**5.1 Attack reconstruction in linear system via filtering by adaptive sliding mode observer**

Consider the linearized system in Eq. (5) with *C x*ð Þ¼ *Cx* and *B x*ð Þ¼ *B*

$$
\dot{\mathbf{x}} = A\mathbf{x} + Bd(t), \quad \mathbf{y} = \mathbf{C}\mathbf{x} + Dd(t) \tag{14}
$$

#### *5.1.1 System's transformation*

Considering system Eq. (14) and assuming assumption (A1) holds, then as show in [29] there exists a matrix *N* ∈ *R*ð Þ� *<sup>n</sup>*�*<sup>p</sup> <sup>n</sup>* such that the square matrix

$$T\_c = \begin{bmatrix} N \\ C \end{bmatrix} \tag{15}$$

is nonsingular and the change of coordinates *x*↦*Tcx* creates, without loss of generality, a new state-space representation *A*<sup>0</sup> *; B*<sup>0</sup> *;C*<sup>0</sup> ð Þ *; D* where

$$A' = T\_{\mathfrak{c}} A T\_{\mathfrak{c}}^{-1}, \quad B' = T\_{\mathfrak{c}} B, \quad \mathbf{C}' = \mathbf{C} T\_{\mathfrak{c}}^{-1} = \begin{bmatrix} \mathbf{0}\_{p \times (n-p)} & I\_{p \times p} \end{bmatrix} \tag{16}$$

After the linear changing of coordinate, the CPS Eq. (14) is rewritten as

$$\begin{aligned} \dot{\mathbf{x}}\_1 &= A\_{11}\mathbf{x}\_1 + A\_{12}\mathbf{x}\_2 + B\_1 d\\ \dot{\mathbf{x}}\_2 &= A\_{21}\mathbf{x}\_1 + A\_{22}\mathbf{x}\_2 + B\_2 d \quad \text{where} \quad A' = \begin{bmatrix} A\_{11} & A\_{12} \\ A\_{21} & A\_{22} \end{bmatrix}, \qquad B' = \begin{bmatrix} B\_1 \\ B\_2 \end{bmatrix} \end{aligned} \quad \text{(17)}$$

with *x*<sup>1</sup> ∈*Rn*�*p, x*<sup>2</sup> ∈*R<sup>p</sup>* , *B*<sup>1</sup> ∈*R*ð Þ� *<sup>n</sup>*�*<sup>p</sup> <sup>m</sup>*, *B*<sup>2</sup> ∈ *Rp*�*m*, *A*<sup>11</sup> ∈ *R*ð Þ� *<sup>n</sup>*�*<sup>p</sup>* ð Þ *<sup>n</sup>*�*<sup>p</sup>* ,

*<sup>A</sup>*<sup>12</sup> <sup>∈</sup>*R*ð Þ� *<sup>n</sup>*�*<sup>p</sup> <sup>p</sup>*, *<sup>A</sup>*<sup>21</sup> <sup>∈</sup>*Rp*�ð Þ *<sup>n</sup>*�*<sup>p</sup> , A*<sup>22</sup> <sup>∈</sup>*Rp*�*p*. It is well known that ð Þ *<sup>A</sup>;<sup>C</sup>* is observable if and only if ð Þ *A*11*; A*<sup>21</sup> is observable [31].

Defining a further change of coordinates *<sup>x</sup>*<sup>1</sup> <sup>¼</sup> *<sup>x</sup>*<sup>1</sup> <sup>þ</sup> *Lx*<sup>2</sup> where *<sup>L</sup>*<sup>∈</sup> <sup>R</sup>ð Þ� *<sup>n</sup>*�*<sup>p</sup> <sup>p</sup>* is the design matrix, then the system Eq. (17) can be rewritten as

$$\begin{aligned} \dot{\overline{\boldsymbol{\varpi}}}\_{1} &= \tilde{A}\_{11}\overline{\boldsymbol{\varpi}}\_{1} + \tilde{A}\_{12}\underline{\boldsymbol{\varkappa}}\_{2} + \tilde{B}\_{1}d \\ \dot{\underline{\boldsymbol{\omega}}}\_{2} &= \tilde{A}\_{21}\overline{\boldsymbol{\varpi}}\_{1} + \tilde{A}\_{22}\underline{\boldsymbol{\varkappa}}\_{2} + \tilde{B}\_{2}d \end{aligned}, \; \boldsymbol{\mathcal{y}} = \boldsymbol{\varkappa}\_{2} + Dd \tag{18}$$

*5.1.2 Attack observation*

*G*<sup>1</sup> ¼

and *As*

*C*<sup>2</sup> � *G*1*C*1.

\_ *e* ¼

**11**

2 6 4 2 6 4

A SMO is proposed to reconstruct the attack in order to clean up the measurements and states and to allow the use of clean measurement in the control signal.

*Secure State Estimation and Attack Reconstruction in Cyber-Physical Systems: Sliding Mode…*

where *z* ¼ *col*ð Þ *z*1*; z*21*; z*<sup>22</sup> is conformal with the partition of *x* in Eq. (22). In Eq. (23), *<sup>υ</sup>* is a nonlinear injection signal that depends on *<sup>y</sup>*<sup>2</sup> � *<sup>z</sup>*<sup>22</sup> � � and is used to

> *A*12*<sup>b</sup> A*22*<sup>b</sup> <sup>A</sup>*22*<sup>d</sup>* � *As*

> > *y*<sup>2</sup> � *z*<sup>22</sup> � � �

where scalar gain *ρ* will be defined in the sequel, and *η* is a positive design scalar.

