首页 关于本刊 编 委 会 期刊动态 作者中心 审者中心 读者中心 下载中心 联系我们 English
 自动化学报  2019, Vol. 45 Issue (1): 185-195 PDF

1. 大连理工大学工业装备与结构分析国家重点实验室 航空航天学院 大连 116024;
2. 上海飞机设计研究院 上海 201210;
3. 大连理工大学控制科学与工程学院 大连 116024

A Game Theory Approach for Secure Control of Cyber-physical Systems
PANG Yan1, WANG Na2, XIA Hao3
1. State Key Laboratory of Structural Analysis for Industrial Equipment and School of Aeronautics and Astronautics, Dalian University of Technology, Dalian 116024;
2. Shanghai Aircraft Design and Research Institute, Shanghai 201210;
3. School of Control Science and Engineering, Dalian University of Technology, Dalian 116024
Manuscript received : May 30, 2018, accepted: August 27, 2018.
Foundation Item: Supported by National Natural Science Foundation of China (61273098), and Fundamental Research Funds for the Central Universities (DUT16QY23), and Natural Science Foundation of Liao Ning Province (20180520023)
Corresponding author. XIA Hao    Professor at the School of Control Science and Engineering, Dalian University of Technology. His research interest covers control system performance assessment and advance process control. Corresponding author of this paper.
Abstract: As a remote control system, the cyber-physical system (CPS) relies mainly on wireless networks to realize the transmission of information from sensors to controllers and from controllers to actuators. Because of this characteristic, the control system of CPS is vulnerable to security threats. Starting with physical devices, the aim of this paper is to protect normal operation of physical entities in CPS system from the interference of network intrusion caused by malicious attacks. Taking the cyber-physical systems suffered packets scheduling attacks into consideration, its secure control was abstracted as a process of two person zero sum game. Based on two person zero sum model of non-cooperative game, the paper designed a min-max controller with a robust output-feedback under time-varying delays. In this paper, a parameterized soft constraint quadratic objective function was adopted. Also, interference attenuation factor γ was introduced in the controller design and the minimum value of the quadratic objective function was determined by the value of γ which guaranteed the stability control under the worst case. Within the constraint of γ, we get the value of γ through particle swarm search algorithm. In addition, the min-max controller is analyzed and compared with the linear quadratic Gaussian (LQG) control, and the simulation was conducted on a two tanks system. The result showed that the min-max controller can stabilize the attacked system, but LQG cannot.
Key words: Zero sum game     min-max control     linear quadratic Gaussian (LQG) control     packet scheduling attack

1 问题描述 1.1 数据包时序攻击

1.2 系统模型

 (虚线表示无线网络, 实线表示有线网络) (The dashed line shows the wireless network, and the solid line shows the wired network.) 图 1 无线传感器网络控制系统模型 Fig. 1 Model of wireless sensor network control system

 $$$\left\{ \begin{array}{l} {\pmb x}(k + 1) = A{\pmb x}(k) + B{\pmb u}(k) + D{\pmb {\omega}}(k)\\ {\pmb y}(k) = C{\pmb x}(k) + E{\pmb {\omega} }(k)\\ {\pmb z}(k) = H{\pmb x}(k) + G{\pmb u}(k) + F{\pmb \omega }(k) \end{array} \right.$$$ (1)
 $$$J({\pmb \mu} , \pmb \upsilon ) = \left| {\pmb x}(K) \right|_{Q_f}^2 + \sum\limits_{k = 0}^{K - 1} \left({\left| {\pmb x}(k) \right|_{{Q_K}}^2} + {\left| {\pmb u}(k) \right|^2}\right)$$$ (2)

 ${\gamma}^{2}I-D^{\rm T}{S}_{k+1}D>0, k\in [1, K]$

 $\begin{array}{ll} {{S}_{k}}=&{{A}^{\rm T}}{{S}_{k+1}}D{{[{{\gamma }^{2}}I-{{D}^{\rm T}}{{S}_{k+1}}D]}^{-1}}{{D}^{\rm T}}{{S}_{k+1}}A+ \\ &{{Q}_{k}}+{{A}^{\rm T}}{{S}_{k+1}}A\nonumber \end{array}$
 ${{S}_{K+1}}={{Q}_{f}}$

