Cyber–Physical System Attack Detection and Isolation: A Takagi–Sugeno Approach

Abstract

This paper presents an approach for designing a generalized dynamic observer (GDO) aimed at detecting and isolating attack patterns that compromise the functionality of cyber–physical systems. The considered attack patterns include denial-of-service (DoS), false data injection (FDI), and random data injection (RDI) attacks. To model an attacker’s behavior and enhance the effectiveness of the attack patterns, Markovian logic is employed. The design of the generalized dynamic observer is grounded in the mathematical model of a system, incorporating its dynamics and potential attack scenarios. An attack-to-residual transfer function is utilized to establish the relationship between attack signals and the residuals generated by the observer, enabling effective detection and isolation of various attack schemes. A three-tank interconnected system, modeled under the discrete Takagi–Sugeno representation, is used as a case study to validate the proposed approach.

1. Introduction

Cyber–physical systems (CPSs) have applications in various engineering fields, including smart grids, water distribution systems, intelligent transportation, and industrial plants. The connectivity and integration of these systems offer numerous benefits by enabling remote monitoring and control of sensor measurements and control signals. However, the use of different communication architectures can also increase the vulnerability of the systems to cyber-attacks, which can cause human losses, economic and environmental damage, and disruptions in essential activities [1,2,3].

CPSs are composed of two primary layers: a physical layer and a cyber layer. The physical layer comprises sensors and actuators responsible for gathering information about a physical system’s behavior. In contrast, the cyber layer consists of a control network that determines the system’s behavior by making decisions and a communication infrastructure that transmits the acquired data and control signals to the actuators [4,5,6].

A cyber-attack is defined as the intervention of an external agent that adversely affects the behavior of the physical system. The literature identifies various types of attacks, including denial-of-service (DoS) attacks, replay attacks, zero-dynamics attacks, and false data injection (FDI) [7,8,9,10]. Addressing cyber-attacks in CPSs from a control perspective offers the advantage of modeling attack signals as disturbances to system operation. This approach facilitates the understanding of their behavior and enables strategies for predicting and mitigating their effects [11,12,13].

The Takagi–Sugeno (T-S) representation is an approach that is widely used in the field of automatic control to represent nonlinear systems using a set of fuzzy rules and local linear models associated with each rule. This allows for the design of robust and adaptive control strategies that can address uncertainties, disturbances, failures, or attacks directed at CPSs [14,15,16,17,18]. Several recent studies have addressed significant challenges in the field of CPSs. For instance, the authors of [9] investigate the $H_{\infty }$ performance of discrete-time networked systems affected by network-induced delays (NIDs) and malicious packet dropouts (MPDs). This study highlights the critical impact of communication impairments on system stability and performance. Similarly, the authors of [6] propose an innovative approach to synchronizing master–slave neural networks using event-triggered mechanisms. These mechanisms effectively reduce data transmission over communication channels subject to stochastic attacks modeled by Markov processes. The proposed method leverages static output feedback and conditions formulated through linear matrix inequalities (LMIs), ensuring synchronization while minimizing resource utilization. These contributions underscore the importance of advanced modeling and control techniques to mitigate the vulnerabilities of CPSs in various disruptive scenarios.

Generalized dynamic observers (GDOs) are highly effective tools for detecting and isolating attack schemes in cyber–physical systems [19,20]. These structures offer significant advantages due to their additional degrees of freedom compared to other observers, such as proportional observers (POs) and proportional–integral observers (PIOs). This flexibility enables GDOs to achieve higher accuracy, especially under steady-state conditions. Unlike simpler observer designs, GDOs are particularly suited for systems with high nonlinearity or dynamic and complex attacks that require greater adaptability and robustness. This approach ensures that the observer can adapt to the specific characteristics of the system, enhancing its precision and robustness in attack detection and isolation.

One of the key strengths of GDOs lies in their adaptability. The flexibility offered by the design based on LMIs allows the incorporation of various performance criteria, such as robustness against noise, resilience to slowly varying attack signals, and the ability to handle complex system dynamics, including nonlinearities represented by T-S models.

In this work, a system of three interconnected tanks will be considered as a cyber–physical system due to its integration of physical and logical components that interact with each other. It should be noted that the three-tank system is susceptible to various attack schemes. Such systems are fundamental tools in chemical process engineering.

The main contribution of this paper is the design of a GDO to detect and isolate different attack schemes targeting the input of a CPS under the T-S representation. To ensure observer stability, various techniques (Lyapunov, elimination lemma, and Schur complement) will be used to solve LMIs. Additionally, a residual attack transfer function is used to isolate different attack scenarios.

To provide clarity and guide the reader, a brief description of the structure of the paper is included. Section 2 presents the problem formulation, detailing the mathematical modeling of a CPS within the T-S approach and incorporating potential attack scenarios. Section 3 describes the formulation of various attack schemes, including DoS, FDI, and RDI. Section 4 outlines the design of the GDO, emphasizing the role of residual attack transfer functions in detection and isolation. Section 5 provides an in-depth analysis of the stability of the proposed observer using the Lyapunov theory, the elimination lemma, and the Schur complement. Section 6 introduces a case study featuring a three-tank interconnected system modeled under the T-S framework, followed by simulation results to validate the proposed approach. Finally, Section 7 summarizes the conclusions and potential future research directions.

2. Problem Formulation

This section introduces a discrete-time nonlinear cyber–physical system under the Takagi–Sugeno (T-S) representation, an actuator attack model, a GDO structure, and a residual equation used for attack detection. The CPS is described as follows:

$$\begin{array}{cc}\hfill x(k+1)& =\sum _{i=1}^{\kappa }{\mu }_i\left(x\left(k\right)\right)\left(A_{i}x\left(k\right)\right)+Bu\left(k\right)+F_a{a}_a\left(k\right),\hfill \\ \hfill y\left(k\right)& =Cx\left(k\right),\hfill \end{array}$$

(1)

where $x\left(k\right)\in {\mathbb{R}}^n$ is the system state vector, $u\left(k\right)\in {\mathbb{R}}^m$ is the input, and $y\left(k\right)\in {\mathbb{R}}^p$ represents the measured output variables.

The system’s nonlinearity is represented through the matrices $A_i$, which vary with the nonlinear operating points of the system. These points are characterized by the weighting functions ${\mu }_i\left(x\left(k\right)\right)$, which satisfy the following convex sum condition:

$$\sum _{i=1}^{\kappa }{\mu }_i\left(x\left(k\right)\right)=1,{\mu }_i\left(x\left(k\right)\right)\ge 0,\forall i\in \{1,\cdots ,\kappa \}.$$

(2)

Here, $\kappa =2^s$, where s denotes the number of nonlinearities in the system, and each $A_i$ corresponds to a local linear model associated with a specific operating region. The matrices $A_i\in {\mathbb{R}}^{n\times n}$, $B\in {\mathbb{R}}^{n\times m}$, $C\in {\mathbb{R}}^{p\times n}$, and $F_a\in {\mathbb{R}}^{n\times r}$ are known.

The actuator attack $a_a\left(k\right)\in {\mathbb{R}}^r$ is defined as

$$a_a\left(k\right)=\alpha \left(k\right)a\left(k\right),$$

(3)

where $\alpha \left(k\right)$ refers to stochastic Markovian processes whose values lie between 0 and 1, and $a\left(k\right)$ denotes the actuator attack. To enable the design of the generalized dynamic observer, it is assumed that the T-S cyber–physical system satisfies the following observability condition:

$$rank\left[\begin{array}{c}C\\ C{A}_i\\ ⋮\\ C{A}_i^{n-1}\end{array}\right]=n.$$

(4)

Figure 1 shows the GDO structure used to detect attacks directed at the actuator.

