Jun 25, 2018 - switching for the second-order multi-agent system under attack. In Part II, we ... date control systems, where the attack-detection signal keeps.
1
Strategic Topology Switching for Security–Part II: Detection & Switching Topologies
arXiv:1711.11181v2 [cs.MA] 5 Apr 2018
Yanbing Mao, Emrah Akyol, and Ziang Zhang
Abstract—This two-part paper considers strategic topology switching for the second-order multi-agent system under attack. In Part II, we propose a strategy on switching topologies to reveal zero-dynamics attack. We first study the detectability of zero-dynamics attack for the second-order multi-agent system under switching topology, which has requirements on the switching times and switching topologies. Based on the strategy on switching times proposed in Part I [1] and the strategy on switching topologies proposed here, a decentralized strategic topology-switching algorithm is derived. Its primary advantages are threefold: (i) in achieving consensus in the absence of attacks, the control protocol does not need velocity measurements and the algorithm has no constraint on the magnitude of coupling strength; (ii) in revealing zero-dynamics attack, the algorithm has no constraint on the size of misbehaving-agent set, while it allows the defender or the system operator to have no knowledge of the attack-starting time; (iii) in revealing zero-dynamics attack, if the Laplacian matrix of Xor graph generated by consecutive switching topologies has distinct eigenvalues, only one observed output of position is sufficient. Simulations are provided to verify the effectiveness of the strategic topology-switching algorithm. Index Terms—Multi-agent system, second-order consensus, strategic topology switching, zero-dynamics attack, attack detection.
I. I NTRODUCTION
I
N Part-I paper [1], the proposed control protocol under switching topology employs only relative positions of agents, which is different from the well-studied control protocols that need both relative position measurements and relative/individual velocity measurements [2]–[6]. The secondorder multi-agent system under the proposed control protocol is described by x˙ i (t) = vi (t) n ∑ σ ˘ (t) v˙ i (t) = γ aij (xj (t) − xi (t)), i = 1, . . . , n
(1a) (1b)
j=1
where xi (t) ∈ R is the position, vi (t) ∈ R is the velocity, γ > 0 is the coupling strength, σ ˘ (t) : [0, ∞) → S , {1, 2, . . . , s}, s ∈ N, is the topology-switching signal. Here, σ ˘ (t) = pk ∈ S for t ∈ [tk , tk+1 ) means the pth topology is activated over the time interval [tk , tk+1 ), k ∈ N0 , and apijk is the element of the adjacency matrix which describes the activated pth topology of undirected communication network. The main objective of this two-part paper is the strategic topology-switching algorithm for the second-order multi-agent Y. Mao, E. Akyol and Z. Zhang are with the Department of Electrical and Computer Engineering, Binghamton University–SUNY, Binghamton, NY, 13902 USA, (e-mail: {ymao3, eakyol, zhangzia}@binghamton.edu).
system under attack. The algorithm is based on two strategies, one of which on switching times and the other on switching topologies. The strategy on switching times, as introduced in Part-I paper [1], enables the second-order multi-agent system in the absence of attacks, i.e., the system (1), to reach the second-order consensus. In the following, we present the mathematical definition of the second-order consensus in this context. Definition 1: [2] The second-order consensus in the multiagent system (1) is achieved if and only if the following holds for any initial condition: lim |xi (t) − xj (t)| = 0,
t→∞
lim |vi (t) − vj (t)| = 0, ∀i, j = 1, . . . , n.
t→∞
(2a) (2b)
for any initial condition. The strategy on switching topologies proposed in this PartII paper enables the strategic topology-switching algorithm to reveal zero-dynamics attack. In revealing zero-dynamics attack, the strategy allows the algorithm to have no knowledge of attack-starting time, while it has no constraint on the misbehaving-agent set. A. Related Work Security concerns regarding networked cyber-physical systems pose an existential threat to their wide-deployment, see e.g., Stuxnet malware attack and Maroochy Shire Council Sewage control incident [7]. The “networked” aspect exacerbates the difficulty of detecting and preventing aforementioned attacks since centralized measurement (sensing) and control are not feasible for such large-scale systems [8], and hence requires the development of decentralized approaches, which are inherently prone to attacks. Recently, a special class of stealthy attacks, namely the “zero-dynamics,” have gained interest. Here, the attacker’s goal is two fold: i) not being detected by the system by keeping the monitoring outputs unaltered (hence the name “stealthy”), ii) manipulating the system to accept false data (e.g., aggregation results), which is significantly different from the actual data, see e.g., [9]. While developing defense strategies for such zero-dynamics attacks have recently gained interest [8], [10]–[12] (see Table I for a brief summary), the space of solutions is yet to be thoroughly explored. The most prominent features of prior work are that they constrain the connectivity of network topology and the size of the misbehaving-agent set [8], [10]–[12] or require the knowledge of attack-starting time at the defender side for attack detection [8], [10], [11], [13], [14]. The main objective of this work is to remove such constraints and unrealistic
2
Table I C ONDITIONS ON D ETECTABLE ATTACK Reference [10] [11] [8] [12]
Conditions connectivity is not smaller than 2|K| + 1 |K| is smaller than connectivity size of linking (K → M) is larger than |K| the minimum vertex separator is larger than |K| + 1
Dynamics Discrete Time Discrete Time Continuous Time Discrete Time
•
assumptions by utilizing a new approach for attack detection: intentional topology switching.1 B. Motivation of Part-II Paper Recent experiment of stealthy false-data injection attacks on networked control system [15] showed the changes in the system dynamics could be used to reveal stealthy attack. To have changes in the system dynamics to reveal zero-dynamics attack, Teixeira et al. [13] considered the method of modifying input or output matrix. However, in more realistic situations, such as the defender or the system operator has no knowledge of the attack-starting time, to reveal zero-dynamics attack the system dynamics has to be dynamic, i.e., the system dynamics changes infinitely over infinite time. Therefore, before using the dynamic changes to reveal zero-dynamics attack in such realistic situations, the question that whether the dynamic changes in system dynamics can destroy system stability in the absence of attacks must be investigated. If the dynamic changes can destroy the stability in the absence of attacks, such changes in system dynamics would be attacks, such as the topology attack [16], [17]. For the dynamical networks, recent studies have highlighted the important role played by the network topology [18]–[22]. For example, Menck et al. [18] find that in the numerical simulations of artificially generated power grids, tree-like connection schemes, so-called dead ends and dead trees, can strongly diminish the stability; Schultz et al. [21] show that how the addition of links can change the synchronization properties of network. These motivate us to consider the method of topology switching such that the multi-agent system can have changes in its dynamics to reveal zero-dynamics attack. The strategy on switching times proposed in Part-I paper [1] answers the question: when the topology of network should switch such that the occurring dynamic changes in system dynamics do not undermine the agent’s ability of reaching consensus in the absence of attacks. Based on the work in Part-I paper [1], this Part-II paper focuses on the strategy on switching topologies that addresses the problem of switching to what topologies to reveal zero-dynamics attack. C. Contribution of Part-II Paper The contribution of this paper is threefold, which can be summarized as follows. • Using the obtained detectability of attack, in Section IV we propose a strategy on switching topologies, which can reveal zero-dynamics attack without constraint on the 1 Topology
changes in a multi-agent network have traditionally been considered a problem dictated by nature, to be mitigated by the designer. Here, we intentionally change the topology to detect the zero-dynamics type of attacks.
•
size of misbehaving-agent set. Under the strategy that the Laplacian matrix of Xor graph, which is generated by consecutive switching topologies, has distinct eigenvalues, only one observed output of position is sufficient to reveal zero-dynamics attack. Based on the strategy on switching times and the strategy on switching topologies, a decentralized strategic topology-switching algorithm is proposed in Section V. To reveal zero-dynamics attack, the algorithm: (i) has no constraint on the size of misbehaving-agent set; (ii) allows the defender or the system operator to have no knowledge of attack-starting time. To achieve the secondorder consensus, the algorithm has no constraint on the magnitude of coupling strength, while the control protocol does not need velocity measurements. Employing Luenberger observer, an attack-detection algorithm working under the proposed strategic topologyswitching algorithm is derived in Section V.
