Secure Coordination Control of Networked Robotic Systems: From a Control Theory Perspective [2024 ed.] 981999358X, 9789819993581

Citation preview

Xiaolei Li · Jiange Wang · Xiaoyuan Luo · Xinping Guan

Secure Coordination Control of Networked Robotic Systems From a Control Theory Perspective

Secure Coordination Control of Networked Robotic Systems

Xiaolei Li • Jiange Wang • Xiaoyuan Luo • Xinping Guan

Secure Coordination Control of Networked Robotic Systems From a Control Theory Perspective

Xiaolei Li Institute of Electrical Engineering Yanshan University Qinhuangdao, Hebei, China

Jiange Wang Institute of Electrical Engineering Yanshan University Qinhuangdao, Hebei, China

Xiaoyuan Luo Institute of Electrical Engineering Yanshan University Qinhuangdao, Hebei, China

Xinping Guan Department of Automation Shanghai Jiao Tong University Shanghai, China

ISBN 978-981-99-9358-1 ISBN 978-981-99-9359-8 https://doi.org/10.1007/978-981-99-9359-8

(eBook)

© The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2024 This work is subject to copyright. All rights are solely and exclusively licensed by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. The publisher, the authors, and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, expressed or implied, with respect to the material contained herein or for any errors or omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in published maps and institutional affiliations. This Springer imprint is published by the registered company Springer Nature Singapore Pte Ltd. The registered company address is: 152 Beach Road, #21-01/04 Gateway East, Singapore 189721, Singapore Paper in this product is recyclable.

This work is dedicated to My kid, Ziyi Li, and My parents, Jingyun Li and Fengxiang Zhao – Xiaolei Li My parents, Chunhuai Wang and Liying Wang – Jiange Wang

Preface

As one of the core equipment and actuators, robotic technology has attracted much attention and has made great progress. However, a single robotic system is often unable to handle complex tasks due to limitations in sensors, microprocessors, actuators, and the ability to handle complex situations. With the development of distributed control and microprocessing technology, networked robotic systems have greatly expanded their perceptual, computational, and execution capabilities, with high efficiency, low cost, and strong functionality advantages. As a typical distributed cyber-physical system (DCPS), which is an intelligent system that integrates computing, communication, and control, networked robotic systems can perform higher-level tasks by sharing information and working together. It can provide intelligent control and monitoring of a physical process, such as environment observation, information collection, and search and rescue, etc. Thus cooperative control of networked robotic systems has become the focus of scholars worldwide. However, the sensing, communication, and control integration of networked robotic systems make them face unprecedented network security threats, in which cyber attacks have become a major hidden danger to the reliable operation of autonomous unmanned systems. Although existing control methods can achieve swarm collaborative control of networked robotic systems, the protection of which, especially the security of control systems, is rarely addressed. In this book, we conduct research on the security cooperative control of networked robotic systems, given the limited communication bandwidth and the increasingly prominent network security threats. This problem, although important for the protection of networked robotic systems, has not received enough attention and is not easy to solve. Different from traditional fault-tolerant control problems, cyber attack signals are usually carefully designed by attackers, which are more harmful and stealthier, and will not only affect the information interaction of the robot network but also affect the physical layer of networked robotic systems. This problem becomes more complicated when considering the limited communication bandwidth in the cyber layer. In view of this, we first introduce the basic cooperative control problem of networked robotic systems, briefly review the research progress of the secure cooperative control problem, and give the basic mathematical tools needed. Then, we consider the vii

viii

Preface

continuous-time secure cooperative control design problem of networked robotic systems under Denial-of-Service (DoS) attacks. It is worth noting that the DoS attack will block the normal communication channel, and when it is coupled with the widespread system model uncertainties and disturbances, it will make the cooperative control problem of networked robotic systems more complicated. To this end, we propose a hierarchical control framework that decouples cyber attacks from physical constraints, thereby simplifying the cooperative control design issue. Then, we design a security cooperative control method that does not depend on the DoS attack parameters, gives the algebraic stability condition without needing to solve the linear matrix inequalities (LMI), and realizes the secure coordination control of the networked robotic systems under unknown DoS attacks. Furthermore, we also study the secure controller design problem based on the event-triggered communication and control methods for the limited bandwidth of the robotic network and realize the secure cooperation of the robots under synchronous and asynchronous DoS attacks. Finally, we propose a norm-based secure decisionmaking and adaptive control method for networked robotic systems with malicious nodes, which ensures the secure coordination of high-dimensional nonlinear networked robotic systems. The rich content of this book provides systematic guidance and a theoretical basis for the design of security cooperative control of networked robotic systems. This book can also provide a reference for researchers in the fields of control science and engineering, robotics, etc. Understanding this book requires knowledge of basic robotic theory and nonlinear control theory. This book contains ten chapters. Chapter 1 firstly summarizes the research background of cooperative control and secure cooperative control of networked robotic systems, as well as gives the contributions of this book, and then presents the basic knowledge of algebraic graph theory and necessary technical tools. Chapter 2 considers the secure coordination control problem of networked robotic systems under DoS attacks. A novel hierarchical control framework is proposed and the closed-loop stability conditions are presented based on the multidimensional small gain method. Chapter 3 continues Chap. 2 to consider the impact of external disturbances, an adaptive controller with a sliding-mode-like mechanism and a new auxiliary system are designed such that the secure cooperative control of networked robotic systems under the DoS attacks and external disturbances is guaranteed. In Chap. 4, to achieve leader tracking for networked robotic systems, a predictor-based secure cooperative controller is designed, which can realize the secure tracking control of networked robotic systems independent of the duration and frequency of DoS attacks. Chapter 5 continues Chap. 4 to investigate the leaderless synchronization problem of networked robotic systems under DoS attacks. Compared with the results in Chap. 4, the method in this chapter does not require the prediction mechanism of the leader’s state and can handle sampled interaction data. It is worth noting that the communication bandwidth and computing resources of the robotic network are generally limited, thus we further consider the security cooperative control problem of the networked robotic systems under DoS attacks based on event-triggered communication in Chap. 6. Chapter 7 further proposes a secure collaborative control method for networked robotic systems based on

Preface

ix

a dynamic event-triggered communication mechanism. Compared with the static event-triggered control method in Chap. 6, this chapter’s method can achieve higher resource utilization efficiency and more flexibility in system design requirements. Chapter 8 continues Chaps. 6 and 7 to further propose an event-triggered communication mechanism and a self-triggered secure cooperative control scheme under asynchronous DoS attacks for the networked robotic systems, so as to further save communication and computing resources. Then, Chap. 9 considers the cooperative control of networked robotic systems with malicious nodes, which may mislead the coordination process of the robots. To this end, a norm-based secure decisionmaking method is proposed, and then an adaptive secure cooperative controller is constructed to ensure the secure synchronization of the networked robotic systems. Finally, Chap. 10 presents some future research directions. This book was supported in part by the National Natural Science Foundation of China under Grants 62103352, 61903319, 62033011, and 62273294. We would like to acknowledge Prof. Jing Yan, Prof. Shaobao Li, and Prof. Yana Yang for their valuable discussions. We would also like to thank doctoral student Yuliang Fu, graduate students Ruiyang Gao, Ke Shang, Pengfei Yang, Siran Wang, and undergraduate student Tong Zhang for their efforts in proofreading the book. Qinhuangdao, China Qinhuangdao, China Qinhuangdao, China Shanghai, China September 2023

Xiaolei Li Jiange Wang Xiaoyuan Luo Xinping Guan

Contents

1

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.1 Introduction to Networked Robotic Systems . . . . . . . . . . . . . . . . . . . . . . . 1.2 Secure Cooperative Control of Networked Robotic Systems . . . . . . 1.2.1 Secure Time-Triggered Cooperative Control of Robots. . . . 1.2.2 Secure Event-Triggered Cooperative Control of Robots . . . 1.3 Research Challenges and Contributions of This Book . . . . . . . . . . . . . 1.4 Mathematical Preliminaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.4.1 Notations and Definitions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.4.2 Algebraic Graph Theory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.4.3 Stability Theory and Technical Tools . . . . . . . . . . . . . . . . . . . . . . . References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2

Secure Cooperative Control for Networked Robotic Systems Under DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.2 Preliminaries and Problem Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.2.1 Problem Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.2.2 DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.3 Cooperative Control Design for Networked Robotic Systems Without DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.4 Secure Cooperative Control Design for Networked Robotic Systems with DoS Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.5 Simulation Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.6 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

3

Secure Cooperative Control for Networked Robotic Systems with Disturbances and DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.2 Preliminaries and Problem Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.2.1 Networked Robotic Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.2.2 DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

1 1 6 7 16 19 23 23 24 27 30 37 37 40 40 42 45 51 61 62 64 67 67 69 69 71 xi

xii

Contents

3.2.3 Technical Lemmas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Secure Control Design and Analysis of Networked Robotic Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.3.1 Secure Control Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.3.2 Control Parameters Selection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.4 Simulation Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.5 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

72

3.3

4

5

6

Secure Tracking for Networked Robotic Systems Under DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.2 Preliminaries and Problem Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.2.1 Networked Robotic Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.2.2 DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.3 Secure Control Scheme Design and Resilience Analysis . . . . . . . . . . 4.3.1 Resilient Control Scheme. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.3.2 Resilient Analysis of the Control Scheme . . . . . . . . . . . . . . . . . . 4.4 Simulation Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.5 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Jamming-Resilient Coordination of Networked Robotic Systems with Quantized Sampling Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.2 Preliminaries and Problem Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.2.1 Problem Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.2.2 Filippov Solution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.2.3 Jamming Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.3 Adaptive Secure Coordination and Stability Analysis. . . . . . . . . . . . . . 5.3.1 Cooperative Control Design for Networked Robotic Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.3.2 Stability Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.4 Simulation Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.4.1 Case 1: No Jamming Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.4.2 Case 2: Resilient Synchronization Under Jamming Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.5 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Event-Based Secure Coordination of Networked Robotic Systems Under DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.2 Preliminaries and Problem Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.2.1 DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.2.2 The Problem Formulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

73 73 85 86 90 91 95 95 97 97 99 100 100 102 110 113 116 119 119 121 121 122 122 124 124 127 133 134 135 137 139 143 143 145 145 147

Contents

Event-Triggered Secure Control Design and Resilience Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.3.1 Event-Triggered Data Update Policy. . . . . . . . . . . . . . . . . . . . . . . . 6.3.2 Event-Triggered Consensus Under DoS Attacks . . . . . . . . . . . 6.3.3 Control Design Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.4 Simulation Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.5 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

xiii

6.3

7

8

9

Dynamic Event-Based Secure Coordination of Networked Robotic Systems Under DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.2 Preliminaries and Problem Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.2.1 DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.2.2 Problem Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.3 Dynamic Event-Triggered Secure Control Design for Networked Robotic Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.3.1 Control Design in the Absence of DoS Attacks . . . . . . . . . . . . 7.3.2 Control Design and Analysis in the Presence of DoS Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.4 Simulation Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.5 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Self-Triggered Secure Coordination of Networked Robotic Systems Under Asynchronous DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.2 Preliminaries and Problem Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.2.1 Networked Robotic Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.2.2 DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.2.3 Problem Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.3 Continuous Resilient Controller Design over Event-Triggered Communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.4 Self-Triggered Secure Controller Design over Event-Triggered Communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.5 Simulation Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.6 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Secure Coordination of Networked Robotic Systems with Adversarial Nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.2 Preliminaries and Problem Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.2.1 Networked Robotic Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.2.2 Attack Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.2.3 Problem Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

148 148 153 157 158 163 163 165 165 167 167 169 169 169 174 178 181 182 185 185 187 187 187 189 189 196 199 205 209 211 211 213 213 214 215

xiv

10

Contents

9.3 9.4 9.5

Resilient Decision Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Resilient Coordination Control Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Simulation Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.5.1 Simulation Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.6 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

215 218 223 223 228 228

Future Research Directions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10.1 Event-Based Secure Coordination of Networked Robotic Systems Under Multisource Cyber Attacks . . . . . . . . . . . . . . . . . . . . . . . . . 10.2 Secure Coordination of Underwater Cyber-physical Systems . . . . . 10.3 Distributed Source Seeking of Networked Robotic Systems with Unreliable Communication. . . . . . . . . . . . . . . . . . . . . . . . . . . References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

231 231 233 234 236

Symbols and Acronyms

Mathematics Symbol R R+ N Z+ Rn Rn×m AT A = AT det(A) Rank(A) λmax (A) λmin (A) I 0 A ∅ diag{A} · ∈ → ⊗

Real number set Positive real number set Natural number set Positive integer number set n-dimensional real Euclidean space Space of n × m real matrices Transpose of matrix A ∈ Rm×n A is a real symmetric matrix Determinant of matrix A Rank of matrix A Largest eigenvalue of matrix A Smallest eigenvalue of matrix A Identity matrix Zero matrix System matrix Empty set Diagonal matrix of matrix A Euclidean norm Belong to Tend to, or mapping to (case sensitive) Matrix Kronecker product

Acronym DCPS WSN

Distributed cyber-physical system Wireless sensor network xv

xvi

AUV UAV DoS LMI MAS ISS IOS MSR W-MSR ETC DETC STC ZOH

Symbols and Acronyms

Autonomous underwater vehicle Unmanned aerial vehicle Denial-of-service Linear matrix inequalities Multi-agent system Input-to-state stability Input-to-output stability Mean-subsequence reduced Weighted mean subsequence reduced Event-triggered control Dynamic event-triggered control Self-triggered control Zero-order-holder

Chapter 1

Introduction

Abstract This chapter presents the definition, architecture, and characteristics of networked robotic systems. Then the secure time-triggered and event-triggered cooperative control problems of the networked robotic systems are briefly reviewed. Then the research challenges and contributions of this book are summarized. The basic mathematical preliminaries on graph theory and control theory tools used in this book are also presented in this chapter. Keywords CPS · Networked robotic systems · Security cooperative control · DoS attack · Adversarial attack

1.1 Introduction to Networked Robotic Systems As a typical cyber-physical system (CPS), networked robotic systems refer to a collection of robotic devices or agents that are interconnected through a network, allowing them to communicate, share information, and coordinate their actions [1, 2]. These systems combine robotics with networked communication technologies to enable robots to work together or with other devices, often remotely, to perform tasks and achieve objectives [3, 4]. As shown in Fig. 1.1, here are some key components and characteristics of networked robotic systems. Robots Networked robotic systems consist of physical robots or autonomous agents. These robots can vary in type and capabilities, including ground robots, drones, industrial robots, and even virtual robots in some cases. Networking The robots within the system are connected through a network infrastructure, which can be wired or wireless. This network enables data exchange, real-time communication, and remote control between robots and other connected devices. Sensors Robots in these systems are typically equipped with various sensors, such as cameras, LiDAR, GPS, accelerometers, and environmental sensors. These sensors allow the robots to perceive their environment, collect data, and make informed decisions. © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2024 X. Li et al., Secure Coordination Control of Networked Robotic Systems, https://doi.org/10.1007/978-981-99-9359-8_1

1

2

1 Introduction

Sensing/ Communication Networking

Controller

Cyber Layer Output/State

Observer

Physical Layer Envirement Envirement

Sensors

_ Reference +

Actuator

Robots

Fig. 1.1 Schematic diagram of networked robotic systems

Actuators Networked robotic systems can actuate cooperatively to perform tasks that are challenging or impossible for a single robot to accomplish. They can share workloads, coordinate actions, and work together efficiently. Controller Depending on the system’s architecture, there may be centralized control, where a central server or operator manages and coordinates all the robots, or decentralized/distributed control, where robots cooperate autonomously based on shared information. Observer An observer or estimate often is embedded into a robotic system such that the unmeasured/noisy states can be reconstructed. Examples of networked robotic systems include networked unmanned aerial vehicles (UAVs) [5], networked autonomous underwater vehicles (AUVs) [6], networked autonomous ground vehicles (AGVs) [7], and other networked robotic systems [8], which are used in a wide range of applications, including industrial automation, agriculture, search and rescue, surveillance, healthcare, logistics, and more. In essence, networked robotic systems leverage the power of connectivity and collaborative capabilities to enhance efficiency, safety, and the range of tasks that robots can perform in various domains [1]. Networked robotic systems have several characteristics and advantages that make them valuable in various applications, as shown in Fig. 1.2. Here are some key characteristics and advantages of the networked robotic systems: Connectivity Networked robotic systems are characterized by their ability to connect to and communicate with each other and external devices or systems through networks, such as the Internet or local wireless networks. Cooperation and collaboration These systems can work together in a collaborative manner. Multiple robots can share information, coordinate actions, and collaborate on complex tasks. This is particularly useful in scenarios like swarm robotics or multi-robot teams.

1.1 Introduction to Networked Robotic Systems

Cooperation and Collaboration

a

3

Uncertain and Unreliable environment

Robot 3 Robot 1

Subsystems or coalitions

Robot 2 Active interactions

Scalability

Passive interactions

Self-organized relationships

Fig. 1.2 Structure and features of the networked robotic systems

Autonomy Networked robots can possess varying degrees of autonomy, from basic teleoperation to advanced autonomous behaviors. This adaptability allows them to handle different tasks and environments. Scalability Networked robot systems can be scaled up or down easily. The robots in the system can be easily expanded or customized to meet changing needs and requirements. Robustness Networked robot systems can perform tasks in hazardous environments, reducing the risk to human operators. For example, they are used in search and rescue missions, handling hazardous materials, and exploring dangerous locations. In summary, networked robotic systems offer a range of characteristics and advantages that make them valuable in various domains, from improving efficiency and safety to enabling real-time data-driven decision-making and adapting to diverse operational scenarios. In addition, as with any cyber-physical systems, cybersecurity is of utmost importance for networked robotic systems, and thus security defense strategies are needed to protect the system from unauthorized access, data tampering, or other cyber threats, which are usually achieved through cyberattacks. Some types of typical cyberattacks are summarized and analyzed in Fig. 1.3. For example, denial-of-service (DoS) attacks can overwhelm the communication channels used by networked robots, making it difficult for them to exchange data, commands, and information [9]. This disrupts the coordination and collaboration among robots. In some time-critical applications, such as autonomous vehicles or medical robotics, DoS attacks can delay communication and control signals, leading to reduced responsiveness and potentially hazardous situations. When a networked robotic system is under a DoS attack, the robots may struggle to perform their tasks efficiently. This can lead to a decrease in overall system performance. False data injection (FDI) attacks are implemented by injecting false data into the sensory

4

1 Introduction

Typical Attack Type Security Classifications

Attack Effects

Network Availability

Information interruption or unavailable

Data Integrity

Information Confidentiality

DoS Attacks

Black Hole Attack

Fake Data Injection Attack

Replay Attack

Witch Attack

Wormhole Attack

…

Obstruct or delayed communication

∗

∗

-

-

∗

-

…

Received false data or control commands

Illegally tampering or injecting wrong data

-

-

∗

∗

∗

∗

…

Disclosure and illegal use of confidential information

Listen or decipher codes

-

-

-

-

-

∗

…

Attack Methods

Remark: ∗ means the corresponding property is destroyed, - means not available.

Fig. 1.3 Some typical cyberattacks and their characteristics

inputs of robots. This can include false sensor readings, incorrect GPS coordinates, or manipulated image data [10]. As a result, the robot may make incorrect decisions based on this fake information. In addition, fake data can lead to the misalignment of robot actions with the actual environment. This can result in inefficient task execution, navigation errors, and impaired performance. It is worth noting that replay attacks can be regarded as special FDI attacks. In a replay attack, an attacker records and replays previously transmitted data or control commands. This can result in the repetition of actions, which may not be appropriate or safe in the current context [11]. If a replay attack is used to replay valid commands or credentials, an attacker can potentially gain unauthorized access to the robotic system or its network, compromising its security. Such attacks that change robot behavior by tampering with data or authorization can generally be summarized as malicious node attacks or called adversarial node attacks. Some other typical attacks include black hole, witch, and wormhole attacks. Cyberattacks can have significant and potentially detrimental impacts on networked robotic systems. However, existing research methods generally focus on how to realize the networking and stable cooperative control of networked robotic systems [12], ignoring the networking risk, especially the security of the control system. Due to the above remarkable features, the security challenges and requirements faced by networked robotic systems are unique and different from traditional IT network security. According to the security definition in the IT field, the three main elements are availability, integrity, and confidentiality [13], which is shown in Fig. 1.4. It is worth noting that the security goal of traditional IT information security follows the “CIA” principle, which is to give priority to confidentiality, followed by information integrity and finally availability, while the security requirements of the networked robotic systems are opposite, namely, the security goal of networked robotic systems follows the “AIC” principle, which is specifically given as follows: Availability: Ensure that all resources and information are available and any information in the network can be accessed by 100% authorized parties through reasonable means at all times. Even if there are emergencies (such as accidents

1.1 Introduction to Networked Robotic Systems

5

Cyber Security

Availability Ensure systems work promptly for their intended use and service is not denied to authorized users.

Fig. 1.4 Three main elements of network security

of some parts, faults, attacks, etc.), the control center or robotic can still obtain the required information. The easiest way to destroy “availability” is to take advantage of the vulnerability of the underwater acoustic communication network to interrupt data transmission, such as denial-of-service (DoS) attacks, resulting in a waste of resources and affecting the normal operation of the system. Integrity: Ensure that all data or information is complete and correct and any unauthorized data modification method shall not modify or destroy the transmitted data (including rewriting, deleting, adding, replacing, etc.). The loss of “integrity” means that some robots will consider the wrong data received as correct, which makes it difficult to use traditional detection technology to detect attack behavior during the process of sending and receiving information and then make wrong control decisions for robots. Confidentiality: Ensure that access to information is limited to authorized users or organizations, and any access through illegal channels should be detected and blocked. The destruction of “confidentiality” will cause information leakage, and there is a threat that important information (such as user privacy, property rights information, etc.) will be used by illegal elements. According to the attributes and importance of security goals for networked robotic systems, the attack behaviors aimed at destroying network availability, data integrity, and information confidentiality. Due to the specific characteristics

6

1 Introduction

stated above, the security challenges and requirements faced by networked robotic systems are unique [14]. To mitigate the impact of these attacks on networked robotic systems, several security measures should be implemented. From a communication perspective, employing cryptographic techniques to authenticate data and ensuring its integrity can help guarantee that the data is not tampered with during transmission. The main advantage of this method is to ensure data integrity and confidentiality, which is efficient in network security protection of traditional IT systems. Thus, researchers turn to the perspective of control theory to seek secure coordination design methods of networked robotic systems. To go against DoS attacks and malicious node attacks faced by networked robot systems, effective methods can be employed from the perspectives of both continuous-time control and event-triggered control, where the latter one takes into account the impact of limited communication bandwidth and is of course more complex. Next, a brief overview of the network security issues in networked robotic systems is presented from a control theory perspective.

1.2 Secure Cooperative Control of Networked Robotic Systems The collective behaviors observed in animal groups, such as swarms of bees, birds, and fish, have inspired scientists and engineers to explore multi-agent systems (MAS). Cooperative control in MAS has diverse applications, including autonomous underwater vehicles (AUVs), unmanned aerial vehicles (UAVs), mobile robots, and satellite clusters. Although these applications share some common features, different cooperative control application scenarios also pose both specific practical and theoretical challenges. In the context of networked robotic systems, a system of systems requires communication among its components while facing limitations and constraints on communication channel bandwidth. By using wireless communication, three control configurations, namely, centralized, decentralized, and distributed configurations, are proposed to achieve coordination of networked robotic systems [15], which can be seen in Fig. 1.5. In a centralized configuration, a dominant central unit assumes the responsibility of decision-making and communication among the robots. This central unit possesses the capability to optimize robot coordination, handle individual robot faults, and monitor mission progress. However, a potential drawback of this approach is that any fault or attack that happened in the central unit could result in a complete system failure. Additionally, a centralized configuration presents other challenges such as the need for a more intricate controller design when different robot dynamics are involved in the network, as well as the complexities associated with task allocation and measurement. In a decentralized configuration, an individual robot can communicate and share information, but each is assigned specific tasks to contribute to the overall mission. The decentralized configuration offers several advantages,

1.2 Secure Cooperative Control of Networked Robotic Systems

(a) A centralized control configuration Sensor node

(b) A decentralized control configuration Actuator node

Controller node

A Communication Network

7

(c) A distributed control configuration Communication links

Controller neighboring area

Fig. 1.5 Three control configurations for coordination of networked robotic systems

including resilience against the failure of a single robot, enhanced system stability, improved adherence to time constraints for applications, reduced communication load, and decreased computational power requirements for the robots. Since the robots in networked systems typically rely on local information, they inevitably lack awareness of information about neighboring robots when formulating solutions [16, 17]. Consequently, a distributed configuration becomes the most viable and practical option, as it offers lower complexity and utilizes fewer network resources compared to a centralized architecture. In addition, the distributed one also proves more effective than a decentralized one due to the exchange of information among neighboring robots [17]. Although the distributed control configuration brings a certain robustness to single-point failure, how to ensure resilience to cyberattacks for networked robotic systems remains challenging. Next, a brief overview on secure time-triggered cooperative control of robots is presented. Then considering the limited bandwidth constraints, secure eventtriggered cooperative control of robots is reviewed. These two control schemes are shown in Fig. 1.6.

1.2.1 Secure Time-Triggered Cooperative Control of Robots Time-triggered cooperative control for networked robotic systems, in which the control signal is constructed by using time-dependent communication and/or measured information, has seen significant advancements in recent years with the development of distributed multi-agent systems and sensor networks. The cooperative control problem of networked robotic systems generally includes synchronization/consensus [18, 19], rendezvous [18, 20], formation [21, 22], flocking problem [23, 24], etc. These control objectives have the potential to perform complex tasks

8

1 Introduction

Sensor

Controller/ Filter

Sampler

Time-triggered sampling

Timer/Clock

Robots

Sensor

Store

Sampler

Event-triggered sampling

Controller/ Filter

Timer/Clock

Fig. 1.6 Time-triggered vs. event-triggered control for a robot

in uncertain and unsafe environments that are difficult or impossible for humans to accomplish. In this subsection, we no longer distinguish these specific goals but instead focus on reviewing the basic secure cooperative control methods. How to achieve secure cooperative control of networked robotic systems is a practical and important yet challenging issue that has been taken into limited consideration by existing approaches. Research interest in the subject of resilient control design has recently seen significant growth, although it is relatively new in the field. This surge in interest can be attributed partly to the extensive studies on multi-agent coordination conducted over the past two decades. These studies provide a foundation that can be further expanded to address security concerns. The research in this area has also fostered interdisciplinary collaboration, particularly with computer science, which has a rich history of exploring security against faults in distributed algorithms. In this book, we present several secure coordination control design methods for networked robotic systems to against various cyberattacks. Although this topic is broad, we mainly focus on two types of attacks: DoS and adversarial node attacks [25, 26]. DoS attacks, which can be categorized as jamming or DoS attacks, disrupt communication over networks temporarily. These attacks are relatively simple to execute and require minimal information about the agent systems. For instance, malicious routers in communication networks may intentionally discard the control and communication data, or an attacker can block transmissions by emitting strong interference signals. Adversarial node attacks occur when some robots are completely manipulated by adversaries to compromise the coordination objective. These can result from faulty devices or adversaries present in the network emitting unwanted packets. These malicious robots deviate from the prescribed algorithms and may even attempt to prevent non-faulty robots from reaching coordination. In what follows, consensus-based coordination for networked robotic systems under these types of attacks will be discussed.

1.2 Secure Cooperative Control of Networked Robotic Systems

9

DoS attacks are relatively simple to implement and have obvious effects and thus have become one of the most widespread attack methods. Generally, there are two main methods for modeling DoS attacks: stochastic model and frequency- and duration-constrained model. The stochastic model of the DoS attacks could be either the Bernoulli model [27, 28] or the Markov model [29]. Define .zji (t) as the original data in channel .(i, j ) at time t and .z˜ ji (t) as the data received by node j from the channel; then, the stochastic model of the DoS attacks can be described by z˜ ji (t) = α ij (t)zji (t),

(1.1)

.

where .α ij (t) = {0, 1} is an index parameter to indicate whether an attack occurred. When the DoS occurs at time t, .α ij (t) = 0; otherwise, .α ij (t) = 1. In a Bernoulli model, the DoS attacks are modeled as packet dropouts/losses in the channel and follow a priori probability distribution. That is, the stochastic variable .α ij (t) satisfies the following Bernoulli distribution: .

{ } Prob α ij (t) = 1 = α¯ ij ,

{ } Prob α ij (t) = 0 = 1 − α¯ ij ,

(1.2)

with .α¯ ij ∈ (0, 1). In light of this assumption, the authors in [28] delve into the problem of robust output consensus under DoS attacks for linear multiagent systems (MASs) while considering aperiodic sampling. Then the results are extended to address the secure sampled-data consensus problem under DoS attacks for a class of nonlinear MASs in [30]. Similarly, the DoS attacks can also be modeled by a Markov model. By assuming that a DoS attack occurs on the channel or does not satisfy Markov switching, the whole network under DoS attacks can be considered as a time-varying switching topology. In this case, a Markov process .r(t) = {1, 2, · · · , s} can be used to describe the stochastic switching of the communication network under DoS attacks, where the switching probability is given by ⎧ .

Prob{r(t + h) = q | r(t) = p} =

γ pq h + o(h),

p /= q

1 + γ pq h + o(h), p = q

(1.3)

where .r(t) is the switching signal, .γ Gp,q ≥ 0 is the transition rate from graph .Gp to .Gq if .p /= q, and .o(h) denotes an infinitesimal of higher order than h, i.e., .limh→0 o(h)/ h = 0. Then the communication network under DoS attacks can be modeled by a finite set .Gr(t) = {G1 , G2 , · · · , Gs } including all possible topologies. By using the Markov DoS model, several secure coordination control algorithms are proposed for general linear systems [31–35] with some other constraints. It is worth noting that the stochastic model of DoS attacks requires prior knowledge of its probability distribution, which is difficult, if not impossible, to obtain. By exploring the normal and blocked interval of the communication channel, the frequency- and duration-constrained model of DoS attacks is proposed, which is more widely used. This model assumes that the attacker’s energy is limited,

10

1 Introduction

which naturally leads that the frequency and duration of DoS attacks are bounded. Specifically, define .{hn }n∈N0 with .h0 ≥ 0 as the attack on/off transition sequence, namely, the time instants of the communication channel between normal and blocked. Then the nth DoS time interval with length .τ n ≥ 0 is given by Dn  {hn }

U

.

[hn + τ n ) .

(1.4)

If .τ n = 0, the nth DoS attack interval degenerates into a pulse at .t = hn . Now the set of channels that are under DoS attacks at time .t ∈ [t1 , t2 ] is defined as .T (t) = {(i, j ) ∈ E|t ∈ D(i,j ) (0, ∞)}. Then the set of channels that are not attacked can be expressed as .T¯ = E\T (t). Then the continuous-time information transmission over channel .(i, j ) given by .z˜ ji (t) = .α ij zji (t) with ⎧ α ij (t) =

U

0

if t ∈

1

otherwise.

.

n Dn &(i, j )

∈ T (t)

(1.5)

in which .α ij (t) = 0 means the channel is blocked by the DoS attacks. As mentioned above, since the attacker’s energy is usually limited, the assumptions on the frequency and duration of DoS attacks are given as follows [36]. Assumption 1.1 (DoS Frequency [36]) For .t ≥ 0, there exist positive scalars η1 ≥ 0 and .τ > 0 such that

.

n(0, t) ≤ η1 +

.

t , τ

(1.6)

where .n(0, t) denotes the number of DoS occurring. Assumption 1.2 (DoS Duration [36]) For .t ≥ 0, there exist positive scalars .η2 ≥ 0 and .T > 0 such that |Ξ (0, t)| ≤ η2 +

.

where .Ξ (0, t) =

U

n∈N+

t , T

(1.7)

Dn ∩ [0, t].

Note that these two assumptions are used for the entire network. That is, all receivers and senders share the same communication channel. When a DoS occurs, all receivers and senders are affected simultaneously. Under these two assumptions, some remarkable results are obtained, and several secure control schemes are designed for linear systems [36–39] and nonlinear systems [40, 41]. In fact, this is contrary to the distributed structure of the networked robotic systems. Therefore, the following distributed DoS (DDoS) model is proposed. DDoS means different channels are affected by different attackers [42], as shown in Fig. 1.7. Therefore, for different channels, the attack duration and frequency

1.2 Secure Cooperative Control of Networked Robotic Systems

11 DoS Attacker 2

DoS Attacker

DoS Attacker 3

DoS Attacker 1

Fig. 1.7 DoS vs DDoS in networked robotic systems

{ } ij need to be redefined. Define . hn

ij

n∈N0

with .h0 ≥ 0 as the DoS on/off transition

sequence associated with link .(i, j ); then the nth DoS time interval with length τ n ≥ 0 associated with channel .(i, j ) is given by

.

{ } ┌ ⎞ ij ij ij ij Dn  hn ∪ hn + τ n .

(1.8)

.

Similarly, the nth DoS attack interval degenerates into a pulse at .t = hn when τ n = 0. Then ⎛ ⎞the continuous-time ⎛ ⎞ ⎛ ⎞information transmission over channel .(i, j ) ij ij ij i given by .z˜ j tk = α ij tk zji tk with

.

⎧ ⎛ ⎞ 0 ij .α ij t = k 1

ij

if tk ∈

U

n∈N+

otherwise

ij

Dn

(1.9)

ij

where .tk is the{latest } transmission instant over channel .(i, j ) before time t, and the ij

time sequence . tk

k∈N+

is determined by some prescribed rules. Then the DDoS

satisfied the following assumption. Assumption 1.3 (DoS Duration and Frequency [36]) For .t ≥ t0 , there exist positive scalars .ζ ij , .Tij , .ξ ij , and .π ij for channel .(i, j ) ∈ E such that .

| | |Dij (t0 , t)| ≤ ζ ij + t − t0 , . Tij

(1.10)

t − t0 , π ij

(1.11)

nij (t0 , t) ≤ ξ ij +

where .Dij (t0 , t) is the set of time intervals in which the DoS attacks are active for channel .(i, j ) ∈ E and .nij (t0 , t) is the DoS attack frequency occurring on channel .(i, j ) ∈ E over .[t0 , t).

12

1 Introduction

Under such an assumption, the time intervals .ΞT (t1 , t2 ) over .[t1 , t2 ] that the channels indexed by .T (t) ⊆ E and .T¯ (t) ⊆ E can be written as ΞT (t1 , t2 ) = (∩(i,j )∈T Dij (t1 , t2 ))

.

∩ (∩(i,j )∈T¯ D˘ ij (t1 , t2 )),

(1.12)

where .D˘ ij (t1 , t2 ) = [t1 , t2 ]\D(i,j ) (t1 , t2 ). Note that the time interval .ΞT (t1 , t2 ) is corresponding to different attack modes. Since graph .G is directed, from .T (t) = ∅ to .T (t) = E, there are .2|E | different attack modes. Then the time interval .[t1 , t2 ] is partitioned into .2|E | subintervals .ΞT (t1 , t2 ). By assuming the DDoS attacks satisfy this assumption, different secure control methods are proposed based on multichannel transmission frameworks to mitigate the impact of DDoS attacks on the control performances [43–46]. To sum up, to address the secure coordination control problem under DoS attacks, the current effective control approaches are summarized in Fig. 1.8. These methods are coupled with different system dynamics and communication constraints to achieve coordination, provided that the attack frequency and duration are appropriately restricted. The conservativeness of the resulting consensus depends on factors such as the accuracy and complexity of the system dynamics, e.g., nonlinear robotic system model, and the sensitivity of the secure control mechanism. Adversarial node attacks is one of the most important attack types besides DoS attacks, which may originate from FDI attack, replay attack, actuator attack, etc. Imagine a group of robots, and consider the scenario where an attacker possesses prior knowledge of multiple robots within this swarm. They persistently transmit inaccurate navigation data via these compromised robots to neighboring robotic groups. The inevitable result is a significant deviation from the originally intended path for the entire robot group, potentially leading to catastrophic collisions due to a lack of synchronization among the individual robots. In this context, we refer to these continuously hostile robots as adversarial nodes. The challenge faced by the system in attaining unanimous agreement on various state variables within this environment is known as secure consensus.

Secure control approaches of DoS Attack

Stochastic time delay system approach

Impulsive system approach

Small gain system approach

Triggering system approach

Game theory approach

Fig. 1.8 Secure control approaches for networked robotic systems under DoS attacks

1.2 Secure Cooperative Control of Networked Robotic Systems

13

Since the adversarial nodes aim to destroy the coordination objective, the nodes are divided into two parts, healthy ones and adversarial ones, which are denoted by .R and .A with .V = A ∪ R. The healthy nodes in .R will act by following the given control input, while the adversarial nodes in .A are often out of control and may arbitrarily update their states or control signals. In current research, it is generally assumed that a malicious node is omniscient, that is, it can access any global information. In addition, the elements in .A are generally considered as constant and can be chosen arbitrarily, but the number is constrained. Adversarial nodes are completely manipulated by adversaries to compromise the security of networked robotic systems, whose possible behavior patterns can be summarized as follows [47]: • A malicious robot updates its state according to a trajectory carefully planned by adversaries arbitrarily to disrupt the coordination process of healthy ones. It sends incorrect but consistent values to all robots in the communication network. • A Byzantine robot can update its own state arbitrarily and transmits inconsistent state or output to different out-neighbors. This model is widely used to model the adversarial node attacks, such as [5, 7, 8, 11, 12, 47]. Due to the extensive usage of cooperative algorithms in safetycritical systems, extensive research is prompted into the challenge of achieving secure consensus with adversarial nodes. This research has continued for several decades and is dedicated to attaining agreement among the healthy nodes while minimizing the impact of network disruptions. As part of this endeavor, various studies have proposed methods for detecting and isolating malicious nodes within the swarm. For instance, a system-theoretic approach is used to analyze and characterize the resilience of networked linear systems in [48], which derives the conclusion that the network connectivity is critical to adversarial node attack detection and identification. The number of adversarial nodes specifies the power of attacks. As mentioned above, to achieve secure coordination, the number of nodes under attack is usually constrained, which is often described using the following definition. Definition 1.1 (f -total and f -local attack [47]) If there are at most f adversarial agents in a communication network, i.e., .|F|⨅≤ f , then the network is said to be under an f -total attack. Furthermore, if .|Ni F| ≤ f for any agent i, then the system is said to be under an f -local attack. To design a secure control mechanism, it is crucial to make assumptions about the capabilities of potential adversaries. Although determining the exact limit (i.e., the value of F or f ) may be challenging in practice, estimates can be made based on past data and experience. Additionally, to ensure a higher level of security, the security margins can be added as a precautionary measure. By using this adversarial node model, each robot independently makes decisions and updates control information using the anonymous information of its neighbors. A significant distinction arises as some of these neighboring robots might be adversarial, and this classification is determined by the assumed model. However, normal robots lack

14

1 Introduction

the means to identify which neighbors are malicious. Generally, there are two ways to deal with such a type of cyberattack. The first one is to design an observer or estimator to identify the attacked node for isolation, such as the results in [49–52]. The main principle in these ideas is to reconstruct the system states by designing appropriate observers or estimators to determine whether there is an attacked node [53, 54]. Another method is similar to the idea of fault-tolerant control, where the closed-loop system has a certain tolerance for malicious nodes by designing secure cooperative control algorithms. The core of most of these algorithms is to ignore suspicious values and use relatively reliable information to build the algorithms. This idea can be traced back to the 1990s, when a secure consensus protocol was proposed for a complete network with malicious nodes in [55]. To ensure that the normal nodes make updates based on trustworthy information, they employ a strategy of selecting values that do not deviate excessively from their own during updates. This means that outlier values will be disregarded and excluded from the received data at each iteration. Since then, this idea has inspired a series of secure coordination methods, collectively referred to as the mean-subsequence reduced (MSR) algorithm [56–58]. Taking the discrete-time first-order consensus network as an example, the details of the algorithm can be seen in Algorithm 1. In Algorithm 1, the assumption that there are at most f -total/local malicious nodes in the network is used. The MSR algorithm achieves this by selecting updating values from a restricted range defined by upper and lower bounds or, alternatively, discarding the F largest or smallest incoming values. The primary objective of this algorithm is to ensure that the final agreement remains within the range of minimum and maximum initial values set by the normal agents. Nonetheless, there is a drawback in the original algorithm, as the fixed bounds of MSR might lead to the loss of valuable information during the updating process. To overcome this limitation, researchers in [47] introduced an enhanced version called the weighted mean subsequence reduced (W-MSR) algorithm. Unlike its predecessor, W-MSR selectively removes suspicious values that deviate significantly from the current state value of its own, thereby preserving crucial data throughout the update procedure. As introduced in [47], the implementation of W-MSR requires a close coupling in graph structure. To characterize this general network structure, the concept of network robustness is proposed and used for the resilience analysis of consensus networks. In [59], an MSR-based private opinion formation model is proposed that enables healthy nodes to reach consensus while safeguarding their individual opinions from potential eavesdropping by outliers. In [60], MSRbased event-triggered and self-triggered secure algorithms are designed for an asynchronous clock consensus network. Note that these mentioned MSR-based algorithms all focus on the scalar network, which is in contrast to networks where system states are multidimensional vectors. In a scalar network, the final consensus value can be ensued to converge to the interval limited by the minimum and maximum values of healthy nodes’ initial states. Intuitively, MSR-like methods cannot be directly used in multidimensional vector networks, which also makes it difficult to be used in cooperative control of networked robotic systems. To make up for this shortcoming, research efforts

1.2 Secure Cooperative Control of Networked Robotic Systems

15

Algorithm 1: Classical MSR algorithm Input: Current time step k, set of normal nodes R, in-neighbors set Ni , out-neighbors set Ni , and the number of suspicious values F 1 Step 1: Interaction with neighbors 2 for i ∈ R do 3 Broadcast xi (k) to out-neighbors; 4 Receive values xj (k), j ∈ Ni from in-neighbors; 5 Sort values xj (k) and xi (k) from largest to smallest; 6 end 7 Step 2: Deleting suspicious values 8 for i ∈ R do 9 Remove the F largest and F smallest values from neighbors compared to

xi (k); if number of values larger or smaller than xi (k) is less than F then Remove all of them; end Record the indices of the remaining values as Mi (k) ⊂ Ni ; 14 end

10 11 12 13

15 Step 3: Local update 16 for i ∈ R do 17 Compute the local update for node i as follows: 18

xi (k + 1) = xi (k) +

Σ

( ) aij (k) xj (k) − xi (k) .

(1.13)

j ∈Mi (k)

19 end

have focused on broadening the applicability of the MSR algorithm to encompass n-dimensional spaces with .n ≥ 1 [61–69]. By designing secure cooperative algorithms, the states of healthy nodes enable to reach consensus within the convex hull defined by their initial states. The common feature of these algorithms is that each healthy node tries to find a resilient convex combination such that the consensus value converges to a point within the convex hull spanned by its healthy neighbors’ states iteratively. This point is usually obtained in each iteration by calculating either the Tverberg points or the intersection of multiple convex sets. However, how to calculate this point is complex and costly [70].

16

1 Introduction

1.2.2 Secure Event-Triggered Cooperative Control of Robots Networked robotic system control is closely intertwined with communication systems, control science, information technology, the Internet of things, and related domains, but its widespread application is constrained by limited network bandwidth. The event-triggering mechanism offers a promising approach to enhance the feasibility of implementing network control systems. The concept of an eventtriggered control (ETC) was initially introduced in [71, 72] and later adopted in various applications, such as networked control systems [73–75], multi-agent systems [72, 76, 77], and cyber-physical systems [78–80]. Both event-triggered control and communication (ETC) technologies have a wide range of applications and advantages. ETC is an event-based control strategy, where the controller and communication signals are updated when the triggering condition is violated. The event-triggered control and communication scheme for networked robotic systems is shown in Fig. 1.9. Compared with the traditional continuous-time and periodic control strategy, ETC approaches can reduce the calculation and communication overhead of the system and improve the stability and control precision of the system [75]. It’s worth noting that event-triggered mechanisms necessitate additional considerations to prevent Zeno behavior – a situation characterized by an infinite triggering occurring in a fraction of time. In networked robotic systems, due to factors such as communication bandwidth and

On-board sensors

Guidance

Reference Coordination ordination ontrol law control

Attitu t de Attitude control law Event triggering condition

Robot 1 Adversarial node attacks

Wireless ss communication comm munication

DoS attacks oS attack ks ordination Coordination control ontrol law

Event triggering condition

Robot i Attitu t de Attitude control law

On-board sensors

Fig. 1.9 Event-triggered control and communication scheme for networked robotic systems

1.2 Secure Cooperative Control of Networked Robotic Systems

17

energy constraints, event-triggered control can better adapt to the special needs of uncertain environments, especially for special robots such as networked AUV systems [81–83]. Specifically, the application of traditional wireless electromagnetic wave communication technology in an underwater environment is greatly limited. Acoustic communication technology can realize data transmission through underwater sound propagation and has the advantages of long transmission distance and strong anti-interference ability. The ETC approach can greatly reduce the number of transmission times and the energy required for communication and thus improving the energy efficiency of the robotic system. At the same time, this approach can also reduce the effects of communication delay, reduce data redundancy, and improve communication efficiency [6]. Given these advantages, ETC is widely used in the coordination control design of networked robotic systems [6, 81, 84, 85]. On the other hand, in addition to saving communication bandwidth and computing resources for the networked robotic systems, ETC methods can weaken the impacts of cyberattacks to some extent. Specifically, ETC can greatly reduce the number of transmission times, thereby reducing the risk of DoS attacks and some kinds of data manipulating attacks. In addition, the triggering condition in an ETC framework is not easy to predict by the attackers, which can increase the injection difficulties of the attacker. Thus ETC strategy is also widely used to against the DoS and malicious node attacks in networked control systems. Note that when the communication channels suffer from DoS attacks, there is a risk that the intended data may not reach its destination. To address the combined challenges of intermittent triggering and the loss of data due to cyberattacks, efforts have been made to construct secure triggering rules against the effects of the DoS attacks [36, 86–88]. For example, the authors in [36] proposed a resilient control strategy for networked control system under DoS attacks that satisfy Assumptions 1.1 and 1.2. The switching system approach is used, and asymptotic stability of the closed-loop system is achieved. Then, this approach is extended to the situation where multiple channels suffer from DDoS attacks that satisfy Assumption 1.3 [86]. Note that this kind of secure control design method based on switching system control theory divides the system dynamics into different operating modes, that is, different communication links under DoS attacks correspond to different modes. For example, in a networked system with n communication links, there are at most .2n operating modes. Thereby using the common Lyapunov function method to design a secure controller, the stability conditions are given based on the average dwell time, which is also related to the frequency and duration of DoS. In [88], a resilient event-triggered coordination controller is proposed for linear multi-agent systems under a simple DoS attack model, where the attack occurs periodically and the maximum duration is known in advance and constant. Similar assumptions on the DoS attack are also used in [89]. When dealing with periodic DoS attacks, it is usually required that the end time of the attack is detectable and that the latest updated state remains unchanged during the attack interval. In addition to keeping the original state unchanged within the DoS attack interval, a prediction mechanism can also be added to the resilient control design. That is, by designing

18

1 Introduction

an observer or estimator to predict the normal state evolution of the system without DoS attacks. For example, an observer-based resilient ETC scheme is proposed for linear multi-agent systems in [37], in which Assumptions 1.1 and 1.2 on the DoS attacks are used. In this chapter, an estimation of the system state from the observer is used to replace the real state during the DoS durations. In [90], an eventtriggered resilient consensus controller is designed for networked robotic systems under synchronous DoS attacks, where the controller maintains the last successfully updated state. In addition, dynamic event-triggered control methods (DETC) are also used to solve security collaboration problems for networked control systems in the presence of DoS attacks. In the DECT, the triggering condition is jointly determined by the system error and an error-dependent auxiliary system. The advantage of the DETC is that it can achieve higher resource utilization efficiency than the traditional ETC mechanism and meet more flexible system design requirements. Note that traditional ETC essentially achieves higher resource utilization efficiency by sacrificing real-time system control performance. This feature is more significant in the DETC, which typically results in more infrequent data sampling and/or data transfer than traditional ETC. Therefore, it is not difficult to imagine that most DETCs may sacrifice more real-time control performance. But fewer control updates or data transmission means lower network security risks, so this approach is also an effective means against DoS attacks. For example, a secure model-based DETC method is proposed for linear CPSs under DoS attacks, where a predictor is embedded into the control scheme in [91]. In [92], an observer-based DET communication scheme is proposed for a linear networked control system (NCS) under aperiodic DoS attacks, where a switching observer is carefully designed such that the full-state information can be reconstructed during the DoS duration. It can be seen that by modeling the DoS attacks as an interval and frequency signal that satisfies Assumptions 1.1, 1.2, and 1.3, this is an effective method to use the predicted value of the observer or estimator to replace the real state during the DoS attack interval. Compared with ETC and DETC, self-triggered control (STC) is an active control method. The principle of STC is inherited from event-triggered control. In ETC and STC, if the triggering condition violated is detected in real time, then it decides whether the control is updated or the information is transmitted. But this method is more time-consuming. STC requires predicting the next moment that the control will be executed, rather than detecting it at each step like timetriggered control. Note that there are natural advantages to against DoS attacks that satisfy Assumptions 1.1, 1.2, and 1.3 by using STC scheme in coordination control problem. As mentioned above, the way that signals are updated depends on the prediction mechanism in an STC. This remarkable feature of the STC scheme can ensure the coordination of networked systems without using any global information on the connectivity and clock synchronization information [93]. For example, a self-triggered consensus control strategy is proposed for first-order CPSs to against communication failures caused by DoS attacks in [94], where the STC condition depends on the DoS attack frequency and duration. In [88], an ETC scheme is

1.3 Research Challenges and Contributions of This Book

19

proposed for linear multi-agent systems under DoS attacks. Then to further save resource consumption on event detection in ETC, a secure STC scheme is designed to guarantee the leader-follower coordination. It is worth noting that the methods to handle DoS attacks shown in Fig. 1.8 all have their corresponding event-triggered versions. These methods can effectively deal with DoS attacks as long as the frequency and duration meet some given conditions, such as Assumptions 1.1, 1.2, and 1.3. In other words, if these conditions are not met, these control methods fail. Moreover, these control strategies are sensitive to the behavior of attackers. Once the frequency and duration of DoS attacks change, the security control strategies generally need to be redesigned. Similarly, the ETC approach is also used to design secure control strategies against the malicious node attacks in network systems [95, 95–97, 97–99]. Unlike the abovementioned secure algorithms against adversarial node attacks under timetriggered communication, these methods can be used to handle the case that the communication is intermittent. Currently, there are few secure coordination control results for networked robotic systems. The main gap is that as a typical nonlinear system, the secure coordination control of networked robotic systems in an uncertain environment is complex and difficult. From the perspective of system dynamics, the secure control algorithms can be used to solve the security collaborative problems of first-order networks [47, 61, 62, 100–104], second-order networks [105–107], and general linear networks [95, 95–97, 108, 109], respectively. However, these algorithms cannot be directly used to solve the secure coordination control problem of nonlinear networked robotic systems. One potential solution is to model robotic as a second-order system [110, 111] or a general linear system [112, 113] through feedback linearization technology such that some of the above methods can be directly applied, but the feedback linearization technology requires an accurate mathematical model and is usually less robust. Another way is to design a specialized secure controller for nonlinear robotic systems, which is the approach used in this book.

1.3 Research Challenges and Contributions of This Book This book aims to investigate the secure coordinated control theory and method for networked robotic systems with multi-source cyberattacks. To this end, the following gaps need to be overcome. Firstly, the nonlinear model of networked robot systems makes the design of security collaborative control more urgent and difficult [114]. Different from the general CPS system, which is modeled by a linear system, the complex nonlinear dynamic model of networked robotic systems makes the controller design usually complicated, which is usually accompanied by physical constraints, such as uncertain system parameters and external disturbances. When considering the impact of cyberattacks, which may coupled with these physical constraints, secure control design is more difficult. Secondly, current security col-

20

1 Introduction

laborative control methods generally rely on the parameters of cyberattacks. Most of the existing security control methods generally model the cyberattacks as external interference or system uncertainties, etc., thereby utilizing existing robust control and other methods for control design, which may make the stability of the closedloop system dependent on the parameters of cyberattacks, which are often carefully designed by attackers and are generally concealed and random, making them difficult to obtain in advance. In particular, some methods require solving linear matrix inequalities (LMI) that depend on the parameters of cyberattacks. Thirdly, limited communication bandwidth and computing resources prevent robotic systems from updating control or communication signals as desired against cyberattacks. Continuous-time security control methods require real-time updates of control or communication signals, which will undoubtedly waste a large amount of computing and communication resources. This is wasteful for some special networked robotic systems, such as networked AUV systems. Moreover, the limited communication bandwidth also prevents the robot system from updating information arbitrarily in real time. As an effective method that can save communication bandwidth and computing resources, event-triggered control methods have attracted much attention. A natural idea is how to design an event-triggered safe collaborative control method, which is undoubtedly difficult for complex networked robotic systems. In conclusion, exploring the theory and technology of secure collaborative control of networked robotic systems under cyberattacks is a forward-looking and challenging topic. To handle the additional difficulties that cyberattacks bring to the control design, a two-layer control framework is proposed in this book to describe the cooperative control problem of networked robotic systems, which is shown in Fig. 1.10. This framework is naturally consistent with the structure of the networked robotic systems, that is, it contains two parts, the cyber layer and the physical layer, which represent the two levels involved in coordinated control. The physical layer includes the dynamic model of a robot and feedback connections between the subsystems. Meanwhile, the cyber layer incorporates the communication network that facilitates information transmission among the robots, along with the feedback connection operator. This hierarchical control framework provides a uniform description of the cooperative control problem under different constraints. The physical layer represents the dynamics of the individual robots and the feedback connections between subsystems. It focuses on the physical behavior and control of the robots, considering factors such as motion planning, path following, obstacle avoidance, and coordinated behavior. The physical layer ensures that the robots can operate effectively and achieve their desired objectives. The cyber layer represents the communication network among the robots, which captures the information transmission relationships between them. The cyber layer deals with communication constraints and limitations, such as limited bandwidth, communication delays, and potential networking failures. It enables the exchange of information, coordination, and cooperation among the robots. The hierarchical framework described by the two-layer cyber-physical system also enables the integration of control algorithms, communication protocols, and

1.3 Research Challenges and Contributions of This Book

21

● Robot dynamics model: ● First-/second-/high-order integrator ● Linear/nonlinear system ● Continuous-/discrete-time system ● Physical-Layer Constraints: ● Holonomic and nonholonomic constraints ● Actuator saturation ● Uncertain system parameters ● Sensor/actuator attacks ● External disturbances

G

Cyber Layer

∫ Physical Layer

x wi

{xi , yi }

● Information Interaction Model: ● Undirected/directed topology ● Fixed/Switching topology ● Non-rigid/rigid connection

● Cyber-Layer Constraints: ● Time-varying communication delay ● Complex communication noise ● Limited communication bandwidth ● Multi-source cyber attack

Fig. 1.10 Hierarchical control framework of networked robotic systems under different constraints

network management strategies. By employing this framework, researchers and engineers can develop cooperative control strategies that consider both the physical behavior and communication aspects of networked robotic systems, which also provides a basis for addressing specific challenges related to security cooperative control as mentioned above. Overall, the hierarchical control framework for cooperative control of networked robotic systems offers a systematic approach to tackle the challenges and complexities involved in achieving effective coordination and cooperation among robots under cyberattacks. The structural relationship of chapters is depicted on Fig. 1.11.

22

1 Introduction

Time-Triggered Secure Control Chapter 2: Secure Coordination under DoS Attacks

Disturbances

Chapter 3: Secure Coordination with DoS Unknown attack parameters Attacks and Disturbances

No leader reference

Different attack signal

Chapter 9: Secure Coordination under Adversarial Node Attacks

Chapter 5: Secure Leaderless Coordination with Unknown DoS Attacks

Chapter 10: Conclusion and Future Research

Different attack signal and communication

Chapter 8: Self-Triggered Secure Coordination under DoS Attacks

Chapter 4: Secure Tracking with Unknown DoS Attacks

Intermittent communication

Reduce detection cost

Chapter 7: Dynamic Event-Triggered Secure Coordination under DoS Attacks

Further reduce updates

Chapter 6: Event-Triggered Secure Coordination under DoS Attacks

Event-Triggered Secure Control

Fig. 1.11 Structural relationship of chapters in this book

The first part of the book (Chaps. 2, 3, 4, 5, and 9) is devoted to the secure time-triggered coordination control for networked robotic systems. By using the novel hierarchical control framework, the physical constraints and the effects of the DoS attacks are decoupled. In Chap. 2, a novel aperiodic sampling control scheme is developed to achieve cooperative control of the networked robotic systems in the absence of DoS attacks. By using the multidimensional small gain techniques, sufficient conditions related to the duration and frequency of the DoS attacks are obtained in the form of algebraic inequality, which is easily solvable, instead of solving the complicated LMIs. Chapter 3 continues Chap. 2 to consider the impact of external disturbances, an adaptive controller with a sliding-mode-like mechanism, and a new auxiliary system is designed such that the secure cooperative control of networked robotic systems under the DoS attacks and external disturbances is guaranteed. Chapters 4 and 5 investigate the leader tracking and leadless consensus problem for networked robotic systems with unknown DoS attacks, where the parameters on the frequency and duration of the DoS attack signal are unknown. To achieve leader tracking for networked AUV systems, a predictor-based secure cooperative controller is designed, which can realize the secure tracking control of networked robotic systems independent of the duration and frequency of DoS attacks. Then Chap. 5 continues Chap. 4 to investigate the leaderless synchronization problem of networked robotic systems under DoS attacks. Compared with the results in Chap. 4, the method in this chapter does not require the prediction mechanism of the leader’s state and can handle sampled interaction data. Chapter 9 considers the secure cooperative control of networked robotic systems with malicious nodes, which may mislead the coordination process of robots. To this

1.4 Mathematical Preliminaries

23

end, a norm-based secure decision-making method is proposed, where a trustworthy reference is generated under the hierarchical framework. Then an adaptive secure cooperative controller is constructed to ensure the secure synchronization of the networked robotic systems. The second part of the book (Chaps. 6, 7, and 8) is devoted to the secure eventtriggered coordination control for networked robotic systems. It is worth noting that the communication bandwidth and computing resources of the wireless robotic network are usually limited; thus, we further consider the secure cooperative control problem of the networked robotic systems under DoS attacks based on eventtriggered communication in Chap. 6. The resilience analysis is presented for the event-based controller under DoS attacks. Some conditions associated with the DoS duration and frequency are proposed for the control parameters against the attacks. Chapter 7 further proposes a secure collaborative control method for networked robotic systems based on a dynamic event-triggered communication mechanism. Compared with the static event-triggered control method in Chap. 6, this chapter’s method can achieve higher resource utilization efficiency and more flexibility in system control design. Chapter 8 continues Chaps. 6 and 7 to further propose an event-triggered communication mechanism and a self-triggered secure cooperative control scheme under asynchronous DoS attacks for the networked robotic systems, so as to further save communication and computing resources. Finally, Chap. 10 presents some future research directions, including even-based secure coordination of networked robotic systems under multi-source cyberattacks, secure coordination of underwater distributed cyber-physical systems, and distributed source seeking control of networked robotic systems with unreliable communication.

