Giuseppe Franzè, Senior Member, IEEE, Domenico Famularo, Walter Lucia, Member, IEEE, and Francesco Tedesco, Member, IEEE

Abstract—Multi-agent systems are usually equipped with open communication infrastructures to improve interactions efficiency,reliability and sustainability. Although technologically costeffective, this makes them vulnerable to cyber-attacks with potentially catastrophic consequences. To this end, we present a novel control architecture capable to deal with the distributed constrained regulation problem in the presence of time-delay attacks on the agents’ communication infrastructure. The basic idea consists of orchestrating the interconnected cyber-physical system as a leader-follower configuration so that adequate control actions are computed to isolate the attacked unit before it compromises the system operations. Simulations on a multi-area power system confirm that the proposed control scheme can reconfigure the leader-follower structure in response to denial ofservice (DoS) attacks.

I. Introduction

MULTI-AGENT systems control and coordination is a current research hot topics [1]–[5]. This is partly due to broad applications of multi-agent systems (MAS) in cooperative control of unmanned air vehicles (UAV) and/or unmanned ground vehicles (UGV), scheduling of automated highway systems, formation control of satellite clusters and congestion control in communication networks, see e.g., [6].For these systems category, the appellation “cyber-physical system” (CPS) [7] is used by the researchers because the interaction between computers, networking media/resources,and physical systems is arranged so that multi-disciplinary technologies (embedded systems, computers, communications and controls) are required to accomplish prescribed missions,see e.g., [8]. Moreover, it is important to take care that the rapid development of automotive telematics is going to evolve the traditional Vehicular Ad-Hoc Networks to the Internet of Vehicles, which promises efficient and intelligent prospect for future transportation systems [9].

A. Motivations

Whereas CPSs employing non-stationary nodes, which are gradually integrated into the physical world, ensuring their safety and security become a nonetheless crucial goal. Due to their real-time, energy and safety constraints, coupled with their reliance on communication mediums that are subject to interference and intentional jamming, the projected complexities in CPSs will far exceed those of traditional computing systems. Such an increase in complexity widens the malicious opportunities for foes because with many components interacting together, the capability to discriminate between normal and abnormal behaviors becomes really awkward. In particular, when agents fail to exchange critical information, adverse effects occur since the agents work more independently. These undesirable phenomena are categorized as denial of services (DoS) whose main consequence is the degradation in communication performance, i.e., increasing latency effects [10]. Along these lines, control theory can be used to detect and attenuate the consequences of cyber-attacks on networked control systems (NCS) by means of fault diagnosis and reconfiguration techniques [11], predictivebased robust and constrained approaches [12], and so on, see[13] and references therein.

B. Related Work

Cyber-attacks on control systems compromising measurement and actuator data integrity and availability have been considered in [14], where the authors modeled their effects on the physical dynamics. Availability attacks have been further analyzed in [15], [16] for resource-constrained attackers with full-state information. Particularly, these contributions considered DoS attacks where the attacker could be capable to jam the communication channels and prevent measurement/actuator data to reach its destination, rendering the data unavailable. Moreover, a particular instance of the DoS attack in which the attacker does not have any a priori system knowledge has been detailed in [15]. A common feature of these works is the analysis on the effects of attacks in the data communication phase for NCS, see also [17], [18]. In [17] a more adequate approach is developed in [2] where model predictive controllers managing delays and packet losses are designed. Replay attacks are analyzed in [18], i.e., a malicious agent alters the input signal while hijacking the sensors: first the measurements are recorded for a period of time and then the stored data are repeated to the controller. Moreover, [19]focuses on the class of attacks tampering with the temporal characteristics of the network and leading to time-varying delays so that the order, in which packets are delivered, is modified. Further, in [20] the authors proposed an encryption and predictive control scheme to prevent and mitigate deception attacks on control systems. Replay attacks on the sensor measurements have been analyzed in [21]. There, the authors considered the case where all the existing sensors’operation capability is unavoidably compromised and suitable countermeasures to detect the attack were proposed. In this attack scenario the adversary does not have any model knowledge but is able to access and corrupt the sensor data,thus having disclosure and disruptive resources. In [22], a unified paradigm of several attack scenarios (denial of service,replay, zero-dynamics, and bias injection) is provided by exploiting the concept of safe sets. Finally, a lot of efforts have been devoted towards the power system state estimation under the condition of unreliable communication channels because smart grids can provide an efficient way of supplying and consuming energy by providing two-way energy flow and communication [23].

C. Main Contribution

In this paper, by assuming that the state vector is available and noise-free measured, a resilient controller for a class of MASs is considered.

