Distributed Consensus Estimation for Networked Multi-Sensor Systems under Hybrid Attacks and Missing Measurements

Cyber-security research on networked multi-sensor systems is crucial due to the vulnerability to various types of cyberattacks. For the development of effective defense measures, attention is required to gain insight into the complex characteristics and behaviors of cyber attacks from the attacker’s perspective. This paper aims to tackle the problem of distributed consensus estimation for networked multi-sensor systems subject to hybrid attacks and missing measurements. To account for both random denial of service (DoS) attacks and false data injection (FDI) attacks, a hybrid attack model on the estimator-to-estimator communication channel is presented. The characteristics of missing measurements are defined by random variables that satisfy the Bernoulli distribution. Then a modified consensus-based distributed estimator, integrated with the characteristics of hybrid attacks and missing measurements, is presented. For reducing the computational complexity of the optimal distributed estimation method, a scalable suboptimal distributed consensus estimator is designed. Sufficient conditions are further provided for guaranteeing the stability of the proposed suboptimal distributed estimator. Finally, a simulation experiment on aircraft tracking is executed to validate the effectiveness and feasibility of the proposed algorithm.


Introduction
With the advancement of communication technologies, networked multi-sensor systems have garnered significant interest in recent decades [1,2].Networked multi-sensor systems contain components connected via a shared network, thus reducing unnecessary wired connections, lowering installation costs, and increasing system scalability [3][4][5].It is because of such benefits that networked multi-sensor systems are extensively applied in smart grids, autonomous driving, robotics, and satellite navigation [6][7][8].However, due to the data transmitted over open and shared communication links, networked multi-sensor systems are vulnerable to malicious cyber attacks, which can pose a huge threat to life and property security [9].As a result, it is of utmost importance to enhance the security of networked multi-sensor systems to ensure their normal operation.This issue has attracted widespread attention in recent years [10][11][12].
There are two main categories into which typical attack models in networked multisensor systems fall: denial of service (DoS) attacks and deception attacks [13].As all individuals know, false data injection (FDI) attacks, which are regarded as a typical deception attack, seek to manipulate the transmitted data by injecting some faked data [14].DoS attacks attempt to prevent legitimate users from accessing the server by sending a great deal of false information, thereby blocking the communication channel [15].Obviously, both types of cyber attacks can have profound negative impacts on networked multi-sensor systems.This problem has also aroused considerable interest among researchers, especially regarding the estimation and control issues under FDI and DoS attacks.For instance, based on prior research in [14], the author proposed a power system state estimation algorithm under imperfect FDI attacks.The FDI attack model in [14] aimed at compromising defenseless sensors to corrupt measurement information, focusing on the stealthiness of the attack strategy.By utilizing the event-triggered mechanism, a modified secure remote estimator under DoS attacks was designed for cyber-physical systems [16], in which DoS attacks occurring on the sensor-estimator communication channel considered noise and interference.It is common to find only a single type of attack considered in estimation for sensor networks.However, in practical systems, to increase the possibility of success of attacks, adversaries often alternately launch different types of attacks with a certain probability [13].Such hybrid attacks not only have a greater negative impact on estimation and control algorithms, but also pose challenges to existing attack detection mechanisms [17].Therefore, this has aroused the interest of researchers to address the estimation and control issues of networked multi-sensor systems under hybrid attacks.
As mentioned before, previous work focused more on centralised multi-sensor systems or single sensor systems, rather than on distributed systems.With the all-round development of computation and communication capabilities in sensor networks, distributed estimation is widely applied in networked multi-sensor systems due to its high robustness, scalability and flexibility [9,18].However, since information sharing and data transmission are constrained by the inherent coupling relationship between different nodes, distributed sensor networks are more vulnerable to various cyber attacks [19,20].As a result, it is a critically important yet complicated topic to investigate the security issues of distributed multi-sensor systems.In most existing research, some results such as [21][22][23] primarily addressed the distributed estimation problem under malicious cyber attacks on communication links connecting sensors, and only considering a single type of attack.To our knowledge, however, few research have addressed the distributed consensus estimation problem under hybrid attacks that occur between estimators, where data transmitted over wireless networks between nodes may be tampered with by attackers.
Note that distributed consensus estimation is formed by integrating multi-agent consensus theory into the standard Kalman filter, so it also faces the challenge of missing measurement issues in traditional state estimation.This challenge has spawned a large amount of related research [24][25][26].For instance, a novel locally optimal distributed consensus estimator was presented in [25] for stochastic systems with missing measurements, where the missing measurement phenomena are represented by a set of random variables with Bernoulli distribution.However, reviewing the literature on distributed estimation from the past few years, it is rare to find that issues regarding cyber attacks and network communication such as missing measurements are taken into account simultaneously.This is mainly because the superimposed effect of missing measurements and cyber attacks will accelerate the degradation of distributed estimation performance, eventually leading to system instability.
Drawing from the aforementioned discussions, this paper focuses on distributed consensus estimation issues for networked multi-sensor systems subject to the dual impact of hybrid attacks and missing measurements.The following three points highlight the difficulties encountered in this paper: (1) how to construct a hybrid attack model targeting the estimator-estimator communication channel to account for the joint impact of FDI and DoS attacks?(2) how can the optimal filter gain matrix be determined under the influence of multi-random variables?(3) how to construct suitable sufficient conditions to ensure the convergence of the estimation error under the dual impact of hybrid attacks and missing measurements?
In light of these difficulties, the following is a summary of the main contributions in this paper: 1.
Governed by multi-random variables with Bernoulli distribution, a unified hybrid attack model considering the joint impact of random FDI and DoS attacks is proposed.Different from cyber attacks on the sensor-to-estimator communication chan-nel in [13,18], the proposed hybrid attack disrupts the data transmission between neighboring estimators in the distributed consensus estimation.

