Observer-Based Event-Triggered Predictive Control for Networked Control Systems under DoS Attacks.

This paper studies the problem of DoS attack defense based on static observer-based event-triggered predictive control in networked control systems (NCSs). First, under the conditions of limited network bandwidth resources and the incomplete observability of the state of the system, we introduce the event-triggered function to provide a discrete event-triggered transmission scheme for the observer. Then, we analyze denial-of-service (DoS) attacks that occur on the network transmission channel. Using the above-mentioned event-triggered scheme, a novel class of predictive control algorithms is designed on the control node to proactively save network bandwidth and compensate for DoS attacks, which ensures the stability of NCSs. Meanwhile, a closed-loop system with an observer-based event-triggered predictive control scheme for analysis is created. Through linear matrix inequality (LMI) and the Lyapunov function method, the design of the controller, observer and event-triggered matrices is established, and the stability of the scheme is analyzed. The results show that the proposed solution can effectively compensate DoS attacks and save network bandwidth resources by combining event-triggered mechanisms. Finally, a smart grid simulation example is employed to verify the feasibility and effectiveness of the scheme's defense against DoS attacks.

1. Introduction

In recent years, with the development of computer networks and wireless communication technology, the rapid development of network control systems (NCSs) has led to a new round of industry change. With the emergence of 5G technology, more control systems can be combined with networks, and remote closed-loop NCSs can be formed through the network transmission of signals, which has been widely used in actual production [1,2,3]. Due to its wide range of applications, the stability and security of NCSs have attracted much attention in the academic community [4,5,6,7,8].

The combination of networks and control systems greatly improves the flexibility of all connected system devices. In other words, all system equipment can be connected through a wired or wireless network, replacing the original point-to-point control structure [9,10,11]. In [12,13,14], the authors analyzed the modeling and design problems of NCSs. NCSs mainly exchange control information through the network. Because the network is introduced during the control loop, a series of network problems (limited bandwidth resources, data dropout, etc.) are introduced into the control system, which greatly affect the performance of NCSs. In an open network environment, the security of control information is important. The most common network attack method of NCSs is a denial-of-service (DoS) attack. A DoS attack is a resource exhaustion-type attack. The primary purpose of a DoS attack is to render a computer or network incapable of providing normal services and to consume significant bandwidth resources. Ultimately, the lack of network bandwidth resources due to a DoS attack leads to serious consequences from such an attack, regardless of the processing speed of the computer, memory capacity or network bandwidth. For NCSs, DoS attacks prevent remote controllers and actuators from receiving feedback signals and control signals. Under DoS attacks, NCSs may be made unstable due to the lack of feedback measurement signals and control signals.

Based on the five issues of NCSs mentioned in [15] (sampled-data control, quantization control, networked control, event-triggered control and security control) and the analysis of NCSs exhibition trends and techniques, the security of NCSs can no longer be ignored. (i) For the current mainstream works on the safety of NCSs, NCSs mainly rely on digital sampling. The vast majority of DoS attacks can be modeled as packet loss of the control system. As a result, the security of NCSs primarily characterizes DoS attacks as packet loss. Currently, several design approaches for NCSs schemes have been reported in [16,17,18]. It is noteworthy that, except for a few works [19,20,21,22,23,24,25,26,27,28], most of the available results mentioned above do not consider the safety of NCSs but only discuss the design approach of NCSs schemes. For example, in [19], the stability of a network linear continuous-time system under power-constrained, known and unknown, pulse-width modulated DoS attack signals is investigated. In [20], a more general model for DoS attacks is proposed, where the characteristics of DoS attack are defined by the DoS attack frequency and the DoS attack duration. Based on similar ideas, extensions are made in [21] for dynamic output feedback controllers, in [22] for nonlinear networked control systems, and in [23] for distributed networked control systems. In [24], the stability and robustness of a network linear discrete-time system with random packet loss and random attacks is investigated. In [25], the zero-sum static game framework is applied to deal with the optimal control and scheduling problem of a linear network control system with communication constraints and DoS attacks. In [26], a state feedback resilient controller design method that relies on acyclically sampled data for the maximum and minimum durations of DoS attacks is presented by embedding a logic processor in the controller to capture DoS attack information and compute DoS parameters. Most of the results mentioned above are limited to performance analysis and do not explore controller synthesis [27]. Furthermore, these results assume the availability of system-wide state information, which limits their application in real control systems where only preliminary observations of the actual system state are measurable, usually due to limited communication and bandwidth resources or unavoidable noise [28]. (ii) In addition to the security issues caused by DoS attacks in NCSs, the network bandwidth resources are also very limited, reducing the frequent use of network bandwidth resources is also an urgent problem to be solved. The reduction of network bandwidth consumption by event-triggered control (ETC) has been extensively studied (see [16,29] for a single continuous-time system and [30,31] for multiagent systems), which makes ETC a promising solution for limited bandwidth resources of NCSs. Based on the above observations, is it possible to develop a unified observer-based output feedback scheme that can maintain system performance (stability) and compensate for the loss of control information caused by DoS attacks, while greatly saving limited network bandwidth resources and being more suitable for real-life scenarios (greater use of network convenience)? It is the focus of this paper to address this set of problems in a way that can be uniformly handled when the simultaneous effects of malicious DoS attacks, limited bandwidth resources, and unavailability of all state information are present.

