Event-Based Security Control for Markov Jump Cyber–Physical Systems under Denial-of-Service Attacks: A Dual-Mode Switching Strategy

Abstract

This paper studies the design of dual-mode resilient event-triggered control strategy for Markov jump cyber–physical systems (MJCPSs) under denial-of-service (DoS) attacks. Firstly, a novel resilient event-triggering scheme dependent on the DoS signal is developed to select the corresponding control protocol based on the current network quality of services. Particularly, the potential relationship between the triggering signal and system mode under DoS attacks is discussed, aiming to eliminate both Zeno behavior and singular triggering behavior by calculating the minimum and maximum data update rates. Then, we design an event-based dual-mode security controller to ensure that the closed-loop system has stochastic stability and good robust $H_{\infty }$ performance under DoS attacks. By constructing a Lyapunov–Krasovskii functional which depends on the lower and upper bounds of time delay, sufficient conditions for the existence of dual-mode security controller gains and resilient triggering parameters are presented with the LMI form. Finally, simulation results show that the proposed security control strategy has good robustness against DoS attacks.

1. Introduction

With the rapid development of artificial intelligence and other technologies, cyber–physical systems (CPSs) that can highly integrate computation, communication, and control have emerged and been widely used in critical infrastructures, such as smart grids [1], intelligent transportation [2], industrial internet [3], and so on. In essence, CPSs are a class of complex networked control systems with a cyclic feedback mechanism, and the ubiquitous interconnection features make the openness increasingly enhanced [4]. This means that the deep interaction between the information world and physical plant has achieved global autonomy and collaboration. However, the influence of cyber security threats and physical safety issues has brought great challenges to the integrated protection of CPSs. Once the security defense mechanism deployed on the information layer fails, malicious adversaries can covertly invade the information systems, causing CPS-induced failures to spread rapidly in the communication media, thereby making the serious non-contact damage to the physical process. Since physical systems operate in a relatively isolated environment, there is a lack of in-depth understanding of external network threats and internal security vulnerabilities [5]. Thus, it is of great value to design advanced security control strategies to ensure the safe operation of plants in an unreliable network environment. Recently, security issues for CPSs have attracted widespread attention, such as intrusion identification [6,7,8], secure state estimation [9,10,11], stability analysis [12,13,14,15], and resilient control [16,17,18,19].

In CPSs, malicious attackers have developed various remote intrusion modes by destroying the security requirements of physical systems, such as denial-of-service (DoS) attacks, false data injection (FDI) attacks, and deception attacks [20], where DoS attacks force system service interruption by occupying the limited communication bandwidth. In addition, DoS attacks do not need to acquire any prior system knowledge, which implies that DoS attacks can be easily launched without regard for privacy protection [21]. In this attack scenario, the abnormal behaviors caused by DoS attacks can be quickly perceived. However, the access to control and measurement signals will be lost, making it impossible to effectively deal with this attack behavior. Thus, it is necessary to develop an advanced security control strategy with robustness and intrusion tolerance to ensure that CPSs can operate smoothly in a degraded manner under DoS attacks. The authors in [12] have proposed the concept of “resilient control” to characterize the basic ability of CPSs to defend against DoS attacks. In [13], the authors developed an observer-based security control strategy for linear CPSs with multiple parallel transmission channels. The maximum operational duty cycle tolerated by CPSs under DoS attacks was obtained. To ensure both steady-state accuracy and transient security, the authors in [22] designed an active security control policy, where DoS attacks are assumed to occur in both control and measurement channels. The relationship between the resilience and communication bandwidth was studied in [23], where the bit rate condition under DoS attacks depends on the attack parameters and system matrices. The issue of secure consensus for interconnected CPSs under DoS attacks was discussed in [24,25,26,27,28], where the authors in [25] developed a time-varying resilient control scheme to ensure the secure consensus of the agent team. In [28], the authors discussed the co-design of the fault detection algorithm and consensus control protocol for interconnected CPSs under hidden DoS attacks. Since CPSs are susceptible to environmental mutations or random failures of physical components, they may consist of multiple subsystems with different structures and parameters. However, the above achievements are research on the security of deterministic CPSs, ignoring the research on CPSs with random jumps under cyber attacks.

Generally, it is difficult for the system to obtain measurement or control signals in a continuous manner. In order to overcome persistent communication, many sampled-data control policies based on a time-triggered communication mechanism have been widely investigated, see [29,30,31,32]. However, due to the limited communication bandwidth, this implies that the time-triggered sampling strategies can generate unnecessary consumption and computing resources. Consequently, the oversampling problem needs to be eliminated. As an effective solution to alleviate the communication burden, the event-triggered mechanism (ETM) regarded as “on-demand communication” was reported in [33,34,35,36,37], where the authors in [33] proposed a co-design method for the resilient event-triggered control (ETC) strategy to tolerate DoS attacks as much as possible. To obtain a higher communication efficiency, a novel switching-like ETC strategy for continuous CPSs was developed in [34] to balance the desired communication rate and security performance. In [35], a fully distributed secure cooperative control protocol for CPSs was developed to guarantee asymptotic consensus against distributed DoS attacks from multiple adversaries. The authors in [36] formulated a stochastic ETC scheme to overcome the stochastic DoS attacks by fully using the dynamic features of communication in the open network. Particularly, CPSs are vulnerable to environmental mutations or random failures of physical components, resulting in their potential to be composed of multiple subsystems with different structures and parameters. Therefore, it is necessary to develop appropriate security control strategies to ensure that jump CPSs still have an acceptable level of operation under cyber attacks. In addition, the authors in [37] developed a finite-time ETC strategy for nonlinear semi-Markov jump CPS to quickly defend against FDI attacks in finite time. Note that most ETC schemes adjust their event-triggering parameters in advance to counter the negative impact of DoS attacks on data transmission. This indicates that the traditional strategies have certain limitations when dealing with unpredictable DoS jamming attacks. Recently, the impact of DoS attacks was transformed into the uncertainty in triggering rule reported in [38], which plays a positive role in solving the mentioned problem.

However, very few works are available to solve similar topics for stochastic CPSs under DoS attacks and Markovian switching, to our knowledge. These facts inspire us to proceed with the present work.

This paper proposes a novel dual-mode resilient event-triggered control strategy for MJCPSs under DoS attacks. The salient contributions are as follows:

(1)

A novel resilient event-triggering rule that relies on DoS signals is designed to select corresponding control strategies on demand based on the current network service quality.

(2)

By analyzing the inner relationship between the system mode and the triggering instant under DoS attacks, the minimum and maximum inter-execution intervals are calculated to avoid Zeno behavior and singular triggering.

(3)

Based on the LMI method and Lyapunov stability theory, sufficient conditions for the existence of security controller gains and resilient triggering parameters are given in the form of concise LMIs simultaneously.

The outline of this paper is organized as follows. Section 2 presents preliminaries and problem formulation. In Section 3, stability analysis under resilient event-triggered rule and DoS attacks is investigated in detail. The dual-mode security controller is designed in Section 4. In Section 5, a simulation example is presented to illustrate the effectiveness of the proposed method. Finally, Section 6 summarizes this paper.

2. Preliminaries and Problem Formulation

2.1. System Framework

Consider MJCPSs defined on a complete probability space $(\mathsf{\Omega },\mathcal{F},\mathbb{P})$, whose dynamics can be captured by

$$\left\{\begin{array}{c}\dot{x}\left(t\right)=A_{r\left(t\right)}x\left(t\right)+B_{r\left(t\right)}^{u}u\left(t\right)+B_{r\left(t\right)}^{\omega }\omega \left(t\right)\hfill \\ z\left(t\right)=C_{r\left(t\right)}x\left(t\right)+D_{r\left(t\right)}^{u}u\left(t\right)\hfill \end{array}\right.$$

(1)

where $x\left(t\right)\in {\mathbb{R}}^{n_x}$, $u\left(t\right)\in {\mathbb{R}}^{n_u}$, and $z\left(t\right)\in {\mathbb{R}}^{n_z}$ are the system state, control input, and regulated output variables, respectively. $\omega \left(t\right)\in {\mathbb{R}}^{n_{\omega }}$ represents an exogenous disturbance belonging to ${\mathcal{L}}_2[0,+\infty )$. $A_{r\left(t\right)}$, $B_{r\left(t\right)}^u$, $B_{r\left(t\right)}^{\omega }$, $C_{r\left(t\right)}$, and $D_{r\left(t\right)}^u$ denote known matrices of compatible dimensions.

Let $\left\{r\right(t),t\ge 0\}$ represent a right-continuous Markov process taking values in a finite set $\mathbb{S}\triangleq \{1,2,\dots ,S\}$, whose stationary mode transition rate matrix (TRM) $\mathrm{\Pi }\triangleq \left[{\pi }_{ij}\right]\in {\mathbb{R}}^{S\times S}$ can be given by

$$\begin{array}{cc}\hfill Pr\left\{r\right(t+\mathrm{\Delta }t)& =j\left|r\right(t)=i\}\hfill \\ \hfill & =\left\{\begin{array}{ccc}{\pi }_{ij}\mathrm{\Delta }t+o\left(\mathrm{\Delta }t\right),\hfill & \hfill & i\ne j\hfill \\ 1+{\pi }_{ii}\mathrm{\Delta }t+o\left(\mathrm{\Delta }t\right),\hfill & \hfill & i=j\hfill \end{array}\right.\hfill \end{array}$$

(2)

where $\mathrm{\Delta }t>0$, ${lim}_{\mathrm{\Delta }t\to 0}(o\left(\mathrm{\Delta }t\right)/\mathrm{\Delta }t)=0$, and TRs from i to j satisfy two conditions, that is, if $i\ne j$ then ${\pi }_{ij}>0$; otherwise, ${\pi }_{ii}=-{\sum }_{i\ne j}{\pi }_{ij}$ for any $i,j\in \mathbb{S}$.