2.
This paper is the first attempt to provide a modified distributed consensus estimation algorithm for networked multi-sensor systems subject to hybrid attacks and missing measurements.A suboptimal distributed estimation algorithm, simplified by an approximation method, is devised to circumvent the computation of the cross-covariance matrix, thereby reducing the computational complexity.

3.
A co-design scheme of consensus gain coefficients, hybrid attack parameters, missing measurement probabilities and model parameters based on Lyapunov stability analysis is proposed.It is theoretically proved that the stability of the proposed distributed consensus estimator can be guaranteed by constructing a sufficient condition.
The following is how the rest of the paper is structured.System models under missing measurements, hybrid attack models, and problem descriptions on the distributed consensus estimation are covered in Section 2. The optimal/suboptimal distributed consensus estimation algorithms are presented in Section 3, respectively.A formal stability analysis procedure is performed in Section 4. A simulation experiment is executed in Section 5, and conclusions are provided in Section 6.
Notation 1.Throughout the paper, the notations are absolutely standard.R m means the mdimensional Euclidean space.A T denotes the transpose of the variable A, and B −1 represents the inverse matrix of an invertible n × n matrix B. In addition, tr(C) is the trace of the matrix C. E{D} expresses the expectation of the random variable D. diag{•} is a diagonal matrix, and the random variable X has a probability density function denoted by P{X}.N(µ, R) denotes the Gaussian stochastic process with µ and R representing the corresponding mean value and covariance matrix, respectively.

System Description
This paper considers a class of linear time-invariant systems as where x k ∈ R N and y i,k ∈ R M are the state vector and measurement vector of the i-th sensor at time instant k, respectively.A and H i denote the system and measurement matrices, respectively.In addition, the random variables w k and v i,k are the system noise and the measurement noise respectively, which are assumed to be mutually independent, and satisfy In practical applications, due to sensor failure, unsuccessful measurement, or network congestion, etc., the measurement values from sensors are not always consecutive and may be randomly lost [27].Therefore, the missing measurement model in this paper is described as follows: where the random variable γ i,k that satisfies the Bernoulli distribution is used to describe the missing measurement phenomenon, which is assumed to be uncorrelated with all noise signals.Furthermore, the probability density function of γ i,k is where λ i represents the probability that the measurement information of the i-th sensor successfully arrives.

Hybrid Attack Model
To characterize the communication topology of the above sensor network in Equations ( 1) and ( 2), consider a fixed undirected graph G = (V x , E x ) with a set of nodes In this sensor network, the neighbor set of node i is defined as N i = {j|(i, j) ∈ E x }, where the total number of neighbors of node i, also called its degree, is expressed as Derived from previous works in [28], a distributed consensus estimation algorithm is introduced for the above sensor network: where xi,k is the estimate of the state x k for node i at time instant k.K i,k is the filter gain matrix to be determined, and ϵ is the consensus gain coefficient.Referring to existing works [29,30], it is noted that ϵ ∈ (0, 1 δ ) with δ = max i d i .When executing the state estimation process under the distributed consensus estimation in (4), it can be found that not only the innovation of node i itself is utilized, but also the estimation information from node j needs to be integrated.This prompts us to investigate the security of the estimation information transmitted between nodes i and j since the information may be subject to various malicious cyber attacks.Therefore, in order to describe the actual cyber attack characteristics more realistically in this paper, the following hybrid attack model is constructed as where xa j,k denotes the state estimation for node j under hybrid attacks.The random variable α ij,k is used to characterize the occurrence of DoS attacks, which satisfies the Bernoulli distribution.In other words, α ij,k = 0 means that the estimation information xj,k is subject to DoS attacks and cannot be successfully transmitted; α ij,k = 1 indicates otherwise.Furthermore, in the case of DoS attacks, this paper introduces the compensation strategy in [31,32] to improve the loss of transmitted data.q ij,k indicates whether the estimation information transmitted between nodes i and j is subject to FDI attacks, taking values of 0 or 1.The random variable b ij,k ∼ N(0, B ij,k ) is used to model FDI attacks, which is also assumed to be uncorrelated with all noise signals.