1.4 Mathematical Preliminaries In this section, some mathematical notations and definitions used in this book are first given. Then the basic notations and definitions on graph theory that are used to model the communication network are presented. Finally, the stability theory and technical tools are given that will be used in control design and stability analysis.

1.4.1 Notations and Definitions Unless otherwise specified, this book uses the following notations and definitions: R, .R+ , and .Z+ represent sets of real numbers, positive real number, and positive integer, respectively; .Rn and .Rm×n represent n-dimensional real column vector spaces and .m × n-dimensional real matrix spaces, respectively. For a given matrix m×n , .AT represents its transpose. If .A ∈ Rm×n and .A = AT , then A .A ∈ R is a real symmetric matrix. .det(A) represents its determinant when A is a square .

24

1 Introduction

matrix. .Rank(A) represents the rank of a matrix A, which is the dimension of the vector space generated (or spanned) by the columns of matrix A; .Span(A) represents the space formed by the column vectors composed of elements in each column of the matrix A; .Null(A) represents the null space of A, that is, the set composed of all vectors x satisfying .Ax = 0, and .λmax (A) and .λmin (A) represent its largest and smallest eigenvalues, respectively. A matrix A is positive definite if T ∈ Rn , .A > 0, and .ρ(A) is the spectral radius of the matrix A. .1n = [1, 1, . . . , 1] T n .0n = [0, 0, . . . , 0] ∈ R , when the dimension of the vector is not explicitly given, we use .1 to represent a column vector with all elements of compatible dimensions being 1, and .0 to represent a column vector with all elements of compatible dimensions being 0: .In and .On represent .n × n dimensions Identity matrix and zero matrix. A continuous function .γ : R+ → R+ ∈ K if it is strictly increasing and satisfies .γ (0) = 0. A function .γ ∈ K is said to belong to .K∞ if .γ (s) → ∞ as .s → ∞. .K¯ = K ∪ O with .O is a zero function, .O(s) ≡ 0 for any .s ≥ 0. The following widely used lemma is given. Lemma 1.1 (Young’s Inequality) For positive constants m and n that satisfy . m1 + 1 n = 1, for all .m ∈ (1, ∞), the following inequality holds: |xy| ≤

.

1 m 1 n |x| + |y| , n m

(1.14)

where .x, y are constants. For the case that .m ∈ (0, 1), the following inequality holds: |xy| ≥

.

1 m 1 n |x| + |y| , m n

(1.15)

where the equality holds only for .|y| = |x|m−1 .

1.4.2 Algebraic Graph Theory 1.4.2.1

Basic Definitions on Graph Theory

Graph theory is widely used to describe the communication topology of network systems. These are the basic graph theory knowledge used in this book. More details can refer to [115–117]. Graph .G = (V, E) consists of a finite set of nodes .V = {1, . . . , N } and edges set .E ⊆ {(i, j ) : i, j ∈ V}. If .(i, j ) ∈ E, then i is called the parent node of this edge or node j , and j is the child node of this edge or node i. At this time, node i is called the adjacent node or neighbor of j . The neighbor set of node i is defined as .Ni = j : i, j ∈ E; thus, the number of the neighbors is given as .|Ni |. If in the graph .G, node i is the neighbor of node j implies that node j is also the neighbor of node i, that is, .(i, j ) ∈ E if and only if .(j, i) ∈ E, then .G is called an undirected graph; otherwise, .G is a directed graph. In graph .G, an edge of type

1.4 Mathematical Preliminaries

25

(i, i) is called a self-loop. In addition, if the edge connecting two nodes is more than one, these edges are called multiple edges. A graph without self-loops and multiple edges is called a simple graph. In this book, unless otherwise specified, a graph is always assumed to be a simple graph. For graph .G1 = (V1 , E1 ) , G2 = (V2 , E2 ), if .V2 ⊆ V1 , E2 ⊆ E1 , then it is called .G2 is a subgraph of .G1 . If .G2 is a subgraph of .G1 , and .V2 = V1 , then .G2 is said to be the spanning subgraph of .G1 . Any spanning subgraph of .G1 can be obtained by deleting several edges in .G1 . If .G2 is a subgraph of .G1 , and two nodes in .G2 are adjacent if and only if they are also adjacent in .G1 , then .G2 is said to be the induced subgraph .G1 . It is easy to know that any induced subgraph of .G1 can be obtained by deleting several nodes and all edges of these nodes in .G1 . In the graph .G, the directed path connecting nodes .vs and .vk (k > s) with length .k − s refers to a group of different node sequences .vs , vs+1 , . . . , vk , satisfy .(vs+i , vs+i+1 ) ∈ E, i = 0, . . . , k − s − 1. If there is a directed path between any pair of nodes in the directed graph .G, the directed graph is said to be strongly connected. A maximal strongly connected induced subgraph of a directed graph is called a strongly connected component. In a directed graph .G, if there is a node r such that there exists at least one directed path starting from the node r that can reach any node .c(c /= r), then the graph is said to be weakly connected. Directed tree is a special kind of directed graph, where the following properties hold: (1) It only contains a special node without a parent node, called the root node; (2) all other nodes have one and only one parent node; and (3) there is a path from the root node to any other node with directed path. The spanning tree of graph .G is a directed tree and itself is a spanning subgraph of .G. We say that the directed graph .G contains a spanning tree if its set of nodes and some subset of edges form a spanning tree. Clearly, a directed graph .G contains a spanning tree if and only if it is weakly connected. For an undirected graph .G, if there is a path between any pair of nodes, the undirected graph is said to be connected. It is easy to know that for an undirected graph .G, the definitions of connectivity and weak connectivity are equivalent. .

1.4.2.2

Basic Definitions and Properties on Laplacian Matrix

┌ ┐ For a simple graph .G = (V, E) with N nodes, its adjacency matrix .A = aij ∈ RN ×N is defined as: .aii = 0, i = 1, 2, . . . , N; aij = 1 if and only if .(j, i) ∈ E; otherwise, .aij = 0, where .i, j = 1, 2, . . . , N , and .i /= j . If the element .aij of the adjacency matrix is a general non-negative real number, it is called a weighted adjacency matrix, and the corresponding graph is called a weighted graph. In this case, .aij is called the edge weight of .(j, i). In this book, unless otherwise specified, ┐ .G is a weighted graph. The Laplacian matrix of graph .G is defined ┌ graph ΣN as .L = lij ∈ RN ×N with .lij = −aij , i, j = 1, 2, . . . , N, i /= j ; lii = j =1 aij , i = 1, 2, . . . , N. Obviously, if .G is an undirected graph, both its adjacency matrix .A and the Laplacian matrix .L are real symmetric matrices.

26

1 Introduction

For a directed graph .G, the out-degree .diout of node i is defined as the number of edges with node i as the parent node and the in-degree .diin as the number of edges with node i as ) The in-degree matrix of a directed graph .G is defined as ( a child node. in = diag d in , . . . , d in . Easy to know, Laplacian matrix of directed graph .G is .D N 1 defined as .L = Din − A. A graph is called a balanced graph if the out-degree and in-degree of all its nodes are equal. Obviously, an undirected graph is a special kind of balanced graph. In the field of networked systems, the adjacency matrix and the Laplacian matrix of the communication topology play an important role. The following lemmas on the basic properties of the Laplacian matrix of the graph are given. More details can also be found in [116]. Lemma 1.2 ([116]) The Laplacian matrix .L of a graph .G has at least one non-zero eigenvalue, the remaining non-zero eigenvalues have positive real parts, and zero is a simple eigenvalue of the Laplacian matrix L if and only if the graph .G contains a spanning tree. For any undirected graph .G, it contains a spanning tree if and only if it is connected. According to Lemma 1.2, zero is an eigenvalue of the matrix .L if and only if .G is connected. At this time, except for the zero eigenvalues, the rest of the eigenvalues of the matrix .L are all positive real numbers. Lemma 1.3 ([116]) If the directed graph .G is strongly connected, then there exists ┐ T ┌ Σ T a vector .ξ = ξ 1 , . . . , ξ N > 0, and . N i=1 ξ i = 1 such that .ξ L = 0, where .L ∈ N ×N R is the Laplacian matrix of graph .G. Further, if .G is an undirected connected graph, then .ξ = [1/N, . . . , 1/N]T . Definition 1.2 (Algebraic connectivity [116]) The algebraic connectivity of an undirected connected graph .G is defined as the second smallest eigenvalue .λ2 (L) T of its Laplacian matrix .L, where .λ2 (L) = minξ /=0,0, ξ T 1N = 0 ξ TLξ > 0.

ξ ξ

Definition 1.3 (Generalized algebraic connectivity [116]) The generalized algebraic connectivity .a(L) of a strongly connected directed graph .G is defined ( ) T^ ^ = (1/2) Ξ L + LT Ξ , Ξ = as: .a(L) = minx T ξ =0,x/=0 xx TLxx , where .L ) ┐ T ┌ ( Σ diag ξ 1 , . . . , ξ N , .ξ = ξ 1 , . . . , ξ N > 0, satisfy .ξ T L = 0, and . N i=1 ξ i = 1. Lemma 1.4 ([116]) Suppose .G is a strongly connected directed graph, then its Laplacian matrix .L has the following properties: 1. For any .t > 0, the matrix .exp (−Lt)  0 and its diagonal elements are all positive real numbers; 2. .limt→∞ exp (−Lt) = 1N)ξ T ; ( ⎞ ⎛ x T Ξ N L+LT Ξ N x Ξ N L+LT Ξ N ║x║2 , where .λ2 (·) is the second 3. .min1T x=0  λ 2 2 2 N smallest eigenvalue of the matrix .·, .Ξ N = diag(ξ 1 , . . . , ξ N ) is a diagonal matrix.

1.4 Mathematical Preliminaries

1.4.2.3

27

Basic Definitions and Properties on Graph Robustness

As mentioned in Sect. 1.2.1, when in the presence of the malicious nodes in networked robotic systems, a new property, the critical notion for network structures, called graph robustness, is hereby introduced to characterize the connectivity of the network. The definitions of graph robustness are the basis of the MSR algorithm. More details can be found in [47]. Lemma 1.5 (r-reachability [47]) For the graph .G = (V, E), let .V1 be a nonempty subset of the node set .V, .r ∈ Z+ . We say .V1 is r-reachable if there exists a node i in .V1 such that the cardinality of its neighbors outside .V1 is greater than or equal to r, i.e., .|Ni \V1 | ≥ r. Note that for a r-reachable node set .V1 , the condition that each node within the set possesses at least r neighbors holds. To ensure the resilience of the network, it demands more than just ensuring that each node has a sufficient number of neighbors. This is due to the unknown identities of potential adversaries within the network. Consequently, we must examine all possible patterns of adversary distribution in the network, leading us to a more intricate concept called rrobustness for graphs, which involves combinatorial aspects utilizing the notion of r-reachability. The formal definitions in [69] are given as follows. Definition 1.4 ([47]) For any disjoint and nonempty subsets .V1 , V2  V, the network .G = {V, E} is said to be r-robustness if at least one of the following statements holds: 1. .∃ .i ∈ V1 , s.t. node i has at least r neighbors outside .V1 , 2. .∃ .i ∈ V2 , s.t. node i has at least r neighbors outside .V2 . Definition 1.5 ([47]) For any disjoint and nonempty subsets .V1 , V2  V, the network .G = {V, E} is said to be (r,s)-robustness if at least one of the following statements holds: 1. .∀ .i ∈ V1 has at least r neighbors outside .V1 , 2. .∀ .i ∈ V2 has at least r neighbors outside .V2 , 3. There are no less than s nodes in .V1 ∪V2 , s.t. each of them has at least r neighbors outside the set it belongs to.

1.4.3 Stability Theory and Technical Tools In this subsection, some useful stability theory and technical tools for the proof and analysis of the closed-loop system are presented. More details can be found in [118]. Lyapunov stability is a classical concept used to analyze the stability of a dynamical system without considering external inputs. It is only concerned with the system’s behavior under its internal dynamics. According to Lyapunov’s direct method, a dynamical system is considered stable if, for every initial state within

28

1 Introduction

a specified region (e.g., a neighborhood of an equilibrium point), the trajectory of the system remains within that region over time. This means that the system’s state does not diverge but stays close to the equilibrium point or a desired trajectory. Specifically, consider the following nonlinear system: ˙ x(t) = f (x(t), t),

.

t ∈ [t0 , +∞) ,

(1.16)

where .x(t) ∈ Rn is the system state, .f : Rn × [t0 , +∞) → Rn is a vector function, n .t0 ∈ R. Suppose that f is continuous over .R × [t0 , +∞) and satisfies the Lipschitz condition for .x(t), then for any .x (t0 ) ∈ Rn , the solution of (1.16) exists and is unique. For simplicity, .x (t; x (t0 ) , t0 ), .t  t0 , is used to represent the solution of the system (1.16) starting from .x (t0 ). For system (1.16), if there exists .xe ∈ Rn satisfying x˙e = f (xe , t) ≡ 0,

.

t ∈ [t0 , +∞) ,

(1.17)

then .xe is an equilibrium point of the system. Here, this book always assumes that the system (1.16) has at least one equilibrium point. The following definitions for system stability are given. Definition 1.6 (Stability in Lyapunov Sense) The equilibrium point .xe of the system (1.16) is stable, which means that for any .ɛ > 0 and .t0 ∈ R, there always exists a .δ (ɛ, t0 ) > 0, such that for any .x(t0 ) ∈ Bδ(ɛ,t0 ) (xe ), with .x (t; x (t0 ) , t0 ) ∈ Bδ(ɛ,t0 ) (xe ). Definition 1.7 The equilibrium point .xe of the system (1.16) is attractive, which means that if for any .t0 ∈ R, there exists .η (t0 ) > 0, for any .ɛ > 0 and .x (t0 ) ∈ Bη(t0 ) (xe ), there is always a .T (t0 , ɛ, x (t0 )), so that for any .t > t0 + T (t0 , ɛ, x (t0 )), there is .x (t; x (t0 ) , t0 ) ∈ Bɛ (xe ). Definition 1.8 The equilibrium point .xe of the system (1.16) is globally attractive, which means that if for any .t0 ∈ R, .η > 0, ɛ > 0, and .x (t0 ) ∈ Bη (xe ), there is always a .T (t0 , η, x0 ), when .t > t0 +T (t0 , η, x0 ), there is .x (t; x (t0 ) , t0 ) ∈ Bɛ (xe ). Definition 1.9 The equilibrium point .xe of the system (1.16) is asymptotically stable, which means that it is both stable and attractive. Definition 1.10 (Asymptotic Stability in Lyapunov Sense) The equilibrium point xe of the system (1.16) is asymptotically stable, which means that it is both stable and attractive.

.

Definition 1.11 (Global Asymptotic Stability in Lyapunov Sense) The equilibrium point .xe of the system (1.16) is globally asymptotically stable, which means that it is both stable and globally attractive. In this book, unless otherwise specified, we say that a system is asymptotically stable when .xe = 0 is the only equilibrium point of the system and the equilibrium point is globally asymptotically stable in the sense of Lyapunov. In addition to

1.4 Mathematical Preliminaries

29

Lyapunov stability, input-to-state stability (ISS) and input-to-output stability (IOS) are other important concepts in control theory used to analyze the stability of dynamical systems. ISS (IOS) is a notion of stability that considers the behavior of a system under both internal dynamics and external inputs. It deals with the question of how the system’s state (output) responds to bounded inputs or disturbances. A dynamical system is said to be ISS (IOS) if, for any bounded input or disturbance, the system’s state (output) remains bounded and eventually converges to a region that depends on the input magnitude. In other words, ISS (IOS) characterizes the system’s ability to absorb and attenuate disturbances or inputs. Specifically, the following definitions are given mathematically. Consider the following multiple-input multiple-output (MIMO) nonlinear system: ⎧ Σp x˙ = f (x) + i=1 gi (x)ui , . (1.18) yj = hj (x), j ∈ Nq , where .x ∈ Rn is state, .yj ∈ Rmj is output for .j ∈ Nq  {1, . . . , q}, and .ui ∈ Rmi is control input for .i ∈ Np  {1, . . . , p}. .f (x), gi (x), .i ∈ Np , and .hj (x), .j ∈ Nq , are locally Lipschitz functions with appropriate dimensions, .f (0) = 0 and .hj (0) = 0. Without losing generality, assume that the corresponding solution .x(t) of the system (1.18) is well defined for all .t ∈ [t0 , t1 ], with any initial value .x(t0 ) and uniformly essentially bounded inputs .ui for .i ∈ Np over .[t0 , t1 ]. Definition 1.12 (Input-to-State Stability, ISS [119]) The system (1.18) is said to be input-to-state stable if there exists a function .β i ∈ K∞ and a function .γ ij ∈ K¯ with .i ∈ Nq , .j ∈ Np , such that the following inequalities hold along the system trajectories with any measurable uniformly essentially bounded inputs .ui and for all .i ∈ Nq : 1. Uniform boundedness: .∀t0 , t ∈ R, .t ≥ t0 , we have .

|xi (t)| ≤ β i (|x (t0 )|) +

p Σ j =1

⎛ γ ij

⎞ | | sup |uj (s)| .

(1.19)

s∈[t0 ,t)

2. Asymptotic gain:

.

lim sup |xi (t)| ≤ t→+∞

p Σ j =1

⎞ ⎛ | | γ ij lim sup |uj (t)| .

(1.20)

t→+∞

Definition 1.13 (Input-to-Output Stability, IOS [119]) The system (1.18) is said to be input-to-output stable if there exists a function .β i ∈ K∞ and a function .γ ij ∈ K¯ with .i ∈ Nq , .j ∈ Np , such that the following inequalities hold along the system

30

1 Introduction

trajectories with any measurable uniformly essentially bounded inputs and for all i ∈ Nq :

.

1. Uniform boundedness: .∀t0 , t ∈ R, .t ≥ t0 , we have .

|yi (t)| ≤ β i (|x (t0 )|) +

p Σ j =1

⎛ γ ij

⎞ | | sup |uj (s)| .

(1.21)

s∈[t0 ,t)

2. Asymptotic gain:

.

lim sup |yi (t)| ≤ t→+∞

p Σ j =1

⎞ ⎛ | | γ ij lim sup |uj (t)| .

(1.22)

t→+∞

In these definitions, the function .γ ij ∈ K¯ is called an IOS gain from the input .uj to the output .yi with .i ∈ Nq and .j ∈ Np . The IOS gain .γ ij (s) is called linear gain if .γ ij (s) = γ 0ij · s, for each .s ≥ 0, where .γ 0ij ≥ 0. It is worth noting that ISS can be used to prove stability properties based on Lyapunov functions. In many cases, to show that a system is ISS, one can construct a suitable Lyapunov function and use it to prove the boundedness and convergence properties of the system. This Lyapunov function is often constructed to be sensitive to both the system’s internal dynamics and the external inputs or disturbances, thereby capturing the essential properties of ISS. In summary, ISS considers stability with respect to both internal dynamics and external inputs or disturbances, while Lyapunov stability focuses solely on internal dynamics. The relationship between the two concepts lies in the fact that ISS can often be analyzed and established through the use of Lyapunov functions that incorporate the effects of both internal dynamics and external inputs.

References 1. Hatanaka, T., Chopra, N., Fujita, M., Spong, M.W.: Passivity-Based Control and Estimation in Networked Robotics. Springer, Cham (2015) 2. Derbel, N., Ghommam, J., Zhu, Q.: New Developments and Advances in Robot Control, vol. 175. Springer, Singapore (2019) 3. Ge, M.-F., Guan, Z.-H., Hu, B., He, D.-X., Liao, R.-Q.: Distributed controller-estimator for target tracking of networked robotic systems under sampled interaction. Automatica 69, 410– 417 (2016) 4. Wang, H.: Task-space synchronization of networked robotic systems with uncertain kinematics and dynamics. IEEE Trans. Autom. Control 58(12), 3169–3174 (2013) 5. Huang, H., Savkin, A.V.: An algorithm of reactive collision free 3-D deployment of networked unmanned aerial vehicles for surveillance and monitoring. IEEE Trans. Ind. Inform. 16(1), 132–140 (2019) 6. Deng, Y., Liu, T., Zhao, D.: Event-triggered output-feedback adaptive tracking control of autonomous underwater vehicles using reinforcement learning. Appl. Ocean Res. 113, 102676 (2021)

References

31

7. Sharifi, F., Chamseddine, A., Mahboubi, H., Zhang, Y., Aghdam, A.G.: A distributed deployment strategy for a network of cooperative autonomous vehicles. IEEE Trans. Control Syst. Technol. 23(2), 737–745 (2014) 8. Oh, H., Shirazi, A.R., Sun, C., Jin, Y.: Bio-inspired self-organising multi-robot pattern formation: a review. Robot. Auton. Syst. 91, 83–100 (2017) 9. Feng, S., Tesi, P.: Resilient control under denial-of-service: robust design. Automatica 79, 42–51 (2017) 10. Tan, R., Nguyen, H.H., Foo, E.Y., Yau, D.K., Kalbarczyk, Z., Iyer, R.K., Gooi, H.B.: Modeling and mitigating impact of false data injection attacks on automatic generation control. IEEE Trans. Inf. Forensics Secur. 12(7), 1609–1624 (2017) 11. Zhu, M., Martinez, S.: On the performance analysis of resilient networked control systems under replay attacks. IEEE Trans. Autom. Control 59(3), 804–808 (2013) 12. Qu, Z.: Cooperative Control of Dynamical Systems: Applications to Autonomous Vehicles, vol. 3. Springer, London (2009) 13. Aminzade, M.: Confidentiality, integrity and availability–finding a balanced IT framework. Netw. Secur. 2018(5), 9–11 (2018) 14. Yaacoub, J.-P. A., Noura, H.N., Salman, O., Chehab, A.: Robotics cyber security: vulnerabilities, attacks, countermeasures, and recommendations. Int. J. Inf. Secur. 21(1), 115–158 (2022) 15. Antonelli, G.: Interconnected dynamic systems: an overview on distributed control. IEEE Control Syst. Mag. 33(1), 76–88 (2013) 16. Yan, T., Xu, Z., Yang, S.X.: Consensus formation tracking for multiple AUV systems using distributed bioinspired sliding mode control. IEEE Trans. Intell. Veh. 8(2), 1081–1092 (2022) 17. Li, X., Zhu, D., Qian, Y.: A survey on formation control algorithms for multi-AUV system. Unmanned Syst. 2(04), 351–359 (2014) 18. Li, S., Wang, X.: Finite-time consensus and collision avoidance control algorithms for multiple AUVs. Automatica 49(11), 3359–3367 (2013) 19. Zhang, W., Zeng, J., Yan, Z., Wei, S., Tian, W.: Leader-following consensus of discrete-time multi-AUV recovery system with time-varying delay. Ocean Eng. 219, 108258 (2021) 20. Jia, Z., Lu, H., Li, S., Zhang, W.: Distributed dynamic rendezvous control of the AUV-USV joint system with practical disturbance compensations using model predictive control. Ocean Eng. 258, 111268 (2022) 21. Das, B., Subudhi, B., Pati, B.B.: Cooperative formation control of autonomous underwater vehicles: an overview. Int. J. Autom. Comput. 13, 199–225 (2016) 22. Yang, Y., Xiao, Y., and Li, T.: A survey of autonomous underwater vehicle formation: performance, formation control, and communication capability. IEEE Commun. Surv. Tutor. 23(2), 815–841 (2021) 23. Yan, J., Zhou, X., Yang, X., Shang, Z., Luo, X., Guan, X.: Joint design of channel estimation and flocking control for multi-AUV-based maritime transportation systems. IEEE Trans. Intell. Trans. Syst. (2023). Early access 24. Sahu, B.K., Subudhi, B.: Flocking control of multiple AUVs based on fuzzy potential functions. IEEE Trans. Fuzzy Syst. 26(5), 2539–2551 (2017) 25. He, W., Xu, W., Ge, X., Han, Q.-L., Du, W., Qian, F.: Secure control of multiagent systems against malicious attacks: a brief survey. IEEE Trans. Ind. Inform. 18(6), 3595–3608 (2021) 26. Ishii, H., Wang, Y., Feng, S.: An overview on multi-agent consensus under adversarial attacks. Annu. Rev. Control 53, 252–272 (2022) 27. Amin, S., Schwartz, G.A., Sastry, S.S.: Security of interdependent and identical networked control systems. Automatica 49(1), 186–192 (2013) 28. Zhang, D., Liu, L., Feng, G.: Consensus of heterogeneous linear multiagent systems subject to aperiodic sampled-data and DoS attack. IEEE Trans. Cybern. 49(4), 1501–1511 (2018) 29. Befekadu, G.K., Gupta, V., Antsaklis, P.J.: Risk-sensitive control under Markov modulated denial-of-service (DoS) attack strategies. IEEE Trans. Autom. Control 60(12), 3299–3304 (2015)

32

1 Introduction

30. Zhang, W., Wang, Z., Liu, Y., Ding, D., Alsaadi, F.E.: Sampled-data consensus of nonlinear multiagent systems subject to cyber attacks. Int. J. Robust Nonlinear Control 28(1), 53–67 (2018) 31. Zhang, H., Cheng, P., Shi, L., Chen, J.: Optimal DoS attack scheduling in wireless networked control system. IEEE Trans. Control Syst. Technol. 24(3), 843–852 (2015) 32. Yuan, Y., Yuan, H., Guo, L., Yang, H., Sun, S.: Resilient control of networked control system under DoS attacks: a unified game approach. IEEE Trans. Ind. Inform. 12(5), 1786–1794 (2016) 33. Ni, H., Xu, Z., Cheng, J., Zhang, D.: Robust stochastic sampled-data-based output consensus of heterogeneous multi-agent systems subject to random DoS attack: a Markovian jumping system approach. Int. J. Control Autom. Syst. 17, 1687–1698 (2019) 34. Huo, S., Zhang, L., Chen, S., Zhang, Y.: H-∞ consensus control of multi-agent systems under attacks with partially unknown Markovian probabilities. J. Franklin Inst. 358(9), 4917–4928 (2021) 35. Wang, J., Li, Y., Duan, Z., Zeng, J.: A fully distributed robust secure consensus protocol for linear multi-agent systems. IEEE Trans. Circuits Syst. II: Express Briefs 69(7), 3264–3268 (2022) 36. De Persis, C., Tesi, P.: Input-to-state stabilizing control under denial-of-service. IEEE Trans. Autom. Control 60(11), 2930–2944 (2015) 37. Feng, Z., Hu, G.: Secure cooperative event-triggered control of linear multiagent systems under DoS attacks. IEEE Trans. Control Syst. Technol. 28(3), 741–752 (2019) 38. Deng, C., Wen, C.: Distributed resilient observer-based fault-tolerant control for heterogeneous multiagent systems under actuator faults and DoS attacks. IEEE Trans. Control Netw. Syst. 7(3), 1308–1318 (2020) 39. Wang, Y.-W., Zeng, Z.-H., Liu, X.-K., Liu, Z.-W.: Input-to-state stability of switched linear systems with unstabilizable modes under DoS attacks. Automatica 146, 110607 (2022) 40. Ai, Z., Peng, L., Zong, G., Shi, K.: Impulsive control for nonlinear systems under DoS attacks: a dynamic event-triggered method. IEEE Trans. Circuits Syst. II: Express Briefs 69(9), 3839– 3843 (2022) 41. Kato, R., Cetinkaya, A., Ishii, H.: Security analysis of linearization for nonlinear networked control systems under DoS. IEEE Trans. Control Netw. Syst. 8(4), 1692–1704 (2021) 42. Eliyan, L.F., Di Pietro, R.: DoS and DDoS attacks in software defined networks: a survey of existing solutions and research challenges. Futur. Gener. Comput. Syst. 122, 149–171 (2021) 43. Yuan, H., Xia, Y.: Resilient strategy design for cyber-physical system under DoS attack over a multi-channel framework. Inf. Sci. 454, 312–327 (2018) 44. Zhang, J., Sun, J.: A game theoretic approach to multi-channel transmission scheduling for multiple linear systems under DoS attacks. Syst. Control Lett. 133, 104546 (2019) 45. Yuan, H., Xia, Y., Yang, H.: Resilient state estimation of cyber-physical system with multichannel transmission under DoS attack. IEEE Trans. Syst. Man Cybern.: Syst. 51(11), 6926–6937 (2020) 46. Liu, H.: Sinr-based multi-channel power schedule under DoS attacks: a stackelberg game approach with incomplete information. Automatica 100, 274–280 (2019) 47. LeBlanc, H.J., Zhang, H., Koutsoukos, X., Sundaram, S.: Resilient asymptotic consensus in robust networks. IEEE J. Sel. Areas Commun. 31(4), 766–781 (2013) 48. Pasqualetti, F., Bicchi, A., Bullo, F.: Consensus computation in unreliable networks: a system theoretic approach. IEEE Trans. Autom. Control 57(1), 90–104 (2012) 49. Gallo, A.J., Turan, M.S., Boem, F., Parisini, T., Ferrari-Trecate, G.: A distributed cyber-attack detection scheme with application to DC microgrids. IEEE Trans. Autom. Control 65(9), 3800–3815 (2020) 50. Shames, I., Teixeira, A.M., Sandberg, H., Johansson, K.H.: Distributed fault detection for interconnected second-order systems. Automatica 47(12), 2757–2764 (2011) 51. Silvestre, D., Rosa, P., Cunha, R., Hespanha, J.P., Silvestre, C.: Gossip average consensus in a Byzantine environment using stochastic set-valued observers. In: 52nd IEEE Conference on Decision and Control, pp. 4373–4378. IEEE (2013)

References

33

52. Silvestre, D., Rosa, P., Hespanha, J.P., Silvestre, C. Stochastic and deterministic fault detection for randomized Gossip algorithms. Automatica 78, 46–60 (2017) 53. Ramos, G., Silvestre, D., Silvestre, C.: A discrete-time reputation-based resilient consensus algorithm for synchronous or asynchronous communications. IEEE Trans. Autom. Control (2023). Early access 54. Ramos, G., Silvestre, D., Silvestre, C.: General resilient consensus algorithms. Int. J. Control 95(6), 1482–1496 (2022) 55. Dolev, D., Lynch, N.A., Pinter, S.S., Stark, E.W., Weihl, W.E.: Reaching approximate agreement in the presence of faults. J. ACM (JACM) 33(3), 499–516 (1986) 56. Kieckhafer, R.M., Azadmanesh, M.H.: Reaching approximate agreement with mixed-mode faults,” IEEE Trans. Parallel Distrib. Syst. 5(1), 53–63 (1994) 57. de Azevedo, M.M., Blough, D.M.: Multistep interactive convergence: an efficient approach to the fault-tolerant clock synchronization of large multicomputers. IEEE Trans. Parallel Distrib. Syst. 9(12), 1195–1212 (1998) 58. Vaidya, N.H., Tseng, L., Liang, G.: Iterative approximate Byzantine consensus in arbitrary directed graphs. In: Proceedings of the 2012 ACM Symposium on Principles of Distributed Computing, pp. 365–374 (2012) 59. Shang, Y.: Resilient consensus for expressed and private opinions. IEEE Trans. Cybern. 51(1), 318–331 (2019) 60. Senejohnny, D.M., Sundaram, S., De Persis, C., Tesi, P.: Resilience against misbehaving nodes in asynchronous networks. Automatica 104, 26–33 (2019) 61. Mendes, H., Herlihy, M.: Multidimensional approximate agreement in Byzantine asynchronous systems. In: Proceedings of the Forty-Fifth Annual ACM Symposium on Theory of Computing, pp. 391–400 (2013) 62. Vaidya, N.H., Garg, V.K.: Byzantine vector consensus in complete graphs. In: Proceedings of the 2013 ACM Symposium on Principles of Distributed Computing, pp. 65–73 (2013) 63. Vaidya, N.H.: Iterative Byzantine vector consensus in incomplete graphs. In: Distributed Computing and Networking: 15th International Conference, ICDCN 2014, Coimbatore, 4– 7 Jan 2014. Proceedings 15, pp. 14–28. Springer (2014) 64. LeBlanc, H.J., Koutsoukos, X.: Resilient first-order consensus and weakly stable, higher order synchronization of continuous-time networked multiagent systems. IEEE Trans. Control Netw. Syst. 5(3), 1219–1231 (2017) 65. Wang, X., Mou, S., Sundaram, S.: A resilient convex combination for consensus-based distributed algorithms, arXiv preprint arXiv:1806.10271 (2018) 66. Yan, J., Mo, Y., Li, X., Wen, C.: A “safe kernel” approach for resilient multi-dimensional consensus. IFAC-PapersOnLine 53(2), 2507–2512 (2020) 67. Shang, Y.: Resilient consensus in multi-agent systems with state constraints. Automatica 122, 109288 (2020) 68. Shang, Y.: Median-based resilient consensus over time-varying random networks. IEEE Trans. Circuits Syst. II: Express Briefs 69(3), 1203–1207 (2021) 69. Yan, J., Li, X., Mo, Y., Wen, C.: Resilient multi-dimensional consensus in adversarial environment. Automatica 145, 110530 (2022) 70. Agarwal, P.K., Sharir, M., Welzl, E.: Algorithms for center and Tverberg points. ACM Trans. Algorithms (TALG) 5(1), 1–20 (2008) 71. Tabuada, P.: Event-triggered real-time scheduling of stabilizing control tasks. IEEE Trans. Autom. Control 52(9), 1680–1685 (2007) 72. Dimarogonas, D.V., Frazzoli, E., Johansson, K.H.: Distributed event-triggered control for multi-agent systems. IEEE Trans. Autom. Control 57(5), 1291–1297 (2012) 73. Wang, X., Lemmon, M.D.: Event-triggering in distributed networked control systems. IEEE Trans. Autom. Control 56(3), 586–601 (2010) 74. Yue, D., Tian, E., Han, Q.-L.: A delay system method for designing event-triggered controllers of networked control systems. IEEE Trans. Autom. Control 58(2), 475–481 (2012) 75. Ge, X., Yang, F., Han, Q.-L.: Distributed networked control systems: a brief overview. Inf. Sci. 380, 117–131 (2017)

34

1 Introduction

76. Fan, Y., Feng, G., Wang, Y., Song, C.: Distributed event-triggered control of multi-agent systems with combinational measurements. Automatica 49(2), 671–675 (2013) 77. Hu, W., Liu, L., Feng, G.: Consensus of linear multi-agent systems by distributed eventtriggered strategy. IEEE Trans. Cybern. 46(1), 148–157 (2015) 78. Lu, A.-Y., Yang, G.-H.: Observer-based control for cyber-physical systems under denial-ofservice with a decentralized event-triggered scheme. IEEE Trans. Cybern. 50(12), 4886–4895 (2019) 79. Zhang, Z.-H., Liu, D., Deng, C., Fan, Q.-Y.: A dynamic event-triggered resilient control approach to cyber-physical systems under asynchronous DoS attacks. Inf. Sci. 519, 260–272 (2020) 80. Sun, Y.-C., Yang, G.-H.: Event-triggered resilient control for cyber-physical systems under asynchronous DoS attacks. Inf. Sci. 465, 340–352 (2018) 81. Su, B., Wang, H.-B., Wang, Y.: Dynamic event-triggered formation control for AUVs with fixed-time integral sliding mode disturbance observer. Ocean Eng. 240, 109893 (2021) 82. Yan, Z., Zhang, C., Zhang, M., Yan, J., Tian, W.: Distributed event-triggered formation control for multi-AUV system via asynchronous periodic sampling control approach. Ocean Eng. 256, 111561 (2022) 83. Wen, L., Yu, S., Zhao, Y., Yan, Y.: Adaptive dynamic event-triggered consensus control of multiple autonomous underwater vehicles. Int. J. Control 96(3), 746–756 (2023) 84. Wang, H., Su, B.: Event-triggered formation control of AUVs with fixed-time rbf disturbance observer. Appl. Ocean Res. 112, 102638 (2021) 85. Meng, C., Zhang, W., Du, X.: Finite-time extended state observer based collision-free leaderless formation control of multiple AUVs via event-triggered control. Ocean Eng. 268, 113605 (2023) 86. A. Y. Lu and G. H. Yang, “Input-to-state stabilizing control for cyber-physical systems with multiple transmission channels under denial of service,” IEEE Transactions on Automatic Control, vol. 63, no. 6, pp. 1813–1820, 2017. 87. A. Y. Lu and G. H. Yang, “Distributed consensus control for multi-agent systems under denialof-service,” Information Sciences, vol. 439, pp. 95–107, 2018. 88. Xu, W., Ho, D.W., Zhong, J., Chen, B.: Event/self-triggered control for leader-following consensus over unreliable network with DoS attacks. IEEE Trans. Neural Netw. Learn. Syst. 30(10), 3137–3149 (2019) 89. Shisheh Foroush, H., Martínez, S.: On triggering control of single-input linear systems under pulse-width modulated DoS signals. SIAM J. Control Optim. 54(6), 3084–3105 (2016) 90. Wen, L., Yu, S., Zhao, Y., Yan, Y.: Event-based secure consensus of multiple AUVs under DoS attacks. Nonlinear Dyn. 107(3), 2407–2419 (2022) 91. Wu, C., Zhao, X., Wang, B., Xing, W., Liu, L., Wang, X.: Model-based dynamic eventtriggered control for cyber-physical systems subject to dynamic quantization and dos attacks. IEEE Trans. Netw. Sci. Eng. 9(4), 2406–2417 (2022) 92. Hu, S., Yue, D., Cheng, Z., Tian, E., Xie, X., Chen, X.: Co-design of dynamic event-triggered communication scheme and resilient observer-based control under aperiodic DoS attacks. IEEE Trans. Cybern. 51(9), 4591–4601 (2020) 93. Heemels, W.P., Johansson, K.H., Tabuada, P.: An introduction to event-triggered and selftriggered control. In: Proceedings of 51st IEEE Conference on Decision and Control (CDC), pp. 3270–3285. IEEE (2012) 94. Senejohnny, D., Tesi, P., De Persis, C.: A jamming-resilient algorithm for self-triggered network coordination. IEEE Trans. Control Netw. Syst. 5(3), 981–990 (2017) 95. Wang, Y., Ishii, H.: Resilient consensus through asynchronous event-based communication. In: 2019 American Control Conference (ACC), pp. 1842–1847. IEEE (2019) 96. Wang, Y., Ishii, H.: An event-triggered approach to quantized resilient consensus. Int. J. Robust Nonlinear Control 30(11), 4188–4204 (2020) 97. Zegers, F.M., Hale, M.T., Shea, J.M., Dixon, W.E.: Event-triggered formation control and leader tracking with resilience to Byzantine adversaries: a reputation-based approach. IEEE Trans. Control Netw. Syst. 8(3), 1417–1429 (2021)

References

35

98. Matsume, H., Wang, Y., Ishii, H.: Resilient self/event-triggered consensus based on ternary control. Nonlinear Anal.: Hybrid Syst. 42, 101091 (2021) 99. Wang, X., Wang, G., Fei, Z., Li, Z.: Secure interval estimation for event-triggered cyberphysical systems under stealthy attacks. IEEE Trans. Control Netw. Syst. (2023). Early access 100. Zhang, H., Sundaram, S.: Robustness of information diffusion algorithms to locally bounded adversaries. In: 2012 American Control Conference (ACC), pp. 5855–5861. IEEE (2012) 101. Li, J., Abbas, W., Koutsoukos, X.: Resilient distributed diffusion in networks with adversaries. IEEE Trans. Signal Inf. Process. Over Netw. 6, 1–17 (2019) 102. Fu, W., Qin, J., Shi, Y., Zheng, W.X., Kang, Y.: Resilient consensus of discrete-time complex cyber-physical networks under deception attacks. IEEE Trans. Ind. Inform. 16(7), 4868–4877 (2019) 103. Usevitch, J., Panagou, D.: Resilient leader-follower consensus to arbitrary reference values. In: 2018 Annual American Control Conference (ACC), pp. 1292–1298. IEEE (2018) 104. Usevitch, J., Panagou, D.: Resilient leader-follower consensus to arbitrary reference values in time-varying graphs. IEEE Trans. Autom. Control 65(4), 1755–1762 (2019) 105. Dibaji, S.M., Ishii, H.: Consensus of second-order multi-agent systems in the presence of locally bounded faults. Syst. Control Lett. 79, 23–29 (2015) 106. Dibaji, S.M., Ishii, H.: Resilient consensus of second-order agent networks: asynchronous update rules over robust graphs. In: 2015 American Control Conference (ACC), pp. 1451– 1456. IEEE (2015) 107. Dibaji, S.M., Ishii, H.: Resilient consensus of second-order agent networks: asynchronous update rules with delays. Automatica 81, 123–132 (2017) 108. Öksüz, H.Y., Akar, M.: Resilient group consensus in the presence of byzantine agents. Int. J. Control 94(3), 807–822 (2021) 109. Zegers, F.M., Deptula, P., Shea, J.M., Dixon, W.E.: Event-triggered approximate leaderfollower consensus with resilience to Byzantine adversaries. In: 2019 IEEE 58th Conference on Decision and Control (CDC), pp. 6412–6417. IEEE (2019) 110. De Palma, D., Arrichiello, F., Parlangeli, G., Indiveri, G.: Underwater localization using single beacon measurements: observability analysis for a double integrator system. Ocean Eng. 142, 650–665 (2017) 111. Yan, Z., Zhang, M., Zhang, C., Zeng, J.: Decentralized formation trajectory tracking control of multi-AUV system with actuator saturation. Ocean Eng. 255, 111423 (2022) 112. Mustafa, A., Modares, H.: Attack analysis and resilient control design for discrete-time distributed multi-agent systems. IEEE Robot. Autom. Lett. 5(2), 369–376 (2019) 113. Viegas, D., Batista, P., Oliveira, P., Silvestre, C., Chen, C.P.: Distributed state estimation for linear multi-agent systems with time-varying measurement topology. Automatica 54, 72–79 (2015) 114. Luo, R.C., Su, K.L., Shen, S.H., Tsai, K.H.: Networked intelligent robots through the Internet: issues and opportunities. Proc. IEEE 91(3), 371–382 (2003) 115. Beineke, L.W., Wilson, R.J.: Topics in Algebraic Graph Theory, vol. 102. Cambridge University Press, London (2004) 116. Mesbahi, M., Egerstedt, M.: Graph Theoretic Methods in Multiagent Networks. Princeton University Press, Princeton, New Jersey (2010) 117. Godsil, C., Royle, G.F.: Algebraic Graph Theory, vol. 207. Springer Science & Business Media, New York (2001) 118. Khalil, H.K.: Nonlinear Systems, 3rd edn. Prentice Hall, Hoboken, New Jersey (2002) 119. Agrachev, A.A., Morse, A.S., Sontag, E.D., Sussmann, H.J., Utkin, V.I., Sontag, E.D.: Input to state stability: basic concepts and results. In: Nonlinear and Optimal Control Theory: Lectures Given at the CIME Summer School held in Cetraro, 19–29 June 2004, pp. 163–220 (2008)

Chapter 2

Secure Cooperative Control for Networked Robotic Systems Under DoS Attacks

Abstract In this chapter, we consider the distributed resilient cooperative control problem for directed networked robotic systems under DoS attacks. DoS attacks will block the communication channels between the robots. Compared with the existing methods for the linear networked systems, the considered nonlinear networked robotic systems with asymmetric channels under DoS attacks are more challenging and still not well explored. To solve this issue, a novel resilient cooperative control scheme is proposed by using sampling control approach. Sufficient conditions are derived in the absence of DoS attacks according to a multidimensional small gain scheme. Then, in the presence of DoS attacks, the proposed resilient scheme works in a switching manner. Inspired by multidimensional small gain techniques, the Lyapunov approach is combined to analyze the closed-loop system, which enable us to establish sufficient stability conditions for the control gains in terms of the duration and frequency of DoS attacks. Keywords Networked Robotic systems · DoS attacks · ISS · Cooperative control

2.1 Introduction Since the appearance of networked control systems, their security issues have attracted wide attention, especially the cyber-physical systems [1–4]. Recently, how to achieve secure estimation and control of networked control systems has become one of the most significant research directions [5–8]. Generally speaking, cyberattacks on networked control systems can be classified into two categories, i.e., deception attacks [9, 10] and the denial-of-service (DoS) attacks [11], as stated in Sect. 1.2. The former can be implemented by the attackers to modify the transmitted information, such as false data injection attack [12] or replay attack [13], while the latter is often used to block the communication channels, as shown in Fig. 2.1. Many scholars have carried out lots of relevant works. For example, Jin et al. [14] proposed an adaptive resilient control approach to mitigate the sensor and actuator attacks in linear cyber-physical systems. Furthermore, the © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2024 X. Li et al., Secure Coordination Control of Networked Robotic Systems, https://doi.org/10.1007/978-981-99-9359-8_2

37

38

2 Secure Cooperative Control for Networked Robotic Systems Under DoS Attacks DoSij

j

Actuators

i

ui (t )

yi (t )

ui (t ki i ) Communication network

ui (t ki i ( t ) )

DoSik

k

Sensors

yi (t ki i )

DoSi DoSi

Robot i

Controller/Detector

Communication network

y i ( t ki i ( t ) )

Fig. 2.1 General control scheme of networked robotic systems under DoS attacks

authors extended the proposed adaptive control architecture to solve the secure consensus problem of multi-agent in which there exists adverse agent in the swarm systems [15]. Compared to the deception attacks, which needs more energy and sophisticated equipment, DoS attacks are more common. Some progress has also been made in the research of resilient control of DoS attacks. Lu and Yang [16] considered the stabilization problem of linear cyber-physical systems with multiple transmission channels under DoS attacks. By designing a switched control law, some sufficient conditions are given to stabilize the closed-loop system. Then they analyzed the distributed consensus control problem for linear multi-agent systems by the LMI approach [17]. In addition, Zhang et al. [18] investigated the output consensus problem for heterogeneous linear multi-agent systems under random DoS attacks. By assuming the sampling process of the whole system can be activated by each agent, sufficient conditions are given to guarantee the solvability of the regulator equation under different attack modes. In [19], an event-triggered control approach was proposed for a class of state-dependent uncertain systems under DoS attacks and replay attacks. Then the authors investigated the event-based H-.∞ load frequency control problem for multi-area power systems in the presence of DoS and deception attacks [20]. By modeling the CPS system as a T-S fuzzy model, a state estimation problem was considered under the limited communication width, sensor saturation, and DoS attacks [21]. More related works can also be found in [22–24] and the reference therein. Despite such progress, the proposed approaches usually focus on the performance analysis based on certain specific assumptions on the communication topology and/or the fraction of misbehaving agents. It is also worth mentioning that the results mentioned above are all about linear systems; however, in practice, many networked control systems are nonlinear systems. In practical engineering, many robotic systems are modeled by EulerLagrange systems, where the networked AUV systems are a typical example

2.1 Introduction

39

[25, 26]. In this book, the networked robotic systems are modeled by an EulerLagrange equation; thus, the overview on literature focuses more on networked Lagrangian systems. Due to its potential applications, coordinate control of distributed networked Lagrangian systems also witnesses a growing interest [27–30]. In particular, Mei et al. [27] investigated coordinate control of Lagrangian networks with parametric uncertainties under a directed graph. An adaptive control approach is used to estimate the uncertain parameters. Then, a fully distributed control law is designed to solve the flocking control problem of networked Lagrangian systems [28]. In [29] and [30], the synchronization problem for networked EulerLagrange systems in the presence of communication constraints is considered. Also it is important to distinguish the problems of resilient control under DoS attacks from the problems of robust control under communication failures or time delays [29, 31, 32]. The latter requires that the communication constraints satisfy some probability distribution [31] or continuity boundedness conditions [29], while DoS attacks are only limited to its frequency and duration in a sampling control scheme due to its limited energy resource, which is carefully designed by attackers [11]. In addition, in contrast to classical networked control systems where packet losses can be reasonably modeled as random events with certain statistical distributions [33, 34], assuming such kind of stochastic characterization for DoS attacks would inherently fail to capture the malicious and intelligent nature of an attacker. Up to now, the problem on resilient cooperative control of networked Lagrangian systems under DoS attacks has not been well explored yet. Compared with existing results on resilient control of linear CPS under DoS attacks, the main difficulties and challenges for the analysis and synthesis of such a problem for networked AUV systems are summarized as follows: 1. The existing analysis approaches cannot be directly applied due to the complicated nonlinearities in networked robotic systems, where the main challenge stems from the essential difficulty in specifying the effects of DoS attacks on synchronization performance. 2. The classical small gain theorem used in linear CPS cannot be used in the synthesis of controllers for nonlinear networked robotic systems to solve the formulated problem, since the multiple channels may be attacked asynchronously. To solve these issues in this chapter, we firstly develop a novel aperiodic sampling control scheme to achieve cooperative control of the networked robotic systems in the absence of DoS attacks. By using the multidimensional small gain techniques, sufficient conditions on the system control gain are established to guarantee asymptotic stability of the closed-loop system. Then the scheme is applied to the case with DoS attacks, and sufficient stability conditions are derived for the control gain in terms of the duration and frequency of DoS attacks. The main contributions of this chapter are threefold: 1. In comparison to the secure consensus control of linear systems [17, 18, 24, 35] and [36], our proposed scheme can control nonlinear networked robotic systems that are modeled by an Euler-Lagrange equation under DoS attacks, even though

40

2 Secure Cooperative Control for Networked Robotic Systems Under DoS Attacks

the complicated nonlinearities result in difficulty in specifying the effects of DoS attacks on cooperative performance, as seen in control design. 2. The local controller of each robot only needs the position information of its own and its neighbors. Also the presented gain condition just depends on the maximum sampling interval. Thus, unlike the sampling process in [18], which needs to be synchronized by all the robots, the sampling process of each robot is independent of other ones. 3. Through using the proposed multidimensional small gain technique to determine control parameters so as to ensure stability of the resulting system, sufficient conditions related to the duration and frequency of DoS attacks are obtained in the form of algebraic inequality, which is easily solvable, instead of solving the complicated LMIs as in [16] and [17]. This chapter is organized as follows. Section 2.2 formulates the problem and gives some preliminaries. The main results are presented in Sects. 2.3 and 2.4, in which the aperiodic sampling cooperative control scheme is proposed without DoS attack in the first part, while the case with DoS attacks is addressed in the second part. Some simulation results are given in Sect. 2.5 to illustrate and verify the effectiveness of the scheme. Section 2.6 concludes this chapter.

2.2 Preliminaries and Problem Statement 2.2.1 Problem Statement In this chapter, the networked robotic systems consist of N nonlinear EulerLagrange systems indexed by .i ∈ N Δ {1, 2, . . . , N } as follows: M i (qi )q¨i + C i (qi , q˙i )q˙i + Gi (qi ) = τ i ,

.

(2.1)

where .qi , q˙i ∈ Rn are the generalized position and velocity vectors of AUV i, respectively; .M i (qi ) ∈ Rn×n , .C i (qi , q˙i ) ∈ Rn×n , .Gi (qi ) ∈ Rn are the positive definite inertia matrix, centripetal and coriolis torques matrix, and the gravitational torque, respectively. .τ i ∈ Rn is the control input. Note that for the nonlinear EulerLagrange systems (2.1), the remarkable properties are given in Properties 2.1–2.3, as detailed in [37]. Property 2.1 (Boundness [37]) The inertia matrix .M i (qi ) is a symmetric positive definite function and satisfies .mi1 I ≤ M i (qi ) ≤ mi2 I , .i = 1, . . . , N , with positive constants .mi1 and .mi2 . .Gi (qi ) is a bounded matrix. There exist .kic ∈ R+ for the centripetal and coriolis torques matrix .C i (q˙i , qi ) that satisfies .|C i (qi , x)|y ≤ kic |x||y| with .x, y ∈ Rm , .m = 6.

2.2 Preliminaries and Problem Statement

41

˙ i (qi ) − 2C i (qi , q˙i ) is Property 2.2 (Skew Symmetry [37]) For a vector .x ∈ Rn , .M skew-symmetric, i.e., ˙ i (qi ) − 2C i (qi , q˙i ))x = 0. x T (M

.

Property 2.3 (Parameterization [37]) The system matrices in (2.1) satisfy the following linear parametrization form: M i (qi )x˙i + C i (qi , q˙i )xi + Gi (qi ) = Yi (qi , q˙i , xi , x˙i )θ i ,

.

(2.2)

where .xi ∈ Rn , .θ i ∈ Rm is a vector containing unknown system’s parameters and .Yi (qi , vi , xi , x ˙i ) ∈ Rn×m is a known regressor matrix. The communication network between robots is modeled by a directed graph. The details can be seen in Sect. 1.4.2. In this chapter, we focus on the resilient controller design by proposing a distributed aperiodic sampling scheme to make the networked robotic systems achieve generalized position synchronization in the absence and presence of DoS attacks, which means, .∀i, j ∈ V .

lim (qi − qj ) = 0, lim q˙i = 0.

t→∞

t→∞

Note that only the position information of its neighbors is used to design distributed control law for robot i. The position signals are sampled and transmitted aperiodically on different channels, and the control input remains unchanged through Zero-Order-Holder (ZOH) in the sampling interval. The k-th sampling time in the ith robot is defined as .tki in the absence of DoS and as .tˆki in the presence of DoS, which is shown in Fig. 2.2. The sampling interval satisfies the following assumption.

Fig. 2.2 The data updated time stamp in DoS attacks interval and normal interval

42

2 Secure Cooperative Control for Networked Robotic Systems Under DoS Attacks

Assumption 2.1 (Sampling Interval [11, 16]) The sampling interval of robot i is defined as .Δi∗ ∈ R+ and satisfies the following inequality i 0 < t − tki ≤ Δi∗ , t ∈ [tki , tk+1 ]

.

where the max sampling interval .Δi∗ ∈ R+ will be determined later. When there is no DoS attack, the sampling time .tki can be updated arbitrarily. While in the presence of DoS attacks, the sampling time .tˆki will remain as the latest updated value until the next successful update occurs.

2.2.2 DoS Attacks The effect of DoS attacks is to block normal communication or access rights. The details can be seen in Sect. 1.2.1. To maintain the integrity, some basic assumptions are still retained in each chapter. In this chapter, DoS attacks on different channels are assumed to be independent, which means that an attacker is allowed to block certain or all components of the communication channels between robots. The following assumptions on DoS frequency and duration are given as stated in [11, 16]. Assumption 2.2 (DoS Duration and Frequency [11]) For .t ≥ t0 , there exist positive scalars .ζ ij , .Tij , .ξ ij and .π ij for channel .(i, j ) ∈ E such that .

| | |Dij (t0 , t)| ≤ ζ ij + t − t0 , . Tij

(2.3)

t − t0 , π ij

(2.4)

nij (t0 , t) ≤ ξ ij +

where .Dij (t0 , t) is the set of time intervals in which DoS attacks are active for channel .(i, j ) ∈ E, .nij (t0 , t) is the DoS attack frequency occurring on channel .(i, j ) ∈ E over .[t0 , t). Remark 2.1 Note that Assumption 2.2 has been widely used to describe the characteristics of DoS attacks [11, 16, 18, 24, 38], as stated in Sect. 1.2.1. In addition to duration and frequency, no additional assumption is needed for DoS attacks. This condition is close to reality, because an attacker always has limited energy resource. As shown in (2.3) and (2.4), the malicious DoS attack can interrupt any communication channels synchronously or asynchronously. In order to prove the stability of networked robotic systems under the asynchronous sampling control, the following lemma is first established.

