Randomized Transmission Protocols for Protection against Jamming Attacks in Multi-Agent Consensus

Abstract

Multi-agent consensus under jamming attacks is investigated. Specifically, inter-agent communications over a network are assumed to fail at certain times due to jamming of transmissions by a malicious attacker. A new stochastic communication protocol is proposed to achieve finite-time practical consensus between agents. In this protocol, communication attempt times of agents are randomized and unknown by the attacker until after the agents make their communication attempts. Through a probabilistic analysis, we show that the proposed communication protocol, when combined with a stochastic ternary control law, allows agents to achieve consensus regardless of the frequency of attacks. We demonstrate the efficacy of our results by considering two different strategies of the jamming attacker: a deterministic attack strategy and a more malicious communication-aware attack strategy.

Introduction

Nowadays, control systems heavily utilize information and communication technologies. Especially, the Internet of Things is becoming widespread and remote sensing/control operations can now take place over wireless networks. With these new developments, the risk of cyber attacks against control systems is also increasing. Communication channels used in control systems are vulnerable to cyber attacks and ensuring cyber security of control systems has become a very important challenge (Sandberg, Amin, & Johansson, 2015).

Networked control systems are threatened by different types of cyber attacks. For instance, on a vulnerable network, measurement and control data can be altered by a malicious attacker (Fawzi, Tabuada, & Diggavi, 2014). In certain situations, attackers can even inject false data into the system without being noticed (Mo, Garone, Casavola, & Sinopoli, 2010). These attacks require the attacker to be knowledgeable about the system dynamics. In the context of multi-agent systems, the presence of faulty or even malicious agents not following the given protocols may affect the global behavior of the overall system. There is a rich history in computer science on the development of resilient consensus algorithms (e.g., Lynch, 1996, Azadmanesh & Kieckhafer, 2002). Recently, this problem has gained interest in systems and control as well (Dibaji and Ishii, 2017, Dibaji et al., 2018, LeBlanc et al., 2013, Tseng and Vaidya, 2015).

On the other hand, attackers who have limited information about the control system can resort to denial-of-service (DoS) attacks to prevent communication over networks. For instance, malicious routers in a network may intentionally drop measurement and control data (Awerbuch et al., 2008, Mahmoud and Shen, 2014). Moreover, denial-of-service on wireless networks can also happen in the form of jamming attacks. A jamming attacker can block the transmissions on a wireless channel by emitting strong interference signals (Pelechrinis et al., 2011, Xu et al., 2005). Recently, researchers explored the effect of jamming and other types of denial-of-service attacks on networked control systems (Cetinkaya et al., 2017, Cetinkaya et al., 2018, Cetinkaya, Ishii et al., 2019, De Persis and Tesi, 2016, Feng and Tesi, 2017, Shisheh-Foroush and Martínez, 2016). Moreover, the effect of jamming on multi-agent consensus has also been explored (Senejohnny et al., 2015, Senejohnny et al., 2017).

One of the main challenges in studying the multi-agent consensus problem under jamming attacks is that the attacker’s actions cannot be known a priori. To account for the uncertainty in the generation of attacks, the works (Senejohnny et al., 2015, Senejohnny et al., 2017) characterized jamming attacks through their average duration and frequency. It is shown there that multi-agent consensus can be achieved if the duration and the frequency of attacks satisfy certain conditions. Specifically, these works consider a self-triggered control framework, where each agent attempts to communicate with its neighbors and update its local control input only when a triggering condition is satisfied. For consensus, it is required that the ratio of the duration of the attacks to the total time is less than one. This ensures that the jamming does not span the entire time. Note that under the self-triggering framework, the communication attempt times for the agents are deterministic. Thus, an attacker who is knowledgeable on the multi-agent system can determine those time instants. This allows the attacker to block the communication by turning on the jamming attack very briefly at those instants without violating the duration condition. To avoid this issue, a restriction on the attack frequency becomes necessary. Specifically, the frequency of the attacks is required to be less than the frequency of the communication attempts by the agents.

Motivated by the discussion above, our goal in this paper is to investigate attack scenarios where the jamming is turned on and off very frequently. Our main contribution is a new stochastic consensus framework to deal with those attack scenarios. In our framework, we use the ternary control laws previously used in De Persis and Frasca, 2013, Senejohnny et al., 2015, Senejohnny et al., 2017. However, instead of the self-triggering method utilized in those works, we propose a stochastic communication protocol that can achieve consensus regardless of the frequency of the attacks. In this protocol, each agent attempts to communicate with its neighbors at random time instants. These time instants are hence unknown by the attacker.

We consider two attack strategies that are restricted by their average duration but not by their frequency. In the first strategy, the starting time and the duration of the jamming attacks are deterministic and do not depend on whether the agents try to communicate. On the other hand, in the second strategy the attacker is aware of the communication attempts of the agents and can preserve energy by turning off jamming right after a communication attempt is blocked. We show that in both strategies, our proposed stochastic communication protocol guarantees infinitely many successful communications in the long run. Furthermore, by using a probabilistic analysis, we show that almost-sure finite-time practical consensus is achieved regardless of attack frequency as long as the average ratio of attack durations is less than hundred-percent.