On the other hand, Figure 1 presents an advanced event-based control architecture for MJCPSs subject to energy-limited DoS attacks, where the virtual sensor system determined by a novel resilient event-triggered rule is developed to alleviate the heavy communication burden generated by using traditional sampled-data schemes, see refs. [29,30,31] and the references therein. For clarity, let $e_s\left(t\right)=x\left(t_{k+1}\right)-x\left(t_k\right)$ represent the sampled error, then we review a general event-triggered scheme mentioned in [38] as follows:

$$t_{k+1}=inf\left\{t\in {\mathbb{R}}_{>t_k}|e_s^T\left(t\right){\mathrm{\Theta }}_a{e}_s\left(t\right)>\sigma x^T\left(t\right){\mathrm{\Theta }}_{b}x\left(t\right)\right\},$$

(3)

where $\sigma \in (0,1)$ is a given triggering parameter, ${\mathrm{\Theta }}_a$ and ${\mathrm{\Theta }}_b$ are the unknown weighting matrices to be designed, and ${\left\{t_k\right\}}_{k\in {\mathbb{N}}_0}$ denotes the triggering sequence determined by (3). In this way, the control input applied to the control layer in the absence of DoS attacks can be described as

$$u\left(t\right)=K_{r\left(t\right)}x\left(t_k\right),t\in [t_k,t_{k+1})$$

(4)

where $K_{r\left(t\right)}$ denotes the unknown control gain to be designed. Notice that the packets are transmitted on the sensor–controller (S-C) and controller–actuator (C-A) channels over the open and secure communication networks, respectively. This means that the S-C channel is vulnerable to remote intrusion by malicious attackers. From the perspective of system control performance, malicious intrusion on the S-C channel may cause information mismatch between the S-C and C-A channels. That is, the actuator may maintain historical control actions for a long time, which is enough to pose a serious threat to physical security. In order to ensure safe operation in an unreliable network environment, we will redesign an improved resilient event-triggered scheme and related security control protocol for MJCPSs in the sequel.

Figure 1. Control architecture of MJCPSs under DoS attacks.

2.2. Dual-Mode Security Control Scheme

In general, the purpose of designing event-based data update strategy is to improve communication utilization. However, the malicious attackers always launch DoS attacks on the S-C channel covertly to destroy information interaction. This will inevitably lead to the accumulation of actual error between the historical update state and the current operation state such that the event-triggered condition is violated for a long time because the state error cannot be reset to zero. These facts motivates us to design a resilience margin for the event-triggered condition (3), which aims to be more robust against DoS attacks. From this, for any aperiodic interval $[{\mathcal{T}}_n,{\mathcal{T}}_{n+1})$, let ${\mathcal{H}}_n=\left\{{\mathcal{T}}_n^{\mathrm{on}}\right\}\cup [{\mathcal{T}}_n^{\mathrm{on}},{\mathcal{T}}_{n+1})$ be the n$\mathrm{th}$ DoS active interval shown in Figure 2, where ${\left\{{\mathcal{T}}_n^{\mathrm{on}}\right\}}_{n\in {\mathbb{N}}_0}$ represents an injected DoS sequence. Then, for any $t\in [t_a,t_b]$, we define

$${\mathcal{D}}_1(t_a,t_b)=\bigcup _{n\in {\mathbb{N}}_0}{\mathcal{H}}_n\bigcap [t_a,t_b]$$

(5)

and

$${\mathcal{D}}_2(t_a,t_b)=[t_a,t_b]\setminus {\mathcal{D}}_1(t_a,t_b)$$

(6)

as the union and relative complement of DoS subintervals over interval $[t_a,t_b]$, respectively. Clearly, once the intermittent DoS attacks are successfully launched over a shared communication network, certain packets determined by the event-triggered rule (3) will be lost during the transmission. This implies that these criteria for stability analysis and controller synthesis presented in [24,25,27] may no longer be valid. Moreover, these packets that cannot be updated successfully are also considered redundant. In this case, we need to develop an improved event-triggered rule with a resilience margin according to (3). Firstly, the actual state error caused by DoS attacks can be defined as

$$e_a\left(t\right)=x\left(t\right)-x\left(t_k\right),t\in \left[t_n^{\ell },t_n^{\ell +1}\right)$$

(7)

where ${\left\{t_n^{\ell }\right\}}_{\ell \in {\mathbb{N}}_0}\subseteq {\left\{t_k\right\}}_{k\in {\mathbb{N}}_0}$ denotes a successful transmission sequence during the interval $[{\mathcal{T}}_n,{\mathcal{T}}_{n+1})$. Note that $e_a\left(t\right)=e_s\left(t\right)$ holds if DoS attacks do not exist; otherwise, DoS attacks cause an additional state error that can degrade security performance, i.e., $e_a\left(t\right)>e_s\left(t\right)$ holds. Then, a novel event-triggered rule with a resilience margin can be designed as

$$\begin{array}{cc}\hfill {\mathfrak{T}}_{*}& =max\left\{t_k+\mathrm{\Delta },inf\left\{t\in {\mathbb{R}}_{>t_k}\wedge t_n^{\ell }|e_a^T\left(t\right){\mathrm{\Theta }}_a{e}_a\left(t\right)\right.\right.\hfill \\ \hfill & \left.\left.-\sigma x^T\left(t_k\right){\mathrm{\Theta }}_{b}x\left(t_k\right)-(1-\alpha \left(t\right)){\mathcal{J}}_d>0\right\}\right\},\hfill \end{array}$$

(8)

where ${\mathfrak{T}}_{*}$ represents the latest update instant when DoS attacks are no longer injected, $\mathrm{\Delta }\in {\mathbb{R}}_{>0}$ denotes an unknown constant to be calculated, ${\mathcal{J}}_d\le {\mathcal{J}}_{max}$ is the performance compensation for condition (3), and ${\mathcal{J}}_{max}$ is the maximum resilience margin. Furthermore, $\alpha \left(t\right)\in \{0,1\}$ is a Dirac measure used to describe DoS on/off properties, and its mathematical expectation can be characterized as

$$\left\{\begin{array}{c}\mathrm{Prob}\left\{\alpha \right(t)=1\}=\mathbb{E}\left\{\alpha \right(t\left)\right\}=\alpha \hfill \\ \mathrm{Prob}\left\{\alpha \right(t)=0\}=1-\alpha \hfill \end{array}\right.$$

(9)

where $\alpha \in [0,1]$ is a positive scalar. In this way, we can design a novel dual-mode security controller under the resilient event-triggered rule (8) as follows:

$$u\left(t\right)=\alpha \left(t\right)K_{r\left(t\right)}^{a}x\left(t_k\right)+(1-\alpha \left(t\right)){\xi }_{r\left(t\right)}{K}_{r\left(t\right)}^{b}x\left(t_k\right)$$

(10)

where ${\xi }_{r\left(t\right)}\in {\mathbb{R}}_{>0}$ denotes a given regulated parameters, $K_{r\left(t\right)}^a$ and $K_{r\left(t\right)}^b$ represent the unknown control gains without or with DoS attacks, respectively. Let $\tau \left(t\right)\triangleq t-t_n^{\ell }$ denote the time delay, then the control protocol (10) can be further rewritten as

$$\begin{array}{cc}\hfill u\left(t\right)& =\alpha \left(t\right)K_{r\left(t\right)}^a(x(t-\tau \left(t\right))-e_a\left(t\right))+(1-\alpha \left(t\right))\hfill \\ \hfill & \times {\xi }_{r\left(t\right)}{K}_{r\left(t\right)}^b(x(t-\tau \left(t\right))-e_a\left(t\right)),t\in \left[t_n^{\ell },t_n^{\ell +1}\right)\hfill \end{array}$$

(11)

where ${\tau }_{min}$ and ${\tau }_{max}$ denote the minimum and maximum time delays, respectively.

Figure 2. Evolution of update data in the presence of DoS attacks.

In view of the designed resilient event-triggered rule (8) and dual-mode security control protocol (11), the resulting closed-loop systems can be described as

$$\left\{\begin{array}{cc}\hfill \dot{x}\left(t\right)& =A_{r\left(t\right)}x\left(t\right)+\left[{\overline{B}}_{r\left(t\right)}^u+(\alpha \left(t\right)-\alpha ){\tilde{B}}_{r\left(t\right)}^u\right]{\overline{K}}_{r\left(t\right)}\hfill \\ \hfill & \times (x(t-\tau \left(t\right))-e_a\left(t\right))+B_{r\left(t\right)}^{\omega }\omega \left(t\right)\hfill \\ \hfill z\left(t\right)& =C_{r\left(t\right)}x\left(t\right)+\left[{\overline{D}}_{r\left(t\right)}^u+(\alpha \left(t\right)-\alpha ){\tilde{D}}_{r\left(t\right)}^u\right]{\overline{K}}_{r\left(t\right)}\hfill \\ \hfill & \times (x(t-\tau \left(t\right))-e_a\left(t\right))\hfill \end{array}\right.$$

(12)

where $\overline{\alpha }=1-\alpha$, ${\overline{K}}_{r\left(t\right)}=\mathrm{col}\left\{K_{r\left(t\right)}^a,K_{r\left(t\right)}^b\right\}$, and

$$\begin{array}{cc}& {\overline{B}}_{r\left(t\right)}^u=\left[\begin{array}{cc}\alpha & \overline{\alpha }{\xi }_{r\left(t\right)}\end{array}\right]\otimes B_{r\left(t\right)}^u,{\tilde{B}}_{r\left(t\right)}^u=\left[\begin{array}{cc}1& -{\xi }_{r\left(t\right)}\end{array}\right]\otimes B_{r\left(t\right)}^u,\hfill \\ & {\overline{D}}_{r\left(t\right)}^u=\left[\begin{array}{cc}\alpha & \overline{\alpha }{\xi }_{r\left(t\right)}\end{array}\right]\otimes D_{r\left(t\right)}^u,{\tilde{D}}_{r\left(t\right)}^u=\left[\begin{array}{cc}1& -{\xi }_{r\left(t\right)}\end{array}\right]\otimes D_{r\left(t\right)}^u.\hfill \end{array}$$

In general, malicious attackers can launch three different types of DoS attacks on the CPS communication network, including periodic DoS attacks, stochastic DoS attacks, and time-constrained DoS attacks as shown in Figure 3. From the perspective of attack concealment, we consider time-constrained DoS attacks, whose properties can be characterized by frequency and duration.

Figure 3. Typical DoS attack models.

Assumption A1

(DoS Frequency [12]). There exist scalars $\eta \in {\mathbb{R}}_{\ge 0}$ and ${\tau }_D\in {\mathbb{R}}_{\ge \underline{\mathrm{\Delta }}}$ such that

$$n(t_s,t_f)\le \eta +\frac{t_f-t_s}{{\tau }_D}$$

for any $0\le t_s<t_f$.

Assumption A2

(DoS Duration [12]). There exist scalars $\xi \in {\mathbb{R}}_{\ge 0}$ and $T\in {\mathbb{R}}_{\ge 1}$ such that

$$|\mathcal{H}(t_s,t_f)|\le \xi +\frac{t_f-t_s}{T}$$

for any $0\le t_s<t_f$.

2.3. Control Objective

For MJCPSs under DoS attacks, the control objective of this article is to develop the advanced resilient event-triggered rule and dual-mode security control protocol, which aims to ensure the safe operation of physical system in an unreliable network environment. Some useful definitions are given as follows.

