Resilient Multi-Dimensional Consensus and Containment Control of Multi-UAV Networks in Adversarial Environments

Abstract

Practical large-scale multiple unmanned aerial vehicle (multi-UAV) networks are susceptible to multiple potential points of vulnerability, such as hardware failures or adversarial attacks. Existing resilient multi-dimensional coordination control algorithms in multi-UAV networks are rather costly in the computation of a safe point and rely on an assumption of the maximum number of adversarial nodes in the multi-UAV network or neighborhood. In this paper, a dynamic trusted convex hull method is proposed to filter received states in multi-dimensional space without requiring assumptions about the maximum adversaries. Based on the proposed method, a distributed local control protocol is designed with lower computational complexity and higher tolerance of adversarial nodes. Sufficient and necessary graph-theoretic conditions are obtained to achieve resilient multi-dimensional consensus and containment control despite adversarial nodes’ behaviors. The theoretical results are validated through simulations.

1. Introduction

Distributed coordination control algorithms are highly important in multi-UAV networks because of their fundamental role in various applications, including the formation control of UAVs, flocking, and distributed data fusion in networks [1,2,3,4,5]. Practical large-scale multi-UAV networks are susceptible to multiple potential points of vulnerability, such as hardware failures or adversarial attacks, which can cause certain nodes to exhibit abnormal or adversarial behaviors [6,7]. The primary objective of resilient coordination control protocols is to guarantee that when an attack or failure compromises some nodes in multi-UAV networks, the remaining unaffected nodes can still achieve their objectives in a more relaxed setting [8,9,10].

A central concern within this domain is devising strategies to alleviate or eliminate the influence of adversarial nodes. A class of algorithms known as the mean subsequence reduced (MSR) algorithms has emerged as a solution to this challenge [11,12,13,14,15,16]. The fundamental concept underlying MSR algorithms involves sorting and filtering the values received from their in-neighbors using a trimmed mean approach, based on a predefined upper bound number of adversarial nodes in the neighbors or network. The concept of $r/(r,s)$-robustness [12], a graph-theoretic notion, was introduced to analyze the network topology of MSR algorithms to achieve consensus. This concept is more suitable for capturing information redundancy than the notion of connectivity. Subsequently, the MSR-based methods have been further extended to multi-UAV networks with different scenarios, such as containment control [13] and leader–follower consensus [14,15]. The effectiveness of MSR-based methods in ensuring resilient consensus in one-dimensional networks where the states of nodes are scalars has been demonstrated. However, these outcomes refer to the $r/(r,s)$-robustness graph conditions. Verifying this property in arbitrary graphs is NP-hard, and no computationally efficient method is currently available to address this problem [16]. References [8,17] provide a systematic review of the State-of-the-Art in graph-theory-based resilient consensus control for distributed systems.

To enhance the robustness of network structures, the concept of trusted nodes, which represents entities continually shielded from both attacks and failures through heightened security measures, including identity authentication, device hardening, or other cryptographic techniques, was introduced in [18]. In [18], the authors analyze the necessary graph conditions and incorporate trusted nodes into MSR algorithms to achieve resilient consensus. In [19], a method based on trusted regions was proposed for designing resilient consensus algorithms in adversarial environments. Similar strategies were employed in [20], where trusted nodes were employed to prevent data pollution from adversarial neighbors. However, the aforementioned methods mainly focus on one-dimensional scenarios, in which nodes’ states are scalars, and the consensus value is within an interval constrained by the maximum and minimum of regular nodes’ initial states. In scenarios where nodes’ states are represented as points or vectors in ${\mathbb{R}}^d$, resilient consensus and containment are conducted to guarantee that all regular nodes converge to a point or within a defined space encompassed by the convex hull of either regular nodes or the leaders’ initial states. Notably, as discussed in [21], resilient multi-dimensional consensus and containment control problems cannot be addressed by directly applying existing scalar algorithms to individual entries of the state through Kronecker product operations.

In recent research, the MSR algorithms were extended to more general $d$-dimensional space [21,22,23,24,25,26,27,28]. In these algorithms, each regular node iteratively updates its state by calculating a point guaranteed to lie in the convex hull formed by the states of regular neighbors. Existing algorithms compute this point through methods such as the Tverberg point [21,22], centerpoint [23,24], and intersection of multiple convex sets [25,26,27,28]. The outcomes obtained from these methods are elegant; however, the computational costs can be high, potentially growing exponentially with the number of adversarial nodes or neighbors. Moreover, all these findings are based on a predetermined parameter representing the maximum adversaries in multi-UAV networks or neighborhoods. Appropriately estimating this parameter may be impossible in practical applications, such as when addressing damaged sensors in extreme weather or real-time damaged robots in military wars. If the number of adversarial nodes exceeds the preset parameter, the coordination objective cannot be guaranteed.

In this paper, we extend the trusted-node-based approach to high-dimensional spaces. For resilient consensus control and resilient containment control in high-dimensional spaces, we design information filtering methods and resilient control algorithms, analyze the network topology conditions required for algorithm convergence, and provide corresponding proofs. Compared to traditional centralized or distributed control models [21,22,23,24,25,26,27,28], as shown in Figure 1, we employ a hybrid control model that benefits from trusted nodes to solve the resilient multi-dimensional consensus and containment control problems in this paper. Trusted nodes follow the same distributed control protocol as regular nodes and can also be influenced by adversarial nodes during the update process. They differ from leaders, which are typically remotely controlled or autonomous and function as anchor nodes. The main contributions of this paper can be outlined as follows:

(1)

A dynamic trusted convex hull method is proposed for regular nodes (including trusted nodes) to filter information in a $d$-dimensional space in a distributed manner. This method does not require a predetermined parameter specifying the maximum number of adversarial nodes in networks or neighborhoods, which is necessary in [21,22,23,24,25,26,27,28];

(2)

Based on this method, a distributed local control protocol is designed for regular nodes (including trusted nodes) to achieve resilient multi-dimensional consensus and containment control. Compared to [21,22,23,24,25,26,27,28], the proposed protocol exhibits lower computational complexity and better tolerance of more adversarial nodes;

(3)

The necessary and sufficient graph-theoretic conditions for the success of the proposed control protocol are derived. The newly defined graph conditions, namely $r$-dominating subgraphs, are easier to verify in arbitrary graphs than the classical $r/(r,s)$-robustness graph conditions [11,12,13,14,15,16].

The remainder of this paper is organized as follows: Preliminaries and problem formulation are provided in Section 2. The algorithm design and theoretical analysis are provided in Section 3 and Section 4, respectively. The simulations are described in Section 5, and Section 6 concludes the paper.

Notations: Throughout this paper, the symbols $\mathrm{Z}$, ${\mathrm{Z}}^{+}$, and $\mathsf{R}$ denote the sets of integers, positive integers, and real numbers, respectively. $|\mathcal{S}|$ denotes the cardinality of a set $\mathcal{S}$. The separability of set ${\mathcal{S}}_1$ by set ${\mathcal{S}}_2$ is denoted by ${\mathcal{S}}_1\backslash {\mathcal{S}}_2=\{x\in {\mathcal{S}}_1:x\notin {\mathcal{S}}_2\}$. Moreover, $\alpha \in \mathsf{R}$ and $\epsilon \in \mathsf{R}$ are real numbers.

2. Preliminaries and Problem Formulation

2.1. Graph Theory

Consider a directed graph (digraph) denoted as $\mathcal{G}=(\mathcal{V},\mathcal{E})$, where $\mathcal{V}=\{1,2,\dots ,n\}$ is the node set and $\mathcal{E}\subset \mathcal{V}\times \mathcal{V}$ is the edge set. An edge $(j,i)\in \mathcal{E}$ indicates that node $i$ can directly acquire information from node $j$. The set of neighbors for a node $i$ is denoted by ${\mathcal{N}}_i=\{j,|(j,i)\in \mathcal{E}\}$. The adjacency matrix $A=\left[\begin{array}{c}\hfill a_{ij}\hfill \end{array}\right]\in {\mathsf{R}}^{n\times n}$ is defined by $a_{ij}>0$ if $(j,i)\in \mathcal{E}$; otherwise, $a_{ij}=0$. A digraph ${\mathcal{G}}_{\mathcal{s}}({\mathcal{V}}_{\mathcal{s}},{\mathcal{E}}_{\mathcal{s}})$ is said to be a subgraph of $\mathcal{G}(\mathcal{V},\mathcal{E})$ if ${\mathcal{V}}_{\mathcal{s}}\subseteq \mathcal{V}$ and ${\mathcal{E}}_{\mathcal{S}}\subseteq \mathcal{E}$. The path from node $i_1$ to node $i_p$ is denoted as the sequence $(i_1,i_2,..,i_p)$, where $(i_j,i_{j+1})\in \mathcal{E}$ for $j=1,2,\dots ,p-1$. If a directed path from $i_1$ to $i_p$ holds such that $(i_j,i_{j+1})\in \mathcal{E}$ and $\{i_2,\dots ,i_{p-1}\}\subset {\mathcal{V}}_{\mathcal{S}}\subset \mathcal{V}$, then the directed path is in subgraph ${\mathcal{G}}_{\mathcal{S}}$. If there is a node in digraph $\mathcal{G}$ that has a directed path to all other nodes, then $\mathcal{G}$ contains a directed spanning tree. To avoid ambiguity and for convenience, in this paper, we use node indices $i$, $j$ in a special font to refer to the nodes themselves, while explicitly indicating whether it is node $i$ or node $j$, so as not to confuse them with other symbols.

To analyze the resilience of the algorithms developed in this paper, we introduce two new concepts that are extended from the notion of a connected dominating set [29,30]:

Definition 1.

($r$-dominating subgraph) Consider a digraph $\mathcal{G}=(\mathcal{V},\mathcal{E})$; a subgraph ${\mathcal{G}}_{\mathcal{S}}({\mathcal{V}}_{\mathcal{S}},{\mathcal{E}}_{\mathcal{S}})$ is said to be an $r$-dominating subgraph if the following two conditions are met:

(i)

${\mathcal{G}}_{\mathcal{S}}$ contains a directed spanning tree.

