Mitigation and Resiliency of Multi-Agent Systems Subject to Malicious Cyber Attacks on Communication Links

Mahdi Taheri¹, Khashayar Khorasani¹, Iman Shames², and Nader Meskin³ ¹Mahdi Taheri (m

\_

[email protected]) and Khashayar Khorasani ([email protected]) are with the Department of Electrical and Computer Engineering, Concordia University, Montreal, Canada.²Iman Shames ([email protected]) is with the Department of Electrical and Electronic Engineering, University of Melbourne, Melbourne, Australia.³Nader Meskin ([email protected]) is with the Department of Electrical Engineering, Qatar University, Doha, Qatar.The authors would like to acknowledge the financial support received from NATO under the Emerging Security Challenges Division program. K. Khorasani and N. Meskin would like to acknowledge the support received from NPRP grant number 10-0105-17017 from the Qatar National Research Fund (a member of Qatar Foundation). K. Khorasani would also like to acknowledge the support received from the Natural Sciences and Engineering Research Council of Canada (NSERC) and the Department of National Defence (DnD) under the Discovery Grant and DnD Supplemental Programs. The statements made herein are solely the responsibility of the authors.

Abstract

This paper aims at investigating a novel type of cyber attack that is injected to multi-agent systems (MAS) having an underlying directed graph. The cyber attack, which is designated as the controllability attack, is injected by the malicious adversary into the communication links among the agents. The adversary, leveraging the compromised communication links disguises the cyber attack signals and attempts to take control over the entire network of MAS. The adversary aims at achieving this by directly attacking only a subset of the multi-agents. Conditions under which the malicious hacker has control over the entire MAS network are provided. Two notions of security controllability indices are proposed and developed. These notions are utilized as metrics to evaluate the controllability that each agent provides to the adversary for executing the malicious cyber attack. Furthermore, the possibility of introducing zero dynamics cyber attacks on the MAS through compromising the communication links is also investigated. Finally, an illustrative numerical example is provided to demonstrate the effectiveness of our proposed methods.

I Introduction

Multi-agent systems (MAS), due to their wide range of applications, such as in unnamed aerial vehicles (UAV), next generation aerospace and transportation systems, autonomous and drive-less cars, have been a major topic of research during the past decade [1, 2, 3, 4, 5]. One of the challenges in MAS is to reach a consensus among the agents in a distributed manner. This problem has been addressed for systems having various types of linear and nonlinear dynamics [1, 6, 7, 8]. To achieve consensus among agents, each agent needs to transmit its information to its nearest neighboring agents. This communication is carried out through network channels that exist among the agents.

Existence of communication networks make the multi-agent systems to be vulnerable to cyber attacks. Suppose a group of agents are on an intelligence, surveillance, and reconnaissance (ISR) mission and an intelligent adversary performs an attack on the incoming communication links for a subset of these agents. The adversary, using the incoming communication signals can directly modify the received data associated with the compromised agents. In such a scenario, one is interested in characterizing conditions under which the adversary is capable of taking over and controlling the remainder of the agents. This is the main question that we are investigating and providing solutions to in this paper.

The topic of security in cyber-physical systems (CPS) has received a considerable amount of attention in recent years [9, 10, 11, 12, 13]. In [9], a framework for cyber attacks and their monitoring methods was proposed. Moreover, limitations on monitoring of the cyber attacks for linear time invariant (LTI) systems were studied. The authors in [10] have studied various attack scenarios, such as the replay, zero dynamics, and bias injection attacks for LTI systems based on their proposed framework.

Cyber attacks in MAS and their detection methods have been studied from a system theoretic point of view. Secure consensus tracking control strategies considering two types of attacks were proposed for MAS in [14]. A distributed impulsive control for achieving synchronization in MAS subject to false data injection attacks has also been proposed in [15]. The work in [16] has suggested a control scheme for multi-agent systems with nonlinearities to reach a consensus while the agents are under deception attacks. In [17], cyber-physical attacks on MAS using a system theoretic approach has been studied. It was shown that the attack on one agent can spread into other agents that are reachable from the attacked agent. However, there are limitations and shortcomings in the above work as all cyber attacks on MAS are treated as similar to attacks on standard LTI systems. On the other hand, cyber attacks on communication channels among the agents and their significance and impacts have not been addressed and studied in the literature.

For various classes of MAS the controllability conditions are different as discussed in [18, 19, 20, 21, 22]. In [22], controllability of MAS under undirected network typologies was studied and upper and lower bounds on the controllable subspace of single integrator agents were given in terms of the distance and equitable partitions.

In the present paper, LTI MAS systems having directed graphs that are equipped with dynamic output feedback controllers that are also under adversarial false data injection attacks on their communication channels are considered. Our first objective is to investigate controllability of multi-agent systems from the adversary’s point of view. Next, by utilizing the MAS graph topology notions of security controllability indices are introduced. These metrics are utilized in determining from each directly attacked agent how many other agents can be compromised and controlled by the malicious adversary. Finally, conditions under which the adversary is capable of executing zero dynamics cyber attacks on the entire MAS network are provided.

Consequently, the main contributions of this work can be stated as follows. We first introduce the notion of controllability attacks on communication channels of the MAS systems. The importance of these attacks by studying and developing conditions that would provide the adversary full control over the entire MAS system is developed and formalized. Second, it is shown that the adversary is not capable of exciting zero dynamics of the directly attacked and healthy agents simultaneously.

The remainder of the paper is organized as follows. In Section II, the basic concepts in graph theory that are required are presented and model of MAS systems along with their observers are provided. Model of MAS systems where the communication channels are under attack as well as the objectives of this paper are introduced in Section III. In Section IV, necessary and sufficient conditions for the adversary to gain full control over the MAS systems network are formulated and presented. The limitations on zero dynamics attacks that the adversary is capable of injecting by compromising the communication channels are investigated in Section V. An illustrative numerical example to demonstrate the capabilities of our proposed methodologies is provided in Section VI.

II Preliminary

II-A Graph Theory

A graph $\mathcal{G}$ with a set of nodes or vertices $\mathcal{V}=\{1,\,2,...,\,N\}$ , an edge set $\mathcal{E}\subset\mathcal{V}\times\mathcal{V}$ , where an edge is defined by the pair of distinct vertices $\mathcal{G}:(i,j)\in\mathcal{E}$ , is called directed if $(i,j)\in\mathcal{E}$ does not imply $(j,i)\in\mathcal{E}$ . The adjacency matrix of $\mathcal{G}$ is defined as $\mathcal{A}=[a_{ij}]\in\mathbb{R}^{N\times N}$ , where $a_{ij}=1$ when there is a link from node $j$ to $i$ . The $\mathcal{N}_{i}$ is the set of neighbors of $i$ which consists of nodes that have an edge to the node $i$ , $|\mathcal{N}_{i}|=d_{i}$ , where $|\cdot|$ denotes the cardinality of the set. The in-degree matrix is defined as $D=\text{diag}(d_{1},\,d_{2},\dots,\,d_{N})$ , and the Laplacian matrix is then represented as $L=D-\mathcal{A}$ .

