The problem of resilient control of linear cyber-physical systems with cyber-attacked sensor measurements and actuator commands is studied in this article. Online reconstruction of unknown cyber-attacks is accomplished by an adaptive sliding mode observer with a novel injection term in the form of a dynamically extended equivalent control. Then, the attacked/corrupted sensor's measurements and the actuators are proposed to be cleaned up using the reconstructed attacks. The performance of the system prior to the attacks is shown to be retained after a transient response required for the attack reconstruction/estimation. The efficacy of the proposed algorithms is validated on an electrical power network.
K E Y W O R D Scyber-physical systems, electric power networks, sliding mode observer
INTRODUCTIONA collection of units that bridge the cyber-world of computing and communications with the physical world are called cyber-physical systems (CPSs). 1 A variety of CPSs exist in critical infrastructures, including electric power networks, water resources, oil and gas distribution networks, medical devices (pacemakers, insulin pumps, etc.), chemical process industries, transportation and vehicles, and distributed robotics. [1][2][3] In CPSs, cyber components make the physical devices "smarter" and allow building intelligent systems that far exceed the capabilities of the simple embedded system components. However, the cyber components of a CPS are susceptible to unprecedented vulnerabilities in terms of malicious cyber-attacks named "attacks" throughout the article.Note that in CPSs the cyber and physical worlds are so integrated, sometimes it is not clear whether the functional properties are due to the cyber or physical components, or both. 1 Availability, confidentiality, and integrity are three major security features that should be provided to a CPS, and the lack of them leads to denial of service, disclosure, and deception attacks. 4 The focus of this work is on reconstructing deception attacks on sensors and actuator commands. Using the attacked/corrupted measurements for feedback control of the CPS allows the propagation of sensor attacks within the CPS causing CPS performance degradation-up to the loss of stability.Recent events have shown attackers using increasingly sophisticated attacks against industrial control systems, and numerous countries have acknowledged that cyber-attacks have targeted their critical infrastructures. 5,6 A specific kind of deception attack, called a replay attack, has been investigated, when the system model is unknown to the attackers but they have access to the all sensors. 7 Replay attacks are carried out by "hijacking" the sensors, recording the readings for a certain time, and repeating such readings while injecting them as exogenous signal into the CPS's sensors. In the case when the system's dynamic model is known to the attacker, another kind of deception attack, called a covert attack, has