36] are assumed for x∈Ω.
Assumption (A7): The system in Eq. (11) is assumed to have vector relative degree r=r1r2…rm1 and total relative degree rt=∑i=1m1ri,rt≤n, i.e.,
asymptotic estimate x̂ of the state vector x can be identified via Eqs. (67) and (69)
x̂=Ψ−1δ̂γ̂E71
Since the finite-time exact estimates δ̇̂iri of δ̇iri, ∀i=1,…,m1 are available via the higher-order sliding mode differentiator, and using the estimates δ̂,γ̂ for δ,γ, an asymptotic estimate d̂t of disturbance dt in Eq. (11) is identified as [28].
Remark 3: The convergence d̂→d can be achieved only locally and as time increases due to the local asymptotic stability of the norm-bounded solution of the internal dynamics γ̇=gδγ. However convergence will be achieved in finite time if the total relative degree r=n and no internal dynamics exist.
Considering Eq. (11) and D¯1 is full rank, sensor attack can be reconstructed as
d̂yt=D¯1−1y¯2−C2x̂E73
5.4 Attack reconstruction in nonlinear system by sparse recovery algorithm
In some applications, there are a limited number of measurements, p, and more sources of attack, m. Previously, we investigated the cases where p>m. Now, consider system (5) with more attacks than measurements, m>p.
Notice that a more general format of (5) is considered here where matrix D is a function of x as well.
Assumption (A11): Assume that the attack vector dt is sparse, meaning that numerous attacks are possible, but the attacks are not coordinated, and only few nonzero attacks happen at the same time.
5.4.1 Sparse recovering algorithm
The problem of recovering an unknown input signal from measurements is well known, as a left invertibility problem, as seen in several works [30, 37], but this problem was only treated in the case where the number of measurements is equal or greater than the number of unknown inputs. The left invertibility problem in the case of fewer measurements than unknown inputs has no solution or more exactly has an infinity of solutions.
In particular, the objective of exact recovery under sparse assumptions denoted for the sake of simplicity as “sparse recovery” (SR) is to find a concise representation of a signal using a few atoms from some specified (over-complete) dictionary,
ξ=Φs¯+ε0E74
where s¯∈RN are the unknown inputs with no more than j nonzero entries, ξ∈RM are the measurements, ε0 is a measurement noise, and Φ∈RM×N is the dictionary where M≪N.
Definition 1: The Restricted Isometry Property (RIP) condition of j-order with constant ςj∈01 (ςj is as small as possible for computational reasons) of the matrix Φ yields
1−ςs¯s¯22≤Φs¯22≤1+ςs¯s¯22E75
for any j sparse of signal s¯. Considering ΦΓ as the index set of nonzero elements of s¯, then Eq. (75) is equivalent to [23]:
1−ςs¯≤eigΦΓTΦΓ≤1+ςs¯E76
where ΦΓ is the sub-matrix of Φ with active nodes.
The problem of SR is often cast as an optimization problem that minimizes a cost function constructed by leveraging the observation error term and the sparsity inducing term [37], i.e.,
s¯∗=argmins¯∈RN12ξ−Φs¯22+λΘs¯E77
In Eq. (77) the original sparsity term is the quasi norm s¯0; but as long as the RIP conditions hold, it can be replaced by Θs¯=s¯1≜∑is¯i. Note that λ>0 in Eq. (77) is the balancing parameter and s¯∗ is the critical point, i.e., the solution of Eq. (74). Typically, for sparse vectors s¯ with j-sparsity, where j must be equal or smaller than M−12 [37], the solution to the SR problem is unique and coincides with the critical point of Eq. (74) providing that RIP condition for Φ with order 2j is verified. In other words, in order to guarantee the existence of a unique solution to the optimization problem Eq. (74), Φ should satisfy restricted isometry property [37].
Under the sparse assumption of s¯ and the fulfillment of the j-RIP condition of the matrix Φ, the estimation algorithm proposed in [37] is
μv̇t=−vt+ΦTΦ−IN×Nat−ΦTξβ,ands¯̂t=atE78
where v∈RN is the state vector, s¯̂t represents the estimate of the sparse signal s¯ of (74), and μ>0 is a time-constant determined by the physical properties of the implementing system. .β=.βsign. and at=Hλv where Hλ. is a continuous soft thresholding function:
Hλv=maxv−λ0sgnvE79
where λ>0 is chosen with respect to the noise and the minimum absolute value of the nonzero terms.