D. Organization of Part-II Paper Section II presents the notions and terminology. Problem formulation is given in Section III. In Section IV, we study the detectability of zero-dynamics attack. Section V presents a decentralized strategic topology-switching algorithm and a corresponding attack-detection algorithm . Numerical examples are given in Section VI. Finally, in Section VII we present the conclusions of the two-part paper and the future research directions. II. N OTIONS AND T ERMINOLOGY A. Notations We use P < 0 to denote a negative definite matrix P . For a set V, |V| denotes the cardinality (i.e., size) of the set. In addition, for a set K ⊆ V, V\K denotes the complement set of K with respect to V. Rn and Rm×n denote the set of ndimensional real vectors and the set of m × n-dimensional real matrices, respectively. Let C denote the set of complex number. N represents the set of the natural numbers and N0 = N ∪ {0}. Let 1n×n and 0n×n be the n × n-dimensional identity matrix and zero matrix, respectively. 1n ∈ Rn and 0n ∈ Rn denote the vector with all ones and the vector with all zeros, respectively. The superscript ‘⊤’ stands for matrix transpose. ⊕ denotes the Xor operator. The interaction among n agents is modeled by an undirected graph G = (V, E), where V = {1, 2, . . . , n} is the set of vertices that represent n agents and E ⊂ V × V is the set of edges of the graph G. The adjacency matrix A = [aij ] ∈ Rn×n of the undirected graph G is defined as aij = (i, j) ∈ E, where aij = aji = 1 if agents i and j interact with each other, and aij = aji = 0 otherwise. Assume that there are no self-loops, i.e., for any i ∈ V, aii = 0. A path is a sequence of connected edges in a graph. A graph is said to be connected if there is a path between every pair of vertices. B. Preliminaries The following definition and auxiliary lemmas will be used throughout this paper.
3
Definition 2 (Path Graph [23]): The path graph Pn is a tree with two nodes of vertex degree 1, and the other n − 2 nodes of vertex degree 2. Lemma 1: [24] If the undirected graph G is connected, then its Laplacian L ∈ Rn×n has a simple zero eigenvalue (with eigenvector 1n ) and all its other eigenvalues are positive and real. Lemma 2: [25] The Laplacian of a path graph Pn has the eigenvalues as ) ( (k − 1) π λk = 2 − 2 cos , k = 1, . . . , n. (3) n Lemma 3 (Proposition 1.3.3 in [26]): Let G be a connected graph with diameter d. Then G has at least d + 1 distinct eigenvalues, at least d + 1 distinct Laplace eigenvalues, and at least d + 1 distinct signless Laplace eigenvalues. Lemma 4: [1] Consider the following system: ∫ t x ˜˙ (t) = −γL x ˜ (τ )dτ + v˜(0), t ≥ 0 (4) 0
where γ > 0, L ∈ Rn×n is the Laplacian matrix of a connected undirected graph; and x ˜ (t) ∈ Rn and v˜ (t) = n ˙x ˜ (t) ∈ R satisfy (23) and (24), respectively. The solutions of x ˜i (t), i = 1, . . . , n, are obtained as:
x ˜i (t) (5) ( ) n ∑ √ √ v˜ (0) = qli ql⊤ x ˜ (0) cos( γλl t)+ √ sin( γλl t) , t ≥ 0 γλl l=2
where λl (λ1 = 0) are the nonzero eigenvalues that are asso⊤ ciated with the orthogonal vectors ql = [ql1 , . . . , qln ] ∈ Rn of L, l = 2, . . . , n. Remark 1: Let σ ˘ (t) = r ∈ S for t ∈ [tk , tk+1 ) , k∫ ∈ N0 , the t dynamics in (1) can be rewritten as x˙ (t) = −γLr tk x (τ )dτ + v(tk ), t ∈ [tk , tk+1 ). Therefore, Lemma 4 implies that the system (1) under each fixed connected topology has a period T such that { v˜i (t) = v˜i (t + T ) , i = 1, · · · , n (6) x ˜i (t) = x ˜i (t + T ) , ∀t ∈ [tk , tk+1 ) , ∀k ∈ N0 . Lemma 5: [1] Consider the function: F (t) = ϖ
x ˜⊤ (t) x ˜ (t) v˜⊤ (t) v˜ (t) + , 2 2
(7)
with x ˜˙ (t) = v˜(t) ∈ Rn . Along the solutions of the system (4), if the Laplacian matrix L has distinct eigenvalues and ϖ satisfies 0 < ϖ ̸= γλi (L) , ∀i = 2, . . . , n, (8) where λ1 (L) , . . . , λn (L) are the corresponding eigenvalues of L. Then for any nonzero initial condition, there never exists a nonzero constant φ such that F (t) = φ ̸= 0, ∀t ≥ 0.
(9)
Lemma 6: [1] Consider the second-order multi-agent system (1). For the given period T satisfying (6), scalars 1 > β > 0, α > 0 and L ∈ N, if the dwell time τ , the
minimum dwell time τmin and the maximum dwell time τmax satisfy 1
(β − L −1)
L mT < τmin ≤ τ ≤ τmax , τˆmax + , m ∈ N (10) α−ξ 2
with (11)
ξ < α, − ln β 0 < τˆmax < , α ) L mT ( − 1 0 < τˆmax + − β L −1 , 2 α−ξ ξ= max {1 − γλi (Lr ), −1 + γλi (Lr )} , r∈S,i=1,...,n
(12) (13) (14)
where γ is the coupling strength of the multi-agent system (1), and λi (Lr ) , . . . , λn (Lr ) are the corresponding eigenvalues of the Laplacian matrix Lr . Then, the second-order consensus is achieved. Remark 2: Lemma 6 provides a strategy on switching times that addresses the question: when should the topology of multiagent system switch to reveal zero-dynamics attack, such that the changes in the system dynamics do not destroy system stability in the absence of attacks? Remark 3: In achieving the second-order consensus, the strategy on switching times, provided by Lemma 6, has no constraint on the magnitude of coupling strength. However, the solution obtained in Lemma 4 shows that the coupling strength can affect the period T , which keeping Lemma 6 in mind, implies that the coupling strength can control the dwell time of switching topologies, thus can affect the convergence speed to consensus. Lemma 7 (Simplified Finite-Time Consensus Algorithm without External Disturbances [27]): Consider the multi-agent system r˙i = α ˜
n ∑ j=1
m ¯
bij (rj −ri ) n¯ + β˜
n ∑ j=1
p ¯
bij (rj −ri ) q¯ , i = 1,. . ., n (15)
where α ˜ > 0 and β˜ > 0 are the coupling strengths, bij is the element of the coupling matrix that describes topology of an undirected connected communication network and its corresponding Laplacian matrix is denoted as LA , the odd numbers m ¯ > 0, n ¯ > 0, p¯ > 0 and q¯ > 0 that satisfy m ¯ >n ¯ and p¯ < q¯. Its global finite-time consensus can be achieved, i.e., n 1∑ ri (t) − ri (0) = 0, ∀t ≥ P, i = 1, . . . , n. (16) n i=1 Further, the setting time P is bounded by ( m−¯ ) ¯ n 1 n 2n¯ n ¯ 1 q¯ P < + . λ2 (LA ) α ˜ m ¯ −n ¯ β˜ q¯ − p¯
(17)
III. P ROBLEM F ORMULATION We usually refer to an agent under attach as a misbehaving agent [11]. For simplicity, let K = {1, . . .} ⊆ V = {1, . . . , n} denote the set of misbehaving agents, and M = {1, . . .} ⊆ K denote
4
the set of observed outputs. The multi-agent system (1) with its output under attack is described by x ˆ˙ i (t) = vˆi (t) , (18a) n ∑ σ(t) vˆ˙ i (t) = γ aij (ˆ xj (t)−ˆ xi (t))+gi (t) ui (t−κ), i ∈ V (18b) i=1
(18c)
yi (t) = x ˆi (t) + gi (t) ui (t − κ), i ∈ M
where σ(t) is the topology switching signal of the system under attack; yi (t) is observed output of agent i; gi (t) is agent i’s attack signal; κ ≥ 0 is the attack-starting time and ui (t − κ) is the unit step function that is defined as { 1, ui (t − κ) = 0,
t ≥ κ and i ∈ K otherwise. σ ˘ (t)
(19)
σ ˘ (t)
For the undirected topology, aij = aji , it is straightn ∑ forward to verify from (1) that v˙ i (t) = 0, ∀t ≥ 0, which i=1
implies that the average position x ¯(t) =
n
n ∑
xi (t) proceeds
i=1
with the constant velocity v¯ =
Figure 1. Strategic topology-switching scheme for the second-order multiagent system: two communication links control four topologies.