2 控制器设计 2.1 LQG跟踪系统控制器设计

 $$$\left\{ \begin{array}{l} \bar{{\pmb x}}(k) = F\hat {{\pmb x}}(k - 1) + G{\pmb u}(k - 1)\\ \hat{{\pmb x}}(k) = \bar{{\pmb x}} (k) + K[{\pmb y}(k) - C\bar{{\pmb x}} (k)]\\ {\pmb u}(k) = - L\hat {{\pmb x}}(k) \end{array} \right.$$$ (8)

 \begin{align} J = &{{\pmb x}^{\rm T}}(N){Q_0}{\pmb x}(N) +\nonumber\\& \sum\limits_{k = 0}^{N - 1} {[{{\pmb x}^{\rm T}}} (k){Q_1}{\pmb x}(k) + {{\pmb u}^{\rm T}}(k){Q_2}{\pmb u}(k)] \end{align} (9)

 \begin{align} M(k) =&{A^{\rm T}}[M{(k + 1)^{ - 1}} + B{B^{\rm T}} -\nonumber\\& {\gamma ^{ - 2}}D{D^{\rm T}}]^{ - 1}A + Q \end{align} (25)
 $$$\Sigma (k + 1) = A\Lambda (k){A^{\rm T}} + D{D^{\rm T}}$$$ (26)

 $$$\tilde \Sigma (k + 1) = A{(\Sigma {(k)^{ - 1}} - {\gamma ^{ - 2}}Q)^{ - 1}}{A^{\rm T}} + D{D^{\rm T}}$$$ (27)

1) 方程(25)在$[0, K]$上有解;

2) 方程(26)有解;

3) 式(25)和(26)的解满足下列条件:

 $$$\rho (\Sigma (k)Q) < {\gamma ^2}, \mathop {}\nolimits_{} k = 0, \cdots, K - 1$$$ (28)
 $$$\rho (\tilde \Sigma (k + 1)M({{k}} + {\rm{1)}}) < {\gamma ^2}, \mathop {}\nolimits_{} k = 0, \cdots, K$$$ (29)

 图 3 极大极小控制器结构图 Fig. 3 Minimax controller structure diagram
2.3 时序攻击下的极大极小控制器设计

 图 4 数据传输示意图 Fig. 4 Schematic diagram of data transmission

 图 5 可变延迟下的数据传输示意图 Fig. 5 A schematic diagram of data transmission under variable delay

