Enhancing Resilience in Cooperative Systems against Cyber-Attacks: A Defense Framework through Adaptive Network Reconfiguration and Digital Twin

Azwirman Gusrialdi; Deepalakshmi Babu Venkateswaran; Zhihua Qu

doi:10.5772/intechopen.1005636

Abstract

The book chapter presents a solution to enhance the resilience of multi-agent cooperative systems against cyber-attacks. Specifically, the threat involves adversaries aiming to prevent the cooperative systems from achieving consensus by launching false data injection (FDI) or denial-of-service (DoS) attacks on the communication network. First, a distributed algorithm is proposed to identify critical edges, via online estimation/learning of the network’s parameters, whose removals disconnect the network. An adaptive network reconfiguration algorithm is then presented to remove those critical edges, thus ensuring the resilient operation of the cooperative systems against arbitrary DoS attacks. Additionally, a digital twin, interconnected with the cooperative systems, is introduced to simultaneously ensure the resiliency of the cooperative systems against FDI attacks and increase the redundancy of the network. Finally, it is illustrated how the proposed defense framework also allows for detecting and identifying in real-time both attack vectors in the network. The efficacy of the proposed solution is demonstrated through numerical simulations, showcasing their effectiveness in protecting the cooperative systems against cyber threats.

Keywords

multi-agent cooperative systems
consensus algorithm
cyber-attacks
network reconfiguration
attack detection and identification

Author Information

Show +

Azwirman Gusrialdi*
- Tampere University, Tampere, Finland
Deepalakshmi Babu Venkateswaran
- University of Central Florida, Orlando, FL, USA
Zhihua Qu
- University of Central Florida, Orlando, FL, USA

*Address all correspondence to: azwirman.gusrialdi@tuni.fi

1. Introduction

Cooperative systems are a collection of autonomous agents that interact/cooperate with each other to make their own decision (actions) so that the overall system achieves a common goal and/or the overall system’s performance is optimized without the need for a central entity. In practice, the individual agent can be distributed generator in a power system, an autonomous robot in a robotic swarm, or an autonomous vehicle in an intelligent transportation system, while the interaction can take place via wireless communication. The local interaction rule makes the cooperative systems appealing for real-time decision-making in large-scale and critical systems due to their scalability and low latency.

The consensus problem is a canonical issue in cooperative systems in which the agents aim to achieve agreement, via a consensus algorithm, on specific quantities of interest, such as voltage, distance, or velocity [1]. Various coordination problems in diverse domains, including power systems, transportation systems, robotic swarms, and federated learning, can be framed as consensus problems [2, 3, 4, 5]. Furthermore, the consensus algorithm also serves as a fundamental component in numerous distributed optimization algorithms [6, 7].

While the introduction of a communication network plays a crucial role in realizing cooperation among the agents, its use comes at the price of making the cooperative system vulnerable to cyber-attacks, which may prevent the systems from achieving consensus and, in the worst case, destabilize the overall systems [8, 9]. Recent history has witnessed catastrophic cyber-attacks, such as the 2015 Ukraine power grid incident, causing a 6-hour blackout [10]. Specifically, the attacker may modify the information being exchanged between the agents. Thus destroying data integrity, e.g., by launching false data injection (FDI attacks), or block the communication channels causing data unavailability, e.g., by launching denial-of-service (DoS) attacks. In addition, the attacker can also passively eavesdrop on the communication channel to acquire confidential information about the agents [11].

In order to unlock the potential economic impact of cooperative systems, it is thus imperative to ensure the resilient operation of the cooperative systems against unknown cyber-attacks. This book chapter focuses on cooperative systems under DoS or FDI attacks. The existing strategies for resilient consensus against DoS attacks impose restrictive assumptions on the frequency and duration of attacks [12, 13], which are hard to guarantee in practice. A strategy to ensure resilient consensus against FDI attacks is by removing a fixed number of extreme local values that an agent received from the other agents [14]. However, this strategy requires high network connectivity and cannot guarantee the agents to converge to the attack-free consensus value even in the absence of attacks. Another potential strategy is by identifying the compromised communication links and subsequently removing them [15]. However, this approach also requires high network connectivity, which depends on the number of compromised links, and more importantly, the system’s stability may have been destroyed during the identification process.

This book chapter presents a novel defense framework that eliminates restrictions imposed in the existing strategies discussed previously. First, to defend against DoS attacks, a distributed algorithm is presented to determine the critical edge in the network, which is an edge whose removal disconnects the network. A novel network reconfiguration algorithm is then proposed to remove the existence of the critical edge and thus ensure that the network remains connected under arbitrary DoS attacks. Furthermore, a digital twin is designed and interconnected with the cooperative systems. The digital twin not only makes the cooperative system resilient against FDI attacks but also helps to remove the critical edges in the network. The proposed defense framework also facilitates real-time and distributed detection and identification of DoS or FDI attacks in the network. Finally, a numerical example is provided to illustrate the proposed defense framework.

2. Preliminaries

Let R be the set of real numbers; vector 1n∈Rn denotes the vector of all ones, 0n∈Rn represents the vector of all zeros, and In∈Rn×n denotes an n×n identity matrix. The cardinality of a set N is denoted by ∣N∣. Superscript ″T″ represents the transpose of a matrix or a vector.

