Takagi–Sugeno Fuzzy Control for a Nonlinear Networked System Exposed to a Replay Attack

El Abbadi, Reda; Jamouli, Hicham

doi:https://doi.org/10.1155/2021/6618105

Mathematical Problems in Engineering

On this page

Abstract Introduction Conclusion Appendix Data Availability Conflicts of Interest References Copyright Related Articles

Research Article | Open Access

Volume 2021 | Article ID 6618105 | https://doi.org/10.1155/2021/6618105

Takagi–Sugeno Fuzzy Control for a Nonlinear Networked System Exposed to a Replay Attack

Reda El Abbadi¹and Hicham Jamouli¹

Academic Editor: Javier Moreno-Valenzuela

Received04 Oct 2020

Revised18 Dec 2020

Accepted31 Dec 2020

Published25 Jan 2021

Abstract

This article investigates the stabilization problem of a nonlinear networked control system (NCS) exposed to a replay attack. A new mathematical model of the replay attack is proposed. The resulting closed-loop system is defined as a discrete-time Markovian jump linear system (MJLS). Employing the Lyapunov–Krasovskii functional, a sufficient condition for stochastic stability is given in the form of linear matrix inequalities (LMIs). The control law can be obtained by solving these LMIs. Finally, a simulation of an inverted pendulum (IP) with Matlab is developed to illustrate our controller’s efficiency.

1. Introduction

A networked control system (NCS) is a system in which all the data (control input, sensor readings, etc.) are transferred via a communication network. This novel kind of system differs significantly from the classical control systems, where the exchanges of the data pass via electrical wiring. The main advantages of the communication network are flexibility, high efficiency, and reasonable price. Nevertheless, a new issue arose with the use of this control implementation compared with the old wired control systems, such as the packet loss. This problem has been the subject of much systematic investigation, where Lu et al. [1] used the Bernoulli distribution to model the packet loss of the information transmitted through the network. Yu et al. [2] modelled the NCS with data packet dropout as a linear jump system. Chen et al. [3] studied the control of a nonlinear NCS with data packet dropout, where the data packet dropout was described as a homogeneous Bernoulli process and the global system was modelled as a Takagi–Sugeno (T-S) fuzzy system. Xiong and Lam [4] considered two categories of packet dropout; the first category was the random packet loss process, whereas the second was the Markovian packet loss process.

Moreover, the control issue of an NCS with time delay and packet dropout was established in [5–8], where Qi et al. [5] studied the event-triggered control problem for networked switched systems with a mixed time and state-dependent switching law taking into consideration the effect of the network delay. Wang et al. [6] investigated the issue for NCS with packet dropout and varying time delays. Wang et al. [7] studied the robust fault detection dilemma for NCS with Markov time delay and packet loss in both communication channels. Qiu et al. [8] treated the stability problem for an NCS with random time delays and packet dropouts based on a unified Markov jump model. For more information on stochastic control using Markov chains, we refer the interested reader to [9].

In addition to the network problems mentioned above. The cyberattacks pose a significant threat to the NCS, especially after a series of successful attacks. In the last ten years, the Stuxnet virus was considered the most dangerous cyberattack in history. This virus targeted Iranian nuclear facilities and caused enormous losses [10]. Stuxnet has the same characteristic as a replay attack [11, 12], it registers the measurements of the sensors; after that, it replaces the new sensor’s output with previous measurements that are already saved and stocked by the cybercriminal. This type of attack is commonly a principal source of instability.

Due to the Stuxnet events, the control issues of a cyber system under a replay attack have attracted many researchers. The majority of these works have a common point. They had used a based-detector method to identify the replay attack by injecting a noisy signal as an authentication signal to the nominal control input. Then, they calculated the control law basing on the information offering by the detector. However, when the detection rate increases, the control efficacy deteriorates. A trade-off exists between the detection rate and the degradation of the control efficiency in terms of the variance of the authentication signal [13]. Moreover, the absenteeism of the attack when the adversary decides to stop the attack for a while produces a waste of control cost [11]. Consequently, new technical solutions are required to design the control law based upon the mathematical model of the replay attack. At our best knowledge, up to now, far too little attention has been paid to study this problem using the mathematical-based method, which motivates the study of this paper. The main objective of this article is to use an accurate mathematical model of the replay attack to calculate a robust feedback controller that guarantees the stability and conserves the control efficacy, with or without the existence of the replay attack.

The main contribution of this article is to model the nonlinear NCS against a replay attacker as a discrete-time Markovian jump linear system (MJLS), where a two-state Markov chain is used to describe the attack apparition, and a finite-state Markov chain is utilized to model the replay delay value. Based on this mathematical model, we will develop a new LMI employing the Lyapunov–Krasovskii functional.

