Cyber Attack Mitigation for CPSs: Hybrid System Approach to Controller

This research considers robust controller design for CPSs subject to cyber attacks. While previous studies have investigated secure control by assuming specific attack strategies, in this work we propose a robust hybrid control scheme containing multiple sub-controllers, each matched to a different type of cyber attack. A system using this control scheme is able to adapt its behavior to various cyber attacks (including those which have not been specifically addressed in the sub-controller designs) by switching sub-controllers to achieve the best performance. Schematically, performing new data-identification (in this case, identifying the attack) and adjusting the system on the basis of previous estimates concurrently are the main feature of adaptive control techniques. Thus, it is not very difficult to implement a kind of adaptive control law for switching sub-controllers in response to the reconstructed attack history. However, such an switching logic is not relevant enough, especially for safety critical CPSs, to counter the various types of cyber attacks mainly for two reasons: (i) switching operation could be in trouble when the actual cyber attack does not match any of the attack types assumed in individual sub-controller designs; and (ii) since the attack can change the his attack type over time, the chosen sub-controller for the present attack may not be the best for future attacks. To place more weight on the system’s reliability, we propose a switching logic that relies on the individual sub-controller’s marginal performance in the presence of unpredictable cyber attacks. In other words, the most secure sub-controller at each time step is the one whose future performance is the best under expected future cyber attacks. Since future attack behavior is unpredictable, we instead compute the worst-performance of each sub-controller. Once the system compares these worst-performances, the most secure sub-controller is determined to be the sub-controller with the best worst-performance and the system switches to this sub-controller accordingly. Such a switching logic is proved that the hybrid controller performs better than a single sub-controller and also maintains its stability. Here, the estimated worst-performance depends on the system’s current state and past attack history. Hence, unlike previous research, our hybrid control scheme incorporates the past attack information into the design of secure controls. As an illustrative example, Figure 6 represents the hybrid Hinf - H2 controller governed by the proposed switching logic. While each sub-controller performs poorly when it is subject to a different type of cyber attack from the one assumed for its design, the hybrid controller compensates for the attack effect by switching its sub-controller from Hinf to H2 optimal controller.

Figure 6. Cost Increments in the H2, Hinf, and Hybrid Controllers