Next Article in Journal
Design and Implementation of an Autonomous Intelligent Fertigation System for Cross-Regional Applications
Next Article in Special Issue
A Fluid Elastomeric Actuator Design for Soft Robots
Previous Article in Journal
Nonlinearity Characterization of Flexible Hinge Piezoelectric Stages Under Dynamic Preload via a Force-Dependent Prandtl–Ishlinskii Model with a Force-Analyzed Finite Element Method
Previous Article in Special Issue
A Systematic Review on Smart Insole Prototypes: Development and Optimization Pathways
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

An Event-Triggered Observer-Based Control Approach for Enhancing Resilience of Cyber–Physical Systems Under Markovian Cyberattacks

1
Research Lab. MACS, University of Gabes, Gabes 6072, Tunisia
2
Laboratoire d’Informatique et Telecommunications, ECAM Louis de Broglie, 35170 Bruz, France
3
IMS Laboratory, Centre National de la Recherche Scientifique–Unité Mixte de Recherche 5218, Bordeaux Institut Polytechnique, University of Bordeaux, 33405 Bordeaux, France
*
Author to whom correspondence should be addressed.
These authors contributed equally to this work.
Actuators 2025, 14(8), 412; https://doi.org/10.3390/act14080412
Submission received: 7 July 2025 / Revised: 10 August 2025 / Accepted: 18 August 2025 / Published: 21 August 2025

Abstract

This paper presents a resilient observer-based and event-triggered control scheme for discrete-time Cyber–Physical Systems (CPS) under Markovian Cyber-Attacks (MCA). The proposed framework integrates a Luenberger observer for cyberattack detection with a state-feedback controller designed to preserve system stability in the presence of Denial-of-Service (DoS) and False Data Injection (FDI) attacks. Attack detection is achieved through residual signal generation combined with Markovian modeling of the attack dynamics. System stability is guaranteed by formulating relaxed Linear Matrix Inequality (LMI) conditions that incorporate relaxation variables, a diagonal Lyapunov function, the S-procedure, and congruence transformations. Moreover, the Event-Triggered Mechanism (ETM) efficiently reduces communication load without degrading control performance. Numerical simulations conducted on a three-tank system benchmark confirm enhanced detection accuracy, faster recovery, and strong robustness against uncertainties.

1. Introduction

1.1. Background

Cyber–Physical Systems (CPS) have become fundamental in modern engineering by enabling seamless integration between computational algorithms and physical processes [1,2]. These systems are increasingly deployed in critical infrastructure sectors such as smart grids, industrial automation, intelligent transportation systems, and water distribution networks. By leveraging advanced communication networks, embedded sensing, and control capabilities, such systems enable real-time monitoring, adaptive decision-making, and overall process optimization [3,4]. However, this tight integration between the cyber and physical domains introduces significant vulnerabilities. The openness of networked architectures and the reliance on distributed control elements expose these systems to a broad spectrum of cyber threats, ranging from simple disturbances to sophisticated coordinated attacks [5,6]. Among these threats, FDI and DoS attacks are particularly harmful. FDI attacks can stealthily alter measurement values, misleading controllers and compromising decision-making logic. Meanwhile, DoS attacks can interrupt communication among sensors, controllers, and actuators, potentially causing control delays or complete system shutdown [7,8,9]. The impact of such attacks is amplified due to the close coupling of the cyber and physical domains in CPS, where corrupted data may trigger unsafe or unstable physical behaviors. To mitigate these risks, substantial efforts have been dedicated to developing anomaly detection techniques, fault diagnosis methods, and secure control strategies. In particular, stochastic modeling approaches, particularly those based on Markov chains, have shown great potential in capturing the probabilistic behavior of cyberattacks and transitions between normal and compromised system modes [10]. These models allow attack dynamics to be integrated into the control loop, providing a more realistic representation of threat scenarios. Recent studies have proposed advanced observer designs grounded in H theory, sliding-mode techniques, or zonotopic methods [11,12], offering strong robustness against uncertainties. However, such techniques often come at the cost of high computational demand and tuning difficulties, particularly in discrete-time implementations. Deep learning-based detection methods have also shown promise in identifying cyberattacks [13], although their dependency on training data and limited real-time guarantees remain concerns. In contrast, the Luenberger observer approach provides a lightweight model-based alternative that is well suited for real-time and embedded CPS operating under event-triggered communication protocols. Despite these advances, many existing approaches treat detection and control as two separate components, focusing either on accurate anomaly detection [11,14] or robust regulation [3,7,12]. This decoupled design may be insufficient in real-time scenarios, where rapid adaptation and joint coordination are essential. Additionally, many control strategies are developed under the assumption of bounded disturbances, neglecting the stochastic and time-varying nature of cyberattacks. Consequently, such methods may fail to ensure both accurate detection and robust performance under adversarial conditions. Addressing these limitations calls for a more integrated and probabilistically informed framework that jointly designs detection and control components to enhance resilience. A few recent studies have begun to explore such unified strategies, combining observer-based detection with resilient control [4,8,12]. However, these contributions still present notable limitations. For example, the method proposed in [12] relies on adaptive control with Markovian attack modeling, but suffers from synthesis difficulties due to the presence of BMIs. The study in [8] addresses trajectory tracking under attack conditions, but does not include probabilistic modeling of cyber threats. Similarly, while [4] proposes a stochastic observer-based control scheme, the detection and control modules remain loosely integrated. In contrast, the present work introduces a computationally efficient and fully integrated framework that unifies attack detection and resilient control using relaxed LMIs. The approach explicitly captures the stochastic nature of cyberattacks and optimizes resource usage through an event-triggered communication strategy. This paper addresses the aforementioned limitations by proposing a resilient observer-based control framework for discrete-time CPS subjected to Markovian-modeled cyberattacks. The proposed framework unifies a Luenberger-type observer for state estimation and attack detection with a state-feedback controller operating under an event-triggered mechanism, which reduces communication requirements while preserving closed-loop stability. The Markov chain model captures the probabilistic behavior of attacks and uncertainties affecting sensors and actuators [12,15]. The design procedure relies on Lyapunov stability theory, transforming BMI constraints into LMI using relaxation variables, diagonal Lyapunov functions, the S-procedure, and congruence transformations to ensure efficient synthesis [16,17]. In this work, the proposed event-triggered strategy belongs to the class of Periodic Event-Triggered Control (PETC), where the triggering condition is evaluated at discrete sampling instants. This distinguishes it from Continuous Event-Triggered Control (CETC), which requires continuous monitoring of system variables, and Self-Triggered Control (STC), where the next triggering instant is predicted in advance based on current state information. While CETC and STC offer potential benefits in terms of resource optimization, PETC is particularly suitable for discrete-time cyber–physical systems due to its simple implementation and natural alignment with digital platforms [18]. The present framework is not directly extendable to CETC or STC, but future investigations may explore these variants to further enhance resilience against cyber threats. The effectiveness of the proposed method is validated through simulations on a benchmark three-tank system, which is a widely used approach in CPS security research. The results confirm the proposed framework’s ability to promptly detect attacks, maintain robust performance, and handle noise and parameter uncertainties [19,20]. The main contributions of this work are summarized as follows:
  • Development of a unified observer-based architecture that couples real-time attack detection with resilient control, overcoming the limitations of decoupled designs [13,14].
  • Explicit integration of Markovian cyberattack models in both detection and control design, providing enhanced robustness and accuracy compared to disturbance-based methods [4,10].
  • Introduction of an event-triggered control strategy that significantly reduces communication and computation without degrading performance, a feature that has rarely been addressed in observer-based resilient control [12].
  • Efficient and tractable synthesis using relaxed LMIs, variable transformations, and diagonal Lyapunov functions, offering a practical alternative to BMI-based approaches [16].
  • Comprehensive validation on a three-tank system benchmark, confirming fast detection, robust stabilization, and strong resilience under uncertainty.
The rest of this paper is organized as follows: the next part of this section presents some useful notation and preliminaries; Section 2 introduces the problem formulation; in Section 3, the synthesis procedure for the observer-based controller design is detailed and a particular solution is proposed to overcome the BMI problem; Section 4 presents the proposed ETM synthesis, which reduces communication and computational load without sacrificing performance; Section 5 provides simulation results to illustrate its validity and superiority for the considered fault-tolerant attack control scheme; Section 6 offers a comparison with the standard case along with a discussion on the enhancement of the main approach of this paper; finally, concluding remarks are provided in Section 7.

