A Dynamic Event-Triggered Secure Monitoring and Control for a Class of Discrete-Time Markovian Jump Systems: A Plug-and-Play Architecture

Abstract

In modern industrial applications, production quality, system performance, process reliability, and safety have received considerable attention. This article proposes a dynamic event-triggered attack estimator for Markovian jump stochastic systems susceptible to actuator deception attacks. Utilizing the developed estimator, the presented attack-tolerant control strategy can tolerate the effects of such attacks and ensure the mean-square convergence of the overall closed-loop system. A dynamic event-triggered mechanism is implemented on the sensor side to optimize communication efficiency. To address the potential threat of deception attacks, a plug-and-play (PnP) secure monitoring and control architecture is introduced. This architecture facilitates the seamless integration of the designed attack-tolerant controller with the nominal feedback controller, thereby enhancing system security without requiring significant modifications to the existing control structure. The practicality and effectiveness of the proposed approaches are demonstrated through experimental results on a switched boost converter circuit.

1. Introduction

As Industry 4.0 progresses, wireless communication networks are increasingly supplanting wired transmissions in modern industrial systems, driven by their cost-effectiveness and superior remote transmission capabilities [1]. However, this shift towards networked communication renders these systems susceptible to a variety of cyber threats, including deception attacks, denial-of-service (DoS) attacks, and replay attacks [2,3,4]. In the field of complex system modeling, Markovian jump systems have emerged as a dominant paradigm over the past few decades. These systems are distinguished by their ability to capture abrupt structural and parametric changes, governed by underlying Markov chains [5]. Markovian jump systems have proven particularly effective in representing a diverse array of real-world applications, such as electrical power systems operating under fluctuating conditions, economic systems responding to policy shifts, and spacecraft systems influenced by variable environmental factors [6,7,8].

Deception attacks, also known as false data injection attacks, are widely recognized as the most destructive form of cyber threats [9]. These kinds of attacks compromise the integrity of control and measurement signals by injecting false data into the communication channels between sensors and actuators, which can rapidly unstabilize closed-loop systems. The detection and tolerance of such attacks are crucial in minimizing damage to critical infrastructure. Recent research has yielded significant advances in the field of deception attack detection and accommodation through various approaches. A comprehensive data-driven framework for secure data transmission and trustworthiness assessment against deception attack was proposed in [10], with subsequent work in [11] expanding this approach to detect data integrity issues, including both DoS and replay attacks. Parallel to these data-driven methods, the importance of model-based techniques for attack estimation and accommodation has gained recognition [9,12,13,14]. For instance, Ref. [12] introduced a descriptor switched sliding mode observer against deception attacks in continuous-time cyber-physical systems, focusing on attack mode identification and system state reconstruction. Similarly, Ref. [13] developed a secure attack estimator for discrete-time stochastic systems subject to random deception attacks, where an event-triggered transmission mechanism is employed to optimize the trade-off between attack estimation accuracy and energy efficiency.

Although the aforementioned studies have yielded promising results in addressing various attack scenarios, they exhibit limitations when confronted with the specific challenges posed by actuator deception attacks in Markovian jump systems. The complexities inherent in estimating attacks and implementing attack-tolerant control for this kind of system remain inadequately addressed. This gap in current research serves as a primary motivation for our present study, which aims to develop more comprehensive and robust solutions for Markovian jump systems against a variety of attacks.

It is important to highlight that in the domain of wireless communication technology, sensors are frequently powered by batteries with finite energy reserves [15,16]. In order to optimize the conservation of both battery energy and communication resources, the transmission of measurement signals to remote estimator is necessarily constrained. As a result, the transmission of signals deviates from continuous or periodic patterns. When consecutive data packets exhibit minimal variation, these signals can be categorized as redundant sampling data. In such instances, the updating or transmission of these signals becomes unnecessary, further optimizing resource utilization. This approach not only extends the operational lifespan of battery-powered sensors, but also enhances the overall efficiency of the wireless communication system in industrial applications.

The event-triggered transmission scheme has gained prominence due to its capacity to reduce transmission frequency by transmitting data only when a specific event condition is met. However, traditional approaches often employ static threshold parameters in event conditions, which cannot adequately reflect the dynamic nature of the system, leading to potential conservatism. To address this limitation, Ref. [17] first introduced a dynamic event-triggered transmission scheme that incorporates an internal dynamic variable. This innovative approach formulates the dynamic equation of the internal variable using a first-order filter, effectively making the internal variable a filtered representation of the event conditions found in traditional static event-triggered schemes. This design allows for dynamic threshold adjustment based on real-time system information.

In recent years, there has been growing interest among researchers in developing event conditions with adaptive threshold parameters for control and estimation in response to various system dynamics [18,19,20,21]. For example, a state estimator was proposed in [19] for discrete-time singularly perturbed systems with distributed time delays and dynamic event-triggered communication, ensuring exponentially mean-square ultimate boundedness of the estimation error. A subsequent study in [20] expanded this approach to an $H_{\infty }$ controller using a dynamic event-triggered mechanism to regulate data-packet transmissions. Following a similar concept of the dynamic event-triggered mechanism, Ref. [21] formulated a distributed adaptive event-triggered $H_{\infty }$ filter for sector-bounded nonlinear systems over a switching network. Nevertheless, to the best of our knowledge, the dynamic event-triggered mechanism has not yet been adequately explored for attack monitoring despite its clear engineering significance. Thus, a second motivation of this paper is to develop an efficient dynamic event-triggered transmission scheme for attack monitoring and reconstruction in Markovian jump systems.

The concept of plug-and-play (PnP) first appeared in the computer field. When a new external module is added to a computer, the system resources can be automatically configured without manually reconfiguring the total setup. PnP technology has been a focus area recently with the advantages of flexibility and reliability [22,23], which has also been extended to a wide range of applications [24,25]. However, many existing PnP methods modify the original control system without considering its structure. In many devices, the original monitoring and control systems are immutable. Therefore, the proposed attack monitoring and attack-tolerant control strategy in this study are implemented by a PnP monitoring and control architecture without changing the original system framework, and it can be designed and plugged into the original system independently.

Based on the preceding discussion, it becomes evident that there is a practical demand for a comprehensive study addressing dynamic event-triggered secure monitoring and attack-tolerant control for Markovian jump systems within a PnP framework, specifically targeting deception attacks of actuators. However, despite its clear relevance to engineering practice, this secure monitoring and control problem presents considerable theoretical challenges, primarily due to the three key factors.

(1)

Markovian jump systems pose significant challenges for attack monitoring and control due to their stochastic nature and abrupt structural changes. The primary challenge can be divided into two parts: first, designing an event-triggered estimator capable of simultaneously reconstructing system states and estimating attack signals; and second, developing an attack-tolerant controller to ensure the stability of Markovian jump systems across different operational modes, even in the presence of deception attacks.

(2)

Designing a dynamic event-triggered transmission mechanism with the corresponding attack estimator involves optimizing resource utilization by transmitting data only when necessary, while ensuring accurate attack estimation. A significant challenge arises from the inherent nature of event-triggered transmission, which can directly impact the real-time capabilities of attack monitoring. Unlike time-driven data transmission, event-triggered schemes may introduce delays or missed detections, potentially compromising the ability of the attack detector to respond promptly to attacks.

(3)

The third challenge focuses on constructing a PnP monitoring and control framework that can be integrated seamlessly into existing Markovian jump systems without modifying their original control structure. This involves designing PnP modules for attack detection and attack-tolerant control that can be independently developed and easily incorporated. The challenge lies in ensuring that the integration can not disrupt the existing nominal controller while enhancing the security of system.

This work investigates the problem of dynamic event-triggered attack estimation and attack-tolerant control for a class of Markovian jump systems. Considering actuator deception attacks, a plug-and-play secure monitoring and control architecture is implemented. The following contributions of this study are summarized as follows:

(1)

A new attack reconstruction method is proposed to estimate both the system state and deception attacks. Based on this estimator, an attack-tolerant controller is designed to stabilize the considered Markovian jump systems subject to actuator attacks. Sufficient conditions for the mean-square boundedness of both estimation errors and the closed-loop system dynamics are presented and rigorously proved.

(2)

A dynamic event-triggered transmission scheme is employed for communication between the sensor and remote estimator. This incorporates the event-triggered threshold parameter that is dynamically adjusted in order to achieve a balance between network load and the desired estimator accuracy. Furthermore, the proposed event-triggered attack monitoring strategy ensures the timely detection and alerting of deception attacks, significantly enhancing real-time monitoring capabilities.

(3)

A PnP secure monitoring and control architecture is presented in this work, which provides a reliable design approach for Markovian jump systems subject to potential deception attacks. The proposed PnP architecture is constructed to seamlessly integrate with existing control systems, enhancing system security without modifying or replacing the original control structure.

Nomenclature: In order to facilitate clarity and consistency within the context of this paper, the notations are employed as follows. $\mathbb{N}$ represents the set of nonnegative integers. the notation ${\mathbb{R}}^n$ is used to indicate an n-dimensional real vector space, while ${\mathbb{R}}^{n\times m}$ signifies a real matrix with n rows and m columns. Given a symmetric matrix $X\in {\mathbb{R}}^{n\times n}$, we denote positive (negative) definiteness by $X>0$ ($X<0$). The symbols ${\lambda }_{min}\left(X\right)$ and ${\lambda }_{max}\left(X\right)$ are used to represent the smallest and largest eigenvalues of X, respectively. We employ $I_N$ to denote the identity matrix of dimension N, and 0 to represent a zero matrix of appropriate size. Unless otherwise specified, all matrices mentioned are assumed to have compatible dimensions. Additionally, $∥·∥$ symbolizes the Euclidean norm of a vector “·”. We apply $\mathbb{E}\left[Y\right]$ to denote the expected value of Y, and $\mathrm{Prob}\left\{Y\right\}$ to indicate the probability of Y occurring. For any real number $\phi$, the notation ${\phi }^2$ is used to represent $\phi$ multiplied by itself. When dealing with a matrix $Z\in {\mathbb{R}}^{n\times m}$, the superscripts “T” and “$-1$” are utilized to denote its transpose and inverse, respectively. In matrix representations, the symbol “*” is applied to indicate elements in diagonal positions that are transposes of their counterparts.

2. Model Description

In this paper, a class of discrete-time Markovian jump stochastic systems are considered as follows:

$$\left\{\begin{array}{c}\begin{array}{c}{x}_{k+1}=A\left(r_k\right)x_k+B\left(r_k\right)\left(u_k+a_k\right)+D_1\left(r_k\right)w_k,\hfill \\ y_k=C\left(r_k\right)x_k+D_2\left(r_k\right)w_k.\hfill \end{array}\hfill \end{array}\right.$$

(1)

where the state $x_k\in {\mathbb{R}}^{nx}$ has given initial value $x_0$, the control input is $u_k\in {\mathbb{R}}^{nu}$, the measurement is $y_k\in {\mathbb{R}}^{ny}$, the noise signal is $w_k$, which is assumed to be a zero-mean Gaussian white noise sequence with $\mathbb{E}\left[w_k^T{w}_k\right]\le b_1$, and $A\left(r_k\right)$, $B\left(r_k\right)$, $C\left(r_k\right)$, $D_1\left(r_k\right)$, and $D_2\left(r_k\right)$ are known time-varying matrices with appropriate dimensions. To model the impact of deception attacks targeting the actuator of system (1), an attack signal $a_k\in {\mathbb{R}}^{na}$ is introduced. This signal represents the influence of the attacker on the system’s actuator dynamics. The dynamic behavior of the attack signal is governed by the following form:

$$a_{k+1}=F\left(r_k\right)a_k+v_k,$$

(2)

where $F\left(r_k\right)$ is a known time-varying matrix, and the initial value of the attack signal $a_0$ is also determined, the term $v_k$ represents a zero-mean Gaussian white sequence with $\mathbb{E}\left[v_k^T{v}_k\right]\le b_2$ and is also independent of $w_k$, and the bounds $b_1$ and $b_2$ are not arbitrarily chosen but are based on the analysis of real-world data relevant to the practical industrial system being modeled.

The variable $r_k$ is a limited model Markov chain in model space $S=\left\{1,2,\dots ,s\right\}$ with transition probability matrix $\psi =\left[{\lambda }_{ij}\right]$, described by:

$$Prob\left\{r_{k+1}=j\left|r_k=i\right.\right\}={\lambda }_{ij},\forall i,j\in S,$$

(3)

where ${\lambda }_{ij}\ge 0$$\left(i,j\in S\right)$ is the mode transition probability from i to j and ${\displaystyle \sum _{j=1}^s}{\lambda }_{ij}=1,\forall i\in S$. For the sake of convenience in presentation, we denote the following constant matrices with appropriate dimensions for each possible value of $r_k=i$:

$$\begin{array}{cc}\hfill A\left(r_k\right)& =A_i,B\left(r_k\right)=B_i,D_1\left(r_k\right)=D_{1,i},\hfill \\ \hfill C\left(r_k\right)& =C_i,F\left(r_k\right)=F_i,D_2\left(r_k\right)=D_{2,i}.\hfill \end{array}$$

(4)

This research is concerned with the design of an estimator-based secure control strategy for a Markovian jump stochastic system (refer to Equation (1)). This system is susceptible to an additive deception attack directed at the actuator. To accurately reflect the evolving nature of the attack, we incorporate model (2), which effectively describes these dynamic changes. This model is well-established and commonly used in the relevant literature [13]. It is crucial to distinguish our secure control strategy from those in attack-tolerant control research. Our approach has two distinctive features. First, the introduced model incorporates the dynamics of the attack signal, as governed by model (2), in contrast to other works which assume constant attack signals. Second, we consider an unknown stochastic disturbance, a factor that is often neglected in other studies. Furthermore, it is important to highlight that model (2) encompasses constant attack signals as a special case, which occurs when matrix $F\left(r_k\right)=I$. This demonstrates the comprehensive nature of our model, which is capable of accommodating both dynamic and constant attack scenarios.