This paper proposes a novel observer-based predictive control defense scheme, as shown in Figure 1, called observer-based event-triggered predictive control (OB-ETPC). Under this framework, we will study the observer-based predictive control system to actively compensate for data dropout due to a DoS attack and use the basic ideas of predictive control, linear matrix inequality (LMI) and Lyapunov function methods to solve the corresponding problems of event-triggered matrices, observer gain matrices and controller matrices. This work represents a significant expansion of previous results involving predictive control (PC) and the event-trigger mechanism (ET) under a DoS attack. The advantages of the proposed control defense scheme are fourfold:

Figure 1

The diagram of the observer-based event-triggered predictive control (OB-ETPC) systems under denial-of-service (DoS) attacks.

Our method is very different to that in the works of networked PCs [32,33,34] which have used time-triggered communication schemes. This paper adopts event-triggered predictive communication schemes to design a controller. Whether the observer’s state measurement information is sent depends on the error between the current observer state and the observer state of the most recently sent information. The event-triggered generator on the controller side greatly reduces the size of the sent predictive control sequences, greatly reduces the occupation of bandwidth resources and can also meet the needs of control performance [35].

Compared with the existing predictive control compensation scheme for DoS attacks [7], another advantage of the OB-ETPC scheme adopted in this paper is the combination of the advantages of PC and ET [27,36,37,38,39,40,41,42]. With the combination of a model and static observer, it can cope with the problem that state information cannot be obtained directly and can also actively compensate for data packet dropout due to DoS attacks and greatly improve the stability of NCSs under DoS attacks.

Compared with the latest DoS attack compensation scheme, the method in [27] only considers DoS attacks from the controller to the actuator side. In real-life scenarios, the attack from the sensor to controller side is often through a network link. In this paper, the novel OB-ETPC solves the problem of DoS attacks on both the sensor-to-controller and controller-to-actuator sides, which is more in line with real-life scenarios.

The OB-ETPC is established to actively compensate for DoS attacks in NCSs. The observer gain matrix L and controller gain matrix K are co-designed based on the Lyapunov function method, and related criteria for event-triggered matrices are proposed based on linear matrix inequalities (LMIs).

The remainder of this paper is organized as follows. Section 2 deals with the problem descriptions and preliminaries. Section 3 considers OB-ETPC and the stability analysis of NCSs under DoS attacks. Section 4 verifies the feasibility of OB-ETPC under DoS attacks through a simulation example. We draw conclusions in Section 5.

All notations used in this paper are defined in the Table 1.

Table 1

All notations in this paper.

Notations	Definitions
x(t)∈R^n	The state vector.
u(t)∈R^m	The control vector.
y(t)∈R^q	The device output vector.
x˜(t)∈R^n	The state vector of the observer.
y˜(t)∈R^q	The output vector of the observer.
x^(t)∈R^n	The state vector of the predictive control generator.
δ(t)	The observer state error.
t_k (k=1,2,…,)	The time to trigger the Event Generator 1.
t_s_i	The moment at which the predictive control generator that successfully receives the data.
A, B and C	The appropriate dimension matrices of the system.
L	The gain matrix of the observer.
K	The feedback gain matrix.
μ>0	A given scalar.
M	A given positive integer.
Φ	A positive definite weight matrix.
T	The period of DoS attacks.
n∈R	The number of the DoS attack cycle.
Toffmin∈(0,+∞)	A real number which satisfies Toffmin≤T_off<T.
p	A real number which satisfies p≜T−Toffmin.
M	A given positive integer.
P and Q	The symmetrical positive definite matrices.

2. Problem Descriptions and Preliminaries

In this paper, we will study an observer-based state feedback networked control system under DoS attacks, as shown in Figure 1. The sensor component and the control component and the control component and the actuator component are connected through the network. Due to the openness and vulnerability of the network, NCSs are vulnerable to DoS attacks [43,44].

