Safety Control for Cyber–Physical Systems Under False Data Injection Attacks

Abstract

Cyber–physical systems (CPSs) are increasingly susceptible to cyber threats, especially false data injection (FDI) attacks, which can compromise their stability and safety. Ensuring system safety while mitigating such attacks is a critical challenge. In the paper, we address the safety control issue for CPSs by designing a control strategy that considers both false data injection attacks and physical safety constraints. A baseline controller is first designed to guarantee system stability when there are no attacks and when the safety constraints are satisfied. To address FDI attacks, we propose a neural network-based estimator to detect and estimate the magnitude of such attacks. The attack estimate is then incorporated into the controller to dynamically adjust control actions, ensuring that the system remains stable and resilient to malicious interference. Furthermore, we introduce a safety control algorithm based on control barrier functions to enforce safety constraints, where the attack estimate is integrated to handle unknown attacks. Finally, the effectiveness of the proposed scheme is validated by simulation results, demonstrating that the combined control strategy outperforms traditional methods in both attack mitigation and safety enforcement.

1. Introduction

In the context of the close integration of networks and advanced science and technology, various network-enabled experimental physical devices have become more convenient to use and functionally enhanced through the benefits of seamless network communication [1,2,3]. However, due to the vulnerability of cyberspace, these systems are exposed to external network attacks. At the same time, many cyber–physical devices are compromised due to the openness of their connection channels with cyberspace, resulting in severe consequences [4,5,6,7]. To counter such malicious external attacks, researchers have conducted extensive studies in this field to protect cyber–physical systems (CPSs) [8,9,10,11,12,13]. However, although significant attention has been given to ensuring the security of cyber–physical systems, research that simultaneously addresses both physical safety and cyber security remains limited. For instance, although the system stability may be maintained under network attacks, the system may fail to operate within the desired range. Therefore, this paper proposes a control strategy that simultaneously ensures both the security and safety properties of the system.

As a research methodology that has garnered significant attention since its inception, the neural network (NN) has demonstrated its critical importance in various fields, thanks to its powerful estimation and prediction capabilities [14]. In the context of uncertain systems, their ability to estimate variables within a system has been extensively studied, yielding numerous achievements, particularly in the analysis of nonlinear systems [15,16,17]. This method can also be employed to address the security challenges of CPSs. False data injection (FDI) attacks are employed by external adversaries to maliciously tamper with systems. These attacks are often unknown to defenders, posing a significant threat to CPSs [18]. Fortunately, such attacks can be effectively addressed by using appropriately designed neural networks [19,20,21,22,23,24]. In [19], using physical knowledge and advanced machine learning techniques, the authors extract key features from noisy data to detect attack signals. The authors in [20] developed an intelligent estimator using NN to estimate attacks, while adopting a variable structure control approach to compensate for attack and system performance. Based on a practical application of vehicles equipped with cooperative adaptive cruise control, the authors proposed a novel controller and observer to estimate FDI attacks, where attacks and noise were addressed through the NN method in [23]. Furthermore, the simultaneous exploration of security and safety control problems in [24] highlights a significant yet underexplored topic, which also serves as one of the motivations for this paper. The authors chose connected and automated vehicles as the research object and proposed a safe and secure controller that fully utilized deep NN prediction and model-based estimations. However, most existing defense strategies that integrate neural networks to counter network attacks are based on continuous systems. In contrast, research on discrete systems remains relatively limited [25,26,27]. To address this gap, this paper investigates discrete systems, employing neural networks to estimate cyberattacks and manage unknown variables.

When dealing with systems that require strict operational constraints, ensuring security at the network level alone is often insufficient. For instance, in unmanned aerial vehicle (UAV) control, the safety of the UAV is crucial, as unreasonable system states can lead to damage or even crashes [28]. Similarly, in autonomous vehicle control, exceeding the designated driving range can result in collisions between vehicles [24,29]. Therefore, ensuring the physical safety of systems is critical, and the control barrier function (CBF) serves as an effective mathematical tool to constrain system states within a predefined range. Integrating the Lyapunov function ensures that the control inputs achieve both stability and safety while maintaining the feasibility of the control problem [30]. Numerous practical applications have demonstrated that this function is an effective method for addressing safety issues in CPSs [31,32,33,34]. However, most studies focus on deterministic systems and overlook certain uncertainties, such as disturbances and attacks. To handle the time-varying disturbance, applying the first-order time derivative of the CBF, a high-gain input observer estimated the system dynamics in [35]. In [36], the authors presented two schemes to synthesize the observer and controller through input-to-state stable observers and bounded error observers, respectively. According to observation error, extra constraints were exposed to the CBF, which promoted a novel CBF that can deal with the uncertain disturbance. However, when the system is subjected to false data injection, maintaining safety becomes challenging. This is not only because network attacks are more intelligent than disturbances but also because systems that lose stability under network attacks find it difficult to address safety concerns at all.

We propose a control scheme to address the currently insufficiently handled cybersecurity issues in CPSs. The approach leverages the estimation capabilities of neural networks to construct state estimators and estimate uncertain attack signals within the system. Additionally, it integrates CBFs to avoid safety issues in practical applications.

Table 1. Comparisons with the existing methods.

	Secure Control	Detection	Estimation	Optimal Control	Neural Network	Safe Control	Proactive Defense
[37]	✗	✓	✓	✗	✗	✗	✗
[38]	✗	✓	✓	✓	✗	✗	✓
[23]	✓	✗	✓	✗	✓	✓	✗
[39]	✗	✗	✓	✗	✗	✓	✗
our paper	✓	✓	✓	✓	✓	✓	✗

describes the distinctions between this paper and some relevant works. The key contributions are summarized as follows.

(1)

A NN estimator is devised to approximate the system state when the system suffers from an unknown FDI attack. This estimator facilitates the construction of a controller that can compensate for the FDI attack while addressing the uncertain variable in safety constraints.

(2)

By integrating NN estimation and CBF, a control strategy is proposed to simultaneously alleviate the FDI attack and ensure the safety of CPSs.

The remaining part is arranged below. In Section 2, some preliminaries and unresolved issues are presented for the subsequent content. In Section 3, the main results are proposed. In Section 4, we apply a physical model to demonstrate the designed strategy. In Section 5, we conclude the paper.

