Event-triggered containment control for multi-agent systems under hybrid cyber attacks

This paper studies event-triggered containment control problem of multi-agent systems (MASs) under deception attacks and denial-of-service (DoS) attacks. First, to save limited network resources, an event-triggered mechanism is proposed for MASs under hybrid cyber attacks. Different from the existing event-triggered mechanisms, the negative influences of deception attacks and DoS attacks are considered in the proposed triggering function. The communication frequencies between agents are reduced. Then, based on the proposed event-triggered mechanism, a corresponding control protocol is proposed to ensure that the followers will converge to the convex hull formed by the leaders under deception attacks and DoS attacks. Compared with the previous researches about containment control, in addition to hybrid cyber attacks being considered, the nonlinear functions related to the states of the agents are applied to describe the deception attack signals in the MAS. By orthogonal transformation of deception attack signals, the containment control problem under deception attacks and DoS attacks is reformulated as a stability problem. Then, the sufficient conditions on containment control can be obtained. Finally, a set of simulation example is used to verify the effectiveness of the proposed method.     

DoS攻击下具备隐私保护的多智能体系统均值趋同控制

均值趋同是一种广泛应用于分布式计算和控制的算法, 旨在系统通过相邻节点间信息交互、更新, 最终促使系统中所有节点以它们初始值的均值达成一致. 研究拒绝服务(Denial-of-service, DoS)攻击下的分布式离散时间多智能体系统均值趋同问题. 首先, 给出一种基于状态分解思想的分布式网络节点状态信息处理机制, 可保证系统中所有节点输出值的隐私. 然后, 利用分解后的节点状态值及分析给出的网络通信拓扑条件, 提出一种适用于无向通信拓扑的多智能体系统均值趋同控制方法. 理论分析表明, 该方法能够有效抵御DoS攻击的影响, 且实现系统输出值均值趋同. 最后, 通过仿真实例验证了该方法的有效性.     

拒绝服务攻击下领导-跟随多智能体系统的均方一致性研究

针对带有过程噪声和测量噪声的领导-跟随多智能体系统,研究拒绝服务攻击下多智能体系统的一致性问题.首先,设计基于卡尔曼滤波的状态观测器,对智能体状态进行有效准确的估计;然后,基于预测控制理论提出一种基于状态估计信息的分布式预测控制算法,从而实现领导-跟随多智能体系统的均方一致性控制,并给出拒绝服务攻击环境下实现领导-跟随多智能体系统均方一致性的充分必要条件;最后,通过数值仿真验证所提出方法的正确性和有效性.     

DoS攻击下基于多率采样的多智能体系统安全一致性

本 文 研 究 了 一 类 带 有 多 率 采 样 的 线 性 多 智 能 体 系 统(Multiagent Systems, MASs)在 拒 绝 服 务(Denial-of-Service, DoS)攻击下的安全一致性控制问题, 其中DoS攻击通常阻断智能体之间的信息传输. 本文将多 率采样在网络化控制系统中的结果推广到了多智能体系统, 并考虑了非理想通信网络环境. 首先, 通过引入一个匹 配机制来同步由多率采样引起的智能体不同状态分量的采样数据. 然后, 在DoS攻击下, 针对带有多率采样的线 性MAS提出了一个基于多率采样的安全一致性控制器. 通过使用李雅普诺夫稳定性理论和切换系统方法, 获得了 包含DoS 攻击持续时间以及攻击频率的安全一致性充分条件. 最后, 给出了一个仿真例子来验证所提方法的有效 性, 并给出了多率采样与单率采样机制的性能对比分析.     

DoS攻击下网络化控制系统基于观测器的记忆型事件触发预测控制

本文研究了DoS攻击下网络化控制系统记忆型事件触发预测补偿控制问题. 首先, 由于网络带宽资源有限 和系统状态不完全可观测性, 引入了记忆型事件触发函数, 为观测器提供离散事件触发传输方案. 然后, 分析了网络 传输通道上发生的DoS攻击. 结合上述记忆型事件触发方案, 在控制节点设计一类新颖的预测控制算法, 节省网络 带宽资源并主动补偿DoS攻击. 同时, 建立了基于观测器的记忆型事件触发预测控制的闭环系统, 并且分析稳定性. 通过线性矩阵不等式(LMI)和Lyapunov稳定性理论, 建立了控制器、观测器和记忆型事件触发矩阵的联合设计方案, 并验证了该方案的可行性. 仿真结果表明, 该方案结合记忆型事件触发机制可以有效补偿DoS攻击, 节约网络带宽 资源.     