Remark 1.

Given the prevalence of Gaussian noise in a multitude of practical engineering applications and systems, the detection of attacks that exploit this inherent characteristic becomes a significantly more challenging problem. By strategically employing this existing noise, attackers can effectively mask their actions, thereby enhancing the stealth and potential success of their attempts. To realistically capture this dynamic and improve the effectiveness of the deception attack model, we model $v_k$ as a Gaussian distribution. This choice closely resembles the Gaussian noise that is inherent to engineering practice, allowing the attack signal to blend seamlessly into the system’s natural noise profile. This integration substantially increases the difficulty of distinguishing between system behavior and the influence of the attacker.

Before proceeding further, it is necessary to introduce the notion of stochastic stability.

Definition 1

(Definition 2, [26]). A discrete stochastic process ${\xi }_k$ is said to be exponentially mean-square ultimately bounded if there exists real scalars ${\xi }_1$, ${\xi }_2$, and $\overline{\xi }$, such that the following conditions hold:

$$\mathbb{E}\left[{∥{\xi }_k∥}^2\right]\le {\xi }_1{\left(1-{\xi }_2\right)}^k+{\overline{\xi }}_k,\mathrm{and}\underset{k\to \infty }{lim}{\overline{\xi }}_k=\overline{\xi }.$$

(5)

where ${\xi }_1>0$, $0<{\xi }_2\le 1$, and $\overline{\xi }\ge 0$.

3. Dynamic Event-Triggered Attack-Tolerant Control

This section presents a dynamic event-triggered sensor data transmission framework for an attack-tolerant control strategy in a class of discrete-time Markovian jump stochastic systems (1). The main results are presented in three sections. Section 3.1 describes a scheme for transmitting sensor data based on dynamic events, optimizing data transmission efficiency. Section 3.2 designs an estimator using the dynamic event-triggered framework. This estimator incorporates both state estimation and attack reconstruction. Section 3.3 implements an attack-tolerant control strategy using the designed estimator. The designed secure control strategy ensures that the system (1) maintains stability, resilience, and acceptable performance, thereby enhancing the system’s ability to withstand and recover from various deception attacks.

3.1. A Dynamic Event-Triggered Sensor Data Transmission Scheme

In practical applications, sensor data are often transmitted over digital networks such as wireless local-area networks and cellular data networks, which may have limited bandwidth due to design and implementation constraints. From a resource management perspective, transmitting measurements to remote estimators at every sampling interval is inefficient. Minor fluctuations between successive output samples typically do not require immediate updates to the remote estimator. Therefore, an efficient transmission scheme is necessary to reduce transmission frequency and optimize resource utilization.

This section proposes an output-dependent dynamic event-triggered sensor data transmission scheme, as illustrated in Figure 1. This scheme determines whether current sensor information needs to be transmitted to a remote estimator. The transmission times, denoted by $0\le t_0<t_1<\cdots <t_k<\cdots$ are determined recursively based on the following event condition:

$$t_{k+1}=\underset{k\in \mathbb{E}}{min}\left\{k>t_k\left|{\varphi }_k^T{M}_1{\varphi }_k>{\displaystyle \frac{1}{{\rho }_k}}{\phi }_k^T{M}_2{\phi }_k\right.\right\},$$

(6)

where ${\phi }_k=y_k-C_i{\widehat{x}}_k$ represents the output estimation error at each time step, ${\varphi }_k=y_{t_k}-y_k$ represents the communication error between the current measurement information and the last transmitted information, and ${\widehat{x}}_k$ denotes the state reconstruction of the remote estimator with initial value ${\widehat{x}}_0$. The positive definite symmetric weighting matrices $M_1$ and $M_2$ are triggered parameters to be determined. Furthermore, ${\rho }_k$ is an internal dynamic variable in the following form:

$${\rho }_{k+1}={\rho }_k+{\phi }_k^T{M}_2{\phi }_k$$

(7)

with the given initial condition ${\rho }_0>0$.

The structure of the proposed transmission scheme for remote estimation is depicted in Figure 1, where the auxiliary system is defined in (7). At each sampling instant, the measurement information and its time stamp k are collected into an embedded system. The event generator determines whether data packets should be transmitted over the communication network via event condition (6). It also checks the time stamps of newly arrived data packets and keeps the most recent ones unchanged until an update is necessary. The output estimation error is generated by the local estimator. The threshold of the proposed transmission scheme is stored by the storage component after data transmission.

Remark 2.

Compared to static event-triggered transmission schemes [27,28], the introduction of ${\rho }_k$ is a crucial component of the dynamic event-triggered transmission scheme (6). This incorporation is partially influenced by the internal-clock-based dynamic mechanism proposed in [17] for event-triggered control systems in the continuous-time domain. Unlike the mechanism in [17], which necessitated continuous monitoring of the system’s state, our scheme operates based on measurements at discrete time instants and utilizes local information to trigger data transmission. Consequently, the value of ${\rho }_k$ can be adjusted in real-time in response to the output estimation error.

The following two lemmas present crucial properties of the internal dynamic variable ${\rho }_k$.

Lemma 1.

For the dynamic rule (7), with an initial condition ${\rho }_0>0$, the inequality ${\rho }_k>0$ holds for all $k\in \mathbb{N}$. Furthermore, the sequence $\left\{{\rho }_k\right\}$ demonstrates the property of monotonically increasing.

Proof. 

The overall proof consists of two parts. First, we use the dynamic rule (7) to establish the positivity of ${\rho }_k$. It is obvious that ${\rho }_k>0$, since ${\phi }_k^T{M}_2{\phi }_k>0$. On the other hand, the dynamic rule (7) yields the following equation:

$$\begin{array}{cc}\hfill {\rho }_{k+1}& ={\rho }_k+{\phi }_k^T{M}_2{\phi }_k\hfill \\ \hfill & ={\rho }_{k-1}+{\phi }_{k-1}^T{M}_2{\phi }_{k-1}+{\phi }_k^T{M}_2{\phi }_k\hfill \\ \hfill & \cdots \hfill \\ \hfill & ={\rho }_1+{\phi }_1^T{M}_2{\phi }_1+\cdots +{\phi }_k^T{M}_2{\phi }_k\hfill \\ \hfill & ={\rho }_0+{\phi }_0^T{M}_2{\phi }_0+\cdots +{\phi }_k^T{M}_2{\phi }_k>0,\hfill \end{array}$$

(8)

which implies that $\left\{{\rho }_k\right\}$ is a monotonically increasing sequence. This completes the proof.    □

Lemma 2.

Consider the Markovian jump stochastic system (1) subject to the dynamic event condition (6). The following inequality holds for any time instant k:

$${\varphi }_k^T{M}_1{\varphi }_k\le {\phi }_k^T{\tilde{M}}_2{\phi }_k,$$

(9)

where the initial condition ${\rho }_0>0$ and the notation ${\tilde{M}}_2={\displaystyle \frac{1}{{\rho }_0}}{M}_2$.

Proof. 

We will analyze two cases to prove the Inequality (9).

• Case 1: For $k=t_k$, the event generator determines that measurement information should be transmitted over the communication network, and the corresponding communication error is zero (i.e., ${\varphi }_k=0$). Lemma 1 guarantees that ${\rho }_k>0$. Therefore, the following inequality holds:

  $${\varphi }_k^T{M}_1{\varphi }_k\le {\displaystyle \frac{1}{{\rho }_0}}{\phi }_k^T{M}_2{\phi }_k,$$

  (10)

  where the initial condition ${\rho }_0>0$.
• Case 2: For $t_k<k<t_{k+1}$, the Inequality (10) remains valid due to the inherent property of the event-triggered scheme (6). By combining both cases, we can conclude that the following inequality holds:

  $${\varphi }_k^T{M}_1{\varphi }_k\le {\phi }_k^T{\tilde{M}}_2{\phi }_k$$

  (11)

  for any time instant k. This completes the proof.    □

Remark 3.

The proposed dynamic event-triggered transmission scheme, analyzed through Equations (6) and (7), demonstrates the following characteristics. First, the scheme reduces the event-triggered threshold parameters, thereby enhancing the frequency of data transmission. This reduction results in a significant decrease in the estimation error when the current output estimation error or transmission error is substantial. Conversely, if the current remote estimator performs well or the current transmission data exhibits only minor fluctuations, the dynamic scheme will gradually cease to adjust the threshold parameters, thereby maintaining the current estimation performance. This adaptability enables the scheme to achieve a balance between efficient data transmission and maintaining acceptable estimation accuracy.

It is noteworthy that under specific conditions, the proposed dynamic event-triggered scheme can be simplified to existing transmission mechanisms. When the internal dynamic variable ${\rho }_k$ converges to a non-zero constant value ${\rho }_c$, the scheme can be written as follows: $t_{k+1}=\underset{k\in \mathbb{N}}{min}\left\{k>t_k\left|{\varphi }_k^T{M}_1{\varphi }_k>{\displaystyle \frac{1}{{\rho }_c}}{\phi }_k^T{M}_2{\phi }_k\right.\right\}$. This equation corresponds to a static event-triggered scheme, an approach that has been well-studied and is discussed in references [28,29,30]. Additionally, if the gain matrices $M_1$ and $M_2$ are set to zero, Equation (6) reduces to the traditional time-driven transmission scenario, where data transmission occurs at pre-defined intervals. Hence, the proposed dynamic event-triggered scheme (6) offers greater flexibility in scheduling data transmission than either the static communication mechanism or the time-driven transmission scheme.

3.2. Attack Estimator

Under the above dynamic event condition (6), we are interested in designing the following attack estimator with the time period $k\in \left[t_k,t_{k+1}\right)$:

$$\left\{\begin{array}{c}\begin{array}{c}{\widehat{x}}_{k+1}=A_i{\widehat{x}}_k+K\left(r_k\right)\left(y_{t_k}-C_i{\widehat{x}}_k\right)+B_i\left(u_k+{\widehat{a}}_k\right)\hfill \\ {\widehat{a}}_{k+1}=F_i{\widehat{a}}_k+L\left(r_k\right)\left(y_{t_k}-C_i{\widehat{x}}_k\right)\hfill \end{array}\hfill \end{array}\right.$$

(12)

where the reconstructed system state, denoted by ${\widehat{x}}_k$, and the reconstructed actuator deception attack, denoted by ${\widehat{a}}_k$, are recursively calcuated through the estimation process. Matrices $K\left(r_k\right)$ and $L\left(r_k\right)$ represent estimator gains to be determined later. For notational simplicity, these also be denoted as $K_i$ and $L_i$ where $\forall i\in S$. Furthermore, state estimation error and attack reconstruction error can be represented by $e_k=x_k-{\widehat{x}}_k$ and $e_{a,k}=a_k-{\widehat{a}}_k$, respectively. Subtracting estimation form (12) from system (1) results in the state estimation error dynamics:

$$\begin{array}{cc}\hfill e_{k+1}& =x_{k+1}-{\widehat{x}}_{k+1}\hfill \\ \hfill & =A_i{x}_k+B_i\left(u_k+a_k\right)+D_{1,i}{w}_k-A_i{\widehat{x}}_k-K_i\left(y_{t_k}-C_i{\widehat{x}}_k\right)-B_i\left(u_k+{\widehat{a}}_k\right)\hfill \\ \hfill & =A_i{e}_k+B_i{e}_{a,k}+D_{1,i}{w}_k-K_i\left(y_k+{\varphi }_k-C_i{\widehat{x}}_k\right)\hfill \\ \hfill & =\left(A_i-K_i{C}_i\right)e_k+B_i{e}_{a,k}+\left(D_{1,i}-K_i{D}_{2,i}\right)w_k-K_i{\varphi }_k,\hfill \end{array}$$

(13)

and the attack estimation error dynamics:

$$\begin{array}{cc}\hfill e_{a,k+1}& =a_{k+1}-{\widehat{a}}_{k+1}\hfill \\ \hfill & =F_i{a}_k+v_k-F_i{\widehat{a}}_k-L\left(r_k\right)\left(y_{t_k}-C_i{\widehat{x}}_k\right)\hfill \\ \hfill & =F_i{e}_{a,k}-L_i\left(C_i{x}_k+D_{2,i}{w}_k-C_i{\widehat{x}}_k+{\varphi }_k\right)+v_k\hfill \\ \hfill & =F_i{e}_{a,k}-L_i{C}_i{e}_k-L_i{D}_{2,i}{w}_k-L_i{\varphi }_k+v_k.\hfill \end{array}$$

(14)

In what follows, we will rigorously prove that the state and attack estimation error associated with the estimator in Equation (12) exhibits a property of exponential mean-square boundedness using the Definition 1. This means that the mean squared value of the error tends exponentially to a certain bound over time. This mathematical result guarantees that the performance of the attack estimator improves over time and that the reconstructed attack eventually converges to the true attack with a high degree of accuracy.

Theorem 1.