Notations: The symbols used in this paper follow standard notations. The Euclidean space of dimension ${\mathbb{R}}^n$ represents a real-valued vector space of n dimensions. ${\mathbb{R}}^{m\times n}$ refers to the matrices with dimensions $m\times n$. The transpose is denoted by the superscript ⊤. The 2-norm of a vector x is defined as $\parallel x\parallel =\sqrt{x^{\top }x}$. $\sigma (·)$ denotes the eigenvalue of a matrix. $\mathrm{tr}\{·\}$ represents the trace of a matrix.

2. Problem Formulation and Preliminaries

This section mainly describes the problem of interest and preliminary knowledge, including the system model and attack signal. The FDI attack addressed in this paper is illustrated in Figure 1, where the attacker targets the channel between the actuator and the controller. The proposed response strategy is also depicted in Figure 1. When the FDI attack affects the system, we design a NN estimator to estimate the attack, which then transmits the estimated data to the controller. The controller then uses the estimated attack signal to compensate for the actual attack and feeds the signal back to the estimator. The estimator updates the estimated data using the gradient descent method, adjusting the update law to improve the estimation accuracy. Therefore, we mitigate the impact of the FDI attack.

Consider the following discrete model:

$$x(k+1)=Ax\left(k\right)+Bu\left(k\right),$$

(1)

where $x\left(k\right)\in {\mathbb{R}}^n$ is the system state, $u\left(k\right)\in {\mathbb{R}}^m$ is the input vector, and A and B are system matrices possessing proper dimensions. For this system, we adopt the following controller:

$$u\left(k\right)=-Kx\left(k\right),$$

(2)

where feedback gain K is deduced by the Riccati equation and the LQR method [40].

Then, consider the FDI attack transmitting through the actuator and the controller, and the secure system is changed to

$$x(k+1)=Ax\left(k\right)+Bu\left(k\right)+B{u}_a\left(k\right),$$

(3)

where $u_a\left(k\right)$ is an unknown attack signal. In such a situation, the expected control state may be tempered, potentially compromising the system stability. Facing the threat of unknown malicious attacks, an estimation and compensation approach are applied to handle this issue combined with the NN method. Specifically, the NN method is employed to estimate the unknown attack, while also being used for the construction of the estimation. Then, a new controller is subsequently redesigned to address FDI attacks.

To effectively estimate the unknown attack, the NN method is adopted here. NN is a highly powerful tool, renowned for its exceptional estimation capabilities, making it suitable for approximating various unknown functions [41], including those related to network attacks. To elaborate, the FDI attack described in this paper is given below:

$$u_a\left(k\right)=W^{\top }𝟊\left(V^{\top }x\left(k\right)\right)+\rho \left(k\right),$$

(4)

where W and V are the expected weights, $𝟊(·)$ represents the activation function, and $\rho (·)$ is the estimation error. The assumption below is made to facilitate subsequent derivations.

Assumption 1 

([42]). The expected weight, activation function, and approximation error are bounded, namely, $\parallel W\parallel \le \mathcal{W}$, $\parallel 𝟊\left(V^{\top }x\left(k\right)\right)\parallel \le {𝟊}_{\mathcal{M}}$, and $\parallel \rho \left(x\left(k\right)\right)\parallel \le {\rho }_{\mathcal{M}}$, where $\mathcal{W}$, ${𝟊}_{\mathcal{M}}$, and ${\rho }_{\mathcal{M}}$ are constants.

Remark 1. 

Regarding Assumption 1, which asserts that the expected weight, activation function, and approximation error are bounded, this is a standard assumption in the literature as seen in [43,44]. The typical FDI attack is bounded in energy because the attacker is constrained by their available resources and capabilities in reality. A bounded activation function, such as the Sigmoid function used in this paper, exists. Therefore, to satisfy the boundedness of the FDI attack, the assumption about the expected weight is reasonable. Additionally, the assumption regarding the approximation error is also reasonable.

Safety is another critical element considered in this paper. The safety set $\mathcal{D}\subset \mathcal{X}\subset {\mathbb{R}}^n$ can be defined below:

$$\begin{array}{cc}\hfill \mathcal{D}& :=\left\{x\right(k)\in \mathcal{X}\mid h(x\left(k\right))\ge 0\},\hfill \end{array}$$

(5)

$$\begin{array}{cc}\hfill Int\left(\mathcal{D}\right)& :=\left\{x\right(k)\in \mathcal{X}\mid h(x\left(k\right))>0\},\hfill \end{array}$$

(6)

$$\begin{array}{cc}\hfill \partial \mathcal{D}& :=\left\{x\right(k)\in \mathcal{X}\mid h(x\left(k\right))=0\},\hfill \end{array}$$

(7)

where $h:{\mathbb{R}}^n\to \mathbb{R}$ is a smooth function. The safety set $\mathcal{D}$ possesses the property of the forward invariant if $x\left(k\right)\in \mathcal{D},\forall k\in \mathbb{N}$ for every $x\left(0\right)\in \mathcal{D}$ [45]. And the CBF can be employed to guarantee the safety of CPSs regarding the set $\mathcal{D}$. The CBF used in this paper is defined below.

Definition 1. 

(Discrete-Time Exponential Control Barrier Function (DECBF) [46]). For the aforementioned set $\mathcal{D}$ and smooth function $h\left(x\right(k\left)\right)$, $h\left(x\right(k\left)\right)$ is a DECBF if it satisfies the following conditions:

1. 

$h\left(x\right(0\left)\right)\ge 0$,

2. 

$\Delta h\left(x\left(k\right)\right)\ge -\gamma h\left(x\left(k\right)\right),\forall k\in {\mathbb{Z}}^{+},0<\gamma \le 1,$

where $\Delta h\left(x\right(k\left)\right)=h\left(x\right(k+1\left)\right)-h\left(x\right(k\left)\right)$.

Grounded in the foundational concepts of the target system and the selected methods, the subsequent sections will specifically address the proposed issues: mitigating the FDI attack to ensure system security and resolving the safety challenges posed by the system’s unknown variables.

