Observer-Based Event-Triggered Predictive Control for Networked Control Systems under DoS Attacks

This paper studies the problem of DoS attack defense based on static observer-based event-triggered predictive control in networked control systems (NCSs). First, under the conditions of limited network bandwidth resources and the incomplete observability of the state of the system, we introduce the event-triggered function to provide a discrete event-triggered transmission scheme for the observer. Then, we analyze denial-of-service (DoS) attacks that occur on the network transmission channel. Using the above-mentioned event-triggered scheme, a novel class of predictive control algorithms is designed on the control node to proactively save network bandwidth and compensate for DoS attacks, which ensures the stability of NCSs. Meanwhile, a closed-loop system with an observer-based event-triggered predictive control scheme for analysis is created. Through linear matrix inequality (LMI) and the Lyapunov function method, the design of the controller, observer and event-triggered matrices is established, and the stability of the scheme is analyzed. The results show that the proposed solution can effectively compensate DoS attacks and save network bandwidth resources by combining event-triggered mechanisms. Finally, a smart grid simulation example is employed to verify the feasibility and effectiveness of the scheme’s defense against DoS attacks.


Introduction
In recent years, with the development of computer networks and wireless communication technology, the rapid development of network control systems (NCSs) has led to a new round of industry change. With the emergence of 5G technology, more control systems can be combined with networks, and remote closed-loop NCSs can be formed through the network transmission of signals, which has been widely used in actual production [1][2][3]. Due to its wide range of applications, the stability and security of NCSs have attracted much attention in the academic community [4][5][6][7][8].
The combination of networks and control systems greatly improves the flexibility of all connected system devices. In other words, all system equipment can be connected through a wired or wireless network, replacing the original point-to-point control structure [9][10][11]. In [12][13][14] , the authors analyzed the modeling and design problems of NCSs. NCSs mainly exchange control information through the network. Because the network is introduced during the control loop, a series of network problems (limited bandwidth resources, data dropout, etc.) are introduced into the control system, which greatly methods to solve the corresponding problems of event-triggered matrices, observer gain matrices and controller matrices. This work represents a significant expansion of previous results involving predictive control (PC) and the event-trigger mechanism (ET) under a DoS attack. The advantages of the proposed control defense scheme are fourfold: (1) Our method is very different to that in the works of networked PCs [32][33][34] which have used time-triggered communication schemes. This paper adopts event-triggered predictive communication schemes to design a controller. Whether the observer's state measurement information is sent depends on the error between the current observer state and the observer state of the most recently sent information. The event-triggered generator on the controller side greatly reduces the size of the sent predictive control sequences, greatly reduces the occupation of bandwidth resources and can also meet the needs of control performance [35]. (2) Compared with the existing predictive control compensation scheme for DoS attacks [7], another advantage of the OB-ETPC scheme adopted in this paper is the combination of the advantages of PC and ET [27,[36][37][38][39][40][41][42]. With the combination of a model and static observer, it can cope with the problem that state information cannot be obtained directly and can also actively compensate for data packet dropout due to DoS attacks and greatly improve the stability of NCSs under DoS attacks. (3) Compared with the latest DoS attack compensation scheme, the method in [27] only considers DoS attacks from the controller to the actuator side. In real-life scenarios, the attack from the sensor to controller side is often through a network link. In this paper, the novel OB-ETPC solves the problem of DoS attacks on both the sensor-to-controller and controller-to-actuator sides, which is more in line with real-life scenarios. (4) The OB-ETPC is established to actively compensate for DoS attacks in NCSs. The observer gain matrix L and controller gain matrix K are co-designed based on the Lyapunov function method, and related criteria for event-triggered matrices are proposed based on linear matrix inequalities (LMIs). The remainder of this paper is organized as follows. Section 2 deals with the problem descriptions and preliminaries. Section 3 considers OB-ETPC and the stability analysis of NCSs under DoS attacks. Section 4 verifies the feasibility of OB-ETPC under DoS attacks through a simulation example. We draw conclusions in Section 5.
All notations used in this paper are defined in the Table 1. Table 1. All notations in this paper.
Notations Definitions The control vector.
The device output vector.
The state vector of the observer.
The output vector of the observer.
The state vector of the predictive control generator.
The moment at which the predictive control generator that successfully receives the data.