${\bf if}$ $N_{pkts}=0$ ${\bf then}$  //没有数据包收到

$\qquad \alpha_k\leftarrow0$

$\qquad \bar{k}(k+1)\leftarrow(21)$

$\bar{\Sigma}(k+1)\leftarrow(26)$

${\bf else}$   //收到数据包

Updata $\Theta_y$

Updata $\Theta_\Pi$

$\bar{x}(k+1)\leftarrow\Theta_k(\kappa)$    //初始化

$\bar{\Sigma}(k+1)\leftarrow\Theta_\Sigma(\kappa)$

$u(t)\leftarrow\Theta_u(\kappa)$

$y(t)\leftarrow\Theta_y(\kappa)$

${\bf for}\ t=\kappa:k\ {\bf do}$    //再次计算$\bar{x}$$\bar{\Sigma} {\bf if}\ \Theta_\Pi(t)\in0\ {\bf then} //没有数据包到达 \alpha_t\leftarrow0 {\bf else} //如果有数据包到达 \alpha_t\leftarrow1 {\bf end\ if} \bar{x}(k+1)\leftarrow(21) \bar{\Sigma}(k+1)\leftarrow(26) Updata \Theta_x Updata \Theta_\Sigma {\bf end\ for} {\bf end\ if} M(k)\leftarrow(25) u(k)\leftarrow(22)\qquad //计算新的输入 Updata \Theta_u Updata \kappa 3 基于双水箱模型的系统仿真 3.1 双水箱模型 基于无线网络传输的双水箱系统, 包括水箱本体、供电设备, 还有三个无线传感器节点, 这三个传感器节点通过无线通信通道分别负责系统的传感, 控制和执行.对于双水箱CPS的安全目标是保护物理实体的正常操作不受由于恶意攻击网络基础设施造成网络空间入侵带来的干扰.对于如图 6所示的双水箱物理模型, 双水箱液位的动力学方程[24]如下:  $$\left\{ \begin{array}{l} \mathop {{L_1}}\limits^. (t) = - \dfrac{{{a_1}}}{{{A_1}}}\sqrt {2g{L_1}(t)} + \dfrac{{{K_P}}}{{{A_1}}}{V_P}(t)\\ \mathop {{L_2}}\limits^. (t) = \dfrac{{{a_1}}}{{{A_2}}}\sqrt {2g{L_1}(t)} - \dfrac{{{a_2}}}{{{A_2}}}\sqrt {2g{L_2}(t)} \end{array} \right.$$ (30)  图 6 双水箱物理模型 Fig. 6 Physical model of double water tanks 其中, { g}是重力加速度, L_1$$L_2$分别为水箱1、2的液位, $A_1$$A_2分别为水箱1、水箱2的横截面积. a_1$$a_2$分别为出水孔1、2的横截面面积. $K_P$为泵的流量常数, $V_P$为作用在泵上的电压.

 \begin{align*} &\Delta {{L}_1}(t):={{L}_1}(t)-L_{10}\\ &\Delta {{L}_2}(t):={{L}_2}(t)-L_{20}\\ &u(t)={{V}_P}(t)-L_{P0} \end{align*}

 $$$\left\{ \begin{array}{ll} \Delta {{\dot L}_1}(t)=& - \dfrac{{{a_1}}}{{{A_1}}}\sqrt {2g(\Delta {L_1}(t) + {L_{10}})} + \\ & \dfrac{{{K_P}}}{{{A_1}}}({\pmb u}(t) + {V_{P0}})\\ \Delta {{\dot L}_2}(t)=& \dfrac{{{a_1}}}{{{A_2}}}\sqrt {2g(\Delta {L_1}(t) + {L_{10}})} - \\ &\dfrac{{{a_2}}}{{{A_2}}}\sqrt {2g(\Delta {L_2}(t) + {L_{20}})} \end{array} \right.$$$ (31)

 $$$\dot{{\pmb x}}(t)=A{\pmb x}(t)+B{\pmb u}(t)$$$ (32)
 $其中, A =\left[ \begin{array}{cc} -\frac{a_1}{A_1}\sqrt{\frac{g}{2L_{10}}} &0 \\ \frac{a_1}{A_1}\sqrt{\frac{g}{2L_{10}}}& -\frac{a_2}{A_2}\sqrt{\frac{g}{2L_{20}}} \\ \end{array} \right]$
 $B =\left[ \begin{array}{c} \frac{K_P}{A_1} \\ 0 \\ \end{array} \right]$

$L_{10}=10$ cm, $L_{20}=10$ cm, $d_{1}=d_{2}=0.48$ cm, $D_1=D_2=4.45$ cm, ${ g}=980$ cm/s$^{2}$, $K_{P}=3.3$ cm$^{3}$/(V$\cdot$s), 则系统的状态空间方程为

 $$$\dot {\pmb x}(t) = \left[ {\begin{array}{*{20}{c}} { - 0.08}&0\\ {0.08}&{ - 0.08} \end{array}} \right]{\pmb x}(t) + \left[ {\begin{array}{*{20}{c}} {0.212}\\ 0 \end{array}} \right]{\pmb u}(t)$$$ (33)

 \begin{align} {\pmb x}(k + 1) =&\left[ {\begin{array}{*{20}{c}} {0.8521}&0\\ {0.1363}&{0.8521} \end{array}} \right]{\pmb x}(k) +\nonumber\\& \left[ {\begin{array}{*{20}{c}} {0.3918}\\ {0.0305} \end{array}} \right]{\pmb u}(k) \end{align} (34)