3. Main Results

This section describes the main contributions. A NN estimator is utilized to approximate the system state under the FDI attack and facilitate the estimation of the attack occurring in the system (3), which is a key step to mitigate the attack. Then, an adaptive controller is proposed based on the LQR method and NN to address the attack, and the relevant sufficient conditions are deduced. Additionally, considering the problem of system safety, an approach to handle the unknown variable presented in the DECBF is provided. Finally, a control scheme that integrates all the above components is proposed.

3.1. Adaptive Controller Design

For the system (3), this paper aims to mitigate the impact of malicious attacks to make the corrupt system state approach the normal system state (1). Under such a scheme, an estimator is constructed by the following form:

$$\widehat{x}(k+1)=A\widehat{x}\left(k\right)+Bu\left(k\right)+B{\widehat{u}}_a\left(k\right),$$

(8)

where $\widehat{x}\left(k\right)\in {\mathbb{R}}^n$ is the estimation state, and ${\widehat{u}}_a\left(k\right)$ is the estimated cyber attack. By applying the NN method, the above ${\widehat{u}}_a\left(k\right)$ is designed below:

$${\widehat{u}}_a\left(k\right)=\widehat{W}{\left(k\right)}^{\top }𝟊\left(V^{\top }\widehat{x}\left(k\right)\right)$$

(9)

with the known estimated state $\widehat{x}\left(k\right)$, where $\widehat{W}\left(k\right)$ is the actual weight. If the actual weight approaches the ideal weight W, the estimated attack ${\widehat{u}}_a\left(k\right)$ can approximately replace the actual attack $u_a\left(k\right)$. For the sake of convenience, $V^{\top }\widehat{x}\left(k\right)$ is expressed as $\widehat{\overline{x}}\left(k\right)$.

When ${\widehat{u}}_a\left(k\right)$ is obtained, a new controller can be developed by adding the estimated attack into the controller (2) to offset the attack occurring in the system, namely, the adaptive controller is constructed as follows:

$$\overline{u}\left(k\right)=-Kx\left(k\right)-{\widehat{u}}_a\left(k\right).$$

(10)

We can obtain

$$x(k+1)=(A-BK)x\left(k\right)-B{\widehat{u}}_a\left(k\right)+B{u}_a\left(k\right),$$

(11)

and the estimator changes to

$$\widehat{x}(k+1)=(A-BK)\widehat{x}\left(k\right).$$

(12)

Remark 2. 

The developed estimator differs from a typical observer, as its components do not include the system output vector. When the adaptive controller substitutes for the original one, the estimator only consists of the estimated state and system matrices. Assume that the initial estimated state is set equal to the actual initial state. In that case, the estimated system state matches the actual system state, unaffected by the attack signal. Based on this property, the estimator can serve as an ideal state reference, enabling weight updates that are crucial for improving the accuracy of the attack estimation.

Introducing the weight error $\tilde{W}=W-\widehat{W}\left(k\right)$ results in

$$\begin{array}{cc}\hfill x(k+1)& =(A-BK)x\left(k\right)+B\tilde{W}{\left(k\right)}^{\top }𝟊\left(\widehat{\overline{x}}\left(k\right)\right)\hfill \\ \hfill & +B{W}^{\top }(𝟊\left(V^{\top }x\left(k\right)\right)-𝟊\left(\widehat{\overline{x}}\left(k\right)\right)+\rho \left(k\right)).\hfill \end{array}$$

(13)

Combining Equations (12) and (13), the state error $e(k+1)=x(k+1)-\widehat{x}(k+1)$ is obtained:

$$\begin{array}{cc}\hfill e(k+1)& =(A-BK)e\left(k\right)+B\tilde{W}{\left(k\right)}^{\top }𝟊\left(\widehat{\overline{x}}\left(k\right)\right)\hfill \\ \hfill & +B{W}^{\top }(𝟊\left(V^{\top }x\left(k\right)\right)-𝟊\left(\widehat{\overline{x}}\left(k\right)\right)+\rho \left(k\right)).\hfill \end{array}$$

(14)

Ensuring estimation accuracy in the NN method can involve various weight update approaches. This paper employs gradient descent for weight updates, with the update law defined as

$$\begin{array}{cc}\hfill \widehat{W}(k+1)& =\widehat{W}\left(k\right)-\eta {\displaystyle \frac{\partial \mathcal{J}\left(k\right)}{\partial \widehat{W}\left(k\right)}},\hfill \end{array}$$

(15)

where $\eta \in (0,1)$ is the learning rate, and $\mathcal{J}\left(k\right)={\displaystyle \frac{1}{2}}e{(k+1)}^{\top }e(k+1)$, namely, the actual weight is updated by the state error. Substituting the specific form of $\mathcal{J}\left(k\right)$ into (15) yields

$$\begin{array}{cc}\hfill \widehat{W}(k+1)& =\widehat{W}\left(k\right)+\eta 𝟊\left(\widehat{\overline{x}}\left(k\right)\right)(\mathcal{A}e\left(k\right)\hfill \\ \hfill & +B\tilde{W}{\left(k\right)}^{\top }𝟊\left(\widehat{\overline{x}}\left(k\right)\right){+B\psi \left(k\right))}^{\top }B,\hfill \end{array}$$

(16)

where $\mathcal{A}=A+BK$, $\psi \left(k\right)=W^{\top }(𝟊\left(V^{\top }x\left(k\right)\right)-𝟊\left(\widehat{\overline{x}}\left(k\right)\right)+\rho \left(k\right))$. Noting that $𝟊(·)$ and $\rho (·)$ are bounded, $\psi (·)$ is a bounded function, namely, $\parallel \psi \left(k\right)\parallel \le {\psi }_{\mathcal{M}}$. The weight error can be further derived:

$$\begin{array}{cc}\hfill \tilde{W}(k+1)& =\tilde{W}\left(k\right)-\eta 𝟊\left(\widehat{\overline{x}}\left(k\right)\right)(\mathcal{A}e\left(k\right)\hfill \\ \hfill & +B\tilde{W}{\left(k\right)}^{\top }𝟊\left(\widehat{\overline{x}}\left(k\right)\right){+B\psi \left(k\right))}^{\top }B.\hfill \end{array}$$

(17)

Remark 3. 