A, B and C
The appropriate dimension matrices of the system. L The gain matrix of the observer. K The feedback gain matrix.
The period of DoS attacks. n ∈ R The number of the DoS attack cycle.
A given positive integer. P and Q The symmetrical positive definite matrices.

Problem Descriptions and Preliminaries
In this paper, we will study an observer-based state feedback networked control system under DoS attacks, as shown in Figure 1. The sensor component and the control component and the control component and the actuator component are connected through the network. Due to the openness and vulnerability of the network, NCSs are vulnerable to DoS attacks [43,44].
It is assumed that the dynamic evolution law of the controlled plant can be described by the following discrete system: where x(t) ∈ R n represents the state vector, u(t) ∈ R m represents the control vector and y(t) ∈ R q represents the device output vector. A, B and C are the appropriate dimension matrices of system (1) and K is the feedback gain matrix (to be solved below). The initial state of system (1) is x(t 0 ) = x(0).

Description of Each Component
(1) Sensor: The high-sensitivity sensor sends the output signal from plant to the observer [45].
(2) Observer: In reality, most systems cannot directly obtain the system's state vector x(t).
Using u(t) = Cx(t) to analyze the problem is restrictive and inaccurate. Therefore, in order to estimate plant state information, the observer is introduced into the NCSs. The full-dimension state observer is , where x(t) ∈ R n is the state vector of the observer, y(t) ∈ R q is the output vector of the observer and L is the gain matrix of the observer. We define δ(t) as the observer state error. Then, and the observer error system can be described by (3) Event Generator 1: Due to the limitation of network bandwidth resources, in order to reduce the transmission of data packets, prevent network congestion and improve the utilization of network bandwidth resources and the performance of NCSs, Event Generator 1 is designed on the sensor side to determine whether data packets need to be transmitted to the controller side [46].
In this paper, we first introduce the event-triggered scheme in Event Generator 1 and assume that the time to trigger the Event Generator 1 is t k (k = 1, 2, ..., ); then, the observer state information which is transmitted at this time is x(t k ). The next trigger moment is where µ > 0 is a given scalar, M is a given positive integer, and Φ is a positive definite weight matrix. According to the above condition (5), the next trigger time is determined by the current observer state x(t k + r) and the observer state x(t k ) at the latest trigger time, µ and Φ. Therefore, for µ > 0 and Φ > 0, if f (t k + r, t k ) ≤ 0, the state data packets at t k + r need not be transmitted.
In other words, the embedded trigger condition of the Event Generator 1 is When the trigger condition (7) is satisfied, the observer's state information and state error are transmitted through the network and released to the controller.

Remark 1.
Reducing network bandwidth consumption through event-driven control (ETC) has been extensively studied in [16,[29][30][31]. Thus, ETC provides a very promising option to solve the bandwidth resource problem of NCSs under DoS attacks.

Remark 2.
The data packet which is transmitted from the observer to the controller includes x(t k ) and δ(t k ).
Remark 3. M is the upper limit of the trigger time interval given by us to prevent long-term non-triggering from affecting the stability of the system.
(4) Predictive control generator: Combined with the model-based event-triggered predictive control (MB-ETPC) system, the plant's predictive model is introduced on the control side. The predictive model is used to actively compensate a DoS attack and generate corresponding predictive control sequences. Then, Event Generator 2 is introduced at the control side, which is used to reduce the sending size of the predictive control sequences and further reduce the occupation of bandwidth resources. The predictive control sequences that trigger Event Generator 2 are packaged into a single data packet and sent to the actuator side through the network. (5) Buffer: The buffers are used to store the incoming data packets. (6) Zero-order holder (ZOH): The ZOH is used to choose a suitable control signal with a hold event interval of Ω = [t s i , t s i+1 ). t s i is the moment that the predictive control generator successfully receives the data. (7) Actuator: The function of the actuator is to receive the control signal from the ZOH and control the plant.
In order to facilitate the analysis, we make the following assumptions regarding the above OB-ETPC system: Assumption 1. System (1) performs isochronous sampling. The sampling time is h, and all data packets are time-stamped.

