Table of Contents Author Guidelines Submit a Manuscript
Mathematical Problems in Engineering
Volume 2016, Article ID 3750264, 9 pages
http://dx.doi.org/10.1155/2016/3750264
Research Article

Resilient State Estimation for Control Systems Using Multiple Observers and Median Operation

1Department of Information and Communication Engineering, DGIST, Daegu 42988, Republic of Korea
2Department of Electrical and Computer Engineering, Seoul National University, Seoul 08826, Republic of Korea

Received 23 November 2015; Revised 22 January 2016; Accepted 27 January 2016

Academic Editor: Yan-Jun Liu

Copyright © 2016 Heegyun Jeon et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Abstract

This paper addresses the problem of state estimation for linear dynamic systems that is resilient against malicious attacks on sensors. By “resiliency” we mean the capability of correctly estimating the state despite external attacks. We propose a state estimation with a bank of observers combined through median operations and show that the proposed method is resilient in the sense that estimated states asymptotically converge to the true state despite attacks on sensors. In addition, the effect of sensor noise and process disturbance is also considered. For bounded sensor noise and process disturbance, the proposed method eliminates the effect of attack and achieves state estimation error within a bound proportional to those of sensor noise and disturbance. While existing methods are computationally heavy because online solution of nonconvex optimization is needed, the proposed approach is computationally efficient by using median operation in the place of the optimization. It should be pointed out that the proposed method requires the system states being observable with every sensor, which is not a necessary condition for the existing methods. From resilient system design point of view, however, this fact may not be critical because sensors can be chosen for resiliency in the design stage. The gained computational efficiency helps real-time implementation in practice.

1. Introduction

Feedback control systems resilient against malicious attacks have received increasing attention in recent years [14]. This is because, combined with advances in computing and communications, feedback control systems now operate in a more connected manner with remotely located sensors, actuators, and other subsystems, which increase vulnerability of the systems compared to isolated ones in the past. The same trend is clearly seen in networked control systems [5, 6] and Cyber-Physical Systems [7, 8]. In particular, for applications to critical infrastructures of our society [9], such as power grid [10], public transportation, and nuclear facility, the consequence of malfunction due to attacks may be disastrous. Malicious attacks on control systems of trams, power grids, water distribution systems, and sewage plant have occurred in reality as reported in [1113]. More potential attacks have been illustrated (see [14] and references therein for details).

In this paper, we develop a state estimation method for feedback control systems that is resilient against malicious attacks on sensors. Resilient state estimation is a method that can correctly estimate the true state of the system despite attacks on sensors. Such a method is sometimes referred to as secure state estimation.

The scenario considered here is the situation in which malicious attacks corrupt sensor outputs with the aim to degrade the control performance or fail the control systems. Such attacks, referred to as integrity attack [1], include the case where the sensors are physically destroyed and yielding false values or the case where the communication channels between sensors and controllers are compromised so that measurement values are intentionally altered. Altered sensor values can be arbitrary and no assumptions are made on their values or statistical properties.

Feedback systems under consideration are those with multiple sensors. First we consider the case where multiple sensors measure the same physical quantity redundantly and then we consider the case of multiple sensors measuring different physical quantities. The rationale is that the systems with multiple sensors can retain its functionality with a properly designed state estimation mechanism, despite the fact that some sensors, not all, are compromised. We assume that compromising more sensors at once requires more effort and resource for the adversaries.

Our approach is based on Luenberger state observers. Specifically, for redundant sensors that measure the same physical quantity, sensor outputs are combined through a median operation, which then feed to a state observer to estimate the state. For multiple sensors that measure different physical quantities, multiple observers are constructed first, and states estimates are combined through element-wise median operations. Analyses are provided for conditions under which resilient state estimation is guaranteed. Additionally, experimental results on a magnetic levitation system are also given to illustrate the efficacy of the proposed approach.

State observers have been used previously to detect faults in the systems [14]. Most existing work designs an observer based scheme to generate residual signals that are used to detect faults. However, combining multiple state estimates using median operation in order to ensure resiliency has not been exploited to date.

Median operation has been used previously to ensure system tolerance to faults. For example, [15] designs a Guidance Navigation and Control (GNC) system where outputs from encoders, decoders, and data process units are combined through median operation to detect faults in the Data Processing Unit (DPU). Tripple Modular Redundancy (TMR) used in airline industry [16] executes voting based on AND-OR operation at logic level, which could be interpreted at selecting the median of the values from three computing units. However, it has not been used in the context of resilient state estimation where integrity attacks on the sensors are of the main concerns.