It is assumed that the dynamic evolution law of the controlled plant can be described by the following discrete system: where represents the state vector, represents the control vector and represents the device output vector. A, B and C are the appropriate dimension matrices of system (1) and K is the feedback gain matrix (to be solved below). The initial state of system (1) is .

Description of Each Component

Sensor: The high-sensitivity sensor sends the output signal from plant to the observer [45].

Observer: In reality, most systems cannot directly obtain the system’s state vector . Using to analyze the problem is restrictive and inaccurate. Therefore, in order to estimate plant state information, the observer is introduced into the NCSs. The full-dimension state observer is where is the state vector of the observer, is the output vector of the observer and L is the gain matrix of the observer. We define as the observer state error. Then, and the observer error system can be described by

Event Generator 1: Due to the limitation of network bandwidth resources, in order to reduce the transmission of data packets, prevent network congestion and improve the utilization of network bandwidth resources and the performance of NCSs, Event Generator 1 is designed on the sensor side to determine whether data packets need to be transmitted to the controller side [46].

In this paper, we first introduce the event-triggered scheme in Event Generator 1 and assume that the time to trigger the Event Generator 1 is ; then, the observer state information which is transmitted at this time is . The next trigger moment is where is a given scalar, M is a given positive integer, and is a positive definite weight matrix. According to the above condition (5), the next trigger time is determined by the current observer state and the observer state at the latest trigger time, and . Therefore, for and , if , the state data packets at need not be transmitted.

In other words, the embedded trigger condition of the Event Generator 1 is

When the trigger condition (7) is satisfied, the observer’s state information and state error are transmitted through the network and released to the controller.

Reducing network bandwidth consumption through event-driven control (ETC) has been extensively studied in [16,29,30,31]. Thus, ETC provides a very promising option to solve the bandwidth resource problem of NCSs under DoS attacks.

The data packet which is transmitted from the observer to the controller includes and .

M is the upper limit of the trigger time interval given by us to prevent long-term non-triggering from affecting the stability of the system.

Predictive control generator: Combined with the model-based event-triggered predictive control (MB-ETPC) system, the plant’s predictive model is introduced on the control side. The predictive model is used to actively compensate a DoS attack and generate corresponding predictive control sequences. Then, Event Generator 2 is introduced at the control side, which is used to reduce the sending size of the predictive control sequences and further reduce the occupation of bandwidth resources. The predictive control sequences that trigger Event Generator 2 are packaged into a single data packet and sent to the actuator side through the network.

Buffer: The buffers are used to store the incoming data packets.

Zero-order holder (ZOH): The ZOH is used to choose a suitable control signal with a hold event interval of . is the moment that the predictive control generator successfully receives the data.

Actuator: The function of the actuator is to receive the control signal from the ZOH and control the plant.

In order to facilitate the analysis, we make the following assumptions regarding the above OB-ETPC system:

System (

The sensor is time-driven, and the predictive controller and actuator are event-driven.

This paper does not consider the time delay of the system and the delay of the transmission process.

Assume that (A, B) is completely controllable and (A, C) is completely observable.

3. OB-ETPC of NCSs under DoS Attacks and Stability Analysis

3.1. DoS Attack Description

Denial-of-service (DoS) attacks are simple and effective attacks against a server. The purpose of DoS attacks is to allow the attacked host and server to deny normal users access and disrupt the normal operation of the system. Internet users cannot reach the attacked server and host, causing the server to fail [47]. DoS attacks occur on the sensor-to-controller and controller-to-actuator communication channels. Under DoS attacks, the network control systems will become unstable due to the lack of feedback measurement signals and control signals. Several typical examples of defenses against DoS attacks on modern NCSs are as follows: the United States specifically established the “National Infrastructure Protection Plan” in 2006 and the “Control System Security Plan (CSSP)” in 2010 to incorporate the protection of related national infrastructure control systems into national strategic plans, the European Union released the “European Program for Critical Infrastructure Protection (EPCIP)” in 2013 and the Ministry of Industry and Information Technology (MIIT) in China issued the “Notice on Strengthening the Information Security Management of Industrial Control Systems” in September 2011 [48].

Due to DoS attacks affecting the communication channel, at this time, the observer state data packets released to the control end by Event Generator 1 and the system control sequence packets sent to the actuator side will suffer data dropout due to the DoS attacks. The information transmission under DoS attacks is shown in Figure 2.

Figure 2

Diagram of information transmission under DoS attacks.

This paper considers periodic DoS attacks of a variable duration, which is a more general approach. According to [49], the model of DoS attacks is described as follows: where represents the number of the DoS attack cycle, represents the time interval without DoS attacks and represents the time interval of DoS attacks; see Figure 3.

