Integrated Security Control for Nonlinear CPS with Actuator Fault and FDI Attack: An Active Attack-Tolerant Approach

Abstract

This paper investigated the co-design problem of less conservative integrated security control and communication for a nonlinear cyber-physical system (CPS) with an actuator fault and false data injection (FDI) attacks. Firstly, considering the efficient utilisation and allocation of computing and communication resources, an integrated framework was proposed from the perspective of active defence against FDI attacks. Secondly, the actuator fault and FDI attacks were augmented as a vector, and a robust observer was proposed to estimate the system state, actuator fault and FDI attacks. Furthermore, based on the obtained estimation results and the location of the FDI attack in the dual-end network, we designed an integrated security control strategy of active attack tolerance and active fault tolerance and, by constructing Lyapunov–Krasovskii functions and using time-delay system theory and the affine Bessel–Legendre inequality, a less conservative co-design method for integrated security control and network communication resource saving was developed. Finally, a simulation experiment of a quadruple tank was carried out to demonstrate the effectiveness of the proposed method.

1. Introduction

A cyber-physical system (CPS) integrates information processing, real-time data transmission and remote precision control, and is widely used in large-scale critical systems such as smart factories, micro-grids and health management [1]. These systems play a decisive role in social production and daily life. However, the complexity and networking of CPS components mean that it is exposed to certain risks and challenges. Large-scale distributed physical components are not only more prone to fault-inducing factors, but complex and open network environments are also more vulnerable to malicious attacks. The issues of how to optimise, distribute and efficiently utilise multi-agents and network communication resources in a CPS to make it highly reliable are also extremely challenging topics of research [2]. In view of this, the co-design problem of integrated security control and communication resource saving for a CPS with physical faults and under cyber-attacks, giving a system with an excellent performance while saving network resources, is of profound scientific and engineering significance.

Both the CPS and the networked control system (NCS) are complex control systems, and have similarities in terms of their system frameworks, unit functions and application fields. An NCS can therefore be regarded as a sub-type of a CPS. As a product of the deep integration of physical space and cyber space, CPS security research includes the fault tolerance of the physical layer, attack tolerance of the network layer and joint handling [3,4]. There are many methods used to study the security of a CPS from the control point of view, such as fault-tolerant control [5,6], resilient consistency control [7,8,9], fault diagnosis [10] and life prediction [11,12], where fault-tolerant control theory is an important cornerstone for dealing with physical faults in a CPS. In the past decade or so, scholars have carried out extensive research into three aspects of this field: passive fault-tolerant control [13], active fault-tolerant control [14] and active–passive fault-tolerant control [15,16], and the results have been remarkable. FDI attacks are a common class of cyber attacks in CPS, and scholars have mainly studied for FDI attacks involving stability analysis [17,18,19], resilient control [20,21,22], attack detection [23,24,25], e.g., using a data-driven approach in [26], secure state estimation [27,28,29] and so on. However, there are doubtless more prospective applications that deal with FDI attacks from a defensive perspective. These can therefore be classified into passive attack tolerance and active attack tolerance based on methods of defence, and this study also uses this classification.

In the existing literature, research on integrated security control for CPS faults coexisting with attacks has only reported some preliminary results [30,31,32,33,34]. In [30], the co-design problem of active fault tolerance/passive attack tolerance and communication was studied in a CPS under a discrete event-triggered communication scheme. Based on this, in [31], an active–passive attack-tolerant control strategy was proposed for actuator FDI attack active compensation combined with sensor FDI attack passive robustness. This is a previous research study by the current authors. In [32], an intelligent generalised predictive controller was used to detect and identify faults and attacks on the NCS, and design fault and attack tolerance for faults and attacks, respectively. In [33], the co-design problem of a fault detector and estimator was adopted for a class of discrete random CPSs under the framework of an event-triggered transmission scheme. In [34], a new co-design controller mechanism was constructed to ensure the security and reliability of a CPS.

In summary, we can see that although research into CPS security control has achieved many results, there are still numerous problems. Firstly, situations in which both faults and attacks often occur simultaneously are unavoidable in a practical CPS, but research has been scarce on integrated security control for a CPS with faults and attacks, and this has been especially lacking with respect to active countermeasures against cyber-attacks. Moreover, most of the real systems are nonlinear, and nonlinear CPSs are even less studied. This paper therefore first considered the integrated security problem in a nonlinear CPS with an actuator fault and FDI attacks, i.e., the issue of how to design the observer and controller to make the coordination of CPS fault tolerance and attack tolerance possible, which is one of the motivations for carrying out research work.

Secondly, despite the large number of agents integrated into the CPS, the explosive data growth caused by increased perceived demand means that the network communication and central control unit are stretched, and few studies in the existing literature have considered the optimal allocation and efficient use of multi-agent resources; in particular, there is a lack of studies on the co-design between security control performance and communication resource saving for CPSs. Thus, this paper investigated the co-design of integrated security control and communication for nonlinear CPSs based on a discrete event-triggered communication scheme (DETCS) [35] to achieve a balance between control requirements and resource constraints, which is another motivation for conducting this research work.

Inspired by [36], this paper firstly designed an augmented observer to estimate the states, attacks and faults online, and then developed a security controller with active compensation and passive robustness for different FDI attacks. Finally, we achieved the co-design goals involving control and communication. The main contributions of this paper can be summarised as follows:

(1) In order to save computational resources while observing FDI attacks both in the side of the actuator and sensor network, the robust observer was moved to the control unit, and the integrated security control framework was established, which provides the conditions for the co-design of the subsequent control and communication.

(2) With the help of the active fault-tolerant control idea and method, an integrated security control strategy of active attack tolerance and active fault tolerance was proposed, and a closed-loop CPS model that integrates trigger conditions, actuator faults and FDI attacks was established, which lays a foundation for collaboratively solving the problem of integrated security controller feedback gain and the event trigger matrix.

(3) By constructing the Lyapunov–Krasovskii functions using the time-delay system theory, the affine Bessel–Legendre inequality and linear matrix inequality (LMI) techniques, less conservative design methods for a robust observer and a security controller were developed. Finally, this paper achieved a compromise between the CPS control performance and communication constraints in an active manner.

This paper is organised as follows. Section 2 presents a problem formulation. Section 3 and Section 4 develop a robust observer and an integrated security controller, respectively. A simulation experiment of a quadruple tank is presented in Section 5. Section 6 concludes this paper.

2. Problem Formulation

2.1. Framework of Integrated Security Control

In order to actively defend against FDI attacks and actuator faults, and to reasonably optimise the allocation of the computing power of each unit while taking into account the conservation of network communication resources and the efficient operation of the system, the integrated security control framework for a nonlinear CPS was constructed as shown in Figure 1.

As can be seen from Figure 1, the framework mainly includes a nonlinear controlled plant, intelligent sensing units (sensor, sampler, event generator), execution units (zero-order hold, actuator), control units (observer, integrated security controller) and communication networks. It should be emphasised that, in this paper, we assume that there are corresponding FDI attacks on the communication networks at both ends of the controller.

Different from reference [30,31], in this paper, in order to reduce the computational burden of the intelligent sensing unit, the observer in the original intelligent sensing unit was moved to the control unit. The advantage of this layout is that it not only reduces the computational load of the intelligent sensing unit but also makes full use of the stronger computational capability of the control unit, especially the active attack tolerance strategy, which can be used for both dual-ended FDI attacks, so that the attack tolerance capability of the system is further enhanced.

The data transmission process is as follows. Firstly, the sampler samples the sensor measurement value with equal period $h$ and sends the sampled value to the event generator, which will determine whether the current sampled value meets the trigger condition. If it does, the sampled value will be transmitted to the control unit via the sensor side network; otherwise, it will be discarded. Secondly, the observer observe the system state, actuator fault and attacks in real time, and the integrated security controller calculates the corresponding control quantities based on the estimation results and sends the control quantities to the execution unit via the execution side network according to the pre-designed control algorithm. Finally, ZOH holds the control quantity in a non-uniform period and transmits the result of the hold to the actuator, and then the actuator applies this control quantity to the controlled plant.

2.2. System Description

The nonlinear controlled plant with FDI attacks and an actuator fault is as follows:

$$\{\begin{array}{l}\dot{x}(t)={\displaystyle \sum _{i=1}^r{\xi }_i(\theta (t))}\left\{{\mathit{A}}_{i}x(t)+{\mathit{B}}_i\overline{u}(t)+{\mathit{E}}_{fi}f(t)+{\mathit{E}}_{wi}w(t)\right\}\hfill \\ y(i_{k}h)={\displaystyle \sum _{i=1}^r{\xi }_i(\theta (t))}\left\{{\mathit{C}}_{i}x(i_{k}h)+{\mathit{E}}_{vi}v(i_{k}h)\right\} \hfill \end{array}$$

(1)

where ${\xi }_i(\theta (t))=a_i(\theta (t))/{\displaystyle \sum _{i=1}^N{a}_i(\theta (t))}$, ${\xi }_i(\theta (t))$ represents the weight ratio of each fuzzy rule, $a_i(\theta (t))={\displaystyle \prod _{j=1}^N{\mathit{M}}_{ij}}({\theta }_j(t))$, and ${\mathit{M}}_{ij}({\theta }_j(t))$ is the membership function of ${\theta }_j(t)$ with respect to ${\mathit{M}}_{ij}$. It is assumed that $a_i(\theta (t))\ge 0 (i=$$1,2,\cdots ,N)$ and ${\displaystyle \sum _{i=1}^N{a}_i(\theta (t))}>0$; then, ${\xi }_i(\theta (t))\ge 0$ and ${\displaystyle \sum _{i=1}^N{\xi }_i(\theta (t))}=1$, $A_i,B_i,E_{fi},E_{wi},C_i,E_{vi}$ are the known matrices with appropriate dimension. $x(t)\in R^n$ is the system state, $\overline{u}(t)\in R^m$ is the control input (the system has been subjected to an actuator-side FDI attack), $w(t)\in R^{n_w}$ and $v(i_k)\in R^{n_v}$ denote disturbance and measurement noise, respectively, $y(i_{k}h)\in R^p$ is the sampled value of the sensor measurement output, $\left\{i_{k}h,k=0,1,2,\cdots \right\}$ is the corresponding sampling moment, $f(t)\in R^{n_f}$ is a continuously time-varying actuator fault and satisfies the derivative norm bounded constraint, i.e., ${\Vert \dot{f}(t)\Vert }_2\le f_1$, and ${\Vert \cdot \Vert }_2$ is the $L_2$ norm of the vector. The FDI attacks compromise the data integrity of the CPS by tampering with the measurement data injected into the sensor or actuator.