2.2 Preliminaries and Problem Statement

43

Lemma 2.1 (Conditions for Asymptotical Convergence) Suppose that the system (1.18) is IOS with linear IOS gains .γ 0ij ≥ 0 and each Lebesgue measurable input .uj (·), .j ∈ Np , which satisfies .uj (t) ≡ 0 for .t < 0 and ⎛ ⎞ q | Σ | . |uj (t)| ≤ μ0ij ⎝ sup |yi (s)|⎠ , t ≥ tki ≥ 0,

(2.5)

s∈[tki ,t]

i=1

where .μ0ij ≥ 0 is a linear gain, .tki is the sampling time given in Assumption 2.1. Define .Γ = Υ 0 M0 ∈ Rq×q with .Υ 0 = {γ 0ij }, .M0 = {μ0ij }, .i ∈ Nq , .j ∈ Np . If .ρ(Γ ) < 1 and the system input-output constraint in (2.5) is satisfied, then all the outputs .yi (t) and inputs .uj (·) of the system (1.18) are all uniformly bounded and | | satisfy .|yi (t)| → 0, .|uj (t)| → 0 as t.→ ∞, .i ∈ Nq , .j ∈ Np . | | Proof Define .|y(t)| = [|y1 (t)| , . . . , |yq (t)|]T , .β(|x(t)|) = [β 1 (|x(t)|), . . . , β q (|x(t)|)]. Since .tki ≥ t − Δi∗ (t) ≥ t − maxi Δi∗ (t) where .tki and all .Δi∗ (t) are given in Assumption 2.1. According to the IOS property given in (1.21) for .t ≤ 0, we have | | | | i | |y(t)| ≤ β(|x(− max Δ (t))||). . sup (2.6) i

t∈[− maxi Δi∗ (t),0]

where the fact that .uj (t) ≡ 0 for .t < 0 is used. Note that the supremum of vector arguments in (2.6) is understood in the element-wise sense. Clearly, the condition (2.5) can be satisfied at least for all .t < t ∗ with .t ∗ > 0. In addition, (1.21) can be rewritten as .

sup |y(t)|

t∈[0,t ∗ )

≤ β (|x (0)|) +

p Σ

⎛ γ 0ij

j =1

≤ β (|x (0)|) +

p Σ

≤ β (|x (0)|) +

⎞

s∈[0,t ∗ )

⎛ γ 0ij ⎝

j =1 p Σ

| | sup |uj (s)|

γ 0ij

j =1

⎛

≤ β (|x (0)|) + Γ

sup

) ┌ s∈ − maxi Δi∗ (t),t ∗

q Σ

⎞ | | |uj (s)|⎠

⎛

μ0ij

i=1

⎝

sup

⎞

) ┌ s∈ − maxi Δi∗ (t),t ∗

sup s∈[− maxi Δi∗ (t),0]

|yi (s)|⎠

|yi (s)| + sup |yi (s)| s∈[0,t ∗ )

⎛ ≤ β (|x (0)|) + Γ

⎞

⎞ | | | | i | | β(|x(− max Δ∗ (t))|) + sup |yi (s)| ∗ i s∈[0,t )

44

2 Secure Cooperative Control for Networked Robotic Systems Under DoS Attacks

Then we obtain (Iq − Γ ) sup |y(t)| ≤β (|x (0)|)

.

t∈[0,t ∗ )

| | | | i | + Γ β(|x(− max Δ∗ (t))||). i

(2.7)

Since .ρ(Γ ) < 1, which implies that .(Iq − Γ ) is invertible, then .

sup |y(t)| ≤(Iq − Γ )−1 (β (|x (0)|)

t∈[0,t ∗ )

| | | | i | + Γ β(|x(− max Δ∗ (t))||). i

(2.8)

Now, it is easy to see that if .t ∗ → +∞, (2.8) can be rewritten as |y(t)| ≤(Iq − Γ )−1 (β (|x (0)|)

sup

.

t∈[0,+∞)

| | | | i | + Γ β(|x(− max Δ∗ (t))||)). i

(2.9)

which shows that .yi (t) is uniformly bounded for .i ∈ Nq . Then the uniform boundedness of .uj (·) can be directly obtained from (2.5) for .j ∈ Np . To prove convergence, note that .

lim sup |yi (t)| t→+∞

≤

p Σ

γ 0ij

j =1

≤

p Σ

⎞ ⎛ | | | | lim sup uj (t) t→+∞

⎛

Σ

γ 0ij ⎝lim sup t→+∞

j =1

⎛

⎛

⎞⎞

μ0ij ⎝ sup |yi (s)|⎠⎠

i=Nq

⎞

s∈[tki ,t]

≤ Γ lim sup ⎝ sup |yi (s)|⎠ t→+∞

s∈[tki ,t]

≤ Γ lim sup |yi (t)| ,

(2.10)

t→+∞

where the property .tki → t as .t → +∞ under Assumption 2.1. Then (Iq − Γ ) lim sup |yi (t)| ≤ 0.

.

t→+∞

(2.11)

2.3 Cooperative Control Design for Networked Robotic Systems Without DoS. . .

45

which implies .lim supt→+∞ |yi (t)| = 0. Finally, the convergence of .uj (·), .j ∈ Np , follows from (2.5) and Assumption 2.1. Remark 2.2 The main idea of Lemma 2.1 is to consider system (1.18) under the asynchronous sampling control framework satisfying Assumption 2.1 as a system with multiple time-varying bounded delays in different feedback channels. This then enables that the control gain conditions are given to guarantee the stability according to a multichannel IOS small gain theorem approach. The multidimensional small gain technique was first proposed in [39] to deal with the stabilization of nonlinear time-delay system. In [29], the authors extended this result for synchronization of network robotic systems under irregular time-delay communication. This chapter further extends the multidimensional small gain technique. Compared with [29] and [39] that needs the time-varying delay to satisfy the Lipschitz condition, this chapter does not need any other constraints except for the upper sampling bound.

2.3 Cooperative Control Design for Networked Robotic Systems Without DoS Attacks In this section, a novel resilient cooperative control scheme is designed based on asynchronous sampling control approach in the absence of DoS attacks. The adaptive control law .τ i for the i-th robot is proposed as follows: ⎧

τ i = −Ki si + Yi (qi , q˙i , ηi , η˙ i )θˆ i θ˙ˆ i = −Ωi YiT (qi , q˙i , ηi , η˙ i )si

.

(2.12)

where .Ki ∈ Rn+ is a control gain, .Ωi is a symmetric positive definite matrix, .θˆ i is the estimate of .θ i and the vector .si is defined as .si = q˙i − ηi . Note that the linear secure consensus protocol in [17, 18, 24, 35] cannot be directly used to design the vector .si with sampling approach since the complicated nonlinearities have a great influence on the cooperative performance, not to mention in the presence of DoS attacks. If the closed-loop system under the proposed control law is IOS and the control input can satisfy the condition given in (2.5), then the small-gain result as a sufficient condition in Lemma 2.1 can guarantee the system trajectories to be bounded and convergent. From this point of view, how to achieve this goal becomes how to design an auxiliary system .ηi in a way that can satisfy the input-output constraints in (2.5) by tuning the control gains. Based on this idea, the dynamics of auxiliary vector .ηi can be designed as follows: ) ψ( η η˙ i = −ki ηi − ki κ i qi − ψ i , . ⎛ ⎞ ΣN j ψ˙ i = −ψ i + aij qj tk , .

j =1

(2.13) (2.14)

46

2 Secure Cooperative Control for Networked Robotic Systems Under DoS Attacks

Σ ψ η where .ki ∈ R+ , .ki ∈ R+ are strictly positive scalars and .κ i = N j =1 aij is the diagonal elements of Laplace matrix .L of the directed communication network .G. ⎛ ⎞ j .qj t k is the sampled position data from robot j , a neighbor of robot i, where j

sampling instant .tk is given in Assumption 2.1. The initial values of auxiliary variables .ηi and .ψ i can be selected arbitrarily. Before presenting the main result, define an important parameter as λi = − max(Re(λi1 ), Re(λi2 )), i ∈ N ,

.

η

(2.15)

ψ

where .λi1 , λi2 are the roots of .s 2 +ki s +ki κ i = 0. It is clear that .λi > 0 for strictly η ψ positive .ki , .ki and .κ i . Now the main result is stated as follows. Theorem 2.1 (Stability without DoS Attacks) Given the networked robotic systems (2.1), whose communication network .G includes a directed spanning tree, the distributed controller is given in (2.12)–(2.14) designed under Assumption 2.2. For the i-th subsystem, if the control gains satisfy λi > κ i (1 + 2Δi∗ ), i ∈ N ,

.

(2.16)

then .q˙i (t) is uniformly bounded and converge to zero asymptotically, and the positions of the subsystems asymptotically achieve consensus, i.e., .(qi (t)−qi (t)) → 0, for all .i, j ∈ N . Remark 2.3 In the case with the absence of DoS attacks, the control gain .κ i /= 0 for all the time. For .κ i = 0, this situation corresponds to the existence of isolated nodes in graph .G, which can be completely avoided when there is a directed spanning tree in the graph .G. Remark 2.4 Note that the sampling interval can be arbitrary as long as it satisfies (2.16) with .Δi∗ given in Assumption 2.1. This allows the sampling process of each robot independent of others, unlike the approach in [18] where the sampling process of whole network should be synchronized by all the robots. ⎛ ⎞ Σ ΣN j s Proof of Theorem 2.1 Define .qˆi (t) = N j =1 aij qj tk , .qˆi (t) = j =1 aij qj (t), s ˜ and the error variables .q˜i = κ i qi − ψ i , .ψ i = ψ i − qˆi (t), .Δqˆi (t) = qˆi (t) − qˆis (t), ˜ i = θˆ i − θ i with .t i being the sampling time given in Assumption 2.1. Then the .θ k closed-loop system of (2.1) under the proposed control law (2.12)–(2.14) can be written as .

s˙i = M −1 ˙ i )θ˜ i − C i (qi , q˙i )si − Ki si ), . i (qi )(Yi (qi , q˙i , ηi , η

(2.17)

θ˙˜ i = −Ωi YiT (qi , q˙i , ηi , η˙ i )si , .

(2.18)

q˙˜i = κ i ηi + κ i si + ψ˜ i − Δqˆi , .

(2.19)

2.3 Cooperative Control Design for Networked Robotic Systems Without DoS. . . ψ

η

47

η˙ i = −ki ηi − ki q˜i , .

(2.20)

ψ˙˜ i = −ψ˜ i − q˙ˆis + Δqˆi , .

(2.21)

q˙i = si + ηi .

(2.22)

The closed-loop system (2.17)–(2.22) can be seen as a MIMO system with the states si , .θ˜ i , .q˜i , .ηi , .ψ˜ i , the inputs .q˙ˆis and .Δqˆi , and the output .q˙i . In order to apply the result in Lemma 2.1, we should prove that (i) the closed-loop system is IOS and (ii) the input-output constraints are met with (iii) the corresponding control gains satisfying (2.16). Such a proof consists of three parts.

.

Part 1. IOS of Closed-Loop System Considering (2.21) yields that .

| | | | | | |ψ i (t)| ≤e−(t−t0 ) |ψ i (t0 )| + sup ||q˙ˆi (σ )|| | | + sup |Δqˆi (σ )|

σ ∈[t0 ,t]

σ ∈[t0 ,t]

(2.23)

for any .t ≥ t0 . According to Definition 1.12, the subsystem (2.21) is ISS under the control inputs .q˙ˆis and .Δqˆi , in which the corresponding ISS gains both equal one. Similarly, considering subsystems (2.19)–(2.20), we have | | | | | q˜i (t) | | | κi −λi (t−t0 ) | q˜i (t0 ) | | | . | ηi (t) | ≤ e | η (t0 ) | + λ sup |si (σ )| i σ ∈[t0 ,t] i ⎞ ⎛ | | | | 1 |˜ | | | sup |ψ (σ )| + sup Δqˆi (σ ) + λi σ ∈[t0 ,t] i σ ∈[t0 ,t]

(2.24)

where .λi is defined in (2.16). From inequality (2.24), it can conclude that subsystems (2.19)–(2.20) are ISS with respect to inputs .si , .ψ˜ i , .Δqˆi . In addition, the ISS gains of subsystems (2.19)–(2.20), with respect to the inputs .ψ˜ i and .Δqˆi , are both equal to .1/λi . Note the fact that if the two subsystems are ISS, then the cascaded system connected by these two systems is also ISS [40]. Then the conclusion that the system (2.19)–(2.21) is ISS with respect to inputs .q˙ˆi , .Δqˆi and .si can be directly made. Next, we will prove that .si is uniformly bounded and .si → 0 as .t → ∞ conditionally. Consider the following Lyapunov candidate function for subsystems (2.17) and (2.18) 1Σ T T si M i (qi )si + θ˜ i Ω −1 θ˜ i . 2 N

V (t) =

.

i=1

(2.25)

48

2 Secure Cooperative Control for Networked Robotic Systems Under DoS Attacks

Its derivative follows V˙ (t) =

.

N Σ 1 ˙ i (qi )si − θ˜ Ti Ω −1 θ˙ˆ i ) (siT M i (qi )˙si + siT M i 2 i=1

N Σ 1 ˙ = (siT (−Ki − C i (qi , q˙i ) + M i (qi ))si 2 i=1

+ siT Yi θ˜ i ) −

N Σ

T θ˜ i YiT si

i=1

= − Ki

N Σ

siT si ≤ 0

(2.26)

i=1

where Property 2.2 is applied in the second equality. This leads to .si and .θ˜ i being uniformly bounded, which is independent of other variables. Then we have ¨ (t) = − Ki .V

N Σ

siT s˙i

i=1

= − Ki

N Σ

siT M −1 ˙ i )θ˜ i i (qi )(Yi (qi , q˙i , ηi , η

i=1

− C i (qi , q˙i )si − Ki si ).

(2.27)

Note that from the ISS property of (2.23) and (2.24), .ηi and .η˙ i are uniformly bounded for any uniformly bounded inputs .ψ˜ i and .Δqˆi . This concludes that .V¨ (t) is also uniformly bounded according to Property 2.1 [41, 42]. Then according to the Barb˘alat lemma [43, Lemma 8.2], we have .V˙ (t) → 0 as .t → ∞, which directly leads to that for any uniformly bounded inputs .ψ˜ i and .Δqˆi , .si → 0 as .t → ∞. Furthermore, one can conclude that system (2.17)–(2.21) is IOS with the input .qˆ˙i , .Δq ˆi , .si , and output .q˙i in (2.22). Part 2. Input-Output Constraints For the robot network with N subsystems, it can be considered as a large system (relative to subsystems) with 2N inputs and N

2.3 Cooperative Control Design for Networked Robotic Systems Without DoS. . .

49

outputs. Under Assumption 2.1, the following inequalities hold for inputs .q˙ˆis and Δqˆi :

.

.

N | | | | ˙ s | Σ || aij q˙j (t)| , . |qˆi (t)| ≤

(2.28)

j =1 N | ⎛ ⎞| | | Σ | j | |Δqˆi (t)| ≤ aij |qj (t) − qj tk | j =1 N Σ

≤

⎛ ⎞| | ( ) ( ) ( ) j | aij |qj (t) − qj tk1 + qj tk1 − · · · + qj tkm − qj tk |

j =1 N Σ

≤

| ( )| | ( ) ( )| aij (|qj (t) − qj tk1 | + |qj tk2 − qj tk3 |

j =1

⎛ ⎞| | ( ) ( )| || ( ) j | + · · · + |qj tkm −1 − qj tkm | + |qj tkm − qj tk |) | | ⎛ N | q (t) − q (t ) | Σ j k1 | | j ≤ aij (t − tk1 ) | | | | t − tk1 j =1 | ( ) | | q t − q (t ) | j k1 | | j k2 + (tk1 − tk2 ) | | + ···+ | | tk1 − tk2 | ( ) ( ) || |q t | j km−1 d − qj tkm | + (tkm−1 − tkm ) | | | | tkm −1 − tkm ⎛ ⎞ |⎞ | ( ) j | |q t j km − qj tk | j || |⎠ + (tkm − tk ) | | j tkm − tk | | N Σ

≤

j =1

| | aij Δi∗ sup |q˙j (z)| .

where the fact that ⎛ tk

(2.29)

j

z∈[tk ,t]

m−1

.

t km

sup

t∈[tkm−1 ,tkm ]

| | | | |q˙j (t)| ≥ |qj (tk ) − qj (tk )| , m m−1 j

is used in different time interval .[tkm−1 , tkm ] for different m, in which .[tk , t] = ∪nm=1 [tkm−1 , tkm ]. Then according to the definition of derivative, (2.29) can be derived, where the control input-output constraints in Lemma 2.1 are guaranteed.

50

2 Secure Cooperative Control for Networked Robotic Systems Under DoS Attacks

Part 3. Control Gains Condition Based on the analysis above, the input-to-output stability gain of each subsystem is defined as .Υ 0 = {γ 0ij }, which can be expressed as ⎧ 1 0 λi , if m = 2i − 1, i ∈ N , .γ im = 2 λi , if m = 2i, i ∈ N , In addition, under the constraints in (2.28)–(2.29), the input-output interconnection gains are given as ⎧

if m = 2j − 1, i, j ∈ N , aij , aij Δi∗ , if m = 2j, i, j ∈ N .

μ0mi =

.

Then the closed-loop gain matrix .Γ = Υ 0 · M0 = {γ˜ ij } with the following elements: γ˜ ij =

N Σ

.

γ 0im · μ0mi =

m=1

aij (1 + 2Δi∗ ), λi

Since there is no self-loop in communication graph .G, i.e., .aii = 0, it is concluded that .γ˜ ij = 0 for all .i ∈ N , which implies that the diagonal elements of .Γ are all zeros. In order to satisfy the control gain condition in Lemma 2.1 that .ρ(Γ ) < 1, the following condition should be satisfied: N Σ .

γ˜ ij < 1 for i ∈ N ,

(2.30)

j =1

which is derived by the Geršgorin disc theorem [44]. Clearly the condition in (2.16) can guarantee the condition (2.30). Now, the input-output constraints and control gain conditions in Lemma 2.1 are being uniformly bounded for all satisfied, which leads to .q˙i (t),| .q˙ˆis (t), | and .Δqˆi (t) | | | ˙s | | | ˙i (t)| → 0, .|qˆ (t)| → 0, and . Δqˆi (t)| → 0 as .t → ∞. Under .i ∈ N . In addition, . q i

the above analysis, one concludes that .si , .q˜i , .ηi , and .ψ˜ i are uniformly bounded and .si → 0, .q ˜i → 0, .ηi → 0, .ψ˜ i → 0 as .t → ∞. Then we have q˜i + ψ˜ i − Δqˆi (t) = κ i qi − qˆi (t),

.

⎛ ⎞ Σ j which implies that . N j =1 aij (qi (t) − qj tk ) is uniformly bounded and converges to zero asymptotically for .i ∈ N . Since ⎛ t ⎛ ⎞ j .qi (t) − qj t k = qi (t) − qj (t) + j q˙j (s) ds, tk

2.4 Secure Cooperative Control Design for Networked Robotic Systems with. . .

51

Σ we have . nj=1 aij (qi (t) − qj (t)) → 0 as .t → ∞ for .i ∈ N , which is equivalent to (.L ⊗ In )q = 0. It can be concluded that .qi (t) − qj (t) → 0 as .t → ∞ for .i, j ∈ N if the directed communication graph contains a spanning tree. Remark 2.5 Note that the gain condition in (2.16) does not impose additional constraints on the sampling interval, and it can always be satisfied for any given ψ η values of .Δi∗ by choosing appropriate control gains .ki and .ki . One possible tuning / / ψ ψ η η method is to set .ki = 2 ki κ i to obtain .λi = ki /2 = ki κ i . In this case, the condition in (2.16) is transformed into ψ

ki > max {κ i (1 + 2Δi∗ )2 },

.

(2.31)

j ∈Ni

with .Ni Δ {j |(j, i) ∈ E}. It can be seen that the condition in (2.31) can be satisfied communication by only choosing appropriate .λi . In this chapter, we consider theΣ graph .G as a fixed graph with fixed edge weights; the gain .κ i = N i=1 aij is also fixed. Note that the control gains can be selected arbitrarily; however, large values η of .Δi∗ will impose large .λi and .ki , which will directly affect the convergence rate of system (2.13). Remark 2.6 A multidimensional small gain technique is proposed and used to establish the system stability. Unlike the results in [17] and [16], in which the control gains are designed to make the growth rate of the Lyapunov function be bounded, the state estimates are directly used to derive the convergence results in the form of algebraic inequality instead of complicated LMIs as in these papers. Since the dynamic variables .ηi , η˙ i are directly injected into the control torques in (2.12), large values of .ηi , η˙ i may lead to the system sensitive to certain types of noise. But anyway, the cooperative control of the nonlinear robotic systems can be achieved though choosing appropriate control gains in any practical situation.

2.4 Secure Cooperative Control Design for Networked Robotic Systems with DoS Attack We now consider the presence of DoS attacks satisfying Assumption 2.2. In this case, the communication channel between the agents will be blocked, resulting in possible failure of some sampled position transmission from the neighbors during DoS attacks. Although the condition on control gain in (2.31) is satisfied, the stability of (2.1) may no longer be guaranteed. To address this issue, we modify the proposed control law as follows: ⎧ .

) ψ( η η˙ i = −ki ηi − ki κ i qi − ψ i⎛ , ⎞ ΣN j ψ˙ i = −ψ i + j =1 a¯ ij (t)qj tˆ , k

(2.32)

52

2 Secure Cooperative Control for Networked Robotic Systems Under DoS Attacks

where .κ i =

Σn

j =1 aij (t),

and the switching gain is ⎧ a¯ ij (t) =

.

j aij , t − tˆk ≤ Δi∗ , j 0, t − tˆk > Δi∗ .

(2.33)

Before analyzing the switching resilient control scheme, the following preliminaries on the attack modes and certain time intervals are first given. Lemma 2.2 (Available Sampling Intervals [16]) Define .D¯ ij (t1 , t2 ) = {t ∈ [t1 , t2 )|a¯ ij (t) = 0} and .H¯ ij (t1 , t2 ) = {t ∈ [t1 , t2 )|a¯ ij (t) = aij }. Then ¯ ij (t1 , t2 ) =[t1 , t2 )\D¯ ij (t1 , t2 ), . .H | | | | |D¯ ij (t1 , t2 )| ≤ |Dij (t1 , t2 )| + (nij (t1 , t2 ) + 1)Δi . ∗

(2.34) (2.35)

Now the set of channels that are under DoS attacks at time .t ∈ [t1 , t2 ] is defined as T (t) = {(i, j ) ∈ E|t ∈ D(i,j ) (0, ∞)}. Then the set of channels that are not attacked can be expressed as .T¯ = E\T (t). The time intervals .ΞT (t1 , t2 ) over .[t1 , t2 ] that the channels indexed by .T (t) ⊆ E and .T¯ (t) ⊆ E can be written as

.

ΞT (t1 , t2 ) =(∩(i,j )∈T Dij (t1 , t2 ))

.

∩(∩(i,j )∈T¯ D˘ ij (t1 , t2 )),

(2.36)

where .D˘ ij (t1 , t2 ) = [t1 , t2 ]\D(i,j ) (t1 , t2 )). Note that the time interval .ΞT (t1 , t2 ) is corresponding to different attack modes. Since graph .G is directed, from .T (t) = ∅ to .T (t) = E, there are .2|E | different attack modes. Then the time interval .[t1 , t2 ] is partitioned into .2|E | subintervals .ΞT (t1 , t2 ). An example is given in Fig. 2.3 to illustrate the DoS intervals. Assuming that .ζ p (p ∈ Na Δ {1, 2, . . . , 2|E | }) are the

Fig. 2.3 Example for illustrating the DoS attack intervals

2.4 Secure Cooperative Control Design for Networked Robotic Systems with. . .

53

time instants at which the attack mode changes, then the time intervals can be written as .

∪T (ζ p )⊆E ΞT (t1 , t2 ) = [t1 , t2 ].

It is easy to see that Dij (t1 , t2 ) = ∪T (ζ p )⊆E ,(i,j )∈T (ζ p ) ΞT (t1 , t2 ), .

(2.37)

H¯ ij (t1 , t2 ) = ∪T¯ (ζ

(2.38)

.

¯ (ζ p )

p )⊆E ,(i,j )∈T

ΞT (t1 , t2 ).

Note that the attack mode needs not to be ergodic, which means that the mode index may be part of .Na . Thus, a channel can be attacked, and it is easy for the agent to know which channel is being attacked. Then the following lemma is given for system (1.18) under DoS attacks. Lemma 2.3 (Conditions for Asymptotically Stable under DoS Attacks) SupΣp pose that the system .x˙ = f (x) + i=1 gi (x)ui is ISS and the system (1.18) is IOS with linear IOS gains .γ 0ij ≥ 0, and each Lebesgue measurable input .uj (·), .j ∈ Np , satisfies .uj (t) ≡ 0 for .t < 0 and ⎛

Σ

| | . |uj (t)| ≤

⎞

μ0ij ⎝ sup |yi (s)|⎠ , t ≥ tˆki ≥ 0,

(2.39)

s∈[tˆki ,t]

i∈Nq ,j ∈ / T (t)

where .μ0ij ≥ 0 and .tˆki is the sampling time satisfying Assumption 2.1. If .ρ(Γ ) < 1, where .Γ is defined in Lemma 2.1, and the system input-output constraint in (2.39) is satisfied, then all the outputs .yi (t) and inputs .uj (·) of the system (1.18) are | | uniformly bounded and satisfy .|yi (t)| → 0, .|uj (t)| → 0, .i ∈ Nq , .j ∈ Np , as .t → ∞ despite DoS attacks satisfying Assumption 2.2. Proof Similar to the proof of Lemma 2.1, the following inequality can be directly obtained from the the IOS property: .

sup |y(t)|

t∈[0,t ∗ )

⎛

Σ

≤ β (|x (0)|) +

γ ij

j ∈Np ,(i,j )∈T¯ (t)

≤ β (|x (0)|) +

Σ j ∈Np

⎛

γ ij

⎞ | | sup |uj (z)|

z∈[0,t ∗ )

⎞ | | | | sup uj (z)

z∈[0,t ∗ )

54

2 Secure Cooperative Control for Networked Robotic Systems Under DoS Attacks

≤ β (|x (0)|) +

p Σ

γ ij

Σ

⎛ μ0ij ⎝

i=Nq

j =1

⎛

≤ β (|x (0)|) + Γ

⎞ sup

) ┌ z∈ − maxi Δi∗ (t),t ∗

|yi (z)|⎠ ⎞

|yi (z)| + sup |yi (z)|

sup

z∈[0,t ∗ )

z∈[− maxi Δi∗ (t),0]

⎛

⎞ | | | | β(||x(− max Δi∗ (t))||) + sup |yi (z)| .

≤ β (|x (0)|) + Γ

z∈[0,t ∗ )

i

The remaining proof is similar to that of Lemma 2.1 and thus omitted here. Next, we will present the result for the case that DoS attacks are present. Theorem 2.2 (Convergence under DoS Attacks) Consider the networked robotic systems (2.1), whose communicate network .G includes a directed spanning tree. If ij ij there exist real numbers .Q1 ≥ Q2 such that Σ

λi ≤

ij

Q1 +

.

(i,j )∈Tm

Σ ⎛⎛

Σ

ij

Q2 , .

(2.40)

⎞⎛ ⎞⎞ ij σ¯ ij + Q2 > 0,

(2.41)

(i,j )∈ / Tm

ij

ij

Q1 − Q2

(i,j )∈E

with .σ¯ ij = (1/Tij + Δi∗ /π ij ), .λi being defined in (2.16), .m ∈ Na , then the systems (2.1) under the proposed control scheme in (2.12) and (2.32) can achieve synchronization despite DoS attacks satisfying Assumption 2.2. Proof Similar to the beginning part of the proof of Theorem 2.1, in the presence of DoS attacks, subsystems (2.17) and (2.18) are also convergent under the continuous feedback control law in (2.12) and (2.32), i.e., .si → 0 and .θ˜ i → 0. However, in this case, the auxiliary variable .ηi works in a switching manner with respect to different time intervals. In order to establish the convergence under DoS attacks, we need to investigate the system characteristics ⎛in these time intervals. To this end, we define ⎞ ΣN Σ j ˆ ¯ ij (t)qj (t) and the the variables .q¯i (t) = j =1 a¯ ij (t)qj tk and .q¯im (t) = N j =1 a m ¯ error variables .q˘i = κ i qi − ψ i , .ψ i = ψ i − q¯i (t), and .Δq¯i (t) = q¯i (t) − q¯im (t) and Σn study their behaviors. The closed-loop dynamics of the i-th system with .κ i = j =1 aij /= 0 are obtained as follows: .

q˘˙i =κ i ηi + κ i si + ψ¯ i − Δq¯i , . η

(2.42)

η˙ i = − ki ηi − λi q˘i , .

(2.43)

ψ˙¯ i = − ψ¯ i − q˙¯im + Δq¯i , .

(2.44)

q˙i =si + ηi .

(2.45)

2.4 Secure Cooperative Control Design for Networked Robotic Systems with. . .

55

Take .si , .θ˜ i , .q˘i , .ηi , and .ψ¯ i as the states, .q¯˙is and .Δq¯i as the inputs, and .q˙i as the output. Then by following the same ideas in proving Theorem 2.1 with the help of Lemma 2.3, the remaining proof also consists of three parts. Part 1. IOS of Closed-Loop System Firstly, we need to prove that the closed-loop system (2.42)–(2.45) is IOS. Consider the time interval .[t0 , t1 ], for .t ∈ [ζ p , ζ p+1 ), by noting that .tˆki ≥ t − maxi Δi∗ (t) where .tˆki and all .Δi∗ (t) are from Assumption 2.1. The trajectories of system (2.44) satisfy .

)| ( | | ( )| |ψ¯ i (t)| ≤e− t−ζ p |ψ¯ i ζ p | | m | |q˙¯ (z)| + sup |Δq¯i (z)| , + sup ┌ ┐ i ┌ ┐ z∈ ζ p ,t

(2.46)

z∈ ζ p ,t

Then using (2.46) iteratively, we have .

| | |ψ¯ i (t)|

⎛

| | sup |q˙¯im (z)| z∈[ζ 1 ,ζ 2 ] ⎛ | | + sup |Δq¯i (z)|)) + e−(t−ζ 3 ) sup |q˙¯im (z)| z∈[ζ 1 ,ζ 2 ] z∈[ζ 2 ,ζ 3 ] ⎞⎞ ≤e

|

−(t−ζ 1 ) |

+

sup z∈[ζ 2 ,ζ 3 ]

+e

| ψ¯ i (ζ 1 )| + e−(t−ζ 2 )

|Δq¯i (z)|

+ ···

⎛

−(t−ζ r )

| m | |q˙¯ (z)| +

sup z∈[ζ r−1 ,ζ r ]

i

⎞⎞ sup

|Δq¯i (z)|

z∈[ζ r−1 ,ζ r ]

| m | |q˙¯ (z)| + sup |Δq¯i (z)| + · · · + sup ┌ ┐ i ┌ ┐ z∈ ζ p ,t

z∈ ζ p ,t

| | | | ≤e−(t−t0 ) |ψ¯ i (t0 )| + sup |q˙¯im (z)| + sup |Δq¯i (z)| , z∈[t0 ,t]

(2.47)

z∈[t0 ,t]

for any .t ≥ t0 , which leads to that the system (2.44) is ISS with respect to the switched inputs .q¯˙im and .Δq¯i with the corresponding ISS gains both equal to one. Similarly, for .t ∈ [ζ p , ζ p+1 ), considering systems (2.42) and (2.43) yields .

| | ( )| | | q˘i (t) | −λp (t−ζ ) | q˘i ζ p | κi | | | ≤e i p | |s (z)| | ηi (t) | | η (ζ ) | + μp sup ┌ ┐ i i p i z∈ ζ p ,t ⎛ ⎞ | | 1 ⎝ |Δq¯i (z)|⎠ , + p sup |ψ¯ i (z)| + sup ┌ ┐ λi z∈┌ζ p ,t ┐ z∈ ζ p ,t

(2.48)

56

2 Secure Cooperative Control for Networked Robotic Systems Under DoS Attacks p

where .λi is defined in (2.15) for .t ∈ [ζ p , ζ p+1 ). Iteratively, we have .

| | | q˘i (t) | | | | ηi (t) |

≤e

|

| (ζ 1 ) || | η (ζ ) | i 1

) p−1 ( ) | p( ζ p −ζ p−1 −···−λ1i (ζ 2 −ζ 1 ) | q˘i −λi t−ζ p −λi

+ e−λi (t−ζ 2 ) 2

+e

−λ2i (t−ζ 2 )

κi λ1i

⎛

1 λ1i

sup z∈[ζ 1 ,ζ 2 ]

p−1 (

+ · · · + e−λi

+e

|si (z)|

sup z∈[ζ 1 ,ζ 2 ]

t−ζ p−1

) p−1 ( t−ζ p−1 −λi

)

| | |ψ¯ i (z)| +

p−1 λi

sup

|Δq¯i (z)|

z∈[ζ 1 ,ζ 2 ]

κi sup ┐ |si (z)| p−1 ┌ λi z∈ ζ p−1 ,ζ p

⎛ 1

⎞

⎝

sup

┐ ┌ z∈ ζ p−1 ,ζ p

| | |ψ¯ i (z)|

⎞

+

sup

┐ ┌ z∈ ζ p−1 ,ζ p

|Δq¯i (z)|⎠ +

κi p λi

sup |si (z)|

┌ ┐ z∈ ζ p ,t

⎛ ⎞ | | 1 ⎝ |Δq¯i (z)|⎠ sup |ψ¯ i (z)| + sup + p ┌ ┐ λi z∈┌ζ p ,t ┐ z∈ ζ p ,t ≤e

| ( ) ( ) −λσ p t−ζ p −λσ p−1 ζ p −ζ p−1 −···−λσ 1 (ζ 2 −ζ 1 ) || q˜i

| (ζ 1 ) || | η (ζ ) | i 1

+ e−λσ 2 (t−ζ 2 )

κ¯ σi 1 sup |si (z)| λσ 1 z∈[t0 ,t)

+ e−μσ 3 (t−ζ 3 )

κ¯ σi 2 sup |si (z)| μσ 2 z∈[t0 ,t)

+ · · · + e−μσ p

(

t−ζ p

) κ¯ σ p−1 i

μσ p−1

σ

sup |si (z)| z∈[t0 ,t)

κ¯ i p 1 sup |si (z)| + e−μσ 2 (t−ζ 2 ) μσ p z∈[t0 ,t) μσ 1 ⎛ ⎞ | | | | | | · sup |ψ˜ i (z)| + sup |Δqˆi (z)| +

z∈[t0 ,t)

z∈[t0 ,t)

2.4 Secure Cooperative Control Design for Networked Robotic Systems with. . .

+e

−μσ 3 (t−ζ 3 )

+ ··· + e ⎛ ·

1 μσ 2

⎛

⎞ | | | | |˜ | sup |ψ i (z)| + sup |Δqˆi (z)|

z∈[t0 ,t)

( ) −μσ p t−ζ p

57

z∈[t0 ,t)

1 μσ p−1

⎞ | | | | |˜ | | | sup |ψ i (z)| + sup Δqˆi (z)

z∈[t0 ,t)

1 + μσ p

⎛

z∈[t0 ,t)

⎞

| | | | | | sup |ψ˜ i (z)| + sup |Δqˆi (z)|

z∈[t0 ,t)

z∈[t0 ,t)

| | | | κi κi κi −α i (t0 ,t) | q˘i (t0 ) | { 1, 2,··· , p} ≤e | η (t0 ) | + max p λi λi μi i ⎫ ⎧ 1 1 1 · sup |si (z)| + max , ,··· , p p λi μ1i λ2i z∈[t0 ,t) ⎛ ⎞ | | · sup |ψ¯ i (z)| + sup |Δq¯i (z)| , z∈[t0 ,t)

(2.49)

z∈[t0 ,t)

) Σp ( ) p( where .α i (r, t) = λi t − ζ p + k=r λk−1 ζ k − ζ k−1 . In order to characterize i the dynamic characteristics of systems in different time intervals, we introduce the ij ij variables .Q1 and .Q2 . Then we have α i (t0 , t) =

Σ

.

| | | | λm i Dij (t0 , t)

m∈Na

≤

Σ ⎛Σ

m∈Na

≤

i∈Tm

Σ ⎛

(i,j )∈E

ij Q1

+

⎞ ij Q2

| | |Dij (t0 , t)|

i∈ / Tm

Σ

| ij | Q1 |Dij (t0 , t)|

m∈Na ,i∈Tm

Σ

+

Σ

ij Q2

| | |Dij (t0 , t)|

⎞

m∈Na ,i ∈ / Tm

≤

Σ

(i,j )∈E

≤

Σ

(i,j )∈E

| | ij | ij | (Q1 |Dij (t0 , t)| + Q2 |H¯ ij (t0 , t)|) | ij ij | ij ((Q1 − ρ 2 ) |Dij (t0 , t)| + Q2 (t0 , t)(t − t0 ))

58

2 Secure Cooperative Control for Networked Robotic Systems Under DoS Attacks

Σ

≤

ij

ij

((Q1 − Q2 )(ζ ij +

(i,j )∈E

+ (ξ ij + Σ

≤

(i,j )∈E

+

t − t0 Tij

(t − t0 ) ij + 1)Δi∗ + Q2 (t − t0 )) π ij

ij

ij

(Q1 − Q2 )(ζ ij + (ξ ij + 1)Δi∗ )

Σ

ij

ij

ij

((Q1 − Q2 )σ¯ ij + Q2 ))(t − t0 ),

(2.50)

(i,j )∈E

| | | | where the fact that .|H¯ ij (t0 , t)| = t − t0 − |Dij (t0 , t)| is used. Note that .σ¯ ij = Σ ij (1/Tij + Δi∗ /π ij ) > 0 since .Tij , .π ij , and .Δi∗ are all positive. As . (i,j )∈E (Q1 − Σ ij ij ij ij Q2 )(ζ ij + (ξ ij + 1)Δi∗ ) is a constant and . (i,j )∈E ((Q1 − Q2 )σ¯ ij + Q2 )) > 0, then systems (2.42)–(2.43) are ISS with respect to inputs .q˙¯i , .Δq¯i , and .si . In addition, the linear ISS control gain is .maxp { 11 , 12 , · · · , λ1p }. Since .λm i is independent of time λi p λi

λi

i

instance, = = ··· = = λi , the ISS control gain can be written as . λ1i , for simplicity. Furthermore, for the special case that the communication channels of the i-th system are all DoS attacked, .κ i = 0. In this case, .q˜i = −ψ i ; then, the cascade η closed-loop subsystem can be written as .q˘˙i = ψ¯ i − Δq¯i , .η˙ i = −ki ηi − λi q˘i , ˙¯ = −ψ¯ , and .q˙ = s + η . It can be seen that the above closed-loop system is .ψ i i i i i also ISS. This leads us to conclude that systems (2.42)–(2.45) are weakly IOS. i.e., .λ1i

λ2i

Part 2. Input-Output Constraints Secondly, the input-output constraints in (2.39) should also be satisfied. For the networked robotic systems (2.1) with the data update policy (2.32), the closed-loop system can be considered as a swarm system consisting of cascade subsystems (2.42)–(2.45), in which each subsystem can be seen as having two inputs, .q˙¯is and .Δq¯i , and one output .q˙i , .i ∈ N . From the above analysis, one can see that the effects of DoS attacks on different channels are translated into influencing the numerical value of the control input. Then in a different DoS attack interval, for .t ∈ [ζ p , ζ p+1 ) with different p, using Assumptions 2.1 and 2.2, the control inputs .q˙¯is and .Δq¯i of each subsystem can be estimated as .

N | | Σ | | |q˙¯ s (t)| ≤ a¯ ij (t) |q˙j (t)| . i

(2.51)

j =1

|Δq¯i (t)| ≤

N Σ

| ⎛ ⎞ | | | j a¯ ij (t) |qj tk − qj (t)| .

(2.52)

| | a¯ ij (t)Δi∗ sup |q˙j (z)| ,

(2.53)

j =1

≤

N Σ j =1

z∈[ζ p ,t]

where the system input-output constraints in (2.39) are satisfied.

2.4 Secure Cooperative Control Design for Networked Robotic Systems with. . .

59

Part 3. Control Gains Condition Next, we will focus on the system control gain condition in the presence of DoS attacks. For each subsystem, the IOS gain matrix 0 = {γ 0 } can be well defined with the following elements: .Γ ij

γ 0im

.

⎧ 1 ⎪ ⎨ λi , if m = 2i − 1, i ∈ N , κ i /= 0, = λ2 , if m = 2i, i ∈ N , κ i /= 0, ⎪ ⎩ i 0 otherwise.

(2.54)

In addition, under the control input-output constraints in (2.51) and (2.53), the interconnection gain matrix can be written as ⎧ μ0mi =

.

if m = 2j − 1, i, j ∈ N , a¯ ij (t), a¯ ij (t)Δi∗ , if m = 2j, i, j ∈ N .

Then the closed-loop system gain matrix can be expressed as .Γ¯ = Υ 0 M = {γ¯ ij } γ¯ ij =

n Σ

.

m=1

⎧ γ 0im

· μ0mi

=

a¯ ij λi

(1 + 2Δi∗ ), if κ i /= 0, 0, otherwise.

Since there is no self-loop in communication graph .G, then .aii = 0 for all .i ∈ N , which leads to the diagonal elements of .Γ¯ all equals to zeros. Moreover, since .a ¯ ij (t) ≤ aij (t) despite DoS attacks, the condition in (2.30) can still guarantee that Σ n ¯ . l=1 γ¯ ij < 1 for .i ∈ N , which implies .ρ(Γ ) < 1. Then according to Lemma 2.3, .q ˙i (t) is uniformly bounded and .|q˙i (t)| converges to zero as .t → ∞, .i ∈ N , under the proposed resilient control scheme. The rest of the proof is similar to that of Theorem 2.1 and omitted here. Remark 2.7 Note that the special parts of the proposed resilient controller involve threefold. Firstly, before we propose the resilient control scheme to handle DoS attacks, the auxiliary dynamic systems in (2.13) and (2.14) are proposed as a fundamental scheme, which does not require the sampling process to be synchronized by all the agents. Secondly, to handle DoS attacks, we modify the edge weight as a switching one as shown in (2.33). That is, the corresponding outdated information is discarded by setting .a¯ ij = 0 in DoS interval. Thirdly, through using the proposed multidimensional small gain technique to determine control parameters so as to ensure stability of the resulting system, sufficient conditions related to the duration and frequency of DoS attacks are obtained in the form of algebraic inequalities (2.40) and (2.41), which are easily solvable, instead of solving the complicated LMIs as in [16] and [17]. Remark 2.8 By comparison with the control scheme in (2.14), the resilient control scheme naturally works in a switching manner in the presence of DoS attacks. In addition, whether or not there is such a modification⎛ for⎞ the resilient control scheme, Σ j it is clear from (2.32) that .ψ i → N ¯ ij (t)qj tˆk , as .t → ∞. One potential j =1 a

60

2 Secure Cooperative Control for Networked Robotic Systems Under DoS Attacks

benefit resulting from this is that even if agent i has only one neighbor with its channel being attacked almost all the time, it can still converge to the consensus value as long as other agents can achieve consensus and agent i receives one consensus value from its neighbor. However, this conclusion cannot be generalized to any nodes; thus, we cannot give the optimal attack duration time for general nodes. Remark 2.9 In addition to previous comments on the proposed resilient control scheme, a further remark is made here. Compared to [16], which only considers linear systems, the proposed approach relaxes constraints on the designed parameters given in Theorem 2.2. More specifically, the key parameter .λi is independent of ij ij DoS attack modes, and .Q1 , .Q2 , and .λi are directly derived from the estimated state variables instead of the considered Lyapunov function. To clearly show the control design, a flowchart is given in Fig. 2.4, as a guideline of choosing the controller parameters.

Fig. 2.4 Flowchart of choosing controller parameters

2.5 Simulation Results

61

2.5 Simulation Results In this section, some simulation results are given to verify the effectiveness of the proposed resilient control scheme by considering both the absence and presence of DoS attacks. The communication network of the systems is shown in Fig. 2.5. The networked control systems consist of multiple robots in (2.1) with six nodes. The system parameters are given as ┐ ai1 + ai2 + 2ai3 cos qi2 ai2 + ai3 cos qi2 ,. .M i (qi ) = ai2 + ai3 cos qi2 ai2 ┐ ┌ −ai3 sin qi2 q˙i2 −ai3 (q˙i1 + q˙i2 ) sin qi2 ,. C i (qi , q˙i ) = ai3 q˙i1 sin qi2 0 ┌ ┐ a g cos qi1 + ai5 g cos(qi1 + qi2 ) Gi (qi ) = i4 , ai5 g cos(qi1 + qi2 ) ┌

(2.55) (2.56) (2.57)

where .qi = [qi1 , qi2 ] and .(ai1 , ai2 , ai3 , ai4 , ai5 ) are chosen as .(0.6, 1.1, 0.1, 0.6, 0.3), .(0.8, 1.2, 0.1, 0.9, 0.5), .(0.9, 1.3, 0.2, 1.3, 0.6), .(1.1, 1.4, 0.3, 1.7, 0.7) and 2 .g = 9.81m/s . In the absence/of DoS attacks, the control gain 15I2 , .Ωi = 3I5 , / is given by .Ki = Σ ψ ψ ψ η .k ki κ i with .κ i = (i,j )∈E aij . Then i = 5, .ki = 2 ki κ i , which leads to .λi = the sampling interval should be chosen such that .maxi Δi∗ ≤ 0.2906 according to (2.16). It can be seen that the ISS gain condition in (2.16) is satisfied by choosing i .Δ = 0.1. Figures 2.6 and 2.7 show that under the proposed resilient control scheme, the position and velocity can achieve synchronization asymptotically. Then to investigate the case of DoS attacks, suppose that channels .(1, 2), .(3, 4), and .(5, 6) are under DoS attacks with the attack modes shown in Fig. 2.8. The same control gains as the case without DoS attacks are used, resulting in that .Δi = 0.1. From the DoS attack modes shown in Fig. 2.8, we have .σ¯ 12 = (1/T12 + Δ1∗ /π 12 ) = Fig. 2.5 The topology of the robot network

6

4

3

1

2

5

62

2 Secure Cooperative Control for Networked Robotic Systems Under DoS Attacks

Fig. 2.6 Position synchronization of the AUV systems without DoS attacks

10 0 -10

0

10

0

10

20

30

40

20

30

40

20

30

40

20

30

40

0 -10 -20

Time(s) Fig. 2.7 Velocity synchronization of the AUV systems without DoS attacks

10 0 -10

0

10

0

10

10 5 0 -5

Time(s)

0.0731 with .Tij = 16.5 and .π ij = 8, .σ¯ 34 = (1/T34 + Δ4∗ /π 34 ) = 0.0834 with .T34 = 15 and .π ij = 6, .σ ¯ 56 = (1/T56 + Δ6∗ /π 56 ) = 0.0881 with .Tij = 14 and .π ij = 6. Since .maxi λi = 3.316, then according to the conditions (2.40) and (2.41) ij ij of Theorem 2.2, we can simply choose .Q1 = Q2 = 1. It can be seen in Figs. 2.9 and 2.10 that under the proposed resilient control scheme, the networked robotic systems can synchronize their position and velocity in spite of DoS attacks, which verify the proposed resilient scheme.

2.6 Conclusions In this chapter, resilient cooperative control of networked robotic systems is considered in both the absence and presence of DoS attacks. A novel adaptive resilient control scheme with aperiodic sampling communication is first proposed in

Fig. 2.8 The DoS attack modes on different channels

Fig. 2.9 Position synchronization of the AUV systems under DoS attacks

63 DoS on (5,6) DoS on (3,4) DoS on (1,2)

2.6 Conclusions

1 0 0

10

20

30

40

0

10

20

30

40

0

10

20 Time(s)

30

40

0

10

20

30

40

0

10

20 Time(s)

30

40

0

10

20

30

40

0

10

20 Time(s)

30

40

1 0

1 0

10 0 -10 20 0 -20

Fig. 2.10 Velocity synchronization of the AUV systems under DoS attacks

10 0 -10 20 0 -20

64

2 Secure Cooperative Control for Networked Robotic Systems Under DoS Attacks

the absence of DoS attacks. Using the multidimensional small gain techniques, the control gain condition associated with the maximum sampling interval is derived. Then in the presence of DoS attacks, the proposed resilient control approach can be seen as a switched control scheme. Stability analysis is carried out by exploring the ISS characteristics on different time intervals. State estimates are given according to the definitions of IOS. By designing the parameters associated with different DoS attack modes, the synchronization can also be guaranteed by the proposed resilient control scheme.

References 1. Humayed, A., Lin, J., Li, F., Luo, B.: Cyber-physical systems security—a survey. IEEE Internet Things J. 4(6), 1802–1831 (2017) 2. Mo, Y., Kim, T.H.-J., Brancik, K., Dickinson, D., Lee, H., Perrig, A., Sinopoli, B.: Cyberphysical security of a smart grid infrastructure. Proc. IEEE 100(1), 195–209 (2011) 3. Sridhar, S., Hahn, A., Govindarasu, M.: Cyber-physical system security for the electric power grid. Proc. IEEE 100(1), 210–224 (2011) 4. Ao, W., Song, Y., Wen, C.: Distributed secure state estimation and control for CPSs under sensor attacks. IEEE Trans. Cybern. 50(1), 259–269 (2020) 5. Pasqualetti, F., Dörfler, F., Bullo, F.: Attack detection and identification in cyber-physical systems. IEEE Trans. Autom. Control 58(11), 2715–2729 (2013) 6. Fawzi, H., Tabuada, P., Diggavi, S.: Secure estimation and control for cyber-physical systems under adversarial attacks. IEEE Trans. Autom. Control 59(6), 1454–1467 (2014) 7. Mo, Y., Sinopoli, B.: On the performance degradation of cyber-physical systems under stealthy integrity attacks. IEEE Trans. Autom. Control 61(9), 2618–2624 (2015) 8. Li, Y., Shi, L., Cheng, P., Chen, J., Quevedo, D.E.: Jamming attacks on remote state estimation in cyber-physical systems: a game-theoretic approach. IEEE Trans. Autom. Control 60(10), 2831–2836 (2015) 9. Zhu, M., Martinez, S.: On attack-resilient distributed formation control in operator-vehicle networks. SIAM J. Control Optim. 52(5), 3176–202 (2014) 10. Teixeira, A., Shames, I., Sandberg, H., Johansson, K.H.: A secure control framework for resource-limited adversaries. Automatica 51, 135–148 (2015) 11. Persis, C.D., Tesi, P.: Input-to-state stabilizing control under denial-of-service. IEEE Trans. Autom. Control 60(11), 2930–2944 (2015) 12. Mo, Y., Garone, E., Casavola, A., Sinopoli, B.: False data injection attacks against state estimation in wireless sensor networks. In: Proceedings of the 2010 IEEE Conference on Decision and Control (CDC), pp. 5967–5972. Atlanta (2010) 13. Mo, Y., Sinopoli, B.: Secure control against replay attacks. In: Proceedings of the 2009 Annual Allerton Conference on Communication, Control, and Computing (Allerton), pp. 911–918. Monticello (2009) 14. Jin, X., Haddad, W.M., Yucelen, T.: An adaptive control architecture for mitigating sensor and actuator attacks in cyber-physical systems. IEEE Trans. Autom. Control 62(11), 6058–6064 (2017) 15. Torre, G.D.L., Yucelen, T.: Adaptive architectures for resilient control of networked multiagent systems in the presence of misbehaving agents. Int. J. Control 91(3), 495–507 (2018) 16. Lu, A.Y., Yang, G.H.: Input-to-state stabilizing control for cyber-physical systems with multiple transmission channels under denial of service. IEEE Trans. Autom. Control 63(6), 1813–1820 (2017)

References

65

17. Lu, A.Y., Yang, G.H.: Distributed consensus control for multi-agent systems under denial-ofservice. Inform. Sci. 439, 95–107 (2018) 18. Zhang, D., Liu, L., Feng, G.: Consensus of heterogeneous linear multiagent systems subject to aperiodic sampled-data and DoS attack. IEEE Trans. Cybern. 49(4), 1501–1511 (2019) 19. Liu, J., Yang, M., Tian, E., Cao, J., Fei, S.: Event-based security control for state-dependent uncertain systems under hybrid-attacks and its application to electronic circuits. IEEE Trans. Circuits Syst. I: Regul. Papers 66(12), 4817–4828 (2019) 20. Liu, J., Gu, Y., Zha, L., Liu, Y., Cao, J.: Event-triggered h∞ load frequency control for multiarea power systems under hybrid cyber attacks. IEEE Trans. Syst. Man Cybern. Syst. 99, 1–1 (2019). Early Access 21. Liu, J., Yin, T., Shen, M., Xie, X., Cao, J.: State estimation for cyber-physical systems with limited communication resources, sensor saturation and denial-of-service attacks. ISA Trans. 99, 1–1 (2019). Early Access 22. Dolk, V., Tesi, P., Persis, C.D., Heemels, W.: Event-triggered control systems under denial-ofservice attacks. IEEE Trans. Control Netw. Syst. 4(1), 93–105 (2017) 23. Ding, D., Han, Q.L., Xiang, Y., Ge, X., Zhang, X.M.: A survey on security control and attack detection for industrial cyber-physical systems. Neurocomputing 275, 1674–1683 (2018) 24. Feng, Z., Hu, G.: Secure cooperative event-triggered control of linear multiagent systems under DoS attacks. IEEE Trans. Control Syst. Technol. 28(3), 741–752 (2019) 25. Millán, P., Orihuela, L., Jurado, I., Rubio, F.R.: Formation control of autonomous underwater vehicles subject to communication delays. IEEE Trans. Control Syst. Technol. 22(2), 770–777 (2013) 26. Yuan, C., Licht, S., He, H.: Formation learning control of multiple autonomous underwater vehicles with heterogeneous nonlinear uncertain dynamics. IEEE Trans. Cybern. 48(10), 2920– 2934 (2018) 27. Mei, J., Ren, W., Ma, G.: Distributed containment control for Lagrangian networks with parametric uncertainties under a directed graph. Automatica 48(4), 653–659 (2012) 28. Ghapani, S., Mei, J., Ren, W., Song, Y.: Fully distributed flocking with a moving leader for Lagrange networks with parametric uncertainties. Automatica 67, 67–76 (2015) 29. Abdessameud, A., Polushin, I.G., Tayebi, A.: Synchronization of Lagrangian systems with irregular communication delays. IEEE Trans. Autom. Control 59(1), 187–193 (2013) 30. Abdessameud, A., Tayebi, A., Polushin, I.G.: Leader-follower synchronization of EulerLagrange systems with time-varying leader trajectory and constrained discrete-time communication. IEEE Trans. Autom. Control 62(5), 2539–2545 (2017) 31. Shahvali, M., Shojaei, K.: Distributed control of networked uncertain Euler–Lagrange systems in the presence of stochastic disturbances: a prescribed performance approach. Nonlinear Dyn. 90(1), 697–715 (2017) 32. Ma, C., Shi, P., Zhao, X., Zeng, Q.: Consensus of Euler-Lagrange systems networked by sampled-data information with probabilistic time delays. IEEE Trans. Cybern. 45(6), 1126– 1133 (2014) 33. Yang, H., Xu, Y., Zhang, J.: Event-driven control for networked control systems with quantization and Markov packet losses. IEEE Trans. Cybern. 47(8), 2235–2243 (2016) 34. Hu, J., Zhang, H., Yu, X., Liu, H., Chen, D.: Design of sliding-mode-based control for nonlinear systems with mixed-delays and packet losses under uncertain missing probability. IEEE Trans. Syst. Man Cybern. Syst. 99, 1–1 (2019). Early Access 35. Xu, W., Ho, D.W.C., Zhong, J., Chen, B.: Event/self-triggered control for leader-following consensus over unreliable network with dos attacks. IEEE Trans. Neural Netw. Learn. Syst. 99, 1–1 (2019). Early Access 36. Xu, Y., Fang, M., Wu, Z., Pan, Y.J., Chadli, M., Huang, T.: Input-based event-triggering consensus of multiagent systems under denial-of-service attacks. IEEE Trans. Syst. Man Cybern. Syst. 99, 1–1 (2019). Early Access 37. Dixon, W.E., Dawson, D.M., Zergeroglu, E., Behal, A.: Nonlinear Control of Wheeled Mobile Robots. Springer, London (2005)

66

2 Secure Cooperative Control for Networked Robotic Systems Under DoS Attacks

38. Feng, Z., Wen, G., Hu, G.: Distributed secure coordinated control for multiagent systems under strategic attacks. IEEE Trans. Cybern. 47(5), 1273–1284 (2016) 39. Polushin, I., Marquez, H.J., Tayebi, A., Liu, P.X.: A multichannel IoS small gain theorem for systems with multiple time-varying communication delays. IEEE Trans. Autom. Control 54(2), 404–409 (2009) 40. Sontag, E.D.: Input to state stability: Basic concepts and results. In: Nonlinear and Optimal Control Theory, pp. 163–220. Springer, Berlin (2008) 41. Cai, H., Huang, J.: Leader-following consensus of multiple uncertain Euler-Lagrange systems under switching network topology. Int. J. Gener. Syst. 43(3–4), 294–304 (2014) 42. Cai, H., Huang, J.: The leader-following consensus for multiple uncertain Euler-Lagrange systems with an adaptive distributed observer. IEEE Trans. Autom. Control 61(10), 3152–3157 (2015) 43. Khalil, H.K.: Nonlinear Systems, 3rd edn. Prentice Hall, Englewood Cliffs (2002) 44. Cvetkovi´c, L., Kosti´c, V., Bru, R., Pedroche, F.: A simple generalization of geršgorin’s theorem. Adv. Comput. Math. 35(2–4), 271–280 (2011)

Chapter 3

Secure Cooperative Control for Networked Robotic Systems with Disturbances and DoS Attacks

Abstract This chapter continues Chap. 2 to consider the impact of external disturbances. The resilient consensus control problem of networked robotic systems in the presence of external disturbances and DoS attacks is considered. Unlike the most existing methods for linear multi-agent systems, the strong nonlinearity and unknown disturbances of networked robotic systems make the resilient control problem under DoS attacks more challenging and still not well explored. To this end, an adaptive control scheme is firstly proposed with a robust sliding modelike term to handle the unknown bounded external disturbances. In addition, an auxiliary system is designed by using the sampled neighboring information to achieve resilience to DoS attacks. Sufficient conditions are presented by using Lyapunov and small-gain approaches. Finally, simulation results are given to verify the effectiveness of the proposed resilient consensus control approach. Keywords Networked robotic systems · DoS attacks · External disturbance · ISS

3.1 Introduction Contemporary advancements in robots have led to the development of networked robotic systems for a wide range of applications, including environmental monitoring, exploration, and system maintenance. However, these robots often operate in dynamic and unpredictable environments, which introduce external disturbances and perturbations that can significantly affect their performance and control accuracy. Unfortunately, existing control methods for networked robotic systems have primarily focused on intrinsic system dynamics while neglecting the critical aspect of external disturbances, leading to suboptimal performance in the presence of such disturbances [1, 2]. To address the issue of external disturbances in networked robotic systems, various methods have been proposed in the literature. For example, some of these strategies include adaptive control algorithms that adjust the control inputs based on real-time disturbance estimates [3], model predictive control (MPC) © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2024 X. Li et al., Secure Coordination Control of Networked Robotic Systems, https://doi.org/10.1007/978-981-99-9359-8_3

67

68

3 Secure Cooperative Control for Networked Robotic Systems with Disturbances. . .

techniques that optimize control actions while considering disturbances [4], and advanced sensor fusion approaches that provide more accurate environmental data to mitigate disturbances’ effects [5]. Additionally, cooperative control strategies that involve multiple robots working together to counteract disturbances have gained attention, as they leverage the collective capabilities of the robot team to overcome environmental challenges. However, the mentioned robust control methods can deal with external disturbances for networked robotic systems to some extent, but cannot deal with cyberattacks. As a typical cyber-physical system, the networked robotic systems are threatened by different types of malicious attacks, such as deception attack [6, 7] and the denial-of-service (DoS) attack [8]. The deception attacks are often used to falsify the transmitted information or control instructions, while DoS attacks are usually used to block normal information transmission among the subsystems [9]. Due to the low cost and ease of implementation, DoS attacks are widely adopted by attackers. This has led researchers to focus on how to achieve resilient consensus under DoS attacks. For example, a resilient event-based consensus controller is proposed for linear multi-agent systems under DoS attacks [10]. By assuming the DoS attacks satisfy certain probability conditions, an aperiodic sampling consensus controller is proposed for linear multi-agent systems [11]. In [12], a resilient switched consensus control scheme is proposed for heterogeneous multi-agent systems in the presence of DoS attacks modeled by limited durations and frequencies. In [13], an event-based resilient formation controller is proposed for the nonlinear multiagent systems under DoS attacks. Then the proposed methods are extended to solve the resilient control problem for mobile robotic systems and mechanical systems [14, 15]. It is worth noting that these approaches cannot be directly used to solve the consensus problem of networked robotic systems that are modeled by nonlinear Euler-Lagrange equation under asynchronous DoS attacks on different channels due to their complex nonlinearity. Our previous work [16] initially explores this problem but still fail to consider the influence of external disturbances. Inspired by the discussion above, this chapter considers the resilient consensus control problem in the presence of external disturbances and DoS attacks. To extend the existing separate subproblem solutions on robust control of uncertain system and resilient control of linear system under DoS attacks to solve such a problem, the following gaps need to be bridged for the analysis and synthesis. 1. Due to the inherent nonlinearities of networked robotic systems, the effects of DoS attacks on consensus performance using present approaches are difficult to counteract [17–19], since the discontinuous and irregular switching neighbor information due to DoS attacks is difficult to directly use for control design of nonlinear networked robotic systems. 2. The communication channel state irregularly fluctuates between normal and fault modes due to the malicious jamming attacks, which cannot be described by physical or communication restrictions [20, 21], such as system uncertainties and time-varying delay. 3. It is critical, but unclear, how to loosen the current system stability criteria, which are dependent on the simultaneous sampling scheme in [11].