(ii)

$\forall i\in \mathcal{V}$, $|{\mathcal{N}}_i\cap {\mathcal{V}}_{\mathcal{S}}|\ge r$.

Definition 2.

($r$-dominating subgraph with respect to $\mathcal{L}$) Consider a digraph $\mathcal{G}=(\mathcal{V},\mathcal{E})$, where $\mathcal{S}$ and $\mathcal{L}$ are nonempty disjointed subsets of $\mathcal{V}$; a subgraph ${\mathcal{G}}_{\mathcal{S}}({\mathcal{V}}_{\mathcal{S}},{\mathcal{E}}_{\mathcal{S}})$ is an $r$-dominating subgraph with respect to $\mathcal{L}$ if the following two conditions are met:

(i)

$\forall i\in \left(\mathcal{V}\backslash \mathcal{L}\right)$, there exists $j\in \mathcal{L}$ that has a directed path from $j$ to $i$ in subgraph ${\mathcal{G}}_{\mathcal{S}}$ or ${\mathcal{N}}_i\cap \mathcal{L}\ne \varnothing$.

(ii)

$\forall i\in (\mathcal{V}⧵\mathcal{L})$, $|{\mathcal{N}}_i\cap ({\mathcal{V}}_{\mathcal{S}}\cup \mathcal{L})|\ge r$.

Based on the above definitions, we present the following new lemma and its proof:

Lemma 1.

Consider a digraph $\mathcal{G}=(\mathcal{V},\mathcal{E})$. If ${\mathcal{G}}_{\mathcal{S}}({\mathcal{V}}_{\mathcal{S}},{\mathcal{E}}_{\mathcal{S}})\subseteq \mathcal{G}$ is an $r$-dominating subgraph, then for any pair of nonempty disjointed subsets ${\mathcal{Z}}_1,{\mathcal{Z}}_2\subset \mathcal{V}$, ${\mathcal{Y}}_{z_1}^{{\mathcal{V}}_{\mathcal{S}}}\cup {\mathcal{Y}}_{z_2}^{{\mathcal{V}}_{\mathcal{S}}}\ne \varnothing$ is satisfied, where ${\mathcal{Y}}_{{\mathcal{Z}}_i}^{{\mathcal{V}}_{\mathcal{S}}}=\{j\in {\mathcal{Z}}_i:{\mathcal{N}}_j\cap ({\mathcal{V}}_{\mathcal{S}}\backslash {\mathcal{Z}}_i)\ne \varnothing \}$, $i=1,2$.

Proof. 

Three possible cases are considered:

(i)

${\mathcal{Z}}_1\cap {\mathcal{V}}_{\mathcal{S}}=\varnothing$: Since ${\mathcal{G}}_{\mathcal{S}}$ is an $r$-dominating subgraph, any node in ${\mathcal{Z}}_1$ has at least $r$ neighbors in ${\mathcal{V}}_{\mathcal{S}}$. Therefore, ${\mathcal{Y}}_{{\mathcal{Z}}_1}^{{\mathcal{V}}_{\mathcal{S}}}\ne \varnothing$;

(ii)

${\mathcal{Z}}_2\cap {\mathcal{V}}_{\mathcal{S}}=\varnothing$: Similarly to (i), ${\mathcal{Y}}_{{\mathcal{Z}}_2}^{{\mathcal{V}}_{\mathcal{S}}}\ne \varnothing$;

(iii)

${\mathcal{Z}}_1\cap {\mathcal{V}}_{\mathcal{S}}\ne \varnothing$ and ${\mathcal{Z}}_2\cap {\mathcal{V}}_{\mathcal{S}}\ne \varnothing$: Since ${\mathcal{G}}_{\mathcal{S}}$ is a $r$-dominating subgraph, there is a node $q$ that has a directed path to all other nodes in ${\mathcal{V}}_{\mathcal{S}}$. If $q\in {\mathcal{Z}}_1$, by definition, there is a node $p$ in ${\mathcal{Z}}_2\cap {\mathcal{V}}_{\mathcal{S}}$ that must have a neighbor in ${\mathcal{V}}_{\mathcal{S}}\backslash {\mathcal{Z}}_2$, since node $q$ must have a directed path to node $p$. Then, ${\mathcal{Y}}_{{\mathcal{Z}}_2}^{{\mathcal{V}}_{\mathcal{S}}}\ne \varnothing$. If $q\notin {\mathcal{Z}}_1$, by definition, there is a node $p$ in ${\mathcal{Z}}_1\cap {\mathcal{V}}_{\mathcal{S}}$ that must have a neighbor in ${\mathcal{V}}_{\mathcal{S}}\backslash {\mathcal{Z}}_1$, since node $q$ must have a directed path to node $p$. Thus, ${\mathcal{Y}}_{{\mathcal{Z}}_1}^{{\mathcal{V}}_{\mathcal{S}}}\ne \varnothing$. □

2.2. Problem Formulation

Consider a multi-UAV network $\mathcal{G}=(\mathcal{V},\mathcal{E})$ consisting of sets of regular nodes, leaders, and adversarial nodes in an adversarial environment. These sets are denoted as ${\mathcal{V}}_{\mathcal{R}}$, ${\mathcal{V}}_{\mathcal{L}}$, and ${\mathcal{V}}_{\mathcal{A}}$, respectively. Thus, $\mathcal{V}={\mathcal{V}}_{\mathcal{R}}\cup {\mathcal{V}}_{\mathcal{A}}\cup {\mathcal{V}}_{\mathcal{L}}$. First, the set of regular nodes ${\mathcal{V}}_{\mathcal{R}}$ executes a predefined distributed control protocol with local information from neighbors. Second, the leaders ${\mathcal{V}}_{\mathcal{L}}$ can be autonomous or remotely controlled without implementing the proposed control protocol. In this paper, leaders are considered static, functioning as anchor nodes and defining a containment space for followers to reach and remain within. The leader set may be empty; in this case, we consider only regular and adversarial nodes. Finally, the adversarial nodes ${\mathcal{V}}_{\mathcal{A}}$ are nodes with full knowledge of the network that deviate from any predefined protocol rules. They may aim to hinder regular nodes from achieving coordination goals, or they may just be unable to execute the predefined distributed control protocol. The adversaries considered in this paper are malicious in the sense that they send the same misinformation to all out-neighbors.

In this paper, nodes are modeled as discrete-time multi-dimensional integrators with positions in $d$-dimensional space. The behavior of nodes is represented by the following dynamics:

$$\left\{\begin{array}{ll}{x}_i(k+1)=x_i(k)+u_i(k),& i\in {\mathcal{V}}_{\mathcal{R}}\\ x_i(k+1)=x_i(0),& i\in {\mathcal{V}}_{\mathcal{L}}\\ x_i(k+1):\mathrm{arbitrary},& i\in {\mathcal{V}}_{\mathcal{A}}\end{array}\right.$$

(1)

where $u_i(k)\in {\mathsf{R}}^d$ is the local control input and $x_i(k)\in {\mathsf{R}}^d$ is the position of the nodes, $k\in \mathsf{Z}$ is the time step. In this paper, we use $x_i(k)$ to represent the positional information of node $i$. In a one-dimensional space, $x_i(k)$ is a scalar, whereas in two-dimensional or three-dimensional spaces, $x_i(k)$ is a vector. For convenience, we uniformly use $x_i(k)$ to denote it, so no strict distinction is made.

We aim to enhance the resilience of multi-UAV networks through trusted nodes, which are a very small set of regular nodes continuously safeguarded from both attacks and failures through augmented security investments, including identity authentication, device hardening, or other cryptographic techniques from practical implementation. Since the security investments are costly, the designated set of trusted nodes, denoted by ${\mathcal{V}}_{\mathcal{T}}({\mathcal{V}}_{\mathcal{T}}\subseteq {\mathcal{V}}_{\mathcal{R}})$, must be small and meticulously constructed. Trusted nodes follow the same update rules as regular nodes and can also be influenced by adversarial nodes during the update process. Assume that each regular node is aware of the trusted nodes’ identity in the neighborhood [18,19]. This assumption means that the identity of trusted nodes is known to all regular nodes (including trusted nodes) within the neighborhood, while the identity of adversarial nodes remains unknown to regular nodes. All regular nodes in the multi-UAV network may become adversarial due to attacks or failures, except for a small set of trusted nodes. To clarify the problems, the following definition of the convex hull is provided:

Definition 3.

(convex hull) The convex hull of a set of nodes $\mathcal{S}\subseteq \mathcal{V}$ is defined as

$$\mathrm{c}\mathrm{o}(\mathbf{x}(k),\mathcal{S})=\{y\in {\mathbb{R}}^d, y=\sum _{i\in \mathcal{S}}{a}_i{\mathit{x}}_i(k):\sum _{i\in \mathcal{S}}{a}_i=1 ,a_i\ge 0\}$$

(2)

In this paper, two coordination problems within multi-UAV networks are addressed using the proposed algorithm. Regular nodes can achieve (i) resilient multi-dimensional consensus when there are no leaders in the network or (ii) resilient multi-dimensional containment control when there are leaders in the network, regardless of the behaviors exhibited by the adversarial nodes. The problems are defined as follows [23,24]:

Problem 1.

(Resilient Multi-Dimensional Consensus) Consider a multi-UAV network consisting of regular nodes and adversarial nodes in $d$-dimensional space. For any behavior of adversarial nodes and any initial positions $\mathbf{x}(0)$, the following holds:

$$\underset{k\to \infty }{\lim } x_i(k)=p, \forall i\in {\mathcal{V}}_{\mathcal{R}},$$

(3)

where $p\in \mathrm{c}\mathrm{o}(\mathbf{x}(0),{\mathcal{V}}_{\mathcal{R}})$.

Problem 2.