DoS Attack Detection Based on Deep Factorization Machine in SDN

Software-Defined Network (SDN) decouples the control plane of network devices from the data plane. While alleviating the problems presented in traditional network architectures, it also brings potential security risks, particularly network Denial-of-Service (DoS) attacks. While many research efforts have been devoted to identifying new features for DoS attack detection, detection methods are less accurate in detecting DoS attacks against client hosts due to the high stealth of such attacks. To solve this problem, a new method of DoS attack detection based on Deep Factorization Machine (DeepFM) is proposed in SDN. Firstly, we select the Growth Rate of Max Matched Packets (GRMMP) in SDN as detection feature. Then, the DeepFM algorithm is used to extract features from flow rules and classify them into dense and discrete features to detect DoS attacks. After training, the model can be used to infer whether SDN is under DoS attacks, and a DeepFM-based detection method for DoS attacks against client host is implemented. Simulation results show that our method can effectively detect DoS attacks in SDN. Compared with the K-Nearest Neighbor (K-NN), Artificial Neural Network (ANN) models, Support Vector Machine (SVM) and Random Forest models, our proposed method outperforms in accuracy, precision and F1 values.     

Encryption–decryption-based event-triggered consensus control for nonlinear MASs under DoS attacks

In this article, the consensus tracking problem is discussed for a class of discrete-time nonlinear multi-agent systems (MASs) subject to denial-of-service (DoS) attacks. The individual agents interact with each other via communication network whose topology is assumed to be time-varying and strongly connected. Two techniques are employed to deal with the network-induced complexities. On one hand, an event-triggering scheme is adopted to regulate the data transmission among agents with the purpose of making full utilization of the limited communication resources; and on the other hand, an encryption–decryption mechanism is designed with the aim to provide compensation, thereby mitigating the DoS attack effects. It is the objective of the addressed problem to develop a distributed model-free adaptive control law to enforce the MASs achieve desirable consensus performance. By using a specific projection algorithm in combination with a dynamic linearization method, the desired control protocol is formulated explicitly, whose effectiveness and applicability are demonstrated via an illustrative numerical example.     

Adaptive Memory Event-Triggered Observer-Based Control for Nonlinear Multi-Agent Systems Under DoS Attacks

This paper investigates the event-triggered security consensus problem for nonlinear multi-agent systems (MASs) under denial-of-service (DoS) attacks over an undirected graph. A novel adaptive memory observer-based anti-disturbance control scheme is presented to improve the observer accuracy by adding a buffer for the system output measurements. Meanwhile, this control scheme can also provide more reasonable control signals when DoS attacks occur. To save network resources, an adaptive memory event-triggered mechanism (AMETM) is also proposed and Zeno behavior is excluded. It is worth mentioning that the AMETM’s updates do not require global information. Then, the observer and controller gains are obtained by using the linear matrix inequality (LMI) technique. Finally, simulation examples show the effectiveness of the proposed control scheme.      

DoS攻击下电力网络控制系统脆弱性分析及防御

考虑DoS攻击对电力信息物理系统的影响,提出一种电力网络控制系统脆弱节点的检测方法和防御策略,采用分布式控制架构设计传感器和RTU的传输路径.通过求解最稀疏矩阵优化问题,提出一种识别并保护电力通信网脆弱节点和边的方法,保证系统实现安全稳定运行.进一步提出一种可以抵御DoS攻击的电力网络控制系统拓扑设计方法,研究系统遭受DoS攻击时能恢复稳定的电力网络控制系统拓扑连接方式. IEEE 9节点系统用于仿真验证,充分验证了算法的可行性和可靠性,并针对该9节点电力网络控制系统,给出了具体的网络攻击防御策略.     