Consider the discrete-time Markovian jump stochastic system described by Equation (1), incorporating the established dynamic event-triggered sensor data transmission scheme (6). Let the positive scalars $b_1$, $b_2$ and the initial event-triggered threshold parameter ${\rho }_0>0$ be given. The error dynamics governed by Equations (13) and (14) are exponentially mean-square bounded if there exists a set of positive definite symmetric matrices $P_i^1$, $P_i^2$, weighting matrices $M_1>0$, $M_2>0$, and arbitrary matrices $R_{1,i}$, $R_{2,i}$$(\forall i\in S)$ that satisfy the following condition:

$$\left[\begin{array}{cccccccc}-P_i^1& 0& 0& 0& 0& {\left({\overline{P}}_i^1{A}_i-R_{1,i}{C}_i\right)}^T& -{\left(R_{2,i}{C}_i\right)}^T& C_i^T{M}_2\\ \ast & -P_i^2& 0& 0& 0& B_i^T{\left({\overline{P}}_i^1\right)}^T& F_i^T{\left({\overline{P}}_i^2\right)}^T& 0\\ \ast & \ast & -M_1& 0& 0& -R_{1,i}^T& -R_{2,i}^T& 0\\ \ast & \ast & \ast & -{\displaystyle \frac{1}{b_1}}I& 0& {\left({\overline{P}}_i^1{D}_{1,i}-R_{1,i}{D}_{2,i}\right)}^T& -{\left(R_{2,i}{D}_{2,i}\right)}^T& D_{2,i}^T{M}_2\\ \ast & \ast & \ast & \ast & -{\displaystyle \frac{1}{b_2}}I& 0& {\overline{P}}_i^2& 0\\ \ast & \ast & \ast & \ast & \ast & -{\overline{P}}_i^1& 0& 0\\ \ast & \ast & \ast & \ast & \ast & \ast & -{\overline{P}}_i^2& 0\\ \ast & \ast & \ast & \ast & \ast & \ast & \ast & -M_2\end{array}\right]<0,$$

(15)

where for each system mode $i\in S$, $P_i^1=P^1\left(r_k\right)$, ${\overline{P}}_i^1={\displaystyle \sum _{j=1}^s}{\lambda }_{ij}{P}_j^1$, $P_i^2=P^2\left(r_k\right)$, and ${\overline{P}}_i^2={\displaystyle \sum _{j=1}^s}{\lambda }_{ij}{P}_j^2$. Moreover, the attack estimator gains can be calculated by $K_i={\left({\overline{P}}_i^1\right)}^{-1}{R}_{1,i}$ and $L_i={\left({\overline{P}}_i^2\right)}^{-1}{R}_{2,i}$.

Proof. 

The piecewise Lyapunov function is selected as follows:

$$V\left(r_k\right)=V_1\left(e_k,r_k\right)+V_2\left(e_{a,k},r_k\right),$$

(16)

where

$$V_1\left(e_k,r_k\right)=e_k^T{P}^1\left(r_k\right)e_k,$$

(17)

and

$$V_2\left(e_{a,k},r_k\right)=e_{a,k}^T{P}^2\left(r_k\right)e_{a,k}.$$

(18)

Calculating the differences of the $V_1\left(e_k,r_k\right)$ and $V_2\left(e_{a,k},r_k\right)$ along the trajectories of estimation error dynamics (12) and (13), and taking the mathematical expectation, we have:

$$\mathbb{E}\left[\mathrm{\Delta }V\left(r_k\right)\right]=\mathbb{E}\left[\mathrm{\Delta }{V}_1\left(e_k,r_k\right)\right]+\mathbb{E}\left[\mathrm{\Delta }{V}_2\left(e_{a,k},r_k\right)\right].$$

(19)

In Equation (19):

$$\begin{array}{cc}\hfill \mathbb{E}\left[\mathrm{\Delta }{V}_1\left(e_k,r_k\right)\right]& =\mathbb{E}\left[V_1\left(e_{k+1},r_{k+1}\right)-V_1\left(e_k,r_k\right)\right]\hfill \\ \hfill & =-e_k^T{P}_i^1{e}_k+e_k^T{\left(A_i-K_i{C}_i\right)}^T{\overline{P}}_i^1\left(A_i-K_i{C}_i\right)e_k+e_{a,k}^T{B}_i^T{\overline{P}}_i^1{B}_i{e}_{a,k}\hfill \\ \hfill & +2e_k^T\left(A_i-K_i{C}_i\right){\overline{P}}_i^1{B}_i{e}_{a,k}-2e_k^T\left(A_i-K_i{C}_i\right){\overline{P}}_i^1{K}_i{\varphi }_k-2e_{a,k}^T{B}_i^T{\overline{P}}_i^1{K}_i{\varphi }_k\hfill \\ \hfill & +w_k^T{\left(D_{1,i}-K_i{D}_{2,i}\right)}^T{\overline{P}}_i^1\left(D_{1,i}-K_i{D}_{2,i}\right)w_k+{\varphi }_k^T{K}_i^T{\overline{P}}_i^1{K}_i{\varphi }_k,\hfill \end{array}$$

(20)

and

$$\begin{array}{cc}\hfill \mathbb{E}\left[\mathrm{\Delta }{V}_2\left(e_{a,k},r_k\right)\right]& =\mathbb{E}\left[V_2\left(e_{a,k+1},r_{k+1}\right)-V_2\left(e_{a,k},r_k\right)\right]\hfill \\ \hfill & =+e_{a,k}^T{F}_i^T{\overline{P}}_i^2{F}_i{e}_{a,k}+e_k^T{C}_i^T{L}_i^T{\overline{P}}_i^2{L}_i{C}_i{e}_k+{\varphi }_k^T{L}_i^T{\overline{P}}_i^2{L}_i{\varphi }_k+v_k^T{\overline{P}}_i^2{v}_k\hfill \\ \hfill & -2e_{a,k}^T{F}_i^T{\overline{P}}_i^2{L}_i{C}_i{e}_k-2e_{a,k}^T{F}_i^T{\overline{P}}_i^2{L}_i{\varphi }_k+2e_k^T{C}_i^T{L}_i^T{\overline{P}}_i^2{L}_i{\varphi }_k\hfill \\ \hfill & -e_{a,k}^T{P}_i^2{e}_{a,k}+w_k^T{D}_{2,i}^T{L}_i^T{\overline{P}}_i^2{L}_i{D}_{2,i}{w}_k,\hfill \end{array}$$

(21)

where for $\forall i\in S$, $P_i^1=P^1\left(r_k\right)$, ${\overline{P}}_i^1={\displaystyle \sum _{j=1}^s}{\lambda }_{ij}{P}_j^1$, $P_i^2=P^2\left(r_k\right)$, and ${\overline{P}}_i^2={\displaystyle \sum _{j=1}^s}{\lambda }_{ij}{P}_j^2$. According to the definitions of $w_k$ and $v_k$, the extension can be obtained as follows:

$$\mathbb{E}\left[\mathrm{\Delta }V\left(r_k\right)\right]\le \mathbb{E}\left[\mathrm{\Delta }{V}_1\left(e_k,r_k\right)\right]+\mathbb{E}\left[\mathrm{\Delta }{V}_2\left(e_{a,k},r_k\right)\right]-{\displaystyle \frac{1}{b_1}}{w}_k^T{w}_k-{\displaystyle \frac{1}{b_2}}{v}_k^T{v}_k+b_1+b_2.$$

(22)

Under the event condition (6), according to Lemma 2, we can derive the following inequality:

$$-{\varphi }_k^T{M}_1{\varphi }_k+{\phi }_k^T{M}_2{\phi }_k>0.$$

(23)

Considering Equations (22) and (23), one has:

$$\mathbb{E}\left[\mathrm{\Delta }V\left(r_k\right)\right]=\mathbb{E}\left[\mathrm{\Delta }{V}_1\left(e_k,r_k\right)\right]+\mathbb{E}\left[\mathrm{\Delta }{V}_2\left(e_{a,k},r_k\right)\right]\le {\delta }_k^T{\tilde{\mathrm{\Lambda }}}_i{\delta }_k+b_1+b_2,$$

(24)

where

$$\begin{array}{cc}\hfill & {\delta }_k={\left[\begin{array}{ccccc}{e}_k^T& e_{a,k}^T& {\varphi }_k^T& w_k^T& v_k^T\end{array}\right]}^T,{\tilde{\mathrm{\Lambda }}}_i=\left[\begin{array}{ccccc}{\tilde{\mathrm{\Lambda }}}_{11}& {\tilde{\mathrm{\Lambda }}}_{12}& {\tilde{\mathrm{\Lambda }}}_{13}& 0& 0\\ \ast & {\tilde{\mathrm{\Lambda }}}_{22}& {\tilde{\mathrm{\Lambda }}}_{23}& 0& 0\\ \ast & \ast & {\tilde{\mathrm{\Lambda }}}_{33}& 0& 0\\ \ast & \ast & \ast & {\tilde{\mathrm{\Lambda }}}_{44}& 0\\ \ast & \ast & \ast & \ast & {\tilde{\mathrm{\Lambda }}}_{55}\end{array}\right],\hfill \\ \hfill & {\tilde{\mathrm{\Lambda }}}_{11}=-P_i^1+{\left(A_i-K_i{C}_i\right)}^T{\overline{P}}_i^1\left(A_i-K_i{C}_i\right)+C_i^T{L}_i^T{\overline{P}}_i^2{L}_i{C}_i+C_i^T{M}_2{C}_i,\hfill \\ \hfill & {\tilde{\mathrm{\Lambda }}}_{22}=-P_i^2+F_i^T{\overline{P}}_i^2{F}_i+B_i^T{\overline{P}}_i^1{B}_i,{\tilde{\mathrm{\Lambda }}}_{33}=-M_1+K_i^T{\overline{P}}_i^1{K}_i+L_i^T{\overline{P}}_i^2{L}_i,\hfill \\ \hfill & {\tilde{\mathrm{\Lambda }}}_{44}=-{\displaystyle \frac{1}{b_1}}I+{\left(D_{1,i}-K_i{D}_{2,i}\right)}^T{\overline{P}}_i^1\left(D_{1,i}-K_i{D}_{2,i}\right)+D_{2,i}^T{M}_2{D}_{2,i}+D_{2,i}^T{L}_i^T{\overline{P}}_i^2{L}_i{D}_{2,i},\hfill \\ \hfill & {\tilde{\mathrm{\Lambda }}}_{12}=\left(A_i-K_i{C}_i\right){\overline{P}}_i^1{B}_i-C_i^T{L}_i^T{\overline{P}}_i^2{F}_i,{\tilde{\mathrm{\Lambda }}}_{13}=-\left(A_i-K_i{C}_i\right){\overline{P}}_i^1{K}_i+C_i^T{L}_i^T{\overline{P}}_i^2{L}_i,\hfill \\ \hfill & {\tilde{\mathrm{\Lambda }}}_{23}=-B_i^T{\overline{P}}_i^1{K}_i-F_i^T{\overline{P}}_i^2{L}_i,{\tilde{\mathrm{\Lambda }}}_{55}={\overline{P}}_i^2-{\displaystyle \frac{1}{b_2}}I.\hfill \end{array}$$

(25)

When the well-known Schur complement lemma is applied to Inequality (15), the result includes ${\tilde{\mathrm{\Lambda }}}_i<0$, $\forall i\in S$. This allows us to derive the following inequality from Equation (24):

$$\mathbb{E}\left[\mathrm{\Delta }V\left(r_k\right)\right]=\mathbb{E}\left[\mathrm{\Delta }{V}_1\left(e_k,r_k\right)\right]+\mathbb{E}\left[\mathrm{\Delta }{V}_2\left(e_{a,k},r_k\right)\right]\le -{\lambda }_{min}\left(-{\tilde{\mathrm{\Lambda }}}_i\right){∥{\tilde{e}}_k∥}^2+\tilde{b},$$

(26)

where ${\tilde{e}}_k={\left[\begin{array}{cc}{e}_k^T& e_{a,k}^T\end{array}\right]}^T$, $\tilde{b}=b_1+b_2$, ${\lambda }_{max}\left(-{\tilde{\mathrm{\Lambda }}}_i\right)$, and ${\lambda }_{min}\left(-{\tilde{\mathrm{\Lambda }}}_i\right)$ denote the maximum and minimum eigenvalues of the matrix $-{\tilde{\mathrm{\Lambda }}}_i$, respectively.