(Resilient Multi-Dimensional Containment Control) Consider a multi-UAV network consisting of regular nodes, leaders, and adversarial nodes in $d$-dimensional space. For any behavior of adversarial nodes and any initial positions $\mathbf{x}(0)$, the following holds:

$$\underset{k\to \infty }{\lim } x_i(k)\in {\mathcal{C}}_{\mathcal{L}}, \forall i\in {\mathcal{V}}_{\mathcal{R}},$$

(4)

where ${\mathcal{C}}_{\mathcal{L}}=\mathrm{c}\mathrm{o}(\mathbf{x}(0),{\mathcal{V}}_{\mathcal{L}})$.

3. Algorithm Design

In this section, we provide the resilient multi-dimensional consensus and containment control protocol. In the introduction, we discussed how many algorithms prove highly effective in simple one-dimensional spaces for ensuring resilient consensus control. Consequently, one might naively attempt to extend these one-dimensional methods to high-dimensional spaces by applying them independently to each dimension of the node states via the Kronecker product, thereby achieving resilient control in higher dimensions. However, this approach only guarantees convergence to a hypercube determined by the nodes’ initial states—a limitation similarly noted in the literature [21,28]. Figure 2 illustrates an example in two-dimensional space, where node positions represent their initial states. If one-dimensional algorithms are merely applied separately to each dimension, the final convergence would be confined to the gray rectangular region. In contrast, the darker triangular region represents the more precise convex hull formed by the nodes’ initial states.

To facilitate the introduction of the proposed algorithm, we first define the safe convex hull as the convex hull formed by all regular nodes, trusted nodes, and leaders (when present). In the absence of leaders, the safe convex hull is constructed solely by regular and trusted nodes.

Definition 4.

(safe convex hull) The safe convex hull is defined as

$$\mathrm{s}\text{-}\mathrm{c}\mathrm{o}(\mathbf{x}(k))=\mathrm{c}\mathrm{o}(\mathbf{x}(k),({\mathcal{V}}_{\mathcal{R}}\cup {\mathcal{V}}_{\mathcal{T}}\cup {\mathcal{V}}_{\mathcal{L}})).$$

(5)

Since this paper addresses two distinct problems—resilient consensus control (without leaders) and resilient containment control (with multiple leaders)—we must account for scenarios both with and without leaders. However, during information filtering and state updates, both leaders and trusted nodes are treated as authenticated participants whose state values are fully trusted. Specifically, trusted nodes are authenticated and execute the same algorithm as regular nodes. Leaders are authenticated and update their states via remote control. Regular nodes follow the prescribed algorithm, but may become adversarial due to faults or attacks, deviating from correct execution. Given these shared principles, we unify the algorithmic design for both problems in the subsequent discussion. Next, we give the definition of a trusted convex hull.

Definition 5.

(trusted convex hull) The trusted convex hull of regular node $i$ at time step $k$ is a convex hull formulated by the set of trusted nodes and leaders in the neighborhood. This convex hull is represented by the following polytope:

$$\mathrm{T}\text{-}\mathrm{c}\mathrm{o}(\mathbf{x}(k),{\mathcal{N}}_i)=\mathrm{c}\mathrm{o}(\mathbf{x}(k),({\mathcal{N}}_i\cap ({\mathcal{V}}_{\mathcal{T}}\cup {\mathcal{V}}_{\mathcal{L}}))\cup \{i\}).$$

(6)

Figure 3 serves as a schematic diagram demonstrating how a regular node $i$ constructs a trusted convex hull in two-dimensional space by utilizing trusted neighbor nodes, leaders within its neighborhood, and its own state. The positions of the nodes represent their real-time state values, and the nodes shown in the figure constitute only a portion of the entire network. According to the definition, for any regular node $i\in {\mathcal{V}}_{\mathcal{R}}({\mathcal{V}}_{\mathcal{T}}\subseteq {\mathcal{V}}_{\mathcal{R}})$, the trusted convex hull $\mathrm{T}\text{-}\mathrm{c}\mathrm{o}(\mathbf{x}(k),{\mathcal{N}}_i)$ is a subset of the convex hull formulated by all regular nodes, trusted nodes, and leaders. Then, it is confirmed that the trusted convex hull is a subset of the safe convex hull, that is

$$\mathrm{T}\text{-}\mathrm{c}\mathrm{o}(\mathbf{x}(k),{\mathcal{N}}_i)\subseteq \mathrm{s}\text{-}\mathrm{c}\mathrm{o}(\mathbf{x}(k)).$$

(7)

Note that the construction of the trusted convex hull is not contingent upon a preknown parameter specifying the maximum adversaries in the multi-UAV system or neighborhood. In other words, it can tolerate any regular node within the multi-UAV network becoming adversarial under attacks or failures, excluding a very small set of trusted nodes.

For any regular node $i\in {\mathcal{V}}_{\mathcal{R}}({\mathcal{V}}_{\mathcal{T}}\subseteq {\mathcal{V}}_{\mathcal{R}})$, it makes updates according to the resilient multi-dimensional consensus and containment control protocol, as outlined in Algorithm 1. The algorithm’s key steps are designed as follows: at any given time $k$, each regular node $i$ receives state information from all neighboring nodes and constructs a trusted convex hull by combining its own trusted state value with those from trusted neighbors and leaders (if present); neighboring states falling within this convex hull are retained for subsequent state updates while external ones are discarded, with the preserved node set denoted as ${\mathcal{M}}_i(k)$, and the state update rule—similar to the MSR algorithm—utilizes only these filtered states from ${\mathcal{M}}_i(k)$ to maintain distributed operation, as illustrated in Figure 3, where a regular node $i$ builds its trusted convex hull using trusted nodes and leaders in the neighborhood.

Algorithm 1: Resilient Multi-Dimensional Consensus and Containment Control Protocol

At each time step $k$, regular node $i\in {\mathcal{V}}_{\mathcal{R}}({\mathcal{V}}_{\mathcal{T}}\subseteq {\mathcal{V}}_{\mathcal{R}})$, repeat the following operations: 1: Receive relative position information $x_j(k)$ from neighbors $j\in {\mathcal{N}}_i$, and store these positions in a list ${\mathcal{X}}_i(k)$; 2: Compute a dynamic trusted convex hull $\mathrm{T}\text{-}\mathrm{c}\mathrm{o}(\mathbf{x}(k),{\mathcal{N}}_i)$ that is formulated by trusted nodes and leaders in ${\mathcal{X}}_i(k)$; 3: Compute a candidate node set ${\mathcal{M}}_i(k)$ where the positions in ${\mathcal{X}}_i(k)$ out of $\mathrm{T}\text{-}\mathrm{c}\mathrm{o}(\mathbf{x}(k),{\mathcal{N}}_i)$ are removed and the others are reserved; 4: Compute a local control input using $$u_i=\sum _{j\in {\mathcal{M}}_i(k)}{a}_{ij}(k)(x_j(k)-x_i(k)),$$ (8) where $a_{ij}(k)\ge \alpha$ and $1-{\displaystyle \sum _{j\in {\mathcal{M}}_i(k)}}{a}_{ij}(k)\ge \alpha$ for some $0<\alpha <1$; 5: Update position according to (1) and transmit $x_i(k+1)$ to neighbors $j\in {\mathcal{N}}_i$.

A novelty of the protocol is empowering regular nodes $i\in {\mathcal{V}}_{\mathcal{R}}$ to compute and update using information derived from a safe convex hull, i.e., $\mathrm{T}\text{-}\mathrm{c}\mathrm{o}(\mathbf{x}(k),{\mathcal{N}}_i)$, ensuring immunity to arbitrary influence from adversarial nodes. During the updating process, the positions of nodes located outside the trusted convex hull are excluded and disregarded by node $i$. If the set of trusted nodes is carefully arranged and the network topology satisfies specific conditions, then the regular nodes in the multi-UAV network can achieve collaborative objectives in a distributed manner regardless of the behavior of the adversarial nodes. Although adversarial nodes may be located in the trusted convex hull, they cannot have arbitrary control over the regular nodes. Next, we focus on the scenario where an adversarial node $p$ remains within the trust convex hull of a node $i$, i.e., $x_p(k)\in \mathrm{T}\text{-}\mathrm{c}\mathrm{o}(\mathbf{x}(k),{\mathcal{N}}_i)$. According to the definition of a convex hull, the state value $x_p(k)$ of node $p$ can necessarily be represented as a convex combination of other regular nodes (including trusted nodes and leaders) in the trusted convex hull, i.e., $x_p(k)=d_1(k)x_1(k)+d_2(k)x_2(k)+\dots +d_l(k)x_l(k)$, where $0\le d_l(k)\le 1$, $d_1(k)+d_2(k)+\dots +d_l(k)=1$, and $\{x_1(k),x_2(k),\dots ,x_l(k)\}\subseteq \mathrm{T}\text{-}\mathrm{c}\mathrm{o}(\mathbf{x}(k),N_i)$. Let ${\bar{a}}_{i1}(k)=a_{i1}(k)+d_1(k)a_{ip}(k)$, ${\bar{a}}_{i2}(k)=a_{i2}(k)+d_2(k)a_{ip}(k)$, …, ${\bar{a}}_{il}(k)=a_{il}(k)+d_l(k)a_{ip}(k)$. Then, the influence of the adversarial node can be transformed into the effect of other regular nodes within the trust convex hull. It is evident that the adversarial node $p$ will not be able to arbitrarily control the state value of node $i$, and can at most influence the weights of the nodes in the convex combination.