II-B Model of MAS, Observers, and Consensus Protocols

The state space representation of a MAS, consisting of $N$ agents, is governed by

\begin{split}\dot{x}_{i}(t)&=Ax_{i}(t)+Bu_{i}(t),\\ y_{i}(t)&=Cx_{i}(t),\,\,\,\,i=1,...,N,\end{split}

(1)

where $x_{i}(t)\in\mathbb{R}^{n}$ represents the states of the agent $i$ , $u_{i}(t)\in\mathbb{R}^{m}$ denotes the control input of the agent $i$ , $y_{i}(t)\in\mathbb{R}^{p}$ denotes the output of the $i$ -th agent, and $t$ denotes time. Matrices $(A,\,B,\,C)$ are of appropriate dimensions. It is assumed that the system $(A,\,B,\,C)$ is controllable and observable.

To design a consensus control protocol for the MAS in (1), one needs to first estimate the states of the system since only a few are assumed to be measurable. Consider the following observer-based consensus protocol for the system (1) [6]:

\begin{split}\dot{\hat{x}}_{i}(t)=&A\hat{x}_{i}(t)+Bu_{i}(t)+H\sum_{j\in\mathcal{N}_{i}}(\zeta_{\text{y}}(t)+C\zeta_{\text{x}}(t)),\\ u_{i}(t)=&K\hat{x}_{i}(t),\end{split}

(2)

where $\hat{x}_{i}(t)\in\mathbb{R}^{n}$ denotes the state of the observer for the $i$ -th agent, $\zeta_{\text{y}}(t)=y_{j}(t)-y_{i}(t)$ , $\zeta_{\text{x}}(t)=\hat{x}_{i}(t)-\hat{x}_{j}(t)$ , $H\in\mathbb{R}^{n\times p}$ is a full column rank observer gain matrix, and $K\in\mathbb{R}^{m\times n}$ is a control gain matrix that should be designed.

Lemma 1 ([23])

Given the matrices $Q,\,W,\,M,$ and $Z$ with appropriate dimensions, the Kronecker product $\otimes$ satisfies the following conditions:

$(i)\,(Q+W)\otimes M=Q\otimes M+W\otimes M$ ;
$(ii)\,(Q\otimes W)(M\otimes Z)=(QM)\otimes(WZ).$

III Problem Formulation

III-A Cyber Attack on the Communication Links

As described in (2), the agent $j\in\mathcal{N}_{i}$ transmits its observer state $\hat{x}_{j}(t)$ and output $y_{j}(t)$ to the agent $i$ as the pair $p_{ji}(t)=(\hat{x}_{j}(t),\,y_{j}(t))$ . Since this communication is carried out through a network link, it would be prone and vulnerable to cyber attacks, as illustrated in Fig. 1. The adversary disguises their injected signals as legitimate information from the neighboring agents of their target such that the targeted agent $i$ only receives the cyber attack signals. This cyber attack can be considered as a man-in-the-middle type of attack [24].

Consequently, the malicious attacker adds signals $a_{1}^{ji}(t)=a_{\hat{x}}^{ji}(t)-\hat{x}_{j}(t)$ and $a_{2}^{ji}(t)=a_{y}^{ji}(t)-y_{j}(t)$ to $p_{ji}(t)$ so that the agent $i$ receives $p_{ji}^{\text{a}}(t)=(\hat{x}_{j}(t)+a_{1}^{ji}(t),\,y_{j}(t)+a_{2}^{ji}(t))=(a_{\hat{x}}^{ji}(t),\,a_{y}^{ji}(t))$ from the agent $j$ . Two cyber attack signals $a_{\hat{x}}^{ji}(t)\in\mathbb{R}^{n}$ and $a_{y}^{ji}(t)\in\mathbb{R}^{p}$ are unknown and are to be designed based on the adversary’s intentions.

Refer to caption — Figure 1: A communication link cyber attack on the agent $i$ . $a_{1}^{ji}(t)$ designates the cyber attack on the transmitted states of the observer, and $a_{2}^{ji}(t)$ designates the cyber attack on the transmitted output measurements.

Assumption 1

The adversary is capable of executing the worst case scenario attack in which all the incoming communication links of a given agent are under attack.

Remark 1

Since the MAS have limited power resources and to make their communications more efficient they use the same communication protocols and encryption/decryption algorithms on all their communication channels [25]. Hence, if an adversary discovers a vulnerability for one channel of an agent, it is capable of attacking other channels as well.

Given the observer-based consensus protocol (2), the closed-loop equations of the system (1) and observer (2) given the communication link cyber attacks can be reformulated as follows:

$\displaystyle\dot{x}_{i}(t)$	$\displaystyle=$	$\displaystyle Ax_{i}(t)+BK\hat{x}_{i}(t),$	(3)
$\displaystyle\dot{\hat{x}}_{i}(t)$	$\displaystyle=$	$\displaystyle A\hat{x}_{i}(t)+BK\hat{x}_{i}(t)+H\sum_{j\in\mathcal{N}_{i}}(\zeta_{\text{y}}(t)+q_{i}a_{2}^{ji}(t)$	(4)
		$\displaystyle+C(\zeta_{\text{x}}(t)-q_{i}a_{1}^{ji}(t))),$	(4)

for $i=1,...,N$ with $q_{i}=1$ if the communication links of the agent $i$ are under attack, and $q_{i}=0$ , otherwise.

III-B Objectives

The objectives of this paper are threefold. The first objective is to investigate conditions on the MAS and its Laplacian matrix under which the adversary can gain full controllability over the system in (3). The adversary attempts to directly attack a subset of MAS agents and control the remaining agents as followers of the attacked agents. The second objective is to propose and investigate controllability measures that are based on graph of the MAS which is not fully controllable by the adversary and can be employed to inject attacks on agents that can be controlled through the directly attacked agents. And finally, the third objective is to study the possibility of executing zero dynamics attacks in the MAS governed by (3).

IV Controllability Cyber Attacks

IV-A Conditions for Controllability

In this subsection, controllability of the MAS (3) and its observer that is provided in (4) from the adversary’s point of view is studied. Let us define

\begin{split}\check{A}&=\begin{bmatrix}A&0\\ 0&A\end{bmatrix},\,\check{B}=\begin{bmatrix}0&B\\ 0&B\end{bmatrix},\,\check{H}=\begin{bmatrix}0&0\\ -H&H\end{bmatrix},\\ \check{H}_{\text{a}}&=\begin{bmatrix}0\\ H\end{bmatrix},\,\check{K}=\begin{bmatrix}K&0\\ 0&K\end{bmatrix},\,\check{C}=\begin{bmatrix}C&0\\ 0&C\end{bmatrix}.\end{split}

(5)

Using (5), the augmented dynamic of (3) and (4) can be derived as follows:

\begin{split}\dot{\check{x}}_{i}(t)=&(\check{A}+\check{B}\check{K})\check{x}_{i}(t)+\check{H}\check{C}\sum_{j\in\mathcal{N}_{i}}(\check{x}_{i}(t)-\check{x}_{j}(t))\\ &+\check{H}\check{C}\sum_{j\in\mathcal{N}_{i}}q_{i}\check{x}_{j}(t)+\check{H}_{a}q_{i}a_{i}(t),\end{split}

(6)

where $\check{x}_{i}(t)=[x_{i}(t)^{\top}\,\hat{x}_{i}(t)^{\top}]^{\top}$ , and $a_{i}(t)=\sum_{j\in\mathcal{N}_{i}}a_{y}^{ji}(t)-Ca_{\hat{x}}^{ji}(t)$ .

One can easily partition the agents into two groups, namely the first group contains agents that are directly under attack and the second group consists of agents that receive information from their neighboring agents without any manipulation by the adversary. Consequently, one has $x_{\text{f}}(t)=[\check{x}_{1}(t)^{\top},\,\check{x}_{2}(t)^{\top},...,\,\check{x}_{{N}_{\text{f}}}(t)^{\top}]^{\top}$ , which designates the state of those agents that are not directly under attack and act as followers. Second, $x_{\text{a}}(t)=[\check{x}_{N_{\text{f}}+1}(t)^{\top},\,\check{x}_{{N}_{\text{f}}+2}(t)^{\top},...,\,\check{x}_{N}(t)^{\top}]^{\top}$ , which designates the directly attacked agents. The subscripts “f” and “a” are used to denote followers and attacked agents, respectively. ${{N}}_{\text{f}}$ denotes the number of followers and ${{{N}}_{\text{a}}}$ denotes the number of attacked agents, where ${{N}}={{N}}_{\text{f}}+{{N}}_{\text{a}}$ . Without loss of generality, we assume that the first ${N}_{\text{f}}$ agents are not under attack. Consequently, the Laplacian matrix can be partitioned into the following form:

L=\begin{bmatrix}L_{\text{f}}&l_{\text{fa}}\\ l_{\text{af}}&L_{\text{a}}\end{bmatrix},

(7)

where $L_{\text{f}}\in\mathbb{R}^{N_{\text{f}}\times N_{\text{f}}}$ is a grounded Laplacian matrix [26], $L_{\text{a}}\in\mathbb{R}^{N_{\text{a}}\times N_{\text{a}}}$ , $l_{\text{fa}}\in\mathbb{R}^{N_{\text{f}}\times N_{\text{a}}}$ , and $l_{\text{fa}}\in\mathbb{R}^{N_{\text{a}}\times N_{\text{f}}}$ .

The dynamics of all $N$ agents can be expressed as follows:

	$\displaystyle\dot{x}_{\text{a}}(t)$	$\displaystyle=$	$\displaystyle A_{\text{a}}x_{\text{a}}(t)+B_{\text{a}}a(t),$		(8)
	$\displaystyle\dot{x}_{\text{f}}(t)$	$\displaystyle=$	$\displaystyle A_{\text{f}}x_{\text{f}}(t)+A_{\text{fa}}x_{\text{a}}(t),$		(9)

where $A_{\text{a}}=I_{N_{\text{a}}}\otimes(\check{A}+\check{B}\check{K})+D_{\text{a}}\otimes\check{H}\check{C}$ , $A_{\text{f}}=I_{N_{\text{f}}}\otimes(\check{A}+\check{B}\check{K})+L_{\text{f}}\otimes\check{H}\check{C}$ , $D_{\text{a}}=\text{diag}(d_{N_{\text{f}}+1},d_{N_{\text{f}}+2},...,\,d_{N})$ , $B_{\text{a}}=I_{N_{\text{a}}}\otimes\check{H}_{\text{a}}$ , $A_{\text{fa}}=l_{\text{fa}}\otimes\check{H}\check{C}$ , and $a(t)=[{a_{N_{\text{f}}+1}}(t)^{\top},\,{a_{N_{\text{f}}+2}}(t)^{\top},...,\,{a_{N}}(t)^{\top}]^{\top}$ . The dynamics of directly attacked agents (8) and the followers (9) can be augmented in the following form:

\begin{bmatrix}\dot{x}_{\text{a}}(t)\\ \dot{x}_{\text{f}}(t)\end{bmatrix}=\begin{bmatrix}A_{\text{a}}&0\\ A_{\text{fa}}&A_{\text{f}}\end{bmatrix}\begin{bmatrix}{x}_{\text{a}}(t)\\ {x}_{\text{f}}(t)\end{bmatrix}+\begin{bmatrix}B_{\text{a}}\\ 0\end{bmatrix}a(t).

(10)

We are now in a position to state our first definition as well as the first result of this section.

Definition 1

The MAS described in (10) is controllable by the adversary if, for every $x_{\text{a}}^{*}$ and $x_{\text{f}}^{*}$ and every finite $T>0$ , there exists an attack signal $a(t)$ , $0<t<T$ , such that the MAS states do transition from $x_{\text{a}}(0)=0$ and $x_{\text{f}}(0)=0$ to $x_{\text{a}}(T)=x_{\text{a}}^{*}$ and $x_{\text{f}}(T)=x_{\text{f}}^{*}$ , respectively.

Theorem 1

The adversary is capable of controlling the system (10) if the pairs $(\check{A}+\check{B}\check{K}+d_{i}\check{H}\check{C},\check{H}_{\text{a}})$ for $i=N_{\text{f}}+1,...,\,N$ , and $(A_{\text{f}},A_{\text{fa}})$ are controllable, $\text{rank}(\sum_{k=1}^{2nN-1}M_{k}Q_{k}^{\top}w_{1})$ is either equal to $2nN_{\text{f}}$ if $N_{\text{f}}\leq N_{\text{a}}$ or equal to $2nN_{\text{a}}$ if $N_{\text{a}}<N_{\text{f}}$ , where $Q=[Q_{1},\dots,Q_{(2nN-1)}]$ , $Q_{k}=A_{\text{a}}^{k}B_{\text{a}}$ for $k=1,\dots,\,2nN-1$ , $Q_{0}=B_{\text{a}}$ , $M=[M_{1},\dots,M_{(2nN-1)}]$ , $M_{k}=\sum_{z=0}^{k-1}A_{\text{f}}^{z}A_{\text{fa}}Q_{k-1-z}$ , columns of $M_{k}$ are nonzero, and $w_{1}\in\mathbb{R}^{(2nN_{\text{a}})\times(2nN_{\text{a}})}$ is a matrix that satisfies $w_{1}\in\text{ker}(B_{\text{a}}^{\top})$ .

Proof:

Let us define

A^{*}=\begin{bmatrix}A_{\text{a}}&0\\ A_{\text{fa}}&A_{\text{f}}\end{bmatrix},\,B^{*}=\begin{bmatrix}B_{\text{a}}\\ 0\end{bmatrix}.

(11)

The controllability matrix of the system (10), $\mathcal{C}^{*}=\begin{bmatrix}B^{*},&A^{*}B^{*},&\dots&{(A^{*})}^{2nN-1}B^{*}\end{bmatrix}$ , can be expressed in the following form:

\mathcal{C}^{*}=\begin{bmatrix}Q_{0}&Q_{1}&\cdots&Q_{(2nN-1)}\\ 0&M_{1}&\cdots&M_{(2nN-1)}\end{bmatrix}.

For the system (10) to be controllable, $\mathcal{C}^{*}$ should be of full row rank. Hence, controllability is achieved if $[Q_{0},\,Q]$ and $M$ are right invertible and rows of $Q$ and $M$ , under some conditions that are provided below, are linearly independent.

From the definition of $Q_{0}$ and $Q$ , one can conclude the right invertibility of $[Q_{0},\,Q]$ is equivalent to the pair $(A_{\text{a}},B_{\text{a}})$ being controllable. For this pair the matrix $D_{\text{a}}$ is diagonal, therefore, $A_{\text{a}}=\text{blockdiag}((\check{A}+\check{B}\check{K}+d_{N_{\text{f}}+1}\check{H}\check{C}),...,\,(\check{A}+\check{B}\check{K}+d_{N}\check{H}\check{C}))$ is a block diagonal matrix. The operator $\text{blockdiag}(\cdot)$ denotes a block diagonal matrix. In addition, $I_{N_{\text{a}}}\otimes\check{H}_{\text{a}}=\text{bockdiag}(\check{H}_{\text{a}},...,\,\check{H}_{\text{a}})$ is block diagonal. Hence, the controllability condition can be studied for each attacked agent separately.

The matrix $M=[M_{1},\dots,M_{(2nN-1)}]$ can be written as the product of two matrices, namely $M^{*}$ and $Q^{*}$ , i.e., $M=M^{*}Q^{*}$ , where

\begin{split}M^{*}=&\begin{bmatrix}A_{\text{fa}}&A_{\text{f}}A_{\text{fa}}&\dots&(A_{\text{f}})^{2nN-2}A_{\text{fa}}\end{bmatrix},\,\\ Q^{*}=&\begin{bmatrix}B_{\text{a}}&A_{\text{a}}B_{\text{a}}&A_{\text{a}}^{2}B_{\text{a}}&\cdots&A_{\text{a}}^{(2nN-2)}B_{\text{a}}\\ 0&B_{\text{a}}&A_{\text{a}}B_{\text{a}}&\cdots&A_{\text{a}}^{(2nN-3)}B_{\text{a}}\\ \vdots&\vdots&\ddots&&\vdots\\ \vdots&\vdots&&B_{\text{a}}&A_{\text{a}}B_{\text{a}}\\ 0&0&\cdots&0&B_{\text{a}}\end{bmatrix}\end{split}.

The rows of the matrices $M_{k}=\sum_{z=0}^{k-1}A_{\text{f}}^{z}A_{\text{fa}}Q_{k-1-z}$ , $k=1,\dots,2nN-1$ , are equal to the rows of $M^{*}$ multiplied by the columns of $Q^{*}$ . The matrices $M_{k}$ not having any zero column is equivalent to them not having any basis of $\text{ker}(M^{*})$ in common with basis of $\text{Im}(Q^{*})$ . In other words, $\text{ker}(M^{*})\cap\text{Im}(Q^{*})={0}$ . This condition along with the fact that the number of rows of $M^{*}$ is smaller than the dimensions of $Q^{*}$ , in turn imply that $\text{rank}(M)=\text{rank}(M^{*})$ . Consequently, for $M$ to be right invertible, $M^{*}$ should be of full row rank, which is satisfied if the pair $(A_{\text{f}},A_{\text{fa}})$ is controllable.

Considering $w_{1}\in\text{ker}(B_{\text{a}}^{\top})$ and an appropriate matrix $w_{2}$ , one has

\begin{bmatrix}w_{1}^{\top}&0\\ 0&w_{2}^{\top}\end{bmatrix}\begin{bmatrix}B_{\text{a}}&Q\\ 0&M\end{bmatrix}=\begin{bmatrix}0&w_{1}^{\top}Q\\ 0&w_{2}^{\top}M\end{bmatrix}.

(12)

Rows of $w_{1}^{\top}Q$ and $w_{2}^{\top}M$ should not be linearly dependent to have a right invertible $\mathcal{C}^{*}$ . This is satisfied if $w_{1}^{\top}Q\neq w_{2}^{\top}M$ for every $w_{2}$ . This implies there does not exist any $w_{2}^{\top}$ such that the rows of $w_{1}^{\top}Q$ and $w_{2}^{\top}M$ are linearly dependent if $\text{ker}(M)\nsubseteq\text{ker}(w_{1}^{\top}Q)$ . This condition is satisfied if $\text{ker}(M)\cap\text{ker}(w_{1}^{\top}Q)=0$ . For the latter condition to be satisfied the following matrix

\begin{split}S=&\begin{bmatrix}M_{1}&\dots&M_{(2nN-1)}\end{bmatrix}\times\begin{bmatrix}Q_{1}^{\top}w_{1}\\ \vdots\\ Q_{(2nN-1)}^{\top}w_{1}\end{bmatrix}\\ =&\sum_{k=1}^{2nN-1}M_{k}Q_{k}^{\top}w_{1},\end{split}

(13)

should be either full row rank if $N_{\text{f}}\leq N_{\text{a}}$ or full column rank if $N_{\text{a}}<N_{\text{f}}$ . This completes the proof of the theorem. ∎

Remark 2

Since the conditions in Theorem 1 are difficult to verify the adversary may not be able to gain control over the entire network as described in Definition 1. In such a scenario the adversary is capable of injecting its attack signals to the directly targeted agents and control the followers through them. In this type of attack, states of the directly attacked agents are used as control inputs to the followers.

The definition of controllability of MAS followers is provided below.

Definition 2

The followers (9) are controllable through the directly attacked agents by the adversary if for every $x_{\text{f}}^{*}$ and every finite $T>0$ , there exists a proper $x_{\text{a}}(t)$ , $0<t<T$ , such that the state transitions can be accomplished from $x_{\text{f}}(0)=0$ to $x_{\text{f}}(T)=x_{\text{f}}^{*}$ .

Assumption 2

The set of eigenvectors of $L_{\text{f}}$ span $\mathbb{R}^{N_{\text{f}}}$ .

It should be noted that the grounded Laplacian matrix in case of a directed graph is not necessarily diagonalizable. For example, consider the Laplacian matrix $L=[$ $1$ , $0$ , $0$ , $-1$ ; $-1$ , $1$ , $0$ , $0$ ; $0$ , $-1$ , $1$ , $0$ ; $0$ , $0$ , $-1$ , $1$ $]$ and its corresponding grounded Laplacian matrix $L_{\text{f}}=[$ $1$ , $0$ , $0$ ; $-1$ , $1$ , $0$ ; $0$ , $-1$ , $1$ $]$ , where the agent 4 is directly under cyber attack. The algebraic multiplicity of the eigenvalue of $L_{\text{f}}$ , namely $\lambda=1$ , is $3$ , however, its geometric multiplicity is $1$ , implying that $L_{\text{f}}$ is not diagonalizable. Since in the Theorem 2 provided below one requires $L_{\text{f}}$ to be diagonalizable, the above Assumption 2 is given.

Proposition 1 ([27])

The system $\dot{x}_{i}(t)=Ax_{i}(t)+Bu_{i}(t)$ is controllable if and only if $\forall$ $v_{k}$ , $k=1,...,\,n$ , where $v_{k}$ is the $k$ -th eigenvector of $A$ , $v_{k}\notin\text{ker}(B^{T})$ .

Theorem 2

Under Assumption 2 the adversary is capable of controlling the system (9) through the directly attacked agents (8) according to the Definition 2 if and only if the pairs $(\check{A}+\check{B}\check{K}+d_{i}\check{H}\check{C},\check{H}_{\text{a}})$ , $(L_{\text{f}},l_{\text{fa}})$ , and $(\check{A}+\check{B}\check{K}+\lambda_{j}\check{H}\check{C},\check{H}\check{C})$ are controllable for $i=N_{\text{f}}+1,...,\,N$ and $j=1,...,\,N_{\text{f}}$ , where $\lambda_{j}$ is the $j$ th eigenvalue of $L_{f}$ .

Proof:

In this attack scenario, the adversary uses $x_{\text{a}}(t)$ as the control input to the followers. Hence, the adversary should be capable of setting $x_{\text{a}}(t)$ to its desired value, which can be achieved if (8) is controllable. Consequently, the followers in (9) should be controllable through $x_{\text{a}}(t)$ . Since (8) is considered to be controllable, the adversary is capable of designing $a(t)$ such that $x_{\text{a}}(t)$ tracks its desired trajectory (see Theorem 5.2.5 and Corollary 5.2.6 in [28]).

The controllability condition of the pair $(A_{\text{a}},B_{\text{a}})$ was studied in Theorem 1. Controllability of $(A_{\text{f}},A_{\text{fa}})$ indicates that the followers are controlled via the state of the attacked agents, $x_{\text{a}}(t)$ . In view of Assumption 2, there always exists an invertible matrix $P$ , with its rows representing $N_{\text{f}}$ right eigenvectors of $L_{\text{f}}$ , such that $PL_{\text{f}}P^{-1}=\text{diag}(\lambda_{1},...,\lambda_{N_{\text{f}}})$ . Using the similarity transformation $P\otimes I_{n}$ , (9) can be rewritten as

\dot{x}^{\text{p}}_{\text{f}}(t)=(P\otimes I_{n})A_{\text{f}}(P^{-1}\otimes I_{n})x_{\text{f}}^{\text{p}}(t)+(P\otimes I_{n})(l_{\text{fa}}\otimes\check{H}\check{C})x_{\text{a}}(t),

(14)

where $x_{\text{f}}^{\text{p}}(t)=(P\otimes I_{n})x_{\text{f}}(t)$ . Since $P$ is nonsingular, the controllability of $x_{\text{f}}^{\text{p}}(t)$ implies the controllability of $x_{\text{f}}(t)$ . The matrix $(P\otimes I_{n})A_{\text{f}}(P^{-1}\otimes I_{n})=\text{blockdiag}(\check{A}+\check{B}\check{K}+\lambda_{1}\check{H}\check{C},...,\,\check{A}+\check{B}\check{K}+\lambda_{N_{\text{f}}}\check{H}\check{C})$ is block diagonal and $(P\otimes I_{n})(l_{\text{fa}}\otimes\check{H}\check{C})=Pl_{\text{fa}}\otimes\check{H}\check{C}$ . Consequently, (14) can be expressed in the following form:

\begin{split}\dot{x}^{p}_{\text{f}}(t)=&\text{blockdiag}(\check{A}+\check{B}\check{K}+\lambda_{1}\check{H}\check{C},...,\,\check{A}+\check{B}\check{K}+\lambda_{N_{\text{f}}}\check{H}\check{C})\\ &\times x_{\text{f}}^{\text{p}}(t)+(Pl_{\text{fa}}\otimes\check{H}\check{C})x_{\text{a}}(t).\end{split}

(15)

Since the rows of $P$ are the right eigenvectors of $L_{\text{f}}$ , in view of Proposition 1, the controllability of $(L_{\text{f}},\,l_{\text{fa}})$ can be interpreted as not having completely zero rows in the matrix $Pl_{\text{fa}}$ . The vector $x_{\text{f}}(t)$ contains the states of $N_{\text{f}}$ followers, however, due to the similarity transformation, $x_{\text{f}}^{\text{p}}(t)$ contains a combination of these states, but still one has $N_{\text{f}}$ modes that are the $N_{\text{f}}$ different blocks of $\text{blockdiag}(\check{A}+\check{B}\check{K}+\lambda_{1}\check{H}\check{C},...,\,\check{A}+\check{B}\check{K}+\lambda_{N_{\text{f}}}\check{H}\check{C})$ . Next we provide and prove the necessary and sufficient conditions of our proposed methodology that are stated in this theorem.

Necessary Condition: Assume the $j$ -th mode of (15) is controllable through $x_{\text{a}}(t)$ , while either $(\check{A}+\check{B}\check{K}+\lambda_{j}\check{H}\check{C},\check{H}\check{C})$ is not controllable or the $j$ -th row of $Pl_{\text{fa}}$ is zero. Due to block diagonal structure of (15), either the uncontrollability of $(\check{A}+\check{B}\check{K}+\lambda_{j}\check{H}\check{C},\check{H}\check{C})$ or the $j$ -th row of $Pl_{\text{fa}}$ being zero results in the uncontrollability of the mode $j$ , which contradicts the assumption on this mode.

Sufficient Condition: Suppose that the mode $j$ is uncontrollable, while $(\check{A}+\check{B}\check{K}+\lambda_{j}\check{H}\check{C},\check{H}\check{C})$ is controllable and the $j$ -th row of $Pl_{\text{fa}}$ is nonzero. However, from the block diagonal structure of (15), the mode $j$ being uncontrollable implies that either $(\check{A}+\check{B}\check{K}+\lambda_{j}\check{H}\check{C},\check{H}\check{C})$ is uncontrollable or the $j$ -th row of $Pl_{\text{fa}}$ is zero, which is a contradiction. This completes the proof of the theorem. ∎

Remark 3

As shown in Theorem 2, the problem of interest here is to show that there exists a proper $x_{\text{a}}(t)$ that satisfies the controllability objective provided in Definition 2. However, designing the attack signal $a(t)$ such that $x_{\text{a}}(t)$ follows the adversary’s desired trajectory is not within the scope of this paper and is not addressed here.

Remark 4

Generally speaking, the difference between the goals in Definitions 1 and 2 has resulted in different types of conditions that need to be satisfied in Theorems 1 and 2. In Theorem 1, the conditions are more restrictive, however they ensure controllability over the entire network for the adversary. Nevertheless, the main objective of the malicious hacker is to exert the maximum possible influence on the MAS given the available resources. Consequently, the adversary may not be able to control the entire network as studied in Theorem 1, whereas they can still compromise the system and lead the MAS to dangerous trajectories only if the conditions in Theorem 2 are satisfied. This result is illustrated through the numerical example that is provided in Section VI.

IV-B Cyber Security Controllability Index

As shown in Theorem 2, the only condition on controllability of the MAS that connects the structure of the communication graph among the followers and the directly attacked agents is the controllability of $(L_{\text{f}},l_{\text{fa}})$ . By leveraging this controllability condition, we aim to define two security metrics for the MAS. These notions can be used to evaluate the security of the MAS with respect to their controllability by an adversarial intruder. In this subsection, we assume that all the conditions in Theorem 2, except for the controllability of $(L_{\text{f}},l_{\text{fa}})$ , hold true. Let us denote $\hat{L}_{\text{f}}=PL_{\text{f}}P^{-1}=\text{diag}(\lambda_{1},...,\lambda_{N_{\text{f}}})$ and $\hat{l}_{\text{fa}}=Pl_{\text{fa}}$ , where rows of $P$ are the $N_{\text{f}}$ right eigenvectors of $L_{\text{f}}$ .

Definition 3

The security controllability index of the directly attacked agent $i$ , designated by $SCI_{i}$ , is defined by:

SCI_{i}=\text{rank}(\mathcal{C}_{i}),\,\,\,\,i=N_{\text{f}}+1,...,\,N,

(16)

where $\mathcal{C}_{i}=[(\hat{l}_{\text{fa}})_{i},\,\hat{L}_{\text{f}}(\hat{l}_{\text{fa}})_{i},\dots,\,\hat{L}_{\text{f}}^{N_{\text{f}}-1}(\hat{l}_{\text{fa}})_{i}]$ denotes the controllability matrix (considered not to be ill-conditioned) and $(\hat{l}_{\text{fa}})_{i}$ denotes the $i$ -th column of $\hat{l}_{\text{fa}}$ .

The maximum value for $SCI_{i}$ can be $N_{\text{f}}$ , which if satisfied implies that all the followers can be manipulated and controlled via the agent $i$ .

Definition 4

The security controllability index (SCI) of the MAS is defined as

SCI=\text{rank}(\mathcal{C}),

(17)

where $\mathcal{C}=[\hat{l}_{\text{fa}},\,\hat{L}_{\text{f}}\hat{l}_{\text{fa}},\dots,\,\hat{L}_{\text{f}}^{N_{\text{f}}-1}\hat{l}_{\text{fa}}]$ .

The problem for the adversary is to find the minimum number of directly attacked agents that gives the full control over the multi-agent network. More specifically, the adversary’s goal is to $\text{minimize}\,|N_{\text{a}}|$ such that $SCI=N_{\text{f}}$ . In the literature this problem is referred to as actuator placement problem [29]. Solving the above minimization problem provides the adversary with the minimum required number of agents that the hacker needs to compromise and attack. A few methods that incorporate graph of the network to select agents for ensuring controllability over the MAS have been suggested in [21, 19, 30, 31, 32].

Remark 5

Due to the possibility of existence of sufficiently small singular values and ill-conditioning of the matrices $\mathcal{C}$ and $\mathcal{C}_{i}$ for $i=N_{\text{f}}+1,...,\,N$ in (16) and (17), one may have nearly singular matrices. In such cases $\text{rank}(\mathcal{C})$ and $\text{rank}(\mathcal{C}_{i})$ can be computed by imposing a tolerance condition on computation of the rank such that if the singular value is smaller than a pre-specified tolerance level it is then considered to be zero.

V Zero Dynamics Attacks Through the Communication Links

Given an $s=s_{\text{a}}$ and the dynamics of the directly attacked agents in (8), the zero dynamics of the MAS are those $s_{\text{a}}$ in which the Rosenbrock system matrix

P_{\text{a}}(s)=\begin{bmatrix}sI-A_{\text{a}}&-(I_{N_{\text{a}}}\otimes\check{H}_{\text{a}})\\ I_{N_{\text{a}}}\otimes C&0\end{bmatrix}

(18)

is rank deficient, i.e., its rank falls below its normal rank. This implies that there exist nonzero $x_{\text{a}0}$ and $a_{0}$ such that

\begin{bmatrix}s_{\text{a}}I-A_{\text{a}}&-(I_{N_{\text{a}}}\otimes\check{H}_{\text{a}})\\ I_{N_{\text{a}}}\otimes\check{C}&0\end{bmatrix}\begin{bmatrix}x_{\text{a}0}\\ a_{0}\end{bmatrix}=0,

(19)

where $X_{\text{a}}(t)=x_{\text{a}0}e^{s_{\text{a}}t}$ with $X_{\text{a}}(t)$ defined as the solution to (8) and $a(t)=a_{0}e^{s_{\text{a}}t}$ .

The zero dynamics of the followers (9) are defined as $s=s_{\text{f}}$ and are associated with nonzero directional vectors $x_{\text{f}0}$ and $x_{\text{af}}$ such that the following is satisfied:

\begin{bmatrix}s_{\text{f}}I-A_{\text{f}}&-(l_{\text{fa}}\otimes\check{H}\check{C})\\ I_{N_{\text{f}}}\otimes\check{C}&0\end{bmatrix}\begin{bmatrix}x_{\text{f}0}\\ x_{\text{af}}\end{bmatrix}=0,

(20)

where $X_{\text{f}}(t)=x_{\text{f}0}e^{s_{\text{f}}t}$ with $X_{\text{f}}(t)$ as the solution to (9) and $X_{\text{a}}(t)=x_{\text{af}}e^{s_{\text{f}}t}$ .

Definition 5

The zero dynamics $s_{\text{a}}$ and $s_{\text{f}}$ are excited in the systems (8) and (9) if their initial conditions and the attack signal satisfy the conditions in (19) and (20), respectively.

From (19) and (20) one can conclude that the differences that exist between the attacked agents and the followers can result in having different zero dynamics in these two groups. Moreover, in case of an attacker exciting the zero dynamics, the states should satisfy $x_{i}(t)\in\text{ker}(C)$ , for $i=1,\dots,\,N$ , to have a zero output in the system [13].

Lemma 2

The zero dynamics of the followers (9) and the directly attacked agents (8) are excited by the adversary in the sense of Definition 5 if (20) and (19) for $s_{\text{a}}=s_{\text{f}}$ hold true, while $(l_{\text{fa}}\otimes\check{H}\check{C})x_{\text{af}}\neq 0$ and $(I_{N_{\text{a}}}\otimes\check{H}_{\text{a}})a_{0}\neq 0$ , respectively.

Proof:

Suppose the output of the system is zero with nonzero $x_{\text{af}}$ and $a_{0}$ that are in the $\text{ker}(l_{\text{fa}}\otimes\check{H}\check{C})$ and $\text{ker}(I_{N_{\text{a}}}\otimes\check{H}_{\text{a}})$ , respectively. This implies that the attack signal does not have an impact on exciting the zero dynamics. Therefore, in case of zero dynamics attack by the adversary it is necessary for the attack signals to satisfy $x_{\text{af}}\notin\text{ker}(l_{\text{fa}}\otimes\check{H}\check{C})$ and $a_{0}\notin\text{ker}((I_{N_{\text{a}}}\otimes\check{H}_{\text{a}}))$ . This completes the proof of the lemma. ∎

Theorem 3

The adversary is not capable of simultaneously exciting the zero dynamics of the directly attacked agents (8) and the followers (9) in the sense of Definition 5.

Proof:

Suppose the adversary excites the zero dynamics of directly attacked agents in (8) so that $X_{\text{a}}(t)=x_{\text{a}0}e^{s_{\text{a}}t}$ is in $\text{ker}(I_{N_{\text{a}}}\otimes\check{C})$ . Consequently, $x_{\text{a0}}$ should be of the form $x_{\text{a0}}=I_{N_{\text{a}}}\otimes\check{x}_{\text{a0}}$ , where $\check{x}_{\text{a0}}\in\text{ker}(\check{C})$ . Since $(l_{\text{fa}}\otimes\check{H}\check{C})\times(I_{N_{\text{a}}}\otimes\check{x}_{\text{a0}})=l_{\text{fa}}\otimes\check{H}\check{C}\check{x}_{\text{a0}}=0$ , one can conclude that $x_{\text{af}}=X_{\text{a}}(0)=x_{\text{a0}}\in\text{ker}(l_{\text{fa}}\otimes\check{H}\check{C})$ , which according to Lemma 2 implies that the adversary is not capable of exciting the zero dynamics of the followers. Now let us assume (20) holds and the zero dynamics of the followers are excited by the adversary. Therefore, $(l_{\text{fa}}\otimes\check{H}\check{C})x_{\text{af}}\neq 0$ is satisfied. This implies that $X_{\text{a}}(0)=x_{\text{af}}\notin\text{ker}(I_{N_{\text{a}}}\otimes\check{C})$ . Hence, (19) does not hold and the zero dynamics of the directly attacked agents (8) cannot be excited by the adversary. This completes the proof of the theorem. ∎

VI Numerical Example

In this numerical example, the controllability conditions that are provided in Theorems 1 and 2 are studied for a MAS system consisting of 6 agents. The agent dynamics and its observer are given by (1), and (2), respectively, with the following matrices [8]:

\begin{split}A&=\begin{bmatrix}-2&2\\ -1&1\end{bmatrix},\,B=\begin{bmatrix}1\\ 0\end{bmatrix},\,C=\begin{bmatrix}1&0\\ 0&1\end{bmatrix},\\ H&=\begin{bmatrix}0&0.3\\ -0.3&0\end{bmatrix},\,K=\begin{bmatrix}-1&2\end{bmatrix}.\end{split}

The communication graph among the agents is shown in Fig. 2, and its corresponding Laplacian matrix is $L=[$ 1, 0, 0, 0, 0, -1; 0, 2, 0, 0, -1, -1; 0, -1, 1, 0, 0, 0; 0, -1, -1, 2, 0, 0; 0, -1, 0, 0, 1, 0; 0, 0, 0, 0, -1, 1 $]$ .

Let us assume that the incoming communication links of agents 4, $5$ , and 6 are under attack so that one obtains $L_{\text{f}}=[$ 1, 0, 0; 0, 2, 0; 0, -1, 1 $]$ and $l_{\text{fa}}=[$ 0, 0, -1; 0, -1, -1; 0, 0, 0 $]$ , where the eigenvalues of $L_{\text{f}}$ are $\lambda_{1}=1$ , $\lambda_{2}=1$ , $\lambda_{3}=2$ , corresponding to the right eigenvectors $[1,\,0,\,0]^{T}$ , $[0,\,0,\,1]^{T}$ , and $[0,\,0.7071,\,-0.7071]^{T}$ , respectively. Since the geometric multiplicity of each eigenvalue is equal to its algebraic multiplicity, conditions in Assumption 2 hold. In this example, the conditions in Theorem 1 are not satisfied and $\text{rank}(\mathcal{C}^{*})=5$ . Hence, the adversary does not have control over the entire MAS system as provided in Definition 1, however, an adversary may still impact the followers as described in Definition 2 and Theorem 2.

Considering Theorem 2, the rank of the controllability matrices $(\check{A}+\check{B}\check{K}+d_{i}\check{H}\check{C},\check{H}_{a})$ for $i=4,\,5,\,6$ are equal to 4, the rank of the controllability of the pair $(L_{\text{f}},l_{\text{fa}})$ is 3, and the rank of the controllability of $(\check{A}+\check{B}\check{K}+\lambda_{j}\check{H}\check{C},\check{H}\check{C})$ for $j=1,\,2,\,3$ is equal to 4. Therefore, the adversary has the capability of manipulating and controlling the three agents 1, 2, 3 by simultaneously attacking the agents 4, 5, and 6.

As shown in Fig. 3, the six agents reach a consensus and their states converge, while at $t=30$ (s) the adversary injects its attack signals to the agents 4, 5, and 6 and the remaining agents are controlled through the directly attacked agents. In Fig. 3, to illustrate the capability of the adversary in controlling all the agents, the states of each agent are set to different values by choosing different attack signals for the directly attacked agents.

In Fig. 4, it can be seen that the attack that has occurred at $t=30$ (s) is designed such that the agents reach a new consensus that is desirable to the adversary. In this attack scenario, the directly attacked agents have the same attack signals so that they reach to the same point and the remaining agents follow them. This example illustrates that even without having full controllability over the MAS systems as stated in Definition 1, the adversary is capable of imposing a major impact on the trajectory and behavior of the agents.

The security controllability index for the directly attacked agents are $SCI_{4}=0$ , $SCI_{5}=1$ , $SCI_{6}=2$ , and for the MAS system is $SCI=3$ . It follows that $SCI_{4}=0$ , which implies that through agent 4 the adversary is not capable of controlling any of the followers. However, attacking the agents 5 and 6 do not provide controllability over the agent 4 to the adversary, and hence, in this case it will be attacked directly.

VII Conclusion

In this paper, certain types of cyber attacks on MAS systems were investigated and developed. In one cyber attack scenario, the adversary targets the incoming communication links for a team of agents and disguises the attack signals as transmitted information among the agents. Therefore, there are two groups of agents, those that are first directly attacked, and those that can be considered as followers of the first group. The conditions under which the adversary has full control over the two agent groups were investigated. The notions of security controllability for each of the directly attacked agents as well as the entire MAS system have been proposed and developed. These notions can be used to identify agents that allow the adversary high control authority over the MAS network. Finally, it was shown that the adversary is not capable of simultaneously performing zero dynamics attacks on the directly attacked agents and the followers. Relaxing the assumption in Theorem 2 is challenging and is a focus of our future work. Another important topic for further investigation is to study detectability conditions of cyber attacks on the MAS systems that were studied in this paper.

References

[1] R. Olfati-Saber and R. M. Murray, “Consensus problems in networks of agents with switching topology and time-delays,” IEEE Transactions on Automatic Control, vol. 49, no. 9, pp. 1520–1533, Sep. 2004.
[2] N. Meskin and K. Khorasani, “Actuator fault detection and isolation for a network of unmanned vehicles,” IEEE Transactions on Automatic Control, vol. 54, no. 4, pp. 835–840, April 2009.
[3] M. Davoodi, N. Meskin, and K. Khorasani, “Simultaneous fault detection and consensus control design for a network of multi-agent systems,” Automatica, vol. 66, pp. 185 – 194, 2016.
[4] I. Shames, A. M. Teixeira, H. Sandberg, and K. H. Johansson, “Distributed fault detection for interconnected second-order systems,” Automatica, vol. 47, no. 12, pp. 2757 – 2764, 2011.
[5] E. Semsar-Kazerooni and K. Khorasani, “Multi-agent team cooperation: A game theory approach,” Automatica, vol. 45, no. 10, pp. 2205–2213, 2009.
[6] J. Xu, L. Xie, T. Li, and K. Y. Lum, “Consensus of multi-agent systems with general linear dynamics via dynamic output feedback control,” IET Control Theory & Applications, vol. 7, no. 1, pp. 108–115, 2013.
[7] M. Taheri, F. Sheikholeslam, M. Najafi, and M. Zekri, “Adaptive fuzzy wavelet network control of second order multi-agent systems with unknown nonlinear dynamics,” ISA Transactions, vol. 69, pp. 89–101, 2017.
[8] Z. Li, Z. Duan, G. Chen, and L. Huang, “Consensus of multiagent systems and synchronization of complex networks: A unified viewpoint,” IEEE Transactions on Circuits and Systems I: Regular Papers, vol. 57, no. 1, pp. 213–224, 2009.
[9] F. Pasqualetti, F. Dörfler, and F. Bullo, “Attack detection and identification in cyber-physical systems,” IEEE Transactions on Automatic Control, vol. 58, no. 11, pp. 2715–2729, Nov 2013.
[10] A. Teixeira, I. Shames, H. Sandberg, and K. H. Johansson, “A secure control framework for resource-limited adversaries,” Automatica, vol. 51, no. Supplement C, pp. 135 – 148, 2015.
[11] A. Barboni, H. Rezaee, F. Boem, and T. Parisini, “Distributed detection of covert attacks for interconnected systems,” in 2019 18th European Control Conference (ECC). IEEE, 2019, pp. 2240–2245.
[12] A. Hoehn and P. Zhang, “Detection of covert attacks and zero dynamics attacks in cyber-physical systems,” in 2016 American Control Conference (ACC). IEEE, 2016, pp. 302–307.
[13] A. Baniamerian and K. Khorasani, “Security index of linear cyber-physical systems: A geometric perspective,” in 2019 6th International Conference on Control, Decision and Information Technologies (CoDIT), April 2019, pp. 391–396.
[14] Z. Feng, G. Hu, and G. Wen, “Distributed consensus tracking for multi-agent systems under two types of attacks,” International Journal of Robust and Nonlinear Control, vol. 26, no. 5, pp. 896–918, 2016.
[15] W. He, X. Gao, W. Zhong, and F. Qian, “Secure impulsive synchronization control of multi-agent systems under deception attacks,” Information Sciences, vol. 459, pp. 354–368, 2018.
[16] L. Ma, Z. Wang, and Y. Yuan, “Consensus control for nonlinear multi-agent systems subject to deception attacks,” in 2016 22nd International Conference on Automation and Computing (ICAC). IEEE, 2016, pp. 21–26.
[17] A. Mustafa and H. Modares, “Attack analysis for discrete-time distributed multi-agent systems,” in 2019 57th Annual Allerton Conference on Communication, Control, and Computing (Allerton). IEEE, 2019, pp. 230–237.
[18] Y. Guan, Z. Ji, L. Zhang, and L. Wang, “Controllability of multi-agent systems under directed topology,” International Journal of Robust and Nonlinear Control, vol. 27, no. 18, pp. 4333–4347, 2017.
[19] M. Ji, A. Muhammad, and M. Egerstedt, “Leader-based multi-agent coordination: Controllability and optimal control,” in 2006 American Control Conference. IEEE, 2006, pp. 6–pp.
[20] Y. Lou and Y. Hong, “Controllability analysis of multi-agent systems with directed and weighted interconnection,” International Journal of Control, vol. 85, no. 10, pp. 1486–1496, 2012.
[21] A. Rahmani, M. Ji, M. Mesbahi, and M. Egerstedt, “Controllability of multi-agent systems from a graph-theoretic perspective,” SIAM Journal on Control and Optimization, vol. 48, no. 1, pp. 162–186, 2009.
[22] S. Zhang, M. Cao, and M. K. Camlibel, “Upper and lower bounds for controllable subspaces of networks of diffusively coupled agents,” IEEE Transactions on Automatic control, vol. 59, no. 3, pp. 745–750, 2013.
[23] R. A. Horn and C. R. Johnson, “Topics in matrix analysis cambridge university press,” Cambridge, UK, 1991.
[24] Y. Desmedt, “Man-in-the-middle attack,” Encyclopedia of cryptography and security, pp. 759–759, 2011.
[25] D. Juneja, A. Singh, and A. Jagga, “Kqml based communication protocol for multi agent systems,” International Journal of Emerging Technologies in Computational and Applied Sciences (IJETCAS), vol. 12, pp. pp. 158–162, 05 2015.
[26] M. Pirani and S. Sundaram, “Spectral properties of the grounded laplacian matrix with applications to consensus in the presence of stubborn agents,” in 2014 American Control Conference. IEEE, 2014, pp. 2160–2165.
[27] W. L. Brogan, Modern control theory. Pearson education india, 1991.
[28] J. C. Willems and J. W. Polderman, Introduction to mathematical systems theory: a behavioral approach. Springer Science & Business Media, 1997, vol. 26.
[29] T. H. Summers and J. Lygeros, “Optimal sensor and actuator placement in complex dynamical networks,” IFAC Proceedings Volumes, vol. 47, no. 3, pp. 3784–3789, 2014.
[30] Y.-Y. Liu, J.-J. Slotine, and A.-L. Barabási, “Control centrality and hierarchical structure in complex networks,” Plos one, vol. 7, no. 9, p. e44459, 2012.
[31] A. Olshevsky, “Minimal controllability problems,” IEEE Transactions on Control of Network Systems, vol. 1, no. 3, pp. 249–258, 2014.
[32] K. Fitch and N. E. Leonard, “Optimal leader selection for controllability and robustness in multi-agent networks,” in 2016 European Control Conference (ECC). IEEE, 2016, pp. 1550–1555.