The main concept of the designed scheme is the application of the NN method to construct a novel controller that can compensate for the injected false data to maintain the security of the system. From (11), when the adaptive controller is introduced, the effect of attacks is transformed into the smaller bounded error between the actual attack and estimated attack, namely, the handling of the attack becomes the handling of the error that can be diminished by improving the accuracy of approximation. The adopted update law can solve the issue of weight update and ensure system stability, which will be demonstrated in the subsequent part.

3.2. System Stability Analysis

For the system (13), the adaptive controller counteracts the actual attack signal through the approximation of the NN method. Next, sufficient conditions for system stability are deduced.

Before starting the stability proof, the following inequalities are useful for this proof process.

$$xy\le {\displaystyle \frac{\alpha }{2}}{x}^2+{\displaystyle \frac{1}{2\alpha }}{y}^2,$$

$$\begin{array}{c}\hfill {\sigma }_{min}(\Omega )X^2\end{array}<\begin{array}{c}\hfill X^{\top }\Omega X<{\sigma }_{max}(\Omega )X^2\end{array},$$

$$\left|\mathrm{tr}\right\{{\mathbf{C}}^T\mathbf{D}\left\}\right|\le \parallel \mathbf{C}\parallel \parallel \mathbf{D}\parallel .$$

Theorem 1. 

Consider the system (13) with the unknown attack, which is handled by the state estimator and the NN method. The weight update law for the estimated attack signal (9) is given by (16). Then, the adaptive controller (10) guarantees the discrete system is uniformly ultimately bounded.

Proof. 

This proof process begins with

$$V\left(k\right)=\kappa V_1+\lambda V_2+\mu V_3,$$

(18)

where $V_1=x{\left(k\right)}^{\top }{P}_{1}x\left(k\right)$, $V_2=e{\left(k\right)}^{\top }{P}_{2}e\left(k\right)$, and $V_3=\mathrm{tr}\left\{\tilde{W}{\left(k\right)}^{\top }\tilde{W}\left(k\right)\right\}$. The matrices $P_1$ and $P_2$ are symmetric positive definite matrices, and constant parameters $\kappa$, $\lambda$, and $\mu$ will be defined later.

For the above equation, the difference of the first term is

$$\begin{array}{cc}\Delta V_1\hfill & =x{(k+1)}^{\top }{P}_{1}x(k+1)-x{\left(k\right)}^{\top }{P}_{1}x\left(k\right)\hfill \\ & ={\left(\mathcal{A}x\left(k\right)+B\tilde{W}{\left(k\right)}^{\top }𝟊\left(\widehat{\overline{x}}\left(k\right)\right)+B\psi \left(k\right)\right)}^{\top }{P}_1\hfill \\ & \times \left(\mathcal{A}x\left(k\right)+B\tilde{W}{\left(k\right)}^{\top }𝟊\left(\widehat{\overline{x}}\left(k\right)\right)+B\psi \left(k\right)\right)\hfill \\ & -x{\left(k\right)}^{\top }{P}_{1}x\left(k\right).\hfill \end{array}$$

(19)

According to the Cauchy–Schwartz inequality and Young’s inequality, the above equation can be rearranged into the inequality

$$\begin{array}{cc}\hfill \Delta V_1& \le x{\left(k\right)}^{\top }(2E^{\top }{P}_{1}E-P_1)x\left(k\right)+4(B\tilde{W}{\left(k\right)}^{\top }𝟊{\left(\widehat{\overline{x}}\left(k\right)\right)}^{\top }\hfill \\ \hfill & \times P_1\left(B\tilde{W}{\left(k\right)}^{\top }𝟊\left(\widehat{\overline{x}}\left(k\right)\right)\right)+4{\left(B\psi \left(k\right)\right)}^{\top }{P}_1\left(B\psi \left(k\right)\right)\hfill \\ \hfill & \le -{\sigma }_{min}\left(Q_1\right){\parallel x\left(k\right)\parallel }^2+4\parallel B^{\top }B\parallel \parallel P_1\parallel \mathrm{tr}\{\tilde{W}{\left(k\right)}^{\top }𝟊\left(\widehat{\overline{x}}\left(k\right)\right)\hfill \\ \hfill & \times 𝟊{\left(\widehat{\overline{x}}\left(k\right)\right)}^{\top }\tilde{W}\left(k\right)\}+4\parallel B^{\top }B\parallel \parallel P_1\parallel {\parallel {\psi }_{\mathcal{M}}\parallel }^2,\hfill \end{array}$$

(20)

where $-Q_1=2E^{\top }{P}_{1}E-P_1<0$, namely, matrix $P_1$ needs to satisfy such a condition to yield that $Q_1$ is a positive definite matrix.

Substitute state error (14) into $V_2$, and apply the similar derivation method. The inequality with regard to $\Delta V_2$ can be deduced:

$$\begin{array}{cc}\hfill \Delta V_2& \le -{\sigma }_{min}\left(Q_2\right){\parallel e\left(k\right)\parallel }^2+4\parallel B^{\top }B\parallel \parallel P_2\parallel \mathrm{tr}\{\tilde{W}{\left(k\right)}^{\top }𝟊\left(\widehat{\overline{x}}\left(k\right)\right)\hfill \\ \hfill & \times 𝟊{\left(\widehat{\overline{x}}\left(k\right)\right)}^{\top }\tilde{W}\left(k\right)\}+4\parallel B^{\top }B\parallel \parallel P_2\parallel {\parallel {\psi }_{\mathcal{M}}\parallel }^2,\hfill \end{array}$$

(21)

where $-Q_2=2E^{\top }{P}_{2}E-P_2<0$, and the condition that $P_2$ need to satisfy is similar to $P_1$.