The computation of $\mathrm{T}\text{-}\mathrm{c}\mathrm{o}(\mathbf{x}(k),{\mathcal{N}}_i)$ and ${\mathcal{M}}_i(k)$ in Algorithm 1 can be transformed into a classic convex problem in mathematics [31,32]. Since trusted nodes are expensive and protected from attacks by increased security investment, the number of trusted neighbors of any regular node $i$ is as small as possible, and at least $d$. Thus, the computation of $\mathrm{T}\text{-}\mathrm{c}\mathrm{o}(\mathbf{x}(k),{\mathcal{N}}_i)$ is transformed into a computation of a convex hull of $d+1$ points. According to the Quickhull algorithm in [31,32], the average complexity is $O(dlogd)$ and the worst-case complexity is $O(d^2)$. The computation of ${\mathcal{M}}_i(k)$ involves calculating whether a point is within $\mathrm{T}\text{-}\mathrm{c}\mathrm{o}(\mathbf{x}(k),{\mathcal{N}}_i)$. Since ${\mathcal{N}}_i-d$ points need to be determined, the complexity of this problem is $O(d^2{\mathcal{N}}_i)$. In previous studies of multi-dimensional cases [21,22,23,24,25,26,27,28], the computation of a safe point relies on a preknown parameter specifying the maximum number of adversaries. Thus, the computation cost may increase exponentially with the number of adversarial nodes or neighbors; a detailed analysis of this can be seen in [24,28]. Our algorithm presented in this paper exhibits a significantly decreased computational cost, which is $O(d^2{\mathcal{N}}_i)$ at worst. The computational complexity analysis here only considers the scenario in a $d$-dimensional space, where any regular node $i$ has enough trusted neighbors to form a $d$-dimensional trusted convex hull. It evaluates the complexity of computing such a trusted convex hull and the computational complexity of filtering received state information using this convex hull. When the number of trusted neighbors of node $i$ is insufficient to form a $d$-dimensional trusted convex hull, the trusted convex hull of node $i$ in Algorithm 1 will instead form a lower-dimensional trusted space, such as a closed convex polygon in a three-dimensional space. In this case, the computational complexity will also change. The trusted convex hull may be a point, a line, an area, or a space. The hull always contains the regular node $i$ itself, which is considered trust by definition. In the worst, $\mathrm{T}\text{-}\mathrm{c}\mathrm{o}(\mathbf{x}(k),{\mathcal{N}}_i)$ is a single point of regular node $i$.

4. Theoretical Analysis

In this section, we analyze the convergence of multi-UAV network (1) under the designed control protocol. The number of regular nodes $|{\mathcal{V}}_{\mathcal{R}}|$ in multi-UAV network (1) is denoted by $\mathit{N}$. Combining (1) and (8) yields the dynamics of the regular node $i\in {\mathcal{V}}_{\mathcal{R}}$ as

$$x_i(k+1)=a_{ii}(k)x_i\left(k\right)+\sum _{j\in {\mathcal{M}}_i\left(k\right)}{a}_{ij}\left(k\right)x_j\left(k\right)$$

(9)

where $a_{ii}\left(k\right)=1-{\sum }_{j\in {\mathcal{M}}_i\left(t_k\right)}{a}_{ij}\left(k\right)\ge \alpha$, $a_{ij}(k)\ge \alpha$ and $0<\alpha <1$.

Note that $x_i(k+1)$ is a convex combination of $x_j(k)$ in ${\mathcal{M}}_i(k)$ and $x_i(k)$. From Algorithm 1, we know that ${\mathcal{M}}_i(k)$ is a candidate node set belonging to the trusted convex hull $\mathrm{T}\text{-}\mathrm{c}\mathrm{o}(\mathbf{x}(k),{\mathcal{N}}_i)$. Since $\mathrm{T}\text{-}\mathrm{c}\mathrm{o}(\mathbf{x}(k),{\mathcal{N}}_i)\subseteq \mathrm{s}\text{-}\mathrm{c}\mathrm{o}(\mathbf{x}(k))$, one has $x_i(k+1)\in \mathrm{s}\text{-}\mathrm{c}\mathrm{o}(\mathbf{x}(k))$. Thus, $x_i(k+1)$ is always located in the safe convex hull $\mathrm{s}\text{-}\mathrm{c}\mathrm{o}(\mathbf{x}(k))$ regardless of the adversarial nodes’ misleading. Next, we shall provide sufficient graph-theoretic conditions on network topology, under which resilient multi-dimensional consensus and containment control are achieved. To prove this, it is sufficient to prove that the consensus is achieved at any dimension since $x_i(k+1)\in \mathrm{s}\text{-}\mathrm{c}\mathrm{o}(\mathbf{x}(k))$. Given the symmetry across different dimensions, without loss of generality, we concentrate solely on the first entry of nodes’ positions. The convergence of other entries can be proved using the same method.

For convenience, at any $p\in \{1,2,\dots ,d\}$, let $M_{\mathcal{R}}^p(k)$ and $m_{\mathcal{R}}^p(k)$ denote the maximum and minimum values, respectively, of the $p$-th entries of regular nodes’ positions at time step $k$. That is,

$$\begin{array}{c}{M}_{\mathcal{R}}^p(k)=\underset{i\in {\mathcal{V}}_{\mathcal{R}}}{\max } x_i^p(k),\hfill \\ m_{\mathcal{R}}^p(k)=\underset{i\in {\mathcal{V}}_{\mathcal{R}}}{\min } x_i^p(k).\hfill \end{array}$$

(10)

With the above preparations, we can now provide the main theoretical results.

4.1. Resilient Multi-Dimensional Consensus

First, we present the theoretical results for the resilient multi-dimensional consensus problem. Theorems 1 and 2 only consider the case where there is no leader node, and all regular nodes converge within the convex hull formed by the regular nodes (including trusted nodes). The proof of Theorem 1 follows the general structure of that for scalar systems [11], with modifications to accommodate our specific information filtering and position updating rules. We begin by proving the safety condition, i.e., $x_i\left(k\right)\in co(\mathbf{x}(0),{\mathcal{V}}_{\mathcal{R}})$. Next, we prove the agreement condition by contradiction, showing that the agreement gap between all regular nodes converges to zero.

Theorem 1.

Consider a multi-UAV network in $d$-dimensional space consisting of regular nodes and adversarial nodes, following the dynamics described in (1). Resilient multi-dimensional consensus can be achieved through the control protocol outlined in Algorithm 1 if the subgraph ${\mathcal{G}}_{\mathcal{T}}({\mathcal{V}}_{\mathcal{T}},{\mathcal{E}}_{\mathcal{T}})$ induced by trusted nodes forms a $d$-dominating subgraph.

Proof. 

First, we prove the safety condition $x_i\left(k\right)\in co(\mathbf{x}(0),{\mathcal{V}}_{\mathcal{R}})$. Since ${\mathcal{G}}_{\mathcal{T}}({\mathcal{V}}_{\mathcal{T}},{\mathcal{E}}_{\mathcal{T}})$ is a $d$-dominating subgraph of $\mathcal{G}$, by definition, each regular node $i\in {\mathcal{V}}_{\mathcal{R}}$ in $\mathcal{G}$ must have at least $d$ trusted neighbors. Thus, $\mathrm{T}\text{-}\mathrm{c}\mathrm{o}(\mathbf{x}(k),{\mathcal{N}}_i)\ne \varnothing$. From (9), we can see that $x_i(k+1)$ is a convex combination of nodes’ positions in $\mathrm{T}\text{-}\mathrm{c}\mathrm{o}(\mathbf{x}(k),{\mathcal{N}}_i)$. It is obtained that $x_i(k+1)\in \mathrm{T}\text{-}\mathrm{c}\mathrm{o}(\mathbf{x}(k),{\mathcal{N}}_i)$. Since this holds for any regular node $i\in {\mathcal{V}}_{\mathcal{R}}$, recalling (7), one has $x_i(k+1)\in \mathrm{s}\text{-}\mathrm{c}\mathrm{o}(\mathbf{x}(k))$. By induction, we can obtain $x_i\left(k\right)\in co(\mathbf{x}(0),{\mathcal{V}}_{\mathcal{R}})$.

Next, we prove the agreement condition. Based on Algorithm 1, if an adversarial node $j\in {\mathcal{V}}_{\mathcal{A}}$ satisfies $x_j(k)\notin \mathrm{T}\text{-}\mathrm{c}\mathrm{o}(\mathbf{x}(k),{\mathcal{N}}_i)$, then $x_j(k)\notin {\mathcal{M}}_i(k)$ for any $i\in {\mathcal{V}}_{\mathcal{R}}$. Consequently, $a_{ij}(k)=0$. Based on (9), $x_i^1(k+1)$ is determined by the positions at time step $k$ within $[m_{\mathcal{R}}^1(k),M_{\mathcal{R}}^1(k)]$. The following is obtained:

$$\begin{array}{c}{M}_{\mathcal{R}}^1(k+1)\le M_{\mathcal{R}}^1(k),\hfill \\ m_{\mathcal{R}}^1(k+1)\ge m_{\mathcal{R}}^1(k).\hfill \end{array}$$

(11)

Then, $M_{\mathcal{R}}^1(k)$ and $m_{\mathcal{R}}^1(k)$ are monotone and bounded functions of $k$, indicating that each function converges to some limit, denoted by a and b, respectively. It has been established that $a\ge b$. If we can demonstrate that $a=b$, then the consensus is guaranteed. We proceed to prove by contradiction that this assertion holds.

Let us assume that $a\ne b$, noting that $a>b$ by definition. Consequently, we can define a constant ${\epsilon }_0>0$, such that $a-{\epsilon }_0>b+{\epsilon }_0$. For any positive real number ${\epsilon }_i$ and at any time step $k$, we define the following two sets:

$$\begin{array}{c}{\mathcal{X}}_M^1(k,{\epsilon }_i)=\{i\in V:x_i^1(k)>a-{\epsilon }_i\},\hfill \\ {\mathcal{X}}_m^1(k,{\epsilon }_i)=\{i\in V:x_i^1(k)<b+{\epsilon }_i\}.\hfill \end{array}$$

(12)

The former includes all regular and adversarial nodes that have a first entry larger than $a-{\epsilon }_i$, and the latter includes all regular and adversarial nodes that have a first entry smaller than $b+{\epsilon }_i$. Then, a small quantity $\epsilon <{\alpha }^N{\epsilon }_0/1-{\alpha }^N$ can be chosen. Note that $0<\epsilon <{\epsilon }_0$. Since $\{M^1(k)\}$ and $\{m^1(k)\}$ are convergence sequences, there exists $k_{\epsilon }\in {\mathbb{Z}}^{+}$, such that $M^1(k)<a+\epsilon$ and $m^1(k)>b-\epsilon$, $\forall k\ge k_{\epsilon }$. Now, we consider the nonempty sets ${\mathcal{X}}_M^1(k_{\epsilon },{\epsilon }_0)$ and ${\mathcal{X}}_m^1(k_{\epsilon },{\epsilon }_0)$. According to the definition of ${\epsilon }_0$, these two sets are disjointed.

