strategic topology switching for security?part ii: … strategic topology switching for security...
TRANSCRIPT
1
Strategic Topology Switching for Security–Part II:Detection & Switching Topologies
Yanbing Mao, Emrah Akyol, and Ziang Zhang
Abstract—This two-part paper considers strategic topologyswitching for the second-order multi-agent system under attack.In Part II, we propose a strategy on switching topologies toreveal zero-dynamics attack. We first study the detectabilityof zero-dynamics attack for the second-order multi-agent sys-tem under switching topology, which has requirements on theswitching times and switching topologies. Based on the strategyon switching times proposed in Part I [1] and the strategyon switching topologies proposed here, a decentralized strategictopology-switching algorithm is derived. Its primary advantagesare threefold: (i) in achieving consensus in the absence of attacks,the control protocol does not need velocity measurements andthe algorithm has no constraint on the magnitude of couplingstrength; (ii) in revealing zero-dynamics attack, the algorithmhas no constraint on the size of misbehaving-agent set, while itallows the defender or the system operator to have no knowledgeof the attack-starting time; (iii) in revealing zero-dynamics attack,if the Laplacian matrix of Xor graph generated by consecutiveswitching topologies has distinct eigenvalues, only one observedoutput of position is sufficient. Simulations are provided to verifythe effectiveness of the strategic topology-switching algorithm.
Index Terms—Multi-agent system, second-order consensus,strategic topology switching, zero-dynamics attack, attack de-tection.
I. INTRODUCTION
IN Part-I paper [1], the proposed control protocol un-der switching topology employs only relative positions
of agents, which is different from the well-studied controlprotocols that need both relative position measurements andrelative/individual velocity measurements [2]–[6]. The second-order multi-agent system under the proposed control protocolis described by
xi (t) = vi (t) (1a)
vi (t) = γn∑
j=1
aσ(t)ij (xj (t)− xi (t)), i = 1, . . . , n (1b)
where xi(t) ∈ R is the position, vi(t) ∈ R is the velocity,γ > 0 is the coupling strength, σ(t) : [0,∞) → S ,{1, 2, . . . , s}, s ∈ N, is the topology-switching signal. Here,σ(t) = pk ∈ S for t ∈ [tk, tk+1) means the pth topology isactivated over the time interval [tk, tk+1), k ∈ N0, and apk
ij
is the element of the adjacency matrix which describes theactivated pth topology of undirected communication network.
The main objective of this two-part paper is the strategictopology-switching algorithm for the second-order multi-agent
Y. Mao, E. Akyol and Z. Zhang are with the Department of Electricaland Computer Engineering, Binghamton University–SUNY, Binghamton, NY,13902 USA, (e-mail: {ymao3, eakyol, zhangzia}@binghamton.edu).
system under attack. The algorithm is based on two strategies,one of which on switching times and the other on switchingtopologies. The strategy on switching times, as introduced inPart-I paper [1], enables the second-order multi-agent systemin the absence of attacks, i.e., the system (1), to reach thesecond-order consensus. In the following, we present themathematical definition of the second-order consensus in thiscontext.
Definition 1: [2] The second-order consensus in the multi-agent system (1) is achieved if and only if the following holdsfor any initial condition:
limt→∞
|xi (t)− xj (t)| = 0, (2a)
limt→∞
|vi (t)− vj (t)| = 0,∀i, j = 1, . . . , n. (2b)
for any initial condition.The strategy on switching topologies proposed in this Part-
II paper enables the strategic topology-switching algorithmto reveal zero-dynamics attack. In revealing zero-dynamicsattack, the strategy allows the algorithm to have no knowledgeof attack-starting time, while it has no constraint on themisbehaving-agent set.
A. Related Work
Security concerns regarding networked cyber-physical sys-tems pose an existential threat to their wide-deployment, seee.g., Stuxnet malware attack and Maroochy Shire CouncilSewage control incident [7]. The “networked” aspect exacer-bates the difficulty of detecting and preventing aforementionedattacks since centralized measurement (sensing) and controlare not feasible for such large-scale systems [8], and hencerequires the development of decentralized approaches, whichare inherently prone to attacks. Recently, a special class ofstealthy attacks, namely the “zero-dynamics,” have gainedinterest. Here, the attacker’s goal is two fold: i) not beingdetected by the system by keeping the monitoring outputsunaltered (hence the name “stealthy”), ii) manipulating thesystem to accept false data (e.g., aggregation results), which issignificantly different from the actual data, see e.g., [9]. Whiledeveloping defense strategies for such zero-dynamics attackshave recently gained interest [8], [10]–[12] (see Table I for abrief summary), the space of solutions is yet to be thoroughlyexplored. The most prominent features of prior work are thatthey constrain the connectivity of network topology and thesize of the misbehaving-agent set [8], [10]–[12] or requirethe knowledge of attack-starting time at the defender side forattack detection [8], [10], [11], [13], [14]. The main objectiveof this work is to remove such constraints and unrealistic
arX
iv:1
711.
1118
1v2
[cs
.MA
] 5
Apr
201
8
2
Table ICONDITIONS ON DETECTABLE ATTACK
Reference Conditions Dynamics[10] connectivity is not smaller than 2|K| + 1 Discrete Time[11] |K| is smaller than connectivity Discrete Time[8] size of linking (K → M) is larger than |K| Continuous Time[12] the minimum vertex separator is larger than |K| + 1 Discrete Time
assumptions by utilizing a new approach for attack detection:intentional topology switching.1
B. Motivation of Part-II Paper
Recent experiment of stealthy false-data injection attackson networked control system [15] showed the changes in thesystem dynamics could be used to reveal stealthy attack. Tohave changes in the system dynamics to reveal zero-dynamicsattack, Teixeira et al. [13] considered the method of modifyinginput or output matrix. However, in more realistic situations,such as the defender or the system operator has no knowledgeof the attack-starting time, to reveal zero-dynamics attack thesystem dynamics has to be dynamic, i.e., the system dynamicschanges infinitely over infinite time. Therefore, before usingthe dynamic changes to reveal zero-dynamics attack in suchrealistic situations, the question that whether the dynamicchanges in system dynamics can destroy system stability inthe absence of attacks must be investigated. If the dynamicchanges can destroy the stability in the absence of attacks,such changes in system dynamics would be attacks, such asthe topology attack [16], [17].
For the dynamical networks, recent studies have highlightedthe important role played by the network topology [18]–[22].For example, Menck et al. [18] find that in the numericalsimulations of artificially generated power grids, tree-likeconnection schemes, so-called dead ends and dead trees, canstrongly diminish the stability; Schultz et al. [21] show thathow the addition of links can change the synchronizationproperties of network. These motivate us to consider themethod of topology switching such that the multi-agent systemcan have changes in its dynamics to reveal zero-dynamicsattack. The strategy on switching times proposed in Part-Ipaper [1] answers the question: when the topology of networkshould switch such that the occurring dynamic changes insystem dynamics do not undermine the agent’s ability ofreaching consensus in the absence of attacks. Based on thework in Part-I paper [1], this Part-II paper focuses on thestrategy on switching topologies that addresses the problem ofswitching to what topologies to reveal zero-dynamics attack.
C. Contribution of Part-II Paper
The contribution of this paper is threefold, which can besummarized as follows.
• Using the obtained detectability of attack, in Section IVwe propose a strategy on switching topologies, whichcan reveal zero-dynamics attack without constraint on the
1Topology changes in a multi-agent network have traditionally been consid-ered a problem dictated by nature, to be mitigated by the designer. Here, weintentionally change the topology to detect the zero-dynamics type of attacks.
size of misbehaving-agent set. Under the strategy that theLaplacian matrix of Xor graph, which is generated byconsecutive switching topologies, has distinct eigenval-ues, only one observed output of position is sufficient toreveal zero-dynamics attack.