Then, consider the difference of $V_3$:

$$\begin{array}{cc}\hfill \Delta V_3& =\mathrm{tr}\{W{(k+1)}^{\top }W(k+1)-W{\left(k\right)}^{\top }W\left(k\right)\}\hfill \\ \hfill & =\mathrm{tr}\{-2\eta \tilde{W}{\left(k\right)}^{\top }𝟊\left(\widehat{\overline{x}}\left(k\right)\right)(\mathcal{A}e\left(k\right)\hfill \\ \hfill & +B\tilde{W}{\left(k\right)}^{\top }𝟊\left(\widehat{\overline{x}}\left(k\right)\right){+B\psi \left(k\right))}^{\top }B+\hfill \\ \hfill & {\eta }^2{B}^{\top }{(\mathcal{A}e\left(k\right)+B\psi \left(k\right)}^{\top }+\hfill \\ \hfill & B\tilde{W}{\left(k\right)}^{\top }𝟊\left(\widehat{\overline{x}}\left(k\right)\right))𝟊{\left(\widehat{\overline{x}}\left(k\right)\right)}^{\top }𝟊\left(\widehat{\overline{x}}\left(k\right)\right)(\mathcal{A}e\left(k\right)\hfill \\ \hfill & +B\psi {\left(k\right)}^{\top }+B\tilde{W}{\left(k\right)}^{\top }𝟊{\left(\widehat{\overline{x}}\left(k\right)\right))}^{\top }B\}\hfill \\ \hfill & \le \mathrm{tr}\left\{\eta \right({\displaystyle \frac{1}{{\omega }_1}}{\Gamma }_1{\Gamma }_1^{\top }+{\omega }_1{\Gamma }_2{\Gamma }_2^{\top }\hfill \\ \hfill & -2{\Gamma }_1{\Gamma }_1^{\top }{B}^{\top }B+{\displaystyle \frac{1}{{\omega }_2}}{\Gamma }_1{\Gamma }_1^{\top }+{\omega }_2{\Gamma }_3{\Gamma }_3^{\top })\hfill \\ \hfill & +{\eta }^2({\Gamma }_4{\Gamma }_4^{\top }+{\displaystyle \frac{1}{{\omega }_3}}{\Gamma }_5{\Gamma }_5^{\top }+{\omega }_3{\Gamma }_4{\Gamma }_4^{\top }\hfill \\ \hfill & +{\displaystyle \frac{1}{{\omega }_4}}{\Gamma }_4{\Gamma }_4^{\top }+{\omega }_4{\Gamma }_6{\Gamma }_6^{\top }+{\Gamma }_5{\Gamma }_5^{\top }+{\displaystyle \frac{1}{{\omega }_5}}{\Gamma }_5{\Gamma }_5^{\top })\hfill \\ \hfill & +{\omega }_5{\Gamma }_6{\Gamma }_6^{\top }+{\Gamma }_6{\Gamma }_6^{\top }\},\hfill \end{array}$$

(22)

where constant parameters ${\omega }_1, {\omega }_2, {\omega }_3, {\omega }_4, {\omega }_5$ satisfy $\omega >0$, and matrices ${\Gamma }_1, {\Gamma }_2, {\Gamma }_3, {\Gamma }_4, {\Gamma }_5, {\Gamma }_6$ are defined below:

$$\begin{array}{cc}\hfill {\Gamma }_1& =\tilde{W}{\left(k\right)}^{\top }𝟊\left(\widehat{\overline{x}}\left(k\right)\right),\hfill \\ \hfill {\Gamma }_2& =B^{\top }\mathcal{A}e\left(k\right),\hfill \\ \hfill {\Gamma }_3& =B^{\top }B\psi \left(k\right),\hfill \\ \hfill {\Gamma }_4& =B^{\top }\mathcal{A}e\left(k\right)𝟊{\left(\widehat{\overline{x}}\left(k\right)\right)}^{\top },\hfill \\ \hfill {\Gamma }_5& =B^{\top }B\tilde{W}{\left(k\right)}^{\top }𝟊\left(\widehat{\overline{x}}\left(k\right)\right)𝟊{\left(\widehat{\overline{x}}\left(k\right)\right)}^{\top },\hfill \\ \hfill {\Gamma }_6& =B^{\top }B\psi \left(k\right)𝟊{\left(\widehat{\overline{x}}\left(k\right)\right)}^{\top }.\hfill \end{array}$$

Applying the Cauchy–Schwartz inequality, the inequality (22) can be changed to

$$\begin{array}{cc}\hfill \Delta V_3& \le -{\beta }_1\mathrm{tr}\left\{\tilde{W}{\left(k\right)}^{\top }𝟊\left(\widehat{\overline{x}}\left(k\right)\right)𝟊{\left(\widehat{\overline{x}}\left(k\right)\right)}^{\top }\tilde{W}\left(k\right)\right\}\hfill \\ \hfill & +{\beta }_2{\parallel B^{\top }\mathcal{A}\parallel }^2{\parallel e\left(k\right)\parallel }^2+{\beta }_3{\parallel B^{\top }B\parallel }^2{\parallel \psi \left(k\right)\parallel }^2,\hfill \end{array}$$

(23)

where ${\beta }_1, {\beta }_2, {\beta }_3$ are defined as follows:

$$\begin{array}{cc}\hfill {\beta }_1& =2\eta {\sigma }_{min}\left(B^{\top }B\right)-{\displaystyle \frac{1}{{\omega }_1}}\eta -{\displaystyle \frac{1}{{\omega }_2}}\eta -{\displaystyle \frac{1}{{\omega }_3}}{\parallel B^{\top }B\parallel }^2\parallel {𝟊}_{\mathcal{M}}^2{\eta }^2\hfill \\ \hfill & -\parallel B^{\top }{B\parallel }^2{𝟊}_{\mathcal{M}}^2{\eta }^2-{\displaystyle \frac{1}{{\omega }_5}}{\parallel B^{\top }B\parallel }^2{𝟊}_{\mathcal{M}}^2{\eta }^2>0,\hfill \\ \hfill {\beta }_2& ={\omega }_1\eta +{𝟊}_{\mathcal{M}}^2{\eta }^2+{\omega }_3{𝟊}_{\mathcal{M}}^2{\eta }^2+{\displaystyle \frac{1}{{\omega }_4}}{𝟊}_{\mathcal{M}}^2{\eta }^2,\hfill \\ \hfill {\beta }_3& ={\omega }_2\eta +{\omega }_4{𝟊}_{\mathcal{M}}^2{\eta }^2+{\omega }_5{𝟊}_{\mathcal{M}}^2{\eta }^2+{𝟊}_{\mathcal{M}}^2{\eta }^2.\hfill \end{array}$$