Since the subgraph ${\mathcal{G}}_{\mathcal{T}}({\mathcal{V}}_{\mathcal{T}},{\mathcal{E}}_{\mathcal{T}})$ is an $d$-dominating subgraph, Lemma 1 indicates that a regular node $i$ in either ${\mathcal{X}}_M^1(k_{\epsilon },{\epsilon }_0)$ or ${\mathcal{X}}_m^1(k_{\epsilon },{\epsilon }_0)$ with at least one trusted neighbor situated outside its set exists. Let us assume that regular node $i\in {\mathcal{X}}_M^1(k_{\epsilon },{\epsilon }_0)\cap {\mathcal{V}}_{\mathcal{R}}$ has a trusted neighbor outside ${\mathcal{X}}_M^1(k_{\epsilon },{\epsilon }_0)$. By definition, the first entry of these trusted neighbors is at most equal to $a-{\epsilon }_0$. According to the control protocol outlined in Algorithm 1, the trusted neighbors fall within $\mathrm{T}\text{-}\mathrm{c}\mathrm{o}(\mathbf{x}(k),{\mathcal{N}}_i)$ and are utilized by node $i$ for position updating. Referring to (9) reveals that the position of regular node $i$ at each time step is a convex combination of its own position and the position of nodes in $\mathrm{T}\text{-}\mathrm{c}\mathrm{o}(\mathbf{x}(k),{\mathcal{N}}_i)$, where the weight has a lower bound $\alpha$.

Considering that the largest first entry that regular node $i$ uses at $k_{\epsilon }$ is $M^1(k_{\epsilon })$, assigning the maximum weight to $M_{\mathcal{R}}^1(k_{\epsilon })$ yields

$$\begin{array}{ll}{x}_i^1(k_{\epsilon }+1)& \le (1-\alpha )M_{\mathcal{R}}^1(k_{\epsilon })+\alpha (a-{\epsilon }_0)\\ & <(1-\alpha )(a+\epsilon )+\alpha (a-{\epsilon }_0)\\ & =a-\alpha {\epsilon }_0+(1-\alpha )\epsilon \\ & =a-{\epsilon }_1.\end{array}$$

(13)

Here, ${\epsilon }_1=\alpha {\epsilon }_0-(1-\alpha )\epsilon$ satisfies $0<\epsilon <{\epsilon }_1<{\epsilon }_0$. Importantly, this upper bound also applies to the updated first entry of any regular node not in ${\mathcal{X}}_M^1(k_{\epsilon },{\epsilon }_0)$; as such, the node utilizes its own position in updating. Similarly, if regular node $i\in {\mathcal{X}}_m^1(k_{\epsilon },{\epsilon }_0)\cap {\mathcal{V}}_{\mathcal{R}}$ has a trusted neighbor outside ${\mathcal{X}}_m^1(k_{\epsilon },{\epsilon }_0)$, applying the same analysis yields

$$\begin{array}{ll}{x}_i^1(k_{\epsilon }+1)& \ge (1-\alpha )m_{\mathcal{R}}^1(k_{\epsilon })+\alpha (b+{\epsilon }_0)\\ & >(1-\alpha )(b-\epsilon )+\alpha (b+{\epsilon }_0)\\ & =b+\alpha {\epsilon }_0-(1-\alpha )\epsilon \\ & =b+{\epsilon }_1.\end{array}$$

(14)

Again, any regular node that is not in ${\mathcal{X}}_m^1(k_{\epsilon },{\epsilon }_0)$ has the same lower bound. Considering the sets ${\mathcal{X}}_M^1(k_{\epsilon }+1,{\epsilon }_1)$ and ${\mathcal{X}}_m^1(k_{\epsilon }+1,{\epsilon }_1)$, according to the previous analysis, at least one regular node in ${\mathcal{X}}_M^1(k_{\epsilon },{\epsilon }_0)$ whose first entry will be less than $a-{ϵ}_1$ at time step $k_{\epsilon }+1$ or one regular node in ${\mathcal{X}}_m^1(k_{\epsilon },{\epsilon }_0)$ whose first entry will be more than $b+{\epsilon }_1$ at time step $k_{\epsilon }+1$ exists. It must be that either $|{\mathcal{X}}_M^1(k_{\epsilon }+1,{\epsilon }_1)\cap {\mathcal{V}}_{\mathcal{R}}|<|{\mathcal{X}}_M^1(k_{\epsilon },{\epsilon }_0)\cap {\mathcal{V}}_{\mathcal{R}}|$ or $|{\mathcal{X}}_m^1(k_{\epsilon }+1,{\epsilon }_1)\cap {\mathcal{V}}_{\mathcal{R}}|<|{\mathcal{X}}_m^1(k_{\epsilon },{\epsilon }_0)\cap {\mathcal{V}}_{\mathcal{R}}|$, or both. Since ${\epsilon }_1<{\epsilon }_0$, ${\mathcal{X}}_M^1(k_{\epsilon }+1,{\epsilon }_0)$ and ${\mathcal{X}}_m^1(k_{\epsilon }+1,{\epsilon }_0)$ are still disjointed. Let ${\epsilon }_l=\alpha {\epsilon }_{l-1}-(1-\alpha )\epsilon$, $l\in {\mathbb{Z}}^{+}$. It is evident that $\{{\epsilon }_l\}$ is a strictly decreasing sequence. We repeat the above analysis recursively for $l$ steps, where $l\le N$ is straightforward. Since $|{\mathcal{X}}_M^1(k_{\epsilon },{\epsilon }_0)\cap {\mathcal{V}}_{\mathcal{R}}|+|{\mathcal{X}}_m^1(k_{\epsilon },{\epsilon }_0)\cap {\mathcal{V}}_{\mathcal{R}}|\le N$, there must be some time step $k_{\epsilon }+l$ where either ${\mathcal{X}}_M^1(k_{\epsilon }+l,{\epsilon }_l)\cap {\mathcal{V}}_{\mathcal{R}}$ or ${\mathcal{X}}_m^1(k_{\epsilon }+l,{\epsilon }_l)\cap {\mathcal{V}}_{\mathcal{R}}$ is empty. In the former case, all regular nodes at time step $k_{\epsilon }+l$ have their first entry at $a-{\epsilon }_l$, at most, and in the latter case, all regular nodes at time step $k_{\epsilon }+l$ have their first entry at $b+{\epsilon }_l$, at least. We aim to demonstrate that ${\epsilon }_l>0$, thereby contradicting the assertion that either $M_{\mathcal{R}}^1(k)$ monotonically converges to a or that $m_{\mathcal{R}}^1(k)$ monotonically converges to b. Recalling that $\epsilon <{\alpha }^N{\epsilon }_0/1-{\alpha }^N$ and $0<\alpha <1$ according to the definitions, we have

$$\begin{array}{ll}{\epsilon }_l& =\alpha {\epsilon }_{l-1}-(1-\alpha )\epsilon \\ & ={\alpha }^2{\epsilon }_{l-2}-\alpha (1-\alpha )\epsilon -(1-\alpha )\epsilon \\ & \dots \\ & ={\alpha }^l{\epsilon }_0-(1-\alpha )(1+\alpha +\dots +{\alpha }^{l-1})\epsilon \\ & ={\alpha }^l{\epsilon }_0-(1-{\alpha }^l)\epsilon \\ & \ge {\alpha }^N{\epsilon }_0-(1-{\alpha }^N)\epsilon >0.\end{array}$$

(15)

Thus, we obtain a contradiction. This contradiction indicates that ${\epsilon }_0$ must be zero, namely, $a=b$. The consensus has been proven. □

In Theorem 1, a sufficient condition is proven to solve the resilient multi-dimensional consensus problem in an adversarial environment. The following result elaborates upon a sufficient and necessary condition for Algorithm 1 to succeed.

Theorem 2.

Consider a multi-UAV network in $d$-dimensional space, consisting of regular nodes and adversarial nodes, following the dynamics described in (1). Resilient multi-dimensional consensus can be achieved through the control protocol outlined in Algorithm 1, if and only if the following conditions are met:

(i)

${\mathcal{G}}_{\mathcal{T}}({\mathcal{V}}_{\mathcal{T}},{\mathcal{E}}_{\mathcal{T}})$ contains a directed spanning tree;

(ii)

$\forall i\in {\mathcal{V}}_{\mathcal{R}}$, either $i\in {\mathcal{V}}_{\mathcal{T}}$ or ${\mathcal{N}}_i\cap {\mathcal{V}}_{\mathcal{T}}\ne \varnothing$.

Proof. 

(Sufficiency) Based on the two conditions, any regular node $i\in {\mathcal{V}}_{\mathcal{R}}$ in $\mathcal{G}$ must either be a trust node or have at least one trusted neighbor to ensure that $\mathrm{T}\text{-}\mathrm{c}\mathrm{o}(\mathbf{x}(k),{\mathcal{N}}_i)$ is not empty. The subsequent analysis follows a similar approach to that outlined in Theorem 1.

(Necessity) We prove this via contradiction considering the following cases:

(i)

${\mathcal{G}}_{\mathcal{T}}$ does not contain a directed spanning tree.

(ii)

$\exists i\in ({\mathcal{V}}_{\mathcal{R}}\backslash {\mathcal{V}}_{\mathcal{T}})$, such that ${\mathcal{N}}_i\cap {\mathcal{V}}_{\mathcal{T}}=\varnothing$.