Dynamic-estimator-based adaptive secure containment control for constrained nonlinear multi-agent systems under denial-of-service attacks

This article concentrates upon the adaptive secure containment control problem for a class of uncertain nonlinear multi-agent systems with the output constraint requirements under denial-of-service (DoS) attacks. At first, to overcome the difficulty that the tracking performance of the nonlinear multi-agent systems under the DoS attacks is disturbed seriously, a novel adaptive secure containment control approach is presented by applying a DoS attacks detection mechanism and introducing the barrier Lyapunov functions, which enables the system to achieve the security control objective that the output of each agent eventually converges to the convex hull spanned by the dynamic leaders' outputs, while never violating the output constraints. Then, a state estimator is designed, which reconstructs the immeasurable states of the multi-agent systems and approximates the completely unknown nonlinearities arising from the agents. In addition, the dynamic surface control technique is used to solve the “explosion of complexity” problem. It is demonstrated that the proposed anti-attack controller ensures that all the signals of the closed-loop system are semi-globally uniformly ultimately bounded. Finally, a simulation example is provided to illustrate the effectiveness of the theoretical results.     

网络攻击下一类非线性切换多智能体系统的安全自适应控制

针对一类控制方向未知的非线性切换多智能体系统, 本文研究了在不确定网络攻击下的安全控制问题. 网 络攻击破坏传感器真实数据, 导致系统真实信息无法获取且不能直接用于控制设计. 为此, 通过受攻击状态构建一 组新颖辅助变量来消除网络攻击造成的影响. 此外, 所研究的系统包含更一般的不确定性, 即未知控制方向, 未知常 值参数以及不确定攻击. 这些不确定性在设计过程中相互耦合. 利用Nussbaum型函数并设计自适应律补偿耦合后 的不确定性, 极大降低了系统复杂性. 通过系统性地迭代构造出共同Lyapunov函数, 提出了一套安全自适应控制方 法, 保证了受攻击系统在任意切换下达到渐近输出一致性. 最后, 数值仿真验证了该方法的有效性.     

Resilient Time-Varying Formation-Tracking of Multi-UAV Systems Against Composite Attacks: A Two-Layered Framework

This paper studies the countermeasure design problems of distributed resilient time-varying formation-tracking control for multi-UAV systems with single-way communications against composite attacks,including denial-of-services(DoS)attacks,false-data injection attacks,camouflage attacks,and actuation attacks(AAs).Inspired by the concept of digital twin,a new two-layered protocol equipped with a safe and private twin layer(TL) is proposed,which decouples the above problems into the defense scheme ...     

Secure consensus of multi-agent systems under denial-of-service attacks

In this paper, we study the secure consensus problem for multiple-input-multiple-output (MIMO) linear multi-agent systems (MASs) subject to denial-of-service (DoS) attacks, where an attack on an agent will block its associated communication channels until it stops. Firstly, we design an unknown input observer (UIO), based upon which we develop a resilient consensus controller, where the UIO depends only on the relative outputs. By employing a common Lyapunov function (CLF) and using the average dwell-time (ADT) method, we show that secure consensus is achieved if the attack length rate is not greater than a positive threshold. Secondly, we design a resilient consensus controller with different control gains. By using the multiple Lyapunov functions (MLFs) technique, we show that secure consensus is achieved if the attack length rate and the attack frequency are respectively not greater than the corresponding positive thresholds. Finally, we present an example of multiple YF-22 research UAVs to demonstrate the theoretical results.     

Distributed consensus for discrete-time heterogeneous multi-agent systems

This paper studies the consensus problem for a class of discrete-time heterogeneous multi-agent systems. Two kinds of consensus algorithms will be considered. The heterogeneous multi-agent systems considered are converted into equivalent error systems by a model transformation. Then we analyse the consensus problem of the original systems by analysing the stability problem of the error systems. Some sufficient conditions for consensus of heterogeneous multi-agent systems are obtained by applying algebraic graph theory and matrix theory. Simulation examples are presented to show the usefulness of the results.     

拒绝服务攻击下的多输入多输出非线性系统无模型自适应控制

针对多输入多输出(MIMO)非线性离散时间系统,研究系统遭受拒绝服务(DoS)攻击和随机发生数据包丢失下的控制问题.首先采用两个独立的伯努利分布对周期性DoS攻击和随机发生的数据包丢失进行建模.其次结合DoS攻击设计无模型自适应控制(MFAC)算法,进而通过理论分析和数学推导证明所提算法的收敛性.并且通过结合先前时刻数...     