Combining $\Delta V_1$, $\Delta V_2$, and $\Delta V_3$, the difference of (18) is deduced:

$$\begin{array}{cc}\hfill \Delta V\left(k\right)& =-\kappa {\sigma }_{min}\left(Q_1\right){\parallel x\left(k\right)\parallel }^2+(4\kappa \parallel B^{\top }B\parallel \parallel P_1\parallel \hfill \\ \hfill & +4\lambda \parallel B^{\top }B\parallel \parallel P_2\parallel -\mu {\beta }_1)\mathrm{tr}\left\{\tilde{W}{\left(k\right)}^{\top }𝟊\left(\widehat{\overline{x}}\left(k\right)\right)𝟊{\left(\widehat{\overline{x}}\left(k\right)\right)}^{\top }\tilde{W}\left(k\right)\right\}\hfill \\ \hfill & +(-\lambda {\sigma }_{min}\left(Q_2\right)+\mu {\beta }_2{\parallel B^{\top }\mathcal{A}\parallel }^2){\parallel e\left(k\right)\parallel }^2\hfill \\ \hfill & +(4\kappa \parallel B^{\top }B\parallel \parallel P_1\parallel {\parallel {\psi }_{\mathcal{M}}\parallel }^2+4\lambda \parallel B^{\top }B\parallel \parallel P_2\parallel {\parallel {\psi }_{\mathcal{M}}\parallel }^2\hfill \\ \hfill & +\mu {\beta }_3{\parallel B^{\top }B\parallel }^2{\parallel \psi \left(k\right)\parallel }^2)\hfill \end{array}$$

(24)

Then, the aforementioned constants $\kappa$, $\lambda$, and $\mu$ are defined as follows:

$$\begin{array}{cc}\hfill \kappa & =1,\hfill \\ \hfill \lambda & ={\displaystyle \frac{9{\beta }_2\parallel B^{\top }B\parallel \parallel P_1\parallel {\parallel B^{\top }\mathcal{A}\parallel }^2}{{\beta }_1{\sigma }_{min}\left(Q_2\right)-8{\beta }_2{\parallel B^{\top }\mathcal{A}\parallel }^2{\parallel B^{\top }B\parallel }^2\parallel P_2\parallel }},\hfill \\ \hfill \mu & ={\displaystyle \frac{5{\sigma }_{min}\left(Q_2\right)\parallel B^{\top }B\parallel \parallel P_1\parallel }{{\beta }_1{\sigma }_{min}\left(Q_2\right)-8{\beta }_2{\parallel B^{\top }\mathcal{A}\parallel }^2{\parallel B^{\top }B\parallel }^2\parallel P_2\parallel }}.\hfill \end{array}$$

In addition, ${\beta }_1$ and ${\beta }_2$ need to meet the following conditions for $\lambda >0$ and $\mu >0$ to be satisfied.

$${\beta }_1{\sigma }_{min}\left(Q_2\right)>8{\beta }_2{\parallel B^{\top }\mathcal{A}\parallel }^2{\parallel B^{\top }B\parallel }^2\parallel P_2\parallel .$$

(25)

Since ${\beta }_1$ and ${\beta }_2$ consist of predetermined constants, the relationship between ${\beta }_1$ and ${\beta }_2$ can be achieved by selecting the appropriate parameters.

Then, $\Delta V\left(k\right)$ is further deduced:

$$\begin{array}{cc}\hfill \Delta V\left(k\right)& =-{\sigma }_{min}\left(Q_1\right){\parallel x\left(k\right)\parallel }^2-{\Sigma }_1\mathrm{tr}\left\{\tilde{W}{\left(k\right)}^{\top }𝟊\left(\widehat{\overline{x}}\left(k\right)\right)𝟊{\left(\widehat{\overline{x}}\left(k\right)\right)}^{\top }\tilde{W}\left(k\right)\right\}\hfill \\ \hfill & -{\Sigma }_2{\parallel e\left(k\right)\parallel }^2+{\Sigma }_3,\hfill \end{array}$$

(26)

where

$$\begin{array}{cc}\hfill \begin{array}{c}\hfill {\Sigma }_1\end{array}& \begin{array}{c}\hfill =\end{array}\begin{array}{c}\hfill \beta {\sigma }_{min}\left(Q_2\right)-4{\beta }_2{\parallel B^{\top }\mathcal{A}\parallel }^2{\parallel B^{\top }B\parallel }^2\parallel P_2\parallel ,\end{array}\hfill \\ \hfill \begin{array}{c}\hfill {\Sigma }_2\end{array}& \begin{array}{c}\hfill =\end{array}\begin{array}{c}\hfill 4{\parallel B^{\top }B\parallel }^2\parallel P_2\parallel {\parallel B^{\top }\mathcal{A}\parallel }^2,\end{array}\hfill \\ \hfill {\Sigma }_3& =4\kappa \parallel B^{\top }B\parallel \parallel P_1\parallel {\parallel {\psi }_{\mathcal{M}}\parallel }^2+4\lambda \parallel B^{\top }B\parallel \parallel P_2\parallel {\parallel {\psi }_{\mathcal{M}}\parallel }^2,\hfill \\ \hfill & +\mu {\beta }_3{\parallel B^{\top }B\parallel }^2{\parallel \psi \left(k\right)\parallel }^2.\hfill \end{array}$$

It can be seen that ${\Sigma }_1$ and ${\Sigma }_2$ are two positive parameters, and ${\Sigma }_3>0$ is a bounded parameter. For $\Delta V\left(k\right)$, provided the following conditions hold, $\Delta V\left(k\right)<0$:

$$\begin{array}{cc}\hfill \parallel x\left(k\right)\parallel & >\sqrt{{\displaystyle \frac{{\Sigma }_3}{{\sigma }_{min}\left(Q_1\right)}}},\mathrm{or}\parallel e\left(k\right)\parallel >\sqrt{{\displaystyle \frac{{\Sigma }_3}{{\Sigma }_2}}},\hfill \\ \hfill & \mathrm{or}\mathrm{tr}\left\{\tilde{W}{\left(k\right)}^{\top }𝟊\left(\widehat{\overline{x}}\left(k\right)\right)𝟊{\left(\widehat{\overline{x}}\left(k\right)\right)}^{\top }\tilde{W}\left(k\right)\right\}>{\displaystyle \frac{{\Sigma }_3}{{\Sigma }_1}}.\hfill \end{array}$$

(27)

Similarly, the right side of (27) is constants, so the condition (27) can be satisfied by choosing appropriate parameters.

