Distributed Detection of Adversarial Attacks for Resilient Cooperation of Multi-Robot Systems with Intermittent Communication

TL;DR

This article presents a distributed and reconfigurable framework with theoretical guarantees for detecting malicious agents, allowing for the resilient cooperation of the remaining cooperative agents and provides explicit bounds for network connectivity in an integral sense.

Abstract

This paper concerns the consensus and formation of a network of mobile autonomous agents in adversarial settings where a group of malicious (compromised) agents are subject to deception attacks. In addition, the communication network is arbitrarily time-varying and subject to intermittent connections, possibly imposed by denial-of-service (DoS) attacks. We provide explicit bounds for network connectivity in an integral sense, enabling the characterization of the system's resilience to specific classes of adversarial attacks. We also show that under the condition of connectivity in an integral sense uniformly in time, the system is finite-gain $\mathcal{L}_{p}$ stable and uniformly exponentially fast consensus and formation are achievable, provided malicious agents are detected and isolated from the network. We present a distributed and reconfigurable framework with theoretical guarantees for detecting malicious agents, allowing for the resilient cooperation of the remaining cooperative agents. Simulation studies are provided to illustrate the theoretical findings.

Figures (5)

• Figure 1: Illustrative example of a 10-node communication network for the sub-graphs defined in \ref{['eq:local_graphs']}-\ref{['eq:laplacian_decomposition']}. (a) The undirected communication network $\mathcal{G}_{\sigma(t)}=(\mathcal{V}, \mathcal{E}_{\sigma(t)})$ illustrated in a mode $\sigma$. The set of $1$-hop (resp. $2$-hop) neighbors of node $1 \in \mathcal{V}$ is given by $\mathcal{N}^{ 1(1)}_{\sigma}=\{2,3,4,5\}$$(\text{resp.} \; {\color{YellowOrange}\mathcal{N}^{ 1(2)}_{\sigma} = \{5,7,8\}} )$. (b) Accordingly, the $1$-hop dynamics of agent 1 encompasses the $1$-hop Laplacian $\mathsf{L}^{(11)}_{\sigma}= {\color{Green}\mathsf{L}^{\prime}_{\sigma}} + {\color{YellowOrange}\widetilde{\mathsf{L}}_{\sigma}}$, where ${\color{Green}\mathsf{L}^{\prime}_{\sigma}}$ always has a star-like structure for any node since it encodes the connections with immediate neighbors, which can always be inferred by agent 1, and ${\color{YellowOrange} \widetilde{\mathsf{L}}_{\sigma}}$ encodes the connection between the immediate (1-hop) neighbors such as edge (2,3) in this example. (b)-(d) Proximity-based partitioned Laplacian matrix as defined in \ref{['eq:local_graphs']}-\ref{['eq:laplacian_decomposition']}.
• Figure 2: An example that illustrates how intermittent communication can drastically change the graph/network's algebraic connectivity $\lambda_2(\cdot)$ and consequently its robustness. See \ref{['eq:PE_cond']}, \ref{['eq:graph_bounds_all']}, and Remark \ref{['rmk:PE_connectivity']}. Let graph $\mathcal{G}_{\sigma(t)} = (\mathcal{V}, \mathcal{E}_{\sigma(t)})$ such that $|\mathcal{V}|= N+1$, with $\mathcal{V} = V_1 \cup V_2$ and $|V_2| = N$, where $N \geq 3$, and that the subgraph $\bar{\mathcal{G}}_{\sigma(t)} = (\mathcal{V}\setminus V_1, \bar{\mathcal{E}}_{\sigma(t)})$ induced by removing the set $V_1$ and its incident edges is a complete graph $\mathcal{K}_{|V_2|}=\bar{\mathcal{G}}_{\sigma(t)}$. Note that the singleton $i \in V_1$ can be connected to any pair of disjoint nodes $j\neq k \in V_2$, and thus $\mathcal{S} =\{j,k\} \subset \mathcal{V}$ and the bidirectional edge set $\mathcal{E}_{\mathrm{cut}}=\{(i,j), (i,k) \}$ make, respectively, the minimum vertex cutset and edge cutset of $\mathcal{G}_{\sigma(t)}$. Accordingly, one can verify that $\lambda_2(\mathcal{G}_{\sigma(t)}) \leq \boldsymbol{\kappa}(\mathcal{G}_{\sigma(t)})=\boldsymbol{e}(\mathcal{G}_{\sigma(t)})=\boldsymbol{\delta}_{\min}(\mathcal{G}_{\sigma(t)})= 2$, where $\boldsymbol{e}(\cdot)$ and $\boldsymbol{\delta}_{\min}(\cdot)$ are, resp., the edge connectivity and minimum node-degree. Also, if $\exists \, t \in \mathbb{R}_{\ge 0} \; \textrm{s.t} \; \mathcal{G}_{\sigma(t)} = (\mathcal{V}, \mathcal{E} \setminus \mathcal{E}_{\mathrm{cut}})$ because of an intermittent connection of the edges $\mathcal{E}_{\mathrm{cut}}$, we have graph disconnection with $\lambda_2(\mathcal{G}_{\sigma(t)}=(\mathcal{V}, \mathcal{E} \setminus \mathcal{E}_{\mathrm{cut}})) = 0$. Yet, the induced subgraph $\mathcal{K}_{|V_2|}$ holds even a higher algebraic connectivity since $\lambda_2(\mathcal{K}_{|V_2|}) = |V_2|=N$, and $\boldsymbol{\kappa}(\mathcal{K}_{|V_2|})=\boldsymbol{e}(\mathcal{K}_{|V_2|})=\boldsymbol{\delta}_{\min}(\mathcal{K}_{|V_2|})= N-1$. This example has been constructed based on the discussions in godsil2001algebraic.
• Figure 3: Communication network $\mathcal{G}_{\sigma(t)}$ in (a) and its algebraic connectivity in the integral sense of \ref{['eq:PE_cond']} in (b) for Section \ref{['Sec:sim_studies']}-Example 1. (a) The network switches between two modes every $0.5~sec$ whose union forms a static overlay network $\boldsymbol{\mathcal{G}}_{ T}^{\mu}$ with $\lambda_{2}(\boldsymbol{\mathsf{L}})=2.1049$ that is 3-robust leblanc2013resilient, ensuring $(3,1)$-robustness, and $(3,1)$-vertex-connectivity (see Section \ref{['sec:net_res_and_stability']} and \ref{['eq:graph_bounds_all']}). per Section \ref{['Sec:adversary_model']}, the network $\mathcal{G}_{\sigma(t)}$ is subject to a $2$-total and $2$-local set of malicious agents $\mathcal{A} = \left\{5,6\right\}$. It is also subject to a distributed DoS whose link dropouts follow a binomial distribution with $100$ trials and a success probability of $0.3$ during $10~sec$. (b) The illustration of positive algebraic connectivity $\lambda_{2}(\cdot)$ in the integral sense \ref{['eq:PE_cond']} for for the network $\mathcal{G}_{\sigma(t)}$ and its induced network $\bar{\mathcal{G}}_{\sigma(t)}$ in \ref{['eq:comm_net_res']} despite their intermittent connections (See also remark \ref{['rmk:PE_connectivity']}). The results in (b) are from resilient consensus in Fig. \ref{['fig:exp1_consensus']}a through Algorithm \ref{['alg:rescue']}. The decrements in $\!\lambda_{2}(\cdot)$ during $t \!\in\! [0, \, 5.66]$ are due to the permanent link disconnections that occurred in the attack detection and isolation procedure, see Fig. \ref{['fig:exp1_consensus']}a.
• Figure 4: Example 1: Comparison of resilient consensus in an 8-agent network $\mathcal{G}_{\sigma(t)}$ that is, as shown in Fig. \ref{['fig:ex1_comm_net']}, $(3,1)$-robust and subject to DoS attacks and a $2$-total and $2$-local set of malicious agents $\mathcal{A}=\{5,6\}$ with $\boldsymbol{u}_5(t) = 0.3 t$ and $\boldsymbol{u}_6(t) = 0.5 t$ in \ref{['eq:ctrl_proto']}. (a) Resilient consensus using Algorithm \ref{['alg:rescue']} whose resilient to the $2$-total/$2$-local set $\mathcal{A}$ in the $(3,1)$-robust network is guaranteed by Lemma \ref{['lemma:net_level_obs']} and Theorem \ref{['thm:detectability_local']}. Also, the vertical orange dashed lines specify the time instants where cooperative agents detected and disconnected from their respective neighboring malicious agents (lines 7-10 of Algorithm \ref{['alg:rescue']} with $\epsilon^{i,j}_{\sigma}=0.95$ as shown in Fig. \ref{['fig:_residuals']}) using its local attack detector in \ref{['eq:2hop_obs']}. (b) Resilient consensus using Algorithm \ref{['alg:rescue']} with only $1$-hop information, i.e. $\mathcal{G}^{i^{\prime}}_{\sigma(t)}=(\mathcal{V}^{\,i^{\prime}}_{\sigma} , \mathcal{E}^{\,i^{\prime}}_{\sigma})$ in \ref{['eq:2hop_info']} and $\mathcal{I}_i = \mathcal{V}^{\, i^{\prime}}_{\sigma}$ in \ref{['eq:locally_measurements']} and \ref{['eq:2hop_sys']}, and with the same threshold $\epsilon^{i,j}_{\sigma}=0.95$ as in (a). (c) Resilient consensus using the DP-MSR algorithm that for a $3$-robust network has provable resilient consensus only in the presence of up to $1$-local or $1$-total malicious agents dibaji2017resilientdibaji2015consensus, accounting for the failure of the approach in this case where $\mathcal{A}$ is $2$-local and $2$-total. We note that the analysis of resilient consensus via the DP-MSR algorithm was originally developed for a discretized version of \ref{['eq:cl_sys']} in dibaji2017resilientdibaji2015consensus while our results are in the continuous-time domain. To have the results in a comparable time scale, we used the DP-MSR procedure with the small sample time $T_{\rm s}=0.001$ and the gains $\gamma =3$ and $\alpha=1$ in the zero-order-hold discretization of \ref{['eq:ctrl_proto']}. This set of parameters does not completely satisfy the sufficient condition in dibaji2017resilient, but does satisfy a relaxation thereof, similar to the discussion in a footnote in dibaji2017resilient. This enables an asymptotic resilience consensus in the case $\mathcal{A}=\emptyset$ (shown with the gray-colored state trajectories) and also in the cases of $(F\!=\!1)$-local and $(F\!=\!1)$-total adversary sets (not shown herein) over any $3$-robust network.
• Figure 6: Example 2: Resilient consensus in an 84-agent network $\mathcal{G}_{\sigma(t)}$ subject to deception and DoS attacks defined in Section \ref{['Sec:adversary_model']}. The deception attacks are introduced by a 1-local set of 9 malicious agents, $\mathcal{A}=\{1,4,16,19,29,33,46,60,73\}$, which are shown in red color. The distributed DoS attack \ref{['eq:DoS_state']} imposes link dropouts following a binomial distribution with $600$ trials and a success probability of $0.4$. (a) The static overlay network $\boldsymbol{\mathcal{G}}_{ T}^{\mu}$ is $2$-robust, constructed using the preferential-attachment model in leblanc2013resilient based on the topology in leblanc2013resilient. Despite intermittent connections, the network $\mathcal{G}_{\sigma(t)}\!$ is $(2,1)$-robust and $(3,1)$-vertex-connected (see Definitions \ref{['def:r_T_robust']} and \ref{['def:k_T_conect']}, and Lemma \ref{['lemma:PE_equvalence']}). $(2,1)$-robustness, then, ensures resilience to any 1-local set $\mathcal{A}$ as it follows from Lemma \ref{['lemma:net_level_obs']} and Theorem \ref{['thm:detectability_local']}. (b) Resilient consensus using Algorithm \ref{['alg:rescue']} (with the threshold $\epsilon^{i,j}_{\sigma}\!=\!10 e^{-t}+0.95$ as shown in Fig. \ref{['fig:ex2-2-res1']}) over the intermittent network $\mathcal{G}_{\sigma(t)}\!$ in (a) and in the presence of the 1-local malicious set $\mathcal{A}$. (c) Resilient consensus using Algorithm \ref{['alg:rescue']} with only $1$-hop information, i.e. $\mathcal{G}^{i^{\prime}}_{\sigma(t)}=(\mathcal{V}^{\,i^{\prime}}_{\sigma} , \mathcal{E}^{\,i^{\prime}}_{\sigma})$ in \ref{['eq:2hop_info']} and $\mathcal{I}_i = \mathcal{V}^{\, i^{\prime}}_{\sigma}$ in \ref{['eq:locally_measurements']} and \ref{['eq:2hop_sys']}, and with the threshold $\epsilon^{i,j}_{\sigma}\!=\!30 e^{-0.1t}+1.5$ as shown in Fig. \ref{['fig:ex2-2-res2']}. The results suggest that Algorithm \ref{['alg:rescue']}'s detection capability is maintained with minimal local information, albeit with some performance degradation in resilient consensus if a more conservative threshold is used for larger networks where the effect of the coupling term $\rho(\mathbf{ x }_{ \mathcal{I} }, \mathbf{ x }_{ \mathcal{R}})$ in \ref{['eq:2hop_sys']} and \ref{['eq:2hop_obs_error']} is more significant during transient periods.

Theorems & Definitions (29)

• Definition 2.1
• Remark 2.1.1
• Definition 3.1
• Remark 3.1.1
• Lemma 3.2
• proof
• Definition 3.3
• Definition 3.4
• Definition 3.5
• Proposition 3.6