It should be acknowledged that seminal work of resilient state estimation is [17]. Formulated in discrete time linear systems setting, the method in [17] accumulates sensor outputs for multiple sampling periods, and process state estimation using techniques developed in compressed sensing literature [18, 19]. This work has been extended to systems with uncertainty, noise, and disturbance [20]. In [17], conditions for the correct estimation are given and an optimization problem is formulated. Since solving optimization online is computationally heavy (NP-hard), a relaxation condition on system parameters is given under which the solution of optimization is identical to a relaxed optimization. However, the relaxation condition narrows the class of the systems to which the method is applicable.

In an attempt to reduce computational effort, [21] approaches the problem of resilient state estimation using multiple observers. Contrast to the setting of [17, 20], [21] formulates the problem in continuous time linear dynamic systems setting and combines the estimates from multiple observers using the technique from compressed sensing. This method reduces optimization search space to a finite set leading to substantial reduction of computational effort from NP-hard to polynomial time. In addition, it is applicable to a large class of systems, compared to optimization method in [17], whose states are observable from the sensors.

Adaptive parameter estimation methods with various nonlinear elements [22, 23] may be used to solve resilient state estimation problem. When combining multiple observer outputs, especially, when each observes different number of states, adaptive fuzzy technique [2429] can be utilized. These venues, however, have not yet been actively pursued.

The approach of current paper follows the setting of [21] and achieves computational complexity in the order of with being the number of states and being the number of sensors, under the assumption that the system states are observable from each sensor.

It should be pointed out that the proposed method requires the system states being observable with every sensor, which is not a necessary condition for the existing methods. From resilient system design point of view, however, this fact may not be critical because sensors can be chosen for resiliency in the design stage. On the other hand, the gained computational efficiency helps real-time implementation in practice.

The contributions of this paper are to propose multiple observers combined by median operation as a means to solve resilient state estimation problem and achive higher computational efficiency compared to existing methods for a class of systems.

The outline of this paper is as follows. The problem formulation is given in Section 2. Section 3 presents the main designs and analyses, and Section 4 provides experimental results. Comparison to existing methods is given in Section 4 as well in terms of applicability and computational effort. The conclusions are formulated in Section 5.

2. Problem Formulation

Consider a linear time invariant system given bywhere is the plant state, is control, is the plant output, is the measurement for feedback control, is process disturbance, is sensor noise, and is a vector that represents the altered output value by external malicious attack. The matrices , , and are in appropriate dimensions. Let the matrix be written bywhere each for is a row vector that corresponds to the output of the output vector . The sensor being under attack is described by element of the vector , denoted by , being nonzero, and the value of represents the amount of measurement altered by the external attack.

In order to denote the set of sensors under attack, we introduce the following notation. The support of the vector is defined as and the cardinality of the set is denoted by . The elements in the set are the indices of the attacked sensors.

We now introduce assumptions for the system of (1).

Assumption 1. The set satisfies for all .

Assumption 1 states that strictly less than half of all the sensors in the system may be under integrity attack. This is a standard assumption for resilient state estimation [17, 21] and in fact a necessary and sufficient condition for resilient state estimation problem to be solvable. The rationale is that the adversaries who attack the sensors have limited resource only enough to compromise a subset of the sensors.

Assumption 2. The pair is observable for .

This assumption ensures that a bank of observers can be constructed. This assumption can be viewed as restrictive. However, from system design point of view, one can select sensors that satisfy Assumption 2.

Assumption 3. The vectors and satisfy for and for .

Assumption 3 states that the process disturbance and measurement noise are bounded.

We now formulate the following design problems.

Problem 1. Let Assumptions 1 and 2 hold. Assume further that no process disturbance and measurement noise exist in the system; that is, and . Furthermore, let for . Construct a state estimator for the system of (1) such that the estimated state denoted by asymptotically converges to despite .

Problem 2. Let Assumptions 1 and 2 hold. Assume further that and . Construct a state estimator for the system of (1) such that the estimated state denoted by asymptotically converges to despite .

It should be pointed out that unknown input observers (see, e.g., [30]), which address the problem of estimating states correctly despite unknown disturbances, may appear similar to Problems 1 and 2. However, the framework deals with unknown input entering the state dynamics instead of output equation, which differentiates Problems 1 and 2 from the problem of unknown input observers.

