Wangli He, Senior Member, IEEE, Zekun Mo, Qing-Long Han, Fellow, IEEE, and Feng Qian

Abstract—Cyber attacks pose severe threats on synchronization of multi-agent systems. Deception attack, as a typical type of cyber attack, can bypass the surveillance of the attack detection mechanism silently, resulting in a heavy loss. Therefore, the problem of mean-square bounded synchronization in multi-agent systems subject to deception attacks is investigated in this paper.The control signals can be replaced with false data from controllerto-actuator channels or the controller. The success of the attack is measured through a stochastic variable. A distributed impulsive controller using a pinning strategy is redesigned, which ensures that mean-square bounded synchronization is achieved in the presence of deception attacks. Some sufficient conditions are derived, in which upper bounds of the synchronization error are given. Finally, two numerical simulations with symmetric and asymmetric network topologies are given to illustrate the theoretical results.

I. Introduction

IN the past decades, collective behaviors of complex networks such as consensus and synchronization have attracted attention due to their wide applications in different growing fields, including formation of unmanned aerial vehicles (UAVs), industrial internet of things, wireless sensor networks, and so on [1]–[3].

Complex cyber-physical networks are a new class of complex networks, which relay on tight connections between its cyber and physical components. The cyber layer computes the control signal, which is sent to the physical layer, and monitors the physical process through sensing channels [4].Cyber-physical networks have advantages over single systems such as greater flexibility, adaptability, and higher performance [5]. Multi-agent systems (MASs) can be regarded as a special class of complex cyber-physical networks. For example, vehicles can be considered as physical components, which receive signals from other vehicles via communication channels in a multi-vehicle system [6].Intelligent agents in reality are more likely to be governed by complicated intrinsic nonlinear dynamics. Reference [7]considered the consensus tracking problem of multi-agent systems with Lipschitz-type node dynamics. An eventtriggered adaptive fuzzy observer was designed in [8] to identify unknown nonlinear functions and estimate its unmeasured states. Therefore, this paper focuses on MASs with Lipschitz nonlinear systems, as discussed in [7]. Note that the cyber communication network increases the flexibility and scalability of the cyber-physical network by enabling more nodes to access the network medium, leading to high risks of disturbances or being attacked by malicious adversaries. The security problem of MASs have received considerable attention from both academic and industrial fields [9]. The use of open transmission lines with no additional protection mechanisms makes MASs become an easy target to attack, especially for smart grids [10], [11].Therefore, a secure control protocol, involving the computation of the network center and the interaction between the physical and cyber layers, must be capable of ensuring the desired coordinated control goal successfully achieved in the presence of malicious attacks.

As an important coordinated control goal, synchronization of MASs was considered in several reports under malicious attacks. Typically, there are two types of attacks in the study of secure control of MASs based on security requirements(integrity, availability, and confidentiality) [12]. Some results focused on denial-of-service (DoS) attacks in MASs by modeling them as a communication delay [13] or disconnection of the communication channels [14]–[17]. The consensus problem for a class of linear multi-agent systems under strategic DoS attacks whose dynamics are captured by a random Markov process was studied in [16]. In [17], two different kinds of attacks: connectivity-maintained attacks and connectivity-broken attacks, were also modeled by a random Markov process to describe the disconnection scenario from the perspective of a switched system. Frequently malicious attacks on controllers and observers, which destroyed at least one link, were studied for a class of MASs in [18]. On the other hand, packet dropouts [19] and intermittent communications [20] can also be used to model the influence of DoS attacks. Note that in [13]–[18], communication channels from sensors to actuators suffered from DoS attacks.The control center also needs to receive data from sensors and sends control signals to actuators if it relies on the communication network for a long-distance transmission,which are at risk of suffering from malicious attacks. The attackers can not only launch attacks on sensor-to-controller channels, but also controller-to-actuator channels and the controller. On the other hand, instead of destroying the network topology, attackers may be able to tamper signals that is being communicated, known as deception attacks.