Due to the various uses of the inverted pendulum (IP) in many fields, this system is considered one of the best applications of the NCS. Including its distinct physical characteristic (strong nonlinearity), these particularities encouraged us to choose it as an application system to test the robustness of our approach. Many methods are utilized to model the IP. For instance, Wang [14] modelled the IP based on the Euler–Lagrange equations. Furthermore, Çakan et al. [15] built for the IP a virtual prototype using MSC Adams software, this prototype was exporting to MATLAB, and the simulation was realized via MATLAB and MSC Adams software. In this study, we will use the Euler–Lagrange equations to give a mathematical model to the IP. Then, we will discretize the differential equations by using the discretization method of the first order (Euler). After that, we will linearise the discrete model creating the Takagi–Sugeno (T-S) fuzzy model of the IP, which means writing the nonlinear model in the form of many linear subsystems that are connected to membership function [16]. The overall number of subsystems depend on the number of nonlinearity exist in the system. For more information on the T-S fuzzy model and its applications, we refer the interested reader to [17–20].

The article is organized as follows: first, we will represent our model of the replay attack, and we will describe the structure of the global system. Section 3 develops the sufficient stability conditions of the overall system. After that, in Section 4, we will use the Euler–Lagrange equations to give a mathematical model to the IP. In Section 4.3, two simulations will be performed to investigate the effectiveness of the proposed approach. Finally, in Section 5, a brief conclusion is presented to sum up the approach.

Notations. Let () be a complete probability space. and are utilized to denote a positive and negative definite matrices, respectively. Notation (respectively, ) where and are real symmetric matrices, meaning that is positive semidefinite (respectively, positive definite). diag() refers to an diagonal matrix with as its ith diagonal entry. denotes the zero matrix, whereas denotes the identity matrix with appropriate dimensions. The delimiter refers to the Euclidean norm for vectors and induced 2-norm for matrices. The operator denotes the mathematical expectation. The superscript T denotes the transpose for vectors or matrices. The symbol stands for the symmetric terms of the corresponding off-diagonal term. The notation sym() is employed to denote the expression .

2. Replay Attack Model and Networked Controller

2.1. Replay Attack

A replay attack is a type of cyberattack in which a cybercriminal eavesdrops on a secure communication network, intercepts the data, and then maliciously delays or retransmits it to misdirect the system into doing what the adversary wants (Figure 1). The thing that makes the replay attack one of the most perilous cyberattacks is that the adversary does not even need advanced skills to decrypt the data, he just needs to record the sensing data secretly and then resend it to the controller after modifying the sensors’ output fraudulently to push the controller to take wrong decisions which could destabilize the system in the feedback loop.

To explain how the replay attack behaves, an illustrative example will be utilized (Figure 2), where the first line represents the transmitted sequence and the second line represents the received sequence under the replay attack. We suppose that the attacker records from 100 to 101, and then he replays it from 102 to 103. In other words, the adversary replaces the packets 102 and 103 by 100 and 101, respectively. The same procedure for the packet 200, but this time the replay delay equals ; that means he saves the packets 197; 198; 199. Then, he replays it from 200 to 202.

2.2. Problem Formulation

This article deals with the control problem of a nonlinear NCS with a replay attack. As Figure 3 shows, the transmission of the packets from the sensor to the controller passes via a communication network. We assume that an attacker has connected to the communication network of the system. To keep himself undercover and avoid being detected by the classical detectors, the attacker will not apply the attack all the time (steadily); he will appear at different times (randomly). This action will reflect negatively on the stability of the system.

The framework of nonlinear NCS exposed to a replay attack is depicted in Figure 3. The T-S fuzzy model can be seen as represented by s plant rules. The ith plant rule is

Then,where denotes the system state and denotes the control input. and are the system matrices.

Using a standard fuzzy inference, the final state of the fuzzy model is inferred as follows: where is the attributed weight for each rule i, and is the appurtenance degree of the membership function to the fuzzy set .

The functions satisfies the convex sum property, i.e, , and , with i = 1…s.