Problem Statement
In terms of that, this paper considers the issues of missing measurements in (3) and hybrid attacks in (5), so the distributed consensus estimation algorithm in (4) is redesigned as The main goal of this paper, as indicated by the discussion above, is to derive a suitable distributed consensus estimator to estimate the system states under the dual impact of missing measurements and hybrid attacks, and then seek sufficient conditions to ensure the stability of the proposed distributed estimator.

Distributed Consensus Estimator
In this section, a suitable Kalman filter gain matrix and error covariance matrix are derived to obtain the state estimates.
For the convenience of presentation, first define Consider the linear time-invariant system in (1) and (2) under missing measurements in (3) and hybrid attacks in (5).Then, the distributed consensus estimation algorithm designed in (6) has the optimal filter gain as follows: Proof of Theorem 1.According to the above definition, it can be known where Naturally, we can easily obtain the error covariance matrix When i = j, it yields where λi = E{(γ i,k where From the definition of P a ij,k , it follows that Note that the total estimation error for all nodes is expressed as ).Based on this, the optimal filter gain matrix K i,k can be obtained by solving the equation ∂tr(P i,k+1 )/∂K i,k = 0. Thus, applying the matrix calculus operation theory yields From Equation ( 14), we have where . This finishes the proof of Theorem 1.

A Scalable Estimation Algorithm and Stability Analysis
Note that the derived error covariance matrix in (10) for the proposed distributed consensus estimation algorithm is not scalable in the number of nodes, making it unsuitable for large-scale systems such as smart grids and mobile communication networks [33].In order to compensate for this weakness, this paper derives the following suboptimal estimation method: Remark 1.Such an assumption is achieved by eliminating the influence of the cross-covariance matrices in the proposed distributed consensus estimation algorithm.Instead, by setting ϵ = 0 in solving Equations ( 10) and (15) in this paper, a scalable estimator in ( 16) is obtained.Meanwhile, it can be easily known that the designed estimator is suboptimal due to the missing terms.
In the following, a formal stability analysis for the suboptimal distributed consensus estimator constructed as ( 16) is presented.The following assumptions and lemmas are first given as Assumption 1.For some positive numbers, the following inequalities are satisfied

Lemma 1 ([34]
).There are real numbers ν, ν, υ > 0 and 0 < σ ≤ 1 such that the stochastic process V k (ξ k ) satisfies the following inequalities and which means that the stochastic process V k (ξ k ) is exponentially bounded in mean square, and is bounded with probability one.
Then, the following will present the main results of the stability analysis.
Theorem 2. For the linear time-invariant system in (1) and (2), consider missing measurements in (3) and hybrid attacks in (5) and the suboptimal distributed consensus estimation algorithm proposed in (16).Under Assumption 1 and setting the following condition By Assumption 1, it can be easily obtained which proves that the first condition ( 17) of Lemma 1 is satisfied with ν = 1 p and ν = 1 p .Here, To further meet the second requirement for Lemma 1, Equation ( 19) needs to be extended.Combining Equation ( 7), the following expression is obtained: According to the definition, λi ≥ 0 is horizontally established.Therefore, it follows from Equation ( 16) and Assumption 1 that Similarly, according to ( 16) and (22), we obtain Then, it can be further obtained, as from inequality ( 23), Therefore, the first term on the right-hand side of Equation ( 21) can be scaled as In addition, from (16), we have Then we have Further, we proceed to deal with the other terms in (21).Under Assumption 1, we have Choose a condition as where After that, (26) can be scaled as In terms of the elementary inequality x T y + xy T ≤ x T x + y T y, it naturally follows that The remaining noise terms will be processed next, and we have and According to Equations ( 21), ( 24), ( 25) and ( 28)-( 31) can be further scaled as where It can be found that the second condition (18) of Lemma 1 is satisfied when ϵ < q/p i ( f + Finally, it can be concluded that the estimation error is bounded with probability one and exponentially bounded in mean square, which completes the proof of Theorem 2.