Figure 3

Diagram of the DoS attacks’ periodicity.

The main aim of this paper is to use the idea of predictive control to actively compensate for the loss of triggered data packets due to DoS attacks. Based on the received observer state signal , the prediction controller not only needs to calculate the current control signal but also to perform continuous control serial prediction based on the current observer state signal. The generated data packets are stored in Buffer 2. The ZOH chooses the suitable control signal to control the plant, which plays an active role in compensating for data packet loss due to DoS attacks.

In the process of DoS attack compensation, the ZOH adopts a time-driven mechanism. The ZOH continuously sends the

At present, several design methods for network NCSs schemes have been reported in [

DoS attacks lead to a data packet dropout rate of

This paper considers periodic DoS attacks, and the period of DoS attacks is T. Because the duration of DoS attacks is variable, we define a real number

The time interval between two adjacent DoS attacks is greater than M.

3.2. OB-ETPC of NCSs under DoS Attacks

Most of the currently researched DoS attack compensation predictive controllers directly compensate for data packet loss by predicting the dynamic evolution of NCSs under a predictive event-driven mechanism. In order to prevent DoS attacks, this paper uses a new predictive controller which combines ET and PC. We assume that the predictive model of the plant is known. The OB-ETPC actively compensates for DoS attacks to ensure system stability and ultimately achieve defense against DoS attacks. Therefore, the structure of the OB-ETPC controller design is shown in Figure 4.

Figure 4

The block diagram of the predictive control generator.

Due to the existence of DoS attacks, the observer’s state information triggered by Event Generator 1 cannot be completely transmitted because of data dropout. Thus, we introduce to present the observer’s state information which is successfully received at times ; then, .

Compared with the latest DoS attack compensation scheme [

Based on Remark 2 and the existence of DoS attacks, we define

Based on Assumption 7, Assumption 8 and the event-triggering condition (

The predictive model system is

Next, we will explain in detail the use of OB-ETPC to prevent DoS attacks and actively compensate for state data packet loss due to DoS attacks. Due to the impact of DoS attacks, the moment of the successfully received from observer is . As long as the observer’s state is successfully received by the predictive controller, it will be predicted by the predictive model system (9). The predictive model will perform prediction to obtain the corresponding predictive control sequences and actively compensate for the DoS attack. The closed-loop state prediction at the future trigger moment is as follow: where and .

In order to reduce the size of the predictive control sequences that need to be sent, Event Generator 2 is introduced into the predictive control generator. is the first predictive event-triggered moment: and where and are given in condition (5). Therefore, the predicted moment of transmission is

Based on Remarks

Then, predictive event-triggered states are packed into .

In order to fully respond to DoS attacks, the controller generates predictive control sequences based on the predictive event-triggered states .

According to the corresponding predictive controller law , the controller’s predictive control can be obtained:

Then control sequences are generated as:

The generated predictive control signals are stored in Buffer 2 for the ZOH to select a suitable control input signal. Then, the ZOH sends the selected control input signal to the actuator to complete the defense against the DoS attack.

Compared with other PC approaches [32] without Event Generator 2, all predicted control sequences will be packed, and the predicted control sequences to be sent are Obviously, after Event Generator 2 is added, the size of the predictive control sequences to be transmitted is greatly reduced, and the occupation of bandwidth resources is reduced.

Comparing the observer system (

3.3. The Closed-Loop System

According to Remark 7 and Lemma 1, the closed-loop system with DoS attack compensation under event-triggering condition (5) is expressed as

Comparing the observer system (32) and predictive model system (33) in the closed-loop system, and to facilitate system analysis and controller design, for , we define . According to and , the above closed-loop system (31)–(37) can be written as

Note that

Comparing event-triggered conditions (

3.4. Stability Analysis

In this subsection, the design method of the state feedback controller gain matrix K, observer gain matrix L and triggering parameter in condition (5) will be given.

Based on Assumptions 1–7, for given parameters

with

To connect and , we choose an appropriate Lyapunov function as where P and Q are symmetric positive definite matrices. When , calculating the difference of along the system (38)–(41) and taking the inequalities in condition (42) into account yields that

By using Schur’s complement, if the following inequality is satisfied, can be concluded.