Another aspect that differentiates Problems 1 and 2 from existing work is that we seek a method of asymptotic estimation formulated in continuous dynamics, while [17, 20] seek instantaneous estimation formulated in discrete dynamics.

The above formulated problems aim to achieve asymptotic state estimation and do not consider the effect of process disturbance and measurement noise. In practice, modeling errors, external process disturbance, and measurement noise exist. Hence, we formulate the following analysis problems.

Problem 3. Let Assumptions 1, 2, and 3 hold. Analyze the effect of disturbance and measurement noise on the system of (1) and the state estimator of Problem 1.

Problem 4. Let Assumptions 1, 2, and 3 hold. Analyze the effect of disturbance and measurement noise on the system of (1) and the state estimator of Problem 2.

Solutions to Problems 14 are given in Section 3.

3. Resilient State Estimation

3.1. Median Operation

First we define sample median operation. The sample median of many values , denoted by , is defined by the largest value of if is odd and defined by the average of the and the largest values of if is even.

We now examine the property of median operation in the context of the system of (1). Suppose there are measurements denoted by with , each measuring the same value denoted by . Let and for . We denote the cardinality of by ; that is, . Then, it is straightforward to notice that, as long as the number of measurements is greater than twice the number of elements in , or equivalent to say , the median value is equal to ; that is,

Notice that the fact above holds regardless of the values of as long as at any given time. Note also that (4) holds even if the elements of change in time. As an illustration, an example is given.

Example 1. Consider the case of . Assume that , and . Accordingly, let be . Notice that in this case and is satisfied. Then, and med() is given by 2, which is equal to . If , then, , and . This yields and med() is given by 5, which is not equal to .

For the case when measurement noise exists, we have the following property for the median. Let , , , and be -dimensional vectors. The vector is of the form with , the vector represents noise, and as in Assumption 3, each element of the vector is bounded by a constant ; that is, , the vector satisfies with , and let the vector be given by . Then, we have the following for the sample median operation:In words, this means when all the measurement is subject to bounded noise, sample median is also subject to noise, with the same bound as that for each element of the vector representing measurement noise. The derivation of (5) is in the appendix.

3.2. Design of Resilient State Observer

Now we propose a solution to Problem 1. Since all sensors are measuring the same physical quantity, that is, , for , we construct a Luenberger state observer in the following manner:where the gain matrix is chosen such that is Hurwitz. Then it can be shown that, for the system of (1) with and , the state observer (6) satisfies as . In words, asymptotic state estimation is obtained by using (6). Specifically, since all the sensors measure the same output, we can denote this output by where . As explained earlier, under Assumption 1, is obtained. Also, due to Assumption 2, the matrix can always be chosen to render Hurwitz. This ensures the state estimate asymptotically converges to .

Therefore, the state observer of (6) is a solution to Problem 1. It ensures asymptotic state estimation despite external attack as long as the number of attacked sensors is less than half of all the sensors (Assumption 1). We emphasize that this solution is computationally very efficient as the computational complexity of median operation of variables is given by .

Next we consider the case where not all sensors measure the same physical quantities. As given in Assumption 2, the system states are observable from each sensor. For each sensor output , one can design a Luenberger type observer that estimates the state asymptotically. The state estimate from sensor is denoted by with a superscript . Then, Assumption 2 allows design of the observer,where can be selected such that is Hurwitz. By combining state estimates through median operation, we can obtain a state estimatewhere For the method in (7)–(9) to work, an additional assumption is needed.

Assumption 4. The set does not change over time.

The additional assumption is needed to avoid the case that attacks excite the transients response of each observer in (7) in a manner that prevents from converging to . With Assumption 4, it can be shown that, for the system of (1) with and , the state estimation method given by (7)–(9) achieves as . This is possible because, under Assumption 1, more than half of observers yield correct state estimates. Combining them through median would remove the effect of nonzero attack vector and ensure asymptotic state estimate. Detailed derivation is given in the appendix. Therefore, the state estimation method of (7)–(9) for the system (1) provides a solution to Problem 2. Note that the additional computational effort for resiliency in this case is , which is more scalable than NP-hard [17, 20], or polynomial time of [21].