• Case (i): Since the subgraph ${\mathcal{G}}_{\mathcal{T}}$ does not contain a directed spanning tree, by definition, a subset of trusted nodes ${\mathcal{V}}_{{\mathcal{T}}_1}$ must exist, and the following conditions are met:

  (1)

  $\forall i\in {\mathcal{V}}_{{\mathcal{T}}_1}$, ${\mathcal{N}}_i\cap ({\mathcal{V}}_{\mathcal{T}}\backslash {\mathcal{V}}_{{\mathcal{T}}_1})=\varnothing$;

  (2)

  $\forall j\in ({\mathcal{V}}_{\mathcal{T}}\backslash {\mathcal{V}}_{{\mathcal{T}}_1})$, ${\mathcal{N}}_j\cap {\mathcal{V}}_{{\mathcal{T}}_1}=\varnothing$.

• Consider the following initial positions: $\forall i\in {\mathcal{V}}_{{\mathcal{T}}_1}$, $x_i(0)=c_1$, $\forall j\in ({\mathcal{V}}_{\mathcal{T}}\backslash {\mathcal{V}}_{{\mathcal{T}}_1})$, and $x_j(0)=c_2$, where $c_1$ and $c_2$ are real vectors, such that $c_1\ne c_2$. The initial positions of nontrusted nodes can be arbitrary. According to condition (1), $\forall i\in {\mathcal{V}}_{{\mathcal{T}}_1}$, $\mathrm{T}\text{-}\mathrm{c}\mathrm{o}(\mathbf{x}(k),{\mathcal{N}}_i)$ is a single point $c_1$ based on Algorithm 1. Hence, $u_i(1)=0$ and $x_i\left(1\right)=x_i\left(0\right)=c_1$. Similarly, from (9), we know that $x_i(k)=c_1$ for $k\in {\mathbb{Z}}^{+}$; this is true for any trusted node $j\in ({\mathcal{V}}_{\mathcal{T}}\backslash {\mathcal{V}}_{{\mathcal{T}}_1})$, we have $x_j(k)=c_2$ for $k\in {\mathbb{Z}}^{+}$. Since $c_1\ne c_2$, resilient multi-dimensional consensus cannot be achieved.
• Case (ii): There exists at least one nontrusted node $i\in ({\mathcal{V}}_{\mathcal{R}}\backslash {\mathcal{V}}_{\mathcal{T}})$, such that ${\mathcal{N}}_i\cap {\mathcal{V}}_{\mathcal{T}}=\varnothing$. Consider the following initial positions: (1) $x_i(0)=c_1$; (2) $\forall j\in {\mathcal{V}}_{\mathcal{R}}\backslash \{i\}$, $x_j(0)=c_2$, and $i\notin {\mathcal{N}}_j$, where $c_1$ and $c_2$ are real vectors, such that $c_1\ne c_2$. Similarly to the analysis in Case (i), since $c_1\ne c_2$, resilient multi-dimensional consensus cannot be achieved. □

In the resilient consensus control problem, the primary objective is to mitigate the influence of adversarial nodes, ensuring that the network can still reach consensus even in their presence. While resilient consensus algorithms guarantee convergence within the convex hull of regular nodes, the final convergence value varies depending on the network topology conditions and computational methods. As discussed in Algorithm Design, although adversarial nodes cannot prevent the network from achieving consensus, their state values still participate in the computation of the convergence process, affecting the weights assigned to state values and thus influencing the final convergence value of the network. Similarly, the selection and exclusion of state values from neighboring regular nodes during computation can have analogous effects. Note that resilient multi-dimensional consensus can be achieved if the topology conditions in Theorem 2 are satisfied. However, these conditions may not be practical, as a regular node might not have sufficient trusted neighbors to construct a $d$-dimensional trusted convex hull. In such cases, a lower-dimensional convex hull $\mathrm{T}\text{-}\mathrm{c}\mathrm{o}(\mathbf{x}(k),{\mathcal{N}}_i)$ is employed. Consequently, numerous positions of other regular nodes not in $\mathrm{T}\text{-}\mathrm{c}\mathrm{o}(\mathbf{x}(k),{\mathcal{N}}_i)$ are excluded and not utilized during the update step. Neglecting these positions involves disregarding useful information, potentially causing a consensus point to be significantly distant from the true average of the initial positions of all regular nodes (including trusted nodes), as illustrated in Figure 4. In comparison, the sufficient condition in Theorem 1 is more prudent.

4.2. Resilient Multi-Dimensional Containment Control

Next, we provide the theoretical results of the resilient multi-dimensional containment control problem. Theorems 3 and 4 only consider the case where multiple leader nodes exist, and all regular nodes converge within the convex hull formed by the leader nodes. Proving that all regular nodes converge to the convex hull ${\mathcal{C}}_{\mathcal{L}}$ in any dimension is sufficient for proving that the regular nodes asymptotically converge to the convex hull of the leaders’ initial positions, ${\mathcal{C}}_{\mathcal{L}}=\mathrm{c}\mathrm{o}(\mathbf{x}(0),{\mathcal{V}}_{\mathcal{L}})$, since $x_i(k+1)\in \mathrm{s}\text{-}\mathrm{c}\mathrm{o}(\mathbf{x}(k))$. We concentrate solely on the first entry of nodes’ positions. The convergence of other entries can be proven using the same method.

Theorem 3.

Consider a multi-UAV network in $d$-dimensional space, consisting of regular nodes, leaders, and adversarial nodes, following the dynamics described in (1). Resilient multi-dimensional containment control can be achieved through the control protocol outlined in Algorithm 1 if the subgraph ${\mathcal{G}}_{\mathcal{T}}({\mathcal{V}}_{\mathcal{T}},{\mathcal{E}}_{\mathcal{T}})$ induced by trusted nodes forms a $d$-dominating subgraph with respect to ${\mathcal{V}}_{\mathcal{L}}$. In particular, all regular nodes will converge to the convex hull of leaders’ initial positions, ${\mathcal{C}}_{\mathcal{L}}=\mathrm{c}\mathrm{o}(\mathbf{x}(0),{\mathcal{V}}_{\mathcal{L}})$ regardless of the behaviors exhibited by adversarial nodes.

Proof. 

We concentrate solely on the first entry of nodes’ positions, that is, we prove that the first entry of each regular node finally reaches and remains in the interval ${\mathcal{C}}_{\mathcal{L}}^1=[m_{\mathcal{L}}^1(0),M_{\mathcal{L}}^1(0)]$. To prove this, we consider the following cases.

(i)

All regular nodes are initially in ${\mathcal{C}}_{\mathcal{L}}^1$, that is, $\forall i\in {\mathcal{V}}_{\mathcal{R}},$ $x_i^1(0)\in {\mathcal{C}}_{\mathcal{L}}^1$;

(ii)

$\exists i\in {\mathcal{V}}_1\subset {\mathcal{V}}_{\mathcal{R}}$, such that $x_i^1(0)>M_{\mathcal{L}}^1(0)$, for any $j\in {\mathcal{V}}_{\mathcal{R}}\backslash {\mathcal{V}}_1$, $x_j^1(0)\in {\mathcal{C}}_{\mathcal{L}}^1$. That is, the first entry of some regular nodes’ initial position is larger than $M_{\mathcal{L}}^1(0)$, while the others are initially in ${\mathcal{C}}_{\mathcal{L}}^1$;

(iii)

$\exists i\in {\mathcal{V}}_2\subset {\mathcal{V}}_{\mathcal{R}}$, such that $x_i^1(0)<m_{\mathcal{L}}^1(0)$, for any $j\in {\mathcal{V}}_{\mathcal{R}}\backslash {\mathcal{V}}_2$, $x_j^1(0)\in {\mathcal{C}}_{\mathcal{L}}^1$;

(iv)

$\exists i\in {\mathcal{V}}_3\subset {\mathcal{V}}_{\mathcal{R}}$, such that $x_i^1(0)>M_{\mathcal{L}}^1(0)$, $\exists j\in {\mathcal{V}}_4\subset {\mathcal{V}}_{\mathcal{R}}$, such that $x_j^1(0)<m_{\mathcal{L}}^1(0)$, and for other $l\in {\mathcal{V}}_{\mathcal{R}}\backslash ({\mathcal{V}}_3\cup {\mathcal{V}}_4)$, $x_l^1(0)\in {\mathcal{C}}_{\mathcal{L}}^1$.

• Case (i): We prove this via induction. First, $\exists k\in {\mathbb{Z}}^{+}$, $x_i^1(k)\in {\mathcal{C}}_{\mathcal{L}}^1$, $\forall i\in {\mathcal{V}}_{\mathcal{R}}$. Since the subgraph ${\mathcal{G}}_{\mathcal{T}}({\mathcal{V}}_{\mathcal{T}},{\mathcal{E}}_{\mathcal{T}})$ is an $d$-dominating subgraph with respect to ${\mathcal{V}}_c$, according to Definition 2, each regular node $i\in {\mathcal{V}}_{\mathcal{R}}$ has at least $d$ trusted nodes or leaders in neighbors. Thus, $\mathrm{T}\text{-}\mathrm{c}\mathrm{o}( \mathbf{x} (k),{\mathcal{N}}_i)\ne \varnothing$. Based on Algorithm 1, if an adversarial node $j\in {\mathcal{V}}_{\mathcal{A}}$ satisfies $x_j(k)\notin \mathrm{T}\text{-}\mathrm{c}\mathrm{o}(\mathbf{x}(k),{\mathcal{N}}_i)$, then $x_j(k)\notin {\mathcal{M}}_i(k)$ for any $i\in {\mathcal{V}}_{\mathcal{R}}$. Consequently, $a_{ij}(k)=0$. Based on (9), $x_i^1(k+1)$ is determined by the positions at time step $k$ within $[m_{\mathcal{R}}^1(k),M_{\mathcal{R}}^1(k)]$. Thus, we have $x_i^1(k+1)\in {\mathcal{C}}_{\mathcal{L}}^1$. Therefore, all regular nodes will always be within the convex hull ${\mathcal{C}}_{\mathcal{L}}^1$. The proof is complete.
• Case (ii): We demonstrate that $M_{\mathcal{R}}^1(k)\le M_{\mathcal{L}}^1(k)$ as $k\to \infty$. We prove this via two claims, as outlined below:
• Claim (1): If $M_{\mathcal{R}}^1(k)>M_{\mathcal{L}}^1(k)$, $M_{\mathcal{R}}^1(k)$ is nonincreasing. Similarly to the analysis in Case (i), $\mathrm{T}\text{-}\mathrm{c}\mathrm{o}(\mathbf{x}(k),{\mathcal{N}}_i)\ne \varnothing$. Based on (9), $x_i^1(k+1)$ is determined by the positions at time step $k$ within $[m_{\mathcal{R}}^1(k),M_{\mathcal{R}}^1(k)]$. Thus, for each regular node $i\in {\mathcal{V}}_{\mathcal{R}}$, we have

  $$x_i^1(k+1)=a_{ii}(k)x_i^1(k)+\sum _{j\in {\mathcal{M}}_i(k)}{a}_{ij}(k)x_j^1(k)\le M_{\mathcal{R}}^1(k).$$

  (16)

The proof of Claim (1) is complete.

