Yasir ALI,Yuanqing XIA,Liang MA,Ahm ad HAMMAD

School of Automation,Beijing Institute of Technology,Beijing 100081,China

1 Introduction

Nowadays,feedback control system s are getting significant importance in m any technical fields[1,2].In the conventional design of control system s,all system components,including sensors,controller,actuator,and plant,are installed in a local unit.This arrangement leads to a high cost of constructions,communication constraints,and lack of flexibility.Thanks to the development of Information and Communication Technologies(ICTs),which greatly facilitated the integration of advanced technologies into old designed control system s[3].As we know that m any functionalities are included in modern days NCS for example,contraction in size,quickness,working for a long time,etc.To achieve these functionalities an NCS needs huge flexible computational resources with smaller size,which seem s difficult to be achieved with the conventional design of NCS.For example,a small robot has limit resources such as limitations of processing power,battery life and the most important is the size.with the development of Cloud Computing Technologies(CCTs),the resourcec on strained NCS issues are solved.The combination of CCTs and NCS made it possible to save energy,which saves the processing energy used in the conventional design of NCS,and thus works for long time[4]and reduces size of NCS by shifting the main processing unit to the cloud server.The favorable achievement of this integration is the massive paralleled computation on the cloud server[5].One real-world application of the cloud control system is Google self-driving car,which determines its accurate position by sharing sensor information with stateliest and cloud[6].Fig.1 illustrates some of the applications of the cloud-based control system which are using cloud computing resources for their better performance.James Kuffner,in 2010 first used the term “Cloud Robotics”and described how we can control the robots from the cloud[7].Recently,Jiafu Wan explained the recent development and challenges in cloud robotics[8].Although there are many advantages of using cloud for different resources,still there are many security challenges related to the cyber and physical part of the system.Local controller and cloud server use packets to transmit the sensor information and the feedback control signal between them.This communication could be subject to different kinds of security attacks,for exam p le,1)Eavesdropping:in which the attacker only watches the information but no modification;and 2)Modification attack:in which the attacker modifies the message and sends the wrong solution to the local controller.Here we will consider the distributed denial of service(DDoS)attack on the local controller in which local controller receives real-time solutions from the cloud server and is under DDoS attack.DDoS attack is one of the most dangerous attacks,which has the ability of completely disconnect an organization(e.g.,the local controller)off from the internet,causing significant packet dropout or dramatically slowing down network links[9].Pirathayini Srikantha and Deepa Kundur in[10]show ed that the cyber-enabled power grid becomes unstable when there is a DDoS attack.In[11]Hakem Beitollahi and Geert Deconinck showed that DDoS attacks a)produce long delay jitter on NCS packets,which may causes the whole CS to take away from the reference line,and b)cause excessive packet loss.When the loss rate exceeds a specific threshold,the control system becomes unstable.This literature show s that DDoS attack is very hazardous for the cloud-based control system,which should be protected for their better normal operation.

Fig.1 Different applications of cloud-based control system s.