3.3. Effect of Measurement Noise and Process Disturbance

Now we analyse the proposed state estimation method when measurement noise and process disturbances exist. In the presence of measurement noise and disturbance, asymptotic state estimation is generally not possible even without external attack. Hence, we focus on finding a bound on the estimation error. From a practical point of view, we deal with measurement noise and process disturbance that are bounded. Hence, Assumption 3 applies throughout this subsection.

First we consider the system of (1) with multiple sensors that measure the same physical quantity; that is, for . Then, it can be shown that there exist some positive constants and such that the state estimation given by (6) yieldsNote that inequality (10) implies that the estimation error is bounded when bounded noise as well as process disturbance is present. Note moreover that the first term in (10) diminishes as time goes and the bound on the remaining term in the error is proportional to the bounds of the measurement noise and . This solves Problem 3 given in Section 2. The derivation of (10) is given in the appendix.

For the case with the sensors measuring different physical quantities, resilient state estimation is achieved by the method given in (7)–(9). When measurement noise and process disturbance exist, the method of (7)–(9) does not achieve asymptotic estimation. It turns out, however, that (10) holds for this case as well although the derivation now is more involved using observers and element-wise median operation. Hence (10) solves Problem 4. The detailed derivation for this case is given in the appendix.

We would like to emphasize that the bound on estimation error does not depend on attack vector . Attack can be arbitrarily large, but the effect is eliminated by resilient state estimator construction, and the bound on error only depends on the initial error, the bound of process disturbance, and the bound for the measurement noise.

4. Experiment

4.1. Modeling

The proposed methods of resilient state estimation are experimentally validated using a magnetic leviation control system. Figure 1 shows the magnetic levitation system developed by Quanser for control education purpose. It consists of electromagnet, infrared ray position sensor, a steel ball, voltage amplifier, ADC converter, and data acquisition system connected to a PC using USB cable. A control algorithm is implemented using real-time workshop in Matlab/Simulink.

Figure 1: Magnetic levitation system.

The system model is given by [31]where is the position of the ball, is the velocity of the ball, is the gravitational constant, is the current applied to the electromagnet, is the electromagnet force constant, and is the metal ball mass. Values for parameters and are specified in [31]. By linearizing the dynamics of (11) at the equilibrium point of and , the following linear model is obtained:where is used to indicate deviations from the equilibrium state and input .

Quanser magnetic levitation system has only one sensor that measures the position of the steel ball. In order to apply the proposed state estimation method, we virtually create in Matlab an additional position sensor and a velocity sensor. Then, the system output equation including attack can be written aswhere , , and . It can be easily verified that the system of (12) and (13) satisfies Assumption 2.

4.2. Attack Scenario and State Estimation Results

We construct resilient state estimator given in (7)–(9). In the case of the magnetic levitation plant, the method yields three Luenberger observers as we have three sensors. Each observer dynamics is given bywhere is the index for the sensor, is the observer state, and is the output of the sensor. The observer gain matrix is selected such that is Hurwitz for all . Specifically, the gains are , , and , respectively. Then, is computed by Finally, the state estimate around the equilibrium is obtained by .

We consider the scenario where the velocity sensor, which provides the third measurement, is compromised by adversaries. The attack on the sensor, , consists of constant, ramp, sinusoid, and square waves as shown in Figure 2.

Figure 2: Attack signal on the third sensor.

The estimated state and true state are shown in Figure 3. As expected, is practically identical with despite the attack on the velocity sensor. Slight mismatches between the two are due to modeling uncertainty which act as if they were disturbance.

Figure 3: The estimated state and the true state.

For further investigation, Figure 4 shows state estimates , and from the three observers. The effect of attack is clearly present in . As shown by the analysis in Section 3, the element-wise median operation removes the effect of on .

Figure 4: The states estimates from each Luenberger observer.

As illustrated by the above experiments, the proposed state estimation method is resilient against external attacks on the measurement.

4.3. Comparison with Existing Methods

Here we consider the method of [17] with the magnetic levitation system. It is difficult to apply the method of [17] on the magnetic levitation system for two reasons. First, the exact optimization using norm is computationally expensive (NP-hard) and no efficient method is known for optimization. Second, the relaxation condition in [17] for enabling convex optimization is not satisfied for the magnetic levitation system. Hence we do not implement and compare the method of [17] in the context of experiment with magnetic levitation.