3.2 Preliminaries and Problem Statement

69

To overcome these difficulties, a local distributed resilient consensus control scheme is proposed based on a layered cascaded approach. An adaptive controller including a sliding mode-like term is applied to mitigate the effects of the unknown external disturbances. Then a second-order auxiliary system that uses the sampled neighboring positions as inputs is designed to against the DoS attacks. Under the proposed resilient controller, the closed-loop system is proved to be asymptotically stable, and sufficient conditions related to the durations and frequencies of the DoS attacks are established based on the multidimensional small-gain techniques. The main contributions of this chapter are summarized as follows: 1. In comparison to the consensus results for networked Lagrangian systems reported in [21–23], the adaptive resilient control scheme proposed in this chapter can not only deal with external disturbances but also the DoS attacks. 2. Unlike the simultaneous sampling scheme used in [11], a second-order auxiliary system is designed based on the asynchronously acyclic sampling information from the neighboring systems. 3. Simple control gain conditions are presented based on a multidimensional smallgain approach, which depend on the duration and frequency of the DoS attacks. The conditions given in this chapter avoid solving the complicated LMIs, such as the ones in [24, 25]. The rest of this chapter is organized as follows. Some preliminaries and the problem considered in this chapter are presented in Sect. 3.2. Section 3.3 presents the main results and their proofs. The simulation results given in Sect. 3.4 illustrate the proposed scheme and verify the established theoretical results. Finally, Sect. 3.5 concludes the chapter.

3.2 Preliminaries and Problem Statement 3.2.1 Networked Robotic Systems In this chapter, the robot dynamics is modeled by the following Euler-Lagrange equation: M i (qi )q¨i + C i (qi , q˙i )q˙i + Gi (qi ) + di (t) = τ i ,

.

(3.1)

where .qi , q˙i ∈ Rn are the states of agent i, .i ∈ V; .M i (qi ) ∈ Rn×n , .C i (qi , q˙i ) ∈ Rn×n , and .Gi (qi ) ∈ Rn are the positive definite inertia matrix, centripetal and coriolis torque matrix, and the gravitational torque, respectively. .di (t) is the unknown bounded external disturbances. .τ i ∈ Rn denotes the control torque. Generally, Eq. (3.1) has the following properties. More details of the well-known Properties 2.1–2.3 can be found in [22].

70

3 Secure Cooperative Control for Networked Robotic Systems with Disturbances. . .

Remark 3.1 These are three general properties for the Euler-Lagrange system in (3.1), which has been widely used to model mechanical and robotic systems. It is worth noting that if the system Properties 2.1–2.3 are not satisfied, this will lead to the failure of existing regressor matrix-based adaptive control approaches, and how to achieve consensus without using the system Properties 2.1–2.3 is still an open problem. This is out of scope of the chapter and will be considered in the future. In this chapter, the communication network is modeled by a directed graph G(V, E), where .V, E, respectively, denote the node set and edge set. If node i can communicates with node j via a series of edges, then we say there exists a path between node i and node j . For agent i, if there is a path from node .i ∈ V to any other node, we say there exists a directed spanning tree in .G(V, E). The following assumption is necessary for the consensus analysis of the closed-loop networked robotic systems.

.

Assumption 3.1 (Connectivity) The communication network .G = (N , E) contains a directed spanning tree. For each robot in network, its own and also its neighboring position information are used to design a resilient control scheme. Then the following consensus control objective will be addressed under external disturbances and DoS attacks: .

lim (qi − qj ) = 0, lim q˙i = 0, ∀i, j ∈ V.

t→∞

t→∞

(3.2)

To achieve the control objective above, the asynchronously aperiodic sampling generalized positions from neighboring systems are used to update the control signals. During the available sampling interval, a zero-order-holder (ZOH) is applied to remain the control signals. For the sampling instant, the following assumption is presented. Assumption 3.2 (Sampling interval [8, 25]) For each robot, the maximum sampling interval .Δi∗ ∈ R+ is supposed to satisfy the following inequality: i 0 < t − tki ≤ Δi∗ , t ∈ [tki , tk+1 ]

.

where .tki is the k-th sampling time. Remark 3.2 In Assumption 3.2, the maximum sampling interval .Δi∗ ∈ R+ is supposed to be known, which can be either periodic or aperiodic. In this chapter, the asynchronous and aperiodic sampling approach is considered. As for the eventbased sampling approach, the maximum sampling interval .Δi∗ ∈ R+ , if not impossible, is generally difficult to be determined in an event-based control design. Since the maximum sampling interval .Δi∗ ∈ R+ is used in the control design of the proposed control approach, this scheme cannot deal with the event-based sampling case. It is worth noting that many literatures, such as [26, 27], provide us with inspirations to solve this problem. How to achieve resilient consensus under DoS attacks with the event-triggered input and output analysis will be part of future work.

3.2 Preliminaries and Problem Statement

71

3.2.2 DoS Attacks The normal communication will be damaged when DoS attack occurs. Define the m-th DoS duration on channel .(i, j ) occurs at .dijm over a time interval .[t0 , t1 ] as m Dij = [dijm , dijm + δ m ij ), m ∈ N0 ,

.

(3.3)

where .N0 is a nonnegative integer set, which includes the total number of DoS attack intervals. .δ m ij means the interval length. Then the total interval length of the DoS attacks on channel .(i, j ) is Dij (t0 , t1 ) =

⎧| |

M−1

m Dij m=1

.

⎫ | |

[dijM , min{dijM + δ M ij , t}],

(3.4)

where .M = sup{m ∈ N0 |dijm < t}, .t ≥ dij0 . As stated in [8, 25], DoS attacks in different channels can be modeled by the following irregular frequency and duration model due to its malicious nature. Due to the of the attackers, the DoS intervals do not need to satisfy any specific pattern or a stochastic distribution. In the presence of DoS attacks, the following assumptions on DoS are given as stated in Sect. 1.2.1. Assumption 3.3 (DoS Duration and Frequency [8]) For any .t ≥ t0 , suppose the attack duration .Dij (t0 , t) and frequency .nij (t0 , t) in channel .(i, j ) ∈ E satisfy. For there exists positive scalars for channel .(i, j ) ∈ E such that .

| | |Dij (t0 , t)| ≤ ζ ij + t − t0 , . Tij

(3.5)

t − t0 , π ij

(3.6)

nij (t0 , t) ≤ ξ ij +

where .ζ ij , Tij , ξ ij , π ij ∈ R+ are attack parameters. Remark 3.3 Intuitively, Assumption 3.3 gives some reasonable assumptions on the duration and frequency of DoS attacks due to the limitations on the energy of the attackers. The details can be seen in [8, 10, 11, 18, 25] and the references therein. In this chapter, different attack modes with different parameters are considered on different channels. According to (3.5), the edge set under DoS attacks at ime .t ∈ [t0 , t1 ] can be written as T (t) = {(i, j ) ∈ E|t ∈ Dij (t0 , t1 )}.

.

(3.7)

72

3 Secure Cooperative Control for Networked Robotic Systems with Disturbances. . .

Then the attack-free edge set can be expressed as .T¯ = E\T (t). Then the time interval can be indexed by using .T (t) and .T¯ over .[t0 , t1 ], ΞT (t0 , t1 ) Δ(∩(i,j )∈T Dij (t0 , t1 ))

.

∩ (∩(i,j )∈T¯ D˘ ij (t0 , t1 )),

(3.8)

where .D˘ ij (t0 , t1 ) = [t0 , t1 ]\D(i,j ) (t0 , t1 )). At any moment, the state of each channel is either normal or under-attacked, which indicates that there are at most .2|E | attack modes. An illustration is given in Fig. 2.3 to show the attack modes over different intervals. Define .α p (p ∈ Na Δ {1, 2, ..., 2|E | }) as the switching moment of the different attack modes, and then it yields .

∪T (α p )⊆E ΞT (t0 , t1 ) = [t0 , t1 ].

(3.9)

Then for each channel .(i, j ) ∈ E, the attacked and attack-free intervals can be respectively defined as .

D¯ ij (t0 , t1 ) = ∪T (α p )⊆E ,(i,j )∈T (α p ) ΞT (t0 , t1 ), .

(3.10)

H¯ ij (t0 , t1 ) = ∪T¯ (α p )⊆E ,(i,j )∈T¯ (α p ) ΞT (t0 , t1 ).

(3.11)

Note that DoS attacks are easy to be detected. When the sampling data from its neighbors is not available for agent i, the channel is considered as being attacked.

3.2.3 Technical Lemmas In this subsection, some technical lemmas that are used in this chapter are presented as follows. Lemma 3.1 ([28]) For state vector .x ∈ Rn , consider the linear system .x˙ = Ax + Bu with system matrix A being Hurwitz; there exists .ν ∈ R+ such that .A + AT + 2νI ≤ 0; then the state trajectory can be estimated as |x(t)| ≤ e−ν(t−t0 ) |x (t0 )| +

.

||B|| sup |u(σ )|. ν σ ∈[t0 ,t]

(3.12)

3.3 Secure Control Design and Analysis of Networked Robotic Systems

73

3.3 Secure Control Design and Analysis of Networked Robotic Systems 3.3.1 Secure Control Design In this subsection, the following adaptive control scheme is proposed: τ i = −Ki si + Yi Θˆ i −

.

Θ˙ˆ i = −Φi YiT si , . c˙i = kic

||si ||2 , ||si || + μi (t)

ci si . ||si || + μi (t)

(3.13) (3.14) (3.15)

where .Yi Δ Yi (qi , q˙i , ηi , η˙ i ), .Ki , Φi > 0 are symmetric positive definite gain matrices. .Θi is an unknown vector associated with the system parameters of i-th robot given in Property 2.3. In this chapter, .Θˆ i is used to estimate .Θi . An adaptive control law in (3.14) is proposed to update .Θˆ⎛i . .kic ∈ R+ , .μi (t) is a time-varying ∞ function that satisfies .μi (t) > 0, .∀t ≥ 0 and . 0 μi (σ )dσ < ∞. Note that (3.13) is used to derive the states of the agents to the sliding surface .si = 0, and Eq. (3.14) is used to compensate for the parametric uncertainties. The third term in (3.13) with (3.15) is used to compensate for the bounded external disturbances. From [19], it can be seen that the external disturbances will destroy the system stability without this adaptive compensator. From Eq. (3.15), the dynamic control gain .ci is monotonically increasing and sensitive to .||si ||. Using the proposed compensator scheme, asymptotical consensus convergence can be preserved with robust and fast adaption in the face of high-gain learning rates. This approach has been widely used to handle the unknown bounded external disturbances, e.g., [19] and [29]. Note that to avoid the case that .0/0 in this term when .si → 0 and .μi → 0 with a same convergence rate as .t → ∞, one can design .μi (t) with a smaller convergence rate than .si . In addition, the dynamic control gain .ci may lead to a large amplitude of the control input. There exist some results that can guarantee the inputsaturated consensus stabilization for networked robotic systems in the absence of the external disturbances, such as [30, 31]. It is worth noting that there are few results considering both input saturation and external disturbances since the boundness of input saturation is directly related to the boundness of disturbances [31]. This results in the saturated controller not being able to handle arbitrary bounded disturbances, especially using the high-gain method. This point will be considered in the future. In addition to the mathematical feasibility, the proposed controller is also feasible in engineering. With the development of computer and distributed computing technology, it’s possible to apply many complicated controllers like the proposed one into engineering. For example, consensus control problem has been widely considered in [32–34] for complex networked system. For the proposed controller,

74

3 Secure Cooperative Control for Networked Robotic Systems with Disturbances. . .

it is easy to be realized via the software such as MATLAB, which can directly transform the controller into C/C.++/python languages. The sliding vector .si and the reference vector .ηi are designed as follows:

where .κ i =

Σ N

j =1 aij

⎧ .

.

si = q˙i − ηi , .

(3.16)

ηi = κ i qi − φ i ,

(3.17)

is the number of the neighbors and .φ i is designed as

φ˙ i = ψ i ⎛ ⎞ j ψ φ φ Σ N ψ˙ i = −ki ψ i − ki φ i + ki j =1 aij qj tk

(3.18)

⎛ ⎞ j ψ φ where .ki , ki ∈ R+ are strictly positive control gains to be determined. .qj tk , j

j ∈ Ni , is the sampled information from agent j at sampling instant .tk . In (3.18), to achieve consensus control of the networked robotic systems, an auxiliary system is constructed using neighbors’ generalized position information. Comparing with existing results, e.g. [18], where the neighboring generalized position information is directly used in controller design, DoS attacks will block neighboring information transmission and make the controller update fails, thereby destroying the consensus and stability. In this chapter, the DoS attack is modeled by using its duration and frequency, which make the auxiliary system (3.18) switch accordingly. The switching induced by the attacks will not affect the stability of the system but affects the convergence value of the closed-loop system. This is also the basic idea of the designed control scheme, which is similar to the stop-to-go strategy. That is, Σ j j the auxiliary system variable .φ i in (3.18) converge to . N j =1 aij qj (tk ) with .qj (tk ) being updated successfully during normal communication and maintained constant during attacked duration. Benefiting from auxiliary system design, the neighboring generalized position information in this chapter is not directly used in controller design, which provides extra resilience to DoS attacks. The similar idea is also used in [16]. The main differences are twofold. Firstly, an adaptive high-gain approach is used to restrain the unknown external disturbance, which cannot be handled by using the existing work. Secondly, a novel auxiliary system is designed for the intermittent communication under DoS attacks. In addition, the proposed approach allows the control signals to be updated asynchronously and acyclically, which, unlike the one considered in [11], needs the sampling process of the whole network to be synchronized by all agents. Besides, the control signals remain unchanged through ZOH both in the sampling interval and DoS attack interval, and during the DoS attack intervals, the agent i also maintains the same sampling attempt such that when the DoS attacks, end will be known for agent i. Next, the main result of this chapter is presented.

.

3.3 Secure Control Design and Analysis of Networked Robotic Systems

75

Theorem 3.1 (Stability Under DoS Attacks) Suppose that Assumptions 3.1–3.3 are satisfied. Using the proposed control schemes (3.13)–(3.18) for (3.1), if the following conditions are satisfied, i.e., max(i,j )∈E aij φ (1 + ki Δi∗ ), . κi Σ Σ ij ij α1 + α2 , λi ≤

λi >

.

(i,j )∈Tm ij

(3.19) (3.20)

(i,j )∈ / Tm ij

where .λi is given in (3.32) and .α 1 ≥ α 2 are real numbers, then the control objective in (3.2) can be achieved in the presence of external disturbances and DoS attacks, i.e., .(qi (t) − qi (t)) → 0, for all .i, j ∈ N . Proof The results proposed in Lemma 2.3 will be used to prove the resilient stability in the presence of external disturbances and DoS attacks for networked robotic systems. We first prove that the sliding vector .si in (3.16) is bounded and converges to zero. Under the proposed adaptive controller with the sliding mode-like term, we have M i (qi )˙si =Yi θ˜ i − C i (qi , q˙i )si − Ki si − di (t)

.

−

ci si , . ||si || + μi (t)

(3.21)

Θ˙˜ i = − Φi YiT si , . c˙i =kic

(3.22)

||si ||2 . ||si || + μi (t)

(3.23)

For the error dynamics (3.21)–(3.23), consider the following Lyapunov function: V (t) =

.

1 Σ T 1 Σ T −1 si M i (qi ) si + Θ˜ i Φi Θ˜ i 2 2 N

N

i=1

i=1

+

N Σ 1 (ci − cmax )2 , 2kic i=1

(3.24)

76

3 Secure Cooperative Control for Networked Robotic Systems with Disturbances. . .

where .cmax denotes the upper bound of the unknown external disturbances. Then the derivative of .V (t) along the error dynamics (3.21)–(3.23) is N ┌ Σ

1 ˙ i (qi ) si + Θ˜ iT Φ −1 Θ˙˜ i siT M i (qi )˙si + siT M i 2 i=1 ┐ 1 + c (ci − cmax ) c˙i 2ki ┌ ┐ N Σ cmax ||si ||2 T ≤ −si Ki si + ||si || cmax − ||si || + μi (t)

V˙ (t) =

.

i=1

=

N ┌ Σ

−siT Ki si

i=1

≤

n ┌ Σ

cmax ||si || μi (t) + ||si || + μi (t)

┐

┐ −siT Ki si + cmax μi (t) ,

(3.25)

i=1

where last inequality is derived by using the fact that .μi (t) > 0. Then by integrating (3.25) yields that V (t) − V (0)

.

┐ ⎧ t N ┌ ⎧ t Σ T − ≤ si (τ )Ki si (τ )dτ + dmax μi (τ )dτ . i=1

0

(3.26)

0

Rewriting (3.26) as V (t) +

N ⎧ Σ

t

.

i=1

0

siT (τ )Ki si (τ )dτ

≤ V (0) + dmax

N ⎧ Σ i=1

0

t

μi (τ )dτ .

(3.27)

⎛t According to the definition of .μi (τ ) and .Ki , . 0 μi (τ )dτ < ∞, (3.27) yields .si ∈ L2 and .V (t) ∈ L∞ . In addition, we have .si , .Θ˜ i , .ci ∈ L∞ from (3.24). Then according to (3.21) and the property P1, we have .si ∈ L2 ∩ L∞ and .s˙i ∈ L∞ , according to Barbalat’s lemma [28], . lim si → 0. t→∞ From the definition of the reference vector .ηi , we have η˙ i = −κ i ηi − κ i si − ψ i .

.

(3.28)

3.3 Secure Control Design and Analysis of Networked Robotic Systems

77

It can be seen that (3.28) is ISS, where the state is .ηi and inputs are .si and .ψ i . Then according to Lemma 3.1, the following estimate can be written as: .

| ( )| | | |ηi (t)| ≤e−κ i (t−α p ) |ηi α p | + sup |si (z)| z∈[α p ,t ] +

1 κi

| | sup |ψ i (z)| , z∈[α p ,t ]

(3.29)

for .t ∈ [α p , α p+1 ). Then the estimate can be iteratively over .[t0 , t1 ] as .

| | |ηi (t)|

| ( )| ≤e−κ i (t−α p ) |ηi α p | + sup |si (z)| z∈[α p ,t ] | | sup |ψ i (z)| z∈[α p ,t ] | ( )| ≤e−κ i (t−α p−1 ) |ηi α p−1 | ⎛ 1 −κ i (t−α p ) +e sup |si (z)| + κ i z∈[α p−1 ,t ] +

1 κi

1 + sup |si (z)| + κi z∈[α p ,t ] | | ≤e−κ i (t−α 1 ) |ηi (α 1 )| ⎛

sup z∈[α p−1 ,t ]

⎞ | | |ψ i (z)|

| | sup |ψ i (z)| z∈[α p ,t ]

⎞ | | 1 +e sup |ψ (z)| + · · · sup |si (z)| + κ i z∈[α 1 ,t] i z∈[α 1 ,t] ⎞ ⎛ | | 1 + e−κ i (t−α p−1 ) sup |ψ (z)| sup |si (z)| + κ i z∈[α p−2 ,t ] i z∈[α p−2 ,t ] ⎞ ⎛ | | 1 −κ i (t−α p ) | | ψ (z) +e sup sup |si (z)| + κ i z∈[α p−1 ,t ] i z∈[α p−1 ,t ] −κ i (t−α 2 )

| | 1 + sup |si (z)| + sup |ψ i (z)| κ i z∈[α p ,t ] z∈[α p ,t ] | | ≤e−κ i (t−t0 ) |ηi (t0 )| + max{e−κ i (t−α 2 ) , · · · , 1} sup |si (z)| p

+ max{e−κ i (t−α 2 ) , · · · , 1} p

z∈[t0 ,t]

| | 1 sup |ψ i (z)| κ i z∈[t0 ,t]

| | | | 1 ≤e−κ i (t−t0 ) |ηi (t0 )| + sup |si (z)| + sup |ψ i (z)| , κ i z∈[t0 ,t] z∈[t0 ,t]

(3.30)

78

3 Secure Cooperative Control for Networked Robotic Systems with Disturbances. . .

From (3.30), the linear ISS gains are one and . κ1i , respectively. Define .

qˆi (t) :=

N Σ

j

aij qj (tk ), qˆis (t) :=

j =1

N Σ

aij qj (t),

j =1

q˜i (t) := qˆi (t) − qˆis (t), ζ i (t) := φ i (t) − qˆis (t), with .tki being the sampling time given in Assumption 3.2; then (3.18) can be written as ⎛ ⎞ ⎛ ⎞ ⎛ s⎞ ζ˙ i ζi q˙ˆi = A + B , . (3.31) ψ˙ i ψi q˜i where the matrices .A and .B are defined as ⎛ ⎞ ⎛ ⎞ 0m Im −Im 0m .A = ,B = . ψ φ φ 0m ki Im −ki Im −ki Im Define the eigenvalues of the matrix .A as .λi1 and .λi2 , .i ∈ N ; then we have λi = − max(Re(λi1 ), Re(λi2 )) > 0,

.

ψ

φ

1 p λi

| | kφ | | sup |q˙ˆis (z)| + ip λi z∈[α p ,t ]

(3.32)

due to the fact that .ki , ki ∈ R+ are strictly positive control gains. From Assumption 3.2, .tki ≥ t − maxi Δi∗ (t), since the presence of DoS attacks, the state estimate can be obtained from Lemma 3.1 in different time intervals. For .t ∈ [α p , α p+1 ), it yields | | | | | ζ i (t) | −λp t−α | ζ i (α p ) | ( ) p | | | | i . | ψ (t) | ≤e | ψ (α p ) | i i +

sup |q˜i (z)| .

(3.33)

z∈[α p ,t ]

Using (3.33) iteratively over .[t0 , t1 ] for different time intervals of DoS attacks yields | | | ζ i (t) | | | . | ψ (t) | i ≤e

p

p−1

−λi (t−α p )−λi

| | | ζ i (α p−1 ) | | | ψ (α p−1 ) |

(α p −α p−1 ) |

i

⎛

1

p

+ e−λi (t−α p ) φ

+

ki

p−1

λi

p−1

λi

sup z∈[α p−1 ,t ]

| | | | sup |q˙ˆis (z)| z∈[α p−1 ,t ] ⎞

|q˜i (z)|

3.3 Secure Control Design and Analysis of Networked Robotic Systems

+

1 p λi

| | kφ | | sup |q˙ˆis (z)| + ip λi z∈[α p ,t ]

p

p−1

≤e−λi (t−αp )−λi

sup |q˜i (z)| z∈[α p ,t ] p−2

(α p −α p−1 )−λi

⎛ p

p−1

+ e−λi (t−αp )−λi

(α p −α p−1 )

+

⎞

p−2

λi

+e

⎛

1

p

+

p−1

λi p−1

λi

1 p λi

λi

| | | | sup |q˙ˆis (z)| z∈[α p−2 ,t ]

|q˜i (z)|

sup

−λi (t−α p )

ki

1

z∈[α p−2 ,t ]

φ

+

i

p−2

φ

ki

| | | | (t−αp−2 ) | ζ i (α p−2 ) | | ψ (α p−2 ) |

sup

| | | | sup |q˙ˆis (z)| z∈[α p−1 ,t ] ⎞

|q˜i (z)|

z∈[α p−1 ,t ]

| | kφ | | sup |q˙ˆis (z)| + ip λi z∈[α p ,t ]

sup |q˜i (z)| z∈[α p ,t ]

| | | | (α p −α p−1 )−···−λ1i (α 2 −α 1 ) | ζ i (α 1 ) | | ψ (α 1 ) | i ⎛ | | p 1 2 | ˙s | sup (z) q ˆ + e−λi (t−αp )−···−λi (α 3 −α 2 ) | | i λ2i z∈[α 2 ,t] ⎞ φ ki + 2 sup |q˜i (z)| + · · · λi z∈[α 2 ,t] ⎛ | | p p−1 1 | | −λi (t−α p )−λi (α p −α p−1 ) +e sup |qˆ˙is (z)| p−2 λi z∈[α p−2 ,t ] ⎞ φ ki + p−2 sup |q˜i (z)| λi z∈[α p−2 ,t ] ⎛ | | p 1 | | −λi (t−α p ) +e sup |qˆ˙is (z)| p−1 λi z∈[α p−1 ,t ] ⎞ φ ki + p−1 sup |q˜i (z)| λi z∈[α p−1 ,t ] p

p−1

≤e−λi (t−αp )−λi

79

80

3 Secure Cooperative Control for Networked Robotic Systems with Disturbances. . .

| | kφ | | sup |q˙ˆis (z)| + ip sup |q˜i (z)| λi z∈[α p ,t ] z∈[α p ,t ] | | | ζ (t ) | ≤e−α i (t0 ,t1 ) || i 0 || ψ i (t0 ) ⎧ ⎫ | | 1 1 1 | ˙s | , , · · · , (z) q ˆ sup + max | | p p λi z∈[t0 ,t1 ] i λ1i λ2i ⎧ φ φ ⎫ φ ki k i ki , ,··· , p + max sup |q˜i (z)| , p λi z∈[t0 ,t1 ] λ1i λ2i +

1 p λi

(3.34)

Σ p p where .α 1 = t0 , .α i (r, t) = λi (t −α p )+ k=r λk−1 (α k −α k−1 ). Since the parameter i p p design of .λi is independent of DoS attack modes, .λ1i = λ2i = · · · = λi = λi . Then (3.34) can be written as | | | | | ζ i (t) | −α (t ,t ) | ζ i (t0 ) | 1 i 0 1 | | | | . | ψ (t) | ≤e | ψ (t0 ) | + λ i i i

| | | | sup |q˙ˆis (z)|

z∈[t0 ,t1 ]

φ

+

ki λi

sup |q˜i (z)| .

(3.35)

z∈[t0 ,t1 ]

According to the definition of .α i (r, t), we have α i (t0 , t) =

Σ

.

m∈Na

≤

Σ

λm i |ΞT (t0 , t)| ⎛ ⎝

m∈Na

≤

Σ (i,j )∈E

+

Σ

ij α1

+

i∈Tm

⎛

⎞ ij α 2 ⎠ |ΞT

(t0 , t)|

i∈ / Tm

Σ

⎝

Σ

⎞

α 1 ⎠ |ΞT (t0 , t)| ij

m∈Na ,i∈Tm

Σ

ij

α 2 |ΞT (t0 , t)|

m∈Na ,i ∈ / Tm

Σ ⎛ ij | | |⎞ ij | ≤ α 1 |D¯ ij (t0 , t)| + α 2 |H¯ ij (t0 , t)| , (i,j )∈E

(3.36)

3.3 Secure Control Design and Analysis of Networked Robotic Systems ij

81

ij

where .α 1 and .α 2 are two parameters that related the characteristics of channel .(i, j ) and .D¯ ij (t0 , t) and .H¯ ij (t0 , t) are given in (3.10) and (3.11). Under Assumptions 3.2 and 3.3, we have | | | | |H¯ ij (t0 , t)| = t − t0 − |D¯ ij (t0 , t)| , . | | | | |D¯ ij (t0 , t1 )| ≤ |Dij (t0 , t1 )| + (nij (t0 , t1 ) + 1)Δi . ∗ .

(3.37) (3.38)

Then substituting (3.37) and (3.38) into (3.36), we have α i (t0 , t) ≤

Σ

.

| ij ij | ij ((α 1 − α 2 ) |D¯ ij (t0 , t)| + α 2 (t0 , t)(t − t0 ))

(i,j )∈E

≤

Σ

ij

ij

((α 1 − α 2 )(ζ ij +

(i,j )∈E

+ (ξ ij + ≤

Σ (i,j )∈E

+

t − t0 Tij

(t − t0 ) ij + 1)Δi∗ + α 2 (t − t0 )) π ij

ij

ij

(α 1 − α 2 )(ζ ij + (ξ ij + 1)Δi∗ )

Σ

ij

ij

ij

((α 1 − α 2 )σ¯ ij + α 2 ))(t − t0 ),

(3.39)

i∈

where .σ¯ ij = (1/Tij + Δi∗ /π ij ). It can be seen that .σ¯ ij > 0 due to .Tij , π ij , Δi∗ ∈ Σ Σ ij ij ij R+ , and . (i,j )∈E (α 1 − α 2 )(ζ ij + (ξ ij + 1)Δi∗ ) is a constant and . i∈ ((α 1 − ij

ij

ij

ij

α 2 )σ¯ ij + q2 )) > 0 since .α 1 > α 2 ; thus (3.31) is ISS in the presence of DoS attacks. Recalling the overall closed-loop systems, which suffers from a cascaded form as follows: ˜ s˙i = M −1 i (Yi θ i − C i (qi , q˙i )si − Ki si − di (t)

.

−

ci si ), . ||si || + μi (t)

(3.40)

η˙ i = −κ i ηi − κ i si − ψ i , .

(3.41)

ζ˙ i = ψ i − q˙ˆis , .

(3.42)

ψ φ φ ψ˙ i = −ki ψ i − ki ζ i + ki q˜i .

(3.43)

where the overall closed-loop systems can be seen as MIMO systems with .si , .ηi , ζ i , and .ψ i being the states and .q˙ˆis and .q˜i being the inputs, and the output can be considered as

.

.

q˙i = si + ηi .

(3.44)

82

3 Secure Cooperative Control for Networked Robotic Systems with Disturbances. . .

According to the analysis above, closed-loop systems (3.40)–(3.43) are ISS, and from (3.44), we have .

| | |q˙i | ≤ |si | + |ηi | . k

(3.45)

φ

with the linear IOS gains being . κ i1λi and . κ iiλi , respectively. It is worth noting that for the attack mode, when all channels are under DoS attacks, .κ i = 0; then, subsystems (3.41)–(3.43) can be rewritten as η˙ i = −ψ i ,

.

ζ˙ i = ψ i − q˙ˆis , ψ φ ψ˙ i = −ki ψ i − ki ζ i .

where the ISS stability still can be guaranteed. For the control input .qˆ˙is (t), it yields

.

N | | | | ˙ s | Σ || aij q˙j (t)| . |qˆi (t)| ≤ j =1

Similarly, the control input .q˜i satisfies

.

|q˜i (t)| ≤

N Σ

| ⎛ ⎞| | j | aij |qj (t) − qj tk |

j =1

≤

N Σ

| ( ) ( ) aij |qj (t) − qj tk1 + qj tk1

j =1

⎛ ⎞| ( ) j | − · · · + qj tkm − qj tk |

≤

N Σ j =1

| ( )| | ( ) ( )| aij (|qj (t) − qj tk1 | + |qj tk2 − qj tk3 |

| ( ) ( )| + · · · + |qj tkm −1 − qj tkm | | ( ) ⎛ ⎞| | j | + |qj tkm − qj tk |)

(3.46)

3.3 Secure Control Design and Analysis of Networked Robotic Systems

83

| | | q (t) − q (t ) | j k1 | | j ≤ aij (t − tk1 ) | | | | t − tk1 j =1 | ( ) | | q t − q (t ) | j k1 | | j k2 + (tk1 − tk2 ) | | + ···+ | | tk1 − tk2 | ( ) ( ) || |q t | j km−1 d − qj tkm | + (tkm−1 − tkm ) | | | | tkm −1 − tkm ⎛ ⎞ |⎞ | ( ) j | |q t j km − qj tk | | j | |⎠ (tkm − tk ) | | j tkm − tk | | N Σ

≤

N Σ j =1

≤

N Σ j =1

⎛

| | aij Δi∗ sup |q˙j (z)| z∈[α p ,t]

| | aij Δi∗ sup |q˙j (z)| .

(3.47)

z∈[t0 ,t]

where the second inequality is derived by using the following property: ⎧

tkm−1

.

t km

sup

t∈[tkm−1 ,tkm ]

| | | | |q˙j (t)| ≥ |qj (tk ) − qj (tk )| , m m−1 j

for .[tkm−1 , tkm ] with different .m, where .[tk , t] = ∪nm=1 [tkm−1 , tkm ]. From (3.46) and (3.47), it can be seen that the condition in (2.39) is satisfied for the inputs and outputs of systems (3.40)–(3.43). Next, we will explore the gain conditions in Lemma 2.3. Considering the linear IOS gains for the closed-loop systems (3.40)–(3.43), the IOS gain matrix .Γ 0 = {γ 0ij } can be written as

γ 0im

.

⎧ 1 ⎪ ⎨ κ i φλi , if m = 2i − 1, i ∈ N , κ i /= 0, ki = , if m = 2i, i ∈ N , κ i /= 0, ⎪ ⎩ κ i λi 0 otherwise.

(3.48)

According to the analysis in (3.46) and (3.47), the OIS gain matrix .M = {μ0mi } can be written as ⎧ aij (t), if m = 2j − 1, i, j ∈ N , 0 .μmi = (3.49) aij (t)Δi∗ , if m = 2j, i, j ∈ N .

84

3 Secure Cooperative Control for Networked Robotic Systems with Disturbances. . .

Integrating input-to-output gain (3.48) and output-to-input gain (3.49), the gain matrix .Γ¯ = Υ 0 M = {γ¯ ij } of the closed-loop system (3.40)–(3.43) can be written as ⎧ n aij φ Σ (1 + ki Δi∗ ), if κ i /= 0, 0 0 .γ ¯ ij = γ im · μmi = κ i λi 0, otherwise. m=1 According to the gain condition in Lemma 2.3, the spectral radius of the matrix Γ¯ needs to be less than one, i.e., .ρ(Γ¯ ) < 1. Under Assumption 3.1, .aii = 0 and .aij > 0 for all .i ∈ N . According to the Geršgorin disc theorem [35], we have .

n Σ .

γ¯ ij < 1

(3.50)

l=1

as long as the condition in (3.19) is satisfied. Integrating the analysis above, the conditions in Lemma 2.3 are satisfied such that .q ˙| i (t), |.qˆ˙is (t), and .q˜i (t) are uniformly bounded for .i ∈ N . In addition, .|q˙i (t)| → 0, | ˙s | ˆ (t)| → 0 and .|q˜i (t)| → 0 as .t → ∞. Also, .si , .η , and .ψ are uniformly bounded, .|q i

i

i

and .si → 0, .ηi → 0, .ψ i → 0 as .t → ∞. Then we have ηi (t) + ζ i (t) − q˜i (t) = κ i qi − qˆi (t).

.

Σ j which derives that . N j =1 aij (qi (t) − qj (tk )) is uniformly bounded and converges to zero asymptotically for .i ∈ N . Also, we have ⎧ t ⎛ ⎞ j qi (t) − qj tk = qi (t) − qj (t) + j q˙j (s) ds,

.

tk

then it yields n Σ .

aij (qi (t) − qj (t)) = 0 as t → ∞.

(3.51)

j =1

Under Assumption 3.1, it can be concluded that .qi (t) − qj (t) → 0 as .t → ∞ for .i, j ∈ N if the directed communication graph contains a spanning tree. This completes the proof. Remark 3.4 For the conditions in (3.19)–(3.20), the first one is the basic condition for the closed-loop system stability, while the latter one provides a certain stability margin for DoS attacks on different channels. A simple control design guideline will be presented in the next subsection to address how to select control gains to satisfy these conditions. It is worth noting the proposed control framework that provides sufficient conditions for the duration and frequency of the DoS attacks, which will

3.3 Secure Control Design and Analysis of Networked Robotic Systems

85

bring a certain degree of conservatism. How to design a jamming-attack-free control scheme that can guarantee system stability in the presence of any mode of DoS attacks will be considered in the future. Remark 3.5 For the resilient consensus of networked robotic systems in Eq. (3.1), the resilient control approaches proposed in [10, 11, 24, 36] cannot trivially be extended directly to solve this problem due to its complex nonlinearity. Since the dynamic variables .ηi , η˙ i are directly injected into the control torques in (3.13), large values of .di may lead to the system sensitive to certain types of noise. Recalling our previous work in [16], although the resilient consensus problem is addressed for networked robotic systems, the external disturbances are failed to be considered. Also, a different auxiliary system is designed to pre-handle the neighboring information under DoS attacks. The cooperative control of nonlinear robotic systems can be achieved through choosing appropriate control gains in any practical situation. In addition, the resilient stability conditions in this chapter are given in the form of algebraic gains, which avoid solving complex LMIs, e.g., [24, 25].

3.3.2 Control Parameters Selection In this subsection, simple guidelines for the control parameters selection are presented for the resilient controller in (3.13)–(3.18) to satisfy the conditions in (3.19). Step 1: Step 2:

Choose .Ki , Φi > 0 and .kic ∈ R+ to guarantee the adaptive controllers in (3.13)–(3.15) be convergent. ψ φ Choose the parameters .ki , ki ∈ R+ such that λi >

.

Step 3:

ij

max(i,j )∈E aij φ (1 + ki Δi∗ ). κi

ij

Choose .α 1 > α 2 > 0 and verify the conditions in (3.20); if these conditions are not satisfied, return to Step 2.

To make these guidelines more intuitive, a flowchart for the control parameters selection process is given in Fig. 3.1. Remark 3.6 Note that the sampling interval .Δi∗ may be determined by the firmware. It can be seen that the control gains .Ki , .Φi , and .kic are independent from the DoS attacks. From (3.32), .λi is the maximally positive real part of the following polynomial: ψ

φ

s 2 + ki s + ki = 0.

.

86

3 Secure Cooperative Control for Networked Robotic Systems with Disturbances. . .

Fig. 3.1 Flowchart for the control parameters selection

ψ

φ

φ

By choosing .ki = (ki )2 /4, we have .λi = ki /2, which simplifies the calculation of .λi . Then the condition (3.19) turns into φ

ki >

.

2aij , κ i − 2aij maxj ∈Ni Δi∗

(3.52) ψ

where the condition in (3.52) only depends on appropriate .ki . It can be seen ij ij that the condition (3.52) can always be satisfied since the parameters .α 1 , α 2 are independent of the attack parameters and just need to be big enough. That is, as long as condition (3.52) is met, condition (3.19) can always be met. Thus the algorithm can end within finite loops.

3.4 Simulation Results To verify the effectiveness of the proposed control method, some case studies are carried out. The communication topology of the robot network with six agents is shown in Fig. 3.2, where Assumption 3.1 is satisfied. Note that to highlight the

3.4 Simulation Results

87

Fig. 3.2 The communication network with DoS attacks on different channels

6 ③

4

1

②

①

3

5

2

resilience of the proposed algorithm to different types of external disturbances and DoS attack modes, two examples with different system parameters are given as follows. Example I In this example, the parameters in system (3.1) are chosen as follows: ┐ hi1 + hi2 + 2hi3 cos qi2 hi2 + hi3 cos qi2 , .Mi (qi ) = hi2 + hi3 cos qi2 hi2 ┐ ┌ −hi3 sin qi2 q˙i2 −hi3 (q˙i1 + q˙i2 ) sin qi2 Ci (qi , q˙i ) = , hi3 q˙i1 sin qi2 0 ┐ ┌ hi4 g cos qi1 + ci5 g cos(qi1 + qi2 ) , Gi (qi ) = hi5 g cos(qi1 + qi2 ) ┌

where .qi = [qi1 , qi2 ] and .(hi1 , hi2 , hi3 , hi4 , hi5 ) are chosen as .(0.7, 1.0, 0.2, 0.5, 0.4), .(0.7, 1.1, 0.2, 0.8, 0.6), .(0.8, 1.2, 0.1, 1.2, 0.5), .(1.0, 1.3, 0.2, 1.6, 0.6) and 2 .g = 9.81m/s . The external disturbances are considered as di (t) = [0.5 sin(0.05t); 0.5 cos(0.05t)].

.

According to the control parameters selection guidelines in Fig. 3.1, the control ψ parameters in (3.13)–(3.18) are chosen as .Ki = 15I2 , .Φi = 10I2 , .kic = 1, .ki = 5, / ψ φ φ i .k i = 2 ki , and .λi = ki /2. By setting .maxi Δ∗ ≤ 0.5, the condition in (3.19) is satisfied. As shown in Fig. 3.2, the communication channels .(1, 2), .(3, 4), and .(5, 6) suffer from DoS attacks, where the attack modes are shown in Fig. 3.3. Also, ij ij it is easy to verify that there exists .α 1 , α 2 to satisfy the conditions in (3.20). The simulation results are shown in Fig. 3.4 and 3.5. Under the proposed resilient control scheme in (3.13)–(3.18), the position and velocity consensus can be achieved in the presence of external disturbances and DoS attacks.

88

3 Secure Cooperative Control for Networked Robotic Systems with Disturbances. . .

Fig. 3.3 The DoS attack modes in Example I (‘1’ means the attacks are activated)

DoS Attack Modes 1 0 0

5

10

15

20

25

30

0

5

10

15

20

25

30

0

5

10

15

20

25

30

1 0

1 0

Time(s)

Fig. 3.4 Generalized position consensus in Example I under external disturbances and DoS attacks

A1

A2

A3

A4

A5

A6

10 0 -10

5

10

5

10

15

20

25

30

15

20

25

30

10 0 -10 -20

0

Time(s)

Fig. 3.5 Generalized velocity consensus in Example I under external disturbances and DoS attacks

A1

A2

A3

A4

A5

A6

10 0 -10

0

5

10

0

5

10

15

20

25

30

15

20

25

30

20 10 0 -10

Time(s)

3.4 Simulation Results

89

Example II In this example, six networked two-link revolute joint arms modeled by system (3.1) are considered, whose communication network is also used the form in Fig. 3.2. In this case, the parameters for each manipulator in system (3.1) are given as follows: ┐ ┌ α i + 2β i cos qi2 δ i + β i cos qi2 , .Mi (qi ) = δ i + β i cos qi2 δi ┌ ┐ −2 sin qi2 q˙i2 −q˙i2 sin qi2 Ci (qi , q˙i ) = β i , q˙i1 sin qi2 0 ┌ ┐ g cos qi1 + g cos(qi1 + qi2 ) . Gi (qi ) = g cos(qi1 + qi2 ) where .α i = li22 mi2 + li21 (mi1 + mi2 ), .β i = li1 li2 mi2 , and .δ i = li22 mi2 with .li1 , li2 and mi1 , mi2 being the lengths and masses of the two links, respectively. The physical parameters .(li1 , li2 , mi1 , mi2 ) of the six agents are given as .(0.4 m, 0.4 m, .4 kg, 2 kg), .(0.4 m, 0.4 m, .4 kg, 2 kg), .(0.6 m, 0.5 m, .3 kg, 2.5 kg), .(0.6 m, 0.5 m, .3 kg, 2.5 kg), 2 .(0.3 m, .0.35 m, .3.5 kg, 2.5 kg), and .(0.3 m, 0.35 m, .3.5 kg, 2.5 kg). .g = 9.81 m/s . The details can also refer to [22]. In this example, we consider the random external disturbances over the interval .[−2, 2]. According to the control parameters selection guidelines in Sect. III.B, the same control parameters as the ones in Example I are selected. As a comparison with Example I, the communication channels .(1, 2), .(3, 4), and .(5, 6) also suffer from DoS attacks; different DoS attack modes shown in Fig. 3.6 are considered. Also, it can be seen from Figs. 3.7 and 3.8 that the generalized position and velocity of the six two-link revolute joint arms can achieve consensus under the proposed resilient control scheme. Thus, the resilience to different DoS attack modes and external disturbances of the proposed control scheme is verified. .

Fig. 3.6 The DoS attack modes in Example II (‘1’ means the attacks are activated)

DoS Attack Modes 1 0 0

5

10

15

20

25

30

0

5

10

15

20

25

30

0

5

10

15

20

25

30

1 0

1 0

Time(s)

90

3 Secure Cooperative Control for Networked Robotic Systems with Disturbances. . .

Fig. 3.7 Generalized position consensus in Example II under external disturbances and DoS attacks

A1

A2

A3

A4

A5

A6

10 0

-10 10

0

5

10

0

5

10

15

20

25

30

15

20

25

30

0

-10

Time(s)

Fig. 3.8 Generalized velocity consensus in Example II under external disturbances and DoS attacks

A1

A2

A3

A4

A5

A6

10

0

-10 10

0

5

10

0

5

10

15

20

25

30

15

20

25

30

0 -10

Time(s)

As shown in (3.15), the dynamic control gain .ci is monotonically increasing. The unknown external disturbances can be compensated by using the high gain technology. As shown in Fig. 3.9, .ci is convergent as .si converges. The control input is also given in Fig. 3.10. It can be seen that the dynamic control gain .ci does not cause the high-gain phenomenon in control input. In addition, the control input is convergent from a large magnitude as the sliding variable .si converges. It also can be seen that due to the sliding variable .si , the control input is constantly switching around the origin.

3.5 Conclusions This chapter investigates the resilient consensus control problem for networked robotic systems in the presence of external disturbances and DoS attacks. An adaptive controller including a sliding mode-like term is applied to mitigate the

References Fig. 3.9 The dynamic control gain .ci in Example II under external disturbances and DoS attacks

91 4 A1

A2

5

10

A3

A4

A5

A6

3 2 1 0

0

15

20

25

30

Time(s) Fig. 3.10 The control input in Example II under external disturbances and DoS attacks

.τ i

effects of the unknown external disturbances. Then a second-order auxiliary system that uses the sampled neighboring positions as inputs is designed to against the DoS attacks. Under the proposed resilient controller, the closed-loop system is proved to be asymptotically stable, and sufficient conditions related to the durations and frequencies of the DoS attacks are presented based on the multidimensional small gain techniques. In the future, how to achieve the resilient consensus control of the networked robotic systems with measurement noises under limited input is an interesting topic to be considered. In addition, it is also an interesting direction to consider how the seriously physical coupling effects and aggressive motions affect system resilience against DoS attacks in networked robotic systems.

References 1. Peng, Z., Wang, J., Wang, D., Han, Q.L.: An overview of recent advances in coordinated control of multiple autonomous surface vehicles. IEEE Trans. Ind. Inform. 17(2), 732–745 (2020) 2. Jung, Y.S., Lee, K.W., Lee, S.Y., Choi, M.H., Lee, B.H.: An efficient underwater coverage method for multi-AUV with sea current disturbances. Int. J. Control Autom. Syst. 7, 615–629 (2009)

92

3 Secure Cooperative Control for Networked Robotic Systems with Disturbances. . .

3. Gao, Z., Guo, G.: Fixed-time sliding mode formation control of AUVs based on a disturbance observer. IEEE/CAA J. Autom. Sin. 7(2), 539–545 (2020) 4. Shen, C., Shi, Y.: Distributed implementation of nonlinear model predictive control for AUV trajectory tracking. Automatica 115, 108863 (2020) 5. Li, C., Guo, S.: Characteristic evaluation via multi-sensor information fusion strategy for spherical underwater robots. Inform. Fusion 95, 199–214 (2023) 6. Zhu, M., Martinez, S.: On attack-resilient distributed formation control in operator-vehicle networks. SIAM J. Control Optim. 52(5), 3176–202 (2014) 7. Teixeira, A., Shames, I., Sandberg, H., Johansson, K.H.: A secure control framework for resource-limited adversaries. Automatica 51, 135–148 (2015) 8. Persis, C.D., Tesi, P.: Input-to-state stabilizing control under denial-of-service. IEEE Trans. Autom. Control 60(11), 2930–2944 (2015) 9. Zhu, Q., Bushnell, L., Ba¸sar, T.: Resilient distributed control of multi-agent cyber-physical systems. In: Control of Cyber-Physical Systems, pp. 301–316. Springer, Berlin (2013) 10. Feng, Z., Hu, G.: Secure cooperative event-triggered control of linear multiagent systems under DoS attacks. IEEE Trans. Control Syst. Technol. 28(3), 741–7521 (2020) 11. Zhang, D., Liu, L., Feng, G.: Consensus of heterogeneous linear multiagent systems subject to aperiodic sampled-data and DoS attack. IEEE Trans. Cybern. 49(4), 1501–1511 (2019) 12. Zhang, D., Feng, G.: A new switched system approach to leader-follower consensus of heterogeneous linear multiagent systems with DoS attack. IEEE Trans. Syst. Man Cybern. Syst. 51(2), 1258–1266 (2021) 13. Tang, Y., Zhang, D., Shi, P., Zhang, W., Qian, F.: Event-based formation control for multi-agent systems under DoS attacks. IEEE Trans. Autom. Control 66(1), 452–459 (2021) 14. Tang, Y., Zhang, D., Ho, D.W., Yang, W., Wang, B.: Event-based tracking control of mobile robot with denial-of-service attacks. IEEE Trans. Syst. Man Cybern. Syst. 50(9), 3300–3310 (2020) 15. Tang, Y., Zhang, D., Jin, X., Yao, D., Qian, F.: A resilient attitude tracking algorithm for mechanical systems. IEEE/ASME Trans. Mechatron. 24(6), 2550–2561 (2019) 16. Li, X., Wen, C., Chen, C.: Resilient cooperative control for networked Lagrangian systems against DoS attacks. IEEE Trans. Cybern. 52(2), 836–848 (2022) 17. Liu, T., Huang, J.: Leader-following consensus with disturbance rejection for uncertain EulerLagrange systems over switching networks. Int. J. Robust Nonlinear Control 29(18), 6638– 6656 (2019) 18. Feng, Z., Hu, G., Ren, W., Dixon, W.E., Mei, J.: Distributed coordination of multiple unknown Euler-Lagrange systems. IEEE Trans. Control Netw. Syst. 5(1), 55–66 (2018) 19. Mei, J.: Distributed consensus for multiple Lagrangian systems with parametric uncertainties and external disturbances under directed graphs. IEEE Trans. Control Netw. Syst. 7(2), 648– 659 (2020) 20. Ye, M., Anderson, B.D., Yu, C.: Distributed model-independent consensus of Euler-Lagrange agents on directed networks. Int. J. Robust Nonlinear Control 27(14), 2428–2450 (2017) 21. Abdessameud, A., Polushin, I.G., Tayebi, A.: Synchronization of Lagrangian systems with irregular communication delays. IEEE Trans. Autom. Control 59(1), 187–193 (2013) 22. Mei, J., Ren, W., Ma, G.: Distributed containment control for Lagrangian networks with parametric uncertainties under a directed graph. Automatica 48(4), 653–659 (2012) 23. Ghapani, S., Mei, J., Ren, W., Song, Y.: Fully distributed flocking with a moving leader for Lagrange networks with parametric uncertainties. Automatica 67, 67–76 (2015) 24. Lu, A.Y., Yang, G.H.: Distributed consensus control for multi-agent systems under denial-ofservice. Inform. Sci. 439, 95–107 (2018) 25. Lu, A.Y., Yang, G.H.: Input-to-state stabilizing control for cyber-physical systems with multiple transmission channels under denial of service. IEEE Trans. Autom. Control 63(6), 1813–1820 (2017) 26. Li, X., Sun, Z., Tang, Y., Karimi, H.: Adaptive event-triggered consensus of multi-agent systems on directed graphs. IEEE Trans. Autom. Control 66(4), 1670–1685 (2021)

References

93

27. Jin, X., Shi, Y., Tang, Y., Wu, X.: Event-triggered attitude consensus with absolute and relative attitude measurements. Automatica 122, 109245 (2020) 28. Khalil, H.K.: Nonlinear Systems, 3rd edn. Prentice Hall, Englewood Cliffs (2002) 29. Mei, J., Ren, W., Chen, J.: Distributed consensus of second-order multi-agent systems with heterogeneous unknown inertias and control gains under a directed graph. IEEE Trans. Autom. Control 61(8), 2019–2034 (2015) 30. Sun, Y., Dong, D., Qin, H., Wang, W.: Distributed tracking control for multiple Euler-Lagrange systems with communication delays and input saturation. ISA Trans. 96, 245–254 (2020) 31. Guo, Y., Huang, B., Li, A., Wang, C.: Integral sliding mode control for Euler-Lagrange systems with input saturation. Int. J. Robust Nonlinear Control 29(4), 1088–1100 (2019) 32. Chen, T., Shan, J.: Distributed control of multiple flexible manipulators with unknown disturbances and dead-zone input. IEEE Trans. Ind. Electron. 67(11), 9937–9947 (2019) 33. Chen, T., Shan, J.: Distributed tracking of a class of underactuated Lagrangian systems with uncertain parameters and actuator faults. IEEE Trans. Ind. Electron. 67(5), 4244–4253 (2019) 34. Yang, Y., Hua, C., Guan, X.: Finite time control design for bilateral teleoperation system with position synchronization error constrained. IEEE Trans. Cybern. 46(3), 609–619 (2016) 35. Cvetkovi´c, L., Kosti´c, V., Bru, R., Pedroche, F.: A simple generalization of geršgorin theorem. Adv. Comput. Math. 35(2–4), 271–280 (2011) 36. Xu, W., Ho, D.W.C., Zhong, J., Chen, B.: Event/self-triggered control for leader-following consensus over unreliable network with DoS attacks. IEEE Trans. Neural Netw. Learn. Syst. 30(10), 3137–3149 (2019)

Chapter 4

Secure Tracking for Networked Robotic Systems Under DoS Attacks

Abstract Note that Chaps. 2 and 3 investigate the secure coordination control of networked robotic systems under DoS attacks and sufficient conditions are established by using the attack parameters. In this chapter, we further consider the secure cooperative tracking problem of a directed networked robotic systems under unknown DoS attacks on communication links. To this end, a new adaptive distributed resilient control scheme is proposed to resist the influence of the DoS attacks. Under the proposed control framework, the local controllers are allowed to update their control signals aperiodically and asynchronously. The resulting system is analyzed based on an improved multidimensional small gain approach. Under the derived sufficient conditions, which significantly relax the existing convergence conditions that depend on the duration and frequency of DoS attacks for linear systems, the proposed control scheme can almost ensure the resilient leader tracking under arbitrary DoS attacks with bounded durations and frequencies. Keywords Networked robotic systems · Unknown DoS attacks · Leader tracking

4.1 Introduction Resilient or secure consensus control aims to design distributed resilient controllers for multi-agent systems such that the systems can achieve consensus despite of different kinds of cyberattacks [1–4]. Among different cyberattacks that threaten the control system security, denial of service (DoS) attack is one of the most commonly used attacks by hackers. Its purpose is to make the communication network unable to provide normal services [5]. Some resilient consensus control algorithms for multi-agent systems have been proposed against the DoS attacks [6–8]. Some other related research can be found in [9] and the references therein. However, these resilient control frameworks are specifically designed for linear systems, and the established sufficient conditions for ensuring the obtained results depend on solving LMIs. Recalling the resilient control of multi-agent systems, the sample-based consensus control approach is particularly sensitive to DoS attacks [5]. If the duration and © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2024 X. Li et al., Secure Coordination Control of Networked Robotic Systems, https://doi.org/10.1007/978-981-99-9359-8_4

95

96

4 Secure Tracking for Networked Robotic Systems Under DoS Attacks

frequency of the DoS attacks completely cover the sampling moment, the corresponding channels will always lose information, which may make the consensus of multi-agent systems be divergent. In this context, it is usually necessary to make certain assumptions on the duration and frequency of DoS attacks [5, 10– 12]. However, the stability conditions of the mentioned results all depend on the duration and frequency parameters of DoS attacks, which is, if not possible, difficult to be checked, as the attacks are purposely designed by hackers and thus out of our control. On the other hand, as a typical class of nonlinear systems, the Euler-Lagrange system has been used to model a variety of networked robotic systems in engineering [13–15]. With the gradual manifestation of the advantages of networked control systems, how to achieve consensus of networked Lagrangian systems has been an important issue to be addressed. Many control strategies have been proposed to solve the leaderless and leader tracking problems of a Lagrangian network in the presence of certain constraints on system or communication models [13, 15–17]. To our best knowledge, how to solve the resilient leader tracking problem of multiple Euler-Lagrange systems under DoS attacks has not been well explored. In fact, solving such a problem faces three major challenges. The first one is how to counteract the effects of DoS attacks on the nonlinearities of networked Lagrangian systems, which are difficult to be addressed by directly employing the existing resilient control approaches proposed for linear multi-agent systems [13, 15, 16]. As for the second challenge, the existing adaptive control approaches for handling the physical constraints or communication constraints in networked Lagrangian systems mentioned above still cannot deal with the leader-tracking problem under DoS attacks [13, 15–17]. This is because neither physical nor communication constraints can reflect the malicious nature of DoS attacks, since attack strategies are often carefully designed by hackers [5, 18, 19]. The third one is how to relax the consensus conditions depending on the parameters related to the durations and frequencies of DoS attacks in the sampling control framework [5, 18]. To overcome these difficulties, in this chapter, we propose a distributed leader tracking control scheme for the networked Lagrangian systems that is resilient to DoS attacks. The contributions of this chapter are summarized as follows: 1. A novel resilient leader tracking control scheme is proposed for the nonlinear networked Lagrangian systems in the presence of DoS attacks. Compared with the consensus control problem for linear systems [6, 7, 20], the complicated nonlinearities in system dynamic need to be handled by using adaptive compensation. 2. Under the proposed control scheme, a weaker assumption on the boundedness of durations and frequencies of DoS attacks is proposed. Compared with the DoS model in [5, 18], the assumptions on requirements of the specific attack frequency and duration parameters are removed. 3. Based on an improved multidimensional small gain approach, sufficient conditions for the stability and convergence of closed-loop systems are established. Compared with the approaches used in [18, 20], the complicated LMI conditions are avoided and thus no longer required.