Deception attacks refer to the situation that an attacker has the ability to access the system and manipulate the measurement data and control commands. False data injection attacks can be regarded as a class of deception attacks.Compared with DoS attacks, deception attacks are more difficult to detect, while heavily affecting the integrity of the data [21]. Deception attacks were proposed for power networks in [22], and then were extensively studied in smart grid [23]. For example, sensory data from GPS sensors in a multi-vehicle system were spoofed and replaced with false data, which was sent to the controller silently. Then, a wrong control signal was calculated. The security and performance of the control systems were inevitably threatened by attackers[24]. Besides, actuator faults can also be used to model the influence of false data injection attacks, which has been well studied in [25]. Some remote state estimation methods toward deception attacks, in which the bad data were injected into transmission channels between the sensor and the remote estimator of the linear system, were investigated [26], [27].Quasi-consensus conditions under deception attacks obeying the Bernoulli distribution were derived in [28]. A detailed analysis of deception attacks on both sensors and actuators modeled by indicator variables in MASs was presented in[29]. However, it is worth pointing out that most of them focused on continuous control in MASs. In terms of applications, impulsive control is widely applied as a useful mathematical tool to describe the abrupt variation of discrete control signals in MASs, which not only arises instantaneous changes of states, but also reduces the system energy and communication capacity. The impulsive control signals being modified by the malicious attackers’ signals can pose severe threats on synchronization of MASs. Up to now, attacks in the impulsive control framework are seldom investigated.

There are some results available in the literature on synchronization of MASs via impulsive control [30]–[36].References [30] and [31] proposed effective pinning impulsive strategies for synchronization. Quasi-synchronization of heterogeneous dynamic networks via distributed impulsive control was well investigated in [32]. It is known that quasi-synchronization is a special type of synchronization pattern with nonzero synchronization error. On the other hand,network-induced delays have great impacts on collective behaviors of MASs, which were considered in [33]. However,when attacks are taken into account, those well-developed methods can not be applied to secure impulsive controls directly. Attack models should be considered in MASs to redesign impulsive control parameters. In a recent study,almost sure stability of a single nonlinear systems suffering from random and impulsive sequential attacks was studied[34]. Reference [35] focused on almost sure stability of complex networks with hybrid actuator faults via impulsive control. In [36], false data injection attacks were considered in sensor-to-controller channels for a class of nonlinear MASs,in which an external attack signal was added into the impulsive controller to tamper with the control commands.Note that existing works on secure impulsive consensus of MASs under deception attacks focus on additive attacks launched on sensor-to-controller channels, and replacement attacks of impulsive MASs are rarely considered. The variety of attacks challenge us to move beyond the current models based on additive attacks to study some novel and realistic attacks in different ways. Moreover, different from continuous systems, methods of analyzing of deception attacks on discrete impulsive control also needs to be addressed, which motivate the current study.

In this paper, instead of additive attacks caused by false data injection in sensor-to-controller channels, an attack on the controller or controller-to-actuator channels is considered,which results in the occasional replacement of the control signal by input false data. A secure impulsive control framework with a pinning strategy in leader-following MASs is proposed. Bounded synchronization is derived and attack parameters are also analyzed. The contributions of this paper are summarized as follows:

1) A mathematical model of leader-following MASs with distributed impulsive control suffered from replacement deception attacks is built, in which the data integrity is destroyed by the occasional replacement of the control signal with the injected bad data. A stochastic variable following Bernoulli distribution is introduced to describe if the attack is successful;

2) Sufficient conditions for mean-square bounded synchronization are derived in which the nonzero upper bound of the error is given. The attack intensity and the attack tolerance probability related to the design of the impulsive interval and coupling strength are discussed. For symmetric networks, how to choose the coupling strength, the impulsive interval, the attack intensity and probability the systems can render are also given.

Notations: For a symmetric matrix, P>0 means P is a real positive definite matrix, λi(P) is the ith eigenvalue of matrix P, λmax(P)(λmin(P)) is written for the maximum (minimum)eigenvalue of matrix P. ρ(P)=max1≤i≤n|λi(P)| is the spectral radius and σmax(P) is the maximum singular value.

II. Preliminaries and Model Description

In this section, some preliminaries on the graph theory and the mathematical model of the MAS under deception attacks is introduced.

A. Graph Theory

Fig.8. The average synchronization error eaverage in a symmetric network w ith ε=1, c=0.34.

A weighted directed graph is denoted by G={V,EG,AG},where V={v1,v2,...,vN} is the set of nodes (or vertices) and EG?V×V is the set of edges. The pair (i,j) denotes a in this paper. Attacks on the controller and the controller-toactuator channels is considered, which results in the occasional replacement of the control signal with input false data. Sufficient conditions are derived to ensure mean-square bounded synchronization, which are related with the attack probability, the coupling strength, the impulsive intervals, and the pinning matrix. How to select the impulsive interval and the coupling strength are discussed and some corollaries are derived. Finally, two examples are given to verify theoretical results.