n
1∑ 1∑ vi (t) = vi (0). n i=1 n i=1
(20)
Thus, the average position trajectory is n n 1∑ 1∑ x ¯(t) = xi (0) + vi (0)t. n i=1 n i=1
(21)
Based on v¯ in (20) and x ¯(t) in (21), we define fluctuations: (22a) (22b) (22c)
x ˜i (t) = xi (t) − x ¯(t), v˜i (t) = vi (t) − v¯, χi (t) = x ˆi (t) − x ¯(t),
(22d)
vi (t) = vˆi (t) − v¯.
It follows from (20), (21), (22a) and (22b) that
R|M| , and
[
0n×n −γLσ(t) [
1n×n 0n×n
]
Aσ(t) = , [ ] ] BK 0|K|×|V\K| B = 0n×n , 0|V\K|×|K| 0|V\K|×|V\K| [ ] BK = e¯1 , . . . , e¯|K| ∈ R|K|×|K| , ] [ CM = eˆ1 . . . eˆ|M| 0|M|×(2n−|M|) , [ ] DM = 0|M|×n eˆ1 . . . eˆ|M| 0|M|×(n−|M|) [ 0n ] , g(t) = g˘(t) 0|V\K| [ ]⊤ g˘ (t) = g1 (t) u1 (t − κ), . . . , g|K| (t) u|K| (t − κ) ,
(26) (27) (28) (29) (30) (31) (32)
with e¯i ∈ R|K| and eˆi ∈ R|M| being the ith vectors of the canonical basis. Using the defined fluctuations in (22a) and (22b), the system (1) with introduction of the same outputs as in (25) in the absence of attacks, can be written equivalently in the form of fluctuations, that is { z˜˙ (t) = Aσ˘ (t) z˜ (t) (33) y˜ (t) = CM z˜ (t) ⊤
1⊤ ˜ (t) = 0, ∀t ≥ 0. nx
(23)
1⊤ ˜ (t) = 0, ∀t ≥ 0. nv
(24)
Using the defined fluctuations in (22c) and (22d), the system (18) can be equivalently transformed in the form of switched system under attack: { z˙ (t) = Aσ(t) z (t) + Bg (t) yˆ (t) = CM z (t) + DM g(t)
(25) ⊤
where z (t) = [χ1 (t) , . . . , χn (t) , v1 (t) , . . . , vn (t)] ∈ R2n , [ ]⊤ yˆ(t) = y(t) − x ¯(t)1|M| with y (t) = y1 (t), . . . , y|M| (t) ∈
where z˜ (t) = [˜ x1 (t) , . . . , x ˜n (t) , v˜1 (t) , . . . , v˜n (t)] ∈ R2n , [ ]⊤ ∈ R|M| , Aσ˘ (t) and CM are y˜(t) = x ˜1 (t), . . . , x ˜|M| (t) given by (26) and (29), respectively. The strategic topology-switching algorithm and the attackdetection algorithm, which will be proposed in Section V, are illustrated in Figure 1, where the clock icon along the communication link indicating the link logic is driven by time, i.e., the topology-switching signal is time-dependent. We end this section by making the following assumptions on the attacker and defender. Assumption 1: The attacker 1) has the knowledge of topology switching sequences, including the switching times and the activated topologies at switching times;
5
2) can modify the initial condition arbitrarily if the attackstarting time is the initial time. Assumption 2: The defender has no knowledge of the attackstarting time nor the set of misbehaving agents (i.e., it allows all the agents to be misbehaving).
times and topologies to design dynamic stealthy attack. Let us consider the following dynamic attack signal: { g (κ ) eλk (t−κk ) , t ∈ [κk , ηk ] g (t) = k k (39) 02n , otherwise
IV. D ETECTABILITY OF Z ERO -DYNAMICS ATTACK
tk < κk < ηk < tk+1 , k ∈ N0
As one class of stealthy attacks, the zero-dynamics attack’s one important property is its undetectability. This section will focus on the detectability of zero-dynamics attack under switching topologies. A. Zero-Dynamics Attack We first present the formal definitions of undetectable attack, and zero-dynamics attack, which is modified from [8], [11], [14] with introduction of attack-starting time, for continuous-time multi-agent systems. Definition 3: (Undetectable Attack [8]) Consider the multiagent systems (25) and (33). The attack signal g(t) in (25) is undetectable if ∃j ∈ M : yˆj (t) = y˜j (t) , ∀t ≥ 0. Definition 4: (Zero-Dynamics Attack [8], [11], [14]) Consider the following two systems { p˙ (t) = Ap (t) + Bg(t) (34) y¯ (t) = Cp (t) + Dg(t) { q˙ (t) = Aq (t) (35) y˜ (t) = Cq (t) where p(t), q(t) ∈ Rn , y¯(t), y˜(t) ∈ Rm with m ≤ n, g(t) ∈ Ro with o ≤ n, A ∈ Rn×n , B ∈ Rn×o , C ∈ Rm×n and D ∈ Rm×o . The attack signal g(t) = g (κ) eλ(t−κ) , t ≥ κ with κ ≥ 0, is a zero-dynamics attack if g(κ) ̸= 0o and λ ∈ C satisfy [ ][ ] [ ] λI − A B p (κ) − q (κ) 0n = . (36) −C D −g (κ) 0m Remark 4: Under the zero-dynamics attack policy (36), the state and observed output of system (34) satisfy y¯ (t) = y˜ (t) , ∀t ≥ 0
p (t) = q (t) + (p (κ) − q (κ)) e
(37) λ(t−κ)
, ∀t ≥ κ.