This observer allows one to obtain the estimation of the residuals generated by different attack schemes applied to the cyber–physical system under the T-S representation.

Consider a GDO structure for System (1).

$$\begin{array}{cc}\hfill \zeta (k+1)& =\sum _{i=1}^{\kappa }{\mu }_i\left(x\left(k\right)\right)[N_i\zeta \left(k\right)+H_{i}v\left(k\right)+F_{i}y\left(k\right)]+Ju\left(k\right),\hfill \end{array}$$

(5)

$$\begin{array}{cc}\hfill v(k+1)& =\sum _{i=1}^{\kappa }{\mu }_i\left(x\left(k\right)\right)[S_i\zeta \left(k\right)+G_{i}v\left(k\right)+M_{i}y\left(k\right)],\hfill \end{array}$$

(6)

$$\begin{array}{cc}\hfill \widehat{x}\left(k\right)& =P\zeta \left(k\right)+Qy\left(k\right),\hfill \end{array}$$

(7)

where $\zeta \left(k\right)\in {\mathbb{R}}^{q_0}$ represents the functional observer state vector, $v\left(k\right)\in {\mathbb{R}}^{q_1}$ is an auxiliary vector, and $\widehat{x}\left(k\right)\in {\mathbb{R}}^n$ is the observer estimation vector. $N_i,H_i,F_i,J,S_i,M_i,P,$ and Q are unknown matrices of appropriate dimensions.

The following is the residual equation used for the purpose of detecting and isolating attacks:

$$r\left(k\right)=W(y\left(k\right)-\widehat{y}\left(k\right)),$$

(8)

Lemma 1. 

There exists an observer of the form (5)–(7) for System (1) if and only if the following two statements are valid.

• There exists a matrix T with appropriate dimensions such that the following conditions are satisfied:

  $$\begin{array}{cc}\hfill N_{i}T+F_{i}C-T{A}_i& =0,\hfill \end{array}$$

  (9)

  $$\begin{array}{cc}\hfill J& =TB,\hfill \end{array}$$

  (10)

  $$\begin{array}{cc}\hfill S_{i}T+M_{i}C& =0,\hfill \end{array}$$

  (11)

  $$\begin{array}{cc}\hfill PT+QC& =I_n.\hfill \end{array}$$

  (12)
• The matrix $\left[\begin{array}{cc}{N}_i& H_i\\ S_i& L_i\end{array}\right]$ is stable $\forall i=1,\cdots ,\kappa .$

Consider a matrix $T\in {\mathbb{R}}^{q_0\times (n+r)}$ to define the transformed error vector $\epsilon \left(k\right)=\zeta \left(k\right)-T\left(k\right)$, whose dynamics can be expressed as follows:

$$\epsilon (k+1)=\zeta (k+1)-Tx(k+1).$$

(13)

Solving for $\zeta \left(k\right)$, the expression $\zeta \left(k\right)=\epsilon \left(k\right)+Tx\left(k\right)$ is acquired. Substituting $\zeta \left(k\right)$ into (13), the following is obtained:

$$\begin{array}{c}\hfill \epsilon (k+1)=\sum _{1=i}^{\kappa }{\mu }_i\left(x\left(k\right)\right)[N_i\epsilon \left(k\right)+\underset{=0}{\underbrace{(N_{i}T+F_{i}C-T{A}_i)}}x\left(k\right)\\ \hfill +H_{i}v\left(k\right)]+\underset{=0}{\underbrace{(J-TB)}}u\left(k\right)-T{F}_a{a}_a\left(k\right).\end{array}$$

(14)

Subsequently, Equations (6) and (7) can be rewritten as follows:

$$\begin{array}{c}\hfill v(k+1)=\sum _{i=1}^{\kappa }{\mu }_i\left(x\left(k\right)\right)[\underset{=0}{\underbrace{(S_{i}T+M_{i}C)}}x\left(k\right)+S_i\epsilon \left(k\right)+G_{i}v\left(t\right)],\end{array}$$

(15)

$$\begin{array}{cc}\hfill \widehat{x}\left(k\right)=& P\epsilon \left(k\right)+\underset{=I}{\underbrace{(PT+QC)}}x\left(k\right).\end{array}$$

(16)

Thus, the residual equation takes the following form:

$$\begin{array}{cc}\hfill r\left(k\right)& =W(\widehat{y}\left(k\right)-y\left(k\right)),\hfill \\ & =WC\underset{e\left(k\right)}{\underbrace{(\widehat{x}\left(k\right)-x\left(k\right))}}.\hfill \end{array}$$

(17)

Then, the dynamics of the observation error formed by (15) and (15) can be written as follows:

$$\left[\begin{array}{c}\epsilon (k+1)\\ v(k+1)\end{array}\right]=\left[\begin{array}{cc}{N}_i& H_i\\ S_i& G_i\end{array}\right]\left[\begin{array}{c}\epsilon \left(k\right)\\ v\left(k\right)\end{array}\right]+\left[\begin{array}{c}-T{F}_a\\ 0\end{array}\right]a_a\left(k\right).$$

(18)

Now, the problem of attack isolation is reduced to determining the matrices $N_i$, $H_i$, $F_i$, $S_i$, $G_i$, $M_i$, P, Q, W, and T.

3. Formulation of Attack Schemes

In this section, the different attack schemes are defined.

3.1. Denial-of-Service (DoS) Attacks

DoS attacks are aimed at disrupting the transmission of information in control and monitoring systems. These attacks can be carried out through interference in communication channels, the overload of data packets on the network, or other similar means.

The cyber-attack schemes on actuators have the following form:

$$a\left(k\right)=-u\left(k\right).$$

(19)

Replacing the actuator attack of Equation (19) in (3) and using the system in Equation (1), the following system is obtained:

$$\begin{array}{cc}\hfill x(k+1)& =\sum _{1=i}^{\kappa }{\mu }_i\left(x\left(k\right)\right)\left[A_{i}x\left(k\right)\right]+Bu\left(k\right)-\alpha \left(k\right)F_{a}u\left(k\right),\hfill \\ \hfill y\left(k\right)& =Cx\left(k\right),\hfill \end{array}$$

(20)

where $F_a$ is a known matrix by the attacker with the dimensions of the matrix B. $\alpha \left(k\right)$ refers to Markovian stochastic processes that take values of 0 and 1.

3.2. False Data Injection (FDI) Attack

The purpose of these attacks is to affect the system’s operation through the manipulation of actuators. An actuator attack aims to alter the control signal that the system receives, generating instability in the system.

When System (1) is affected by a false data injection attack, the equation described in (3) should consider the following structure:

$$\begin{array}{cc}\hfill a\left(k\right)& =-u\left(k\right)+b_a\left(k\right),\hfill \end{array}$$

(21)

where $b_a\left(k\right)$ are deceptive data that the adversary tries to inject into the actuator. Substituting Equation (21) into (3) and, in turn, into (20), the following system is derived:

$$\begin{array}{cc}\hfill x(k+1)& =\sum _{1=i}^{\kappa }{\mu }_i\left(x\left(k\right)\right)\left[A_{i}x\left(k\right)\right]+Bu\left(k\right)-\alpha \left(k\right)F_{a}u\left(k\right)+\alpha \left(k\right)F_a{b}_a\left(k\right),\hfill \\ \hfill y\left(k\right)& =Cx\left(k\right).\hfill \end{array}$$

(22)

3.3. Random Data Injection (RDI) Attack

This type of attack aims to make the sensor reading or controller signal different from the real value. Recall that a random data injection attack assumes incomplete knowledge of the system being attacked, unlike an FDI attack. An RDI attack has the following form:

$$a\left(k\right)=\pm b_a\left(k\right).$$

(23)

The positive and negative signs in Equation (23) are included because the effect of the random data injection can either add or subtract dynamics to the system, depending on the nature of the attack. This is due to the random nature of the attack scheme, which does not follow a fixed pattern and can, therefore, unpredictably alter the system’s input matrix. Substituting Equation (23) into (3) yields the following system:

$$\begin{array}{cc}\hfill x(k+1)& =\sum _{1=i}^{\kappa }{\mu }_i\left(x\left(k\right)\right)\left[A_{i}x\left(k\right)\right]+Bu\left(k\right)\pm \alpha \left(k\right)F_a{b}_a\left(k\right),\hfill \\ \hfill y\left(k\right)& =Cx\left(k\right),\hfill \end{array}$$

(24)

Finally, the classification shown in Figure 2 is presented for the different attack schemes to be used. These schemes have been divided by type of attack, followed by a sub-classification based on the logic of the attack. Likewise, a more detailed classification has been made based on the location of the application of the attack scheme.