4.2 Preliminaries and Problem Statement

97

The outline of this chapter is given as follows. Preliminaries and problem are formulated in Sect. 4.2. Section 4.3 presents the main results and their proofs. The simulation results given in Sect. 4.4 illustrate the proposed scheme and verify the established theoretical results. Finally, Sect. 4.5 concludes the chapter.

4.2 Preliminaries and Problem Statement 4.2.1 Networked Robotic Systems In this chapter, the following networked robotic systems with N subsystems indexed by .i ∈ N Δ {1, 2, . . . , N } are considered M i q¨i + C i (qi , q˙i )q˙i + Gi (qi ) = τ i ,

.

(4.1)

where .qi , q˙i ∈ Rn are the states of agent i, .M i ∈ Rn×n , .C i (qi , q˙i ) ∈ Rn×n , n are the positive definite inertia matrix, centripetal and coriolis .Gi (qi ) ∈ R torques matrix, and the gravitational torque, respectively. .τ i ∈ Rn is the control torque to be designed. The Euler-Lagrange system in (4.1) enjoys the well-known Properties 2.1–2.3. Remark 4.1 Properties 2.1–2.3 are three general properties for Euler-Lagrange system in (4.1), which has been widely used to model mechanical and robotic systems, such as link-based manipulators [21] and vehicle-like robots [22]. Leader tracking is an important issue in coordination control of networked robotic systems. To achieve synchronized tracking of the Lagrangian networks, the dynamics of the leader is considered as ┌ .

q˙l q¨l

┐

┌

q =A l q˙l

┐ (4.2) ┌

┐ 0N IN are states of the leader and .A = where .ql , q˙l ∈ ∈ R2n×2n with A2 A1 n×n and .A ∈ Rn×n being system matrices, which satisfy the following .A1 ∈ R 2 assumption. Rn

Assumption 4.1 .Re(λl ) = 0 for any .λl ∈ spec(A). Remark 4.2 Assumption 4.1 is often used to describe the leader dynamics without loss of generality, e.g., [23], due to (4.2), can represent a general class of timevarying reference trajectory. For the case that .A1 = A2 = 0N , the leader has a constant velocity. If .Re(λl ) < 0, the corresponding dynamics of the leader will decay to zero exponentially. If .Re(λl ) > 0, the leader’s states will be exponentially divergent and thus make no sense. For simplicity, these cases are excluded.

98

4 Secure Tracking for Networked Robotic Systems Under DoS Attacks

In this chapter, the communication is directional in Lagrangian network, which is modeled by a graph .G = (N0 , E, A). The vertex and edge sets are .N0 = N ∪ {0} and .E ⊆ {(i, j )|i, j ∈ N0 , i /= j }, respectively, where node 0 represents the leader. For edge .(j, i) ∈ E, we say the node i can obtain information from its neighbour node j , but not vice versa. From (4.2), .(i, 0) ∈ / E for .i ∈ N . If a graph .G has a vertex that can reach all other vertices through a directed path, then we say .G contains a directed spanning tree. For .G = (N , E, A), .A = [aij ] ∈ R(N +1)×(N +1) as the weighted adjacency matrix with .aij = 1 for any .(i, j ) ∈ E; .aij = 0, otherwise. The Σ degree matrix is represented by .D = diag(κ i ) with .κ i = N i=0 aij . The Laplacian .L(G) = D − A associated .G has the following form: ┐ 0 01×n , .L(G) = Lf l Lff ┌

(4.3)

where .Lff is a nonsingular M-matrix. Then for the Lagrangian network, the following assumption is given. In a directed graph, it is said that agent j can receive information from agent i for any .(i, j ) ∈ E, but not vice versa. If there is a directed path for any two nodes in graph .G, then .G is said to be strongly connected. If the directed topology .G(V, E) contains a spanning tree, the consensus equilibrium is equal to the weighted average of the initial conditions of those agents that have a directed path to all other agents. In contrast, the directed topology should be a strongly connected and balanced graph to achieve average consensus [24], which means all nodes in the graph have the same in-degree and out-degree. In this chapter, the leader tracking problem is considered, where the graph condition is given as follows. Assumption 4.2 The communication network .G = (N , E, A) contains a directed spanning tree with node 0 being the root. From (4.1) and (4.2), the leader tracking problem of networked robotic systems is formulated as follows: Resilient Leader Tracking Problem Given the directed robotic network (4.1) with a time-varying leader (4.2), we aim to design a distributed aperiodic asynchronous sampling control scheme to achieve resilient leader tracking for networked robotic systems under DoS attacks, i.e. .

lim (qi − ql ) = 0, lim (q˙i − q˙l ) = 0, i ∈ N .

t→∞

t→∞

(4.4)

Remark 4.3 Based on the formulated problem, the control signals of different agents are allowed to be updated in discrete time aperiodically and asynchronously and remain unchanged by using a Zero-Order-Holder (ZOH) during two sampling instants.

4.2 Preliminaries and Problem Statement

99

4.2.2 DoS Attacks The DoS attacks block the normal communication channels. Since the energy of the attackers is limited, the DoS attacks are assumed to occur in different intervals over .[t1 , t2 ], and the details can be seen in Sect. 2.4. Then the attacked and non-attack intervals for each channel can be rewritten as Dij (t1 , t2 ) = ∪T (αp )⊆E ,(i,j )∈T (α p ) ΞT (t1 , t2 ), .

(4.5)

T¯ij (t1 , t2 ) = ∪T¯ (αp )⊆E ,(i,j )∈T¯ (α p ) ΞT (t1 , t2 ).

(4.6)

.

It is easy to conclude that the attack mode is a subset of .Na . For any agent i, it is possible to detect whether the channel is attacked through active sampling. If no signal is sampled, the channel is determined to be attacked; otherwise, the channel is explained not under attack. In this context, define the k-th sampling time as .tijk for agent i on channel .(i, j ) such that there exists a subsequence 0 1 2 3 0 .Tij (t1 , t2 ) = {t , t , t , t , . . .} with .t ij ij ij ij ij = t1 and .k ∈ N0 . Note that .Tij (t1 , t2 ) is a strictly increasing infinite sequence. Then for the DoS attacks, the following assumption is given. Assumption 4.3 (DoS Attacks) For .t ∈ [t1 , t2 ], .(i, j ) ∈ E, the duration and frequency of the DoS attacks on communication channel .(i, j ) are bounded. Remark 4.4 Assumption 4.3 presents some constraints on the boundness of durations and frequencies of the DoS attacks on channel .(i, j ). Mathematically, Assumption 4.3 derives that .T¯ij (t1 , t2 ) ∩ Tij (t1 , t2 ) /= ∅,which means the sampling interval between two successful sampling time is bounded under DoS attacks, i.e., k+1 .t − tijk ≤ Δi∗ with .Δi∗ ∈ R+ . In existing results such as those in [5–7, 18, 25], ij some parameters related to the duration and frequency of the DoS attacks are needed in their stability conditions, which are difficult to check. Different from these results, we do not need to know such parameters including the bounds for the duration and frequency of the DoS attacks. This chapter will continue to use the results in Lemma 2.3 to design secure coordination controller for networked robotic systems under the hierarchical control framework. Lemma 2.3 provides some conditions for the asymptotical convergence of the MIMO nonlinear system (1.18) under DoS attacks. Intuitively, the multidimensional small gain technique can also be used to get the results in Lemma 2.3. Next, we will use the conditions in Lemma 2.3 in designing the resilient controllers for networked robotic networks in (4.1) to achieve the leader tracking in (4.4) under DoS attacks.

100

4 Secure Tracking for Networked Robotic Systems Under DoS Attacks

4.3 Secure Control Scheme Design and Resilience Analysis 4.3.1 Resilient Control Scheme This subsection will firstly present the resilient control scheme. The following wellknown form of adaptive control law will be used to control agent i [16, 26], ⎧ .

τ i = −Ki si + Yi Θˆ i , Θ˙ˆ i = −Φi Y T si ,

(4.7)

i

where .Yi Δ Yi (qi , q˙i , η˙ i , η¨ i ), .Ki ∈ Rn is a matrix containing positive control gains, and .Φi > 0 is a symmetric gain matrix. .Θi is an unknown vector associated with the system parameters of i-th agent given in Property 2.3. In this chapter, .Θˆ i is used to estimate .Θi . An adaptive control law in the second equation of (4.7) is proposed to update .Θˆ i . .si = q˙i − η˙ i with .ηi being a reference vector to be designed. Next, how to design the vector .ηi is the key to solve the formulated resilient leader tracking problem. As discussed above, the sample-based resilient control approach for linear systems [6, 7, 20] cannot address this issue due to the complicated nonlinearities. Inspired by Persis and Tesi [5], where ISS approach was used for resilient analysis in linear systems, we can solve this problem by constructing .ηi to make the closed-loop system satisfy the conditions in Lemma 2.3. To this end, define .zi (t) = [qiT (t), ν Ti (t)]T ∈ R2n , .zl = [qlT , ν Tl (t)]T with .ν l (t) = q ˙l , then the reference vector .ηi and the leader velocity estimate .ν i are designed as ┌ .

η˙ i ν˙ i

┐

┌ =A

qi νi

┐

⎛┌ − kil

qi νi

┐

⎞ − ζi ,.

ζ ζ˙ i = Aζ i − ki (ζ i − ξ i ), .

ξ˙ i = Aξ i −

ξ ⎛ ⎛ ⎞⎞ ki Σ N ∗ β ij (t) ξ i − zij tijk , j =0 κi

(4.8) (4.9) (4.10)

where .ζ i ∈ R2n , .ξ i ∈ R2n are auxiliary variables, .A is the leader’s system matrix, Σ ζ ξ and .kil , .ki , .ki ∈ R+ are control gains to be determined. .κ i = N j =0 aij /= 0 under ∗ is defined Assumption 4.2. .tijk is the sampling time under Assumption 4.3, and .zij as ⎛ ⎞ ⎛ ⎞ k ∗ k .zij tij (4.11) = eA(t−tij ) zij tijk , j ∈ N0 ,

4.3 Secure Control Scheme Design and Resilience Analysis

101

which can be seen as an approximation or a prediction of .zij (t) based on the most recent information from the j -th agent at instant .tijk . A similar idea is also used in [27]. In addition, the dynamic gain in (4.10) is defined as ⎧ β ij (t) =

.

aij , t ∈ Dij (t1 , t2 ), 0, t ∈ Tij (t1 , t2 ).

(4.12)

That is, if a channel has a DoS attack, the corresponding neighbor’s information transmitted from the channel is set to zero, while the controller exchanges information normally with the un-attacked channels. Then the resilient leader tracking problem can be solved if .zi (t) − zl (t) → 0 and .q˙i (t) − ν l (t) → 0 for all .i ∈ N . The asynchronous and aperiodic sampling neighbour states of agent i are used by adapted using the above switching gain during different durations. Remark 4.5 Note that each agent involves the leader’s dynamics matrix .A, which is reasonable in trajectory tracking control. If .A is not available for all the followers in some cases, the following observer can be used to estimate the leader dynamics: ˙ Aˆ i =

N Σ

.

β ij (t)(Aˆ j − Aˆ i )

j =0

where .Aˆ i is the estimate of .A in agent i, .Aˆ 0 = A. The observer has been used for leader dynamics estimates in both static and switching communication topology [23, 28]. Remark 4.6 From the implementation point of view, the proposed control design is a model-dependent approach, which has been widely used in mobile robotic systems and manipulator systems, e.g., [15–17]. In addition, the proposed controller is constructed by using the designed auxiliary system for each subsystem and the sampling data from its neighbours. With the development of computer and distributed computing technology, it’s possible to apply the proposed approach into engineering. From the computational point of view, the proposed control approach does not require a large amount of calculation. For the proposed controller, it is easy to be realized by using an embedded computing unit, such as the onboard computer. Due to the limitation of the hardware platform, we will focus on the experimental test in the future. Remark 4.7 The sampling process can be asynchronous and aperiodic for different agents. There are some potential excellent algorithms that can extend the framework, such as the event-based fault detection scheme in [29]. How to achieve resilient leader tracking based on an event-based attack detection scheme is an interesting research direction. This idea is prominent in resilient control against other types of cyberattacks such as replay attacks and false data injection attacks. Remark 4.8 The sampling sequence .Tij (t1 , t2 ) can be arbitrarily chosen as long as that .Δi∗ is bounded. Unlike the simultaneous sampling over the whole multi-

102

4 Secure Tracking for Networked Robotic Systems Under DoS Attacks

agent network in [7], the sampling process of this chapter can be asynchronous and aperiodic. In addition, the switching gain in (4.12) means that when a DoS attack occurs, the information in corresponding channels will be discarded. Note that the basic principle of proposed control scheme design is when the communication is normal, the agent tends to the leader’s trajectory. When the communication is blocked, the agent maintains the same dynamic as the leader’s with different phases and amplitudes. That is, no matter whether there is a DoS attack, the closed-loop system will not diverge under the proposed resilient control scheme, which makes Assumption 4.3 reasonable. This idea is inspired by the act-and-wait control strategy for linear time-delay systems [30].

4.3.2 Resilient Analysis of the Control Scheme The result for resilient leader tracking is given as follows. Theorem 4.1 (Resilient Leader Tracking under DoS Attacks) Suppose Assumptions 4.1–4.3 hold. Under the adaptive controller (4.7)–(4.12), the networked Lagrangian systems in (4.1) can asymptotically achieve resilient leader tracking in the presence of DoS attacks, i.e., .(qi (t) − ql (t)) → 0, .(q˙i (t) − q˙l (t)) → 0, for all .i ∈ N . Proof In order to apply the results in Lemma 2.3, we need to prove that the closedloop system under the proposed control scheme satisfies the three conditions in Lemma 2.3, that is, C1: The closed-loop system is ISS and IOS. C2: The input-output condition in (2.39) is satisfied. C3: The gain condition .λ(Γ ) < 1 is satisfied. First of all, we will explore the closed-loop systems over .[t0 , t]. Then according to (4.8), we have z˙ i (t) = Azi − kil (zi − ζ i ) + s¯i (t),

.

(4.13)

where .s¯i (t) = [siT (t), 0Tn ]T ∈ R2n . Define .ezi = zi − zl , .eζ i = ζ i − zl and .eξ i = ξ i − zl , then the error dynamics under the proposed control law (4.7)–(4.12) can be written as ˜ s˙i = M −1 i (Yi Θi − C i (qi , q˙i )si − Ki si ), .

.

Θ˙˜ i = −Ωi YiT si , . e˙zi =

Aezi − kil (ezi

(4.14) (4.15)

− eζ i ) + s¯i , .

(4.16)

4.3 Secure Control Scheme Design and Resilience Analysis ζ

e˙ζ i = Aeζ i − ki (eζ i − eξ i ), . e˙ξ i = Aeξ i −

ξ ki

Σ N j =0

κi

103

(4.17)

⎛ ⎛ ⎞⎞ ∗ β ij (t) eξ i − zij tijk .

(4.18)

It can be seen that the closed-loop system (4.14)–(4.18) is of a cascade form. Consider an orthogonal matrix .S ∈ R2n×2n such that .SAS T = Λ and .Λ ∈ 2n×2n R has a upper triangular form as follows: ⎡

Λ11 Λ12 ⎢ Λ22 ⎢ .Λ = ⎢ ⎣

... ... .. .

⎤ Λcc Λ2c ⎥ ⎥ .. ⎥ , . ⎦

(4.19)

Λcc Σ where .Λll ∈ Rnl ×nl , .l = 1, · · · , c, . cl=1 nl = 2n. The integer .nl is either 1 or 2, that is, .Λll , .l = 1, · · · , c, may be a real number corresponding to a specific eigenvalue of .A, or a real .2×2 matrix with complex conjugate roots of .A. The lower part of the diagonal .Λll is all zeros. The other elements .Λlh¯ , for .l = .1, . . . , c − 1 and .h¯ = l + 1, . . . , c, have appropriate dimensions. Note that for real matrix .A, such S matrix always exists. Then for system (4.16)–(4.18), defining .z˜ i = Sezi , .ζ˜ i = Seζ i and .ξ˜ i = Seξ i , we have the following error transformation dynamics: z˙˜ i =Λ˜zi − kil (˜zi − ζ˜ i ) + s˜i , .

(4.20)

ζ ζ˙˜ i =Λζ˜ i − ki (ζ˜ i − ξ˜ i ), .

(4.21)

.

ξ N ⎛ ⎛ ⎞⎞ k ki Σ β ij (t) ξ˜ i − eΛ(t−tij ) z˜ j tijk . κi

ξ˙˜ i =Λξ˜ i −

(4.22)

j =1

where .s˜i Δ S s¯i . It can be seen that the closed-loop system (4.14), (4.15), (4.20)– ˜ ˜ ˜ (4.22) can be considered as a MIMO ⎛ ⎞ system with the states .si , .Θi , .ζ i , .ξ i , the j 1 Σ N Λ(t−tki ) z˜ j tk , and the output .z˜ i . With the upper triangle inputs . κ i j =1 β ij (t)e matrix (4.19), the exponential function in (4.22) has the following form: ⎤ eΛ11 ɛ T12 (ɛ) · · · T 1c (ɛ) ⎢ eΛ22 ɛ · · · T 2c (ɛ) ⎥ ⎥ ⎢ =⎢ .. ⎥ .. ⎣ . . ⎦ ⎡

eΛɛ

.

eΛcc ɛ

(4.23)

104

4 Secure Tracking for Networked Robotic Systems Under DoS Attacks

with .ɛ ∈ R. The elements .Tlh¯ have appropriate dimensions for .l = .1, . . . , c − 1 and h¯ = l + 1, . . . , c. Note that .Tlh¯ can be inferred directly from (4.19). Note that we do not need to know the specific form of .Tlh¯ in the later analysis. Next, we will prove the conditions C1–C3 step by step.

.

Part 1: ISS and IOS Condition Consider the following Lyapunov function for (4.14) and (2.18): 1 Σ T si M i si + Θ˜ iT Ω−1 Θ˜ i . 2 N

W (t) =

.

(4.24)

i=1

Differentiating (4.24) gives N ⎛ Σ

W˙ (t) =

.

i=1 N ⎛ Σ

=

1 ˙ i (qi )si − Θ˜ iT Ω−1 Θ˙ˆ i siT M i (qi )˙si + siT M i 2 ⎛ siT

i=1

= − Ki

N Σ

⎞

⎞ Σ ⎞ N 1 ˙ Θ˜ iT YiT si M i (qi ) − C i (qi , q˙i ) si − Ki si + siT Yi Θ˜ i − 2 i=1i

siT si ≤ 0,

(4.25)

i=1

where the second equality is derived by using Property 2.2. Then we have .si ∈ L∞ and .Θ˜ i ∈ L∞ . Further differentiating .W˙ (t) yields W¨ (t) = −Ki

N Σ

.

˜ siT M −1 i (Yi Θi − Ki si − C i (qi , q˙i )si ).

(4.26)

i=1

Then from Property 2.1 and .si ∈ L∞ , the conclusion that .W¨ (t) ∈ L∞ is derived [28, 31]. In addition, from Barb˘alat lemma [32, Lemma 8.2], it is concluded that ˙ (t) → 0 and .si → 0 as .t → ∞, if .η˙ i ∈ L∞ and .η¨ i ∈ L∞ . .W Next, we will prove that .η˙ i ∈ L∞ and .η¨ i ⎛∈ L∞⎞ . By solving differential equations Σ A t−tijk in (4.2), it yields .zl (t) = κ1i N zl (tijk ) for all .i ∈ N . By exploring j =0 β ij (t)e (l)

the subsystems of (4.20)–(4.22) with the upper triangular matrix (4.23), define .z˜ i ∈ (l) (l) Rnl , .l = 1, . . . , c, as the .l-th element of .z˜ i corresponding to .Tll , and .ζ˜ i , .ξ˜ i and (l)

s˜i are similarly defined for .i ∈ N . Then the .l-th part of subsystems (4.20)–(4.22) can be written as ⎧ (l) ( ) (l) (l) (l) ⎪ z˙˜ = ⎛Λll − kil Inl ⎞z˜ i + kil ζ˜ i + ϕ i , ⎪ ⎨ i (l) (l) ζ (l) ˙ζ˜ (l) = Λ − k ζ I ˜ ˜ .Ξl : (4.27) ll i i n l ⎞ ζ i + ki ξ i + φ i , ⎛ ⎪ ⎪ (l) ξ (l) (l) ⎩ ξ˙˜ (l) = Λ − k ξ I ξ˜ + k τ˜ + ψ ,

.

i

ll

i nl

i

i

i

i

4.3 Secure Control Scheme Design and Resilience Analysis

105

where c Σ

ϕ (l) si(l) + i Δ˜

.

Λlh¯ z˜ i(h¯ ) , φ (l) i Δ

l0 ∩μ(E)=0 ¯ m ¯ co(f ¯ (B(x, δ) − E), t), then it is said that .x(t) ∈ R is a Filippov solution of .f (x, t) on .[t0 , t1 ], where .B(x, δ) denotes an open ball centered at x with radius .δ, .co ¯ denotes convex closure, and .μ denotes Lebesgue measure.

5.2.3 Jamming Attacks The jamming attacks will block the normal communication between the robots. For channel .(i, j ) ∈ E, the union of all jamming attack durations is denoted by .Dij (t0 , t1 ) over time interval .[t0 , t1 ]. The channel set under jamming attacks is defined as T (t) = {(i, j ) ∈ E|t ∈ Dij (t0 , t1 )},

.

(5.3)

5.2 Preliminaries and Problem Statement

123

while channel set without attacks is denoted by .T¯ = E\T (t). Then the time interval in different attack durations can be denoted by ΞT (t0 , t1 ) Δ (∩(i,j )∈T Dij (t0 , t1 )) ∩ (∩(i,j )∈T¯ D˘ ij (t0 , t1 )),

.

(5.4)

where .D˘ ij (t0 , t1 ) = [t0 , t1 ]\D(i,j ) (t0 , t1 ). The jamming attack mode can be indexed by .ΞT (t0 , t1 ). Define .α p (p ∈ Na Δ {1, 2, . . . , 2|E | }) as the time instant that attack pattern switches, it yields .

∪T (α p )⊆E ΞT (t1 , t2 ) = [t1 , t2 ].

(5.5)

Then for the channel .(i, j ) ∈ E, the time intervals with and without attacks can be respectively modeled by Dij (t0 , t1 ) = ∪T (αp )⊆E ,(i,j )∈T (α p ) ΞT (t0 , t1 ), .

(5.6)

T¯ij (t0 , t1 ) = ∪T¯ (αp )⊆E ,(i,j )∈T¯ (α p ) ΞT (t0 , t1 ).

(5.7)

.

In the context of sampling communication, the sampling intervals in the absence and presence of jamming attacks can be different. Define the k-th sampling time as .tik for agent i such that there exists a subsequence .Tij (t0 , t1 ) = {ti0 , ti1 , ti2 , ti3 , . . .} with 0 .t i = t1 and .k ∈ N0 . Note that .Tij (t0 , t1 ) is a strictly increasing infinite sequence. For agent i, it is easy to detect whether the channel is under attacked by sampling. If no signal is sampled, the channel is said to be attacked. Obviously, if the attack frequency is synchronized with the sampling frequency or the attack duration lasts with the system running time, then any communication will not be available. To avoid these cases, the following assumption is given. Assumption 5.3 (DoS Attacks) For .t ∈ [t0 , t1 ], .(i, j ) ∈ E, the duration and frequency of the jamming attacks on communication channel .(i, j ) are bounded. Remark 5.1 Note that [23, 24, 31, 32] used the same jamming attack model, where the duration and frequency are bounded and constrained by some specific parameters. As stated in [23], the switched system method is used to analyze the resilience of closed-loop system under different modes: attacked mode and unattacked mode. In this context, sufficient conditions are derived based on the specific parameters of the DoS duration and frequency. Due to the malicious nature of the jamming attacks, the switching patterns of the communication channels are usually unpredictable and irregular. The specific parameters of the DoS attacks may be unknown and thus the sufficient conditions cannot be checked before the system starts operation. In this chapter, we propose a novel adaptive control algorithm based on a cascaded auxiliary system. Under the proposed control scheme, the impact of the attack is decoupled from the control input, and the closed-loop system is still convergent according to the most recently updated state during the DoS duration, which removes the requirements of the specific attack frequency and duration

124

5 Jamming-Resilient Coordination of Networked Robotic Systems. . .

parameters. In addition, the assumption on the boundness of the DoS duration and frequency is reasonable due to the limitation on the attacker’s energy.

5.3 Adaptive Secure Coordination and Stability Analysis 5.3.1 Cooperative Control Design for Networked Robotic Systems In this subsection, the coordination controller is firstly designed. Adaptive tuning laws are proposed to compensate for the system uncertainties by using the third property of the system dynamics. By designing a novel cascaded auxiliary system for each subsystem, the effects of nonlinear dynamics and jamming attacks are decoupled. Then the resilience to arbitrary jamming attacks that satisfy Assumption 5.3 can be guaranteed. According to the Lyapunov function approach, the following adaptive control law for designing .τ i of the i-th subsystem is obtained based on the chosen Lyapunov function in (5.23): τ i = − kis si + Yi (qi , q˙i , ηi , η˙ i )θˆ i

.

− kiω sign(si )γ − ωˆ i sign(si ), . θ˙ˆ i = − Ωi YiT (qi , q˙i , ηi , η˙ i )si , . ω˙ˆ i = ||si || ,

(5.8) (5.9) (5.10)

where .kis , kiω ∈ R+ are control gains, .0 < γ < 1. .Yi (qi , q˙i , ηi , η˙ i ) is a known regressor matrix given in (2.2). .θˆ i , ωˆ i are the estimates of the unknown parameter ˜ i = θ i − θˆ i , .ω˜ i = ωi − ωˆ i , .θ i , ω i , where the estimation errors are defined as .θ respectively. .Ωi is a positive definite control gain matrix. The vector .si is defined as .si = q ˙i −ηi . It is noteworthy that the resilient control algorithm for the linear system in [32–35] cannot be directly used for the nonlinear networked Lagrangian system due to the coupled effects from the complicated nonlinearities and the jamming attacks. To overcome this difficulty, the following auxiliary systems are designed for the reference vector .ηi based on the ISS property of a dynamic system: η

ψ

η˙ i = −ki ηi − ki (qi − ψ i ), .

.

ψ ψ˙ i = −ki (ψ i − ϑ i ), . ⎛ ⎛ ⎞⎞⎞ ⎛ ⎛ ⎛ ⎞⎞ ΣN ϑ˙ i = −kiϑ , a¯ ij (t) Q ϑ i tki − Q ϑ j tki j =1

(5.11) (5.12) (5.13)

5.3 Adaptive Secure Coordination and Stability Analysis η

125

ψ

where .ki , ki , kiϑ ∈ R+ are positive control gains to be determined later. .Q(·) is the quantized operator. .tki is the k-th sampling time of the i-th subsystem, .k ∈ Z. Note i − tki } are bounded away from zero, that the inter-sampling times .Δ∗i = mink {tk+1 which is necessary for the existence of a unique Carathèodory solution for (5.13); therefore, .kiϑ is chosen as .kiϑ = k/(|Ni | Δ∗i ) with .k ∈ (0, 1). The jamming attacked induced edge weight .a¯ ij (t) is defined as ⎧ a¯ ij (t) ∈

.

[amin , amax ], t ∈ Dij (t0 , t1 ), 0, t ∈ T¯ij (t0 , t1 ),

(5.14)

where .aij (·) : R+ → {0} ∪ [amin , amax ] is a measurable function with .0 < amin ≤ amax , which can represent the signal strength in channel .(i, j ).⎛ Under the switching t edge weights, define the edge .E∞ = {(i, j ) ∈ E : limt→+∞ t0 aij (s)ds}, .∀t0 ≥ 0 with ⎛⎛ ⎛ t

.

lim

t→+∞ t 0

aij (s)ds = lim

t→+∞

s∈Dij (t0 ,t)

aij (s)ds

⎛ +

s∈T¯ij (t0 ,t)

⎞

aij (s)ds

⎛

= lim

t→+∞ s∈D (t ,t) ij 0

aij (s)ds

= +∞. Thus, for .∀t0 ≥ 0, we have ⎧

⎛

E∞ = (i, j ) ∈ E : lim

.

t→+∞ s∈D (t ,t) ij 0

⎫ aij (s)ds = +∞ ,

(5.15)

which is important for the resilience analysis in the presence of jamming attacks. Note that Eq. (5.13) provides a consensus reference for each subsystem by using the quantized sampling data. Under the proposed control scheme, the subsystem can track this reference to achieve practical synchronization with/without jamming attacks. Specifically, it can be seen from (5.8)–(5.13) that the jamming attacks only affect the coordinated reference dynamics (5.13). The basic principle of the proposed control scheme design is when the communication is normal, the agent tends to the practical consensus. When the communication is blocked, the i-th agent will track its current reference .ϑ i (t) and waits for the updating of reference dynamics signal .ϑ˙ i (t). To have an overview on the designed closed-loop system, the overall framework of the proposed resilient control scheme is presented in Fig. 5.1. Remark 5.2 Unlike the traditional cooperative control methods used in [36] and [15], where the consensus protocol is directly used in the control input, this chapter

126

5 Jamming-Resilient Coordination of Networked Robotic Systems. . .

Fig. 5.1 Overall framework of the proposed resilient control scheme

presents an adaptive controller with a cascaded auxiliary system, in which a firstorder sampling quantized consensus protocol is embedded. Under the proposed control scheme (5.8)–(5.13), it can be seen that the nonlinear system dynamics with external disturbances are decoupled with the effects of the jamming attacks. Thanks to the cascaded form of the auxiliary system, the jamming resilience of the networked Lagrangian systems depends on the embedded single-integral quantized sampling coordination algorithm in (5.13). In addition to decoupling the impact of the attacks from the nonlinear system dynamics, another potential benefit is that the proposed control framework can easily integrate the consensus results of firstorder systems due to the cascaded structure of the auxiliary system. The control design procedure is shown in Table 5.1. Different from the traditional adaptive control protocols used in [10, 27], the external disturbances and the jamming attacks are considered. Also different from the previous works in Chaps. 2 and 3, a novel cascaded form of auxiliary system is proposed. Under the scheme, the assumptions on the jamming frequencies and durations are relaxed, which will be shown later. Remark 5.3 Compared with the works in Chap. 2, apart from different assumptions on the jamming frequencies and durations, this chapter also relaxes the assumption on the sampling interval. Benefiting from the embedded single-integral quantized sampling scheme (5.13), each agent can select its own sampling interval .Δ∗i and time without requiring to synchronize them with other agents. This is different from the one used in [35], where the sampling process of the whole network should be synchronized for all the agents. In addition, from the perspective of stabilizing

5.3 Adaptive Secure Coordination and Stability Analysis

127

Table 5.1 Design of control input .τ i for subsystem .i ∈ N

• Input: Quantized sampling data .Q(ϑ i (tki )), .Q(ϑ j (tki )). .• Output: Adaptive control law for each subsystem. 1: Communication layer: The quantized sampling data .Q(ϑ j (tki )) from neighbors. 2: Auxiliary system: ψ η .η ˙ i = −ki ηi − ki (qi − ψ i ) ˙ i = −k ψ (ψ i − ϑ i ) .ψ i Σ ˙ i = −k ϑ N .ϑ ¯ ij (t)(Q(ϑ i (tki )) − Q(ϑ j (tki ))) j =1 a i .

3: Adaptive control law: s .τ i = −k si + Yi (qi , q ˙i , ηi , η˙ i )θˆ i − kiω sign(si )γ − ωˆ i sign(si ) i ˙ˆ = −Ω Y T (q , q˙ , η , η˙ )s .θ i i i i i i i i ˙ˆ i = ||si || .ω an individual single subsystem, the subsystem is still convergent even though the sampling interval .Δ∗i is chosen to be arbitrarily large. For example, when .Δ∗i → ∞, the channel can be considered as under DoS attacks, which means .a¯ ij (t) = 0 as shown in (5.14). But from the perspective of synchronization control, the sampling interval .Δ∗i cannot be arbitrarily large. When .Δ∗i → ∞, the i-th agent cannot receive information from neighbor j and the synchronization will not be guaranteed. Thus, the frequency and duration of the jamming attacks need to be bounded, as i stated in Assumption 5.3. The inter-sampling times .Δ∗i = mink {tk+1 − tki } are also needed to be bounded away from zero, which is necessary for the existence of a unique Carathèodory solution for (5.13).

5.3.2 Stability Analysis In this subsection, the closed-loop system in the absence and presence of jamming attacks is respectively analyzed. Due to the fact that the closed-loop system has a cascaded form, it allows us to analyze the stability of each subsystem separately. The convergent practical synchronization result in the absence of DoS attacks is similar to the result in [30] and directly given in Lemma 5.1, where the detailed proof can be found in [30]. The following theorem is now given. Theorem 5.1 Under Assumptions 5.1 and 5.2, the networked Lagrangian systems modeled by (5.1) can achieve practical synchronization by using the adaptive control scheme (5.8)–(5.13) in the presence of any jamming attacks that satisfy Assumption 5.3.

128

5 Jamming-Resilient Coordination of Networked Robotic Systems. . .

Proof Define the error variables .q˜i = qi − ψ i , .ψ˜ i = ψ i − ϑ i , and then the closedloop systems can be written as ⎛ s˙i =M −1 (q ) −kis si − C i (qi , q˙i )si + Yi θ˜ i i i ) +di − kiω sign(si )γ − ωˆ i sign(si ) , .

(5.16)

θ˙ˆ i = − Ωi YiT si , .

(5.17)

ω˙˜ i = − ||si || , .

(5.18)

.

ψ

η

η˙ i = − ki ηi − ki q˜i , .

(5.19)

ψ q˙˜i =si + ηi + ki ψ˜ i , .

(5.20)

ψ ψ˙˜ i = − ki ψ˜ i − ϑ˙ i , . ΣN ϑ˙ i = − kiϑ a¯ ij (t)(Q(ϑ i (t)) − Q(ϑ j )), j =1

(5.21) (5.22)

where .Yi Δ Yi (qi , q˙i , ηi , η˙ i ). It can be seen that the closed-loop system has a cascaded form, which allows us to analyze the stability of each subsystem separately. Now consider the following Lyapunov function for subsystems (5.16)– (5.18): ⎞ 1 Σ⎛ T T si M i (qi )si + θ˜ i Ωi−1 θ˜ i + ω˜ 2i . 2 N

V1 (t) =

.

(5.23)

i=1

Then the derivative of (5.23) along the trajectory of the closed-loop system is V˙1 (t) =

.

⎞ N ⎛ Σ 1 ˙ i (qi )si − θ˜ Ti Ω −1 θ˙ˆ i − ω˜ Ti d ωˆ i siT M i (qi )˙si + siT M i 2 i=1

⎛ ⎞ N ⎛ Σ 1 ˙ T s ˜ si −ki − C i (qi , q˙i ) − Yi θ i + M i (qi ) si = 2 i=1

+ siT di − kiω siT sign(si )γ − ωˆ i siT sign(si ) N N ⎞ Σ Σ T θ˜ i YiT si − ω˜ Ti ||si || +siT Yi θ˜ i − i=1

i=1

5.3 Adaptive Secure Coordination and Stability Analysis

≤−

129

N ⎛ ⎞ Σ kis siT si + kiω siT sign(si )γ i=1

≤ − kis

N Σ

siT si .

(5.24)

i=1

where the second equality holds due to Property 2.2, the facts that .siT sign(si ) = ||si || and .siT sign(si )γ = ||si ||γ +1 > 0 are used to derive the fourth inequality. To furΣ T ther consider the second-order derivative of .V1 (t), we have .V¨1 (t) ≤ −kis N i=1 si s˙i , which suffices to show that both .si and .s˙i are bounded. According to the input-output property of the subsystems (5.19) and (5.20), we have | | | | | ηi (t) | −μ (t−t ) | ηi (t0 ) | | ≤e i 0 | | .| | q˜i (t) | | q˜i (t0 ) | ψ

+

k 1 sup |si (σ )| + i μi σ ∈[t0 ,t] μi

| | | | sup |ψ˜ i (σ )| .

σ ∈[t0 ,t]

(5.25)

where .μi is defined as .μi = − maxi (Re(μi1 ), Re(μi2 )), i ∈ N with .μi1 , μi2 being ψ ζ the roots of the quadratic equation .s 2 + ki s + ki = 0. It is clear that .μi > 0 for ψ ζ strictly positive .ki and .ki . Similarly, from (5.21), it yields .

| | | | ψ 1 |˜ | | | |ψ i (t)| ≤ −eki (t−t0 ) |ψ˜ i (t0 )| + ψ ki

| | sup |ϑ˙ i (σ )| .

σ ∈[t0 ,t]

(5.26)

That is, if .ϑ˙ i is bounded, then the cascaded auxiliary system is stable. It can be seen that the jamming attacks only affect the subsystem (5.22). Next, we will prove that ˙ i is bounded in the absence and presence of jamming attacks. Before giving the .ϑ analysis, we need the following lemma, where the stability of (5.22) in the absence of the jamming attacks is directly presented. Without loss of generality, the uniform quantizer is considered in this chapter. Lemma 5.1 ([30]) Under Assumptions 5.1 and 5.2, the trajectories of (5.22) satisfy that .ϑ i (t) ∈ {Q∞ − 2δ , Q∞ + 2δ } with .Q∞ = δZ for a uniform quantizer and any finite sampling period .Δ∗i > 0, .i ∈ N . Lemma 5.1 presents the conditions for practical synchronization for (5.22) without jamming attacks. Next, we will prove that (5.22) is also convergent in the presence of arbitrary jamming attacks that satisfy Assumption 5.3 in two steps by contradiction. Firstly, we show that once the node states reach the equilibrium set, they will never come out. Then we establish that the node states outside the equilibrium set will finally enter it even in the presence of jamming attacks.

130

5 Jamming-Resilient Coordination of Networked Robotic Systems. . .

Define a set .Ω = {sa : a ∈ Z} with .sa < sb if and only if .a < b. Letting Δmin = inf {|sa − sb | : a, b ∈ Z}, then .Δmin > 0. Note that for vector .ϑ i (t) ∈ Rn , the symmetry between different dimensions is explored. Without loss of generality, we only focus on the first entry of normal states .ϑ 1i (·) ∈ R and show that its agreement gap finally decreases to .s ∗ ∈ Ω. Define the following time-dependent node set: { ⎛ ⎛ ⎞⎞} 1 i tk , .Nz (t) = i ∈ N : zi ∈ KQ ϑ i (5.27)

.

where .zi ∈ R. To proceed, denote .M(tki ) and .m(tki ) as the maximum and minimum values among the first components of normal states at time .tki . That is, ⎛ ⎛ ⎞⎞ m(t) = min KQ ϑ 1i tki , .

(5.28)

⎛ ⎛ ⎞⎞ M(t) = max KQ ϑ 1i tki .

(5.29)

.

i∈N

i∈N

By definition, we have .M(t) ∈ Ω and also .m(t) ∈ Ω. Let .m(t0 ) = sm and .M(t0 ) = sM . From (5.22), it yields ˙ 1i (t) .ϑ

∈

⎧ ⎨Σ ⎩

⎛

a¯ ij (t)(zj − zi ) : zk ∈ KQ ϑ 1k (t)

j ∈N

⎫ ⎞⎬ ⎭

,

(5.30)

for almost every time t, .i ∈ N , .k ∈ Z. Note that .kiϑ is set to be one for simplicity. 1 It can be seen that for .i ∈ Nm(t) (t), .ϑ˙ i (t) ≥ 0 which leads to .m(t) ≥ m(t0 ) for all .t ≥ t0 . The conclusion that .M(t) ≤ M(t0 ) can be similarly deduced. Without loss of generality, the following proof will focus on the case that .m(t) will increase until the system reaches an equilibrium .s ∗ ∈ Ω such that .Ns ∗ = N in the presence of the jamming attacks. The same conclusion can be derived by U using similar analysis for M the argument based on .M(t). For this case, we have .N = ss=s Ns (t), .∀t ≥ 0. Let m c r .Ns (t) = Nsh (t) ∩ Nsh+1 (t) and .Ns (t) = Nsh (t)\Nsh+1 (t). Obviously, .Nsh (t) = h h Nsch (t) ∪ Nsrh (t). We now prove the following conclusion by contradiction: Nsrm (t2 ) ⊆ Nsrm (t1 ), ∀t2 ≥ t1 ≥ 0.

.

(5.31)

Let .ϑ 10 ∈ R be the discontinuity point of quantized sampling mechanism such that 1 i c .h ∈ Ns (t) if and only if .ϑ (t ) = x0 . Suppose there exists an agent .i ∈ N such h k m 1 1 that .ϑ i (t1 ) > ϑ 0 > ϑ i (t2 ), which leads to .ϑ 1i (t ' ) = ϑ 0 for .t ' ∈ (t1 , t2 ). Thus, ⎛ t2 1 1 ' 1 ' ˙ .ϑ (t2 )ϑ (t ) + i i t ' ϑ i (s)ds such that .ϑ i (t) < ϑ 0 for .t ∈ .(t , t2 ), which leads to r ˙ ˙ .ϑ i (t) < 0. However, since .i ∈ Ns (t), then necessarily .ϑ i (t) ≥ 0, which is a m contradiction. Thus, (5.31) is proved to be true for any agent k that reaches .Nsm (t)

5.3 Adaptive Secure Coordination and Stability Analysis

131

from the right. In addition, once the node states reach .sm , they will never move out, that is, they will no longer be affected by the jamming attacks. Next, we will prove that .ϑ 1i (t) will converge to .sm with jamming attacks. According to the definition in (5.27), given the following node set ⎛ + .Ns (t) m

M | |

=

⎞ Nsh (t) \Nsm (t),

(5.32)

h=m+1 + (t) = ∅, then .N (t) = N and the states in .Ns+m (t) are strictly greater than .sm . If .Nsm sm ∗ .s = sm , and the conclusion is derived, which is also explored by a contradiction. Temporarily assume that the graph .G is strongly connected, which will be removed later. That is, there is a directed path between any two nodes. Thus, there exists r .(i, j ) ∈ E∞ such that .i ∈ Ns (t0 ) and .j ∈ / Nsrm (t0 ). For .t ≥ t0 , we assume that m r r .i ∈ Ns (t) and .j ∈ / Nsm (t). Thus, m

ϑ˙ i (t) ≥ a¯ ij (t)(vj (t) − zi (t)),

.

(5.33)

where .vj (t) ∈ KQ(ϑ 1j (tki )) is a differential inclusion solution as shown in (5.30). Define .Dc = {t ≥ t0 : j ∈ Nscm (t)} and .D+ = {t ≥ t0 : j ∈ Ns+m (t)}, then under the jamming attack on channel .(i, j ) ∈ E∞ , it yields from (5.33) that ⎛ 1 .ϑ i (t)

ϑ 1i (t0 ) +

≥

t

a¯ ij (t)(vj (t) − zi (t))ds

t0

⎛ = ϑ 1i (t0 ) +

t∈Dij (t0 ,t)

a¯ ij (t)(vj (t) − zi (t))ds

⎛ = ϑ 1i (t0 ) + ⎛ +

Dc ∩Dij (t0 ,t)

D+ ∩Dij (t0 ,t)

a¯ ij (t)(vj (t) − zi (t))ds

a¯ ij (s)(vj (s) − zi (t))ds.

(5.34)

Under the considered quantized sampling scheme, define .α j (s) ∈ [0, 1] for .vj (s), and we have vj (s) = (1 − α j (s))sm + α j (s)sm+1

.

= sm + α j (s)(sm+1 − sm ).

(5.35)

132

5 Jamming-Resilient Coordination of Networked Robotic Systems. . .

Then (5.34) can be written as ⎛ 1 .ϑ i (t)

≥ϑ 1i (t0 ) + Δmin ⎛ + Δmin

Dc ∩Dij (t0 ,t)

D+ ∩Dij (t0 ,t)

a¯ ij (s)α j (s)ds

a¯ ij (s)ds.

(5.36)

Now, we show that the right-hand side of (5.36) will diverge to infinity as .t → ∞ such that the contradiction is derived. It can be seen that if .D+ has infinite measure, then .ϑ i (t) → ∞ as .t → ∞, ⎛which directly derive the contradiction to the fact that .ϑ i (t) ≤ M(t). Otherwise, . D+ ∩Dij (t0 ,t) a¯ ij (s)ds < ∞ with .a¯ ij ∈ [amin , amax ]

and .Dc has infinite measure. That is, whether .ϑ 1i (t) diverges depends on .α j (s). To 1 estimate the bound of .α j (s), consider the fact that .ϑ˙ k (t) = 0 for .k ∈ Nscm (t). For .s ∈ Dc , we have Σ ¯ j k (s)(vk (s) − sm ) ka Σ .α j (s) = (sm+1 − sm ) k a¯ j k Σ Σ ¯ j k (s)α k (s) + k∈Ns+ (s) a¯ j k (s) k∈Nscm (s) a m Σ ≥ a ¯ j k k amin β (s), (5.37) ≥ Namax k Σ where the fact that .x˙j (s) = k a¯ j k (vk (s) − vj (s)) and (5.35) are used. For edge + .(k, l) ∈ E∞ , .β k (s) = 1 for .l ∈ Ns (t) with an infinite measure; otherwise .β k (s) = m c α l (s) for .l ∈ Nsm (t) with an infinite measure. Under the temporary assumption on graph .G, there exist .s ∈ Dc ∪ D+ such that there is always a path from node j to a node in .Ns+m (s). By a recursive approach along the path, it holds that .α j (s) ≥ )N for .s ∈ Dc ∪ D+ . Then from (5.36), we have ( Naamin max ⎛

⎛ 1 .ϑ i (t)

≥

ϑ 1i (t0 ) + Δmin

Dc ∪D+ ∩Dij (t0 ,t)

amin

amin Namax

⎞N .

(5.38)

It can be seen that .ϑ 1i (t) diverges as .t → +∞, which derives the contradiction to 1 .ϑ (t) ≤ M(0) for all .t ≥ 0. Thus, there exists a time t such that .i ∈ / Nsm (t) and i r r .Ns (t) ⊆ Ns (0). Repeating this process for every node in the set .Nsm (0), it derives m m that .Nsm (t) = ∅. Then performing a similar operation on set .Nsrm , gradually expand to set .Nsrm+1 , .Nsrm+2 , . . .. It yields that there exists some time t such that .Nsrm+k (t) = ∅. Since .M(t) ≤ sM , this implies that there exists .s ∗ such that .Ns ∗ (t) = N , under the assumption of strong connectivity of .G. To remove the strong connectivity assumption on .G, consider that the graph .G satisfies Assumption 5.1. This may lead the argument for .Nsm (0) fail, that is, there may not be a path from node i to node j . In such a case, the nodes that can only

5.4 Simulation Results

133

receive information necessarily are a subset of .Nsm (0). Then, under Assumption 5.1, it is still possible to conclude that .m(t) ≥ sm by applying the analogous argument based on the maximal value .M(t). In conclusion, the variables .si → 0, .q˜i → 0, .ψ˜ i → 0 as .t → ∞. Then we have δ δ .qi = ψ i = ϑ i , .ϑ i (t) ∈ {Q∞ − , Q∞ + }. Thus, the practical synchronization is 2 2 achieved and the proof is completed. Remark 5.4 Under the proposed novel cascaded auxiliary systems, the external disturbances and the jamming attacks are dealt with respectively. Also, benefiting from the cascaded form of the auxiliary systems, the stability analysis is presented for different subsystems separately. Based on the switching edge weight (5.14), the embedded single-integral auxiliary system (5.22) adopts a wait-and-act strategy. When a jamming attack occurs, a corresponding channel is blocked and a sampling attempt is used to detect whether the attack ends and the auxiliary system (5.22) waits for the information updated and continues to converge to the equilibrium point. Remark 5.5 Since the auxiliary system decouples the effects of the jamming attacks from the dynamics of the system, weaker assumptions are presented, which does not need to know the specific frequencies and durations of the jamming attacks. This is different from the results in [23] and [24], which have the resilient conditions for linear systems in a complex LMI form that involves the jamming attack parameters. Remark 5.6 Compared to our previous work in Chap. 2, the differences are threefold: (1) a novel cascaded auxiliary system is designed, in which a single-integral auxiliary system is embedded; (2) weaker assumptions on the jamming attacks are used due to the novel auxiliary system; and (3) relaxed sufficient conditions are presented without requiring to known the jamming attack parameters.

5.4 Simulation Results In this section, some simulation and comparison results are presented to verify the established theoretical results. The communication topology is given in Fig. 5.2, which obviously satisfies Assumption 5.1. The details of the Lagrangian dynamics (5.1) can be seen in [37], and the specific system parameters are given as ┐ ci1 + ci2 + 2ci3 cos qi2 ci2 + ci3 cos qi2 , .M i (qi ) = ci2 + ci3 cos qi2 ci2 ┐ ┌ −ci3 sin qi2 q˙i2 −ci3 (q˙i1 + q˙i2 ) sin qi2 C i (qi , q˙i ) = , ci3 q˙i1 sin qi2 0 ┐ ┌ c g cos qi1 + ci5 g cos(qi1 + qi2 ) , Gi (qi ) = i4 ci5 g cos(qi1 + qi2 ) ┌

134

5 Jamming-Resilient Coordination of Networked Robotic Systems. . .

Fig. 5.2 The communication topology of the networked Lagrangian systems













where .qi = [qi1 , qi2 ] and .(ci1 , ci2 , ci3 , ci4 , ci5 ) are chosen as .(0.9, 1.3, 0.2, 1.3, 0.6), (0.8, 1.2, 0.1, 1.1, 0.5), .(0.6, 1.1, 0.1, 0.6, 0.3), .(1, 1.4, 0.3, 1.4, 0.7), .(0.8, 1.2, 0.1, 0.9, 0.5), .(1.1, 1.4, 0.3, 1.7, 0.7), and .g = 9.81 m/s2 . The following case studies are presented to show the effectiveness of the proposed control scheme.

.

5.4.1 Case 1: No Jamming Attacks In this case, no jamming attack occurs on the communication network. Compared with some existing control methods, the selection of control parameters in this chapter does not require complicated conditions, such as the inequality constraints on gains in Chap. 2. To ensure the results stated in Theorem 5.1, control parameters ϑ ϑ ∗ .k i are chosen as .ki = k/(|Ni | Δi ) with .k ∈ (0, 1). This choice guarantees the system matrix of the compact form (15) to be a row stochastic matrix. The related details can also be seen in [38]. For the other control parameters, for example, s ω η ψ .k , k , k , k , they can be arbitrarily positive real numbers. Their amplitudes do i i i i not affect the results in Theorem 5.1, but will affect the convergence rate. In this ψ η chapter, the control gains are given as .kis = kiω = 5, .Ω = 3I5 , .ki = ki = 5, ϑ .k = 10, the sampling interval is chosen as .0.02 s, and the uniform quantizer is used i in this chapter with .δ = 0.05. The simulation results are shown in Fig. 5.3, where .Ai (m) represents the m-th (.m = 1, 2) component of different variables of the i-th agent. Under the proposed control scheme, it can be seen that all the trajectories of the variables .qi , .q˙i , .ψ i , and .ν i are convergent and the control objective is achieved. Note that due to the quantization sampling effect, there is a static error in the final consensus value of .ϑ i . The static error can be reduced by increasing the quantization density and sampling frequency.

5.4 Simulation Results

135

5

2 1 0

0

-1 -5

-2 0

10

20

30

0

10

Time(s)

30

Time(s)

5

5

0

-5

20

0

-5 0

10

20

0

30

10

20

30

Time(s)

Time(s)

Fig. 5.3 System trajectories under the proposed control scheme without jamming attacks

Attack mode

1 0

0

5

10

0

5

10

15

20

25

30

15

20

25

30

1 0

Time(s) Fig. 5.4 The DoS attack modes on different channels

5.4.2 Case 2: Resilient Synchronization Under Jamming Attacks In this case, the simulation results are presented to verify the jamming resilience of the proposed control scheme. The initial conditions and control parameters are chosen to be the same as the previous case. The attack mode is shown in Fig. 5.4,

136

5 Jamming-Resilient Coordination of Networked Robotic Systems. . .

4

5

2 0

0

-2 -5

0

10

20

30

-4

0

Time(s)

10

20

30

Time(s)

4

5

2 0

0

-2 -4

-5 0

10

20

Time(s)

30

0

10

20

30

Time(s)

Fig. 5.5 System trajectories without the switching mechanism (1.9)

where the channels .(6, 1) and .(3, 4) are randomly selected as under jamming attacks. Note that when the ordinate is 0, the jamming attack is activated. The simulation results without the switching mechanism (5.14) are shown in Fig. 5.5. It can be seen that variables .q˙i and .ψ i converge to zero, while .ϑ i approaches to the neighborhood of zero. In particular, although the generalized position variables .qi do not diverge, synchronization of the networked Lagrangian systems is still not guaranteed. Figure 5.6 shows the resilient synchronization results under the proposed control scheme. Clearly, all the trajectories of variables .qi , .ψ i , and .ν i approach practical synchronization and .q˙i converges to zero. This demonstrates that the control objective (5.2) is achieved even in the presence of jamming attacks. To verify the effectiveness of the proposed resilient control scheme under different modes of jamming attacks, a case study is presented with all channels under jamming attacks with the attack mode being shown in Fig. 5.7. Note that the duration and frequency of the attacks are randomly changing, and thus their bounds cannot be known before system starts its operation, even though they can be determined from Fig. 5.7, which is just used for simulation purpose. Fortunately, our proposed control scheme does not need any specific parameters related to the jamming duration and frequency including their bounds, in order to achieve the results presented in Theorem 5.1. Indeed, as observed from the simulation results shown in Fig. 5.8, the proposed resilient control scheme ensures the practical synchronization, which

5.5 Conclusions

137

5

2 1 0

0

-1 -5

-2 0

10

20

30

0

Time(s)

10

20

30

Time(s) 6

5

4 2 0

0

-2 -4 -5

0

10

20

30

-6

0

Time(s)

10

20

30

Time(s)

Fig. 5.6 System trajectories under the resilient control scheme

verifies the theorem. On the other hand, some other observations which are not the results of Theorem 5.1 can be made. As shown in Figs. 5.6 and 5.8, .qi tracks its current reference .ϑ i (t) during the jamming duration and waits for the updating of reference dynamics signal .ϑ˙ i (t). Different performances of the closed-loop system are observed under the two randomly bounded jamming attack modes. The longer the attack interval, the longer the stabilization time is required.