(38)
The detailed proofs of the results (37) and (38) can be found in [28]. The state solution (38) shows that through choosing the parameter λ, the attacker can achieve various objectives categorized as: • Re (λ) > 0: making system unstable; • Re (λ) = 0, Im (λ) ̸= 0: causing oscillatory behavior; • Re (λ) < 0: altering the steady-state value. The output (37) indicates the undetectability property of zerodynamics attack. In Assumption 1, the attacker is assumed to have the knowledge of switching times and the activated topologies at switching times. An intriguing question regarding attack design is that for attacker, whether it is wise to use the zerodynamics attack policy (36) and the knowledge of switching
where
(40)
with κk , ηk and tk being the attack-starting time, the attack over time, and the topology-switching time, respectively. This paper focuses on revealing zero-dynamics attack by strategic topology switching, which implies that the ongoing zero-dynamics attack will be detected at the coming switching times. The attack signal (39) together with the condition (40) mean that in order to avoid from being detected at topologyswitching times, the attacker starts an attack right after the topology switched and stops the attack just before the coming topology-switching time. Theorem 1: For the system (25) under attack signal (39), using the zero-dynamics attack policy (36), the attack (39) reveals itself at its first attack over time. Proof: See Appendix A. Remark 5: In Theorem 1, the revealing time, i.e., the first attack over time, which is smaller than the coming switching time, implies that the attacker’s action “over attacking” shortens the duration of going undetected. Hence, although the attacker has the knowledge of switching times and topologies, it is not wise to adopt the zero-dynamics attack policy (36) to design dynamic stealthy attack for the signal (39). Therefore, in the following sections, we do not consider such discontinuous signal (39) with dynamic attack strategy, we consider only the formal zero-dynamics attack signal: g(t) = g (κ) eλ(t−κ) , t ≥ κ. B. Strategy on Switching Topologies To better illustrate the strategy on switching topologies, we introduce the definition of components in a graph. Definition 5 (Components of Graph [29]): The components of a graph G are its maximal connected subgraphs. A component is said to be trivial if it has no edges; otherwise, it is a nontrivial component. Definition 6: The Xor graph, denoted as Gxor , is generated by Xor operation between the entries of adjacency matrices 1 2 1 of two graphs G1 and G2 , i.e., axor ij = aij ⊕ aij , where aij 2 xor (aij , aij ) is the element of adjacency matrix that describes the topology of communication network G1 (G2 , Gxor ). Based on the components Xor graph, we express the ∪ ∪ of ∪ agent set as V = C1 C2 . . . Cd where d is the number of the components of Xor graph and Cq , q ∈ {1, 2, . . . , d}, ∩ is the set of agents in the qth component. Obviously, Cp Cq = ∅ if p ̸= q. As an example, the Xor graph in Figure 2 has two nontrivial components, C1 = {1, 2, 3, 4}, C2 = {5, 6}, and two trivial components, C3 = {7}, C4 = {8}. In the following theorem, we present the strategy on switching topologies. Theorem 2: Consider the multi-agent system under attack (25). If the strategy satisfies
6
available, we rearrange the agents in such a way that the systems (25) and (33) are rewritten as { z˙ (t) = Aσ(t) z (t) + Bg (t) S1 : (43) yˆj (t) = χj (t) + gj (t)uj (t − κ), ∀j ∈ O { z˜˙ (t) = Aσ˘ (t) z˜ (t) S2 : (44) y˜j (t) = x ˜j (t) , ∀j ∈ O
Figure 2. Components of Xor graph.
(r1)
after the attack starts at κ ≥ 0, the first topologyswitching signal is time-dependent, i.e, σ(tk ) where (41)
k = arg min {tr > κ} , r∈N
is time-dependent; for the Xor graph generated by the two consecutive topologies activated at tk−1 and tk , where k is defined in (41),
(r2)
(r2a) the Laplacian matrix associated with each nontrivial component has distinct eigenvalues, (r2b) at least one agent in each component is equipped with the observed output of position, then, with no constraint on the misbehaving-agent set, the strategy reveals zero-dynamics attack. Proof of Theorem 2: Considering the requirement (r2b) on the set of outputs, to simplify the proof, we consider the extreme situation where only one agent in each component has observed output of position. Without loss of generality, we let the first agent in each component has observed output of position. Thus, we define a set of indices of the first agent in each component: O=
{
1, 1 + |C1 | , 1 + |C1 | + |C2 | , . . . , 1 +
d ∑
h=1
}
|Ch | , (42)
where d is the number of components of the Xor graph generated by the two consecutive topologies activated at tk and tk+1 , where k is defined in (41). Therefore, in this situation where only one output of position in each component is
where O is given by (42). Without loss of generality, we assume the attack-starting time falls into the interval [tk−1 , tk ), k ∈ N. The strategy (r1) means after the attacker launches attack at κ, the switching signal σ(t) over the two consecutive intervals [κ, tk )∪[tk , ε) is time-dependent. Let us consider the systems (43) and (44) and let z˜ (t) = z (t) , t < κ. Now, during the time t ∈ [0, κ), g(t) ≡ 02n and the systems (43) and (44) are the identical. Since over the two consecutive intervals [κ, tk ) ∪ [tk , ε), the topologyswitching signals σ(t) and σ ˘ (t) in (43) and (44) are timedependent and identical, we conclude Aσ(t) = Aσ˘ (t) , ∀t ∈ [κ, tk ) ∪ [tk , ε). Let z˘ (t) = z (t) − z˜ (t) with z˘ (0) = z (0) − z˜ (0), y˘j (t) = yˆj (t) − y˜j (t) and x ˘j (t) = χj (t) − x ˜j (t). From (43) and (44) we have that for t ∈ [κ, tk ) ∪ [tk , ε), { z˘˙ (t) = Aσ(t) z˘ (t) + Bg (t) (45) y˘j (t) = x ˘j (t) + gj (t)uj (t − κ), ∀j ∈ O. We now assume to the contrary that the system (43) has zero-dynamics attack. Without loss of generality, we let σ(t) = 1 for t ∈ [κ, tk ). By (36), we obtain [ ] [ ⊤] ][ λ1[2n×2n − ]A1 [ B z˘(κ) 0 ] = 2n , ∀j ∈ O. (46) ⊤ ⊤ −e⊤ 0⊤ −g(κ) 0 n , −ej j , 0n Let us denote: ¯K = B g¯K (κ) =
[
[
BK
0|V\K|×|K| ] −˘ g (κ) . 0|V\K|
0|K|×|V\K| 0|V\K|×|V\K|
]
,
(47a) (47b)
[ ] [ ] χ (t) x ˜ (t) ∆ = Substituting z˘ (t) = z (t) − z˜ (t) = − v (t) v˜ (t) [ ] x ˘ (t) , the matrix B given in (27) with (47a), the vector v˘ (t) g(κ) given in (31) with (47b), and the matrix A1 given by (26), into (46) yields, x ˘(κ) λ1n×n −1n×n 0n×n 0n×n 0n ¯K v˘(κ) =0n ,∀j ∈ O. (48) γL1 λ1n×n 0n×n B 0n −e⊤ 0⊤ 0⊤ e⊤ 0 n n j j g¯K (κ)
We now let the topology switches from topology 1 to topology 2 at instance tk . Let us denote ϵ = tk −κ. If the multiagent system (43) has zero-dynamics attack over the time [tk , ε), z˘(κ)eλϵ and g(κ)eλϵ would be the state-zero direction and attack-zero direction for system (43) over the time interval
7
[tk , ε). Using the same analysis method to derive (48), we obtain x ˘(κ) λ1n×n −1n×n 0n×n 0n×n 0n ¯K eλϵ v˘(κ) =0n ,∀j ∈ O γL2 λ1n×n 0n×n B 0n −e⊤ 0⊤ 0⊤ e⊤ 0 n n j j g¯K (κ) which is equivalent to
x ˘(κ) λ1n×n −1n×n 0n×n 0n×n 0n ¯K v˘(κ) =0n ,∀j ∈ O. γL2 λ1n×n 0n×n B 0n −e⊤ 0⊤ 0⊤ e⊤ 0 n n j j g¯K (κ)
(49)
From (48) and (49) we have
λ˘ x (κ) − v˘ (κ) = 0n , ¯ BK g¯K (κ) + γL1 x ˘ (κ) + λ˘ v (κ) = 0n , ¯K g¯K (κ) + γL2 x B ˘ (κ) + λ˘ v (κ) = 0n ,
x ˘j (κ) − gj (κ) = 0, ∀j ∈ O.