Definition 1

([38]). For any initial condition $\left(x\right(0),r(0\left)\right)$, MJCPSs (1) can be said to be stochastically stable if they have a positive parameter $\mathcal{M}\left(x\right(0),r(0\left)\right)$ such that

$$\mathbb{E}\left\{{\int }_0^{\infty }{x}^T\left(t\right)x\left(t\right)\mathrm{dt}\mid (x\left(0\right),r\left(0\right))\right\}\le \mathcal{M}(x\left(0\right),r\left(0\right)).$$

Definition 2

([38]). Given a positive parameter $\gamma \in {\mathbb{R}}_{>0}$, MJCPSs (1) can be considered stochastically stable and to have an $H_{\infty }$ disturbance attenuation level γ if this condition is met:

$$\mathbb{E}\left\{{\int }_0^{\infty }{z}^T\left(t\right)z\left(t\right)\mathrm{dt}\right\}\le {\gamma }^2{\int }_0^{\infty }{\omega }^T\left(t\right)\omega \left(t\right)\mathrm{dt}.$$

Definition 3

([13]). The transmission sequence ${\left\{t_k\right\}}_{k\in {\mathbb{N}}_0}$ is said to have a finite update rate if there are two positive scalars ${\mathrm{\Delta }}_{min}$ and ${\mathrm{\Delta }}_{max}\in {\mathbb{R}}_{>0}$ such that

$${\mathrm{\Delta }}_{min}\le t_{k+1}-t_k={\mathrm{\Delta }}_k\le {\mathrm{\Delta }}_{max},$$

where ${\mathrm{\Delta }}_{min}$ and ${\mathrm{\Delta }}_{max}$ are the minimum and maximum update rates, respectively.

Remark 1.

Generally, DoS behaviors launched by malicious attackers have a certain concealment, which makes it difficult for defenders to predict attack intentions. Under such an unreliable communication network, the packets to be updated determined by ETM may be lost during the transmission, thereby reducing the security performance of the physical system. To defend against DoS attacks, several popular resilient ETC strategies have been proposed, which can adjust the triggering parameters online or in advance according to changes in the system state, see [34,35,39,40,41,42] and the references therein. However, the invisibility of DoS attacks makes it difficult to adjust triggering parameters in real time, which leads to certain limitations of such methods. In contrast, setting a certain resilience margin for ETM to cope with the transmission failures caused by DoS attacks can break through the barriers of traditional control schemes. In addition, the triggering parameters do not need to be adjusted depending on whether DoS attacks occur. Hence, the method of designing a reasonable resilience margin for ETM in a unified framework may facilitate system analysis under DoS attacks.

Remark 2.

The control behavior in response to DoS attacks can be divided into two cases: one is to force the control signal to zero as mentioned in [12,13], and the other is to maintain the historical control input by using a zero-order holder (ZOH), see [34,38] and the references therein. Obviously, the former is an extremely conservative way to defend against DoS attacks because the controlled system may be in an open-loop unstable status for a long time. Conversely, the latter allows the physical system to obtain relatively satisfactory security performance in a degraded manner. That is, it can be concluded that the second way is more suitable as the core idea of the intrusion tolerance control scheme. On this basis, we can design a DoS-based dual-mode security controller by introducing a Dirac measure $\alpha \left(t\right)$ [43], which is independent of the system mode $r\left(t\right)$. The composite control scheme that includes two different control protocols is similar to hybrid control, but both protocols cannot take effect simultaneously. It should be noted that the event-triggered rules corresponding to the above control protocols are selected based on whether DoS attacks occur.

3. Stability Analysis under Resilient Event-Triggered Rule and DoS Attacks

3.1. Stability Criterion

Firstly, the primary goal of this subsection is to find the stability criteria for MJCPSs (1) under resilient event-triggered rule (8) and DoS attack. Then, we perform a comprehensive feasibility analysis on condition (8) to demonstrate the theoretical validity.

Theorem 1.

Given positive scalars σ, α, ${\tau }_p$, ${\tau }_q$, and γ, ${\xi }_i\in {\mathbb{R}}_{>0}$, and the dual-mode security controller gains $K_i^a$ and $K_i^b$. Under the proposed resilient event-triggered rule (8), MJCPSs (1) are stochastically stable in the presence of intermittent DoS attacks and have an $H_{\infty }$ disturbance attenuation level γ if there exist the positive definite matrices $P_i>0$, $Q_i^a>0$, $Q_i^b>0$, $S_a>0$,$S_b>0$, $R_a>0$, $R_b>0$, ${\mathrm{\Theta }}_a>0$, ${\mathrm{\Theta }}_b>0$, and the real matrix ${\tilde{R}}_b$ such that the following conditions are satisfied:

$$\mathsf{\Omega }=\left[\begin{array}{ccc}{\mathsf{\Omega }}_c& {\mathsf{\Omega }}_1& {\mathsf{\Omega }}_2\\ *& {\mathsf{\Omega }}_3& 0\\ *& *& {\mathsf{\Omega }}_4\end{array}\right],\mathcal{R}=\left[\begin{array}{cc}{R}_b& {\tilde{R}}_b\\ *& R_b\end{array}\right]>0,$$

(13)

$$\sum _{j=1}^S{\pi }_{ij}{Q}_j^a<S_a,\sum _{j=1}^S{\pi }_{ij}{Q}_j^b<S_b,$$

(14)

where $\mathrm{diag}\{{\mathsf{\Omega }}_3,{\mathsf{\Omega }}_4\}=-\mathrm{diag}\{\overline{\tau }{R}_a,\tilde{\tau }{R}_b,\widehat{\alpha }\overline{\tau }{R}_a,\widehat{\alpha }\tilde{\tau }{R}_b,I,\widehat{\alpha }I\}$,

$$\begin{array}{cc}& {\mathsf{\Omega }}_c=\left[\begin{array}{cccccc}{\phi }_{11}& \overline{\tau }{R}_a& {\phi }_{13}& 0& {\phi }_{15}& {\phi }_{16}\\ *& *& {\phi }_{22}& {\phi }_{23}& \tilde{\tau }{\tilde{R}}_b& 0\\ *& *& {\tilde{\phi }}_{33}& {\phi }_{34}& -\sigma {\mathrm{\Theta }}_b& 0\\ *& *& *& {\phi }_{44}& 0& 0\\ *& *& *& *& \sigma {\mathrm{\Theta }}_b-{\mathrm{\Theta }}_a& 0\\ *& *& *& *& *& -{\gamma }^{2}I\end{array}\right],\hfill \\ & {\mathsf{\Omega }}_1=\left[\begin{array}{ccc}{A}_i^T{R}_a& A_i^T{R}_b& 0\\ 0& 0& 0\\ {\overline{K}}_i^T{\overline{B}}_i^{uT}{R}_a& {\overline{K}}_i^T{\overline{B}}_i^{uT}{R}_b& {\overline{K}}_i^T{\tilde{B}}_i^{uT}{R}_a\\ 0& 0& 0\\ -{\overline{K}}_i^T{\overline{B}}_i^{uT}{R}_a& -{\overline{K}}_i^T{\overline{B}}_i^{uT}{R}_b& -{\overline{K}}_i^T{\tilde{B}}_i^{uT}{R}_a\\ B_i^{\omega T}{R}_a& B_i^{\omega T}{R}_b& 0\end{array}\right],\hfill \\ & {\mathsf{\Omega }}_2=\left[\begin{array}{ccc}0& C_i^T& 0\\ 0& 0& 0\\ {\overline{K}}_i^T{\tilde{B}}_i^{uT}{R}_b& {\overline{K}}_i^T{\overline{D}}_i^{uT}& {\overline{K}}_i^T{\tilde{D}}_i^{uT}\\ 0& 0& 0\\ -{\overline{K}}_i^T{\tilde{B}}_i^{uT}{R}_b& -{\overline{K}}_i^T{\overline{D}}_i^{uT}& -{\overline{K}}_i^T{\tilde{D}}_i^{uT}\\ 0& 0& 0\end{array}\right],\hfill \end{array}$$

with

$$\begin{array}{cc}& {\phi }_{11}=Q_i^a+{\tau }_p{S}_a+\widehat{\tau }{S}_b+A_i^T{P}_i+P_i{A}_i+\sum _{j=1}^S{\pi }_{ij}{P}_j\hfill \\ & -\overline{\tau }{R}_a,{\tilde{\phi }}_{33}=-2{\phi }_{23}+\sigma {\mathrm{\Theta }}_b,\tilde{\alpha }={\widehat{\alpha }}^{-1}=\alpha \overline{\alpha },\hfill \\ & {\phi }_{13}=-{\phi }_{15}=P_i{\overline{B}}_i^u{\overline{K}}_i,{\phi }_{16}=P_i{B}_i^{\omega },\widehat{\tau }={\tau }_q-{\tau }_p,\hfill \\ & {\phi }_{22}=Q_i^b-Q_i^a-\overline{\tau }{R}_a-\tilde{\tau }{R}_b,\tilde{\tau }={\widehat{\tau }}^{-1},\overline{\tau }={\tau }_p^{-1},\hfill \\ & {\phi }_{23}={\phi }_{34}=\tilde{\tau }{R}_b-\tilde{\tau }{\tilde{R}}_b,{\phi }_{44}=-Q_i^b-\tilde{\tau }{R}_b.\hfill \end{array}$$

Proof. 