To this end a discrete-time receding horizon predictive control for constrained regulation problems in networked MASs subject to cyber-attacks on the communication medium is developed. In view of this, the overall MAS is abstractly described by means of leader-follower (LF) architectures.Specifically, the proposed control scheme can deal with NCS where the LF paradigm can be suitably modified during realtime operations in order to face adverse scenarios affecting the leader capabilities. The key aspects of the proposed control architecture are:

1) A leader agent in charge to increase the success chance,e.g., sudden generator losses, tie-line disconnections, and so on;

2) Since the communication network is a shared resource,the multi-agent system could be vulnerable to stealthy/malicious attacks. If a leader attack, whose main consequence is to lead to dangerous impairment behaviors, is discovered then the more reasonable way to mitigate its effect is to on-line change the leader role;

3) The switching amongst different LF topologies has to efficiently take care of inter-agents coordination and local actuator/sensor constraints.

Here, these three issues will be taken care by a methodological scheme by resorting to a model predictive approach within a distributed paradigm that revealed to be successful in the last decade, see [24] for an extensive discussion and detailed literature review. A relevant feature of the proposed methodology relies on model predictive control ideas by specifically using the set-theoretic approach that it has been proved to be effective when input and state constraints have to be managed [25]. On the other hand,combining the receding horizon philosophy and time-stamp protocols allow an efficient treatment of time-varying induced delays on the communication channels by making available a“usable” control action within each sampling interval [26]. In summary, the benefits of the proposed strategy are:

1) The LF paradigm compared with the existing competitors allows to reduce the data exchange because the command computation does not require neither back-and-forth like procedure amongst the involved agents nor attack detection procedures. Therefore, the success chance of the adversary attack can be significantly mitigated;

2) The intrinsic capabilities of the control architecture to move off-line most of the computations necessary to achieve an admissible decision and to ensure that at each sampling time such an admissible control action is always available;

3) The needed computational resources (CPUs power,memory resources, and bandwidth requirements) are modest which clearly leads to a low economic impact.

Notations

Consider the following linear time-invariant (LTI) discretetime system:where x(t)∈Rndenotes the state, u(t)∈U ?Rmthe constrained input and d(t)∈Rwthe process disturbance. It is assumed that d(t)∈D ?Rd, ?t ∈Z+:={0,1,...}, with D a compact set with 0d∈D.

Definition 1: A set T ?Rnis robustly positively invariant(RPI) for (1) if once the state x(t) enters that set at any given txi(mt0e) ∈t0T, it? re?mua(itn)s∈ wUi,t hsi.nt. ixt( tf+or1 )al∈l Tfu,t?urde(t t)im∈De ,i n?stt a≥ntts0,. i.e.,

Given the plant (1) it is possible to compute the sets of states i -step controllable to T0:=T via the following recursions (see [25]):

Definition 2: Let S be a neighbourhood of the origin. The closed-loop trajectory xCL(·) of (1) is said to be Uniformly Ultimate Bounded in S if for all μ>0 there exist T(μ)>0 and u(t)∈U such that, for every ∥x(0)∥≤μ, xCL(t)∈S for all t ≥T(μ).

Given a set S ?Rn, In[S]?S denotes its inner convex approximation.

Given a set S ?X×Y ?Rn×Rm, the projection of S onto X is defined as Pro jX(S):={x ∈X|?y ∈Y, s.t.(x,y)∈S}.

Given sets A,B ?Rn, A ～B:={a: a+b ∈A,?b ∈B}denotes the Pontryagin-Minkowski set difference.

Given a set H, |H| denotes its cardinality.

II. Problem Statement

Fig.8. Actuators signals.

Fig.9. Received control signals.

Fig.10. Frequency deviations.

Fig.11. Network topology after the attack: the NCS-MPC case.

significantly less efficient to comply with new unpredictable abrupt load requests.

Conversely, the presented CyA-DMPC-LF scheme can address such a critical scenario. Specifically, in virtue of the properties pertaining to the leader controllable set families(18), it is guaranteed that Σ1is steered to the region of attraction of LF2in τ steps

Hence, the switching LF1→LF2takes place at t=220.1 s,the Areas 2 and 3 are supervised by C3and C4, respectively,and all the constraints satisfied.

Finally, for the sake of completeness, it is worth underlining that the proposed control architecture is capable of ensuring constraints fulfilment and attack effects mitigation, see Figs. 8–10 and 12.

VI. Conclusions

A distributed model predictive control algorithm has been here presented to formally address constrained regulation problems arising in networked multi-agent systems when external actors maliciously affect the normal operation mode.By exploiting ideas borrowed from the set-theoretic approach,sequences of one-step controllable sets have been adequately determined in order to take care of time-varying leaderfollower configurations. Under mild assumptions the latter was the key point to define an algorithm capable to mitigate the knock-on effect of data losses that might occur on both measurement and actuation channels. As one of its main merits, the strategy has been conceived so that computational loads have been almost totally moved to the off-line phase.Moreover, feasibility and Uniformly Ultimate Boundedness properties of the proposed scheme have been formally proved.Future research will focus on two distinct guidelines: 1)reduce as much as possible the need of each aggregate system to be aware of the attack occurrence before an adequate action could be undertaken; 2) extend the capability of the proposed framework to take care of further classes of cyber-attacks,e.g., zero-dynamics and bias injection attacks where the attacker can exploit partial or full knowledge of the physical dynamics to inject malicious data while remaining stealthy.

Fig.12. Tie-lines.