Link-failure detection in network synchronization ... - Semantic Scholar

1

Link-failure detection in network synchronization processes Rahul Dhal

Jackeline Abad Torres

Abstract—We study the detection of link failures in network synchronization processes. In particular, for a canonical linear network synchronization model, we consider detection of a critical link’s failure by a monitor that makes noisy local measurements of the process. We characterize Maximum APosteriori (MAP) detection of the link failure, for both the case that the monitor has information about the network’s initial state and the random-initial-condition case. Several algebraic, spectral and graph theoretic characterizations of the detector and its performance are provided. These include conditions under which the link failure is completely hidden from the monitor and, conversely, conditions that permit perfect detection with sufficient data. Our analyses highlight that rather effective detection is possible with limited and noisy observation data. Index Terms—Link Failure Detection; Hypothesis Testing; MAP Detection

I. I NTRODUCTION Network synchronization models—which describe coordination or equalization of network components’ states via local interactions—are descriptive of both interesting physicalworld processes (e.g., power-system swing dynamics, coordinated motion of vehicles) and distributed consensus/agreement algorithms. Networked synchronization models have proved influential in several disciplines, including in characterizing emergent behaviors in nature, refining understanding of traditional engineered networks (e.g., power and transportation systems), and designing algorithms for distributed cyber-systems such as wireless sensor networks. Many of the physical-world and cyber- processes that are represented using synchronization models operate in harsh and changing environments. As such, these processes are often subject to disturbance, topological variation, and delay [1]. With this understanding in mind, controls engineers in particular have sought to characterize the impact of these confounding factors in synchronization models, and to pursue designs that are robust to these impacts. In complement with these robustness analysis and design efforts, however, techniques for identifying or detecting disturbances and variations are also needed. Specifically, it is natural to ask whether changes to synchronization processes (e.g., failures of links between network components) can be detected from sparse and local measurements. This article is focused on the linkfailure detection problem. Specifically, we consider a canonical synchronization model wherein network components have scalar states that are updated via weighted averaging with graphical neighbors. We All the authors are with the School of Electrical Engineering and Computer Science at Washington State University. Correspondence should be sent to [email protected]

Sandip Roy

enhance the model to capture the possibility that certain susceptible interactions or links between the network components may be failed (probabilistically). We also imagine a monitor that is able to make noisy observations of the synchronization dynamics locally, i.e. at one or a small number of network locations. The focus of this article is to develop Maximum A Posteriori probability (MAP) detectors for the link failure(s), and to characterize the effectiveness of detection. We consider both the case that the monitor is given information about the network components’ initial states prior to detection, and the case where such information is absent to the monitor. The particular network link-failure detection scheme we study in this paper potentially can be employed in a range of physical- and cyber- systems. For example, the technique can allow remote detection of communication-link failures in wireless sensor networks (WSNs), through sparse monitoring of distributed data-fusion processes in the network; as such, the technique can assist system planners in evaluation and repair of WSNs in dangerous or hard-to-reach environments. Analogously, the technique can be used by system planners to detect sensing/communication failures among vehicles engaged in formation flight, through observation of the spatial motion of one vehicle. Conversely, the results presented here can inform understanding of security in WSNs and other cyber- networks, by characterizing the ability of an adversary to detect changes to the network. In this brief paper, we focus on formulating the linkfailure detection problem (Section II), and on motivating and presenting a few key characterizations of the detection scheme (Section III): formal proofs and further results are omitted. II. P ROBLEM D ESCRIPTION The object of our study is a discrete-time linear network synchronization process, which has a link (interaction between network components) that can fail to operate as designed. The problem of detecting this link failure from noisy local measurements is considered. In this section, we first describe the canonical networked synchronization process of interest II-A and then model probabilistic failure of the critical link II-B. We then model observations of the synchronization process by a monitor II-C, describe the detection problem, and consider MAP detection of the link failure II-D. We also introduce some additional notations in Section II-E. A. Nominal Networked Synchronization Process We consider a nominal synchronization dynamics defined on a weighted, directed graph (or digraph) Γ = (V, E : W ). Here, V is a set containing the n vertices in the graph, which we

2

label V1 , V2 , . . . , Vn . E is a set of directed edges or arcs, each of which is an ordered pair of distinct vertices (say (Vi , Vj ), for the edge from vertex i to vertex j). Each edge (Vi , Vj ) in the graph has associated with it a positive weight wij , as specified in the weight set W . We concisely represent an arc (directed edge) and its associated weight as (Vi , Vj : wij ). We now consider a network with n components, labeled 1, . . . , n. Each network component k has associated with it a synchronization state xk [t], which evolves along a discrete time axis t ∈ Z + . The evolution of the components’ states is specified by the underlying weighted graph. Specifically, at each time step, each network component’s state evolves based on a weighted average of deviations from other components’ states, where the weights are specified by the directed edges into the vertex Vk in the graph Γ. Specifically, the synchronization state xk [t] is governed by the following difference equation: X xk [t + 1] = xk [t] + wik (xi [t] − xk [t]) (1) i∈Nk

where the neighborhood set Nk contains the indices of all vertices Vi that are adjacent to Vk in the graph Γ (i.e., such that (Vi , Vk ) is an edge. The updates for the n components can be assembled into the following vector difference equation: x[t + 1] = Ax[t] (2)  T where x[t] = x1 [t] x2 [t] . . . xn [t] , the state matrix A can be written as A = I − L, I is an identity matrix, and L is the weighted out-degree Laplacian of the weighted digraph Γ. (We recall that the weighted out-degree Laplacian L for a digraph is defined as follows: for i 6= j, Lij = wij P if (Vi , Vj ) is an edge and zero otherwise; meanwhile, Lii = − j6=i Lij , see e.g. [2]). We note that we have introduced the matrix A = (I − L) for notational convenience. The described network model has been very widely studied in the literature. It is well-known that that synchronization is achieved, i.e., the network components’ states converge to a common value for any initial condition x[0], if 1) the digraph Γ has a directed spanning tree, i.e. there is one vertex from which X there is a directed path to every other vertex; and 2) wik < 1 for all vertices Vk [3], [4]. Moreover, i∈Nk

