uncertainty analysis of a fault detection and isolation ...562637/fulltext01.pdf · uncertainty...

Degree project in

Uncertainty Analysis of a FaultDetection and Isolation Scheme for

Multi-Agent Systems

THORALF A. SCHWARZ

Stockholm, Sweden 2012

XR-EE-RT 2012:024

Automatic ControlMaster's thesis

Abstract

Diagnostic techniques in model-based fault detection and isolation approaches areoften based on residuals. If the residuals become greater than a certain thresholdthen an alarm can be triggered. However, disturbances, such as those caused bymodel uncertainty, affect the behavior of the residuals and therefore the performanceof the diagnostic system. Fault detection becomes a matter of security when appliedin multi-agent systems, since their distributed nature offers adversaries possibilitiesto attack the system.This thesis considers disturbances caused by model uncertainty which is often en-countered during implementation. Their influence on a model-based fault detectionand isolation scheme in multi-agent systems is analyzed and an evaluation tech-nique for the residuals is proposed. Different attack scenarios are considered andtheir influence on the residuals will be discussed. Finally, experimental results cir-cumstantiate the proposed approaches.

ZusammenfassungZusammenfassungZusammenfassung

Diagnosesysteme in modelbasierenden Fehlererkennungs- und Fehlerlokalisierungsme-thoden basieren oft auf Residuen. Sobald diese großer als ein vorher festgelegterWert werden, kann ein Alarm ausgelost werden. Storungen, wie sie zum Beispieldurch Modelunsicherheiten verursacht werden, verandern das Verhalten der Residuen.Wendet man Fehlererkennungs- und Fehlerlokalisierungsmethoden in MultiagentenSystemen zur Angriffsdetektion an, so wird die Zuverlassigkeit des Diagnosesystemszu einem Sicherheitsfaktor. Außerdem bietet die dezentrale Natur von MultiagentenSystemen unterschiedliche Angriffsmoglichkeiten fur Feinde auf das Verhalten vonResiduen einzuwirken.Diese Diplomarbeit betrachtet Storungen, die durch Modelunsicherheiten verursachtwerden und bei der Implementierung von modelbasierenden Techniken vorkommenkonnen. Ihre Auswirkungen auf die vorgestellte Fehlererkennungs- und Fehler-lokalisierungsmethode wird analysiert und ein Diagnosesystem prasentiert. Ver-schiedene Angriffsszenarien werden vorgestellt und das Verhalten der Residuen wirddiskutiert. Abschließend werden alle diskutierten Verfahren anhand von Experi-menten veranschaulicht.

2

I would like to express my gratitude to my examiner Henrik Sandberg as well asmy supervisors Andre Teixeira and Iman Shames who gave me the possibility todo this thesis at the Royal Institute of Technology in Stockholm. They trulysupported me at any time and always let me gain experience out of their rich

resource of knowledge.Furthermore, I want to thank the School of Electrical Engineering of the RoyalInstitute of Technology for providing all necessary experimental equipment.

Last, but by no means least, I want to thank Prof. Dr. Martin Buss as well asStefan Sosnowski who gave me the chance to do this thesis abroad.

Thank you very much!

Thoralf A. Schwarz

CONTENTS 3

Contents

1 Introduction 5

1.1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51.2 Problem Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61.3 Notations and Definitions . . . . . . . . . . . . . . . . . . . . . . . . 61.4 Related Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71.5 Contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101.6 Structure of the Thesis . . . . . . . . . . . . . . . . . . . . . . . . . . 10

2 Theoretical Background 13

2.1 Multi-Agent System . . . . . . . . . . . . . . . . . . . . . . . . . . . 132.2 Theory and Design of Unknown Input Observer . . . . . . . . . . . . 162.3 Fault Detection and Isolation in Multi-Agent Systems . . . . . . . . . 21

2.3.1 The Principle . . . . . . . . . . . . . . . . . . . . . . . . . . . 212.3.2 UIO in MAS . . . . . . . . . . . . . . . . . . . . . . . . . . . 232.3.3 Residual Evaluation . . . . . . . . . . . . . . . . . . . . . . . 262.3.4 Simulation Example . . . . . . . . . . . . . . . . . . . . . . . 27

2.4 Tustin Approximation . . . . . . . . . . . . . . . . . . . . . . . . . . 29

3 Model Uncertainty Analysis 31

3.1 Residual Generator with Model Uncertainty . . . . . . . . . . . . . . 323.2 Threshold Definition and Computation . . . . . . . . . . . . . . . . . 333.3 Threshold Generator . . . . . . . . . . . . . . . . . . . . . . . . . . . 373.4 Simulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

4 Attack Scenarios 45

4.1 Knowledge and Resources . . . . . . . . . . . . . . . . . . . . . . . . 454.2 Bias Injection Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . 474.3 Replay Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494.4 Attack Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

5 Experiments 53

5.1 Bias Injection Attack on Triangle Topology . . . . . . . . . . . . . . . 575.2 Replay Attack on Triangle Topology . . . . . . . . . . . . . . . . . . 615.3 Bias Injection Attack on Line Topology . . . . . . . . . . . . . . . . . 64

4 CONTENTS

5.4 Replay Attack on Line Topology . . . . . . . . . . . . . . . . . . . . . 66

6 Summary 71

List of Figures 73

A Matrices 75

A.1 Example 2.3.4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75A.2 Example 3.4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78A.3 Experiments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

A.3.1 Triangle Topology . . . . . . . . . . . . . . . . . . . . . . . . . 81A.3.2 Line Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

B Mathematical Tools 85

B.1 The S-procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

Bibliography 87

5

Chapter 1

Introduction

This chapter starts with a motivation for cyber security in multi-agent systems(MAS) and continues with the problem statement. It also mentions the contributionsof this thesis. Also, it will give notations and definitions which are going to be validthroughout the report. It concludes with a discussion about related work.

1.1 Motivation

MAS belongs to the latest generations of intelligent systems and can be generallyconsidered as a network composed of multiple interacting agents. The task which hasto be accomplished by its members may vary on the different fields of study in MAS.However, they all have in common the basic approach of distributing a problem inorder to increase scalability or flexibility to solve a problem. This thesis deals withconsensus and cooperation in networked multi-agent systems. Nowadays, it receivesan enormous research attention and increasing demand for its applications such assmart grids, unmanned aerial vehicles (UAV), autonomous underwater vehicles orvehicle platooning. The agents are using wired or wireless communication channelsto exchange information. Their behavior is strongly depending on these data whichhave been considered as absolutely secure so far. However, a recent incidence1 justgave a prime example of how vulnerable these systems. It happened in December2011 when Iran’s military were able to capture an US drone by attacking the com-munication network. This example had no effect on the public, but visualizes thevulnerability of MAS. The consequences of a cyber attack on power networks whichis connected to a nuclear power plant would be hard to assess. Recent research re-sults [STSJ10, TSJ10] proposed an observer approach to meet the emerged demandof security in MAS. A model-based fault detection and isolation (FDI) diagnosissystem was presented to identify attacks on the network. The detection is generallycarried out by evaluating a discrepancy function with respect to certain thresholds.

1http://thelede.blogs.nytimes.com/2011/12/15/amid-claims-of-more-captured-drones-a-report-on-their-vulnerability/

6 CHAPTER 1. INTRODUCTION

The choice of these limits has a great impact on the performance of the FDI diag-nosis system. Thus, further investigations are needed to give constraint of how tochoose the thresholds regarding disturbances and model uncertainty.

1.2 Problem Statement

Distributed FDI techniques for MASs under cyber attacks is an emerging researchfield. It covers the demand for more security in networks composed of intelligentsystems. An essential key element is the setting of performance parameters whichinfluence the sensitiveness of the detection process. Well adjusted parameters con-tribute to the robustness of the distributed FDI scheme and guarantee reliability.However, since benign disturbances and model uncertainty affect the diagnosis pro-cess, the question arises how to adjust the parameters in those cases. Moreover,it is important to understand the influences of different attacks on the MAS andhow they affect the FDI process. Thus, by analyzing the effects of disturbances anddifferent attack scenarios on the distributed FDI technique, one can understand theresulting behavior and can make the diagnosis process robust.

1.3 Notations and Definitions

This section is going to introduce several notations and definitions which are goingto be used throughout the whole report.

Convention 1.3.1 (Faults and Attacks)The meaning of the term fault in this thesis will be enlarged by the perception thatan attacker on a MAS also causes an unexpected behavior when he tries to takeadvantage of a member of the network. It is of the same degree of interest and canalso be detected.

Convention 1.3.2 (Scalars, Vectors, Matrices and Sets)A capital bold letter is representing a matrix while a lowercase bold letter stands fora vector of a certain size. A scalar is represented either by a lowercase or uppercaseletter which is not bold while a capital non-bold letter can also stand for a set.

Convention 1.3.3 (Identity Matrix and Zero Matrix)The capital bold letter IIIn is reserved for the identity matrix where n ∈ N refers tothe dimension. Likewise, the bold number 000m is reserved for a square matrix of thedimension m ∈ N where all entries are zero. Moreover, the matrix 000r×c denotes anon-square zero matrix with r ∈ N rows and c ∈ N columns.

Convention 1.3.4 (Definite Matrix)Let AAA refer to a (n× n) quadratic matrix of a certain dimension. The matrix AAA issaid to be

1.4. RELATED WORK 7

i.I) positive definite, if and only if xxxTAAAxxx > 0

i.II) positive semi-definite, if and only if xxxTAAAxxx ≥ 0

i.III) negative definite, if and only if xxxTAAAxxx < 0

i.IV) negative semi-definite, if and only if xxxTAAAxxx ≤ 0

is fulfilled for any n-dimensional column vector xxx 6= 000. Moreover,

ii.I) xxxTAAAxxx > 0⇔ AAA ≻ 0

ii.II) xxxTAAAxxx ≥ 0⇔ AAA � 0

ii.III) xxxTAAAxxx < 0⇔ AAA ≺ 0

ii.IV) xxxTAAAxxx ≤ 0⇔ AAA � 0

Convention 1.3.5 (Matrix Elements)Let AAA be a matrix of a certain dimension. Then [AAA]ij refers to the matrix elementof AAA which is in the ith row and jth column of AAA.

Later in this report, the term ”residual” is going to be used several times.

Definition 1.3.1 (Residual)A residual r ≥ 0 in the sense of this report is either a time-continuous or time-discrete function which is defined as the absolute value of the discrepancy of a certainvalue w and its expected value v. If www and vvv are vectors of the same dimension theresidual becomes the euclidean norm of the discrepancy of www and vvv.

1.4 Related Work

This section is going to to describe related work beginning with FDI techniques ingeneral and ending with robust residual generation and evaluation with respect tomodel uncertainty as well as cyber attacks in MAS. The different FDI approacheswill be classified by model-free and model-based techniques.

Model-Free ApproachesModel-Free ApproachesModel-Free ApproachesAs the name suggests, model-free techniques are not relying on a system model.They are solely using sensor measurements and input data. For instance, the ap-proach proposed in [ZD07] uses this information to design an observer based residualgenerator. Clearly, it can be noted as an advantage that this approach does not needa model of the system. However, it needs historical data in normal and faulty situ-ations.


System

Unknown Inputs ddd(t)

Observer

ResidualGenerator

ResidualEvaluator

Known Inputs uuu(t) Measurements yyy(t)

State Estimates xxx(t)

Residuals rrr(t)

Diagnostics

Figure 1.1: Observer-based Approaches

Model-Based ApproachesModel-Based ApproachesModel-Based ApproachesModel-based approaches rely on a system model to obtain a nominal system be-havior. Therefore, it is possible to compute a residual to measure the discrep-ancy between the actual states and a state estimation for detecting and isolationfaults. However, not all methods consider an explicit state estimation computation,e.g. parity relation approaches. They generate the residuals directly while observerbased approaches explicitly compute a state estimation to obtain a function of thediscrepancy. Figure 1.1 illustrates components used in observer based methods.

Figure 1.2 shows the components used in parity relation approaches. The processafter the residual generation is similar to the observer based approaches. A detaileddesign procedure for fault detection and isolation using a parity relation approachcan be found in Gertler and Monajemy (1995).

While the residual generation belongs more to the preliminary work in fault de-tection and isolation approaches, the residual evaluation is the actual place wherethe decision is taken if a fault is detected. However, a robust residual generatorcan keep the complexity of the residual evaluator low by suppressing any influenceswhich disturb fault detection process. In other words, the better the discrepancyfunction can be interpreted, the easier it is to identify faults. Unfortunately, the be-havior of residuals is generally subjected to noise, model uncertainty and any otherdisturbances. Thus, a general optimization criterion for robust FDI is

1.4. RELATED WORK 9

System


ResidualGeneration

ResidualEvaluator


Residuals rrr(t)

Diagnostics

Figure 1.2: Parity Relation Approaches

minResGen(s)

||GGGrd(s)||||GGGrf(s)||

where GGGrd(s) ∈ Cn refers to the transfer functions from any unwanted disturbances

like noise and model uncertainty to the residuals and GGGrf(s) ∈ Cm denotes the

transfer functions from the faults to the residuals. Different definitions for || · ||have been proposed. The function ResGen(s) is the residual generator. One canexpress the equation above in words by saying that the residual generator optimizesthe problem of minimizing the influences of unwanted disturbances on the residualswhile maximizing the impact of faults. This yields robustness against disturbancesand sensitiveness to faults. Techniques which show robustness against uncertaintyare well discussed in [Din08] and motivate also the methods proposed in this thesis.A slightly different optimization criterion is the base of another approach proposedin [Fri01]:

minResGen(s)

||r − f ||2||d||2

where r, f and d denote to the residual, fault and unwanted disturbances like modeluncertainty, respectively. The author of [Fri01] also introduced a reference modelwhich describes the behavior of the residuals with consideration of faults. Themodel was used to obtain a performance index to evaluate absolute performance.Here, both approaches become similar, since both techniques use threshold functionsinstead of a constant threshold to evaluate the residuals.


Cyber AttacksCyber AttacksCyber AttacksCyber and physical attacks on networked control systems have already been consid-ered before. In [TSJ10] the authors considered cyber attacks on node dynamics aswell as on out-going communication channels in the continuous time domain. Theyproposed a distributed UIO-based scheme to detect, isolate and identify attacks onthe network. This approach is also used in this thesis. Moreover, they mentioned atechnique to reduce the number of monitored nodes. The authors of [PDB11] con-sidered cyber-physical attacks on a power networks. They proposed an approach todetect and identify network components malfunctions as well as measurement cor-ruption caused by an omniscient adversary. In contrast to the technique discussed in[TSJ10], attack detection is performed by using a Static Detector. This means thatthe detector uses the network measurements to check for the presence of attacksat some predefined instants of time, and without exploiting any relation betweenmeasurements taken at different time instants. Moreover, the authors also consid-ered different attack natures like bias injection or replay attack. The work [TPSJ12]also discussed cyber-physical attacks on networked control systems. The authorsdefined certain kinds of knowledge and resources which were assigned to differentadversaries in attack scenarios. It also discussed bias injections and replay attacksas well as taking advantage of zero dynamics. The attack detection is guaranteedusing a Kalman-filter-based anomaly detector.

1.5 Contributions

This thesis is going to discuss cyber attacks on MAS. An approach for FDI in MASis going to be presented which was published recently in [STSJ10]. The main aim ofthis thesis is to analyze the performance of the FDI technique in the presence of dataattacks on the distributed controllers. Moreover, distributed detection techniquesare going to be implemented and analyzed for different attack scenarios. Thus, themain contributions are going to be

• Performance analysis of a model-based distributed fault detection and isolationscheme for multi-agent systems

• Model uncertainty analysis for residual evaluation in multi-agent systems

• Consideration of possible attack scenarios in multi-agent systems

• Implementation and analysis of a model-based fault detection and isolationscheme for multi-agent systems under different attack scenarios

1.6 Structure of the Thesis

Chapter 2 starts with the theoretical background by introducing mathematical toolsand techniques which are used later. It begins with a definition of a MAS dynamic

1.6. STRUCTURE OF THE THESIS 11

and continues with the theory and design of unknown input observer. Afterwards,a fault detection and isolation technique in MAS is presented and a mathematicaldiscretization tool is introduced. Section 3 carries out an uncertainty analysis bydiscussing its influences on the FDI diagnostic process. A threshold definition isgiven and a residual evaluator is proposed. Section 4 introduces different attackscenarios which are going to be used in Section 5 for the experiments to illustratethe performance of the proposed residual evaluator in practice. The report concludeswith a summary.