Inspired by reference [35], this paper designed the following trigger conditions to determine whether the current measured sample value needs to be transmitted:

$${[y(i_{k}h)-y(t_{k}h)]}^T\Phi [y(i_{k}h)-y(t_{k}h)]\ge \sigma y^T(i_{k}h)\Phi y(i_{k}h)$$

(2)

where $\sigma \in \left[0,1\right)$ is the event trigger parameter, $\Phi$ is the positive symmetric matrix to be designed and $y(t_{k}h)\in R^p$ is the sampling value of the measurement output that meets the trigger condition at the last moment and has been transmitted to the control unit. It can be seen that each sampling time satisfies $i_{k}h=t_{k}h+lh,l\in \{0,1,\cdots ,j_M^{*}\}, j_M^{*}=\min \left\{j\right| t_{k}h+(j+1)h\ge t_{k+1}h\}$. The data filtering logic of the event trigger mechanism can be interpreted as follows. If trigger condition (2) is met, the current measurement output sample value is transmitted to the control unit; otherwise, it is automatically discarded.

As can be seen from the description of the above event trigger conditions, the measured sampling data filtered by the event generator will be transmitted in a non-uniform period, the transmission interval is $[t_{k}h,t_{k+1}h)$ and the transmission period is $T_k=t_{k+1}h-t_{k}h$.

It can be seen from the foregoing analysis that, for either the constant periodic observer estimation or non-uniform transmission period control, this paper deals with the design problem of a data sampling system [37] that includes a continuous controlled plant and discrete estimation or control. For such a system, the preferred analytical method is time-delay system theory [38]. It is necessary to analyse and define the delay intervals for this system.

We define the time-delay function:

$${\tau }_1(t)=t-t_{k}h, t\in [t_{k}h,t_{k+1}h)$$

(3)

where $0\le {\tau }_1(t)<h_1=h,$ $h_1$ is the upper bound of the delay function. In addition, $\dot{\tau }(t)=1$.

3. Design of Robust Observer

3.1. Establishment of Augmented Error System

When the double-ended network is subject to an FDI attack, the following description can be obtained:

$$\{\begin{array}{l}\overline{u}(t_{k}h)=u(t_{k}h)+E_a{a}_{}^a(t_{k}h)\\ \overline{y}(t_{k}h)=y(t_{k}h)+E_s{a}_{}^s(t_{k}h) \end{array}$$

(4)

where $a_{}^a(t_{k}h)$ and $a_{}^s(t_{k}h)$ denote the attack values of continuous time-varying FDI attacks $a_{}^a(t)$,$a_{}^s(t)$ in the side of the actuator and sensor network, respectively. $u(t_{k}h)$ denotes the actual control amount calculated by the controller, whereas $\overline{u}(t_{k}h)$ denotes the control input value after being attacked by the actuator FDI attack. $y(t_{k}h)$ indicates the sampled value of the measurement output received by the control unit when it is not attacked by the sensor-side network, whereas $\overline{y}(t_{k}h)$ indicates the sampled value of the measurement output actually received by the control unit after it is attacked by the sensor-side network.

In addition, $E_a,E_s$ is the attack weighting matrix of appropriate dimensions, consistent with the continuous time-varying fault, and it is assumed that continuous time-varying FDI attacks satisfy the derivative norm bounded condition: ${\Vert {\dot{a}}_{}^a(t)\Vert }_2<a, {\Vert {\dot{a}}_{}^s(t)\Vert }_2<s$. ${\Vert \cdot \Vert }_2$ is the $L_2$ norm of the vector.

According to the delay function defined in Equation (3), Equation (4) is converted into:

$$\{\begin{array}{l}\overline{u}(t)=u(t)+E_a{a}_{}^a(t-{\tau }_1(t))\\ \overline{y}(t)=y(t-{\tau }_1(t))+E_s{a}_{}^s(t-{\tau }_1(t))+E_{v}v(t-{\tau }_1(t)) \end{array}$$

(5)

Combining Equation (1) with Equation (5), the equation of state can be obtained in the following:

$$\{\begin{array}{l}\dot{x}(t)={\displaystyle \sum _{i=1}^r{\xi }_i(\theta (t))}\left\{A_i\dot{x}(t)+B_{i}u(t)+{\overline{E}}_1\overline{f}(t)+E_{wi}w(t)\right\}\hfill \\ \overline{y}(t)={\displaystyle \sum _{i=1}^r{\xi }_i(\theta (t))}\left\{C_{i}x(t-{\tau }_1(t))+{\overline{E}}_2\overline{f}(t)+E_{vi}v(t-{\tau }_1(t))\right\} \hfill \end{array}$$

(6)

where $\overline{f}(t)={[f^T(t) a_{}^a{}^T(t-{\tau }_1(t)) a_{}^s{}^T(t-{\tau }_1(t))]}^T$ is the augmented fault vector, $t\in [t_{k}h,t_{k+1}h)$,${\overline{E}}_1=\left[\begin{array}{ccc}{E}_{fi}& B_i{E}_a& 0\end{array}\right],$${\overline{E}}_2=$$\left[\begin{array}{ccc}0& 0& {{\rm E}}_s\end{array}\right].$ A robust $H_{\infty }$ observer is designed as follows:

$$\{\begin{array}{l}\dot{\widehat{x}}(t)={\displaystyle \sum _{i=1}^r{\displaystyle \sum _{j=1}^r{\xi }_i(\theta (t))}{\xi }_j(\theta (t))}\{A_i\widehat{x}(t)+B_{i}u(t)+{\overline{E}}_1\widehat{\overline{f}}(t)-L_j[\widehat{\overline{y}}(t)-\overline{y}(t)]\}\\ \widehat{\overline{y}}(t)={\displaystyle \sum _{i=1}^r{\xi }_i(\theta (t))}[C_i\widehat{x}(t)+{\overline{E}}_2\widehat{\overline{f}}(t)] \\ \dot{\widehat{\overline{f}}}(t)={\displaystyle \sum _{j=1}^r{\xi }_j(\theta (t))}\{-F_j[\widehat{\overline{y}}(t)-\overline{y}(t)]\}\end{array}$$

(7)

where $L_j, F_j$ are the state and augmented fault estimation gain matrices to be designed. The designed generalised observer in Equation (7) is essentially a Luenberger observer, and it is characterised by a decoupled estimation of state, fault and attacks. Using it, the state, fault and attacks of the system can be estimated simultaneously.

Define: $e_x(t)=\widehat{x}(t)-x(t),e_{\overline{f}}(t)=\widehat{\overline{f}}(t)-\overline{f}(t),e_{\overline{y}}(t)=\widehat{\overline{y}}(t)-\overline{y}(t).$

Combining Equation (6) with Equation (7), the following augmented error equation can be obtained:

$$\{\begin{array}{l}{\dot{e}}_x(t)={\displaystyle \sum _{i=1}^r{\displaystyle \sum _{j=1}^r{\xi }_i(\theta (t))}{\xi }_j(\theta (t))[A_i{e}_x(t)+{\overline{E}}_1{e}_{\overline{f}}(t)-L_j{C}_i{e}_x(t-{\tau }_1(t))-L_j{\overline{E}}_2{e}_{\overline{f}}(t)}\\ \begin{array}{ccc}& & \end{array}+L_j{E}_{vi}v(t-{\tau }_1(t))-E_{wi}w(t)]\\ {\dot{e}}_{\overline{f}}(t)={\displaystyle \sum _{i=1}^r{\displaystyle \sum _{j=1}^r{\xi }_i(\theta (t))}{\xi }_j(\theta (t))}[-F_j{C}_i{e}_x(t-{\tau }_1(t))-F_j{E}_2{e}_{\overline{f}}(t)\\ \begin{array}{cc}\begin{array}{cc}& \end{array}& +F_j{E}_{vi}v(t-{\tau }_1(t))-\dot{\overline{f}}(t)]\end{array}\end{array}$$

(8)

For the convenience of analysis, further define: $\overline{e}(t)={[e_x{}^T(t) e_{\overline{f}}{}^T(t)]}^T$; then, the following augmented error system can be obtained according to Equation (8):

$$\begin{array}{l}\dot{\overline{e}}(t)={\displaystyle \sum _{i=1}^r{\displaystyle \sum _{j=1}^r{\xi }_i(\theta (t))}{\xi }_j(\theta (t))}[{\overline{A}}_i\overline{e}(t)-{\overline{B}}_i\overline{e}(t-{\tau }_1(t))\\ \begin{array}{cc}& \end{array} -{\overline{E}}_{wi}\overline{w}(t)+{\overline{L}}_j{E}_{vi}v(t-{\tau }_1(t))] \end{array}$$