• Based on the strategy on switching times and the strat-egy on switching topologies, a decentralized strategictopology-switching algorithm is proposed in Section V.To reveal zero-dynamics attack, the algorithm: (i) hasno constraint on the size of misbehaving-agent set; (ii)allows the defender or the system operator to have noknowledge of attack-starting time. To achieve the second-order consensus, the algorithm has no constraint onthe magnitude of coupling strength, while the controlprotocol does not need velocity measurements.
• Employing Luenberger observer, an attack-detection al-gorithm working under the proposed strategic topology-switching algorithm is derived in Section V.
D. Organization of Part-II Paper
Section II presents the notions and terminology. Problemformulation is given in Section III. In Section IV, we studythe detectability of zero-dynamics attack. Section V presentsa decentralized strategic topology-switching algorithm and acorresponding attack-detection algorithm . Numerical exam-ples are given in Section VI. Finally, in Section VII we presentthe conclusions of the two-part paper and the future researchdirections.
II. NOTIONS AND TERMINOLOGY
A. Notations
We use P < 0 to denote a negative definite matrix P . Fora set V , |V| denotes the cardinality (i.e., size) of the set. Inaddition, for a set K ⊆ V , V\K denotes the complement setof K with respect to V . Rn and Rm×n denote the set of n-dimensional real vectors and the set of m × n-dimensionalreal matrices, respectively. Let C denote the set of complexnumber. N represents the set of the natural numbers and N0
= N ∪ {0}. Let 1n×n and 0n×n be the n × n-dimensionalidentity matrix and zero matrix, respectively. 1n ∈ Rn and0n ∈ Rn denote the vector with all ones and the vector withall zeros, respectively. The superscript ‘⊤’ stands for matrixtranspose. ⊕ denotes the Xor operator.
The interaction among n agents is modeled by an undirectedgraph G = (V, E), where V = {1, 2, . . . , n} is the set ofvertices that represent n agents and E ⊂ V × V is the set ofedges of the graph G. The adjacency matrix A = [aij ] ∈ Rn×n
of the undirected graph G is defined as aij = (i, j) ∈ E , whereaij = aji = 1 if agents i and j interact with each other, andaij = aji = 0 otherwise. Assume that there are no self-loops,i.e., for any i ∈ V , aii = 0. A path is a sequence of connectededges in a graph. A graph is said to be connected if there isa path between every pair of vertices.
B. Preliminaries
The following definition and auxiliary lemmas will be usedthroughout this paper.
3
Definition 2 (Path Graph [23]): The path graph Pn is a treewith two nodes of vertex degree 1, and the other n− 2 nodesof vertex degree 2.
Lemma 1: [24] If the undirected graph G is connected, thenits Laplacian L ∈ Rn×n has a simple zero eigenvalue (witheigenvector 1n) and all its other eigenvalues are positive andreal.
Lemma 2: [25] The Laplacian of a path graph Pn has theeigenvalues as
λk = 2− 2 cos
((k − 1) π
n
), k = 1, . . . , n. (3)
Lemma 3 (Proposition 1.3.3 in [26]): Let G be a connectedgraph with diameter d. Then G has at least d + 1 distincteigenvalues, at least d+1 distinct Laplace eigenvalues, and atleast d + 1 distinct signless Laplace eigenvalues.
Lemma 4: [1] Consider the following system:
˙x (t) = −γL∫ t
0
x (τ)dτ + v(0), t ≥ 0 (4)
where γ > 0, L ∈ Rn×n is the Laplacian matrix of aconnected undirected graph; and x (t) ∈ Rn and v (t) =˙x (t) ∈ Rn satisfy (23) and (24), respectively. The solutionsof xi(t), i = 1, . . . , n, are obtained as:
xi (t) (5)
=n∑
l=2
qliq⊤l
(x (0) cos(
√γλlt)+
v (0)√γλl
sin(√
γλlt)
), t ≥ 0
where λl (λ1 = 0) are the nonzero eigenvalues that are asso-ciated with the orthogonal vectors ql = [ql1, . . . , qln]
⊤ ∈ Rn
of L, l = 2, . . . , n.Remark 1: Let σ(t) = r ∈ S for t ∈ [tk, tk+1) , k ∈ N0, the
dynamics in (1) can be rewritten as x (t) = −γLr
∫ t
tkx (τ)dτ
+ v(tk), t ∈ [tk, tk+1). Therefore, Lemma 4 implies that thesystem (1) under each fixed connected topology has a periodT such that{
vi (t) = vi (t + T ) , i = 1, · · · , nxi (t) = xi (t + T ) ,∀t ∈ [tk, tk+1) , ∀k ∈ N0.
(6)
Lemma 5: [1] Consider the function:
F (t) = ϖx⊤ (t) x (t)
2+
v⊤ (t) v (t)
2, (7)
with ˙x(t) = v(t) ∈ Rn. Along the solutions of the system (4),if the Laplacian matrix L has distinct eigenvalues and ϖsatisfies
0 < ϖ = γλi (L) , ∀i = 2, . . . , n, (8)
where λ1 (L) , . . . , λn (L) are the corresponding eigenvaluesof L. Then for any nonzero initial condition, there never existsa nonzero constant φ such that
F (t) = φ = 0, ∀t ≥ 0. (9)
Lemma 6: [1] Consider the second-order multi-agentsystem (1). For the given period T satisfying (6), scalars1 > β > 0, α > 0 and L ∈ N, if the dwell time τ , the
minimum dwell time τmin and the maximum dwell time τmax
satisfy
(β− 1L−1)
L
α−ξ<τmin≤τ≤τmax , τmax+
mT
2, m ∈ N (10)
with
ξ < α, (11)
0 < τmax <− lnβ
α, (12)
0 < τmax +mT
2−(β− 1
L − 1) L
α− ξ, (13)
ξ = maxr∈S,i=1,...,n
{1− γλi (Lr),−1 + γλi (Lr)} , (14)
where γ is the coupling strength of the multi-agent system (1),and λi (Lr) , . . . , λn (Lr) are the corresponding eigenvalues ofthe Laplacian matrix Lr. Then, the second-order consensus isachieved.
Remark 2: Lemma 6 provides a strategy on switching timesthat addresses the question: when should the topology of multi-agent system switch to reveal zero-dynamics attack, such thatthe changes in the system dynamics do not destroy systemstability in the absence of attacks?
Remark 3: In achieving the second-order consensus, thestrategy on switching times, provided by Lemma 6, has noconstraint on the magnitude of coupling strength. However,the solution obtained in Lemma 4 shows that the couplingstrength can affect the period T , which keeping Lemma 6 inmind, implies that the coupling strength can control the dwelltime of switching topologies, thus can affect the convergencespeed to consensus.
Lemma 7 (Simplified Finite-Time Consensus Algorithm with-out External Disturbances [27]): Consider the multi-agentsystem
ri = α
n∑
j=1
bij(rj−ri)mn+β
n∑
j=1
bij(rj−ri)pq , i=1,. . ., n (15)
where α > 0 and β > 0 are the coupling strengths, bij isthe element of the coupling matrix that describes topologyof an undirected connected communication network and itscorresponding Laplacian matrix is denoted as LA, the oddnumbers m > 0, n > 0, p > 0 and q > 0 that satisfy m > nand p < q. Its global finite-time consensus can be achieved,i.e.,
ri (t)− 1
n
n∑
i=1
ri (0) = 0,∀t ≥ P, i = 1, . . . , n. (16)
Further, the setting time P is bounded by
P <1
λ2 (LA)
(n
m−n2n
α
n
m− n+
1
β
q
q − p
). (17)
III. PROBLEM FORMULATION
We usually refer to an agent under attach as a misbehavingagent [11].