We now proceed to analyze the sufficient condition for the error dynamics (13) and (14) to achieve exponential stability in mean square, as indicated by the previously established inequalities. Recalling the definition of the piecewise Lyapunov function (16), we have:

$$\begin{array}{cc}\hfill {\displaystyle \frac{1}{{\varsigma }^{k+1}}}\mathbb{E}\left[V\left(r_{k+1}\right)\right]& -{\displaystyle \frac{1}{{\varsigma }^k}}\mathbb{E}\left[V\left(r_k\right)\right]={\displaystyle \frac{1}{{\varsigma }^{k+1}}}\left(\mathbb{E}\left[V\left(r_{k+1}\right)\right]-\mathbb{E}\left[V\left(r_k\right)\right]\right)+{\displaystyle \frac{1}{{\varsigma }^k}}\left({\displaystyle \frac{1}{\varsigma }}-1\right)\mathbb{E}\left[V\left(r_k\right)\right]\hfill \\ \hfill & \le -{\displaystyle \frac{{\lambda }_{min}\left(-{\tilde{\mathrm{\Lambda }}}_i\right)}{{\varsigma }^{k+1}}}\mathbb{E}\left[{∥{\tilde{e}}_k∥}^2\right]+{\displaystyle \frac{1}{{\varsigma }^k}}\left({\displaystyle \frac{1}{\varsigma }}-1\right)\mathbb{E}\left[V\left(r_k\right)\right]+{\displaystyle \frac{\tilde{b}}{{\varsigma }^{k+1}}}\hfill \\ \hfill & \le {\displaystyle \frac{1}{{\varsigma }^k}}\left(-{\displaystyle \frac{{\lambda }_{min}\left(-{\tilde{\mathrm{\Lambda }}}_i\right)}{{\varsigma }^k}}+\left({\displaystyle \frac{1}{\varsigma }}-1\right){\tilde{\varsigma }}_1\right)\mathbb{E}\left[{∥{\tilde{e}}_k∥}^2\right]+{\displaystyle \frac{\tilde{b}}{{\varsigma }^{k+1}}},\hfill \end{array}$$

(27)

where $\varsigma >0$, ${\tilde{\varsigma }}_1=max\left[{\lambda }_{max}\left(\tilde{P}\left(r_k\right)\right)\right]$, and $\tilde{P}\left(r_k\right)=\left[\begin{array}{cc}{P}^1\left(r_k\right)& 0\\ 0& P^2\left(r_k\right)\end{array}\right]$, $\forall r_k\in S$. It should be mentioned that when $\varsigma =1$:

$${\displaystyle \frac{1}{{\varsigma }^k}}\left(-{\displaystyle \frac{{\lambda }_{min}\left(-{\tilde{\mathrm{\Lambda }}}_i\right)}{{\varsigma }^k}}+\left({\displaystyle \frac{1}{\varsigma }}-1\right){\tilde{\varsigma }}_1\right)=-{\lambda }_{min}\left(-{\tilde{\mathrm{\Lambda }}}_i\right)<0.$$

(28)

By continuity, we can find a constant $0<\overline{\varsigma }<1$ such that the following inequality holds:

$${\displaystyle \frac{1}{{\varsigma }^{k+1}}}\mathbb{E}\left[V\left(r_{k+1}\right)\right]-{\displaystyle \frac{1}{{\varsigma }^k}}\mathbb{E}\left[V\left(r_k\right)\right]\le {\displaystyle \frac{\tilde{b}}{{\varsigma }^{k+1}}},$$

(29)

which can further imply that:

$$\begin{array}{cc}\hfill {\displaystyle \frac{1}{{\overline{\varsigma }}^k}}\mathbb{E}\left[V\left(r_k\right)\right]& \le V\left(r_0\right)=e_0^T{P}^1\left(r_0\right)e_0+e_{a,0}^T{P}^2\left(r_0\right)e_{a,0}+{\displaystyle \frac{\tilde{b}}{{\overline{\varsigma }}^{k+1}}}\hfill \\ \hfill & ={\tilde{e}}_0^T\tilde{P}\left(r_0\right){\tilde{e}}_0+{\displaystyle \frac{\tilde{b}}{{\overline{\varsigma }}^{k+1}}}\le {\lambda }_{max}\left(\tilde{P}\left(r_0\right)\right){∥{\tilde{e}}_0∥}^2+{\displaystyle \frac{\tilde{b}}{{\overline{\varsigma }}^{k+1}}}.\hfill \end{array}$$

(30)

Clearly, Equation (30) yields:

$$\mathbb{E}\left[{∥{\tilde{e}}_k∥}^2\right]\le {\displaystyle \frac{{\lambda }_{max}\left(\tilde{P}\left(r_0\right)\right)}{max\left[{\lambda }_{min}\left(\tilde{P}\left(r_k\right)\right)\right]}}{\overline{\varsigma }}^k{∥{\tilde{e}}_0∥}^2+{\displaystyle \frac{\tilde{b}{\overline{\varsigma }}^k}{max\left[{\lambda }_{min}\left(\tilde{P}\left(r_k\right)\right)\right]{\overline{\varsigma }}^{k+1}}},\forall r_k\in S.$$

(31)

Based on Definition 1, we can see that the dynamics of state and attack estimation errors converge to a region around zero with a certain bound. This means that the errors in estimating both the system state and potential attacks will eventually become and remain arbitrarily small. To quantify this specific bound, we introduce some notations:

$${\xi }_1={\displaystyle \frac{{\lambda }_{max}\left(\tilde{P}\left(r_0\right)\right)}{max\left[{\lambda }_{min}\left(\tilde{P}\left(r_k\right)\right)\right]}}{∥{\tilde{e}}_0∥}^2,{\xi }_2=1-\overline{\varsigma },and{\overline{\xi }}_k={\displaystyle \frac{\tilde{b}{\overline{\varsigma }}^k}{max\left[{\lambda }_{min}\left(\tilde{P}\left(r_k\right)\right)\right]{\overline{\varsigma }}^{k+1}}}.$$

(32)

Then, the ultimate upper bound is calculated as follows:

$$\overline{\xi }=\underset{k\to \infty }{lim}{\overline{\xi }}_k={\displaystyle \frac{\tilde{b}}{max\left[{\lambda }_{min}\left(\tilde{P}\left(r_k\right)\right)\right]\overline{\varsigma }}}.$$

(33)

This completes the proof.    □

Remark 4.

It is important to emphasize that this section proposes a dynamic event-triggered attack reconstruction framework. The proposed framework captures the practical scenario where sensor data transmission is triggered by events, as opposed to traditional time-triggered approaches. By considering the event-triggered nature of data transmission, we can analyze how it affects the performance of the attack estimator. Furthermore, the proposed framework incorporates the different bounds of the stochastic noise $b_1$ and $b_2$. This flexibility allows for a more accurate analysis and potentially simplifies the design of the attack estimator algorithm.

3.3. Attack-Tolerant Controller

Extending the dynamic event-triggered attack estimator designed in Equation (12), the following part investigates the stability and performance of the overall Markovian jump stochastic system in terms of attack tolerance.

In order to achieve this goal, an attack-tolerant controller is introduced. This controller uses the estimated state ${\widehat{x}}_k$ and the estimated attack ${\widehat{a}}_k$ provided by the attack estimator to generate control inputs $u_k$ that reduce the effects of potential deception attacks. The structure of the attack-tolerant controller is presented as follows:

$$u_k=-\overline{K}\left(r_k\right){\widehat{x}}_k-{\widehat{a}}_k,$$

(34)

where $\overline{K}\left(r_k\right)$ is a set of controller gains to be designed. These gains determine how much weight the controller places on the estimated state and attack when calculating the control input. The design of these gains is critical to achieving effective attack-tolerant performance. To proceed, it is essential to consider the original Markovian jump stochastic system model (1) along with the attack-tolerant controller (34). By incorporating the controller action as a system input, we can establish the following closed-loop system dynamics:

$$\begin{array}{cc}\hfill x_{k+1}& =A_i{x}_k-B_i{\overline{K}}_i{\widehat{x}}_k-B_i{\widehat{a}}_k+D_{1,i}{w}_k+B_i{a}_k\hfill \\ \hfill & =A_i{x}_k-B_i{\overline{K}}_i\left(x_k-e_k\right)+B_i{e}_{a,k}+D_{1,i}{w}_k\hfill \\ \hfill & =A_i{x}_k-B_i{\overline{K}}_i{x}_k+B_i{\overline{K}}_i{e}_k+B_i{e}_{a,k}+D_{1,i}{w}_k\hfill \\ \hfill & =\left(A_i-B_i{\overline{K}}_i\right)x_k+B_i{\overline{K}}_i{e}_k+B_i{e}_{a,k}+D_{1,i}{w}_k\hfill \end{array}$$

(35)

where for each system mode i, the controller gain matrix is simplified as the ${\overline{K}}_i$.

The objective of Theorem 2 is to analyze the exponential mean-square boundedness of the dynamics of the closed-loop system represented by Equation (35). This theorem will serve as a pivotal component in the formal proof of the stability of the system under attack-tolerant control.

Theorem 2.

Assume that Theorem 1 holds. For each system mode i, a bound of stochastic noise $b_1$, and a set of controller gains ${\overline{K}}_i$ are provided. Furthermore, if there are a set of positive definite and symmetric matrices $P_i^3$ and a positive scalar ${\eta }_0>0$, $\forall i\in S$, satisfying the following constraint:

$${\mathrm{\Xi }}_i=\left[\begin{array}{cc}{\left(A_i-B_i{\overline{K}}_i\right)}^T{\overline{P}}_i^3\left(A_i-B_i{\overline{K}}_i\right)-P_i^3& 0\\ 0& D_{1,i}^T{\overline{P}}_i^3{D}_{1,i}-{\displaystyle \frac{1}{b_1}}I\end{array}\right]<0,$$

(36)

then the attack-tolerant controller designed in (34) can ensure that the state vectors of the overall system (35) are exponentially mean-square ultimately bounded.

Proof. 

Consider the following Lyapunov-like functional candidate:

$$W\left(r_k\right)=x_k^T{P}_i^3{x}_k+{\eta }_{0}V\left(r_k\right),$$

(37)

where ${\eta }_{0}V\left(r_k\right)$ incorporates information about the system’s estimation error. This term represents another Lyapunov function, $V\left(r_k\right)$ (defined in Equation (16)), which relates to the estimation error dynamics governed by Equations (13) and (14). The notation $P_i^3$ is a series of positive definite and symmetric matrices for each system mode i, along with a scalar ${\eta }_0>0$. Substituting Equations (16) and (35) into the difference of the Lyapunov-like functional candidate leads to:

$$\begin{array}{cc}\hfill \mathbb{E}\left[\mathrm{\Delta }W\left(r_k\right)\right]& =\mathbb{E}\left[W\left(r_{k+1}\right)\right]-\mathbb{E}\left[W\left(r_k\right)\right]\hfill \\ \hfill & \le x_k^T{\left(A_i-B_i{\overline{K}}_i\right)}^T{\overline{P}}_i^3\left(A_i-B_i{\overline{K}}_i\right)x_k+w_k^T{D}_{1,i}^T{\overline{P}}_i^3{D}_{1,i}{w}_k\hfill \\ \hfill & +\left[\begin{array}{cc}{e}_k^T& e_{a,k}^T\end{array}\right]\left[\begin{array}{cc}{\overline{K}}_i^T{B}_i^T{\overline{P}}_i^3{B}_i{\overline{K}}_i& {\overline{K}}_i^T{B}_i^T{\overline{P}}_i^3{B}_i\\ \ast & B_i^T{\overline{P}}_i^3{B}_i\end{array}\right]\left[\begin{array}{c}{e}_k\\ e_{a,k}\end{array}\right]-x_k^T{P}_i^3{x}_k\hfill \\ \hfill & +2x_k^T{\left(A_i-B_i{\overline{K}}_i\right)}^T{\overline{P}}_i^3{\tilde{B}}_i{\tilde{e}}_k-{\eta }_0{\lambda }_{min}\left(-{\mathrm{\Lambda }}_i\right){∥{\tilde{e}}_k∥}^2+{\eta }_0\tilde{b},\hfill \end{array}$$

(38)

where $\tilde{b}=b_1+b_2$ and ${\overline{P}}_i^3={\displaystyle \sum _{j=1}^s}{\lambda }_{ij}{P}_j^3$. The definition of the system stochastic noise $w_k$ allows us to derive the following extension:

$$\begin{array}{cc}\hfill \mathbb{E}\left[\mathrm{\Delta }W\left(r_k\right)\right]& \le \left[\begin{array}{cc}{x}_k^T& w_k^T\end{array}\right]\left[\begin{array}{cc}{\left(A_i-B_i{\overline{K}}_i\right)}^T{\overline{P}}_i^3\left(A_i-B_i{\overline{K}}_i\right)-P_i^3& 0\\ 0& D_{1,i}^T{\overline{P}}_i^3{D}_{1,i}-{\displaystyle \frac{1}{b_1}}I\end{array}\right]\left[\begin{array}{c}{x}_k\\ w_k\end{array}\right]\hfill \\ \hfill & +{\tilde{e}}_k^T{\tilde{B}}_i^T{\overline{P}}_i^3{\tilde{B}}_i{\tilde{e}}_k-x_k^T{P}_i^3{x}_k+2x_k^T{\left(A_i-B_i{\overline{K}}_i\right)}^T{\overline{P}}_i^3{\tilde{B}}_i{\tilde{e}}_k\hfill \\ \hfill & -{\displaystyle \frac{1}{b_1}}{w}_k^T{w}_k-{\eta }_0{\lambda }_{min}\left(-{\mathrm{\Lambda }}_i\right){∥{\tilde{e}}_k∥}^2+{\tilde{b}}_1,\hfill \end{array}$$

(39)

where ${\tilde{b}}_1=b_1+{\eta }_0\left(b_1+b_2\right)$, ${\tilde{B}}_i=\left[\begin{array}{cc}{B}_i{\overline{K}}_i& B_i\end{array}\right]$, and ${\tilde{e}}_k={\left[\begin{array}{cc}{e}_k^T& e_{a,k}^T\end{array}\right]}^T$. Moreover, with the help of the constraint (36), Equation (39) can be further transformed into:

$$\begin{array}{cc}\hfill \mathbb{E}\left[\mathrm{\Delta }W\left(r_k\right)\right]& \le -{\tau }_1{∥{\tilde{x}}_k∥}^2+{\tau }_2{∥{\tilde{e}}_k∥}^2+{\tau }_3∥{\tilde{x}}_k∥∥{\tilde{e}}_k∥\hfill \\ \hfill & -{\eta }_0{\lambda }_{min}\left(-{\mathrm{\Lambda }}_i\right){∥{\tilde{e}}_k∥}^2+{\tilde{b}}_1,\hfill \end{array}$$

(40)

where ${\tilde{x}}_k={\left[\begin{array}{cc}{x}_k^T& w_k^T\end{array}\right]}^T$, ${\tau }_1={\lambda }_{min}\left(-{\mathrm{\Xi }}_i\right)$, ${\tau }_2=∥{\tilde{B}}_i^T{\overline{P}}_i^3{\tilde{B}}_i∥$, and ${\tau }_3=∥2{\left(A_i-B_i{\overline{K}}_i\right)}^T{\overline{P}}_i^3{\tilde{B}}_i∥$. If ${\eta }_0\ge {\displaystyle \frac{{\tau }_3^2+{\tau }_1{\tau }_2}{{\tau }_1{\lambda }_{min}\left(-{\mathrm{\Lambda }}_i\right)}}$, then it follows from Equation (40) that:

$$\mathbb{E}\left[\mathrm{\Delta }W\left(r_k\right)\right]\le {\tilde{x}}_k^T{\mathrm{\Xi }}_i{\tilde{x}}_k+{\tilde{b}}_1\le -{\tau }_1{∥{\tilde{x}}_k∥}^2+{\tilde{b}}_1.$$

(41)

The following proof of Theorem 2 is omitted here due to its similarity to Theorem 1. However, the core concept involves utilizing the result from Definition 1. Theorem 1 guarantees that both the state and attack estimation errors ${\tilde{e}}_k$ converge to a region around zero with a certain bound $\overline{\xi }$. In essence, Theorem 2 builds on Theorem 1 by demonstrating that the attack-tolerant control strategy ensures the ultimate boundedness of the system state, thereby contributing to the overall stability of the closed-loop system. This completes the proof.    □

We can now translate the Inequality (36) from Theorem 2 into a more formal mathematical expression. This will allow us to effectively obtain the gain parameters for the attack-tolerant control strategy.