(9)

where

$${\overline{A}}_i=\left[\begin{array}{cc}{A}_i& {\overline{E}}_1\\ 0& 0\end{array}\right],{\overline{B}}_i={\overline{L}}_j{\overline{C}}_i, {\overline{L}}_j=\left[\begin{array}{c}{L}_j\\ F_j\end{array}\right], {\overline{C}}_i=\left[\begin{array}{cc}{C}_i& {\overline{E}}_2\end{array}\right], {\overline{E}}_{wi}=\left[\begin{array}{cc}{E}_{wi}& 0\\ 0& I\end{array}\right], \overline{w}(t)=\left[\begin{array}{c}w(t)\\ \dot{\overline{f}}(t)\end{array}\right].$$

3.2. Design Method of Robust Observer

Theorem 1: 

Under DETCS, for a nonlinear augmented error system in Equation (9) with actuator faults and FDI attacks, if there exist a symmetric positive definite matrix $P$ and the appropriate dimensions matrices $X,Y_j$, and given positive numbers ${\gamma }_1,{\gamma }_2,s_1,s_2,s_3,h_1$such that the following matrix inequality is satisfied:

$$\left[\begin{array}{ccccc}{\Pi }_{11}& {\Pi }_{12}& {\Pi }_{13}& {\Pi }_{14}& 0\\ *& {\Pi }_{22}& {\Pi }_{23}& {\Pi }_{24}& h_1{s}_1{\overline{C}}_i^T{Y}_j{}^T\\ *& *& {\Pi }_{33}& {\Pi }_{34}& 0\\ *& *& *& {\Pi }_{44}& 0\\ *& *& *& *& -h_1{s}_{1}P\end{array}\right]<0$$

(10)

$$\left[\begin{array}{ccccc}{\Pi }_{11}^{(1)}& {\Pi }_{12}^{(1)}& {\Pi }_{13}^{(1)}& {\Pi }_{14}^{(1)}& X\\ *& {\Pi }_{22}^{(1)}& {\Pi }_{23}^{(1)}& {\Pi }_{24}^{(1)}& X\\ *& *& {\Pi }_{33}^{(1)}& {\Pi }_{34}^{(1)}& X\\ *& *& *& {\Pi }_{44}^{(1)}& X\\ *& *& *& *& -\frac{15s_1}{23h_1}P\end{array}\right]<0$$

(11)

$$\left[\begin{array}{ccccccc}{\Pi }_{11}+I& {\Pi }_{12}& {\Pi }_{13}& {\Pi }_{14}& {\Pi }_{15}& {\Pi }_{16}& 0\\ *& {\Pi }_{22}& {\Pi }_{23}& {\Pi }_{24}& {\Pi }_{25}& {\Pi }_{26}& h_1{s}_1{\overline{C}}_i^T{Y}_j{}^T\\ *& *& {\Pi }_{33}& {\Pi }_{34}& 0& 0& 0\\ *& *& *& {\Pi }_{44}& 0& 0& 0\\ *& *& *& *& -{\gamma }_1^{2}I& {\Pi }_{56}& h_1{s}_1{E}_{vi}^T{Y}_j{}^T\\ *& *& *& *& *& {\Pi }_{66}& 0\\ *& *& *& *& *& *& -h_1{s}_{1}P\end{array}\right]<0$$

(12)

$$\left[\begin{array}{ccccccc}{\Pi }_{11}^{(1)}+I& {\Pi }_{12}^{(1)}& {\Pi }_{13}^{(1)}& {\Pi }_{14}^{(1)}& {\Pi }_{15}^{(1)}& {\Pi }_{16}^{(1)}& X\\ *& {\Pi }_{22}^{(1)}& {\Pi }_{23}^{(1)}& {\Pi }_{24}^{(1)}& 0& 0& X\\ *& *& {\Pi }_{33}^{(1)}& {\Pi }_{34}^{(1)}& 0& 0& X\\ *& *& *& {\Pi }_{44}^{(1)}& 0& 0& X\\ *& *& *& *& -{\gamma }_1^{2}I& 0& 0\\ *& *& *& *& *& -{\gamma }_2^{2}I& 0\\ *& *& *& *& *& *& -\frac{15s_1}{23h_1}P\end{array}\right]<0$$

(13)

then the error system in Equation (9) is asymptotically stable and has performance index $H_{\infty }$ as in Equation (14). The observer gain matrix $L_j$ and fault estimation gain matrix $F_j$ can be obtained from ${\overline{L}}_j=\left[\begin{array}{c}{L}_j\\ F_j\end{array}\right]=P^{-1}{Y}_j$.

$${\Vert \overline{e}(t)\Vert }_2^2\le {\gamma }_1^2{\Vert \overline{w}(t)\Vert }_2^2+{\gamma }_2^2{\displaystyle \sum _{k=0}^{\infty }(t_{k+1}h-t_{k}h){\Vert v(t_{k}h)\Vert }_2^2}$$

(14)

where

$$\begin{array}{l}{\Pi }_{11}=P{\overline{A}}_i+{\overline{A}}_i{}^{T}P-s_{2}P+h_1{s}_2(P{\overline{A}}_i+{\overline{A}}_i{}^{T}P)+h_1{s}_1{\overline{A}}_i{}^{T}P{\overline{A}}_i-3X-3X^T,{\Pi }_{12}=-Y_j{\overline{C}}_i+s_{2}P-h_1{s}_2{Y}_j{\overline{C}}_i\\ -h_1{s}_2{\overline{A}}_i{}^{T}P-h_1{s}_1{\overline{A}}_i{}^T{Y}_j{\overline{C}}_i+X-3X^T,{\Pi }_{13}=2X-3X^T,{\Pi }_{14}=6X-3X^T,{\Pi }_{15}=Y{E}_{vi}+h_1{s}_2{Y}_j{E}_{vi}\\ +h_1{s}_1{\overline{A}}_i{}^T{Y}_j{E}_{vi},{\Pi }_{16}=-P{\overline{E}}_{wi}-h_1{s}_{2}P{\overline{E}}_{wi}-h_1{s}_1{\overline{A}}_i{}^{T}P{\overline{E}}_{wi},{\Pi }_{22}=-s_{2}P+h_1{s}_2(Y_j{\overline{C}}_i+{\overline{C}}_i{}^T{Y}_j{}^T)+h_1{s}_{3}P\\ +X+X^T,{\Pi }_{23}=2X+X^T,{\Pi }_{24}=6X+X^T,{\Pi }_{25}=-h_1{s}_2{Y}_j{E}_{vi},{\Pi }_{26}=h_1{s}_{2}P{\overline{E}}_{wi}+h_1{s}_1{\overline{C}}_i{}^T{Y}_j{}^T{\overline{E}}_{wi}, \\ {\Pi }_{33}=2(X+X^T),{\Pi }_{34}=6X+X^T,{\Pi }_{44}=2(X+X^T),{\Pi }_{56}=-h_1{s}_1{E}_{vi}^T{Y}_j{}^T{\overline{E}}_{wi},{\Pi }_{66}=-{\gamma }_2^{2}I\\ +h_1{s}_1{\overline{E}}_{wi}^{T}P{\overline{E}}_{wi},{\Pi }_{11}^{(1)}=P{\overline{A}}_i+{\overline{A}}_i{}^{T}P-s_{2}P-3X-3X^T,{\Pi }_{12}^{(1)}=-Y_j{\overline{C}}_i+s_{2}P+X-3X^T,{\Pi }_{13}^{(1)}=\\ 2X-3X^T,{\Pi }_{14}^{(1)}=6X-3X^T,{\Pi }_{15}^{(1)}=Y_j{E}_{vi},{\Pi }_{16}^{(1)}=-P{\overline{E}}_{wi},{\Pi }_{22}^{(1)}=-h_1{s}_{3}P-s_{2}P+X+X^T,\\ {\Pi }_{23}^{(1)}=2X+X^T,{\Pi }_{24}^{(1)}=6X+X^T,{\Pi }_{33}^{(1)}=2(X+X^T),{\Pi }_{34}^{(1)}=6X+2X^T, {\Pi }_{44}^{(1)}=6(X+X^T).\end{array}$$

Proof: 

We constructed the following Lyapunov–Krasovskii function:

$$\begin{array}{l}V(t)={\overline{e}}^T(t)P\overline{e}(t)+(h_1-{\tau }_1(t)){\phi }_1{}^T(t)S{\phi }_1(t)+(h_1-{\tau }_1(t)){\tau }_1(t){\overline{e}}^T(t-\\ {\tau }_1(t))Q\overline{e}(t-{\tau }_1(t))+(h_1-{\tau }_1(t)){\displaystyle {\int }_{t-{\tau }_1(t)}^t{\dot{\overline{e}}}^T(s)R\dot{\overline{e}}(t)}ds \end{array}$$

(15)

where ${\phi }_1(t)=\overline{e}(t)-\overline{e}(t-t_1(t))$, $P,Q,R,S$ are positive definite matrices.