Our approach for analyzing the consensus under jamming differs largely from those in the literature. In particular, for the deterministic communication strategy proposed in Senejohnny et al., 2015, Senejohnny et al., 2017, bounds on attack frequency can be used for establishing an upper-bound for the interval between two consecutive successful communication times of an agent. Here in this paper, such an upper-bound is not available and there is a positive probability that any finite number of consecutive communication attempts can be blocked by a jamming attacker. This difference is due to the fact that we do not consider a bound for attack frequencies and our communication protocol involves randomization of transmission times. We also note that although there are several works that deal with random connectivity issues and randomly switching graph topologies in multi-agent systems (e.g., Tahbaz-Salehi & Jadbabaie, 2010, Zhang & Tian, 2010, You, Li, & Xie, 2013), the analysis techniques in this paper are completely different from those works due to our approach of intentionally randomizing the inter-agent communication times to mitigate jamming attacks which occur at uncertain times.

Our analysis for consensus relies on first establishing that under randomized transmissions, all agents can communicate with their neighbors infinitely many times in the long run. This is shown for the deterministic and the communication-aware attacks using different techniques. In the case of deterministic attacks, the independence of attacks and communication attempts plays an important role. Another big role is played by the uniform distribution of random communication attempt times. On the other hand, in the case of communication-aware attacks, the timing of attacks depends on all previous history of the communication times of agents. In the analysis of this case, we construct a filtration that represents the progression of the actions of the agents and those of the attacker. By utilizing this filtration, we show that our protocol can achieve a positive probability of at least one successful inter-agent transmission during carefully selected sufficiently long intervals spanning the time domain. We then utilize the monotone-convergence theorem for sets to show that even in communication-aware attacks, each agent can make infinitely many successful communications in the long run. This result allows us to show that with suitable choice of control parameters, each agent would be able to select appropriate control actions and apply them long enough to reach consensus in finite time.

In this paper, we show that randomization in inter-agent communications enables agents to reach consensus regardless of the frequency of jamming attacks. In recent works, randomization in communication has been exploited in different ways. For instance, randomized gossip algorithms is used in Boyd, Ghosh, Prabhakar, and Shah (2006) to allow networked operation under limited computation and communication resources. Furthermore, the work by Dibaji et al. (2018) introduced randomness in quantization as well as in communication times to increase resiliency against malicious nodes in multi-agent systems. Such advantages of using probabilistic methods have been found in resilient consensus in computer science and are often referred to as “impossibility results” (e.g., Lynch, 1996). In addition, random frequency hopping techniques are utilized by Navda, Bohra, Ganguly, and Rubenstein (2007) and Pöpper, Strasser, and Čapkun (2010) to mitigate jamming in wireless networks.

The paper is organized as follows. In Section 2, we explain the multi-agent consensus problem under jamming attacks. We propose a stochastic communication protocol and provide conditions for consensus under jamming attacks in Section 3. Then we discuss our protocol’s efficacy under deterministic and communication-aware attacks in Section 4. In Section 5, we present numerical examples to demonstrate our results. Finally, we conclude the paper in Section 6.

We note that part of the results in Sections 3 Stochastic communication protocol for consensus under jamming attacks, 4 Deterministic jamming and communication-aware jamming appeared in our preliminary report (Kikuchi, Cetinkaya, Hayakawa, & Ishii, 2017) without proofs. In this paper, we provide complete proofs and more detailed discussions in Sections 3 Stochastic communication protocol for consensus under jamming attacks, 4 Deterministic jamming and communication-aware jamming. Furthermore, new numerical examples are presented in Section 5.

The notation used in the paper is fairly standard. Specifically, we denote positive and nonnegative integers by $\mathbb{N}$ and ${\mathbb{N}}_0$, respectively. Furthermore, we use ${\left(\cdot \right)}^{\mathrm{T}}$ to denote transpose, $\left|S\right|$ to denote the Lebesgue measure of a set $S\subset \mathbb{R}$, and $A\setminus B$ to denote the set of elements that belong to set $A$, but not to set $B$. The notations $\mathbb{P}\left[\cdot \right]$ and $\mathbb{E}\left[\cdot \right]$ respectively denote the probability and the expectation on a probability space $(\Omega ,\mathcal{F},\mathbb{P})$. Moreover, we use $\mathbb{1}\left[E\right]:\Omega \to \{0,1\}$ for the indicator of the event $E\in \mathcal{F}$, that is, $\mathbb{1}\left[E\right]\left(\omega \right)=1$, $\omega \in E$, and $\mathbb{1}\left[E\right]\left(\omega \right)=0$, $\omega \notin E$. To simplify the presentation, we omit the $\omega \in \Omega$ in the notation of random variables in certain equations.