Theorem 3.

Consider the discrete-time Markovian jump stochastic system described by Equation (1). For a specified positive scalar $b_1$, the closed-loop system dynamics governed by Equation (35) are exponentially mean-square bounded if there exists a set of symmetric matrices $P_i^3>0$ and a group of arbitrary matrices $R_i$ (for each system mode i) that satisfy the following condition:

$$\left[\begin{array}{ccc}-X_i& 0& {\left(A_i{X}_i-B_i{R}_i\right)}^T\\ 0& D_{1,i}^T{\overline{P}}_i^3{D}_{1,i}-{\displaystyle \frac{1}{b_1}}I& 0\\ \ast & \ast & -{\overline{X}}_i\end{array}\right]<0,$$

(42)

where $X_i^{-1}=P_i^3$, and ${\overline{X}}_i={\left({\overline{P}}_i^3\right)}^{-1}$. Furthermore, Controller gain matrices can, therefore, be determined by:

$${\overline{K}}_i=R_i{X}_i^{-1},$$

(43)

and other parameters are consistent with Theorem 2.

Proof. 

To guarantee mean-square boundedness of the closed-loop system dynamics (35), the analysis of Theorem 2 indicates that gain matrices ${\overline{K}}_i$, $\forall i\in S$, should be designed to make condition (36) holds. If $X_i^{-1}=P_i^3$, then the Inequality (36) is equivalent to:

$$\left[\begin{array}{ccc}-P_i^3& 0& {\left(A_i-B_i{\overline{K}}_i\right)}^T\\ 0& D_{1,i}^T{\overline{P}}_i^3{D}_{1,i}-{\displaystyle \frac{1}{b_1}}I& 0\\ \ast & \ast & -{\overline{X}}_i\end{array}\right]<0,$$

(44)

where ${\overline{X}}_i={\left({\overline{P}}_i^3\right)}^{-1}$. If post- and premultiplying Equation (44) by $\left[\begin{array}{ccc}{X}_i& 0& 0\\ 0& I& 0\\ 0& 0& I\end{array}\right]$, then it is obtained that:

$$\left[\begin{array}{ccc}-X_i& 0& {\left(A_i{X}_i-B_i{R}_i\right)}^T\\ 0& D_{1,i}^T{\overline{P}}_i^3{D}_{1,i}-{\displaystyle \frac{1}{b_1}}I& 0\\ \ast & \ast & -{\overline{X}}_i\end{array}\right]<0,$$

(45)

where $R_i={\overline{K}}_i{X}_i$. Using the Schur complement lemma [31], we can demonstrate that Inequality (45) is mathematically equivalent to the previously established Inequality (36). The established equivalence allows us to conclude that the dynamics of the closed-loop system governed by Equation (35) is exponentially mean-square bounded. Furthermore, the determination of control gains for this attack-tolerant control strategy becomes straightforward. By solving Equation (45) for the controller gain matrices ${\overline{K}}_i$ yields the following expression:

$${\overline{K}}_i=R_i{X}_i^{-1}.$$

(46)

This completes the proof of Theorem 3.    □

Supported by Theorems 2 and 3, the following corollary can be readily obtained for the design of the attack-tolerant control strategy without the stochastic noises $w_k$ and $v_k$. In the absence of stochastic noises, the design process becomes significantly less complex, as the need to account for stochastic noise terms is eliminated. This enables a more streamlined approach to determining the attack-tolerant control gains.

Corollary 1.

Suppose that Theorems 2 and 3 hold. Let us consider a set of symmetric matrices $X_i>0$, a group of arbitrary matrices $R_i$, and a positive scalar ${\eta }_0>0$. For each $i\in S$, if condition (36) holds, then the proposed attack-tolerant controller (34) can ensure that the overall closed-loop system (35) is exponentially mean-square stable. Moreover, the controller gain matrices can be computed as ${\overline{K}}_i=R_i{X}_i^{-1}$, $\forall i\in S$.

Proof. 

The proof of Corollary 1 parallels that of Theorem 2, and thus, it is omitted here for the sake of brevity and conciseness.    □

Based on the theoretical results we have derived, a comprehensive algorithm is presented including the dynamic event-triggered remote attack estimation and secure control strategy, as outlined in Algorithm 1. This algorithm synthesizes the theoretical results into a practical framework designed to effectively counter various deception attacks while ensuring robust control performance. The integration of a dynamic event-triggered sensor data transmission scheme with attack reconstruction techniques constitutes the foundation of the secure strategy, which is designed to maintain system stability and operational reliability in the face of potential adversarial actions. This algorithmic approach not only utilizes our established theoretical foundations, but also provides a structured method for implementing and deploying resilient control systems capable of adapting to varying threat scenarios in real-time environments.

Algorithm 1 Recursive algorithm of the attack estimation and attack-tolerant control

Set the initial conditions: ${\widehat{x}}_0$, ${\widehat{a}}_0$, ${\rho }_0>0$, ${\gamma }_0=1$ and $k=0$;   1: At each time instant k, the following steps are executed:   2: Internal dynamic event variable update:   3: ${\rho }_{k+1}={\rho }_k+{\phi }_k^T{M}_2{\phi }_k$;   4: if ${\varphi }_k^T{M}_1{\varphi }_k\le {\displaystyle \frac{1}{{\rho }_k}}{\phi }_k^T{M}_2{\phi }_k$, then   5:     Energy-Saving Mode (${\gamma }_k=0$): the current measurement information is not transmitted, prioritizing energy conservation;   6:     State estimation step:   7:     ${\widehat{x}}_{k+1}=A_i{\widehat{x}}_k+K\left(r_k\right)\left(y_{t_k}-C_i{\widehat{x}}_k\right)$;   8:     Attack reconstruction step:   9:     ${\widehat{a}}_{k+1}=F_i{\widehat{a}}_k+L\left(r_k\right)\left(y_{t_k}-C_i{\widehat{x}}_k\right)$; 10: else 11:     Robust Estimation Mode (${\gamma }_k=1$): the remote estimator actively acquires the current measurement information, ensuring accurate state and attack reconstruction; 12:     State estimation step: 13:     ${\widehat{x}}_{k+1}=A_i{\widehat{x}}_k+K\left(r_k\right)\left(y_k-C_i{\widehat{x}}_k\right)$; 14:     Attack reconstruction step: 15:     ${\widehat{a}}_{k+1}=F_i{\widehat{a}}_k+L\left(r_k\right)\left(y_k-C_i{\widehat{x}}_k\right)$; 16: end if 17: Attack-tolerant control step: 18: $u_k=-\overline{K}\left(r_k\right){\widehat{x}}_k-{\widehat{a}}_k$;

As illustrated in Algorithm 1, a recursive approach is utilized for dynamic event-triggered attack estimation and attack-tolerant control. This approach starts by initializing estimates for the system state, attack, and internal event variables. At each time step, the algorithm executes a series of coordinated actions. First, an internal event variable ${\rho }_k$ is updated in order to reflect the current accuracy of the state and attack estimates. Following this update, the algorithm makes a critical decision based on the current conditions whether to acquire a new measurement $y_k$ from the sensor. This decision hinges on a comparison between the current output estimation error and the internal variable. If the condition ${\varphi }_k^T{M}_1{\varphi }_k\le {\displaystyle \frac{1}{{\rho }_k}}{\phi }_k^T{M}_2{\phi }_k$ is met, the algorithm prioritizes energy conservation by entering an “Energy-Saving Mode” (i.e., ${\gamma }_k=0$). In this mode, the current measurement cannot be transmitted, and state and attack estimates are updated using the previously received measurement. Conversely, if  ${\varphi }_k^T{M}_1{\varphi }_k>{\displaystyle \frac{1}{{\rho }_k}}{\phi }_k^T{M}_2{\phi }_k$, the algorithm switches to the “Robust Estimation Mode” (i.e., ${\gamma }_k=1$) to guarantee precise state and attack reconstruction. Once the transmission mode is determined, the algorithm utilizes the available information to update the estimated system state ${\widehat{x}}_k$ and the estimated attack ${\widehat{a}}_k$. Finally, the algorithm calculates a control input $u_k$ that considers both ${\widehat{x}}_k$ and ${\widehat{a}}_k$. This secure control strategy can help the considered discrete-time Markovian jump stochastic system maintain stability and performance even when under different deception attacks. By dynamically adapting the data transmission based on the output estimation error, Algorithm 1 establishes a balance between achieving system performance and minimizing communication loads.

4. The Plug-and-Play Secure Monitoring and Control Architecture

Many existing system secure monitoring and/or control methodologies utilize “open-loop” design procedures, facilitating direct implementation as embedded modules [18,29]. However, practical systems often face challenges when dealing with pre-designed control systems. In such cases, reconfiguring controllers typically involves modifying or replacing the existing control structure, which proves impractical for numerous industrial applications, especially those where pre-designed control architectures are tightly encapsulated for safety reasons. This lack of flexibility can further restrict the implementation of security requirements.

To address this challenge, this section introduces a new PnP secure monitoring and control architecture. This framework offers an alternative solution by enabling the implementation of attack-tolerant control strategies in Algorithm 1 without requiring alterations to the existing feedback control system structure. It can be integrated seamlessly into the control loop, and can be independently plugged into the original system. Before exploring the details of the PnP secure monitoring and control structure, Section 4.1 will introduce the specific form of control strategy based on a dynamic event-triggered state estimator, which serves as the nominal feedback control approach.

4.1. Nominal Feedback Control

In this section, we focus on a discrete-time stochastic Markovian jump system without deception attacks $a_k$ described by Equation (1). To optimize communication efficiency and save network resources, a dynamic event-triggered mechanism (6) is implemented between the sensor and a remote estimator. This architecture facilitates the realization of a nominal feedback control loop, as illustrated in Figure 2. The core component of this control loop is an estimator-based feedback controller, characterized by the following form:

$$\left\{\begin{array}{c}{\widehat{x}}_{k+1}=A_i{\widehat{x}}_k+\tilde{L}\left(r_k\right)\left(y_{t_k}-C_i{\widehat{x}}_k\right)+B_i{u}_k,\hfill \\ u_k=-\tilde{K}\left(r_k\right){\widehat{x}}_k,\hfill \end{array}\right.$$

(47)

where the matrices $\tilde{L}\left(r_k\right)$ and $\tilde{K}\left(r_k\right)$ represent the estimator and controller gains, respectively, to be designed subsequently. For notational convenience, gain matrices can also be written as ${\tilde{L}}_i$ and ${\tilde{K}}_i$ for all i belonging to the set S. Paralleling the results calculated in Equation (13), the dynamics of the state estimation error can be derived as follows:

$$\begin{array}{cc}\hfill e_{k+1}& =x_{k+1}-{\widehat{x}}_{k+1}\hfill \\ \hfill & =\left(A_i-{\tilde{L}}_i{C}_i\right)e_k+\left(D_{1,i}-{\tilde{L}}_i{D}_{2,i}\right)w_k-{\tilde{L}}_i{\varphi }_k,\hfill \end{array}$$

(48)

where ${\varphi }_k=y_{t_k}-y_k$. Additionally, the dynamics of the closed-loop system are determined as follows:

$$\begin{array}{cc}\hfill x_{k+1}& =A_i{x}_k-B_i{\tilde{K}}_i{\widehat{x}}_k+D_{1,i}{w}_k\hfill \\ \hfill & =\left(A_i-B_i{\tilde{K}}_i\right)x_k+B_i{\tilde{K}}_i{e}_k+D_{1,i}{w}_k\hfill \end{array}$$

(49)

Subsequently, Theorem 4 provides the basis for further research.

Theorem 4.