Firstly, considering $\overline{w}(t)=0,v(t_{k}h)=0$, we will prove that the error system in Equation (9) is asymptotically stable. Differentiating $V_1(t)$ along the trajectory of the system in Equation (9), we obtain:

$$\begin{array}{l}\dot{V}(t)=2{\overline{e}}^T(t)P\dot{\overline{e}}(t)-{\phi }_1{}^T(t)S{\phi }_1(t)+2(h_1-{\tau }_1(t)){\phi }_1{}^T(t)S\dot{\overline{e}}(t)\\ \begin{array}{cc}& \end{array} +2(h_1-{\tau }_1(t)){\overline{e}}^T(t-{\tau }_1(t))Q\overline{e}(t-{\tau }_1(t))-h_1{\overline{e}}^T(t-{\tau }_1(t))Q\overline{e}(t-{\tau }_1(t))\\ -{\displaystyle {\int }_{t-{\tau }_1(t)}^t{\dot{\overline{e}}}^T(s)R\dot{\overline{e}}(t)}ds+(h_1-{\tau }_1(t)){\dot{\overline{e}}}^T(s)R\dot{\overline{e}}(t)\end{array}$$

(16)

Using the affine Bessel–Legendre inequality in [39] to deal with the integral term $-{\displaystyle {\int }_{t-{\tau }_1(t)}^t{\dot{\overline{e}}}^T(s)R\dot{\overline{e}}(t)}ds$ of ${\dot{V}}_1(t)$, we can obtain

$$-{\displaystyle {\int }_{t-{\tau }_1(t)}^t{\dot{\overline{e}}}^T(s)R\dot{\overline{e}}(t)}ds\le -{\psi }_1{}^T(t)\Theta {\psi }_1(t)$$

(17)

where

$$\begin{array}{l}{\psi }_1(t)={\left[\begin{array}{cccc}{\overline{e}}^T(t)& {\overline{e}}^T(t-{\tau }_1(t))& \frac{1}{{\tau }_1(t)}{\Omega }_0{}^T& \frac{1}{{\tau }_1(t)}{\Omega }_1{}^T\end{array}\right]}^T, \\ {\Omega }_0={\displaystyle {\int }_{t-{\tau }_1}^t\overline{e}(s)}ds,{\Omega }_1={\displaystyle {\int }_{t-{\tau }_1}^t\left(2\frac{s-t+{\tau }_1}{{\tau }_1}-1\right)\overline{e}(s)}ds, \\ \Theta =X{H}_2+H_2^T{X}^T-{\tau }_{1}X{\overline{R}}_1{X}^T, {\overline{R}}_1=\mathrm{diag}\left\{\begin{array}{ccc}{R}^{-1}& \frac{1}{3}{R}^{-1}& \frac{1}{5}{R}^{-1}\end{array}\right\},\\ H_2=\left[\begin{array}{cccc}I& -I& 0& 0\\ I& I& -2I& 0\\ I& -I& 0& -6I\end{array}\right].\end{array}$$

Substituting the inequality in Equation (17) into ${\dot{V}}_1(t)$, we define

$$\begin{array}{l}{M}_{11}=\left[\begin{array}{cccc}I& 0& 0& 0\end{array}\right],M_{12}=\left[\begin{array}{cccc}{\overline{A}}_i& -{\overline{B}}_i& 0& 0\end{array}\right],\\ M_{13}=\left[\begin{array}{cccc}0& I& 0& 0\end{array}\right],M_{14}=\left[\begin{array}{cccc}I& -I& 0& 0\end{array}\right].\end{array}$$

and then $\overline{e}(t)=M_{11}{\psi }_1(t),\dot{\overline{e}}(t)=M_{12}{\psi }_1(t),\overline{e}(t-{\tau }_1(t))=M_{13}{\psi }_1(t),{\phi }_1(t)=M_{14}{\psi }_1(t).$ Then, we can also obtain

$$\dot{V}(t)\le {\psi }_1{}^T(t)[{\Sigma }_{11}+(h_1-{\tau }_1(t)){\Sigma }_{12}+{\tau }_1(t){\Sigma }_{13}]{\psi }_1(t)<0$$

(18)

where

$$\begin{array}{l}{\Sigma }_{11}=2M_{11}{}^{T}P{M}_{12}-M_{14}{}^{T}S{M}_{14}-h_1{M}_{13}{}^{T}Q{M}_{13}-(X{H}_2+H_2{}^T{X}^T), \\ {\Sigma }_{12}=2M_{14}{}^{T}S{M}_{12}+2M_{13}{}^{T}Q{M}_{13}+M_{12}{}^{T}R{M}_{12},{\Sigma }_{13}=X\overline{R}{X}^T.\end{array}$$

If ${\Sigma }_{11}+(h_1-{\tau }_1(t)){\Sigma }_{12}+{\tau }_1(t){\Sigma }_{13}<0$, then $\dot{V}(t)<0$, meaning that the error system in Equation (9) is asymptotically stable. It can be seen from the linear convex combination lemma [40] that the necessary and sufficient condition for ${\Sigma }_{11}+(h_1-{\tau }_1(t)){\Sigma }_{12}+{\tau }_1(t){\Sigma }_{13}<0$ is:

$${\Sigma }_{11}+h_1{\Sigma }_{12}<0, {\Sigma }_{11}+h_1{\Sigma }_{13}<0$$

(19)

When $\overline{w}(t)\ne 0,v(t_{k}h)\ne 0$, considering the following $H_{\infty }$ performance index function under zero initial conditions,

$$J_1=\dot{V}(t)+{\overline{e}}^T(t)\overline{e}(t)-({\gamma }_1^2{\overline{w}}^T(t)\overline{w}(t)+{\gamma }_2^2{v}^T(t_{k}h)v(t_{k}h))<0$$

(20)

We define

$$\begin{array}{l}\overline{e}(t)=M_{21}{\overline{\psi }}_1(t),\dot{\overline{e}}(t)=M_{22}{\overline{\psi }}_1(t),\overline{e}(t-{\tau }_1(t))=M_{23}{\overline{\psi }}_1(t),{\phi }_1(t)=M_{24}{\overline{\psi }}_1(t),{\psi }_1(t)=M_{25}{\overline{\psi }}_1(t),\\ {\left[\begin{array}{cc}{v}^T(t_{k}h)& {\overline{w}}^T(t)\end{array}\right]}^T=M_{26}{\overline{\psi }}_1(t).\end{array}$$

where

$$\begin{array}{l}{\overline{\psi }}_1(t)={[{\overline{e}}^T(t) {\overline{e}}^T(t-{\tau }_1(t)) \frac{1}{{\tau }_1(t)}{\Omega }_0{}^T \frac{1}{{\tau }_1(t)}{\Omega }_1{}^T v^T(t_{k}h) w^T(t)]}^T,\\ M_{21}=\left[\begin{array}{cccccc}I& 0& 0& 0& 0& 0\end{array}\right], M_{22}=\left[\begin{array}{cccccc}{\overline{A}}_i& -{\overline{B}}_i& 0& 0& -{\overline{L}}_j& -{\overline{E}}_{wi}\end{array}\right],\\ M_{23}=\left[\begin{array}{cccccc}0& I& 0& 0& 0& 0\end{array}\right], M_{24}=\left[\begin{array}{cccccc}I& -I& 0& 0& 0& 0\end{array}\right],\\ M_{25}=\left[\begin{array}{cccccc}I& 0& 0& 0& 0& 0\\ 0& I& 0& 0& 0& 0\\ 0& 0& I& 0& 0& 0\\ 0& 0& 0& I& 0& 0\end{array}\right], M_{26}=\left[\begin{array}{cccccc}0& 0& 0& 0& I& 0\\ 0& 0& 0& 0& 0& I\end{array}\right].\end{array}$$

Furthermore, we can obtain

$$J_1\le {\overline{\psi }}_1{}^T(t)[{\Sigma }_{21}+(h_1-{\tau }_1(t)){\Sigma }_{22}+{\tau }_1(t){\Sigma }_{23}]{\overline{\psi }}_1(t)<0$$

(21)

where

$$\begin{array}{l}{\Sigma }_{21}=2M_{21}{}^{T}P{M}_{22}-M_{24}{}^{T}S{M}_{24}-h_1{M}_{23}{}^{T}Q{M}_{23}+M_{21}{}^T{M}_{21}-M_{25}{}^T(X{H}_2+H_2{}^T{X}^T)M_{25}\\ -{\gamma }_1^2{M}_{26}{}^T{M}_{26},{\Sigma }_{22}=2M_{24}{}^{T}S{M}_{22}+2M_{23}{}^{T}Q{M}_{23}, {\Sigma }_{23}=M_{25}{}^{T}X\overline{R}{X}^T{M}_{25}.\end{array}$$

It can be seen from the linear convex combination lemma that $J_1<0$ is equivalent to

$${\Sigma }_{21}+h_1{\Sigma }_{22}<0,{\Sigma }_{21}+h_1{\Sigma }_{23}<0$$

(22)

The inequalities in Equations (18) and (22) are nonlinear. Here, we define $R=s_{1}P,S=s_{2}P, Q=s_{3}P, Y_j=P{\overline{L}}_j$. We can then expand and apply the Schur complement lemma to obtain Equations (10)–(13), i.e., these inequalities can be converted to linear matrix inequalities. Furthermore, we can use the LMI toolbox to find a feasible solution in which the parameters ${\overline{L}}_j,F_j$ to be designed can be obtained by solving ${\overline{L}}_j=P^{-1}{Y}_j$.