1.1 Related work

In the last several years,m any people did research on NCSs,such as model predictive control for NCSs[12],event-based model predictive control for nonlinear continues time NCS[13],H∞control for NCSs[14]and enhanced stability analysis for NCSs[15].These works study the control challenges for NCSs by considering different disturbances,packet dropout’s detections and fault detections techniques.These proposed methodologies are compatible to meet the requirements of control problem s;however,these techniques cannot be directly app lied to modern architectures of CCS,which is an extension to NCSs[1,16].The trend for NCSs is now changing by adopting the modern cloud computing technologies because of their ability to handle heavy computational processing power for different tasks[17]and to produce different excellent control objectives[5,6,18,19].Many people focused their research on the applications of CCSs,but the fact is that very less work has been done on the security issues of CCSs.The DDoS attack,which is very easy to launch by using some attacking tools easily available on internet for free and can cutoff a CS completely from the cloud,should be addressed properly.Our work is related to[3],in which Zhiheng Zhu et al.tried to build a secure design by applying cryptographic technique and produced resiliency by building as witching techniques on local CS.In our work,we will establish a real-time detection mechanism for traffic packets coming from the cloud to ensure whether DDoS attack is launched or not.Some methods are also designed to deal with the security issues of the networked based control system(NBCS),for example,Men Long et al.in[9]quantitatively investigate the performance degradation of NBCS under DoS attack.Our work in addition will add authentica-ti on technique and switching mechanism(SM)for stability of NCS.Hakem Beitollahi et al.in[11]introduced a Fosel architecture,where the network traffic is routed to overlay network before the target node,where malicious packets are filtered and only legitimate packets are allowed to go forward.This technique greatly reduces the saturation of buffer of computational processing unit(CPU)and bandwidth of the targetnode,however to use this method,every time we have to build complete overlay network before the CS node in the network,which will be time consuming and expensive method.In our work we will develop a true detection method for CCSs for the verification of DDoS attack.After we perceive the existence of DDoS attack,we will apply our proposed defense mechanism to protect the CS from being going to unstable state.

1.2 Organization

The rest of paper is organized as follow s:Section 2 presents the problem statement that how an adversary can lunch a DDoS attack along with some assumptions we have made.In Section 3,we discuss model predictive control(MPC).Section 4 gives a detection technique against DDoS attack.In Section 5,the proposed mitigation technique is presented.Section 6 shows the performance evaluation by presenting simulation results.Section 7 presents conclusions and future work.

2 Problem statement

The trend for new control system is nowadays changing to the new design of control system,i.e.,the integration of cloud with the conventional NCSs.The development of ICTs made it possible for the old designed resource constraint,high power consuming and offline controllers to modify to the modern,powerful and on line controller in the cloud.The local controller will receive the real-time solution for their better dynamic optimization to the reference values from the cloud.However,the control solution coming from the cloud can be subjected to DDoS attack.The adversary will try to suppress the channel bandwidth by launching DDoS attack,thus by doing so the adversary will try to impede the NCS from receiving the control solution with the aim to make the NCS unstable.The adversary already know s that if the control system does not receive the control solution continuously from the cloud while it is in running condition,the NCS will become unstable,overshoot will become vulnerable to destructive situations.In this paper,we will address this issue by introducing a monitoring and mitigation technique against DDoS attack.In the next section,we will discuss in detail that,how an adversary can launch DDoS attack on the NCS.

2.1 Attack model and assumptions

We as sum ed that the attacker floods extremely large amount of bogus packets on the IP address of the controller of the NCS,fully occupying the link band width and pausing the CPU.

The discussion from some literatures show s that DDoS attack is one of the easiest type of attack for the attackers,happening in the history[20].In order to launch aDDoS attack the attacker normally follows such several steps.First of all,he has to build a network of infected computer.These computer machines are named as zombies or bots[21].The cyber attacker norm ally follow s some tricks and techniques to find such infected machines on internet,e.g.,scanning technique[22],etc.and sometimes locate more than thousand infected machines on intern et.After the infected machines are found out,the next step is to install some programs known as attacking tools,which are easily available on internet.Then with the help of a Handler(a machine which handles the attacking command),the cyber-attacker can easily launch a DDoS attack using these com promised machines.Fig.2 show s a general scenario of DDoS attack on local host of cloud control system.We could consider some practical application of CCS,for example,Amazon package delivery drone[3],Google self driving car[6],etc.If the NCS in such system s are under DDoS attack and could not receive the real-time solution from cloud,the CS will go to an unstable state and will lead to destructive situations.The first step of our mecha-nism deals with establishing a monitoring mechanism by using covariance matrix detection technique.And if it discovers any DDoS attack,we will apply a mitigation technique.The mitigation approach is com posed of two parts,i.e.,filtering with verification and SM.

Fig.2 A general scenario of NCS under DDoS attack.