Consider the discrete-time Markovian jump stochastic system without deception attacks $a_k$, as shown in Equation (1), which integrates the previously introduced dynamic event-triggered sensor data transmission scheme (6), given positive scalars $b_1$, β, and an initial event-triggered threshold parameter ${\rho }_0>0$. Furthermore, if there exists a positive scalar ${\alpha }_0$, a set of positive definite symmetric matrices $P_i^4$ and $P_i^5$, weighting matrices $M_1>0$ and $M_2>0$, as well as arbitrary matrices $R_{4,i}$ and $R_{5,i}$, such that, $\forall i\in S$, the following conditions are satisfied:

$$\left[\begin{array}{ccccc}-P_i^4& 0& 0& {\left({\overline{P}}_i^4{A}_i-R_{4,i}{C}_i\right)}^T& C_i^T{M}_2\\ \ast & -M_1& 0& -R_{4,i}^T& 0\\ \ast & \ast & -{\displaystyle \frac{1}{\beta b_1}}I& {\left(D_{1,i}-R_{4,i}{D}_{2,i}\right)}^T& D_{2,i}^T{M}_2\\ \ast & \ast & \ast & -{\overline{P}}_i^4& 0\\ \ast & \ast & \ast & \ast & -M_2\end{array}\right]<0,$$

(50)

$$\left[\begin{array}{ccc}-{\chi }_i^5& 0& {\left(A_i{\chi }_i^5-B_i{R}_{5,i}\right)}^T\\ \ast & -{\displaystyle \frac{\beta -1}{\beta b_1}}I& D_{1,i}^T{\overline{P}}_i^5\\ \ast & \ast & -{\overline{\chi }}_i^5\end{array}\right]<0,$$

(51)

where $P_i^4=P^4\left(r_k\right)$, ${\overline{P}}_i^4={\displaystyle \sum _{j=1}^s}{\lambda }_{ij}{P}_j^4$, $P_i^5=P^5\left(r_k\right)$, ${\overline{P}}_i^5={\displaystyle \sum _{j=1}^s}{\lambda }_{ij}{P}_j^5$, ${\chi }_i^5={\left(P_i^5\right)}^{-1}$, and ${\overline{\chi }}_i^5={\left({\overline{P}}_i^5\right)}^{-1}$, then the presented estimator-based feedback controller (47) can realize that state estimation error (48) and the state vector of the closed-loop system (49) are exponentially mean-square bounded. For each system mode $i\in S$, the estimator gains ${\tilde{L}}_i$ and controller gains ${\tilde{K}}_i$ can be accordingly determined by ${\tilde{L}}_i={\left({\overline{P}}_i^4\right)}^{-1}{R}_{4,i}$ and ${\tilde{K}}_i=R_{5,i}{P}_i^5$, respectively.

Proof. 

Consider the following Lyapunov function:

$$\tilde{V}\left(k\right)=e_k^T{P}_i^4{e}_k+x_k^T{P}_i^5{x}_k.$$

(52)

where $P_i^4=P^4\left(r_k\right)$ and $P_i^5=P^5\left(r_k\right)$ are positive definite symmetric matrices for each system mode $i\in S$. The corresponding difference, $\mathbb{E}\left[\mathrm{\Delta }\tilde{V}\left(k\right)\right]=\mathbb{E}\left[\tilde{V}\left(k+1\right)\right]-\mathbb{E}\left[\tilde{V}\left(k\right)\right]$, along the trajectories of state estimation error dynamics (48) and the closed-loop system dynamics (49) is given by:

$$\begin{array}{cc}\hfill \mathbb{E}\left[\mathrm{\Delta }\tilde{V}\left(k\right)\right]& =e_k^T{\left(A_i-{\tilde{L}}_i{C}_i\right)}^T{\overline{P}}_i^4\left(A_i-{\tilde{L}}_i{C}_i\right)e_k+{\varphi }_k^T{\tilde{L}}_i^T{\overline{P}}_i^4{\tilde{L}}_i{\varphi }_k\hfill \\ \hfill & +w_k^T{\left(D_{1,i}-{\tilde{L}}_i{D}_{2,i}\right)}^T{\overline{P}}_i^4\left(D_{1,i}-{\tilde{L}}_i{D}_{2,i}\right)w_k+2e_k^T{\left(A_i-{\tilde{L}}_i{C}_i\right)}^T{\overline{P}}_i^4{\tilde{L}}_i{\varphi }_k\hfill \\ \hfill & -e_k^T{P}_i^4{e}_k+x_k^T{\left(A_i-B_i{\tilde{K}}_i\right)}^T{\overline{P}}_i^5\left(A_i-B_i{\tilde{K}}_i\right)x_k+e_k^T{\tilde{K}}_i^T{B}_i^T{\overline{P}}_i^5{B}_i{\tilde{K}}_i{e}_k\hfill \\ \hfill & +w_k^T{D}_{1,i}^T{\overline{P}}_i^5{D}_{1,i}{w}_k+2x_k^T{\left(A_i-B_i{\tilde{K}}_i\right)}^T{\overline{P}}_i^5{B}_i{\tilde{K}}_i{e}_k-x_k^T{P}_i^5{x}_k,\hfill \end{array}$$

(53)

where ${\overline{P}}_i^4={\displaystyle \sum _{j=1}^s}{\lambda }_{ij}{P}_j^4$ and ${\overline{P}}_i^5={\displaystyle \sum _{j=1}^s}{\lambda }_{ij}{P}_j^5$ for $\forall i\in S$. By exploiting the property of the stochastic noise term $w_k$ of the system (1), we obtain the following expression:

$$\mathbb{E}\left[\mathrm{\Delta }\tilde{V}\left(k\right)\right]=\left[\begin{array}{cccc}{e}_k^T& x_k^T& {\varphi }_k^T& w_k^T\end{array}\right]\left[\begin{array}{cccc}{\tilde{\mathrm{\Xi }}}_{11}& {\tilde{\mathrm{\Xi }}}_{12}& {\left(A_i-{\tilde{L}}_i{C}_i\right)}^T{\overline{P}}_i^4{\tilde{L}}_i& 0\\ \ast & {\tilde{\mathrm{\Xi }}}_{22}& 0& 0\\ \ast & \ast & {\tilde{L}}_i^T{\overline{P}}_i^4{\tilde{L}}_i& 0\\ \ast & \ast & \ast & {\tilde{\mathrm{\Xi }}}_{44}\end{array}\right]\left[\begin{array}{c}{e}_k\\ x_k\\ {\varphi }_k\\ w_k\end{array}\right]+b_1,$$

(54)

where

$$\begin{array}{cc}\hfill & {\tilde{\mathrm{\Xi }}}_{11}={\left(A_i-{\tilde{L}}_i{C}_i\right)}^T{\overline{P}}_i^4\left(A_i-{\tilde{L}}_i{C}_i\right)+{\tilde{K}}_i^T{B}_i^T{\overline{P}}_i^5{B}_i{\tilde{K}}_i-P_i^4,\hfill \\ \hfill & {\tilde{\mathrm{\Xi }}}_{44}={\left(D_{1,i}-{\tilde{L}}_i{D}_{2,i}\right)}^T{\overline{P}}_i^4\left(D_{1,i}-{\tilde{L}}_i{D}_{2,i}\right)+D_{1,i}^T{\overline{P}}_i^5{D}_{1,i}-{\displaystyle \frac{1}{b_1}}I,\hfill \\ \hfill & {\tilde{\mathrm{\Xi }}}_{22}={\left(A_i-B_i{\tilde{K}}_i\right)}^T{\overline{P}}_i^5\left(A_i-B_i{\tilde{K}}_i\right)-P_i^5,\hfill \\ \hfill & {\tilde{\mathrm{\Xi }}}_{12}={\tilde{K}}_i^T{B}_i^T{\overline{P}}_i^5\left(A_i-B_i{\tilde{K}}_i\right),\hfill \end{array}$$

(55)

and the parameter $b_1$ is a given positive scalar. Furthermore, Equation (54) can be provided according to event condition (23) as follows:

$$\mathbb{E}\left[\mathrm{\Delta }\tilde{V}\left(k\right)\right]=\left[\begin{array}{cccc}{e}_k^T& x_k^T& {\varphi }_k^T& w_k^T\end{array}\right]\left[\begin{array}{cccc}{\tilde{\mathrm{\Xi }}}_{11}& {\tilde{\mathrm{\Xi }}}_{12}& {\left(A_i-{\tilde{L}}_i{C}_i\right)}^T{\overline{P}}_i^4{\tilde{L}}_i& 0\\ \ast & {\tilde{\mathrm{\Xi }}}_{22}& 0& 0\\ \ast & \ast & {\tilde{L}}_i^T{\overline{P}}_i^4{\tilde{L}}_i-M_1& 0\\ \ast & \ast & \ast & {\tilde{\mathrm{\Xi }}}_{44}\end{array}\right]\left[\begin{array}{c}{e}_k\\ x_k\\ {\varphi }_k\\ w_k\end{array}\right]+b_1.$$

(56)

In Equation (56), the following notations are represented as:

$$\begin{array}{cc}\hfill & {\tilde{\mathrm{\Xi }}}_{44}={\left(D_{1,i}-{\tilde{L}}_i{D}_{2,i}\right)}^T{\overline{P}}_i^4\left(D_{1,i}-{\tilde{L}}_i{D}_{2,i}\right)+D_{2,i}^T{M}_2{D}_{2,i}+D_{1,i}^T{\overline{P}}_i^5{D}_{1,i}-{\displaystyle \frac{1}{b_1}}I,\hfill \\ \hfill & {\tilde{\mathrm{\Xi }}}_{11}={\left(A_i-{\tilde{L}}_i{C}_i\right)}^T{\overline{P}}_i^4\left(A_i-{\tilde{L}}_i{C}_i\right)+C_i^T{M}_2{C}_i+{\tilde{K}}_i^T{B}_i^T{\overline{P}}_i^5{B}_i{\tilde{K}}_i-P_i^4,\hfill \\ \hfill & {\tilde{\mathrm{\Xi }}}_{22}={\left(A_i-B_i{\tilde{K}}_i\right)}^T{\overline{P}}_i^5\left(A_i-B_i{\tilde{K}}_i\right)-P_i^5,\hfill \\ \hfill & {\tilde{\mathrm{\Xi }}}_{12}={\tilde{K}}_i^T{B}_i^T{\overline{P}}_i^4\left(A_i-B_i{\tilde{K}}_i\right).\hfill \end{array}$$

(57)

For any positive scalar $\beta$, Equation (56) can be further transformed into:

$$\mathbb{E}\left[\mathrm{\Delta }\tilde{V}\left(k\right)\right]\le {\tilde{e}}_k^T{\overline{\mathrm{\Xi }}}_1{\tilde{e}}_k+{\tilde{x}}_k^T{\overline{\mathrm{\Xi }}}_2{\tilde{x}}_k+e_k^T{\tilde{K}}_i^T{B}_i^T{\overline{P}}_i^5{B}_i{\tilde{K}}_i{e}_k+2x_k^T{\left(A_i-B_i{\tilde{K}}_i\right)}^T{\overline{P}}_i^5{B}_i{\tilde{K}}_i{e}_k+b_1,$$

(58)

where

$$\begin{array}{cc}\hfill & {\tilde{e}}_k={\left[\begin{array}{ccc}{e}_k^T& {\varphi }_k^T& w_k^T\end{array}\right]}^T,{\tilde{x}}_k={\left[\begin{array}{cc}{x}_k^T& w_k^T\end{array}\right]}^T,\hfill \\ \hfill & {\overline{\mathrm{\Xi }}}_1=\left[\begin{array}{cc}{\overline{\mathrm{\Xi }}}_{11}& {\overline{\mathrm{\Xi }}}_{12}\\ \ast & {\overline{\mathrm{\Xi }}}_{22}\end{array}\right],{\overline{\mathrm{\Xi }}}_{11}=\left[\begin{array}{ccc}-P_i^4& 0& 0\\ \ast & -M_1& 0\\ \ast & \ast & -{\displaystyle \frac{1}{\beta b_1}}I\end{array}\right],{\overline{\mathrm{\Xi }}}_{22}=\left[\begin{array}{cc}-{\overline{P}}_i^4& 0\\ 0& -M_2\end{array}\right],\hfill \\ \hfill & {\overline{\mathrm{\Xi }}}_{12}=\left[\begin{array}{cc}{\left(A_i-{\tilde{L}}_i{C}_i\right)}^T{\overline{P}}_i^4& C_i^T{M}_2\\ -{\tilde{L}}_i^T{\overline{P}}_i^4& 0\\ {\left(D_{1,i}-{\tilde{L}}_i{D}_{2,i}\right)}^T{\overline{P}}_i^4& D_{2,i}^T{M}_2\end{array}\right],{\overline{\mathrm{\Xi }}}_2=\left[\begin{array}{ccc}-P_i^5& 0& {\left(A_i-B_i{\tilde{K}}_i\right)}^T{\overline{P}}_i^5\\ \ast & -{\displaystyle \frac{\beta -1}{\beta b_1}}I& D_{1,i}^T{\overline{P}}_i^5\\ \ast & \ast & -{\left({\overline{P}}_i^5\right)}^{-1}\end{array}\right].\hfill \end{array}$$

(59)