We can obtain the following inequality by integrating Equation (21) between 0 and $+\infty$:

$$V(+\infty )-V(0)<-{\displaystyle {\int }_0^{+\infty }{\overline{e}}^T(t)\overline{e}(t)}dt+{\gamma }_1^2{\displaystyle {\int }_0^{+\infty }{\overline{w}}^T(t)\overline{w}(t)}dt+{\gamma }_2^2{\displaystyle \sum _{k=0}^{\infty }(t_{k+1}h-t_{k}h)v^T(t_{k}h)v(t_{k}h)}$$

(23)

Then, the following inequality can be obtained:

$${\displaystyle {\int }_0^{+\infty }{\overline{e}}^T(t)\overline{e}(t)}dt<{\gamma }_1^2{\displaystyle {\int }_0^{+\infty }{\overline{w}}^T(t)\overline{w}(t)}dt+{\gamma }_2^2{\displaystyle \sum _{k=0}^{\infty }(t_{k+1}h-t_{k}h)v^T(t_{k}h)v(t_{k}h)}$$

(24)

i.e., ${\Vert \overline{e}(t)\Vert }_2^2\le {\gamma }_1^2{\Vert \overline{w}(t)\Vert }_2^2+{\gamma }_2^2{\displaystyle \sum _{k=0}^{\infty }(t_{k+1}h-t_{k}h){\Vert v(t_{k}h)\Vert }_2^2}$.

The relevant $H_{\infty }$ performance index is therefore verified. □

Remark 1: 

Compared with Jensen’s inequality and Wirtinger’s inequality, the affine Bessel–Legendre inequality used in this paper has three advantages: (i) it significantly reduces the matrix variables and the computational complexity; (ii) because our method is less conservative, it increases the solution space; and (iii) it can be transformed into Jensen’s inequality and Wirtinger’s inequality by changing the parameter N, meaning that the method used in this paper is more general.

Remark 2: 

In the proof of Theorem 1, the constructed Lyapunov–Krasovskii function is a general expression for a time-varying delay. Even if the sampling period is non-uniform, the above Lyapunov–Krasovskii function is still applicable.

4. Design of Integrated Security Controller

4.1. Establishment of Closed-Loop Nonlinear CPS Model

Based on the system state estimation $\widehat{x}(t_{k}h)$ and augmented fault estimation $\widehat{\overline{f}}(t_{k}h)$ obtained above, where $\widehat{\overline{f}}(t_{k}h)={[{\widehat{f}}^T(t_{k}h) {\widehat{a}}^a{}^T(t_{k}h) {\widehat{a}}^s{}^T(t_{k}h)]}^T$, the integrated security control strategy can be described as:

$$u(t_{k}h)={\displaystyle \sum _{i=1}^r{\displaystyle \sum _{j=1}^r{\xi }_i(\theta (t))}{\xi }_j(\theta (t))[K_j\widehat{x}(t_{k}h)-B_j^{+}{E}_{fi}\widehat{f}(t_{k}h)}-E_a{\widehat{a}}^a(t_{k}h)]$$

(25)

where $K_j$ is the controller gain matrix to be designed, and $B_j^{+}$ meets $(I-B_i{B}_j^{+})E_{fi}=0$. In addition, $\widehat{f}(t_{k}h)=$$[I 0 0]\cdot \widehat{\overline{f}}(t_{k}h), {\widehat{a}}^a(t_{k}h)=[0 I 0]\cdot \widehat{\overline{f}}(t_{k}h),$${\widehat{a}}^s(t_{k}h)=[0 0 I]\cdot \widehat{\overline{f}}(t_{k}h)$ can be regarded as the separation of the FDI attack on the sensor-side network. The first term in Equation (25) indicates that this controller uses the state feedback control strategy based on the state observer, whereas the last two terms indicate active compensation for the actuator fault and FDI attack on the actuator-side network. Combined with the delay function in Equation (3), the integrated security control strategy in Equation (25) can be described as:

$$u(t)={\displaystyle \sum _{i=1}^r{\displaystyle \sum _{j=1}^r{\xi }_i(\theta (t))}{\xi }_j(\theta (t))}[-K_j\widehat{x}(t-{\tau }_1(t))-B_j^{+}{E}_{fi}\widehat{f}(t-{\tau }_1(t))-E_a{\widehat{a}}^a(t-{\tau }_1(t))]$$

(26)

Further combining Equations (1), (7) and (26), the nonlinear CPS closed-loop model can be described as

$$\begin{array}{l}\dot{x}(t)={\displaystyle \sum _{i=1}^r{\displaystyle \sum _{j=1}^r{\xi }_i(\theta (t))}{\xi }_j(\theta (t))}[A_{i}x(t)-B_i{K}_{j}x(t-{\tau }_1(t))-B_i{K}_j{e}_x(t-{\tau }_1(t))\\ \begin{array}{cc}& \end{array} -E_{fi}{e}_f(t-{\tau }_1(t))+{\tau }_1(t)E_{fi}\dot{f}(t)-B_i{E}_a{e}_a(t-{\tau }_1(t))+{\tau }_1(t)B_i{E}_a{\dot{a}}^a(t)+E_{wi}w(t)] \end{array}$$

(27)

4.2. Co-Design of Integrated Security Control and Communication

Theorem 2. 

Under DETCS, for the system in Equation (27) with an actuator fault and FDI attacks, certain positive constants${\gamma }_3,\sigma ,n_1,n_2,n_3,m_1,m_2,m_3,m_4,m_5,m_6,h_1$and$\sigma \in \left[0,1\right)$, if there exist a symmetric positive definite matrix $\overline{P}$ and the appropriate dimensions matrices $\Phi ,{\overline{K}}_j,Q_1,Q_2,Q_3,Q_4,Q_5,Q_6,{\overline{Q}}_1,{\overline{Q}}_2,{\overline{Q}}_3,{\overline{Q}}_4,$ such that the following matrix inequalities hold:

$$\left[\begin{array}{cccccc}{\Pi }_{11}^{(2)}& {\Pi }_{12}^{(2)}& {\Pi }_{13}^{(2)}& {\Pi }_{14}^{(2)}& 0& 0\\ *& {\Pi }_{22}^{(2)}& {\Pi }_{23}^{(2)}& {\Pi }_{24}^{(2)}& {\Pi }_{25}^{(2)}& h_2{n}_2{K}_j^T\\ *& *& {\Pi }_{33}^{(2)}& {\Pi }_{34}^{(2)}& 0& 0\\ *& *& *& {\Pi }_{44}^{(2)}& 0& 0\\ *& *& *& *& {\Pi }_{55}^{(2)}& 0\\ *& *& *& *& *& -h_2{n}_2{P}^{\prime }\end{array}\right]<0$$

(28)

$$\left[\begin{array}{cccccc}{\Pi }_{11}^{(3)}& {\Pi }_{12}^{(3)}& {\Pi }_{13}^{(3)}& {\Pi }_{14}^{(3)}& \overline{X}& 0\\ *& {\Pi }_{22}^{(3)}& {\Pi }_{23}^{(3)}& {\Pi }_{24}^{(3)}& \overline{X}& {\Pi }_{26}^{(3)}\\ *& *& {\Pi }_{33}^{(3)}& {\Pi }_{34}^{(3)}& \overline{X}& 0\\ *& *& *& {\Pi }_{44}^{(3)}& \overline{X}& 0\\ *& *& *& *& -\frac{15n_2}{23h_2}{P}^{\prime }& 0\\ *& *& *& *& *& {\Pi }_{66}^{(3)}\end{array}\right]<0$$

(29)

$$\left[\begin{array}{cccccccccccc}{\Pi }_{11}^{(2)}+I& {\Pi }_{12}^{(2)}& {\Pi }_{13}^{(2)}& {\Pi }_{14}^{(2)}& {\Pi }_{15}^{(2)}& {\Pi }_{16}^{(2)}& {\Pi }_{17}^{(2)}& {\Pi }_{18}^{(2)}& 0& 0& 0& 0\\ *& {\Pi }_{22}^{(2)}& {\Pi }_{23}^{(2)}& {\Pi }_{24}^{(2)}& h_1{n}_1{\overline{K}}_j& {\Pi }_{26}^{(2)}& {\Pi }_{27}^{(2)}& {\Pi }_{28}^{(2)}& 0& 0& \frac{h_1^2}{4}(m_3+m_6){\overline{K}}_j{}^T& h_1{n}_2{K}_j^T\\ *& *& {\Pi }_{33}^{(2)}& {\Pi }_{34}^{(2)}& 0& 0& 0& 0& 0& 0& 0& 0\\ *& *& *& {\Pi }_{44}^{(2)}& 0& 0& 0& 0& 0& 0& 0& 0\\ *& *& *& *& -{\gamma }_3^{2}I& {\Pi }_{56}^{(2)}& {\Pi }_{57}^{(2)}& {\Pi }_{58}^{(2)}& 0& 0& \frac{h_1^2}{4}(m_3+m_6){\overline{K}}_j{}^T& h_1{n}_2{K}_j^T\\ *& *& *& *& *& {\Pi }_{66}^{(2)}& {\Pi }_{67}^{(2)}& {\Pi }_{68}^{(2)}& 0& 0& 0& 0\\ *& *& *& *& *& *& {\Pi }_{77}^{(2)}& {\Pi }_{78}^{(2)}& 0& 0& 0& 0\\ *& *& *& *& *& *& *& {\Pi }_{88}^{(2)}& 0& 0& 0& 0\\ *& *& *& *& *& *& *& *& \sigma \Phi & 0& 0& 0\\ *& *& *& *& *& *& *& *& *& -\Phi & 0& 0\\ *& *& *& *& *& *& *& *& *& *& -\frac{h_1^2}{4}(m_3+m_6)\overline{P}& 0\\ *& *& *& *& *& *& *& *& *& *& *& -h_1{n}_2\overline{P}\end{array}*\right]<0$$