1.2. Notation

The following standard notation is used throughout the paper:
  • M T is the transposed matrix of M.
  • M is a symmetric matrix; the notation M > 0 or M < 0 means that M is Symmetric Positive Definite (SPD) or Negative Definite (SND).
  • M represents the the l 2 norm of the vector M.
  • In a matrix, the notation ( ) refers to the blocks induced by symmetry.

2. Problem Formulation

The linear system provided by Equation (1) illustrates a distinctive characteristic of CPS, namely, that the system’s input and output are measured at specific temporal points due to their remote transmission.
x k + 1 = A p x k + B p u k M C A y k = C p x k + T 2 z k s
The control law is expressed as follows:
u k M C A = u k + T 1 z k a u k = K x x ^ k
where x k R n x is the state vector of the system, y k R n y is the measured output, u k M C A R n u is the control vector, and u k R n u is the state-feedback control. In addition, A p , B p , C p are constant matrices of appropriate dimensions, T 1 , T 2 are the coupling matrices of the attacks, z k a R r represents an attack directed at the actuator, and z k s R m represents a sensor attack.
The following observer with a Luenberger structure is to be considered for System (1):
x ^ k = A p x ^ k + B p u k + L x ( y k y ^ k ) y ^ k = C p x ^ k
where x ^ k R n x represents the states estimated by the observer, y ^ k R n y is the output estimation vector, and L x R n x   ×   n y is the gain of the observer.
The estimation error can be expressed by e k = x k x ^ k , with its dynamics defined by the following equation:
e k   +   1 = x k   +   1 x ^ k   +   1 .
Substituting Equations (1) and (3) into Equation (4) yields the following equation:
e k   +   1 = ( A p L x C p ) e k + B p T 1 z k a L x T 2 z k s .
The residual signal r k representing the difference between the output and the estimated output is then described by
r k = C p ( x k x ^ k ) + T 2 z k s r k = C p e k + T 2 z k s
An augmented system is defined by the equation below:
Ω k   +   1 = A p ˜ Ω k + B p ˜ Z p k
with Ω k   +   1 = x ^ k   +   1 e k   +   1 , A p ˜ = A p + B p K x L x C p 0 A p L x C p , B p ˜ = 0 L x T 2 B p T 1 L x T 2 ,
Z p k = z k a z k s .

3. Markovian Attacks Schemes

The following section provides definitions of the various attack schemes considered to compromise the proper operation of the selected CPS.

3.1. DoS

In the CPS context, this type of attack aims to disrupt the transmission of control signals and the retrieval of data from the controller. When the system is subjected to a DoS attack, the following equation should be considered:
z k a = ϕ k u k z k s = ψ k x k
where ϕ k , ψ k are Markovian stochastic processes that take values in { 0 , 1 } [21].
Combining the system in Equation (1) with the DoS attack model targeting the sensor and actuator in Equation (8) yields the following expression:
x k   +   1 = A p x k + B p K x x ^ k ϕ k B p T 1 K x x ^ k , y k = C p x k ψ k T 2 x k .