**Assumption (A4):** Matrix *sI* � *<sup>A</sup>*<sup>∗</sup> ð Þ is invertible, where *<sup>A</sup>*<sup>∗</sup> <sup>¼</sup> *<sup>A</sup>* � *BD*�<sup>1</sup>

Defining *e* ¼ *x* � *z*, then it follows *e* ¼ *col*ð Þ *e*1*;e*21*;e*<sup>22</sup> where *e*<sup>1</sup> ¼ *x*<sup>1</sup> � *z*1,

*A*12*<sup>b</sup> A*22*<sup>b</sup> <sup>A</sup>*22*<sup>d</sup>* � *As*

33

The first main results, based on the SMO with the fixed-gain injection term, is

Then, as soon as the sliding mode is established in finite time in Eq. (27) on the

**Theorem 1:** Assuming (A3)–(A4) hold and *m*<sup>0</sup> . 0 satisfies the condition

� �*e*<sup>11</sup> � *<sup>A</sup>*22*<sup>d</sup>* � *<sup>B</sup>*22*D*�<sup>1</sup>

sliding surface Eq. (28) by means of the injection term Eq. (25) with *ρ* ¼ *m*0*kd* þ k k *D*<sup>2</sup> <sup>∞</sup>*ld*, the attack *d* is asymptotically estimated as

3 7 5 *D*2*d* þ

2 6 4

are the gain matrices where *A*12*<sup>a</sup>* ∈ Rð Þ� *<sup>n</sup>*�*<sup>p</sup>* ð Þ *<sup>p</sup>*�*<sup>m</sup>* , *A*22*<sup>a</sup>* ∈ Rð Þ� *<sup>p</sup>*�*<sup>m</sup>* ð Þ *<sup>p</sup>*�*<sup>m</sup>* ,

*A*12*<sup>b</sup>* ∈ Rð Þ� *<sup>n</sup>*�*<sup>p</sup> <sup>m</sup>*, *A*22*<sup>b</sup>* ∈ Rð Þ� *<sup>p</sup>*�*<sup>m</sup> <sup>m</sup>*, *A*22*<sup>d</sup>* ∈ R*<sup>m</sup>*�*<sup>m</sup>*, and the matrices *As*

<sup>33</sup> ∈ R*<sup>m</sup>*�*<sup>m</sup>* are user-selected Hurwitz matrices, while *As*

and by direct substitution from Eqs. (22) and (23) that

2 6 4

3 7 5 *e* �

*<sup>υ</sup>* ¼ �ð Þ *<sup>ρ</sup>* <sup>þ</sup> *<sup>η</sup> <sup>y</sup>*<sup>2</sup> � *<sup>z</sup>*<sup>22</sup>

33

3 7 <sup>5</sup>*, Gn* <sup>¼</sup>

**0**ð Þ� *<sup>n</sup>*�*<sup>p</sup> <sup>m</sup>* **0**ð Þ� *<sup>p</sup>*�*<sup>m</sup> <sup>m</sup>* Im�*<sup>m</sup>*

� *, <sup>ρ</sup>, <sup>η</sup>* . <sup>0</sup> (25)

3 7

<sup>5</sup> (24)

<sup>22</sup> ∈ Rð Þ� *<sup>p</sup>*�*<sup>m</sup>* ð Þ *<sup>p</sup>*�*<sup>m</sup>*

2

<sup>5</sup>*<sup>υ</sup>* (27)

<sup>33</sup> is symmetric nega-

2 6 4

*ey*<sup>2</sup> ¼ *y*<sup>2</sup> � *z*<sup>22</sup> ¼ *e*<sup>22</sup> þ *D*2*d* (26)

2 6 4

*B*1 *B*<sup>21</sup> *B*<sup>22</sup>

*ey*<sup>2</sup> ¼ *y*<sup>2</sup> � *z*<sup>22</sup> ¼ **0** (28)

� �*D*2*d, <sup>e</sup>*<sup>11</sup> <sup>¼</sup> *col*ð Þ *<sup>e</sup>*1*;e*<sup>21</sup> (29)

2

3 7 5 *d* þ

**0 0** Im 3 7

2 6 4

*<sup>z</sup>*\_ <sup>¼</sup> *Az* <sup>þ</sup> *<sup>G</sup>*<sup>1</sup> *<sup>y</sup>*<sup>1</sup> � *<sup>z</sup>*<sup>21</sup> � � <sup>þ</sup> *<sup>G</sup>*<sup>2</sup> *<sup>y</sup>*<sup>2</sup> � *<sup>z</sup>*<sup>22</sup> � � � *Gn<sup>υ</sup>* (23)

Define a (sliding mode) observer for the system Eq. (22) as

induce a sliding motion in the estimation error space, and

3 7 <sup>5</sup>*, <sup>G</sup>*<sup>2</sup> <sup>¼</sup>

*A*12*<sup>a</sup> <sup>A</sup>*22*<sup>a</sup>* � *As*

*DOI: http://dx.doi.org/10.5772/intechopen.88669*

**0***<sup>m</sup>*�ð Þ *<sup>p</sup>*�*<sup>m</sup>*

*e*<sup>21</sup> ¼ *x*<sup>21</sup> � *z*21, *e*<sup>22</sup> ¼ *x*<sup>22</sup> � *z*22. It follows

*A*<sup>11</sup> **0 0** *A*21*<sup>a</sup> A<sup>s</sup>*

*A*21*<sup>b</sup> A*22*<sup>c</sup> As*

formulated in the following theorem.

k k *ϕ*ð Þ*t* ≤ *m*0*kd, ϕ* ¼ *A*21*<sup>b</sup> A*22*<sup>c</sup>*

<sup>22</sup> **0**

The idea is to force a sliding motion on

33

22

tive definite. The injection signal *υ*∈ R*<sup>m</sup>* is defined as

where *<sup>A</sup>*~<sup>11</sup> <sup>¼</sup> *<sup>A</sup>*<sup>11</sup> <sup>þ</sup> *LA*21*, <sup>A</sup>*~<sup>12</sup> ¼ �*A*11*<sup>L</sup>* <sup>þ</sup> *<sup>A</sup>*<sup>12</sup> � *LA*21*<sup>L</sup>* <sup>þ</sup> *LA*<sup>22</sup> , *<sup>B</sup>*~<sup>1</sup> <sup>¼</sup> *<sup>B</sup>*<sup>1</sup> <sup>þ</sup> *LB*2, *<sup>A</sup>*~<sup>21</sup> <sup>¼</sup> *<sup>A</sup>*21, *<sup>A</sup>*~<sup>22</sup> <sup>¼</sup> *<sup>A</sup>*<sup>22</sup> � *<sup>A</sup>*21*L*, *<sup>B</sup>*~<sup>2</sup> <sup>¼</sup> *<sup>B</sup>*2. Since ð Þ *<sup>A</sup>*11*; <sup>A</sup>*<sup>21</sup> is observable, there exist choices of the matrix *<sup>L</sup>* so that the matrix *<sup>A</sup>*~<sup>11</sup> <sup>¼</sup> *<sup>A</sup>*<sup>11</sup> <sup>þ</sup> *LA*<sup>21</sup> is Hurwitz.