For simplicity, let K = {1, . . .} ⊆ V = {1, . . . , n} denotethe set of misbehaving agents, and M = {1, . . .} ⊆ K denote
4
the set of observed outputs. The multi-agent system (1) withits output under attack is described by
˙xi (t) = vi (t) , (18a)
˙vi (t) = γn∑
i=1
aσ(t)ij (xj (t)−xi (t))+gi (t)ui(t−κ), i∈V (18b)
yi (t) = xi(t) + gi (t) ui(t− κ), i ∈M (18c)
where σ(t) is the topology switching signal of the systemunder attack; yi (t) is observed output of agent i; gi (t) isagent i’s attack signal; κ ≥ 0 is the attack-starting time andui(t− κ) is the unit step function that is defined as
ui(t− κ) =
{1, t ≥ κ and i ∈ K0, otherwise. (19)
For the undirected topology, aσ(t)ij = a
σ(t)ji , it is straight-
forward to verify from (1) thatn∑
i=1
vi (t) = 0,∀t ≥ 0, which
implies that the average position x(t) =n∑
i=1
xi (t) proceeds
with the constant velocity
v =1
n
n∑
i=1
vi(t) =1
n
n∑
i=1
vi(0). (20)
Thus, the average position trajectory is
x(t) =1
n
n∑
i=1
xi (0) +1
n
n∑
i=1
vi (0)t. (21)
Based on v in (20) and x(t) in (21), we define fluctuations:
xi (t) = xi (t)− x(t), (22a)vi (t) = vi (t)− v, (22b)χi (t) = xi (t)− x(t), (22c)vi (t) = vi (t)− v. (22d)
It follows from (20), (21), (22a) and (22b) that
1⊤n x (t) = 0,∀t ≥ 0. (23)
1⊤n v (t) = 0,∀t ≥ 0. (24)
Using the defined fluctuations in (22c) and (22d), the sys-tem (18) can be equivalently transformed in the form ofswitched system under attack:
{z (t) = Aσ(t)z (t) + Bg (t)y (t) = CMz (t) + DMg(t)
(25)
where z (t) = [χ1 (t) , . . . , χn (t) , v1 (t) , . . . , vn (t)]⊤ ∈ R2n,
y(t) = y(t)− x(t)1|M| with y (t) =[y1(t), . . . , y|M|(t)
]⊤ ∈
Figure 1. Strategic topology-switching scheme for the second-order multi-agent system: two communication links control four topologies.
R|M|, and
Aσ(t) =
[0n×n 1n×n
−γLσ(t) 0n×n
], (26)
B =
[0n×n
[BK 0|K|×|V\K|
0|V\K|×|K| 0|V\K|×|V\K|
] ], (27)
BK =[e1, . . . , e|K|
]∈ R|K|×|K|, (28)
CM =[
e1 . . . e|M| 0|M|×(2n−|M|)], (29)
DM =[0|M|×n e1 . . . e|M| 0|M|×(n−|M|)
](30)
g(t) =
0n[g(t)
0|V\K|
] , (31)
g (t) =[g1 (t) u1(t− κ), . . . , g|K| (t) u|K|(t− κ)
]⊤, (32)
with ei ∈ R|K| and ei ∈ R|M| being the ith vectors of thecanonical basis.
Using the defined fluctuations in (22a) and (22b), thesystem (1) with introduction of the same outputs as in (25)in the absence of attacks, can be written equivalently in theform of fluctuations, that is
{˙z (t) = Aσ(t)z (t)y (t) = CMz (t)
(33)
where z (t) = [x1 (t) , . . . , xn (t) , v1 (t) , . . . , vn (t)]⊤ ∈ R2n,
y(t) =[x1(t), . . . , x|M|(t)
]⊤ ∈ R|M|, Aσ(t) and CM aregiven by (26) and (29), respectively.
The strategic topology-switching algorithm and the attack-detection algorithm, which will be proposed in Section V,are illustrated in Figure 1, where the clock icon along thecommunication link indicating the link logic is driven by time,i.e., the topology-switching signal is time-dependent.
We end this section by making the following assumptionson the attacker and defender.
Assumption 1: The attacker
1) has the knowledge of topology switching sequences,including the switching times and the activated topologiesat switching times;
5
2) can modify the initial condition arbitrarily if the attack-starting time is the initial time.
Assumption 2: The defender has no knowledge of the attack-starting time nor the set of misbehaving agents (i.e., it allowsall the agents to be misbehaving).
IV. DETECTABILITY OF ZERO-DYNAMICS ATTACK
As one class of stealthy attacks, the zero-dynamics attack’sone important property is its undetectability. This sectionwill focus on the detectability of zero-dynamics attack underswitching topologies.
A. Zero-Dynamics Attack
We first present the formal definitions of undetectableattack, and zero-dynamics attack, which is modified from [8],[11], [14] with introduction of attack-starting time, forcontinuous-time multi-agent systems.
Definition 3: (Undetectable Attack [8]) Consider the multi-agent systems (25) and (33). The attack signal g(t) in (25) isundetectable if ∃j ∈M : yj (t) = yj (t) ,∀t ≥ 0.
Definition 4: (Zero-Dynamics Attack [8], [11], [14]) Con-sider the following two systems
{p (t) = Ap (t) + Bg(t)y (t) = Cp (t) + Dg(t)
(34){
q (t) = Aq (t)y (t) = Cq (t)
(35)
where p(t), q(t) ∈ Rn, y(t), y(t) ∈ Rm with m ≤ n, g(t) ∈Ro with o ≤ n, A ∈ Rn×n, B ∈ Rn×o, C ∈ Rm×n andD ∈ Rm×o. The attack signal g(t) = g (κ) eλ(t−κ), t ≥ κwith κ ≥ 0, is a zero-dynamics attack if g(κ) = 0o and λ ∈ Csatisfy
[λI −A B−C D
] [p (κ)− q (κ)−g (κ)
]=
[0n
0m
]. (36)
Remark 4: Under the zero-dynamics attack policy (36), thestate and observed output of system (34) satisfy
y (t) = y (t) , ∀t ≥ 0 (37)
p (t) = q (t) + (p (κ)− q (κ)) eλ(t−κ), ∀t ≥ κ. (38)
The detailed proofs of the results (37) and (38) can be foundin [28]. The state solution (38) shows that through choosingthe parameter λ, the attacker can achieve various objectivescategorized as:
• Re (λ) > 0: making system unstable;• Re (λ) = 0, Im (λ) = 0: causing oscillatory behavior;• Re (λ) < 0: altering the steady-state value.
The output (37) indicates the undetectability property of zero-dynamics attack.
In Assumption 1, the attacker is assumed to have theknowledge of switching times and the activated topologiesat switching times. An intriguing question regarding attackdesign is that for attacker, whether it is wise to use the zero-dynamics attack policy (36) and the knowledge of switching
times and topologies to design dynamic stealthy attack. Let usconsider the following dynamic attack signal:
g (t) =
{gk (κk) eλk(t−κk), t ∈ [κk, ηk]02n, otherwise
(39)
where
tk < κk < ηk < tk+1, k ∈ N0 (40)
with κk, ηk and tk being the attack-starting time, the attackover time, and the topology-switching time, respectively.
This paper focuses on revealing zero-dynamics attack bystrategic topology switching, which implies that the ongoingzero-dynamics attack will be detected at the coming switchingtimes. The attack signal (39) together with the condition (40)mean that in order to avoid from being detected at topology-switching times, the attacker starts an attack right after thetopology switched and stops the attack just before the comingtopology-switching time.
Theorem 1: For the system (25) under attack signal (39),using the zero-dynamics attack policy (36), the attack (39)reveals itself at its first attack over time.
Proof: See Appendix A.Remark 5: In Theorem 1, the revealing time, i.e., the first
attack over time, which is smaller than the coming switch-ing time, implies that the attacker’s action “over attacking”shortens the duration of going undetected. Hence, although theattacker has the knowledge of switching times and topologies,it is not wise to adopt the zero-dynamics attack policy (36) todesign dynamic stealthy attack for the signal (39). Therefore,in the following sections, we do not consider such discontinu-ous signal (39) with dynamic attack strategy, we consider onlythe formal zero-dynamics attack signal: g(t) = g (κ) eλ(t−κ),t ≥ κ.