Let G=VE be an undirected graph with a set of nodes V=1⋯n and a set of edges E⊂V×V. An edge ij∈E denotes that node j can receive information from node i. Since the graph is undirected, we have ij∈E⇔ji∈E. A path from node i to node j is a sequence of consecutive edges immq⋯lj with distinct vertices. A path that starts from a given node and ends at the same node is called a cycle. An undirected graph G is connected if a path exists between every pair of nodes. The distance between two nodes in a graph is the length/number of consecutive edges connecting them. The neighbor set of node i is defined as Ni=jji∈Ej≠i.

3. Multi-agent cooperative system

Consider a multi-agent cooperative system (MACS) Σs consisting of n agents whose individual dynamics are given by

ẋi=ui,i=1⋯nE1

where xi∈R is the state of physical variables to be controlled and ui is the control input. The agents can exchange information with each other via a communication network whose network topology is modeled by a graph G whose nodes represent the agents. It is assumed that the communication between a pair of agents is bidirectional, that is graph G is undirected and an edge ij∈E denotes that agents i and j can exchange information with each other.

In this book chapter, we focus on a consensus problem where the goal is to design a local interaction rule ui for an individual agent, which depends on its own and its neighboring agents’ states, such that the state of all the agents in the network reach a consensus, i.e.,

xi→c,∀iandc≠0.E2

To this end, each agent executes the following consensus law [1].

ui=∑j∈Nixj−xi.E3

Defining a vector x=x1⋯xnT, the dynamics (1) under consensus law (3) can be written in a compact form as

ẋ=Ax=−Lx,E4

where L is called a Laplacian matrix associated with the graph G. If the communication network topology G is connected, then all the agents’ states reach a consensus whose value is equal to the average of the initial conditions xi0 of all the agents [1], as depicted in Figure 1b. In other words, we have

Figure 1.
(a) Network topology of MACS consisting of six agents; (b) under dynamics (8) and in the absence of attacks (d = 0), the states xi reach average consensus given in (5); (c) The attacker is able to prevent the agents from reaching consensus by launching FDI attacks given in (9) and modifying information sent from agents 1, 2, 3, and 6.

x→xave1n=1n∑i=1nxi0⏟xave1n.E5

Remark 1. The work [16] presents a systematic design for general classes of nonlinear heterogeneous cooperative systems. Specifically, if the individual dynamics can become input passivity-short by a local feedback controller, the dynamic behaviors of the agents at the network level as well as their network control design can then be transformed to (3). Hence, the design presented in the book chapter has broad implications for general cooperative systems.

3.1 System identification toward defending against cyber-attacks on MACS

In practice, the communication network is vulnerable to cyber-attacks. Specifically, this book chapter considers the following attacks: (i) false data injection (FDI) attacks which destroy data integrity of the cooperative system by injecting malicious signals into the communication channels to alter exchanged data; and (ii) denial-of-service (DoS) attacks which block the communication channels causing unavailability of data.

Under DoS attacks, the system matrix A=aij (i.e., Laplacian matrix −L) in (4) changes, and the cooperative system may lose its consensus. While agent i can locally estimate the i-th row of the matrix A (which corresponds to the information it receives from its direct neighbors) using the approach presented in Section 6, cooperative stability and performance of MACS are determined by connectivity, collective property of system parameters rather than any specific parameter. There are two ways to identify and thwart DoS attacks. One way is to identify all the system parameter changes in aij and then attempt to maintain or recover all the original values of aij. The challenge lies in developing a distributed algorithm so that the individual agent can estimate all the parameters of the matrix A. To this end, each agent can perform the following consensus algorithm

Â̇i=∑j∈NiÂj−Âi.E6

Here, matrix Âi denotes the agent i‘s a local estimate of the matrix A with

Âi0=n0nT⋮0nTai∗T0nT⋮→i‐throw

where ai∗∈Rn denotes the i-th row of the matrix A. The agents local estimate will then converge to the matrix A given that the communication network’s topology is connected. However, this approach has several limitations. First, it is expensive as each agent has to n2 exchange number of information with its neighbors. Furthermore, the network’s connectivity may have already been destroyed before each agent can estimate the overall system parameters of A. To overcome the limitation of the approach described previously and to quantify the connectivity property of a network, let us define the path pij between node i and node j as

pij=∏k1,k2,⋯,klaik1ak1k2⋯aklj,E7

where the sequence k1,k2,⋯,kl of represents the set of nodes corresponding to the sequence of edges ik1,k1k2,⋯,klj which connect the two nodes. Since the original graph is connected, the node i knows that pij=1 for any choice of j. Hence, the second way of distributively detecting DoS attacks and making the system resilient to such attacks is to distributively monitoring/estimating pij in real-time and ensuring that, at any time, there are at least two distinct paths (or existence of a loop/cycle) between nodes i and j (such that any DoS attack will not destroy the connectivity). Accordingly, one focus of this book chapter is to develop such a distributed algorithm for node i to identify/monitor pij and maintain the existence of two distinct pij=1 for any of the node i‘s neighboring node j∈Ni. As will be discussed in more detail later, this approach only requires each agent to exchange n number of information with its neighbors.

In the following subsections, the vulnerability of the MACS under the consensus algorithm (4) against both attack vectors will be analyzed in more detail.