3 MPC in cloud

Nowadays,MPC is widely used as an advanced method for controlling of different processes in many areas of the modern day’s dynamic complex control system s,because of their two most important properties,i.e.,prediction and optimizations[12,17].MPC is a model based control algorithm that estimates the moving time finite horizon system model to predict the future behavior of NCS[3].The idea of MPC is to compute a control signal in such a way,which can minimize the objective function of the system.The main advantage of the MPC is to optimize the current time slot of system by considering the real-time constraints on the system states[23].This property is difficult to be achieved in other control strategies,such as linear quadratics regulator(LQR)and H∞optimal control.

As we know that MPC has the ability to deal with the complex control system by processing heavy computation,this fact gives us motivation to out-source the MPC processing part to the cloud server in CCS architecture[24].Cloud gives us the suitable platform by providing services like SaaS,PaaS and IaaS on the“Pay as you go”scheme.

Let us describe the NCS dynamics by using a discretetime linear state-space model,

where x(k)∈ Rn×1is the state vector of the NCS,x(0)=x0∈ Rn×1is the given initial state value,u(k) ∈ Rl×1is the control input,A ∈ Rn×nand B ∈ Rn×lare constant matrices.

The MPC optimization equation[3]at each sampling discrete time k computed at cloud server is given by P,as shown below

subject to

where J:Rn×l× RlN×l→ R is the objective function,η is a tuning parameter for the desired control performance,and U(k)∈ RlN×1is the solution sequence of the problem P.For the sake of simplicity,it is convenient to transform(1)to standard matrix form,for which we redefine(1)as follows:

with the definition(3)the optimization equation(2)takes the new shape

To eliminate the independent term of U(k)the following equations are defined

where I is an identity matrix and I∈ RlN×lN,H ∈ RlN×lNand the length of vector is lN.Using(6),the matrix form of the optimization equation is written as below:

with the constraints given as follow s:

where E ∈ Rm×lN,G ∈ Rp×lN,c ∈ Rm×1,d ∈ Rp×1are constraint matrices and vectors.The standard matrix form can thus be defined by set of values ?={H,E,G,q,c,d},w hich NCS needs to send to cloud.

4 Covariance matrix detection modeling and detection approach

Covariance matrix detection approach is identical to a second-ordered statistic,a detection technique,that utilizes the characteristics difference between the features of normal traffic flow and DDoS attack flow.Whenever there is DDoS attack on a victim node in the network,changes are observed in the traffic flow information.For example,the packet rate,the number of packets to the same host,the number of connections to the same host,the number of connection that have“SYN”errors to the same host,and so on,for more detail the readers could refer to[25]to which our work is an application.The traffic stream s(coming from and going to the cloud)are obtained by a network-monitoring device through continuous sampling process which is segmented in no noverlapped and equal sequences as shown in Fig.3.It is supposed that for every captured samples sequence there are p features observed,represented by a random vector x=(f1,f2,...,fp)T.Here it should be noted that the random vector x shall not be confused with state value x of NCS given in MPC section.Let x1,x2,...,xnbe the n observations w hereis the i th observed vector.A new variable y is defined related to the p features of the i th sequence,represented as

with the general form of x can be given as1≤k≤n,the definition can be written in detail as below:

Fig.3 Sample sequences taken by network monitoring device.

Covariance matrix detection technique works in three phases.In the first phase,the normal traffic stream between cloud and NCS is saved in the small database located at NCS,this process is named as training session which is done by evaluating the mathematical expectations of all the covariance matrices of non-overlapped sequences.In the second phase the testing covariance matrix samples are evaluated and the differences between the covariance matrices of normal traffic and testing covariance matrix are determined by utilizing a Det(·)function.If the changes are significant,DDoS attack is signaled.Let suppose the sample of observed covariance matrix is denoted by Mobsand the normal traffic profile is denoted by the detection function between these two are denoted as follows:

Here T is the detection threshold matrix,which defines the limits of the features to which thecan be changed.Let us suppose the variable E(Ml)is the mathematical expectations of all covariance matrices of the normal traffic and Mlis the covariance of the l th sample sequence.Thus threshold matrix is given as

If the value of above Det(·)function is 0,it means that no significant differences are happened in features.If the value is 1,it means that there are sudden changes occurred due to DDoS attack.