The state feedback controller can be driven by the next rules:

Then,where is the controller gain and is the controller input with

The variable is a two-state Markov model that represents the state of the switch , Figure 4. If the communication link between the sensor and the controller was perfect, will be equal to 0. Otherwise, if there was a communication problem (communication delay and/or replay attack), will be equal to 1. represents the replay delay and/or the network delay; that means if there is an attack, the state x(k) will be changed by the previous state . However, if there is a communication delay, the state x(k) will be equal to . Finally, if there are a replay attack and a network delay simultaneously, the state x(k) will be equal to , and since the delays and are variables, we can unify the two variables in one variable , where is a random scalar which bounded between and , such as . Consequently, the controller (6) will be switching between several subsystems based on the value of and . The switching controller has been widely used for other similar systems (see [21, 22], and the references therein).

Replacing the equation (6) in (2), we obtain a discrete-time MJLS defined on a complete probability space ():where and , , , , {} is a two-state Markov chain which takes value in the set , and { } is a finite-state discrete-time homogeneous Markov chains which takes value in the finite set . The transition probability matrices arewhere and for all , , and

Definition 1. (see [23]). The system (8) is stochastically stable if for any initial condition and initial modes , , there exists a finite such that the following inequality holds:

3. Main Results

This section will be devoted to the stabilization theorem for the closed-loop system (8).

Theorem 1. The overall closed-loop system (8) will be stochastically stable if there exist matrices , , , , , , with appropriate dimensions, and a symmetric matrix W, such that the following LMIs hold:where,

Proof. The stochastic Lyapunov functional candidate for the system (8) iswhereThe difference of the function is given byIf we put , and , we will denote as , as , and as .
The mathematical expectation of is given bywhereWe define . Then,Therefore,whereNotice thatHence,Notice that for all k, we getEmploying the simplification in ([24], p.5), we haveThen, .
Finally, combining (20), (23), and (24) together with Theorem 1, we obtainwhere ,

Remark 1. The inequality (27) cannot be regarded as an LMI because of the existence of nonlinear terms. So, we cannot solve it using Yalmip toolbox in Matlab. Nevertheless, if we multiply the matrix in (27) by the matrix in left and right sides. The problem will be solved, and we get (12).

Remark 2. In practice, it is important to know the maximum network delay and the maximum replay delay such that the NCS can remain stable. To determine these maximum time delays, we should solve the following nonlinear optimization problem:

4. Application to an Inverted Pendulum

4.1. Mathematical Model of the Inverted Pendulum

The inverted pendulum depends on three parameters Figure 5. The position of the cart noted as X, the angle which makes the pendulum rod with the vertical position, and the force exerted to the cart to put the pendulum rod in the stable position. These parameters of the system are included in Table 1.

In reason to give the mathematical model of the system, we will use the Lagrangian equation. This equation is based on the principle of conservation of mechanical energy. In our case, the system has two degrees of freedom which can be represented by(i)X for the horizontal movement of the cart.(ii) for the angular position of the pendulum. The Lagrangian equation is generally defined by the difference between the kinetic energy () and the potential energy () of the system: The form of the Lagrange equation is With and are, respectively, the degree of freedom and the generalized force in the sense of the degree of freedom . The kinetic energy of the system is given by where J = . The potential energy of the system is given by Replacing equation (32) and (33) in (30), we obtain(iii)If , then, equation (31) becomes With = m’ + M.(iv)If , then equation (31) becomes We define Hence, Replacing the value of in (37), we obtain where . The mathematical model of the IP system can be written as follows:

4.2. T-S Fuzzy Modelling of the Inverted Pendulum

To pass from continuous time to discrete time, the differential equations (41) can be discretised by using the discretization technique of the first-order Euler in which we will replace by , where is the sampling time. The differential equation (41) becomes

As we can notice from (42), the state-space representation contains four nonlinearities, which can be presented as follows:where . For , the system is not controllable. So let us suppose that is bounded between two angles with is less than 90 degree Figure 6.

The equation (42) becomeswherewith , , , and .with , , , and .with , , , and .with , , , and .

After using this linearisation technique, the IP system can be written as a sixteen linear subsystems, with the matrices and of these subsystems given in Appendix.

4.3. Simulation

4.3.1. System Stabilization

To illustrate the effectiveness of the developed controllers in Theorem 1, a simulation of an IP controlled through a communication network is performed using the parameters in Table 2.

The convex sum propriety of the activation functions is well respected. From Figure 7, we can see that . And from Figure 8, we have , with i = 1…16.