3.2 Vulnerability of MACS under FDI attacks

The consensus dynamics (4) under unknown FDI attacks can be written as

ẋ=−Lx−d,E8

where dt∈Rn is an unknown injection launched by the attacker. Specifically, dit≠0 means that the attacker modifies the information sent by the agent to its neighbors by injecting a malicious signal dit and also corrupts the local state feedback of the agent i. It is assumed that the attacker has knowledge of the network topology of the MACS, that is the Laplacian matrix L, and also have access to the physical state x which can used to launch the exogenous injections d. In addition, it is also assumed that the unknown injection d is bounded. This assumption is a reasonable precaution for intelligent attackers to avoid detection. Furthermore, it also aligns with practical considerations, as physical signals, such as those in power systems, typically have a known range. Note that unbounded injections can then be readily rejected using a threshold check [17].

There are many possible choices of d which can prevent the MACS from reaching an average consensus. For example, the attacker can generate the injection d according to the following dynamics, unknown to the defender:

ḋ=Fad+Bax,E9

where matrix Fa is Hurwitz, and together with matrix Ba are designed by the attacker to ensure that one of the eigenvalues of the matrix −LLBaFa has a positive real part as illustrated in Figure 1c.

3.3 Vulnerability of MACS under DoS attacks

Unlike FDI attacks that compromise data integrity, DoS attacks disrupt the availability of communication channels, effectively isolating agents and impeding their ability to reach consensus. During a DoS attack, malicious actors flood the network’s communication channels with overwhelming traffic, rendering them inoperable. This disruption in communication can be modeled by intermittently adjusting the Laplacian matrix Lt of the consensus algorithm to reflect the compromised links. Consequently, the consensus dynamics under DoS attacks can be expressed as:

ẋ=At=−Ltx,E10

where Lt dynamically changes based on the network’s connectivity at the time t, showcasing the impact of DoS attacks.

The resilience of MACS against DoS attacks is significantly influenced by the network’s structural properties. The initial impact of a DoS attack on a well-connected MACS might not immediately lead to a disconnection of the network. However, persistent or intense DoS attacks can gradually affect the network’s connectivity, leading to the progressive disconnection of G. This disconnection causes the standard consensus algorithm (4) to fail in achieving a unified state among agents.

Critical edges within the communication graph G play a pivotal role in this context. These edges, if severed, can dramatically impact the network’s functionality by partitioning the system into disjoint segments. A critical edge, or bridge, in an undirected network, is defined as an edge whose removal leads to the disconnection of the network, thereby identifying it as a singular point of vulnerability within the network’s topology [18]. Borrowing the notation in (7), an edge ij is critical means that there is only one distinct path with pij=1.

Edge connectivity, on the other hand, is a fundamental metric of network robustness, quantifying the minimum number of edges that must be removed to render the network disconnected. The presence of critical edges directly impacts a network’s edge connectivity; specifically, a network with even a single critical edge has an edge connectivity of 1. A network with high-edge connectivity is more robust and capable of withstanding multiple edge failures without losing overall connectivity. In contrast, networks with critical edges are vulnerable, as the failure of just one such edge can compromise network integrity [19].

For example, in Figure 1a, the edges between agent pairs (3,4), (4,5), and (5,6) are critical, and it causes the edge connectivity of the network connecting MACS to be one. It follows that identifying and eliminating the criticality of these edges enhances the robustness of MACS and ensures its resilience to disruptions such as failures or targeted DoS attacks.

4. Resilient multi-agent cooperative system against DoS attacks

In what follows, two methods are introduced to robustify MACS against DoS attacks. The first is to make MACS robust by applying the algorithm in Ref. [20] of identifying critical edges within the network’s communication graph G as a result of DoS attacks so that a network reconfiguration could be done to ensure reliable consensus among agents. The second is to introduce a digital twin of the MACS to achieve robustness.

4.1 Distributed algorithms for network reconfiguration

The reconfiguration process is aided by two distributed algorithms, each fulfilling a specific role. The first algorithm is used by the individual agent i to determine its neighbors, and the second is to determine if any of the edges ij,j∈Ni, is critical. Upon identifying the critical edge(s), additional edge(s) could be added to ensure resilience against DoS attacks.

Consider two key state vectors for each agent i∈N: ξik=ξi,1k⋯ξi,nkT∈Rn denoting the agent i‘s estimate of its neighbors, and ωik=ωi,1k⋯ωi,nkT∈Rn denoting agent i‘s estimate of its neighbor structure. First, each agent i executes the following distributed maximum and minimum protocols for n consecutive iterations, that is k=0,⋯,n−1:

ξi,jk+1=maxl∈Ni∪iξl,jk,j∈N,E11

ωi,jk+1=ωi,jkifξi,jk+1=ξi,jk,minl∈Niωl,jk+1ifξi,jk+1>ξi,jkE12

where the initial values are set to

ξi,j0=1,ifj=i0,otherwise;ωi,j0=0,ifj=i∞,otherwiseE13

That is, at the initialization step k=0, agent i is aware only of itself, setting ξi,i0=1 and all other ξi,j0=0, and similarly, ωi,i0=0 with all other ωi,j0 set to infinity. In subsequent iterations, the agent i updates its state based on the reachability of other agents. The state ξi,jk+1 turns to 1 when agent j becomes reachable within k+1 steps from agent i through any neighbor l. Concurrently, the algorithm computes the shortest path ωi,jk+1, that is the minimum of ωl,jk+1 across all neighbors l∈Ni that can reach j whenever a new path is found. These values are non-decreasing and only change when new paths are discovered.