Firstly, consider a stochastic Lyapunov–Krasovskii functional as follows:

$$\begin{array}{cc}\hfill V\left(x\right(t),r(t\left)\right)& =V_1(x\left(t\right),r\left(t\right))+V_2(x\left(t\right),r\left(t\right))\hfill \\ \hfill & +V_3(x\left(t\right),r\left(t\right))+V_4(x\left(t\right),r\left(t\right)),\hfill \end{array}$$

(15)

where

$$\begin{array}{cc}& V_1(x\left(t\right),r\left(t\right))=x^T\left(t\right)P_{r\left(t\right)}x\left(t\right),\hfill \\ & V_2(x\left(t\right),r\left(t\right))={\int }_{t-{\tau }_p}^t{x}^T\left(s\right)Q_{r\left(t\right)}^{a}x\left(s\right)\mathrm{ds}\hfill \\ & +{\int }_{t-{\tau }_q}^{t-{\tau }_p}{x}^T\left(s\right)Q_{r\left(t\right)}^{b}x\left(s\right)\mathrm{ds},\hfill \\ & V_3(x\left(t\right),r\left(t\right))={\int }_{-{\tau }_p}^0{\int }_{t+\theta }^t{x}^T\left(s\right)S_{a}x\left(s\right)\mathrm{dsd}‘\hfill \\ & +{\int }_{-{\tau }_q}^{-{\tau }_p}{\int }_{t+\theta }^t{x}^T\left(s\right)S_{b}x\left(s\right)\mathrm{dsd}‘,\hfill \\ & V_4(x\left(t\right),r\left(t\right))={\int }_{-{\tau }_p}^0{\int }_{t+\theta }^t{\dot{x}}^T\left(s\right)R_a\dot{x}\left(s\right)\mathrm{dsd}‘\hfill \\ & +{\int }_{-{\tau }_q}^{-{\tau }_p}{\int }_{t+\theta }^t{\dot{x}}^T\left(s\right)R_b\dot{x}\left(s\right)\mathrm{dsd}‘.\hfill \end{array}$$

For $r\left(t\right)=i\in \mathbb{S}$, let $\mathfrak{L}$ be the weak infinitesimal generator, which is computed along the state trajectory of MJCPSs (1) as

$$\begin{array}{cc}\hfill & \mathfrak{L}{V}_1(x\left(t\right),r\left(t\right))\hfill \\ \hfill & =2x^T\left(t\right)P_i[A_{i}x\left(t\right)+B_i^{\omega }\omega \left(t\right)-{\overline{B}}_i^u{\overline{K}}_i{e}_a\left(t\right)\hfill \\ \hfill & +{\overline{B}}_i^u{\overline{K}}_{i}x(t-\tau \left(t\right))]+x^T\left(t\right)\sum _{j=1}^S{\pi }_{ij}{P}_{j}x\left(t\right),\hfill \end{array}$$

(16)

$$\begin{array}{cc}\hfill & \mathfrak{L}{V}_2(x\left(t\right),r\left(t\right))\hfill \\ \hfill & =x^T\left(t\right)Q_i^{a}x\left(t\right)-x^T(t-{\tau }_q)Q_i^{b}x(t-{\tau }_q)\hfill \\ \hfill & +x^T(t-{\tau }_p)(Q_i^b-Q_i^a)x(t-{\tau }_p)\hfill \\ \hfill & +{\int }_{t-{\tau }_q}^{t-{\tau }_p}{x}^T\left(s\right)\sum _{j=1}^S{\pi }_{ij}{Q}_j^{b}x\left(s\right)\mathrm{ds}\hfill \\ \hfill & +{\int }_{t-{\tau }_p}^t{x}^T\left(s\right)\sum _{j=1}^S{\pi }_{ij}{Q}_j^{a}x\left(s\right)\mathrm{ds},\hfill \end{array}$$

(17)

$$\begin{array}{cc}\hfill & \mathfrak{L}{V}_3(x\left(t\right),r\left(t\right))\hfill \\ \hfill & ={\tau }_p{x}^T\left(t\right)S_{a}x\left(t\right)-{\int }_{t-{\tau }_p}^t{x}^T\left(s\right)S_{a}x\left(s\right)\mathrm{ds}\hfill \\ \hfill & +\widehat{\tau }{x}^T\left(t\right)S_{b}x\left(t\right)-{\int }_{t-{\tau }_q}^{t-{\tau }_p}{x}^T\left(s\right)S_{b}x\left(s\right)\mathrm{ds},\hfill \end{array}$$

(18)

$$\begin{array}{cc}\hfill & \mathfrak{L}{V}_4(x\left(t\right),r\left(t\right))\hfill \\ \hfill & ={\tau }_p\mathbb{E}\left\{{\dot{x}}^T\left(t\right)R_a\dot{x}\left(t\right)\right\}-{\int }_{t-{\tau }_p}^t{\dot{x}}^T\left(s\right)R_a\dot{x}\left(s\right)\mathrm{ds}\hfill \\ \hfill & +\widehat{\tau }\mathbb{E}\left\{{\dot{x}}^T\left(t\right)R_b\dot{x}\left(t\right)\right\}-{\int }_{t-{\tau }_q}^{t-{\tau }_p}{\dot{x}}^T\left(s\right)R_b\dot{x}\left(s\right)\mathrm{ds},\hfill \end{array}$$

(19)

where $\widehat{\tau }\in {\mathbb{R}}_{>0}$ is defined in Theorem 1. For clarity, let $\eta \left(t\right):=\mathrm{col}\{x\left(t\right),x(t-{\tau }_p),x(t-\tau \left(t\right)),x(t-{\tau }_q),e_a\left(t\right),\omega \left(t\right)\}$ represent the augmented vector. Then, in view of the mathematical nature of $\alpha \left(t\right)$, one can obtain that

$$\begin{array}{cc}\hfill & \mathbb{E}\left\{{\dot{x}}^T\left(t\right)R_{\varphi }\dot{x}\left(t\right)\right\}\hfill \\ \hfill & ={\eta }^T\left(t\right)\left[{\zeta }_1^T{R}_{\varphi }{\zeta }_1+\tilde{\alpha }{\zeta }_2^T{R}_{\varphi }{\zeta }_2\right]\eta \left(t\right),\varphi \in \{a,b\}\hfill \end{array}$$

(20)

where $\tilde{\alpha }\in {\mathbb{R}}_{>0}$, ${\zeta }_1=\left[A_i,0,{\overline{B}}_i^u{\overline{K}}_i,0,-{\overline{B}}_i^u{\overline{K}}_i,B_i^{\omega }\right]$, and ${\zeta }_2=$$[0,0,{\tilde{B}}_i^u{\overline{K}}_i,0,$$-{\tilde{B}}_i^u{\overline{K}}_i,0]$. By virtue of the Jessen’s inequality, the integral terms in (19) are calculated as

$$\begin{array}{cc}\hfill & -{\int }_{t-{\tau }_p}^t{\dot{x}}^T\left(s\right)R_a\dot{x}\left(s\right)\mathrm{ds}\hfill \\ \hfill & \le -\overline{\tau }\left[x\left(t\right)-x(t-{\tau }_p){]}^T{R}_a[x\left(t\right)-x(t-{\tau }_p)\right],\hfill \end{array}$$

(21)

$$\begin{array}{cc}\hfill & -{\int }_{t-{\tau }_q}^{t-{\tau }_p}{\dot{x}}^T\left(s\right)R_b\dot{x}\left(s\right)\mathrm{ds}\hfill \\ \hfill & \le -\tilde{\tau }[x(t-{\tau }_p)-x(t-\tau \left(t\right)){]}^T{R}_b[x(t-{\tau }_p)\hfill \\ \hfill & -x(t-\tau \left(t\right))]-\tilde{\tau }[x(t-\tau \left(t\right))-x(t-{\tau }_q){]}^T\hfill \\ \hfill & \times R_b[x(t-\tau \left(t\right))-x(t-{\tau }_q)]-2\tilde{\tau }[x(t-{\tau }_p)\hfill \\ \hfill & -x(t-\tau \left(t\right)){]}^T{\tilde{R}}_b\left[x(t-\tau \left(t\right))-x(t-{\tau }_q)\right],\hfill \end{array}$$

(22)

where $\overline{\tau }$ and $\tilde{\tau }\in {\mathbb{R}}_{>0}$ are defined in Theorem 1, respectively.

Combining condition (14), it follows from (16)–(22) that

$$\begin{array}{cc}\hfill \mathfrak{L}V\left(x\right(t),r(t\left)\right)& \le {\eta }^T\left(t\right)[{\mathsf{\Omega }}_a+{\zeta }_1^T({\tau }_p{R}_a+\widehat{\tau }{R}_b){\zeta }_1\hfill \\ \hfill & +{\zeta }_2^T(\tilde{\alpha }{\tau }_p{R}_a+\tilde{\alpha }\widehat{\tau }{R}_b){\zeta }_2]\eta \left(t\right),\hfill \end{array}$$

(23)

where

$${\mathsf{\Omega }}_a=\left[\begin{array}{cccccc}{\phi }_{11}& \overline{\tau }{R}_a& {\phi }_{13}& 0& {\phi }_{15}& {\phi }_{16}\\ *& {\phi }_{22}& {\phi }_{23}& \tilde{\tau }{\tilde{R}}_b& 0& 0\\ *& *& {\phi }_{33}& {\phi }_{34}& 0& 0\\ *& *& *& {\phi }_{44}& 0& 0\\ *& *& *& *& 0& 0\\ *& *& *& *& *& 0\end{array}\right]$$

with ${\phi }_{33}=-2{\phi }_{23}=2\tilde{\tau }{\tilde{R}}_b-2\tilde{\tau }{R}_b$ and other parameters, which are given in Theorem 1.

Then, we will show that MJCPSs (1) have an $H_{\infty }$ disturbance attenuation level $\gamma$ for any non-zero $\omega \left(t\right)\in {\mathcal{L}}_2[0,+\infty )$. Define $\Lambda \left(t\right):=\mathfrak{L}V(x\left(t\right),r\left(t\right))+\mathbb{E}\{z^T\left(t\right)z\left(t\right)-{\gamma }^2{\omega }^T\left(t\right)\omega \left(t\right)\}$. Based on Definition 2, it can be derived that

$$\begin{array}{cc}\hfill \Lambda \left(t\right)& \le {\eta }^T\left(t\right)[{\mathsf{\Omega }}_b+{\zeta }_1^T({\tau }_p{R}_a+\widehat{\tau }{R}_b){\zeta }_1+{\zeta }_3^T{\zeta }_3\hfill \\ \hfill & +{\zeta }_2^T(\tilde{\alpha }{\tau }_p{R}_a+\tilde{\alpha }\widehat{\tau }{R}_b){\zeta }_2+\tilde{\alpha }{\zeta }_4^T{\zeta }_4]\eta \left(t\right),\hfill \end{array}$$

(24)

where ${\zeta }_3=\left[C_i,0,{\overline{D}}_i^u{\overline{K}}_i,0,-{\overline{D}}_i^u{\overline{K}}_i,0\right]$, ${\zeta }_4=[0,0,{\tilde{D}}_i^u{\overline{K}}_i,0,$$-{\tilde{D}}_i^u{\overline{K}}_i,0]$, and

$${\mathsf{\Omega }}_b=\left[\begin{array}{cccccc}{\phi }_{11}& \overline{\tau }{R}_a& {\phi }_{13}& 0& {\phi }_{15}& {\phi }_{16}\\ *& {\phi }_{22}& {\phi }_{23}& \tilde{\tau }{\tilde{R}}_b& 0& 0\\ *& *& {\phi }_{33}& {\phi }_{34}& 0& 0\\ *& *& *& {\phi }_{44}& 0& 0\\ *& *& *& *& 0& 0\\ *& *& *& *& *& -{\gamma }^{2}I\end{array}\right],$$

which implies that ${\zeta }_1^T({\tau }_p{R}_a+\widehat{\tau }{R}_b){\zeta }_1+{\zeta }_2^T(\tilde{\alpha }{\tau }_p{R}_a+\tilde{\alpha }\widehat{\tau }{R}_b){\zeta }_2$$+{\zeta }_3^T{\zeta }_3+\tilde{\alpha }{\zeta }_4^T{\zeta }_4+{\mathsf{\Omega }}_b<0$ is established. In this way, we obtain that $\Lambda \left(t\right)\le -{\parallel \eta \left(t\right)\parallel }^2<-\lambda {\parallel x\left(t\right)\parallel }^2$, where $\lambda \in {\mathbb{R}}_{>0}$. From this, we can conclude that MJCPSs (1) are stochastically stable and have an $H_{\infty }$ disturbance attenuation level $\gamma$.