(50) (51) (52) (53)
Considering the definition of components of Xor graph, L1 − L2 can be written as L1 − L2 = diag {±L (C1 ) , ±L (C2 ) , . . . , ±L (Cd )} ,
(54)
where L (Cq ), q ∈ {1, 2, . . . , d}, denote the Laplacian matrix of the qth component of Xor graph. Obviously, L (Cq ) = 0 if |Cq | = 1. From (50)–(54), we observe that (a) equation (50) is equivalent to λ˘ x (κ) = v˘ (κ); (b) from (51) and (52), γ (L1 − L2 ) x ˘ (κ) = 0n ; (c) if L (Cq ), ∀q ∈ {1, 2, . . . , d}, has distinct eigenvalues, it has properties: (i) zero is one of its eigenvalues with multiplicity one, (ii) the eigenvector that corresponds to the eigenvalue zero is 1|Cq | , ∀q ∈ {1, 2, . . . , d}; (d) equation (53) is equivalent to x ˘j (κ) = gj (κ), ∀j ∈ O; (e) combining properties (c) and (d) can yield the solution of Equation γ (L1 − L2 ) x ˘ (κ) = 0n as x ˘j (κ) = . . . = x ˘O(ij+1 )−1 (κ) = gj (κ),∀j ∈ O, where ij+1 is index of element j + 1 in the set O, i.e., O(ij+1 ) = j + 1. Now, based on the observations (a)–(e) above, we consider the following two different cases. Case 1: λ = 0: In this case, if the Laplacian matrix of each component has distinct eigenvalues, from Lemma 1, observation (a), observation (e), and (51) or (52), we have ¯K g¯K (κ) = 0n , which is equivalent to g1 (κ) = . . . = B g|K| (κ) = 0, indicating there is no zero-dynamics attack by Definition 4. Case 2: λ ̸= 0: In this case, if the Laplacian matrix of each component has distinct eigenvalues, observation (a) and observation (e) imply that v˘j (κ) = v˜j+1 (κ) = . . . = v˘O(ij+1 )−1 (κ) = λgj (κ), ∀j ∈ O. (55)
Considering Lemma 1 and observation (e), substituting (55) ¯K g¯K (κ) = −λ2 x into (51) or (52) yields B ˘j (κ) 1n , which is equivalent to gj (κ) = . . . = gO(ij+1 )−1 (κ) = −λ2 x ˘j (κ) , ∀j ∈ O. (56)
From (56) and observation (d), we have gj (κ) = −λ2 x ˘j (κ) = x ˘j (κ) , j ∈ O, which is equivalent to (1 + λ2 )˘ xj (κ) = 0, also impling x ˘j (κ) = 0, ∀j ∈ O, or λ = ±i. If x ˘j (κ) = 0, ∀j ∈ O, considering observation (e) and (56), we conclude gj (κ) = . . . = gO(ij+1 )−1 (κ) = 0, ∀j ∈ O, indicating that there is no zero-dynamics attack by Definition 4. If λ = ±i, observation (a) means that ±i˘ x (κ) = v˘ (κ). If v˘ (κ) = 0n , we have x ˘ (κ) = 0n and g¯K = 0n , which shows there is no zero-dynamics attack by Definition 4. If v˘ (κ) ̸= 0n , ±i˘ x (κ) ̸= 0n , which implies the requirements as x ˘(κ) ∈ Rn and v˘(κ) ∈ Rn in Definition 4 are not satisfied. Therefore, the zero-dynamics attack is ruled out in this case. The analysis above shows that there is no zero-dynamics attack under the strategy in Theorem 2, which is a contradiction, and this completes the proof Remark 6: The strategy (r2) in Theorem 2 implies that if the Laplacian matrix associated wutg each nontrivial component has distinct eigenvalues, then the minimum number of observed outputs required to reveal zero-dynamics attack is equivalent to the number of components of Xor graph. Take the Xor graph in Figure 2 as an example. Two nontrivial components are path graphs. With 0 ≤ (k−1)π < π, ∀k = 1, . . . , n, n Lemma 2 implies that the Laplacian matrix of path graph has distinct eigenvalues. Hence, the Xor graph in Figure 2 satisfies (r2a) in Theorem 2. Therefore, we conclude that if the topology set S includes Graph One and Graphs Two in Figure 2, the minimum number of outputs is four (the Xor graph has four components). If Xor graph has only one component and its Laplacian matrix has distinct eigenvalues, then only one output is sufficient to reveal zero-dynamics attack. Corollary 1: Consider the system under attack (25). if the topology-switching strategy satisfies (r1) (r2)
after the attack starts at κ ≥ 0, the first topologyswitching signal is time-dependent, i.e, σ(tk ) where k is defined in (41), is time-dependent; for the switching topologies activated at tk−1 and tk , Lσ(tk ) − Lσ(tk−1 ) has distinct eigenvalues;
with no constraint on the misbehaving-agent set, only one output of position suffices to reveal zero-dynamics attack. Proof of Corollary 1: The strategy (r2) in Corollary 1 means the Xor graph has only one component that its Laplacian matrix has distinct eigenvalues, then the set O defined by (42) would be O = {1}. The rest of the proof is omitted as it is the same as that of Theorem 1. V. S TRATEGIC T OPOLOGY S WITCHING A. Decentralized Strategic Topology-Switching Algorithm The finite-time consensus algorithm–Lemma 7, can be used to estimate the global coordinators precisely in finite time. It is employed to derive a decentralized topology-switching algorithm. Furthermore, from (17) we can see that through ˜ we obtain any desirable adjusting the control gains α ˜ and β, setting time ∞ > P > 0.
8
If we adjust parameters α ˜ > 0 and β˜ > 0 in the algorithm (15) such that ( m−¯ ) ¯ n 1 n 2¯n n ¯ 1 q¯ + < τmin , (57) λ2 (LA ) α ˜ m ¯ −n ¯ β˜ q¯ − p¯
where τmin satisfy the left-hand side of (10), then the setting time P in (17) satisfies P < τmin . Based on (r2) in Theorem 2, we make the following assumption on the topology set and the output set provided to the strategic topology-switching algorithm. Assumption 3: The topology set S includes more than one connected topology: a) the Laplacian matrix associated with (at least) one topology has distinct eigenvalues; b) for (at least) such two topologies, that i) the Laplacian matrix associated with each nontrivial component of their Xor graph has distinct eigenvalues, ii) at least one agent in each component of their Xor graph is equipped with observed output of position. Based on Lemma 5, Lemma 6 and Theorem 2, through employing the finite-time consensus algorithm (15), the derived decentralized strategic topology-switching algorithm that can reveal zero-dynamics attack is described by Algorithm 1. Theorem 3: Consider the system under attack (25). If the topology-switching signal is generated by Algorithm 1, then the following properties hold: (i) In the absence of attacks, if the loop-stopping