Resilient Integrated Control for AIOT Systems under DoS Attacks and Packet Loss †

: This paper addresses bandwidth limitations resulting from Denial-of-Service (DoS) attacks on Artificial Intelligence of Things (AIOT) systems, with a specific focus on adverse network conditions. First, to mitigate the impact of DoS attacks on system bandwidth, a novel model predictive control combined with a dynamic time-varying quantization interval adjustment technique is designed for the encoder–decoder architecture of AIOT systems. Second, the network state is modeled to represent a Markov chain under suboptimal network conditions. Furthermore, to guarantee the stability of AIOT systems under random packet loss, a Kalman filter algorithm is applied to precisely estimate the system state. By leveraging the Lyapunov stability theory, the maximum tolerable probability of random packet loss is determined, thereby enhancing the system’s resilient operation. Simulation results validate the effectiveness of the proposed method in dealing with DoS attacks and adverse network conditions.


Introduction
In recent years, the rapid convergence of Internet of Things (IoT) and Artificial Intelligence (AI) technologies has given rise to a promising and nascent technological domain recognized as AIOT [1,2].AIOT amalgamates AI algorithms across the strata of perception, networking, and application layers, thus enabling intelligent cooperation in the realms of sensing, connectivity, computation, and control [3].This innovation has catalyzed groundbreaking advancements and ushered in developmental prospects across multifarious domains, encompassing but not limited to intelligent healthcare, advanced manufacturing, and autonomous vehicular systems, among others [4].In the course of this technological transformation, AIOT is anticipated to permeate diverse facets of society, imparting profound influences on human existence and a myriad of industries.
However, akin to other emerging technologies, the rapid advancement of AIOT systems has presented a myriad of distinctive challenges.These challenges mainly involve the inherent security vulnerabilities within AIOT systems and the continually evolving landscape of network threats.Due to the incorporation of complex functionalities related to perception, control, and execution, AIOT systems exhibit significant differences compared to traditional network systems.This complexity heightens the difficulty of ensuring security, particularly in the context of addressing security threats such as DoS attacks, making the issue increasingly prominent and urgent [5,6].
In the realm of AIOT, adversaries frequently deploy malicious network traffic to overwhelm systems, aiming to deplete system resources [7].This deliberate resource consumption can lead to network bandwidth saturation, triggering service interruptions and even causing the entire system to collapse in extreme cases.In situations of poor network conditions, malicious actors may intentionally orchestrate network congestion, induce packet losses, and introduce transmission delays [8,9].These behaviors profoundly disrupt the internal exchange of status data and transmission of control commands within the AIOT infrastructure.Due to the decreased availability of services and the presence of potential threats, system performance may severely degrade, or even collapse entirely.
In the face of continually evolving security threats in AIOT systems, researchers have devoted significant efforts to developing various defense mechanisms.In response to the issue of DoS attacks in AIOT, notable research contributions have been made.The author meticulously establishes thresholds for attack frequency and duration, utilizing state feedback control to uphold system stability [10].Within this framework, the researcher introduces an elastic controller, employing model establishment and a hybrid system stability analysis approach.An adaptive gain-based control scheme is integrated to effectively mitigate the impact of DoS attacks [11].Moreover, the study delves into a collaborative elastic control methodology, systematically addressing communication delays and countering the adverse effects of DoS attacks by introducing dynamic, time-varying sampling periods and enhanced communication mechanisms [12].Additionally, the author adeptly mitigates the influence of periodic DoS attacks on the observability of Networked Control Systems (NCSs) by considering matrix eigenvalues and delineating sufficient conditions for DoS attacks [13].In continuation, an edge-triggered distributed control framework is introduced, contributing to the overall maintenance of system stability.In the aforementioned design, the system attains asymptotic stability in the presence of disturbances and noise [14].However, under DoS attacks and constrained network bandwidth, the signal deviation induced by quantization introduces inaccuracies in the prediction process, which are ignored by the aforementioned works.
The bandwidth limitation caused by DoS attacks on AIOT systems is evident, and when these systems encounter adverse network conditions such as network congestion, routing issues, or transmission errors, random packet loss phenomena will also arise accordingly.
To deal with the packet loss problem, the author explores network-based modeling and proportional-integral (PI) control for continuous-time direct-drive-wheel systems in wireless network environments, addressing challenges posed by stochastic packet dropouts in system design [15].The concept of the "overall packet loss rate" is introduced, offering a comprehensive assessment of the combined impact of malicious attacks and inherent packet loss [16].This enriches the comprehension of network security and performance dynamics.Additionally, the author investigated the event-triggered synchronization problem of master-slave neural networks.In doing so, they employed static output feedback and designed suitable output feedback controllers using the Lyapunov-Krasovskii functional method [17].Subsequently, the author introduces an innovative dynamic quantization scheme and formulates a Lyapunov function type tailored for systems influenced by quantization and packet loss.This framework facilitates the in-depth analysis of gain performance [18].Following this, the author presents a bounded real condition contingent on the upper limit of network-induced delays and the maximum consecutive malicious packet losses.This enables the simultaneous examination of their collective impact on system performance [19].Furthermore, the author shifts focus to the stability of discrete-time networked control systems, placing specific emphasis on delays induced by the network and malicious packet loss, and establishes corresponding stability criteria [20].While the aforementioned approaches offer valuable theoretical foundations, further validation and an adaptability investigation are required to address the challenges of real-time responsiveness in dealing with dynamic and unpredictable random data packet loss in AIOT systems.
This paper aims to devise a pioneering control scheme to tackle the inaccuracies stemming from signal deviation induced by quantization during the prediction process, while also effectively managing the dynamic and unpredictable random data packet loss in AIOT systems.The contributions of our work can be summarized as follows: • Firstly, we have introduced a model predictive control method based on uniform quantization within the encoder and decoder components.This method aims to alleviate bandwidth limitations during data transmission, especially in the presence of DoS attacks.The approach enhances the reliability of data transmission within AIOT systems.