4. Design of the Generalized Dynamic Observer

This section undertakes the parameterization of the observer matrices alongside the formulation of a design targeting the detection and isolation of attacks.

4.1. Parameterization of the Observer

It is considered that the following conditions hold for Equations (15) and (16):

$$\begin{array}{cc}a)N_{i}T+F_{i}C-T{A}_i=0,\hfill & b)J=TB,\hfill \\ c)S_{i}T+M_{i}C=0,\hfill & d)PT+QC=I_n.\hfill \end{array}$$

We define a matrix $E\in {\mathbb{R}}^{q_0\times n}$ of full row rank, $\Sigma =\left[\begin{array}{c}E\\ C\end{array}\right]$ and $\Omega =\left[\begin{array}{c}{I}_n\\ C\end{array}\right]$. Conditions (c–d) can be written as follows:

$$\left[\begin{array}{cc}{S}_i& M_i\\ P& Q\end{array}\right]\left[\begin{array}{c}T\\ C\end{array}\right]=\left[\begin{array}{c}0\\ I_n\end{array}\right].$$

(25)

The necessary and sufficient conditions for (25) to have a solution are

$$rank\left[\begin{array}{c}T\\ C\end{array}\right]=rank\left[\begin{array}{c}T\\ C\\ I_n\end{array}\right]=n.$$

(26)

From [21], since $rank\left[\begin{array}{c}\Omega \\ \Sigma \end{array}\right]=rank(\Omega )=n,$ condition (26) is equivalent to the existence of two matrices $T\in {\mathbb{R}}^{q_0\times n}$ and $K\in {\mathbb{R}}^{q_0\times p}$ such that

$$T+KC=E,$$

(27)

where $E\in {\mathbb{R}}^{q_0\times n}$ is an arbitrary matrix such that $rank\left[\begin{array}{c}E\\ C\end{array}\right]=n$.

Equation (27) can also be written as

$$\left[\begin{array}{cc}T& K\end{array}\right]\Omega =E.$$

(28)

Using the particular solution to solve for the matrices T and K, the ensuing results are obtained:

$$T=E{\Omega }^{+}\left[\begin{array}{c}{I}_n\\ 0\end{array}\right],K=E{\Omega }^{+}\left[\begin{array}{c}0\\ I_p\end{array}\right].$$

(29)

Considering matrix T from Equation (27) into condition a), it can be rewritten as

$$N_{i}E+\underset{\tilde{K}}{\underbrace{(F_i-N_{i}K)}}=T{A}_i,$$

(30)

where ${\tilde{K}}_i=F_i-N_{i}K$, and Equation (30) can be written as

$$\left[\begin{array}{cc}{N}_i& {\tilde{K}}_i\end{array}\right]\underset{\Sigma }{\underbrace{\left[\begin{array}{c}E\\ C\end{array}\right]}}=T{A}_i.$$

(31)

Using the general solution, the subsequent formulation is derived for matrices $N_i$ and ${\tilde{K}}_i$.

$$\begin{array}{cc}\hfill N_i& =\underset{N_{i1}}{\underbrace{T{A}_i{\Sigma }^{+}\left[\begin{array}{c}{I}_{q_0}\\ 0\end{array}\right]}}-Y_{i1}\underset{N_2}{\underbrace{(I_{q_0+p}-\Sigma {\Sigma }^{+})\left[\begin{array}{c}{I}_{q_0}\\ 0\end{array}\right]}},\hfill \end{array}$$

(32)

$$\begin{array}{cc}\hfill {\tilde{K}}_i& =\underset{{\tilde{K}}_{i1}}{\underbrace{T{A}_i{\Sigma }^{+}\left[\begin{array}{c}0\\ I_p\end{array}\right]}}-Y_{i1}\underset{{\tilde{K}}_2}{\underbrace{(I_{q_0+p}-\Sigma {\Sigma }^{+})\left[\begin{array}{c}0\\ I_p\end{array}\right]}},\hfill \end{array}$$

(33)

where $Y_{i1}$ is a matrix of appropriate dimensions with arbitrary elements.

From Equation (30), we can deduce the value of matrix $F_i$ as follows:

$$\begin{array}{cc}\hfill F_i& ={\tilde{K}}_{i1}+N_{i}K,\hfill \\ \hfill & ={\tilde{K}}_{i1}-Y_{i1}{\tilde{K}}_2+N_{i1}K-Y_{i1}{N}_{2}K,\hfill \\ \hfill & =F_{i1}-Y_{i1}{F}_2,\hfill \end{array}$$

(34)

where $F_{i1}=T{A}_i{\Sigma }^{+}\left[\begin{array}{c}K\\ I_p\end{array}\right]$ and $F_2=(I_{q_0+p}-\Sigma {\Sigma }^{+})\left[\begin{array}{c}K\\ I_p\end{array}\right]$. To obtain the matrices $S_i,M_i,P,$ and Q, we consider the following equation and incorporate it into (25):

$$\left[\begin{array}{c}T\\ C\end{array}\right]=\left[\begin{array}{cc}{I}_{q_0}& -K\\ 0& I_p\end{array}\right]\underset{\Sigma }{\underbrace{\left[\begin{array}{c}E\\ C\end{array}\right]}},$$

(35)

resulting in the following expression:

$$\left[\begin{array}{cc}{S}_i& M_i\\ P& Q\end{array}\right]\left[\begin{array}{cc}{I}_{q_0}& -K\\ 0& I_p\end{array}\right]\Sigma =\left[\begin{array}{c}0\\ I_n\end{array}\right],$$

(36)

which has the following general solution:

$$\left[\begin{array}{cc}{S}_i& M_i\\ P& Q\end{array}\right]\left[\begin{array}{cc}{I}_{q_0}& -K\\ 0& I_p\end{array}\right]=\left[\begin{array}{c}0\\ I_n\end{array}\right]{\Sigma }^{+}-\left[\begin{array}{c}{W}_{i1}\\ W_2\end{array}\right](I_{q_0+p}-\Sigma {\Sigma }^{+}),$$

(37)

where $W_{i1}$ and $W_2$ are matrices of appropriate dimensions with arbitrary elements. Then, the matrices $S_i$, $M_i$, P, and Q can be written as

$$\begin{array}{cc}\hfill S_i& =-W_{i1}{N}_2,\hfill \end{array}$$

(38)

$$\begin{array}{cc}\hfill M_i& =-W_{i1}{F}_2,\hfill \end{array}$$

(39)

$$\begin{array}{cc}\hfill P& ={\Sigma }^{+}\left[\begin{array}{c}{I}_{q_0}\\ 0\end{array}\right]-W_2{N}_2,\hfill \end{array}$$

(40)

$$\begin{array}{cc}\hfill Q& ={\Sigma }^{+}\left[\begin{array}{c}K\\ I_p\end{array}\right]-W_2{F}_2.\hfill \end{array}$$

(41)

By employing (32) and (38), the error dynamics (18) are expressed as

$$\phi (k+1)=({\mathbb{A}}_{i1}-{\mathbb{Y}}_i{\mathbb{A}}_2)\phi \left(k\right)+\mathbb{B}{a}_a\left(k\right),$$

(42)

where ${\mathbb{A}}_{i1}=\left[\begin{array}{cc}{N}_1& 0\\ 0& 0\end{array}\right],{\mathbb{A}}_2=\left[\begin{array}{cc}{N}_2& 0\\ 0& -I_{q_1}\end{array}\right],\mathbb{B}=\left[\begin{array}{c}-T{F}_a\\ 0\end{array}\right],{\mathbb{Y}}_i=\left[\begin{array}{cc}{Y}_{i1}& Hi\\ W_{i1}& G_i\end{array}\right]$ and $\phi \left(k\right)=\left[\begin{array}{c}\epsilon \left(k\right)\\ v\left(k\right)\end{array}\right]$.