criteria δ = 0 (in Line 1 of Algorithm 1), the agents achieve the second-order consensus. (ii) In the absence of attacks, if the loop-stopping criteria δ > 0, the agents achieve the second-order consensus under admissible consensus error δ through finitely topology switching, i.e., F (tk¯ ) ≤ δ with 0 < k¯ < ∞ and F (t) given by (7). (iii) Without any knowledge of the attack-starting time or the constraint on the size of misbehaving-agent set, Algorithm 1 is able to reveal zero-dynamics attack. Proof of Theorem 3: Considering Lemma 6 and Lemma 5, the proofs of property (i) and property (ii) directly follows the proof of Part-I paper’s Theorem 2 in [1]. Thus, we only prove property (iii). Lines 4 and 5, Lines 11 and 12 of Algorithm 1 mean all the topology-switching signals σ(tk ), k ∈ N0 , are timedependent. Therefore, the requirement (r1) in Theorem 2 is satisfied. We note that the required topology set S and output set M in Input of Algorithm 1 follow Assumption 3, which corresponds to the requirement (r2) in Theorem 2. Therefore, by Theorem 2, we conclude the property (iii) under Algorithm 1, which completes the proof. Remark 7: In the extreme situation where only one output of position is available, by Corollary 1 the requirements on switching topology in Line 7 and Line 9 of Algorithm 1 would change as Lσ(tk ) has distinct eigenvalues, and Lσ(tk+1 ) − Lσ(tk ) has distinct eigenvalues. Since Lemma 2 implies that the Laplacian matrix of a path graph has distinct eigenvalues and Lemma 3 provides a guide to design more connected graphs with distinct Laplacian eigenvalues, it is not hard to
Algorithm 1: Decentralized Strategic Topology-Switching Algorithm Input: Topology set S and output set M that satisfy the requirements in Assumption 3, individual ϖx ˜2 (t) v ˜2 (t) functions Fi (t) = 2i + i2 with ϖ satisfying (8), dwell time τ generated by Lemma 6, initial time tk−1 = 0, initial topology Gσ(tk−1 ) , loop-stopping criteria δ ≥ 0. 1 while F (tk−1 ) > δ do 2 Input individuals Fi (tk ) and F˙i (tk ) to agent i in the finite-time consensus algorithm (15) at time tk ; 3 Output F (tk ) and F˙ (tk ) from the finite-time consensus algorithm (15) to the agents in (18) at time tk + τmin ; 4 Run until the time tk + τ ; 5 Update: tk+1 ← tk + τ ; 6 if F˙ (tk ) = 0 then 7 Switch the topology of network (18b) to σ(tk+1 ) that satisfies: • σ(tk+1 ) ̸= σ(tk ), • Lσ(tk+1 ) has distinct eigenvalues, • Laplace matrix of each component of Gxor = Gσ(tk+1 ) xor Gσ(tk ) has distinct eigenvalues; 8 else 9 Switch the topology of network (18b) to σ(tk+1 ) that satisfies: • σ(tk+1 ) ̸= σ(tk ), • Laplace matrix of each component of Gxor = Gσ(tk+1 ) xor Gσ(tk ) has distinct eigenvalues; 10 end 11 Update the topology-switching time: tk−1 ← tk ; 12 Update the topology-switching time: tk ← tk+1 . 13 end
select such two topologies. Figure 3 provides an example on how to select such two topologies: one path graph and one ring graph. B. Attack Detection Before proceeding on the attack-detection algorithm, let us consider the following system under switching topology: e˙ x (t) = ey (t) ,
(58a)
˘ x (t) , e˙ y (t) = −γLσ(t) ex (t) + η Λe
(58b)
where ex (t) ∈ Rn , ey (t) ∈ Rn , Lσ(t) is a Laplacian matrix of a connected undirected graph and ˘ = diag{ 1 , 0, . . . , 1 , 0, . . . , 1 , . . .} ∈ Rn×n , (59) Λ |{z} |{z} |{z} O(1)
O(2)
O(d)
with O given by (42). Now, we present the following lemmas that can be used to derive an attack-detection algorithm under strategic topologyswitching algorithm.
9
minimum dwell time τmin and the maximum dwell time τmax satisfy ϕmax < τmin ≤ τ ≤ τmax , τˆmax + with 1 −L
− 1) max { } ˆϱ , α > max ξ,
ϕmax = (β
{
L
mTb ,m ∈ N 2
L , ˆ α −ϱ α−ξ
}
,
(65)
(66) (67)
− ln β , (68) α Tb 0 < τˆmax + m − ϕmax (69) 2 ξˆ = max {1 − γλi (Lr ), −1 + γλi (Lr )} , (70) 0 < τˆmax
0 or the control gain η can control the period Te. Lemma 9: Consider the second-order multi-agent system under switching topology (58) with ∆ ˘ Ar = η Λ − γLr < 0, ∀r ∈ S
(64)
˘ is given by (59). For the given common period Tb of where Λ the period T satisfying (6) and the period Te satisfying (63), scalars 1 > β > 0, α > 0 and L ∈ N, if the dwell time τ , the
max
r∈S,i=1,...,n
{1 − λi (Ar ), −1 + λi (Ar )} ,
(71)
where λ1 (Lr ) , . . . , λn (Lr ) and λ1 (Ar ) , . . . , λn (Ar ) are the corresponding eigenvalues of the matrix Lr and the matrix Ar , respectively. Then, the system is globally uniformly asymptotically stable. Proof of Lemma 9: Since Tb is a common period of the period T and the period Te, we conclude that Lemma 9 implies Lemma 6. The rest of the proof is omitted since it is the same as that of Lemma 6 in Part-I paper [1]. Inspired by the attack-detection algorithm proposed in [8], which is based on Luenberger observer, we present in the following a detection algorithm that has the minimum number of outputs in detecting a zero-dynamics attack. Theorem 4: For the system (18), consider the attackdetection filter x˙ (t) = v (t) , ( ) ˘ x (t) − η Λy ˘ (t) , v˙ (t) = −γLσ(t) + η Λ
˘ (t) = Λx ˘ (t) − Λy ˘ (t) , Λr
(72a) (72b) (72c)
where x(0) = x(0), v(0) = v(0), y(t) is the output of sys˘ is given by (59). If (64) holds, the dwell time tem (18) and Λ τ in Algorithm 1 is generated by Lemma 9, and the topologyswitching signals of the filter (72) and the system (18) are generated by Algorithm 1 simultaneously, then ˘ i) Λr(t) ≡ 0n , ∀t ≥ 0, if and only if gi (t) ≡ 0, ∀i ∈ K, ∀t ≥ 0, ii) in the absence of attacks, the filter errors ex (t) = x(t) − x(t) and ev (t) = v(t) − v(t) are globally uniformly asymptotically stable, iii) in the absence of attacks, if the loop-stopping criteria δ = 0 (in Line 1 of Algorithm 1), the agents achieve the second-order consensus, iv) in the absence of attacks, if the loop-stopping criteria δ > 0 (in Line 1 of Algorithm 1), by finitely topology switching, the agents achieve the secondorder consensus under admissible consensus error δ, i.e., F (tk¯ ) ≤ δ with 0 < k¯ < ∞ and F (t) given by (7).
