Differential Entropy-Based Fault-Detection Mechanism for Power-Constrained Networked Control Systems

In this work, we consider the design of power-constrained networked control systems (NCSs) and a differential entropy-based fault-detection mechanism. For the NCS design of the control loop, we consider faults in the plant gain and unstable plant pole locations, either due to natural causes or malicious intent. Since the power-constrained approach utilized in the NCS design is a stationary approach, we then discuss the finite-time approximation of the power constraints for the relevant control loop signals. The network under study is formed by two additive white Gaussian noise (AWGN) channels located on the direct and feedback paths of the closed control loop. The finite-time approximation of the controller output signal allows us to estimate its differential entropy, which is used in our proposed fault-detection mechanism. After fault detection, we propose a fault-identification mechanism that is capable of correctly discriminating faults. Finally, we discuss the extension of the contributions developed here to future research directions, such as fault recovery and control resilience.


Introduction
Control theory developed mainly after World War II.The ideas proposed in this research area are typically related to proportional-integral-differential (PID) control design, state feedback optimal control, optimal observers, and model predictive control (MPC); see [1].At the turn of the twenty-first century and soon thereafter, the next step was taken under the networked control system (NCS) paradigm, which has evolved into multiagent consensus control [2], cybersecurity [3,4], and data-driven control [5].Since then, control theorists and control practitioners have remained highly active in this research area, such as by combining control and information theories [6,7] or linear optimal control and communication theory; examples include [8][9][10].The last few years have also seen an increase in event-triggered NCS solutions [11][12][13], that is, asynchronous control closedloop solutions, which aim to increase the efficiency of specifically limited communication resources while achieving a set of given objectives (stability, performance, robustness, or a combination of these).These and other NCS results are the foundation of better control.
An approach to NCS introduced early on by [9] imposes a power constraint, P, on the channel input power and then characterizes the channel model by its channel signal-tonoise ratio (SNR).The proposed SNR approach is then used to study the design constraints on closed-loop stability, especially for cases in which the controlled plant model under analysis is unstable.The SNR limitations presented in [9], which are fundamental in nature, deal with unstable single-input-single-output (SISO) LTI plant models, characterizing the initial bound on the channel SNR required to achieve feedback-loop stability for a singlechannel model in the closed loop.A mean square analysis to address the probabilistic nature of the communication network was also used, in a different context of synchronization, in [14].An NCS extension of the setup proposed in [9] is presented in Figure 1; in this paper, we consider a memoryless additive white Gaussian noise (AWGN) communication channel for the communication network, which operates simultaneously over two paths: the direct path between the controller and the plant and the feedback path between the plant and the controller.A vast amount of literature also exists on the topic of fault detection and diagnostics, including many published books [15][16][17][18][19] and review articles [20,21].A fault occurs when there is an anomalous behavior, either by chance or maliciously induced, in a physical plant; it is then important to detect, identify, and if possible recover from this fault.There are different formulations for the problems of fault detection and fault identification for linear time-invariant (LTI) models, which can be roughly categorized as approximate (such as synthesizing fault-detection filters subject to noise) and exact formulations (such as the null-space method).
The variability inherent in NCSs due to the inclusion of stochastic processes in the communication of relevant closed-loop signals might also be caused by variations in the plant model parameters.These parameter variations can be interpreted as faults; thus, a fault mechanism is needed that can detect these changes, identify them, and, through the residuals (see Figure 1), identify the new faulty parameter values to then adapt the controller's design to achieve fully fault-tolerant closed loop control.A two-part survey on fault diagnosis and fault-tolerant techniques in control can be found in [22,23].In contrast, the author of [24] offers a complete survey on the topics of fault detection and fault-tolerant control for NCSs.Another survey on fault diagnosis for NCSs can be found in [25], which aims to reduce performance degradation due to communication features.In [26], a faultdetection filter subject to limited transmission through a network with time-varying latency and fading was successfully designed.A Bayesian approach was used instead in [27] for NCS fault diagnosis in an irrigation canal application, while in [28] the authors used a Markov jumping linear system (MJLS) approach for the design of a residual generator.NCS robust fault-tolerant control is also an alternative, which was subsequently considered, for example, in [29]; faults were modeled as MJLSs with incomplete transition probabilities, and LMI-based sufficient conditions were then used to ensure stability.Task allocation in a multiagent setting was presented in [30] to ensure fault tolerance through cooperation between healthy and faulty agents instead of focusing on recovering nominal performance; see also [31].Finally, a nonlinear MPC solution subject to random network delays and packet dropout was used for fault-tolerant design control in [32].
Our first contribution is the optimal design of the control loop for a first-order unstable plant model, which applies generally due to the nature of the NCS setup.The optimal controller minimizes the sum of the powers for the network input signals u(k) (also the controller output) and y(k) (also the plant model output) in the steady state; see Figure 1.Our second contribution is a fault-detection mechanism based on the estimation of the differential entropy of the controller output signal u, as shown in Figure 1.Our third contribution is a fault-identification mechanism for the value of the plant model gain and unstable poles, once a fault has been detected, based on the controller output signal u and the received output signal y r .We present a simulated example to illustrate these contributions.
This paper is organized as follows.Section 2 presents the general assumptions, introducing the plant and AWGN channel models.Here, we also present the definition of the power of a signal in the steady state.In Section 3, we propose the optimal controller design for the power-constrained NCS control loop.In Section 4, we define the finite-time power estimation and the power constraint-based fault-detection criterion.Section 5 introduces the proposed fault-identification mechanism.In Section 6, we demonstrate the use of both the fault-detection and fault-identification mechanisms based on a simulation example.Finally, in Section 7, we summarize the present work and possible future research avenues.