(30)

$$\left[\begin{array}{cccccccccccc}{\Pi }_{11}^{(3)}+I& {\Pi }_{12}^{(3)}& {\Pi }_{13}^{(3)}& {\Pi }_{14}^{(3)}& {\Pi }_{15}^{(3)}& {\Pi }_{16}^{(3)}& {\Pi }_{17}^{(3)}& {\Pi }_{18}^{(3)}& 0& 0& \overline{X}& 0\\ *& {\Pi }_{22}^{(3)}& {\Pi }_{23}^{(3)}& {\Pi }_{24}^{(3)}& 0& {\Pi }_{26}^{(3)}& {\Pi }_{27}^{(3)}& {\Pi }_{28}^{(3)}& 0& 0& \overline{X}& \frac{h_1^2}{4}(m_3+m_6){\overline{K}}_j{}^T\\ *& *& {\Pi }_{33}^{(3)}& {\Pi }_{34}^{(3)}& 0& 0& 0& 0& 0& 0& \overline{X}& 0\\ *& *& *& {\Pi }_{44}^{(3)}& 0& 0& 0& 0& 0& 0& \overline{X}& 0\\ *& *& *& *& -{\gamma }_3^{2}I& {\Pi }_{56}^{(3)}& {\Pi }_{57}^{(3)}& {\Pi }_{58}^{(3)}& 0& 0& 0& \frac{h_1^2}{4}(m_3+m_6){\overline{K}}_j{}^T\\ *& *& *& *& *& {\Pi }_{66}^{(3)}& {\Pi }_{67}^{(3)}& {\Pi }_{68}^{(3)}& 0& 0& 0& 0\\ *& *& *& *& *& *& {\Pi }_{77}^{(3)}& {\Pi }_{78}^{(3)}& 0& 0& 0& 0\\ *& *& *& *& *& *& *& {\Pi }_{88}^{(3)}& 0& 0& 0& 0\\ *& *& *& *& *& *& *& *& \sigma \Phi & 0& 0& 0\\ *& *& *& *& *& *& *& *& 0& -\Phi & 0& 0\\ *& *& *& *& *& *& *& *& 0& 0& -\frac{15n_2}{23h_1}\overline{P}& 0\\ *& *& *& *& *& *& *& *& 0& 0& *& -\frac{h_1^2}{4}(m_3+m_6)\overline{P}\end{array}\right]<0$$

(31)

$$\begin{array}{l}\left[\begin{array}{cc}{Q}_2& E_{fi}^T{\overline{P}}^T\\ *& Q_1\end{array}\right]>0,\left[\begin{array}{cc}{Q}_4& E_{fi}^T\overline{S}\\ *& Q_3\end{array}\right]>0,\left[\begin{array}{cc}{Q}_6& E_{fi}^T\overline{R}\\ *& Q_5\end{array}\right]>0,\\ \left[\begin{array}{cc}{\overline{Q}}_2& E_a^T{B}_i{}^T{\overline{P}}^T\\ *& {\overline{Q}}_1\end{array}\right]>0,\left[\begin{array}{cc}{\overline{Q}}_4& E_a^T{B}_i{}^T\overline{S}\\ *& {\overline{Q}}_3\end{array}\right]>0,\left[\begin{array}{cc}{\overline{Q}}_6& E_a^T{B}_i{}^T\overline{R}\\ *& {\overline{Q}}_5\end{array}\right]>0\end{array}$$

(32)

then system (27) is asymptotically stable and has performance index $H_{\infty }$ as given in Equation (33). The security controller gain $K_j={(\overline{P}{B}_i)}^{+}{\overline{K}}_j$ and event trigger matrix $\Phi$ can also be co-obtained, and the attack and fault compensation matrix $B_j{}^{+}$ satisfies $(I-B_i{B}_j^{+})E_{fi}=0$.

$${\Vert x(t)\Vert }_2^2\le {\gamma }_3^2[{\Vert w(t)\Vert }_2^2 +{\displaystyle \sum _{k=0}^{+\infty }(t_{k+1}h-t_{k}h)({\Vert e_x(t_{k}h)\Vert }_2^2+{\Vert e_f(t_{k}h)\Vert }_2^2+{\Vert e_a(t_{k}h)\Vert }_2^2)}]$$

(33)