5 Mitigation approach

In this paper,we proposed a mitigation technique against DDoS attack.In DDoS attack,the attacker aim s to slow down the connection speed or completely cut off the NCS from the cloud by sending many useless packets to the IP address of NCS.Also the attacker may try to show that he is the legitimate sender for required solution from the cloud by applying IP spoofing techniques.For such type of attacks,we proposed methodology which is named as authentication and SM.Below we are providing detail about these mechanism s.

5.1 Authentication

5.1.1 Filtering

If the DDoS attack on the system is verified,then the very important step is to block unknown packets.Therefore,in our proposed mechanism we built a filtering mechanism for blocking the unknown IP packets.For this purpose,a database will keep the records of the unknown packets,and whenever a new unknown packet is detected from an unknown IP address it will be saved in the database memory as shown in Fig.4.It is also possible that the attacker spoofs the packet with cloud IP address.In such case we provide an idea of verification.

Fig.4 Proposed mitigation flow chart for NCS against DDoS attack.

5.1.2 Verifi cation

To ensure that no false message gets enter to the system we built a verification mechanism.Let’s suppose y(k)is the solution from the cloud,then were write(7)with the short hand notation as below:

Let AKbe the dual case problem s for P and aK(λ,s)be the value of AK.Because of dual decision variables,Slater’s condition is verified and thus strong duality holds,i.e.,aK(λ,s)=Jk(y),when y(k)is the solution to P,and λ and s are solutions to AK.Then the only possible solution from the cloud could be characterized by Karush Kuhn Tucker(KKT)condition,which states that y will be the solution to P if and only if y,s and λ satisfy

Using(12),we arrive at

Hence,instead of checking(16)directly,we can check(17).This verification can be performed v times by generating the random r vector v times.

Lemma1[3]The proposed mechanism ensure that a false solution cannot succeed in the verification mechanism with a probability greater than(1/2)v.

5.2 Switching mechanisms

As we know that when NCS is in operation(maybe in the middle of the task),then it is very crucial for NCS to be remain connected with cloud to receive the realtime guidance from the cloud,at that instance DDoS attack will slow down the connection between the NCS and cloud or may cut off the connection for a while.The proposed SM will ensures mitigation of the performance degradation.We designed a two modes SM for our NCS,i.e.,cloud mode and local controller mode.The switching between these two modes are classified by error rate Rerrorbetween reference and optimized solutions from the cloud server.We defined a sustainable threshold error value,i.e.,RThwhich the NCS can withstand from being going to a completely unstable state.

a)Cloud mode:When Rerror＜RTh,it means that a satisfied amount of correct solutions is arriving every sampled time,which can be applied to NCS for controlling the normal operations.The error rate is expected to be minim um than RThin this cloud m ode.

b)Local control m ode:When Rerror＞RTh,it means that the arriving of correct solution is at lowest minimum rate,which produces error rate greater than RTh.This will lead the system to unstability if remained in this condition.To guarantee the stability at this state,we have designed a local control mode mechanism by using H∞control theory.The NCS will automatically switch to a local control mode to ensure the system stability,bringing the system to a safe mode.

5.3 Local controller design

In case of unavailability of solution signal from the cloud because of DDoS attack,the stability of NCS is very essential to be maintained.One practical approach is to sw itch the NCS to local control mode,for which most suitable control mechanism is H∞Optimal control as a local control because of property of dealing with complex disturbance in off-line situations[26].