13

Chapter 2

Theoretical Background

2.1 Multi-Agent System

Let N ∈ N>0 be the number of interconnected nodes or agents and let G(V ,E ) bethe underlying graph. The symbol V = {1, ..., N} represents the vertex set andE ⊆ V ×V is the edge set of the graph. The term edge refers here to a bidirectionalconnection between vertices. The neighborhood set of node i ∈ V is defined byNi = {j ∈ V : {i, j} ∈ E } and the set of neighbors and node i itself is ˜Ni = {i}∪Ni.The set L ⊂ V is the leader set. The term leader refers to a member of the networkwhich is controlled by the consensus law as well as some external inputs. The termfollower refers to a member of the network which is only controlled by the consensuslaw. The weighted symmetric adjacency matrix with nonnegative elements is givenby AAA+ ∈ R

N×N . The value [AAA+]ij is equal to 1 if {i, j} ∈ E and equal to 0 if{i, j} 6∈ E . The diagonal degree matrix is given by DDD ∈ R

N×N . If i ∈ V than thematrix element of DDD which is in the ith row and the ith column is equal to |Ni|.The symmetric positive semi-definite Laplacian matrix LLL ∈ R

N×N of graph G(V ,E )

is defined by

LLL =DDD −AAA+ (2.1)

Remark 2.1.1 The Laplacian matrix for connected graphs has one eigenvalue equalto zero. The second smallest eigenvalue is called the algebraic connectivity or Fiedlervalue.

Example 1Example 1Example 1The MAS equation which are used in the simulation examples are introduced here.The system behavior of all members of the example system G(V ,E ) is equal and isfully described by the following altitude dynamics of a rigid body:

xi(t) = −g + wi(t)

where xi(t), g and wi(t) are the altitude in meters, the acceleration due to gravity inms2

and the vertical thrust as the input in ms2

of agent i ∈ {1, ..., N}, respectively. All

14 CHAPTER 2. THEORETICAL BACKGROUND

agents are supposed to reach consensus on their altitude while one of them is alsocontrolled by a proportional controller (P-controller). That one with the P-controlleris called the leader while the others are called followers. The general control law forthe ith agent is given by

wi(t) = −kixi(t) +∑

j∈Ni

γij(xj(t) − xi(t)) + pi(u(t) − xi(t)) + g (2.2)

where the scalars u(t), ki, γij and pi are a set point function and control parameters,respectively and

pi =

{

pl, if i ∈ L

0, if i 6∈ L

The scalar pl is the proportional gain for the additional controller of the leader. Theclosed-loop MAS dynamics can be described by

xxx(t) = AAAxxx(t) +BBBu(t)

yyy(t) = CCCxxx(t)

(2.3)

where xxx(t) ∈ R2N is the state vector in the form [x1(t), ..., xN(t), x1(t), ..., xN(t)]

T inmeters and m

s, respectively. The scalar function u(t) in meters refers to the input

of the MAS which is a designated altitude. The vector yyy(t) ∈ R2N is the output of

this system. Let agent 1 always be the leader for all simulations, then L = {1}.The state matrix AAA ∈ R

2N×2N , the input matrix BBB ∈ R2N×1 and the output matrix

CCC ∈ R2N×2N are given by

AAA =

[

000N IIINLLLmod KKK

]

, BBB =

[

000N×1bbb

]

, CCC = III2N

where

LLLmod = LLL−[

pl 0001×N−1000N−1×1 000N−1×N−1

]

, bbb =

[

1000N−1×1

]

, KKK =

k1. . .

kN

Note that KKK is a diagonal matrix. The simulations and later experiments are goingto consider two different topologies. Due to its appearances, the first one is calledtriangle and the second one is called line topology.

2.1. MULTI-AGENT SYSTEM 15

Figure 2.1: Triangle Topology

Figure 2.2: Line Topology

According to the control law (2.2) the agents need to exchange their altitude stateonly. However, due to the FDI approach which is introduced later, all members ofthe system transmit their altitude and vertical velocity to its neighbors. The reasonis that an UIO cannot detect a fault in a state which is not observed. This will bediscussed in Section 2.2.Note that the approach introduced in Section 2.3 designs observer using the globalMAS model. However, it is pointed out that the FDI technique recently proposed in[STSJ12] is able to detect attacks without using the global MAS dynamics consid-ering the whole topology. An imprecise network model is used to design the UIOs.The interested reader is referred to [STSJ12]. Since this is out of the scope of thisthesis, all observer in this report are designed using the global network model.The parameters of the closed-loop system are fixed for all simulations and chosen asfollowed: N = 3, ki = 2 ∀i ∈ V , γij = 1 ∀{i, j} ∈ E and pl = 1. The performanceis illustrated by the step response of the system (2.3) in the next two plots. Thefirst simulation is based on a triangle topology which is also called a fully connectedgraph. The second one is using a line topology where agent 2 is in the middle. Thecomplex eigenvalues of each respective state matrix are

Table 2.1: Eigenvalues of the MAS using a triangle or a line topologyTriangle Line-1 + 1.65 -1+1.50i-1 - 1.65 -1-1.50i-0.144 -0.104-1.86 -1 + 0.745

-1 + 1.41 -1 - 0.745-1 - 1.41 -1.90

Since the real parts of all eigenvalues are smaller than zero, both MASs are stable.Moreover, it can be seen in Figure 2.3 and 2.4 that the agents reach consensus forboth topologies.


0 5 10 15 20 25 30 35 40 45 500

0.2

0.4

0.6

0.8

1

t in s

x1(t) in cmx2(t) in cmx3(t) in cm

Figure 2.3: Step Response of the MAS given in (2.3) with N = 3 Agents and aTriangle Topology

In Figure 2.3, the first states of agent 2 and 3 are congruent because they aresymmetrically with respect to the leader.

0 5 10 15 20 25 30 35 40 45 500

0.2

0.4

0.6

0.8

1

t in s


Figure 2.4: Step Response of the MAS given in (2.3) with N = 3 Agents and a LineTopology

In Figure 2.4, it can be seen that agent 2 (green) is following agent 1 (blue). More-over, agent 3 (red) is following agent 2 (green).

2.2 Theory and Design of Unknown Input Ob-

server

This section introduces a technique which is very common in model-based FDI. Sinceit has been well studied in the past, it mainly introduces Section 2.3 of Chen andPatton (1999). Let us consider the linear time-invariant system in (2.4) as given.

2.2. THEORY AND DESIGN OF UNKNOWN INPUT OBSERVER 17

xxx(t) = AAAxxx(t) +BBBuuu(t) +EEEddd(t)

yyy(t) = CCCxxx(t)

(2.4)

where xxx(t) ∈ Rn is the state vector, uuu(t) ∈ R

r is the known input vector, ddd(t) ∈ Rq

is the unknown input vector and yyy(t) ∈ Rm is the measured output vector. AAA, BBB, CCC

and EEE are known matrices with appropriate dimensions and the matrix EEE is assumedto have full column rank. EEE can also be considered as the disturbance matrix, sinceit contains information about the unknown disturbance vector ddd(t) which affects thesystem.

Definition 2.2.1 (Unknown Input Observer (UIO))An observer is defined as an unknown input observer for the system described byequation (2.4), if its state estimation error vector eee(t) approaches zero asymptotically,regardless of the presence of unknown inputs d(t) (disturbance) in the system.

The structure for a full-order UIO is described by

zzz(t) =FFFzzz(t) + TTTBBBuuu(t) +KKKyyy(t)

xxx(t) =zzz(t) +HHHyyy(t)(2.5)

where zzz(t) ∈ Rn is the state vector of the UIO, uuu(t) is the known input and yyy(t) is

the measured output vector of the LTI system given in (2.4). The vector xxx(t) ∈ Rn

is the estimated state vector. The matrices FFF, TTT, KKK and HHH are designed to stabilizethe UIO and to decouple the unknown inputs. The state estimation error is givenby

eee(t) = xxx(t) − xxx(t) (2.6)

Decoupling can be reached if the conditions from (2.7) to (2.11) can be kept true.

KKK =KKK1 +KKK2 (2.7)

FFF = (AAA−HHHCCCAAA−KKK1CCC) (2.8)

TTT = III −HHHCCC (2.9)

KKK2 = FFFHHH (2.10)

000 = (HHHCCC − III)EEE (2.11)

The dynamics of the state estimation error will become like given in (2.12).

eee(t) = FFFeee(t) (2.12)

If the matrix FFF is stable, eee(t) will go to zero asymptotically and the state estimatestrack the real states regardless of the presence of the unknown input.


Lemma 2.2.1 (From [CP99]) Equation (2.11) is solvable if and only if:

rank(CCCEEE) = rank(EEE) (2.13)

and a special solution is:

HHH = EEE[(CCCEEE)TCCCEEE]−1(CCCEEE)T (2.14)

Proof (From [CP99]) : Necessity: When equation (2.11) has a solution HHH, one hasHHHCCCEEE = EEE or

(CCCEEE)THHHT = EEET (2.15)

i.e., EEET belongs to the range space of the matrix (CCCEEE)T and this leads to:

rank(EEET ) ≤ rank((CCCEEE)T ) (2.16)

i.e.

rank(EEE) ≤ rank(CCCEEE) (2.17)

However,

rank(CCCEEE) ≤ min{rank(CCC, rank(EEE)} ≤ rank(EEE) (2.18)

Hence, rank(CECECE) = rank(EEE) and the necessary condition is proved.Sufficiency: When rank(CECECE) = rank(EEE) holds true, CECECE is a full column rank matrix(bcause EEE is assumed to be full column rank), and a left inverse of CECECE exists:

(CCCEEE)+ = [(CCCEEE)TCCCEEE]−1(CCCEEE)T (2.19)

Clearly, HHH = EEE (CECECE)+ is a solution to equation (2.11).

� QEDQEDQED

Lemma 2.2.2 Let:

CCC1 =

[

CCC

CACACA

]

(2.20)

then the detectability for the pair (CCC1,AAA) is equivalent to that for the pair (CCC,AAA).Proof: If s1 ∈ C is an unobservable mode of the pair (CCC1, AAA), we have:

2.2. THEORY AND DESIGN OF UNKNOWN INPUT OBSERVER 19

rank

{[

s1III −AAA

CCC1

]}

= rank

s1III −AAA

CCC

CACACA

< n (2.21)

This means that a vector α ∈ Cn will exist such that:

s1III −AAA

CCC

CACACA

α = 0 (2.22)

This leads to:

rank

{[

s1III −AAA

CCC

]}

α = 0 or rank

{[

s1III −AAA

CCC

]}

< n (2.23)

That is to say that s1 is also an unobservable mode of the pair (CCC,AAA).If s2 ∈ C is an unobservable mode of the pair (CCC,AAA), we have:

rank

{[

s2III −AAA

CCC

]}

< n (2.24)

This means that a vector β ∈ Cn can always be found, such that:

rank

{[

s2III −AAA

CCC

]}

β = 0 (2.25)

This leads to:

(s2III −AAA)β = CCCβ = 0

CCCAAAβ = CCCs2β = s2CCCβ = 0(2.26)

Hence:

rank{

s1III −AAA

CCC

CACACA

}β =

[

s1III −AAA

CCC1

]

}β = 0 (2.27)

i.e., s2 is also an unobservable mode of the pair (CCC1,AAA).As the pairs (CCC1,AAA) and (CCC,AAA) have the same unobservable modes, their detectabilityis formally equivalent.

Theorem 2.2.1 Necessary and sufficeint conditions for (2.5) to be a UIO for thesystem defined by (2.4) are:

(I) rank(CECECE = rank(EEE)


(II) (CCC,AAA1) is a detectable pair, where

AAA1 = AAA−EEE[(CECECE)TCECECE]−1(CECECE)TCACACA (2.28)

Proof: Sufficiency: According to Lemma 2.2.1, the equation (2.11) is solvable when

condition (I) holds true. A special solution for HHH is HHH⋆ = EEE[(CECECE)TCECECE]−1(CECECE)T .In this case, the system dynamics matrix is:

FFF = AAA−HCAHCAHCA−AAA1CCC = AAA1 −KKK1CCC (2.29)

which can be stabilized by selecting the gain matrix KKK1 due to the condition (II). Fi-nally, the remaining UIO matrices described in (2.5) can be calculated using equation(2.7) - (2.11). Thus, the observer (2.5) is a UIO for the system (2.4).

Necessity: Since (2.5) is a UIO for (2.4), equation (2.11) is solvable. This leads tothe fact that condition (I) hold true according to Lemma 2.2.1. The general solutionof the matrix HHH for equation (2.11) can be calculated as:

HHH = EEE(CECECE)+ +HHH0[IIIm −CECECE(CECECE)+] (2.30)

where HHH0 ∈ Rn×m is an arbitrary matrix and (CECECE)+ is the left inverse of CCC whichis:

(CECECE)+ = [(CECECE)TCECECE]−1(CECECE)T (2.31)

Substituting the solution for HHH into equation (2.12), the system dynamics matrix FFFis:

FFF = AAA−HCAHCAHCA−KKK1CCC

= [IIIn −EEE(CECECE+CCC]AAA−[

KKK1 HHH0

]

[

CCC

[IIIm −CECECE(CECECE)+]CACACA

]

= AAA1 −[

KKK1 HHH0

]

[

CCC

CCCAAA1

]

= AAA1 −KKK1CCC1

(2.32)

where

KKK1 =[

KKK1 HHH0

]

and CCC1 =

[

CCC

CCCAAA1

]

(2.33)

Since the matrix FFF is stable, the pair (CCC1,AAA1) is detectable, and the pair (CCC,AAA) alsois detectable according to Lemma 2.2.2.

2.3. FAULT DETECTION AND ISOLATION IN MULTI-AGENT SYSTEMS 21

2.3 Fault Detection and Isolation in Multi-Agent

Systems

This section introduces techniques for FDI in MAS which are proposed in [STSJ10,TSJ10]. The principle will be explained in detail and its performance is describedwith simulation results.

It is reasonable to give a definition for ”misbehavior” or ”fault” of a MAS withrespect to cyber attacks. According to Chen and Patton, a ”[...] ’fault’ is to beunderstood as an unexpected change of the system function. [...]”1. Moreover, theymention that a fault diagnosis system has to fulfill three tasks1. These tasks aregoing to be adopted for a MAS with respect to cyber attacks as followed:

• Fault detection:Fault detection:Fault detection: to make a binary decision if a member of a MAS is attacked

• Fault isolation:Fault isolation:Fault isolation: to determine which member of a MAS is attacked

• Fault identification:Fault identification:Fault identification: to identify the nature of the attack

Besides the states of each agent, there is one more piece of information needed whichis global. Every agent needs to know the control signal uuu(t) of the MAS to be ableto detect and isolate faults. This assumption is satisfied by the fact that each agentneeds a reference to be able to distinguish between a behavior caused by an attackor by an authorized command. In MAS with insecure communication channels thenumber of sensitive data which has to be exchanged among the agents is reducedto this signal. The word sensitive refers here to the meaning that malicious data ina channel could remain undetected. It is logical to make the following assumptionwhich is going to be valid throughout the rest of this report. At the same time,it can also be considered as a limitation of the functionality of the FDI diagnosissystem which is discussed in this thesis.

Assumption 2.3.1 The control signal uuu(t) is assumed to be not attackable at anytime t.

2.3.1 The Principle

The concept of UIO introduced in Section 2.2 is going to be used for detectingcyber attacks on MAS. Each UIO used for the FDI technique which is discussedin this report observes the full-order MAS model. Furthermore, each agent has asmany UIOs as neighbors plus one extra for itself whereby each of them is insensitiveto faults in the states of one neighbor and the extra one to the agent itself. Thisaccumulation of UIOs at a node is called observer bank and allows each agent to

1Chen, J. / Patton, R. J.: Robust Model-based Fault Diagnosis for Dynamic Systems, 1999,Page 2


isolate an attack. Due to the amount UIOs at an observer bank, the followingconvention is introduced. The expression UIOij refers to the UIO at agent i ∈ V

which is insensitive to node j ∈ Ñ . Figure 2.5 illustrates all components which areinvolved in the FDI diagnosis process at agent i.

The vector xxxj(t) ∈ R2|Ni| is the states of all neighbor of agent i while uuu(t) refers to

the inputs of the MAS. Each node is equipped with a controller, an observer bank, aresidual generator, a residual and the possibility to trigger an alarm. The observerbank is of the size n = | Ñ | and j1, jn ∈ Ñ = N ∪ i. The dynamics of the UIOij

at agent i which is insensitive to faults in j ∈ Ñ are

zzzj

i(t) = FFFjizzz

j

i(t)TTTjiBBBuuu(t)KKK

jiyyy(t)

xxxj

i(t) = zzzj

i(t) +HHHjiyyy(t)

uuu(t)

xxxj(t)

ControllerAgentSystem

ResidualGenerator

ResidualEvaluator

AlarmTrigger

UIOj1

UIOjn

...

ObserverBank

wwwi(t) xxxi(t)

xxxij1(t)

xxxijn(t)

rrri(t)

Figure 2.5: Schematic illustration of the FDI diagnosis System at each agent

Each UIOij computes a full-order state estimation xxxij(t) for the MAS. These infor-mation are fed to the residual generator.

Definition 2.3.1 Let xxxk ∈ Rz and yyyk ∈ R

z be any column vectors and k ∈ {1, ...,m}be a subscript. Moreover, RRR ∈ R

m×z be a matrix of the form RRR = [xxx1, ...,xxxm]T


and MMM ∈ Rm×z be a matrix of the form MMM = [yyy1, ..., yyym]

T . A residual generatorResGen(RRR(xxx1,...,xxxm),MMM (yyy1,...,yyym)) is defined by

ResGen : [xxx1 − yyy1, ...,xxxm − yyym] 7→ [||xxx1 − yyy1||, ..., ||xxxm − yyym||]T

The residual generator ResGen(·) computes a vector rrri(t) ∈ R|Ni| of the euclidean

norms of the state estimation error vectors of each UIO. Afterwards, this vector isfed to the residual evaluator.