Under Definition 1, the state v of Eq. (78) converges in finite time to its equilibrium point v∗, and s¯̂t in Eq.(78) converges in finite time to ŝ∗ of Eq. (77).
5.4.2 Attack reconstruction
The measured output under attack y of the system Eq. (5) is fed to the input of the low-pass filter that facilitates filtering out the possible measurement noise
ż=1τ−z+Cx+DxdtE80
The filter output z∈Rp is available. Then, system Eq. (5) with filter Eq. (80) is rewritten as
If assumption (A2), (A7), and (A9) hold for system Eq. (81), i.e., the relative degree vector of Eq. (81) is r=r1r2…rp, the distribution Γ=spanΩ1Ω2…Ωm is involutive, and if zero dynamics exist, they are assumed asymptotically stable and may be left alone. Here it is assumed that there are no zero dynamics in system Eq. (81) and it is presented as
Finally, filtered system Eq. (5), as it is rewritten in Eq. (85), is in the same form of Eq. (74). Then, sparse recovery algorithm discussed in Section 5.4.1 is applied to Eq. (85) to reconstruct dt.
Remark 4: The derivatives ϒ̇r11,…,ϒ̇rpp are computed exactly in finite time using higher-order sliding mode differentiators [28] discussed in Eqs. (65) and (66).
Consider the mathematical models (1)–(4) of the US Western Electricity Coordinating Council (WECC) power system [8] with three generators and six buses (Figure 1) when the sensors of the generator speed deviations from synchronicity are under stealth attack and plant is under deception attack.
Assumption (A12): The matrix Ll,lθ in (3) is nonsingular.
If (A12) holds, then the variable θ can be rewritten as
The three sensors of rotor angles, δ∈R3, are assumed protected from attack, but the three sensors of the generator speed deviations from synchronicity, ω∈R3, are assumed to be attacked.
The B1ω=I3,B1θ=06×3,Dδ=03×6 are given, and then Eq. (88) is reduced to
Remark 5:D1ω satisfies RIP condition defined in Eq. (75).
In the first step of attack reconstruction, dxt is estimated by using protected measurements y1 and the SMO described in Section 5.2. It is easy to verify that
where C¯δi is the ith row of C¯δ. The states of the system, δ̂,ω̂, and plant attacks d̂xt are reconstructed using Eqs. (43) and (50). Then, ω̂ is used in Eq. (89) to find
Dωdyt=y2−ω̂E91
There are six sources dy1,…,dy6 attacking three measurements ω1,ω2,ω3, and at any time, just one out of six attack signals is nonzero. The SR algorithm in Section 5.2 is applied to find d̂yt. The following attacks are considered for simulation.
Deception attacks dx1, dx2, and dx3 are reconstructed very accurately as shown in Figures 4–6. The only nonzero sensor attack is detected and accurately estimated by using the SR algorithm as shown in Figure 7. In Figure 8a and 8b, the corrupted system outputs (which are system states in our case) are compared to the “cleaned” outputs that are computed by subtracting the estimated attacks from the corrupted sensors and actuators and to the system outputs when the system is not under attack.
Figure 4.
Plant attack dx1 compared to estimated d̂x1.
Figure 5.
Plant attack dx2 compared to estimated d̂x2.
Figure 6.
Plant attack dx3 compared to estimated d̂x3.
Figure 7.
Sensor attack dy reconstruction.
Figure 8.
(a) Corrupted output y1,y2,y3 compared with compensated and without any attack output and (b) corrupted output y4,y5,y6 compared with compensated and without any attack output.
The critical infrastructures like power grid, water resources, etc. are large interconnected cyber-physical systems whose reliable operation depends critically on their cyber substructure. In this chapter, cyber-physical systems when their sensors and/or states are under attack or experiencing faults are investigated. The sensor and states/plant attacks are reconstructed online by using a fixed-gain and adaptive-gain sliding mode observers. As soon as the attacks are reconstructed, corrupted measurements and states are cleaned from attacks, and the control signal that uses cleaned measurements provides cyber-physical system performance close to the one without attack. The effectiveness of the proposed approach is shown by simulation results of a real electrical power network with sensors under stealth attack and states under deception attacks.