Suppose k+t be the time when switching condition holds,the system is switched to local control mode where k is the sample of time when last correct solution was received from the cloud.The state values,control input and disturbance in local mode are represented by notation xsm(k),usm(k)and wsm(k),respectively.The system in local control mode can be given as

where zsm∈ Rnis the output of system,C ∈ R(n×n)is an identity matrix.By using H∞optimal controller,our goal is to find an optimal control solution usm(k)=KLocal(xsm(k))for the condition that the supernums ofholds,where α ＞ 0 is a given constant.Then H∞Optimal controller for the above local system is given as

where γ satisfies the follow ing algebraic Riccati equation,

where Qx=CTC and main condition for the above controller is given by

For every smallestαthat satisfies(20)we can calculate local controller gain KLocalusing(19),which guarantees the stability of the NCS[3].

6 Network layout for simulation

6.1 Simulation conceptual

To prove the efficiency of our proposed mechanism,we selected the dynamics of hovering unmanned arial vehicle(UAV)using the state value s defined as s=[px,py,pz,vx,vy,vz,φ,θ,ψ,pa,qa,ra,as,bs],where Table 1 gives description of each variable.The matrices A and B are given in[27].

Table 1 Description of parameters used in UAV dynamic.

Our simulation network layout contains 6 nodes placed on different locations of our Lab LAN network as shown in Fig.5.PC1(with 2GB RAM memory&2.3GHz processor)has assigned the job of local controller host and PC2(with 8GB RAM&2.7GHz processor)has assigned the job of cloud host while PC3 to PC6 were declared as zombie computers.PC1 operates two software applications as local controller host.One is MATLAB-2016a the purpose of which is operate the dynam ics of a small scaled mini-helicopter UAV and another is Wire shark Network Packet Analyzer 2.2.5,used to analyze all the incoming and outgoing packets to the local host controller.PC2 which is acting as cloud host also operates MATLAB-2016a and holding MPC optimization algorithm for controlling the mini-helicopter.Whenever local hostneeds the guidance from cloud host its ends its desired encrypted problem valuesas function arguments to cloud host using TCP/IP Communication protocol,on the other end the cloud host computes the solution according to the algorithm written and sends back the solution to the local hosts.The local hosts then optimize the dynamics of the UAV according to the solution received.PC3 to PC6 aregiven the tasks of zombies.They are operating python scripts for launching DDoS flood attack on the IP address of local host.Every single script has power to send m ore than 20,000 UDP or TCP request packets per sam ple time to the IP address of local host,with the aim to suppress processor,memory and bandwidth in order to degrade the performance.

Fig.5 Network layout for our simulation experiment.

6.2 Results analysis

First of all,we simulated only in local and cloud hosts and defined their“normal traffic and threshold matrix”from the stream of data flow taken by Wireshark Network Packet Analyzer 2.2.5.We used(12)and features given in Table 2 for computing threshold matrix T.Then we started the simulation of local host and cloud host without launching DDoS attack.Fig.6 shows the NCS performance when there is no DDoS attack,while keeping the disturbance factor wsm(k)=0.5.The red color plot is the real path of UAV and the blue color is the reference path.The plot indicates that the system is stable and operate normal under the cloud mode with the satisfied condition of Rerror＜RTh.In the next step we simulated the cloud and local hosts along with the zombie computers to observe the effect of DDoS attack on the NCS.The zombie computers which flood a huge amount of useless packets at k=40 on the IP of local host with the Inpu tBuあersize=5MB.We observed more than 25,000 packets every sampling time by using Wireshark 2.2.5.Fig.7 show s the flow captured of normal traffic and Fig.8 show s the flow captured at the time of DDoS attack.

Table 2 The feature selected for covariance matrix modeling.

Fig.6 Performance of UAV without DDoS attack.

Fig.7 Normal traffic flow.

Fig.8 The DDoS traffic flow.