**Assumption (A3):** The attack *d t*ð Þ and its derivative are norm bounded, i.e., k k*<sup>d</sup>* , *kd* and \_ *d* � � � � � � , *ld* where *kd, ld* . 0 and are known.

Since *p* . *m*, there exists a nonsingular scaling matrix *Q* ∈*R<sup>p</sup>*�*<sup>p</sup>* such that

$$QD = \begin{bmatrix} \mathbf{0}\_{(p-m)\times m} \\ D\_2 \end{bmatrix} \tag{19}$$

where *D*<sup>2</sup> ∈*R<sup>m</sup>*�*<sup>m</sup>* is nonsingular. Define *y* as the scaling of the measured outputs *y* according to *y* ¼ *Q y*. Partition the output of the CPS into unpolluted measurements *y*<sup>1</sup> ∈ R*<sup>p</sup>*�*<sup>m</sup>* and polluted measurements *y*<sup>2</sup> ∈ R*<sup>m</sup>* as

$$\overline{\mathcal{Y}} = \begin{bmatrix} \overline{\mathcal{Y}}\_1 \\ \overline{\mathcal{Y}}\_2 \end{bmatrix} = \begin{bmatrix} Q\_1 \mathbf{x}\_2 \\ Q\_2 \mathbf{x}\_2 + D\_2 d \end{bmatrix} = \mathbf{Q} \mathbf{x}\_2 + \begin{bmatrix} \mathbf{0}\_{(p-m)\times m} \\ D\_2 \end{bmatrix} d \tag{20}$$

Scale state component *x*<sup>2</sup> and define *x*<sup>2</sup> ¼ *Qx*2. Then Eq. (18) can be rewritten as

$$\begin{aligned} \dot{\overline{\boldsymbol{x}}}\_{1} &= \overline{\boldsymbol{A}}\_{11}\overline{\boldsymbol{x}}\_{1} + \overline{\boldsymbol{A}}\_{12}\overline{\boldsymbol{x}}\_{2} + \overline{\boldsymbol{B}}\_{1}d \\ \dot{\overline{\boldsymbol{x}}}\_{2} &= \overline{\boldsymbol{A}}\_{21}\overline{\boldsymbol{x}}\_{1} + \overline{\boldsymbol{A}}\_{22}\overline{\boldsymbol{x}}\_{2} + \overline{\boldsymbol{B}}\_{2}d \end{aligned}, \; \overline{\boldsymbol{y}} = \overline{\boldsymbol{x}}\_{2} + \begin{bmatrix} \mathbf{0} \\ \boldsymbol{D}\_{2} \end{bmatrix} d \tag{21}$$

where *<sup>A</sup>*<sup>11</sup> <sup>¼</sup> *<sup>A</sup>*~11, *<sup>A</sup>*<sup>12</sup> <sup>¼</sup> *<sup>A</sup>*~12*Q*�<sup>1</sup> , *<sup>B</sup>*<sup>1</sup> <sup>¼</sup> *<sup>B</sup>*~1, *<sup>A</sup>*<sup>21</sup> <sup>¼</sup> *QA*~21, *<sup>A</sup>*<sup>22</sup> <sup>¼</sup> *QA*~22*Q*�<sup>1</sup> , and *<sup>B</sup>*<sup>2</sup> <sup>¼</sup> *QB*~2. Define *<sup>x</sup>*<sup>2</sup> <sup>¼</sup> *col*ð Þ *<sup>x</sup>*21*; <sup>x</sup>*<sup>22</sup> , where *<sup>x</sup>*<sup>21</sup> <sup>∈</sup> <sup>R</sup>*<sup>p</sup>*�*<sup>m</sup>* and *<sup>x</sup>*<sup>22</sup> <sup>∈</sup> <sup>R</sup>*<sup>m</sup>*. Consequently the system in Eq. (21) can be written in partitioned form as

$$\begin{aligned} \dot{\overline{\boldsymbol{x}}} &= \overline{A}\overline{\boldsymbol{x}} + \overline{B}\boldsymbol{d} \\ \overline{\boldsymbol{y}}\_{1} &= \overline{\mathbf{C}}\_{1}\overline{\mathbf{x}}, \; \overline{\boldsymbol{y}}\_{2} = \overline{\mathbf{C}}\_{2}\overline{\mathbf{x}} + D\_{2}\boldsymbol{d} \\ \overline{\boldsymbol{C}}\_{1} &= \begin{bmatrix} \overline{\mathbf{C}}\_{1} \\ \overline{\mathbf{x}}\_{21} \\ \overline{\mathbf{x}}\_{22} \end{bmatrix}, \overline{\boldsymbol{A}} = \begin{bmatrix} \overline{A}\_{11} & \overline{A}\_{12a} & \overline{A}\_{12b} \\ \overline{A}\_{21a} & \overline{A}\_{22a} & \overline{A}\_{22b} \\ \overline{A}\_{21b} & \overline{A}\_{22c} & \overline{A}\_{22d} \end{bmatrix}, \overline{\boldsymbol{B}} = \begin{bmatrix} \overline{B}\_{1} \\ \overline{B}\_{21} \\ \overline{B}\_{21} \end{bmatrix} \end{aligned} \tag{21}$$

where *A*<sup>11</sup> is Hurwitz and the virtual measurement *y*<sup>1</sup> presents the protected measurements and *y*<sup>2</sup> shows the attacked/corrupted measurements.

*Secure State Estimation and Attack Reconstruction in Cyber-Physical Systems: Sliding Mode… DOI: http://dx.doi.org/10.5772/intechopen.88669*

#### *5.1.2 Attack observation*

*x*\_ <sup>1</sup> ¼ *A*11*x*<sup>1</sup> þ *A*12*x*<sup>2</sup> þ *B*1*d x*\_ <sup>2</sup> ¼ *A*21*x*<sup>1</sup> þ *A*22*x*<sup>2</sup> þ *B*2*d*

*Control Theory in Engineering*

and only if ð Þ *A*11*; A*<sup>21</sup> is observable [31].