Simulation Results
In this section, a simulation example of the aircraft tracking problem moving in twodimensional horizontal plane is presented.The state vector is defined as x k = [ζ k , ζk , η k , ηk ] T , which consists of position (ζ k , η k ) and velocity ( ζk , ηk ).The tracking system considered in this section is as described in (1) and (2), where the relevant parameters are defined as follows: To track the target aircraft, ten distributed sensors with the topology shown in Figure 1 are utilized, where each sensor interacts with only a matched estimator.The target position is generated as the sensor measurement where the measurement noise covariance is set to Further, the initial state is set to x 0 = [10, 1.5, 10, 1.2] T .In addition, the root-mean-square errors (RMSEs) are introduced to more precisely assess the estimation performance.The RMSEs on position and velocity over all sensors are respectively defined as where M = 100 represents 100 Monte Carlo runs over 10 targets.ζt,k , ηt,k , ζt,k , and ηt,k are the estimates of position and velocity at time k from the i-th run, respectively.The performance of the proposed distributed consensus estimation algorithm under hybrid attacks and missing measurements is shown in Figure 2, where the measurement arrival probability λ i is set to 0.9 and the consensus gain is chosen as 0.05.It is assumed that the hybrid attack considered in (5) only occurs between two targets, where the relevant parameters are set to α i = 0.5 and B ij,k = 0.04I.It can be found that the distributed consensus estimator still has good tracking performance in position and velocity under hybrid attacks and missing measurements.In addition, the RMSEs in position for ten estimators are presented in Figure 3.It can be seen that all the curves fluctuate around the horizontal axis 0, which also proves the effectiveness of the proposed algorithm in (16).Further, RMSEs in position with different consensus gains ϵ = 0.05, 0.1, 0.15, 0.2 are plotted in Figure 4.It can be seen that when ϵ = 0.05, 0.1, 0.15, the curves still fluctuate near the horizontal axis 0, but when ϵ = 0.2, the curve rises rapidly.Thus, it can be found that the consensus parameter in this paper has an upper bound.Once this upper bound is exceeded, the estimator lacks stability, which also proves the correctness of Theorem 2. It is worth noting that the consensus parameters need to be chosen very carefully to make a tradeoff between tracking performance and stability.
On the other hand, the performance of the proposed distributed consensus estimation algorithm under hybrid attacks, FDI attacks in [30] and DoS attacks, as well as without attacks in [35] are compared in Figure 5.For examining the impact of different attack scenarios on the proposed distributed estimation algorithm, it is first necessary to exclude the interference of the missing measurement, so the measurement arrival probability λ i is set to 1 in this comparison experiment.As shown in Figure 5, RMSEs under hybrid attacks are significantly higher than those under other attack scenarios, while RMSEs under only DoS attacks are almost the same as those without attacks.This proves that hybrid attacks have a greater impact on the proposed distributed estimator than only one single type of attack.In addition, this paper introduces a compensation strategy for DoS attacks.Thus, only DoS attacks have little impact on the estimation performance of the proposed distributed estimator, which is clearly demonstrated in Figure 6.As shown in Figure 6, RMSEs in position do not change significantly as the DoS attack probability increases, strongly proving the effectiveness of the compensation strategy.Further, RMSEs in position under different FDI attack intensities are plotted in Figure 7.In order to better characterize the FDI attack intensity, the standard deviation ς of the random attack variable b ij,k is introduced.It is clear that the proposed distributed consensus estimator has certain resistance to FDI attacks when ς is small.Finally, it is noted that hybrid attacks will degrade the estimation performance in Figure 5, but the distributed estimator proposed in this paper can still remain stable, which is a major advantage of this algorithm.

Conclusions
In this paper, a modified distributed consensus estimation algorithm has been provided for networked multi-sensor systems subject to hybrid attacks and missing measurements.A random variable satisfying the Bernoulli distribution has been applied to account for the missing measurement phenomenon.From the viewpoint of the attacker, a unified hybrid attack model has been constructed to disrupt the data transmission between neighboring estimators, which takes into account the characteristics and behaviors of both random FDI and DoS attacks.Starting from optimality and scalability, optimal/suboptimal distributed consensus estimators have been proposed, respectively.Furthermore, sufficient conditions for convergence of the proposed distributed suboptimal estimator have been obtained.It has been explicitly established that there are correlations between the convergence and hybrid attack model as well as missing measurement parameters.Future works will focus on extending linear multi-sensor systems to nonlinear systems.

Figure 2 .
Figure 2. States and their estimations for sensors 5 and 7.

Figure 7 .
Figure 7. RMSEs in position under different FDI attack intensities.
the estimation error e i,k is exponentially bounded in mean square and is bounded with probability one.] and the augmented estimation error covariance as P k = diag{P 1,k , P 2,k , • • • , P n,k }, and then define a suitable Lyapunov function as follows k = [e T 1,k , e T 2,k , • • • , e T n,k