where

$$\begin{array}{l}{\Pi }_{11}^{(2)}=\overline{P}{A}_i+A_i{}^T\overline{P}-n_1\overline{P}+\frac{h_1^2}{4}(m_2+m_5)\overline{P}+h_1{n}_2{A}_i{}^T\overline{P}A+\frac{h_1^2}{4}(m_3+m_6)A_i{}^T\overline{P}{A}_i+h_1{n}_1(\overline{P}{A}_i+A_i{}^T\overline{P})\\ -3\overline{X}-3{\overline{X}}^T,{\Pi }_{12}^{(2)}=-{\overline{K}}_j+n_1\overline{P}-\frac{h_1^2}{4}(m_2+m_5)\overline{P}-h_1{n}_2{A}_i{}^T{\overline{K}}_j-\frac{h_1^2}{4}(m_3+m_6)A_i{}^T{\overline{K}}_j{}_j-h_1{n}_1{\overline{K}}_j+\overline{X}\\ -h_1{n}_1{A}_i{}^T\overline{P}-3{\overline{X}}^T,{\Pi }_{13}^{(2)}=2\overline{X}-3{\overline{X}}^T,{\Pi }_{14}^{(2)}=6\overline{X}-3{\overline{X}}^T,{\Pi }_{15}^{(2)}=-{\overline{K}}_j-\frac{h_2^2}{4}(m_3+m_6)A_i{}^T{\overline{K}}_j\\ -h_1{n}_2{A}_i{}^T{\overline{K}}_j-h_1{n}_1{\overline{K}}_j, {\Pi }_{16}^{(2)}=-\overline{P}{E}_{fi}-\frac{h_1^2}{4}(m_3+m_6)A_i{}^T\overline{P}{E}_{fi}-h_1{n}_2{A}_i{}^T\overline{P}{E}_{fi}-h_1{n}_1\overline{P}{E}_{fi},{\Pi }_{17}^{(2)}=\\ -\overline{P}{B}_i{E}_a-\frac{h_1^2}{4}(m_3+m_6)A_i{}^T\overline{P}{B}_i{E}_a-h_1{n}_1\overline{P}{B}_i{E}_a-h_1{n}_2{A}_i{}^T\overline{P}{B}_i{E}_a,{\Pi }_{18}^{(2)}=\overline{P}{E}_{wi}+\frac{h_1^2}{4}(m_3+m_6)A_i{}^T\overline{P}{E}_{wi}\\ +h_1{n}_2{A}_i{}^T\overline{P}{E}_{wi}+h_1{n}_1\overline{P}{E}_{wi}.{\Pi }_{22}^{(2)}=-n_1\overline{P}+h_1{n}_3\overline{P}+\frac{h_2^2}{4}(m_2+m_5)\overline{P}+h_1{n}_1({\overline{K}}_j+{\overline{K}}_j{}^T)+\overline{X}+{\overline{X}}^T,{\Pi }_{23}^{(2)}=\\ 2\overline{X}+{\overline{X}}^T,{\Pi }_{24}^{(2)}=6\overline{X}+{\overline{X}}^T,{\Pi }_{25}^{(2)}=\frac{h_2^2}{4}(m_3+m_6)K_j^T,{\Pi }_{26}^{(2)}=[\frac{h_1^2}{4}(m_3+m_6)+h_1{n}_2]{\overline{K}}_j{}^T{E}_{fi}+h_1{n}_1\overline{P}{E}_{fi},\\ {\Pi }_{27}^{(2)}=[\frac{h_1^2}{4}(m_3+m_6)+h_1{n}_2]{\overline{K}}_j{}^T{B}_i{E}_a+h_1{n}_1\overline{P}{B}_i{E}_a,{\Pi }_{28}^{(2)}=[-\frac{h_1^2}{4}(m_3+m_6)-E_{wi}-h_1{n}_1\overline{P}{E}_{wi},{\Pi }_{33}^{(2)}=\\ 2(\overline{X}+{\overline{X}}^T),{\Pi }_{34}^{(2)}=6\overline{X}+2{\overline{X}}^T,{\Pi }_{44}^{(2)}=6(\overline{X}+{\overline{X}}^T),{\Pi }_{55}^{(2)}=-\frac{h_2^2}{4}(m_3+m_6)\overline{P},\\ {\Pi }_{56}^{(2)}=[\frac{h_1^2}{4}(m_3+m_6)+h_1{n}_2]{\overline{K}}_j{}^T{E}_{fi},{\Pi }_{57}^{(2)}=[\frac{h_1^2}{4}(m_3+m_6)+h_1{n}_2]{\overline{K}}_j{}^T{B}_i{E}_a,\\ {\Pi }_{58}^{(2)}=[-\frac{h_1^2}{4}(m_3+m_6)-h_1{n}_2]{\overline{K}}_j{}^T{E}_{wi},{\Pi }_{66}^{(2)}=[\frac{h_1^2}{4}(m_3+m_6)+h_1{n}_2]E_{fi}^T\overline{P}{E}_{fi}-{\gamma }_3^{2}I,\\ {\Pi }_{67}^{(2)}=[\frac{h_1^2}{4}(m_3+m_6)+h_1{n}_2]E_{fi}^T\overline{P}{B}_i{E}_a,{\Pi }_{68}^{(2)}=[-\frac{h_1^2}{4}(m_3+m_6)-h_1{n}_2]E_{fi}^T\overline{P}{E}_{wi},\\ {\Pi }_{77}^{(2)}=-{\gamma }_3^{2}I+[\frac{h_1^2}{4}(m_3+m_6)+h_1{n}_2]E_a^T{B}_i{}^T\overline{P}{B}_i{E}_a,{\Pi }_{78}^{(2)}=[-\frac{h_1^2}{4}(m_3+m_6)-h_1{n}_2]E_a^T{B}_i{}^T\overline{P}{E}_{wi},\\ {\Pi }_{88}^{(2)}=-{\gamma }_3^{2}I+[\frac{h_1^2}{4}(m_3+m_6)+h_1{n}_2]E_{wi}^T\overline{P}{E}_{wi}.\\ {\Pi }_{11}^{(3)}=\overline{P}{A}_i+A_i{}^T\overline{P}-n_1\overline{P}+\frac{h_1^2}{4}(m_2+m_5)\overline{P}+\frac{h_1^2}{4}(m_3+m_6)A_i{}^T\overline{P}{A}_i-3\overline{X}-3{\overline{X}}^T+(m_1+m_4)\overline{P},\\ {\Pi }_{12}^{(3)}=-{\overline{K}}_j+n_1\overline{P}-\frac{h_1^2}{4}(m_2+m_5)\overline{P}-\frac{h_1^2}{4}(m_3+m_6)A_j{}^T{\overline{K}}_j+\overline{X}-3{\overline{X}}^T,{\Pi }_{13}^{(3)}=2\overline{X}-3{\overline{X}}^T,{\Pi }_{14}^{(3)}=\\ 6\overline{X}-3{\overline{X}}^T,{\Pi }_{15}^{(3)}=-{\overline{K}}_j-\frac{h_1^2}{4}(m_3+m_6)A_i{}^T{\overline{K}}_j,{\Pi }_{16}^{(3)}=-\overline{P}{E}_{fi}-\frac{h_1^2}{4}(m_3+m_6)A_i{}^T\overline{P}{E}_{fi},{\Pi }_{17}^{(3)}=\\ -\overline{P}{B}_i{E}_a-\frac{h_1^2}{4}(m_3+m_6)A_i{}^T\overline{P}{B}_i{E}_a,{\Pi }_{18}^{(3)}=\overline{P}{E}_{wi}+\frac{h_1^2}{4}(m_3+m_6)A_i{}^T\overline{P}{E}_{wi},{\Pi }_{22}^{(3)}=-n_1\overline{P}+\\ \frac{h_2^2}{4}(m_2+m_5)\overline{P}+h_1{n}_3\overline{P}+h_1{n}_1({\overline{K}}_j+{\overline{K}}_j{}^T)+\overline{X}+{\overline{X}}^T,{\Pi }_{23}^{(3)}=2\overline{X}+{\overline{X}}^T,{\Pi }_{24}^{(3)}=6\overline{X}+{\overline{X}}^T,\\ {\Pi }_{26}^{(3)}=\frac{h_2^2}{4}(m_3+m_6)K_j^T,{\Pi }_{27}^{(3)}=\frac{h_1^2}{4}(m_3+m_6){\overline{K}}_j{}^T{B}_i{E}_a,{\Pi }_{28}^{(3)}=-\frac{h_1^2}{4}(m_3+m_6){\overline{K}}_j{}^T{E}_{wi},\\ {\Pi }_{33}^{(3)}=2(\overline{X}+{\overline{X}}^T),{\Pi }_{34}^{(3)}=6\overline{X}+2{\overline{X}}^T,{\Pi }_{44}^{(3)}=6(\overline{X}+{\overline{X}}^T),{\Pi }_{56}^{(3)}=\frac{h_1^2}{4}(m_3+m_6){\overline{K}}_j{}^T{E}_{fi},\\ {\Pi }_{57}^{(3)}=\frac{h_1^2}{4}(m_3+m_6){\overline{K}}_j{}^T{B}_i{E}_a,{\Pi }_{58}^{(3)}=-\frac{h_1^2}{4}(m_3+m_6){\overline{K}}_j{}^T{E}_{wi}, {\Pi }_{66}^{(3)}=\frac{h_1^2}{4}(m_3+m_6)E_{fi}^T\overline{P}{E}_{fi}\\ -{\gamma }_3^{2}I,{\Pi }_{67}^{(3)}=\frac{h_1^2}{4}(m_3+m_6)E_{fi}^T\overline{P}{B}_i{E}_a,{\Pi }_{68}^{(3)}=-\frac{h_1^2}{4}(m_3+m_6)E_{fi}^T\overline{P}{E}_{wi},\\ {\Pi }_{77}^{(3)}=\frac{h_1^2}{4}(m_3+m_6)E_a^T{B}_i{}^T\overline{P}{B}_i{E}_a-{\gamma }_3^{2}I,{\Pi }_{78}^{(3)}=-\frac{h_1^2}{4}(m_3+m_6)E_a^T{B}_i{}^T\overline{P}{E}_{wi},\\ {\Pi }_{88}^{(3)}=\frac{h_1^2}{4}(m_3+m_6)E_{wi}^T\overline{P}{E}_{wi}-{\gamma }_3^{2}I.\end{array}$$

Proof: 

The proof of Theorem 2 is similar to that of Theorem 1 and will not be repeated here. □

5. Simulation and Analysis

In order to verify the feasibility and effectiveness of the proposed method, simulation experiments were carried out using a model of a quadruple tank [41]. The model consists of four interconnected water tanks and two pumps. The schematic diagram of the quadruple-tank model is shown in Figure 2. In this simulation, $x_1,x_2,x_3,x_4$ represent the variations in the water levels in each of the four tanks, respectively, and the observations of the variation are indicated by $y_1,y_2,y_3,y_4$, respectively. The inputs $u(t)$ are the voltage values to the two pumps that provide water to the four tanks. The model parameters are as follows:

$$\begin{gathered} \begin{array}{l}{A}_1=\left[\begin{array}{cccc}-0.016& 0& 0.042& 0\\ 0& -0.011& 0& 0.033\\ 0& 0& -0.042& 0\\ 0& 0& 0& -0.033\end{array}\right],A_2=\left[\begin{array}{cccc}-0.022& 0& 0.061& 0\\ 0& -0.018& 0& 0.049\\ 0& 0& -0.064& 0\\ 0& 0& 0& -0.049\end{array}\right],\\ A_3=\left[\begin{array}{cccc}-0.031& 0& 0.053& 0\\ 0& -0.021& 0& 0.067\\ 0& 0& -0.083& 0\\ 0& 0& 0& -0.061\end{array}\right],A_4=\left[\begin{array}{cccc}-0.039& 0& 0.106& 0\\ 0& -0.0276& 0& 0.0826\\ 0& 0& -0.107& 0\\ 0& 0& 0& -0.0827\end{array}\right],\end{array} \\ \begin{array}{l}{B}_1=\left[\begin{array}{cc}0.083& 0\\ 0& 0.063\\ 0& 0.048\\ 0.031& 0\end{array}\right],B_2=\left[\begin{array}{cc}0.1246& 0\\ 0& 0.093\\ 0& 0.071\\ 0.045& 0\end{array}\right],B_3=\left[\begin{array}{cc}0.165& 0\\ 0& 0.125\\ 0& 0.097\\ 0.063& 0\end{array}\right],B_4=\left[\begin{array}{cc}0.2076& 0\\ 0& 0.1576\\ 0& 0.13\\ 0.0776& 0\end{array}\right],\\ C_1=diag\left\{\begin{array}{cccc}0.5& 0.5& 0.5& 0.5\end{array}\right\},C_2=diag\left\{\begin{array}{cccc}0.48& 0.48& 0.48& 0.48\end{array}\right\},\\ C_3=diag\left\{\begin{array}{cccc}0.46& 0.46& 0.46& 0.46\end{array}\right\},C_4=diag\left\{\begin{array}{cccc}0.52& 0.52& 0.52& 0.52\end{array}\right\},\\ E_{f1}=-{\left[\begin{array}{cccc}0.083& 0& 0& 0.031\end{array}\right]}^T,E_{f2}=-{\left[\begin{array}{cccc}0.1246& 0& 0& 0.0464\end{array}\right]}^T,\\ E_{f3}=-{\left[\begin{array}{cccc}0.167& 0& 0& 0.061\end{array}\right]}^T,E_{f4}=-{\left[\begin{array}{cccc}0.2076& 0& 0& 0.0774\end{array}\right]}^T,\\ E_{v1}={\left[\begin{array}{cccc}0.015& 0& 0.015& 0.015\end{array}\right]}^T,E_{v2}={\left[\begin{array}{cccc}0.0224& 0& 0.0224& 0.0224\end{array}\right]}^T,\\ E_{v3}=[\begin{array}{cc}0.030& 0\end{array}\begin{array}{c}\end{array}{\begin{array}{cc}0.025& 0.027]\end{array}}^T,E_{v4}={\left[\begin{array}{cccc}0.0374& 0& 0.031& 0.0326\end{array}\right]}^T.\end{array} \end{gathered}$$

A continuous time-varying fault was applied as follows:

$$f(t)=\{\begin{array}{l}0, t\le 200\hfill \\ 2+2\sin 0.01\pi (t-200), 200<t\le 800\hfill \end{array}$$

Assume that the actuator-side FDI attack $a^a(t)$ and the sensor-side FDI attack $a^s(t)$ are:

$$\begin{gathered} \begin{array}{l}{a}^a(t)=\{\begin{array}{l}0, t\le 400\hfill \\ 1.5+1.5\sin 0.01\pi (t-100), 400<t\le 800\hfill \end{array},\\ a^s(t)=\{\begin{array}{l}0, t\le 400\hfill \\ 1.5+1.5\sin 0.01\pi (t-100), 400<t\le 800\hfill \end{array}\end{array} \\ \begin{array}{l}{a}^a(t)=\{\begin{array}{l}0, t\le 400\hfill \\ 1.5+1.5\sin 0.01\pi (t-400), 400<t\le 800\hfill \end{array},\\ a^s(t)=\{\begin{array}{l}0, t\le 400\hfill \\ 1.5+1.5\sin 0.01\pi (t-400), 400<t\le 800\hfill \end{array}\end{array} \end{gathered}$$

The simulation assumes that the disturbances $w(t)$ and noise $v(i_k)$ are independent white noise processes or sequences that obey $N(0.1,0.01)$. We set the initial state $x(0)={[4 4 2 2]}^T$, the sampling period $h=0.1 s$, and set $E_s={\left[\begin{array}{cccc}1& 1& 1& 1\end{array}\right]}^T,E_a={\left[\begin{array}{cc}1& 1\end{array}\right]}^T,\sigma =0.005$.