*where A*<sup>0</sup> ¼

with *x*<sup>1</sup> ∈*Rn*�*p, x*<sup>2</sup> ∈*R<sup>p</sup>* , *B*<sup>1</sup> ∈*R*ð Þ� *<sup>n</sup>*�*<sup>p</sup> <sup>m</sup>*, *B*<sup>2</sup> ∈ *Rp*�*m*, *A*<sup>11</sup> ∈ *R*ð Þ� *<sup>n</sup>*�*<sup>p</sup>* ð Þ *<sup>n</sup>*�*<sup>p</sup>* ,

*<sup>x</sup>*\_ <sup>1</sup> <sup>¼</sup> *<sup>A</sup>*<sup>~</sup> <sup>11</sup>*x*<sup>1</sup> <sup>þ</sup> *<sup>A</sup>*<sup>~</sup> <sup>12</sup>*x*<sup>2</sup> <sup>þ</sup> *<sup>B</sup>*~1*<sup>d</sup>*

choices of the matrix *<sup>L</sup>* so that the matrix *<sup>A</sup>*~<sup>11</sup> <sup>¼</sup> *<sup>A</sup>*<sup>11</sup> <sup>þ</sup> *LA*<sup>21</sup> is Hurwitz.

design matrix, then the system Eq. (17) can be rewritten as

ments *y*<sup>1</sup> ∈ R*<sup>p</sup>*�*<sup>m</sup>* and polluted measurements *y*<sup>2</sup> ∈ R*<sup>m</sup>* as

<sup>¼</sup> *<sup>Q</sup>*1*x*<sup>2</sup> *Q*2*x*<sup>2</sup> þ *D*2*d* � �

*<sup>x</sup>*\_ <sup>1</sup> <sup>¼</sup> *<sup>A</sup>*11*x*<sup>1</sup> <sup>þ</sup> *<sup>A</sup>*12*x*<sup>2</sup> <sup>þ</sup> *<sup>B</sup>*1*<sup>d</sup>*

the system in Eq. (21) can be written in partitioned form as

*, x* ¼

measurements and *y*<sup>2</sup> shows the attacked/corrupted measurements.

*C*<sup>1</sup> ¼ **0**ð Þ� *<sup>p</sup>*�*<sup>m</sup>* ð Þ *<sup>n</sup>*�*<sup>p</sup> I*ð Þ� *<sup>p</sup>*�*<sup>m</sup>* ð Þ *<sup>p</sup>*�*<sup>m</sup>* **0**ð Þ� *<sup>p</sup>*�*<sup>m</sup> <sup>m</sup>*

*<sup>x</sup>*\_ <sup>2</sup> <sup>¼</sup> *<sup>A</sup>*21*x*<sup>1</sup> <sup>þ</sup> *<sup>A</sup>*22*x*<sup>2</sup> <sup>þ</sup> *<sup>B</sup>*2*<sup>d</sup> , <sup>y</sup>* <sup>¼</sup> *<sup>x</sup>*<sup>2</sup> <sup>þ</sup>

*x*1

*x*<sup>21</sup>

*x*<sup>22</sup>

*<sup>B</sup>*<sup>2</sup> <sup>¼</sup> *QB*~2. Define *<sup>x</sup>*<sup>2</sup> <sup>¼</sup> *col*ð Þ *<sup>x</sup>*21*; <sup>x</sup>*<sup>22</sup> , where *<sup>x</sup>*<sup>21</sup> <sup>∈</sup> <sup>R</sup>*<sup>p</sup>*�*<sup>m</sup>* and *<sup>x</sup>*<sup>22</sup> <sup>∈</sup> <sup>R</sup>*<sup>m</sup>*. Consequently

3 7 7 7 5*, <sup>A</sup>* <sup>¼</sup>

� �*, <sup>C</sup>*<sup>2</sup> <sup>¼</sup> **<sup>0</sup>***<sup>m</sup>*�ð Þ *<sup>n</sup>*�*<sup>m</sup> Im*�*<sup>m</sup>*

where *A*<sup>11</sup> is Hurwitz and the virtual measurement *y*<sup>1</sup> presents the protected

*<sup>A</sup>*<sup>12</sup> <sup>∈</sup>*R*ð Þ� *<sup>n</sup>*�*<sup>p</sup> <sup>p</sup>*, *<sup>A</sup>*<sup>21</sup> <sup>∈</sup>*Rp*�ð Þ *<sup>n</sup>*�*<sup>p</sup> , A*<sup>22</sup> <sup>∈</sup>*Rp*�*p*. It is well known that ð Þ *<sup>A</sup>;<sup>C</sup>* is observable if

where *<sup>A</sup>*~<sup>11</sup> <sup>¼</sup> *<sup>A</sup>*<sup>11</sup> <sup>þ</sup> *LA*21*, <sup>A</sup>*~<sup>12</sup> ¼ �*A*11*<sup>L</sup>* <sup>þ</sup> *<sup>A</sup>*<sup>12</sup> � *LA*21*<sup>L</sup>* <sup>þ</sup> *LA*<sup>22</sup> , *<sup>B</sup>*~<sup>1</sup> <sup>¼</sup> *<sup>B</sup>*<sup>1</sup> <sup>þ</sup> *LB*2, *<sup>A</sup>*~<sup>21</sup> <sup>¼</sup> *<sup>A</sup>*21, *<sup>A</sup>*~<sup>22</sup> <sup>¼</sup> *<sup>A</sup>*<sup>22</sup> � *<sup>A</sup>*21*L*, *<sup>B</sup>*~<sup>2</sup> <sup>¼</sup> *<sup>B</sup>*2. Since ð Þ *<sup>A</sup>*11*; <sup>A</sup>*<sup>21</sup> is observable, there exist

**Assumption (A3):** The attack *d t*ð Þ and its derivative are norm bounded, i.e.,

*QD* <sup>¼</sup> **<sup>0</sup>**ð Þ� *<sup>p</sup>*�*<sup>m</sup> <sup>m</sup>*

*D*<sup>2</sup> � �

¼ *Qx*<sup>2</sup> þ

**0**ð Þ� *<sup>p</sup>*�*<sup>m</sup> <sup>m</sup> D*<sup>2</sup> � �

> **0** *D*<sup>2</sup>

, *<sup>B</sup>*<sup>1</sup> <sup>¼</sup> *<sup>B</sup>*~1, *<sup>A</sup>*<sup>21</sup> <sup>¼</sup> *QA*~21, *<sup>A</sup>*<sup>22</sup> <sup>¼</sup> *QA*~22*Q*�<sup>1</sup>

*A*<sup>11</sup> *A*12*<sup>a</sup> A*12*<sup>b</sup>*

*A*21*<sup>a</sup> A*22*<sup>a</sup> A*22*<sup>b</sup>*

*A*21*<sup>b</sup> A*22*<sup>c</sup> A*22*<sup>d</sup>*

" #

where *D*<sup>2</sup> ∈*R<sup>m</sup>*�*<sup>m</sup>* is nonsingular. Define *y* as the scaling of the measured outputs *y* according to *y* ¼ *Q y*. Partition the output of the CPS into unpolluted measure-

Scale state component *x*<sup>2</sup> and define *x*<sup>2</sup> ¼ *Qx*2. Then Eq. (18) can be rewritten as

, *ld* where *kd, ld* . 0 and are known. Since *p* . *m*, there exists a nonsingular scaling matrix *Q* ∈*R<sup>p</sup>*�*<sup>p</sup>* such that

Defining a further change of coordinates *<sup>x</sup>*<sup>1</sup> <sup>¼</sup> *<sup>x</sup>*<sup>1</sup> <sup>þ</sup> *Lx*<sup>2</sup> where *<sup>L</sup>*<sup>∈</sup> <sup>R</sup>ð Þ� *<sup>n</sup>*�*<sup>p</sup> <sup>p</sup>* is the

*A*<sup>11</sup> *A*<sup>12</sup>

" #

*A*<sup>21</sup> *A*<sup>22</sup>

*<sup>x</sup>*\_ <sup>2</sup> <sup>¼</sup> *<sup>A</sup>*<sup>~</sup> <sup>21</sup>*x*<sup>1</sup> <sup>þ</sup> *<sup>A</sup>*<sup>~</sup> <sup>22</sup>*x*<sup>2</sup> <sup>þ</sup> *<sup>B</sup>*~2*<sup>d</sup> , <sup>y</sup>* <sup>¼</sup> *<sup>x</sup>*<sup>2</sup> <sup>þ</sup> *Dd* (18)

*, B*<sup>0</sup> ¼

*B*1

(17)

(19)

*d* (20)

*d* (21)

3 7 7 7 5*, <sup>B</sup>* <sup>¼</sup>

� �

, and

*B*1

*B*<sup>21</sup>

*B*<sup>22</sup>

(22)

" #

*B*2

*y* ¼ *x*<sup>2</sup> þ *Dd*

k k*<sup>d</sup>* , *kd* and \_

*d* � � � � � �

*<sup>y</sup>* <sup>¼</sup> *<sup>y</sup>*<sup>1</sup> *y*2 � �

where *<sup>A</sup>*<sup>11</sup> <sup>¼</sup> *<sup>A</sup>*~11, *<sup>A</sup>*<sup>12</sup> <sup>¼</sup> *<sup>A</sup>*~12*Q*�<sup>1</sup>

*y*<sup>1</sup> ¼ *C*1*x, y*<sup>2</sup> ¼ *C*2*x* þ *D*2*d*

*<sup>x</sup>*\_ <sup>¼</sup> *Ax* <sup>þ</sup> *Bd*

**10**

A SMO is proposed to reconstruct the attack in order to clean up the measurements and states and to allow the use of clean measurement in the control signal. Define a (sliding mode) observer for the system Eq. (22) as

$$\dot{\overline{z}} = \overline{A}\overline{z} + \overline{G}\_1(\overline{y}\_1 - \overline{z}\_{21}) + \overline{G}\_2(\overline{y}\_2 - \overline{z}\_{22}) - G\_n \nu \tag{23}$$

where *z* ¼ *col*ð Þ *z*1*; z*21*; z*<sup>22</sup> is conformal with the partition of *x* in Eq. (22). In Eq. (23), *<sup>υ</sup>* is a nonlinear injection signal that depends on *<sup>y</sup>*<sup>2</sup> � *<sup>z</sup>*<sup>22</sup> � � and is used to induce a sliding motion in the estimation error space, and

$$
\overline{\mathbf{G}}\_1 = \begin{bmatrix} \overline{A}\_{12a} \\ \overline{A}\_{22a} - A\_{22}^s \\ \mathbf{0}\_{m \times (p-m)} \end{bmatrix}, \overline{\mathbf{G}}\_2 = \begin{bmatrix} \overline{A}\_{12b} \\ \overline{A}\_{22b} \\ \overline{A}\_{22d} - A\_{33}^s \end{bmatrix}, \mathbf{G}\_n = \begin{bmatrix} \mathbf{0}\_{(n-p)\times m} \\ \mathbf{0}\_{(p-m)\times m} \\ \mathbf{I}\_{m\times m} \end{bmatrix} \tag{24}
$$

are the gain matrices where *A*12*<sup>a</sup>* ∈ Rð Þ� *<sup>n</sup>*�*<sup>p</sup>* ð Þ *<sup>p</sup>*�*<sup>m</sup>* , *A*22*<sup>a</sup>* ∈ Rð Þ� *<sup>p</sup>*�*<sup>m</sup>* ð Þ *<sup>p</sup>*�*<sup>m</sup>* , *A*12*<sup>b</sup>* ∈ Rð Þ� *<sup>n</sup>*�*<sup>p</sup> <sup>m</sup>*, *A*22*<sup>b</sup>* ∈ Rð Þ� *<sup>p</sup>*�*<sup>m</sup> <sup>m</sup>*, *A*22*<sup>d</sup>* ∈ R*<sup>m</sup>*�*<sup>m</sup>*, and the matrices *As* <sup>22</sup> ∈ Rð Þ� *<sup>p</sup>*�*<sup>m</sup>* ð Þ *<sup>p</sup>*�*<sup>m</sup>* and *As* <sup>33</sup> ∈ R*<sup>m</sup>*�*<sup>m</sup>* are user-selected Hurwitz matrices, while *As* <sup>33</sup> is symmetric negative definite. The injection signal *υ*∈ R*<sup>m</sup>* is defined as

$$\rho = -(\rho + \eta) \frac{\overline{y}\_2 - \overline{z}\_{22}}{||\overline{y}\_2 - \overline{z}\_{22}||}, \quad \rho, \eta > 0 \tag{25}$$

where scalar gain *ρ* will be defined in the sequel, and *η* is a positive design scalar. **Assumption (A4):** Matrix *sI* � *<sup>A</sup>*<sup>∗</sup> ð Þ is invertible, where *<sup>A</sup>*<sup>∗</sup> <sup>¼</sup> *<sup>A</sup>* � *BD*�<sup>1</sup> 2 *C*<sup>2</sup> � *G*1*C*1.

Defining *e* ¼ *x* � *z*, then it follows *e* ¼ *col*ð Þ *e*1*;e*21*;e*<sup>22</sup> where *e*<sup>1</sup> ¼ *x*<sup>1</sup> � *z*1, *e*<sup>21</sup> ¼ *x*<sup>21</sup> � *z*21, *e*<sup>22</sup> ¼ *x*<sup>22</sup> � *z*22. It follows

$$
\overline{\mathbf{z}}\_{\mathcal{V}\_{2}} = \overline{\mathbf{y}}\_{2} - \overline{\mathbf{z}}\_{22} = \overline{\mathbf{c}}\_{22} + D\_{2}d \tag{26}
$$

and by direct substitution from Eqs. (22) and (23) that

$$
\dot{\overline{e}} = \begin{bmatrix} \overline{A}\_{11} & \mathbf{0} & \mathbf{0} \\ \overline{A}\_{21a} & A\_{22}^{\circ} & \mathbf{0} \\ \overline{A}\_{21b} & \overline{A}\_{22c} & A\_{33}^{\circ} \end{bmatrix} \overline{e} - \begin{bmatrix} \overline{A}\_{12b} \\ \overline{A}\_{22b} \\ \overline{A}\_{22d} - A\_{33}^{\circ} \end{bmatrix} D\_2 d + \begin{bmatrix} \overline{B}\_1 \\ \overline{B}\_{21} \\ \overline{B}\_{22} \end{bmatrix} d + \begin{bmatrix} \mathbf{0} \\ \mathbf{0} \\ \mathbf{I}\_m \end{bmatrix} \nu \tag{27}
$$

The idea is to force a sliding motion on

$$
\mathbf{e}\_{\mathcal{V}\_2} = \overline{\mathbf{y}}\_2 - \overline{\mathbf{z}}\_{22} = \mathbf{0} \tag{28}
$$

The first main results, based on the SMO with the fixed-gain injection term, is formulated in the following theorem.

**Theorem 1:** Assuming (A3)–(A4) hold and *m*<sup>0</sup> . 0 satisfies the condition

$$\|\|\phi(t)\|\| \le m\_0 k\_d, \quad \phi = \begin{bmatrix} \overline{A}\_{21b} & \overline{A}\_{22c} \end{bmatrix} \overline{e}\_{11} - \begin{pmatrix} \overline{A}\_{22d} - \overline{B}\_{22} D\_2^{-1} \end{pmatrix} D\_2 d, \quad \overline{e}\_{11} = \text{col}(\overline{e}\_1, \overline{e}\_{21}) \tag{29}$$

Then, as soon as the sliding mode is established in finite time in Eq. (27) on the sliding surface Eq. (28) by means of the injection term Eq. (25) with *ρ* ¼ *m*0*kd* þ k k *D*<sup>2</sup> <sup>∞</sup>*ld*, the attack *d* is asymptotically estimated as

$$\hat{d} = G^\*(s)\boldsymbol{\nu}\_{\boldsymbol{q}} \quad \text{where} \quad G^\*\left(\boldsymbol{s}\right) = \mathbf{C}^\*\left(\boldsymbol{s}\boldsymbol{I} - \boldsymbol{A}^\*\right)^{-1}\boldsymbol{B}^\*, \ \boldsymbol{B}^\* = \begin{bmatrix} \mathbf{0}\_{\left(\boldsymbol{n}-\boldsymbol{p}\right)\times\boldsymbol{m}} \\ \mathbf{0}\_{\left(\boldsymbol{p}-\boldsymbol{m}\right)\times\boldsymbol{m}} \\ \boldsymbol{I}\_{\boldsymbol{m}\times\boldsymbol{m}} \end{bmatrix}, \boldsymbol{\mathcal{C}}^\* = \begin{bmatrix} \mathbf{0}\_{\boldsymbol{m}\times\left(\boldsymbol{n}-\boldsymbol{m}\right)} & -\boldsymbol{D}\_2^{-1} \end{bmatrix} \tag{30}$$

where *υeq* is the *equivalent* injection term [31] and a close approximation and *υeq* can be obtained in real time by low-pass filtering of the switching signal Eq. (25) [29]. Replacing *υeq* by *υeq* in Eq. (30) gives

$$
\hat{d} = G^\*(\mathfrak{s}) \overline{\mathfrak{v}}\_{eq} \tag{31}
$$

<sup>ℓ</sup>\_ðÞ¼ *<sup>t</sup> γ σ*j j ð Þ*<sup>t</sup> if*j j *<sup>σ</sup>*ð Þ*<sup>t</sup>* . *<sup>σ</sup>*<sup>0</sup> <sup>0</sup> *otherwise*

*Secure State Estimation and Attack Reconstruction in Cyber-Physical Systems: Sliding Mode…*

**Theorem 2:** Consider the system in Eq. (27) and

*a t*ðÞ¼ *As*

1 <sup>4</sup> *<sup>ε</sup>*<sup>2</sup> . *<sup>σ</sup>*<sup>2</sup>

in Theorem 2 as:

k k*<sup>d</sup>* , *kd* and \_

*r* ¼ *r*1*;r*2*;* …*;rp*<sup>1</sup>

*5.2.1 Attack observation*

**13**

**twisting SMO**

*d* , *ld*.

If *ε* . 0 in (34) is chosen to satisfy

*DOI: http://dx.doi.org/10.5772/intechopen.88669*

equivalent adaptive injection term *υeq* or *υeq*.

*C*1ð Þ¼ *x C*1*x*, *C*2ð Þ¼ *x C*2*x*, *B*1ð Þ¼ *x B*, that is,

where *B*<sup>1</sup> ∈ R*<sup>n</sup>*�*m*<sup>1</sup> , *C*<sup>1</sup> ∈ R<sup>ð</sup> *<sup>p</sup>*�ð Þ *<sup>m</sup>*�*m*<sup>1</sup> Þ�*<sup>n</sup>*, *C*<sup>2</sup> ∈ Rð Þ� *<sup>m</sup>*�*m*<sup>1</sup> *<sup>n</sup>*.

*C*1*iAj*

*C*1*iAri*�<sup>1</sup>

**Assumption (A6):** there exists a full rank matrix.

Without loss of generality, it is assumed that *r*<sup>1</sup> ≤ … ≤*rp*<sup>1</sup>

*B*<sup>1</sup> 6¼ 0

where *γ* . 0*, σ*<sup>0</sup> . 0 are design scalars. The second main results are summarized

and assume that j j *a t*ð Þ , *a*0*,* j j *a t* \_ð Þ , *a*1, where *a*<sup>0</sup> and *a*<sup>1</sup> are finite but unknown. A SMO is designed as in Eq. (23) with the *adaptive* injection term in Eqs. (32)–(37).

> <sup>0</sup> þ 1 *γ*

for any given *σ*0, *q* . 1, and, 0 , *α* , 1, then the injection term (32) exploiting the *dual layer adaptive* scheme given by Eqs. (35)–(37) drives *σ*ð Þ*t* to a domain j j *σ*ð Þ*t* , *ε=*2 in finite time and consequently ensures a sliding motion *ey* ¼ 0 can be reached in finite time and sustained thereafter. The gains *r t*ð Þ and *ρ*ð Þ*t* remain bounded. The sensor attack signal *d t*ð Þ is reconstructed as in Eq. (30) with the

Proof of Theorem 2 is based on the results in [32] and is omitted for brevity. **Remark 2:** The proposed unit vector injection gain-adaptation algorithm in Eqs. (32)–(37) does not require the knowledge of the boundaries *kd, ld* . 0 in

**5.2 State estimation and attack reconstruction in linear systems by using super**

**Assumption (A5):** The number of uncorrupted/protected measurements is equal or larger than the number of state/plant attack, i.e., *p*<sup>1</sup> ¼ *p* � ð Þ *m* � *m*<sup>1</sup> ≥ *m*1. The system Eq. (40) is assumed to have an input-output vector relative degree

, where *relative degree ri* for *<sup>i</sup>* <sup>¼</sup> <sup>1</sup>*,* <sup>2</sup>*,* …*, p*<sup>1</sup> is defined as follows:

*B*<sup>1</sup> ¼ 0 *for all j* , *ri* � 1

.

*x*\_ ¼ *Ax* þ *B*1*dx*ð Þ*t , y*<sup>1</sup> ¼ *C*1*x , y*<sup>2</sup> ¼ *C*2*x* þ *D*1*dy*ð Þ*t* (40)

Consider the completely observable linearized system Eq. (11) with

<sup>33</sup>*ey*<sup>2</sup> <sup>þ</sup> *<sup>ϕ</sup>* <sup>þ</sup> *<sup>D</sup>*<sup>2</sup> \_

*qa*<sup>1</sup> *α* <sup>2</sup> (37)

(39)

(41)

*d* (38)

Proof of the Theorem 1 is omitted for brevity.

**Remark 1:** The SMO (31) is a dynamic filter that allows reconstructing the time-varying attack *d t*ð Þ. This filter is the main novel feature of the proposed observer.

#### *5.1.3 Adaptive-gain attack observer design*

In Eq. (29), it was assumed that the perturbation term *φ* is locally normbounded and *ρ* . 0 in Eq. (25) is known. In many practical cases, the boundary of attacks is unknown, and the gain of the sliding mode injection term Eq. (25) in the fixed-gain observer in Eq. (23) can be overestimated. The gain overestimation could increase chattering that is difficult to attenuate.

The constant gain *ρ* . 0 can be replaced by an adaptive-gain *ρ*ð Þ*t* by applying the *dual layer nested adaptive sliding mode observation algorithm* [32], i.e.,

$$\rho = - (\rho(t) + \eta) \frac{\overline{\mathcal{Y}}\_2 - \overline{\varpi}\_{22}}{||\overline{\mathcal{Y}}\_2 - \overline{\varpi}\_{22}||} \tag{32}$$

A sufficient condition to ensure sliding on *ey*<sup>2</sup> ¼ **0** in finite time is

$$\rho(t) \ge \left\| A^s\_{33} e\_{\mathbb{V}\_2} + \phi + D\_2 \dot{d} \right\|\tag{33}$$

An error signal is defined as

$$
\sigma(t) = \rho(t) - \frac{1}{a} \left| \left| \overline{v}\_{eq}(t) \right| \right| - \varepsilon \tag{34}
$$

where the scalars 0 , *α* , 1, *ε* . 0. The adaptation dynamics of *ρ*ð Þ*t* in Eq. (32) is defined as [32].

$$\dot{\rho}(t) = -r(t)\text{sign}(\sigma(t))\tag{35}$$

where the time-varying scalar *r t*ð Þ . 0 satisfies an adaptive scheme. It is assumed that *r t*ð Þ has the structure

$$r(t) = \ell\_0 + \ell(t) \tag{36}$$

where ℓ<sup>0</sup> is a fixed positive scalar. The evolution of ℓð Þ*t* is chosen to satisfy an adaptive law [32]:

*Secure State Estimation and Attack Reconstruction in Cyber-Physical Systems: Sliding Mode… DOI: http://dx.doi.org/10.5772/intechopen.88669*

$$\dot{\boldsymbol{\varepsilon}}^{\dot{\varepsilon}}(t) = \begin{cases} \boldsymbol{\gamma}|\sigma(t)| & \dot{\boldsymbol{\varepsilon}}^{\boldsymbol{\varepsilon}}|\sigma(t)| \ge \sigma\_0 \\ \mathbf{0} & \text{otherwise} \end{cases} \tag{37}$$

where *γ* . 0*, σ*<sup>0</sup> . 0 are design scalars. The second main results are summarized in Theorem 2 as:

**Theorem 2:** Consider the system in Eq. (27) and

^

observer.

*<sup>d</sup>* <sup>¼</sup> *<sup>G</sup>*<sup>∗</sup> ð Þ*<sup>s</sup> <sup>υ</sup>eq where G*<sup>∗</sup> ðÞ¼ *<sup>s</sup> <sup>C</sup>*<sup>∗</sup> *sI* � *<sup>A</sup>*<sup>∗</sup> ð Þ�<sup>1</sup>

*Control Theory in Engineering*

[29]. Replacing *υeq* by *υeq* in Eq. (30) gives

*5.1.3 Adaptive-gain attack observer design*

An error signal is defined as

defined as [32].

that *r t*ð Þ has the structure

adaptive law [32]:

**12**

increase chattering that is difficult to attenuate.

Proof of the Theorem 1 is omitted for brevity.

*<sup>B</sup>*<sup>∗</sup> *, <sup>B</sup>*<sup>∗</sup> <sup>¼</sup>

where *υeq* is the *equivalent* injection term [31] and a close approximation and *υeq* can be obtained in real time by low-pass filtering of the switching signal Eq. (25)

^

**Remark 1:** The SMO (31) is a dynamic filter that allows reconstructing the time-varying attack *d t*ð Þ. This filter is the main novel feature of the proposed

In Eq. (29), it was assumed that the perturbation term *φ* is locally normbounded and *ρ* . 0 in Eq. (25) is known. In many practical cases, the boundary of attacks is unknown, and the gain of the sliding mode injection term Eq. (25) in the fixed-gain observer in Eq. (23) can be overestimated. The gain overestimation could

*dual layer nested adaptive sliding mode observation algorithm* [32], i.e.,

A sufficient condition to ensure sliding on *ey*<sup>2</sup> ¼ **0** in finite time is

� � �

*<sup>ρ</sup>*ð Þ*<sup>t</sup>* . *As*

*σ*ðÞ¼ *t ρ*ðÞ�*t*

The constant gain *ρ* . 0 can be replaced by an adaptive-gain *ρ*ð Þ*t* by applying the

*y*<sup>2</sup> � *z*<sup>22</sup> � � � �

*d*

� �

*ρ*\_ðÞ¼� *t r t*ð Þ*sign*ð Þ *σ*ð Þ*t* (35)

*r t*ðÞ¼ ℓ<sup>0</sup> þ ℓð Þ*t* (36)

� (33)

� � *ε* (34)

<sup>33</sup>*ey*<sup>2</sup> <sup>þ</sup> *<sup>ϕ</sup>* <sup>þ</sup> *<sup>D</sup>*<sup>2</sup> \_

1 *<sup>α</sup> <sup>υ</sup>eq*ð Þ*<sup>t</sup>* � � �

where the scalars 0 , *α* , 1, *ε* . 0. The adaptation dynamics of *ρ*ð Þ*t* in Eq. (32) is

where the time-varying scalar *r t*ð Þ . 0 satisfies an adaptive scheme. It is assumed

where ℓ<sup>0</sup> is a fixed positive scalar. The evolution of ℓð Þ*t* is chosen to satisfy an

*<sup>υ</sup>* ¼ �ð Þ *<sup>ρ</sup>*ð Þþ*<sup>t</sup> <sup>η</sup> <sup>y</sup>*<sup>2</sup> � *<sup>z</sup>*<sup>22</sup>

**0**ð Þ� *<sup>n</sup>*�*<sup>p</sup> <sup>m</sup>* **0**ð Þ� *<sup>p</sup>*�*<sup>m</sup> <sup>m</sup> Im*�*<sup>m</sup>*

*<sup>d</sup>* <sup>¼</sup> *<sup>G</sup>*<sup>∗</sup> ð Þ*<sup>s</sup> <sup>υ</sup>eq* (31)

*, C*<sup>∗</sup> <sup>¼</sup> **<sup>0</sup>***<sup>m</sup>*�ð Þ *<sup>n</sup>*�*<sup>m</sup>* �*D*�<sup>1</sup>

� �

2

(30)

(32)

$$\mathfrak{a}(t) = A\_{33}^s \mathfrak{e}\_{\mathfrak{P}\_2} + \phi + D\_2 \dot{d} \tag{38}$$

and assume that j j *a t*ð Þ , *a*0*,* j j *a t* \_ð Þ , *a*1, where *a*<sup>0</sup> and *a*<sup>1</sup> are finite but unknown. A SMO is designed as in Eq. (23) with the *adaptive* injection term in Eqs. (32)–(37). If *ε* . 0 in (34) is chosen to satisfy

$$\frac{1}{4}\varepsilon^2 > \sigma\_0^2 + \frac{1}{\chi} \left(\frac{qa\_1}{a}\right)^2\tag{39}$$

for any given *σ*0, *q* . 1, and, 0 , *α* , 1, then the injection term (32) exploiting the *dual layer adaptive* scheme given by Eqs. (35)–(37) drives *σ*ð Þ*t* to a domain j j *σ*ð Þ*t* , *ε=*2 in finite time and consequently ensures a sliding motion *ey* ¼ 0 can be reached in finite time and sustained thereafter. The gains *r t*ð Þ and *ρ*ð Þ*t* remain bounded. The sensor attack signal *d t*ð Þ is reconstructed as in Eq. (30) with the equivalent adaptive injection term *υeq* or *υeq*.

Proof of Theorem 2 is based on the results in [32] and is omitted for brevity.

**Remark 2:** The proposed unit vector injection gain-adaptation algorithm in Eqs. (32)–(37) does not require the knowledge of the boundaries *kd, ld* . 0 in k k*<sup>d</sup>* , *kd* and \_ *d* , *ld*.