The proposed method and that of [21] are compared in the following manner. From the above experiment, data from the sensors are stored. Then, two state estimation algorithms coded in Matlab m-file are executed on the stored sensor data, respectively. In this way, the execution times for the two algorithms alone (separated from the computation needed for control and communications) can be measured and compared.

We compared the two for the cases of 3, 5, 7, and 9 sensors. The cases of 5, 7, and 9 sensors use duplicated data from the first sensor for the sake of simplicity. The sensor data is collected over 58001 samples, and the time for 58001 executions of each algorithm is measured to obtain average value. Each Matlab code is executed on a computer with Intel i7-4790 CPU, 3.60 GHz clock speed, 32 GB RAM, and 64-bit Windows operating system. Both algorithms correctly estimate the true states despite attacks, although no plots are shown as our main interest here is the computational efficiency. Average execution time for the two algorithms is listed in Table 1.

Table 1: Computation time comparison between the proposed method and the method in [21].

Clearly, the proposed method is superior to the method in [21] in terms of computational effort, showing smaller computation time by orders of magnitude. We point out that method of [21] is superior to the proposed method in terms of applicability: the condition of systems states being observable from every sensor is not necessary for [21].

5. Conclusion

This paper addresses the problem of resilient state estimation against malicious attacks on the sensors. We propose a state estimation with a bank of observers combined through median operations. Then, we show that this method is resilient in the sense that state estimation converges to the true state despite existence of attacks on sensors. For practical considerations, the effect of sensor noise and process disturbance on the proposed state estimation is analyzed.

We point out that the proposed method requires the system states being observable with every sensor, which is not required for the existing methods. This may not be a critical limitation because sensors can be chosen in the system design stage in applications where resiliency is of importance.

We emphasize that the proposed method is computationally efficient compared to existing methods in the literature, yielding the complexity of with being the number of system states and being the number of sensors. The gained computational efficiency helps real-time implementation for feedback systems in practice. Due to the simplicity of the state estimator structure and computational advantage over the existing method, the proposed method will benefit the design of resilient control systems.

Developing resilient state estimation methods using adaptive parameter estimation techniques is a future work.

Appendix

Derivation of Asymptotic State Estimate by (7)–(9). Denote the estimation error for each state observer corresponding to sensor by . Then the estimation error dynamics for each observer can be written asthe solution of which is given byDenote the two quantities in the right-hand side of (A.2) by and , respectively:The vector is nonzero only for . Then, (9) is written asNow, Assumption 1 ensures less than half of   are nonzero in (A.5) for each . In addition, due to Assumption 2, vanishes over time for all . This gives asymptotically for each , and as a whole is achieved.

Derivation of Inequality (5). We can write Notice that there are at least many measurements ’s that are greater than or equal to the , and there are also at least many measurements that are less than or equal to the .

Suppose is even and . Assuming , there are at most measurements greater than or equal to . Since , this is a contradiction. Now suppose , there are also at most elements less than or equal to , and this is also a contradiction for the same reason.

When is odd, contradictions can be shown in a similar manner using .

Derivation of Inequality (10). The state estimate is written aswhich is equivalent towhere and by Assumption 1 and (5). Denote by ; then the state estimation error dynamics could be written asand the solution of which isTaking the norms on both sides of (A.10),By Assumption 3,Since is Hurwitz, there exist positive constants and such that for all . Therefore,Let . Then (A.13) also satisfiesThis completes the proof.

Derivation of Inequality (10) for the Case of for Some and . Let be the state estimates from the sensor. Denote the estimation error dynamics for observer as ; thenand the solution of which is given byDenote each quantity in the right-hand side of (A.16) by , , , and , respectively:Then (9) can be written aswhere , , , , and are the components of , , , , and .

Without the loss of generality, we may assume , . Since is Hurwitz , under Assumptions 1, 2, 3, and 4, it can be seen from the derivation of (10) that , , and , , are bounded asfor some constants and .

Since , , and are components of , , and , , , and . Let  , . Then, (A.21) can be written asand by (5), , . Since is bounded above aswe see thatChoose and ; we have

Conflict of Interests

The authors declare that there is no conflict of interests regarding the publication of this paper.

Acknowledgments

This work was partially supported by the Basic Science Research Program through the National Research Foundation of Korea (NRF-2013058304), funded by the Ministry of Education, and also supported by Institute for Information and Communications Technology Promotion grant funded by the Korea government (no. B0101-15-0557, Resilient Cyber-Physical Systems Research).