Example 1.Consider the MACS inFigure 1a, specifically agent 4. The neighbor set of agent 4 is given by N4=35. Initially atk=0,

ξ40=0,0,0,1,0,0T;ω40=∞∞∞0∞∞T.

Then, atk=1

ξ41=0,0,1,1,1,0T;ω41=∞∞1,0,1∞T.

Again at k=2,

ξ42=1,1,1,1,1,1T;ω42=2,2,1,0,1,2T.

For the next 4 steps, untilk=6,ξ4andω4remain the same since there are no new neighbors.

Within the next two steps, that is k=n⋯n+2, agent i aims to identify whether any of the edges ij, j∈Ni, is critical to estimate if there are at least two distinct paths pij=1 between nodes i and j. The identification process leverages a specific measure, Δiil and j, to discern the necessity of each edge for maintaining connectivity.

Measure Definition: The criticality of an edge il between agents i and l is assessed through:

Δiil=Δi,1il⋯Δi,nilT,Δi,jil=ωi,jn−ωl,jn,E14

where Δi,jil captures the shortest path discrepancy from any agent j to i and l, highlighting paths bypassing il.

Specifically, in a connected network, the value of Δi,jil for each pair of neighboring agents i and l, with respect to any other agent j, can only be −1, 0, or 1. A value of −1 indicates that agent j is relatively closer to the agent i than to agent l, and conversely, a value of 1 suggests j agent is nearer to the agent l. A zero value implies that the agent j is equidistant from both agents i and l.

For every agent j∈N and for all adjacent agents i'∈Ni and l'∈Nl, an edge il is not a critical edge, i.e., there are at least two distinct paths pil=1 (existence of cycle/loop), under these two scenarios:

If an agent j is equidistant to agents i and l, it indicates the presence of a cycle that does not rely on il. Such an agent’s distance measure, Δi,jil, would be zero, demonstrating that il is part of a cycle and thus non-critical.
If, for any agent j, there exist neighboring agents i′ of i and l′ of l such that agent j is closer to both i′ and l′ than to i and l, it suggests that j is on a path forming a cycle with il. The distance measures, Δi,jii′ and Δl,jll′, would both be positive, confirming the existence of a cycle.

An edge is determined to be critical when no such equidistant agent or cycle patterns are found, indicating the absence of an alternative path. This means that removing this edge would result in a disconnection of the network.

Example 2.Consider the MACS inFigure 1a, specifically the edge between agents4and5. The neighbor sets areN4=35,N5=46. Then we have,

Δ44,5=−1−1−1−1,1,1T,Δ44,3=1,1,1−1−1−1T,Δ55,6=−1−1−1−1−11T.

Since neither of the scenarios for non-critical edges matches, it can be concluded that the edge45is a critical edge and the only path between nodes 4 and 5 is the edge (4,5).

The next step is executed only by individually each pair of agents associated with a critical edge, say il with i∈Nlc and l∈Nic. The goal of this step is to identify the most remote pairs of agents adjacent to each critical edge, called augmentation nodes, i'l'∈Nir. These augmentation nodes are strategically chosen as the ones farthest from the critical edge il. If there exist multiple agents at the same distance, the ones with the smallest index are chosen, and it reduces the number of edges added.

i'l'∈Nirif16or17or18is true,E15

where

μi=∣Ni∣>1μl=∣Nl∣>1andi∈Nlc,l∈Nic,Δi,i'il=Δl,l'li=−1ωi,i'=maxkωi,k,ωl,l'=maxkωl,k,,E16

μi=∣Ni∣=1μl=∣Nl∣>1andi∈Nlc,l∈Nic,Δl,l'li=−1i'=i,ωl,l'=maxkωl,k,,E17

μi=∣Ni∣>1μl=∣Nl∣=1andi∈Nlc,l∈Nic,Δi,i'il=−1ωi,i'=maxkωi,k,l'=l,,E18

and Nr=∪i∈NNir is the augmentation action set to be found distributively. Note that μi=∣Ni∣=μl=∣Nl∣=1 this is the trivial case of a two-agent network and hence is excluded from consideration.

The next n−1 steps is to propagate Nir to all the agents so they all have access to Nr as follows:

Nirk+1=∪l∈Ni∪iNlrk,E19

where k=2n+2,⋯,3n+1, ∪, is the union operation of sets containing non-ordering pairs (that is, if ij⊂Nlrk, then ji⊂Nlrk), and Nir3n+2=Nir is given by (15).

And, as the final step, edge addition is accomplished by the pairs of agents identified in Nr to complete their connection, thereby eliminating critical edges by ensuring there are at least two distinct paths pij=1 for any pair of nodes ij∈E. As a result, the network’s edge connectivity is increased to 2 which enhances the MACS’s resilience against DoS attacks. This approach connects distant edges within acyclic parts of the network, specifically, those separated by critical edges, to both preserve network connectivity under attack and minimize the additional connections required. Further details can be found in Ref. [20].

4.2 Resilient multi-agent cooperative system against DoS attacks: a digital twin approach

An alternative approach to removing the critical edges is achieved by interconnecting the MACS with its digital twin Σdt as illustrated in Figure 2. Specifically, the digital twin consists of virtual agents with a similar number to the MACS and each virtual agent maintains a state zi. The dynamics of the MACS interconnected with its digital twin are designed as

Figure 2.
Interconnection of MACS Σs with its digital twin Σdt. The digital twin consists of the same number of (virtual) agents and network topology as the MACS. Furthermore, each virtual agent maintains a virtual state zi.