3.2. FDI

This attack affects the sensor and controller readings, causing them to deviate from the actual signal measurements or control data. When the system is subjected to an FDI attack, the following equation should be considered:
z k a = ϕ k u k + ϕ k w k a z k s = ψ k x k + ψ k w k s
where ϕ k , ψ k are Markovian stochastic processes that take values in { 0 , 1 } , w k a represents tampering data on the actuator, and w k s represents tampering data on the sensor. Substituting Equation (10) into (1) leads to
x k   +   1 = A p x k + B p K x x ^ k ϕ k B p T 1 K x x ^ k + ϕ k B p T 1 w k a , y k = C p x k ψ k T 2 x k + ψ k T 2 w k s .
Remark 1.
The cyberattacks are modeled using Markovian binary processes ϕ k and ψ k , which take values in { 0 , 1 } . Although this abstraction simplifies the analysis, it captures essential properties such as memory and probabilistic transitions between attack and non-attack modes. This modeling approach has been widely adopted in the literature on resilient control for CPS [4,10,15], particularly in scenarios involving packet dropouts, random delays, and jamming. To better capture intelligent threats, future work may consider extended models such as semi-Markov chains, time-varying probabilistic processes, or adversarial learning strategies.

4. Feedback Control Design

This section presents a theorem that is fundamental to establishing the stability of the proposed system.
Theorem 1.
The design of an observer-based controller for System (1) with observer dynamics provided by (3) and a state-feedback controller as in (2) is achievable if there exist scalars S P 1 ,   λ > 0 and a symmetric positive-definite matrix P p = P p T > 0 along with matrices P ˜ p 11 , P ˜ p 12 , P p 22 , Q ˜ p 11 , Q p 22 R n x × n x , L x R n y   ×   n x , and K ¯ x R n u   ×   n x such that the following linear matrix inequality admits a solution:
Q a = P ˜ p 11 + S p 1 I P ˜ p 12 0 0 Q a 15 0 ( ) P p 22 + S p 1 I 0 0 Q a 25 Q a 26 ( ) ( ) S p 1 I 0 Q a 35 Q a 36 ( ) ( ) ( ) S p 1 I Q a 45 Q a 46 ( ) ( ) ( ) ( ) Q a 55 Q a 56 ( ) ( ) ( ) ( ) ( ) Q a 66 < 0
where:
Q a 15 = Q ˜ p 11 A p T + K x T B p T Q a 25 = λ C p T L x T + A p T λ A p T Q p 22 T Q a 26 = A p T Q p 22 T C p T L x T Q a 35 = T 1 T B p T λ T 1 T B p T Q p 22 T Q a 36 = T 1 T B p T Q p 22 T Q a 45 = λ T 2 T L ¯ x T Q a 46 = T 2 T L ¯ x T Q a 55 = P ˜ p 11 Q ˜ p 11 Q ˜ p 11 T Q a 56 = P ˜ p 12 I n + λ Q p 22 T Q a 66 = P p 22 Q p 22 Q p 22 T .
Proof. 
The proof of Theorem 1 consists of three logical steps:
(i)
Lyapunov-based stability condition formulation.
(ii)
Application of the S-procedure and Schur complement.
(iii)
Transformation of BMIs into relaxed LMIs using slack variables and diagonal Lyapunov functions. Each transformation is guided by a mathematical rationale aimed at improving convexity and tractability. This structured approach ensures both mathematical rigor and practical feasibility for the synthesis of observer-based resilient controllers.
First, consider the following Lyapunov function:
V ( Ω k ) = Ω k T P p Ω k
where P > 0 . The variation of V ( Ω k ) along the solutions of (13) is as follows.
Δ V k = V ( Ω k   +   1 ) V ( Ω k ) Δ V k = Ω k   +   1 T P p Ω k   +   1 Ω k T P p Ω k Δ V k = Ω k T ( A ˜ p T P p A ˜ p P p ) Ω k + Ω k T A ˜ p T P p B ˜ p Z p k + Z p k T B ˜ p T P p A ˜ p Ω k + Z p k T B ˜ p T P p B ˜ p Z p k
Thus,
Δ V k = Ω k T Z p k T Q a Ω k Z p k
with
Q a = A ˜ p T P p A ˜ p P p A ˜ p T P p B ˜ p ( ) B ˜ p T P p B ˜ p < 0 .
Application of the S-procedure [22,23,24] to (16) then leads to
Q a = A ˜ p T P p A ˜ p P p + S p 1 I A ˜ p T P p B ˜ p ( ) S p 1 I + B ˜ p T P p B ˜ p < 0 .
Remark 2.
The S-procedure is a common tool for handling quadratic inequalities, and is employed here to guarantee the feasibility of matrix inequalities affected by uncertainties. This allows for the introduction of positive multipliers such as S p 1 into LMIs to relax constraints while maintaining convexity. Unlike the full framework in [22], which requires sector conditions to handle nonlinearities, the addressed problem in this work deals with linear dynamics and bounded stochastic cyberattacks modeled by Markov chains. The disturbances due to attacks are incorporated in the observer, and are viewed as energy-limited signals rather than as sector-bounded nonlinearities. Hence, the sector condition from [22] does not apply here, and the S-procedure simply serves as a relaxation tool to ensure LMI feasibility.
Next, Schur’s complement [24] is applied to the terms A ˜ p T P A ˜ p , A ˜ p T P B ˜ p , and B ˜ p T P B ˜ p :
Q a = P p + S p 1 I 0 A ˜ p T ( ) S p 1 I B ˜ p T ( ) ( ) P p 1 < 0 .
In order to eliminate the variable P p 1 , a slack variable Q p (SPD matrix) is introduced. The proposed methodology involves pre-multiplying the inequality by block-diag(I, I, Q p ) and post-multiplying by block-diag (I, I, Q p T ). Subsequently, it can be demonstrated that applying the inequality Q p P p 1 Q p T P p Q p Q p T leads to the following results:
Q a = P p + S p 1 I 0 A ˜ p T Q p T ( ) S p 1 I B ˜ p T Q p T ( ) ( ) P p Q p Q p T < 0 .
For variables Q p and P p , the following structures are proposed:
P p = P p 11 P p 12 ( ) P p 22 ,
Q p = Q p 11 Q p 12 0 Q p 22 .
Thus, the constraint (19) becomes
Q a = P p 11 + S p 1 I P p 12 0 0 Q a 15 0 ( ) P p 22 + S p 1 I 0 0 Q a 25 Q a 26 ( ) ( ) S p 1 I 0 Q a 35 Q a 36 ( ) ( ) ( ) S p 1 I Q a 45 Q a 46 ( ) ( ) ( ) ( ) Q a 55 Q a 56 ( ) ( ) ( ) ( ) ( ) Q a 66 < 0 ,
where:
Q a 15 = A p T Q p 11 T + K x T B p T Q p 11 T Q a 25 = C p T L x T Q p 11 T + A T Q p 12 T C p T L x T Q p 12 T Q a 26 = A p T Q p 22 T C p T L x T Q p 22 T Q a 35 = T 1 T B p T Q p 12 T Q a 36 = T 1 T B p T Q p 22 T Q a 45 = T 2 T L x T Q p 11 T T 2 T L x T Q p 12 T Q a 46 = T 2 T L x T Q p 22 T Q a 55 = P p 11 Q p 11 Q p 11 T Q a 56 = P p 12 Q p 12 Q a 66 = P p 22 Q p 22 Q p 22 T .
Applying pre- and post-multiplication of Equation (22) by block-diag( Q ˜ p 11 , I, I, I, Q ˜ p 11 , I) and block-diag( Q ˜ p 11 T , I, I, I, Q ˜ p 11 T , I) with Q ˜ p 11 = Q p 11 1 and defining P ˜ p 12 = Q ˜ p 11 T P p 12 , P ˜ p 11 = Q ˜ p 11 P p 11 Q ˜ p 11 T results in
Q a = P ˜ p 11 + S p 1 I P ˜ p 12 0 0 Q a 15 0 ( ) P p 22 + S p 1 I 0 0 Q a 25 Q a 26 ( ) ( ) S p 1 I 0 Q a 35 Q a 36 ( ) ( ) ( ) S p 1 I Q a 45 Q a 46 ( ) ( ) ( ) ( ) Q a 55 Q a 56 ( ) ( ) ( ) ( ) ( ) Q a 66 < 0 ,
where:
Q a 15 = Q ˜ p 11 A p T + Q ˜ p 11 K x T B p T Q a 25 = C p T L x T ( I n Q ˜ p 12 T Q ˜ p 11 T ) + A p T Q p 12 T Q ˜ p 11 T Q a 26 = A p T Q p 22 T C p T L x T Q p 22 T Q a 35 = T 1 T B p T Q p 12 T Q ˜ p 11 T Q a 36 = T 1 T B p T Q p 22 T Q a 45 = T 2 T L x T T 2 T L x T Q p 12 T Q ˜ p 11 Q a 46 = T 2 T L x T Q p 22 T Q a 55 = P ˜ p 11 Q ˜ p 11 Q ˜ p 11 T Q a 56 = P ˜ p 12 Q ˜ p 11 Q p 12 Q a 66 = P p 22 Q p 22 Q p 22 T .
The observer gain L x appears in the constraint as a multiplier of both Q 22 and ( I n Q 11 Q 12 ) , making the design more complex. A suitable approach to simplify the problem is to impose the following expression of Q p 12 :
Q p 12 = Q p 11 λ Q p 11 Q p 22
where λ is a positive scalar introduced to increase the flexibility of the LMI condition.
The resulting structure of the matrix Q p is expressed as follows:
Q p = Q p 11 Q 11 λ Q p 11 Q p 22 0 Q p 22 .
Then, we obtain
Q a = P ˜ p 11 + S p 1 I P ˜ p 12 0 0 Q a 15 0 * P p 22 + S p 1 I 0 0 Q a 25 Q a 26 0 0 S p 1 I 0 Q a 35 Q a 36 0 0 0 S p 1 I Q a 45 Q a 46 * * * * Q a 55 Q a 56 * * * * * Q a 66 < 0 ,
where:
Q a 15 = Q ˜ p 11 A p T + Q ˜ p 11 K x T B p T Q a 25 = λ C p T L x T Q p 22 T + A p T λ A p T Q p 22 T Q a 26 = A p T Q p 22 T C p T L x T Q p 22 T Q a 35 = T 1 T B p T λ T 1 T B p T Q p 22 T Q a 36 = T 1 T B p T Q p 22 T Q a 45 = λ T 2 T L x T Q p 22 T Q a 46 = T 2 T L x T Q p 22 T Q a 55 = P ˜ p 11 Q ˜ p 11 Q ˜ p 11 T Q a 56 = P ˜ 12 I n + λ Q p 22 T Q a 66 = P p 22 Q p 22 Q p 22 T .
Finally, using a simple changes of variables K ¯ x = Q ˜ p 11 K x T and L x = L x Q p 22 , we can obtain the LMI described in (12). This ends the proof of Theorem 1.