Definition 2.3.2 Let xxx ∈ Rm be any column vector and ΘΘΘ ∈ R

m. A residual eval-uator ResEv(xxx,ΘΘΘ) is a decision maker with a positive integer output that satisfies

ResEv :

[xxx]k ≤ [ΘΘΘ]k, ∀k ∈ {1, ...,m} 7→ 0

[xxx]k < [ΘΘΘ]k,

[xxx]j ≥ [ΘΘΘ]j,

}

∀k 6= j ∈ {1, ...,m} 7→ k(2.34)

The residual evaluator processes the information received from the residual gener-ator. If all residuals at the observer bank at agent i lower as or equal to a certainthreshold, then there is no attack on the neighbors of i detected. This is equal tothe fact that all UIOs at agent i are able to estimate the states of each agent inthe network as well as itself. In case of an attack on an agent f 6= i, f ∈ Ni, theUIOs at agent i are just partly able to follow the states. Since only the UIOif isinsensitive to attacks on agent f, the residual [rrri(t)]f goes to zero while all the otherresiduals are becoming greater depending on the nature and the intensity of theattack. Then an alarm at agent i is triggered if and only if

ResEv(rrri(t),ΘΘΘi) > 0

where ΘΘΘi is a constant vector of the same dimension as rrri(t) with certain thresholds.Isolation of the faulty node in this context is achieved by the value of ResEv(rrri(t),ΘΘΘi)which gives the number of the attacked agent.

2.3.2 UIO in MAS

Subsection 2.3.1 presented the principle of the FDI technique in MAS using anobserver bank. In the next steps, only one UIO is considered and conditions forits existence and attack detectability are provided. For the ease of notation, thesubscript i is dropped in this subsection. Moreover, since the next explanation isgoing to consider only one UIO, the subscript j is almost always dropped in thissubsection as well, with exception of the disturbance matrix. The design principleis exactly the same and the difference is merely a change in the disturbance ma-trix which justifies the exception. A schematic illustration of what is going to beconsidered in this subsection is shown below.


MAS


UIO


State Estimates xxx(t)

Figure 2.6: Schematic illustration of an UIO observing a System

The system is driven by the known inputs uuu(t) as well as an unknown disturbancevector ddd(t). The UIO is able to estimate the states of the system despite the presenceof the unknown input. However, before looking at the UIO, the equation of thesystem is described more detailed. Let the system be the same as given in (2.3).The equation in presence of unknown inputs becomes

xxx(t) = AAAxxx(t) +BBBu(t) +QQQddd(t)

yyy(t) = CCCxxx(t)

(2.35)

where ddd(t) is the unknown input of a certain dimension and QQQ is the disturbancematrix with appropriated dimension. It is pointed out that the matrix CCC is equalat each observer bank but may vary among the agents. This is because each agentreceives just the measurements of its neighbors. As mentioned before, the UIOs

vary in which QQQ was used in the design process. For the purposes of the next steps,the matrix QQQ is going to be defined by

QQQ = QQQ−j +QQQj

It is recalled that the agent systems are of a second-order nature and that the statevector xxx(t) of the MAS is ordered as defined in Section 2.1. The matrix QQQ−j is the QQQmatrix where the jth and (N + j)th rows and columns are set to zero and QQQj is theQQQ matrix where all elements are set to zero with exception of the jth and (N + j)th

rows and columns.As mentioned in Section 2.2, an UIO is generally given by

zzz(t) =FFFzzz(t) + TTTBBBuuu(t) +KKKyyy(t)

xxx(t) =zzz(t) +HHHyyy(t)(2.36)

The important step during the design process is the choice of the disturbance matrixwhich is considered by the UIO. It determines which states can be affected by the


unknown input without compromising the state estimation. However, it also affectsthe existence of the UIO and the ability to detect a fault. Since QQQj does not havefull column rank, a decomposition is made:

QQQj = QQQj1QQQj2 (2.37)

where QQQj1 ∈ R2N×2 has full column rank now and QQQj2 ∈ R

2×2N has full row rank.The UIO is made insensitive to faults respectively attacks to neighbor j by settingEEE = QQQj1. According to Section 2.2 the necessary and sufficient conditions forexistence and detectability are:

(I) rank(CCCQQQj1) = rank(QQQj1)

(II) (CCC,AAA1) is a detectable pair, where

AAA1 = AAA−QQQj1[(CQCQCQj1)TCQCQCQj1]

−1(CQCQCQj1)TCACACA

As mentioned before, the CCC matrices may vary which depends on the topology. Eachagent has access to the measurements of its neighbors as well as to his own. Thus,the output matrix CCC i ∈ R

2|Ni|×2N of the residual generator at agent i is of the form

[CCC i]jj

{

1, if j ∈ ˜Ni

0, elseand [CCC i](j+N)(j+N)

{

1, if j ∈ ˜Ni

0, else

Note that the form of CCC i is due to the second-order nature of the considered systemsand because of the arrangement of the states of the MAS. The proof for condition I)and II) for both topology can be found in [STSJ10]. The subscript i is now droppedagain.The outputs of the UIO are the state estimates xxx(t) ∈ R

2N . The states of allneighbors and xxx(t) are fed to the residual generator which calculates the estimationerror and the residuals.

eee(t) = xxx(t) − xxx(t)

rrr(t) = CCCeee(t)(2.38)

where eee(t) ∈ R2N is the estimation error, CCC is the output matrix and rrr(t) are the

outputs. By using equation (2.35), (2.36), (2.37) and (2.38) the following expressionfor the estimation error dynamics can be obtained.

eee(t) =xxx(t) − ˙xxx(t)

eee(t) =(AAA−HCAHCAHCA−KKK1CCC)xxx(t) −FFFxxxs(t)

+ (III −HCHCHC − TTT )BBBuuu

+ (FHFHFH −KKK2)yyy

+ (III −HCHCHC)QQQj1QQQj2ddd(t) + (III −HCHCHC)QQQ−jddd(t)

(2.39)


whereKKK =KKK1+KKK2. The last line in (2.39) is the disturbance part of the estimationerror dynamics. Decoupling of a fault in the states of a neighbor can be reached ifsomeone can make the following relations kept true:

FFF = AAA−HHHCCCAAA−KKK1CCC (2.40)

TTT = III −HHHCCC (2.41)

KKK2 = FFFHHH (2.42)

000 = (HHHCCC − III)QQQj1 (2.43)

The estimation error dynamics become

eee(t) = FFFeee(t) − TTTQQQ−jddd(t)

rrr(t) = CCCeee(t)(2.44)

Equation (2.44) shows how the state estimation error is affected by the unknowninput. Because of the special form of QQQ−j the dynamics of eee(t) are not a function ofunknown disturbances in the states of a certain neighbor. Thus, the state estimationof this special UIO is going to show a much better performance regarding the stateestimation than the other UIOs in the observer bank which are affected by theattack.This subsection showed exemplary on one UIO how all UIOs in the network haveto be designed to detect and isolate attacks on the MAS. The next subsection isgoing to analyze the residuals more detailed.

2.3.3 Residual Evaluation

Each node has as many residuals to evaluate as neighbors plus one. In case of noattack on the MAS all residuals approach zero. When the neighbor j of agent i

gets attacked the residuals [rrri(t)]l ∀l 6= j of all the other neighbors become greaterthan a certain threshold while [rrri(t)]j goes to zero. According to the definition of anresidual evaluator, this is equal to

ResEv(rrri(t),ΘΘΘi) = 0 no attack

ResEv(rrri(t),ΘΘΘi) = j attack detected

where Θj ∈ R>0 is an isolated threshold vector. Thus, an attack on the MAS canbe detected and isolated. The procedure in this section can be summarized in analgorithm:The for-loop in Algorithm 1 is the residual generator while the if-block is the residualevaluation. The first condition is true if the attack is performed on a neighbor ofnode i. All residuals are larger than a certain threshold except one. Thus, the


Algorithm 1 D-FDI of Faulty Nodes at Node i

for k ∈ Ni do

Generate rik(t)end for

if ∃j :∣

∣

∣

∣rij(t)∣

∣

∣

∣ < Θi &∣

∣

∣

∣rik(t)∣

∣

∣

∣ ≥ Θk∀k ∈ Ni\{j} then

Node j is faultyelse if

∣

∣

∣

∣rik(t)∣

∣

∣

∣ ≥ Θk∀k ∈ Ni then

There exists a faulty node l ∈ V \Ni

else if∣

∣

∣

∣rik(t)∣

∣

∣

∣ < Θk∀k ∈ Ni then

There is no faulty node in the network.end if

attack can be isolated. The second case considers all residuals greater than thethreshold. The isolation fails here. However, since the faulty behavior producedby the attacker propagates through the whole topology, the node i could at leastdistinguish its closest neighbors to the attacked node. If all residuals are smallerthen the threshold the MAS is considered to be free of any faults.

2.3.4 Simulation Example

This subsection is going to present a simulation of the FDI technique in MAS in-troduced in the subsections before. The MAS equation given in (2.35) and usingthe triangle topology are considered here. The input u(t) = 1 m is constant for thewhole simulation while the initial states are

xxx(0) =[

1.20m 0.75m 0.30m 0ms

0ms

0ms

]T

0 20 40 60 80 100 120 140 160 180 2000

1

2

3

t in s

[xxx(t)]1 in m[xxx(t)]2 in m[xxx(t)]3 in m

Figure 2.7: FDI in MAS: Altitudes of Agent 1,2 and 3


The attack starts at t = 100 s when the invader injects a bias in the measurementswhich are sent to agent 2. Thus, the residuals insensitive to agent 2 at all observerbanks neighboring agent 2 remain zero. The other residuals which are insensitive toattacks on agent 2 increase.

0 20 40 60 80 100 120 140 160 180 2000

0.2

0.4

0.6

t in s

r11(t) in mr12(t) in mr13(t) in m

Figure 2.8: FDI in MAS: Outputs of the Observer Bank at Agent 1

Figure 2.8 and 2.9 show the output of the observer bank at agent 1 and 3, receptively.Within the first 10s the the observer states of each UIO approaching the actualstates. Thus, the state estimation error decreases as well as the residuals. When theattack starts at t = 100 s the residuals at each observer bank which are insensitiveto faults in agent 2 remain zero while the other residuals increase clearly.

0 20 40 60 80 100 120 140 160 180 2000

0.2

0.4

0.6

t in s

r31(t) in mr32(t) in mr33(t) in m

Figure 2.9: FDI in MAS: Outputs of the Observer Bank at Agent 1

hus, agent 1 and 3 detect the attack. Also agent 2 detects the attack. However,since it is the compromised node, it is considered to be lost here. The node could

2.4. TUSTIN APPROXIMATION 29

be removed from the graph and further actions could be done as a part of the afterattack protocol. Nevertheless, the proposed FDI technique is able to detect theattack.

2.4 Tustin Approximation

During the simulations and experiments the discretization method became an im-portant tool. Thus, it is meaningful to introduce an approach to make the shownexamples and tests more comprehensible. This thesis uses the Tustin approximation[sW97] for solving a differential equation numerically. It is also well know as thebilinear transformation from the s- to the z-domain or the summed trapezium rule.It interpolates a function f in [xi, xi+1] linearly using the values at the borders ofthe interval. This looks geometrically like a trapeze.

x

f(x)

x0 x1 x2 x3 x4

Figure 2.10: Tustin Approximation: partly linear Interpolation

This yields

∫ xi+1

xi

f(x) dx ≈ hf(xi) + f(xi+1)

2(2.45)

where h ∈ R is the step length.

Remark 2.4.1 In comparison to the forward or backward Euler’s method the Tustinapproximation has the advantage that it maps the left half-s-plane to the unit disc inthe z-plane. Thus, stable continuous-time systems are transformed into stable sam-pled systems, and unstable continuous-time systems are transformed into unstablediscrete-time systems.


Re(s)

Im(s)

Re(z)

Im(z)

s 2hz−1z+1

Figure 2.11: Tustin Transformation: Mapping from the s-Domain to the z-Domain

By applying the Tustin Transformation on the system (2.3), one can obtain thefollowing discrete time system:

xxxd[k+1] = AAAdxxxd[k] +BBBduuud[k]

yyyd[k] = CCCdxxxd[k] +DDDduuud[k]

where

AAAd = (III +Ts

2AAA)(III − Ts

2AAA)−1

BBBd =Ts

2((III +

Ts

2AAA)(III − Ts

2AAA)−1 + III)BBB

CCCd = CCC(III − Ts

2AAA)−1

DDDd =Ts

2CCC(III − Ts

2AAA)−1BBB

where Ts is the sampling time. This transformation is only applicable if (III − Ts

2AAA)

is invertible.

31

Chapter 3

Model Uncertainty Analysis

Section 2.3.2 described a technique to detect and isolate attacks on MAS. A residualfunction was introduced which is an indicator for cyber attacks on the MAS. Thedetection is a decision about the magnitude of the residuals compared to thresholds.Since the values of these limits are important for the attack detection, the questionarises how to choose these thresholds in presence of disturbances. In practice, it isalmost never possible to model a physical behavior without having a certain degreeof uncertainty. A accurate model may reduce errors, but still will not be able tomatch the systems behavior completely. Thus, the state estimation of the UIO willalways make a larger error depending on the uncertainty. This would cause constantfalse alarms and attacks on the MAS would not be detectable at all. Therefore, thereneeds to be an analysis of how uncertainty affects the residuals to design a robustresidual evaluator to avoid false alarms due to model errors. This section is goingto analyze a MAS model with norm bounded parameter uncertainty. The notationsand approaches used in this section are motivated by [Din08, BGFB94]. The aim isto give explicit conditions of how to chose the thresholds.

The following lemma can be found in Chapter 8 Section 1 Subsection 1 in [Din08]and is going to be used in this analysis.

Lemma 3.0.1 Let LLL, EEE and FFF (t) be real matrices of appropriate dimensions withFFF (t) being a matrix function and FFF T

(t)FFF (t) ≤ III. Then for any ǫ > 0

LLLFFF (t)EEE +EEETFFF T(t)LLL

T ≤ 1

ǫLLLLLLT + ǫEEETEEE

Moreover, it is pointed out that the peak norm of a certain function can be definedby

||fff (t)||peak = supt

√

fffT(t)fff (t)

32 CHAPTER 3. MODEL UNCERTAINTY ANALYSIS

3.1 Residual Generator with Model Uncertainty

The MAS dynamics given in (2.35) composed of N agents with respect to uncertaintyis modeled as followed:

xxx(t) = (AAA+∆AAA)xxx(t) +BBBuuu(t) +QQQddd(t)

yyy(t) = CCCxxx(t)

(3.1)

where ∆AAA ∈ R2N×2N is the uncertainty which is defined by

∆AAA = GGG∆(t)MMM (3.2)

where the matrices GGG and MMM are known and of appropriate dimensions. The matrix∆(t) is unknown but bounded by

∆T(t)∆(t) ≤ III (3.3)

The state estimation error dynamics using the output of UIOki become

eeeki(t) = FFF ki eee

ki(t) − TTT k

iQQQ−idddki(t) + TTT k

i∆AAAxxx(t)

rrrki(t) = CCCeeeki(t)(3.4)

Since the residual generator are schematically equal for all UIOs banks and for theease of notation, the subscripts i and k are dropped from the variable names. Forfurther steps, equation (3.1) and (3.4) is written in a compact form

xxxr(t) = (AAAr +∆AAAr)xxxr(t) +BBBruuur(t)

rrr(t) = CCCrxxxr(t)

(3.5)

where

xxxr(t) =

[

xxx(t)

eee(t)

]

,AAAr =

[

AAA 000000 FFF

]

,∆AAAr =

[

∆AAA 000TTT∆AAA 000

]

,

uuur(t) =

[

uuu(t)

ddd(t)

]

,BBBr =

[

BBB QQQ

000 TTTQQQ−i

]

,CCCr =[

000 CCC]

The parameter uncertainty with respect to (3.2) can also be written in the followingform

∆AAAr = GGG∆(t)MMM (3.6)

GGG =

[

GGG

TTTGGG

]

MMM =[

MMM 000]

3.2. THRESHOLD DEFINITION AND COMPUTATION 33

The residual generator with respect to model uncertainty becomes then

r(t) = ||rrr(t)||where r(t) is a residual and the output of each UIO.

3.2 Threshold Definition and Computation

The residual generator introduced in Subsection 3.1 computes the euclidean normof the state estimation error rrr(t) as a function of the known and unknown inputs aswell as model uncertainty. Thus, non-zero residuals can also occur in the case ofno attack. It is essential for the residual evaluation to be robust against non-zeroresiduals caused by uncertainty to avoid false alarms. Therefore, the effects of allknown inputs on the residuals are a priori analyzed to compute an upper limit. Thissection also drops the subscripts i and k as mentioned before. Nevertheless, ˜Ni stillrefers to set of vertices of all neighbors and the node itself that is discussed here.