Finally, the system residue is as follows:

$$r\left(k\right)=W\underset{\mathbb{C}}{\underbrace{\left[\begin{array}{cc}CP& 0\end{array}\right]}}\left[\begin{array}{c}\epsilon \left(k\right)\\ v\left(k\right)\end{array}\right],$$

(43)

where, without loss of generality, $W_2=0$ is taken for simplicity.

4.2. Design of the Attack Detection and Isolation Observer

The objective of attack isolation in this article is to obtain a residual attack transfer function equal to a diagonal in order to deal with attacks that may occur simultaneously.

To carry out attack detection and isolation, it is necessary to represent Equations (42) and (43) in transfer function form, where $G_z$ is a transfer function from the attack $a_a\left(k\right)$ to the residual $r\left(k\right)$:

$$G_z=\left(\begin{array}{cc}{\mathbb{A}}_{i1}-{\mathbb{Y}}_i{\mathbb{A}}_2& \mathbb{B}\\ W\mathbb{C}& 0\end{array}\right).$$

(44)

The next step involves proposing a transfer function that has an input–output dependence, where the desired behavior is that when there is a change in an input, only one output reacts.

Proposition 1. 

The transfer function (44) can be diagonalized if and only if $\left(\mathbb{C}\mathbb{B}\right)$ has a full column, i.e., $p\le r$.

Proposition 1 verifies the output separability condition, which means that to isolate r attacks, it is required to measure p outputs.

The following theorem shows how to design an observer of the form (5)–(7) to isolate attacks.

Theorem 1. 

Consider that $p\le r$ and let

$$\begin{array}{cc}\hfill \Lambda & =diag({\lambda }_1,\cdots ,{\lambda }_r)\in {\mathbb{R}}^{r\times r},-1<{\lambda }_i<1,\hfill \end{array}$$

(45)

$$\begin{array}{cc}\hfill \Gamma & =diag({\gamma }_1,\cdots ,{\gamma }_r)\in {\mathbb{R}}^{r\times r},\left|{\gamma }_i\right|>0,\forall i=1,\cdots r,\hfill \end{array}$$

(46)

be given. Then, there exist matrices ${\mathbb{Y}}_i$ and W such that

$$\begin{array}{cc}\hfill ({\mathbb{A}}_{i1}-{\mathbb{Y}}_i{\mathbb{A}}_2)\mathbb{B}& =\mathbb{B}\Lambda ,\hfill \end{array}$$

(47)

$$\begin{array}{c}\hfill W\mathbb{C}\mathbb{B}=\Gamma ,\end{array}$$

(48)

Then, the solutions of matrices ${\mathbb{Y}}_i$ and W are given by

$$\begin{array}{cc}\hfill {\mathbb{Y}}_i& =({\mathbb{A}}_{i1}\mathbb{B}-\mathbb{B}\Lambda ){\left({\mathbb{A}}_2\mathbb{B}\right)}^{+}-Z_i(I-\left({\mathbb{A}}_2\mathbb{B}\right){\left({\mathbb{A}}_2\mathbb{B}\right)}^{+}),\hfill \end{array}$$

(49)

$$\begin{array}{cc}\hfill W& =\Gamma {\left(\mathbb{C}\mathbb{B}\right)}^{+},\hfill \end{array}$$

(50)

where $Z_i$ is an arbitrary matrix of appropriate dimensions.

If there exist matrices ${\mathbb{Y}}_i$ and W satisfying (47) and (48), then

$$\begin{array}{cc}\hfill G_z& =\left(\begin{array}{cc}\Lambda & I\\ \Gamma & 0\end{array}\right),\hfill \\ \hfill & =diag\left({\displaystyle \frac{{\gamma }_1}{z-{\lambda }_1}},\cdots ,{\displaystyle \frac{{\gamma }_r}{z-{\lambda }_r}}\right),\hfill \end{array}$$

(51)

Proof. 

Consider that $\mathbb{CB}$ has full column rank, and hence, for $\mathbb{B}$, there exists a matrix completion ${\mathbb{B}}^{\perp }$ such that

$\tilde{\mathbb{B}}=\left[\begin{array}{cc}\mathbb{B}& {\mathbb{B}}^{\perp }\end{array}\right]$ is a nonsingular matrix that allows

${\tilde{\mathbb{B}}}^{-1}={\left[\begin{array}{cc}{\tilde{\mathbb{B}}}_1& {\tilde{\mathbb{B}}}_2\end{array}\right]}^T$. Thus, the following expression is obtained:

$$\begin{array}{cc}\hfill G_z& =\left(\begin{array}{cc}{\tilde{\mathbb{B}}}^{-1}({\mathbb{A}}_{i1}-{\mathbb{Y}}_i{\mathbb{A}}_2)\tilde{\mathbb{B}}& {\tilde{\mathbb{B}}}^{-1}\mathbb{B}\\ W\mathbb{C}\tilde{\mathbb{B}}& 0\end{array}\right),\hfill \end{array}$$

(52)

$$\begin{array}{cc}\hfill & =\left(\begin{array}{cc}\left[\begin{array}{c}{\tilde{\mathbb{B}}}_1^T\\ {\tilde{\mathbb{B}}}_2^T\end{array}\right]({\mathbb{A}}_{i1}-{\mathbb{Y}}_i{\mathbb{A}}_2)\left[\begin{array}{cc}\mathbb{B}& {\mathbb{B}}^{\perp }\end{array}\right]& \left[\begin{array}{c}{\tilde{\mathbb{B}}}_1^T\\ {\tilde{\mathbb{B}}}_2^T\end{array}\right]\mathbb{B}\\ W\mathbb{C}\left[\begin{array}{cc}\mathbb{B}& {\mathbb{B}}^{\perp }\end{array}\right]& 0\end{array}\right),\hfill \end{array}$$

(53)

$$\begin{array}{cc}\hfill & =\left(\begin{array}{ccc}{\tilde{\mathbb{B}}}_1^T({\mathbb{A}}_{i1}-{\mathbb{Y}}_i{\mathbb{A}}_2)\mathbb{B}& {\tilde{\mathbb{B}}}_1^T({\mathbb{A}}_{i1}-{\mathbb{Y}}_i{\mathbb{A}}_2){\mathbb{B}}^{\perp }& I_{q_0+q_1}\\ {\tilde{\mathbb{B}}}_2^T({\mathbb{A}}_{i1}-{\mathbb{Y}}_i{\mathbb{A}}_2)\mathbb{B}& {\tilde{\mathbb{B}}}_2^T({\mathbb{A}}_{i1}-{\mathbb{Y}}_i{\mathbb{A}}_2)\mathbb{B}& 0\\ W\mathbb{CB}& W{\mathbb{CB}}^{\perp }& 0\end{array}\right).\hfill \end{array}$$