•
Secondly, to address the discrepancy between predicted values and actual values, this paper delves into the application of dynamic system design to enhance the security defenses of AIOT.This approach not only improves system robustness but also reinforces the system's resistance to interference.• Finally, to tackle the challenge of random packet loss in adverse network conditions, this study employs a Markov chain model to characterize packet loss rates across diverse network scenarios.Additionally, it utilizes the Kalman filter algorithm technique for predicting system states, thereby mitigating the adverse effects of random packet loss.Through a rigorous analysis grounded in Lyapunov stability theory, this paper elucidates a quantitative relationship between random packet loss rates and overall system stability.This, in turn, provides a robust theoretical framework ensuring the sustained stability of system operations.
The paper's structure is outlined as follows: Section 3 introduces the research framework covering system description, predictive techniques, secure quantization, and dynamic system design.Section 4 rigorously validates and assesses the impact of quantization methodologies on system stability through comprehensive analyses and experiments.Section 5 involves experimental simulations, and Section 6 concludes the paper, summarizing findings and suggesting future research directions.

Research Questions
In the context of AIOT systems, the emergence of challenges related to network attacks and data packet losses poses new obstacles to the reliability and robustness of control systems.This paper aims to address the following questions: • How is a resilient control strategy that mitigates DoS attacks and data packet losses designed?• How are sensor data within the control system effectively encoded and decoded to accurately reflect system states and ensure control performance?• How are predictive models and data loss scenarios utilized to adjust controllers, ensuring system stability and performance?