Definition 3.2.1 Suppose that uuu(t) and ddd(t) are bounded in the sense

||uuu(t)||peak ≤ δu,∞ (3.7)

and

||ddd(t)|| = 0 (3.8)

then the threshold is defined by

Θth,peak = sup∆

T

(t)∆(t)≤III

||rrr(t)||

Expressed in words, the threshold is defined as the maximum of the outputs of theresidual generator with subject to the attack-free case, bounded known inputs andnorm bounded uncertainty. This problem can be seen as finding a system gain γ > 0which multiplied with the bound on the known inputs δu,∞ gives an upper limit forthe residual in cause of no attack. However, the value of γ is very important forthe residual evaluator to show a sensitive behavior regarding cyber attacks. Thus,it should be as small as possible. Therefore, the way of finding a small gain γ canbe formulated using the following optimization problem:

Θth,peak = minγ

γδu,∞ (3.9)

with γ subject to ∀uuu(t), ∀ddd(t) and ∆(t) satisfying (3.7), (3.8) and (3.3), respectivelyso that

supt≥0||rrr(t)|| ≤ γ sup

t≥0||uuu(t)||


Then the threshold in 3.9 is

Θth,peak = γδu,∞

This threshold computation can be adopted to the whole observer bank. The residualevaluation process changes with respect to the new thresholds:

ResEv(rrri(t),ΘΘΘth,peak) = 0 no attack

ResEv(rrri(t),ΘΘΘth,peak) = j attack detected

where ΘΘΘth,peak ∈ R|Ni| is a threshold vector and rrri(t) ∈ R

|Ni| is the residual vectorwhich includes all residuals for each neighbor as well as for the agent itself.The optimization problem (3.9) can be solved using an LMI approach. The followingtheorem is obtained which is motivated by the proof in [Din08] made in Section 9for a general uncertainty analysis as well as by the mathematical tools in [BGFB94]:

Theorem 3.2.1 Consider the system (3.5) and suppose xxxr(0) = 0,∆T(t)∆(t) ≤ III,

||uuu(t)||peak ≤ 1, ||ddd(t)|| = 0, then

||rrr(t)||peak < γ

if there exist ǫ > 0, α > 0, δ > 0, PPP ≻ 0 so that

AAATrPPP +PPPAAAr + αPPP + ǫMMM

TMMM PPPBBBr PPPGGG

BBBTrPPP −αIII 000

GGGTPPP 000 −ǫIII

≺ 0 (3.10)

[

PPP CCCTr

CCCr δIII

]

� 0 (3.11)

and γ =√δ.

Proof. Let the reachable states R of system (3.5) be given by

R ,

{

xxxr(t∞)xxxr(t),uuu(t), ddd(t) satisfying (3.5),

(3.7) and (3.8), t∞ ≥ 0

}

where R will be bounded by an ellipsoid of the form

X ={

xxxr(t) xxxTr(t)PPPxxxr(t) ≤ 1

}

where PPP ≻ 0.Suppose that there exists a Lyapunov function V(xxxr(t)) = xxxT

r(t)PPPxxxr(t) such that

PPP ≻ 0 (3.12)

V(xxxr(t)) < 0 (3.13)

3.2. THRESHOLD DEFINITION AND COMPUTATION 35

for all xxxr(t),uuu(t), ddd(t) satisfying (3.5), ||uuu(t)||peak ≤ 1, ddd(t) = 0 and xxxTr(t)PPPxxxr(t) ≥ 1. The

time derivation of V(xxxr(t)) is

V(xxxr(t)) = xxxTr(t)PPPxxxr(t) + xxxT

r(t)PPPxxxr(t) < 0

By using the time derivation of xxxr(t) given in (3.5), one obtains

xxxTr(t)(AAAr +∆AAAr)

TPPPxxxr(t) + xxxTr(t)PPP (AAAr +∆AAAr)xxxr(t)+

xxxTr(t)PPPBBBruuur(t) + uuuT

r(t)BBBTrPPPxxxr(t) < 0

After rearranging, this can also be expressed by

[

xxxr(t)

uuur(t)

]T [

(AAAr +∆AAAr)TPPP +PPP (AAAr +∆AAAr) PPPBBBr

BBBTrPPP 000

] [

xxxr(t)

uuur(t)

]

< 0 (3.14)

satisfying uuuTr(t)uuur(t) − xxxT

r(t)PPPxxxr(t) ≤ 0. This constraint can also be written

[

xxxr(t)

uuur(t)

]T [

−PPP 000000 III

] [

xxxr(t)

uuur(t)

]

≤ 0 (3.15)

In other words, the quadratic function on the left side of the inequality in (3.14) hasto be negative whenever the quadratic function on the left side of the inequality in(3.15) is negative. Since (3.14) is strict, the S-procedure for quadratic forms andstrict inequalities can be applied and one obtains

[

(AAAr +∆AAAr)TPPP +PPP (AAAr +∆AAAr) + αPPP PPPBBBr

BBBTrPPP −αIII

]

≺ 0

In the next steps, the matrix above is split into a certain and an uncertain part.

[

AAATrPPP +PPPAAAr + αPPP PPPBBBr

BBBTrPPP −αIII

]

+

[

∆AAATrPPP +PPP∆AAAr 000

000 000

]

≺ 0

Then the definition for the uncertainty (3.2) is used and one achieves the followinginequality:

[


BBBTrPPP −αIII

]

+

[

PPPGGG

000

]

∆(t)

[

MMM 000]

+

([

PPPGGG

000

]

∆(t)

[

MMM 000]

)T

≺ 0

Then by applying lemma 3.0.1, the following equation is obtained

[


BBBTrPPP −αIII

]

+1

ǫ

[

PPPGGG

000

] [

PPPGGG

000

]T

+

ǫ[

MMM 000]T [

MMM 000]

≺ 0


Finally, by applying the Schur complement the first LMI (3.10) is obtained.

AAATrPPP +PPPAAAr + αPPP + ǫMMM

TMMM PPPBBBr PPPGGG

BBBTrPPP −αIII 000

GGGTPPP 000 −ǫIII

≺ 0

To summarize, if one can find a ǫ > 0, α > 0, δ > 0 and PPP ≻ 0 that fulfill the LMIabove, one showed asymptotic stability for the system in (3.5). The second LMI(3.11) brings the bound on output peaks into account. Suppose xxxr(0) is known andthe invariant ellipsoid X contains xxxr(0). The upper bound is defined by

rrrT(t)rrr(t) ≤ maxxxxr(t)∈X

rrrT(t)rrr(t) = maxxxxr(t)∈X

xxxTr(t)CCC

TrCCCrxxxr(t) = δ

This constrained optimization problem can be solved by introducing the Lagrangian

L(xxxr(t),λ) = xxxTr(t)CCC

TrCCCrxxxr(t) − λxxxT

r(t)PPPxxxr(t) + λ

Then a necessary condition for an extremum is

∂L(xxxr(t),λ)

∂xxxr(t)

= 2(CCCTrCCCr − λPPP )xxx∗r(t) = 0 (3.16)

Thus, if the vector xxx∗r(t) with the constraint xxx∗Tr(t)PPPxxx∗r(t) ≤ 1 is an extremum of

xxxTr(t)CCC

TrCCCrxxxr(t) it must satisfy equation (3.16).

The way of finding the maximum of xxxTr(t)CCC

TrCCCrxxxr(t) with subject to xxxT

r(t)PPPxxxr(t) ≤ 1can also be achieved by minimizing λ and maximizing xxxr(t) of the Lagrangian:

minλ

maxxxxr(t)

xxxTr(t)(CCC

TrCCCr − λPPP )xxxr(t) + λ = δ (3.17)

The condition for the maximum with respect to xxxr(t) is given in (3.16). Thus,by setting xxxr(t) = xxx∗r(t) and taking into account that minimizing λ also affects theextremum xxx∗r(t), one obtains

minλ

λ = δ

with subject to xxx∗Tr(t)(CCCTrCCCr − λPPP )xxx∗r(t) ≥ 0. By applying the Schur complement on

the constraint, the problem becomes

minδ

δ

with subject to

[

PPP CCCTr

CCCr δIII

]

� 0

3.3. THRESHOLD GENERATOR 37

uuu(t)

xxxj(t)

ControllerAgentSystem

ResidualGenerator

ResidualEvaluator

ThresholdGenerator

AlarmTrigger

UIOj1

UIOjn

...

ObserverBank

wwwi(t) xxxi(t)

xxxij1(t)

xxxijn(t)

rrri(t)

ΘΘΘi,th,peak(t)

Figure 3.1: FDI Diagnosis System with a Threshold Generator

Finally, a value for γ can be computed by setting

γ =√δ

3.3 Threshold Generator

The threshold derived in the subsection before is constant and a function of a boundon the input vector uuu(t). Since the instantaneous value of uuu(t) is available during run-time, one can substitute the bound on uuu(t) by an on-line computation which makesthe fault detection more sensitive. Thus,

δu,∞ = ||uuu(t)||2 =√

uuuT(t)uuu(t)

The residual evaluator which is robust against model uncertainty and is proposedin this thesis becomes

Θth,peak(t) = γ||uuu(t)||2Figure 2.5 can be adopted according to the new thresholds by introducing a thresholdgenerator.


The placement and relation with respect to the existing components of the FDIdiagnosis system can be seen in Figure 3.1. The threshold generator computes thelimits ΘΘΘi,th,peak(t) ∈ R

|Ni| for the residual evaluator at each time t.

Extended Threshold GeneratorExtended Threshold GeneratorExtended Threshold GeneratorThe threshold generator proposed in the section needs to be extended. The thresh-olds for agent i and time t are ΘΘΘi,th,peak(t). They are indeed an upper bound for theresiduals rrri(t) in cause of model uncertainty and only if ||uuu(t1)|| ≤ ||uuu(t2)|| ∀t1 ≤ t2and [rrri(0)]j ≤ [ΘΘΘth,peak(0)]j ∀j holds true. The scalar j refers here to an index and is

between 1 and | ˜Ni|. However, if the absolute value of the input vector of the MASdecreases over the time t, it can not be guaranteed that the residuals are smallerthan the thresholds in cause that there is no attack. The threshold generator needsto be extended by a low pass filter with a certain time constant τ . By using astate-space representation, the threshold generator dynamics become

θθθi(t) = AAAθθθθi(t) +BBBθ||uuu(t)||ΘΘΘi,th,peak(t) = III |Ni|

θθθi(t)(3.18)

with

AAAθ =

− 1τ1

. . .

− 1τ|Ni|

,BBBθ =

γ1τ1...

γ|Ni|

τ|Ni|

where θθθi(t) ∈ R|Ni| are the states of the threshold generator dynamics. Note that AAAθ

is a diagonal matrix. The time constant τk needs to be chosen so that it matchesthe rise time of the norm of the respected state estimation error dynamics.

3.4 Simulation

This subsection is going to give a simulation for the theoretical results of this section.The first example is just presenting the performance of the threshold generatorwithout any attacks exemplary on the observer bank of agent 1. Afterwards, asimulation is going to be considered where an agent is attacked.

Example 1Example 1Example 1Let the equation in 3.1 which consider the triangle topology be given here with

xxx(t) = (AAA+∆AAA)xxx(t) +BBBu(t) +QQQddd(t)

yyy(t) = CCCxxx(t)

where the matrix ∆AAA is the uncertainty. It is recalled, that the real unknown statematrix of the underlaying process is AAA. The UIOs are designed using the systemmodel above. The uncertainty is chosen

3.4. SIMULATION 39

∆∆∆ = 0.1III2N

The explicit matrices for all UIOs can be found in the appendix A.1. The inputu(t) is

u(t) =

{

1, for 0s ≤ t < 100s

0, for 100s ≤ t ≤ 200s

0 20 40 60 80 100 120 140 160 180 2000

0.5

1

t in s

x1(t) in mx2(t) in mx3(t) in m

Figure 3.2: Example 1: Altitudes of Agent 1,2 and 3

The real course of the altitudes of each agent is shown in Figure 3.2. Note that[xxx(t)]2 and [xxx(t)]3 are congruent. According to theorem 3.2.1, the values for γi are

Table 3.1: Values for γi for Each AgentAgent γi

1 3.16 · 10−12 3.16 · 10−13 3.16 · 10−1

and τi = 8s ∀i ∈ {1, 2, 3}. The next three plots are showing the respect residualand the output of th respect threshold generator of the observer bank at agent 1.


0 20 40 60 80 100 120 140 160 180 2000

0.2

0.4

0.6

t in s

r11(t) in mΘ11,th,peak(t) in m

Figure 3.3: Residual of UIO11 and Θ11,th,peak(t)

0 20 40 60 80 100 120 140 160 180 2000

0.2

0.4

0.6

t in s



The low pass filter avoids a false alarm at time t = 100s. The thresholds would beequal zero but the residuals just approaching zero.

3.4. SIMULATION 41

0 20 40 60 80 100 120 140 160 180 2000

0.2

0.4

0.6

t in s



As it can be seen from Figures 3.3 to 3.5, the LMI approach proposed in this sectionis conservative in the context that it leaves a certain degree of freedom to the attackeruntil the detection. This is going to be shown in the next example.

Example 2Example 2Example 2This example is going to show the performance of the proposed threshold generatorin case of an attack on agent 2. Again the equation in 3.1 which consider the triangletopology is assumed to be given here. All simulation parameters are the same asin the example before. All explicit definitions for the matrices can be found in theappendix A.2. Moreover, this example considers an attack on the altitude of theagent 2. Thus, the observer banks of agent 1 and 2 are discussed. An attack onagent 2 means that the invader influences all measurements which are sent to agent2. It is assumed that the attacker injects a constant value in these signals so thatagent 2 sees another altitude and vertical velocity of the other nodes. Since thisaffects the control of agent 2, he will change his states respectively. Moreover, thisfault will propagate from agent 2 to the other. Thus, the observer banks of agent 2and 3 will recognize that the behavior of agent 2 is not compatible to the input ofthe MAS. The results of the simulation are going to be discussed for each intervalseparately.

Altitudes: 0 s ≤ t < 100 sAltitudes: 0 s ≤ t < 100 sAltitudes: 0 s ≤ t < 100 sThe initial states of all agents are zero at t = 0s and the input is u(t) = 1m for thewhole interval. Agent 1 approaches 1m while they others follow.


0 20 40 60 80 100 120 140 160 180 2000

1

2

3

t in s

x1(t) in mx2(t) in mx3(t) in m

Figure 3.6: Example 2: Altitudes of Agent 1,2 and 3

Altitudes: 100 s ≤ tAltitudes: 100 s ≤ tAltitudes: 100 s ≤ t

All agents settle down when the attack on agent 2 starts at t = 100s. The invaderinjects a constant bias of

QQQddd(t) =[

0 0.3m 0 0 0.3m 0]T

(3.19)

Thus, all agents settle down at new states which are

xxx(t∞) = −AAA−1(BBB1m+[

0 0.3m 0 0 0.3m 0]T)

0 20 40 60 80 100 120 140 160 180 2000

0.2

0.4

0.6

t in s



Similarly, the residuals are also discussed in two intervals.

Residuals: 0 s ≤ t < 100 sResiduals: 0 s ≤ t < 100 sResiduals: 0 s ≤ t < 100 sAs it can be seen from Figures 3.7 - 3.12, the residuals are greater than zero althoughthere is not attack. This is due to the relationship between the state estimation errorand the actual states of the MAS. This is shown in equation (3.4). Due to u(t) = 1m,the threshold generators settle down at a 0.316m. No attack has been detected.

3.4. SIMULATION 43

0 20 40 60 80 100 120 140 160 180 2000

0.2

0.4

0.6

t in s



Residuals: 100 s ≤ tResiduals: 100 s ≤ tResiduals: 100 s ≤ t

The attacker starts to inject a value according to equation (3.19). The state esti-mation error starts to increase because the states of the agents do not match withthe estimation of the UIOs. However, due to the uncertainty, the state estimationerror is not the only player which influences the residuals. The increasing states ofall agents also affect the residuals. However, the threshold generator shows a robustand even a conservative behavior with respect to model uncertainty. Moreover, itsinfluence on the residuals is smaller. Therefore, due to the attack, the residuals ofagent 1 which are sensitive to itself and agent 3 become greater than the respectthresholds approximately 1.5s after the injection started. Hence, agent 1 detects theattack. The same happens hat agent 3 and thus he detects the attack about 1.5safter it has started, too.

0 20 40 60 80 100 120 140 160 180 2000

0.2

0.4

0.6

t in s



0 20 40 60 80 100 120 140 160 180 2000

0.2

0.4

0.6

t in s




0 20 40 60 80 100 120 140 160 180 2000

0.2

0.4

0.6

t in s



0 20 40 60 80 100 120 140 160 180 2000

0.2

0.4

0.6

t in s



45

Chapter 4

Attack Scenarios

This chapter is going to discuss the properties of an possible intruder and differentattack scenarios will be presented. Each property will be considered for each sce-nario. Moreover, it will be discussed how model uncertainty affects the detection ofan attack.