B. Strategy on Switching Topologies
To better illustrate the strategy on switching topologies, weintroduce the definition of components in a graph.
Definition 5 (Components of Graph [29]): The componentsof a graph G are its maximal connected subgraphs. A compo-nent is said to be trivial if it has no edges; otherwise, it is anontrivial component.
Definition 6: The Xor graph, denoted as Gxor, is generatedby Xor operation between the entries of adjacency matricesof two graphs G1 and G2, i.e., axor
ij = a1ij ⊕ a2
ij , where a1ij
(a2ij , axor
ij ) is the element of adjacency matrix that describesthe topology of communication network G1 (G2, Gxor).
Based on the components of Xor graph, we express theagent set as V = C1
∪ C2∪
. . .∪ Cd where d is the number
of the components of Xor graph and Cq, q ∈ {1, 2, . . . , d}, isthe set of agents in the qth component. Obviously, Cp
∩ Cq= ∅ if p = q. As an example, the Xor graph in Figure 2 hastwo nontrivial components, C1 = {1, 2, 3, 4}, C2 = {5, 6}, andtwo trivial components, C3 = {7}, C4 = {8}.
In the following theorem, we present the strategy on switch-ing topologies.
Theorem 2: Consider the multi-agent system under at-tack (25). If the strategy satisfies
6
Figure 2. Components of Xor graph.
(r1) after the attack starts at κ ≥ 0, the first topology-switching signal is time-dependent, i.e, σ(tk) where
k = arg minr∈N
{tr > κ} , (41)
is time-dependent;(r2) for the Xor graph generated by the two consecutive
topologies activated at tk−1 and tk, where k isdefined in (41),
(r2a) the Laplacian matrix associated with eachnontrivial component has distinct eigenval-ues,
(r2b) at least one agent in each component isequipped with the observed output of po-sition,
then, with no constraint on the misbehaving-agent set, thestrategy reveals zero-dynamics attack.
Proof of Theorem 2: Considering the requirement (r2b)on the set of outputs, to simplify the proof, we consider theextreme situation where only one agent in each componenthas observed output of position. Without loss of generality,we let the first agent in each component has observed outputof position. Thus, we define a set of indices of the first agentin each component:
O =
{1, 1 + |C1| , 1 + |C1|+ |C2| , . . . , 1 +
d∑
h=1
|Ch|}
, (42)
where d is the number of components of the Xor graphgenerated by the two consecutive topologies activated at tk andtk+1, where k is defined in (41). Therefore, in this situationwhere only one output of position in each component is
available, we rearrange the agents in such a way that thesystems (25) and (33) are rewritten as
S1 :
{z (t) = Aσ(t)z (t) + Bg (t)yj (t) = χj (t) + gj(t)uj(t− κ), ∀j ∈ O (43)
S2 :
{˙z (t) = Aσ(t)z (t)yj (t) = xj (t) ,∀j ∈ O (44)
where O is given by (42).Without loss of generality, we assume the attack-starting
time falls into the interval [tk−1, tk), k ∈ N. The strategy (r1)means after the attacker launches attack at κ, the switchingsignal σ(t) over the two consecutive intervals [κ, tk)∪[tk, ε) istime-dependent. Let us consider the systems (43) and (44) andlet z (t) = z (t) , t < κ. Now, during the time t ∈ [0, κ), g(t) ≡02n and the systems (43) and (44) are the identical. Since overthe two consecutive intervals [κ, tk) ∪ [tk, ε), the topology-switching signals σ(t) and σ(t) in (43) and (44) are time-dependent and identical, we conclude Aσ(t) = Aσ(t),∀t ∈[κ, tk) ∪ [tk, ε).
Let z (t) = z (t)− z (t) with z (0) = z (0)− z (0), yj (t) =yj (t)− yj (t) and xj (t) = χj (t)− xj (t). From (43) and (44)we have that for t ∈ [κ, tk) ∪ [tk, ε),
{˙z (t) = Aσ(t)z (t) + Bg (t)
yj (t) = xj (t) + gj(t)uj(t− κ), ∀j ∈ O.(45)
We now assume to the contrary that the system (43) haszero-dynamics attack.
Without loss of generality, we let σ(t) = 1 for t ∈ [κ, tk).By (36), we obtain[λ12n×2n −A1 B[−e⊤
j ,0⊤n
] [0⊤
n ,−e⊤j
]][
z(κ)−g(κ)
]=
[0⊤
2n
0
], ∀j∈O. (46)
Let us denote:
BK =
[BK 0|K|×|V\K|
0|V\K|×|K| 0|V\K|×|V\K|
], (47a)
gK (κ) =
[−g(κ)0|V\K|
]. (47b)
Substituting z (t) = z (t)− z (t) =
[χ (t)v (t)
]−[
x (t)v (t)
]∆=
[x (t)v (t)
], the matrix B given in (27) with (47a), the vector
g(κ) given in (31) with (47b), and the matrix A1 given by (26),into (46) yields,
λ1n×n−1n×n 0n×n 0n×n
γL1 λ1n×n 0n×n BK−e⊤
j 0⊤n 0⊤
n e⊤j
x(κ)v(κ)0n
gK (κ)
=
0n
0n
0
,∀j∈O. (48)
We now let the topology switches from topology 1 totopology 2 at instance tk. Let us denote ϵ = tk−κ. If the multi-agent system (43) has zero-dynamics attack over the time[tk, ε), z(κ)eλϵ and g(κ)eλϵ would be the state-zero directionand attack-zero direction for system (43) over the time interval
7
[tk, ε). Using the same analysis method to derive (48), weobtainλ1n×n−1n×n 0n×n 0n×n
γL2 λ1n×n 0n×n BK−e⊤
j 0⊤n 0⊤
n e⊤j
eλϵ
x(κ)v(κ)0n
gK (κ)
=
0n
0n
0
,∀j∈O
which is equivalent to
λ1n×n−1n×n 0n×n 0n×n
γL2 λ1n×n 0n×n BK−e⊤
j 0⊤n 0⊤
n e⊤j
x(κ)v(κ)0n
gK (κ)
=
0n
0n
0
,∀j∈O. (49)
From (48) and (49) we have
λx (κ)− v (κ) = 0n, (50)BKgK (κ) + γL1x (κ) + λv(κ) = 0n, (51)BKgK (κ) + γL2x (κ) + λv(κ) = 0n, (52)
xj (κ)− gj(κ) = 0, ∀j ∈ O. (53)
Considering the definition of components of Xor graph,L1 − L2 can be written as
L1 − L2 = diag {±L (C1) ,±L (C2) , . . . ,±L (Cd)} , (54)
where L (Cq), q ∈ {1, 2, . . . , d}, denote the Laplacian matrixof the qth component of Xor graph. Obviously, L (Cq) = 0 if|Cq| = 1. From (50)–(54), we observe that
(a) equation (50) is equivalent to λx (κ) = v (κ);(b) from (51) and (52), γ (L1 − L2) x (κ) = 0n;(c) if L (Cq), ∀q ∈ {1, 2, . . . , d}, has distinct eigen-
values, it has properties: (i) zero is one of itseigenvalues with multiplicity one, (ii) the eigenvectorthat corresponds to the eigenvalue zero is 1|Cq|,∀q ∈ {1, 2, . . . , d};
(d) equation (53) is equivalent to xj (κ) = gj(κ), ∀j ∈O;
(e) combining properties (c) and (d) can yield thesolution of Equation γ (L1 − L2) x (κ) = 0n asxj (κ) = . . . = xO(ij+1)−1 (κ) = gj(κ),∀j ∈ O,where ij+1 is index of element j + 1 in the set O,i.e., O(ij+1) = j + 1.
Now, based on the observations (a)–(e) above, we considerthe following two different cases.