Preliminaries 2.1. Plant, Channel, and Network Models
We next give the descriptions of the plant, channel, and network models under study.
Plant Model : The plant model, G(z), can be described by a general model given by where K p ∈ R + , ρ > 1, and G s (z) is a stable, minimum-phase transfer function (i.e., all its poles and zeros are inside the unit circle).

Channel Models:
The AWGN channel model is described by a channel input power constraint, P, and an identically independently distributed additive Gaussian noise process, n, with zero mean and variance, σ 2 .Network Model: We define the network as two AWGN channel models with an encoder and decoders, one of which is on the direct path between the controller and the plant models and one of which is on the feedback path between the plant and the controller models; see Figure 2. Depending on the channel location, we identify the additive noises as n u and n y , both of which are identically independently distributed additive Gaussian noise processes with zero means and variances, σ 2 nu and σ 2 ny , respectively.Finally, the powers of the channel input signals are denoted as ∥u∥ 2  Pow and ∥y∥ 2 Pow .Furthermore , the setpoint signal, r o , in Figure 2 is assumed to be a constant known value.Remark 1.The decision to use AWGN channel models to characterize the proposed network model implies that we are considering the channel input constraints and the channel additive noises as the main network features.Other network features, such as transmission delays, quantization, and packet losses, can also be considered, but this would require the use of channel models in addition to the proposed AWGN channel model and would make the characterization of the differential entropy of the control signal, u(k), which is the basis of the proposed fault-detection mechanism, more involved due to the effect of the closed loop.

Stationary Power of a Linear Time-Invariant System Output Signal
Definition 1. From [33], we denote the power spectral density of a signal s(k) as S s e jωT s .Definition 2. The H 2 norm of a discrete-time linear time-invariant system H is defined as Lemma 1 (Stationary power of an LTI system output signal).For a discrete-time linear timeinvariant system H with a weakly stationary stochastic process n(k) at the input, mean µ n , and spectral density the variance of the noise can be determined.Ref. [34] shows that if H is stable (here, it is assumed to be stable if all its poles are inside the unit circle), then and the steady-state power of the output signal is then Proof.Since n(k) is a weakly stationary stochastic process and H is stable, s is also a weakly stationary stochastic process.If we define s = µ s + s, where s is a weakly stationary stochastic process with zero mean, then we have Since, by its definition, the covariance function of s is equal to the covariance function of s, and because the power spectral density is the Fourier transform of the covariance function, we have that S s (e jωT s ) = S s(e jωT s ).As we take the limit k → ∞, we obtain
In the next section, we use the introduced assumptions and Lemma 1 to propose the design of the NCS control loop in Figure 2.