System Description
The state-space representation is as follows: where Ã = SAS −1 , where A ∈ R n x ×n x is a block diagonal matrix, B = SB, K = KS −1 , K represents the control gain matrix, and S ∈ R n x ×n x is a transformation matrix.For clarity, we assume the system matrix has a single eigenvalue as follows: In addition, we define the initial values of η(t), η(0 − ) = 0.The synchronization of all signals in the encoding and decoding systems is achieved through identical structures, initial conditions, and acknowledgments.As depicted in Figure 1, the system comprises six fundamental components: the sensor, encoder, communication channel, decoder, controller, and actuator.The sensor plays a pivotal role in capturing the system's current state, while the encoder performs intricate tasks such as coordinate transformations, quantization, and predictive encoding.The resulting encoded digital signal is transmitted through a network channel susceptible to potential DoS attacks.Upon successful transmission, the decoder meticulously deciphers the received data and utilizes the capabilities of a predictive model to forecast the system's imminent state, adjusting the quantization intervals [21].In the event of transmission failure, the decoder carefully distinguishes between data loss caused by the current network conditions and transmission failure caused by a DoS attack, employing different methods to predict the system's state based on specific circumstances.The decoder transmits these predictive state updates to the controller [22].
Drawing upon this predictive information, the controller formulates robust feedback control signals.These refined control signals are subsequently sent to the actuator, which assumes the ultimate responsibility for effecting changes in the system's state.Through this orchestrated process that incorporates prediction, adept handling of transmission failures, precise controller design, and discerning actuator operation, the system evolves into a steadfast control infrastructure proficient at mitigating the disruptive impact of network anomalies [23].
As the data acquired by the sensor, referred to as η(t), inherently represents a model signal, it necessitates a coordinate transformation before it can be utilized as a data signal within our control system.Consequently, a coordinate transformation is implemented on the sensor-collected data, resulting in S represents the state transition matrix.
The following (Figure 2) is the system framework diagram we have designed.Within our encoding system, depicted in Figure 3, a stable dynamic system with state J(t), where J(t) = [j 1 (t), j 2 (t), • • • , j n s (t)] T , enables the dynamic adjustment of e(t) to minimize it as much as possible, ideally reducing it to 0, and predictive functionalities have been integrated into both the encoder and decoder.This integration enables the system to forecast the state vector for the subsequent time step, leveraging the quantized state data received at the current time point, denoted as t.The prediction of η(t) at time t is denoted as η(t).The dynamics of this predictive system can be expressed using the following equation: During network transmission, DoS attacks may result in signal interruptions, followed by deteriorating network conditions, potentially leading to packet loss [24,25].To address this issue, predictors in both the encoder and decoder infer missing signals based on previously received data.In our decoding system, as depicted in Figure 4, it distinguishes between bandwidth constraints caused by DoS attacks and packet loss due to poor network conditions.For failures caused by bandwidth limitations, the decoder relies on previous state data to predict signals.For packet loss due to poor network conditions, the Kalman filter algorithm is utilized to predict the system's state.Subsequently, the controller utilizes these predicted signals to mitigate the impact of DoS attacks on control performance and maintain system stability.Furthermore, the predictor closely collaborates with the encoding and decoding systems to facilitate signal synchronization between endpoints, thus preventing confusion.Through the utilization of prediction mechanisms, the overall system's resilience against DoS attacks is enhanced, thereby promoting stability even under more frequent and prolonged DoS attack conditions [26,27].When t diverges from the successful transmission time t s , it signifies a scenario where the system encounters a DoS attack, disrupting the transmission process [28,29].Consequently, the decoder faces challenges in fully reconstructing the original state transmitted by the encoder.In such instances, the decoder approximates the signal at the current time using the predicted signal from the previous time step.

Secure Quantization under DoS Attacks
Uniform quantization plays a critical role in data transmission by reducing the volume of signal data requiring transmission, thereby adapting to network bandwidth constraints and significantly enhancing transmission efficiency [30][31][32][33].Moreover, the deliberate design enables quantization to bolster resilience against DoS attacks by facilitating signal reconstruction and maintaining stability during transmission [34][35][36].This study implements adaptive quantization ranges based on the system state vector to minimize quantization errors and improve transmission accuracy.The dynamic adjustment of quantization ranges helps mitigate overflow issues and potential signal distortion.Overall, with proper design, uniform quantization can surmount bandwidth limitations and bolster system robustness against DoS attacks.
where t s is the update instant and R is a design parameter.The quantization of the prediction error, as described, enables effective signal transmission even in scenarios of restricted network bandwidth, including instances with DoS attacks.By keeping the quantization error within a predefined threshold, the encoding and decoding processes accurately represent the original signal.This ensures the integrity and precision of information, thereby facilitating efficient transmission.