• Claim (2): If $M_{\mathcal{R}}^1(k)>M_{\mathcal{L}}^1(k)$, then after finite time steps, $M_{\mathcal{R}}^1(k)$ will decrease. To establish this, we consider a set ${\mathcal{S}}_1\subset {\mathcal{V}}_{\mathcal{R}}\subset \mathcal{V}\backslash {\mathcal{V}}_{\mathcal{L}}$ containing all regular nodes that have at least one leader as a neighbor. We know such a set ${\mathcal{S}}_1$ is not empty, since for each regular node $i\in {\mathcal{V}}_{\mathcal{R}}$, $j\in {\mathcal{V}}_{\mathcal{L}}$, which has a directed path to it in ${\mathcal{G}}_{\mathcal{T}}$ or ${\mathcal{N}}_i\cap {\mathcal{V}}_{\mathcal{L}}\ne \varnothing$, exists. As discussed previously, each regular node $i\in {\mathcal{S}}_1$ has at least $d$ trusted nodes or leaders as neighbors and updates its position according to Algorithm 1. Define ${\gamma }_0=M_{\mathcal{R}}^1(k)-M_{\mathcal{L}}^1(k)$. Hence, if $\forall i\in {\mathcal{S}}_1$, there is at least one leader in $\mathrm{T}\text{-}\mathrm{c}\mathrm{o}(\mathbf{x}(k),{\mathcal{N}}_i)$. Furthermore, (9) yields

  $$\begin{array}{cc}\hfill x_i^1(k+1)& =a_{ii}\left(k\right)x_i^1\left(k\right)+\sum _{j\in {\mathcal{M}}_i\left(k\right)}{a}_{ij}\left(k\right)x_j^1\left(k\right)\hfill \\ & \le (1-\alpha )M_{\mathcal{R}}^1\left(k\right)+\alpha \left(M_{\mathcal{R}}^1\left(k\right)-{\gamma }_0\right)\hfill \\ & =M_{\mathcal{R}}^1\left(k\right)-\alpha {\gamma }_0\hfill \\ & <M_{\mathcal{R}}^1\left(k\right).\hfill \end{array}$$

  (17)

Since the weight is lower bounded by $\alpha$, we put the largest possible weight on $M_{\mathcal{R}}^1(k)$. Thus, the first inequality in (17) holds. At time step $k+2$, similarly, we put the largest possible weight on $M_{\mathcal{R}}^1(k+1)$; thus,

$$\begin{array}{cc}\hfill x_i^1(k+2)& =a_{ii}(k+1)x_i^1(k+1)+\sum _{j\in \mathcal{M}(k+1)}{a}_{ij}(k+1)x_j^1(k+1)\hfill \\ & \le \alpha \left(M_{\mathcal{R}}^1\left(k\right)-\alpha {\gamma }_0\right)+(1-\alpha )M_{\mathcal{R}}^1(k+1)\hfill \\ & \le \alpha \left(M_{\mathcal{R}}^1\left(k\right)-\alpha {\gamma }_0\right)+(1-\alpha )M_{\mathcal{K}}^1\left(k\right)\hfill \\ & =M_{\mathcal{K}}^1\left(k\right)-{\alpha }^2{\gamma }_0\hfill \\ & <M_{\mathcal{R}}^1\left(k\right).\hfill \end{array}$$

(18)

According to Claim (1), the second inequality in (18) holds. Recursive reasoning reveals that the first entry of any node in ${\mathcal{S}}_1$ will be consistently smaller than $M_{\mathcal{R}}^1(k)$ from time $k+1$.

Since ${\mathcal{V}}_{\mathcal{T}}\ne \varnothing$, we obtain ${\mathcal{S}}_1\cap {\mathcal{V}}_{\mathcal{T}}\ne \varnothing$. Next, we denote ${\mathcal{S}}_2\subset {\mathcal{V}}_{\mathcal{R}}\backslash {\mathcal{S}}_1\subset \mathcal{V}\backslash {\mathcal{V}}_{\mathcal{L}}$ as containing all regular nodes that have at least one trusted node in ${\mathcal{S}}_1$. Since ${\mathcal{G}}_{\mathcal{T}}({\mathcal{V}}_{\mathcal{T}},{\mathcal{E}}_{\mathcal{T}})$ is an $d$-dominating subgraph with respect to ${\mathcal{V}}_{\mathcal{L}}$, if $|{\mathcal{S}}_1|\ne |{\mathcal{V}}_{\mathcal{R}}|=N$, then at least one regular node in ${\mathcal{V}}_{\mathcal{R}}\backslash {\mathcal{S}}_1$ that has a directed path from leaders to it in subgraph ${\mathcal{G}}_{\mathcal{T}}$ exists. Thus, ${\mathcal{S}}_2\ne \varnothing$. As discussed previously, each regular node $i\in {\mathcal{S}}_2$ has at least $d$ trusted nodes as neighbors and updates its position according to Algorithm 1. Recalling (16) yields $x_i^1(k+1)\le M_{\mathcal{R}}^1(k)$. At time step $k+2$, since regular node $i\in {\mathcal{S}}_2$ has a trusted neighbor in ${\mathcal{S}}_1$ that belongs to $\mathrm{T}\text{-}\mathrm{c}\mathrm{o}(\mathbf{x}(k),{\mathcal{N}}_i)$, we have

$$\begin{array}{cc}\hfill x_i^1(k+2)& =a_{ii}(k+1)x_i^1(k+1)+\sum _{j\in {\mathcal{M}}_i(k+1)}{a}_{ij}(k+1)x_j^1(k+1)\hfill \\ & \le (1-\alpha )M_{\mathcal{R}}^1\left(k\right)+\alpha \left(M_{\mathcal{R}}^1\left(k\right)-\alpha {\gamma }_0\right)\hfill \\ & =M_{\mathcal{R}}^1\left(k\right)-{\alpha }^2{\gamma }_0\hfill \\ & <M_{\mathcal{R}}^1\left(k\right),\hfill \end{array}$$

(19)

where the first inequality holds, since regular node $i\in {\mathcal{S}}_2$ has a trusted neighbor in ${\mathcal{S}}_1$ whose weight is lower bounded by $\alpha$ and whose value is upper bounded by (17). Thus, we have $x_i^1(k+2)\le M_{\mathcal{R}}^1(k)-{\alpha }^2{\gamma }_0$. As before, the first entry of any regular node in ${\mathcal{S}}_2$ will be smaller than $M_{\mathcal{R}}^1(k)$ from $k+2$.

Similarly, we extend the previous analysis recursively to $l$ steps and deduce that the first entry of any regular node in ${\mathcal{S}}_l$ will be below $M_{\mathcal{R}}^1(k)$, where $l\le N$. Thus, the first entry of every regular node will be strictly smaller than $M_{\mathcal{R}}^1(k)$ from time step $k+N$. That is, $M_{\mathcal{R}}^1(k+N)\le M_{\mathcal{R}}^1\left(k\right)$. Thus, the proof of Claim (2) is complete.

According to Claim (1) and Claim (2), $M_{\mathcal{R}}^1(k)\le M_{\mathcal{L}}^1(k)$ as $k\to \infty$. Additionally, $m_{\mathcal{R}}^1(k)\ge m_{\mathcal{L}}^1(k)$ at any $k>0$ according to (9). Consequently, all regular nodes will ultimately converge and move in ${\mathcal{C}}_{\mathcal{L}}^1$.

• Case (iii): This analysis is similar to Case (ii) and consists of demonstrating that $m_{\mathcal{R}}^1(k)\ge m_{\mathcal{L}}^1(k)$ as $k\to \infty$ and $M_{\mathcal{R}}^1(k)\le M_{\mathcal{L}}^1(k)$ for any $k>0$.
• Case (iv): This analysis is a combination of Case (ii) and Case (iii). Thus, the proof is complete. □

Note that the same argument holds in the case of resilient multi-dimensional containment control. Similarly, we provide sufficient and necessary conditions for Algorithm 1 to succeed in resilient multi-dimensional containment control problems, which is not prudent for multi-dimensional cases, as discussed previously.

Theorem 4.

Consider a multi-UAV network in $d$-dimensional space consisting of regular nodes, leaders, and adversarial nodes, following the dynamics described in (1). Resilient multi-dimensional containment control can be achieved through the control protocol outlined in Algorithm 1 if, and only if $\forall i\in \mathcal{V}\backslash {\mathcal{V}}_{\mathcal{L}}$, and $j\in {\mathcal{V}}_{\mathcal{L}}$ exists, which has a directed path from $j$ to $i$ in subgraph ${\mathcal{G}}_{\mathcal{T}}$ or ${\mathcal{N}}_i\cap {\mathcal{V}}_{\mathcal{L}}\ne \varnothing$. In particular, all regular nodes will converge to the convex hull of leaders’ initial positions, ${\mathcal{C}}_{\mathcal{L}}=\mathrm{c}\mathrm{o}(\mathbf{x}(0),{\mathcal{V}}_{\mathcal{L}})$, regardless of the behaviors exhibited by the adversarial nodes.