Based on the constraints specified in Equations (50) and (51), it can be derived from Equation (58) that:

$$\begin{array}{cc}\hfill \mathbb{E}\left[\mathrm{\Delta }\tilde{V}\left(k\right)\right]& \le {\alpha }_0{\alpha }_1{∥{\tilde{e}}_k∥}^2+{\alpha }_2{∥{\tilde{x}}_k∥}^2+{\alpha }_3{∥{\tilde{e}}_k∥}^2+2{\alpha }_4∥{\tilde{e}}_k∥∥{\tilde{x}}_k∥+b_1,\hfill \\ \hfill & -{\alpha }_2{∥{\tilde{x}}_k∥}^2-\left({\alpha }_0{\alpha }_1-{\alpha }_3\right){∥{\tilde{e}}_k∥}^2+2{\alpha }_4∥{\tilde{e}}_k∥∥{\tilde{x}}_k∥+b_1.\hfill \end{array}$$

(60)

where an arbitrary scalar ${\alpha }_0>0$, ${\alpha }_1={\lambda }_{min}\left(-{\overline{\mathrm{\Xi }}}_1\right)$, ${\alpha }_2={\lambda }_{min}\left(-{\overline{\mathrm{\Xi }}}_2\right)$, ${\alpha }_3=∥{\tilde{K}}_i^T{B}_i^T{\overline{P}}_i^5{B}_i{\tilde{K}}_i∥$, ${\alpha }_4=2∥x_k^T{\left(A_i-B_i{\tilde{K}}_i\right)}^T{\overline{P}}_i^5{B}_i{\tilde{K}}_i∥$. By choosing ${\alpha }_0\ge {\displaystyle \frac{{\alpha }_4^2+{\alpha }_2{\alpha }_3}{{\alpha }_2{\alpha }_1}}$, it follows from Equation (60) that:

$$\begin{array}{cc}\hfill \mathbb{E}\left[\mathrm{\Delta }\tilde{V}\left(k\right)\right]& \le -{\alpha }_2{∥{\tilde{x}}_k∥}^2-\left({\alpha }_0{\alpha }_1-{\alpha }_3\right){∥{\tilde{e}}_k∥}^2+\sqrt{{\alpha }_2\left({\alpha }_0{\alpha }_1-{\alpha }_3\right)}∥{\tilde{e}}_k∥∥{\tilde{x}}_k∥+b_1,\hfill \\ \hfill & \le -{\alpha }_2{∥{\tilde{x}}_k∥}^2-\left({\alpha }_0{\alpha }_1-{\alpha }_3\right){∥{\tilde{e}}_k∥}^2+b_1.\hfill \end{array}$$

(61)

The remaining proof for Theorem 4 is excluded due to its substantial similarity to the proof of Theorem 1. Both Theorems 1 and 4 are based on the principles outlined in Definition 1 and use analogous proof techniques to prove their results. Extending the principles established by Theorem 1, we can show that both the system state $x_k$ and the associated state estimation error $e_k$ asymptotically converge to a bounded neighborhood around the origin, characterized by the positive scalar $b_1$. Consequently, the proposed estimator-based feedback controller, as defined by Equation (47), effectively guarantees the exponential mean-square stability of the closed-loop system governed by Equation (49). This completes the proof.    □

Remark 5.

To ensure the exponential mean-square stability of the closed-loop system described by Equation (49), our previous analysis indicates that the controller gains ${\tilde{K}}_i$, for all modes $i\in S$, should be designed to satisfy condition (51). To facilitate the design process and to transform the condition into a more tractable form, we apply a series of matrix manipulations. Specifically, when we post- and pre-multiply Equation (59) by the block diagonal matrix $\left[\begin{array}{ccc}{\left(P_i^5\right)}^{-1}& 0& 0\\ 0& I& 0\\ 0& 0& I\end{array}\right]$, the following expression is obtained:

$$\left[\begin{array}{ccc}-{\chi }_i^5& 0& {\left(A_i{\chi }_i^5-B_i{\tilde{K}}_i{\chi }_i^5\right)}^T\\ \ast & -{\displaystyle \frac{\beta -1}{\beta b_1}}I& D_{1,i}^T{\overline{P}}_i^5\\ \ast & \ast & -{\overline{\chi }}_i^5\end{array}\right],$$

(62)

where we introduce the notations ${\chi }_i^5={\left(P_i^5\right)}^{-1}$ and ${\overline{\chi }}_i^5={\left({\overline{P}}_i^5\right)}^{-1}$. To further simplify our design problem, we apply the Schur complement lemma [31], a powerful tool in matrix analysis and optimization. In addition, we introduce the notation ${\tilde{R}}_i={\tilde{K}}_i{\chi }_i^5$, which represents a change of variables that linearizes the problem. Through these manipulations, we can show that Equation (62) is equivalent to the original stability condition (51).

4.2. Attack Monitoring Strategy

Prior to presenting an attack monitoring strategy, an attack indicative signal (i.e., residual) can be generated utilizing the output estimation error of the estimator (47) as follows:

$${\tilde{r}}_k^i=\mathbb{E}\left[y_k-C_i{\widehat{x}}_k\right].$$

(63)

Algorithm 2 describes an attack monitoring strategy involving a remote estimation system that relies on measurements from a battery-powered sensor. The system uses wireless communication to transmit data to a remote estimator. The decision to send current measurement data to the remote estimator is managed by an event-triggered data transmission scheme (6). When the event condition is met (i.e., ${\gamma }_k=1$), the remote estimator receives the data; otherwise, if ${\gamma }_k=0$, the data are not sent. As illustrated in Figure 1, a local estimator calculates the residual ${\tilde{r}}_k^i$ online according to Equation (63). If the system is free of deception attacks (i.e., $a_k\equiv 0$), the expected value of the residual should approach zero. In contrast, if a deception attack occurs (i.e., $a_k\ne 0$), the expected value of the residual will be significantly greater than zero.

Algorithm 2 Event-triggered attack monitoring strategy

Step 1 Estimator design: A series of state estimators, as defined in Equation (47), are designed to provide estimates of the system state ${\widehat{x}}_k$. Step 2 Residual calculation: Attack residuals, denoted as ${\tilde{r}}_k^i$, are computed based on Equation (63). A small threshold, ${\delta }_a$, is established to distinguish between normal and anomalous residual values. Step 3 Attack detection: If the calculated residual is below the threshold (${\tilde{r}}_k^i<{\delta }_a$), the system is considered to be in an attack-free mode and no attack alarm is generated. Step 4 Event-triggered data transmission: When the attack monitor enters an attack-free mode, an event-triggered mechanism (6) determines whether to transmit sensor measurements to the remote estimator. If the event condition is met (i.e., ${\gamma }_k=1$), data are transmitted; otherwise, data transmission is prohibited to conserve energy. Step 5 Attack alarm: If the calculated residual exceeds or equals the threshold (i.e., ${\tilde{r}}_k^i\ge {\delta }_a$), a deception attack is declared, and an attack alarm is activated. To facilitate attack detection, sensor measurements are transmitted to the remote estimator, bypassing the event-triggered condition (6).

Furthermore, if the residual value $r_k$ falls below the threshold ${\delta }_a$, it indicates that the system is operating free of attacks. In this case, the event-triggered data transmission scheme (6) is employed to optimize power consumption. However, if $r_k$ exceeds or equals ${\delta }_a$, it suggests that the system is suffering from a deception attack by a malicious adversary. In response, sensor data are manually transmitted to the remote estimator, bypassing the event-triggered mechanism. This approach can successfully address the problem of delayed detection of attacks. In particular, by manually sending sensor data to the remote estimator whenever the residual value exceeds a certain threshold, the system can immediately detect and respond to deception attacks. This immediate response helps overcome any delays that might occur if the data transmission relied solely on the event-triggered mechanism, which in some cases may not activate quickly enough. This strategy ensures that the system can detect and alert to attacks in a timely manner, improving the overall effectiveness of the monitoring process.

4.3. Plug-and-Play Operations

In our work, we propose a dynamic event-triggered sensor data transmission scheme (6) for secure monitoring and attack-tolerant control based on a PnP architecture, as illustrated in Figure 3. This architecture addresses the critical challenge of improving the cyber security of Markovian jump stochastic system (1) without compromising its stability. At the core of the architecture are both the secure monitoring module and the attack-tolerant control module, which operate in parallel with the real system, continuously assessing the state of the system without interfering with its primary operations. This parallel operation ensures real-time detection of deception attacks without introducing delays or computational overhead to the main control loop. The PnP nature of the architecture allows dynamic activation of attack-tolerant modules based on monitoring results, providing an adaptive and flexible security approach. This design preserves the existing nominal feedback control, ensuring closed-loop stability, while providing secure monitoring performance and attack tolerance through the PnP modules.

Specifically, two key components are embedded in the feedback control loop: an estimator-based attack indicator described by Equation (63) to detect deception attacks, and an attack-tolerant controller described by Equation (34) that employs the attack reconstruction technique of Equation (12) to maintain system performance even in the presence of detected deception attacks. This controller can utilize an online reconfiguration method to adjust system state behavior in real time based on the detected presence and nature of attacks. By maintaining the core control structure while adding these layers of security, our approach ensures that even if the security modules fail or are compromised, the system will continue to operate stably, albeit potentially vulnerable to attack. This architecture represents an advancement in balancing the need for enhanced security with the practical constraints of maintaining system stability and performance, and it provides a flexible method for improving the system’s resilience against deception attacks. The major advantages of the proposed PnP monitoring and control architecture are summarized as follows:

(1)

The secure monitoring and control are seamlessly integrated within a unified framework.

(2)

The residual-based monitoring module and the attack-tolerant controller exhibit the “plug-in” and “plug-out” ability, allowing for flexible system configuration. The design objectives for robustness and tolerance are separated: the robustness of the closed-loop can be improved through the design of $\tilde{K}\left(r_k\right)$, as detailed in Theorem 4, while the tolerance performance can be enhanced by designing the $\overline{K}\left(r_k\right)$, as established in Theorem 2. Furthermore, the design of $\overline{K}\left(r_k\right)$ avoids the modification of the existing control system.

(3)

The architecture accommodates the integration of new sensors or actuators through straightforward reconfiguration of the “plug-in” components, preserving closed-loop stability.

The widespread adoption of data networking technologies in industrial control applications has transformed modern industrial systems. Advanced communication networks such as Ethernet, Profibus, Profinet, and CAN efficiently connect actuators, sensors, and controllers [32,33,34]. This connectivity enables seamless sharing of information across multiple control loops for a complete understanding of industrial systems. By fusing global information, the system can make intelligent decisions, enabling advanced, safe monitoring and control techniques. This networked architecture supports real-time data exchange throughout the system. As a result, it enables the implementation of secure monitoring and attack-tolerant control strategies that significantly improve the efficiency and adaptability of industrial operations.

Figure 4 illustrates the industrial operation of the proposed PnP monitoring and control architecture, which can utilize both wireless communication and a multi-core processor setup. The overall system consists of the controlled plant, followed by a Markovian jump process, an existing nominal control module, and a PnP coordinator, all connected via a wireless network. The PnP coordinator manages the “plug-in” modules, which include the residual-based secure monitoring module and the attack-tolerant controller, each equipped with its own configuration algorithms. These modules operate independently, but are managed by the PnP coordinator. This architecture enables flexible extensions to industrial control systems, providing secure monitoring and attack-tolerant control while maintaining system stability.

As illustrated in Figure 5, the proposed framework presents a comprehensive approach to secure monitoring and control, integrating these functions in a unified structure. At its core, the system features a residual-based monitoring module and an attack-tolerant controller module, both of which have been designed with the capacity for “plug-in” and “plug-out” capabilities. This design permits flexible system configuration and distinguishes between the objectives of robustness and tolerance. The robustness of the closed-loop system can be enhanced through the design of $\tilde{K}\left(r_k\right)$, as outlined in Theorem 4, while tolerance performance is improved by designing $\overline{K}\left(r_k\right)$ according to Theorem 2. It is noteworthy that the design of the augmented control system avoids modifying the existing control system, thus maintaining operational continuity. Moreover, the architectural design exhibits adaptability, enabling the integration of new sensors or actuators. This integration is achieved through a straightforward reconfiguration of the “plug-in” components, thereby ensuring that the closed-loop stability is preserved.

5. Case Study: PWM-Driven Boost Converter

In this section, a modified PWM (pulse-width modulation)-driven boost converter model borrowed from [7] is introduced as a practical background to illustrate the effectiveness of the effectiveness of the obtained theoretical results. In Figure 6, the PWM-driven boost converters considered are basic power electronic circuits that raise the output voltage above the input level. They operate by rapidly switching a semiconductor device, controlled by a PWM signal, to alternately store and transfer energy. These converters are widely used in renewable energy systems, electric vehicles, and portable electronics [7,35], where they play a critical role in efficient power management and voltage regulation. The detailed description of the PWM-driven boost converter is given in the following section.

5.1. PWM-Driven Boost Converter: Description and Modeling

As depicted in Figure 6, the circuit components are denoted as follows: L represents the inductance, C symbolizes the capacitance, R denotes the inductor resistance, $R_L$ denotes the load resistance, and $V_{in}$ represents the source voltage. This converter, a fundamental circuit in power electronics, serves to regulate the source voltage, ensuring a stable output despite fluctuations in the input. In the boost converter, the switch can take two different modes.