References

  1. A. Teixeira, I. Shames, H. Sandberg, and K. H. Johansson, “A secure control framework for resource-limited adversaries,” Automatica, vol. 51, pp. 135–148, 2015. View at Publisher · View at Google Scholar · View at MathSciNet · View at Scopus
  2. A. A. Cardenas, T. Roosta, and S. Sastry, “Rethinking security properties, threat models, and the design space in sensor networks: a case study in SCADA systems,” Ad Hoc Networks, vol. 7, no. 8, pp. 1434–1447, 2009. View at Publisher · View at Google Scholar · View at Scopus
  3. Y.-L. Huang, A. A. Cárdenas, S. Amin, Z.-S. Lin, H.-Y. Tsai, and S. Sastry, “Understanding the physical and economic consequences of attacks on control systems,” International Journal of Critical Infrastructure Protection, vol. 2, no. 3, pp. 73–83, 2009. View at Publisher · View at Google Scholar · View at Scopus
  4. A. Teixeira, K. C. Sou, H. Sandberg, and K. H. Johansson, “Secure control systems: a quantitative risk management approach,” IEEE Control Systems, vol. 35, no. 1, pp. 24–45, 2015. View at Publisher · View at Google Scholar · View at MathSciNet · View at Scopus
  5. K. Ji and D. Wei, “Resilient control for wireless networked control systems,” International Journal of Control, Automation, and Systems, vol. 9, no. 2, pp. 285–293, 2011. View at Publisher · View at Google Scholar · View at Scopus
  6. A. Teixeira, I. Shames, H. Sandberg, and K. H. Johansson, “Distributed fault detection and isolation resilient to network model uncertainties,” IEEE Transactions on Cybernetics, vol. 44, no. 11, pp. 2024–2037, 2014. View at Publisher · View at Google Scholar · View at Scopus
  7. T. Vollmer and M. Manic, “Cyber-physical system security with deceptive virtual hosts for industrial control networks,” IEEE Transactions on Industrial Informatics, vol. 10, no. 2, pp. 1337–1347, 2014. View at Publisher · View at Google Scholar · View at Scopus
  8. Q. Chang, R. Gao, Y. Lei, L. Wang, and C. Wu, “Cyber-physical systems in manufacturing and service systems,” Mathematical Problems in Engineering, vol. 2015, Article ID 704213, 2 pages, 2015. View at Publisher · View at Google Scholar
  9. A. M. Grilo, J. Chen, M. Diaz, D. Garrido, and A. Casaca, “An Integrated WSAN and SCADA System for Monitoring a Critical Infrastructure,” IEEE Transactions on Industrial Informatics, vol. 10, no. 3, pp. 1755–1764, 2014. View at Publisher · View at Google Scholar
  10. A. Teixeira, S. Amin, H. Sandberg, K. H. Johansson, and S. S. Sastry, “Cyber security analysis of state estimators in electric power systems,” in Proceedings of the 49th IEEE Conference on Decision and Control (CDC '10), pp. 5991–5998, IEEE, Atlanta, Ga, USA, December 2010. View at Publisher · View at Google Scholar · View at Scopus
  11. J. Slay and M. Miller, Critical Infrastructure Protection, Springer, Manhattan, NY, USA, 2008.
  12. Forbes, “Hackers Cut Cities' Power,” 2008, http://www.forbes.com.
  13. The Register, Polish Teen Derails Tram after Hacking Train Network, 2008, http://www.theregister.co.uk.
  14. D. Henry and A. Zolghadri, “Design and analysis of robust residual generators for systems under feedback control,” Automatica, vol. 41, no. 2, pp. 251–264, 2005. View at Publisher · View at Google Scholar · View at MathSciNet · View at Scopus
  15. S. Fan, Y. Gao, Y. Lin, and L. Wan, “Formal analysis of a fault tolerant GNC system architecture,” in Proceedings of the 4th International Conference on Intelligent Control and Information Processing (ICICIP '13), pp. 736–743, Beijing, China, June 2013. View at Publisher · View at Google Scholar · View at Scopus
  16. J. H. Wensley, L. Lamport, J. Goldberg et al., “SIFT: design and analysis of a fault-tolerant computer for aircraft control,” Proceedings of the IEEE, vol. 66, no. 10, pp. 1240–1255, 1978. View at Publisher · View at Google Scholar