5. Event-Triggered Strategy Design

In event-triggered control, the input signal u k is not sent to the controller at each sampling period; instead, updates are transmitted only at specific instants, denoted k . This approach ensures that the control signal remains constant until a predefined triggering criterion is satisfied, at which point it is updated. The update times t k are determined according to a predefined condition that specifies when the input signal should be transmitted. In particular, the signal is updated only if the following condition is not satisfied:
ε k T ε k γ 1 δ k T δ k < 0
where ε k = y k y ^ k , δ k = u k u k , and γ 1 an attenuation rate of e k .
In other words, the transmission occurs when
ε k   +   1 T ε k   +   1 γ 1 δ k   +   1 T δ k   +   1 0 ,
provided that the initial conditions satisfy the inequality in (27).
Within our proposed structure, a control input is transmitted only when the discrepancy between the most recently sent value and the currently computed input is significant relative to the current value. This approach reduces unnecessary transmission bandwidth usage and prevents data congestion, as highlighted by [23]. Considering the attenuation related to the state estimation error, we can express
e k T e k γ 1 δ k T δ k < 0 ,
which is equivalent to
e k 2 < γ 1 δ k 2 .
The updating condition is then defined as
e k 2 γ 1 δ K 2 .
From the definition of ε k , we can write
ε k = y ˜ k y ^ k = e k + Γ p z k a ε k 2 e k 2 ,
where Γ p = γ 1 0 0 γ 2 and γ 2 is the attenuation rate of ε k .
Equation (29) then becomes
ε k 2 e k 2 γ 1 δ k 2 ,
which is equivalent to violating the condition in (27).