ẋ=−Ltx+Lz,ż=−Lz−Lx,E20

where z=z1⋯znT. In contrast to the physical state xi, the state of the virtual agent zi does not have any physical meaning, hence it is also called a virtual state, which makes it less interesting to the attacker. Furthermore, its initial condition zi0 can be set to any value. The digital twin can be implemented using cloud computing in combination with software-defined networking [21] to direct traffic in the network. The network of the digital twin, denoted by Gv=VEv, has the same structure as the MACS and we also call it a virtual network. In addition to the physical state xj, agent j also sends the virtual state zj and the masked physical state xj+zj to its neighbors via the virtual network.

The interconnection of the physical network and its digital twin is a competitive interaction from a game-theoretical point of view. More on this can be found in the next section. It is worth noting that the interconnection with the digital twin does not interfere with the operation of the MACS. In other words, under this interconnection, the physical states of the MACS can still be ensured to reach average consensus in (5) as shown in Figure 3, refer [22].

Figure 3.
Physical states of all the agents converge to the average consensus under interconnected dynamics (20) and with network topology given in Figure 1a.

If a connected digital twin is introduced, the critical edges are automatically eliminated since the existence of a connected digital twin effectively introduces redundancy in the network’s connectivity. This redundancy ensures that even if critical edges in the physical network are severed due to attacks, the interconnected system can maintain operational integrity through the virtual network. This setup leverages the parallelism between the physical and virtual states, allowing the system to sidestep vulnerabilities exposed by the critical edges in the physical network.

Example 3.Consider a connected MACS with a digital twin where the adversary launches DoS attacks on the networkΣs. Consequently, we denote the Laplacian matrix of the physical network post-attacks asLa. Then, for following Lyapunov functionsVxz,

V=xTx+zTz,E21

it follows that under DoS attacks,

V̇≤−xTLax+xTLdtz−zTLdtz−zTLdtx=−xTLax−zTLdtz,E22

where Ldt=L. Furthermore, by analyzing the invariant set ofV̇and since the graphGvis connected, it can be concluded that the average consensus(5)is ensured under any number of DoS attacks on the physical networkΣs, as illustrated in Figure 4.

Figure 4.
Physical states of all the agents correspond to the interconnected dynamics (20) and converge to the average consensus under DoS attacks on the physical network Σs. Specifically, the adversary disrupts the links (3,4) and (5,6) in Figure 1a, resulting in a disconnected network G.

5. Resilient multi-agent cooperative system against FDI attacks: a competitive interaction design via digital twin

The interconnection of the MACS with its digital twin can also be extended to ensure the resilient operation of MACS under FDI attacks. To this end, we introduce a scalar gain β>0 which represents the strength of the interconnection, resulting in a competitive interaction between the MACS and its digital twin. Hence, the dynamics (20) with the gain β and under unknown FDI attacks can then be written as:

ẋ=−Lx+βLz+Ld,ż=−Lz−βLx+Ld',E23

where it is assumed that the attacker can also modify the information being exchanged via the digital twin’s network by inserting a bounded injection d'. Here, agent j sends the information of βzj and the masked physical state βxj+zj via the virtual network.

The following results, illustrated in Figure 5, can then be obtained [23]:

In the absence of FDI attacks, i.e., d=d'=0, the physical states of all the agents reach an average consensus (5).
Under unknown but bounded injections d,d', the physical states of all the agents will converge close to is nominal average consensus value for a sufficiently large value of β, that is

Figure 5.
Physical states of all the agents converge close to the nominal average consensus under interconnected dynamics (23) with β=150 and injections d,d' are given in (9). The network topology of MACS is given in Figure 1a.

limt→∞xit−xave≤ε,i=1,⋯,n,E24

where ε is a small non-negative constant.

Intuitively, the digital twin acts as an anchor that ensures the resilient operation of the cooperative systems Σs for a sufficiently large β. From another perspective, it can be observed that the interactions between the cooperative systems and their digital twin are competitive whose interconnected dynamics (23) correspond to the saddle-point dynamics of a zero-sum game between the two networks [24]. Specifically, the cooperative systems wish to minimize the convex-concave payoff U=12xTLx−12zTLz−βxTLz function by choosing x while its digital twin aims to maximize U by choosing z [24]. Note that the saddle points of U for a sufficiently large β is given by S=span1n0n0n1n.

6. Cyber-attack detection and identification

The digital twin not only enhances the resilient of the MACS but also facilitates the detection and identification of cyber-attacks in a distributed manner. Let us denote the possibly corrupted information sent by agent i under dynamics (23) as x¯j,z¯j,m¯j and given by

x¯j=xj+dj,z¯j=βzj+dj',m¯j=zj+βxj+dj'.E25

where x¯j is transmitted via the network of the MACS while z¯j and m¯j are sent through the virtual network of the digital twin. Using this information, the agent i can detect whether the information that it receives from its neighboring agent is corrupted.