 图 7 线性模型和非线性模型仿真对比图 Fig. 7 Comparison of linear and nonlinear models

 $$${\pmb x}_c(k+1)={\pmb x}_c(k)+{\pmb r}(k)-C_{c}{\pmb y}(k)$$$ (35)

${\pmb x}_c$是控制器积分状态, $C_c=[0\quad 1]$, 极小极大控制器用在新的增广系统上, 状态为$\xi(k)=[{\pmb x}(k)\quad {\pmb x}_c(k)]^{\rm T}$, 控制输入如下:

 $$${\pmb u}(k)=K_{\xi}\hat{\xi}(k)$$$ (36)

3.2 LQG控制仿真结果

 图 8 LQG控制输出图 Fig. 8 LQG control output diagram
 图 9 LQG控制的输入值 Fig. 9 Input value of LQG control
3.3 基于博弈论的极大极小控制器仿真结果

 图 10 极大极小控制器的输出图 Fig. 10 The output diagram of the min-max controller
 图 11 极大极小控制器的输入值 Fig. 11 The input value of the minimax controller
 图 12 受攻击下的极大极小控制器输出响应 Fig. 12 Output response of minimax controller under attack
 图 13 受攻击下的极大极小控制器输入值 Fig. 13 Input value of the min-max controller under attack