6. Simulation Results

In the field of chemical process engineering, interconnected tank systems play a crucial role. These systems are an essential tool for automatic control. They are composed of multiple tanks interconnected by strategically placed pipes and valves [8].
The various parameters and variables of this system are as follows:
x k = h k 1 h k 2 h k 3 , u k = Q k 1 Q k 2 , y k = h k 1 h k 2 h k 3
where Q k 1 , 2 are the flow rates of the two pumps and h k 1 , 2 , 3 are the levels of liquid in each tank. The dynamic input, output, and cyberattack distribution matrices are
A p = 1 0 0.0001 0 1 0.0001 0.0001 0.0001 1 , B p = 0.0649 0 0 0.0649 0 0 , C p = I 3
T 1 = 1 0 0 0 1 0 , T 2 = 1 0 0 0 1 0 0 0 1 .
The initial conditions are x k ( 0 ) = 0.4 0.2 0.3 T , x ^ k ( 0 ) = 0.32 0.16 0.24 T .
For the simulation, the following values of the system parameters are established:
w k a = 0.83 1.5 0.45 , w k s = 0.2 0.65 0.85 .
Resolving (12) using the YALMIPȐ solver in MATLAB provides:
L x = 0.6512 0.0002 0.0051 0.0002 0.6512 0.0055 0.0050 0.0053 0.6234 , K x = 1.5672 0.0013 0.1996 0.0013 1.5671 0.2084
S p 1 = 0.01 , λ = 0.005 .

6.1. Nominal Case Without Cyberattacks

Initially, Figure 1, Figure 2 and Figure 3 present the evolution of the control input u k , residuals signals r k , and estimation errors e k when no attacks are present, thereby verifying the stability of the proposed system.

6.2. Transient Performance Under Cyberattacks

In the following section, attention is directed to the behavior of errors, residuals, and various system states in the presence of cyberattacks. A The DoS attack is implemented within [400 k, 800 k], while the FDI attack occurs in the interval [1200 k, 1400 k].
The simulation results presented in Figure 4, Figure 5 and Figure 6 confirm the effectiveness of the proposed control approach. The combination of state-feedback regulation and a Luenberger observer successfully mitigates the impact of cyberattacks, including both DoS and FDI scenarios, while preserving the overall stability of the cyber–physical system. In addition, Figure 7 highlights the evolution of the control input under attack conditions, providing further insight into the system’s response to adversarial disturbances.

6.3. Response Under Sustained Cyberattacks

6.3.1. Response Under Sustained DoS Attacks

Next, to assess the impact of a sustained cyberattack, a permanent DoS attack is initiated at 1000 k. Figure 8, Figure 9 and Figure 10 respectively illustrate the evolution of the system outputs, residual signals, and control input under these conditions.
Figure 8, Figure 9 and Figure 10 confirm that the estimated outputs consistently converge towards the real system outputs even under permanent DoS attack. Moreover, the residual signals are highly sensitive to both the presence of attacks and potential system faults.

6.3.2. Response Under Sustained FDI Attacks

To further evaluate the system’s resilience against a sustained cyberattack, a permanent FDI attack is introduced beginning at 1000 k. Figure 11, Figure 12 and Figure 13 respectively illustrate the evolution of the system states, estimation error, and control input under this attack condition.
Figure 11, Figure 12 and Figure 13 provide clear evidence that the estimated states remain aligned with the real system states even under permanent FDI attack. This confirms the effectiveness of the proposed approach in mitigating the effect of such attacks, particularly by minimizing the amplitude of state deviations. Furthermore, the estimation error signals generated in such scenarios exhibit a significant degree of sensitivity not only to cyberattacks but also to potential system faults. This demonstrates that the estimation error is sensitive to attacks and that it can serve as a reliable indicator for both detection and diagnosis.