Networked Control System Design
We start this section with the following lemma, which references a result from [35]; from this lemma, we begin to construct our optimal controller design proposal.
Lemma 2 (sum of convex functions).Let f i , i = 1, • • • , n be given convex functions and γ i be given positive scalars.Then, the function is also a convex function.
We continue by establishing the working choices for the encoder and decoder blocks in Figure 2. The presence of these blocks is intrinsic to the NCS setup, and it is one of the reasons these types of systems require an extension, not just an application, of classic control theory results.Lemma 3 (Encoder and decoder design).The encoder and decoder blocks in Figure 2 for the subsequent NCS design are selected as where G s (z) is the stable, minimum-phase part of the proposed plant model; see Section 2.1.
Remark 2. We observe that, by using Lemma 3 in Figure 2, we can focus entirely on the first-order unstable part of the plant model.
In the next lemma, we introduce some intermediate results that consider the controller, C(z), to be a proportional controller; that is, C(z) = K c for K c ∈ R, which will be required for the optimal controller design K * c .
Lemma 4 (Convexity of closed-loop squared norms).The following squared H 2 norms are convex functions of K c , the proportional controller: where Proof.We start this proof with the squared H 2 norm of T. For a proportional controller and the simplified plant model, K p /(z − ρ), the complementary sensitivity is The squared H 2 norm of the above transfer function is then To obtain its critical points, we take the derivative of K c and solve After grouping the powers of K c in the numerator, we obtain One critical point is K c = 0, but this solution is outside the region of K c values that ensures closed-loop stability and is thus not considered.The other critical point is The second derivative is c , the only valid critical point, is a minimum, proving that ∥T∥ 2 2 is a convex function.Now, for ∥SC∥ 2  2 , we have that Thus, since K 2 c is a convex function of K c , we focus on the remaining part, K 2 c ∥T∥ 2 2 : The value K c = 0 is a critical point with a multiplicity of three, but again, it is outside the range of values required for closed-loop stability for K c .The other two potential solutions are but we observe that K * c2 is outside the stability region.The second derivative at Simplifying, we obtain Therefore, we determine that the numerator and thus the overall second partial derivative are positive and that the only critical point value, K * c1 , is a minimum, which proves that K 2 c ∥T∥ 2 2 is a convex function of K c in the stability region; through Lemma 2, ∥SC∥ 2  2 is also a convex function of K c in the stability region.Finally, we focus on the term ∥SG∥ 2 2 .For the last squared H 2 norm expression, ∥SG∥ 2 2 , we have The only critical point in this case is given by K * c = ρ/K p , which lies inside the K c stability region for the closed loop; when replaced in the second partial derivative, it results in Thus, the critical point, K * c , is a minimum, and the function ∥SG∥ 2 2 is convex in the K c stability region for the closed loop; this concludes the proof.
We next use the results just obtained to show the convexity, in terms of the proportional controller, of the power expression for the NCS input signals u and y; see Figure 2.
Lemma 5 (Channel input powers).For the setup depicted in Figure 2 with K r = T −1 (1), the channel input powers are and they are both convex functions of K c , the proportional controller.
We are now ready to use all the previous intermediate results to present the optimal design of the proportional controller, which minimizes the sum of the channel input powers.
Proof.According to Figure 2 and Lemma 3, the signals at the respective channel inputs are We then apply Lemma 1 for z = u and for z = y and obtain the expressions in Equation ( 9).Finally, since all the squared H 2 elements of Equation ( 9) are convex functions of K c as in Lemma 4, together with Lemma 2, it is shown that the channel input powers in Equation ( 9) are convex functions of K c , which concludes this proof.
Theorem 1 (NCS controller design).The proportional controller, K c , is designed so that with 0 < η < 1, and its optimal value is the unique solution, in the K c stability region (ρ − 1)/K p , (ρ + 1)/K p for the closed loop, of the following polynomial: Proof.From Lemma 5, we have that According to Lemma 2, this is a convex function of K c , thus characterizing the critical point of the above functional results in obtaining the optimal K * c that minimizes the linear combination of channel input powers.We then take the partial derivative of K c , which results in the polynomial a 4 K 4 c + a 3 K 3 c + a 2 K 2 c + a 1 K c + a 0 = 0, with coefficients defined as in (11).Since the proposed functional is convex in K c , there is only one critical point in the K c stability region for the closed loop, which concludes this proof.Remark 3. If the plant pole ρ (see (1)) is stable, that is, if |ρ| < 1, then the minimal channel input powers ∥u∥ 2  Pow and ∥y∥ 2 Pow will be zero, and the optimal controller K * c from Theorem 1 will also then be equal to zero, nevertheless resulting in a stable closed loop (although it is technically open if the controller is zero).The fault-detection and fault-identification mechanisms described in the next sections will be applicable as long as a non-zero suboptimal controller is in place for ρ < 1 to effectively close the loop.Remark 4. Due to the standing assumptions regarding r o , the choice of K r in Figure 2, and the relationship between stationary power and signal variance, we have that the NCS controller design proposed in Theorem 1, which minimizes the network input power, can also be interpreted as a minimal-input-entropy controller design.
The optimal controller design from Theorem 1 results in a stable closed loop, and we now wish to extend its analysis to the case with faults on the two main parameters involved in the optimal controller design, namely, the gain, K p , and the plant unstable pole, ρ.We obtain two contributions: a fault-detection mechanism and a fault-identification mechanism.Therefore, we continue by presenting the proposed fault-detection mechanism in the next section.

Fault-Detection Mechanism
The signal u is assumed to be available because it is the result of signal processing through the controller, as shown in Figure 1.On the other hand, the availability of the signal y r requires the assumption of an added sensor at the output of the AWGN channel over the feedback path.Moreover, due to the presence of the channel additive processes n u and n y , we cannot consider the instant values of the relevant signals u and y r , as shown in Figure 1, as representative values.We therefore address this issue by using the average estimates of u and y r instead, as shown in the next lemma.Lemma 6 (Finite time estimate).The averaged signal is obtained as where L satisfies for a user-defined tolerance value ϵ.
Proof.Lemma 5 shows that In a stationary state, we then have that u 1 , as defined in (12), will approach µ u as L → ∞ and σ 2 u 1 (L) → 0 since µ u is a constant value, which shows that there will always be a suitable finite value of L for any given choice of tolerance ϵ, which concludes this proof.
Remark 5.The use of the previous lemma extends in exactly the same way for signal y r , for which y r1 represents the L average.However, such a signal is only required for the fault-identification mechanism that we propose in the next section.Remark 6.The application of Lemma 6 is based on a Monte Carlo simulation of the NCS-designed control closed loop in steady state with no faults.The selected value of L, through the choice of ϵ, will be a user-selected trade-off between the successful rejection of the noise processes (the larger the L value is, the better) and the responsiveness to the presence of faults (the smaller the L value is, the better).
We now present our proposed fault-detection mechanism in the following theorem.
Theorem 2 (fault-detection mechanism).Given the setup in Figure 2 for the NCS defined by Lemma 3, with the controller designed as in Theorem 1, the fault flag signal, FF(k), is defined as where ĥ is the estimated differential entropy of the signal u(k), with the time estimate u 1 defined in Lemma 6 and u 2 defined as Additionally, is the theoretical differential entropy of the signal u(k) in the steady state when no fault is present.The fault level, δ, is user defined, and it is selected as 2σ ĥ, which is twice the standard deviation of the estimated differential entropy of u(k) when no fault is present.
Proof.From [36] and the fact that the signal u(k) in Figure 2 is a filtered sum of the driving Gaussian processes n u and n y , we have where σ 2 u is the variance of the signal u.From Lemma 5, we have which results in the proposed expression for h(u) presented in (17).
Remark 7. We observe that the selection of δ in Theorem 2 is a compromise between false negative errors (not detecting a fault when one is present) and false positive errors (detecting a fault when one is not present).If the selected δ value is smaller, then more false positive errors will be detected.
If the selected δ value is greater, then more false negative errors will be detected.
Remark 8.The use of differential entropy for the proposed fault-detection mechanism is motivated by the presence of the AWGN channel and is also a reasonable choice because it introduces a logarithmic scale (base 2 in this case) for the channel input variance, which can otherwise report very large excursions when subjected to faults, as we will observe in the following sections.Moreover, if we select η = 1 in Theorem 1 for the NCS controller design, we can then address the minimal h(u) in (17).
After a fault has been detected by means of Theorem 2, the next step is to estimate its value, that is, to identify it.The next section focuses on this goal.

Fault-Identification Mechanism
The faults that the control loop might be subject to are involved in the plant model gain, K p , or the unstable pole ρ.Additionally, due to the NCS nature of the proposed closed control loop in Figure 2, for the fault-identification mechanism we only stipulate that we have access to the signals u and y r .That is, we only stipulate access to signals on the controller side of the network (otherwise, transmission through a communication channel would be required); see Figure 1.
As a first step in identifying the detected faults, as described in the previous section, we consider the online estimation of the plant parameters K p and ρ.
Lemma 7 (Plant parameter estimation).From Figure 1, assuming the online availability of signals u(k) and y r (k) and a selected value of L from Lemma 6, we obtain and the plant parameter estimates are Proof.We first observe that y r1 (k) ≈ T(1)K r r o where y r1 (k) is the L-length finite-time estimation of the steady-state value of y r .From this, we obtain On the other hand, we have With these two intermediate results, after algebraic manipulation we obtain the estimate expressions in (19), which concludes this proof.
We now use Lemma 7, together with the fault-detection mechanism from the previous section, to identify the fault.We provide this result in the next theorem.
Theorem 3 (fault-identification mechanism).The values of the plant fault parameters are identified as for the plant parameter, K p , where σ K p is the standard deviation of the plant gain estimation when no fault is present and for the plant parameter ρ, where σ ρ is the standard deviation of the unstable plant pole estimation when no fault is present.
Proof.Fault identification is the result of intersecting the estimated plant parameters Kp and rho from Lemma 7 with the fault flag signal FF(k) from Theorem 2. Whether the fault is due to K p , ρ, or a change in the values of both K p and ρ, the type of fault will be identified as long as the excursion in the value of the faulty parameter exceeds twice the standard deviation of the estimated parameter value when no fault is present.That is, we use the same approach proposed in Theorem 2, but now we validate the fault on either or both plant parameters.
We have now finalized the theoretical development of this work, and we proceed in the next section to illustrate the proposed contributions through a simulation example summarizing all the previous key points.

Example
In this section, we develop an example to illustrate the contributions developed in the previous sections.We consider the plant model That is, we assume for simplicity here, without loss of generality, that G s (z) = 1.The setpoint signal is r o = 0.5, and the channel additive noise variances are selected as σ 2 nu = σ 2 ny = 0.3.The NCS proportional controller design from Theorem 1, with an equal weight η = 0.5 to equally weight the power contribution of each channel input, results in K * c = 1.2921.The plant model parameters, and thus the closed control loop, are subject to the following changes for K p : We then propose a first fault on the value of K p starting at k = 5001 and lasting until k = 12,000, a second fault due to ρ starting at k = 17,001 and lasting until k = 24,000, and a third and final fault due to a simultaneous change in the values of K p and ρ starting at k = 29,001 and ending at k = 36,000.
The first step is the selection of L as a compromise between the rejection of the two noise processes and responsiveness to the faults.In Figure 3, we show a Monte Carlo simulation of two hundred simulations of u 1 at k o = 3000 for each value of L, in steps of ten.The red dashed line is the steady-state predicted value, µ u , and the black dash-dotted lines are the variances of the two hundred simulations at each value of L around the mean value.As predicted, the variance decreases as L increases.From Figure 3, the choice of L = 300 is considered a good compromise, and it is the value used in the following steps.The proposed selection is compatible with a tolerance value of ϵ = 0.04.As a second step, focusing on Theorem 2, we provide the estimate ĥ(u) (solid green line) and propose from the same figure a choice of δ that is twice the standard deviation of the observed ĥ(u), which in this case amounts to δ = 0.12.Therefore, any increase in the estimated differential entropy, û, of more than 0.12 from the base value, h(u), represented by the red dashed line in Figure 4, is registered as a fault.
We now test the proposed fault-detection mechanism for the designed NCS closed control loop, with the faults described in ( 21) and (22).In Figure 5, the three proposed faults can be clearly observed.With the selected value of δ, there will be small instances of false negative errors for K p f 1 around k = 8600 and for ρ f 1 around k = 19,600.However, no false negative errors are present for simultaneous faults K p f 2 and ρ f 2 .The choice of δ also triggers some instances of false positive errors around k = 1000, k = 16,000, k = 25,000, and k = 39,000.This is the expected trade-off between false positive errors and false negative errors for any fault-detection mechanism.
The next step is to couple the fault-detection mechanism of Theorem 2 with the faultidentification mechanism from Theorem 3. The result for K p , subject to the proposed faults, is shown in Figure 6.We observe that the inclusion of further discrimination by means of the estimated standard deviation σ K p , represented by the black dashed line, reduces the effect of false negative errors and false positive errors.Moreover, during the second fault, starting at k = 17,001, which is due only to a change in ρ, the introduction of the σ K p -based discriminant in Theorem 3 allows the plant model gain to remain at the correct value, K p = 2.We conclude the example by reviewing the estimation of the unstable plant pole value, ρ, subject to the faults in Figure 7 (green solid line).As we can see, the introduction of the standard deviation discriminant, σ ρ , was not as successful as for the plant model gain in avoiding a noisy estimation during the first fault starting at k = 5001, even though this first fault is only due to a change in the value of k p .Moreover, during the second fault, due only to a change in the value of the unstable plant pole, a false negative error is still present in the proposed identification at approximately k = 20,000.Nevertheless, some instances of false negative errors were suppressed between the first and second faults and at the end of the simulation run.Finally, we observe that Figures 6 and 7 together demonstrate accurate detection and identification of the faults we introduced into the closed control loop.

Conclusions
In this work, we propose an optimal NCS design subject to a network of simultaneous power-constrained AWGN channels over direct and feedback paths.The optimal controller design is then the foundation of a differential entropy estimation fault-detection mechanism.The use of differential entropy is justified by the presence of the AWGN channel and is also reasonable since it introduces a logarithmic scale on the channel over the direct-path input variance, which can otherwise result in very large excursions when subjected to faults, as observed in the provided example.The last contribution is a fault-identification mechanism restricted to the signals available on the controller side of the network, namely, u and y r .A limitation of the proposed fault-detection method is the trade-off imposed by the choice of L. The smaller the value of L is, the larger the value of δ is because of u 1 and u 2 , and vice versa.Since the value of δ determines the sensitivity of the fault-detection mechanism, an experienced user must strike the right compromise between these two design parameters.Additionally, as a future research direction, the imposed side restriction signal availability, due to the NCS nature of the closed control loop, can be explored to improve the use of signals on the plant side of the network in the design of a fault-detection/identification mechanism.Finally, once the faults are successfully identified, they should be used for retuning the optimal controller in an adaptive scheme that allows for fault recovery.

Figure 1 .
Figure 1.NCS SISO feedback loop with residual generator and fault-detection stages.

Figure 2 .
Figure 2. NCS SISO feedback loop with an AWGN network.

Figure 3 .
Figure 3. Monte Carlo simulation of u 1 (k o ) as a function of L for k o = 3000 (blue dots), predicted mean value µ u (red dashed line), and variance of u 1 (k o ) as a function of L (black dash-dotted line).

Figure 4 .
Figure 4.Estimated differential entropy of the signal u(k), when no faults are present, for the selected value of L = 300 (green solid line), no-fault theoretical value (red dashed line), and no-fault theoretical value plus two standard deviations (black dash-dotted lines).

Figure 5 .
Figure 5.Estimated differential entropy of the signal u(k), when faults in (21) and (22) are present, for the selected value of L = 300 (green solid line), no-fault theoretical value (red dashed line), and no-fault theoretical value plus two standard deviations (black dash-dotted lines).

Figure 6 .
Figure 6.Estimated value of the plant gain parameter K p for the selected value of L = 300 (green solid line), true parameter value (red dashed line), standard deviation σ k p (black dash-dotted line), and reported fault flag (black solid line at the bottom).

Figure 7 .
Figure 7.Estimated value of the plant gain parameter, ρ, for the selected value of L = 300 (green solid line), true parameter value (red dashed line), standard deviation σ ρ (black dash-dotted line), and reported fault flag (black solid line at the bottom).