4.1 Knowledge and Resources

One of the main concerns when discussing about cyber security in MAS is to considerthe knowledge of the attacker and the resources which he can use for his purposes. Ithas a great impact on the possibilities of how he could take advantage of the nodesin the network. Moreover, it is important for the detectability of the attack. Thisdiscussion is motivated by [TPSJ12] which considers cyber attacks in networkedcontrol systems. This subsection is going to reveal sensitive knowledge of the MASand introduces important resources to access and affect the system dynamics. Fur-thermore, different terms are going to be defined which will be used later in thisthesis. It is pointed out that the definitions allow a classification regarding theirdegree.

Subsystem KnowledgeSubsystem KnowledgeSubsystem KnowledgeA MAS can consist of agents with different dynamics. The term subsystem knowl-edge refers hereby to the system equation of a certain agent. The knowledge caneither cover special nodes or the whole topology. However, it is considered that heknows either nothing or everything about an agent’s dynamic. Generally, the agentsystem of node i is going to be expressed by

Pi :

{

xxxi(t) = AAAixxxi(t) +BBBiuuui(t)

yyyi(t) = CCC ixxxi(t) +DDDiuuui(t)

(4.1)

where xxxi(t) ∈ Rn is the state vector of the node system i ∈ V , uuui(t) ∈ R

m is theinput vector and yyyi(t) ∈ R

v are the measurements. The matrices AAAi, BBBi, CCC i and DDDi

46 CHAPTER 4. ATTACK SCENARIOS

are the state matrix, input matrix, output matrix and the feed through matrix withappropriate size, respectively. Let Aj ⊆ V denote the nodes which are attackableby the intruder j, then the subsystem knowledge can be described by

Sj := {Pi : i ∈ Aj} (4.2)

The cardinal number of the set Aj is also an indicator for the degree of the subsystemknowledge which is equal to the nodes attackable by an intruder.

Topology KnowledgeTopology KnowledgeTopology KnowledgeIf an attacker has complete topology knowledge, then he knows every element of E .Moreover, he can identify nodes by their IDs. The knowledge can vary between onenode, certain parts of the topology up to the whole network. Let Aj ⊆ V refer againto the nodes which are attackable by the intruder j, then the topology knowledgeof an attacker j is given by

Tj := {{i, l} : i ∈ Aj ∧ l ∈ V } (4.3)

where Aj ∈ V is the degree of the topology knowledge.

Disclosure ResourcesDisclosure ResourcesDisclosure ResourcesThe disclosure resources serve the attacker to access the MAS passively like aneavesdropper. By using this resources, he can spy the communication channelsto acquire data sequences which are exchanged among the agents. The degree ofdisclosure resources refers here to the ability of how many channels the attacker caneavesdrop. Similarly to the topology knowledge, it can either be one node, certainparts of the topology up to the whole network. The disclosure resources can beexpressed in a discrete-time domain by

DDDc[k] :=DDDc[k−1] ∪ YYY yyyy(kTs) (4.4)

whereDDDc[k] ∈ R2N is a data sequence. The scalars N and Ts are the number of agents

in the MAS and the sampling time at which information is recorded, respectively.The vector yyy(kTs) is the measurement vector of the MAS at time kTs. The elementsof the diagonal binary matrix YYY y ∈ R

2N×2N describe the degree of the disclosureresources. In other words: which measurements of the MAS are accessible for theintruder?

Disruption ResourcesDisruption ResourcesDisruption ResourcesTo be able to actively influence the MAS the attacker needs disruption resources.It is the ability to affect the behavior of the agents in the network and is importantto take advantage of certain nodes or the whole topology. Similarly to the topologyknowledge and disclosure resources, the degree refers to the number of agents which

4.2. BIAS INJECTION ATTACK 47

can be attacked. The disruption resources can be described using the MAS dynamicswhich are given in (2.35).

xxx(t) = AAAxxx(t) +BBBu(t) +QQQddd(t)

yyy(t) = CCCxxx(t)

(4.5)

where QQQ ∈ R2N×2N refers here to a diagonal binary matrix. The elements of QQQ

express whether the attacker can inject data in certain state equation of the MASor not. The vector ddd(t) ∈ R

2N is the false data which is injected by the attacker.Note that the model in (4.5) does not consider any attacks on the outputs. Thisis because of the feedback controller in the consensus law at each agent. The falsedata propagates from the measurements to the states of the MAS.

4.2 Bias Injection Attack

The bias injection attack is the simplest form of affecting a MAS which is discussedin this thesis. The attacker injects a bias in any measurements that are exchangedin the network. A certain aim could be to disturb the network in order to let itcrash.

32

1

(Bias Attacker)

Figure 4.1: Bias Injection Attack on Agent 2

Attack PolicyAttack PolicyAttack PolicyFigure 4.1 illustrates schematically the bias injection attack on agent 2. The intruderadds an bias to the measurements of an agent starting at a designated time t. Thisis similar to an abrupt occurring fault in the measurements of an agent.

dddj(t) = bbb ∀j ∈ ABias

where dddj(t) ∈ Rm refers to the attacked states in (2.35), bbb ∈ R

m and the set ABias

denotes to the agents which are attacked. For the bias injection attacks in this thesiswe consider ABias = {2}.


Subsystem KnowledgeSubsystem KnowledgeSubsystem KnowledgeThe bias attack does not need to know anything about the subsystem knowledge atall to disturb the MAS. Thus,

SBias = {}

However, if he wants to influence the attacked agent in a specific way, then he mustknow how the measurements affect the subsystems behavior.

Topology KnowledgeTopology KnowledgeTopology KnowledgeBefore making any statements about an attacker regarding to his topology knowledgeit is meaningful to make assumptions about the transmission protocol. The dataexchange among the agents is done by broadcasting. Thus, every node is able toreceive the signals of the members in the network. However, for identifying thestates of the respective agent the packages have an ID. Hence, the attacker must atleast know the ID of the neighbors of the attacked agent i. Thus,

TBias = {j : j ∈ Ni}

Disclosure ResourcesDisclosure ResourcesDisclosure ResourcesSince the bias attacker considers an open-loop attack policy, disclosure resources arenot needed. Thus,

YYY y,Bias = 000

Disruption ResourcesDisruption ResourcesDisruption ResourcesTo be able to inject false data in the measurements which are transmitted to theattacked agent disruption resources are needed. Thus,

QQQBias = JJJ i

where JJJ i ∈ R2N denotes an unity matrix where all elements are set to zero with the

exception of the ith and (N + i)th rows and columns.

Table 4.1 summarizes the specifications of a bias injection attacker where 0 meanseither no knowledge or no access to resources and + means having knowledge oraccess to resources. The degree is expressed by the amount of + whereby three +is the maximum.

Table 4.1: Knowledge and Resources for the Bias Injection AttackSubsystemKnowledge

TopologyKnowledge

DisclosureResources

DisruptionResources

0 + 0 ++

4.3. REPLAY ATTACK 49

4.3 Replay Attack

This section is going to discuss the replay attack which can be separated into twophases. The first one is the eavesdrop phase where the intruder spies the certaincommunication channels to acquire data sequences. This information is going to beused in the second phase to hide the attack. The intruder suppresses the signal sentfrom agent 2 and transmits the recorded data from phase I). At the same time, hestarts to inject false data in the measurements which are sent to the attacked agent.

32

1

(Replay Attacker)

Figure 4.2: Replay Attack on Agent 2 Phase I)

Figure 4.2 and 4.3 illustrate the two respect phases of the replay attack. The dashedred line in the Figure of phase II) describes the bias injection while the dashed blueshows the replayed data.

32

1

(Replay Attacker)

Figure 4.3: Replay Attack on Agent 2 Phase II)

Attack PolicyAttack PolicyAttack PolicyIn phase I) the intruder spies the signals which are sent from the attacked node tothe others.


Phase I)

||ddd(t)|| = 0

DDDc[k] =DDDc[k−1] ∪ YYY y,Replayyyy(kTs)

DDDc[ko] = ∅

with k0 ≤ k ≤ k1

where YYY y,Replay denotes an unity matrix where all elements are set to zero with theexception of the ith and (N + i)th rows and columns. The first phase of the replayattack starts at k0 and ends at k1. Moreover, there is no recorded data before andat k0. In phase II) the attacker replaces the actual measurements of agent 2 withhis recorded data sequences while he injects a bias in the measurements which aresent to agent 2 at the same time. Due to the consensus law, the false data appearsin the states of the attacked agent.

Phase II)

ddd(kTs) = aaa(bbb,DDDc(kTs))

DDDc[k] =DDDc[k−1]

with k1 < k

The vector ddd(kTs) becomes a function of the injected bias bbb ∈ Rm in m measurements

of agent 2 as well as a function of the recorded sequence which is replayed.

Subsystem KnowledgeSubsystem KnowledgeSubsystem KnowledgeSimilarly to the bias injection attack, the intruder does not need to know anythingabout the subsystem knowledge. He can simply record whatever comes from agent2 and replays it in phase II). Thus,

SBias = {}

Topology KnowledgeTopology KnowledgeTopology KnowledgeAgain the ID of the packages is important for the attacker. However, this time theintruder must know all IDs of the neighbors of the attacked agent i as well as theID of the compromised node itself. Only this guarantees that the replayed data areaccepted by agents in phase II). Thus,

TReplay = ˜Ni

Disclosure ResourcesDisclosure ResourcesDisclosure ResourcesThis time, the invader needs disclosure resources in order to be able to spy theinformation exchanged with the attacked agent i. Hence,

YYY y,Replay = JJJ i

where JJJ i denotes an unity matrix where all elements are set to zero with the excep-tion of the ith and (N + i)th rows and columns.

4.4. ATTACK DETECTION 51

Disclosure ResourcesDisclosure ResourcesDisclosure ResourcesIn phase II), the attacker needs to replay the recorded measurements while injectingfalse data at node i. Thus,

QQQReplay =∑

j∈Ni

JJJ j

where JJJ j denotes an unity matrix where all elements are set to zero with the ex-ception of the jth and (N + j)th rows and columns. By setting QQQReplay in this way,the attacker is able to inject false data in the states of the attacked agent i whilesending the recorded data from phase I) to the neighbors of i. It is pointed out thatthe signals sent by agent 2 are suppressed completely.

SubsystemKnowledge

TopologyKnowledge

DisclosureResources

DisruptionResources

0 +++ + ++

Table 4.2: Knowledge and Resources for the Replay Attack

Table 4.3 summarizes the specifications of a replay attacker. Note that the attackerneeds more disruption resources than disclosure resources. In phase I), he eavesdropsall out-going channels from agent 2. In phase II), he injects a bias into the in-goingchannels of agent 2 as well as replaying the data to all its neighbors. Thus, morecommunication channels are compromised and more disruption resources are needed.

4.4 Attack Detection

This section discusses the attack detection for both scenarios. It will consider theMAS equation (2.35) and (3.1) without and with uncertainty, respectively.

Without UncertaintyWithout UncertaintyWithout UncertaintyA detailed analysis about the maximal undetected injected bias is out of the scopeof this thesis. However, due to its importance, it is meaningful to give a shortdiscussion. This kind of attack stays stealthy until the increasing residuals due tothe bias injection reach a certain value. Generally, the condition for the detectionof an attack on agent i’s neighbor j is

||rrrij(t)|| < Θi

||rrrik(t)|| ≥ Θi, ∀j 6= k ∈ ˜Ni

The right hand side of the inequality gives the upper boarder in case of stealthinessfor the residuals. The left hand side can be resolved using equation (2.35) and the


assumption that an attack is only detectable when the state estimation errors reachsteady state

||CCC i(FFFji )−1TTT

jiQQQ−jddd(t)|| < Θi

||CCC i(FFFki )−1TTT k

iQQQ−jddd(t)|| ≥ Θi, ∀j 6= k ∈ Ñi

A possible approach in order to compute a maximum for ddd(t) is the LMI techniquewhich was used in Section 3. Nevertheless, it is pointed out that the residuals arejust a function of the attack vector ddd(t).

With UncertaintyWith UncertaintyWith UncertaintyAn attack stays stealthy until the increasing residuals due to the bias injection reacha certain value. In case of model uncertainty, this value as well as the residuals are afunction of the inputs as well. Generally, the condition for an attack in the presenceof model uncertainty using the proposed residual evaluator for the observer bank atagent i is

||rrrij(t)|| < [ΘΘΘi,th,peak(t)]j

||rrrik(t)|| ≥ [ΘΘΘi,th,peak(t)]k, ∀j 6= k ∈ Ñi

Again, the left hand side can be resolved using equation (3.4), (3.18) and the as-sumption that an attack is only detectable when the state estimation errors and thethreshold generators reach steady state

||CCC i(FFFji )−1TTT

jiQQQ−jddd(t) −CCC i(FFF

ji )−1TTT

ji∆AAAxxx(t)|| < [AAA−1θ BBBθ||uuu(t)||]j

||CCC i(FFFki )−1TTT k

iQQQ−jddd(t) −CCC i(FFFki )−1TTT k

i∆AAAxxx(t)|| ≥ [AAA−1θ BBBθ||uuu(t)||]k, ∀j 6= k ∈ Ñi

(4.6)

As it can be seen from equation (4.6), the left hand side of the inequality constraintsfor the attack detection became a function of the states xxx(t) of the MAS. Thus, itis also a function of the inputs uuu(t). This results in the fact that the maximalundetected bias becomes a function of the inputs uuu(t) as well.

53

Chapter 5

Experiments

The theoretical results presented in the last chapters are going to be applied inthis section. The thesis was supposed to show experimental results using a MAScomposed of quadrotors. Unfortunately, there were difficulties with the motioncapture system to measure the positions. A proper control of the quadrotors wasnot possible within the time of the thesis. However, to provide experimental resultsthis chapter is going to analyze a MAS composed of three equal first-order watertank systems which are coupled by the consensus controller. Each of the threeagents is part of the consensus rule while the first one is also controlled by a simpleP controller. The cylindric tanks are from Quanser Inc. and provided by KTH.The water level can be controlled by a pump with the input u ∈ {0, 15}V . Theoutflow is created by a hole in the bottom of the tanks. The states of the MASare the water levels x1(t), x2(t) and x3(t) in cm in each of the respect tanks which arebetween 0 cm and 20 cm. A pressure sensor at the bottom of each tank determinesthe water level. The behavior of a water tank system can generally be modeled bythe following non-linear equation

xi(t) = −Aoutlet

Atank

√

2gxi(t) +βiκi

Atank

ui,in(t) (5.1)

where xi(t) is the water level in cm in the tank, Aoutlet is the cross-section of theoutlet in cm2, Atank is the cross-section of the tank in cm2, g = 9.81 · 102 cm

s2is the

acceleration due to gravity, βi is the flow ration in cm3

sand κi is the pump constant

in 1V. The non-linear equation for the water tanks are linearized at the following

operation points

Table 5.1: Operation PointsAgent Water Level xi,op Input ui,in,op

1 1.29 · 101 cm 6.9 V2 1.28 · 101 cm 7.0 V3 1.29 · 101 cm 6.6 V

54 CHAPTER 5. EXPERIMENTS

For obtaining the linearized dynamics of each tank, the step response for δui,in,0 =0.5V is analyzed.

δx1(t) = −5.00 · 10−2δx1(t)1

s+ 1.31δu1(t)

cm

V s

δx2(t) = −4.63 · 10−2δx2(t)1

s+ 1.20δu2(t)

cm

V s

δx3(t) = −5.62 · 10−2δx3(t)1

s+ 1.45δu3(t)

cm

V s

where δui,in(t) ∀i ∈ {1, 2, 3} is the respect input in Volt of the tank. The consensuscontrol and the P controller are equal throughout all experiments and γ = 1 V

cmand

k = 1 Vcm

. Just the Laplacian matrix changes. The equation which describes thecontroller for the leader and the follower, respectively are

δul(t) = −γ∑

j∈Nl

(δxj(t) − δxl(t)) + k(δuset(t) − δxl(t)) (Leader) (5.2)

δui(t) = −γ∑

j∈Ni

(δxj(t) − δxi(t)) (Follower) (5.3)

where uset(t) ∈ R is a set point function. The linearized closed-loop MAS dynamics

become

δxxxw(t) = AAAwδxxxw(t) +BBBwδuset(t)

δyyyw(t) = CCCwδxxxw(t)

(5.4)

where

AAAw =

−3.98 1.31 1.311.20 −2.45 1.201.45 1.45 −2.97

1

s, BBBw =

1.3100

cm

V s,

CCCw = III3

The eigenvalues of AAAw are λ1 = −4.08 · 10−1 1s , λ2 = −4.991sand λ3 = −4.001

s. Thus,

the system is stable. However, consensus is not reached. This will be discussedlater in this chapter. The proof of the existence of UIOs in a MAS composed offirst-order subsystems can be found in [TSJ10].

Model UncertaintyModel UncertaintyModel UncertaintyDue to linearization, the model gets inaccurate as more as the states are leavingthe operation point. This error as well as model uncertainty itself are going to be

55

considered as model uncertainty here. However, it is pointed out that this definitionfor uncertainty is a function of the input.