(54)

We consider ${\left[\begin{array}{cc}{\tilde{\mathbb{B}}}_1& {\tilde{\mathbb{B}}}_2\end{array}\right]}^T\left[\begin{array}{cc}\mathbb{B}& {\mathbb{B}}^{\perp }\end{array}\right]=I_{2(q_0+q_1)}$ to obtain

$$G_z=\left(\begin{array}{ccc}{\tilde{\mathbb{B}}}_1^T({\mathbb{A}}_{i1}-{\mathbb{Y}}_i{\mathbb{A}}_2)\mathbb{B}& {\tilde{\mathbb{B}}}_1^T({\mathbb{A}}_{i1}-{\mathbb{Y}}_i{\mathbb{A}}_2){\mathbb{B}}^{\perp }& I_{q_0+q_1}\\ 0& {\tilde{\mathbb{B}}}_2^T({\mathbb{A}}_{i1}-{\mathbb{Y}}_i{\mathbb{A}}_2){\mathbb{B}}^{\perp }& 0\\ W\mathbb{CB}& W{\mathbb{CB}}^{\perp }& 0\end{array}\right).$$

(55)

Removing an uncontrollable subspace, the following result is obtained:

$$\begin{array}{cc}\hfill G_z& =\left(\begin{array}{cc}\Lambda & I_r\\ \Gamma & 0\end{array}\right).\hfill \end{array}$$

(56)

From (56), we find that

$$\begin{array}{cc}\hfill ({\mathbb{A}}_{i1}-{\mathbb{Y}}_i{\mathbb{A}}_2)\mathbb{B}& =\mathbb{B}\Lambda ,\hfill \end{array}$$

(57)

$$\begin{array}{c}\hfill W\mathbb{C}\mathbb{B}=\Gamma ,\end{array}$$

(58)

□

Then, from (57), the general solution of matrix ${\mathbb{Y}}_i$ is given by

$${\mathbb{Y}}_i=({\mathbb{A}}_{i1}\mathbb{B}-\mathbb{B}\Lambda ){\left({\mathbb{A}}_2\mathbb{B}\right)}^{+}-Z_i(I-\left({\mathbb{A}}_2\mathbb{B}\right){\left({\mathbb{A}}_2\mathbb{B}\right)}^{+}),$$

(59)

where $Z_i$ is an arbitrary matrix of appropriate dimensions. From (58), the particular solution of W is

$$W=\Gamma {\left(\mathbb{C}\mathbb{B}\right)}^{+},$$

(60)

Substituting Equations (59) and (60) into Equation (42) yields

$$\begin{array}{cc}\hfill \phi (k+1)& =[\underset{{\overline{\mathbb{A}}}_{i1}}{\underbrace{{\mathbb{A}}_{i1}-({\mathbb{A}}_{i1}\mathbb{B}-\mathbb{B}\Lambda ){\left({\mathbb{A}}_2\mathbb{B}\right)}^{+}{\mathbb{A}}_2}}+\hfill \end{array}$$

$$\begin{array}{cc}\hfill & Z_i\underset{{\overline{\mathbb{A}}}_2}{\underbrace{(I-\left({\mathbb{A}}_2\mathbb{B}\right){\left({\mathbb{A}}_2\mathbb{B}\right)}^{+}){\mathbb{A}}_2}}]\phi \left(k\right)+\mathbb{B}{a}_a\left(k\right),\hfill \end{array}$$

(61)

$$\begin{array}{cc}\hfill r\left(k\right)& =\Gamma \left(\mathbb{C}{\mathbb{B}}^{+}\right)\mathbb{C}\phi \left(k\right).\hfill \end{array}$$

(62)

Equations (61) and (62) can be rewritten as

$$\begin{array}{cc}\hfill \phi (k+1)& =({\overline{\mathbb{A}}}_{i1}+Z_i{\overline{\mathbb{A}}}_2)\phi \left(k\right)+\mathbb{B}{a}_a\left(k\right),\hfill \end{array}$$

(63)

$$\begin{array}{cc}\hfill r\left(k\right)& =\Gamma {\left(\mathbb{C}\mathbb{B}\right)}^{+}\mathbb{C}\phi \left(k\right),\hfill \end{array}$$

(64)

The problem is now to find the matrix $Z_i$ such that (42) is stable.

5. Observer Stability Analysis

In this section, an observer stability analysis is carried out. Consider the following Lyapunov function:

$$V\left(\phi \left(k\right)\right)={\phi }^T\left(k\right)X\phi \left(k\right)>0,$$

(65)

where $X=\left[\begin{array}{cc}{X}_1& 0\\ 0& X_2\end{array}\right]>0$, with $X_1\in {\mathbb{R}}^{q_0\times q_0}$ and $X_2\in {\mathbb{R}}^{q_1\times q_1}$. The difference in $V\left(\phi \right(k\left)\right)$ is

$$\begin{array}{cc}\hfill \Delta V\left(\phi \right(k\left)\right)& ={\phi }^T(k+1)X\phi (k+1)-{\phi }^T\left(k\right)X\phi \left(k\right)<0,\hfill \end{array}$$

(66)

$$\begin{array}{cc}\hfill & ={\phi }^T\left(k\right)\left({({\overline{\mathbb{A}}}_{i1}-Z_i{\overline{\mathbb{A}}}_2)}^{T}X({\overline{\mathbb{A}}}_{i1}-Z_i{\overline{\mathbb{A}}}_2)-X\right)\phi \left(k\right)<0.\hfill \end{array}$$

(67)

The inequality $\Delta V\left(\phi \right(k\left)\right)<0$ holds for all $\phi \left(k\right)\ne 0$ if and only if

$$\begin{array}{c}\hfill {({\overline{\mathbb{A}}}_{i1}-Z_i{\overline{\mathbb{A}}}_2)}^{T}X({\overline{\mathbb{A}}}_{i1}-Z_i{\overline{\mathbb{A}}}_2)-X<0.\end{array}$$

(68)

Considering the Schur complement [22], the inequality (68) is equivalent to

$$\left[\begin{array}{cc}-X& {({\overline{\mathbb{A}}}_{i1}-Z_i{\overline{\mathbb{A}}}_2)}^{T}X\\ X({\overline{\mathbb{A}}}_{i1}-Z_i{\overline{\mathbb{A}}}_2)& -X\end{array}\right]<0,$$

(69)

which can be rewritten as

$$\mathcal{C}{\mathcal{X}}_i\mathcal{D}+{\left(\mathcal{C}{\mathcal{X}}_i\mathcal{D}\right)}^T+{\mathcal{E}}_i<0,$$

(70)

where ${\mathcal{E}}_i=\left[\begin{array}{cc}-X& {\overline{\mathbb{A}}}_{i1}^{T}X\\ X{\overline{\mathbb{A}}}_{i1}& -X\end{array}\right]$, $\mathcal{C}=\left[\begin{array}{c}0\\ -I\end{array}\right]$, $\mathcal{D}=\left[\begin{array}{cc}{\overline{\mathbb{A}}}_2& 0\end{array}\right]$, and ${\mathcal{X}}_i=X{Z}_i$.