5.5 Conclusions This chapter considers the jamming-resilient synchronization control problem of networked robotic systems with the quantized sampling data. By designing a novel auxiliary system for each subsystem over a directed network, the effects of the external disturbances and jamming attacks are decoupled and can be handled separately. Benefiting from the novel auxiliary system, weaker assumptions on the jamming attacks are required, and sufficient conditions that do not involved attack parameters are presented.

138

5 Jamming-Resilient Coordination of Networked Robotic Systems. . . 1 0.5 0

Attack mode

1 0.5 0 1 0.5 0 1 0.5 0 1 0.5 0 1 0.5 0

0

5

10

15

20

25

30

0

5

10

15

20

25

30

0

5

10

15

20

25

30

0

5

10

15

20

25

30

0

5

10

15

20

25

30

0

5

10

15

20

25

30

Time(s) Fig. 5.7 The DoS attack modes on all channels

References

139

4

5

2 0

0 -2

-5 0

10

20

30

Time(s)

0

20

30

Time(s)

6

5

10

4 2 0

0 -2 -4

-5 0

10

20

Time(s)

30

-6

0

10

20

30

Time(s)

Fig. 5.8 System trajectories with different attack modes

References 1. Ding, L., Zheng, W.X.: Network-based practical consensus of heterogeneous nonlinear multiagent systems. IEEE Trans. Cybern. 47(8), 1841–1851 (2016) 2. Ding, L., Han, Q.-L., Ge, X., Zhang, X.-M.: An overview of recent advances in event-triggered consensus of multiagent systems. IEEE Trans. Cybern. 48(4), 1110–1123 (2017) 3. Li, X., Wen, C., Chen, C.: Resilient cooperative control for networked lagrangian systems against dos attacks. IEEE Trans. Cybern. 99, 1–1 (2020). Early access 4. Fang, X., Li, X., Xie, L.: Angle-displacement rigidity theory with application to distributed network localization. IEEE Trans. Autom. Control 99, 1–1 (2020). Early access 5. Li, X., Wen, C., Fang, X., Wang, J.G.: Adaptive bearing-only formation tracking of nonholonomic multi-agent systems. IEEE Trans. Cybern. 99, 1–1 (2020). Early access 6. Wang, D., Wang, Z., Wen, C., Wang, W.: Second-order continuous-time algorithm for optimal resource allocation in power systems. IEEE Trans. Industr. Inform. 15(2), 626–637 (2018) 7. Li, Y., Yang, C., Yan, W., Cui, R., Annamalai, A.: Admittance-based adaptive cooperative control for multiple manipulators with output constraints. IEEE Trans. Neural Networks Learn. Syst. 30(12), 3621–3632 (2019) 8. Yu, Z., Qu, Y., Zhang, Y.: Distributed fault-tolerant cooperative control for multi-uavs under actuator fault and input saturation. IEEE Trans. Control Syst. Technol. 99, 1–13 (2019). Available online

140

5 Jamming-Resilient Coordination of Networked Robotic Systems. . .

9. Shen, C., Shi, Y., Buckham, B.: Trajectory tracking control of an autonomous underwater vehicle using Lyapunov-based model predictive control. IEEE Trans. Ind. Electron. 65(7), 5796–5805 (2018) 10. Mei, J., Ren, W., Ma, G.: Distributed containment control for Lagrangian networks with parametric uncertainties under a directed graph. Automatica 48(4), 653–659 (2012) 11. Mei, J., Ren, W., Chen, J.: Distributed consensus of second-order multi-agent systems with heterogeneous unknown inertias and control gains under a directed graph. IEEE Trans. Autom. Control 61(8), 2019–2034 (2016) 12. Li, X., Luo, X., Wang, J., Li, S., Guan, X.: Finite-time consensus for nonlinear multi-agent systems with time-varying delay. J. Frankl. Inst. 355(5), 2703–2719 (2018) 13. Sun, Y., Chen, L., Ma, G., Li, C., Adaptive neural network tracking control for multiple uncertain Euler–Lagrange systems with communication delays. J. Frankl. Inst. 354(7), 2677– 2698 (2017) 14. Lu, M., Liu, L., Leader–following consensus of multiple uncertain Euler–Lagrange systems with unknown dynamic leader. IEEE Trans. Autom. Control 64(10), 4167–4173 (2019) 15. Nuno, E., Sarras, I., Basanez, L.: Consensus in networks of nonidentical Euler–Lagrange systems using p+ d controllers. IEEE Trans. Robot. 29(6), 1503–1508 (2013) 16. Abdessameud, A., Polushin, I.G., Tayebi, A.: Synchronization of Lagrangian systems with irregular communication delays. IEEE Trans. Autom. Control 59(1), 187–193 (2013) 17. Abdessameud, A., Tayebi, A., Polushin, I.G.: Leader-follower synchronization of EulerLagrange systems with time-varying leader trajectory and constrained discrete-time communication. IEEE Trans. Autom. Control 62(5), 2539–2545 (2017) 18. Zhao, X., Ma, C., Xing, X., Zheng, X.: A stochastic sampling consensus protocol of networked Euler–Lagrange systems with application to two-link manipulator. IEEE Trans. Industr. Inform. 11(4), 907–914 (2015) 19. Zhang, W., Tang, Y., Huang, T., Vasilakos, A.V.: Consensus of networked Euler-Lagrange systems under time-varying sampled-data control. IEEE Trans. Industr. Inform. 14(2), 535– 544 (2017) 20. Wang, K., Tian, E., Liu, J., Wei, L., Yue, D.: Resilient control of networked control systems under deception attacks: a memory-event-triggered communication scheme. Int. J. Robust Nonlinear Control 30(4), 1534–1548 (2020) 21. Hu, S., Yue, D., Chen, X., Cheng, Z., Xie, X.: Resilient h-∞ filtering for event-triggered networked systems under nonperiodic DoS jamming attacks. IEEE Trans. Syst. Man Cybern.: Syst. 51(3), 1392–1403 (2021) 22. Senejohnny, D., Tesi, P., Persis, C.D.: A jamming-resilient algorithm for self-triggered network coordination. IEEE Trans. Control Network Syst. 5(3), 981–990 (2017) 23. Persis, C.D., Tesi, P.: Input-to-state stabilizing control under Denial-of-Service. IEEE Trans. Autom. Control 60(11), 2930–2944 (2015) 24. Lu, A.Y., Yang, G.H.: Input-to-state stabilizing control for cyber-physical systems with multiple transmission channels under denial of service. IEEE Trans. Autom. Control 63(6), 1813–1820 (2017) 25. Zuo, Z., Cao, X., Wang, Y., Zhang, W.: Resilient consensus of multiagent systems against denial-of-service attacks. IEEE Trans. Syst. Man Cybern.: Syst. 52(4), 2664–2675 (2022) 26. Zhao, L., Yang, G.-H.: Adaptive fault-tolerant control for nonlinear multi-agent systems with dos attacks. Inf. Sci. 526, 39–53 (2020) 27. Ghapani, S., Mei, J., Ren, W., Song, Y.: Fully distributed flocking with a moving leader for Lagrange networks with parametric uncertainties. Automatica 67, 67–76 (2016) 28. Liang, X., Liu, Y.H., Wang, H., Chen, W., Xing, K., Liu, T.: Leader-following formation tracking control of mobile robots without direct position measurements. IEEE Trans. Autom. Control 61(12), 4131–4137 (2016) 29. Liu, H., Tian, Y., Lewis, F.L., Wan, Y., Valavanis, K.P.: Robust formation tracking control for multiple quadrotors under aggressive maneuvers. Automatica 105, 179–185 (2019) 30. Wang, Y., Wu, Q., Wang, Y., Yu, D.: Quantized consensus on first-order integrator networks. Syst. Control Lett. 61(12), 1145–1150 (2012)

References

141

31. Feng, Z., Hu, G., Ren, W., Dixon, W.E., Mei, J.: Distributed coordination of multiple unknown Euler-Lagrange systems. IEEE Trans. Control Network Syst. 5(1), 55–66 (2018) 32. Feng, Z., Hu, G.: Secure cooperative event-triggered control of linear multiagent systems under dos attacks. IEEE Trans. Control Syst. Technol. 28(3), 741–7521 (2020) 33. Lu, A.Y., Yang, G.H.: Distributed consensus control for multi-agent systems under denial-ofservice. Inf. Sci. 439, 95–107 (2018) 34. Xu, W., Ho, D.W.C., Zhong, J., Chen, B.: Event/self-triggered control for leader-following consensus over unreliable network with DoS attacks. IEEE Trans. Neural Networks Learn. Syst. 30(10), 3137–3149 (2019) 35. Zhang, D., Liu, L., Feng, G.: Consensus of heterogeneous linear multiagent systems subject to aperiodic sampled-data and dos attack. IEEE Trans. Cybern. 49(4), 1501–1511 (2019) 36. Ren, W.: Distributed leaderless consensus algorithms for networked Euler-Lagrange systems. Int. J. Control. 82(11), 2137–2149 (2009) 37. Spong, M.W., Hutchinson, S., Vidyasagar, M.: Robot Modeling and Control. Wiley, New York (2006) 38. Meng, X., Xie, L., Soh, Y.C.: Asynchronous periodic event-triggered consensus for multi-agent systems. Automatica 84, 214–220 (2017)

Chapter 6

Event-Based Secure Coordination of Networked Robotic Systems Under DoS Attacks

Abstract In this chapter, we further consider the event-triggered coordination control of networked robotic systems under DoS attacks. Since the limited communication bandwidth and computing resource of networked robotic systems, it is necessary to consider saving these consumption in the secure control design. Compared with the continuous-time control in Chaps. 2–5, the event-based secure control of the networked Lagrangian systems is more complex and challenging, especially under the conditions of asymmetry communication. To this end, an eventbased controller is firstly designed for consensus control of networked robotic systems in the absence of DoS attacks. Sufficient conditions are given to stabilize the closed-loop systems. Then the resilience analysis is presented for the event-based controller under DoS attacks. Some conditions associated with the DoS duration and frequency are proposed for the control parameters against the attacks. Then Zeno behaviors are proved to be nonexistent in the proposed control scheme. An algorithm is also given to guide the control design. Keywords Networked robotic systems · Cyber attacks · Event-triggered control · Coordination · DoS attacks

6.1 Introduction Recently, secure cooperative control of networked robotic systems, which aims to seek resilience for different kinds of cyber attacks, has become one of the hottest topics. Much efforts have been paid to achieve security control design against cyber attacks, where many successful cases are contained. However, continuous or periodic sampling data transmission is a critical restriction for networked robotic systems with limited energy and computing resources. Compared with the continuous-time or periodic sampling feedback control approach, several eventtriggered cooperative control strategies have been developed [1, 2]. However, the mentioned algorithms considered the event-based control for different objectives in a reliable communication network and neglected the secure issues. Note that when DoS attacks occur over a communication channel between the robots, the event© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2024 X. Li et al., Secure Coordination Control of Networked Robotic Systems, https://doi.org/10.1007/978-981-99-9359-8_6

143

144

6 Event-Based Secure Coordination of Networked Robotic Systems Under DoS. . .

based controller updating strategy may fail, which poses a new challenge to the consensus control of networked robotic systems. The authors in [3] proposed eventtriggered resilient conditions for consensus control of linear multi-agent systems subject to DoS attacks, in which sufficient conditions are proposed for the maximum tolerable duration and frequency for DoS intervals. Xu et al. [4] investigated the event-triggered secure consensus control problem for linear multi-agent systems subject to periodic energy-limited DoS attacks. Then the authors considered the secure consensus control of linear multi-agent systems by an input-based triggering approach under the DoS attacks [5]. In [6], the authors investigated the leaderfollowing consensus issue with the event- and self-triggered schemes under DoS attacks. Nevertheless, the adverse effects of DoS attacks on event-based consensus control of nonlinear networked robotic systems have not received enough attention. By investigating recent results, the consensus control of nonlinear networked robotic systems has witnessed a growing interest [7–10] due to its potentially wide applications [11, 12]. Specifically, in [13], the authors proposed a sampled-based consensus control scheme with time-varying sampling periods for the networked Lagrangian systems, in which the average sampling interval is used to quantize control input action time. In [9, 10], the authors considered the distributed consensus control of networked Lagrangian systems with parametric uncertainties and time-varying communication time delay. Liu et al. [14] proposed event-based model-independent algorithms for cooperative control of Lagrangian networks. However, the results reported above generally considered the event-based consensus control problem via reliable communication channels or under some constraints on communication network. How to achieve consensus control of multiple nonlinear networked robotic systems with resilience for DoS attacks on event-triggered communication is challenging. To solve the resilient consensus problem of networked robotic systems, the main gap is how to design a secure coordination controller to overcome the coupling effects of complex nonlinearities and parameter uncertainties of the system and DoS attacks. This chapter focuses on the event-based resilience to DoS attacks on communication consensus control of the networked robotic systems. Due to the fact that the event transmission may fail under DoS attacks, this chapter aims to propose distributed secure consensus control law for networked robotic systems. The DoS attacks are assumed energy limited and allowed to occur aperiodically; thus, the frequency and duration of DoS attacks are limited. Under this condition, the eventtriggered consensus control law is firstly designed under ideal communication channels. Sufficient conditions are presented for the control parameters to guarantee the closed-loop systems to be stable without DoS attacks and Zeno behaviors are also be eradicated. Then the convergence of the closed-loop systems is presented under DoS attacks over different time intervals. The rigorous proof is given according to the Lyapunov theory, in which sufficient conditions associated with the frequency and duration of DoS attacks are derived. The main contributions of this chapter are summarized below.

6.2 Preliminaries and Problem Statement

145

1. The resilient event-based consensus control problem of multiple nonlinear robotic systems modeled by Euler-Lagrange equation is considered subject to a directed communication network under DoS attacks. Compared with the results reported in [7–9], which assume that the communication network is free from Dos attacks, the security issue in consensus control of Lagrangian networks is more challenging. 2. The proposed event-based resilient consensus control laws can guarantee the nonlinear systems to be stable in the presence of DoS attacks. Compared with the existing secure control results on linear MAS [3, 5, 6], the essential difficulties in secure consensus control for nonlinear Lagrangian networks are mainly from the complicated nonlinearities and the directed communication topology. 3. Under the asynchronous event-based data updated control law, the Zeno behaviors are eradicated from the proposed secure consensus control protocol. This is in contrast to the existing works of [15] and [16] where continuous-time communication network is required. We give sufficient conditions to guarantee the networked Lagrangian systems to be convergent without/with DoS attacks and there are no Zeno phenomena. The chapter is organized as follows: Problem formulation and some preliminaries are presented in Sect. 6.2. Section 6.3 proposed the main results for event-triggered consensus control without/with DoS attacks. In Sect. 6.4, simulation examples are presented to demonstrate the proposed algorithms. Section 6.5 concludes the chapter and presents some future research directions.

6.2 Preliminaries and Problem Statement 6.2.1 DoS Attacks The DoS attacks can interfere with normal communications or access rights between the robots. Similar to [3, 17, 18], the DoS attacks can simultaneously affect both the measurement and control channels and occur randomly without following any specific pattern nor a stochastic distribution, as shown in Fig. 6.1. The following assumptions on DoS attacks are given as follows, which are also stated in [3, 17]. Assumption 6.1 (DoS Duration and Frequency [17]) For .t2 ≥ t1 , there exist positive scalars .ηij , .Tij , .θ ij , and .π ij for communication network such that .

| | |Dij (t1 , t2 )| ≤ ηij + t2 − t1 , . Tij

(6.1)

t 2 − t1 , π ij

(6.2)

nij (t1 , t2 ) ≤ θ ij +

146

6 Event-Based Secure Coordination of Networked Robotic Systems Under DoS. . .

Sensors

Actuators a1

a3

a2

Networked Lagrangian Systems

s1

s3

s2 s4

a4

DoS Attacks

DoS Attacks

Communication Network

Communication Network

Distributed Control and Management Center Fig. 6.1 Control scheme of a Lagrangian network under DoS attacks

where .Dij (t1 , t2 ) is the set of time intervals corresponding to the active DoS attacks and .nij (t1 , t2 ) is the DoS attack frequency over .[t1 , t2 ). Remark 6.1 Generally, the energy of an attacker is limited. Therefore, DoS attacks can be described by a limited attack duration and frequency in (6.1) and (6.2) [3, 17– 19]. Except for duration and frequency constraints on the DoS attacks, no other assumptions are needed. In this chapter, we assume that the communication network is attacked by the DoS attacks simultaneously since the networked Lagrangian systems can be controlled by a remote control center as stated in [3, 17, 18]. In the presence of the DoS attacks, the control updates of the robots may fail even though the event is triggered. In this case, we should know when the robots can receive the neighbors’ information to update their control policies, which is associated with the attack intervals. Let .tkii denote the latest update constant of robot i with .ki ∈ N0 corresponding to the events’ sequence; .fi (ei , δ i ) is the eventtriggered function defined later. The following sets .κ i (t) and .κ¯ i (t) are defined to index the most recently successful event instant and unsuccessful attempts over time .[t1 , t2 ]: { } κ i (t) = sup ki ∈ N0 |tkii < t, tkii ∈ / D(i,j ) (t1 , t2 ) , . { } Ki (t) = ki ∈ N0 |tkii ∈ D(i,j ) (t1 , t2 ) . .

(6.3) (6.4)

To detect DoS attacks in time, a transmission attempt is used for robots. If robot i does not receive any return information while .fi (ei , δ i ) > 0, it is determined to be suffering from a DoS attack [3, 20]. Then the robot i starts to periodically attempt to communicate with its neighboring robots with a periodic time .Δi∗ > 0, which is predefined. A state can be successfully transmitted as long as the DoS attack is over. Let .ζ m , .m ∈ Na Δ {1, 2, . . .}, denote the time instant where the DoS attack is

6.2 Preliminaries and Problem Statement

147

activated, and then the m-th effective DoS interval can be expressed as i |Ξζ m (t1 , t2 )| = [ζ m , ζ m + σ m (i,j ) + Δ∗ ),

.

(6.5)

where the parameter .σ m (i,j ) can be expressed as ⎧ m .σ (i,j )

=

ζ m+1 − ζ m , Ki = ∅, ∀i ∈ V, max{tkii |ki ∈ Ki } − ζ m , otherwise. i∈V

Then it is easy to verify that the effective DoS attack interval and its complement set can be expressed as .

| | | | |D¯ ij (t1 , t2 )| ≤ |Dij (t1 , t2 )| + (nij (t1 , t2 ) + 1)Δi , . ∗ H¯ ij (t1 , t2 ) =[0, t)\D¯ ij (t1 , t2 ).

(6.6) (6.7)

6.2.2 The Problem Formulation The networked Lagrangian systems can be used to model the dynamics of aircraftlike vehicles and some kinds of underwater robots [21, 22]. In this chapter, the dynamics of N Euler-Lagrange systems, which is indexed by .N Δ {1, 2, · · · , N }, is given as M i (qi )q¨i + C i (qi , q˙i )q˙i + Gi (qi ) = τ i ,

.

(6.8)

where .qi ∈ Rn is the state of robot i, .M i (qi ) ∈ Rn×n is the positive definite inertia matrix, .Gi (qi ) ∈ Rn denotes the gravitational torque, and .C i (qi , q˙i ) ∈ Rn×n denotes the centripetal and Coriolis torque matrix. .τ i ∈ Rn is the control input torque to be designed. The well-known Properties 2.1–2.3 in Chap. 2 are given for (6.8); the details can be referred to [23]. Control Objective This chapter aims to design an event-based secure controller for the networked robotic systems (6.8) to achieve consensus without/with DoS attacks, that is, .

lim (qi − qj ) = 0 and lim q˙i = 0, ∀i, j ∈ N .

t→∞

t→∞

(6.9)

148

6 Event-Based Secure Coordination of Networked Robotic Systems Under DoS. . .

6.3 Event-Triggered Secure Control Design and Resilience Analysis In this section, we firstly consider the event-triggered data updated control policy for multiple Euler-Lagrange systems without DoS attacks. Then the secure controller is presented in the presence of DoS attacks.

6.3.1 Event-Triggered Data Update Policy For networked Lagrangian systems (6.8), the distributed controller .τ i for the i-th robot with the adaptive tuning law is designed as ⎧ .

τ i = −kis si + Yi θˆ i θ˙ˆ i = −Υi YiT si

(6.10)

where .θˆ i is the estimate of the unknown parameter .θ i ; .Yi Δ Yi (qi , q˙i , q˙ir , q¨ir ) ∈ Rn×k ; .kis ∈ R is a positive constant; .Υi is constant, diagonal, and positive definite; and .si = q˙i − q˙ir with .qir being a determined vector. In this chapter, the auxiliary vector is designed as follows:

.

q˙ir (t) = −ckic

N Σ j =1

⎛ ⎞⎞ ⎛ ⎛ ⎞ j aij (t) qi tkii − qj tkj ,

(6.11)

where .kic is a positive constant and .c > 0 denotes the coupling strength. .qi (tkii ) is the latest updated state of robot i at triggered constant .tkii . Rewrite the system (6.8) in a cascade closed-loop form with the event-triggered control law (6.10) and desired vector (6.11) as ⎧ s ˜ ⎪ ⎨ M i (qi )˙si = Yi θ i − ki si − C i (qi , q˙i )si , θ˙ˆ i = −Υi YiT si , . ⎛ ⎞⎞ ⎛ ⎛ ⎞ ⎪ ⎩ q˙ = −ck c Σ N a (t) q t i − q t j + si . i i ki j kj j =1 ij i

(6.12)

where .θ˜ i = θ i − θˆ i . Note that the closed-loop system (6.12) allows to analyze the stability of each subsystem separately. For the third equation in (6.12), the event-triggered time constant is defined as .0 ≤ t1i ≤ t2i ≤ · · · for i-th robot; the triggered constant will be updated iteratively according to { } tkii +1 = inf t|t > tkii , fi (ei , δ i ) ≥ 0 ,

.

(6.13)

6.3 Event-Triggered Secure Control Design and Resilience Analysis

149

in which the triggered function .fi (ei , δ i ) is defined as fi (ei , δ i ) = ||ei (t)|| − ε i ||δ i (t)|| ,

.

(6.14)

Σ j i where .ei (t) = qi (tkii ) − qi (t), .δ i (t) = N j =1 aij (t)(qi (tki ) − qj (tkj )), and .ε i is a determined parameter. If the triggered condition is satisfied, then the cooperative error will be set to zero. Since the proposed controller does not require continuous communication and control, communication and computing resources will be saved. Substituting .qi (tkii ) = ei (t) + qi (t) into the third equation in (6.12) yields .

q(t) ˙ = s − c(L ⊗ K)(e(t) + q(t)),

(6.15)

in which the control gain matrix is .K = diag{kic }. As stated in [24], if s is bounded, then the stability of system (6.15) can be guaranteed by stabilizing the following system: q(t) ˙ = −c(L ⊗ K)(e(t) + q(t)).

.

(6.16)

Let .z(t) = (C ⊗ IN )q(t) with .C = In − 1n γ T , and then system (6.16) can be rewritten as ⎞ ┐ ┌ ⎛ .z ˙ (t) = − c CLC −1 ⊗ K (z(t) + ɛ (t)) = − (cL ⊗ K)(z(t) + e(t)).

(6.17)

Therefore, the stability analysis of (6.15) is transformed into proving (6.17) be globally asymptotically stable. Theorem 6.1 (Event-Triggered Consensus Without DoS Attacks) Consider a strongly connected networked Lagrangian systems (6.8); if the event-trigger gain of each robot satisfies the following conditions: ⎫ ⎧ ΦΠi , . max ε i < min Φ, i 1 + Πi where λmax LΛK = λmax (LT Λ2 L ⊗ K 2 ), lambdamin ΛK = λmin (Λ ⊗ K), / Πi = 2αη(L)λmin ΛK − α 2 λmax LΛK , || || || || Φ = (||C −1 ⊗ IN || ||L ⊗ IN ||)−1 ,

.

α ∈ (0, 2η(L)λmin ΛK /λmax LΛK ),

(6.18)

150

6 Event-Based Secure Coordination of Networked Robotic Systems Under DoS. . .

then the control objective is achieved under the event-based controller (6.10) with (6.11). Proof According to the aforementioned analysis, the consensus of nonlinear Lagrangian system can be achieved if the following conditions are met: (i) .si → 0 as .t → ∞. (ii) .z(t) → 0 as .t → ∞. The proofs are presented to prove the two conditions separately. Part 1: Convergence of Condition (i) Take the following positive definite function as a Lyapunov function candidate for the first two subsystems in (6.12): 1 Σ T T si M i (qi )si + θ˜ i Υi−1 θ˜ i . 2 N

V1 (t) =

.

(6.19)

i=1

Denote .tkl as a finite time sequence, where .kl is the time constant when l-th event is triggered and .t ∈ [tkl , tkl+1 ) corresponds to the l-th event-trigger interval, .l = 1, 2, . . ., and then the derivative of (6.12) is N ⎛ Σ 1

1 s˙iT M i (qi )si + siT M i (qi )˙si 2 2 i=1 ⎞ 1 T ˙ T −1 ˆ ˜ −θ i Υi θ i + si M i (qi )si 2 ⎛ ⎞ N ⎛ Σ 1 ˙ = siT −kis + (M (q ) − 2C (q , q ˙ )) si i i i i i 2

˙1 (t) = .V

i=1

N ⎞ Σ T θ˜ i YiT si +siT Yi θ˜ i − i=1

=−

N Σ

siT kis si ≤ 0,

(6.20)

i=1

in which Property 2.2 is used to derive the conclusion. Then it concludes that V˙1 (t) ≤ 0 for .t ∈ [tkl , tkl+1 ) and .si ∈ L∞ . Define a positive constant .d ≥ 1, and then for .t ∈ [tkl+1 , tkl+d ), it has .V˙1 (t) ≤ 0 and there exists a positive constant .κ, .t2 − t1 ≥ κ, such that .V1 (t1 ) − V1 (t2 ) < ɛ . Thus, from (6.20), we have .

( s) .λmin ki

⎛

N t2 Σ

t1

siT si dt

i=1

( ) = λmin kis

┌ ⎛

N tk1 Σ

t1

i=1

⎛ siT si dt

+

N tk1 +dk Σ tk1

i=1

siT si dt

6.3 Event-Triggered Secure Control Design and Resilience Analysis

⎛ +

tk2

N Σ

tk1 +dk i=1

┌ ⎛ ≤−

tk1

⎛ siT si dt

V˙1 (r)dr +

+ ··· +

tkl i=1

⎛

t1

⎛ +

tk2

N t2 Σ

tk1 +dk

┐ siT si dt

V˙1 (r)dr

tk1

V˙1 (r)dr + · · · +

tk1 +dk

⎛

151

t2

┐ V˙1 (r)dr

tkl

≤ V1 (t1 ) − V1 (t2 ) < ɛ .

(6.21)

⎛ t Σ T According to (6.21), it concludes that . t12 N i=1 si si dt is convergent. Also, the Σ N Σ N conclusions that . i=1 si and . i=1 s˙i are uniformly bounded over .[t1 , t2 ) are Σ Σ N T T derived. Thus, . N i=1 si s˙i and . i=1 s˙i s˙i are also uniformly bounded on the interval .[t1 , t2 ). Based on the generalized Babalat Lemma [25], .si → 0 as .t → +∞. Part 2: Convergence of Condition (ii) Next, take .V2 (t) = 12 zT (t)(Λ ⊗ In )z(t) as the Lyapunov function of system (6.17) with .Λ > 0 given in Definition 1. Then for .t ∈ [tkl , tkl +1 ), the derivative of .V2 (t) is yielded along (6.17): V˙2 (t) =zT (t)(Λ ⊗ Im )˙z(t)

.

= − zT (t)(cΛL ⊗ K)z(t) − czT (t)(Λ ⊗ Im )(L ⊗ K)ɛ (t) ≤ − zT (t)(cΛL ⊗ K)z(t) + +

c ɛ (t)T ɛ (t) 2α

cα T z (t)(LT Λ2 L ⊗ K 2 )z(t), 2

(6.22)

where the equality in (6.22) is derived according to Young’s inequality with a determined parameter .α > 0. Then the first term in (6.22) can be expressed as .

1 − zT (t)(cΛL ⊗ K)z(t) = − zT (t)(c(ΛL + LT Λ) ⊗ K)z(t) 2 ≤ −cη(L)zT (t)(Λ ⊗ K)z(t) ≤ −cη(L) ||Λ ⊗ K|| ||z(t)||2 ,

(6.23)

where .η(L) > 0 is known as the general algebraic connectivity of the graph .G and thus .λmin (Λ ⊗ K) > 0. Then, under the event interval .[tkl+1 , tkl+d ), .fi (ei , δ i ) ≤ 0.

152

6 Event-Based Secure Coordination of Networked Robotic Systems Under DoS. . .

Then the second term in (6.22) can be rewritten as .

||e(t)|| ≤ max εi ||δ(t)|| i

≤ ε max ||(L ⊗ Im )(e(t) + q(t))|| ≤ ε max ||(L ⊗ Im )(z(t) + ɛ (t))|| ,

(6.24)

which is derived by the fact that .LC = L, .ε max = maxi εi . Then we have .

|| || || || ||ɛ (t)|| ≤ ||C −1 ⊗ Im || ||e(t)|| || || || || ≤ε max ||C −1 ⊗ Im || ||L ⊗ Im || (||z(t)|| + ||ɛ (t)||) || || εmax ||C −1 ⊗ Im || ||L ⊗ Im || || || ||z(t)|| , ≤ 1 − ε max ||C −1 ⊗ Im || ||L ⊗ Im ||

|| || where .εmax Δ maxi ε i and .εmax ||C −1 ⊗ Im || ||L ⊗ Im || ing (6.24), (6.25) into (6.22), we have


tkii , fi (ei , δ i ) ≥ 0}, t ∈ H¯ ij , tkii + Δi∗ t ∈ D¯ ij .

(6.29)

Then the closed-loop system under the switching controller can also be written as ⎧ ⎪ q˙i = q˙ir (t) + si , ⎨ M i (qi )˙si = −Ki si − Ci (qi , q˙i )si + Yi θ˜ i , . ⎪ ⎩ ˙ˆ θ i = −Υi Y T si .

(6.30)

i

Then the convergence result is given as follows. Theorem 6.2 (Event-Triggered Consensus Under DoS Attacks) Given a strongly connected networked Lagrangian systems (6.8), the event-based distributed controller (6.10) with (6.28), whose parameters satisfy (6.18), can solve the consensus problem under any DoS attacks that satisfy Assumption 6.1 with arbitrary scalars .η ij , .Tij , .θ ij , and .π ij satisfying W
0

156

6 Event-Based Secure Coordination of Networked Robotic Systems Under DoS. . .

between adjacent events for each robot i. For .t ∈ [tkii , tkii+1 ) ∈ H¯ ij , .ei (tkii ) = 0. Then, .ei (tkii ) evolves from zero until the next event instant .tkii+1 , which is determined by (6.29). Since .ei (t) = qi (tkii ) − qi (t), then .e˙i (t) = −q˙i (t) = −c(L ⊗ K)(e(t) + q(t)), which derives that ⎛ e(t) =

t

Σ N

.

tki

j =1

⎛ ⎛ ⎞ ⎛ ⎞⎞ j aij qi tkii − qj tkj ds.

(6.44)

i

According triggered constant in (6.29), || ||Σ || to the || the next event is triggered when || i || || N j || i i .||e(t ki+1 )|| = ε i || j =1 aij (qi (tki ) − qj (tkj ))||. The triggered constant is .t = tki+1 , which satisfies ||Σ ⎛ ⎛ ⎞ ⎛ ⎞⎞|| || || N j i || .ε i aij qi tki − qj tkj || || || j =1

⎛ =

tki

i+1

tki

||Σ ⎛ ⎛ ⎞ ⎛ ⎞⎞|| || || N j i || || || j =1 aij qi tki − qj tkj || ds.

(6.45)

i

Before the desired variables achieve consensus, the condition || ⎛ ⎛ ⎞ ⎛ ⎞⎞|| || ||Σ N j i || > 0, q t − q . || a ij i ki j tkj || || j =1

holds all the time. That is, .tkii+1 is strictly larger than .tkii . In addition, there is no events being triggered for .t ∈ D¯ ij . According to the proof of Theorem 6.1 and the communication attempts during the DoS intervals, the Zeno behavior will not happen. The proof is completed. Remark 6.3 Note that the sufficient conditions given in Theorem 6.2 provide some limitations on the DoS attack parameters, which is consistent with the actual situation because the attacker’s energy is often limited. As seen in (6.31), the attempt period .Δi∗ used during the effective DoS intervals will affect the DoS interval detection. Small .Δi∗ will lead to tolerance for DoS attacks with a larger duration and higher frequency for the same control parameters. In addition, the parameters in (6.31) can be regarded as a resilience index of the proposed controller, because it gives the maximum tolerance to DoS attacks. In addition, the proposed event-based control approach is independent of the system parameters. That is, the proposed controller would still work even for heterogeneous robotic systems with different physical parameters.

6.3 Event-Triggered Secure Control Design and Resilience Analysis

157

6.3.3 Control Design Process To make the event-based control design clear, the following multistep guidelines are presented. Step 1: Calculate the General Algebraic Connectivity Determine the communication topology .G and calculate the general algebraic connectivity .η(L) by solving the following optimization problem: .

max ρ, s.t. Θ T (L − ρΛ)Θ > 0.

where .Θ T = [IN −1 , −γ¯ /γ TN ]T ∈ RN ×N −1 with .γ¯ = [γ 1 , γ 2 , . . . , γ N −1 ]T . Step 2: Select Control Gains Select .kis > 0 and .Υi > 0; the closed-loop system can be stabilized by the proposed controller in (6.10). That is, .si is convergent under this condition. Step 3: Design Event Parameters Select .kic > 0 and .c > 0, then calculate the parameters .λmax LΛK , .λmin ΛK , .Φ, .Πi , and choose .α ∈ (0, 2η(L)λmin ΛK /λmax LΛK ) ΦΠi as well as .maxi εi < min{Φ, 1+Π }. Then the basic stability can be guaranteed in i the absence of DoS attacks. Step 4: Calculate DoS Attack Tolerance Calculate .ξ 1 and .ξ 2 according to the definition, and then choose .Δi∗ for the robots. Then if condition (6.21) is satisfied, then the secure consensus is achieved in the presence of DoS attacks.

158

6 Event-Based Secure Coordination of Networked Robotic Systems Under DoS. . .

The control design flowchart is given in Algorithm 2. Algorithm 2: Control design guidelines Output: Suitable control gains kis > 0, Υi > 0, and kic > 0; 1 Step 1: Interaction with neighbors 2 for i ∈ R do 3 Construct the strongly connected communication network and calculate

the general algebraic connectivity η(L); 4 end 5 Step 2: Selection of control gains 6 for i ∈ R do 7 Select control gains kis > 0 and Υi > 0; 8 Select kic > 0 and c > 0, then calculate the event parameters; 9 Calculate ξ 1 and ξ 2 according to the definition;

Choose Δi∗ for the AUVs; if condition (6.31) is satisfied then Jump to Step 3; end Re-selecting the control gains; 14 end

10 11 12 13

15 Step 3: Output control gains 16 for i ∈ R do 17 The control gains are kis > 0, Υi > 0, and kic > 0; 18 end

6.4 Simulation Results This section proposes some simulations to demonstrate the effectiveness of the designed secure event-triggered consensus approach for multiple robotic systems against DoS attacks. The Lagrangian network can be seen in Fig. 6.2, which is a strongly connected one with ten nodes. Define .qi = [qi1 , qi2 ]; the parameters of the Euler-Lagrange systems modeled by (6.8) are given as follows: ┌

┐ d1i + d2i + 2d3i cos(q2i ) d2i + d3i cos(q2i ) .M i (qi ) = , d2i + d3i cos(q2i ) d2i ┐ −d3i sin(q2i )q˙2i −d3i (q˙1i + q˙2i ) , .C i (qi , q ˙i ) = d3i q˙1i sin(q2i ) 0 ┌

┌ Gi (qi ) =

.

┐ d4i cos(q1i ) + d5i g cos(q1i + q2i ) . d5i cos(q1i + q2i )

6.4 Simulation Results

159

The corresponding parameters .(di1 , di2 , di3 , di4 , di5 ) are given as (1.1, 0.1, 0.6, 0.3, 0.6, 1.1, 0.1, 0.6, 0.3, 0.6), (1.2, 0.1, 0.9, 0.5, 0.8, 1.2, 0.1, 0.9, 0.5, 0.8), (1.3, 0.2, 1.3, 0.6, 0.9, 1.3, 0.2, 1.3, 0.6, 0.9), (1.4, 0.3, 1.7, 0.7, 1.1, 1.4, 0.3, 1.7, 0.7, 1.1), and .g = 9.81 m/s2 . The simulation results consist of three cases: consensus without DoS attacks, consensus with DoS attacks, and consensus with DoS attacks that has a different mode. Case 1: We first consider the case with ideal communication channels. The communication network is given in Fig. 6.2, which is strongly connected according to the definition. Following the control design in Algorithm 2, the general algebraic connectivity can be calculated as .η(L) = 0.6714. To solve the consensus problem, the couple strength .c = 1 is chosen for the sake of generality; the control gains are chosen as .kis = 15I2 , .Υi = 3I5 , .kic = 3. Then the event parameters can be calculated as .λmax LΛK = 3.706, .λmin ΛK = 1.67, .Φ = 0.243, and choosing .α = 0.35, then .Πi = 0.8456 and choosing .maxi ε i = 0.05 < 0.113. Then the generalized position and velocity consensus results are shown in Figs. 6.3 and 6.4. It can be seen that under the proposed event-triggered controller (6.10) and the event-based data update policy (6.11), the control objective can be achieved, that is, the generalized positions and velocities of the network Lagrangian systems converge to a common value. The events of robots can be seen in Fig. 6.5. Since there are no DoS attacks in the communication channels, the controller can update its information in time. Case 2: Next, we will consider the consensus control problem with DoS attacks, where the DoS intervals are shown in Fig. 6.6 with gray rectangle. The control parameters are chosen the same as the above. Following the control design guidelines in Algorithm 2, .ξ 1 = 2.8362, and .ξ 2 = 3.853, we have .W
1, there is |Ξ (t1 , t2 )| ≤ TD +

.

(t2 − t1 ) . τD

(7.1)

Assumption 7.2 (DoS Frequency) For .TN ≥ 0, τ N > 0, there is .

N (t1 , t2 ) ≤ TN +

(t2 −t1 ) τN ,

1 ,t2 ) F(t1 , t2 ) ≤ Nt2(t−t , 1

(7.2)

where .N (t1 , t2 ) denotes the number of DoS attacks and .F(t1 , t2 ) denotes the frequency of DoS attacks while .t ∈ (t1 , t2 ). In this chapter, the dynamic event-trigger control approach is used for mitigating the effects of DoS attacks on the system, which may prolong the duration being affected by DoS attacks. Considering the impact of the event-trigger controller, the effective DoS attack duration and its complement can be expressed as .

| | |Ξ¯ (t1 , t2 )| ≤ |Ξ (t1 , t2 )| + (N (t1 , t2 ) + 1) Δ∗

(7.3)

¯ 1 , t2 ) = [t1 , t2 ] \Ξ¯ (t1 , t2 ) H(t

(7.4)

.

in which the parameter .Δ∗ is used to define the trial period of the robot under a DoS attack. Remark 7.1 Due to the limited energy of the attackers, the frequency and duration of the DoS attack are accordingly limited. In addition, high-pass filtering and spread spectrum technology can also be used to mitigate attacks, which can also limit the frequency and duration of attacks. Therefore, Assumptions 7.1 and 7.2 are reasonable.

7.3 Dynamic Event-Triggered Secure Control Design for Networked Robotic. . .

169

7.2.2 Problem Statement In this chapter, networked robotic systems with N robots modeled by Lagrangian dynamic are considered, in which each robot can be modeled as M i (qi )q¨i + C i (qi , q˙i )q˙i + Gi (qi ) = τ i , i = 1, · · · , N

.

(7.5)

where .qi ∈ Rn is the generalized position of the ith robot and .q˙i ∈ Rn is the generalized velocity vector. .M i (qi ) ∈ Rn×n is the symmetric positive definite inertia matrix, .C i (qi , q˙i )q˙i ∈ Rn is the vector of Coriolis and centrifugal forces, and .Gi (qi ) is the vector of gravitational force. .τ i is the vector of control force on the ith robot. Properties 2.1–2.3 are also hold. To clearly describe the coordination control problem under the event-triggered framework, the following definitions are given. Definition 7.1 (Coordination Problem) For all .i, j ∈ V in networked robotic systems, the coordination problem can be described as the following control objective: .

( ) lim qi (t) − qj (t) = 0, lim q˙i (t) = 0,

t→∞

t→∞

(7.6)

which means that the generalized positions of all robots converge to a common value as .t → ∞. Then the velocity of all robots tends to zero. { } Definition 7.2 (Zeno Behavior [42]) Define . t1i i , t2i i , · · · , tkii ∈ [t1 , t2 ] with .0 ≤ t1 < t2 < +∞ as the set of trigger instants for robot i; Zeno behavior exists in an event-triggered system iff there is .k → ∞. That is, Zeno behavior means that the communication is triggered numerous times in a limited duration.

7.3 Dynamic Event-Triggered Secure Control Design for Networked Robotic Systems 7.3.1 Control Design in the Absence of DoS Attacks In this part, the dynamic event-based resilient coordination controller is firstly designed such that the system stability can be guaranteed. For the networked robotic systems (7.5), the following distributed controller with parameter adaptation is designed for the ith robot: ⎧ .

τ i = −kiτ si + Yi θˆ i , θ˙ˆ i = −Ωi YiT si ,

(7.7)

170

7 Dynamic Event-Based Secure Coordination of Networked Robotic Systems. . .

where .kiτ is defined as a constant positive control gain and .Ωi is defined as a constant Δ

positive gain matrix. .Yi = Yi (qi , q˙i , q˙ri , q¨ri ) ∈ Rn×l and .θ i ∈ Rl have been defined in Property 2.3, and .θˆ i is defined as the estimate of .θ i . Define .si = q˙i − q˙ri as an auxiliary variable, in which .q˙ri is designed as follows: .

q˙ri = −

┐ Σ ┌ j qi (tkii ) − qj (tkj ) ,

(7.8)

j ∈Ni

in which .qi (tkii ) denotes the successfully updated state of robot i at .tkii . By using (7.7) and the auxiliary variable (7.8), the networked robotic system (7.5) can be rewritten in closed-loop form as follows: ⎧ ⎪ M i (qi ) s˙i = −kiτ si − C i (qi , q˙i ) si + Yi θˆ i , ⎪ ⎪ ⎪ ⎨ θ˙ˆ = −Ω Y T s , i i i i . = s + q˙ri , ┌ q ˙ ⎪ i i ⎪ ┐ ⎪ Σ j ⎪ ⎩ q˙ri = − qi (t i ) − qj (t ) . j ∈Ni

ki

(7.9)

kj

To improve the performance of the closed-loop system, a dynamic event-trigger mechanism is designed. Inspired by He et al. [43], a form of dynamic event-trigger control scheme is designed and improved to meet the requirements of nonlinear robotic systems as } { ( ) tkii +1 = inf t|t > tkii , ρ i fi ei , ϕ i ≥ ηi (t) ,

.

(7.10)

( ) where .ρ i is a positive constant and .fi ei , ϕ i is defined as follows: ⎧ ⎪ fi (ei , ϕ i ) = ||ei (t)||2 − α i ϕ i (t), ⎪ ⎪ ⎪ ⎪ ei (t) = qi (tki τ ) − qi (t), ⎪ ⎪ i ⎪ ⎪ ⎨ ϕ i (t) = ϕ 2 (t) + ϕ 2 (t), x,i || v,i || Σ || . j || ⎪ ϕ x,i (t) = ||qi (t) − qj (tkj )||, ⎪ ⎪ ⎪ j ∈Ni || ⎪ || ⎪ Σ || ⎪ j || ⎪ ϕ (t) = ⎪ ||q˙i (t) − q˙j (tkj )||, ⎩ v,i

(7.11)

j ∈Ni

in which .α i is a constant positive control gain that needs to be designed and .ηi (t) is updated by η˙ i (t) = −

.

|| 1 1 || ||ei (t)||2 − α i ||ϕ i (t)|| − di ηi (t) , di > ϑ(L). 2c 2c

(7.12)

7.3 Dynamic Event-Triggered Secure Control Design for Networked Robotic. . .

171

By using the definition of .ei (t) and .si , it yields q(t) ˙ = s − (L ⊗ In ) (e(t) + q(t)) .

(7.13)

.

Remark 7.2 In this chapter, the adaptive event-trigger condition proposed in [43] is improved for extending its application range to second-order nonlinear robotic systems. In addition, the restrictions on .ρ i and .ϕ i are relaxed in (7.10). .ϕ i can be chosen as any nonnegative formula that facilitates the achievement of the control objective, which makes the controller proposed in (7.10) also work well, even if the control objective changes. The proof will be presented in the next subsection. Then the following theorem is presented. Theorem 7.1 (Stability Without DoS Attacks) For the networked robotic systems (7.5), its communication topology .G is a strongly connected directed graph, and then the control objective (7.6) can be achieved as .t → ∞ under the distributed dynamic event-trigger controller (7.7)–(7.12), if the following condition is hold: ⎞ 2ϑ(L) ||Ω ⊗ In || || , .c ∈ 0, || T 2 ||L Ω L ⊗ In || ⎛

(7.14)

where .ϑ(L) > 0 and .Ω have been given in Lemma 1.4 and .L is the Laplacian matrix of .G. Proof The proof of Theorem 7.1 can be divided into the following four parts: (i) lim si → 0; .(ii) lim q˙i → 0; .(iii)η˙ i < 0 and .ηi (t) is always a positive

.

t→∞

t→∞

constant; and .(iv) the Zeno behavior is eradicated. Part 1. Proof of (i): Consider the following Lyapunov candidate function: ⎞ 1 Σ ⎛ T T si M i (qi )si + θ˜ i Ωi−1 θ˜ i 2 N

V1 (t) =

.

(7.15)

i=1

in which .M i (qi ) and .Ωi are defined in (7.5) and (7.7), respectively. Thus, the Lyapunov function is a positive definite function. Taking the derivative of (7.15) along (7.9), that is, V˙1 (t) = .

N ⎛ Σ

˙ i (qi )si si T M i (qi )s˙i + θ˜ i Ωi−1 θ˙˜ i + 12 si T M

i=1 N Σ

=−

i=1

T

⎞ (7.16)

si T kiτ si

≤0

where the second} equation of (7.7) and Property 2.2 are used to obtain (7.16). Define { i i i . t ,t ,··· ,t ki as the set of trigger instants of the ith robot, and .t ∈ [t1 , t2 ). Then 1i 2i

172

7 Dynamic Event-Based Secure Coordination of Networked Robotic Systems. . .

it could be concluded that .V˙1 (t) ≤ 0; therefore, .si ∈ L∞ . Define .Δt as an arbitrarily small positive constant. According to (7.16), there is { τ} . min ki

⎛

N t2 Σ t1

{ } = min kiτ ⎛ ⎛

t1i

i=1

⎛ ⎛

t1i

i

t1

N Σ

⎛ si T si dt +

i=1

V˙1 (t)dt +

i

≤−

si T si dt

⎛

t2i

i

t1i +Δt

t1

N Σ

t2i

i

t1i +Δt i=1 i

⎛ si T si dt + · · · +

V˙1 (t)dt + · · · +

⎛

t2

N Σ

tki +Δt i=1 i

⎞ si T si dt

⎞

t2 tki +Δt

V˙1 (t)dt

i

i

≤ V1 (t1 ) − V1 (t2 ) .

(7.17)

According to (7.17), it concludes that and .

N Σ

N ⎛ t2 Σ

.

t1

si T si dt is convergent. Thus,

i=1

s˙i are both continuous and bounded. Therefore, .

i=1

N Σ

si T si and .

i=1

N Σ

.

N Σ

si

i=1

si T s˙i are

i=1

continuous and bounded, while .t ∈ [t1 , t2 ). According to the Barbalat lemma, we have .si → 0 as .t → ∞. Part 2. Proof of (ii): Since .si is bounded, (7.13) could be rewritten as follows: p(t) ˙ = − (L ⊗ In ) (e(t) + p(t)) ,

.

(7.18)

where .p(t) = (C ⊗ In )q(t) and .C = In − 1n γ T . Consider the following Lyapunov function: V2 (t) =

.

ΣN 1 T p (t) (Ω ⊗ In ) p(t) + η (t). i=1 i 2

(7.19)

The derivative of (7.19) is given as ˙ + V˙2 (t) = pT (t)(Ω ⊗ In )p(t)

N Σ

.

η˙ i (t)

i=1

= −pT (t)(ΩL ⊗ In )(e(t) + p(t)) +

ΣN

η˙ (t). i=1 i

(7.20)

By using Young’s inequality, there is || c || || || V˙2 (t) ≤ −ϑ(L) ||Ω ⊗ In || p(t)2 + ||LT Ω 2 L ⊗ In || p(t)2 2 ΣN 1 ΣN + ei (t)2 + η˙ (t). i=1 i=1 i 2c

.

(7.21)

7.3 Dynamic Event-Triggered Secure Control Design for Networked Robotic. . .

173

Substituting (7.12) into (7.21), one obtains || ΣN c || || || di ηi (t). V˙2 (t) ≤ −ϑ(L) ||Ω ⊗ In || p(t)2 + ||LT Ω 2 L ⊗ In || p(t)2 − i=1 2 (7.22)

.

Obviously, .V˙2 (t) < 0 could be ensured by limiting the upper bound of c, which will be proposed in the next part of the proof. Thus, it can be concluded that . lim pi → 0 t→∞ and . lim q˙i → 0. t→∞

Part 3. Proof of (iii): For robot i, due to the limitation of the event-triggering policy (7.10), there must be .||ei (t) ||2 ≤ α i ϕ i (t) + ρ1 ηi (t) when the condition is not i triggered, and the error will be reset to 0 after triggering. Therefore, one obtains .

−

αi 1 1 ||ei (t) ||2 ≥ − ||ϕ i (t) || − η (t) . 2c 2c 2cρ i i

(7.23)

Substituting (7.23) into (7.12), for any .ϕ i (t) ≥ 0, we have .

η˙ i (t) ≥ −

⎛

1 2cρ i

⎞ + di ηi (t) .

(7.24)

According to (7.24), one obtains ηi (t) ≥ ηi (0) e

.

⎛ ⎞ 1 − 2cρ +di t i

> 0.

(7.25)

According to (7.25), one obtains .η˙ (t) < 0, .η (t) > 0. Therefore, according to (7.22), we have || || || ˙2 (t) ≤ −ϑ(L) ||Ω ⊗ In || p(t)2 + c || (7.26) .V ||LT Ω 2 L ⊗ In || p(t)2 . 2 After some simple calculation, we have 2ϑ(L) ||Ω ⊗ In || || c < || T 2 ||L Ω L ⊗ In ||

.

(7.27)

At this point, the proof of theorem is complete, and the exclusion of Zeno behavior will be explained in the next section. Remark 7.3 Note that the event-trigger conditions in (7.10) do not need to obtain the real-time states of neighbors. In the absence of DoS attacks, the stability of the system can be ensured when parameters are designed as Theorem 7.1. In addition, the proof for showing that the Zeno behavior does not exist under the controller proposed in this chapter will be presented in the next subsection.

174

7 Dynamic Event-Based Secure Coordination of Networked Robotic Systems. . .

Remark 7.4 Unlike the result in [41], the introduction of dynamic variables in this chapter can significantly reduce the number of event-trigger instants at the beginning of the coordination process and reduce the risk of Zeno behavior. Also, as described in Remark 7.2, the introduction of a nonnegative function makes the design of the controller more flexible, and the information of neighbors is not necessary for deciding trigger instants if there is .ϕ i = 0. Furthermore, the number of control gains that need to be determined in Theorem 7.1 is much smaller than those in the theorem proposed in [41], which makes the proposed controller easier to be applied in practice.

7.3.2 Control Design and Analysis in the Presence of DoS Attack In this subsection, a security control strategy is proposed to ensure resilience under DoS attacks, and the stability of the proposed control approach under DoS attacks is analyzed. The controller is still designed as (7.7), and the event-triggered update policies can be rewritten in the following form. ¯ the auxiliary variable .q˙ri is designed as its form in (7.8). For .t ∈ Ξ¯ , For .t ∈ H, the auxiliary variable .q˙ri in (7.8) can be rewritten as .

q˙ri = −

┐ Σ ┌ j qi (tkii (ζ m ) ) − qj (tkj (ζ ) ) . m

j ∈Ni

(7.28)

According to the form of the auxiliary variable predefined in (7.28) and the dynamic event-trigger method defined in (7.10), the data transmission time can be written as follows: { } ⎧ ( ) ¯ inf t|t > tkii , ρ i fi ei , ϕ i ≥ ηi (t) t ∈ H, i .tk +1 = (7.29) i t i + Δ∗ t ∈ Ξ¯ , ki

in which .Δ∗ has been proposed in (7.3). Then the closed-loop system of switching controllers under DoS attack can also be written as ⎧ τ ⎪ ⎨ M i (qi ) s˙i = −ki si − C i (qi , q˙i ) si + Yi θˆ i . (7.30) θ˙ˆ i = −Ωi YiT si ⎪ ⎩ q˙i = si + q˙ri The main result for this part is given as follows. Theorem 7.2 (Convergence Under DoS Attacks) Given networked robotic systems (7.5) under DoS attacks that satisfy Assumptions 7.1 and 7.2, the condition (7.14) in Theorem 7.1 is hold. By using the controller (7.30), resilient coordination

7.3 Dynamic Event-Triggered Secure Control Design for Networked Robotic. . .

175

can be achieved if the parameters of DoS attacks meeting ⎛ .

1 Δ∗ + τN τD

⎞
ϑ(L). Thus, as .t ∈ H, V3 (t) ≤ e−α˜ 1 (t−tm−1 −Δm−1 ) V3 (tm−1 + Δm−1 ).

.

(7.36)

For .t ∈ Ξ¯ , there is ⎞ ⎛ ΣN 1 T b pˆ (ξ m )p(ξ η˙ (t), ˆ m ) + pT (t) LT Ω 2 L ⊗ In p(t) + V˙3 (t) ≤ i=1 i 2 2b (7.37)

.

where .η˙i (t) = 0 when .t ∈ Ξ¯ , then we have ⎞ ⎛ b 1 T pˆ (ξ m )p(ξ ˆ m ) + pT (t) LT Ω 2 L ⊗ In p(t). V˙3 (t) ≤ 2 2b || || ˆ m )||, one has Then if .||p(t)|| > ||p(ξ .

⎛ ⎞ ΣN ηi (t) ≤ α˜ 2 V3 (t), V˙3 (t) ≤ α˜ 2 V3 (t) −

.

in which .α˜ 2 =

i=1

|| || 1+b2 ||LT Ω 2 L⊗In || . 2b||Ω⊗In ||

(7.38)

(7.39)

|| || ˆ m )||, there is While if .||p(t)|| ≤ ||p(ξ

V˙3 (t) ≤ α˜ 2 V3 (ξ m ).

(7.40)

V3 (t) ≤ eα˜ 2 (t−ξ m ) V3 (ξ m ), t ∈ Ξ¯ .

(7.41)

.

Therefore, we have .

Combining (7.36) and (7.41), we have V3 (t) ≤ e

.

| | | | ¯ −α˜ 1 |H (0,t)| α˜ 2 |Ξ¯ (0,t)|

e

V3 (0)

≤ e−α˜ 1 (t−|Ξ (0,t)|)+α˜ 2 |Ξ (0,t)| V3 (0) ¯

¯

≤ e−α˜ 1 t+(α˜ 1 +α˜ 2 )|Ξ (0,t)| V3 (0) ¯

⎛

≤e

⎞ ˜ τ 1 + τΔ∗ ) t α(T −α˜ 1 +α( ˜ D +(TN +1)Δ∗ ) N D

e

V3 (0),

(7.42)

7.3 Dynamic Event-Triggered Secure Control Design for Networked Robotic. . .

177

in which .α˜ = α˜ 1 + α˜ 2 . Therefore, the auxiliary variable .ω(t) can be defined as follows: ⎛

ω(t) = e

⎞ ˜ τ 1 + τΔ∗ ) t α(T −α˜ 1 +α( ˜ D +(TN +1)Δ∗ ) N D

e

.