First, let us focus on the detection of DoS attacks. The DoS attack on the link ij∈E (resp. ij∈Ev) at a certain time results in that agent i does not receive any information from the agent j via the network G (resp. Gv) and vice versa. Based on this fact, the agent i can detect the DoS attack on a link ij∈E or ij∈Ev according to the following simple rules:

Link is ij∈E under DoS attack if and only if x¯j=0
Link ij∈Ev is under DoS attack if and only if z¯j=0 and m¯j=0

Note that the above condition can be distributively checked by the individual agent. Next, we describe how the individual agent can detect the FDI attack on the communication link. The idea is for agent i to estimate the physical state of its neighboring agent xj using the information that it receives via the virtual network and then to compare the estimated physical state x̂ji with the one received via the network of the MACS [25, 26]. To this end, the estimated physical state x̂ji by the agent i can be computed from the possibly corrupted information z¯j and m¯j in (25) as follow:

x̂ji=1βm¯j−z¯jβ.E26

Finally, agent i can then detect whether the link ij∈E or ij∈Ev is under FDI attacks according to the following rule

If the value ∣x̂ji−x¯j∣>0, then agent i can conclude that the communication link ij∈E and/or ij∈Ev is under FDI attacks. Note that, however, agent i will not be able to distinguish between the following two cases without any additional information, e.g., if the virtual network is totally secured: the case where one of the links ij∈E and ij∈Ev is being attacked and the case where both links in physical and virtual networks are being attacked.
If the value ∣x̂ji−x¯j∣=0, then agent i can conclude that there are no FDI attacks on links ij∈E and/or ij∈Ev or the attacker successfully launches a stealthy attack. In order to launch stealthy attacks, the attacker must know the structure of virtual states in z¯j,m¯j(25) and how they are related to the physical state xj. However, it is challenging for the attacker to learn these correlations as the gain β is a local information and the virtual state zi is dynamic (changes over time) and its initial value can be arbitrarily set by the agents.

Figure 6 illustrates how agent 4 detects the FDI attacks on the link (4,3) for the network and attack shown in Figure 1. Once the agents identify the compromised communication links, they can then cooperatively remove those links [27] and create new links to the network [28] to ensure its connectivity so that the MACS can recover its nominal average consensus value.

Figure 6.
Attack identification by agent 4 for FDI attacks is shown in Figure 1. By computing the value of ∣x̂ji−x¯j∣, agent 4 can detect that the communication link (4, 3) is being compromised while the link (4, 5) is not compromised.

7. Conclusions

The book chapter presents a distributed strategy to enhance the resilience of multi-agent cooperative systems against FDI and DoS attacks. First, a distributed algorithm is proposed to identify critical edges, followed by introducing an adaptive network reconfiguration algorithm to remove those critical edges, thus ensuring resilient operation against arbitrary DoS attacks. A digital twin, interconnected with the cooperative systems, is further designed to increase redundancy of the network and protect the cooperative system from FDI attacks. While this book chapter considers attacks on data integrity and availability, the proposed digital twin is also promising to encounter attacks on data confidentiality [29]. Future work includes the extension of the proposed defense framework to address simultaneous FDI and DoS attacks on both the cooperative systems and its digital twin.

Acknowledgments

The work of Azwirman Gusrialdi was supported by the Research Council of Finland under Academy Project 330073. The work of Zhihua Qu was supported in part by the U.S. Department of Energy’s under Award DE-EE0007998, Award DE-EE0009028, Award DE-EE0009152, Award DE-EE0009339, and Award DE-AC05-76RL01830.