Dynamic Time-Varying Quantization Interval Adjustment Technique
Dynamically adjusting the quantization range allows for the constraint of prediction errors within specific bounds to minimize their impact [37].This method not only facilitates reliable signal reconstruction but also bolsters system resilience against interference, even amidst transmission disruptions caused by DoS attacks.Furthermore, it ensures synchronization between encoding and decoding endpoints while selectively transmitting quantized error data to alleviate bandwidth demands.
To swiftly adapt to environmental changes and promptly adjust the quantization range to minimize prediction errors, our research has revealed that designing a stable dynamic system with state J(t), where J(t) = [j 1 (t), j 2 (t), • • • , j n s (t)] T , enables the dynamic adjustment of e(t) to minimize it as much as possible, ideally reducing it to 0.
Even amidst DoS attacks and bandwidth limitations, the decoder's predictive capabilities ensure the reliable reconstruction of the original system state within the AIOT framework.Precise management of the prediction error, symbolized as e(t), is of utmost importance, necessitating meticulous control to minimize its impact.The correlation between e(t) and the adaptive quantization range, represented as j(t), is pivotal in achieving accurate state estimation despite potential distortions.This resilient transmission approach, rooted in signal prediction and quantization, is instrumental in safeguarding the performance integrity of the AIOT system in the face of DoS attacks.The relationship between e(t) and j(t) is The following is the dynamic stable system that we designed where

Random Packet Loss in Adverse Network Conditions
When transmitting data through a channel vulnerable to DoS attacks, we encounter bandwidth limitations.In adverse network conditions, this challenge extends to random packet loss.From an academic perspective, this presents a dual challenge, involving restricted data transmission capacity and the unpredictable loss of data packets [38][39][40].The limited capacity and unpredictable delivery of data packets pose complex challenges for state estimation [41][42][43][44].To ensure reliable state tracking over such unreliable networks, robust techniques are essential to overcome the obstacles posed by constrained bandwidth and random packet losses.In this paper, we employ a Markov chain model to simulate the dynamic transitions of network conditions over time.The primary benefit of utilizing this model lies in its capacity to capture distinct network states, each exerting a substantial impact on packet loss rates.When packet loss occurs, we leverage a Kalman filter algorithm to predict the next state by considering both the previous state estimate and the current measurement.Subsequently, the filter adjusts the estimate based on the reliability of the measurement, thereby enabling the Kalman filter algorithm to provide reasonable system state estimations even in scenarios involving packet loss.Additionally, we construct Lyapunov functions to comprehensively analyze the system's stability.
The integrated application of the Markov chain model and Kalman filter algorithm enables more precise tracking of the system state, facilitating effective adaptation to unstable network environments.This combination yields a robust and reliable control system, essential for preserving data integrity and system stability amidst packet loss challenges and complexities of real-world networks.By constructing appropriate Lyapunov functions, we can analyze the dynamics of complex systems, guiding them towards stable and optimal equilibrium points.
The constructed Lyapunov function is represented as follows: Calculating the first derivative of the Lyapunov function, one has where The Kalman filter algorithm is used to predict the system state to adjust the control input, as follows: Then, the State Estimate is updated using the Kalman filter algorithm: where η(t|t) represents the updated state estimate at time t, η(t|t − 1) represents the predicted state estimate at time t, I(t) denotes the Kalman gain at time t, C(t) signifies the measurement at time t, and H(t) denotes the measurement matrix at time t.Substituting the packet loss probability and solving for the expectation of the Lyapunov function, To maintain system stability, it is necessary to guarantee E[ Ṅ] ≤ 0. Therefore, we have explored the relationship between packet loss rate(p) and system stability to enhance system resilience.

Verification of Dynamic System Stability
In our approach, the quantization interval J(t) for state measurements is adaptively adjusted over time to reduce quantization errors.Reducing J(t) improves the accuracy of state quantization.Our analysis proves that J(t) converges to zero under the adaptation mechanism, achieving precise quantization of system states.This helps realize accurate state estimation even when facing DoS attacks that are limited in frequency and duration.In summary, the adaptive quantization method can enhance resilience against DoS attacks by optimizing the tradeoff between quantization precision and bandwidth requirements.Theorem 1.In the given (9), when R is sufficiently large and c is positive, as t s approaches infinity, the value of J(t s ) tends to approach 0.
Through iteration, we can obtain the following: Assumption 1.There exists an A s such that the value of J at any given moment can be represented using the value of J at time t = 0. Therefore, ) By calculation, we obtain the eigenvalues of B s and C s : The eigenvalues of A s Therefore, if R is sufficiently large (with c being positive), as s → ∞, λ(A s ) approaches 0, which means A s → 0 as s → ∞.If R is sufficiently large, as s → ∞, J(t s ) → 0.