Figure 9 represents the switch values of . To be close to the reality, we chose that the commutation of the switch is random. The command “dmtc” in Econometrics Matlab toolbox is used to create the switching law of . The matrix of the transition probability is

In this example, we will take the case when is bounded between 0.5s and 1s, which means it will take the following values (0.5–0.6–0.7–0.8–0.9–1). Figure 10 shows the switch of between these values. The transition probability matrix is as follows:

As is custom, the IP system has an inherent instability, Figures 11 and 12 show the state trajectory of the open-loop system. The states of the system ( which denotes the angular , and which denotes the angular velocity ) diverge from zero. According to Theorem 1 and exploiting Matlab, the LMIs (12) have a feasible solution, with the value of the gain vector of the controller

The state trajectories are shown in Figures 13 and 14, where the two curves represent the trajectory of the states and under the controller gain . The initial condition is . As we can notice from the figures, the two curves converge to zero. Accordingly, the closed-loop system is stable.

4.3.2. Trajectory Tracking

Let us consider the above system with the same parameter’s value given in Table 2. The subject of this paragraph is that the angle of the IP’s rod tracks the desired trajectory (the reference).

The control law will be written as follows:

To find the value of , we will apply the Z-transform proprieties on the equation (53):

The output y(k) of the system can be rewritten as follows:where C = [1 0].

The gains will be calculated in such a way that , with

Hence,

To see the robustness of the proposed theorem, three different situations will be studied. In the first situation, the event rate of the switch S is 0.1 (the percentage to have a replay attack during 100 s is 10). In the second situation, the event rate equals 0.3. Finally, in the third situation, the event rate is 0.5.

Figures 15–17 represent the different events rates of the switch S. 0.1, 0.3, and 0.5, respectively.

As we have said previously, the instants, when takes value 1, represent the times of the replay attacks. To simulate perfectly the attacks, these instance are chosen arbitrary. The values of stayed the same (Figure 10).

The value of the controller gain and the trajectory controller gain are given in Tables 3 and 4.

From Figure 18, we can notice that if the event rate of the switch S equals 0.1, the output can track perfectly the reference; the same thing happens if the chance to have an attack rises to 30 or 50. But, the response time at start up increases in these two cases. However, the results stay acceptable, which reflects the potency of our theorem.

5. Conclusion

This study dealt with the control problem of a nonlinear NCS exposed to a replay attack. A novel approach was used to calculate the control law based on an accurate mathematical description of the global system, taking into account the stochastic characteristics of the replay attack.

Two simulations have been performed to investigate the effectiveness of the proposed approach. The obtained results show that the new approach conserves the performance of the system despite the existence of the replay attack. The main advantages of the presented control method compared with the other approach that based on the detectors are the stochastic robustness, the good response time, and the adaptability for a practical application.

As a perspective of this study, our attention will be oriented towards studying the same problem with packet losses and an external disturbance.

Appendix

The state matrices and the input matrices of the sixteen subsystems are

Data Availability

No data were used to support this study.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