Case 1: λ = 0: In this case, if the Laplacian matrix ofeach component has distinct eigenvalues, from Lemma 1,observation (a), observation (e), and (51) or (52), we haveBKgK (κ) = 0n, which is equivalent to g1(κ) = . . . =g|K|(κ) = 0, indicating there is no zero-dynamics attack byDefinition 4.
Case 2: λ = 0: In this case, if the Laplacian matrix ofeach component has distinct eigenvalues, observation (a) andobservation (e) imply that
vj(κ)= vj+1(κ)= . . .= vO(ij+1)−1(κ)=λgj(κ), ∀j∈O. (55)
Considering Lemma 1 and observation (e), substituting (55)into (51) or (52) yields BKgK (κ) = −λ2xj (κ)1n, which isequivalent to
gj (κ) = . . . = gO(ij+1)−1 (κ) = −λ2xj (κ) , ∀j ∈ O. (56)
From (56) and observation (d), we have gj (κ) =−λ2xj (κ) = xj (κ) , j ∈ O, which is equivalent to (1 +λ2)xj (κ) = 0, also impling xj (κ) = 0, ∀j ∈ O, or λ = ±i.
If xj (κ) = 0, ∀j ∈ O, considering observation (e) and (56),we conclude gj (κ) = . . . = gO(ij+1)−1 (κ) = 0, ∀j ∈ O, in-dicating that there is no zero-dynamics attack by Definition 4.
If λ = ±i, observation (a) means that ±ix (κ) = v (κ).If v (κ) = 0n, we have x (κ) = 0n and gK = 0n, whichshows there is no zero-dynamics attack by Definition 4. Ifv (κ) = 0n, ±ix (κ) = 0n, which implies the requirements asx(κ) ∈ Rn and v(κ) ∈ Rn in Definition 4 are not satisfied.Therefore, the zero-dynamics attack is ruled out in this case.
The analysis above shows that there is no zero-dynamics at-tack under the strategy in Theorem 2, which is a contradiction,and this completes the proof
Remark 6: The strategy (r2) in Theorem 2 implies that ifthe Laplacian matrix associated wutg each nontrivial compo-nent has distinct eigenvalues, then the minimum number ofobserved outputs required to reveal zero-dynamics attack isequivalent to the number of components of Xor graph. Takethe Xor graph in Figure 2 as an example. Two nontrivial com-ponents are path graphs. With 0 ≤ (k−1)π
n < π, ∀k = 1, . . . , n,Lemma 2 implies that the Laplacian matrix of path graphhas distinct eigenvalues. Hence, the Xor graph in Figure 2satisfies (r2a) in Theorem 2. Therefore, we conclude that ifthe topology set S includes Graph One and Graphs Two inFigure 2, the minimum number of outputs is four (the Xorgraph has four components).
If Xor graph has only one component and its Laplacian ma-trix has distinct eigenvalues, then only one output is sufficientto reveal zero-dynamics attack.
Corollary 1: Consider the system under attack (25). if thetopology-switching strategy satisfies
(r1) after the attack starts at κ ≥ 0, the first topology-switching signal is time-dependent, i.e, σ(tk) wherek is defined in (41), is time-dependent;
(r2) for the switching topologies activated at tk−1 and tk,Lσ(tk) − Lσ(tk−1) has distinct eigenvalues;
with no constraint on the misbehaving-agent set, only oneoutput of position suffices to reveal zero-dynamics attack.
Proof of Corollary 1: The strategy (r2) in Corollary 1means the Xor graph has only one component that its Lapla-cian matrix has distinct eigenvalues, then the set O definedby (42) would be O = {1}. The rest of the proof is omittedas it is the same as that of Theorem 1.
V. STRATEGIC TOPOLOGY SWITCHING
A. Decentralized Strategic Topology-Switching Algorithm
The finite-time consensus algorithm–Lemma 7, can be usedto estimate the global coordinators precisely in finite time.It is employed to derive a decentralized topology-switchingalgorithm. Furthermore, from (17) we can see that throughadjusting the control gains α and β, we obtain any desirablesetting time ∞ > P > 0.
8
If we adjust parameters α > 0 and β > 0 in thealgorithm (15) such that
1
λ2 (LA)
(n
m−n2n
α
n
m− n+
1
β
q
q − p
)< τmin, (57)
where τmin satisfy the left-hand side of (10), then the settingtime P in (17) satisfies P < τmin.
Based on (r2) in Theorem 2, we make the followingassumption on the topology set and the output set providedto the strategic topology-switching algorithm.
Assumption 3: The topology set S includes more than oneconnected topology:a) the Laplacian matrix associated with (at least) one topology
has distinct eigenvalues;b) for (at least) such two topologies, that
i) the Laplacian matrix associated with each nontrivialcomponent of their Xor graph has distinct eigenvalues,
ii) at least one agent in each component of their Xorgraph is equipped with observed output of position.
Based on Lemma 5, Lemma 6 and Theorem 2, through em-ploying the finite-time consensus algorithm (15), the deriveddecentralized strategic topology-switching algorithm that canreveal zero-dynamics attack is described by Algorithm 1.
Theorem 3: Consider the system under attack (25). If thetopology-switching signal is generated by Algorithm 1, thenthe following properties hold:
(i) In the absence of attacks, if the loop-stopping criteriaδ = 0 (in Line 1 of Algorithm 1), the agents achievethe second-order consensus.
(ii) In the absence of attacks, if the loop-stopping criteriaδ > 0, the agents achieve the second-order consensusunder admissible consensus error δ through finitelytopology switching, i.e., F (tk) ≤ δ with 0 < k <∞and F (t) given by (7).
(iii) Without any knowledge of the attack-starting time orthe constraint on the size of misbehaving-agent set,Algorithm 1 is able to reveal zero-dynamics attack.
Proof of Theorem 3: Considering Lemma 6 andLemma 5, the proofs of property (i) and property (ii) directlyfollows the proof of Part-I paper’s Theorem 2 in [1]. Thus, weonly prove property (iii).
Lines 4 and 5, Lines 11 and 12 of Algorithm 1 meanall the topology-switching signals σ(tk), k ∈ N0, are time-dependent. Therefore, the requirement (r1) in Theorem 2is satisfied. We note that the required topology set S andoutput set M in Input of Algorithm 1 follow Assumption 3,which corresponds to the requirement (r2) in Theorem 2.Therefore, by Theorem 2, we conclude the property (iii) underAlgorithm 1, which completes the proof.
Remark 7: In the extreme situation where only one outputof position is available, by Corollary 1 the requirements onswitching topology in Line 7 and Line 9 of Algorithm 1 wouldchange as Lσ(tk) has distinct eigenvalues, and Lσ(tk+1) −Lσ(tk) has distinct eigenvalues. Since Lemma 2 implies thatthe Laplacian matrix of a path graph has distinct eigenvaluesand Lemma 3 provides a guide to design more connectedgraphs with distinct Laplacian eigenvalues, it is not hard to
Algorithm 1: Decentralized Strategic Topology-SwitchingAlgorithmInput: Topology set S and output set M that satisfy the
requirements in Assumption 3, individualfunctions Fi (t) =
ϖx2i (t)2 +
v2i (t)2 with ϖ
satisfying (8), dwell time τ generated byLemma 6, initial time tk−1 = 0, initial topologyGσ(tk−1), loop-stopping criteria δ ≥ 0.