The model uncertainty in the steady state is estimated using experiments. There-fore, the results of the mathematical model given in (5.4) are compared with theexperimentally determined water levels.

0 10 20 30 40 50 60 70 80 90 1006

8

10

12

t in s


Figure 5.1: Response of the coupled Water Tank System to δuset(t) = −4 cm

It is assumed that the input is in the range −4cm ≤ δuset(t) ≤ 0 cm for all attack-free

cases. The water levels in the steady state with respect to the maximal absolutevalue for the input according to (5.4) are:

xxxtheo =

x1,op

x2,op

x3,op

+

δx1(t)

δx2(t)

δx3(t)

=

12.9cm12.8cm12.9cm

−AAA−1w BBBw(−4cm) =

9.30cm9.34cm9.44cm

The experimentally determined water levels can be obtained from Figure 5.1:

xxxexp =

10.5cm10.9cm10.9cm

The percentaged errors of the experimentally determined water levels from the math-ematical model can be obtained by

xxxunc = (diag(xxxtheo))−1|xxxexp − xxxtheo| =

0.1290.1730.160


where diag(·) is a function which takes a vector and transfers it to a diagonal ma-trix with the vector elements on its diagonal. This yields an upper bound for theuncertainty:

∆ =

0.200 0 00 0.200 00 0 0.200

By applying theorem 3.2.1, the following values for γ are obtained:

Sensitive to Agent γi for Triangle Topology γi for Line Topology1 1.73 · 10−1 cm

V1.64 · 10−1 cm

V

2 1.63 · 10−1 cmV

1.49 · 10−1 cmV

3 1.45 · 10−1 cmV

1.57 · 10−1 cmV

Table 5.2: Values for γi for the different Topologies

NoiseNoiseNoiseThe whole system is subjected to noise such as process noise and measurement noise.Thus, it is necessary to consider this in the design of the threshold generator. Byusing the dynamics which are given in equation (3.18), one obtains

θθθi(t) = AAAθθθθi(t) +BBBθ||uuu(t)||ΘΘΘi,th,peak(t) = III |Ni|

θθθi(t) + ηηη

where τi = 1s ∀i ∈ {1, 2, 3} and the values for γi are in Table 5.2. The vector ηηηis of appropriate size and refers here to a constant value which is chosen so thatall threshold functions are greater than the residuals in the operation point in thesteady state. However, it is no overall guarantee that the noise does not causethe residuals to become greater than the thresholds even in the case of no attack.To minimize this problem, the value is chosen so that the probability is very low.The noise in the state estimation error is considered to be zero mean and normaldistributed. The standard deviation of the noise was determined experimentally andσ = 2.20 ·10−2cm. The value for η = 0.15 cm is chosen. Thus, under the assumptionmade above the probability that the noise triggers an false alarm when the MAS isin the operation point and in the steady state is

1− erf

(

0.1

2.20 · 10−2 ·√2

)

= 9.22 · 10−12

where erf(·) refers to the error function.

Controller LimitationsController LimitationsController LimitationsIt is pointed out that the focus of the experiments is to highlight the proposed

5.1. BIAS INJECTION ATTACK ON TRIANGLE TOPOLOGY 57

residual generator. The controller was kept simple and let space for improvements.Therefore, to understand the experimental results completely, it is meaningful toindicate the limitations of the controller. This is realized by exemplary analyzing thecomputer simulated closed-loop system response of (5.4) using the triangle topology.

0 5 10 15 20 25 30 35 40 45 50−0.8−0.6−0.4−0.2

0

t in s


Figure 5.2: Closed-Loop System Response to u(t) = −1V

The behavior of all agents are affected by the consensus equation and agent 1 isalso affected by the P controller. A large proportional factor k minimizes the steadystate error but also causes oscillations. To avoid oscillations, k was chosen small anda steady state error was accepted. The same holds for γ which is the proportionalgain for the consensus law and thus affects all agents. To summarize, a visible steadystate error for all agents was accepted to keep these experiments clear.

The experiments are going to analyze the two attack scenarios described in Section4.2 and 4.3 using an triangle and line topology for each case. Agent 1 is going topretend a water level while the others follow with respect to the topology. Theexperimental results are going to be discussed schematically equally. First, thestates as a function of the time are going to be shown in a Figure and a detaileddescription will be provided. Next, the residuals are going to be discussed with thehelp of Figures. Since each attack scenario considers an attack on agent 2, only theresiduals at agent 1 and 3 will be evaluated. The experiments which use a triangletopology have six residuals to discuss: two observer banks with three residuals each.The experiments which use a line topology have just four residuals to discuss: towobserver banks with two residuals each. All discussions are carried out in three timeintervals.

5.1 Bias Injection Attack on Triangle Topology

The first experiment is going to consider the bias injection attack on the triangletopology of the coupled water tank system. Since the course of the set point functionis schematically the same for all scenarios, it is showed just once in (5.4). It will bepointed at the respective paragraph at which time t the step occurs.


0 10 20 30 40 50 60 70 80 90 100 110 120 130 140 150 1606

8

10

12

t in s

uset(t) in cm

Figure 5.3: Bias Injection Attack on the Triangle Topology: Set Point Function

Water Levels: 0 s ≤ t < 40 sWater Levels: 0 s ≤ t < 40 sWater Levels: 0 s ≤ t < 40 sAs it can be seen in Figure 5.4, all agent systems are in steady state for a constantset point uset

(t) = 13 cm within the whole time interval. The attack has not startedyet.

Water Levels: 40 s ≤ t < 100 sWater Levels: 40 s ≤ t < 100 sWater Levels: 40 s ≤ t < 100 sThe set point function has changed to uset

(t) = 9 cm. Agent 1 descends its water levelfirst while the other agents follow. Since agent 2 and 3 each have a connection toagent 1 as well as to each other, the topology can be said to be symmetrically tothe leader. Thus, agent 2 and 3 follow almost exactly with the same behavior andx2(t) and x3(t) are almost equal.

0 10 20 30 40 50 60 70 80 90 100 110 120 130 140 150 1606

8

10

12

t in s


Figure 5.4: Bias Injection Attack (Triangle Topology): Water Levels of Agent 1, 2and 3

Water Levels: 100 ≤ t < 160Water Levels: 100 ≤ t < 160Water Levels: 100 ≤ t < 160The bias injection attack on agent 2 has started. The water levels which are trans-

5.1. BIAS INJECTION ATTACK ON TRIANGLE TOPOLOGY 59

mitted from agent 1 and 3 to agent 2 get attacked by the injection of a bias of −4cm in each state. Thus, agent 2 sees agent 1 and 3 4 cm below their actual waterlevel of 10.5 cm and 10.9 cm. Therefore, agent 2 lowers its water level from t > 100down to 7 cm while the other agents follow.

Residuals: 0 s ≤ t < 40 sResiduals: 0 s ≤ t < 40 sResiduals: 0 s ≤ t < 40 sFigures 5.5, 5.6 and 5.7 show the outputs of the residual generator at agent 1 whilethe Figures 5.8, 5.9 and 5.10 show the residuals at agent 3. The states of each agentare close to the operation point and thus, the model which is observed by the UIOs

is accurate. Mainly the noise disturbs the residuals. Due to the noise tolerance valuein the threshold generator, an attack is not detected.

0 10 20 30 40 50 60 70 80 90 100 110 120 130 140 150 1600

0.5

1

1.5

t in s

r11(t) in cmΘ11,th,peak(t) in cm

Figure 5.5: UIO11: UIO at Agent 1 insensitive to himself

0 10 20 30 40 50 60 70 80 90 100 110 120 130 140 150 1600

0.5

1

1.5

t in s


Figure 5.6: UIO12: UIO at Agent 2 insensitive to Agent 2

Residuals: 40 s ≤ t < 100 sResiduals: 40 s ≤ t < 100 sResiduals: 40 s ≤ t < 100 sThe agents are not in the operation point anymore. Thus, the linearization error hasincreased and is deducted from the noise in the residuals. The threshold functionsare also affected by the set point change and are still greater than the residuals.


0 10 20 30 40 50 60 70 80 90 100 110 120 130 140 150 1600

0.5

1

1.5

t in s



Residuals: 100 s < t ≤ 160 sResiduals: 100 s < t ≤ 160 sResiduals: 100 s < t ≤ 160 sThe bias injection attack at agent 2 has started. The other agents in the networkdetect the attack straight after it has started. Figures 5.5 - 5.7 show the residuals ofthe observer bank of agent 1 and 5.8 - 5.10 show the outputs of the residual generatorat agent 3. While the residual which is insensitive to agent 2 remains smaller thanthe threshold function, the residual sensitive to agent 3 becomes greater than thethreshold. Thus, agent 1 detects an attack at agent 2. Agent 3 also detects theattack because the residual insensitive to agent 2 stays smaller than the thresholdfunction while the other residuals not. Both agents detect the attack. The residualsinsensitive to agent 2 at both observer banks increase at t = 100 s again. This isdue to the dependence of the residuals to the actual states xxx(t) of the MAS. Sincethey change at t = 100 s a step can be seen in the behavior of the residuals.

0 10 20 30 40 50 60 70 80 90 100 110 120 130 140 150 1600

0.5

1

1.5

t in s



0 10 20 30 40 50 60 70 80 90 100 110 120 130 140 150 1600

0.5

1

1.5

t in s



5.2. REPLAY ATTACK ON TRIANGLE TOPOLOGY 61

0 10 20 30 40 50 60 70 80 90 100 110 120 130 140 150 1600

0.5

1

1.5

t in s



5.2 Replay Attack on Triangle Topology

The second experiment is going to consider the replay attack on the triangle topologyof the coupled water tank system.

Water Levels: 0 s ≤ t < 40 sWater Levels: 0 s ≤ t < 40 sWater Levels: 0 s ≤ t < 40 sPhase I) of the replay attack on agent 2 has started. The invader records the datawhich is sent from agent 2 to agent 1 and 3. All water levels are at 13 cm as it canbe seen in Figure 5.11 and the set point function uset

(t) = 13 cm is constant for thewhole time interval.

0 10 20 30 40 50 60 70 80 90 100 110 120 130 140 150 1600

2

4

6

8

10

12

14

t in s

x1(t)in cmx2(t)in cmx3(t)in cmx2(t)in cm

Figure 5.11: Replay Attack (Triangle Topology): Water Levels of Agent 1, 2 and 3


Water Levels: 40 s ≤ t < 80 sWater Levels: 40 s ≤ t < 80 sWater Levels: 40 s ≤ t < 80 sPhase II) of the replay attack on agent 2 has started. The invader suppresses thesignals sent from agent 2 and transmits his recorded data to agent 1 and 3. At thesame time, he injects a bias of −13 cm in the states which are sent from agent 1 and3 to agent 2. The compromised channels are equal to those ones which were usedby the bias injection attacker. Figure 5.11 shows the course of the water levels ofeach agent. The solid green line x2(t) is the state of agent 2 which is seen by agent1 and 3 while the dashed green line x2(t) refers to the real state of agent 2, meaningthe true water level. The solid and green dashed line begin to differ in their coursefrom t > 40 s, since phase II) of the replay attack has started.

Water Levels: 80 s ≤ t < 160 sWater Levels: 80 s ≤ t < 160 sWater Levels: 80 s ≤ t < 160 sThe set point function is set from 13 cm to 9 cm. Thus, agent 1 decreases his waterlevel as well as agent 3. Since the state information of agent 2 is just replayed froma former recorded sequence, the water level of agent 2 which is seen by agent 1and 3 remains at 13 cm. While agent 1 is driven by the P controller as well as theconsensus law, it approaches an equilibrium between both of them. Agent 3 is justcontrolled by the consensus law and thus approaches an equilibrium between thestates of agent 2, 3 and himself. The attack is detected at approximately 85 s.

0 10 20 30 40 50 60 70 80 90 100 110 120 130 140 150 1600

0.5

1

1.5

t in s

r11 in cmΘ11,th,peak(t) in cm


0 10 20 30 40 50 60 70 80 90 100 110 120 130 140 150 1600

0.5

1

1.5

t in s



Residuals: 0 s ≤ t < 40 sResiduals: 0 s ≤ t < 40 sResiduals: 0 s ≤ t < 40 sSimilarly to the attack scenarios before, Figures 5.12, 5.13 and 5.14 show the outputsof the residual generator at agent 1 while the Figures 5.15, 5.16 and 5.17 show the

5.2. REPLAY ATTACK ON TRIANGLE TOPOLOGY 63

residuals at agent 3. Like in the attack scenario before, each agent is close to theoperation point and thus, the model which is observed by the UIOs is accurate.The state estimation is very close to the real states.

0 10 20 30 40 50 60 70 80 90 100 110 120 130 140 150 1600

0.5

1

1.5

t in s



Residuals: 40 s ≤ t < 80 sResiduals: 40 s ≤ t < 80 sResiduals: 40 s ≤ t < 80 sSince agent 1 and 3 receive the recored data from the time interval before and theset point function has not changed, the attack remains undetected and can be saidto be stealthy.

0 10 20 30 40 50 60 70 80 90 100 110 120 130 140 150 1600

0.5

1

1.5

t in s



Residuals: 80 s ≤ t < 160 sResiduals: 80 s ≤ t < 160 sResiduals: 80 s ≤ t < 160 sAgent 2 remains at his state and the other agents follow with respect to the newinput. However, the UIOs expect also agent 2 to decent his water level. Thus,the state estimation error of the UIOs which are sensitive to agent 2 become worseand the respective residuals increase. Also the residuals of the UIOs which areinsensitive to agent 2 increase slightly due to the fact that the model uncertaintycauses the state estimation error dynamics to be also a function of the states of theobserved system. Equation (3.4) is relevant for this actual situation. Therefore, theattack is detected at approximately t = 82 s which is very late in comparison to thescenario before. This is because the attack is stealthy. An deflection of the systemis needed to uncover the attack. Thus, the actual delay for the detection is about 2s.


0 10 20 30 40 50 60 70 80 90 100 110 120 130 140 150 1600

0.5

1

1.5

t in s



0 10 20 30 40 50 60 70 80 90 100 110 120 130 140 150 1600

0.5

1

1.5

t in s



5.3 Bias Injection Attack on Line Topology

The third experiment is going to consider the bias injection attack on the line topol-ogy of the coupled water tank system.

Water Levels: 0 s ≤ t < 60 sWater Levels: 0 s ≤ t < 60 sWater Levels: 0 s ≤ t < 60 sAll agent systems are in steady state for a constant set point uset

(t) = 13 cm withinthe whole time interval. The attack has not started yet. The course of the waterlevels of each agent is showed in Figure 5.18.

Water Levels: 60 s ≤ t < 120 sWater Levels: 60 s ≤ t < 120 sWater Levels: 60 s ≤ t < 120 sThe set point function has changed to uset

(t) = 9 cm. Agent 1 descends its waterlevel first while the other agents follow in the respected order. The limitation of thecontroller becomes clearly visible here. Actually, all water levels should approach 9cm. Due to the steady state error, they approach different states.

Water Levels: 120 s ≤ t < 160 sWater Levels: 120 s ≤ t < 160 sWater Levels: 120 s ≤ t < 160 sThe bias injection attack on agent 2 has started. The water levels which are trans-mitted from agent 1 and 3 to agent 2 get attacked by the injection of a bias of −4 cmin each state. Thus, agent 2 sees agent 1 and 3 4 cm below their actual water levelof 10.5 cm and 11.5 cm. Therefore, agent 2 descends its water level from t > 120down to 7 cm while the other agents follow.

Residuals: 0 s ≤ t < 60 sResiduals: 0 s ≤ t < 60 sResiduals: 0 s ≤ t < 60 sFigures 5.19 and 5.20 show the residuals of the observer bank of agent 1 and 5.21

5.3. BIAS INJECTION ATTACK ON LINE TOPOLOGY 65

0 10 20 30 40 50 60 70 80 90 100 110 120 130 140 150 1606

8

10

12

t in s


Figure 5.18: Bias Attack (Line Topology): Water Levels of Agent 1, 2 and 3

0 10 20 30 40 50 60 70 80 90 100 110 120 130 140 150 1600

0.5

1

1.5

t in s



0 10 20 30 40 50 60 70 80 90 100 110 120 130 140 150 1600

0.5

1

1.5

t in s



and 5.22 show the outputs of the residual generator at agent 3. Each agent is close tothe operation point and thus, the model which is observed by the UIOs is accurate.Mainly the noise disturbs the residuals. Due to the noise tolerance value in thethreshold generator, an attack is not detected.

Residuals: 60 s ≤ t < 120 sResiduals: 60 s ≤ t < 120 sResiduals: 60 s ≤ t < 120 sThe agents are not in the operation point any more. Thus, the linearization error hasincreased and is deducted from the noise in the residuals. The threshold functions


are also affected by the set point change and are still greater than the residuals.