10
Proof of Theorem 4: Proof of i): Let us define the errors e[ x (t) = x (t) ]− x (t), ev (t) = v (t) − v (t) and e⊤ (t) = ⊤ e⊤ x (t) , ey (t) . From (43) and (72), we have { ˘ (t) e˙ (t) = A˘σ(t) e (t) + Bg (73) rj (t) = exj (t) − gj (t), ∀j ∈ O where
[
] 0n×n 1n×n (74) ˘ 0n×n , −γLσ(t) + η Λ [ [ ] ] ¯K + η Λ ˘ B 0|K|×|V\K| ˘ = 0n×n B , (75) 0|V\K|×|K| 0|V\K|×|V\K|
A˘σ(t) =
˘ and B ¯K given by (59) and (47a), respectively. with Λ We replace Aσ(t) and B in the proof of Theorem 2 by ˘ in (75), respectively. Then, using the A˘σ(t) in (74) and B same analysis method as the one employed to obtain (49), we have e (κ) λ1n×n −1n×n 0n×n 0n×n x 0n ey (κ)=0n, ∀j∈O. (76) ˘ λ1n×n 0n×n B ¯K + η Λ ˘ γL2 − η Λ 0n 0 −e⊤ 0⊤ 0⊤ e⊤ n n j j g¯K (κ)
˘ x (κ) = The third equation included in (76) implies η Λe ˘ ˘ η Λ¯ gK (κ) where Λ is given by (59), from which (76) can be rewritten equivalently as e (κ) λ1n×n −1n×n 0n×n 0n×n x 0n ¯K ey (κ) =0n , ∀j ∈ O. γL2 λ1n×n 0n×n B 0n −e⊤ 0⊤ 0⊤ e⊤ 0 n n j j g¯K (κ) Then, following the same lines as those in the proof of Theorem 2, we conclude that there is no zero-dynamics attack. Proof of ii): In the absence of attacks, the dynamics (73) is equivalent to the dynamics (58). Hence, by Lemma 9, we have ii) in Theorem 4. Proof of iii): Since Lemma 9 implies Lemma 6, by Lemma 6 we conclude iii) in Theorem 4 The proof of iv) is carried out in the same way as the proof of (ii) in Theorem 3. Remark 9 (Off-Line Calculation): The solutions (5) and (62) implies that with the only knowledge of the number of agents, the required period T and Te can be obtained. However, the computation is complex and the obtained period would be large. The well-developed distributed eigenvalue and eigenvector estimation algorithms [30], [31] can be used to obtain small periods. VI. S IMULATION To demonstrate the effectiveness of the proposed strategic topology-switching algorithm, we consider a system with n = 4 agents. The initial position and velocity conditions are ⊤ chosen randomly as x(0) = v(0) = [1, 2, 3, 4] . To verify the effectiveness of Algorithm 1 in revealing zerodynamics attack, we consider the following extremely bad situation, where • all the agents are misbehaving agents, i.e., K = {1, 2, 3, 4},
Table II C ANDIDATE T OPOLOGIES Index σ(t) 1∗ 2∗ 3∗
σ(t)
a12 1 1 1
σ(t)
a13 0 1 1
σ(t)
a14 0 0 0
σ(t)
a23 1 0 0
σ(t)
a24 0 1 1
σ(t)
a34 1 1 0
the connectivity of each candidate topology is significantly low: one for the path graph and two for the ring graph, • only one output of position is available, let M = {1}. Let us set the coupling strength in the system (18) and the control gain in the filter (72) as γ = 2 and η = −8. The candidate topologies are given in Table II. Since both the topology 3∗ and topology 1∗ are path graphs, the eigenvalues of the Laplacian matrices of topologies 1∗ and 2∗ suffice to calculate the common period. The required eigenvalues are computed as •
[λ1 (L1 ) , λ2 (L1 ) , λ3 (L1 ) , λ4 (L1 )] = [0, 0.6, 2, 3.4] , (77) [λ1 (L2 ) , λ2 (L2 ) , λ3 (L2 ) , λ4 (L2 )] = [0, 2, 2, 4] , [λ1 (A1 ) , λ2 (A1 ) , λ3 (A1 ) , λ4 (A1 )] = [−0.5, −1,
(78)
−1.6, −7.9] , (79) [λ1 (A2 ) , λ2 (A2 ) , λ3 (A2 ) , λ4 (A2 )] = [−0.5, −1.3, −3.9, −10.1] . (80)
Using the eigenvalues in (77)–(80) and the state solutions in (5) and (62), following (65) and (69), we select the dwell b time τ = T2 + 0.1 = 15.1. Let the attack-starting time be the initial time, i.e., κ = 0. Hence, under Assumption 1, the attacker can modify the initial conditions arbitrarily. A. Zero-Dynamics Attack Design First, we consider the topology set S = {2∗ , 3∗ } where the representations of 2∗ and 3∗ are given in Table II. Obviously, the set S = {2∗ , 3∗ } does not satisfy the strategy (r2) in Theorem 2. Thus, the attacker can easily design a zerodynamics attack such that Algorithm 1, with only one output of position, fails to detect it. Let the attacker’s goal be to make the system working under Algorithm 1 unstable, without being detected. Following the zero-dynamics attack policy (36) in Definition 4, one of its attack strategies is designed as • λ = 1, t t t t ⊤ • introduce attack signal: g(t) = [−e , −e , 4e , 4e ] , ⊤ • modify the initial conditions: x (0) = v (0) = [2, 3, 5, 6] . The trajectories of the attack-detection signal r1 (t) deigned by Theorem 4 and the state x1 (t) are shown in Figure 4, which illustrates that the attacker’s goal of making the system unstable without being detected is achieved under the topology set S = {2∗ , 3∗ }. B. Reveal Zero-Dynamics Attack We now turn to the topology set S = {1∗ , 2∗ } to reveal the attack. We note that in the extremely bad situation, the existing
11
VII. C ONCLUSION
10 12
12
attack-detection signal r1(t)
10
state x1(t)
8 6 4 2 0 -2 0
5
10
15
20
25
30
Time Figure 4. State x1 (t): multi-agent system under attack is unstable; attackdetection signal r1 (t): the attack is not detected over time.
results [8], [10]–[12] for the multi-agent systems under fixed topology fail to reveal zero-dynamics attack. This is mainly due to the misbehaving-agents set |K| = 4, the connectivity of topology 1∗ (and topology 2∗ ) is 1 (and 2), and the output set |M| = 1. All these violate the conditions on the connectivity of the communication network, the size of the misbehavingagent set, and the size of the output set, which are summarized in Table I. As illustrated by Figure 3, the Xor graph generated by topologies 1∗ and 2∗ has only one component that is a path graph. By Lemma 2, the Laplacian matrix of the Xor graph has distinct eigenvalues. Thus, by Corollary 1, we conclude that using only one output, the strategic topology-switching algorithm–Algorithm 1, is able to reveal the designed zerodynamics attack under the topology set S = {1∗ , 2∗ }. The trajectory of the attack-detection signal is shown in Figure 5, which illustrates that with all the agents being misbehaving, using only one observed output of position, Algorithm 1 succeeds in revealing zero-dynamics attack. 106
Attack-Detection Signal r1(t)
0 Nonzero Detection Signal
-5
-10
13
14
15
16
•
•
In achieving the second-order consensus in the absence of attacks, the control protocol does not need the velocity measurements, while the algorithm has no constraint on the magnitude of coupling strength. In revealing zero-dynamics attack, the algorithm has no constraint on the set of misbehaving agents, while the algorithm allows the system operator or the defender to have no knowledge of the attack-starting time. Through strategy setting on switching topologies, only one observed output of position is sufficient to reveal zerodynamics attack.
The theoretical results obtained in this two-part paper imply several rather interesting results: •
•
for the size of topology set, there exists a fundamental tradeoff between the topology connection cost and the convergence speed to consensus; for the dwell time of switching topologies, there exist a tradeoff between the switching cost and the duration of attacks going undetected, and a tradeoff between the switching cost and the convergence speed to consensus.
Analyzing the tradeoff problems in the lights of game theory and multi-objective optimization constitutes a part of our future research. This paper also provides an insight that the strategic topology switching can be a promising method for the detection of mixed attack strategies, such as zero-dynamics attack working with DoS attack, zero-dynamics attack working with topology attack, topology attack working with delay attack, etc. It would be interesting to consider the extensions of strategic topology switching to reveal such mixed attacks. A PPENDIX A P ROOF OF T HEOREM 1
Zero-dynamics attack is detected at switching time t = 15.1.
-15
-20 12
This two-part paper studies strategic topology switching for the second-order multi-agent system under attack. In Part-I paper [1], for the simplified control protocol that does need velocity measurements, we propose a strategy on switching times that addresses the problem: when the topology should switch such that the changes in system dynamics do not undermine agent’s ability of reaching the second consensus in the absence of attacks. In Part-II paper, we propose a strategy on switching topologies that addresses the problem: what topology to switch to, such that the zero-dynamics attack can be revealed. Based on the two strategies, a decentralized strategic topology-switching algorithm and an attack-detection algorithm are derived in this Part-II paper. Merits of the strategic topology-switching algorithm can be summarized as
17
Time Figure 5. Attack-detection signal r1 (t): using only output of position, the designed zero-dynamics attack is revealed.
Without loss of generality, we let the first attack over time to be κ0 and let σ(t) = 1 for t ∈ [0, t1 ). Let us consider the systems (25) and (33), and define z˘ (t) = z (t) − z˜ (t) with z˘ (0) = z (0) − z˜ (0), y˘j (t) = yˆj (t) − y˜j (t) and x ˘j (t) = χj (t) − x ˜j (t). We assume the attack signal (39) is a zero-dynamics attack over time interval [κ0 , η0 ) ∪ [η0 , t1 ). Noticing that the states of
12
system (25) under the attack signal (39) are continuous with respect to time, from (36), we have [ ][ ] [ ] λ0 12n×2n − A1 B z˘(κ0 ) 02n = , (81) −CM DM g(κ0 ) 0|M| [ ] [ λ (η −κ ) ] [ ] −A1 B 02n e 0 0 0 z˘(κ0 ) = . (82) −CM DM 0|M| 02n It is obtained from (82) that
A1 z˘(κ0 ) = 02n , C z˘(κ0 ) = 0|M| .