4 结论

 1 Guan X P, Yang B, Chen C, Dai W, Wang Y. A comprehensive overview of cyber-physical systems:from perspective of feedback system. IEEE/CAA Journal of Automatica Sinica, 2016, 3(1): 1-14. 2 Wang Zhong-Jie, Xie Lu-Lu. Cyber-physical systems:a survey. Acta Automatica Sinica, 2011, 37(10): 1157-1166.( 王中杰, 谢璐璐. 信息物理融合系统研究综述. 自动化学报, 2011, 37(10): 1157-1166.) 3 Hespanha J P, Naghshtabrizi P, Xu Y. A survey of recent results in networked control systems. Proceedings of the IEEE, 2007, 95(1): 138-162. 4 Cetinkaya A, Ishii H, Hayakawa T. Networked control under random and malicious packet losses. IEEE Transactions on Automatic Control, 2017, 62(5): 2434-2449. DOI:10.1109/TAC.2016.2612818 5 Fawzi H, Tabuada P, Diggavi S. Secure estimation and control for cyber-physical systems under adversarial attacks. IEEE Transactions on Automatic Control, 2014, 59(6): 1454-1467. DOI:10.1109/TAC.2014.2303233 6 Jiang Y, Yin S. Recursive total principle component regression based fault detection and its application to vehicular cyber-physical systems. IEEE Transactions on Industrial Infoslatics, 2018, 14(4): 1415-1423. DOI:10.1109/TII.2017.2752709 7 Wang E K, Ye Y M, Xu X F, Chow K P. Security issues and challenges for cyber physical system. In: Green Computing and Communications (GreenCom), 2010 IEEE/ACM Int'l Conference on and Int'l Conference on Cyber, Physical and Social Computing (CPSCom). New York, USA: IEEE, 2010. 733-738 8 Peng Chao-Yu. Research on Security of Model Checking-based Cyber-Physical Systems[Master thesis], Nanjing University of Posts And Telecommunications, 2015 (彭超宇.基于模型检验的信息物理融合系统安全性研究[硕士学位论文], 南京邮电大学, 2015) http://cdmd.cnki.com.cn/Article/CDMD-10293-1015730982.htm 9 Ding Chao, Yang Li-Jun, Wu Meng. Security architecture and key technologies for IoT/CPS. ZTE Technology Journal, 2011, 17(1): 11-16.( 丁超, 杨立君, 吴蒙. IoT/CPS的安全体系结构及关键技术. 中兴通讯技术, 2011, 17(1): 11-16. DOI:10.3969/j.issn.1009-6868.2011.01.004) 10 Amin S, Cárdenas A A, Sastry S S. Safe and secure networked control systems under denial-of-service attacks. In: Proceedings of International Conference on Hybrid Systems: Computation and Control. Heidelberg, Berlin, Germany: Springer, 2009. 31-45 11 Gupta A, Langbort C, Basar T. Optimal control in the presence of an intelligent jammer with limited actions. In: Proceedings of the Decision and Control (CDC) 49th IEEE Conference. New York, USA: IEEE, 2010. 1096-1101 12 Pang Z H, Liu G P, Dong Z. Secure networked control systems under denial of service attacks. In: Proceedings of the 18th IFAC World Congress, Milano, Italy: 2011. 8908-8913 13 Sinopoli B, Schenato L, Franceschetti M, Poolla K, Jordan M I, Sastry S S. Kalman filtering with inteslittent observations. IEEE Transactions on Automatic Control, 2004, 49(9): 1453-1464. DOI:10.1109/TAC.2004.834121 14 Li X, Sun S. Robust H∞, Control for networked systems with random packet dropouts and time delays. Procedia Engineering, 2012, 29: 4192-4197. DOI:10.1016/j.proeng.2012.01.642 15 Moon J, Basar T. Control over TCP-like lossy networks: A dynamic game approach. In: Proceedings of the American Control Conference. New York, USA: IEEE, 2013. 1578-1583 16 Shi Ming-Guang, Chen Wu-Wei. Mixed H2/H∞ control based on game theory and its application to the vehicle active suspension system. Control Theory and Applications, 2005, 22(6): 882-888.( 史明光, 陈无畏. 基于博弈论的H2/H∞混合控制及其在汽车主动悬架中的应用. 控制理论与应用, 2005, 22(6): 882-888. DOI:10.3969/j.issn.1000-8152.2005.06.007) 17 Zhu Chao-Qun, Guo Ge. Optimal control for eventtriggered networked control systems. Control and Decision, 2014, 29(5): 802-808.( 祝超群, 郭戈. 事件驱动的网络化系统最优控制. 控制与决策, 2014, 29(5): 802-808.) 18 Li Hai-Tao, Tang Gong-You, Ma Hui. Optimal control for a class of networked control systems with data packet dropout. Control and Decision, 2009, 24(5): 773-776.( 李海涛, 唐功友, 马慧. 一类具有数据包丢失的网络控制系统的最优控制. 控制与决策, 2009, 24(5): 773-776. DOI:10.3321/j.issn:1001-0920.2009.05.026) 19 Shoukry Y, Araujo J, Tabuada P, Srivastava Me, Johansson K H. Minimax control for cyber-physical systems under network packet scheduling attacks. In: Proceedings of the 2nd ACM International Conference on High Confidence Networked Systems. New York, USA: ACM, 2013. 93-100 20 Basar T, Bernhard P. H∞-optimal Control and Related Minimax Design Problems: a Dynamic Game Approach. Springer Science and Business Media, Birkhäuser Boston, 2008. 21 Zhang Fen. Research The Problem of Differential Games Based on The Optimal Control[Master thesis], Yunnan Normal University, 2015. (张芬.基于最优控制的微分博弈问题研究[硕士学位论文], 云南师范大学, 2015.) http://cdmd.cnki.com.cn/Article/CDMD-10681-1015809014.htm 22 Araújo J. Design, Implementation and Validation of Resource-Aware and Resilient Wireless Networked Control Systems[Ph.D. dissertation], KTH Royal Institute of Technology, 2014. 23 Garone E, Sinopoli B, Goldsmith A, Casavola A. LQG control for MIMO systems over multiple erasure channels with perfect acknowledgment. IEEE Transactions on Automatic Control, 2012, 57(2): 450-456. DOI:10.1109/TAC.2011.2167789 24 Changela M, Kumar A. Designing a controller for two tank interacting system. International Journal of Science and Research (IJSR), 2015, 5(4): 589-593. 25 Wen Jing-Rong, Wu Mu-Qing, Su Jing-Fang. Cyber-physical System. Acta Automatica Sinica, 2012, 38(4): 507-517.( 温景容, 武穆清, 宿景芳. 信息物理融合系统. 自动化学报, 2012, 38(4): 507-517.)