1 while F (tk−1) > δ do2 Input individuals Fi(tk) and Fi(tk) to agent i in the
finite-time consensus algorithm (15) at time tk;3 Output F (tk) and F (tk) from the finite-time
consensus algorithm (15) to the agents in (18) at timetk + τmin;
4 Run until the time tk + τ ;5 Update: tk+1 ← tk + τ ;6 if F (tk) = 0 then7 Switch the topology of network (18b) to σ(tk+1)
that satisfies:• σ(tk+1) = σ(tk),• Lσ(tk+1) has distinct eigenvalues,• Laplace matrix of each component of Gxor
= Gσ(tk+1) xor Gσ(tk) has distinct eigenvalues;8 else9 Switch the topology of network (18b) to σ(tk+1)
that satisfies:• σ(tk+1) = σ(tk),• Laplace matrix of each component of Gxor
= Gσ(tk+1) xor Gσ(tk) has distinct eigenvalues;10 end11 Update the topology-switching time: tk−1 ← tk;12 Update the topology-switching time: tk ← tk+1.13 end
select such two topologies. Figure 3 provides an example onhow to select such two topologies: one path graph and onering graph.
B. Attack Detection
Before proceeding on the attack-detection algorithm, let usconsider the following system under switching topology:
ex (t) = ey (t) , (58a)
ey (t) = −γLσ(t)ex (t) + ηΛex (t) , (58b)
where ex(t) ∈ Rn, ey(t) ∈ Rn, Lσ(t) is a Laplacian matrixof a connected undirected graph and
Λ = diag{ 1︸︷︷︸O(1)
, 0, . . . , 1︸︷︷︸O(2)
, 0, . . . , 1︸︷︷︸O(d)
, . . .} ∈ Rn×n, (59)
with O given by (42).Now, we present the following lemmas that can be used to
derive an attack-detection algorithm under strategic topology-switching algorithm.
9
Figure 3. Laplacian matrix of Xor graph has distinct eigenvalues by Lemma 2.
Lemma 8: Consider the system
ex (t) =(ηΛ− γL
)∫ t
0
ex (τ)dτ + ey (0) , t ≥ 0 (60)
where ex(t) = ey(t) ∈ Rn, L ∈ Rn×n is the Laplacian matrixof a connected undirected graph, and Λ is given by (59). If
A ∆= ηΛ− γL < 0, (61)
the system solutions, exi(t), i = 1, . . . , n, are obtained as
exi(t) (62)
=
n∑
l=1
qliq⊤l
(ex (0) cos(
√λlt) +
ey (0)√λl
sin(
√λlt)
), t ≥ 0
where λl, l = 1, . . . , n, are the eigenvalues of the matrixA defined in (61), and ql = [ql1, . . . , qln]
⊤ ∈ Rn is theorthogonal vector associated with the eigenvalue λl of the realsymmetric matrix A.
Proof of Lemma 8: The proof is is omitted since it is asthe same as the proof of Lemma 4 in Part-I paper [1].
Remark 8: Let σ(t) = r ∈ S for t ∈ [tk, tk+1) , k ∈N0. Then, the dynamics (58) can be rewritten as ex(t) =(ηΛ − γLr)
∫ t
tkex (τ)dτ + ey(tk), t ∈ [tk, tk+1). Therefore,
Lemma 8 implies that for the system (58) under each fixedtopology, if ηΛ− γLr < 0, there exist a period T such that
exi (t) = exi
(t + T
), i = 1, . . . , n,
eyi (t) = eyi
(t + T
),∀t ∈ [tk, tk+1) , ∀k ∈ N0.
(63)
Lemma 8 shows that either the coupling strength γ > 0 orthe control gain η can control the period T .
Lemma 9: Consider the second-order multi-agent systemunder switching topology (58) with
Ar∆= ηΛ− γLr < 0, ∀r ∈ S (64)
where Λ is given by (59). For the given common period T ofthe period T satisfying (6) and the period T satisfying (63),scalars 1 > β > 0, α > 0 and L ∈ N, if the dwell time τ , the
minimum dwell time τmin and the maximum dwell time τmax
satisfy
ϕmax < τmin ≤ τ ≤ τmax , τmax +mT
2, m ∈ N (65)
with
ϕmax = (β− 1L − 1)max
{L
α− ξ,
L
α− ϱ
}, (66)
α > max{
ξ, ϱ}
, (67)
0 < τmax <− ln β
α, (68)
0 < τmax + mT
2− ϕmax (69)
ξ = maxr∈S,i=1,...,n
{1− γλi (Lr),−1 + γλi (Lr)} , (70)
ϱ = maxr∈S,i=1,...,n
{1− λi (Ar),−1 + λi (Ar)} , (71)
where λ1 (Lr) , . . . , λn (Lr) and λ1 (Ar) , . . . , λn (Ar) are thecorresponding eigenvalues of the matrix Lr and the matrixAr, respectively. Then, the system is globally uniformlyasymptotically stable.
Proof of Lemma 9: Since T is a common period of theperiod T and the period T , we conclude that Lemma 9 impliesLemma 6. The rest of the proof is omitted since it is the sameas that of Lemma 6 in Part-I paper [1].
Inspired by the attack-detection algorithm proposed in [8],which is based on Luenberger observer, we present in thefollowing a detection algorithm that has the minimum numberof outputs in detecting a zero-dynamics attack.
Theorem 4: For the system (18), consider the attack-detection filter
x (t) = v (t) , (72a)
v (t) =(−γLσ(t) + ηΛ
)x (t)− ηΛy (t) , (72b)
Λr (t) = Λx (t)− Λy (t) , (72c)
where x(0) = x(0), v(0) = v(0), y(t) is the output of sys-tem (18) and Λ is given by (59). If (64) holds, the dwell timeτ in Algorithm 1 is generated by Lemma 9, and the topology-switching signals of the filter (72) and the system (18) aregenerated by Algorithm 1 simultaneously, then
i) Λr(t) ≡ 0n, ∀t ≥ 0, if and only if gi(t) ≡ 0, ∀i ∈ K,∀t ≥ 0,
ii) in the absence of attacks, the filter errors ex(t) =x(t) − x(t) and ev(t) = v(t) − v(t) are globallyuniformly asymptotically stable,
iii) in the absence of attacks, if the loop-stopping criteriaδ = 0 (in Line 1 of Algorithm 1), the agents achievethe second-order consensus,
iv) in the absence of attacks, if the loop-stopping criteriaδ > 0 (in Line 1 of Algorithm 1), by finitelytopology switching, the agents achieve the second-order consensus under admissible consensus error δ,i.e., F (tk) ≤ δ with 0 < k < ∞ and F (t) givenby (7).
10
Proof of Theorem 4: Proof of i): Let us define the errorsex(t) = x (t) − x (t), ev(t) = v (t) − v (t) and e⊤ (t) =[e⊤x (t) , e⊤
y (t)]. From (43) and (72), we have
{e (t) = Aσ(t)e (t) + Bg (t)rj (t) = exj (t)− gj(t),∀j ∈ O
(73)
where
Aσ(t) =
[0n×n 1n×n
−γLσ(t) + ηΛ 0n×n
], (74)
B =
[0n×n
[BK + ηΛ 0|K|×|V\K|0|V\K|×|K| 0|V\K|×|V\K|
] ], (75)
with Λ and BK given by (59) and (47a), respectively.We replace Aσ(t) and B in the proof of Theorem 2 by
Aσ(t) in (74) and B in (75), respectively. Then, using thesame analysis method as the one employed to obtain (49), wehave
λ1n×n −1n×n0n×n 0n×n
γL2 − ηΛλ1n×n 0n×nBK + ηΛ−e⊤
j 0⊤n 0⊤
n e⊤j
ex(κ)ey(κ)0n
gK (κ)
=
0n
0n
0
, ∀j∈O. (76)
The third equation included in (76) implies ηΛex (κ) =ηΛgK (κ) where Λ is given by (59), from which (76) can berewritten equivalently as
λ1n×n −1n×n 0n×n 0n×n
γL2 λ1n×n 0n×n BK−e⊤
j 0⊤n 0⊤
n e⊤j
ex(κ)ey(κ)0n
gK (κ)
=
0n
0n
0
, ∀j∈O.
Then, following the same lines as those in the proof ofTheorem 2, we conclude that there is no zero-dynamics attack.
Proof of ii): In the absence of attacks, the dynamics (73)is equivalent to the dynamics (58). Hence, by Lemma 9, wehave ii) in Theorem 4.
Proof of iii): Since Lemma 9 implies Lemma 6, by Lemma 6we conclude iii) in Theorem 4
The proof of iv) is carried out in the same way as the proofof (ii) in Theorem 3.
Remark 9 (Off-Line Calculation): The solutions (5) and (62)implies that with the only knowledge of the number of agents,the required period T and T can be obtained. However, thecomputation is complex and the obtained period would belarge. The well-developed distributed eigenvalue and eigen-vector estimation algorithms [30], [31] can be used to obtainsmall periods.
VI. SIMULATION
To demonstrate the effectiveness of the proposed strategictopology-switching algorithm, we consider a system withn = 4 agents. The initial position and velocity conditions arechosen randomly as x(0) = v(0) = [1, 2, 3, 4]
⊤.To verify the effectiveness of Algorithm 1 in revealing zero-
dynamics attack, we consider the following extremely badsituation, where
• all the agents are misbehaving agents, i.e., K ={1, 2, 3, 4},
Table IICANDIDATE TOPOLOGIES
Index σ(t) aσ(t)12 aσ(t)
13 aσ(t)14 aσ(t)
23 aσ(t)24 aσ(t)
341∗ 1 0 0 1 0 12∗ 1 1 0 0 1 13∗ 1 1 0 0 1 0
• the connectivity of each candidate topology is signifi-cantly low: one for the path graph and two for the ringgraph,
• only one output of position is available, let M = {1}.Let us set the coupling strength in the system (18) and
the control gain in the filter (72) as γ = 2 and η = −8.The candidate topologies are given in Table II. Since both thetopology 3∗ and topology 1∗ are path graphs, the eigenvaluesof the Laplacian matrices of topologies 1∗ and 2∗ suffice tocalculate the common period. The required eigenvalues arecomputed as
[λ1 (L1) , λ2 (L1) , λ3 (L1) , λ4 (L1)] = [0, 0.6, 2, 3.4] , (77)[λ1 (L2) , λ2 (L2) , λ3 (L2) , λ4 (L2)] = [0, 2, 2, 4] , (78)
[λ1 (A1) , λ2 (A1) , λ3 (A1) , λ4 (A1)] = [−0.5,−1,
−1.6,−7.9] , (79)[λ1 (A2) , λ2 (A2) , λ3 (A2) , λ4 (A2)] = [−0.5,−1.3,
−3.9,−10.1] . (80)
Using the eigenvalues in (77)–(80) and the state solutionsin (5) and (62), following (65) and (69), we select the dwelltime τ = T
2 + 0.1 = 15.1.Let the attack-starting time be the initial time, i.e., κ = 0.
Hence, under Assumption 1, the attacker can modify the initialconditions arbitrarily.
A. Zero-Dynamics Attack Design
First, we consider the topology set S = {2∗, 3∗} where therepresentations of 2∗ and 3∗ are given in Table II. Obviously,the set S = {2∗, 3∗} does not satisfy the strategy (r2) inTheorem 2. Thus, the attacker can easily design a zero-dynamics attack such that Algorithm 1, with only one outputof position, fails to detect it.
Let the attacker’s goal be to make the system working underAlgorithm 1 unstable, without being detected. Following thezero-dynamics attack policy (36) in Definition 4, one of itsattack strategies is designed as
• λ = 1,• introduce attack signal: g(t) = [−et,−et, 4et, 4et]
⊤,• modify the initial conditions: x (0) = v (0) = [2, 3, 5, 6]
⊤.The trajectories of the attack-detection signal r1(t) deigned
by Theorem 4 and the state x1(t) are shown in Figure 4,which illustrates that the attacker’s goal of making the systemunstable without being detected is achieved under the topologyset S = {2∗, 3∗}.
B. Reveal Zero-Dynamics Attack
We now turn to the topology set S = {1∗, 2∗} to reveal theattack. We note that in the extremely bad situation, the existing
11
0 5 10 15 20 25 30Time
-2
0
2
4
6
8
10
121012
attack-detection signal r1(t)
state x1(t)
Figure 4. State x1(t): multi-agent system under attack is unstable; attack-detection signal r1(t): the attack is not detected over time.
results [8], [10]–[12] for the multi-agent systems under fixedtopology fail to reveal zero-dynamics attack. This is mainlydue to the misbehaving-agents set |K| = 4, the connectivity oftopology 1∗ (and topology 2∗) is 1 (and 2), and the output set|M| = 1. All these violate the conditions on the connectivityof the communication network, the size of the misbehaving-agent set, and the size of the output set, which are summarizedin Table I.
As illustrated by Figure 3, the Xor graph generated bytopologies 1∗ and 2∗ has only one component that is a pathgraph. By Lemma 2, the Laplacian matrix of the Xor graphhas distinct eigenvalues. Thus, by Corollary 1, we concludethat using only one output, the strategic topology-switchingalgorithm–Algorithm 1, is able to reveal the designed zero-dynamics attack under the topology set S = {1∗, 2∗}.
The trajectory of the attack-detection signal is shown inFigure 5, which illustrates that with all the agents beingmisbehaving, using only one observed output of position,Algorithm 1 succeeds in revealing zero-dynamics attack.
12 13 14 15 16 17Time
-20
-15
-10
-5
0
Atta
ck-D
etec
tion
Sig
nal r
1(t)
106
Zero-dynamics attack is detected at switching time t = 15.1.
Nonzero Detection Signal
Figure 5. Attack-detection signal r1(t): using only output of position, thedesigned zero-dynamics attack is revealed.
VII. CONCLUSION
This two-part paper studies strategic topology switching forthe second-order multi-agent system under attack. In Part-Ipaper [1], for the simplified control protocol that does needvelocity measurements, we propose a strategy on switchingtimes that addresses the problem: when the topology shouldswitch such that the changes in system dynamics do notundermine agent’s ability of reaching the second consensusin the absence of attacks. In Part-II paper, we propose astrategy on switching topologies that addresses the problem:what topology to switch to, such that the zero-dynamics attackcan be revealed. Based on the two strategies, a decentralizedstrategic topology-switching algorithm and an attack-detectionalgorithm are derived in this Part-II paper. Merits of thestrategic topology-switching algorithm can be summarized as
• In achieving the second-order consensus in the absenceof attacks, the control protocol does not need the velocitymeasurements, while the algorithm has no constraint onthe magnitude of coupling strength.
• In revealing zero-dynamics attack, the algorithm has noconstraint on the set of misbehaving agents, while thealgorithm allows the system operator or the defender tohave no knowledge of the attack-starting time. Throughstrategy setting on switching topologies, only one ob-served output of position is sufficient to reveal zero-dynamics attack.
The theoretical results obtained in this two-part paper implyseveral rather interesting results:
• for the size of topology set, there exists a fundamentaltradeoff between the topology connection cost and theconvergence speed to consensus;
• for the dwell time of switching topologies, there exista tradeoff between the switching cost and the durationof attacks going undetected, and a tradeoff between theswitching cost and the convergence speed to consensus.
Analyzing the tradeoff problems in the lights of game theoryand multi-objective optimization constitutes a part of ourfuture research.
This paper also provides an insight that the strategic topol-ogy switching can be a promising method for the detection ofmixed attack strategies, such as zero-dynamics attack workingwith DoS attack, zero-dynamics attack working with topologyattack, topology attack working with delay attack, etc. It wouldbe interesting to consider the extensions of strategic topologyswitching to reveal such mixed attacks.
APPENDIX APROOF OF THEOREM 1
Without loss of generality, we let the first attack over timeto be κ0 and let σ(t) = 1 for t ∈ [0, t1). Let us consider thesystems (25) and (33), and define z (t) = z (t) − z (t) withz (0) = z (0) − z (0), yj (t) = yj (t) − yj (t) and xj (t) =χj (t)− xj (t).