References
1.Antsaklis P. Goals and challenges in cyber-physical systems research. IEEE Transactions on Automatic Control. 2014;59:3117-3119. DOI: 10.1109/TAC.2014.2363897
2.Baheti R, Gill H. Cyber-physical systems. The Impact of Control Technology. 2011;12:161-166
3.Conti JP. The day the samba stopped. Engineering and Technology. 2010;5:46-47. DOI: 10.1049/et.2010.0410
4.Karnouskos S. Stuxnet worm impact on industrial cyber-physical system security. In: 37th Annual Conference of the IEEE Industrial Electronics Society 7-10 November 2011; Melbourne: VIC, Australia. 2011. pp. 4490-4494
5.Farhat A, Cheok CK. Improving adaptive network fuzzy inference system with Levenberg-Marquardt algorithm. In: Annual IEEE International Systems Conference 24-27 April 2017; Montreal: QC, Canada. 2017. pp. 1-6
6.Farhat A, Hagen K, Cheok KC, Boominathan B. Neuro-fuzzy-based electronic brake system modeling using real time vehicle data. EPiC Series in Computing. 2019;58:444-453. DOI: 10.29007/q7pr
7.Cardenas A, Amin S, Sastry S. Secure control: Towards survivable cyber-physical systems. In: The 28th International Conference on Distributed Computing Systems Workshops. 2008. pp. 495-500
8.Pasqualetti F, Dörfler F, Bullo F. Control-theoretic methods for cyber-physical security: Geometric principle for optimal cross-layer resilient control systems. IEEE Control Systems Magazine. 2015;35:110-127. DOI: 10.1109/MCS.2014.2364725
9.Mo Y, Sinopoli B. Secure control against replay attacks. In: Proceedings of Allerton Conf. Communications, Control Computing; Monticello: USA. 2009. pp. 911-918
10.Khazraei A, Kebriaei H, Salmasi RF. Replay attack detection in a multi agent system using stability analysis and loss effective watermarking. In: Annual American Control Conference; Seattle: WA, USA. 2017. pp. 4778-4783. DOI: 10.23919/ACC.2017.7963694
11.Smith R. A decoupled feedback structure for covertly appropriating network control systems. IFAC Proceedings Volumes. 2011;44:90-95. DOI: 10.3182/20110828-6-IT-1002.01721
12.Mo Y, Sinopoli B. False data injection attacks in control systems. In: Preprints of the 1st Workshop on Secure Control Systems. 2010. pp. 1-6
13.Gligor VD. A note on denial-of-service in operating systems. IEEE Transactions on Software Engineering. 1984;SE-10:320-324. DOI: 10.1109/TSE.1984.5010241
14.Dan G, Sandberg H. Stealth attacks and protection schemes for state estimators in power systems. In: Proc. IEEE Int. Conf. Smart Grid Communications; USA. 2010. pp. 214-219
15.Hashemi N, Murguia C, Ruths J. A comparison of stealthy sensor attacks on control systems. In: American Control Conference; Milwaukee: USA. 2018. pp. 973-979
16.Pasqualetti F, Dorfler F, Bullo F. Attack detection and identification in cyber-physical systems. IEEE Transactions on Automatic Control. 2013;58:2715-2729. DOI: 10.1109/TAC.2013.2266831
17.Jin X, Haddad WM, Yucelen T. An adaptive control architecture for mitigating sensor and actuator attacks in cyber-physical systems. IEEE Transactions on Automatic Control. 2017;62:6058-6064. DOI: 10.1109/TAC.2017.2652127.