According to the elimination lemma, inequality (70) is equivalent to the following two conditions [23]:

$$\begin{array}{cc}\hfill {\mathcal{C}}^{\perp }{\mathcal{E}}_i{\mathcal{C}}^{\perp T}& <0,\hfill \end{array}$$

(71)

$$\begin{array}{cc}\hfill {\mathcal{D}}^{T\perp }{\mathcal{E}}_i{\mathcal{D}}^{T\perp T}& <0.\hfill \end{array}$$

(72)

Replacing matrices ${\mathcal{C}}^{\perp }=\left[I0\right]$, ${\mathcal{E}}_i=\left[\begin{array}{cccc}{X}_1& 0& {\Pi }_a^T& 0\\ 0& X_2& 0& 0\\ {\Pi }_a& 0& -X_1& 0\\ 0& 0& 0& -X_2\end{array}\right]$, where ${\Pi }_a=N_1+(T{F}_a\Lambda -N_{1}T{F}_a){\left(N_{2}T{F}_a\right)}^{+}{N}_2$, and the inequality $X>0$ is obtained.

From (72), ${\mathcal{D}}^{T\perp }=\left[\begin{array}{cccc}{\Pi }_b^{T\perp }& 0& 0& 0\\ 0& 0& I& 0\\ 0& 0& 0& I\end{array}\right]$ where ${\Pi }_b=N_2-\left(N_{2}T{F}_a\right){\left(N_{2}T{F}_a\right)}^{+}{N}_2$, and matrix ${\mathcal{E}}_i$, the following result is obtained:

$$\left[\begin{array}{ccc}{\Pi }_b^{T\perp }{X}_1{\Pi }_b^{T\perp T}& {\Pi }_b^{T\perp }{\Pi }_a^T& 0\\ {\Pi }_a{\Pi }_b^{T\perp T}& -X_1& 0\\ 0& 0& -X_2\end{array}\right]<0.$$

(73)

Then, the matrix ${\mathcal{X}}_i$ in (70) can be obtained as follows:

$${\mathcal{X}}_i={{\mathcal{C}}_r}^{+}{\mathcal{K}}_i{{\mathcal{D}}_l}^{+}+\mathcal{Z}-{{\mathcal{C}}_r}^{+}{\mathcal{C}}_r\mathcal{Z}{\mathcal{D}}_l{{\mathcal{D}}_l}^{+},$$

(74)

where $\mathcal{Z}$ is an arbitrary matrix of appropriate dimensions, and $({\mathcal{D}}_l$, ${\mathcal{D}}_r)$ and $({\mathcal{C}}_l,{\mathcal{C}}_r)$ represent complete rank constituents of $\mathcal{C}$ and $\mathcal{D}$, respectively. This arrangement holds such that $\mathcal{C}={\mathcal{C}}_l{\mathcal{C}}_r$ and $\mathcal{D}={\mathcal{D}}_l{\mathcal{D}}_r$.

The matrices ${\mathcal{K}}_i$, ${\mathcal{S}}_i$, and ${\mathcal{V}}_i$ are obtained as follows:

$$\begin{array}{cc}\hfill {\mathcal{K}}_i& =-{\mathcal{R}}^{-1}{{\mathcal{C}}_l}^T{\mathcal{V}}_i{{\mathcal{D}}_r}^T{\left({\mathcal{D}}_r{\mathcal{V}}_i{{\mathcal{D}}_r}^T\right)}^{-1}+{\mathcal{S}}_i^{{\displaystyle \frac{1}{2}}}\mathcal{L}{\left({\mathcal{D}}_r{\mathcal{V}}_i{{\mathcal{D}}_r}^T\right)}^{-{\displaystyle \frac{1}{2}}},\hfill \end{array}$$

(75)

$$\begin{array}{cc}\hfill {\mathcal{S}}_i& ={\mathcal{R}}^{-1}-{\mathcal{R}}^{-1}{\mathcal{C}}_l^T[{\mathcal{V}}_i-{\mathcal{V}}_i{\mathcal{D}}_r^T{\left({\mathcal{D}}_r{\mathcal{V}}_i{{\mathcal{D}}_r}^T\right)}^{-1}{\mathcal{D}}_r{\mathcal{V}}_i]{\mathcal{C}}_l{\mathcal{R}}^{-1},\hfill \end{array}$$

(76)

$$\begin{array}{cc}\hfill {\mathcal{V}}_i& ={({\mathcal{C}}_l{\mathcal{R}}^{-1}{{\mathcal{C}}_l}^T-{\mathcal{E}}_i)}^{-1}>0,\hfill \end{array}$$

(77)

where $\mathcal{L}$ and $\mathcal{R}$ are arbitrary matrices satisfying $\left|\right|\mathcal{L}\left|\right|<1$ and $\mathcal{R}>0$ such that ${\mathcal{V}}_i$ is positive definite.

Matrix $Z_i$ is parameterized as follows:

$$Z_i=X^{-1}{\mathcal{X}}_i.$$

(78)

To summarize the stability analysis, it is necessary to ensure the feasibility of the solution of inequalities (71) and (72) to obtain a matrix $X>0$; then, using (74)–(77), matrix ${\mathcal{X}}_i$ must be determined from (70) to finally obtain matrix $Z_i$ from (78).

6. Case Study

Model of an Three-Tank Interconnected System

Interconnected tank systems are a fundamental tool in chemical process engineering. These systems consist of several tanks that are interconnected through pipes and valves. The aim of these systems is to control the liquid level in the tanks, as shown in Figure 3.

The interconnected three-tank system [24] is characterized by the following set of three differential equations:

$$\begin{array}{cc}\hfill x_1(k+1)& =x_1\left(k\right)-{\displaystyle \frac{T_d}{S_a}}\left[a_{z1}{S}_n\sqrt{2g(x_1\left(k\right)-x_3\left(k\right))}\right]+{\displaystyle \frac{T_d}{S_a}}{Q}_1\left(k\right),\hfill \\ \hfill x_2(k+1)& =x_2\left(k\right)+{\displaystyle \frac{T_d}{S_a}}\left[a_{z3}{S}_n\sqrt{2g(x_1\left(k\right)-x_3\left(k\right)}\right]-{\displaystyle \frac{T_d}{S_a}}{a}_{z2}{S}_n\sqrt{2g{x}_2\left(k\right)}+{\displaystyle \frac{T_d}{S_a}}{Q}_2\left(k\right),\hfill \\ \hfill x_3(k+1)& =x_3\left(k\right)+{\displaystyle \frac{T_d}{S_a}}\left[a_{z1}{S}_n\sqrt{2g(x_1\left(k\right)-x_3\left(k\right))}\right]-{\displaystyle \frac{T_d}{S_a}}{a}_{z3}{S}_n\sqrt{2g(x_3\left(k\right)-x_2\left(k\right)),}\hfill \end{array}$$

(79)

where $T_d=0.01$ is the discretization time, and $Q_1\left(k\right)$ and $Q_2\left(k\right)$ represent the flow rates of pump 1 and pump 2, respectively. $x_1\left(k\right)$, $x_2\left(k\right)$, and $x_3\left(k\right)$ denote the heights of the three interconnected tanks.

Table 1. Parameters of the system.

Parameter	Value	Units	Definition
$S_a$	0.0154	m2	Tank cross-section
$S_n$	$5\times {10}^{-5}$	m2	Pipe cross-section
g	$9.82$	m2/s	Gravity
$a{z}_1$	0.46	-	Outlet coefficient of tank 1
$a{z}_2$	0.58	-	Outlet coefficient of tank 2
$a{z}_3$	0.48	-	Outlet coefficient of tank 3

presents the parameters of the model.