in this case, the synchronization law (the dependence of the synchronization value on the initial states) can be determined from the left eigenvector of L associated with its dominant eigenvalue. In all further development, we will assume that these two conditions hold, regardless of whether or not the critical link has failed. B. Model for Link Failure We are concerned with failures in the interactions among the network components, which alter the state dynamics of the model. In particular, we note that each network component i’s state is modulated by a neighboring component j, if the underlying graph has an edge from vertex Vj to vertex Vi . Here, we consider the possibility that one critical link in this network process fails, in the sense that the dependence of the state update on the neighbor is removed. Specifically,

we model a critical link or interaction from component p to component q (which corresponds to the graph edge (Vp , Vq : wpq )) as failing, prior to the commencement of the synchronization process. The state update upon failure of the critical link becomes b x[t + 1] = Ax[t],

(3)

b = I − L, b and the matrix L b is the weighted out-degree where A Laplacian of the graph Γ − (Vp , Vq : wpq ). We notice that the states of the network components will still achieve synchronization per our connectivity assumptions. However, we note that the synchronization law given in Equation 3 would generally differ from the nominal synchronization law (Equation 2). The change in the synchronization value b depends on how the left eigenvector of zero eigenvalue of L changes with respect to that of L. C. Observation Model and Monitor’s Prior Knowledge A monitor is viewed as making noisy local observations of the network’s dynamics, using which he seeks to determine whether the critical link failure has occurred. We note that these observations may be distant from the location of the failure in the network: the monitor must use such a remote signature to determine whether or not the failure has occurred. Formally, in this initial study, the monitor is modeled as either making noisy measurements of the synchronization state at a single node Vj (possibly different from both Vp and Vq ) or a noisy measurement of a weighted combination of the synchronization state at a few locations. The monitor’s observations can be captured in a matrix form as y[t] = Cx[t] + W [t]

(4)

where C ∈ P r(H2 |YT ), while H2 is chosen if P r(H1 |YT ) ≤ P r(H2 |YT ). Using simple Bayesian constructs, this test on the posterior conditional probability can be converted into an algebraic test on YT . We stress that the detection scheme in general is imperfect. i.e. the monitor may choose hypothesis H1 while in reality hypothesis H2 occurred, and vice-versa. Thus, it is natural to consider the probability of error for the detector, which is equal to P r(choosing H2 when H1 occurred) + P r(choosing H1 when H2 occurred). We note that the MAP scheme achieves the minimum probability of error among possible detectors. Our goal here is to understand the ability of the monitor to detect the link failures, in terms of the network graph, failure location, measurement location, time horizon, and noise variance. To this end, we characterize the detector and probability of error for the two paradigms described above: known x[0] and unknown x[0] modeled as a Gaussian random variable. Specifically, we first identify conditions under which the observation sequence does not modify the prior probabilities, i.e. the condition probabilities for each hypothesis given the observations are equal to the priors. We refer to this condition as undetectability of the link failure; we note that the probability of error of the detector will not be reduced using the observations, if and only if the linkfailure is undetectable. Beyond the undetectability analysis, we also give conditions under which perfect detection is possible with sufficient measurement, and give some insights into the detector structure. E. Notations In our development we employ the following notations. • •

For a matrix M , we use M 0 to represent its transpose. erf(x) represents the standard error function and is defined as Z x 2 2 e−z dz erf(x) = √ π 0 Note that other definitions for erf(x) exists and are also widely used in literature.

III. A LGEBRAIC AND G RAPHICAL C HARACTERIZATIONS OF MAP D ETECTION : S UMMARY We present matrix-theoretic, spectral, and graphical characterizations of the MAP link-failure detector, for both the random-initial-condition and the known-initial-condition case. Specifically, conditions are given for 1) undetectability, 2) asymptotically-perfect detection, and 3) inexact but improved detection, in terms of the network graph, the monitor’s location, the link-failure location, and the initial condition if known (or in terms of matrices capturing these features). Some characterizations of the detector form and the probability of error are also included. Because of space limitations, our focus here is on summarizing and interpreting key matrix-theoretic and graphical characterizations: we entirely omit formal proofs and algebraic developments. Briefly, the presented results were derived by first writing down the MAP detector in terms of model parameters, and then using control-theory and algebraic-graphtheory constructs. A. Known Initial Synchronization State Let us first present results for the known-initial-condition case. Several of our results are phrased in terms of the observability matrices of the network model under the two hypotheses, defined as     C C b   CA   CA     2   b2  b )= O(T ) =  CA  O(T  CA   ..   .   ..   .  T −1 bT −1 CA CA Let us begin with a matrix-theoretic necessary and sufficient condition for undetectability of the link failure. Theorem 1: (Matrix-Theoretic Condition) Consider the linkfailure detection problem, in the case that the monitor knows the initial condition. The link failure is undetectable (i.e., MAP detection from the observation vector YT does not reduce the a priori error probability) regardless of the initial condition, b are in the null space if and only if all the columns of (A − A) of the observability matrix O(T ). It is worth noting that the condition for undetectability is typically much stronger than the condition for unobservability of the network dynamics. Specifically, unobservability only requires that O(T ) has a null space, while undetectability of the link failure requires that the difference between the nominal and faulted network matrices has all columns in the null space. In the case where the the link failure is detectable, it is easy to check all initial conditions except those in a lowerdimensional subspace of