18.Nateghi S, Shtessel Y, Barbot JP, Zheng G, Yu L. Cyber-attack reconstruction via sliding mode differentiation and sparse recovery algorithm: Electrical power networks application. In: 15th International Workshop on Variable Structure Systems and Sliding Mode Control; Graz: Austria. 2018. pp. 285-290
19.Razzaghi P, Khatib EA, Hurmuzlu Y. Nonlinear dynamics and control of an inertially actuated jumper robot. Nonlinear Dynamics. 2019;97:161-176. DOI: 10.1007/s11071-019-04963-1
20.Nateghi S, Shtessel Y. Robust stabilization of linear differential inclusion using adaptive sliding mode control. In: Annual American Control Conference; Milwaukee: USA. 2018. pp. 5327-5331
21.Navabi M, Mirzaei H. Robust optimal adaptive trajectory tracking control of quadrotor helicopter. Latin American Journal of Solids and Structures. 2017;14:1040-1063. DOI: 10.1590/1679-78253595
22.Razzaghi P, Khatib EA, Bakhtiari S. Sliding mode and SDRE control laws on a tethered satellite system to de-orbit space debris. Advances in Space Research. 2019;65:18-27. DOI: 10.1016/j.asr.2019.03.024
23.Nateghi S, Shtessel Y, Barbot JP, Edwards C. Cyber attack reconstruction of nonlinear systems via higher-order sliding-mode observation and sparse recovery algorithm. In: Conference on Decision and Control; Miami Beach: USA. 2018. pp. 5963-5968
24.Corradini ML, Cristofaro A. Robust detection and reconstruction of state and sensor attacks for cyber-physical systems using sliding modes. IET Control Theory and Applications. 2017;11:1756-1766. DOI: 10.1049/iet-cta.2016.1313
25.Mousavian S, Valenzuela J, Wang J. A probabilistic risk mitigation model for cyber-attacks to PMU networks. IEEE Transactions on Power Apparatus and Systems. 2015;30:156-165. DOI: 10.1109/TPWRS.2014.2320230
26.Taha A, Qi J, Wang J, Panchal J. Risk mitigation for dynamic state estimation against cyber-attacks and unknown inputs. IEEE Transactions on Smart Grid. 2018;9:886-899. DOI: 10.1109/TSG.2016.2570546
27.Edwards C, Spurgeon SK, Patton RJ. Sliding mode observers for fault detection and isolation. Automatica. 2000;36:541-553. DOI: 10.1016/S0005-1098(99)00177-6
28.Fridman L, Shtessel Y, Edwards C, Yan XG. Higher order sliding mode observer for state pstimation and input reconstruction in nonlinear systems. International Journal of Robust and Nonlinear Control. 2008;18:399-412. DOI: 10.1002/rnc.1198
29.Shtessel Y, Edwards C, Fridman L, Levant A. Sliding Mode Control and Observation. New York: Birkhauser, Springer; 2014
30.Yu L, Zheng G, Barbot J-P. Dynamic sparse recovery with finite-time convergence. IEEE Transactions on Signal Processing. 2017;65:6147-6157. DOI: 10.1109/TSP.2017.2745468
31.Utkin VI. Sliding Modes in Control Optimization. Berlin: Springer-Verlag; 1992
32.Edwards C, Shtessel Y. Adaptive continuous higher order sliding mode control. Automatica. 2016;65:183-190. DOI: 10.1016/j.automatica.2015.11.038
33.Floquet T, Edwards C, Spurgeon SK. On sliding mode observers for systems with unknown inputs. International Journal of Adaptive Control and Signal Processing. 2007;21:638-656. DOI: 10.1109/VSS.2006.1644520
34.Levant A. Sliding order and sliding accuracy in sliding mode control. International Journal of Control. 1993;58:1247-1263. DOI: 10.1080/00207179308923053
35.Edwards C, Spurgeon SK. Sliding Mode Control: Theory and Applications. London: Taylor and Francis; 1998. DOI: 10.1201/9781498701822
36.Isidori A. Nonlinear Control Systems. 3rd ed. Berlin: Springer; 1995. pp. 219-290
37.Candes E, Tao T. The Dantzig selector: Statistical estimation when p is much larger than n. The Annals of Statistics. 2007;35:2313-2351. DOI: 10.1214/009053606000001523
Written By
Shamila Nateghi, Yuri Shtessel, Christopher Edwards and Jean-Pierre Barbot
Submitted: 08 July 2019Reviewed: 18 July 2019Published: 18 September 2019
Open access peer-reviewed chapter