References

1. Qu Z. Cooperative Control of Dynamical Systems. London: Springer Verlag; 2009
2. Wang Y, Yan X, Tang Y, Liao K, Syed MH, Guillo-Sansano E, et al. Aggregated energy storage for power system frequency control: A finite-time consensus approach. IEEE Transactions on Smart Grid. 2018;10(4):675-3686
3. Santini S, Salvi A, Valente AS, Pescapè A, Segata M, Cigno RL. Platooning maneuvers in vehicular networks: A distributed and consensus-based approach. IEEE Transactions on Intelligent Vehicles. 2018;4(1):59-72
4. Aragues R, Cortes J, Sagues C. Distributed consensus on robot networks for dynamically merging feature-based maps. IEEE Transactions on Robotics. 2012;28(4):840-854
5. Savazzi S, Nicoli M, Rampa V. Federated learning with cooperating devices: A consensus approach for massive IoT networks. IEEE Internet of Things Journal. 2020;7(5):4641-4654
6. Yang T, Yi X, Junfeng W, Yuan Y, Di W, Meng Z, et al. A survey of distributed optimization. Annual Reviews in Control. 2019;47:278-305
7. Gusrialdi A, Zhihua Q. Resilient distributed optimization against cyber-attacks. IEEE Control Systems Letters. 2023;7:3956-3961
8. Ishii H, Wang Y, Feng S. An overview on multi-agent consensus under adversarial attacks. Annual Reviews in Control. 2022;53:252-272
9. Gusrialdi A, Zhihua Q. Smart grid security: Attacks and defenses. In: Stoustrup J, Annaswamy A, Chakrabortty A, Qu Z, editors. Smart Grid Control: An Overview and Research Opportunities. Switzerland: Springer Verlag; 2018. pp. 199-223
10. E-ISAC. Defense Use Case. Analysis of the Cyber Attack on the Ukrainian Power Grid. Vol. 388(1-29). Washington, DC: Electricity Information Sharing and Analysis Center (E-ISAC); 2016. p. 3
11. Dibaji SM, Hussain A, Ishii H. A Tutorial on Security and Privacy Challenges in CPS. Cham: Springer International Publishing; 2022. pp. 121-146
12. Feng Z, Guoqiang H. Secure cooperative event-triggered control of linear multiagent systems under dos attacks. IEEE Transactions on Control Systems Technology. 2020;28(3):741-752. DOI: 10.1109/TCST.2019.2892032
13. Zuo Z, Cao X, Wang Y, Zhang W. Resilient consensus of multiagent systems against denial-of-service attacks. IEEE Transactions on Systems, Man, and Cybernetics: Systems. 2022;52(4):2664-2675
14. Usevitch J, Panagou D. Resilient leader-follower consensus to arbitrary reference values in time-varying graphs. IEEE Transactions on Automatic Control. 2020;65(4):1755-1762. DOI: 10.1109/TAC.2019.2934954
15. Eslami A, Abdollahi F, Khorasani K. Stochastic fault and cyber-attack detection and consensus control in multi-agent systems. International Journal of Control. 2022;95(9):2379-2397
16. Zhihua Q, Simaan MA. Modularized design for cooperative control and plug-and-play operation of networked heterogeneous systems. Automatica. 2014;50(9):2405-2414
17. Gusrialdi A, Zhihua Q, Simaan MA. Competitive interaction design of cooperative systems against attacks. IEEE Transactions on Automatic Control. 2018;63(9):3159-3166
18. Ang-Kun W, Tian L, Liu Y-Y. Bridges in complex networks. Physical Review E. 2018;97:012307
19. Naor D, Gusfield D, Martel C. A fast algorithm for optimally increasing the edge-connectivity. In: Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science. St. Louis, MO: IEEE; Vol. 2. 1990. pp. 698-707. DOI: 10.1109/FSCS.1990.89592
20. Venkateswaran D, B, Qu Z, Gusrialdi A. A distributed method for detecting critical edges and increasing edge connectivity in undirected networks. In: IEEE 2024 Conference on Decision and Control, Milan, Italy. IEEE; 2024. Submitted
21. Ala'Darabseh, Freris NM. A software-defined architecture for control of IoT cyberphysical systems. Cluster Computing. 2019;22(4):1107-1122
22. Gusrialdi A, Qu Z, Simaan M. Robust design of cooperative systems against attacks. In: Proceedings of American Control Conference. Portland, OR, USA: IEEE; 2014. pp. 1456-1462
23. Iqbal M, Zhihua Q, Gusrialdi A. Distributed resilient consensus on general digraphs under cyber-attacks. European Journal of Control. 2022;68:100681
24. Gharesifard B, Başar T. Resilience in consensus dynamics via competitive interconnections. IFAC Proceedings Volumes. 2012;45(26):234-239
25. Gusrialdi A, Iqbal M, Zhihua Q. Towards resilient design of leader-following consensus with attack identification and privacy preservation capabilities. In: European Control Conference. Bucharest, Romania: IEEE; 2023. pp. 1-6
26. Gusrialdi A, Qu Z. Cooperative systems in presence of cyber attacks: A unified framework for resilient control and attack identification. In: Proceedings of American Control Conference. Atlanta, GA: IEEE; 2022. pp. 330-335
27. Gusrialdi A. Connectivity-preserving distributed algorithms for removing links in directed networks. Network Science. 2022;10(3):215-233
28. Atman MWS, Gusrialdi A. Finite-time distributed algorithms for verifying and ensuring strong connectivity of directed networks. IEEE Transactions on Network Science and Engineering. 2022;9(6):4379-4392
29. Gusrialdi A. Resilient and privacy-preserving leader-follower consensus in presence of cyber-attacks. IEEE Control Systems Letters. 2023;7:3211-3216

[1] 1. Qu Z. Cooperative Control of Dynamical Systems. London: Springer Verlag; 2009

[2] 2. Wang Y, Yan X, Tang Y, Liao K, Syed MH, Guillo-Sansano E, et al. Aggregated energy storage for power system frequency control: A finite-time consensus approach. IEEE Transactions on Smart Grid. 2018;10(4):675-3686

[3] 3. Santini S, Salvi A, Valente AS, Pescapè A, Segata M, Cigno RL. Platooning maneuvers in vehicular networks: A distributed and consensus-based approach. IEEE Transactions on Intelligent Vehicles. 2018;4(1):59-72

[4] 4. Aragues R, Cortes J, Sagues C. Distributed consensus on robot networks for dynamically merging feature-based maps. IEEE Transactions on Robotics. 2012;28(4):840-854

[5] 5. Savazzi S, Nicoli M, Rampa V. Federated learning with cooperating devices: A consensus approach for massive IoT networks. IEEE Internet of Things Journal. 2020;7(5):4641-4654

[6] 6. Yang T, Yi X, Junfeng W, Yuan Y, Di W, Meng Z, et al. A survey of distributed optimization. Annual Reviews in Control. 2019;47:278-305

[7] 7. Gusrialdi A, Zhihua Q. Resilient distributed optimization against cyber-attacks. IEEE Control Systems Letters. 2023;7:3956-3961

[8] 8. Ishii H, Wang Y, Feng S. An overview on multi-agent consensus under adversarial attacks. Annual Reviews in Control. 2022;53:252-272

[9] 9. Gusrialdi A, Zhihua Q. Smart grid security: Attacks and defenses. In: Stoustrup J, Annaswamy A, Chakrabortty A, Qu Z, editors. Smart Grid Control: An Overview and Research Opportunities. Switzerland: Springer Verlag; 2018. pp. 199-223