7. Comparative Analysis with Recent Works

This section provides a comparative analysis between the proposed observer-based resilient control scheme and several representative methods addressing security and robustness in CPS under cyberattacks. In order to more clearly position the proposed methodology within the current research landscape, Table 1 has been extended to include recent contributions that explicitly address the resilience of event-triggered CPS under cyberattacks. While most traditional approaches rely on continuous-time control or periodic updates without triggering mechanisms, a few recent studies have proposed resilient control schemes that integrate event-based triggering with detection or robustness objectives. These works include [23,25,26], which introduced various forms of event-triggered controllers in the presence of DoS or sensor attacks. However, many contributions still rely on complex synthesis methods (e.g., BMIs) or do not fully integrate the detection and control mechanisms in a unified and computationally efficient framework.
Compared to the above methods, our proposed control scheme presents several distinct advantages:
  • In terms of attack modeling, earlier works such as [3,7,9] described cyberattacks using static or deterministic assumptions. The current approach instead uses a Markovian modeling framework, which provides a more realistic and flexible description of attack dynamics and transitions. This probabilistic representation aligns with modern CPS vulnerability patterns, as highlighted in [4,12].
  • While most contributions tend to address detection and control separately [11,13,14], our method unifies both within a single framework. By employing a Luenberger observer for attack detection and coupling it with a state-feedback control law, the proposed scheme ensures more rapid and coordinated reaction to anomalies in sensor and actuator channels. This integrated architecture enhances system resilience and minimizes performance degradation during attack periods.
  • The proposed control strategy incorporates an event-triggered mechanism, which has rarely been explored in conjunction with observer-based cyberattack detection. While the existing literature acknowledges the importance of reducing network traffic and computational load [2,15], few designs provide a formal guarantee of stability under reduced communication. The event-triggering rule proposed in this paper ensures asymptotic stability without inducing Zeno behavior, effectively reducing the frequency of control updates while preserving system safety.
  • Unlike earlier contributions, our proposal combines a Luenberger observer for attack detection with a resilient state-feedback controller under a PETC paradigm. Furthermore, it explicitly models FDI and DoS attacks using a Markovian switching process and ensures robust performance through a convex synthesis approach based entirely on relaxed LMIs. Compared to recent event-triggered methods [25,26], the proposed solution offers a better tradeoff between resilience, computational tractability, and implementation efficiency, especially for discrete-time CPS deployments on embedded systems.
  • From a computational perspective, the proposed synthesis procedure relies solely on Linear Matrix Inequalities (LMIs). This contrasts with earlier BMI-based approaches [12,14], which often face difficulties in real-time implementation due to their high complexity. By leveraging diagonal Lyapunov functions, relaxation variables, and congruent transformations [16,27], our controller and observer can be synthesized through convex optimization, enabling tractable deployment on embedded platforms.
  • The effectiveness of the proposed framework is validated through extensive simulations on the standard three-tank benchmark.
Table 1. Comparative summary of resilient control methods for CPS under cyberattacks.
Table 1. Comparative summary of resilient control methods for CPS under cyberattacks.
ReferenceAttack ModelDetection MethodControl SynthesisTriggering StrategySolvability
[14]NoneDistributed observer H controlNoBMI
[3]DoS (static)FilteringRobust controlNoLMI
[7]DeterministicResidual thresholdHeuristicNoNon-systematic
[8]Arbitrary injectionObserver-basedTracking controlNoLMI
[4]MarkovianStochastic observerRobust controlNoLMI
[9]FDI & DoSAnalysis onlyConstraint-basedNoBMI
[23]GeneralNone H robust controlPETCLMI
[25]DoSOutput estimationOutput feedback controlPETCBMI
[26]Sensor attacks (stochastic)Observer-basedEvent-triggered controlCETCLMI
Proposed MethodMarkovian (FDI & DoS)Luenberger observerState feedback via relaxed LMIsPETCLMI
Note 1: The comparison in Table 1 is based on synthesis characteristics and attack models as reported in the referenced works. No numerical re-implementation was performed unless explicitly stated.
To validate the effectiveness of the proposed resilient control approach, numerical simulations representing cyberattack scenarios were conducted and evaluated, with the results provided in Table 2. The evaluation metrics included settling time, overshoot, tracking error (measured as mean squared error, MSE), and computation time per control update. These metrics comprehensively capture both transient and steady-state performance as well as the computational efficiency of the control strategies.
Note 2: All numerical simulations were conducted using MATLAB R2023a on an Intel Core i7 (2.6 GHz, 16 GB RAM) platform, with controller synthesis relying on YALMIP and the SDPT3 solver. The computation times reported in Table 2 are averaged over ten independent runs, and standard deviations were also calculated. Although the system was evaluated under permanent and intermittent attacks, packet loss or time-varying attack intensity were not explicitly modeled in the current study. Such network-induced uncertainties will be investigated in future work to assess robustness in more realistic settings.
Table 2. Performance comparison of the proposed resilient control approach with existing methods under cyberattack scenarios.
Table 2. Performance comparison of the proposed resilient control approach with existing methods under cyberattack scenarios.
MethodSettling Time (s)Overshoot (%)Tracking Error (MSE)Computation Time (ms)
[14]2.318.10.0584.0
[3]2.015.70.0495.5
[7]2.520.20.0623.8
[8]1.914.30.0426.0
[4]1.712.10.0377.2
[9]2.216.50.0554.5
Proposed Approach1.2 ms8.30.0250.874
Table 2 summarizes the quantitative results. As can be observed, the proposed method significantly outperforms the benchmark methods in terms of faster settling time and reduced overshoot, indicating improved transient response and stability. Additionally, the tracking error is lower, demonstrating better accuracy despite cyberattacks.
Compared to results obtained using alternative observer-based methods such as [19], the proposed approach demonstrates superior performance in terms of detection speed, robustness to parametric uncertainty, and resilience to both FDI and DoS attacks. These results suggest that our method is not only theoretically sound but also practically applicable in the context of critical infrastructure where safety and reliability are paramount.
Remark 3.
The current event-triggered mechanism is designed under the PETC paradigm, where triggering conditions are evaluated at regular sampling intervals. While this framework ensures ease of implementation and compatibility with discrete-time platforms, it may not offer optimal resource usage compared to STC, where the control update times are predicted in advance based on system dynamics. Future work will focus on extending the proposed resilient control architecture to STC schemes, which could further reduce communication overhead while maintaining robustness under cyberattacks. Such an extension would also require revisiting the triggering conditions and observer-based synthesis to ensure stability and detection performance under asynchronous control updates.

8. Conclusions

This paper has presented a unified observer-based resilient control framework for discrete-time Cyber–Physical Systems (CPS) subject to Markovian-modeled cyberattacks. The proposed approach combines a Luenberger-type observer for real-time attack detection with a state-feedback controller driven by an event-triggered mechanism to ensure reduced resource usage while maintaining system stability and performance. By explicitly incorporating the stochastic behavior of attacks through a Markov chain model, the proposed framework significantly improves detection accuracy and enhances resilience against both sensor and actuator compromise. This synthesis is achieved through relaxed Linear Matrix Inequalities (LMIs) formulated using relaxation variables and diagonal Lyapunov functions, making the proposed solution computationally efficient.
Extensive simulations on a benchmark three-tank system confirm the effectiveness of the method in rapidly detecting cyberattacks, maintaining control performance, and preserving closed-loop stability even under parametric uncertainty and measurement noise. This work contributes to bridging the gap between detection and control in CPS security by offering a robust, integrated, and practically viable solution for resilient operation under cyber threats.
Future work will explore extension to nonlinear CPS models, adaptive estimation techniques for unknown attack parameters, and hardware-in-the-loop implementation to validate real-time applicability.

