**4. Problem formulation**

field, *B x*ð Þ<sup>∈</sup> <sup>R</sup>*n*�*<sup>m</sup>* and *<sup>D</sup>* <sup>∈</sup> <sup>R</sup>*p*�*<sup>m</sup>* denote the attack/fault distribution matrices. For notational convenience, and without affecting generality, the input distribution

where *<sup>B</sup>*1ð Þ *<sup>x</sup>* <sup>∈</sup> <sup>R</sup>*n*�*m*<sup>1</sup> *, D*<sup>1</sup> <sup>∈</sup> <sup>R</sup>*p*�ð Þ *<sup>m</sup>*�*m*<sup>1</sup> *,* **<sup>0</sup>**<sup>1</sup> <sup>∈</sup> <sup>R</sup>*n*�ð Þ *<sup>m</sup>*�*m*<sup>1</sup> *,* **<sup>0</sup>**<sup>2</sup> <sup>∈</sup> <sup>R</sup>*p*�*m*<sup>1</sup> where

*x*\_ ¼ *f x*ð Þþ *B*1ð Þ *x dx*ð Þ*t*

where *dx*ð Þ*t* , *dy*ð Þ*t* represent the state and the sensor attack vectors, respectively.

Since *p* ≥ *m* � *m*1, the system (8) can be partitioned using a nonsingular trans-

**0**<sup>ð</sup> *<sup>p</sup>*�ð Þ *<sup>m</sup>*�*m*<sup>1</sup> Þ�ð Þ *<sup>m</sup>*�*m*<sup>1</sup>

*<sup>y</sup>*<sup>1</sup> <sup>¼</sup> *<sup>C</sup>*1ð Þ *<sup>x</sup> , <sup>y</sup>*<sup>2</sup> <sup>¼</sup> *<sup>C</sup>*2ð Þþ *<sup>x</sup> <sup>D</sup>*1*dy*ð Þ*<sup>t</sup>* (11)

**sensors**

" #

*<sup>D</sup>*<sup>1</sup>ð Þ *<sup>m</sup>*�*m*<sup>1</sup> �ð Þ *<sup>m</sup>*�*m*<sup>1</sup>

where *<sup>y</sup>*<sup>1</sup> <sup>∈</sup> <sup>R</sup>*<sup>p</sup>*<sup>1</sup> with *<sup>p</sup>*<sup>1</sup> <sup>¼</sup> *<sup>p</sup>* � ð Þ *<sup>m</sup>* � *<sup>m</sup>*<sup>1</sup> and *<sup>y</sup>*<sup>2</sup> <sup>∈</sup> <sup>R</sup>*<sup>p</sup>*<sup>2</sup> where *<sup>p</sup>*<sup>2</sup> <sup>¼</sup> *<sup>m</sup>* � *<sup>m</sup>*1. Note that the state attack vector *dx*ð Þ*t* is additive and matched to the control input that is

Different attack strategies are shown in **Table 1** and discussed in Section 1.

*M*�<sup>1</sup>

Taking into account (10), system (8) is reduced to

**Attack plan** *dx*ð Þ*t* 6¼ **0** *dy*ð Þ*t* 6¼ **0 Access to all**

Covert attack √ √ √ False data injection attack √ √

embedded in system Eq. (11) already.

Deception attack √

**Table 1.**

**8**

*Cyber-attack strategies.*

Stealth attack √

Reply attack √ √√

*D*<sup>1</sup> ¼

*x*\_ ¼ *f x*ð Þþ *B*1ð Þ *x dx*ð Þ*t*

**Assumption (A1):** *B*1ð Þ *x , D*<sup>1</sup> are of full rank. The attack/fault vector is partitioned accordingly as

> *<sup>d</sup>* <sup>¼</sup> *dx dy* � �

Therefore, Eq. (5) can be rewritten as

*B x*ð Þ¼ ½ � *B*1ð Þ *x* **0**<sup>1</sup> *, D* ¼ ½ � **0**<sup>2</sup> *D*<sup>1</sup> (6)

*where dx* ∈ R*m*<sup>1</sup> *and dy* ∈ R*m*�*m*<sup>1</sup> (7)

*<sup>y</sup>* <sup>¼</sup> *C x*ð Þþ *<sup>D</sup>*1*dy*ð Þ*<sup>t</sup>* (8)

*y* ¼ *My* (9)

(10)

**Need to know the system model**

matrices can be partitioned as

*Control Theory in Engineering*

*m*<sup>1</sup> ≤ *m*.

formation *M* ∈ R*<sup>p</sup>*�*<sup>p</sup>*

selected so that

**Assumption (A2):** Attacks are detectable, i.e., the invariant zeros of Eq. (11) are stable.

The problem is to protect the closed loop system (11) from the sensor attack *dy* <sup>∈</sup> <sup>R</sup>*m*�*m*<sup>1</sup> and state/plant attack *dx*ð Þ*<sup>t</sup>* <sup>∈</sup> <sup>R</sup>*m*<sup>1</sup> by means of designing fixed-gain and adaptive-gain SMOs that allow: (a) reconstructing online the sensor attack *dy*, the state/plant attack *dx*ð Þ*t* , and the plant states *x* so that

$$
\hat{d}\_{\mathbf{x}}(t) \to d\_{\mathbf{x}}(t), \hat{d}\_{\mathbf{y}}(t) \to d\_{\mathbf{y}}(t), \hat{\mathbf{x}} \to \mathbf{x} \tag{12}
$$

as time increases and.

(b) "cleanup" of the plant and sensors so that the dynamics of the CPS under attack (11) approaches,

$$\boldsymbol{\dot{x}}\_{\text{clean}} = \boldsymbol{f}(\boldsymbol{\dot{x}}) + \boldsymbol{B}\_{1}(\boldsymbol{\dot{x}}) \left( \boldsymbol{d}\_{\text{x}}(\mathbf{t}) - \boldsymbol{\dot{d}}\_{\text{x}}(\mathbf{t}) \right), \quad \boldsymbol{y}\_{\text{clean}} = \boldsymbol{y} - \boldsymbol{D}\_{1}\boldsymbol{\dot{d}}\_{\text{y}} = \boldsymbol{C}(\boldsymbol{\dot{x}}) + \boldsymbol{D}\_{1} \left( \boldsymbol{d}\_{\text{y}}(\mathbf{t}) - \boldsymbol{\dot{d}}\_{\text{y}}(\mathbf{t}) \right). \tag{13}$$

as time increases, to.

Note that Eq. (13) represents the compensated CPS that converges to CPS without attack as time increases.

### **5. Results: secure state estimation**

In this chapter, for the *linearized* case of the system in Eq. (5), two SMOs for state estimation and attack reconstruction are discussed. Two other SMO strategies for nonlinear system (5) are also proposed and investigated.