[10] 10. E-ISAC. Defense Use Case. Analysis of the Cyber Attack on the Ukrainian Power Grid. Vol. 388(1-29). Washington, DC: Electricity Information Sharing and Analysis Center (E-ISAC); 2016. p. 3

[11] 11. Dibaji SM, Hussain A, Ishii H. A Tutorial on Security and Privacy Challenges in CPS. Cham: Springer International Publishing; 2022. pp. 121-146

[12] 12. Feng Z, Guoqiang H. Secure cooperative event-triggered control of linear multiagent systems under dos attacks. IEEE Transactions on Control Systems Technology. 2020;28(3):741-752. DOI: 10.1109/TCST.2019.2892032

[13] 13. Zuo Z, Cao X, Wang Y, Zhang W. Resilient consensus of multiagent systems against denial-of-service attacks. IEEE Transactions on Systems, Man, and Cybernetics: Systems. 2022;52(4):2664-2675

[14] 14. Usevitch J, Panagou D. Resilient leader-follower consensus to arbitrary reference values in time-varying graphs. IEEE Transactions on Automatic Control. 2020;65(4):1755-1762. DOI: 10.1109/TAC.2019.2934954

[15] 15. Eslami A, Abdollahi F, Khorasani K. Stochastic fault and cyber-attack detection and consensus control in multi-agent systems. International Journal of Control. 2022;95(9):2379-2397

[16] 16. Zhihua Q, Simaan MA. Modularized design for cooperative control and plug-and-play operation of networked heterogeneous systems. Automatica. 2014;50(9):2405-2414

[17] 17. Gusrialdi A, Zhihua Q, Simaan MA. Competitive interaction design of cooperative systems against attacks. IEEE Transactions on Automatic Control. 2018;63(9):3159-3166

[18] 18. Ang-Kun W, Tian L, Liu Y-Y. Bridges in complex networks. Physical Review E. 2018;97:012307

[19] 19. Naor D, Gusfield D, Martel C. A fast algorithm for optimally increasing the edge-connectivity. In: Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science. St. Louis, MO: IEEE; Vol. 2. 1990. pp. 698-707. DOI: 10.1109/FSCS.1990.89592

[20] 20. Venkateswaran D, B, Qu Z, Gusrialdi A. A distributed method for detecting critical edges and increasing edge connectivity in undirected networks. In: IEEE 2024 Conference on Decision and Control, Milan, Italy. IEEE; 2024. Submitted

[21] 21. Ala'Darabseh, Freris NM. A software-defined architecture for control of IoT cyberphysical systems. Cluster Computing. 2019;22(4):1107-1122

[22] 22. Gusrialdi A, Qu Z, Simaan M. Robust design of cooperative systems against attacks. In: Proceedings of American Control Conference. Portland, OR, USA: IEEE; 2014. pp. 1456-1462

[23] 23. Iqbal M, Zhihua Q, Gusrialdi A. Distributed resilient consensus on general digraphs under cyber-attacks. European Journal of Control. 2022;68:100681

[24] 24. Gharesifard B, Başar T. Resilience in consensus dynamics via competitive interconnections. IFAC Proceedings Volumes. 2012;45(26):234-239

[25] 25. Gusrialdi A, Iqbal M, Zhihua Q. Towards resilient design of leader-following consensus with attack identification and privacy preservation capabilities. In: European Control Conference. Bucharest, Romania: IEEE; 2023. pp. 1-6

[26] 26. Gusrialdi A, Qu Z. Cooperative systems in presence of cyber attacks: A unified framework for resilient control and attack identification. In: Proceedings of American Control Conference. Atlanta, GA: IEEE; 2022. pp. 330-335

[27] 27. Gusrialdi A. Connectivity-preserving distributed algorithms for removing links in directed networks. Network Science. 2022;10(3):215-233

[28] 28. Atman MWS, Gusrialdi A. Finite-time distributed algorithms for verifying and ensuring strong connectivity of directed networks. IEEE Transactions on Network Science and Engineering. 2022;9(6):4379-4392

[29] 29. Gusrialdi A. Resilient and privacy-preserving leader-follower consensus in presence of cyber-attacks. IEEE Control Systems Letters. 2023;7:3211-3216

Enhancing Resilience in Cooperative Systems against Cyber-Attacks: A Defense Framework through Adaptive Network Reconfiguration and Digital Twin

Latest Adaptive Control Systems [Working Title]

Abstract

Keywords

Author Information

Azwirman Gusrialdi*

Deepalakshmi Babu Venkateswaran

Zhihua Qu

1. Introduction

2. Preliminaries

3. Multi-agent cooperative system

Figure 1.

3.1 System identification toward defending against cyber-attacks on MACS

3.2 Vulnerability of MACS under FDI attacks

3.3 Vulnerability of MACS under DoS attacks

4. Resilient multi-agent cooperative system against DoS attacks

4.1 Distributed algorithms for network reconfiguration

4.2 Resilient multi-agent cooperative system against DoS attacks: a digital twin approach

Figure 2.

Figure 3.

Figure 4.

5. Resilient multi-agent cooperative system against FDI attacks: a competitive interaction design via digital twin

Figure 5.

6. Cyber-attack detection and identification

Figure 6.

7. Conclusions

Acknowledgments

References

Your cart