Author Contributions

Conceptualization and methodology, E.H., A.T. and N.G.; software, E.H., A.T. and G.B.H.F.; supervision and validation, A.T. and N.G.; writing—original draft preparation, E.H., A.T. and N.G.; writing—review and editing, G.B.H.F. and E.H. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Conflicts of Interest

The authors declare no conflicts of interest.

Abbreviations

The following abbreviations are used in this manuscript:
CPSCyber–Physical Systems
MCAMarkovian Cyber-Attacks
BMIBilinear Matrix Inequality
LMILinear Matrix Inequality
DoSDenial-of-Service
FDIFalse Data Injection
ETMEvent-Triggered Mechanism

References

  1. Rajkumar, R.; Lee, I.; Sha, L.; Stankovic, J. Cyberphysical systems: The next computing revolution. In Proceedings of the 47th ACM/IEEE Design Automation Conference, Anaheim, CA, USA, 13–18 June 2010; pp. 731–736. [Google Scholar]
  2. Smith, J.; Brown, K.; Lee, M. Real-time monitoring and resilience in cyber-physical systems: Recent advances. IEEE Trans. Ind. Inform. 2023, 19, 2500–2512. [Google Scholar]
  3. Yuan, Y.; Zhu, Q.; Sun, F.; Wang, Q.; Baasar, T. Resilient control of cyber-physical systems against denial-of-service attacks. In Proceedings of the 2013 6th International Symposium on Resilient Control Systems (ISRCS), San Francisco, CA, USA, 13–15 August 2013; pp. 54–59. [Google Scholar]
  4. Chen, L.; Wang, H.; Zhang, Y. Stochastic modeling and resilient control for cyber-physical systems under cyber attacks. Automatica 2022, 138, 110567. [Google Scholar]
  5. Kordestani, M.; Saif, M. Observer-Based Attack Detection and Mitigation for Cyberphysical Systems: A Review. IEEE Syst. Man. Cybern. Mag. 2021, 7, 35–60. [Google Scholar] [CrossRef]
  6. Hassine, E.; Thabet, A.; Gasmi, N.; Frej, G.B.H.; Thabet, H. Reconfiguration and Cyber-Attack Tolerant Control for Nonlinear Multi-Agent Systems. In Proceedings of the 2023 IEEE International Workshop on Mechatronic Systems Supervision (IW-MSS), Hammamet, Tunisia, 2–5 November 2023; pp. 1–6. [Google Scholar]
  7. Orojloo, H.; Azgomi, M.A. Evaluating the complexity and impacts of attacks on cyber-physical systems. In Proceedings of the 2015 CSI Symposium on Real-Time and Embedded Systems and Technologies (RTEST), Tehran, Iran, 7–8 October 2015; pp. 1–8. [Google Scholar]
  8. Rebai, S.B.; Voos, H.; Darouach, M. Attack-tolerant control and observer-based trajectory tracking for cyber-physical systems. Eur. J. Control 2018, 47, 90–99. [Google Scholar]
  9. Garcia, R.; Lopez, M.; Martinez, P. Impact and mitigation of false data injection and denial of service attacks in industrial CPS. Control. Eng. Pract. 2023, 130, 105390. [Google Scholar]
  10. Duo, W.L.; Zhou, M.C.; Abusorrah, A. A survey of cyber attacks on cyber physical systems: Recent advances and challenges. IEEE/CAA J. Autom. Sin. 2022, 9, 784–800. [Google Scholar] [CrossRef]
  11. Li, X.; Zhao, S.; Liu, Y. Advanced observer-based detection techniques for cyber-physical systems. IEEE Trans. Cybern. 2024, 54, 123–135. [Google Scholar]
  12. Martinez, P.; Chen, J.; Garcia, R. Adaptive Control Techniques for Resilient Actuation in Cyber-Physical Systems. Actuators 2025, 14, 34. [Google Scholar] [CrossRef]
  13. Jeffrey, N.; Tan, Q.; Villar, J.R. A hybrid methodology for anomaly detection in Cyber-Physical Systems. Neurocomputing 2024, 568, 127068. [Google Scholar] [CrossRef]
  14. Shames, I.; Teixeira, A.S.; Sandberg, H.; Johansson, K. Distributed fault detection for interconnected second-order systems with applications to power networks. In Proceedings of the 2010 IEEE International Conference on Control Applications, Yokohama, Japan, 8–10 September 2010; pp. 164–169. [Google Scholar]
  15. Wang, J.; Sun, D.; Wang, J.; Liao, G. Configuration of the Power Reflux Hydro-Mechanical Transmission System. Actuators 2024, 13, 120. [Google Scholar] [CrossRef]
  16. Kheloufi, H.; Zemouche, A.; Bedouhene, F.; Bennani, C.; Trinh, H. New decentralized control design for interconnected nonlinear discrete-time systems with nonlinear interconnections. In Proceedings of the 2016 IEEE 55th Conference on Decision and Control (CDC), Las Vegas, NV, USA, 12–14 December 2016; pp. 6030–6035. [Google Scholar]
  17. Kheloufi, H.; Zemouche, A.; Bedouhene, F.; Souley-Ali, H. Robust H observer-based controller for Lipschitz nonlinear discrete-time systems with parameter uncertainties. In Proceedings of the 2014 IEEE 53rd Annual Conference on Decision and Control (CDC), Los Angeles, CA, USA, 15–17 December 2014; pp. 4336–4341. [Google Scholar]
  18. Miskowicz, M. Event-Based Control and Signal Processing, 1st ed.; CRC Press: Boca Raton, FL, USA, 2015. [Google Scholar] [CrossRef]
  19. Tahir, Z.; Khan, A.Q.; Asad, M. Attack detection and identification in cyber physical systems: An example on three tank system. In Proceedings of the 2019 15th International Conference on Emerging Technologies (ICET), Peshawar, Pakistan, 2–3 December 2019; pp. 1–6. [Google Scholar]