It is interesting to note that the switch does not move in a predetermined sequence, but rather jumps from one position to another in a random manner. This seemingly chaotic behavior can be mathematically modeled as a Markov process with two finite states. A Markov process is particularly well-suited to this scenario because it can represent systems where the future state depends only on the current state, not on the sequence of events that preceded it. Utilizing the Kirchhoff voltage and current law, the differential equations for the boost converter are as follows:

(1)

Mode 1

$$\left\{\begin{array}{cc}\hfill & {\dot{i}}_L\left(t\right)={\displaystyle \frac{R}{L}}{i}_L\left(t\right)-{\displaystyle \frac{1}{L}}{V}_C\left(t\right)+{\displaystyle \frac{1}{L}}{V}_{in}\left(t\right),\hfill \\ \hfill & {\dot{V}}_C\left(t\right)={\displaystyle \frac{1}{C}}{i}_L\left(t\right)-{\displaystyle \frac{1}{R_{L}C}}{V}_C\left(t\right),\hfill \end{array}\right.$$

(64)

(2)

Mode 2

$$\left\{\begin{array}{cc}\hfill & {\dot{i}}_L\left(t\right)=-{\displaystyle \frac{R}{L}}{i}_L\left(t\right)+{\displaystyle \frac{1}{L}}{V}_{in}\left(t\right),\hfill \\ \hfill & {\dot{V}}_C\left(t\right)=-{\displaystyle \frac{1}{R_{L}C}}{V}_C\left(t\right).\hfill \end{array}\right.$$

(65)

Based on the results documented in study [7], we proceed to the following parameters:

(1)

Mode 1

$$\left\{\begin{array}{cc}\hfill & \left[\begin{array}{c}{\dot{i}}_L\left(k+1\right)\\ {\dot{V}}_C\left(k+1\right)\end{array}\right]=\left[\begin{array}{cc}0.88& -0.05\\ 0.4& -0.72\end{array}\right]\left[\begin{array}{c}{i}_L\left(k\right)\\ V_C\left(k\right)\end{array}\right]+\left[\begin{array}{c}2\\ 1\end{array}\right]V_{in}\left(k\right),\hfill \\ \hfill & y\left(k\right)=\left[\begin{array}{cc}0.03& -0.05\end{array}\right]\left[\begin{array}{c}{i}_L\left(k\right)\\ V_C\left(k\right)\end{array}\right],\hfill \end{array}\right.$$

(66)

(2)

Mode 2

$$\left\{\begin{array}{cc}\hfill & \left[\begin{array}{c}{\dot{i}}_L\left(k+1\right)\\ {\dot{V}}_C\left(k+1\right)\end{array}\right]=\left[\begin{array}{cc}0.79& -0.045\\ 0.36& -0.648\end{array}\right]\left[\begin{array}{c}{i}_L\left(k\right)\\ V_C\left(k\right)\end{array}\right]+\left[\begin{array}{c}1.8\\ 0.9\end{array}\right]V_{in}\left(k\right),\hfill \\ \hfill & y\left(k\right)=\left[\begin{array}{cc}0.27& -0.03\end{array}\right]\left[\begin{array}{c}{i}_L\left(k\right)\\ V_C\left(k\right)\end{array}\right].\hfill \end{array}\right.$$

(67)

The transition probability matrix are considered as:

$$\psi =\left[\begin{array}{cc}0.3& 0.7\\ 0.4& 0.6\end{array}\right],$$

(68)

with the initial mode $r_0=1$. From the results of Theorems 1–4, the predetermined constants are chosen as follows: $b_1=0.015$, $b_2=0.026$, $\beta =0.5$, and ${\rho }_0=0.53$.

To facilitate our experiment, we parameterize the additional matrices in system (1) as shown below:

$$D_{1,i}=\left[\begin{array}{c}0.01\\ 0.025\end{array}\right],D_{2,i}=0.012,\mathrm{and}{F}_i=1.$$

(69)

Furthermore, the two-mode Markov chain $r_k$ for the PWM-driven boost converter is visualized in Figure 7, which is established using the transition probability matrix $\psi$ specified in Equation (68).

5.2. PWM-Driven Boost Converter: Experimental Results and Analysis

Before evaluating the effectiveness of our proposed methods, we established the following three different attack scenarios.

• Case 1: A constant attack scenario

  $$a_k=\left\{\begin{array}{cc}0\hfill & k\le 30,\hfill \\ 0.5\hfill & k>30.\hfill \end{array}\right.$$

  (70)

In this scenario, a persistent attack threat is simulated where the attacker introduces a fixed and unchanging signal to the considered system (1). This can represent a sustained attempt to manipulate a specific parameter on the actuator side, maintaining a consistent level of interference over time.

• Case 2: A time-varying attack scenario

  $$a_k=\left\{\begin{array}{cc}0\hfill & k\le 30,\hfill \\ sin\left(k\right)\hfill & k>30,\hfill \end{array}\right.$$

  (71)

  where we model a more dynamic threat environment. The attack parameters fluctuate over time and follow predetermined patterns. This scenario tests the ability of our algorithm to adapt to attacks and remain stable under changing attack conditions.
• Case 3: An incipient attack scenario

  $$a_k=\left\{\begin{array}{cc}0\hfill & k\le 30,\hfill \\ 0.03e^{0.05}\hfill & k>30.\hfill \end{array}\right.$$

  (72)

This case presents a scenario in which a malicious signal gradually increases in impact over time. Such a scenario can represent an attacker’s attempt to avoid detection by introducing subtle changes that accumulate to a significant impact, challenging early warning capabilities of our monitoring strategy.

To demonstrate the effectiveness of the proposed theoretical results in Algorithms 1 and 2, a series of experiments are conducted addressing three distinct attack cases: constant, time-varying, and incipient attacks. These experiments evaluate the performance of attack monitoring, attack reconstruction, and attack-tolerant control under each scenario.

5.2.1. Experiment I: Performance Evaluation of Attack Detection

Figure 8 demonstrates the timeliness and effectiveness of our attack monitoring strategy. The attack, which occurs at step 31, is immediately detected as the attack indicator signal rises sharply above the 0.12 threshold. This immediate detection exemplifies the algorithm’s responsiveness to abrupt, persistent attacks. The attack indicative signal persists at an elevated level throughout the remaining steps, illustrating the algorithm’s robust detection capability. The clear separation between “with attack” and “without attack” signals from step 31 onwards, coupled with the absence of false alarms before the attack, highlights the effectiveness of Algorithm 2.

In Figure 9, the algorithm again exhibits the performance of attack detection. At step 31, when the attack begins, the indicative signal immediately surges above the 0.16 threshold, showing precise and timely detection. Despite the subsequent fluctuations in attack intensity, the signal persistently remains above the threshold, demonstrating the algorithm’s capacity to maintain detection under time-varying attack conditions. The sharp contrast between pre- and post-attack signals highlights the algorithm’s effectiveness in identifying time-varying attack threats.

The sensitivity of the algorithm is evaluated in Figure 10 through the analysis of the incipient attack (72). The attack initiates at step 31, and the algorithm detects this onset immediately, with the indicator signal beginning to rise at this exact step. The immediate response at step 31 demonstrates the algorithm’s sensitivity to even minor changes indicative of an incipient attack. The consistent rise of the indicator post-step 31 shows effective tracking of the gradually intensifying attack.

Across all three scenarios, The threshold selection for each scenario illustrates the algorithm’s capacity for different attack profiles while maintaining a high level of detection accuracy. Moreover, it is noteworthy that despite the implementation of a dynamic event-triggered transmission scheme, which could potentially introduce delays, the attack monitoring strategy consistently detects the attack at step 31 without any lag. This reveals the efficacy of the optimizations in Algorithm 2 in effectively mitigating any potential transmission-related detection delays.

5.2.2. Experiment II: Performance Assessment of Attack Reconstruction

Figure 11 presents a comparison of two methods for reconstructing a constant attack: a static event-triggered learning observer (SETLO), adapted from the existing excellent works [36,37], and the dynamic event-triggered attack estimator established in Equation (12). The proposed method demonstrates excellent performance in reconstructing the constant attack, closely tracking the actual attack signal. As evidenced by the magnified region, the proposed method demonstrates a slight advantage over SETLO in terms of accuracy. The event-triggered transmission behaviors of our method effectively minimize data transmission while maintaining robust reconstruction of the constant attack.

Figure 12 illustrates the effectiveness of the proposed method in tracking the dynamic nature of the time-varying attack, which frequently coincides with the actual attack signal. The magnified area is provided to confirm the capacity of the proposed method to capture rapid changes in the attack signal. Moreover, it can be observed from Figure 12 that the attack estimator effectively minimizes data transmission while maintaining robust reconstruction of the time-varying attack by employing the designed dynamic event-triggered transmission scheme.

For the incipient attack, the proposed method in Figure 13 demonstrates high sensitivity in reconstructing the gradually intensifying attack. The magnified zone shows that it can accurately capture the attack’s onset and subsequent growth. Additionally, the progression of event-triggered transmission behaviors can suggest that our attack estimator successfully reduces data transmission while ensuring a reliable reconstruction of the emerging attack.

It is of particular interest to note that Figure 14 offers valuable insights into the transmission efficiency of the various methods under consideration. The proposed dynamic event-triggered transmission strategy displays superior efficiency for constant and incipient attack scenarios, requiring fewer transmissions compared to static event-triggered and time-driven methods. However, for the time-varying attack scenario, its transmission count is almost equivalent to that of the static event-driven method, likely due to the rapidly changing signal necessitating frequent updates.

The proposed attack reconstruction method exhibits superior performance across various attack scenarios. The theoretical result combines accurate reconstruction with efficient event-triggered transmission, thereby outperforming SETLO in all cases. The ability of method to adapt its transmission behavior to different attack profiles makes it particularly suitable for real-world applications where attack characteristics may vary. The efficiency gains in transmission, especially for constant and incipient attacks, highlight the method’s potential for reducing communication load in attack-resilient control systems.

5.2.3. Experiment III: Performance Examination of Attack-Tolerant Control

Experiment III focuses on evaluating the effectiveness of the proposed attack-tolerant control strategy using the reconstructed attack information from Experiment II. The experiment examines the state response of system under three distinct attack scenarios. Figure 15, Figure 16 and Figure 17 illustrate the state responses for each attack case, respectively.

In the scenario of the constant attack shown in Figure 15, both state responses examine the effectiveness of the proposed attack-tolerant controller. The state trajectories generated by the attack-tolerant controller exhibit a high degree of similarity to those generated in the absence of an attack, demonstrating consistent stability in the vicinity of the origin. In contrast, the system without the proposed controller demonstrates a notable divergence beginning at time step 31, with the state values rapidly increasing to approximately 0.5 and subsequently oscillating.

Figure 16 presents a more challenging case than the previous constant attack case. Here, the proposed method again shows remarkable performance. Despite the dynamic nature of the attack, the state responses with the attack-tolerant controller remain nearly indistinguishable from the no-attack case, exhibiting minimal variation close to zero. Conversely, when the attack-tolerant controller is not equipped, the system state response curves display significant oscillations in response to the time-varying attack, fluctuating between approximately −1 and 1. This indicates a substantial loss of control.

As depicted in Figure 17, the gradual nature of the incipient attack is evident. The proposed attack-tolerant controller effectively keeps the state responses close to the no-attack scenario. In the absence of the proposed attack-tolerant controller, the system state response curves exhibit a steadily increasing divergence in both states beginning from time step 31, ultimately reaching values of approximately 0.3 and 0.35 by the end of the simulation period.

This experiment highlights the crucial role of attack-tolerant control in maintaining system stability and performance amidst various attack scenarios. By ensuring that state responses remain closely aligned with the no-attack case across different attack scenarios, the proposed method demonstrates its adaptability and effectiveness in strengthening the resilience of control systems against potential threats.

In this section, three experiments evaluated attack detection, reconstruction, and tolerant control methods across constant, time-varying, and incipient attack scenarios. Experimental results showed effective and timely attack detection, accurate reconstruction with optimized transmission efficiency, and robust attack-tolerant control maintaining system stability. The proposed approach demonstrated effectiveness in enhancing the considered discrete-time Markovian jump stochastic system resilience against distinct attack cases, while reducing communication load through the dynamic event-triggered transmission scheme.

6. Conclusions and Future Work

This paper has proposed a PnP secure monitoring and control architecture for a class of Markovian jump stochastic systems vulnerable to deception attacks on the actuator side. We have constructed a dynamic event-triggered sensor data transmission scheme associated with an attack estimator to simultaneously reconstruct system states and actuator attacks. Utilizing real-time information on reconstructed attacks, a state-feedback-based controller has been designed to accommodate the effect of actuator attacks on system performance. The advantages of the proposed secure monitoring and attack-tolerant control strategy lie in the following three aspects:

• The introduced event-triggered attack monitoring strategy guarantees real-time attack detection and alarm, thereby enhancing monitoring capability.
• The proposed PnP architecture integrates with existing control systems without modifying or replacing the original control structure, extending its applicability in practical scenarios.
• The design problems of the attack estimator and attack-tolerant controller can be reformulated into linear matrix inequalities, which can be conveniently solved using mathematical software, thus reducing the complexity of the design process.

Finally, the applicability and reliability of our method have been verified by a switched boost converter circuit.

In future work, we intend to evaluate posterior probabilities as part of our results. This will involve developing novel algorithms that integrate posterior probability analysis for a class of Markovian jump stochastic systems. By combining these methods, we aim to create hybrid secure monitoring and attack-tolerant control strategies that are more robust and effective. We will also focus on secure monitoring and attack-tolerant control strategies for multi-point deception attacks. We will extend current attack models to encompass multiple attack scenarios, including replay attacks and denial-of-service attacks. Specifically, we plan to conduct in-depth research on analyzing the impact of multiple attacks on various cyber-physical systems, exploring the interactions and synergies between different attack types, analyzing the patterns of multi-point attacks in real cyber-physical systems.