Finally, based on the developed resilient event-triggered rule (8), it follows from condition (24) that

$$\begin{array}{cc}\hfill \Lambda \left(t\right)& \le \tilde{\Lambda }\left(t\right)+\alpha \left(t\right){\mathcal{J}}_d\hfill \\ \hfill & ={\eta }^T\left(t\right)[{\mathsf{\Omega }}_c+{\zeta }_1^T({\tau }_p{R}_a+\widehat{\tau }{R}_b){\zeta }_1+{\zeta }_2^T(\tilde{\alpha }{\tau }_p{R}_a\hfill \\ \hfill & +\tilde{\alpha }\widehat{\tau }{R}_b){\zeta }_2+{\zeta }_3^T{\zeta }_3+\tilde{\alpha }{\zeta }_4^T{\zeta }_4]\eta \left(t\right)+(1-\alpha \left(t\right)){\mathcal{J}}_d,\hfill \end{array}$$

(25)

where $\tilde{\Lambda }\left(t\right)=\Lambda \left(t\right)+\sigma x^T\left(t_k\right){\mathrm{\Theta }}_{b}x\left(t_k\right)-e_a^T\left(t\right){\mathrm{\Theta }}_a{e}_a\left(t\right)$ and ${\mathsf{\Omega }}_c$ is given in condition (13). By Schur’s complement lemma, it is concluded that the objective term $\tilde{\Lambda }\left(t\right)$ in (25) is equivalent to $\mathsf{\Omega }$ in (13). Thus, it is derived that $\tilde{\Lambda }\left(t\right)\le -\tilde{\lambda }{\parallel x\left(t\right)\parallel }^2$, where $\tilde{\lambda }\in {\mathbb{R}}_{>0}$. This implies that $\mathfrak{L}V(x\left(t\right),r\left(t\right))\le -\widehat{\lambda }V(x\left(t\right),r\left(t\right))$ is established, where $\widehat{\lambda }=\tilde{\lambda }/{\lambda }_{max}\left(P_i\right)$ represents the decay rate and ${\lambda }_{max}\left(P_i\right)$ represents the maximum eigenvalue of $P_i$. From this, we can obtain that

$$\mathfrak{L}V(x\left(t\right),r\left(t\right))\le -\widehat{\lambda }V(x\left(t\right),r\left(t\right))+(1-\alpha \left(t_n^{\ell }\right)){\mathcal{J}}_d,$$

(26)

where $t\in [t_n^{\ell },t_n^{\ell +1})$. Then, it follows from condition (26) that

$$\begin{array}{c}\hfill \mathbb{E}\left[V\left(x\right(t),r(t\left)\right)\right]\le \mathbb{E}\left[V\left(x\right(0),r(0\left)\right)\right]+\frac{(1-\alpha \left(t_n^{\ell }\right)){\mathcal{J}}_d}{\widehat{\lambda }},\end{array}$$

(27)

which implies that

$$\begin{array}{cc}\hfill & \mathbb{E}\left\{{\int }_0^{\infty }{x}^T\left(t\right)x\left(t\right)\mathrm{dt}\mid (x\left(0\right),r\left(0\right))\right\}\hfill \\ \hfill & \le \hslash \mathbb{E}\left[V\left(x\right(0),r(0\left)\right)\right]+\frac{(1-\alpha \left(t_n^{\ell }\right))\hslash {\mathcal{J}}_d}{\widehat{\lambda }}\hfill \\ \hfill & =\mathcal{M}\left(x\right(0),r(0\left)\right),\hfill \end{array}$$

(28)

where $\hslash ={\lambda }_{min}^{-1}\left(P_i\right)$ and ${\lambda }_{min}\left(P_i\right)$ is the minimum eigenvalue of $P_i$. In this case, it can be concluded that ${\parallel x\left(t\right)\parallel }^2$ is bounded by $\mathcal{M}\left(x\right(0),r(0\left)\right)$. Meanwhile, the maximum performance loss induced by DoS attacks is calculated as ${\mathcal{J}}_{max}=\hslash {\lambda }_d{\mathcal{J}}_d$, where ${\lambda }_d=1/\widehat{\lambda }$. This completes the proof. □

3.2. Feasibility Criterion

In this subsection, the main objective is to find the minimum update rate, which aims to avoid Zeno behavior with an unlimited number of transmission instants in a finite time period. The maximum downtime of (8) under DoS attacks is calculated.

Theorem 2.

For the closed-loop MJCPSs (12) with resilient event-triggered rule (8) and dual-mode security controller (10), Zeno behavior is strictly excluded if the inter-execution interval ${\mathrm{\Delta }}_k$, $k\in {\mathbb{N}}_0$ is greater than or equal to

$${\mathrm{\Delta }}_{min}=min\left\{{\mathrm{\Delta }}_{min}^1,{\mathrm{\Delta }}_{min}^2\right\},$$

(29)

where

$${\mathrm{\Delta }}_{min}^1=\frac{1}{{\vartheta }_1}\ln \left[\frac{{\mu }_1}{{\mu }_2}+1\right],{\mathrm{\Delta }}_{min}^2=\frac{1}{{\vartheta }_1}\ln \left[\frac{{\mu }_3}{{\mu }_4}+1\right],$$

with ${\mu }_1={\vartheta }_{1}min\{{\varsigma }_1,{\varsigma }_2\}$, ${\mu }_2=max\{{\vartheta }_2({\varsigma }_1+1),({\vartheta }_2{\varsigma }_2+{\vartheta }_3)\}$, ${\mu }_3={\vartheta }_{1}min\{{\varsigma }_3,{\varsigma }_4,{\varsigma }_5,{\varsigma }_6\}$, ${\mu }_4=max\{{\theta }_1({\varsigma }_3+1),({\theta }_1{\varsigma }_4+{\vartheta }_3),({\theta }_1{\varsigma }_5+{\vartheta }_4),{\theta }_1{\varsigma }_6\}$, ${\varsigma }_1=\left(\sqrt{2\sigma }{\varrho }_2\right)/\left(2{\varrho }_1\right)$, ${\varsigma }_2=\varpi /\left(\sqrt{2}{\varrho }_1\right)$, ${\varsigma }_3=\left(\sqrt{\sigma }{\varrho }_2\right)/\left(2{\varrho }_1\right)$, ${\varsigma }_4=\varpi /\left(2{\varrho }_1\right)$, ${\varsigma }_5=\widehat{\varpi }/\left(2{\varrho }_1\right)$, ${\varsigma }_6=\tilde{\varpi }/\left(2{\varrho }_1\right)$, ${\widehat{\mathrm{\Theta }}}_a^2={\mathrm{\Theta }}_a$, ${\widehat{\mathrm{\Theta }}}_b^2={\mathrm{\Theta }}_b$, ${\varrho }_1={\lambda }_{max}\left({\widehat{\mathrm{\Theta }}}_a\right)$, ${\varrho }_2={\lambda }_{min}\left({\widehat{\mathrm{\Theta }}}_b\right)$, ${\widehat{A}}_i=A_i+B_i^u{K}_i^a$, ${\widehat{B}}_i^u={\xi }_i\times B_i^u{K}_i^b$, ${\vartheta }_1={max}_{i\in \mathbb{S}}\{\parallel A_i\parallel \}$, ${\vartheta }_2={max}_{i\in \mathbb{S}}\{\parallel {\widehat{A}}_i\parallel \}$, ${\vartheta }_3={max}_{i\in \mathbb{S}}\{\parallel B_i^{\omega }\parallel \}$, ${\vartheta }_4={max}_{i\in \mathbb{S}}\{\parallel {\widehat{B}}_i^u\parallel \}$, and ${\xi }_i$, σ, ϖ, $\widehat{\varpi }$, and $\tilde{\varpi }\in {\mathbb{R}}_{>0}$ represent the given positive parameters. Moreover, the maximum downtime caused by DoS attacks can be calculated as ${\mathrm{\Delta }}_{max}={\vartheta }_1^{-1}\ln [({\mu }_5\Gamma )/{\mu }_6+1]$ with ${\mu }_5=max\{{\tilde{\varsigma }}_3,{\tilde{\varsigma }}_4,{\tilde{\varsigma }}_5,{\tilde{\varsigma }}_6\}$, ${\mu }_6=min\{{\vartheta }_1{\widehat{\varsigma }}_3,({\vartheta }_1{\tilde{\varsigma }}_4+{\vartheta }_3),({\vartheta }_1{\tilde{\varsigma }}_5+{\vartheta }_4),{\vartheta }_1{\tilde{\varsigma }}_6\}$, ${\tilde{\varsigma }}_3=\left(\sqrt{\sigma }{\varrho }_4\right)/{\varrho }_3$, ${\tilde{\varsigma }}_4=\varpi /{\varrho }_3$, ${\tilde{\varsigma }}_5=\widehat{\varpi }/{\varrho }_3$, ${\tilde{\varsigma }}_6=\widehat{\varpi }/{\varrho }_3$, ${\widehat{\varsigma }}_3=1+{\tilde{\varsigma }}_3$, $\Gamma ={\vartheta }_1[1+{\sum }_{n_f=1}^{N_{\mathrm{dos}}+1}{2}^{n_f-1}{\widehat{\varsigma }}_3]$, $N_{\mathrm{dos}}={\mathrm{\Delta }}_{min}^{-1}({\mathcal{T}}_{n+1}-{\mathcal{T}}_n^{\mathrm{on}})$, ${\varrho }_3={\lambda }_{min}\left({\widehat{\mathrm{\Theta }}}_a\right)$, and ${\varrho }_4={\lambda }_{max}\left({\widehat{\mathrm{\Theta }}}_b\right)$.

Proof. 

See the Appendix A. □

Remark 3.

In view of the proposed resilient event-triggered rule (8), the purpose is to characterize two possible data update policies generated by intermittent DoS attacks through random variable $\alpha \left(t\right)$, where $\alpha \left(t\right)=1$ and $\alpha \left(t\right)=0$ represent dormant and active DoS attacks, respectively. Here, the existence of ${\mathcal{J}}_d$ makes the triggering threshold when $\alpha \left(t\right)=0$ greater than that when $\alpha \left(t\right)=1$. This implies that a higher triggering threshold may determine fewer packets to be transmitted. Note that it is quite possible to transmit a large number of packets in a short period of time because of an inappropriate event-triggered rule. Therefore, regardless of whether the triggering threshold is low or high, Zeno behavior needs to be strictly avoided. Moreover, the exogenous disturbance can direct the trajectory of $\parallel e_a\left(t\right)\parallel$ in the resilient event-triggered rule (8). In order to prevent the influence of the disturbance signal on the estimation of $\parallel e_a\left(t\right)\parallel$, it is necessary to develop an improved triggering inequality when discussing the feasibility of resilient event-triggered rule (8).

Remark 4.

Note that the unreasonable event-triggered rules may also lead to singular triggering, which is another abnormal behavior that cannot transmit for a long time after a successful transmission attempt. By solving the maximum inter-execution interval between two consecutive transmissions, it is concluded that singular triggering can be avoided to guarantee the validity of the developed event-triggered rules. Due to intermittent DoS attacks, a large number of packets cannot be transmitted within the active DoS subintervals. Thus, it is necessary to characterize the maximum downtime between two adjacent successful updates to estimate the impact of intermittent DoS attacks on control performance. However, few results discuss this critical issue, and it is difficult to obtain an explicit representation for the maximum downtime caused by DoS attacks. Furthermore, similar to the procedures for avoiding Zeno behavior, we also study the potential impact of disturbance signal on calculating the maximum downtime.

4. Design of Dual-Mode Security Controller under Resilient Event-Triggered Rule

In this section, inspired by the theoretical results of stability analysis under the resilient event-triggered rule (8), we present a design procedure of the proposed dual-mode security control protocol. The following results illustrate the stated objectives.

Theorem 3.

Given positive scalars σ, α, ${\tau }_p$, ${\tau }_q$, γ, ${\xi }_i\in {\mathbb{R}}_{>0}$, there is a dual-mode security controller (10) such that MJCPSs (1) are stochastically stable in the presence of intermittent DoS signal and have an $H_{\infty }$ disturbance attenuation level γ, if there are positive definite matrices $X_i>0$, ${\tilde{Q}}_i^a>0$, ${\tilde{Q}}_i^b>0$, ${\tilde{S}}_i^a>0$, ${\tilde{S}}_i^b>0$, ${\tilde{R}}_i^a>0$, ${\widehat{R}}_i^b>0$, ${\overline{\mathrm{\Theta }}}_a>0$, ${\overline{\mathrm{\Theta }}}_b>0$, and real matrices ${\overline{R}}_i^b$, $Y_i^a$, and $Y_i^b$ with appropriate dimensions such that the following conditions are satisfied:

$${\mathsf{\Omega }}_{★}=\left[\begin{array}{cc}\overline{\mathsf{\Omega }}& {\Xi }_i\\ *& {\Lambda }_i^1\end{array}\right]<0,{\mathcal{R}}_{★}=\left[\begin{array}{cc}{\widehat{R}}_i^b& {\overline{R}}_i^b\\ *& {\widehat{R}}_i^b\end{array}\right]>0,$$

(30)

$$\left[\begin{array}{cc}{\mathcal{Q}}_1& {\Xi }_i\\ *& {\Lambda }_i^2\end{array}\right]<0,\left[\begin{array}{cc}{\mathcal{Q}}_2& {\Xi }_i\\ *& {\Lambda }_i^3\end{array}\right]<0,$$

(31)

where $\overline{\mathsf{\Omega }}=[{\tilde{\mathsf{\Omega }}}_c,{\tilde{\mathsf{\Omega }}}_1,{\tilde{\mathsf{\Omega }}}_2;{\tilde{\mathsf{\Omega }}}_1^T,{\tilde{\mathsf{\Omega }}}_3,0;{\tilde{\mathsf{\Omega }}}_2^T,0,{\tilde{\mathsf{\Omega }}}_4]$, $\check{\mathsf{\Omega }}=[{\tilde{\mathsf{\Omega }}}_1,{\tilde{\mathsf{\Omega }}}_2]$,

$$\begin{array}{c}\hfill \check{\mathsf{\Omega }}=\left[\begin{array}{cccccc}{X}_i^T{A}_i^T& X_i^T{A}_i^T& 0& 0& X_i^T{C}_i^T& 0\\ 0& 0& 0& 0& 0& 0\\ {\overline{\phi }}_1& {\overline{\phi }}_1& {\overline{\phi }}_2& {\overline{\phi }}_2& {\overline{\phi }}_3& {\overline{\phi }}_4\\ 0& 0& 0& 0& 0& 0\\ -{\overline{\phi }}_1& -{\overline{\phi }}_1& -{\overline{\phi }}_2& -{\overline{\phi }}_2& -{\overline{\phi }}_3& -{\overline{\phi }}_4\\ B_i^{\omega T}& B_i^{\omega T}& 0& 0& 0& 0\end{array}\right],\end{array}$$

$$\begin{array}{cc}& {\tilde{\mathsf{\Omega }}}_c=\left[\begin{array}{cccccc}{\widehat{\phi }}_{11}& \overline{\tau }{\tilde{R}}_i^a& {\widehat{\phi }}_{13}& 0& {\widehat{\phi }}_{15}& {\widehat{\phi }}_{16}\\ *& {\widehat{\phi }}_{22}& {\widehat{\phi }}_{23}& \tilde{\tau }{\overline{R}}_i^b& 0& 0\\ *& *& {\widehat{\phi }}_{33}& {\widehat{\phi }}_{34}& {\widehat{\phi }}_{35}& 0\\ *& *& *& {\widehat{\phi }}_{44}& 0& 0\\ *& *& *& *& {\widehat{\phi }}_{55}& 0\\ *& *& *& *& *& -{\gamma }^{2}I\end{array}\right],\hfill \\ & {\tilde{\mathsf{\Omega }}}_3=-\mathrm{diag}[2\overline{\tau }{X}_i-\overline{\tau }{\tilde{R}}_i^a,2\tilde{\tau }{X}_i-\tilde{\tau }{\widehat{R}}_i^b,2\widehat{\alpha }\overline{\tau }{X}_i-\widehat{\alpha }\overline{\tau }{\tilde{R}}_i^a],\hfill \\ & {\tilde{\mathsf{\Omega }}}_4=-\mathrm{diag}[2\widehat{\alpha }\tilde{\tau }{X}_i-\widehat{\alpha }\tilde{\tau }{\widehat{R}}_i^b,I,\widehat{\alpha }I],{\overline{\mathrm{\Theta }}}_a{\overline{\mathrm{\Theta }}}_b={\mathrm{\Theta }}_a^{-1}{\mathrm{\Theta }}_b^{-1},\hfill \\ & {\Lambda }_i^1=-\mathrm{diag}[X_1,\dots ,X_{i-1},X_{i+1},\dots ,X_S],{\widehat{\phi }}_{16}=B_i^{\omega }{X}_i,\hfill \\ & {\Lambda }_i^2=-\mathrm{diag}[2X_1-{\tilde{Q}}_1^a,\dots ,2X_{i-1}-{\tilde{Q}}_{i-1}^a,2X_{i+1}\hfill \\ & -{\tilde{Q}}_{i+1}^a,\dots ,2X_S-{\tilde{Q}}_S^a],{\mathcal{Q}}_1={\pi }_{ii}{\tilde{Q}}_i^a-{\tilde{S}}_i^a,\hfill \\ & {\Lambda }_i^3=-\mathrm{diag}[2X_1-{\tilde{Q}}_1^b,\dots ,2X_{i-1}-{\tilde{Q}}_{i-1}^b,2X_{i+1}\hfill \\ & -{\tilde{Q}}_{i+1}^b,\dots ,2X_S-{\tilde{Q}}_S^b],{\mathcal{Q}}_2={\pi }_{ii}{\tilde{Q}}_i^b-{\tilde{S}}_i^b,\hfill \\ & {\Xi }_i=[\sqrt{{\pi }_{i1}}{X}_i^T,\dots ,\sqrt{{\pi }_{i(i-1)}}{X}_i^T,\sqrt{{\pi }_{i(i+1)}}{X}_i^T,\dots ,\hfill \\ & \sqrt{{\pi }_{iS}}{X}_i^T],{\widehat{\phi }}_{22}={\tilde{Q}}_i^b-{\tilde{Q}}_i^a-\overline{\tau }{\tilde{R}}_i^a-\tilde{\tau }{\widehat{R}}_i^b,\hfill \end{array}$$

$$\begin{array}{cc}& {\overline{\phi }}_1^T=\alpha B_i^u{Y}_i^a+\overline{\alpha }{\xi }_i{B}_i^u{Y}_i^b,{\overline{\phi }}_2^T=B_i^u{Y}_i^a-{\xi }_i{B}_i^u{Y}_i^b,\hfill \\ & {\overline{\phi }}_3^T=\alpha D_i^u{Y}_i^a+\overline{\alpha }{\xi }_i{D}_i^u{Y}_i^b,{\overline{\phi }}_4^T=D_i^u{Y}_i^a-{\xi }_i{D}_i^u{Y}_i^b,\hfill \\ & {\widehat{\phi }}_{11}=-\overline{\tau }{\tilde{R}}_i^a+{\tilde{Q}}_i^a+{\tau }_p{\tilde{S}}_i^a+\widehat{\tau }{\tilde{S}}_i^b+{\pi }_{ii}{X}_i+X_i^T{A}_i^T\hfill \\ & +A_i{X}_i,{\widehat{\phi }}_{13}=-{\widehat{\phi }}_{15}=\alpha B_i^u{Y}_i^a+\overline{\alpha }{\xi }_i{B}_i^u{Y}_i^b,\hfill \\ & {\widehat{\phi }}_{23}={\widehat{\phi }}_{34}=\tilde{\tau }{\widehat{R}}_i^b-\tilde{\tau }{\overline{R}}_i^b,{\widehat{\phi }}_{55}=2\widehat{\sigma }{X}_i-\sigma {\overline{\mathrm{\Theta }}}_a+{\overline{\mathrm{\Theta }}}_b,\hfill \\ & {\widehat{\phi }}_{33}=-2{\widehat{\phi }}_{23}+{\widehat{\phi }}_{35}=2\tilde{\tau }{\overline{R}}_i^b-2\tilde{\tau }{\widehat{R}}_i^b-2\sigma X_i+\sigma {\overline{\mathrm{\Theta }}}_b,\hfill \\ & {\widehat{\phi }}_{35}=-2\sigma X_i+\sigma {\overline{\mathrm{\Theta }}}_b,{\widehat{\phi }}_{44}=-{\tilde{Q}}_i^b-\tilde{\tau }{\widehat{R}}_i^b,\widehat{\sigma }=\sigma -1,\hfill \end{array}$$

and the remaining parameters are defined in Theorem 1. Then, the gains of the dual-mode security controller can be computed as

$$K_i^a=Y_i^a{X}_i^{-1},K_i^b=Y_i^b{X}_i^{-1},\forall i\in \mathbb{S}$$

(32)

Proof. 

Firstly, define the following new variables as $X_i=P_i^{-1}$, ${\tilde{Q}}_i^a=X_i^T{Q}_i^a{X}_i$, ${\tilde{Q}}_i^b=X_i^T{Q}_i^b{X}_i$, ${\tilde{S}}_i^a=X_i^T{S}_a{X}_i$, ${\tilde{S}}_i^b=X_i^T{S}_b{X}_i$, ${\tilde{R}}_i^a=X_i^T{R}_a{X}_i$, ${\widehat{R}}_i^b=X_i^T{R}_b{X}_i$, ${\overline{R}}_i^b=X_i^T{\tilde{R}}_b{X}_i$, ${\tilde{\mathrm{\Theta }}}_i^a=X_i^T{\mathrm{\Theta }}_a{X}_i$, and ${\tilde{\mathrm{\Theta }}}_i^b=X_i^T{\mathrm{\Theta }}_b{X}_i$. Then, based on the proof of Theorem 1, it can be seen that only the parameters ${\mathsf{\Omega }}_c$, ${\mathsf{\Omega }}_1$, and ${\mathsf{\Omega }}_2$ in (13) can affect the solution of security control gains $K_i^a$ and $K_i^b$. To characterize an explicit form of control gains, the left-hand inequality in (13) can be transformed into

$$\mathsf{\Omega }=\left[\begin{array}{ccc}{\mathsf{\Omega }}_c& {\widehat{\mathsf{\Omega }}}_1& {\widehat{\mathsf{\Omega }}}_2\\ *& {\widehat{\mathsf{\Omega }}}_3& 0\\ *& *& {\widehat{\mathsf{\Omega }}}_4\end{array}\right],$$

(33)

where

$$\begin{array}{c}\hfill {\widehat{\mathsf{\Omega }}}_1=\left[\begin{array}{ccc}{A}_i^T& A_i^T& 0\\ 0& 0& 0\\ {\overline{K}}_i^T{\overline{B}}_i^{uT}& {\overline{K}}_i^T{\overline{B}}_i^{uT}& {\overline{K}}_i^T{\tilde{B}}_i^{uT}\\ 0& 0& 0\\ -{\overline{K}}_i^T{\overline{B}}_i^{uT}& -{\overline{K}}_i^T{\overline{B}}_i^{uT}& -{\overline{K}}_i^T{\tilde{B}}_i^{uT}\\ B_i^{\omega T}& B_i^{\omega T}& 0\end{array}\right],\end{array}$$

$$\begin{array}{c}\hfill {\widehat{\mathsf{\Omega }}}_2=\left[\begin{array}{ccc}0& C_i^T& 0\\ 0& 0& 0\\ {\overline{K}}_i^T{\tilde{B}}_i^{uT}& {\overline{K}}_i^T{\overline{D}}_i^{uT}& {\overline{K}}_i^T{\tilde{D}}_i^{uT}\\ 0& 0& 0\\ -{\overline{K}}_i^T{\tilde{B}}_i^{uT}& -{\overline{K}}_i^T{\overline{D}}_i^{uT}& -{\overline{K}}_i^T{\tilde{D}}_i^{uT}\\ 0& 0& 0\end{array}\right],\end{array}$$

and $\mathrm{diag}\{{\widehat{\mathsf{\Omega }}}_3,{\widehat{\mathsf{\Omega }}}_4\}=-\mathrm{diag}{\{{\tau }_p{R}_a,\widehat{\tau }{R}_b,\tilde{\alpha }{\tau }_p{R}_a,\tilde{\alpha }\widehat{\tau }{R}_b,I,\tilde{\alpha }I\}}^{-1}$.

Then, by post- and pre-multiplying both sides of (33) with $\mathrm{diag}\{\underset{5}{\underbrace{X_i,\dots ,X_i}},\underset{7}{\underbrace{I,\dots ,I}}\}$ and its transpose, we obtain

$$\tilde{\mathsf{\Omega }}=\left[\begin{array}{cccc}{\tilde{\mathsf{\Omega }}}_c& {\tilde{\mathsf{\Omega }}}_1& {\tilde{\mathsf{\Omega }}}_2& {\Xi }_i\\ *& {\widehat{\mathsf{\Omega }}}_3& 0& 0\\ *& *& {\widehat{\mathsf{\Omega }}}_4& 0\\ *& *& *& {\Lambda }_i^1\end{array}\right]<0,$$

(34)

where ${\tilde{\mathsf{\Omega }}}_c$, ${\tilde{\mathsf{\Omega }}}_1$, ${\tilde{\mathsf{\Omega }}}_2$, ${\Xi }_i$, and ${\Lambda }_i^1$ are defined in Theorem 3. Next, the nonlinear terms $R_a^{-1}$ and $R_b^{-1}$ in condition (34) are further rewritten as $-R_a^{-1}=-X_i{\left(X_i^T{R}_a{X}_i\right)}^{-1}{X}_i^T\le -2X_i+{\tilde{R}}_i^a$ as $-R_b^{-1}=-X_i{\left(X_i^T{R}_b{X}_i\right)}^{-1}{X}_i^T\le -2X_i+{\widehat{R}}_i^b$, respectively. Substituting the resulting inequalities into (34), it is concluded that the left-hand inequality in (30) is established.

In a similar way, by post-multiplying and pre-multiplying both sides of the right-hand inequality in condition (13) with $\mathrm{diag}\{X_i,X_i\}$ and its transpose, then we obtain the conclusion that the right-hand inequality in (30) is true. In addition, it follows from (14) that

$$X_i^T\sum _{j=1}^S{\pi }_{ij}{Q}_j^a{X}_i<{\tilde{S}}_i^a,X_i^T\sum _{j=1}^S{\pi }_{ij}{Q}_j^b{X}_i<{\tilde{S}}_i^b$$

(35)

which can be equivalent to

$${\mathcal{Q}}_1+X_i^T\sum _{j\ne i}{\pi }_{ij}{Q}_j^a{X}_i<0$$

(36)

and

$${\mathcal{Q}}_2+X_i^T\sum _{j\ne i}{\pi }_{ij}{Q}_j^b{X}_i<0,$$

(37)

where ${\mathcal{Q}}_1$ and ${\mathcal{Q}}_2$ are given in Theorem 3. According to the Schur complement lemma, it can be deduced that

$$\left[\begin{array}{cc}{\mathcal{Q}}_1& {\Xi }_i\\ *& {\overline{\Lambda }}_i^2\end{array}\right]<0,\left[\begin{array}{cc}{\mathcal{Q}}_2& {\Xi }_i\\ *& {\overline{\Lambda }}_i^3\end{array}\right]<0,$$

(38)

where

$$\begin{array}{cc}\hfill {\overline{\Lambda }}_i^2& =-\mathrm{diag}{\left[Q_1^a,\dots ,Q_{i-1}^a,Q_{i+1}^a,\dots ,Q_S^a\right]}^{-1},\hfill \\ \hfill {\overline{\Lambda }}_i^3& =-\mathrm{diag}{\left[Q_1^b,\dots ,Q_{i-1}^b,Q_{i+1}^b,\dots ,Q_S^b\right]}^{-1}.\hfill \end{array}$$

As for the nonlinear terms $-{\left(Q_i^a\right)}^{-1}$ and $-{\left(Q_i^b\right)}^{-1}$, $\forall j\ne i$ in ${\overline{\Lambda }}_i^2$ and ${\overline{\Lambda }}_i^3$, it can be further rewritten as

$$-{\left(Q_i^a\right)}^{-1}\le -2X_i+{\tilde{Q}}_i^a,$$

(39)

implying the same solution for $-{\left(Q_i^b\right)}^{-1}$. Therefore, it can be concluded that (38) can be guaranteed by condition (31). This completes the proof. □

5. Simulation Example

In this section, a simulation example is given to demonstrate the effectiveness of the event-based dual-mode security control strategy under DoS attacks.

As shown in Figure 4, we consider a Pulse-Width Modulation (PWM)-driven boost converter borrowed from [44], which can be captured by

$$\left\{\begin{array}{c}{\dot{E}}_c\left(t\right)=-\frac{1}{RC}{E}_c\left(t\right)+(1-s\left(t\right))\frac{1}{C}{I}_{\ell }\left(t\right)\hfill \\ {\dot{I}}_{\ell }\left(t\right)=-(1-s\left(t\right))\frac{1}{L}{E}_c\left(t\right)+s\left(t\right)\frac{1}{L}{E}_s\left(t\right)\hfill \end{array}\right.$$

(40)

where L, C and R denote the inductance, capacitance and load resistance, respectively. $E_c\left(t\right)$ and $E_s\left(t\right)$ represent the terminal voltage and source voltage of the capacitor, respectively. $I_{\ell }\left(t\right)$ is the current through the inductance. $s\left(t\right)$ is a switching signal controlled by a PWM-driven boost converter. Here, as a typical circuit system, the role of using a PWM-driven boost converter is to obtain higher voltage. Let $x\left(t\right)=\mathrm{col}\{E_c\left(t\right),I_L\left(t\right),1\}$ be the system state, then the differential Equation (40) is further rewritten as $\dot{x}\left(t\right)=A_{r\left(t\right)}x\left(t\right)$, $r\left(t\right)\in \{1,2\}$, where the system parameters are $A_1=[-1/RC,1/C,0;-1/L,0,0;0,0,0]$ and $A_2=[-1/RC,0,0;0,0,1/L;0,0,0]$. Selecting $L=1H$, $C=1F$, and $R=1\mathsf{\Omega }$, all parameters can be listed as follows: Mode 1:

$$\begin{array}{cc}& A_1=\left[\begin{array}{ccc}-1& 1& 0\\ -1& 0& 0\\ 0& 0& 0\end{array}\right],B_1^{\omega }=\left[\begin{array}{ccc}0.27& -0.19& -0.46\\ -0.21& -0.15& 0.32\\ 0.55& -0.43& 0.17\end{array}\right],\hfill \\ & C_1=\left[\begin{array}{ccc}-0.11& 0.29& 0.30\\ 0.05& 0.35& 0.10\\ -0.10& 0.48& 0.20\end{array}\right],D_1^u=\left[\begin{array}{c}-0.19\\ 0.15\\ 0.23\end{array}\right].\hfill \end{array}$$

Figure 4. PWM-driven boost converter.

Mode 2:

$$\begin{array}{cc}& A_2=\left[\begin{array}{ccc}-1& 0& 0\\ 0& 0& 1\\ 0& 0& 0\end{array}\right],B_2^{\omega }=\left[\begin{array}{ccc}0.36& -0.16& -0.25\\ -0.10& 0.35& -0.46\\ 0.32& 0.21& -0.19\end{array}\right],\hfill \\ & C_2=\left[\begin{array}{ccc}-0.20& -0.25& 0.32\\ -0.10& 0.20& 0.34\\ -0.20& 0.20& 0.35\end{array}\right],D_2^u=\left[\begin{array}{c}0.17\\ -0.21\\ 0.39\end{array}\right],\hfill \end{array}$$

and $B_1^u=B_2^u={\left[\begin{array}{ccc}-0.1& 0.4& 0.5\end{array}\right]}^T$. Without loss of generality, the transition rate matrix is given as

$$\mathrm{\Pi }=\left[\begin{array}{cc}-1.2& 1.2\\ 0.5& -0.5\end{array}\right],$$

and the exogenous disturbance signal is assumed to be $\omega \left(t\right)=0.1sin\left(x\right(t\left)\right)$. According to Theorem 3, the given constants are selected as ${\tau }_p=0.1$, ${\tau }_q=0.2$, ${\xi }_1=0.2$, ${\xi }_2=0.5$, $\alpha =0.46$, $\sigma =0.012$, and $\gamma =3$. Then, the security controller gains and weighting matrices can be calculated as

$$\begin{array}{cc}& K_1^a=\left[\begin{array}{ccc}0.3616& -0.9208& -0.7812\end{array}\right],\hfill \\ & K_2^a=\left[\begin{array}{ccc}0.1194& -0.7287& -1.3834\end{array}\right],\hfill \\ & K_1^b=\left[\begin{array}{ccc}1.8081& -4.6038& -3.9062\end{array}\right],\hfill \\ & K_2^b=\left[\begin{array}{ccc}0.2387& -1.4573& -2.7667\end{array}\right],\hfill \\ & {\mathrm{\Theta }}_a=\left[\begin{array}{ccc}0.1133& 0.0031& 0.0025\\ 0.0031& 0.1059& -0.0144\\ 0.0025& -0.0144& 0.0904\end{array}\right],\hfill \\ & {\mathrm{\Theta }}_b=\left[\begin{array}{ccc}1.2865& -0.3221& -0.3076\\ -0.3221& 2.2103& 1.7366\\ -0.3076& 1.7366& 4.2373\end{array}\right].\hfill \end{array}$$

Under the initial state $x\left(0\right)={\left[\begin{array}{ccc}-0.25& 0.15& 0.24\end{array}\right]}^T$, Figure 5 presents the state trajectories by using the proposed dual-mode security controller (10) when DoS attacks are not injected over the shared communication network. The time evolution of the regulated output $z\left(t\right)$ and actual state error $e_a\left(t\right)$ without DoS attacks are shown in Figure 6 and Figure 7, respectively. Obviously, by using the developed dual-mode security controller (10), the closed-loop MJCPSs (12) achieve stochastic stability and have good robustness. In Figure 8, we show the event-triggered instants determined by the resilient event-triggered condition (8) in the absence of DoS attacks, in which the number of successful transmissions is 67. From this, the average transmission period is calculated as $0.7463$ $\mathrm{s}$. Note that the proposed resilient event-triggered rule (8) is equivalent to the static event-triggered rule when DoS attacks do not occur. Once malicious attackers inject DoS attacks into the communication network, Figure 9 provides schematic diagrams of DoS attacks and system modes, where $\alpha \left(t\right)=0$ and $\alpha \left(t\right)=1$ represent the active and dormant DoS intervals, respectively. Then, based on the different values of ${\mathcal{J}}_d$, DoS attacks can be divided into two types, namely low-intensity and high-intensity DoS attacks. Assume that the upper bound of performance loss caused by low-intensity DoS attacks is ${\mathcal{J}}_d=1.0\times {10}^{-4}$. In this case, Figure 10 shows the state response under the proposed dual-mode event-triggered security controller (10). Figure 11 presents the event-triggered instants determined by the resilient event-triggered condition (8) under low-intensity DoS attacks, where the number of the successful transmissions is 21. From this, the average transmission period is calculated as $2.3810$ $\mathrm{s}$. Compared with the situation without DoS attacks, the system state can only converge to a bounded range when the time approaches infinity, indicating that DoS attacks caused a serious negative impact on the system performance. Although the event triggering interval does not exceed the maximum inter-execution interval ${\mathrm{\Delta }}_{max}$ calculated in Theorem 2, the controller remains in an unreleased state for a long time. On the other hand, assume that the upper bound of performance loss caused by low-intensity DoS attacks is ${\mathcal{J}}_d=0.1$. In this case, Figure 12 shows the state response under the proposed dual-mode event-triggered security controller (10). Compared with the above two situations, it can be seen that the system state cannot converge to zero when the time tends to infinity. This means that high-intensity DoS attacks can cause irreversible damage to the control performance of the system. Figure 13 shows the triggering instant and transmission sequence under high-intensity DoS attacks, where the number of the successful transmissions is 13 and the average transmission period is calculated as $3.8462$ $\mathrm{s}$. From this, it can be seen that once the event-triggering interval exceeds the maximum allowable inter-execution interval ${\mathrm{\Delta }}_{max}$, the system will completely lose control performance due to the controller not being updated for a long time. This means that the proposed event dual-mode event-triggered security controller (10) can ensure the safe and stable operation of the system under a specific DoS attack intensity.

Figure 5. State responses without DoS attacks.

Figure 6. Evolution of the regulated output without DoS attacks.

Figure 7. Evolution of the actual state error without DoS attacks.

Figure 8. Update instants without DoS attacks.

Figure 9. Top: (a) DoS signal. Bottom: (b) Switching signal.

Figure 10. State responses under DoS attacks with ${\mathcal{J}}_d={10}^{-4}$.

Figure 11. Update instants under DoS attacks with ${\mathcal{J}}_d={10}^{-4}$.

Figure 12. State responses under DoS attacks with ${\mathcal{J}}_d=0.1$.

Figure 13. Update instants under DoS attacks with ${\mathcal{J}}_d=0.1$.

On the other hand, in order to further demonstrate the effectiveness of the proposed control strategy, we consider a DC motor-driven inverted pendulum systems, which is modeled in [45]. The system parameters are as follows:

$$\begin{array}{cc}& A_1=\left[\begin{array}{ccc}-0.1397& -0.0256& 0\\ 0.5121& -0.0373& 0\\ -20& -4& -1\end{array}\right],B_1=\left[\begin{array}{c}0\\ 0\\ 1\end{array}\right]\hfill \\ & A_2=\left[\begin{array}{ccc}-0.0113& -0.0037& 0\\ 0.1470& -0.0181& 0\\ -20& -4& -5\end{array}\right],B_2=\left[\begin{array}{c}0\\ 0\\ 1\end{array}\right]\hfill \end{array}$$

and the other parameters remain unchanged. Then, the security controller gains and weighting matrices can be calculated as

$$\begin{array}{cc}& K_1^a=\left[\begin{array}{ccc}0.1465& -0.9058& -1.5451\end{array}\right],\hfill \\ & K_2^a=\left[\begin{array}{ccc}0.1605& -0.7635& -1.6873\end{array}\right],\hfill \\ & K_1^b=\left[\begin{array}{ccc}0.1321& -0.6166& -1.6526\end{array}\right],\hfill \\ & K_2^b=\left[\begin{array}{ccc}0.1646& -0.4531& -1.7936\end{array}\right],\hfill \end{array}$$

$$\begin{array}{cc}& {\mathrm{\Theta }}_a=\left[\begin{array}{ccc}0.7879& -1.6667& -2.8783\\ -1.6667& 7.7217& 14.9392\\ -2.8783& 14.9392& 31.7294\end{array}\right],\hfill \\ & {\mathrm{\Theta }}_b=\left[\begin{array}{ccc}0.9435& -1.4992& -3.2100\\ -1.4992& 3.9094& 9.2297\\ -3.2100& 9.2297& 25.6459\end{array}\right].\hfill \end{array}$$

Under the initial state $x\left(0\right)={\left[\begin{array}{ccc}-0.25& 0.15& 0.24\end{array}\right]}^T$, Figure 14 presents the state trajectories by using the proposed dual-mode security controller (10) when DoS attacks are not injected over the shared communication network. Similarly, assume that the upper bound of performance loss caused by low-intensity DoS attacks is ${\mathcal{J}}_d=1.0\times {10}^{-4}$. In this case, Figure 15 shows the state response under the proposed dual-mode event-triggered security controller (10), while Figure 16 shows the state response by using a general one. Therefore, it can prove the effectiveness of the dual-mode security controller proposed in this paper.

Figure 14. State responses without DoS attacks.

Figure 15. State responses under DoS attacks with ${\mathcal{J}}_d={10}^{-4}$ by using security controller.

Figure 16. State responses under DoS attacks with ${\mathcal{J}}_d={10}^{-4}$ by using general controller.

6. Conclusions

This paper addressed the problem of dual-mode event-triggered control for MJCPSs under DoS attacks. A novel random event-triggering rule determined by DoS signal was developed to select appropriate control strategies as needed based on the current network service quality. Then, the relationship between triggering signals and system modes under DoS attacks was analyzed. By calculating the minimum and maximum inter-execution intervals, Zeno behavior and singular triggering can be avoided. On this basis, a mode-dependent event-triggered security was designed to ensure the stable operation of the system under DoS attacks. Finally, a new security control strategy was proposed to tolerate the packet loss caused by DoS attacks as much as possible. In our future work, we will focus on the problem of attack detection and resilient control of unmanned aerial vehicle systems under connectivity-preserved and connectivity-broken DoS attacks from a switching perspective.