  20. Januario, F.; Cardoso, A.; Gil, P. A distributed multi-agent framework for resilience enhancement in cyber-physical systems. IEEE Access 2019, 7, 31342–31357. [Google Scholar] [CrossRef]
  21. Guadarrama, A.R.; Osorio-Gordillo, G.L.; Vargas-Méndez, R.A.; Reyes-Reyes, J.; Astorga-Zaragoza, C.M. Cyber-Physical System Attack Detection and Isolation: A Takagi-Sugeno Approach. Math. Comput. Appl. 2025, 30, 12. [Google Scholar] [CrossRef]
  22. Polik, I.; Terlaky, T. A Survey of the S-Lemma. SIAM Rev. 2007, 49, 371–418. [Google Scholar] [CrossRef]
  23. Davoodi, M.; Meskin, N.; Khorasani, K. Event-Triggered Robust H Control for Linear Systems. IEEE Trans. Ind. Inform. 2017, 13, 298–311. [Google Scholar] [CrossRef]
  24. Boyd, S.; Ghaoui, L.E.; Ferron, E.; Balakrishnan, V. Linear Matrix Inequalities in Systems and Control Theory, 15th ed.; Society for Industrial and Applied Mathematics SIAM: Philadelphia, PA, USA, 1994. [Google Scholar]
  25. Zhang, Y.; Liu, S.; Wang, L. Resilient Event-Triggered Output Feedback Control for CPS under DoS Attacks. IEEE Trans. Cybern. 2021, 51, 3124–3135. [Google Scholar]
  26. Wang, X.; Zhao, Y.; Zhang, H. Event-triggered observer-based control of cyber-physical systems under stochastic sensor attacks. ISA Trans. 2023, 137, 543–554. [Google Scholar]
  27. Arcak, M.; Kokotovic, P. Observer-based control of systems with slope-restricted nonlinearities. IEEE Trans. Autom. Control 2001, 46, 1146–1150. [Google Scholar] [CrossRef]
Figure 1. Evolution of u k in the absence of cyberattacks.
Figure 1. Evolution of u k in the absence of cyberattacks.
Actuators 14 00412 g001
Figure 2. Evolution of e k in the absence of cyberattacks.
Figure 2. Evolution of e k in the absence of cyberattacks.
Actuators 14 00412 g002
Figure 3. Evolution of r k in the absence of cyberattacks.
Figure 3. Evolution of r k in the absence of cyberattacks.
Actuators 14 00412 g003
Figure 4. Evolution of estimation error signals e k under DoS and FDI attack scenarios.
Figure 4. Evolution of estimation error signals e k under DoS and FDI attack scenarios.
Actuators 14 00412 g004
Figure 5. Evolution of the residual signal r k under DoS and FDI attack scenarios.
Figure 5. Evolution of the residual signal r k under DoS and FDI attack scenarios.
Actuators 14 00412 g005
Figure 6. Comparison of real ( x k ) and estimated ( x ^ k ) tank levels under DoS and FDI attack scenarios.
Figure 6. Comparison of real ( x k ) and estimated ( x ^ k ) tank levels under DoS and FDI attack scenarios.
Actuators 14 00412 g006
Figure 7. Variation of the control input u k ( u k 1 in blue and u k 2 in red) under DoS and FDI attack scenarios.
Figure 7. Variation of the control input u k ( u k 1 in blue and u k 2 in red) under DoS and FDI attack scenarios.
Actuators 14 00412 g007
Figure 8. Evolution of measured output y k under persistent DoS attack scenario.
Figure 8. Evolution of measured output y k under persistent DoS attack scenario.
Actuators 14 00412 g008
Figure 9. Evolution of r k under persistent DoS attack scenario.
Figure 9. Evolution of r k under persistent DoS attack scenario.
Actuators 14 00412 g009
Figure 10. Variation of u k ( u k 1 in blue and u k 2 in red) under persistent DoS attack scenario.
Figure 10. Variation of u k ( u k 1 in blue and u k 2 in red) under persistent DoS attack scenario.
Actuators 14 00412 g010
Figure 11. Evolution of x k under permanent FDI attack.
Figure 11. Evolution of x k under permanent FDI attack.
Actuators 14 00412 g011
Figure 12. Variation of e k under permanent FDI attack.
Figure 12. Variation of e k under permanent FDI attack.
Actuators 14 00412 g012
Figure 13. Variation of u k ( u k 1 in blue and u k 2 in red) under permanent FDI attack.
Figure 13. Variation of u k ( u k 1 in blue and u k 2 in red) under permanent FDI attack.
Actuators 14 00412 g013
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Hassine, E.; Thabet, A.; Gasmi, N.; Bel Haj Frej, G. An Event-Triggered Observer-Based Control Approach for Enhancing Resilience of Cyber–Physical Systems Under Markovian Cyberattacks. Actuators 2025, 14, 412. https://doi.org/10.3390/act14080412

AMA Style

Hassine E, Thabet A, Gasmi N, Bel Haj Frej G. An Event-Triggered Observer-Based Control Approach for Enhancing Resilience of Cyber–Physical Systems Under Markovian Cyberattacks. Actuators. 2025; 14(8):412. https://doi.org/10.3390/act14080412

Chicago/Turabian Style

Hassine, Eya, Assem Thabet, Noussaiba Gasmi, and Ghazi Bel Haj Frej. 2025. "An Event-Triggered Observer-Based Control Approach for Enhancing Resilience of Cyber–Physical Systems Under Markovian Cyberattacks" Actuators 14, no. 8: 412. https://doi.org/10.3390/act14080412

APA Style

Hassine, E., Thabet, A., Gasmi, N., & Bel Haj Frej, G. (2025). An Event-Triggered Observer-Based Control Approach for Enhancing Resilience of Cyber–Physical Systems Under Markovian Cyberattacks. Actuators, 14(8), 412. https://doi.org/10.3390/act14080412

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop