Min Zhang,Xiangbin Liu,Hongye Su

DOI: https://doi.org/10.1016/j.isatra.2024.11.011

IF: 7.3

2024-01-01

ISA Transactions

Abstract:In this paper, a novel adaptive safe fault-tolerant (SFT) controller design framework is proposed to obtain stability with safety guarantee for a class of single systems and a class of interconnected nonlinear systems in the presence of unknown faults. Under the framework, an adaptive fault-tolerant controller for a class of single systems is designed to ensure safety and asymptotic stability simultaneously. For interconnected systems, the neural networks (NNs) is used to parameterize the unknown faults and interconnection terms. Then, a necessary and sufficient condition for the stability of the system is relaxed and a certainty equivalence (CE)-based adaptive controller is proposed to reduce the complexity of control design. Finally, the result of input-to-state safety and uniform ultimate boundedness for the controlled interconnected systems can be obtained. A numerical simulation of the interconnected systems consisting of two inverted pendulums is given to illustrate the effectiveness of the proposed method.

Ruqi Ding,Min Cheng,Shen Zheng,Bing Xu

DOI: https://doi.org/10.1109/tmech.2020.3042605

2021-01-01

Abstract:Due to the complex control software based on electronic sensors, an independent metering control system (IMCS) has a higher risk of failures than a traditional electrohydraulic system. Considering the tough requirements of safety and reliability in mobile applications, this article innovatively proposes an active sensor-fault-tolerant controller (SFTC) for IMCSs. It is a model-free controller without any additional sensors. All the faults of the inlet, outlet, and supply pressure sensors are tolerated via analytical redundancy rather than hardware redundancy. The core of the analytical redundancy is to reconfigure the control loops of the normal controller by utilizing the cross-couplings among multivariables. To guarantee the switching stability from the normal controller to the SFTC, in this article, a bumpless transfer strategy based on latent tracking is designed, such that the abrupt output jump of the SFTC is suppressed and a smooth switching is obtained when the fault occurs. The feasibility of the SFTC system was evaluated by implementing the system on the two-ton excavator. The experimental results of boom motions verify the effectiveness of the controller under abrupt and random sensor faults.

Tim Maurice Julitz,Antoine Tordeux,Manuel Lower

DOI: https://doi.org/10.1017/pds.2023.105

2023-06-19

Proceedings of the Design Society

Abstract:Abstract Fault-tolerant hardware architectures for autonomous vehicles can be implemented through redundancy, diversity, separation, self-diagnosis, and reconfiguration. These approaches can be coupled with majority redundancy through M-out-of-N independent system architectures. The development of fault- tolerant systems is of central importance in the launch of autonomous driving systems from level 4. The increasing complexity of electrical and electronic systems is challenging for the design of safety-critical systems. This work aims to develop a method to manage this complexity in product development and to use it to compare different types of architectures. The basis is a system consisting of sensors and microcontrollers. The reliability of all possible MooN configurations of the system is calculated automatically by numerically solving the master equation of the corresponding Markov chain. Subsequently, a software-based fault tree analysis enables more detailed modeling of the component structure. The results show that four-line architectures can provide suitable results and that the development effort for 2-ECU systems is higher than for 1-ECU systems with respect to the ISO 26262 target values.

Luis J. Figueroa Rivera,Balasubramaniyan Chandrasekaran

DOI: https://doi.org/10.1109/sii46433.2020.9026237

2020-01-01

Abstract:Fault tolerance is important in a robotic system architecture because of the advancements in robotics which makes the robots much smarter and more capable on executing tasks. Thus fault tolerant and self-healing robotic control systems help prevent any cascade errors that can lead to the robot becoming inoperable or causing a safety hazard. The current paper is a work in progress describing the initial efforts of implementing a fault tolerant robotic system architecture and presents initial progress of this implementation where the robotic control system demonstrates a fault tolerance and a self-healing algorithm using human robot interaction in the process.

Somali Chaterji,Parinaz Naghizadeh,Muhammad Ashraful Alam,Saurabh Bagchi,Mung Chiang,David Corman,Brian Henz,Suman Jana,Na Li,Shaoshuai Mou,Meeko Oishi,Chunyi Peng,Tiark Rompf,Ashutosh Sabharwal,Shreyas Sundaram,James Weimer,Jennifer Weller

DOI: https://doi.org/10.48550/arXiv.2001.00090

2019-12-20

Abstract:Cyberphysical systems (CPS) are ubiquitous in our personal and professional lives, and they promise to dramatically improve micro-communities (e.g., urban farms, hospitals), macro-communities (e.g., cities and metropolises), urban structures (e.g., smart homes and cars), and living structures (e.g., human bodies, synthetic genomes). The question that we address in this article pertains to designing these CPS systems to be resilient-from-the-ground-up, and through progressive learning, resilient-by-reaction. An optimally designed system is resilient to both unique attacks and recurrent attacks, the latter with a lower overhead. Overall, the notion of resilience can be thought of in the light of three main sources of lack of resilience, as follows: exogenous factors, such as natural variations and attack scenarios; mismatch between engineered designs and exogenous factors ranging from DDoS (distributed denial-of-service) attacks or other cybersecurity nightmares, so called "black swan" events, disabling critical services of the municipal electrical grids and other connected infrastructures, data breaches, and network failures; and the fragility of engineered designs themselves encompassing bugs, human-computer interactions (HCI), and the overall complexity of real-world systems. In the paper, our focus is on design and deployment innovations that are broadly applicable across a range of CPS application areas.

Computers and Society,Distributed, Parallel, and Cluster Computing,Systems and Control

Linlin Li,Steven X. Ding,Liutao Zhou,Maiying Zhong,Kaixiang Peng

2024-09-20

Abstract:This paper is concerned with the detection, resilient and fault-tolerant control issues for cyber-physical systems. To this end, the impairment of system dynamics caused by the defined types of cyber-attacks and process faults is analyzed. Then, the relation of the system input and output signals with the residual subspaces spanned by both the process and the controller is studied. Considering the limit capacity of standard observer-based detection and feedback control schemes in detecting and handling the cyber-attacks, a modified configuration for cyber-physical systems is developed by transmitting the combinations of the input and output residuals instead of the input and output signals, which is facile for dealing with both the process faults and cyber-attacks. It is followed by the integrated design of fault and attack detection, resilient and fault-tolerant control schemes. To enhance the detectability of cyber-attacks, the potential stealthy attack mechanisms on deteriorating the tracking behavior and feedback control performance are developed from the attackers' point of view, and the associated detection schemes for such stealthy attacks are proposed from the defenders' point of view. A case study on the robotino system is utilized to demonstrate the proposed resilient cyber-physical configuration.

Systems and Control

Mehran Attar,Walter Lucia

2024-10-01

Abstract:This paper proposes a worst-case data-driven control architecture capable of ensuring the safety of constrained Cyber-Physical Systems under cyber-attacks while minimizing, whenever possible, potential degradation in tracking performance. To this end, a data-driven robust anomaly detector is designed to detect cyber-attack occurrences. Moreover, an add-on tracking supervisor module allows safe open-loop tracking control operations in case of unreliable measurements. On the plant side, a safety verification module and a local emergency controller are designed to manage severe attack scenarios that cannot be handled on the controller's side. These two modules resort to worst-case reachability and controllability data-driven arguments to detect potential unsafe scenarios and replace, whenever strictly needed, the tracking controller with emergency actions whose objective is to steer the plant's state trajectory in a predefined set of admissible and safe robust control invariant region until an attack-free scenario is restored. The effectiveness of the proposed solution has been shown through a simulation example.

Systems and Control,Optimization and Control

Jinheng Han,Junzhi Zhang,Chengkun He,Chen Lv,Xiaohui Hou,Yuan Ji

DOI: https://doi.org/10.1109/tvt.2022.3203056

IF: 6.8

2023-01-18

IEEE Transactions on Vehicular Technology

Abstract:Due to the numerical subsystems and functionalities among the platoon, failures easily occur and lead vehicle safety and stability to deteriorate. With the surge of platoon connectivity, the abnormal states arising in faulty vehicles will have an impact on adjacent healthy vehicles, potentially resulting in severe traffic accidents. To address the aforementioned problems and improve the functional safety of platoons, a systemic anti-fault safety consensus strategy is proposed in this article to deal with sensor faults, LOE actuator faults, and bias actuator faults simultaneously. To tackle the necessary defects, this safety consensus technique can be split into fault detection tasks and fault-tolerant control tasks. Initially, a distributed finite-time observer is employed to detect sensor faults through the index between the reconstructed states and received states. In the presence of actuator faults, a novel adaptive finite-time fault parameter estimation law collaboration with a feasible differential observer is developed to assess the precise fault extent. In addition, to improve the estimation performance of the adaptive fault parameter estimation law, an integral discounted cost function is constructed in this paper to obtain the optimal learning gain. Via theoretical analysis, the solution for the minimal value of the cost function and the finite-time convergence property are demonstrated in this paper. Furthermore, by utilizing this novel adaptive optimal finite-time estimation law, a novel distributed adaptive finite-time fault-tolerant controller is constructed to compensate for failures in platoon. Finally, the effectiveness and feasibility of our safety consensus strategy are verified by real-time simulations through the dSPACE platform.

telecommunications,engineering, electrical & electronic,transportation science & technology

Liang-Wei Ho,Gary G Yen

DOI: https://doi.org/10.1142/S0129065702001333

Abstract:The growing demand in system reliability and survivability under failures has urged ever-increasing research effort on the development of fault diagnosis and accommodation. In this paper, the on-line fault tolerant control problem for dynamic systems under unanticipated failures is investigated from a realistic point of view without any specific assumption on the type of system dynamical structure or failure scenarios. The sufficient conditions for system on-line stability under catastrophic failures have been derived using the discrete-time Lyapunov stability theory. Based upon the existing control theory and the modern computational intelligence techniques, an on-line fault accommodation control strategy is proposed to deal with the desired trajectory-tracking problems for systems suffering from various unknown and unanticipated catastrophic component failures. Theoretical analysis indicates that the control problem of interest can be solved on-line without a complete realization of the unknown failure dynamics provided an on-line estimator satisfies certain conditions. Through the on-line estimator, effective control signals to accommodate the dynamic failures can be computed using only the partially available information of the faults. Several on-line simulation studies have been presented to demonstrate the effectiveness of the proposed strategy. To investigate the feasibility of using the developed technique for unanticipated fault accommodation in hardware under the real-time environment, an on-line fault tolerant control test bed has been constructed to validate the proposed technology. Both on-line simulations and the real-time experiment show encouraging results and promising futures of on-line real-time fault tolerant control based solely upon insufficient information of the system dynamics and the failure dynamics.

Shan Liu,Shanbin Li,Bugong Xu

DOI: https://doi.org/10.1080/00207179.2018.1537518

IF: 2.102

2018-10-30

International Journal of Control

Abstract:In this paper, we research the resilient control problem for cyber-physical system (CPS) under denial-of-service (DoS) attacks. These malicious DoS attacks aim to impede the communication of measurement data or control data in order to endanger the functionality of the closed-loop system. Meanwhile, in order to save network resources, event-triggered mechanism has been introduced into this CPS. By exploiting the relationship between cyber system and physical system, we aim to design the resilient controller and resilient control strategy to tolerate a class of DoS signals characterised by probability without serious hazard to the stability and performance of CPS. Furthermore, considering that the transition probability of cyber state is unknown, the on-policy reinforcement learning method – SARSA (State-Action-Reward-State-Action) – is used to solve this problem. Thus a resilient control algorithm that integrates game theory, robust control theory, event-triggered control method and SARSA learning method is presented to enhance the security and robustness of the CPS. At last, the numerical simulation and experimental results are given to demonstrate the validity and applicability of the proposed algorithm.

automation & control systems

Lin Zhang,Xin Chen,Fanxin Kong,Alvaro A. Cardenas

DOI: https://doi.org/10.1109/rtss49844.2020.00028

2021-01-01

ACM Transactions on Embedded Computing Systems

Abstract:The increasing autonomy and connectivity in cyber-physical systems (CPS) come with new security vulnerabilities that are easily exploitable by malicious attackers to spoof a system to perform dangerous actions. While the vast majority of existing works focus on attack prevention and detection, the key question is "what to do after detecting an attack?". This problem attracts fairly rare attention though its significance is emphasized by the need to mitigate or even eliminate attack impacts on a system. In this article, we study this attack response problem and propose novel real-time recovery for securing CPS. First, this work's core component is a recovery control calculator using a Linear-Quadratic Regulator (LQR) with timing and safety constraints. This component can smoothly steer back a physical system under control to a target state set before a safe deadline and maintain the system state in the set once it is driven to it. We further propose an Alternating Direction Method of Multipliers (ADMM) based algorithm that can fast solve the LQR-based recovery problem. Second, supporting components for the attack recovery computation include a checkpointer, a state reconstructor, and a deadline estimator. To realize these components respectively, we propose (i) a sliding-windowbased checkpointing protocol that governs sufficient trustworthy data, (ii) a state reconstruction approach that uses the checkpointed data to estimate the current system state, and (iii) a reachability-based approach to conservatively estimate a safe deadline. Finally, we implement our approach and demonstrate its effectiveness in dealing with totally 15 experimental scenarios which are designed based on 5 CPS simulators and 3 types of sensor attacks.

Monowar Hasan,Sibin Mohan

2023-04-27

Abstract:Cyber-physical systems (CPS) are vulnerable to attacks targeting outgoing actuation commands that modify their physical behaviors. The limited resources in such systems, coupled with their stringent timing constraints, often prevents the checking of every outgoing command. We present a "selective checking" mechanism that uses game-theoretic modeling to identify the right subset of commands to be checked in order to deter an adversary. This mechanism is coupled with a "delay-aware" trusted execution environment (TEE) to ensure that only verified actuation commands are ever sent to the physical system, thus maintaining their safety and integrity. The selective checking and trusted execution (SCATE) framework is implemented on an off-the-shelf ARM platform running standard embedded Linux. We demonstrate the effectiveness of SCATE using four realistic cyber-physical systems (a ground rover, a flight controller, a robotic arm and an automated syringe pump) and study design trade-offs. Not only does SCATE provide a high level of security and high performance, it also suffers from significantly lower overheads (30.48%-47.32% less) in the process. In fact, SCATE can work with more systems without negatively affecting the safety of the system. Considering that most CPS do not have any such checking mechanisms, and SCATE is guaranteed to meet all the timing requirements (i.e., ensure the safety/integrity of the system), our methods can significantly improve the security (and, hence, safety) of the system.

Cryptography and Security

Lin Zhang,Kaustubh Sridhar,Mengyu Liu,Pengyuan Lu,Xin Chen,Fanxin Kong,Oleg Sokolsky,Insup Lee

DOI: https://doi.org/10.1109/RTAS58335.2023.00024

2023-01-01

Abstract:Cyber-physical systems (CPSs) leverage computations to operate physical objects in real-world environments, and increasingly more CPS-based applications have been designed for life-critical applications. Therefore, any vulnerability in such a system can lead to severe consequences if exploited by adversaries. In this paper, we present a data predictive recovery system to safeguard the CPS from sensor attacks, assuming that we can identify compromised sensors from data. Our recovery system guarantees that the CPS will never encounter unsafe states and will smoothly recover to a target set within a conservative deadline. It also guarantees that the CPS will remain within the target set for a specified period. Major highlights of our paper include (i) the recovery procedure works on nonlinear systems, (ii) the method leverages uncorrupted sensors to relieve uncertainty accumulation, and (iii) an extensive set of experiments on various nonlinear benchmarks that demonstrate our framework's performance and efficiency.

Shaopeng Zhu,Haojun Li,Guodong Wang,Chenyang Kuang,Huipeng Chen,Jian Gao,Wei Xie

DOI: https://doi.org/10.3390/act12060246

IF: 2.6

2023-06-14

Actuators

Abstract:This paper addresses the fault problem in distributed-four-wheel-drive electric vehicle drive systems. First, a fault-factor-based active fault diagnosis strategy is proposed. Second, a fault-tolerant controller is designed to reconstruct motor drive torque based on vehicle stability. This controller ensures that the vehicle maintains stability by providing fault-free motor output torque based on fault diagnosis results. To validate the effectiveness of the fault diagnosis and fault-tolerant control, SIL simulation is conducted using MATLAB/Simulink and CarSim. A hardware-in-the-loop (HIL) simulation platform with the highest confidence level is established based on NI PXI and CarSim RT. Through the HIL simulation experiments, it is shown that the proposed control strategy can accurately diagnose the operating state of the motor, rebuild the motor torque based on stability, and demonstrate robust stability when the drive system fails. Under various fault conditions, the maximum error in the vehicle lateral angular velocity is less than 0.017 rad/s and the maximum deviation in the lateral direction is less than 0.7 m. These findings substantiate the highly robust stability of the proposed method.

engineering, mechanical,instruments & instrumentation

Mehran Attar,Walter Lucia

2024-02-21

Abstract:In this paper, we propose a data-driven networked control architecture for unknown and constrained cyber-physical systems capable of detecting networked false-data-injection attacks and ensuring plant's safety. In particular, on the controller's side, we design a novel robust anomaly detector that can discover the presence of network attacks using a data-driven outer approximation of the expected robust one-step reachable set. On the other hand, on the plant's side, we design a data-driven safety verification module, which resorts to worst-case arguments to determine if the received control input is safe for the plant's evolution. Whenever necessary, the same module is in charge of replacing the networked controller with a local data-driven set-theoretic model predictive controller, whose objective is to keep the plant's trajectory in a pre-established safe configuration until an attack-free condition is recovered. Numerical simulations involving a two-tank water system illustrate the features and capabilities of the proposed control architecture.

Systems and Control

Pei-Ming Liu,Xiang-Gui Guo,Jian-Liang Wang,Xiang-Peng Xie,Fu-Wen Yang

DOI: https://doi.org/10.1109/tase.2023.3270489

IF: 6.636

2023-01-01

IEEE Transactions on Automation Science and Engineering

Abstract:This paper studies group synchronization tracking problem for a class of high-order multi-agent systems (MASs) with nonidentical and unknown direction faults (NUDFs) under multiple cyber attacks (i.e., denial-of-service (DoS) attacks and false data injection attacks (FDIAs)). Be motivated by this, a fully distributed hierarchical (cyber layer and physical layer) Zeno-free event-triggered (ET) intrusion-and fault-tolerant controller is presented based on Nussbaum-type gain technique, where a positive inter-event time exists in the state-dependent asynchronous ET mechanism (ETM). The constructed virtual cyber layer realizes the interaction among different agents so as to avoid the interaction in physical processes and thus reduce the error propagation. This two layer controller greatly increase the flexibility of the controller design compared with single-layer control strategies. In addition, a novel Nussbaum function stability lemma (Lemma lem4lem4) is developed for the first time. Based on this lemma, the fully distributed adaptive controller can adjust the direction of the input to match the fault direction with the help of Nussbaum function. Finally, a robotic manipulator example demonstrates the effectiveness and merit of the proposed control scheme. Note to Practitioners—In industrial processes, NUDFs and cyber attacks often occur in many different systems, which usually lead to performance degradation or even serious accidents. Typically, NUDFs affect the performance of chemical and industrial processes, circuits, and sensors. Meanwhile, in driverless vehicle platoon, attackers change the control signal through the wireless network, and then issue emergency braking commands, etc. Therefore, this paper designs a fully distributed hierarchical ET intrusion-and fault-tolerant scheme for high-order MASs that are usually used to model ship dynamics, robotic manipulators, and quarter-car active suspension. The control scheme gives solutions to the problem of NUDFs, multiple cyber attacks, and network bandwidth limitations at different layers, and effectively integrates the physical and cyber layers to achieve group synchronization. Meanwhile, a new event-triggered mechanism under the framework of group synchronization is developed to save communication resources. Robotic manipulator simulation studies verify the validity of the proposed scheme.

automation & control systems

Michael Burke,Neil Audsley

DOI: https://doi.org/10.1109/AERO.1998.682155

2010-04-08

Abstract:This paper examines the problem of introducing advanced forms of fault-tolerance via reconfiguration into safety-critical avionic systems. This is required to enable increased availability after fault occurrence in distributed integrated avionic systems(compared to static federated systems). The approach taken is to identify a migration path from current architectures to those that incorporate re-configuration to a lesser or greater degree. Other challenges identified include change of the development process; incremental and flexible timing and safety analyses; configurable kernels applicable for safety-critical systems.

Distributed, Parallel, and Cluster Computing

Fabin Cheng,Ben Niu,Ning Xu,Xudong Zhao,Adil M. Ahmad

DOI: https://doi.org/10.1109/tase.2023.3300723

IF: 6.636

2023-01-01

IEEE Transactions on Automation Science and Engineering

Abstract:In this paper, for a class of uncertain nonlinear systems, a low-computation design scheme for fault detection and performance recovery based on deferred replacement actuators is proposed. Different from the existing two mainstream adaptive fault-tolerant control schemes, the proposed method does not require prior knowledge of fault models, nor does it require multiple actuators working in parallel simultaneously to mitigate the impact of faults. The disadvantage of the former is that most of the considered fault models cannot cover all fault types, while the latter adds unnecessary wear and tear to actuators that do not generate faults. In order to overcome the shortcomings of the existing fault-tolerant control, a method with deferred actuator replacement is proposed. By designing a fault detection function and a shifting function, new error variables are reconstructed to achieve performance recovery. In addition, a computationally efficient design scheme is established through the idea of constraint control. Unlike the existing advanced technology, firstly, dealing with the problem of complexity explosion from a new perspective and ensuring the rationality of assumptions; secondly, analyze the controllability of system states during the deferred replacement stage. Finally, simulation results on a twin otter aircraft system verify the effectiveness of the proposed scheme. Note to Practitioners—For widely used modern control systems such as aircraft systems, self-driving systems, etc., it is extremely difficult to diagnose and repair the sudden fault behavior in a short time, and in this process, the adverse impact caused by the serious decline of the system performance is huge. Inspired by the practical application of airbus states in the flight control system, a fault-tolerant control scheme of deferred replacement actuators is designed in this paper. In addition, by designing a low-computation control scheme, the assumptions that are difficult to achieve in practice are relaxed, and the structure of the controller is very simple without the help of any auxiliary design. After fault detection, the replacement actuators strategy successfully realizes the recovery of the system performance within the specified time.

automation & control systems

Smitha Gautham,Abhilash Rajagopala,Athira Varma Jayakumar,Christopher Deloglos,Erwin Karincic,Carl Elks

DOI: https://doi.org/10.48550/arXiv.2009.09533

2020-09-20

Software Engineering

Abstract:Advanced embedded system technology is one of the key driving forces behind the rapid growth of Cyber-Physical System (CPS) applications. Cyber-Physical Systems are comprised of multiple coordinating and cooperating components, which are often software intensive and interacting with each other to achieve unprecedented tasks. Such complex CPSs have multiple attack surfaces and attack vectors that we have to secure against. Towards this goal, we demonstrate a multilevel runtime safety and security monitor framework where there are monitors across the CPS for detection and isolation of attacks. We implement the runtime monitors on FPGA using a stream-based runtime verification tool called TeSSLa. We demonstrate our monitoring scheme for an Autonomous Emergency Braking (AEB) CPS system.

Mehran Attar,Walter Lucia

DOI: https://doi.org/10.1002/rnc.7654

IF: 3.8973

2024-10-05

International Journal of Robust and Nonlinear Control

Abstract:In this article, we propose a data‐driven networked control architecture for unknown and constrained cyber‐physical systems capable of detecting networked false‐data‐injection attacks and ensuring plant's safety. In particular, on the controller's side, we design a novel robust anomaly detector that can discover the presence of network attacks using a data‐driven outer approximation of the expected robust one‐step reachable set. On the other hand, on the plant's side, we design a data‐driven safety verification module, which resorts to worst‐case arguments to determine if the received control input is safe for the plant's evolution. Whenever necessary, the same module is in charge of replacing the networked controller with a local data‐driven set‐theoretic model predictive controller, whose objective is to keep the plant's trajectory in a pre‐established safe configuration until an attack‐free condition is recovered. Numerical simulations involving a two‐tank water system illustrate the features and capabilities of the proposed control architecture.

automation & control systems,engineering, electrical & electronic,mathematics, applied