Assumption 2.
The sensor is time-driven, and the predictive controller and actuator are event-driven. Assumption 3. This paper does not consider the time delay of the system and the delay of the transmission process.

Assumption 4. Assume that (A, B) is completely controllable and (A, C) is completely observable.
Assumption 5. x(t 0 ) and δ(t 0 ) are successfully sent at the initial moment t 0 from the observer to the controller.

DoS Attack Description
Denial-of-service (DoS) attacks are simple and effective attacks against a server. The purpose of DoS attacks is to allow the attacked host and server to deny normal users access and disrupt the normal operation of the system. Internet users cannot reach the attacked server and host, causing the server to fail [47]. DoS attacks occur on the sensor-to-controller and controller-to-actuator communication channels. Under DoS attacks, the network control systems will become unstable due to the lack of feedback measurement signals and control signals. Several typical examples of defenses against DoS attacks on modern NCSs are as follows: the United States specifically established the "National Infrastructure Protection Plan" in 2006 and the "Control System Security Plan (CSSP)" in 2010 to incorporate the protection of related national infrastructure control systems into national strategic plans, the European Union released the "European Program for Critical Infrastructure Protection (EPCIP)" in 2013 and the Ministry of Industry and Information Technology (MIIT) in China issued the "Notice on Strengthening the Information Security Management of Industrial Control Systems" in September 2011 [48].
Due to DoS attacks affecting the communication channel, at this time, the observer state data packets released to the control end by Event Generator 1 and the system control sequence packets sent to the actuator side will suffer data dropout due to the DoS attacks. The information transmission under DoS attacks is shown in Figure 2. This paper considers periodic DoS attacks of a variable duration, which is a more general approach. According to [49], the model of DoS attacks is described as follows: where n ∈ R represents the number of the DoS attack cycle, n∈R [nT, nT + T o f f ) represents the time interval without DoS attacks and n∈R [nT + T o f f , nT + T) represents the time interval of DoS attacks; see Figure 3. The main aim of this paper is to use the idea of predictive control to actively compensate for the loss of triggered data packets due to DoS attacks. Based on the received observer state signal x(t s i ), the prediction controller not only needs to calculate the current control signal u(t s i ) but also to perform continuous control serial prediction based on the current observer state signal. The generated data packets U t s i are stored in Buffer 2. The ZOH chooses the suitable control signal to control the plant, which plays an active role in compensating for data packet loss due to DoS attacks.

Remark 4.
In the process of DoS attack compensation, the ZOH adopts a time-driven mechanism. The ZOH continuously sends the u(t s i ) of Buffer 2 to the executor until a split-second before t s i+1 . If the packet in Buffer 2 is not updated before t s i+1 , the ZOH will send the data u( t s i+1 |t s i ) of the latest packet in Buffer 2 to the actuator continuously, and so on, until the packet of Buffer 2 is updated. If the packet in Buffer 2 is updated, the new packet is used to perform the above compensation mechanism.
Remark 5. At present, several design methods for network NCSs schemes have been reported in [16][17][18] (except for a few works [19][20][21][22]24,25] ). Most of the above design schemes do not consider the security of network NCSs but only discuss the design methods of NCSs schemes. Therefore, exploring NCSs compensation under DoS attack is particularly important to solve the security problem of NCSs. Assumption 6. DoS attacks lead to a data packet dropout rate of 100% . Assumption 7. This paper considers periodic DoS attacks, and the period of DoS attacks is T. Because the duration of DoS attacks is variable, we define a real number T min

Assumption 8.
The time interval between two adjacent DoS attacks is greater than M.

OB-ETPC of NCSs under DoS Attacks
Most of the currently researched DoS attack compensation predictive controllers directly compensate for data packet loss by predicting the dynamic evolution of NCSs under a predictive event-driven mechanism. In order to prevent DoS attacks, this paper uses a new predictive controller which combines ET and PC. We assume that the predictive model of the plant is known. The OB-ETPC actively compensates for DoS attacks to ensure system stability and ultimately achieve defense against DoS attacks. Therefore, the structure of the OB-ETPC controller design is shown in Figure 4.
Due to the existence of DoS attacks, the observer's state information { x(t k )} ∞ k=1 triggered by Event Generator 1 cannot be completely transmitted because of data dropout. Thus, we introduce to present the observer's state information which is successfully received at times

Remark 6.
Compared with the latest DoS attack compensation scheme [27], when network communication is introduced from the sensor to controller, the proposed OB-ETPC solves the DoS attack problem from the sensor to controller and controller to actuator.

Remark 7.
Based on Remark 2 and the existence of DoS attacks, we define {δ(t s i )} ∞ i=1 to present the observer's state error which is successfully received at time Remark 8. Based on Assumption 7, Assumption 8 and the event-triggering condition (5), the times t s i+1 and t s i of two successful transmissions satisfy the following relationship: t s i+1 − t s i ≤ 2 × M + p.
The predictive model system is Next, we will explain in detail the use of OB-ETPC to prevent DoS attacks and actively compensate for state data packet loss due to DoS attacks. Due to the impact of DoS attacks, the moment of the successfully received from observer is t s i . As long as the observer's state x(t s i ) is successfully received by the predictive controller, it will be predicted by the predictive model system (9). The predictive model will perform prediction to obtain the corresponding predictive control sequences and actively compensate for the DoS attack. The closed-loop state prediction at the future trigger moment is as follow: . . .
where δ(t s i + j|t s i ) = (A − LC) j δ(t s i ) and δ( t s i+m + j|t s i ) = (A − LC) j δ( t s i+m |t s i ).
In order to reduce the size of the predictive control sequences that need to be sent, Event Generator 2 is introduced into the predictive control generator. t s i+1 is the first predictive event-triggered moment: and t s i+m+1 = t s i+m + min{r s i+m , M}, m ∈ {1, 2, . . . , l i } , where µ and Φ are given in condition (5). Therefore, the predicted moment of transmission is T s i = t s i+1 , t s i+2 , . . . , t s i+l i .

Remark 9. Based on Remarks 3, 8 and Assumptions
Then, l i predictive event-triggered states are packed into X(t s i ).
In order to fully respond to DoS attacks, the controller generates l i predictive control sequences based on the predictive event-triggered states X(t s i ).
According to the corresponding predictive controller law u(t) = Kx(t), the controller's predictive control can be obtained: u( t s i+1 |t s i ) = K x( t s i+1 |t s i ), (22) . . . (23) u( t s i+l i |t s i ) = K x( t s i+l i |t s i ).
Then control sequences are generated as: The generated l i predictive control signals are stored in Buffer 2 for the ZOH to select a suitable control input signal. Then, the ZOH sends the selected control input signal to the actuator to complete the defense against the DoS attack.
Compared with other PC approaches [32] without Event Generator 2, all predicted control sequences will be packed, and the predicted control sequences to be sent are U t s i = [u(t s i ), u(t s i + 1|t s i ), u(t s i + 2|t s i ), . . . , u(t s i + 2 × M + p|t s i )]. Obviously, after Event Generator 2 is added, the size of the predictive control sequences to be transmitted is greatly reduced, and the occupation of bandwidth resources is reduced.

The Closed-Loop System
Lemma 1. Comparing the observer system (2) and predictive model system (9), it is necessary to provide the proof for the following relationships.
x( t s i+h ) = x(t s i+h ), According to Remark 7 and Lemma 1, the closed-loop system with DoS attack compensation under event-triggering condition (5) is expressed as Comparing the observer system (32) and predictive model system (33) in the closed-loop system, and to facilitate system analysis and controller design, for t ∈ [t s i , t s i+1 ) ∩ [ t s i+m , t s i+m+1 ), we define e s i (t) = x(t) − x(t s i+m ). According to e s i and δ(t), the above closed-loop system (31)- (37) can be written as Remark 10. Note that t s i+1 = t s i + t s i+1 − t s i ≤ t s i + 2 × M + p < t s i+l i +1 , and so the compensation selected from Buffer 2 by the ZOH is used to compensate for DoS attacks when t ∈ [t s i , t s i+1 ).
Remark 11. Comparing event-triggered conditions (5) and (20), they are found to be consistent. Based on Remark 9, no event is triggered when t ∈ [t s i , t s i+1 ) ∩ [ t s i+m , t s i+m+1 ) [41]. Thus, based on event-triggering condition (5) and e s i , the following inequality needs to be followed:

Stability Analysis
In this subsection, the design method of the state feedback controller gain matrix K, observer gain matrix L and triggering parameter Φ in condition (5) will be given.

Proof.
To connect x(t) and δ(t), we choose an appropriate Lyapunov function as where P and Q are symmetric positive definite matrices. When t ∈ [t s i , t s i+1 ) ∩ [ t s i+m , t s i+m+1 ), calculating the difference of V(x(t), δ(t)) along the system (38)- (41) and taking the inequalities in condition (42) into account yields that By using Schur's complement, if the following inequality is satisfied, ∆V(x(t), δ(t)) < 0 can be concluded.
However, the above inequality is not in the form of LMI. To reduce it to a linear matrix inequality, we perform pre and post-multiplying (44) with diag{ P −1 , P −1 , I, P −1 , P −1 , I }.
The above matrix inequality is transformed into the following linear matrix inequality form: We define P P −1 , Φ P −1 ΦP −1 , X KP −1 , G QL. According to the Lyapunov stability theory, we find that if the LMI in (43) holds, then the closed-loop system (38)-(41) is asymptotically stable. This completes the proof.

Remark 12.
The main purpose of this paper is to apply the OB-ETPC to compensate for DoS attacks. Unlike the work in [50], this paper introduces two event-triggered generators that compensate for the DoS attack while saving a large amount of bandwidth resources.

Simulation Example
In this section, we apply observer-based event-triggered predictive control to the smart grid example with a four-bus model of the distribution test feeders under DoS attacks [50]. The relevant parameters of the system can be found in [50,51]. The sampling time of the system is h = 0.02s, the DoS attack cycle is T = 2s and the trigger parameter is µ = 0.08.
Other details of the system's parameters can be found in [50]. Then, the matrix C is chosen as C = 1.0000 2.0000 0.0000 0.5000 .
According to Theorem 1, using MATLAB to solve the corresponding linear matrix inequality (LMI), the corresponding controller gain matrix K, observer gain matrix L and event-triggering matrix Φ are obtained as follows: The effectiveness of OB-ETPC in the defense of DoS attacks is demonstrated by comparing the experimental results of three simulation cases under DoS attacks with different durations and two other mainstream DoS attack compensation schemes based on time-triggered predictive control (TTPC) [52][53][54] and event-triggered control (ETC) [27,48,49]. Assume that the plant initial state is

Case 1.
In this case, based on the controller gain matrix K and observer gain matrix L obtained by the above OB-ETPC and based on TTPC [52][53][54], the state responses and event intervals of the system with DoS attack are shown in Figure 5 and Figure 6, respectively. As shown in Figures 5 and 6, we can clearly see that both OB-ETPC-based or TTPC-based methods are able to make the system state stable when encountering DoS attacks. In this case, based on the OB-ETPC and the TTPC, all packet losses due to DoS attacks (p = 1 s or p = 1.5 s) are fully compensated. From Table 2 we can see that, based on OB-ETPC, there are 154 triggered moments within 500 sampling times, and the average triggered time interval is 0.0649 s. Based on the TTPC, the system has 500 triggered moments when compensating for DoS attacks, and the average triggered time interval is 0.02 s. Moreover, it is also clear from the data in the Table 2 that the amount of data packets required to stabilize the OB-ETPC-based system is 114, while the amount of data packets required to stabilize the TTPC-based system is up to 380 when encountering weak DoS attacks. When encountering strong DoS attacks, the OB-ETPC-based system requires 54 data packets for stability, while the TTPC-based system requires 130 data packets for stability. Thus, the event-triggered mechanism not only does not degrade the performance of the system, but also greatly reduces the network bandwidth resource consumption. Case 2. In this case, we assume that p = 1 s is used. Based on the controller gain matrix K and observer gain matrix L obtained by the above OB-ETPC and based on the ETC [27,48,49], the state responses and event intervals of the system are shown in Figure 7 and Figure 8, respectively.  As shown in Figures 7 and 8, the system can be seen to experience a weak DoS attack. From Table 2 we can see that, based on OB-ETPC, there are 154 triggered moments and the average triggered time interval is 0.0649 s. In this case, based on ETC, there are 143 triggered moments and the average triggered time interval is 0.0699 s. Because the simulation case is performed in the upper bound of the weak DoS attack, according to Assumption 7, the ETC-based method can defend against DoS attacks with an arbitrary duration in the weak attack duration range and remain stable after a period of time.
Case 3. In this case, we assume that p = 1.5 s is used. Based on the controller gain matrix K and observer gain matrix L obtained by the above OB-ETPC and based on the ETC [27,48,49], the state responses and event intervals of the system are shown in Figure 9 and Figure 10, respectively.  As shown in Figures 9 and 10, the system can be seen to experience strong DoS attacks. From Table 2, we can see that, based on OB-ETPC, there are 154 triggered moments and the average triggered time interval is 0.0649 s. In this case, based on ETC, there are 117 triggered moments and the average triggered time interval is 0.0855 s. In this case, the ETC-based method cannot defend against strong DoS attacks and the system loses stability. However, since OB-ETPC can fully compensate for DoS attacks, the system remains stable after encountering strong DoS attacks.
Remark 13. The data numbers represent the amount of data successfully transmitted to the actuator.
Compared with TTPC [52][53][54], the above results verify the effectiveness of our proposed OB-ETPC in reducing bandwidth resource consumption. Furthermore, compared to ETC [27,48,49], the above results verify the feasibility of our proposed OB-ETPC approach to defend against DoS attacks. In summary, the OB-ETPC approach proposed in this paper can make up for the deficiency of different types of NCS compensation schemes under DoS attacks. In the case that the system state cannot be completely measured, OB-ETPC can ensure the stability of NCSs and reduce the occupancy of bandwidth resources, which cannot be achieved by other methods at present.

Conclusions
This paper studies the problem of event-triggered control based on a static observer in networked control systems (NCSs) under DoS attacks. The OB-ETPC is a new method to solve the problem of DoS attacks. The results show that the introduction of an observer and predictive model in the system has a significant effect on the defense against DoS attacks. The establishment of an event-triggered scheme greatly reduces the size of the predictive control sequence compensation packet. In addition, a ZOH is constructed in the actuator node to actively compensate for data packet loss due to DoS attacks. The OB-ETPC is an active compensation method for NCSs under DoS attacks that combines event-triggered conditions, robust controller-feedback gain and observer gain. The practical application example shows that this method can not only actively compensate for DoS attacks but can also reduce the bandwidth occupancy while maintaining the stability of the NCSs.
In future research, it would be beneficial to extend the OB-ETPC to the defense against DoS attack of distributed NCSs. In distributed NCSs, it is necessary to consider the impact of network-induced delay, data packet dropout and DoS attacks on the closed-loop system. In addition, the OB-ETPC approach would also be of great significance for solving noise problems [55].