However, the above inequality is not in the form of LMI. To reduce it to a linear matrix inequality, we perform pre and post-multiplying (44) with

The above matrix inequality is transformed into the following linear matrix inequality form:

We define , , , . According to the Lyapunov stability theory, we find that if the LMI in (43) holds, then the closed-loop system (38)–(41) is asymptotically stable. This completes the proof.  □

The main purpose of this paper is to apply the OB-ETPC to compensate for DoS attacks. Unlike the work in [

4. Simulation Example

In this section, we apply observer-based event-triggered predictive control to the smart grid example with a four-bus model of the distribution test feeders under DoS attacks [50]. The relevant parameters of the system can be found in [50,51]. The sampling time of the system is , the DoS attack cycle is and the trigger parameter is .

Other details of the system’s parameters can be found in [50]. Then, the matrix C is chosen as

According to Theorem 1, using MATLAB to solve the corresponding linear matrix inequality (LMI), the corresponding controller gain matrix K, observer gain matrix L and event-triggering matrix are obtained as follows:

The effectiveness of OB-ETPC in the defense of DoS attacks is demonstrated by comparing the experimental results of three simulation cases under DoS attacks with different durations and two other mainstream DoS attack compensation schemes based on time-triggered predictive control (TTPC) [52,53,54] and event-triggered control (ETC) [27,48,49]. Assume that the plant initial state is and the observer initial state is , so the observer state initial error is .

In this case, based on the controller gain matrix K and observer gain matrix L obtained by the above OB-ETPC and based on TTPC [

As shown in s or s) are fully compensated. From s. Moreover, it is also clear from the data in the

In this case, we assume that s is used. Based on the controller gain matrix K and observer gain matrix L obtained by the above OB-ETPC and based on the ETC [

As shown in s. In this case, based on ETC, there are 143 triggered moments and the average triggered time interval is s. Because the simulation case is performed in the upper bound of the weak DoS attack, according to Assumption 7, the ETC-based method can defend against DoS attacks with an arbitrary duration in the weak attack duration range and remain stable after a period of time.

In this case, we assume that s is used. Based on the controller gain matrix K and observer gain matrix L obtained by the above OB-ETPC and based on the ETC [

As shown in s. In this case, based on ETC, there are 117 triggered moments and the average triggered time interval is s. In this case, the ETC-based method cannot defend against strong DoS attacks and the system loses stability. However, since OB-ETPC can fully compensate for DoS attacks, the system remains stable after encountering strong DoS attacks.

The data numbers represent the amount of data successfully transmitted to the actuator.

Compared with TTPC [52,53,54], the above results verify the effectiveness of our proposed OB-ETPC in reducing bandwidth resource consumption. Furthermore, compared to ETC [27,48,49], the above results verify the feasibility of our proposed OB-ETPC approach to defend against DoS attacks. In summary, the OB-ETPC approach proposed in this paper can make up for the deficiency of different types of NCS compensation schemes under DoS attacks. In the case that the system state cannot be completely measured, OB-ETPC can ensure the stability of NCSs and reduce the occupancy of bandwidth resources, which cannot be achieved by other methods at present.

5. Conclusions

This paper studies the problem of event-triggered control based on a static observer in networked control systems (NCSs) under DoS attacks. The OB-ETPC is a new method to solve the problem of DoS attacks. The results show that the introduction of an observer and predictive model in the system has a significant effect on the defense against DoS attacks. The establishment of an event-triggered scheme greatly reduces the size of the predictive control sequence compensation packet. In addition, a ZOH is constructed in the actuator node to actively compensate for data packet loss due to DoS attacks. The OB-ETPC is an active compensation method for NCSs under DoS attacks that combines event-triggered conditions, robust controller-feedback gain and observer gain. The practical application example shows that this method can not only actively compensate for DoS attacks but can also reduce the bandwidth occupancy while maintaining the stability of the NCSs.

In future research, it would be beneficial to extend the OB-ETPC to the defense against DoS attack of distributed NCSs. In distributed NCSs, it is necessary to consider the impact of network-induced delay, data packet dropout and DoS attacks on the closed-loop system. In addition, the OB-ETPC approach would also be of great significance for solving noise problems [55].

Table 2

Sampled numbers, released numbers, average trigger time and data numbers for three cases.

Different Methods	OB-ETPC_1s	OB-ETPC_1.5s	TTPC_1s	TTPC_1.5s	ETC_1s	ETC_1.5s
Cases	Case 1 and Case 2	Case 1 and Case 3	Case 1	Case 1	Case2	Case 3
Methods	This paper	This paper	[52,53,54]	[52,53,54]	[27,48,49]	[27,48,49]
Sampled numbers	500	500	500	500	500	500
Released numbers	154	154	500	500	143	117
Average trigger time	0.0649 s	0.0649 s	0.02 s	0.02 s	0.0699 s	0.0855 s
Data numbers	114	54	380	130	100	40