Proof. 

To conserve space, we omit this proof, which is similar to Theorem 2. □

Note that the graph-theoretic conditions developed in this paper are more straightforward to verify in practical applications than the classic $r/(r,s)$-robust graph conditions described in [11,12,13,14,15,16]. Verifying $r /(r,s)$-robust graph conditions in arbitrary graphs is NP-hard, and no computationally efficient method is currently available to address this problem [16]. For the graph-theoretic conditions developed in this paper, the first step is to determine whether the set of trusted nodes and leaders forms a directed spanning tree. There are many classic spanning tree algorithms that can be used to make this determination. Next, we calculate the number of trusted nodes and leaders among the neighbors of each regular node (including trusted nodes) to determine whether the conditions are satisfied.

5. Simulation

In this section, we present simulations to demonstrate resilient multi-dimensional consensus and containment using the trusted convex hull method and compare it with approaches utilizing the Tverberg point [22] and centerpoint [24]. For clarity, we perform simulations in a two-dimensional space.

5.1. Resilient Multi-Dimensional Consensus

For the resilient multi-dimensional consensus problem, we consider a multi-UAV network comprising 200 nodes, including nine trusted nodes, deployed in a planar region $W=[-1,1]\times [-1,1]\in {\mathsf{R}}^2$, as illustrated in Figure 5a and Figure 6a. The communication radius of the nodes is $1.2$, which ensures that all regular nodes can receive information from at least two trusted nodes. We model the communication links between nodes as an undirected graph, with trusted nodes initially distributed in the central region, as illustrated. Based on the nodes’ communication radius, any trusted node can communicate with at least two other trusted nodes, ensuring that all trusted nodes can form a spanning tree. Similarly, any regular node can communicate with at least two trusted nodes. Therefore, the communication topology among the nodes satisfies the conditions of the 2-dominating subgraph in the theorem. We set the weight $a_{ij}=1/\left|{\mathcal{N}}_i\right|$ if $(j,i)\in \mathcal{E}$; otherwise, $a_{ij}=0$. We consider two types of adversarial behaviors: oscillating nodes and move-away nodes. Notably, the network topology in Figure 5a and Figure 6a satisfies the conditions outlined in Theorem 1. Consequently, regular nodes achieve resilient multi-dimensional consensus under Algorithm 1 despite the presence of varying numbers and types of adversarial nodes, as depicted in Figure 5 and Figure 6.

5.2. Resilient Multi-Dimensional Containment Control

For the resilient multi-dimensional containment control problem, we consider a multi-UAV network comprising 200 nodes, including nine trusted nodes and three static leaders, as illustrated in Figure 7a. The three leaders delineate a triangular area within which the regular nodes are expected to remain. The remaining parameter settings align with those used in the simulations for the resilient multi-dimensional consensus problem. Notably, the network topology in Figure 7a adheres to the conditions outlined in Theorem 3. Consequently, under Algorithm 1, regular nodes achieve resilient multi-dimensional containment control despite the presence of adversarial nodes, as depicted in Figure 7.

5.3. Comparison with Existing Methods

To compare the convergence rates of a multi-UAV network using the trusted convex hull, Tverberg point, and centerpoint methods, we conduct a simulation in a planar region $W=[-1,1]\times [-1,1]\in {\mathsf{R}}^2$. By setting the communication radius to 3.0, the network topology is ensured to be a complete digraph. The convergence time is defined as $\min \left\{t\left|\left({\displaystyle {\sum }_{i\in {\mathcal{V}}_{\mathcal{R}}}{\displaystyle {\sum }_{j\in {\mathcal{V}}_{\mathcal{R}}}‖x_i(t)-x_j(t)‖/N}}\right)/N<0.01\right.\right\}$. Simulations are conducted with varying numbers of nodes, where $1/4$ are adversarial nodes and nine are trusted nodes. Figure 8a shows the convergence time with different numbers of nodes under the three methods. The proposed method exhibits a notably faster convergence rate than the other methods, and its performance is not notably impacted by increasing the number of nodes.

To demonstrate the enhanced resilience of the proposed method, comparative simulations are conducted on a fixed-topology multi-UAV network comprising 36 nodes, including 16 stationary adversarial nodes (red) and four trusted nodes (green), as depicted in Figure 8b,c. The adversarial nodes and regular nodes (blue) are divided equally into two parts and distributed on opposite sides of the trusted nodes. According to references [22,24], in a two-dimensional space, the Tverberg point method can tolerate at most $⌈{\displaystyle \frac{{\mathcal{N}}_i}{4}}⌉-1$ of the neighboring nodes being adversarial, while the centerpoint method can tolerate at most $⌊{\displaystyle \frac{{\mathcal{N}}_i}{3}}⌋$ of the neighboring nodes being adversarial. Clearly, the number of adversarial nodes among the neighbors of regular nodes has already exceeded this threshold. As illustrated, under the Tverberg point and centerpoint methods, the regular nodes fail to converge to a single point, whereas this convergence is successful under the trusted convex hull method.

5.4. Hardware-in-the-Loop Simulation Experiments

Next, we will validate the proposed algorithm using a hardware-in-the-loop (HIL) simulation system for UAV formation control. The single-UAV HIL simulation system consists of a single-UAV flight control module, a formation cooperative control module, an X-Plane flight simulator, and a single-UAV flight monitoring module, with the simulation connections illustrated in Figure 9. The formation networking module is connected to the formation cooperative control modules of member nodes, forming a formation support network to enable the intercommunication of control command and flight data. The formation flight monitor module is simultaneously connected to the single-UAV flight monitoring modules of all member nodes, enabling the real-time monitoring of formation status. Additionally, the formation support network facilitates unified distribution and the control of formation cooperative decision-making and management commands. The red arrows indicate the control command and flight data flow of formation cooperative control and member node flight control.

We apply the resilient control algorithm proposed in this paper to UAV formation control to validate the effectiveness of formation shape control. The reference position vector for the formation shape is set as $h=[h_1^T,h_2^T,\dots ,h_N^T{]}^T\in {\mathbb{R}}^{nN}$, where this formation parameter represents the reference value relative to the average consensus constant. In other words, the control objective is for all nodes to maintain their respective formation parameters relative to the average consensus constant. Under the condition of an undirected connected graph $\mathcal{G}$, the goal of this simulation is to ensure that each regular UAV node forms a stable formation according to the proposed resilient control algorithm, even in the presence of adversarial node interference. That is, when $k\to \infty$, for all regular nodes $i,j\in {\mathcal{V}}_{\mathcal{R}}$, the following holds:

$$\Vert (x_i(k)-h_i)-(x_j(k)-h_j)\Vert \to 0.$$

(20)

Moreover, the control law in the Equation (8) is modified to

$$u_i=\sum _{j\in {\mathcal{M}}_i(k)}{a}_{ij}(k)(x_j(k)-h_j-(x_i(k)-h_i)).$$

(21)

Using the resilient control algorithm designed in this paper and the control law (21), a HIL simulation was conducted with a UAV formation consisting of five nodes. The five nodes form a fully connected graph, where UAV1 serves as the leader, UAV2 as the trusted node, UAV3 and UAV4 as regular nodes, and UAV5 as the adversarial node. The desired formation was set to $h=[(0,0),(-50,-50),(-50,50),(-100,-100),(-100,100){]}^T$.

When no attack occurs, all five nodes successfully achieve the desired formation, as shown in Figure 10. At time $k=250$, UAV5 deviates northward due to an attack, and the northward distance trajectories of the five UAVs are illustrated in Figure 11. The solid lines represent the position under the proposed resilient control algorithm, while the dashed lines represent the unoptimized position. It can be observed that, without optimization, the regular nodes UAV3 and UAV4 are affected by the adversarial node UAV5, causing their trajectories to partially deviate northward and altering the formation spacing. In contrast, the proposed resilient control method effectively mitigates the impact of the adversarial node, maintaining stable formation geometry.

5.5. Results and Discussion

In the presentation of the simulation results, to facilitate the demonstration of the algorithm’s effectiveness, we used the number of algorithm iterations as the horizontal axis to plot the curve of node position changes. At the same time, to illustrate the differences in the convergence time among different algorithms, we used the convergence time as the vertical axis to show the impact of the number of nodes on the algorithm. In the hardware-in-the-loop simulation experiments, we demonstrated an application of the proposed algorithm in formation control. Since the equipment specifications did not significantly affect the algorithm’s performance, they were not specifically mentioned.

This paper presents a hybrid control method as an alternative solution for resilient multi-dimensional consensus and containment control problems. While it may incur costs due to the security investments in trusted nodes, regular nodes in this approach need to be aware of the trusted nodes’ identities within the neighborhood, whereas in [21,22,23,24,25,26,27,28], all nodes are assumed to have equal identities. Despite the added expense of trusted nodes, however, fully distributed control methods in large-scale networks could be more costly due to the high communication and computation burdens. Inspired by human societies and animal groups, a hybrid control method based on appropriate role division could be a viable approach to enhancing the efficiency of large-scale distributed networks while reducing costs.

6. Conclusions

In this paper, we explore resilient multi-dimensional consensus and containment control problems within an adversarial environment. A dynamic trusted convex hull method is proposed to filter information in $d$-dimensional space without employing the parameter of the maximum number of adversarial nodes in networks or neighborhoods. Based on this method, a distributed local control protocol is designed for regular nodes to achieve resilient multi-dimensional consensus and containment with lower computational complexity and higher tolerance of adversarial nodes. The sufficient and necessary graph-theoretic conditions for the proposed control protocol to succeed are obtained. The theoretical results are validated through simulations. The proposed method exhibits faster convergence rates and better tolerance of more adversarial nodes than the Tverberg point and centerpoint algorithms.

In the future, we will extend our work to develop a control protocol ensuring resilient containment control with dynamic leaders and limited communication resources.