A Distributed Observer-Based Cyber-Attack Identification Scheme in Cooperative Networked Systems under Switching Communication Topologies

This paper studies an approach for detecting cyber attacks against networked cooperative systems (NCS) that are assumed to be working in a cyber-physical environment. NCS are prone to anomalies both due to cyber and physical attacks and faults. Cyber-attacks being more hazardous given the cooperative nature of the NCS may lead to disastrous consequences and thus need to be detected as soon as they occur by all systems in the network. Our approach deals with two types of malicious attacks aimed at compromising the stability of the NCS: intrusion attacks/local malfunctions on individual systems and deception/cyber-attacks on the communication between the systems. In order to detect and identify such attacks under switching communication topologies, this paper proposes a new distributed methodology that solves global state estimation of the NCS where the aim is identifying anomalies in the networked system using residuals generated by monitoring agents such that coverage of the entire network is assured. A cascade of predefined-time sliding mode switched observers is introduced for each agent to achieve a fast estimate of the global state whereby the settling time is an a priori defined parameter independently of the initial conditions. Then, using the conventional consensus algorithm, a set of residuals are generated by the agents that is capable of detecting and isolating local intrusion attacks and communication cyber-attacks in the network using only locally exchanged information. In order to prove the effectiveness of the proposed method, the framework is tested for a velocity synchronization seeking network of mobile robots.