By writing model (79) in a nonlinear state space representation, it is found that

$$\begin{array}{cc}\hfill x(k+1)& =A\left(x\right(k\left)\right)x\left(k\right)+Bu\left(k\right),\hfill \\ \hfill y\left(k\right)& =Cx\left(k\right),\hfill \end{array}$$

(80)

where $x\left(k\right)=\left[\begin{array}{c}{x}_1\left(k\right)\\ x_2\left(k\right)\\ x_3\left(k\right)\end{array}\right],y\left(k\right)=\left[\begin{array}{c}{x}_1\left(k\right)\\ x_2\left(k\right)\end{array}\right]$, $u\left(k\right)=\left[\begin{array}{c}{Q}_1\left(k\right)\\ Q_2\left(k\right)\end{array}\right]$, $A\left(x\left(k\right)\right)=\left[\begin{array}{ccc}{A}_{11}& 0& A_{13}\\ 0& A_{22}& A_{23}\\ A_{31}& A_{32}& A_{33}\end{array}\right]$,

$B=\left[\begin{array}{cc}{\displaystyle \frac{Td}{S_a}}& 0\\ 0& {\displaystyle \frac{Td}{S_a}}\\ 0& 0\end{array}\right],$$C=\left[\begin{array}{ccc}1& 0& 0\\ 0& 1& 0\end{array}\right]$,

$$\begin{array}{cc}\hfill A_{11}=& 1-{\displaystyle \frac{T_{d}a{z}_1{S}_n\sqrt{2g}}{S_a}}{\rho }_1\left(k\right),A_{13}=-{\displaystyle \frac{T_{d}a{z}_1{S}_n\sqrt{2g}}{S_a}}{\rho }_1\left(k\right),\hfill \\ \hfill A_{22}=& 1-{\displaystyle \frac{T_{d}a{z}_3{S}_n\sqrt{2g}}{S_a}}{\rho }_2\left(k\right)-{\displaystyle \frac{T_{d}a{z}_2{S}_n\sqrt{2g}}{S_a}}{\rho }_3\left(k\right),\hfill \\ \hfill A_{23}=& {\displaystyle \frac{T_{d}a{z}_3{S}_n\sqrt{2g}}{S_a}}{\rho }_2\left(k\right),A_{31}={\displaystyle \frac{a{z}_1{S}_n{T}_d\sqrt{2g}}{S_a}}{\rho }_2\left(k\right),A_{23}={\displaystyle \frac{T_{d}a{z}_3{S}_n\sqrt{2g}}{S_a}}{\rho }_2\left(k\right),\hfill \\ \hfill A_{33}=& 1-{\displaystyle \frac{T_{d}a{z}_1{S}_n\sqrt{2g}}{S_a}}{\rho }_1\left(k\right)-{\displaystyle \frac{T_{d}a{z}_3{S}_n}{S_a}}{\rho }_2\left(k\right),\hfill \end{array}$$

where $a{z}_1$, $a{z}_2$ and $a{z}_3$ are the outlet coefficients taking values from 0 to 1; $Q_1\left(k\right)$ and $Q_2\left(k\right)$ are input flow rates 1 and 2, respectively, and $S_a$ and $S_n$ are the cross-sections of the tank and pipe.

Examining the nonlinear model of System (80), three premise variables can be identified, and they are

$$\begin{array}{cc}\hfill {\rho }_1\left(k\right)& ={\displaystyle \frac{1}{\sqrt{x_1\left(k\right)-x_3\left(k\right)}}},{\rho }_2\left(k\right)={\displaystyle \frac{1}{\sqrt{x_3\left(k\right)-x_2\left(k\right)}}},\hfill \\ \hfill {\rho }_3\left(k\right)& ={\displaystyle \frac{1}{\sqrt{x_2\left(k\right)}}},\hfill \end{array}$$

To determine the maximum and minimum variations in each nonlinearity, the input behavior in Figure 4 and the parameters in Table 1 are considered to obtain the following values.

$$\begin{array}{cc}\hfill {\rho }_1\left(k\right):& \left\{\begin{array}{c}\underline{{\rho }_1}=\mathsf{min}\left\{{\displaystyle \frac{1}{\sqrt{x_1\left(k\right)-x_3\left(k\right)}}}\right\}=2.2305\hfill \\ \overline{{\rho }_1}=\mathsf{max}\left\{{\displaystyle \frac{1}{\sqrt{x_1\left(k\right)-x_3\left(k\right)}}}\right\}=4.7567\hfill \end{array}\right.\hfill \end{array}$$

(81)

$$\begin{array}{cc}\hfill {\rho }_2\left(k\right):& \left\{\begin{array}{c}\underline{{\rho }_2}=\mathsf{min}\left\{{\displaystyle \frac{1}{\sqrt{x_3\left(k\right)-x_2\left(k\right)}}}\right\}=3.1623\hfill \\ \overline{{\rho }_2}=\mathsf{max}\left\{{\displaystyle \frac{1}{\sqrt{x_3\left(k\right)-x_2\left(k\right)}}}\right\}=7.4649\hfill \end{array}\right.\hfill \end{array}$$

(82)

$$\begin{array}{cc}\hfill {\rho }_3\left(k\right):& \left\{\begin{array}{c}\underline{{\rho }_3}=\mathsf{min}\left\{{\displaystyle \frac{1}{\sqrt{x_2\left(k\right)}}}\right\}=1.5342\hfill \\ \overline{{\rho }_3}=\mathsf{max}\left\{{\displaystyle \frac{1}{\sqrt{x_2\left(k\right)}}}\right\}=2.0930\hfill \end{array}\right.\hfill \end{array}$$

(83)

The weighting functions are defined as follows:

$$\begin{array}{cc}\hfill n_0^1\left({\rho }_1\left(k\right)\right)& ={\displaystyle \frac{{\overline{\rho }}_1-{\rho }_1\left(k\right)}{\overline{{\rho }_1}-\underline{{\rho }_1}}},n_1^1\left({\rho }_1\left(k\right)\right)=1-n_0^1,\hfill \end{array}$$

(84)

$$\begin{array}{cc}\hfill n_0^2\left({\rho }_2\left(k\right)\right)& ={\displaystyle \frac{{\overline{\rho }}_2-{\rho }_2\left(k\right)}{\overline{{\rho }_2}-\underline{{\rho }_2}}},n_2^1\left({\rho }_2\left(k\right)\right)=1-n_0^2,\hfill \end{array}$$

(85)

$$\begin{array}{cc}\hfill n_0^3\left({\rho }_3\left(k\right)\right)& ={\displaystyle \frac{{\overline{\rho }}_3-{\rho }_3\left(k\right)}{\overline{{\rho }_3}-\underline{{\rho }_3}}},n_3^1\left({\rho }_3\left(k\right)\right)=1-n_0^3.\hfill \end{array}$$

(86)

In this case, the number of membership functions is $\kappa =2^3=8$, and they are defined by

$$\begin{array}{cc}\hfill {\mu }_1\left(\rho \right)& =n_0^1{n}_0^2{n}_0^3,{\mu }_2\left(\rho \right)=n_0^1{n}_0^2{n}_1^3,\hfill \\ \hfill {\mu }_3\left(\rho \right)& =n_0^1{n}_1^2{n}_0^3,{\mu }_4\left(\rho \right)=n_0^1{n}_1^2{n}_1^3,\hfill \\ \hfill {\mu }_5\left(\rho \right)& =n_1^1{n}_0^2{n}_0^3,{\mu }_6\left(\rho \right)=n_1^1{n}_0^2{n}_1^3,\hfill \\ \hfill {\mu }_7\left(\rho \right)& =n_1^1{n}_1^2{n}_0^3,{\mu }_8\left(\rho \right)=n_1^1{n}_1^2{n}_1^3.\hfill \end{array}$$