We assume the attack signal (39) is a zero-dynamics attackover time interval [κ0, η0)∪ [η0, t1). Noticing that the states of
12
system (25) under the attack signal (39) are continuous withrespect to time, from (36), we have[
λ012n×2n −A1 B−CM DM
] [z(κ0)g(κ0)
]=
[02n
0|M|
], (81)
[−A1 B−CM DM
] [eλ0(η0−κ0)z(κ0)02n
]=
[02n
0|M|
]. (82)
It is obtained from (82) that
A1z(κ0) = 02n, (83)Cz(κ0) = 0|M|. (84)
Substituting the matrix A1 defined in (26) into (83) yields
y (κ0) = 0n, (85)−γL1x (κ0) = 0n. (86)
It follows from Lemma 1 that the solution of (86) satisfiesx1 (κ0) = . . . = xn (κ0). Since all the vectors of CM (29)are the canonical basis, xi (κ0) = 0, i ∈ M. Thus, we obtainx (κ0) = 0n, which together with (85) show that z(κ0) = 02n,substituting which into (81) results in Bg0 (κ0) = 02n.Then, considering the definitions of matrices in (27) and (28),we conclude that g0 (κ0) = 02n, which contradicts withrequirement g0 (κ0) = 02n in Definition 4. Therefore, thereis no zero-dynamics attack over [κ0, η0) ∪ [η0, t1).
ACKNOWLEDGMENT
The authors are grateful to Professor Sadegh Bolouki forvaluable discussions.
REFERENCES
[1] Y. Mao, E. Akyol, and Z. Zhang, “Strategic topologyswitching for security-part i: Consensus & switching times,”https://arxiv.org/abs/1711.11183, 2017.
[2] W. Yu, G. Chen, and M. Cao, “Some necessary and sufficient con-ditions for second-order consensus in multi-agent dynamical systems,”Automatica, vol. 46, no. 6, pp. 1089–1095, 2010.
[3] J. Qin, C. Yu, and B. D. Anderson, “On leaderless and leader-followingconsensus for interacting clusters of second-order multi-agent systems,”Automatica, vol. 74, pp. 214–221, 2016.
[4] J. Mei, W. Ren, and J. Chen, “Distributed consensus of second-ordermulti-agent systems with heterogeneous unknown inertias and controlgains under a directed graph,” IEEE Transactions on Automatic Control,vol. 61, no. 8, pp. 2019–2034, 2016.
[5] X. Ai, S. Song, and K. You, “Second-order consensus of multi-agentsystems under limited interaction ranges,” Automatica, vol. 68, pp. 329–333, 2016.
[6] W. Ren and E. Atkins, “Distributed multi-vehicle coordinated controlvia local information exchange,” International Journal of Robust andNonlinear Control, vol. 17, no. 10-11, pp. 1002–1033, 2007.
[7] A. A. Cardenas, S. Amin, and S. Sastry, “Research challenges for thesecurity of control systems.” in HotSec, 2008.
[8] F. Pasqualetti, F. Dorfler, and F. Bullo, “Attack detection and identi-fication in cyber-physical systems,” IEEE Transactions on AutomaticControl, vol. 58, no. 11, pp. 2715–2729, 2013.
[9] B. Przydatek, D. Song, and A. Perrig, “Sia: Secure information ag-gregation in sensor networks,” in Proceedings of the 1st internationalconference on Embedded networked sensor systems. ACM, 2003, pp.255–265.
[10] S. Sundaram and C. N. Hadjicostis, “Distributed function calculationvia linear iterative strategies in the presence of malicious agents,” IEEETransactions on Automatic Control, vol. 56, no. 7, pp. 1495–1508, 2011.
[11] F. Pasqualetti, A. Bicchi, and F. Bullo, “Consensus computation inunreliable networks: A system theoretic approach,” IEEE Transactionson Automatic Control, vol. 57, no. 1, pp. 90–104, 2012.
[12] S. Weerakkody, X. Liu, and B. Sinopoli, “Robust structural analysis anddesign of distributed control systems to prevent zero dynamics attacks,”in Decision and Control (CDC), 2017 IEEE 56th Annual Conferenceon. IEEE, 2017, pp. 1356–1361.
[13] A. Teixeira, I. Shames, H. Sandberg, and K. H. Johansson, “Revealingstealthy attacks in control systems,” in Communication, Control, andComputing (Allerton), 2012 50th Annual Allerton Conference on. IEEE,2012, pp. 1806–1813.
[14] ——, “A secure control framework for resource-limited adversaries,”Automatica, vol. 51, pp. 135–148, 2015.
[15] A. Teixeira, D. Perez, H. Sandberg, and K. H. Johansson, “Attack modelsand scenarios for networked control systems,” in Proceedings of the1st international conference on High Confidence Networked Systems.ACM, 2012, pp. 55–64.
[16] Z. Feng, G. Hu, and G. Wen, “Distributed consensus tracking for multi-agent systems under two types of attacks,” International Journal ofRobust and Nonlinear Control, vol. 26, no. 5, pp. 896–918, 2016.
[17] J. Kim and L. Tong, “On topology attack of a smart grid: Undetectableattacks and countermeasures,” IEEE Journal on Selected Areas inCommunications, vol. 31, no. 7, pp. 1294–1305, 2013.
[18] P. J. Menck, J. Heitzig, J. Kurths, and H. J. Schellnhuber, “How deadends undermine power grid stability,” Nature communications, vol. 5, p.3969, 2014.
[19] P. Kundur, J. Paserba, V. Ajjarapu, G. Andersson, A. Bose, C. Canizares,N. Hatziargyriou, D. Hill, A. Stankovic, C. Taylor et al., “Definition andclassification of power system stability ieee/cigre joint task force onstability terms and definitions,” IEEE transactions on Power Systems,vol. 19, no. 3, pp. 1387–1401, 2004.
[20] S. H. Moghaddam and M. R. Jovanovic, “Topology design forstochastically-forced consensus networks,” IEEE Transactions on Con-trol of Network Systems, DOI: 10.1109/TCNS.2017.2674962, 2017.
[21] P. Schultz, T. Peron, D. Eroglu, T. Stemler, G. M. R. Avila, F. A.Rodrigues, and J. Kurths, “Tweaking synchronization by connectivitymodifications,” Physical Review E, vol. 93, no. 6, p. 062211, 2016.
[22] Y. Mao and Z. Zhang, “Second-order consensus for multi-agent systemsby state-dependent topology switching,” Accepted by 2018 AmericanControl Conference, 2018.
[23] J. L. Gross and J. Yellen, Graph theory and its applications. CRCpress, 2005.
[24] C. Godsil and G. F. Royle, Algebraic graph theory. Springer Science& Business Media, 2013, vol. 207.
[25] D. A. Spielman, “Spectral graph theory (lecture 5rings, paths, and cayley graphs),” Online lecture notes.http://www.cs.yale.edu/homes/spielman/561/, September 16, 2014.
[26] A. E. Brouwer and W. H. Haemers, Spectra of graphs. Springer Science& Business Media, 2011.
[27] Z. Zuo and L. Tie, “Distributed robust finite-time nonlinear consensusprotocols for multi-agent systems,” International Journal of SystemsScience, vol. 47, no. 6, pp. 1366–1375, 2016.
[28] T. Geerts, “Invariant subspaces and invertibility properties for singularsystems: The general case,” Linear algebra and its applications, vol.183, pp. 61–88, 1993.
[29] M. Newman, Networks: an introduction. Oxford university press, 2010.[30] A. Gusrialdi and Z. Qu, “Distributed estimation of all the eigenval-
ues and eigenvectors of matrices associated with strongly connecteddigraphs,” IEEE control systems letters, vol. 1, no. 2, pp. 328–333, 2017.
[31] A. Y. Kibangou et al., “Distributed estimation of laplacian eigenvaluesvia constrained consensus optimization problems,” Systems & ControlLetters, vol. 80, pp. 56–62, 2015.