  17. H. Fawzi, P. Tabuada, and S. Diggavi, “Secure estimation and control for cyber-physical systems under adversarial attacks,” IEEE Transactions on Automatic Control, vol. 59, no. 6, pp. 1454–1467, 2014. View at Publisher · View at Google Scholar · View at MathSciNet · View at Scopus
  18. D. L. Donoho, “Compressed sensing,” IEEE Transactions on Information Theory, vol. 52, no. 4, pp. 1289–1306, 2006. View at Publisher · View at Google Scholar · View at MathSciNet · View at Scopus
  19. S. Li, L. D. Xu, and X. Wang, “Compressed sensing signal and data acquisition in wireless sensor networks and internet of things,” IEEE Transactions on Industrial Informatics, vol. 9, no. 4, pp. 2177–2186, 2013. View at Publisher · View at Google Scholar · View at Scopus
  20. M. Pajic, J. Weimer, N. Bezzo et al., “Robustness of attack-resilient state estimators,” in Proceedings of the 5th IEEE/ACM International Conference on Cyber-Physical Systems (ICCPS '14), pp. 163–174, Berlin, Germany, April 2014. View at Publisher · View at Google Scholar · View at Scopus
  21. C. Lee, H. Shim, and Y. Eun, “Secure and robust state estimation under sensor attacks, measurement noises, and process disturbances: observer-based combinatorial approach,” in Proceedings of the European Control Conference (ECC '15), pp. 1872–1877, Linz, Austria, July 2015. View at Publisher · View at Google Scholar
  22. Y.-J. Liu and S. Tong, “Adaptive NN tracking control of uncertain nonlinear discrete-time systems with nonaffine dead-zone input,” IEEE Transactions on Cybernetics, vol. 45, no. 3, pp. 497–505, 2015. View at Publisher · View at Google Scholar · View at Scopus
  23. Y.-J. Liu, L. Tang, S. Tong, and C. L. P. Chen, “Adaptive NN controller design for a class of nonlinear MIMO discrete-time systems,” IEEE Transactions on Neural Networks and Learning Systems, vol. 25, no. 5, pp. 1007–1018, 2015. View at Publisher · View at Google Scholar · View at Scopus
  24. Y.-J. Liu and S. Tong, “Adaptive fuzzy control for a class of nonlinear discrete-time systems with backlash,” IEEE Transactions on Fuzzy Systems, vol. 22, no. 5, pp. 1359–1365, 2014. View at Publisher · View at Google Scholar · View at Scopus
  25. Y.-J. Liu and S. Tong, “Adaptive fuzzy control for a class of unknown nonlinear dynamical systems,” Fuzzy Sets and Systems, vol. 263, pp. 49–70, 2015. View at Publisher · View at Google Scholar · View at MathSciNet · View at Scopus
  26. Y. Liu and S. Tong, “Adaptive fuzzy identification and control for a class of nonlinear pure-feedback MIMO systems with unknown dead zones,” IEEE Transactions on Fuzzy Systems, vol. 23, pp. 1387–1398, 2015. View at Google Scholar
  27. J. Wu, W. Chen, and J. Li, “Fuzzy-approximation-based global adaptive control for uncertain strict-feedback systems with a priori known tracking accuracy,” Fuzzy Sets and Systems, vol. 273, pp. 1–25, 2015. View at Publisher · View at Google Scholar · View at MathSciNet · View at Scopus
  28. J. Wu, W. Chen, F. Yang, J. Li, and Q. Zhu, “Global adaptive neural control for strict-feedback time-delay systems with predefined output accuracy,” Information Sciences, vol. 301, pp. 27–43, 2015. View at Publisher · View at Google Scholar · View at MathSciNet · View at Scopus
  29. Y. X. Li and G. H. Yang, “Fuzzy adaptive output feedback fault-tolerant tracking control of a class of uncertain nonlinear systems with non-affine nonlinear faults,” IEEE Transactions on Fuzzy Systems, vol. 24, no. 1, pp. 223–234, 2015. View at Publisher · View at Google Scholar
  30. J. Chen, R. J. Patton, and H.-Y. Zhang, “Design of unknown input observers and robust fault detection filters,” International Journal of Control, vol. 63, no. 1, pp. 85–105, 1996. View at Publisher · View at Google Scholar · View at MathSciNet · View at Scopus
  31. Magnetic Levitation (MAGLEV) Manual, Quanser Consulting, Markham, Canada, 1989.