0 10 20 30 40 50 60 70 80 90 100 110 120 130 140 150 1600

0.5

1

1.5

t in s



Residuals: 120 s < t ≤ 160 sResiduals: 120 s < t ≤ 160 sResiduals: 120 s < t ≤ 160 sThe bias injection attack at agent 2 has started. The other agents in the networkdetect the attack straight after it has started. While the residual insensitive to agent2 remains smaller than the threshold function, the residual insensitive to agent 3becomes greater than the threshold. Thus, agent 1 detects an attack at agent 2.Agent 3 also detects the attack because the residual insensitive to agent 2 stayssmaller than the threshold function while the other residual not. Both agents detectthe attack.

0 10 20 30 40 50 60 70 80 90 100 110 120 130 140 150 1600

0.5

1

1.5

t in s



5.4 Replay Attack on Line Topology

The last experiment is going to consider the replay attack on the line topology ofthe coupled water tank system.

Water Levels: 0 s ≤ t < 40 sWater Levels: 0 s ≤ t < 40 sWater Levels: 0 s ≤ t < 40 sPhase I) of the replay attack on agent 2 has started. The invader records the datawhich is sent from agent 2 to agent 1 and 3. All water levels are at 13 cm and theset point function uset

(t) = 13 cm is constant for the whole time interval. Figure 5.23shows the course of the water levels of each agent.

Water Levels: 40 s ≤ t < 80 sWater Levels: 40 s ≤ t < 80 sWater Levels: 40 s ≤ t < 80 sPhase II) of the replay attack on agent 2 has started. The invader suppresses the

5.4. REPLAY ATTACK ON LINE TOPOLOGY 67

0 10 20 30 40 50 60 70 80 90 100 110 120 130 140 150 1600

5

10

t in s

x1(t) in cmx2(t) in cmx3(t) in cmx2(t) in cm

Figure 5.23: Replay Attack (Line Topology): Water Levels of Agent 1, 2 and 3

signals sent from agent 2 and transmits his recorded data to agent 1 and 3. At thesame time, he injects a bias of −13 cm in the states which are sent from agent 1 and3 to agent 2. The compromised channels are equal to that one which were used bythe bias injection attacker. The solid green line x2(t) is the state of agent 2 whichis seen by agent 1 and 3 while the dashed green line x2(t) refers to the real stateof agent 2, meaning the true water level. The solid and green dashed line begin todiffer in its course from t > 40 s, since phase II) of the replay attack has started.

Water Levels: 80 s ≤ t < 160 sWater Levels: 80 s ≤ t < 160 sWater Levels: 80 s ≤ t < 160 sThe set point function is set from 13 cm to 9 cm. Thus, agent 1 decreases his waterlevel. This time, the other agents do not follow because agent 2 is attacked andremains at his water level while agent 3 follows only agent 2. Thus, agent 2 and 3stay at a water level of 13 cm.

0 10 20 30 40 50 60 70 80 90 100 110 120 130 140 150 1600

0.51

1.52

t in s



Residuals: 0 s ≤ t < 40 sResiduals: 0 s ≤ t < 40 sResiduals: 0 s ≤ t < 40 sFigures 5.24 and 5.25 show the output of the residual generator at agent 1 while5.26 and 5.27 show the residuals at agent 3. Each agent is close to the operation


point and thus, the model which is observed by the UIOs is accurate. The stateestimation is very close to the real states.

0 10 20 30 40 50 60 70 80 90 100 110 120 130 140 150 1600

0.51

1.52

t in s



Residuals: 40 s ≤ t < 80 sResiduals: 40 s ≤ t < 80 sResiduals: 40 s ≤ t < 80 sSince agent 1 and 3 receive the recored data from the time interval before and theset point function has not changed, the attack remains again undetected.

0 10 20 30 40 50 60 70 80 90 100 110 120 130 140 150 1600

0.51

1.52

t in s



Residuals: 80 s ≤ t < 160 sResiduals: 80 s ≤ t < 160 sResiduals: 80 s ≤ t < 160 sAgent 2 and 3 remain at their states and agent 1 follows with respect to the newinput. However, the UIOs expect agent 2 to decent his water level as well. Thus,the state estimation error of the UIOs which are sensitive to agent 2 become worseand the residuals increase. Also the residuals of the UIOs which are insensitive toagent 2 increase slightly. This is due to the dependence of the residuals to the actualstates of the MAS.

0 10 20 30 40 50 60 70 80 90 100 110 120 130 140 150 1600

0.51

1.52

t in s



5.4. REPLAY ATTACK ON LINE TOPOLOGY 69

Since the all residuals insensitive to agent 2 are smaller than the thresholds whileall other residuals are greater, the attack is detected at agent 1 and 3.

71

Chapter 6

Summary

In this thesis, the emerging interest for cyber security in MAS with the help ofpotential risks was presented in the motivation in the very beginning of this thesis.It mentioned the vulnerability of MAS and gave an prime example. A techniqueto observe the states of a physical system even in the presence of unknown inputswas introduced and is the basic concept of the method which were used later in thethesis. A recent published FDI approach in MAS was introduced and its performancewas illustrated in examples. The effects of model uncertainty on the presentedFDI technique was analyzed and how it influences the residuals. An approach wasproposed to ensure robustness against model uncertainty but sensitiveness to cyberattacks.

In addition, different possible attacks on a MAS were introduced to provide a bet-ter understanding of the vulnerability of these agent networks and to analyze theinfluence on the residuals. It gained an understanding of the properties of a certaininvader as well as how the residuals have to be interpreted in order to detect andidentify the attack.

The introduced and proposed approaches were applied on a MAS composed of threefirst-order water tank systems. The performance of the fault detection and isolationtechnique as well as the diagnostic system were presented. Moreover, it was shownhow the proposed threshold generator could be made robust to noise. The residualswere analyzed in detail with respect to model uncertainty and noise.

The experimental results showed that the presented FDI approach and the proposeddiagnostic technique guarantee a reliable attack detection in MAS. This was alsodone by considering scenarios where the invader has a certain knowledge and accessto different resources. Even in case of disturbances, caused by model uncertaintyand noise, the proposed approaches showed a great performance and the diagnosticprocess was not compromised at any time.

Further work on diagnostic systems for FDI techniques in MAS could consider the re-cent published approach [STSJ12] which uses imprecise models to design the UIOs.The influence on the residuals could be evaluated and its performance could be

72 CHAPTER 6. SUMMARY

illustrated in implementations. Furthermore, the proposed LMI approach is conser-vative which lowers the sensitiveness. Small injected biases could stay undetected.Moreover, model uncertainty causes the residuals to be also a function of the inputs.Thus, the threshold generator was made robust against this disturbance by intro-ducing a threshold function which is dependent on the inputs as well. However, thisalso causes that the sensitiveness against attacks is scaled up by the absolute valueof the input vector. Further work could consider to normalize the residuals as wellas the threshold function to avoid loss of sensitiveness when the magnitude of theinputs increase.

Taking everything into account, one can say that cyber security in MAS is an emerg-ing research field in control theory. Since almost all electrical systems which peopleuse in their everyday life become more and more intelligent, the demand for con-necting those devices grow. This development also occurs in the industry like smartgrids, vehicle platooning for trucks or other interconnected intelligent systems. Stillit is not foreseeable which effects an attack on MAS could have. However, whenit comes to this point the research field of cyber security in MAS could provide asuitable solution for this problem.

LIST OF FIGURES 73

List of Figures

1.1 Observer-based Approaches . . . . . . . . . . . . . . . . . . . . . . . 8

1.2 Parity Relation Approaches . . . . . . . . . . . . . . . . . . . . . . . 9

2.1 Triangle Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

2.2 Line Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

2.3 Step Response of the MAS given in (2.3) with N = 3 Agents and aTriangle Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

2.4 Step Response of the MAS given in (2.3) with N = 3 Agents and aLine Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

2.5 Schematic illustration of the FDI diagnosis System at each agent . . . 22

2.6 Schematic illustration of an UIO observing a System . . . . . . . . . 24

2.7 FDI in MAS: Altitudes of Agent 1,2 and 3 . . . . . . . . . . . . . . . 27

2.8 FDI in MAS: Outputs of the Observer Bank at Agent 1 . . . . . . . . 28

2.9 FDI in MAS: Outputs of the Observer Bank at Agent 1 . . . . . . . . 28

2.10 Tustin Approximation: partly linear Interpolation . . . . . . . . . . . 29

2.11 Tustin Transformation: Mapping from the s-Domain to the z-Domain 30

3.1 FDI Diagnosis System with a Threshold Generator . . . . . . . . . . 37

3.2 Example 1: Altitudes of Agent 1,2 and 3 . . . . . . . . . . . . . . . . 39

3.3 Residual of UIO11 and Θ11,th,peak(t) . . . . . . . . . . . . . . . . . . . 40



3.6 Example 2: Altitudes of Agent 1,2 and 3 . . . . . . . . . . . . . . . . 42







4.1 Bias Injection Attack on Agent 2 . . . . . . . . . . . . . . . . . . . . 47

4.2 Replay Attack on Agent 2 Phase I) . . . . . . . . . . . . . . . . . . . 49

4.3 Replay Attack on Agent 2 Phase II) . . . . . . . . . . . . . . . . . . . 49

74 LIST OF FIGURES

5.1 Response of the coupled Water Tank System to δuset(t) = −4 cm . . . 55

5.2 Closed-Loop System Response to u(t) = −1V . . . . . . . . . . . . . . 575.3 Bias Injection Attack on the Triangle Topology: Set Point Function . 585.4 Bias Injection Attack (Triangle Topology): Water Levels of Agent 1,

2 and 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 585.5 UIO11: UIO at Agent 1 insensitive to himself . . . . . . . . . . . . . 595.6 UIO12: UIO at Agent 2 insensitive to Agent 2 . . . . . . . . . . . . . 595.7 UIO13: UIO at Agent 1 insensitive to Agent 3 . . . . . . . . . . . . . 605.8 UIO31: UIO at Agent 3 insensitive to Agent 1 . . . . . . . . . . . . . 605.9 UIO32: UIO at Agent 3 insensitive to Agent 2 . . . . . . . . . . . . . 605.10 UIO33: UIO at Agent 3 insensitive to himself . . . . . . . . . . . . . 615.11 Replay Attack (Triangle Topology): Water Levels of Agent 1, 2 and 3 615.12 UIO11: UIO at Agent 1 insensitive to himself . . . . . . . . . . . . . 625.13 UIO12: UIO at Agent 1 insensitive to Agent 2 . . . . . . . . . . . . . 625.14 UIO13: UIO at Agent 1 insensitive to Agent 3 . . . . . . . . . . . . . 635.15 UIO31: UIO at Agent 3 insensitive to Agent 1 . . . . . . . . . . . . . 635.16 UIO32: UIO at Agent 3 insensitive to Agent 2 . . . . . . . . . . . . . 645.17 UIO33: UIO at Agent 3 insensitive to himself . . . . . . . . . . . . . 645.18 Bias Attack (Line Topology): Water Levels of Agent 1, 2 and 3 . . . 655.19 UIO11: UIO at Agent 1 insensitive to himself . . . . . . . . . . . . . 655.20 UIO12: UIO at Agent 1 insensitive to Agent 2 . . . . . . . . . . . . . 655.21 UIO32: UIO at Agent 3 insensitive to Agent 2 . . . . . . . . . . . . . 665.22 UIO33: UIO at Agent 3 insensitive to himself . . . . . . . . . . . . . 665.23 Replay Attack (Line Topology): Water Levels of Agent 1, 2 and 3 . . 675.24 UIO11: UIO at Agent 1 insensitive to himself . . . . . . . . . . . . . 675.25 UIO12: UIO at Agent 1 insensitive to Agent 2 . . . . . . . . . . . . . 685.26 UIO32: UIO at Agent 3 insensitive to Agent 2 . . . . . . . . . . . . . 685.27 UIO33: UIO at Agent 3 insensitive to himself . . . . . . . . . . . . . 68

75

Appendix A

Matrices

A.1 Example 2.3.4

Observer Bank at Agent 1Observer Bank at Agent 1Observer Bank at Agent 1

UIO11 : FFF 1

1=

−5.03 · 10−1 −5.95 · 10−1 −5.95 · 10−1 2.14 −4.73 · 10−1 −4.73 · 10−1

−9.52 · 10−2 −7.19 · 10−1 −1.92 · 10−1 −3.87 · 10−2 1.19 −1.20 · 10−1

−9.52 · 10−2 −1.92 · 10−1 −7.19 · 10−1 −3.87 · 10−2 −1.20 · 10−1 1.19−8.58 · 10−1 4.61 · 10−1 4.61 · 10−1 −2.17 2.37 · 10−1 2.37 · 10−1

5.27 · 10−1 −1.81 8.80 · 10−1 2.37 · 10−1 −2.57 2.97 · 10−2

5.27 · 10−1 8.80 · 10−1 −1.81 2.37 · 10−1 2.97 · 10−2 −2.57

TTT1

1=

5.00 · 10−1 0 0 −5.00 · 10−1 0 00 1.00 0 0 0 00 0 1.00 0 0 0

−5.00 · 10−1 0 0 5.00 · 10−1 0 00 0 0 0 1.00 00 0 0 0 0 1.00

KKK1

1=

2.82 9.52 · 10−2 9.52 · 10−2 1.77 · 10−1 4.73 · 10−1 4.73 · 10−1

2.83 · 10−2 7.19 · 10−1 1.92 · 10−1 −2.83 · 10−2 −1.92 · 10−1 1.20 · 10−1

2.83 · 10−2 1.92 · 10−1 7.19 · 10−1 −2.83 · 10−2 1.20 · 10−1 −1.92 · 10−1

−2.16 3.87 · 10−2 3.87 · 10−2 −8.42 · 10−1 −2.37 · 10−1 −2.37 · 10−1

8.55 · 10−1 −1.92 · 10−1 1.20 · 10−1 1.45 · 10−1 5.74 · 10−1 −2.97 · 10−2

8.55 · 10−1 1.20 · 10−1 −1.92 · 10−1 1.45 · 10−1 −2.97 · 10−2 5.74 · 10−1

HHH1

1=

5.00 · 10−1 0 0 5.00 · 10−1 0 00 0 0 0 0 00 0 0 0 0 0

5.00 · 10−1 0 0 5.00 · 10−1 0 00 0 0 0 0 00 0 0 0 0 0

EEE1

1=

[

1.00 0 0 1.00 0 0]T

76 APPENDIX A. MATRICES

UIO12 : FFF 2

1=

−5.96 · 10−1 −1.04 · 10−1 −1.61 · 10−1 1.26 −4.42 · 10−2 −9.81 · 10−2

−6.04 · 10−1 −6.56 · 10−1 −5.99 · 10−1 −3.84 · 10−1 1.81 −4.18 · 10−1

−1.61 · 10−1 −9.87 · 10−2 −7.18 · 10−1 −8.45 · 10−2 −6.78 · 10−2 1.20−2.74 6.16 · 10−1 9.16 · 10−1 −2.70 1.57 · 10−1 5.08 · 10−2

4.56 · 10−1 −6.91 · 10−1 4.32 · 10−1 1.57 · 10−1 −1.96 1.63 · 10−1

9.02 · 10−1 5.82 · 10−1 −1.80 5.08 · 10−2 1.63 · 10−1 −2.56

TTT2

1=

1.00 0 0 0 0 00 5.00 · 10−1 0 0 −5.00 · 10−1 00 0 1.00 0 0 00 0 0 1.00 0 00 −5.00 · 10−1 0 0 5.00 · 10−1 00 0 0 0 0 1.00

KKK2

1=

5.96 · 10−1 3.00 · 10−2 1.61 · 10−1 −2.64 · 10−1 −3.00 · 10−2 9.81 · 10−2

1.04 · 10−1 2.23 9.87 · 10−2 3.84 · 10−1 2.67 · 10−1 4.18 · 10−1

1.61 · 10−1 1.55 · 10−2 7.18 · 10−1 8.45 · 10−2 −1.55 · 10−2 −1.99 · 10−1

−2.64 · 10−1 7.71 · 10−1 8.45 · 10−2 6.96 · 10−1 2.29 · 10−1 −5.08 · 10−2

4.42 · 10−2 −1.63 6.78 · 10−2 −1.57 · 10−1 −8.67 · 10−1 −1.63 · 10−1

9.81 · 10−2 7.91 · 10−1 −1.99 · 10−1 −5.08 · 10−2 2.09 · 10−1 5.64 · 10−1

HHH2

1=

0 0 0 0 0 00 5.00 · 10−1 0 0 5.00 · 10−1 00 0 0 0 0 00 0 0 0 0 00 5.00 · 10−1 0 0 5.00 · 10−1 00 0 0 0 0 0

EEE2

1=

[

0 1.00 0 0 1.00 0]T

A.1. EXAMPLE 2.3.4 77

UIO13 : FFF 3

1=

−5.96 · 10−1 −1.61 · 10−1 −1.04 · 10−1 1.26 −9.81 · 10−2 −4.42 · 10−2

−1.61 · 10−1 −7.18 · 10−1 −9.87 · 10−2 −8.45 · 10−2 1.20 −6.78 · 10−2

−6.04 · 10−1 −5.99 · 10−1 −6.56 · 10−1 −3.84 · 10−1 −4.18 · 10−1 1.81−2.74 9.16 · 10−1 6.16 · 10−1 −2.70 5.08 · 10−2 1.57 · 10−1

9.02 · 10−1 −1.80 5.82 · 10−1 5.08 · 10−2 −2.56 1.63 · 10−1

4.56 · 10−1 4.32 · 10−1 −6.91 · 10−1 1.57 · 10−1 1.63 · 10−1 −1.96

TTT3

1=

1.00 0 0 0 0 00 1.00 0 0 0 00 0 5.00 · 10−1 0 0 −5.00 · 10−1

0 0 0 1.00 0 00 0 0 0 1.00 00 0 −5.00 · 10−1 0 0 5.00 · 10−1

KKK3

1=

5.96 · 10−1 1.61 · 10−1 3.00 · 10−2 −2.64 · 10−1 9.81 · 10−2 −3.00 · 10−2

1.61 · 10−1 7.18 · 10−1 1.55 · 10−2 8.45 · 10−2 −1.99 · 10−1 −1.55 · 10−2

1.04 · 10−1 9.87 · 10−2 2.23 3.84 · 10−1 4.18 · 10−1 2.67 · 10−1

−2.64 · 10−1 8.45 · 10−2 7.71 · 10−1 6.96 · 10−1 −5.08 · 10−2 2.29 · 10−1

9.81 · 10−2 −1.99 · 10−1 7.91 · 10−1 −5.08 · 10−2 5.64 · 10−1 2.09 · 10−1

4.42 · 10−2 6.78 · 10−2 −1.63 −1.57 · 10−1 −1.63 · 10−1 −8.67 · 10−1

HHH3

1=

0 0 0 0 0 00 0 0 0 0 00 0 5.00 · 10−1 0 0 5.00 · 10−1

0 0 0 0 0 00 0 0 0 0 00 0 5.00 · 10−1 0 0 5.00 · 10−1

EEE3

1=

[

0 0 1.00 0 0 1.00]


Due to the triangle topology, the matrices of the observer bank at agent 3 areidentically to the matrices of the observer bank at agent 1.