Confirmation of Secure Quantization in the Presence of DoS Attacks
Theorem 2. Given the dynamics of e(t) and J(t) as defined in equations ( 6) and ( 9), respectively, at any time instant t within the non-negative real numbers (t ∈ R + ), it holds that |e(t)| is constrained by J(t).
Proof.First, let's determine the solution for e(t) within the time interval t s < t < t s+1 : By evaluating the magnitudes of all individual components of e(t), Next, for t 0 ≤ t < t 1 , by examining |e| and J, we obtain Initially, we defined | e(t 0 ) |≤ J(t 0 ), resulting in Then Recalling (2) the properties of the function, we find Since Reviewing the update of J(t), We can conclude that By generalizing the above results, one has According to Theorem 1, it is known that J can approach 0 under certain conditions.Since | e(t) |≤ J(t), the prediction error can, under certain conditions, approach 0.

Verification of the Resilience between the Maximum Random Packet Loss Rate and System Stability
Theorem 3. In Equation (16), where E In general, network degradation can lead to random packet loss.To mathematically analyze the effects of such losses, we employ a Markov chain model to simulate the dynamic evolution of network conditions over time.In instances of random packet loss, we utilize an estimation scheme based on the Kalman filter algorithm to optimize the prediction of the system's state trajectory, thereby mitigating the impact of measurement losses.This method enables a comprehensive understanding of the dynamics involved in network behavior and provides a means to enhance system robustness against unpredictable events such as random packet loss.
Specifically, we prove that, below a critical loss threshold, the Kalman filter algorithm facilitates resilient state estimation to guarantee closed-loop stability.Consequently, when the packet loss rate induced by adverse network conditions is restricted below this quantified stability threshold, the stability of the feedback control system can be ensured mathematically.
When the network state is favorable, the system experiences no random packet loss, and we obtain Ṅ1 = η T (P Ã + ÃT P)η + 2η T P BKη (33) When the network state is poor, and the system experiences random packet loss, we find Ṅ0 = ηT (P Ã + ÃT P) η + 2 ηT P Bu K We need to ensure that E[ Ṅ] ≤ 0; therefore, By substituting Equations ( 33) and (35) into Inequality (36), (1 − p)(η T (P Ã + ÃT P)η + 2η T P B Kη) + p( ηT (P Ã + ÃT P) η + 2 ηT P Bu K ) ≤ 0 (37) The analysis presented enables the establishment of a suitable threshold for the random packet loss rate, thereby ensuring the stability of the networked control system amidst DoS attacks.Our integrated framework, which merges Markov modeling and the Kalman filter algorithm, offers robust methodologies for quantifying resilience against packet losses and deriving stability conditions essential for designing secure control systems.

Verification of Overall Closed-Loop System Stability under DoS Attacks
Theorem 4. In the given (1), when the eigenvalues of the matrix ( Ã + B K) are negative and when the error term e(t) approaches zero, the system remains stable.
The linear state-space system is as follows: The following is the control input of the system: Below is the prediction error associated with the system's state vector: Therefore, we obtain Thus, the conditions to ensure system stability in the presence of a DoS attack are that the eigenvalues of the matrix ( Ã + B K) are negative and the error term e(t) needs to approach zero.

Numerical Simulation
Simulation studies were conducted in Python 3.7.We selected Windows 10 as the operating system, to ensure compatibility with the simulation tools.The computer hardware comprises two physical CPU cores and four logical CPU cores, ensuring efficient execution of the simulation experiments.By initializing the system states to the values of 1 and −1, our proposed controller design was implemented to regulate the state dynamics, to asymptotically drive the AIOT system to the desired equilibrium point.The effectiveness of the controller in guiding the states toward stability from the specified non-zero initial conditions is empirically validated through closed-loop control simulations.
Firstly, we considered an open-loop and unstable system with the following matrix representation: The state feedback matrix was defined as In simulation with a 0.1 s transmission interval, we assessed the controller's performance in the presence of DoS attacks and adverse network conditions.Randomized attacks occurred within a 20 s timeframe, totaling 15.52 s.The quantization parameter was set to R = 2.The results demonstrate that our adaptive quantization and control framework ensures the system's resilience against DoS attacks and maintains stability in the face of random packet losses.Mathematical analysis indicates that prediction errors converge to zero, quantization intervals adapt to counteract packet drops, and the Kalman filter algo-rithm produces optimal estimates for accurate state tracking.Simulations under various network conditions further confirm the robustness guarantees.