(83) (84)
Substituting the matrix A1 defined in (26) into (83) yields y˘ (κ0 ) = 0n , −γL1 x ˘ (κ0 ) = 0n .
(85) (86)
It follows from Lemma 1 that the solution of (86) satisfies x ˘1 (κ0 ) = . . . = x ˘n (κ0 ). Since all the vectors of CM (29) are the canonical basis, x ˘i (κ0 ) = 0, i ∈ M. Thus, we obtain x ˘ (κ0 ) = 0n , which together with (85) show that z˘(κ0 ) = 02n , substituting which into (81) results in Bg0 (κ0 ) = 02n . Then, considering the definitions of matrices in (27) and (28), we conclude that g0 (κ0 ) = 02n , which contradicts with requirement g0 (κ0 ) ̸= 02n in Definition 4. Therefore, there is no zero-dynamics attack over [κ0 , η0 ) ∪ [η0 , t1 ). ACKNOWLEDGMENT The authors are grateful to Professor Sadegh Bolouki for valuable discussions. R EFERENCES [1] Y. Mao, E. Akyol, and Z. Zhang, “Strategic topology switching for security-part i: Consensus & switching times,” https://arxiv.org/abs/1711.11183, 2017. [2] W. Yu, G. Chen, and M. Cao, “Some necessary and sufficient conditions for second-order consensus in multi-agent dynamical systems,” Automatica, vol. 46, no. 6, pp. 1089–1095, 2010. [3] J. Qin, C. Yu, and B. D. Anderson, “On leaderless and leader-following consensus for interacting clusters of second-order multi-agent systems,” Automatica, vol. 74, pp. 214–221, 2016. [4] J. Mei, W. Ren, and J. Chen, “Distributed consensus of second-order multi-agent systems with heterogeneous unknown inertias and control gains under a directed graph,” IEEE Transactions on Automatic Control, vol. 61, no. 8, pp. 2019–2034, 2016. [5] X. Ai, S. Song, and K. You, “Second-order consensus of multi-agent systems under limited interaction ranges,” Automatica, vol. 68, pp. 329– 333, 2016. [6] W. Ren and E. Atkins, “Distributed multi-vehicle coordinated control via local information exchange,” International Journal of Robust and Nonlinear Control, vol. 17, no. 10-11, pp. 1002–1033, 2007. [7] A. A. C´ardenas, S. Amin, and S. Sastry, “Research challenges for the security of control systems.” in HotSec, 2008. [8] F. Pasqualetti, F. D¨orfler, and F. Bullo, “Attack detection and identification in cyber-physical systems,” IEEE Transactions on Automatic Control, vol. 58, no. 11, pp. 2715–2729, 2013. [9] B. Przydatek, D. Song, and A. Perrig, “Sia: Secure information aggregation in sensor networks,” in Proceedings of the 1st international conference on Embedded networked sensor systems. ACM, 2003, pp. 255–265. [10] S. Sundaram and C. N. Hadjicostis, “Distributed function calculation via linear iterative strategies in the presence of malicious agents,” IEEE Transactions on Automatic Control, vol. 56, no. 7, pp. 1495–1508, 2011. [11] F. Pasqualetti, A. Bicchi, and F. Bullo, “Consensus computation in unreliable networks: A system theoretic approach,” IEEE Transactions on Automatic Control, vol. 57, no. 1, pp. 90–104, 2012.
[12] S. Weerakkody, X. Liu, and B. Sinopoli, “Robust structural analysis and design of distributed control systems to prevent zero dynamics attacks,” in Decision and Control (CDC), 2017 IEEE 56th Annual Conference on. IEEE, 2017, pp. 1356–1361. [13] A. Teixeira, I. Shames, H. Sandberg, and K. H. Johansson, “Revealing stealthy attacks in control systems,” in Communication, Control, and Computing (Allerton), 2012 50th Annual Allerton Conference on. IEEE, 2012, pp. 1806–1813. [14] ——, “A secure control framework for resource-limited adversaries,” Automatica, vol. 51, pp. 135–148, 2015. [15] A. Teixeira, D. P´erez, H. Sandberg, and K. H. Johansson, “Attack models and scenarios for networked control systems,” in Proceedings of the 1st international conference on High Confidence Networked Systems. ACM, 2012, pp. 55–64. [16] Z. Feng, G. Hu, and G. Wen, “Distributed consensus tracking for multiagent systems under two types of attacks,” International Journal of Robust and Nonlinear Control, vol. 26, no. 5, pp. 896–918, 2016. [17] J. Kim and L. Tong, “On topology attack of a smart grid: Undetectable attacks and countermeasures,” IEEE Journal on Selected Areas in Communications, vol. 31, no. 7, pp. 1294–1305, 2013. [18] P. J. Menck, J. Heitzig, J. Kurths, and H. J. Schellnhuber, “How dead ends undermine power grid stability,” Nature communications, vol. 5, p. 3969, 2014. [19] P. Kundur, J. Paserba, V. Ajjarapu, G. Andersson, A. Bose, C. Canizares, N. Hatziargyriou, D. Hill, A. Stankovic, C. Taylor et al., “Definition and classification of power system stability ieee/cigre joint task force on stability terms and definitions,” IEEE transactions on Power Systems, vol. 19, no. 3, pp. 1387–1401, 2004. [20] S. H. Moghaddam and M. R. Jovanovic, “Topology design for stochastically-forced consensus networks,” IEEE Transactions on Control of Network Systems, DOI: 10.1109/TCNS.2017.2674962, 2017. ´ [21] P. Schultz, T. Peron, D. Eroglu, T. Stemler, G. M. R. Avila, F. A. Rodrigues, and J. Kurths, “Tweaking synchronization by connectivity modifications,” Physical Review E, vol. 93, no. 6, p. 062211, 2016. [22] Y. Mao and Z. Zhang, “Second-order consensus for multi-agent systems by state-dependent topology switching,” Accepted by 2018 American Control Conference, 2018. [23] J. L. Gross and J. Yellen, Graph theory and its applications. CRC press, 2005. [24] C. Godsil and G. F. Royle, Algebraic graph theory. Springer Science & Business Media, 2013, vol. 207. [25] D. A. Spielman, “Spectral graph theory (lecture 5 rings, paths, and cayley graphs),” Online lecture notes. http://www.cs.yale.edu/homes/spielman/561/, September 16, 2014. [26] A. E. Brouwer and W. H. Haemers, Spectra of graphs. Springer Science & Business Media, 2011. [27] Z. Zuo and L. Tie, “Distributed robust finite-time nonlinear consensus protocols for multi-agent systems,” International Journal of Systems Science, vol. 47, no. 6, pp. 1366–1375, 2016. [28] T. Geerts, “Invariant subspaces and invertibility properties for singular systems: The general case,” Linear algebra and its applications, vol. 183, pp. 61–88, 1993. [29] M. Newman, Networks: an introduction. Oxford university press, 2010. [30] A. Gusrialdi and Z. Qu, “Distributed estimation of all the eigenvalues and eigenvectors of matrices associated with strongly connected digraphs,” IEEE control systems letters, vol. 1, no. 2, pp. 328–333, 2017. [31] A. Y. Kibangou et al., “Distributed estimation of laplacian eigenvalues via constrained consensus optimization problems,” Systems & Control Letters, vol. 80, pp. 56–62, 2015.