V3 (0).

(7.43)

Obviously, .V3 (t) ≤ ω(t) for .t ∈ (t1 , t2 ). Therefore, we have .V˙3 (t) ≤ ω(t). ˙ According to (7.43), we have ⎛

⎞ 1 Δ∗ + ) ω(t). .ω(t) ˙ = −α˜ 1 + α( ˜ τD τN

(7.44)

According to the solution of (7.42)–(7.44), one yields ⎞ ⎛ Δ∗ 1 ˜ ) ω(t). + V˙3 (t) ≤ −α˜ 1 + α( τN τD

.

In summary, .−α˜ 1 + (α˜ 1 + α˜ 2 )

⎛

1 τD

+

Δ∗ τN

⎞

(7.45)

< 0 such that .V˙3 (t) < 0.

Part 2. Exclusion of Zeno behavior: In this part, the Zeno behavior is proved not to exist in the control approach proposed in this chapter. ¯ by using .ei (t) = qi (t i ) − qi (t) and the first equation of (7.32). The For .t ∈ H, ki derivative of .ei (t) can be written as .e(t) ˙ = − (L ⊗ Im ) (e(t) + q(t)). Then, we have ⎛ e(t) =

t

.

tki

⎛ e(t)ds ˙ =

i

Σ

t

tki j ∈N i i

j

qi (tkii ) − qj (tkj )ds.

(7.46)

|| ||2 || || By using (7.29), the next event is triggered when .||e(tkii+1 )|| = α i ϕ i (t) + ρ1 ηi (t), i and .ηi > 0, .ϕ i (t) > 0 are always hold as .t ∈ (t1 , t2 ). Then, (7.46) could be expressed as

(α i ϕ i (t) +

.

1 2

1 η (t)) = θi i

⎛

t

tki

i

|| || || || || || Σ i i || || qi (tki ) − qj (tkj )||ds || || ||j ∈Ni

Before coordination of the desired variables is achieved, the conditions || || || || Σ || || i i || || . qi (tki ) − qj (tkj )|| > 0, || || ||j ∈Ni || || || i || ||e(tki+1 )|| > 0,

(7.47)

178

7 Dynamic Event-Based Secure Coordination of Networked Robotic Systems. . .

will always hold. That is, .tkii+1 > tkii is strictly hold. For .t ∈ Ξ¯ , it can be easily get that Zeno behavior does not exist from (7.29). Remark 7.5 Note that in Theorem 7.2, under the same control parameters, a smaller .Δ∗ will make the system better able to withstand DoS attacks. In addition, the control method proposed in this chapter does not require the system parameters of each robot. That is, the proposed controller is suitable for heterogeneous networked robotic systems with different system parameters.

7.4 Simulation Results In this section, some simulation results are given to verify the effectiveness of the proposed resilient coordination controller for the networked robotic system under DoS attacks. The directed topology with six robots is shown in Fig. 7.2, which is strongly connected. The simulation results can be divided into the following two parts: coordination without DoS attacks and coordination under DoS attacks. Each robot is modeled as a planar manipulator with two revolute joints [44], whose inertia matrix, Coriolis matrix, and gravitational force matrix are respectively given by ┌ M i (qi ) =

.

┐ d1i + d2i + 2d3i cos(q2i ) d2i + d3i cos(q2i ) , d2i d2i + d3i cos(q2i ) ┌

┐ −d3i sin(q2i )q˙2i −d3i (q˙1i + q˙2i ) .C i (qi , q ˙i ) = , 0 d3i q˙1i sin(q2i ) ┌ Gi (qi ) =

.

┐ d4i cos(q1i ) + d5i g cos(q1i + q2i ) . d5i cos(q1i + q2i )

The simulation results of coordination of networked robotic systems without DoS attacks are shown in Figs. 7.3, 7.4, and 7.5. Figure 7.3 shows the trigger instants of Fig. 7.2 Communication network



  





7.4 Simulation Results

179

6

Event for agent i

5

4

3

2

1 0

5

10 Time(s)

15

20

Fig. 7.3 Communication time instants of each robot without DoS attacks 10

0

agent1 agent2 agent3

agent4 agent5 agent6

-10 0

5

10

15

20

10 0 agent1 agent2 agent3

-10

agent4 agent5 agent6

-20 0

5

10

15

20

Time(s)

Fig. 7.4 Position consensus of the multiple robotic systems without DoS attacks

each robot in the absence of DoS attacks, which verifies the effectiveness of the proposed algorithm in solving the coordination problem. The totally trigger instants of all robots is 82 with the parameters selected in this chapter. Figures 7.4 and 7.5 show that the coordination control problem of the networked robotic system can be solved by the proposed control strategy. The evolution of .ηi (t) is shown in Fig. 7.6.

180

7 Dynamic Event-Based Secure Coordination of Networked Robotic Systems. . . 20 agent1 agent2 agent3

10

agent4 agent5 agent6

0 -10 0

5

10

15

20

0 agent1 agent2 agent3

-20 -40 0

5

10

agent4 agent5 agent6

15

20

Time(s)

Fig. 7.5 Velocity consensus of the multiple robotic systems without DoS attacks 10 agent1 agent2 agent3

Dynamic variable

8

6 2

4

1

2

0 16

agent4 agent5 agent6

10 -3

17

18

19

20

0 0

5

10

15

20

Time(s)

Fig. 7.6 Dynamic variable of the multiple robotic systems without DoS attacks

The simulation results of coordination of networked robotic systems under DoS attacks are shown in Figs. 7.7, 7.8, and 7.9. DoS attack appeared in 1–1.5 s, 2– 6 s, 8–12 s, 14–16 s, and 17–18 s, which is shown in Fig. 7.10; let .Δ∗ = 0.1s in this simulation. By using the same parameters as in the above case, under the aforementioned DoS attacks, the number of event-trigger constants in Fig. 7.7 is 148 totally. Figures 7.8 and 7.9 show that the cooperative control problem under DoS attacks is solved as stated in Theorem 7.2 with the control algorithm proposed in this chapter.

7.5 Conclusions

181

Fig. 7.7 Communication time instants of each robot under DoS attacks

6

Event for agent i

5

4

3

2

1 0

5

10

15

20

Time(s)

Fig. 7.8 Position consensus of the multiple robotic systems under DoS attacks

10

0

agent1 agent2 agent3

agent4 agent5 agent6

-10 0

5

10

15

20

10 0 agent1 agent2 agent3

-10

agent4 agent5 agent6

-20 0

5

10

15

20

Time(s)

7.5 Conclusions We have studied the resilient coordination problem of networked robotic systems under DoS attacks in this chapter. To solve the uncertainty of the system parameters, an adaptive controller is introduced. When the system is subjected to DoS attacks, a sampled-data-based dynamic event-trigger is designed to ensure that the system can reach coordination under the limited DoS attacks.

182

7 Dynamic Event-Based Secure Coordination of Networked Robotic Systems. . .

Fig. 7.9 Velocity consensus of the multiple robotic systems under DoS attacks

20 agent1 agent2 agent3

10

agent4 agent5 agent6

0 -10 0

5

10

15

20

0 agent1 agent2 agent3

-20 -40 0

5

10

agent4 agent5 agent6

15

20

Time(s) 1

DoS Attacks

Fig. 7.10 DoS attack sequence on the networked robotic system

DoS attacks

0.5

0 0

5

10

15

20

Time(s)

References 1. Miao, G., Cao, J., Alsaedi, A., Alsaadi, F.E: Event-triggered containment control for multiagent systems with constant time delays. J. Frank. Inst. 354(15), 6956–6977 (2017) 2. Dai, X., Wang, C., Tian, S., Huang, Q.: Consensus control via iterative learning for distributed parameter models multi-agent systems with time-delay. J. Frank. Inst. 356(10), 5240–5259 (2019) 3. Wang, Y., Ma, Z., Chen, G.: Distributed control of cluster lag consensus for first-order multiagent systems on quad vector fields. J. Frank. Inst. 355(15), 7335–7353 (2018) 4. Wang, G., Wang, X., Li, S.: Sliding-mode consensus algorithms for disturbed second-order multi-agent systems. J. Frank. Inst. 355(15), 7443–7465 (2018) 5. Mousavinejad, E., Ge, X., Han, Q.L., Lim, T.J., Vlacic, L.: An ellipsoidal set-membership approach to distributed joint state and sensor fault estimation of autonomous ground vehicles. IEEE/CAA J. Autom. Sin. 8(6), 1107–1118 (2021) 6. Ning, B., Han, Q.L., Zuo, Z.: Bipartite consensus tracking for second-order multiagent systems: a time-varying function-based preset-time approach. IEEE Trans. Autom. Control 66(6), 2739–2745 (2021) 7. Gong, P., Han, Q.L.: Fixed-time bipartite consensus tracking of fractional-order multi-agent systems with a dynamic leader. IEEE Trans. Circuits Syst. II: Express Briefs 67(10), 2054– 2058 (2020) 8. He, W., Xu, B., Han, Q.L., Qian, F.: Adaptive consensus control of linear multiagent systems with dynamic event-triggered strategiess. IEEE Trans. Cybern. 50(7), 2996–3008 (2020) 9. Su, H., Chen, G., Wang, X., Lin, Z.: Adaptive second-order consensus of networked mobile agents with nonlinear dynamics. Automatica 47(2), 368–375 (2011)

References

183

10. Chen, C., Modares, H., Xie, K., Lewis, F.L., Wan, Y., Xie, S.: Reinforcement learning-based adaptive optimal exponential trackingcontrol of linear systems with unknown dynamics. IEEE Trans. Autom. Control 64(11), 4423–4438 (2019) 11. Yang, T., et al.: Distributed energy resource coordination over time-varying directed communication networks. IEEE Trans. Control Netw. Syst. 6(3), 1124–1134 (2019) 12. Chen, C., Lewis, F.L., Xie, S., Modares, H., Liu, Z., Zuo, S., Davoudi, A.: Resilient adaptive and h-∞ controls of multi-agent systems under sensor and actuator faults. Automatica 102, 19–26 (2019) 13. Ding, D., Han, Q.L., Xiang, Y., Ge, X., Zhang, X.M.: A survey on security control and attack detection for industrial cyber-physical systems. Neurocomputing 275, 1674–1683 (2018) 14. Wei, J., Fang, H.: Multi-agent consensus with time-varying delays and switching topologies. J. Syst. Eng. Electron. 25(3), 489–495 (2014) 15. Ren, W., Beard, R.W.: Consensus of information under dynamically changing interaction topologies. In: Proceedings of the 2004 American Control Conference, Boston, pp. 4939–4944 (2004) 16. Ji, Y., Tang, S., Liu, N., Wang, G., Li, Q., Zhang, J.: Distributed consensus of networked Lagrangian systems with unknown nonidentical control directions. IEEE Access 8, 44590– 44598 (2020) 17. Guo, M., Xu, D., Liu, L.: Cooperative output regulation of heterogeneous nonlinear multiagent systems with unknown control directions. IEEE Trans. Autom. Control 62(6), 3039–3045 (2017) 18. Ding, L., Han, Q., Ge, X., Zhang, X.: An overview of recent advances in event-triggered consensus of multiagent systems. IEEE Trans. Cybern. 48(4), 1110–1123 (2018) 19. Liu, X., Du, C., Lu, P., Yang, D.: Distributed event-triggered feedback consensus control with state-dependent threshold for general linear multi-agent systems. Int. J. Robust Nonlinear Control 27(15), 2589–2609 (2017) 20. Almeida, J., Silvestre, C., Pascoal, A.: Synchronization of multiagent systems using eventtriggered and self-triggered broadcasts. IEEE Trans. Autom. Control 62(9), 4741–4746 (2017) 21. Adaldo, A.: Event-triggered pinning control of switching networks. IEEE Trans. Control Netw. Syst. 2(2), 204–213 (2015) 22. Liuzza, D., Dimarogonas, D.V., Di Bernardo, M., Johansson, K.H.: Distributed model based event-triggered control for synchronization of multi-agent systems. Automatica 73, 1–7 (2016) 23. Wang, X., Su, H., Wang, X., Chen, G.: Fully distributed event-triggered semiglobal consensus of multi-agent systems with input saturation. IEEE Trans. Ind. Electron. 64(6), 5055–5064 (2017) 24. Zhang, W., Tang, Y., Liu, Y., Kurths, J.: Event-triggering containment control for a class of multi-agent networks with fixed and switching topologies. IEEE Trans. Circuits Syst. I: Regular Papers 64(3), 619–629 (2017) 25. Amini, A., Asif, A., Mohammadi, A.: A unified optimization for resilient dynamic eventtriggering consensus under denial of service. IEEE Trans. Cybern. 52(5), 2872–2884 (2022) 26. Girard, A.: Dynamic triggering mechanisms for event-triggered control. IEEE Trans. Autom. Control 60(7), 1992–1997 (2015) 27. Garcia, E., Cao, Y., Casbeer, D.W.: Periodic event-triggered synchronization of linear multiagent systems with communication delays. IEEE Trans. Autom. Control 62(1), 366–371 (2017) 28. Dimarogonas, D.V., Frazzoli, E., Johansson, K.H.: Distributed event-triggered control for multi-agent systems. IEEE Trans. Autom. Control 57(5), 1291–1297 (2012) 29. Teixeira, A., Shames, I., Sandberg, H., Johansson, K.H.: A secure control framework for resource-limited adversaries. Automatica 51, 135–148 (2015) 30. Zhang, L., Zhang, H.: A survey on security and privacy in emerging sensor networks: from viewpoint of close-loop. Sensors 16(4), 443 (2016) 31. Lun, Y.Z., D’Innocenzo, A., Smarra, F., Malavolta, I., Benedetto, M.D.D.: State of the art of cyber-physical systems security: an automatic control perspective. J. Syst. Softw. 149, 174–216 (2019)

184

7 Dynamic Event-Based Secure Coordination of Networked Robotic Systems. . .

32. Cetinkaya, A., Ishii, H., Hayakawa, T.: An overview on denial-of-service attacks in control systems: Attack models and security analyses. Entropy 21(2), 210 (2019) 33. Feng, Z., Hu, G.: Secure cooperative event-triggered control of linear multiagent systems under DoS attacks. IEEE Trans. Control Syst. Technol. 28(3), 741–752 (2020) 34. Feng, Z., Hu, G.: Distributed secure leader-following consensus of multi-agent systems under dos attacks and directed topology. In: IEEE International Conference on Information and Automation (ICIA), Macau, pp. 73–79 (2017) 35. Wang, Y., Ishii, H.: Resilient consensus through event-based communication. IEEE Trans. Control Netw. Syst. 7(1), 471–482 (2020) 36. Jin, X., Haddad, W.M., Yucelen, T.: An adaptive control architecture for mitigating sensor and actuator attacks in cyber-physical systems. IEEE Trans. Autom. Control 62(11), 6058–6064 (2017) 37. Torre, G.D.L., Yucelen, T.: Adaptive architectures for resilient control of networked multiagent systems in the presence of misbehaving agents. Int. J. Control 91(3), 495–507 (2018) 38. Lu, A.Y., Yang, G.H.: Input-to-state stabilizing control for cyber-physical systems with multiple transmission channels under denial of service. IEEE Trans. Autom. Control 63(6), 1813–1820 (2017) 39. Xu, W., Ho, D.W.C., Zhong, J., Chen, B.: Event/self-triggered control for leader-following consensus over unreliable network with DoS attacks. IEEE Trans. Neural Netw. Learn. Syst. 30(10), 3137–3149 (2019) 40. Xu, W., Ho, D.W.C., Zhong, J., Chen, B.: Input-based event-triggering consensus of multiagent systems under denial-of-service attacks. IEEE Trans. Syst. Man Cybern. Syst. 50(4), 1455– 1464 (2020) 41. Li, X., Chen, C., Lyu, Y., Xie, K.: Event-based resilience to dos attacks on communication for consensus of networked Lagrangian systems. Int. J. Robust Nonlinear Control 31(6), 1834– 1850 (2021) 42. Yu, H., Chen, T.: On zeno behavior in event-triggered finite-time consensus of multi-agent systems. IEEE Trans. Autom. Control 66(10), 4700–4714 (2021) 43. He, W., Xu, B., Han, Qian, Q.F.: Adaptive consensus control of linear multiagent systems with dynamic event-triggered strategies. IEEE Trans. Cybern. 50(7), 2996–3008 (2020) 44. Spong, M.W., Hutchinson, S., Vidyasagar, M.: Robot Dynamics and Control, 2rd edn. Wiley Press, New York (2004)

Chapter 8

Self-Triggered Secure Coordination of Networked Robotic Systems Under Asynchronous DoS Attacks

Abstract In this chapter, self-triggered distributed secure coordination control problem of networked robotic systems with event-triggered communication under DDoS attacks is considered. Unlike the results in Chaps. 6 and 7, this chapter considers the effects of DDoS in a self-triggered control scheme. A novel distributed dynamic event-triggered scheme is proposed to schedule the communication source under asynchronous DoS attacks on different channels. Then, a self-triggered scheme is designed to reduce the updating number of the control signals. Under the proposed adaptive control scheme, the asymptotic synchronization of the closedloop system is guaranteed under DoS attacks. Neither the control strategy nor the dual-terminal event-triggered scheme needs a global information. Also, no Zeno behavior occurs under the proposed event-based control and communication framework. Finally, case studies are provided to show the effectiveness of the proposed method. Keywords Networked robotic systems · Asynchronous DoS attack · Self-trigger cooperative control

8.1 Introduction Wireless communication is necessary for a networked system to obtain the states or outputs of its neighbors to update their control signals [1–3]. With the increasing cyber attack issues, it is hard to guarantee a completely secure network environment. The dependence on wireless communication of networked robotic systems leads to the risk of system instability due to cyber attacks. Therefore, it is important to design a secure control scheme for networked robotic systems to achieve the control objectives and maintain system performance against cyber attacks [4]. DoS attacks are one of the most common cyber attacks that affect the security of networked robotic systems by interrupting information transmission. Some works on solving the resilient synchronization problem of MASs under DoS attacks have been obtained [5–10]. However, there are a large number of nonlinear systems in the real world, in which the typical one is networked robotic systems, which is modeled © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2024 X. Li et al., Secure Coordination Control of Networked Robotic Systems, https://doi.org/10.1007/978-981-99-9359-8_8

185

186

8 Self-Triggered Secure Coordination of Networked Robotic Systems Under. . .

by the Euler-Lagrange equation. The unknown impact of complex nonlinearities on system performance is an important issue that needs to be overcome by designing secure control schemes. Different from the full-channel attack scenario studied in [5, 11–13] and the ones in Chaps. 6 and 7, it is more difficult for networked robotic systems to withstand against DoS attacks from multiple adversaries, since the impact of DDoS attacks on the communication network is more complex in this case. In addition, it can be seen from Chaps. 6 and 7 that the eigenvalues of the Laplacian matrix of the communication topology are used in event-triggered coordination control design, which is a common shortcoming in most existing works on distributed control of the MASs [14]. To solve this problem, a fully distributed control strategy under event-triggered communication is proposed against distributed DoS attacks in [15]. Unfortunately, the continuous state information of neighbors is adopted to design the event-triggered strategy, which is difficult to obtain in practice. Therefore, this chapter aims to develop a distributed eventtriggered control scheme for an insecure communication environment without using any global information. This chapter focuses on solving the distributed secure coordination control problem of networked robotic systems under asynchronous DoS attacks. Specifically, a distributed secure synchronization controller with a novel dual-terminal event-triggered scheme is proposed against DoS attacks launched by multiple attackers, which is independent of the eigenvalues of the Laplacian matrix and the continuous state information of neighbors. The main contributions of this chapter are summarized as follows: 1. The proposed controller can guarantee the synchronization objectives of networked robotic systems in an insecure network environment even if there exist complex nonlinearities in the dynamics of the robots. 2. The proposed controller and the event-triggered scheme for networked robotic systems are both distributed, which are independent of the structure of the Laplacian matrix and the continuous state information of neighbors. 3. A novel dual-terminal event-triggered scheme is proposed in this chapter. A selftriggered control scheme is designed on the control channel to save the actuator resources, which is still effective even if the information transmission is blocked by DoS attacks. A dynamic event-triggered communication scheme is proposed to reduce the transmission loads. Zeno behavior is eradicated. The outline of this chapter is as follows. In Sect. 8.2, related preliminaries are introduced, the control problem is established, and the control objective is clarified. A resilient control strategy with dynamic event-triggered communication is proposed in Sect. 8.3. A dual-terminal event-triggered scheme is proposed in Sect. 8.4. Numerical simulations are carried out in Sect. 8.5. Finally, the conclusion is drawn in Sect. 8.6.

8.2 Preliminaries and Problem Statement

187

8.2 Preliminaries and Problem Statement In this section, some preliminaries are presented and some assumptions and definitions are given to describe the synchronization problem. The preliminaries on graph theory can be seen in Sect. 1.4.2.

8.2.1 Networked Robotic Systems In this chapter, the networked robotic systems are modeled by an Euler-Lagrange dynamics, which can be described in the following general form: M i (qi )q¨i + C i (qi , q˙i )q˙i + Gi (qi ) = τ i , i = 1, 2, . . . , N

.

(8.1)

where .qi ∈ Rn is the vector of generalized position of robot i. .M i (qi ) ∈ Rn×n is the symmetric positive definite inertia matrix. .C i (qi , q˙i ) ∈ Rn×n is the Coriolis and centrifugal forces matrix, and .Gi (qi ) is the gravitational force vector. .τ i ∈ Rn is the control input of robot i. The networked robotic systems still deserve Properties 2.1– 2.3; details can be seen in [16, 17].

8.2.2 DoS Attacks When networked robotic systems are subjected to asynchronous DoS attacks, the attacked channel will be disconnected. Figure 8.1 shows the structure of networked robotic systems studied in this chapter and gives an example of the ones under DoS attacks, in which the communication topology can choose any connected directed graph. In this case, the connectivity of the topology will be destroyed, which is harmful to the synchronization process. Suppose that each edge has its ij own independent channel. Let .Am denote the mth launch attack signal on channel ij ij ij ij ¯ ij .(vi , vj ), whose duration is .τ m . Thus, .A m = [Am , Am + τ m ) can be used to denote ij a complete DoS attack. Note that, when .τ m = 0, an impulse attack signal is sent. ij For .[t0 , t] with .t ≥ t0 , let .Ξ (t0 , t) denotes the duration during which channel ij .(vi , vj ) is subjected to DoS attacks, and .H (t0 , t) denotes the duration during which the channel .(vi , vj ) is not subjected to DoS attacks, and then we have ij Ξ ij (t0 , t) = ∪A¯ m ∩ [t0 , t],

.

Hij (t0 , t) = [t0 , t]\Ξ ij (t0 , t). Next, the following assumptions are given to describe the duration and frequency of DoS attacks.

188

8 Self-Triggered Secure Coordination of Networked Robotic Systems Under. . . DoSij

j

电源

DoSik

i

电源

ui (t )

Actuators

yi (t )

ui (t ki i )

Sensors

DoSi

Communication network

Event

Controller/Detector

ui (t ki i ( t ) )

yi (t ki i )

DoSi

Robot i

Communication network

k

y i ( t ki i ( t ) )

Fig. 8.1 An example of networked robotic systems under DoS attacks via event-based communication and control

ij

ij

Assumption 8.1 (DoS Duration [15]) For .TD ≥ 0, τ D > 1, there is .

| | (t − t0 ) | ij | ij |Ξ (t0 , t)| ≤ TD + ij τD ij

(8.2) ij

Assumption 8.2 (DoS Frequency [15]) For .TN ≥ 0, .τ N > 0, there is ij

nij (t0 , t) ≤ TN +

.

(t−t0 ) ij , τN

f ij (t0 , t) ≤

nij (t0 ,t) t−t0

(8.3)

where .nij (t0 , t) denotes the number of DoS attacks on channel .(vi , vj ) in period ij .[t0 , t], and .f (t0 , t) denotes the frequency of DoS attacks on channel .(vi , vj ) in period .[t0 , t]. Due to the event-triggered scheme, the duration of the impact of DoS attacks on the communication channel may be longer than the duration itself. Thus, the duration on channel .(vi , vj ) that is not affected by DoS attacks can be expressed as |Ξ¯ ij (t0 , t)| ≤ |Ξ ij (t0 , t)| + (nij (t0 , t) + 1)Δ∗ , ij

.

ij

where the parameter .Δ∗ is used to define the trial period of restoring the communication when channel .(vi , vj ) is subjected to DoS attacks. Correspondingly, ¯ ij (t0 , t) = [t0 , t]\Ξ¯ ij (t0 , t) denotes the duration on channel .(vi , vj ) that is not .H affected by the DoS attacks.

8.3 Continuous Resilient Controller Design over Event-Triggered. . .

189

Remark 8.1 The upper part of Fig. 8.1 shows the location of each robot in the entire communication network, in which robot i can obtain the information of its in-neighbors. DoS attacks will block some communication channels, whose model has been given in the above subsection. To help guarantee the stability of the system subjected to DoS attacks, a distributed control scheme is proposed, in which an event-triggered scheme is independently designed for each communication channel to reduce the pressure on the communication network. Additionally, a selftriggered scheme is proposed on control channel to weaken the impact of DoS attacks on control inputs. The framework of each robot is shown in the lower part of Fig. 8.1. It is worth noting that robots are connected with its neighbors through mutually independent communication channels, which are represented as edges in the topology, and the robots are represented as vertices in the topology.

8.2.3 Problem Statement This chapter focuses on developing a distributed controller for each robot to achieve the synchronization of the networked robotic systems. Furthermore, a dual-terminal event-triggered scheme is proposed to reduce the impact of attacks on control inputs. The following definitions are given to describe the synchronization control problem. Definition 8.1 (Synchronization Problem) For any .i, j ∈ V, the synchronization problem can be described as follows: .

lim (qj (t) − qi (t)) = 0n , lim q˙i (t) = 0n .

t→∞

t→∞

(8.4)

Definition 8.2 (Zeno Behavior [18]) For any event-triggered scheme, given a finite time interval .[t1 , t2 ] with .0 ≤ t1 < t2 < +∞, Zeno behavior exists if and only if there is a set of trigger instants .{t1i i , t2i i , · · · , tkii } ∈ [t1 , t2 ] for robot i, in which .k → ∞.

8.3 Continuous Resilient Controller Design over Event-Triggered Communication In this section, a resilient controller based on the dynamic event-triggered communication scheme under DoS attacks is proposed. Since the robot dynamics are often used in the modeling of practical robot systems, the uncertain parameters and the complex nonlinearity of these systems bring difficulties to the design of the controller. To solve the above problem, the following model reference adaptive

190

8 Self-Triggered Secure Coordination of Networked Robotic Systems Under. . .

controller is proposed: ⎧ .

τ i = −ki si + Yi θˆ i θ˙ˆ i = −Fi YiT si

(8.5)

Δ in which .Yi = Yi (qi , q˙i , q˙ri , q¨ri ), .θˆ i is the estimate of .θ i ∈ Rl , .ki and .Fi are both positive control gains, and .si = q˙ˆi − q˙ri with .q˙ri being an auxiliary vector, where ij ij .q ˆi = qi (t) for any .t ∈ H¯ ij (t0 , t) and .qˆi = qi (tn ) otherwise. .qi (tn ) is the last successfully transmitted data on channel .(vi , vj ). To achieve the control objectives described in Definition 8.1, the auxiliary variable is designed as follows:

⎧ q˙ri =

.

Σ ij ij − j ∈Ni [qi (tk ) − qj (tk )], t ∈ H¯ ij (t0 , t) Σ ij ij − j ∈Ni [qi (tn ) − qj (tn )], t ∈ Ξ¯ ij (t0 , t),

(8.6)

ij

where .qi (tn ) denotes the last successfully transmitted data on channel .(vi , vj ). For ¯ ij (t0 , t), since the proposed controller does not require continuous information .t ∈ H of neighbors, it saves more communication resources than that proposed in [19]. For ¯ ij (t0 , t), compared with the zero control signal adopted by [11, 20–22], the .t ∈ Ξ proposed controller keeps the attacked robot in a temporary stable state, which helps guarantee the system stability. Following Property 2.3 of the robotic dynamics, there is .M i (qi )q¨ri + C i (qi , q˙i )q˙ri + Gi (qi ) = Yi θ i . By using (8.1) and (8.5), the closed-loop system can be rewritten as M i (qi )˙si = −ki si − C i (qi , q˙i )si + Yi θ˜ i ,

.

(8.7)

where .θ˜ i = θ i − θˆ i . To reduce the occupation of communication resources, the following dynamic event-triggered communication scheme is proposed: ⎧ ij .t k+1

=

ij inf{t > tk | − 2cNm4 ||eij (t)||2 + υ ij ηij (t) ≤ 0}, t ∈ H¯ ij (t0 , t), ij ij tk + Δ∗ , t ∈ Ξ¯ ij (t0 , t),

(8.8)

√ ij where .vij > 0, .eij (t) = qi (tk ) − qi (t) and .Nm ≥ N N − 1. The dynamic variable .η ij (t) is updated by ⎧ η˙ ij (t) =

.

−2cNm4 ||eij (t)||2 − ηij (t), t ∈ H¯ ij (t0 , t), 0, t ∈ Ξ¯ ij (t0 , t).

(8.9)

The introduction of dynamic variables can help adaptively choose the trigger instants and avoid Zeno behavior. The block diagram of robot i with the model reference adaptive controller (8.5) is shown in Fig. 8.2. The introduction of the model reference adaptation scheme enables the networked robotic systems with

8.3 Continuous Resilient Controller Design over Event-Triggered. . .

191

Fig. 8.2 Block diagram of robot i with the model reference adaptive synchronization controller (8.5)

complex nonlinearity can achieve the synchronization control objectives just like that of simple linear CPSs. Here, the plant is the robotic dynamics (8.1) with uncertainties, the controller and the adaptation law are designed as (8.5), and the input command is the event-triggered synchronization algorithm for linear robots. The reference model is chosen as .x = −u, .y = x, where u is the input of the reference model and x and y are its state and output, respectively. In addition, the adaptive estimator can be used to compensate the impact of uncertain parameters on the system. Remark 8.2 It is worth noting that the proposed controller (8.5) and eventtriggered scheme (8.8) are both distributed schemes designed for different communication channels, which are independent of the eigenvalues of the Laplacian matrix. That is, the proposed control scheme does not care how the topology is structured. Additionally, the communication channels are independent of each other such that the networked robotic systems can withstand against attacks from multiple attackers, which is different from the schemes proposed in [15, 23, 24]. Theorem 8.1 Consider the networked robotic systems (8.1), whose communication network can be described by a digraph. By using the proposed controller (8.5) and event-triggered scheme (8.8), the synchronization problem described in Definitions 8.1 and 8.2 can be solved under the DoS attacks that satisfy Assumptions 8.1 and 8.2, and the Zeno behavior is eradicated, if the control parameters are chosen √ as .ki > 0, .d > 0, .Fi > 0, .Nm ≥ N N − 1, .c ∈ ( 14 , 3), and .vij > 0. Additionally, the parameters of the DoS attacks mentioned in Assumptions 8.1 and 8.2 should be ij ij satisfy .TN > 0, .TD > 0, and 1 .

ij

τD

ij

+

Δ∗ ij

τN


0 always holds before the synchronization control objectives are achieved, .V1 (t) ≥ 0 and .V˙1 (t) ≤ 0 also hold before the control objectives are achieved. Therefore, the convergence of .si between two trigger instants can be proved. Let .ti = {ti1 , ti2 , · · · , tik } be the sequence of trigger instants of robot i on all .(vi , vj ) ∈ E. Next, the proof of .limt→∞ si → 0n will be given. Define .Δt as an infinitely small positive constant. According to (8.10), we have

.

min{ki }

⎛ tΣ N

si T si dτ

t0 i=1

⎛⎛

N ti1 Σ

= min{ki }

t0

⎛ +··· + ⎛⎛ ≤−

ti1

⎛ si T si dτ +

i=1

t

N Σ

tik +Δt i=1

⎞

≤V1 (t0 ) − V1 (t).

N Σ

ti1 +Δt i=1

si T si dτ

si T si dτ

V˙1 (τ )dτ + · · · +

t0

ti2

⎛

t

tik +Δt

⎞ V˙1 (τ )dτ (8.11)

⎛t Σ T Since .V1 (t) is bounded, it concludes that . t0 N i=1 si si dτ is bounded. Thus, .si T and continuous and bounded. .si s ˙i is bounded. Let .f (t) = ⎛ .s˙i are both ΣN Therefore, 1 t ΣN T s dτ ; thus, .f¨(t) = T s˙ . According to the Barbalat lemma, s s i=1 i i i=1 i i 2 t0 .limt→∞ f˙(t) → 0 can be concluded from the fact that .limt→∞ f (t) = V1 (t0 ) and ΣN 2 .f¨(t) is bounded. Therefore, .limt→∞ i=1 ||si || → 0. That is, .limt→∞ si → 0n .

8.3 Continuous Resilient Controller Design over Event-Triggered. . .

193

To prove that .limt→∞ (qi (t) − qj (t)) = 0n , define .U (t) = V2 (t) + V3 (t). The compact form of .U (t) can be rewritten as .U (t) = 12 qˆ T (t)(H ⊗ In )q(t) ˆ + ΣN Σ T out ij ¯ ˜ ij (t), where .H = L + A + D . For .t ∈ H (t0 , t), the time i=1 j ∈Ni η derivative of .U (t) is given as ˙ + U˙ (t) = q T (t)(H ⊗ In )q(t)

ΣN Σ

.

j ∈Ni

i=1

η˙ ij (t).

(8.12)

ij Substituting .qi (tk ) = eij (t) + qi (t) into .si = q˙ˆi − q˙ri , we have .q(t) ˙ = s− (L ⊗ In )(e(t) + q(t)). Since s has been proved to be bounded, the stability of the closed-loop system can be guaranteed by stabilizing the following system:

q(t) ˙ = −(L ⊗ In )(e(t) + q(t)).

(8.13)

.

By using (8.13), (8.12), and Young’s inequality, we have U˙ (t) = −q T (t)(H L ⊗ In )(e(t) + q(t)) +

N Σ Σ

.

η˙ ij (t)

i=1 j ∈Ni

≤

1 c T 2 ||L H L ⊗ In ||||e(t)||2 + ||q(t)||2 2 2c

− ||H L ⊗ In ||||q(t)||2 +

N Σ Σ

η˙ ij (t)

i=1 j ∈Ni

≤ 2cNm4

N Σ Σ

||eij (t)||2 +

i=1 j ∈Ni

N Σ Σ

η˙ ij (t)

i=1 j ∈Ni

⎞ N ⎛ 1 ΣΣ 1 ||qi (t)||2 . − 2− 2c di

(8.14)

i=1 j ∈Ni

√ where .Nm is a big number such that .Nm ≥ N N − 1. Substitute (8.9) into (8.14), one obtains ⎞ N ⎛ N Σ Σ 1 ΣΣ 1 ||qi (t)||2 − ηij (t), U˙ (t) ≤ − 2 − 2c di

.

i=1 j ∈Ni

(8.15)

i=1 j ∈Ni

where .c ≥ 14 . According to (8.15), .ηij (t) > 0 can guarantee that .U (t) ≥ 0 and ˙ (t) ≤ 0. From the event-triggered scheme (8.8), we have .U −2cNm4 ||eij (t)||2 + υ ij ηij (t) ≥ 0.

.

(8.16)

194

8 Self-Triggered Secure Coordination of Networked Robotic Systems Under. . .

Substituting (8.16) into (8.9), one obtains ij

ηij (t) ≥ ηij (t0 )e(−υ ij −1)(t−t0 ) > 0. ij

.

(8.17)

Therefore, it can be concluded that .U (t) ≥ 0 and .U˙ (t) ≤ 0, and .limt→∞ (qi (t) − qj (t)) = 0n can be thus obtained. Since .limt→∞ si (t) = 0n , .limt→∞ qi (t) = 0n can be obtained. Therefore, the proof has been completed. ΣN = Since .U (t) can be rewritten as .U (t) = i=1 Ui (t) and .Ui (t) Σ Σ ||H || j ∈Ni d1i qi2 (t) + j ∈Ni ηij (t), by using (8.15), we have U˙ i (t) ≤ −α˜ i Ui (t) ⎞ ⎛ Σ 1 Σ 1 ||qi (t)||2 − α˜ i ηij (t). =− 2− di 2c

.

(8.18)

j ∈Ni

j ∈Ni

where .α˜ i = (4 − 1c ) ||H1 || and .c ∈ ( 41 , 3). For .t ∈ Ξ¯ ij (t0 , t), taking the derivative of .U (t), it yields ˙ˆ U˙ (t) = qˆ T (t)(H ⊗ In )q(t).

(8.19)

.

Similar to the process of obtaining (8.13), we can get ˙ˆ = −(L ⊗ In )q(tnij ). q(t)

(8.20)

.

Substituting (8.20) into (8.19), we have ij U˙ (t) = −qˆ T (t) (H L ⊗ In ) q(tn )

.

By using Young’s inequality, one has 1 T ij d ij ij ij q (tn )q(tn ) U˙ (t) ≤ ||LT H 2 L ⊗ In ||q T (tn )q(tn ) + 2 2d 1 T ij ij ij ij q (tn )q(tn ) ≤ 2dNm4 q T (tn )q(tn ) + 2d ⎞ N ⎛ 1 Σ Σ 1 2 ij q (tn ), ≤ 2dNm4 + di i 2d

.

i=1 j ∈Ni

in which .d > 0. Since .Ui (t) can be rewritten as .Ui (t) = ||H || Therefore, .U˙ i (t) ≤ β˜ i Ui (t) with .β˜ i = (2dNm4 + 1 ) 1 . 2d ||H ||

Σ

1 2 ij j ∈Ni di qi (tn ).

8.3 Continuous Resilient Controller Design over Event-Triggered. . .

195

Combining .Ui (t) on the above two intervals, we have ¯ ij (0,t)| β˜ i |Ξ¯ ij (0,t)|

Ui (t) ≤ e−α˜ i |H

.

e

Ui (0)

¯ ij (0,t)|)+β˜ i |Ξ¯ ij (0,t)|

≤ e−α˜ i (t−|Ξ ≤ e−α˜ i

t+α| ˜ Ξ¯ ij (0,t)|

⎛

⎛ 1 ij τD

−α˜ i +α˜

≤e

+

Ui (0)

Ui (0)

ij Δ∗ ij τN

⎞⎞ t

ij

ij

ij

˜ D +(1+TN )Δ∗ ) eα(T Ui (0),

(8.21)

in which .α˜ = α˜ i + β˜ i . Therefore, the auxiliary variable .ωi (t) can be defined as follows: ⎛

⎛ 1 ij τD

−α˜ i +α˜

ωi (t) = e

.

+

ij Δ∗ ij τN

⎞⎞ t

ij

ij

ij

ij

⎞⎞

˜ D +(1+TN )Δ∗ ) eα(T Ui (0).

(8.22)

From (8.22), it can be concluded that ⎛

⎛

ω˙ i (t) = −α˜ i + α˜

1

.

+

ij

τD

Δ∗

ωi (t).

ij

τN

(8.23)

From the solutions of (8.21)–(8.23), it yields ⎛

⎛

U˙ i (t) ≤ −α˜ i + α˜

.

In summary, .(α˜ i + β˜ i )(

1 ij τD

+

ij

Δ∗ ij τN

ij

1 ij

τD

+

Δ∗

⎞⎞

ij

ω(t).

(8.24)

τN

) − α˜ i < 0 is necessary to guarantee that

U˙ i (t) < 0. Thus, the following condition should be hold:

.

1 .

ij

τD

ij

+

Δ∗ ij

τN


0, there always exists .t − tk > 0, such that Zeno m behavior is eradicated. For .t ∈ Ξ¯ ij (t0 , t), it can be easily get that Zeno behavior does not exist from (8.8). Remark 8.3 Note that in Theorem 8.1, under the same control parameters, a ij smaller .Δ∗ can help the system withstand DoS attacks better. In addition, the resilient control scheme proposed in this chapter does not require any system parameters of each robot. That is, the proposed controller is suitable for heterogeneous networked robotic systems with different system parameters. In addition, it can be obtained from .α˜ i ≤ 1 that .c < 4 − N1m , .Nm ≥ 1, and .c < 3. Therefore, all the parameters in (8.5) can be easily satisfied.

8.4 Self-Triggered Secure Controller Design over Event-Triggered Communication In this section, a dual-terminal event-triggered scheme is proposed. Based on the proposed scheme in the previous section, a self-triggered scheme is designed for each robot, which can weaken the impact of DoS attacks on control inputs by reducing the number of updates required by each actuator. Additionally, the Zeno behavior is eradicated. The self-triggered control scheme is designed as ⎧ .

τ i = −ki si (tkic ) + Yi (tkic )θˆ i (tkic ), θ˙ˆ i = −Fi YiT si ,

(8.27)

where .tkic represents the triggering instants of robot i on its control channel and .si has been defined in (8.5) and (8.6). Then the closed-loop system can be rewritten as ⎧ .

M i (qi )˙si + C i (qi , q˙i )si = −ki si (tkic ) + Yi (tkic )θˆ i (tkic ) − Yi θ i , θ˙ˆ i = −Fi Y T si . i

(8.28)

8.4 Self-Triggered Secure Controller Design over Event-Triggered. . .

197

Before proposing the event-triggered scheme, define .esi = si (tkic ) − si and .eθ i = Yi (tkic )θˆ i (tkic ) − Yi θˆ i as two types of measurement errors. The self-triggered control scheme is designed as tkic +1 = inf{t|t > tkic , ||ki ||||esi || + ||eθ i || > χ i ||si ||},

.

where .χ i =

σi , (t−tki c +ρ i )

(8.29)

where .ρ i ≥ 1 and .||σ i || ≤ ||ki ||.

Remark 8.4 For the controller (8.27), although the continuous state of .si is used to update the value of .θˆ i , the self-triggered controller .τ i only uses the values of each variables at the triggering instants, such that .τ i (t) = τ i (tkic ), where .tkic is the last triggering instant of robot i. Theorem 8.2 Consider the networked robotic systems (8.1), whose communication network can be described by a digraph. Suppose that conditions in Theorem 8.1 are σi hold. Under the self-triggered control scheme (8.27)-(8.29) with .χ i = , i (t−tkc +ρ i )

ρ i ≥ 1, and .||σ i || ≤ ||ki ||, the secure synchronization problem under DoS attacks can thus be solved. In addition, no Zeno behavior exists in the proposed controller.

.

Proof Similar to the proof of Theorem 8.1, the proof of Theorem 8.2 will also be divided into two parts: convergence analysis and absence of Zeno behavior. Part 1. Convergence analysis: Similar Lyapunov function .V (t) used in previous section is considered. Taking the time derivative of .V1 (t), one has V˙1 = −

n Σ

.

siT (ki si (tkic ) − Yi (tkic )θˆ i (tkic ) + Yi θˆ i )

i=1

=−

n Σ

siT ki si −

n Σ

i=1

≤−

n Σ

siT (ki esi − eθ i )

i=1

||ki ||||si ||2 +

i=1

n Σ

||si ||||ki ||||esi || +

i=1

n Σ

||si ||||eθ i ||,

(8.30)

i=1

where the fact that .θ˜ i = θ i − θˆ i and Property 2.1 are used to obtain (8.30). Since the self-triggered condition is equivalent to enforcing .||ki ||||esi || + ||eθ i || ≤ χ i ||si ||, it can be seen that ˙1 ≤ − .V

n Σ i=1

where .χ i =

σi , .ρ i (t−tki c +ρ i )

||ki ||||si || + 2

n Σ

||χ i ||||si ||2 ,

(8.31)

i=1

≥ 1, and .||σ i || ≤ ||ki ||, .V˙1 ≤ 0. Define .{ti1 , ti2 , · · · , tik }

as the sequence of the triggering instants on communication and control channels of robot i, respectively. Similar to (8.11), it can be easily get that .(||ki || −

198

8 Self-Triggered Secure Coordination of Networked Robotic Systems Under. . .

⎛t Σ T ||χ i ||) t0 N i=1 si si dτ ≤ V1 (t0 ) − V1 (t). Therefore, we have .limt→∞ si → 0n . The proof of convergence of .U (t) is omitted here since it is the same as those in Sect. 8.3. Part 2. Absence of Zeno behavior: The exclusion of Zeno behavior can be divided into two parts, the one in the communication channel and the one in the control channel, where the previous one has been completed in Sect. 8.3. Therefore, Zenofree behavior in the control channels will be demonstrated here. Consider that .t ∈ [tkic , tkic +1 ) of robot i, due to the fact that .si (tkic ), .θˆ i (tkic ) and i .Yi (t ) are constants and the time derivative of .||esi || and .||eθ i || satisfies kc .

d||esi (t)|| ≤||˙si (t)||, dt d||eθ i (t)|| ≤||Y˙i (t)θˆ i (t) + Yi (t)θ˙ˆ i (t)||. dt

(8.32)

From Properties 2.1–2.3, it can be concluded that each element of .Yi (t)θˆ i (t) is bounded. Since .Yi (t) is fully known, .Yi (t) and .θˆ i (t) are both bounded. Since .qi , .q ˙i , .q˙ri , and .q¨ri are all continuous and bounded, from the definition of .Yi (t) in Property 2.3, it can be concluded that .Yi (t) is continuous and Lipschitz, and .Y˙i (t) is thus bounded. According to the second equation of (8.27), .θ˙ˆ i (t) is bounded. Let .es∗ and .eθ∗ denote the upper bound of the time derivative of .||esi || and .||eθ i ||, respectively. The following inequality is given: ⎛ ||ki ||||esi || + ||eθ i || ≤

t

.

tki c

(||ki ||es∗ + eθ∗ )ds

≤ (||ki ||es∗ + eθ∗ )(t − tkic ).

(8.33)

When triggering at .tkic +1 , there is i i χ i ||si (tkic +1 )|| < ||ki ||||esi (tk+1 )|| + ||eθ i (tk+1 )|| c c

.

i − tkic ). ≤ (||ki ||es∗ + eθ∗ )(tk+1 c

(8.34)

Since .χ i ||si (tkic +1 )|| ≥ 0 and .||ki ||es∗ + eθ∗ ≥ 0 are always hold, there always exists .tkic +1 − tkic > 0. Thus, Zeno-free behavior is proved.

8.5 Simulation Results

199

8.5 Simulation Results In this section, some simulation results are presented to verify the effectiveness of the proposed secure synchronization controller. The networked robotic systems with five robots is considered in this chapter, where each robot is assumed to be modeled as (8.1). The system matrices of robots are given as ┐ ┌ ┌ ┐ li1 + 2li2 cos qi2 li3 + li2 cos qi2 0 , Gi (qi ) = .M i (qi ) = , li3 + li2 cos qi2 li3 0 ┐ −li2 q˙i2 sin qi2 −li2 (q˙i1 + q˙i2 ) sin qi2 . .C i (qi , q ˙i ) = li2 q˙i1 sin qi2 0 ┌

in which .li = [li1 , li2 , li3 ]T is the system parameters of robot i and .qi = [qi1 , qi2 ]T and .τ i = [τ i1 , τ i2 ]T are the position and the control input of robot i, respectively. The initial physical parameters of robots are chosen as .li = [1.301, 0.256, 0.069]T , .qi = [0.2(i − 1), −0.2(i − 1)]T , .q˙i = [0, 0]T , .ki = 15, ij σi , .Δ∗ = 0.05s, .υ ij = 3 and .Fi = diag{0.1, 0.1, 0.1}, .c = 0.3, .χ i = i t−tkc +1

ηij (0) = 10. The communication topology associated with five robots is shown in Fig. 8.3. In this case, the networked robotic systems are considered subjected to DoS attacks from three independent attackers. Table 8.1 shows the channels that suffer from different attackers. Figure 8.4 shows the attack mode launched by different attackers with different attack duration and frequency. To highlight the impact of DoS attacks on the networked robotic systems and the effectiveness of the resilient controller, two types of DoS attacks with different modes are considered in this simulation, which can be seen in Fig. 8.4a and b, respectively. Next, the simulation results under the two attack modes are presented. The state evolution and triggering instants of the networked robotic systems under the asynchronous DoS attacks are given in Fig. 8.5. It shows the position evolution of the under the asynchronous DoS attacks modeled by Fig. 8.4a, and its two subgraphs represent the position evolution in two dimensions, respectively. At the beginning of the simulation, each robot in Fig. 8.5a is located at its initial position. Robot i obtains its control input .τ i by using the controller (8.5), and its position

.

Fig. 8.3 Communication topology of the networked robotic systems

1 2

5

3

4

200

8 Self-Triggered Secure Coordination of Networked Robotic Systems Under. . .

Table 8.1 Impact of different attackers on different channels

Attacked channels Attacker 1 (.v2 , .v1 ), (.v4 , .v1 ), (.v5 , .v1 ) Attacker 2 (.v1 , .v3 ), (.v2 , .v3 ), (.v3 , .v4 ), (.v4 , .v5 ) Attacker 3 (.v1 , .v2 ), (.v2 , .v4 ), (.v3 , .v5 ), (.v5 , .v4 )

Fig. 8.4 Two types of DoS attack modes on different channels

8.5 Simulation Results

201

Fig. 8.5 State evolution of the networked robotic systems under attack mode I by using controller (8.5)

(a) Position evolution.

(b) Velocity evolution.

10

Dynamic variable

8 6

0.03 0.02

4

0.01

2

0 6

0

0

2

6.5

4

7

7.5

6

Time(s) (c) Dynamic variable evolution.

8

8

202

8 Self-Triggered Secure Coordination of Networked Robotic Systems Under. . .

evolution is obtained according to the system model (8.1). As the synchronization process progresses, the position of each robot gradually tends to a common value, and the control objectives are thus achieved. Similarly, the position evolution of the networked robotic systems under the secure synchronization controller (8.27) is shown in Fig. 8.6a. Figures 8.5b and 8.6b show the velocity evolution of the networked robotic systems under the secure synchronization controller (8.5) and (8.27), respectively. Figure 8.5c shows the evolution of the dynamic variable .ηij on each channel under the controller (8.5). According to (8.9), the value of .ηij will not be updated when channel .(vi , vj ) is subjected to DoS attacks. Similarly, the evolution of the dynamic variable .ηij on each channel under the controller (8.27) is shown in Fig. 8.6c. Figure 8.7 shows the triggering instants on different channels of the networked robotic systems in different scenarios, where Fig. 8.7a and b show the triggering instants on communication channels under the controllers (8.5) and (8.27), respectively. Figure 8.7c shows the triggering instants on the control channel under the controller (8.27). The performance of the event-triggered scheme on communication channels in different scenarios is given in Table 8.2, where .Nmax is the maximum number of triggering instants among all robots, .Tave is the average triggering interval of all robots, and .Tmin is the minimum value of all triggering intervals. Additionally, the performance of the self-triggered scheme under the second mode of DoS attacks is given in Table 8.3. It can be seen that under the proposed secure control scheme, the synchronization of the networked robotic systems can be guaranteed in the presence of DoS attacks. Furthermore, from Figs. 8.8, 8.9, and 8.10 and Table 8.2, it can be seen that the introduction of the self-triggered scheme reduces the response times of the actuator and the control performance is still guaranteed for the networked robotic systems. In addition, the simulation example with the second DoS attack mode is shown in Fig. 8.4a, which is given to clarify the effects of different DoS attack modes. Figures 8.8 and 8.9 show the evolution of the state and the dynamic variable on each channel of the networked robotic systems subjected to the second mode of DoS attacks. It can be seen that the control objectives can still be achieved. Since the duration and frequency of attack modes increase, the convergence time of the system increases accordingly, and the system state fluctuates more violently. The performance of the event-triggered scheme on communication channels under the second mode DoS attacks is given in Table 8.2, and the performance of the selftriggered scheme under the second mode DoS attacks is given in Table 8.3. From the above two tables, it can be seen that the increase of the duration and frequency of the attack modes will also lead to an increase in the number of triggering instants.

8.5 Simulation Results

203

Fig. 8.6 State evolution of the networked robotic systems under attack mode I by using controller (8.27)

(a) Position evolution.

(b) Velocity evolution.

10

Dynamic variable

8 6

0.03 0.02

4 0.01

2

0 6

6.5

7

7.5

8

0 0

2

4

6

Time(s) (c) Dynamic variable evolution.

8

Fig. 8.7 Triggering instants on different channels of the networked robotic systems under the attack mode I in different scenarios (a) on communication channels under controller (8.5), (b) on communication channels under controller (8.27), (b) on control channels under controller (8.27)

Trigger Instants

8 Self-Triggered Secure Coordination of Networked Robotic Systems Under. . .

Time(s) (a)

Trigger Instants

204

Time(s) (b)

(c)

8.6 Conclusion Table 8.2 Performance of the dynamic event-triggered schemes in different scenarios

Table 8.3 Performance of the self-triggered schemes on control channels under different attack modes

205

Nmax .Tave .Tmin .

Fig. 8.7a 32 0.3697 0.0500

Fig. 8.7b 32 0.3411 0.0500

Nmax .Tave .Tmin .

Fig. 8.10a 41 0.2830 0.0500

Fig. 8.10b 50 0.2486 0.0343

Fig. 8.7c 380 0.0214 0.0001

Fig. 8.10c 427 0.0198 0.0001

8.6 Conclusion This chapter focuses on solving the secure synchronization problem of the networked robotic systems under asynchronous DoS attacks. In this case, a dualterminal event-triggered scheme is proposed, where a dynamic event-triggered scheme is designed on the communication channel and a self-triggered scheme is designed on the control channel. Zeno-free behavior is also proved. The proposed controller is independent of any global information and thus has strong robustness. In conclusion, the proposed event-triggered control and communication scheme can achieve secure coordination of networked robotic systems in the presence of DoS attacks with less resource consumption.

206

8 Self-Triggered Secure Coordination of Networked Robotic Systems Under. . .

Fig. 8.8 State evolution of the networked robotic systems under the attack mode II by using controller (8.5)

(a) Position evolution.

(b) Velocity evolution. 10

Dynamic variable

8 6

0.04

4

0.02

2

0 6

0

0

2

6.5

4

7

7.5

6

Time(s) (c) Dynamic variable evolution.

8

8

8.6 Conclusion

207

Fig. 8.9 State evolution of the networked robotic systems under the attack mode II by using controller (8.27)

(a) Position evolution.

(b) Velocity evolution.

10

Dynamic variable

8 6 0.1

4

0.05

2

0 6

0

0

2

6.5

4

7

7.5

6

Time(s) (c) Dynamic variable evolution.