Empirical Validation of Prediction Error Convergence Dynamics
After the initial transient phase, the prediction error exhibits an exponential decay trend (Figure 5).Eventually, the prediction error converges to zero.This validates the theoretical analysis that, under the adaptive quantization mechanism, prediction errors monotonically decrease over time, achieving zero steady-state error as estimation accuracy continuously improves.This further confirms that the designed control framework can effectively alleviate the impact of DoS attacks on AIOT systems.The experimentally verified results are supported by rigorous stability analysis, endorsing the resilience of the proposed integrated cyber-physical approach against random packet losses.

Simulation-Based Quantization Interval Convergence Analysis
The simulation results demonstrate that the quantization interval J(t) exhibits an exponential decaying trend under the influence of the adaptive tuning algorithm, eventually converging to zero.This corroborates our theoretical analysis that J(t) decreases monotonically to zero over time (Figure 6).The empirical evidence validates the conclusion that the convergence of J(t) minimizes quantization errors to achieve high-precision state quantification.As J(t) approaches zero, the vanishingly small quantization intervals effectively eliminate quantization distortions, accomplishing accurate quantization.

Investigation into Kalman Filter Algorithm Performance for State Estimation
Through simulating the temporal evolution of the system state and introducing multidimensional measurement noise, the Kalman filter algorithm iteratively estimates and corrects the system state at each time step through prediction and update steps.Ultimately, the performance of the Kalman filter algorithm in a multidimensional scenario is rigorously evaluated by computing the root mean square error between the filtered and true states.The plotted graphs elucidate the true state, noisy measurements, and the dynamic evolution of the Kalman-filtered state over time, underscoring the filter's precise estimation of the system state and its resilience against noise (see Figure 7).Consequently, the Kalman filter algorithm framework provides effective and robust means for ensuring stability and enhancing the performance of network control systems.

Modeling and Evaluation of Random Packet Losses under DoS Attacks
In the simulation experiments, the initial random packet loss rate is configured as 1, representing an extreme case of total data unavailability.As the adaptive control and estimation mechanism iterates, the loss rate gradually decreases and eventually stabilizes around 0.3115 (Figure 8).This demonstrates that the closed-loop system can maintain stability under such a packet loss rate.This stable loss rate numerically validates our theoretically derived stability condition that the system retains stability given packet loss rates below 0.3115.

Characterization of Closed-Loop State Trajectories under DoS Attacks
As depicted by the system state response, following the initial transient phase, the state vector gradually converges to the theoretically predicted equilibrium under the control input (Figure 9).This validates the efficacy of the designed controller.Despite the substantial simulated random packet losses mimicking denial-of-service attacks, the system state remains stable.This suggests that the proposed network control framework can effectively endure the impact of denial-of-service attacks and random packet losses in adverse network conditions, thereby ensuring the stability and regular operation of the system.

Conclusions
This paper addresses the challenges stemming from unpredictable packet losses and persistent DoS attacks within AIOT systems.We employ uniform quantization in the encoding-decoding framework, effectively mitigating bandwidth constraints induced by DoS attacks.The utilization of sophisticated Markov chain models and Kalman filter techniques bolsters the system's resilience against random packet losses.Through detailed stability analysis grounded in Lyapunov theory, the intricate relationship between system stability and packet loss rates is impeccably elucidated.Simulation results demonstrate that the proposed approach can ensure the security and reliability of AIOT systems, particularly when facing complex network conditions.For future research, exploring advanced techniques such as machine learning algorithms for adaptive mitigation, investigating alternative encoding-decoding frameworks, and developing real-time detection mechanisms could enhance the security and reliability of AIOT systems.

Figure 1 .
Figure 1.Control architecture of AIOT systems with DoS attacks.

Figure 2 .
Figure 2. Control System 3. The Proposed Method 3.1.Model-Based Prediction of the Encoder and Decoder

Figure 3 .
Figure 3. Model-based prediction of the encoder.

Figure 4 .
Figure 4. Model-based prediction of the decoder.

Figure 7 .
Figure 7.The state predicted by the Kalman filter.