The x-axis shows time span and y-axis show s the packets received atrespective time sample.On theother hand,the Det(·)function also indicated “ONES”in dif-ferent places in resultant matrix which show s that there is detection of DDoS attack.At the instance of DDoS attack the system performance is plotted in Fig.9.Those values which are lost because of DDoS,we considered the last solution received and were p lotted in Fig.9 which clearly indicate the system is highly unstable under DDoS attack.At this instance,we did not im p lement authentication and SM.Table 3 demonstrates the hazardous effect of DDoS flood attack on NCS for short duration,that how it suppresses the local controller memory and processing power.When the detection of DDoS is confirmed,in that instance the local hoststartsau thenticating every packet arriving to the system.The filtering technique discards all those packets coming from IP addresses other than cloud.Next it also verifies every packet that whether this is the exact solution coming from cloud or other one sending it.Verification is done by using KKT conditions(16,17).

Fig.9 Performance under DDoS attack without authentication and SM.

Table 3 The effect of DDoS attack on NCS.

Fig.10 shows the plot of NCS when there is a lowlevel DDoS attack and we applied only Authentications without SM,where we received the lesser error in arriving solutions at k=70 with condition Rerror＜RTh.Now we consider the long time flooded DDoS attack on the NCS,which aim s to fully occupy the BW and processing power.

Fig.10 Performance of UAV under low-level DDoS attack.

Fig.11 show s,w hen turning on the authentication and switching at k=70,UAV comes back to its reference trajectory.The huge amount of flooded DDoS messages drop down the connection between cloud and NCS.At that point the condition Rerror＞RThis satisfied and NCS switches to local controller mode with the controller gain KLocalusing(19).

The comparison of tracking error of Fig.9 and Fig.11 is plotted in Fig.12,i.e.,the error between reference and real path of the two attack cases,explaining that the UAV comes back to the reference line by SM automatically at k=77 after switching to local controller mode.Thus our simulation results greatly verify the proposed mechanism by giving an accurate detection rate and validating mitigation approach.The mechanism ensures the stability of CCS to great extant under DDoS attack.

Fig.11 Performance of UAV under high-level DDoS attack.

Fig.12 Comparison of tracking error of Fig.9 and Fig.11.

7 Conclusions

This paper presents an effective simulation model for detection and mitigation of DDoS attack on local host of CCS when they are in operation.The detection process utilizes the correlation changes among different network features provided by the sequences of network traffic taken by a passive network monitoring device.In ma thematic al terms,the detection process indicates“one”for the significant difference between the covariance matrices of threshold and difference matrix.Our simulation results show 100%detection rate for DDoS flood attack.To drop unknown data packets from inter net we develop filtering and to ensure the data integrity for arriving data,we developed a verification mechanism.For better stability case when there is no data available from the cloud because of DDoS attack,we build a local control mechanism by introducing SM.We tested the proposed mechanism by simulating the dynamic of UAV in Matlab-2016a.Our results show the proposed mechanism significantly stabilize the local host control system under DDoS attack.The future work for the proposed architecture is to apply the proposed mechanism to a physical application of CCS.

[1]Y.Xia.Cloud control system.IEEE/CAA of Journal of Automatic a Sinica,2015,2(2):134–142.

[2]Y.Xia,M.Y.Fu,G.P.Liu.Analysis and Synthesis of Networked Control System s.Berlin:Springer,2011.

[3]Z.Xu,Q.Zhu.Secure and resilient control design for cloudenabled networked control systems.Proceedings of the 1st ACM Workshop on Cyber-Physical System s-Security and/or PrivaCy,Denver:ACM,2015:31–42.

[4]L.Turnbull,B.Samanta.Cloud robotics:Formation control of a m ulti robot system utilizing cloud infrastructure.Proceedings of IEEE Southeast Con,Jacksonville:IEEE,2013:362–365.

[5]R.Arumugam,V.Enti,L.Bingbing,et al.A cloud computing framework for service robots.IEEE International Conference on Robotics and Automation,Anchorage:IEEE,2010:3084–3089.

[6] B.Kehoe,S.Patil,P.Abbeel,et al.A survey of research on cloud robotics and automation.IEEE Transaction on Automation Science and Engineering,2015,12(2):398–409.

[7] X.Lei,X.Liao,T.Huang,et al.Outsourcing large matrix inversion computation to a public cloud.IEEE Transactions on Cloud Computing,2013,1(1):1–87.