Therefore, it is demonstrated that the system is uniformly ultimately bounded, thereby concluding the proof.    □

Remark 4. 

The constraints of matrices $Q_1$ and $Q_2$ are necessary for the derivation (27). If this condition cannot be satisfied, the proof of Theorem 1 may need to seek another solution. Similarly, the relationships among ${\beta }_1$, ${\beta }_2$, and ${\beta }_3$ need to be satisfied, which can be completed by choosing proper known parameters.

3.3. Control Barrier Function with the Unknown Parameter

For the system (11), the security is guaranteed through the adaptive controller, and safety is considered in this part. Firstly, $h\left(x\right(k+1\left)\right)$ is described below:

$$\begin{array}{cc}\hfill h\left(x\right(k+1\left)\right)& =h(Ax\left(k\right)+B\widehat{u}\left(k\right)+B{u}_a\left(k\right))\hfill \\ \hfill & =\overline{h}\left(x(k+1)\right)+\Psi (k+1),\hfill \end{array}$$

(28)

where $\overline{h}\left(x(k+1)\right)=h(Ax\left(k\right)+B\widehat{u}\left(k\right))$ and $\Psi (k+1)=h\left(x(k+1)\right)-\overline{h}\left(x(k+1)\right)$. Since the unknown variable in the system (11) is the attack signal, $\Psi (k+1)$ is a function about $u_a\left(k\right)$. Using the estimation of attack signal to replace $\Psi (k+1)$, namely, $\Psi (k+1)=\widehat{\Psi }(k+1)+\Delta$, where $\widehat{\Psi }(k+1)$ is derived from $\Psi (k+1)$ by substituting the unknown variable with its estimation, and $\Delta$ is the error. Assuming that $h\left(x\right(k\left)\right)$ is selected appropriately such that $\Psi \left(k\right)$ and $\widehat{\Psi }\left(k\right)$ are bounded under bounded variables $u_a\left(k\right)$ and ${\widehat{u}}_a\left(k\right)$, respectively, the error $\Delta$ can be determined as a bounded quantity. Choose a function with the suitable dimension $\xi (\Delta )\ge 1$, and define the $\parallel \Delta \parallel \le {\Delta }_{\mathcal{M}}$. Then, the aforementioned second term of the CBF condition can be transformed into

$$\begin{array}{cc}\hfill \widehat{h}\left(x(k+1)\right)+\widehat{\Psi }(k+1)+(\gamma -1)h\left(x\left(k\right)\right)& \ge \xi (\Delta ){\Delta }_{\mathcal{M}},\hfill \\ \hfill \forall k\in {\mathbb{Z}}^{+},0<\gamma & \le 1\hfill \end{array}$$

(29)

Remark 5. 

Due to the existence of the unknown variable in the discrete system, it is difficult to directly apply Definition 1 and solve the CBF problem. To address this unknown variable, we introduce the approximation and the discrepancy between the actual and estimated variables. Even though the error cannot be fully determined, the boundedness of the error allows this issue to be addressed by increasing conservatism, specifically by strengthening the constraints of the control barrier function. The complete determination of the error term and precise identification of its range are beyond the scope of this paper and will be explored in future research.

3.4. Secure and Safe Control Strategy

Combining CBF and the adaptive controller using the NN method, a new controller to simultaneously maintain the properties of security and safety is formulated as an optimization problem:

$$\begin{array}{cc}\hfill u^{*}& =\underset{u}{min}{\displaystyle \frac{1}{2}}{(u-u_{\mathrm{ref}})}^{\top }(u-u_{\mathrm{ref}}),\hfill \end{array}$$

(30)

$$\begin{array}{cc}\hfill \mathrm{s}.\mathrm{t}.& \widehat{h}\left(x(k+1)\right)+\widehat{\Psi }(k+1)+(\gamma -1)h\left(x\left(k\right)\right)\ge \xi (\Delta ){\Delta }_{\mathcal{M}},\hfill \end{array}$$

(31)

where $u_{ref}$ is the expected controller. Through the training of the NN, an estimated weight $\mathbf{W}$ approximating the ideal weight W can be obtained. And the expected controller is $u_{ref}\left(k\right)=-Kx\left(k\right)-{\mathbf{W}}^{\top }𝟊\left(\widehat{\overline{x}}\left(k\right)\right)$. Furthermore, we include an algorithm flowchart to illustrate the function of the CBF and how both the security and safety of the system are maintained under FDI attacks. Algorithm 1 is described below.

Algorithm 1 Secure and safe control strategy algorithm

1: Initialize parameters: NN parameters, control gain K, etc. 2: NN estimation training: (1) use NN to estimate the unknown FDI attack; (2) Attack compensation: integrate the estimated attack signal into the controller for compensating the attack; (3) Update the weight: compute the state error, and update the weight with gradient descent method; (4) continue the first step with the new weight. 3: Ideal controller: Obtain a controller capable of mitigating the FDI attack through NN estimation in step 2. 4: Control barrier function: according to the requirement, choose appropriate CBFs, and determine relevant parameters. 5: Quadratic Optimal Control: transform the issue of secure and safe control into an optimal control problem, namely, Equation (30).

Remark 6. 

Since the controller (10) can ensure system stability, the Control Lyapunov Function with similar effects is not considered here. Moreover, the application of CBF satisfies the safety requirements, even in the presence of an unknown variable. Integrating the above two methods, the controller $u^{*}$ can simultaneously achieve secure and safe control.

Remark 7. 