References

Q. Lu, L. Zhang, M. Basin, and H. Tian, “Analysis and synthesis for networked control systems with uncertain rate of packet losses,” Journal of the Franklin Institute, vol. 349, no. 7, pp. 2500–2514, 2012.
View at: Publisher Site | Google Scholar
M. Yu, L. Wang, T. Chu, and G. Xie, “Modelling and control of networked systems via jump system approach,” IET Control Theory & Applications, vol. 2, no. 6, pp. 535–541, 2008.
View at: Publisher Site | Google Scholar
H. Chen, D. Xu, Z. Li, and Y. Wang, “H_∞ control for discrete-time networked TS fuzzy systems with packet loss based on event-triggered mechanism,” Mathematical Problems in Engineering, vol. 2019, Article ID 9624245, 2019.
View at: Publisher Site | Google Scholar
J. Xiong and J. Lam, “Stabilization of linear systems over networks with bounded packet loss,” Automatica, vol. 43, no. 1, pp. 80–87, 2007.
View at: Publisher Site | Google Scholar
Y. Qi, X. Xu, X. Li, Z. Ke, and Y. Liu, “H_∞ control for networked switched systems with mixed switching law and an event-triggered communication mechanism,” International Journal of Systems Science, vol. 51, no. 6, pp. 1066–1083, 2020.
View at: Publisher Site | Google Scholar
Y. Wang, H. R. Karimi, and Z. Xiang, “Control for networked control systems with time delays and packet dropouts,” Mathematical Problems in Engineering, vol. 2013, Article ID 635941, 2013.
View at: Publisher Site | Google Scholar
Y.-f. Wang, “Robust fault detection for networked control systems with markov time-delays and data packet loss in both s/c and c/a channels,” Mathematical Problems in Engineering, vol. 2019, Article ID 4672862, 2019.
View at: Publisher Site | Google Scholar
L. Qiu, F. Yao, and X. Zhong, “Stability analysis of networked control systems with random time delays and packet dropouts modeled by Markov chains,” Journal of Applied Mathematics, vol. 2013, Article ID 715072, 2013.
View at: Publisher Site | Google Scholar
E.-K. Boukas and Z.-K. Liu, Deterministic and Stochastic Time-Delay Systems, Springer Science & Business Media, Berlin, Germany, 2012.
P. Shakarian, J. Shakarian, and A. Ruef, Attacking Iranian Nuclear Facilities: Stuxnet,” Introduction to Cyber-Warfare: A Multidisciplinary Approach, Elsevier, Amsterdam, The Netherlands, 2013.
C. Fang, Y. Qi, P. Cheng, and W. X. Zheng, “Cost-effective watermark based detector for replay attacks on cyber-physical systems,” in Proceedings of the 2017 11th Asian Control Conference (ASCC), pp. 940–945, IEEE, Gold Coast, Australia, December 2017.
View at: Google Scholar
A. Hoehn and P. Zhang, “Detection of replay attacks in cyber-physical systems,” in Proceedings of the 2016 American Control Conference (ACC), pp. 290–295, IEEE, Boston, MA, USA, July 2016.
View at: Google Scholar
B. Tang, L. D. Alvergue, and G. Gu, “Secure networked control systems against replay attacks without injecting authentication noise,” in Proceedings of the 2015 American Control Conference (ACC), pp. 6028–6033, IEEE, Chicago, IL, USA, July 2015.
View at: Google Scholar
J.-J. Wang, “Simulation studies of inverted pendulum based on pid controllers,” Simulation Modelling Practice and Theory, vol. 19, no. 1, pp. 440–449, 2011.
View at: Publisher Site | Google Scholar
A. Çakan, F. M. Botsalı, and M. Tınkır, “Pid control of inverted pendulum using adams and matlab co-simulation,” in Proceedings of the 4th International Conference on Control, Mechatronics and Automation, pp. 136–139, Barcelona, Spain, December 2016.
View at: Google Scholar
K. Tanaka and H. O. Wang, Fuzzy Control Systems Design and Analysis: A Linear Matrix Inequality Approach, John Wiley & Sons, Hoboken, NJ, USA, 2004.
A. Benzaouia and A. El Hajjaji, Advanced Takagi-Sugeno Fuzzy Systems, Springer, Berlin, Germany, 2016.
Y. Qi, S. Yuan, and X. Wang, “Adaptive event-triggered control for networked switched ts fuzzy sys-tems subject to false data injection attacks,” International Journal of Control Automation and Systems, vol. 18, pp. 2580–2588, 2020.
View at: Publisher Site | Google Scholar
Y. Li, S. Yuan, W. Jiang, L. Nie, and Y. Qi, “Decentralised event-triggered control for uncertain switched T-S fuzzy systems with asynchronous adaptive sampling communication,” International Journal of Systems Science, vol. 51, no. 15, pp. 2849–2867, 2020.
View at: Publisher Site | Google Scholar
M. Aatabe, F. El Guezar, H. Bouzahir, and A. N. Vargas, “Constrained stochastic control of positive takagi-sugeno fuzzy systems with markov jumps and its application to a dc-dc boost converter,” Transactions of the Institute of Measurement and Control, vol. 42, no. 16, pp. 3234–3242, 2020.
View at: Publisher Site | Google Scholar
S. Ding and Z. Wang, “Event-triggered synchronization of discrete-time neural networks: a switching approach,” Neural Networks, vol. 125, pp. 31–40, 2020.
View at: Publisher Site | Google Scholar
S. Ding, Z. Wang, and N. Rong, “Intermittent control for quasi synchronization of delayed discrete-time neural networks,” IEEE Transactions on Cybernetics, vol. 51, no. 2, 2021.
View at: Publisher Site | Google Scholar
Y. Shi and B. Yu, “Output feedback stabilization of networked control systems with random delays modeled by Markov chains,” IEEE Transactions on Automatic Control, vol. 54, no. 7, pp. 1668–1674, 2009.
View at: Google Scholar
E.-K. Boukas, “Discrete-time systems with time-varying time delay: stability and stabilizability,” Mathematical Problems in Engineering, vol. 2006, Article ID 42489, 2006.
View at: Publisher Site | Google Scholar
A. Tiga, C. Ghorbel, and N. Benhadj Braiek, “Nonlinear/linear switched control of inverted pendulum system: stability analysis and real-time implementation,” Mathematical Problems in Engineering, vol. 2019, Article ID 2391587, 2019.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2021 Reda El Abbadi and Hicham Jamouli. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

805

Downloads

719

Citations