8

8

Fig. 8.10 Triggering instants on different channels of the networked robotic systems under the attack mode II in different scenarios (a) on communication channels under controller (8.5), (b) on communication channels under controller (8.27), (b) on control channels under controller (8.27)

Trigger Instants

8 Self-Triggered Secure Coordination of Networked Robotic Systems Under. . .

Time(s) (a)

Trigger Instants

208

Time(s) (b)

(c)

References

209

References 1. Su, H., Chen, G., Wang, X., Lin, Z.: Adaptive second-order consensus of networked mobile agents with nonlinear dynamics. Automatica 47, 368–375 (2011) 2. Chen, C., Modares, H., Xie, K., Lewis, F.L., Wan, Y., Xie, S.: Reinforcement learning-based adaptive optimal exponential tracking control of linear systems with unknown dynamics. IEEE Trans. Autom. Control 64(11), 4423–4438 (2019) 3. Yang, T., Wu, D., Fang, H., Ren, W., Wang, H., Hong, Y., Johansson, K.H.: Distributed energy resource coordination over time-varying directed communication networks. IEEE Trans. Control Netw. Syst. 6(3), 1124–1134 (2019) 4. Ding, D., Han, Q.L., Xiang, Y., Ge, X., Zhang, X.M.: A survey on security control and attack detection for industrial cyber-physical systems. Neurocomputing 275, 1674–1683 (2018) 5. Feng, S., Tesi, P.: Resilient control under denial-of-service: robust design. In: 2016 American Control Conference (ACC), pp. 4737–4742 (2016) 6. Zhang, D., Liu, L., Feng, G.: Consensus of heterogeneous linear multiagent systems subject to aperiodic sampled-data and DoS attack. IEEE Trans. Cybern. 49(4), 1501–1511 (2019) 7. Li, X., Wen, C., Chen, C.: Resilient cooperative control for networked Lagrangian systems against DoS attacks. IEEE Trans. Cybern. 52(2), 836–848 (2020) 8. Cetinkaya, A., Ishii, H., Hayakawa, T.: An overview on denial-of-service attacks in control systems: attack models and security analyses. Entropy 21(2), 1099–4300 (2019) 9. Deng, Y., Yin, X., Hu, S.: Event-triggered predictive control for networked control systems with DoS attacks. Inform. Sci. 542, 71–91 (2021) 10. Karaki, B.J., Mahmoud, M.S.: Scaled consensus design for multiagent systems under dos attacks and communication-delays. J. Frank. Inst. 358, 3901–3918 (2021) 11. Persis, C.D., Tesi, P.: Input-to-state stabilizing control under denial-of-service. IEEE Trans. Autom. Control 60(11), 2930–2944 (2015) 12. Feng, Z., Hu, G.: Distributed secure leader-following consensus of multi-agent systems under dos attacks and directed topology. In: 2017 IEEE International Conference on Information and Automation (ICIA), pp. 73–79 (2017) 13. Feng, Z., Hu, G.: Distributed tracking control for multi-agent systems under two types of attacks. IFAC Proc. 47(3), 5790–5795 (2014) 14. Yu, W., Zheng, W.X., Chen, G., Ren, W., Cao, J.: Second-order consensus in multi-agent dynamical systems with sampled position data. Automatica 47, 1496–1503 (2011) 15. Xu, W., Hu, G., Ho, D.W., Feng, Z.: Distributed secure cooperative control under denial-ofservice attacks from multiple adversaries. IEEE Trans. Cybern. 50(8), 3458–3467 (2020) 16. Spong, M., Hutchinson, S., Vidyasagar, M.: Robot Modeling and Control. Wiley Press, New York (2005) 17. Nguyen, T.W., Catoire, L., Garone, E.: Control of a quadrotor and a ground vehicle manipulating an object. Automatica 105, 384–390 (2019) 18. Yu, H., Chen, T.: On zeno behavior in event-triggered finite-time consensus of multiagent systems. IEEE Trans. Autom. Control 66(10), 4700–4714 (2021) 19. Sun, Y., Wang, W., Ma, G., Li, Z., Li, C.: Backstepping-based distributed coordinated tracking for multiple uncertain Euler-Lagrange systems. J. Syst. Eng. Electron. 27, 1083–1095 (2016) 20. Xu, W., Ho, D.W.C., Zhong, J., Chen, B.: Event/self-triggered control for leader-following consensus over unreliable network with DoS attacks. IEEE Trans. Neural Netw. Learn. Syst. 30(10), 3137–3149 (2019) 21. Feng, Z., Hu, G.: Secure cooperative event-triggered control of linear multiagent systems under DoS attacks. IEEE Trans. Control Syst. Technol. 28(3), 741–752 (2020) 22. Lu, A.-Y., Yang, G.-H.: Input-to-state stabilizing control for cyber-physical systems with multiple transmission channels under denial of service. IEEE Trans. Autom. Control 63(6), 1813–1820 (2018)

210

8 Self-Triggered Secure Coordination of Networked Robotic Systems Under. . .

23. Yang, Y., Li, Y., Yue, D., Tian, Y.C., Ding, X.: Distributed secure consensus control with eventtriggering for multiagent systems under DoS attacks. IEEE Trans. Cybern. 51(6), 2916–2928 (2021) 24. Yang, Y., Li, Y., Yue, D.: Event-trigger-based consensus secure control of linear multi-agent systems under dos attacks over multiple transmission channels. Sci. China Inform. Sci. 63, 1–14 (2020)

Chapter 9

Secure Coordination of Networked Robotic Systems with Adversarial Nodes

Abstract In this chapter, secure coordination problem of networked robotic systems with adversarial nodes is considered, where some robots are hacked and lost control. Unlike other chapters that consider DoS attacks, the malicious node attacks considered in this chapter are generally more harmful. To this end, a novel algorithm called norm-based resilient decision algorithm is proposed to exclude the impact of adversarial nodes. To ensure the coordination of networked robotic systems, the maximum number of adversarial agents related to the robustness of the communication network is given. Under the proposed resilient consensus algorithm, secure coordination is guaranteed with adversarial nodes. Then the proposed resilient controller is extended to static formation scenarios. Finally, the effectiveness of the proposed method is demonstrated through case studies. Compared to the existing results, the proposed algorithm can reduce computing resources by designing auxiliary vectors and converting them into scalars to remove extreme values. Keywords Networked robotic systems · Resilient coordination · Cyber attacks · Adversarial environment · Robust graph

9.1 Introduction It is worth noting that the networked robotic systems face various risks posed by insecure network environments due to the openness of their communication networks. Some results have been developed for networked robotic systems under adversarial environments to ensure the security coordination. For example, [1] addressed the resilient practical cooperative output regulation problem under DoS attacks. A distributed control algorithm is proposed in [2] to deal with the situation where the system is under DoS attack from multiple adversaries. Huo et al. [3] proposes an observer-based approach to reduce the impact of false data injection (FDI) attacks on the consensus performance of MASs. Unfortunately, the above methods impose strict restrictions on attack forms, which are difficult to guarantee

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2024 X. Li et al., Secure Coordination Control of Networked Robotic Systems, https://doi.org/10.1007/978-981-99-9359-8_9

211

212

9 Secure Coordination of Networked Robotic Systems with Adversarial Nodes

in an adversarial environment, where adversaries may simulate different types of cyber attacks simultaneously to mislead healthy agents. To achieve the security consensus of MASs in adversarial environments, some resilient control algorithms are developed. In [4], based on the mean subsequence reduced (MSR) algorithm, a resilient controller characterized by network robustness named weighted MSR is proposed to guarantee consensus in adversarial environments. Many meaningful results have been proposed on this basis to solve the consensus problem of MASs, e.g., [5–8]. In [5], an impulse control approach is proposed for second-order MASs in continuous time to reach consensus in the presence of cyber attacks. A resilient output regulation scheme is proposed in [7] to solve the consensus control problem of MASs under Byzantine agents. The resilient consensus problem of MASs with state constraints is solved in [8]. Similar resilient decision algorithms are adopted in [5, 7, 8] to remove the extreme values, that is, removing a certain number of maxima and minima in each dimension of the system, respectively. The computational resources required by this algorithm increase as the system dimension increases. Also, this algorithm does not perform well in systems with complex nonlinearities. To reduce the requirement on computing resources, a novel secure decision algorithm based on state reconstruction is proposed in [6] for linear systems, which converts state vectors into scalars and removes extreme values, thereby ensuring the secure coordination. However, since the algorithm is closely related to the system model, it is difficult to extend it to nonlinear networked robotic systems. To fill the mentioned gaps, this chapter focuses on developing a novel resilient decision algorithm for high-dimensional nonlinear networked robotic systems to guarantee the security coordination process. The proposed algorithm excludes the impact of adversarial nodes by designing auxiliary variables related to the control objective and removing extreme values. Compared to the existing algorithms, the proposed algorithm requires less computational resources in high-dimensional systems and performs better in nonlinear networked robotic systems. The main contributions of this chapter are summarized as follows: 1. A novel resilient decision algorithm called norm-based resilient decision (NBRD) algorithm is proposed for networked robotic systems in this chapter, which reduces the occupation of computing resources by designing auxiliary vectors and converting them into scalars, making it technically feasible. This makes the proposed algorithm easier to be applied to higher-dimensional systems than the existing algorithms in [5, 7, 8]. Furthermore, the proposed resilient decision algorithm is independent of any global information and the system models, which makes it easier to extend to different scenarios than the one in [6]. 2. A fully distributed resilient control strategy is proposed for networked robotic systems under the directed graph. This means that the controller is independent of any global information, which makes it possible to guarantee the achievement of the resilient control objectives under the directed communication topology, which is dynamically deleted unreliable edges by resilient decision algorithms. Then the proposed algorithm is extended to static formation scenarios and verified by case studies.

9.2 Preliminaries and Problem Statement

213

The outline of this chapter is given as follows. The problem is established in Sect. 9.2. A novel resilient algorithm is proposed in Sect. 9.3, and it is applied to resilient consensus and static formation scenarios in Sect. 9.4. Section 9.5 presents the numerical simulations to verify the proposed control scheme. Section 9.6 concludes this chapter.

9.2 Preliminaries and Problem Statement In this section, some technical preliminaries are given, which are useful for further analysis. More details on the graph theory can be found in Chap. 1.4.2. For convenience, the definitions on graph robustness are given. The resilience of a communication network is crucial for analyzing its ability to withstand against attacks, and the following definitions are introduced to characterize the resilience of a graph [9]. Definition 9.1 (r-Reachable and r-Robustness [5]) A nonempty set .S0 is considered r-reachable if there exists .i ∈ S0 such that .|Ni \S0 | ≥ r. For any two disjoint nonempty vertex sets .Sa and .Sb belonging to a graph .G = {E, V}, .G is r-robustness if either of them is r-reachable. Furthermore, if .Sb = V\Sa , then .G is strongly r-robustness.

9.2.1 Networked Robotic Systems This chapter focuses on networked robotic systems with N robots modeled by Lagrangian dynamics, which are described as follows: M i (qi )q¨i + C i (qi , q˙i )q˙i + Gi (qi ) = τ i , i = 1, · · · , N

.

(9.1)

where .qi is the generalized position of agent i, .M i (qi ) is the inertia matrix, C i (qi , q˙i ) is the Coriolis and centripetal matrix, .Gi is the gravity vector, and .τ i is the control input of robot i. Moreover, we have .M i (qi ), C i (qi , q˙i ) ∈ Rn×n and .qi , Gi , τ i ∈ Rn . The common properties of Lagrangian dynamics are given in Properties 2.1–2.3. Lagrangian dynamics are widely used in modeling practical systems. A large number of mechanical systems can be modeled by Lagrangian dynamics, e.g., planar elbow manipulators, underwater robots, and unmanned aerial systems [10]. However, high dimensionality and complex nonlinearity usually exist in Lagrangian systems, which brings difficulties to the analysis of its resilient control problem. Therefore, to demonstrate the effectiveness of the proposed method, this chapter considers the networked robotic systems modeled by Lagrangian dynamics.

.

214

9 Secure Coordination of Networked Robotic Systems with Adversarial Nodes

9.2.2 Attack Model In this chapter, a complex network environment with adversarial nodes is considered. Before going on, define .F as the set of adversarial robots and .H = V\F as the set of healthy robots that always obey the predefined control rules. Adversarial robots are completed manipulated by adversaries to compromise the security of networked robotic systems, whose possible behavior patterns can be summarized as follows [4, 11]: . A malicious robot updates its state according to a trajectory carefully planned by adversaries arbitrarily to disrupt the coordination process of healthy robots. It sends incorrect but consistent values to all robots in the communication network. . A Byzantine robot can update its own state arbitrarily and transmit inconsistent state or output to different out-neighbors. The above model is widely used to model the adversarial robots, such as [4, 5, 7, 8, 11, 12]. To guarantee the security of healthy robots under the worst-case environment, adversarial robots are assumed to be aware of the entire network and the private functions available to all other ones; the strength and form of the attacks have not imposed any restrictions. In this chapter, the distribution of adversarial robots in the communication network is restricted by f -local or f -total attack models, which can be described as Definition 9.2 (f -Total and f -Local Attack [5]) If there are at most f adversarial agents in a communication network, i.e., .|F|⨅ ≤ f , then the network is said to be under an f -total attack. Furthermore, if .|Ni F| ≤ f for any agent i, then the system is said to be under an f -local attack. Remark 9.1 Note that there may exist more adversarial robots in the communication topology when subject to an f -local attack. For a clear description of the difference between the above two attack models, an example is given in Fig. 9.1, where the red nodes are adversarial ones. Therefore, the f -total attack model is a special case of the f -local attack model. These two attack models are first proposed in [13] and subsequently widely used in [4, 5, 7, 8, 11, 12]. Since attackers usually have limited resources, it is reasonable to limit the number of adversarial agents. Fig. 9.1 Example of a + 1)-robustness graph who is subject to (a) f -total attack and (b) f -local attack, where .f = 1

.(2f

(a) f -total attack model, f =1

(b) f -local attack model, f =1

9.3 Resilient Decision Algorithm

215

Remark 9.2 Note that the above attack model does not limit the strength and form of attacks. Adversarial robots can perform different types of cyber attacks based on their knowledge of the entire communication topology and private functions of healthy nodes, e.g., replay attacks, denial-of-service (DoS) attacks, false data injection (FDI) attacks, etc. [11]. Therefore, it is meaningful to study the resilient control strategies of networked robotic systems in adversarial environments.

9.2.3 Problem Statement This chapter focuses on developing a fully resilient coordination control algorithm for networked robotic systems modeled by Lagrangian dynamics, such that it can achieve consensus under complex cyber attacks. The control objective can be summarized as follows. Problem 9.1 (Resilient Consensus Problem) For consensus control problem of healthy robots, design controller for (9.1) such that .

lim (qj (t) − qi (t)) = 0n , lim (q˙j (t) − q˙i (t)) = 0n .

t→∞

t→∞

(9.2)

where .i ∈ H and .j ∈ H. As stated in [14], in the presence of Byzantine nodes in networked robotic systems, for any healthy robot i and its healthy neighbor j , the following objective also should be satisfied: qijm ≤ qij (t) ≤ qijM , q˙ijm ≤ q˙ij (t) ≤ q˙ijM ,

.

(9.3)

where .qij = qj − qi , .q˙ij = q˙j − q˙i , .qijm and .qijM are defined as the upper and lower bounds of .qij (t), respectively. Similarly, .q˙ijm and .q˙ijM are defined as the upper and lower bounds of .q˙ij (t), respectively. That is, .qij (t) and .q˙ij (t) should be kept bounded during the process of resilient consensus.

9.3 Resilient Decision Algorithm In this section, a novel resilient decision algorithm named norm-based resilient decision (NBRD) algorithm is proposed to exclude the impact of adversarial robots on the resilient control process. The details of the NBRD algorithm are given in Algorithm 3. First, construct auxiliary variable .Wi ∈ R w for each robot according to its dimension and the control objectives. For example, .Wi can be constructed as .Wi = [qiT , q˙iT ]T for the consensus control problem in (9.2); for the static formation control problem of MASs, .Wi can be constructed as .Wi = qi − δ i with .δ i being a position bias; for

216

9 Secure Coordination of Networked Robotic Systems with Adversarial Nodes

Algorithm 3 Norm-based resilient decision algorithm (1) Receive the states Wj (t) from all in-neighbors. For all j ∈ Ni \FDi (t), calculate eij (t) by using the following equation. eij (t) = f (cos(θ ij (t)))||Wj (t) − Wi (t)||

(9.4) WT W

where f (x) = −1 if x ≤ 0 and f (x) = 1, otherwise. cos(θ ij (t)) = |Wioio|·|Wijij | and θ ij (t) is the angle between Wio and Wij , where Wio and Wij are the vector from Wi to Wo and the vector from Wi to Wj , respectively. For any j ' ∈ FDi (t), eij ' (t) = maxj ∈Ni \FDi (t) {eij (t)} + 1. (2) Define eiM (t) as the set of positive elements of eij (t), j ∈ Ni . Let δ M i (t) be a set used to store the removed positive extreme elements. Save the largest ψ M = min{|eiM (t)|, f } elements of eiM (t) into δ M i (t). (3) Define eim (t) as the set of negative elements of eij (t), j ∈ Ni . Let δ m i (t) be a set used to store the removed negative extreme elements. Save the smallest ψ m = min{|eim (t)|, f } elements of eim (t) into δ m i (t). U M (4) Let κ ij = 0 for any eij ∈ δ m (t) δ (t) and κ ij = 1 otherwise. i i the scaled consensus [15], the users can choose .Wi = ki qi with .ki being the scaled scalar. In short, the control objective is transformed into the consensus space of vector .Wi , i.e., .limt→∞ Wi − Wj = 0n . Second, robot i computes the scalar .eij for all its in-neighbors by using (9.4) and arranges .eij in descending order. Considering that the adversarial robots may disconnect from some of their out-neighbors, if robot i cannot receive information from any .j ∈ Ni , mark .j ∈ FDi (t) and set M .eij to a large value to remove it. Third, move positive elements of .eij into .e (t) i m and negative elements of .eij into .ei (t), respectively. Then, remove the largest f elements in .eiM (t) and the smallest f elements in .eim (t), but if there are not enough robots, remove all of them. To clarify the process, an example of applying the NBRD algorithm to remove extreme values when .w = 3 is given in Fig. 9.2. First, as shown in Fig. 9.2a, construct a w-dimensional auxiliary space and mark the positions of .Wi and .Wj in it, where .j ∈ Ni . The positions of .Wi and .Wj in the auxiliary space only decided by their values. Choose a reference point .Wo /= Wi in the auxiliary space. Then, let the direction of .Wio be the positive direction in high-dimensional space, which is useful for the judgment of extreme values. Second, calculate the state deviation .Wij = Wio − Wj o , j ∈ Ni . Then, rotate the vector obtained in the previous step to a direction parallel to .Wio by the smallest angle. Note that, for the vectors perpendicular to .Wio , they can be rotated to an angle parallel to .Wio from any direction. Then, .eij increase along the direction of .Wio . These processes can be seen in Fig. 9.2b. So far, the basic principle of (9.4) is clarified. By using the proposed algorithm, the smallest .ψ m elements and the largest .ψ M elements of .eij are judged as extreme values, and the corresponding edges are deleted. Figure 9.2c

9.3 Resilient Decision Algorithm

217

Fig. 9.2 An example of using the NBRD algorithm to remove extreme values when .w = 3

shows the process by using Algorithm 3. Next, the following lemma is given on the connectivity of the communication graph by applying the NBRD algorithm. Lemma 9.1 (Connectivity under NBRD Algorithm) For communication network .G that subjects to f -local attacks and f -total attacks, there always contains a directed spanning tree after applying the NBRD Algorithm 3 if and only if .G satisfies .(2f + 1)-robustness. Proof The necessity and sufficiency will be proven separately by using contradiction. Necessity: Suppose that .G is not .(2f + 1)-robustness; define there exist two disjoint nonempty vertex sets .Sa , Sb ⊆ V such that any agent belonging to these ⨅ two sets has (V\Sa )| ≤ 2f .∀i ∈ Sa , |Ni no more than 2f neighbors outside its subset. That is, ⨅ and .∀i ∈ Sb , |Ni (V\Sb )| ≤ 2f . Since the NBRD algorithm will delete .ψ m + ψ M ≤ 2f neighbors with extreme states, none of the agents in .Sa (or .Sb ) have neighbors outside its subset after applying the NBRD algorithm if there is .ψ m + ˜ where .G˜ = {E, ˜ V} ψ M = 2f . That is, there exists no directed spanning tree in .G, ˜ and .E = {(vi , vj )|κ ij aij /= 0}. Sufficiency: Since that .G is .(2f + 1)-robustness and there is at most 2f neighbors with extreme states that will be deleted by using the NBRD algorithm, there exists at⨅ least one pair of disjoint nonempty ⨅ vertex sets .Sa , Sb and there is .∀i ∈ Sa , |N˜ i (V\Sa )| ≥ 1 and .∀i ∈ Sb , |N˜ i (V\Sb )| ≥ 1, where .N˜ i = {vj |(vi , vj ) ∈ ˜ That is, .G˜ still contains a spanning tree after applying the NBRD algorithm. This E}. completes the proof. Remark 9.3 It is worth noting that the resilient scheme proposed in [5–8] requires that the analysis of the resilient control problem for high-dimensional systems be

218

9 Secure Coordination of Networked Robotic Systems with Adversarial Nodes

performed separately in each dimension. Such analysis becomes complicated when there exist complex coupling relationships among the dimensions of the system. The proposed NBRD algorithm simplifies the analysis process of the resilient control problem by converting vector information into the scalar form. Additionally, since the NBRD algorithm judges extreme states only by the positions of auxiliary variables in the state space and do not depend on the model of agents, the algorithm is suitable for both linear and nonlinear systems. Remark 9.4 The computing resources in practical networked robotic systems are always limited; thus, saving computing resources should be considered in the resilient decision algorithm design. The time complexity can well measure the computing resources the algorithm occupies. Since the NBRD algorithm only needs to be executed once regardless of the dimension of the auxiliary variable, the time complexity of the NBRD algorithm can be expressed as .O(1). The number of executions of the algorithm proposed in [5–8] increases linearly as the system dimension increases; the time complexity of these algorithms can be thus expressed as .O(n). The NBRD algorithm thus occupies less computing resources, which makes it technically feasible and easier to be applied to high-dimensional systems. Remark 9.5 After constructing .Wi according to the control objectives, there is eij → 0 if there are no adversarial nodes. Since the adversarial robot k has .eik /= 0 for disrupting the coordination process, the NBRD algorithm guarantees the security of the coordination by excluding extreme values. Even if some adversarial robots are wrongly left, it will not disrupt the coordination, which will be proved in the next section.

.

9.4 Resilient Coordination Control Design In this section, the NBRD algorithm is adopted to solve the resilient consensus control problem and the resilient static formation problem of the networked robotic systems in an adversarial environment. To guarantee that the unreliable edges will not affect the stability of the control system, a fully distributed resilient consensus controller is proposed in this chapter, which does not depend on any global information of the communication topology. Considering the auxiliary variable .si and reference velocity .vi , define .si = q˙i − vi , and the consensus controller is designed as follows: ⎧ τ i = −ki si + Yi (q˙i , qi , v˙i , vi )θˆ i , ⎪ ⎪ ⎪ ⎨ N N Σ Σ a˜ ij (qj − qi ) + ˜1 a˜ ij q˙j , vi = . dii ⎪ j =1 j =1 ⎪ ⎪ ⎩ ˙ˆ θ i = −Ωi YiT (q˙i , qi , v˙i , vi )si .

(9.5)

where .ki , Ωi are both positive control gains and .Yi = Yi (q˙i , qi , v˙i , vi ) and .θ i are given in Property 2.3. .θˆ i is the estimate of .θ i . .A˜ = [a˜ ij ] is the adjacency matrix

9.4 Resilient Coordination Control Design

219

of the communication network which is deleted unreliable edges by the NBRD algorithm, which can be defined as .a˜ ij = κ ij aij and .κ ij have been defined in Algorithm 3. Similarly, define .D˜ and .L˜ as the in-degree matrix and the Laplacian matrix of the topology which is deleted unreliable edges, respectively. Remark 9.6 Note that the existing controllers designed for directed graphs rely on the global information of the communication topology to design control parameters, such as [16, 17]. However, as the NBRD algorithm changes the communication topology, such global information will be changed accordingly and the original control parameters may not be able to guarantee the stability of the control system. Therefore, it is necessary to design a fully distributed controller for directed topologies for the resilient control objective. Then the main result is given as follows. Theorem 9.1 Consider the networked robotic systems (9.1) with N robots. Suppose that the communication network is .(2f + 1)-robustness, and then under the secure coordination controller (9.5) and Algorithm 3, the secure control objectives described in (9.2) and (9.3) are achieved in the presence of f -local attacks and f -total attacks. Proof It is worth noting that according to Lemma 9.1, the connectivity of the graph G can be guaranteed. Consider three sets .Sim (t), .SiM (t), .Sih (t) for any healthy robots .i ∈ H as .

Sim (t) = {j ∈ Ni |eij ∈ δ m i (t)}, M M . S (t) = {j ∈ Ni |eij ∈ δ (t)}, i i U h m / Si (t) SiM (t)}. Si (t) = {j ∈ Ni |j ∈

(9.6)

M where .δ m in Algorithm 3. Although the elements i (t) and .δ i (t) have beenUdefined U h in .Si (t) are time-varying, .Sih (t) Sim (t) SiM (t) = Ni is always hold. Since adversarial robots can adjust their attack strategies to the states of healthy ones, it is difficult to guarantee that there are no adversarial robots in .Sih (t) every time. Next, the effect of this phenomenon on stability will be analyzed. As shown in Fig. 9.3, the relationship between set .Sih and set .F can be divided into two cases, namely,

Fig. 9.3 Possible cases of elements in .Sim , .SiM , and .Sih , (a) .Sih (t)

⨅

F = ∅ and (b) .Sih (t)

⨅

F /= ∅

220

9 Secure Coordination of Networked Robotic Systems with Adversarial Nodes

⨅ ⨅ (a) .Sih (t) F = ∅ and (b) .Sih (t) F = / ∅. For the first case, adversarial robots will not affect the consensus process; thus, it only needs to prove that the consensus problem described in (9.2) and (9.3) can be achieved under the controller (9.5), and the analysis will be given next. T

Consider the Lyapunov function as .V1i = 12 siT M i (qi )si + 12 θ˜ i Ωi−1 θ˜ i . Taking its derivative, one has .V˙1i = −ki siT si , where Property 2.2 and the last equation of (9.5) Σ are used. More details can also be seen in previous chapters. Let .V1 = N i=1 V1i ; Σ N T ˙ ˙ ˙ thus, .V1 = i=1 V1i . Therefore, .V1 ≥ 0 and .V1 ≤ 0 holds for any .s s ≥ 0 and ˙1 = 0 holds if and only if .s T s = 0. Then, it can be concluded that .si , θ i ∈ L∞ and .V .limt→∞ ||si || = 0. Furthermore, to prove that .eij → 0 for any .j ∈ Sih (t), .qij , q˙ij ∈ L∞ and .qij , q ˙ij → 0n as .t → ∞ must be obtained. Next, the proof of this part will be given. According to the definition of .si , we have .s = (D˜ −1 L˜ ⊗ In )q˙ + (L˜ ⊗ In )q. Following [18], introducing .Q ∈ R(n−1)×n . ⎛ −1 + (n − 1)μ 1 − μ −μ ⎜ ⎜−1 + (n − 1)μ −μ 1 − μ .Q = ⎜ ⎜ .. .. .. ⎝ . . . −1 + (n − 1)μ −μ · · ·

⎞ · · · −μ .. ⎟ .. . . ⎟ ⎟ ⎟ .. . −μ ⎠ −μ 1 − μ

where .μ =

√ n− n n(n−1) .

In −

Therefore, the definition of .si can be rewritten as

1 T n 1n 1n .

(9.7)

From (9.7), there is .Q1n = 0n−1 , QQT = In−1 , QT Q =

˜ T ⊗ In )q˙ˆ + (QLQ ˜ T ⊗ In )q. sˆ = (QHQ ˆ

.

(9.8)

˜ Since it has where .sˆ = (Q ⊗ In )s, .qˆ = (Q ⊗ In )q, .qˆ = (Q ⊗ In )q and .H˜ = D˜ −1 L. been concluded that .G˜ always contains a directed spanning tree after applying the ˜ T and NBRD algorithm if .G is .(2f + 1)-robustness, all of the eigenvalues of .QLQ T ˜ .QHQ have positive real parts. Therefore, taking .sˆ as the input and .qˆ as the state, system (9.8) is input-to-state stable. Then it can be concluded that .qˆ ∈ L∞ from .s ˆ ∈ L∞ . Thus, .qˆ˙ ∈ L∞ from (9.8). Since .||(Q ⊗ In )s|| ≤ ||Q ⊗ In ||||s||, we have .limt→∞ ||ˆ s || = 0 from .limt→∞ ||s|| = 0. Furthermore, for an input-to-state stable ˙ˆ = 0. system (9.8), .limt→∞ ||ˆs || = 0 means .limt→∞ ||q|| ˆ = 0, thus .limt→∞ ||q|| ˜ T ∈ L∞ and the fact that the product of multiple bounded matrices is still Since .LQ ˜ T Q ⊗ In )q = (L(I ˜ n − 1 1n 1Tn ) ⊗ In )q = (L˜ ⊗ In )q ∈ L∞ . bounded, we have .(LQ n Similarly, we have .limt→∞ ||(L˜ ⊗ In )q|| = 0. Following the same process, it can be concluded that .(L˜ ⊗ In )q˙ ∈ L∞ and .limt→∞ ||(L˜ ⊗ In )q|| ˙ = 0. Therefore, the resilient consensus problem described in (9.2) and (9.3) can be solved by using (9.5) and the NBRD algorithm. The above conclusion holds whatever the elements in .Sih (t) are.

9.4 Resilient Coordination Control Design

221

⨅ For the second case, define .Sia (t) = Sih (t) F as the set of agents who are U ⨅ wrongly kept and define .Siw (t) = (SiM (t) Sim (t)) H as the set of agents who are wrongly removed. For any .z ∈ Sia (t) and .eiz > 0, since z is wrongly kept, it can be concluded that there must have at least one healthy robot .j ∈ SiM (t) that is wrongly removed, which satisfies .|eiz | < |eij |. Similarly, if .eiz < 0, it is easy to find a healthy agent .j ∈ Sim (t) satisfying .|eij | < |eiz |. Therefore, a healthy agent w .j ∈ S (t) can always be found for any .eiz /= 0, such that .|eiz | = ιij |eij |, where i m M ' .ιij ∈ (0, 1]. For .eiz = 0, a couple of healthy agent .j ∈ S (t) and .j ∈ S (t) such i i m M that .eiz = ιij eij + (1 − ιij )eij ' can always be found if .Si (t) /= ∅ and .Si (t) /= ∅. Otherwise, the agent i can connect to the communication network through other neighbors. Furthermore, it can be concluded that the following inequality holds for any .Sih (t): Σ .

||Wij ||2 =

Σ

||Wij ||2 +

≤

Σ

j ∈Sir (t)

ι2ij ||Wij ||2

j ∈Siw (t)

j ∈Sir (t)

j ∈Sih (t)

Σ

U

Siw (t)

||Wij ||2

(9.9)

in which .Wij = Wi − Wj , .Sir (t) = Sih (t)\Sia (t). Therefore, the topology which is deleted unliable edges can always be equivalent to a topology that only contains all healthy agents. Then, by applying the proof of the first case, it can be concluded that the control objectives can be achieved. So far, it can be concluded that resilient consensus can be achieved whether .Sia (t) is empty or not. For a clear description, an example is given in Fig. 9.4, where .G is a 3-robustness graph that is applying the NBRD algorithm to withstand against the 1-local attack. In Fig. 9.4, the red agents are adversarial agents, the blue agents are healthy agents, and the gray edges are ˜ those edges that are deleted in .G. Remark 9.7 Note that .Wi is jointly determined by the control objective and the controller. For example, if the second equality in (9.2) is redefined as . lim q˙i (t) = t→∞

problems. Accordingly, the 0n , which is a common objective in static consensus Σ reference velocity .vi can be redefined as .vi = j ∈Ni a˜ ij (qj − qi ) and .Wi can be chosen as .Wi = qi . The proof should be changed correspondingly. Next, the proposed resilient consensus algorithm is extended to solve the static formation problem by using the NBRD algorithm. Define the auxiliary variable .si,s = q ˙i − vi,s and .qi,s = qi − Qi , where .Qi is a predefined offset variable. The consensus-based formation controller is designed as follows: ⎧ ⎪ τ i = −ki,s si,s + Yi (q˙i,s , qi,s , v˙i,s , vi,s )θˆ i , ⎪ ⎪ ⎨ N Σ a˜ ij (qj,s − qi,s ), vi,s = . ⎪ j =1 ⎪ ⎪ ⎩ ˙ˆ θ i = −Ωi,s YiT si,s ,

(9.10)

222

9 Secure Coordination of Networked Robotic Systems with Adversarial Nodes

Fig. 9.4 An example of a 3-robustness graph applying the NBRD algorithm to withdtand against the 1-local attack: (a) the initial topology .G , (b) the changed topology .G˜ , (c) the equivalent topology ' .G˜ and .˜ιij ∈ (0, 1] is the weight of the equivalent edge

where .ki,s , Ωi,s are both positive control gains and it can be concluded that .q˙i,s = q˙i Σ and .v˙i,s = N ˜ ij (q˙j − q˙i ). Then the following corollary is given. j =1 a Corollary 9.1 Consider the networked robotic systems (9.1) with N robots. Suppose that the communication network is .(2f + 1)-robustness, and then under the formation controller (9.10) and Algorithm 3, the secure formation control objectives are achieved by choosing .Wi = qi − Qi for each robot in the presence of f -local attacks and f -total attacks. The proof of Corollary 9.1 is the same as that of Theorem 9.1 and omitted here. In addition, the method proposed in this chapter can also be extended to large-scale sensor networks as described in [19–21] to exclude the impact of unreliable sensor information on the state estimation caused by cyber attacks, environmental noise, and other factors. Remark 9.8 This chapter considers the secure coordination problem of networked robotic systems under adversarial nodes whose behavior patterns are given in 9.2.2. Note that for the case that adversarial robots hacked by attackers are omniscient and their behavior patterns can be changed arbitrarily, it is hard to design resilient schemes against certain types of cyber attacks in this scenario. The proposed resilient control scheme thus focuses on helping to achieve control objectives under adversarial agents, rather than precisely identifying adversarial robots. In other words, the proposed resilient control scheme removes information that is harmful to achieving the control objective and does not care about which robot is the adversarial one.

9.5 Simulation Results

223

9.5 Simulation Results In this section, some numerical examples are given to verify the effectiveness of the proposed NBRD algorithm.

9.5.1 Simulation Examples In this subsection, networked robotic systems with nine robots are considered, where each one can be modeled as (9.1) with the system matrices being given as ┐ ┌ ┌ ┐ li1 + 2li2 cos qi2 li3 + li2 cos qi2 0 , Gi (qi ) = .M i (qi ) = , li3 + li2 cos qi2 li3 0 ┌ C i (qi , q˙i ) =

.

┐ −li2 q˙i2 sin qi2 −li2 (q˙i1 + q˙i2 ) sin qi2 . li2 q˙i1 sin qi2 0

in which .qi = [qi1 , qi2 ]T is the position, .τ i = [τ i1 , τ i2 ]T is the control input, and .li = [li1 , li2 , li3 ]T is the system parameters of robot i. Choosing the initial physical parameters of robots as .li = [1.301, 0.256, 0.069]T , .ki = 5, .qi = [0.1(i − 1), −0.1(i − 18)]T , .Ωi = diag{0.1, 0.1, 0.1}, .Wo = [1, 1, 0, 0]T . Figure 9.5 shows the communication network, which is a 5-robustness digraph subjecting to a 2-local attack. According to Theorem 9.1 and Definition 9.2, healthy robots can tolerate at most two adversarial agents existing in their neighbors. To simulate a harsh interaction environment, assume that both the malicious and the Byzantine robots are existing in the in-neighbor set of each healthy one. Therefore, robot 5 is modeled as a malicious node, and both robots 4 and 6 are modeled as Byzantine nodes. According to the behavior pattern described in Sect. 9.2.2, robot 5 updates its trajectory with an acceleration given as .q¨5 = [15 cos(3t), 2 cos(4t) + 3.5 sin(6t)]T , which is known by the entire system. Since the Byzantine node can Fig. 9.5 Communication topology of the networked robotic systems

1

2

3

4

5

6

7

8

9

224

9 Secure Coordination of Networked Robotic Systems with Adversarial Nodes

transmit different information to its different out-neighbors, the behavior pattern of robot 6 is modeled as (1) injecting false data and measurement noise to the information transmitted to robots 8 and 9, and the attack modeling follows the form in [22], and (2) replacing the information transmitted to robots 2 and 3 with the old information that has been transmitted before in some time periods, the attack modeling follows the form in [23], which is also known as replay attacks. Then, let 6→j .x6 (t) denote the right information of robot 6, and .x (t) denote the information 6 transmitted from robot 6 to its out-neighbor j , which can be summarized as follows: ⎧ j ∈ [2, 3], t ∈ (7s, 13s], ⎨ x6 (t − 1), 6→j .x (t) = j ∈ [2, 3], t ∈ (13s, 25s], x (t − 4), 6 ⎩ 6 x6 (t) + α 6j + β 6j , j ∈ [8, 9].

(9.11)

where .α 6j = sin(j t) min{xj , x6 (0)} is the false data, .β 6j = 0.5 cos(t) is the measurement noise. In addition, the behavior pattern of Byzantine robot 4 is designed as a fault robot. Assuming that the control input required by robot 4 at time t is .τ r4 (t), the control input practically available to robot 4 is designed as r r T .τ 4 (t) = τ (t).∗[0.2, sin(4t)+1] and it computes .τ (t) without using any resilient 4 4 decision algorithm. In addition, robot 4 will be disconnected from robot 1. To highlight the effectiveness of the NBRD algorithm, a comparison case study is presented. The resilient decision algorithm commonly used to remove extreme values in the existing literature is shown in [5, 7, 8]. As a typical algorithm shown in [8], the so-called MSR in this chapter makes robot i obtain information from each in-neighbor, sorts the received information, and removes extreme values in each Figures 9.6 and 9.7 show the evolutionΣ of position error .eix = Σ dimension. ⨅ a |q − q | and the velocity error .ev = ⨅ j j ∈Ni H ij i j ∈Ni H aij |q˙i − q˙j | i of healthy robots under different resilient decision algorithms, respectively. From Figs. 9.6a and 9.7a, it can be seen that attackers can easily disrupt the coordination without the resilient decision algorithm. Comparing Figs. 9.6b and 9.7b with Figs. 9.6c and 9.7c, it can be seen that although the MSR algorithm can help the networked robotic systems approach the control objectives under adversarial attacks, the impact of adversaries has not been completely excluded. Figure 9.8 shows the comparison on the ability of the MSR algorithm and the NBRD algorithm to exclude the impact of adversaries, where .κ˜ ij = 0 means that the information from robot j is removed by all its out-neighbors; otherwise, .κ˜ ij = 1, it can be seen that the proposed NBRD algorithm performs better. The performance comparison can also be seen in Table 9.1, where .Ti , i ∈ [4, 6] is the influence time of the three adversarial nodes in robot network, respectively. It can be seen that the NBRD algorithm can more effectively exclude the impact of adversarial robots.

9.5 Simulation Results Fig. 9.6 Position error evolution of networked robotic systems with different resilient decision algorithms. (a) No resilient algorithm, (b) MSR algorithm [8], (c) NBRD algorithm

225 10

4

290 A1 A2 A3

3

A7 A8 A9

2 1 0

0 10

4

0.05

291 A1 A2 A3

3

0.1

0.15

0.2

0.1 Time(s)

0.15

0.2

A7 A8 A9

2 1 0

0

0.05

(a) A1

A3

A2

A7

A8

A9

1 0.02 0.01

0.5

0

0

15

0

16

17

18

5

19

20

21

10

22

23

15

20

25

20

25

1 10 8 6 4 2

0.5

10-3

15

0

0

16

17

18

5

19

20

21

10

22

23

15 Time(s)

(b) A3

A2

A1

A7

A8

A9

3 0.01

2

0 -0.01 15

1 0

0

16

17

5

18

19

20

21

10

22

23

15

20

25

20

25

3 0.01

2

0

1 0

-0.01 15

0

5

16

17

18

19

20

21

10

15 Time(s)

(c)

22

23

226

9 Secure Coordination of Networked Robotic Systems with Adversarial Nodes

Fig. 9.7 Velocity error evolution of networked robotic systems with different resilient decision algorithms. (a) No resilient algorithm, (b) MSR algorithm [8], (c) NBRD algorithm

10 293

4

A7 A8 A9

A1 A2 A3

3 2 1 0

0 10

4

0.05

294

0.15

0.2

0.1 Time(s)

0.15

0.2

A7 A8 A9

A1 A2 A3

3

0.1

2 1 0

0

0.05

(a) A1

1

A3

A2

A7

A8

A9

0.02 0.01

0.5

0

0

15

16

0

19

20

21

22

10 A1

0.04

23

15 A3

A2

20 A7

25

A8

A9

0.02

1

0

0.5 0

18

5

2 1.5

17

15

16

0

17

18

5

19

20

21

22

10

23

15

20

25

Time(s)

(b) A1

4

A3

A2

A7

A8

A9

0.01

3

0

2

-0.01 15

16

17

18

19

20

21

22

23

1 0

0

5

10

15

20

25

20

25

6 0.01

4

0 -0.01 15

2 0

0

16

5

17

18

19

20

21

10

22

15 Time(s)

(c)

23

9.5 Simulation Results

227

Fig. 9.8 Impact of adversarial nodes on networked robotic systems under different resilient decision algorithms. (a) MSR algorithm [8], (b) NBRD algorithm

1 0 0

5

10

15

20

25

0

5

10

15

20

25

0

5

10 15 Time(s) (a)

20

25

0

5

10

15

20

25

0

5

10

15

20

25

0

5

10

15

20

25

1 0

1 0

1 0

1 0

1 0 Time(s) (b)

Table 9.1 Performance comparison of different resilient decision algorithms to exclude the impact of adversarial robots

T4 0s 1.4959s

.

NBRD algorithm MSR algorithm

T5 0.062s 1.5329s

.

T6 0.17s 3.1399s

.

228

9 Secure Coordination of Networked Robotic Systems with Adversarial Nodes

9.6 Conclusion This chapter considers the secure coordination problem of high-dimensional networked robotic systems modeled by Lagrangian dynamics. A novel algorithm named norm-based resilient decision (NBRD) algorithm is proposed to ensure the coordination by designing auxiliary variables related to the control objectives and using the norm of the auxiliary variables to remove extreme values dynamically. Connectivity of the communication topology can be guaranteed even in the presence of adversarial nodes under the proposed NBRD algorithm. Rigorous proof and case studies have been presented, which verified the effectiveness of the proposed algorithm.

References 1. Deng, C., Zhang, D., Feng, G.: Resilient practical cooperative output regulation for MASs with unknown switching exosystem dynamics under DoS attacks. Automatica 139, 110172 (2022) 2. Xu, W., Hu, G., Ho, D.W. and Feng, Z.: Distributed secure cooperative control under denialof-service attacks from multiple adversaries. IEEE Trans. Cybern. 50(8), 3458–3467 (2020) 3. Huo, S., Wu, H., Zhang, Y.: Secure consensus control for multi-agent systems against attacks on actuators and sensors. Int. J. Robust Nonlinear Control 32(8), 4861–4877 (2022) 4. LeBlanc, H.J., Zhang, H., Koutsoukos, X., Sundaram, S.: Resilient asymptotic consensus in robust networks. IEEE J. Sel. Areas Commu. 31(4), 766–781 (2013) 5. Yan, J., Wen, C., Liu, X.-K., Xing, L.: Resilient impulsive control for second-order consensus under malicious nodes. IEEE Trans. Circuits Syst. II: Express Briefs 68(6), 1962–1966 (2021) 6. Bai, Y., Wang, J.: Resilient consensus of continuous-time linear networked systems. IEEE Trans. Circuits Syst. II: Express Briefs 69(8), 3500–3504 (2022). https://doi.org/10.1109/ TCSII.2022.3161369 7. Yan, J., Deng, C., Wen, C.: Resilient output regulation in heterogeneous networked systems under Byzantine agents. Automatica 133, 109872 (2021) 8. Shang, Y.: Resilient consensus in multi-agent systems with state constraints. Automatica 122, 109288 (2020) 9. Yan, J., Mo, Y., Li, X., Xing, L., Wen, C.: Resilient vector consensus: an event-based approach. In: 2020 IEEE 16th International Conference on Control & Automation (ICCA), pp. 889–894 (2020) 10. Spong, M.W., Hutchinson, S., Vidyasagar, M.: Robot Dynamics and Control, 2rd edn. Wiley Press, New York (2004) 11. Pirani, M., Mitra, A., Sundaram, S.: A survey of graph-theoretic approaches for analyzing the resilience of networked control systems. Automatica 157, 111264 (2023) 12. Sundaram, S., Gharesifard, B.: Distributed optimization under adversarial nodes. IEEE Trans. Autom. Control 64(3), 1063–1076 (2019) 13. Koo, C.-Y.: Broadcast in radio networks tolerating byzantine adversarial behavior. In: Proceedings of the Twenty-Third Annual ACM Symposium on Principles of Distributed Computing, pp. 275–282 (2004) 14. Öksüz, H.Y., Akar, M.: Resilient nonlinear consensus in continuous time networks. In: 2019 American Control Conference (ACC), pp. 3764–3769 (2019) 15. Roy, S.: Scaled consensus. Automatica 51, 259–262 (2015) 16. Jin, X., Tang, Y., Shi, Y., Zhang, W., Du, W.: Event-triggered formation control for a class of uncertain Euler-Lagrange systems: theory and experiment. IEEE Trans. Control Syst. Technol. 30(1), 336–343 (2022)

References

229

17. Wang, S., Zhang, H., Baldi, S., Zhong, R.: Leaderless consensus of heterogeneous multiple Euler-Lagrange systems with unknown disturbance. IEEE Trans. Autom. Control 68(4), 2399– 2406 (2023). https://doi.org/10.1109/TAC.2022.3172594 18. Mei, J.: Distributed consensus for multiple Lagrangian systems with parametric uncertainties and external disturbances under directed graphs. IEEE Trans. Control Netw. Syst. 7(2), 648– 659 (2020) 19. Wang, L., Zhao, D., Wang, Y.-A., Ding, D., Liu, H.: Partial-neurons-based state estimation for artificial neural networks under constrained bit rate: the finite-time case. Neurocomputing 488, 4226–4233 (2022) 20. Liu, S., Wang, Z., Chen, Y., Wei, G.: Dynamic event-based state estimation for delayed artificial neural networks with multiplicative noises: a gain-scheduled approach. Neural Netw. 132, 211– 219 (2020) 21. Wang, L., Wang, Z., Han, Q.-L., Wei, G.: Event-based variance-constrained H∞ filtering for stochastic parameter systems over sensor networks with successive missing measurements. IEEE Trans. Cybern. 48(3), 1007–1017 (2018) 22. Sargolzaei, A., Allen, B.C., Crane, C.D., Dixon, W.E.: Lyapunov-based control of a nonlinear multiagent system with a time-varying input delay under false-data-injection attacks. IEEE Trans. Ind. Inform. 18(4), 2693–2703 (2022) 23. Xu, W., Kurths, J., Wen, G., Yu, X.: Resilient event-triggered control strategies for secondorder consensus. IEEE Trans. Autom. Control 67(8), 4226–4233 (2022)

Chapter 10

Future Research Directions

Abstract We have addressed several secure coordination control design issues for networked robotic systems under synchronous and asynchronous, known and unknown DoS attacks and adversarial node attacks from two distinct perspectives: time-triggered control and event-triggered control. Secure coordination control design for networked robotic systems plays a crucial role in ensuring the resilience, efficiency, and robustness of these systems. It not only fosters collaboration among robots but also addresses security concerns, making it a key enabler for applications in diverse domains, from industrial automation (Bou-Harb et al (2017) IEEE Commun Mag 55(5):198–204; Olowononi et al (2021) IEEE Commun Surv Tutor 23(1):524–552) to autonomous intelligent transportation (Ganin et al (2019) Transp Res Part C Emerg Technol 100:318–329). In this chapter, we present several research directions that depict future investigation on networked robotic systems including even-based secure coordination of networked robotic systems under multisource cyber attacks, secure coordination of underwater distributed cyberphysical systems, and distributed source-seeking control of networked robotic systems with unreliable communication. Keywords Networked robotic systems · Multisource cyber attacks · Underwater cyber-physical systems · Source seeking

10.1 Event-Based Secure Coordination of Networked Robotic Systems Under Multisource Cyber Attacks In this book, secure coordination problems for networked robotic systems under DoS attacks have been considered from the perspective of time-triggered and eventtriggered control approaches. However, the networked robot systems may also be subjected to many other types of cyber attacks due to their complex structure as shown in Fig. 10.1. In particular, Chap. 9 only initially solves the problem of continuous-time collaborative control of networked robotic systems with malicious nodes. Therefore, a natural idea is how to implement an event-triggered control

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2024 X. Li et al., Secure Coordination Control of Networked Robotic Systems, https://doi.org/10.1007/978-981-99-9359-8_10

231

232

10 Future Research Directions

Sensing/ Communication

Communication Network

Cyber Layer

Link Attack

Controller

Output/State

Observer

Physical Layer Envirement Sensors

_

Reference +

Actuator

Robots Actuator Attack

Sensor Attack

Fig. 10.1 Networked robotic systems under multisource cyber attacks

design version of this issue and further consider other cyber attacks [4, 5]. To this end, the following gaps should be considered: • Event-based secure coordination focuses on developing control strategies for networked robotic systems that rely on event-triggered mechanisms rather than continuous data exchange. Different cyber attacks pose new challenges to the design of event-triggering conditions, because this condition generally relies on collaborative errors, which are severely affected by cyber attacks. • Ensuring the security of networked robotic systems is paramount. Multisource cyber attacks involve threats originating from multiple points, making them more sophisticated and challenging to mitigate. These attacks can target communication channels, sensors, or actuators. • Addressing secure communication is a critical element. Research in this area might explore methods for encryption, intrusion detection, and secure data transmission to protect the integrity and confidentiality of information exchanged among the robotic systems. From a control perspective, this also inspired research on encryption control. In conclusion, research on event-based secure coordination of networked robotic systems under multisource cyber attacks is a vital area of study that addresses the convergence of robotics and cybersecurity. It seeks to develop control strategies and mechanisms that allow robotic systems to maintain functionality, safety, and security even in the presence of sophisticated cyber threats originating from multiple

10.2 Secure Coordination of Underwater Cyber-physical Systems

233

sources. This research is essential for the continued advancement and deployment of robotic systems in various critical applications.

10.2 Secure Coordination of Underwater Cyber-physical Systems Generally, underwater cyber-physical systems (UCPS) have both the perception capability of the underwater sensor network (USN) and the execution capability of the networked AUV systems [6]. This system can provide intelligent control and monitoring of a physical process, such as ocean observation [7], ocean information collection [8], ocean search and rescue [9], etc. A typical structure of UCPS is shown in Fig. 10.2. The surface vessels locate each AUV through the ultrashort baseline positioning technology and share the position, velocity, and other information of the AUVs through the underwater acoustic channel to achieve coordination control. The submarine vehicle can be used as a transmission intermediary for the AUV exploration information to be transmitted to the control center and unmanned systems mothership, to realize the coordinated control and scheduling of the networked AUV systems. UCPS faces many challenges, mainly including the complexity of the underwater environment, the limitation of underwater communication, the difficulty of underwater energy supply, the GPS-denied environment, and the coordination of networked AUV systems. The underwater environment is characterized by high pressure, low temperature, high salinity, strong scattering, and absorption, which

Control Center Surface Node Seabed Node Acoustic/Optic Source Intrusive AUV

Actuator/Sensor Attacks Link Attacks Hijack Attacks

Communication L Link

AUV Unmanned Systems Mothership

Radio Waves

Submarine Fiber Optic Cable

Fig. 10.2 Underwater cyber-physical system

Clock Attacks

234

10 Future Research Directions

can affect the design and performance of underwater sensors and communication equipment. Underwater communication is limited by propagation characteristics, such as propagation loss, multipath effect, and underwater noise, so it is necessary to adopt communication technologies suitable for underwater environments, such as acoustic communication, laser communication, or electromagnetic wave communication. At the same time, underwater energy supply is also a challenge because the energy source of underwater equipment is limited, and it is necessary to design energy-saving underwater sensors and communication equipment or adopt energy harvesting and storage technology to solve the problem of energy supply. In addition, as with any cyber-physical systems, cybersecurity is of utmost importance. UCPS needs to implement security defense strategies to protect the system from unauthorized access, data tampering, or other cyber threats. From the perspective of development status and trend, UCPS presents the characteristics of a heterogeneous, wireless, and autonomous networked system, with the following outstanding features: 1. The computing resources of the UCPS are limited; 2. The characteristics of the underwater transmission environment and the development status and trends of wireless transmission technologies such as underwater acoustics and optics limit the communication resources of the UCPS; 3. The communication network of the UCPS is sparse and dynamically changing; 4. UCPS needs to connect to other network systems through the air-sea interface network or realizes the self-healing of the underwater integrated communication network through other networks, such as networked AUV systems; 5. The network security is weak due to the openness of the communication network; 6. There are various biological and ocean current disturbances. As the core part of UCPS, compared with a single AUV, the performance of the networked AUV system has been greatly improved in terms of perception, decision-making, and control. The coordination of networked AUV systems has many advantages, such as strong robustness and high flexibility, which makes the research on coordinated control of networked AUV systems become a major research direction in the present and future. However, existing research methods generally focus on how to realize the networking and stable coordination control of networked AUV systems [10, 11], ignoring the security of the control system. Due to the above remarkable features, the security challenges and requirements faced by networked AUV systems are unique.

10.3 Distributed Source Seeking of Networked Robotic Systems with Unreliable Communication The distributed source-seeking control problem of networked robotic systems with unreliable communication is a complex and challenging research topic [12–14]. As shown in Fig. 10.3 by using the onboard sensors to measure the local field of

10.3 Distributed Source Seeking of Networked Robotic Systems with. . .

235

f Information density

f f ( x) Robots Robots

Source

Fig. 10.3 Distributed source seeking of networked robotic systems

the target source (e.g., a sound or heat source), the group objective is attained by appointing a leader robot, which has the largest signal strength to the source (as a proxy to the distance to the source). Then distributed control scheme is designed to seek the source while maintaining a cohesive coordination for the follower robots with the leader one over unreliable communication. In this context, the robots must work together to achieve a common objective, despite facing communication constraints and potential failures [15]. In networked robotic systems for source-seeking control, robots need to collaboratively integrate and fuse their sensor data to accurately estimate the source’s location and then plan their trajectories to efficiently and effectively approach the source while avoiding collisions and obstacles. Communication is essential for cooperation among robots. However, in unreliable communication environments with issues such as packet loss, time delay, cyber attacks, or limited bandwidth, robots must decide when, where, and how to exchange information. Thus, to achieve distributed source seeking of networked robotic systems, the following gaps should be overcome: • The primary challenge is the unreliability of communication channels. Robots must adapt to packet loss, delays, or even complete communication blackouts, which may be caused by cyber attacks. This makes it difficult to share critical information in a timely manner. • Coordinating multiple robots to work together is complex. It involves distributed decision-making, resource allocation, and avoiding conflicts while maintaining a common objective. • Accurate source localization relies on fusing data from multiple sensors, but handling sensor faults or attacks, calibration discrepancies, and uncertainty poses a significant challenge.

236

10 Future Research Directions

• Robots must plan their paths under the uncertainty of source location, sensor noise, and limited communication, which can lead to suboptimal paths and increased search time. In addition, the system must exhibit robustness to cope with adverse environmental conditions or dynamic source movement. Additionally, it should adapt to variations in communication quality. In summary, the problem of source-seeking control for networked robotic systems with unreliable communication presents a range of challenges, including adapting to unreliable communication, coordinating multi-robot teams, integrating sensor data, and optimizing path planning. Addressing these challenges requires a multidisciplinary approach, combining robotics, communication, and control theory, to create robust and adaptable solutions that can operate effectively in unpredictable and challenging environments.

References 1. Bou-Harb, E., Lucia, W., Forti, N., Weerakkody, S., Ghani, N., Sinopoli, B.: Cyber meets control: a novel federated approach for resilient CPS leveraging real cyber threat intelligence. IEEE Commun. Mag. 55(5), 198–204 (2017) 2. Olowononi, F.O., Rawat, D.B., Liu, C.: Resilient machine learning for networked cyber physical systems: a survey for machine learning security to securing machine learning for CPS. IEEE Commun. Surv. Tutor. 23(1), 524–552 (2021) 3. Ganin, A.A., Mersky, A.C., Jin, A.S., Kitsak, M., Keisler, J.M., Linkov, I.: Resilience in intelligent transportation systems (ITS). Transp. Res. Part C: Emerg. Technol. 100, 318–329 (2019) 4. Yang, M., Zhai, J.: Observer-based switching-like event-triggered control of nonlinear networked systems against DoS attacks. IEEE Trans. Control Netw. Syst. 9(3), 1375–1384 (2022) 5. Ye, Z., Zhang, D., Wu, Z.G., Yan, H.: A3C-based intelligent event-triggering control of networked nonlinear unmanned marine vehicles subject to hybrid attacks. IEEE Trans. Intell. Transp. Syst. 23(8), 12921–12934 (2022) 6. Qiu, T., Zhao, Z., Zhang, T., Chen, C., Chen, C.P.: Underwater internet of things in smart ocean: system architecture and open issues. IEEE Trans. Ind. Inform. 16(7), 4297–4307 (2019) 7. Nguyen, N.-T., Heldal, R., Lima, K., Oyetoyan, T.D., Pelliccione, P., Kristensen, L.M., Hoydal, K.W., Reiersgaard, P.A., Kvinnsland, Y.: Engineering challenges of stationary wireless smart ocean observation systems. IEEE Internet Things J. 10(16), 14712–14724 (2023) 8. Xi, M., Yang, J., Wen, J., Liu, H., Li, Y., Song, H.H.: Comprehensive ocean informationenabled AUV path planning via reinforcement learning. IEEE Internet Things J. 9(18), 17440– 17451 (2022) 9. Cai, C., Chen, J., Yan, Q., Liu, F.: A multi-robot coverage path planning method for maritime search and rescue using multiple AUVs. Remote Sensing 15(1), 93 (2022) 10. Fiorelli, E., Leonard, N.E., Bhatta, P., Paley, D.A., Bachmayer, R., Fratantoni, D.M.: MultiAUV control and adaptive sampling in monterey bay. IEEE J. Oceanic Eng. 31(4), 935–948 (2006) 11. Zhang, J., Sha, J., Han, G., Liu, J., Qian, Y.: A cooperative-control-based underwater target escorting mechanism with multiple autonomous underwater vehicles for underwater internet of things. IEEE Internet of Things J. 8(6), 4403–4416 (2020) 12. Li, S., Kong, R., Guo, Y.: Cooperative distributed source seeking by multiple robots: algorithms and experiments. IEEE/ASME Trans. Mechatron. 19(6), 1810–1820 (2014)

References

237

13. Khong, S.Z., Tan, Y., Manzie, C., Neši´c, D.: Multi-agent source seeking via discrete-time extremum seeking control. Automatica 50(9), 2312–2320 (2014) 14. Du, B., Qian, K., Claudel, C., Sun, D.: Learning to seek: multi-agent online source seeking against non-stochastic disturbances (2023). arXiv preprint arXiv:2305.00154 15. Xu, Y.: Resilient secure control of networked systems over unreliable communication networks. IEEE Trans. Ind. Inform. 18(6), 4069–4077 (2022)