Then, the variables ${\rho }_1\left(k\right)$, ${\rho }_2\left(k\right)$, and ${\rho }_3\left(k\right)$ vary within a bounded region $\rho \left(k\right)=[\underline{\rho }\left(k\right),\overline{\rho }\left(k\right)]$, where $\underline{\rho }\left(k\right)$ and $\overline{\rho }\left(k\right)$ are the lower and upper bounds, respectively. Consequently, the following system matrices are obtained:

$$A\left(\rho \left(t\right)\right)=\left[\begin{array}{ccc}1-{\displaystyle \frac{T_d{C}_p\sqrt{pg}}{S}}{\rho }_1\left(k\right)& {\displaystyle \frac{T_d{C}_p\sqrt{pg}}{S}}{\rho }_1\left(k\right)& 0\\ {\displaystyle \frac{T_d{C}_p\sqrt{pg}}{S}}{\rho }_1\left(k\right)& 1-{\displaystyle \frac{T_d{C}_p\sqrt{pg}}{S}}({\rho }_1\left(k\right)+{\rho }_2\left(k\right))& {\displaystyle \frac{T_d{C}_p\sqrt{pg}}{S}}{\rho }_2\left(k\right)\\ 0& {\displaystyle \frac{T_d{C}_p\sqrt{pg}}{S}}{\rho }_2\left(k\right)& 1-{\displaystyle \frac{T_d{C}_p\sqrt{pg}}{S}}({\rho }_2\left(k\right)+{\rho }_3\left(k\right))\end{array}\right].$$

(87)

Then, the T-S model that represents the dynamics of model (1) is

$$x(k+1)=\left[{\mu }_1\left(\rho \left(k\right)\right)A_1+\cdots +{\mu }_8\left(\rho \left(k\right)\right)A_8\right]x\left(k\right)+Bu\left(k\right),$$

(88)

where the matrices that correspond to each local model are

$$\begin{array}{cc}\hfill A_1& =A(\underline{{\rho }_1},\underline{{\rho }_2},\underline{{\rho }_3}),A_2=A(\underline{{\rho }_1},\underline{{\rho }_2},\overline{{\rho }_3}),A_3=A(\underline{{\rho }_1},\overline{{\rho }_2},;\underline{{\rho }_3}),\hfill \\ \hfill A_4& =A(\underline{{\rho }_1},\overline{{\rho }_2},\overline{{\rho }_3}),A_5=A(\overline{{\rho }_1},\underline{{\rho }_2},\underline{{\rho }_3}),A_6=A(\overline{{\rho }_1},\underline{{\rho }_2},\overline{{\rho }_3}),\hfill \\ \hfill A_7& =A(\overline{{\rho }_1},\overline{{\rho }_2},\underline{{\rho }_3}),A_8=A(\overline{{\rho }_1},\overline{{\rho }_2},\overline{{\rho }_3}),\hfill \end{array}$$

where matrix $A\left(\rho \right)$ is defined in (87).

Finally, the mathematical T-S model of (88) can be rewritten as

$$\begin{array}{cc}\hfill x(k+1)& =\sum _{i=1}^8{\mu }_i\left(\rho \left(k\right)\right)\left(A_{i}x\left(k\right)\right)+Bu\left(k\right),\hfill \\ \hfill y\left(k\right)& =Cx\left(k\right).\hfill \end{array}$$

(89)

7. Simulation Results

The performance of the proposed GDO for detecting and isolating attacks is evaluated using the discrete T-S system model defined in (89), where $F_a=B$. The input signals, corresponding to the operation of two water pumps, are illustrated in Figure 4. These signals represent the variable flow rates that govern the system dynamics both under normal conditions and during various attack scenarios. The analysis of these signals serves as a foundation for understanding the effectiveness of the GDO in maintaining system stability and detecting deviations caused by external disruptions such as DoS, FDI, and RDI attacks.

The input signals $u\left(k\right)$ control the flow of water in the three-tank system and serve as the basis for system behavior. These signals are crucial for the simulation, as they establish a baseline for comparison when different attack scenarios are introduced. The following subsections present the system’s response in the presence of various attack types, focusing on state estimation accuracy, residual generation, and attack detection effectiveness.

Figure 5 shows the Markovian distribution logic signals used in the simulation, comparing the behavior of a uniform signal (black line) and a non-uniform signal (red line), which influences the attack activation patterns.

Three simulations will be presented below considering the different attack schemes $a\left(k\right)$ shown in Section 3 with uniform or non-uniform Markovian logic $\alpha \left(k\right)$, affecting one or both actuators of the CPS.

7.1. Simulated DoS Attack

The first simulation considers a DoS attack affecting the input $u_1\left(k\right)$ with uniform logic distribution. Figure 6 shows the system states and their estimations under these conditions. The observer effectively tracks the states despite the disruption caused by the attack.

Figure 7 presents the residuals generated by the observer. Residual 1 detects the attack on $u_1\left(k\right)$, demonstrating the observer’s ability to isolate the disruption effectively.

7.2. Simulated FDI Attack

The second simulation explores the impact of an FDI attack on $u_2\left(k\right)$ using a non-uniform logic distribution. Figure 8 illustrates the false data $b_a\left(k\right)$ injected into the system, which replace the original data to alter the system’s behavior.

Figure 9 shows the system states and their estimations. The observer handles the FDI attack’s challenges caused by its variable intensity and activation frequency. Residual 2, as shown in Figure 10, successfully detects the attack on $u_2\left(k\right)$.

Figure 10 shows the residuals in the scenario of the FDI attack, where only residual 2 detects the attack in $u_2\left(k\right).$

7.3. Simulated RDI Attack

The final simulation investigates a mixed attack scenario where $u_1\left(k\right)$ is subjected to an FDI attack and $u_2\left(k\right)$ is subjected to an RDI attack, with both under a uniform logic distribution. Figure 11 illustrates the system states and their estimations, while Figure 12 shows the residuals. Both residuals successfully identify the attacks, confirming the robustness of the observer.

Figure 11 shows the state estimation obtained from the observer.

In Figure 12, the residuals generated by the observer are shown, where both residues detect the scenario of simultaneous attacks.

7.4. Different Attacks

In this simulation, a different scheme of attacks in both inputs is considered. The input $u_1\left(k\right)$ is affected by an FDI attack, while the input $u_2\left(k\right)$ is affected by an RDI attack, both with a uniform logic distribution.

Figure 13 shows the system states and their estimations. In Figure 14, the residuals generated by the observer are presented, and both residues detect the attacks.

8. Conclusions

This article presents an approach for designing a GDO capable of detecting and isolating various attack schemes with Markovian logic in a discrete T-S cyber–physical system. The considered attack schemes include DoS attacks, FDI attacks, and RDI attacks. To realistically simulate attacker behavior, Markovian logic was employed, enabling the modeling of complex attack dynamics and enhancing the detection scheme’s effectiveness.

A discrete-time interconnected three-tank system was used as a case study due to its cyber–physical nature, which integrates physical components and digital communication. The stability conditions for the observer were verified using LMIs and leveraging the Schur complement and the elimination lemma to ensure feasible and robust solutions.

This approach demonstrates the effectiveness of a GDO in detecting and isolating attack schemes in CPSs. Moreover, the proposed scheme lays the groundwork for establishing an integrated diagnostic and detection system that can support the implementation of resilient or adaptive control schemes. These features aim to ensure both the security and functionality of the system in various attack scenarios.

However, while GDOs provide significant advantages, their application is not without limitations. A key limitation of the detection and isolation framework is that it addresses only part of the broader diagnostic and control process. Although the GDO effectively identifies and isolates attacks, these capabilities alone are insufficient to fully counteract the effects of the identified attack schemes. Achieving comprehensive system protection requires integrating additional control strategies based on the estimated attack signals, enabling the system inputs to be dynamically adjusted to mitigate adverse effects. Future research should focus on extending this approach to include attack compensation or robust control mechanisms that complement the observer’s current capabilities.