Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

A Data-Driven Safety Preserving Control Architecture for Constrained Cyber-Physical Systems

Mehran Attar, Walter Lucia

TL;DR

This work addresses safety of constrained CPS under networked false-data-injection attacks by introducing a data-driven architecture that couples a passive anomaly detector with a plant-side safety verification module, connected via a switching mechanism to a local data-driven set-theoretic MPC emergency controller. The detector computes a robust outer approximation of the one-step forward reachable set $\mathcal{R}^+_k$ using data-derived $[\hat{A},\hat{B}]$ and flags attacks when $x'_{k+1} \notin \hat{\mathcal{R}}^+_k$, while the safety module enforces $u'_k \in \mathcal{U}$ and $\hat{\mathcal{S}}^{+}_k \subseteq \mathcal{X}_{\eta}$ to prevent constraint violations. When safety is at risk, the emergency controller steers the plant toward a safe invariant set $\hat{\mathcal{T}}^0_e \subseteq \mathcal{X}_{\eta}$ within finite steps via ROSC-based inner sets, enabling safe reactivation of the tracking controller. Simulation on a two-tank system demonstrates detection before safety is compromised and effective switching under attacks on actuation and measurement channels. The results indicate a practical, data-driven path to resilient, safety-preserving control for constrained networked CPS.

Abstract

In this paper, we propose a data-driven networked control architecture for unknown and constrained cyber-physical systems capable of detecting networked false-data-injection attacks and ensuring plant's safety. In particular, on the controller's side, we design a novel robust anomaly detector that can discover the presence of network attacks using a data-driven outer approximation of the expected robust one-step reachable set. On the other hand, on the plant's side, we design a data-driven safety verification module, which resorts to worst-case arguments to determine if the received control input is safe for the plant's evolution. Whenever necessary, the same module is in charge of replacing the networked controller with a local data-driven set-theoretic model predictive controller, whose objective is to keep the plant's trajectory in a pre-established safe configuration until an attack-free condition is recovered. Numerical simulations involving a two-tank water system illustrate the features and capabilities of the proposed control architecture.

A Data-Driven Safety Preserving Control Architecture for Constrained Cyber-Physical Systems

TL;DR

This work addresses safety of constrained CPS under networked false-data-injection attacks by introducing a data-driven architecture that couples a passive anomaly detector with a plant-side safety verification module, connected via a switching mechanism to a local data-driven set-theoretic MPC emergency controller. The detector computes a robust outer approximation of the one-step forward reachable set using data-derived and flags attacks when , while the safety module enforces and to prevent constraint violations. When safety is at risk, the emergency controller steers the plant toward a safe invariant set within finite steps via ROSC-based inner sets, enabling safe reactivation of the tracking controller. Simulation on a two-tank system demonstrates detection before safety is compromised and effective switching under attacks on actuation and measurement channels. The results indicate a practical, data-driven path to resilient, safety-preserving control for constrained networked CPS.

Abstract

In this paper, we propose a data-driven networked control architecture for unknown and constrained cyber-physical systems capable of detecting networked false-data-injection attacks and ensuring plant's safety. In particular, on the controller's side, we design a novel robust anomaly detector that can discover the presence of network attacks using a data-driven outer approximation of the expected robust one-step reachable set. On the other hand, on the plant's side, we design a data-driven safety verification module, which resorts to worst-case arguments to determine if the received control input is safe for the plant's evolution. Whenever necessary, the same module is in charge of replacing the networked controller with a local data-driven set-theoretic model predictive controller, whose objective is to keep the plant's trajectory in a pre-established safe configuration until an attack-free condition is recovered. Numerical simulations involving a two-tank water system illustrate the features and capabilities of the proposed control architecture.
Paper Structure (13 sections, 3 theorems, 25 equations, 5 figures, 2 algorithms)

This paper contains 13 sections, 3 theorems, 25 equations, 5 figures, 2 algorithms.

Table of Contents

  1. Introduction
  2. Contribution
  3. preliminaries and problem formulation
  4. Networked setup and problem formulation
  5. Proposed Data-Driven Control Architecture
  6. Anomaly detector module
  7. Safety verification module
  8. Emergency controller module
  9. Switching control logic
  10. Simulation Results
  11. Attack on the actuation channel
  12. Attack on the measurement channel
  13. Conclusions

Key Result

Lemma 1

alanwar2021data Let $T = \sum_{i=1}^{N_t} N^{(i)}_s$ and consider the following concatenation of multiple noise zonotopes where $C_w\in \mathop{{\rm I} {\rm R}}\nolimits^{n\times (n+m)}=[c_{w},\ldots,\,c_w]$, and $G_{M_w}\in \mathop{{\rm I} {\rm R}}\nolimits^{n\times T(n+m)}$ is built $\forall\,i \in \{ 1, \ldots, q\},\, \forall\, j \in \{2, \ldots, T-1\}$ as Then, the matrix zonotope where co

Figures (5)

  • Figure 1: Proposed control architecture
  • Figure 2: Case A: State Evolution and Emergency Controller Operation
  • Figure 3: Case A: Detector and Safety Verification Outputs
  • Figure 4: Case B: State Evolution and Detectors Operation
  • Figure 5: Case B: Detector and Safety Verification Outputs

Theorems & Definitions (17)

  • Definition 1
  • Definition 2
  • Definition 3
  • Definition 4
  • Definition 5
  • Definition 6
  • Definition 7
  • Definition 8
  • Definition 9
  • Remark 1
  • ...and 7 more