A.2 Example 3.4


UIO11 : FFF 1

1=

−4.04 · 10−1 −6.64 · 10−1 −6.64 · 10−1 2.35 −5.00 · 10−1 −5.00 · 10−1

−1.14 · 10−1 −7.00 · 10−1 −2.06 · 10−1 −2.77 · 10−2 1.28 −1.18 · 10−1

−1.14 · 10−1 −2.06 · 10−1 −7.00 · 10−1 −2.77 · 10−2 −1.18 · 10−1 1.28−9.54 · 10−1 5.22 · 10−1 5.22 · 10−1 −2.34 2.57 · 10−1 2.57 · 10−1

6.00 · 10−1 −2.02 9.82 · 10−1 2.57 · 10−1 −2.77 1.75 · 10−2

6.00 · 10−1 9.82 · 10−1 −2.02 2.57 · 10−1 1.75 · 10−2 −2.77

TTT1

1=

5.00 · 10−1 0 0 −5.00 · 10−1 0 00 1.00 0 0 0 00 0 1.00 0 0 0

−5.00 · 10−1 0 0 5.00 · 10−1 0 00 0 0 0 1.00 00 0 0 0 0 1.00

KKK1

1=

3.03 1.14 · 10−1 1.14 · 10−1 2.75 · 10−1 5.00 · 10−1 5.00 · 10−1

4.32 · 10−2 7.00 · 10−1 2.06 · 10−1 −4.32 · 10−2 −1.84 · 10−1 1.18 · 10−1

4.32 · 10−2 2.06 · 10−1 7.00 · 10−1 −4.32 · 10−2 1.18 · 10−1 −1.84 · 10−1

−2.34 2.77 · 10−2 2.77 · 10−2 −9.58 · 10−1 −2.57 · 10−1 −2.57 · 10−1

9.28 · 10−1 −1.84 · 10−1 1.18 · 10−1 1.72 · 10−1 5.65 · 10−1 −1.75 · 10−2

9.28 · 10−1 1.18 · 10−1 −1.84 · 10−1 1.72 · 10−1 −1.75 · 10−2 5.65 · 10−1

HHH1

1=

5.00 · 10−1 0 0 5.00 · 10−1 0 00 0 0 0 0 00 0 0 0 0 0

5.00 · 10−1 0 0 5.00 · 10−1 0 00 0 0 0 0 00 0 0 0 0 0

EEE1

1=

[

1.00 0 0 1.00 0 0]

A.2. EXAMPLE 3.4 79

UIO12 : FFF 2

1=

−5.72 · 10−1 −1.22 · 10−1 −1.71 · 10−1 1.35 −3.65 · 10−2 −9.61 · 10−2

−6.72 · 10−1 −5.82 · 10−1 −6.69 · 10−1 −3.99 · 10−1 1.99 −4.36 · 10−1

−1.71 · 10−1 −1.19 · 10−1 −6.98 · 10−1 −8.09 · 10−2 −6.03 · 10−2 1.29−3.05 7.01 · 10−1 1.02 −2.88 1.66 · 10−1 4.05 · 10−2

5.13 · 10−1 −7.63 · 10−1 4.90 · 10−1 1.66 · 10−1 −2.10 1.75 · 10−1

1.00 6.64 · 10−1 −2.01 4.05 · 10−2 1.75 · 10−1 −2.75

TTT2

1=

1.00 0 0 0 0 00 5.00 · 10−1 0 0 −5.00 · 10−1 00 0 1.00 0 0 00 0 0 1.00 0 00 −5.00 · 10−1 0 0 5.00 · 10−1 00 0 0 0 0 1.00

KKK2

1=

5.72 · 10−1 4.28 · 10−2 1.71 · 10−1 −2.52 · 10−1 −4.28 · 10−2 9.61 · 10−2

1.22 · 10−1 2.38 1.19 · 10−1 3.99 · 10−1 3.65 · 10−1 4.36 · 10−1

1.71 · 10−1 2.94 · 10−2 6.98 · 10−1 8.09 · 10−2 −2.94 · 10−2 −1.92 · 10−1

−2.52 · 10−1 8.32 · 10−1 8.09 · 10−2 6.81 · 10−1 2.68 · 10−1 −4.05 · 10−2

3.65 · 10−2 −1.77 6.03 · 10−2 −1.66 · 10−1 −9.83 · 10−1 −1.75 · 10−1

9.61 · 10−2 8.55 · 10−1 −1.92 · 10−1 −4.05 · 10−2 2.45 · 10−1 5.54 · 10−1

HHH2

1=

0 0 0 0 0 00 5.00 · 10−1 0 0 5.00 · 10−1 00 0 0 0 0 00 0 0 0 0 00 5.00 · 10−1 0 0 5.00 · 10−1 00 0 0 0 0 0

EEE2

1=

[

0 1.00 0 0 1.00 0]


UIO13 : FFF 3

1=

−5.72 · 10−1 −1.71 · 10−1 −1.22 · 10−1 1.35 −9.61 · 10−2 −3.65 · 10−2

−1.71 · 10−1 −6.98 · 10−1 −1.19 · 10−1 −8.09 · 10−2 1.29 −6.03 · 10−2

−6.72 · 10−1 −6.69 · 10−1 −5.82 · 10−1 −3.99 · 10−1 −4.36 · 10−1 1.99−3.05 1.02 7.01 · 10−1 −2.88 4.05 · 10−2 1.66 · 10−1

1.00 −2.01 6.64 · 10−1 4.05 · 10−2 −2.75 1.75 · 10−1

5.13 · 10−1 4.90 · 10−1 −7.63 · 10−1 1.66 · 10−1 1.75 · 10−1 −2.10

TTT3

1=

1.00 0 0 0 0 00 1.00 0 0 0 00 0 5.00 · 10−1 0 0 −5.00 · 10−1

0 0 0 1.00 0 00 0 0 0 1.00 00 0 −5.00 · 10−1 0 0 5.00 · 10−1

KKK3

1=

5.72 · 10−1 1.71 · 10−1 4.28 · 10−2 −2.52 · 10−1 9.61 · 10−2 −4.28 · 10−2

1.71 · 10−1 6.98 · 10−1 2.94 · 10−2 8.09 · 10−2 −1.92 · 10−1 −2.94 · 10−2

1.22 · 10−1 1.19 · 10−1 2.38 3.99 · 10−1 4.36 · 10−1 3.65 · 10−1

−2.52 · 10−1 8.09 · 10−2 8.32 · 10−1 6.81 · 10−1 −4.05 · 10−2 2.68 · 10−1

9.61 · 10−2 −1.92 · 10−1 8.55 · 10−1 −4.05 · 10−2 5.54 · 10−1 2.45 · 10−1

3.65 · 10−2 6.03 · 10−2 −1.77 −1.66 · 10−1 −1.75 · 10−1 −9.83 · 10−1

HHH3

1=

0 0 0 0 0 00 0 0 0 0 00 0 5.00 · 10−1 0 0 5.00 · 10−1

0 0 0 0 0 00 0 0 0 0 00 0 5.00 · 10−1 0 0 5.00 · 10−1

EEE3

1=

[

0 0 1.00 0 0 1.00]



A.3. EXPERIMENTS 81

A.3 Experiments

The following matrices are for the UIOs used in the experiments and valid for thetime-continuous domain.

A.3.1 Triangle Topology


UIO11 : FFF11 =

−8.48 · 10−1 −3.62 · 10−1 −3.86 · 10−18.37 · 10−1 −2.90 8.77 · 10−1

1.07 1.13 −3.41

TTT 11 =

0 0 00 1.00 00 0 1.00

KKK11 =

0 3.62 · 10−1 3.86 · 10−11.20 4.51 · 10−1 3.23 · 10−11.45 3.23 · 10−1 4.41 · 10−1

HHH11 =

1.00 0 00 0 00 0 0

EEE11 =

[

1.00 0 0]

UIO12 : FFF21 =

−1.63 2.27 · 10−1 1.70 · 10−1−1.66 · 10−1 −9.18 · 10−1 −3.60 · 10−1

1.23 1.09 −3.36

TTT 21 =

1.00 0 00 0 00 0 1.00

KKK21 =

4.35 · 10−1 3.93 · 10−1 2.23 · 10−11.66 · 10−1 0 3.60 · 10−12.23 · 10−1 1.45 3.97 · 10−1

HHH21 =

0 0 00 1.00 00 0 0

EEE21 =

[

0 1.00 0]


UIO13 : FFF31 =

−1.63 1.79 · 10−1 2.27 · 10−19.86 · 10−1 −2.85 8.62 · 10−1−1.66 · 10−1 −3.37 · 10−1 −9.27 · 10−1

TTT 31 =

1.00 0 00 1.00 00 0 0

KKK31 =

4.34 · 10−1 2.14 · 10−1 3.93 · 10−12.14 · 10−1 4.08 · 10−1 1.201.66 · 10−1 3.37 · 10−1 0

HHH31 =

0 0 00 0 00 0 1.00

EEE31 =

[

0 0 1.00]



A.3.2 Line Topology


UIO11 : FFF11 =

−9.22 · 10−1 −3.86 · 10−1 01.17 −3.63 1.56

−2.06 · 10−1 1.53 −1.95

TTT 11 =

0 0 00 1.00 00 0 1.00

KKK11 =

0 3.86 · 10−11.56 4.67 · 10−10 3.58 · 10−1

HHH11 =

1.00 00 00 0

EEE11 =

[

1.00 0 0]

A.3. EXPERIMENTS 83

UIO12 : FFF21 =

−1.50 3.09 · 10−1 0−2.02 · 10−1 −9.79 · 10−1 0−1.67 · 10−1 1.27 −1.95

TTT 21 =

1.00 0 00 0 00 0 1.00

KKK21 =

4.60 · 10−1 5.11 · 10−12.02 · 10−1 01.67 · 10−1 1.89

HHH21 =

0 00 1.000 0

EEE21 =

[

0 1.00 0]


UIO31 : FFF13 =

−1.04 3.14 · 10−1 −1.47 · 10−10 −8.74 · 10−1 −4.86 · 10−10 1.40 −2.53

TTT 13 =

1.00 0 00 0 00 0 1.00

KKK13 =

5.11 · 10−1 1.47 · 10−10 4.86 · 10−1

1.89 5.81 · 10−1

HHH13 =

0 01.00 00 0

EEE13 =

[

0 1.00 0]


UIO32 : FFF23 =

−1.04 2.59 · 10−1 −4.47 · 10−21.56 −3.57 1.220 −3.40 · 10−1 −9.40 · 10−1

TTT 23 =

1.00 0 00 1.00 00 0 0

KKK23 =

2.51 · 10−1 04.05 · 10−1 1.563.40 · 10−1 0

HHH23 =

0 00 00 1.00

EEE23 =

[

0 0 1.00]

85

Appendix B

Mathematical Tools

B.1 The S-procedureThere exist problems where a quadratic function has to be negative whenever otherquadratic functions are all negative. According to [BGFB94], this can be expressedas an LMI that is a conservative but often a useful approximation of the constraint.Especially, the S-procedure for quadratic forms and strict inequalities is of interesthere.

Lemma B.1.1 Let TTT 0, ...,TTT p ∈ Rn×n be symmetric matrices. The following condi-

tions on TTT 0, ...,TTT p are considered:

ζζζTT0ζζζ > 0 ∀ζζζ 6= 000 such that ζζζTTTT iζζζ ≥ 0, ∀i ∈ 1, .., p (B.1)

If there exists

τ1 ≥ 0, ..., τp ≥ 0 such that TTT 0 −p

∑

i=1

τiTTT i > 0, (B.2)

then (B.1) holds. If p = 1, the converse holds if there exists ζ0 such that ζζζT0TTT 1ζζζ0 > 0.

86 APPENDIX B. MATHEMATICAL TOOLS

BIBLIOGRAPHY 87

Bibliography

[BGFB94] Stephen Boyd, Laurent El Ghaoui, Eric Feron, and VenkataramananBalakrishnan. volume 15 of Studies in Applied Mathematics. SIAM,Philadelphia, PA, June 1994.

[CP99] Jie Chen and Ron J. Patton. Robust model-based fault diagnosis for dy-namic systems. Kluwer Academic Publishers, Norwell, MA, USA, 1999.

[Din08] Steven X. Ding. Model-based Fault Diagnosis Techniques: DesignSchemes, Algorithms, and Tools. Springer, 2008.

[Fri01] Erik Frisk. Residual Generation for Fault Diagnosis. PhD thesis,Linkopings Universitet, 2001.

[GM95] Janos J. Gertler and Ramin Monajemy. Generating directional residualswith dynamic parity relations. Automatica, 31(4):627–635, 1995.

[Inc] Quanser Inc. Coupled water tanks - datasheet. Technical report,http://www.quanser.com/english/downloads/products/Specialty/ Cou-pledTanks PIS 031708.pdf.

[OsFM07] Reza Olfati-saber, J. Alex Fax, and Richard M. Murray. Consensus andcooperation in networked multi-agent systems. In Proceedings of theIEEE, page 2007, 2007.

[PDB11] Fabio Pasqualetti, Florian Dorfler, and Francesco Bullo. Cyber-physicalattacks in power networks: Models, fundamental limitations and monitordesign. In Proc. of the 50th IEEE Conf. on Decision and Control andEuropean Control Conference, Orlando, FL, USA, Dec. 2011.

[STSJ10] Iman Shames, Andre Teixeira, Henrik Sandberg, and Karl H. Johansson.Distributed fault detection for interconnected second-order systems withapplications to power networks. In Preprints of the First Workshop onSecure Control Systems, CPSWEEK 2010, Stockholm, Sweden, 2010. QC20120213.

88 BIBLIOGRAPHY

[STSJ12] Iman Shames, Andre Teixeira, Henrik Sandberg, and Karl H. Johansson.Distributed fault detection and isolation with imprecise network models.In American Control Conference, Montreal, Canada, 2012.

[sW97] Karl J. Astrom and Bjorn Wittenmark. Computer-controlled systems:theory and design; 3rd ed. Prentice-Hall information and system sciencesseries. Prentice-Hall, Upper Saddle River, NJ, 1997.

[TPSJ12] Andre Teixeira, Daniel Perez, Henrik Sandberg, and Karl Henrik Jo-hansson. Attack models and scenarios for networked control systems. InHiCoNS’12 - Proceedings of the 1st ACM International Conference onHigh Confidence Networked Systems, pages 55–64, 2012. QC 20120613.

[TSJ10] Andre Teixeira, Henrik Sandberg, and Karl H. Johansson. Networkedcontrol systems under cyber attacks with applications to power networks.In 2010 AMERICAN CONTROL CONFERENCE, Proceedings of theAmerican Control Conference, pages 3690–3696, 2010. QC 20110415.

[ZD07] Ping Zhang and Steven X. Ding. A model-free approach to fault detectionof continuous-time systems based on time domain data. InternationalJournal of Automation and Computing, 4(2):189, 2007.

uncertainty analysis of a fault detection and isolation ...562637/fulltext01.pdf · uncertainty...

Documents