With the help of the NN estimator, when the attack intrudes into the system, the estimator is able to estimate the unknown attack and transmit the data to the controller to mitigate the impact of the attack. However, the estimation of the attack requires some time, and no real-time requirements are imposed on the controller design in this paper. Therefore, the proposed scheme is not suitable for systems with stringent real-time requirements, which is a key area for improvement in future research. Nevertheless, for systems where real-time requirements are not as critical, the proposed scheme still demonstrates effectiveness.

4. Simulation Results

This section demonstrates the effectiveness of the designed control scheme using a UAV system model presented in [47]. To demonstrate the superiority of the designed scheme, a comparative experiment with the LQR method in [40] is conducted. MATLAB 2021b is used for the simulations. To present the through discretization with a sampling period of $T_s=0.01$ s, the discretized system parameters are given below:

$$\begin{array}{cc}\hfill A& =\left[\begin{array}{ccccc}0.9949& 0.0848& -0.0205& -0.0974& 0\\ -0.0002& 0.9766& 0.0099& -0.0003& 0\\ 0.0005& -0.1357& 0.9943& -0.0000& 0\\ 0.0000& -0.0007& 0.0100& 1.0000& 0\\ 0.0008& -0.2454& 0.0000& 0.2500& 1.0000\end{array}\right],\hfill \\ \hfill B& =\left[\begin{array}{cc}-0.0028& 0.4071\\ 0.0014& -0.0000\\ -0.1820& 0.0001\\ -0.0009& 0.0000\\ -0.0003& 0.0002\end{array}\right].\hfill \end{array}$$

For the gain $K={(R+B^{\top }PB)}^{-1}{B}^{\top }PA$, it is obtained by the following Riccati equation:

$$0=A^{T}PA-P+Q-A^{T}PB{(R+B^{T}PB)}^{-1}{B}^{T}PA,$$

where Q and R are unit matrices with suitable dimensions, and K is calculated:

$$\begin{array}{cc}\hfill K& =\left[\begin{array}{ccccc}-0.0013& 7.1504& -1.0715& -12.5094& -0.8849\\ 0.8065& -0.3400& -0.0331& 0.6019& 0.0903\end{array}\right].\hfill \end{array}$$

The actual attack signal is given as

$$\begin{array}{cc}\hfill u_a\left(k\right)& =\left[\begin{array}{c}2sin\left(x_4\left(k\right)\right)-2\\ -sin\left(x_2\left(k\right)\right)+4\end{array}\right],\hfill \end{array}$$

where $x_2\left(k\right)$ and $x_4\left(k\right)$ represent the second and fourth rows of the matrix $x\left(k\right)$, respectively. In addition, the initial system state is $x_0=[4;0.2;3;-0.5;2]$, and the initial estimated state is chosen with the same values. In the process of NN approximation, the relevant parameters are chosen: the only hidden layer has 10 neurons, the initial weights are produced randomly in the range $[0,1]$, the activation function is Sigmoid, and the learning rate $\eta$ is 0.75. The simulation results are illustrated in Figure 2, Figure 3, Figure 4, Figure 5 and Figure 6.

Assume that the attack signal exists in the system from the initial stage and evolves with changes in the system state, thereby influencing the system. When the FDI attack intrudes the system, the NN estimation process of the attack signal is illustrated in Figure 2. As shown, during the initial period, the discrepancy between the actual attack signal and its estimate is relatively large due to the significant gap between the initial and ideal weights. However, over time, this error gradually converges to zero, demonstrating the success of the approach. In addition, the convergence process of the system state during the NN training is shown in Figure 3a. When the system state converges to zero, it indicates that the NN has successfully approximated the attack signal and can effectively compensate for the attack occurring in the system. Furthermore, as shown in Figure 3b, when only the LQR method is used, the system’s state trajectory fails to converge to zero. However, when employing the NN adaptive estimator, the system state converges as evidenced by Figure 4. In a system without an adaptive controller, the presence of the attack signal prevents the system states affected by maliciously altered information from converging to zero. Additionally, other states not directly impacted are also influenced to some extent, failing to achieve complete convergence to zero. This comparison highlights the necessity of addressing FDI attacks. If such attacks are left unaddressed, the system states may become uncontrollable.

After addressing the system security issues using the adaptive controller, the aspect of safety is also considered in this simulation phase. For simplicity, the control barrier function $h\left(x\right)=9-{(x_3-1)}^2-{(x_5-1)}^2$ is adopted, which ensures that certain system states remain within predetermined bounds, and $\gamma =0.9$. To handle the unknown variable in the system, the designed approach is applied, for simplicity, incorporating a function represented here as a constant matrix $\xi (\Delta ){\Delta }_{\mathcal{M}}=\left[0.4\right]$. The ideal controller is aforementioned $\mathrm{u}\left(k\right)=-Kx\left(k\right)-{\mathbf{W}}^{\top }𝟊\left(\widehat{x}\left(k\right)\right)$, where $\mathbf{W}$ represents the neural network-trained weights approximating the ideal weights W. The safety simulation results are presented in Figure 5a. When physical constraints are imposed on the system, we can see that the black dashed line is not completely enclosed by the blue solid line, indicating that the system state exceeds the preset range. Furthermore, the red solid line in Figure 5a represents the state trajectory when using the CBF. Although system safety is maintained, the state trajectories still do not converge to 0 as shown in Figure 5b. However, when the proposed scheme is applied, the system state remains within the preset range and converges to 0 as shown in Figure 6. Therefore, it is clear that the proposed control approach effectively guarantees both the security and safety of the system, while also demonstrating its superiority over the LQR method.

5. Conclusions

In the paper, we have proposed a novel safety control strategy for CPSs under FDI attacks, while ensuring that physical safety constraints are maintained. Our approach handles two main challenges: (i) effectively mitigating the effect of FDI attacks on system performance, and (ii) ensuring system safety despite the presence of unknown attacks. By designing a neural network-based attack estimator, estimates of the FDI attacks were obtained. This estimation was integrated into the control algorithm, allowing the controller to adjust its actions based on both the baseline control and the estimated attack information. Additionally, the CBF was employed to enforce safety constraints, dynamically adapting to attack conditions by incorporating attack estimates into the safety logic. Finally, simulation results have shown that the designed safety strategy successfully mitigates the influence of FDI attacks, maintaining system safety while ensuring its stability.