5.1. The Values of the Correlation Matrices

Using Theorem 1, we set ${\gamma }_1=3, {\gamma }_2=5,s_1=3, s_2=2,s_3=0.01$ with the help of the Linear Matrix Inequality solver in the LMI toolbox. Then, the robust $H_{\infty }$ observer gain matrices $L_j$ and $F_j$ were obtained as follows:

$$\begin{array}{l}{L}_1=\left[\begin{array}{cccc}4.4492& 0.3047& -2.6222& -2.1310\\ 2.2558& 1.7964& -1.5927& -2.4586\\ 1.9100& 0.3392& -0.1144& -2.1343\\ 1.9401& 0.2778& -2.6108& 0.3935\end{array}\right],L_2=\left[\begin{array}{cccc}4.6891& 0.2351& -2.6466& -2.2772\\ 2.5864& 1.1881& -1.0018& -2.7719\\ 2.0246& 0.2399& -0.0121& -2.2520\\ 2.0502& 0.1947& -2.6131& 0.3686\end{array}\right],\\ L_3=\left[\begin{array}{cccc}4.7322& 0.6839& -3.1409& -2.2750\\ 2.8477& 1.1955& -1.1952& -2.8478\\ 2.0814& 0.3708& -0.1480& -2.3041\\ 2.0578& 0.4381& -2.9276& 0.4318\end{array}\right],L_4=\left[\begin{array}{cccc}4.0988& 0.6492& -2.7855& -1.9617\\ 2.4919& 1.0127& -0.9779& -2.5257\\ 1.7857& 0.3335& -0.1215& -1.9971\\ 1.7704& 0.3871& -2.5626& 0.4058\end{array}\right],\\ F_1=\left[\begin{array}{cccc}12.0961& -4.5681& -33.1856& 25.6568\\ 20.1348& -1.0458& 1.5564& -22.7288\\ -0.9225& 0.1801& 0.8008& 1.0283\end{array}\right],\\ F_2=\left[\begin{array}{cccc}12.0644& -2.9610& -36.3127& -27.2078\\ 21.2384& -0.8304& 1.8503& -23.9117\\ -1.0383& 0.5068& 0.4899& 1.1282\end{array}\right],\\ F_3=\left[\begin{array}{cccc}11.0602& -0.0847& -39.7896& -28.8128\\ 21.7328& -2.2804& 0.6483& -24.6552\\ -1.1248& 0.5569& 0.5404& 1.1143\end{array}\right],\\ F_4=\left[\begin{array}{cccc}9.5867& -0.0230& -35.4283& -25.8167\\ 18.7670& -2.3510& 0.3978& -21.5079\\ -1.1097& 0.5618& 0.5178& 1.1166\end{array}\right].\end{array}$$

Based on Theorem 2, we set $n_1=0.1,n_2=2,n_3=0.5,m_1=m_2=m_3=m_4$ $=m_5=m_6=0.1,{\gamma }_3=2,$ and the security controller gain matrix $K_j$ and the event trigger matrix $\Phi$ can also be co-obtained as follows:

$$\begin{array}{l}\Phi =diag\left\{\begin{array}{cccc}7.9371& 7.9371& 7.9371& 7.9371\end{array}\right\},\\ K_1=\left[\begin{array}{cccc}6.3327& -1.8456& 1.1539& 24.2643\\ 0.2564& -0.1090& 6.1547& 2.3506\end{array}\right],K_2=\left[\begin{array}{cccc}4.4910& -1.2740& 0.7919& 16.5059\\ 0.1860& -0.0782& 4.1440& 1.6222\end{array}\right],\\ K_3=\left[\begin{array}{cccc}3.0391& -0.9366& 0.5540& 11.8244\\ 0.0966& -0.0555& 3.0249& 1.1272\end{array}\right],K_4=\left[\begin{array}{cccc}2.5078& -0.7810& 0.4301& 9.5323\\ 0.0768& -0.0463& 2.2549& 0.8530\end{array}\right].\end{array}$$

5.2. Estimation of System State, FDI Attacks and Actuator Fault

The system states and their estimation; the errors in the state estimation, the fault and its estimation; the error in the fault estimation, the FDI attacks and their estimation; and the errors in the FDI attacks estimation are shown in Figure 3, Figure 4, Figure 5, Figure 6, Figure 7, Figure 8, Figure 9 and Figure 10, respectively.

From these figures, it can be seen that the system state has some fluctuations when FDI attacks and the actuator fault are first added, and remains stable after 500 s, and the system state estimation error only fluctuates between $\pm 0.03$ in Figure 3 and Figure 4. In Figure 5 and Figure 6, the actuator fault estimates only fluctuate between $\pm 0.1$. In Figure 7, Figure 8, Figure 9 and Figure 10, the estimation error of the actuator FDI attack fluctuates between $\pm 0.5$, and the sensor side FDI attack fluctuates between $\pm 0.1$. This shows that the augmented observer designed using the method in this paper can estimate the system states, FDI attacks and actuator fault in a timely and accurate way, and that the designed controller is able to keep the system stable quickly under the dual threat of the actuator fault and FDI attacks.

5.3. Comparison and Analysis

The output response curve of the system when the active attack and fault-tolerant control strategy of this paper is used is given in Figure 11. In order to show the superiority of the active attack-tolerant strategy, the output response curves of the system when using the method in [31] is given in Figure 12 with the same parameters as selected in this paper. The study in [31] still adopted active fault-tolerant control for faults but adopted an active-passive attack-tolerant strategy for FDI attacks (that is, active compensation for actuator FDI attacks and passive tolerance for sensor FDI attack).

Comparing Figure 11 with Figure 12, it can be seen that, from the dynamic performance point of view, the system output decays to the equilibrium position faster when using the method of this paper for the time $t<200s$. From the steady-state performance point of view, the system output eventually stays within the $\pm 0.5$ error band when using the method in [31], whereas the system output obtained by the method proposed in this paper eventually stays in the $\pm 0.1$ error band. Obviously, the steady-state error of the system output in [31] is relatively larger than that in this paper. Therefore, the integrated security control strategy of active tolerance for FDI attacks on the double-ended network proposed in this paper is more advantageous in improving the system performance, thus giving the CPS a higher level of security control.

Further,

Table 1. Comparison of data transmission in active and active–passive attack tolerance control.

Methods	n	$\overline{\mathit{n}}$	$\overline{\mathit{h}}$
Active attack tolerance in this paper	1125	14.1%	0.711 s
Active–passive attack tolerance in [31]	1249	15.6%	0.641 s

shows the data transmission amounts under DETCS with different attack tolerance strategies.

In Table 1, n denotes the data transmission volume, $\overline{n}$ denotes the data transmission rate and $\overline{h}$ denotes the average data transmission period. In 800 s, 1125 data need to be transmitted under DETCS with active attack tolerance proposed in this paper, the data transmission rate is 14.1% and the average transmission period is 0.711 s. In contrast, the active–passive attack tolerance strategy proposed in [31] requires the transmission of 1249 data, with a data transmission rate of 15.6% and an average transmission period of 0.641 s. This further reveals that the active attack tolerance strategy is not only more effective than the active–passive attack tolerance method for integrated defence against FDI attacks and actuator faults, but also saves more network communication resources, thus enhancing the compromise between integrated security control and saving communication resources.

6. Conclusions

We investigated the problem of the co-design of integrated security control and communication for a nonlinear CPS experiencing an actuator fault and FDI attacks. Firstly, we proposed a framework for a nonlinear CPS with active fault tolerance and active attack tolerance under DETCS. We then established a closed-loop CPS fault/attacks model. Secondly, using time-delay system theory, the affine Bessel–Legendre inequality and the LMI technique, we derived less conservative design methods for the observer and controller, and achieved the co-design goals of integrated security control and network communication. Finally, a simulation experiment of a quadruple tank was conducted to illustrate that the proposed method can estimate the system states, actuator faults and FDI attacks quickly and accurately. The proposed approach can also save network communication resources while ensuring an excellent performance of the CPS.

The next research direction is using data-driven intelligent algorithms to achieve anomaly detection and the effective identification and separation of attacks and faults in the system, and then combining them with mechanism-based methods.