[8] J.Wan,S.Tang,H.Yan,et al.Cloud robotics:current status and open issues.IEEE Access,2016,4:2797–2807.

[9]M.Long,C.Wu,J.Hung.Denial of service attacks on net work based control systems:impact and mitigation.IEEE Transactions on Industrial Informatics,2005,1(2):85–96.

[10]P.Srikantha,D.Kundur.Denial of service attacks and mitigation for stability in cyber-enabled power grid.IEEE Power&Energy Society Innovative Sm art Grid Technologies Conference,Washington,D.C.:IEEE,2015.

[11]H.Beitollahi,G.Deconinck.A dependable architecture to mitigate distributed denial of service attacks on network-based control systems.International Journal of Critical Infrastructure Protection,2011,4(3):107–123.

[12]J.Wu,L.Zhang,T.Chen.Model predictive control for networked control system s.International Journal of Robust and Nonlinear Control,2009,19(9):1016–1035.

[13]P.Varutti,B.Kern,T.Faulwasser,et al.Event-based model predictive control for networked control system s.Proceedings of the 48th IEEE Conference on Decision and Control Held Jointly with the 28th Chinese Control Conference,Shanghai:IEEE,2009:567–572.

[14]S.Liu,P.X.Liu,X.Wang.H∞control of networked control system s with stochastic m easurem ent losses.IEEE International Conference on Information and Automation,Ningbo:IEEE,2016:1691–1696.

[15]A.Cetinkaya,H.Ishii,T.Hayakawa.Enhanced stability analysis for networked control system s under random and malicious packet losses.IEEE 55th Conference on Decision and Control,Las Vegas:IEEE,2016:2721–2726.

[16]Y.Xia.From networked control systems to cloud control system s.Proceeding of the 31th Chinese Control Conference,Hefei:IEEE,2012:5878–5883.

[17]Y.Xia,Y.L.Gao,L.P.Yan,et al.Recent progress in networked control system s:a survey.International Journal of Automation and Computing,2015,12(4):343–367.

[18]J.Kuffner.Cloud-enabled humanoid robots.IEEE-RAS International Conference on Hum anoid Robotics,Nashville,U.S.A.,2010.

[19]B.Bitzer,T.Kleesuwan.Cloud-based smart grid monitoring and controlling system.50th International Universities Power Engineering Conference,England:IEEE,2015:DOI 10.1109/UPEC.2015.7339938.

[20]S.Yu.Distributed Denial of Service Attack and Defense.Dordrecht:Springer,2013.

[21]B.Stone-Gross,M.Cova,L.Cavallaro,et al.Your botnet is my botnet:Analysis of a botnet takeover.Proceedings of the 16th ACM Conference on Computer and Communications Security,Chicago:ACM,2009:635–647.

[22]K.Tsui.Tutorial–Virus(Malicious Agent).Canada:University of Calgary,2001.

[23]J.S.Kim,T.W.Yoon,A.Jadbabaie,et al.Input-to-state stabilizing MPC for neutrally stable linear systems subject to input constraints.Proceedings of the 43rd IEEE Conference on Decision and Control,Bahamas:IEEE,2004:5041–5046.

[24]X.Lei,X.Liao,T.Huang,et al.Cloud computing service:the case of large matrix determinant computation.IEEE Transactions on Services Computing,2015,8(5):688–700.

[25]D.S.Yeung,S.Jin,X.Wang.Covariance-matrix modeling and detecting various flooding attacks.IEEE Transactions On System s,Man,and Cybernetics–Part A:Systems&Hum ans,2007,37(2):157–169.

[26]T.Basar,P.Bernhard.H∞Optimal Control and Related Minim ax Design Problems:A Dynamic Game Approach.Basel:Birkh?user,2008.

[27]G.Cai,B.M.Chen,X.Dong,et al.Design and implementation of a robust and nonlinear flight control system for an unmanned helicopter.Mechatronics,2011,21(5):803–820.