WSN中一种防御广播认证中的DoS攻击策略

当将数字签名应用到广播认证时,网络很容易受到DoS( Denial of Service)攻击,比如攻击者不停地广播虚假数据包从而消耗网络的通信资源和计算资源.针对这种情况,提出一种基于弱认证和信誉等级的协议来防御此类DoS攻击.该协议针对分簇的无线传感器网络模型,利用中国剩余定理和单向函数来完成弱认证,同时还引入信誉...     

DoS攻击下一类二阶多智能体系统的安全分组一致性研究

针对拒绝服务(denial-of-service, DoS)攻击下一类二阶多智能体系统的安全分组一致性协同控制问题,区别于同类工作,在非周期性多信道独立的攻击场景下,基于复杂系统中智能体间的合作与竞争交互,提出一种新的带有状态估计器的安全分组一致性控制协议.在该协议的作用下,首先,给出DoS攻击持续时间的约束条件,通过设计合适的李雅普诺夫函数,结合求解代数黎卡提方程得到不同攻击模式下信道的衰减率;然后,通过引入与各个信道对应的等效衰减率,克服所得衰减率与信道难以匹配的问题,并给出系统的稳定性判据;最后,通过数值实验验证理论分析所得结论的正确性和有效性.     

Pattern recognition for detecting distributed node exhaustion attacks in wireless sensor networks

Malicious attacks when launched by the adversary-class against sensor nodes of a wireless sensor network, can disrupt routine operations of the network. The mission-critical nature of these networks signifies the need to protect sensory resources against all such attacks. Distributed node exhaustion attacks are such attacks that may be launched by the adversarial class from multiple ends of a wireless sensor network against a set of target sensor nodes. The intention of such attacks is the exhaustion of the victim’s limited energy resources. As a result of the attack, the incapacitated data-generating legitimate sensor nodes are replaced with malicious nodes that will involve in further malicious activity against sensory resources. One such activity is the generation of fictitious sensory data to misguide emergency response systems to mobilize unwanted contingency activity. In this paper, a model is proposed for such an attack based on network traffic flow. In addition, a distributed mechanism for detecting such attacks is also defined. Specific network topology-based patterns are defined to model normal network traffic flow, and to facilitate differentiation between legitimate traffic packets and anomalous attack traffic packets. The performance of the proposed attack detection scheme is evaluated through simulation experiments, in terms of the size of the sensor resource set required for participation in the detection process for achieving a desired level of attack detection accuracy. The results signify the need for distributed pattern recognition for detecting distributed node exhaustion attacks in a timely and accurate manner.     

校园网常见网络行为特征分析的研究

本文针对校园网中对网络安全和性能影响较大的几种网络行为：ARP攻击、DoS攻击、蠕虫病毒攻击、P2P、私接网络造成网络拓扑环路、黑客入侵等的特点进行了分析,得出其行为特征,为进一步规范网络行为提供了依据。     

面向网络攻击下弹性均值趋同的智能体群组编队

本文研究通信范围有限的智能体群组编队问题, 探索网络攻击下多智能体系统弹性均值趋同控制策略. 现 有的工作表明, 多智能体系统可通过维持一个所谓r–鲁棒的通信网络, 实现分布式弹性趋同控制器的设计. 然而, 传 统的方法中只有当单个智能体的通信范围足够大时, 才能使网络满足r–鲁棒这一特定条件. 本文利用智能体可移动 的特性放宽了对通信范围的要求, 通过小组化和模块化的设计思想以及相应的编队策略, 让智能体沿预设轨道做周 期性运动, 从而达成具有r–鲁棒的通信网络, 并基于该通信网络提出了一种分布式弹性均值趋同控制方法. 此外, 分 析给出了单模块和多模块情况下多智能体网络达成r–鲁棒的所需条件. 最后在仿真实例中, 实现了网络攻击下系统 状态的均值趋同, 实验结果验证了群组编队和均值趋同控制方法的有效性.