ICPS comprehensive safety control system and method based on gcra-lightgbm under d-a detcs

By using the GCRA-LightGBM-based ICPS integrated security control system under D-ADETCS, the problem of communication resource configuration optimization in ICPS where multi-source covert FDI attacks and actuator failures coexist is solved. It realizes active intrusion tolerance control and optimized configuration of communication resources for multi-source covert FDI attacks, thereby improving the system's control performance and stability.

CN120742676BActive Publication Date: 2026-06-26LANZHOU UNIVERSITY OF TECHNOLOGY

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
LANZHOU UNIVERSITY OF TECHNOLOGY
Filing Date
2025-07-03
Publication Date
2026-06-26

AI Technical Summary

Technical Problem

Existing technologies are insufficient to effectively address the problem of communication resource configuration optimization in Industrial Cyber-Physical Systems (ICPS) where multi-source covert FDI attacks and actuator failures coexist. Furthermore, traditional single-end ADETCS lacks the capability to optimize communication resource configuration in multi-network node architectures.

Method used

The ICPS integrated security control system based on GCRA-LightGBM under D-ADETCS is adopted. By using adaptive discrete event triggers to filter data transmission, and combining data reconstruction repairers and robust observers, a hybrid active and passive intrusion tolerance strategy is constructed to optimize communication resource configuration and build a multi-source covert FDI attack model to improve the accuracy of data reconstruction and repair.

Benefits of technology

It achieves proactive intrusion tolerance control against multi-source covert FDI attacks, optimizes communication resource allocation, improves the system's control performance and dynamic balance regulation capability of communication resources, and provides a comprehensive security control theoretical basis for complex industrial systems.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN120742676B_ABST
    Figure CN120742676B_ABST
Patent Text Reader

Abstract

The application discloses a kind of GCRA- LightGBM-based ICPS comprehensive safety control system and method under D-ADETC, comprising: sampler, equal period sampling is carried out to sensor measurement output data;Self-adapting discrete event trigger A, transmission screening is carried out to sampling value, and the data meeting data transmission condition A is transmitted through sensing side communication network;Data reconfiguration restorer A, repair the system output data of sensing side suffered FDI attack, and control quantity is obtained after the repaired data is acted on by robust observer and controller;Self-adapting discrete event trigger B, transmission screening is carried out to control quantity, and the control quantity meeting data transmission condition B is transmitted through execution side communication network;Data reconfiguration restorer B, repair the control data of execution side suffered FDI attack, utilize zero-order hold to keep the control quantity after repair, and be acted on by actuator to controlled object, complete the comprehensive safety control of ICPS.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of industrial cyber-physical system security technology, and more specifically to an integrated ICPS security control system and method based on GCRA-LightGBM. Background Technology

[0002] Industrial Cyber-Physical Systems (ICPS), which deeply integrate communication networks with industrial physical systems, are the mainstream control architecture for modern large-scale complex industrial systems. They realize core functions such as resource sharing, precise control, and remote collaboration in industrial scenarios, and have become an important technological carrier driving the intelligent transformation of global industry. However, with the expansion of system deployment scale and the increasing complexity of control structures, ICPS faces various risks and challenges in actual operation and maintenance:

[0003] In terms of network security, ICPS faces threats such as Denial of Service (DoS) attacks, FDI (Fake Data Injection), and data replay attacks. FDI refers to attackers injecting fake data into the system by exploiting vulnerabilities in the data transmission network. This type of data can circumvent conventional industrial residual detection mechanisms and maliciously tamper with critical data in the system, thereby compromising the integrity of system state estimation and the effectiveness of control decisions. Therefore, building a robust intrusion prevention control architecture and proactive intrusion prevention strategies against FDI attacks has become a key focus and challenge in current ICPS network security control research.

[0004] In response to the characteristics of FDI attacks, such as strong spatiotemporal concealment, high detection difficulty, and complex defense mechanisms, scholars have conducted research from two dimensions: attack modeling and defense strategies. Regarding attack mechanisms, some scholars have constructed attack models capable of circumventing traditional industrial residual detection mechanisms, completing malicious attacks by compromising the accuracy of system state estimation. In the field of defense technology, some scholars have proposed a hybrid active-passive intrusion tolerance strategy based on a fusion of data-driven and mechanism analysis methods for ICPS subjected to covert FDI attacks. These two studies have deepened the theoretical framework of FDI attack and defense from the perspectives of attack mechanism models and defense system construction, respectively. However, in addition to concealment, distributed network attacks and the target selectivity of FDI also bring a series of significant challenges to intrusion tolerance control research.

[0005] In terms of physical security, the functional degradation or failure of some key components in ICPS may lead to system performance degradation or even global crash.

[0006] Furthermore, with the rapid development of ICPS, the complexity of system control decisions continues to increase, while limited network data transmission bandwidth resources are insufficient to meet its development needs. To address this issue, some scholars have proposed a communication triggering mechanism: by monitoring the system's operating status in real time and dynamically deciding the timing of data transmission, an adaptive discrete event triggered communication mechanism (ADETCS) with trigger parameters dynamically adjusted according to the system status can effectively alleviate the data transmission pressure of ICPS. However, the traditional single-end ADETCS has insufficient communication resource configuration optimization capabilities for ICPS with a multi-network node architecture.

[0007] Therefore, how to develop a comprehensive security control method that combines fault tolerance and attack tolerance for ICPS that suffers from both multi-source covert FDI attacks and actuator failures, and how to optimize the configuration and utilization of communication resources in ICPS with multi-network node architecture, are problems that urgently need to be solved by those skilled in the art. Summary of the Invention

[0008] In view of this, the present invention provides an ICPS integrated safety control system and method based on GCRA-LightGBM under D-ADETCS to solve some of the technical problems mentioned in the background art.

[0009] To achieve the above objectives, the present invention adopts the following technical solution:

[0010] A D-ADETCS-based ICPS integrated safety control system based on GCRA-LightGBM includes: a controlled object, an intelligent sensing unit, a dual-sided communication network, an intelligent control unit, and an intelligent execution unit;

[0011] The intelligent sensing unit includes a sensor, a sampler, and an adaptive discrete event trigger A;

[0012] A sampler is used to periodically sample the sensor's measurement output data.

[0013] Adaptive discrete event trigger A is used to filter the system output sample values ​​for transmission, and transmit the system output data that meets the data transmission condition A to the intelligent control unit through the communication network on the sensing side.

[0014] The intelligent control unit data includes a data reconstruction and repairer A, a robust observer, a controller, and an adaptive discrete event trigger B;

[0015] Data reconstruction repairer A is used to repair the system output data that has been attacked by FDI on the sensing side. The repaired output data is used to obtain the control quantity after being processed by the robust observer and controller.

[0016] The adaptive discrete event trigger B is used to filter the transmission of control quantities and transmit the control quantities that meet the data transmission condition B to the intelligent execution unit through the communication network on the execution side.

[0017] The intelligent execution unit includes a data reconstruction and repair unit B, a zero-order hold, and an actuator;

[0018] Data Reconstruction Repairer B is used to repair control data that has been attacked by FDI on the execution side. It uses a zero-order hold to hold the repaired control quantity and transmits the holding result to the actuator. Finally, it is applied to the controlled object to complete the comprehensive security control of ICPS.

[0019] Preferably, the triggering conditions for adaptive discrete event trigger A and adaptive discrete event trigger B are as follows:

[0020]

[0021] Where, Φ A ,Φ B These are the event triggering weight matrices for the sensing side and the execution side, respectively; σ A (t k h),σ B (t k h) is the triggering parameter for distributed adaptive discrete event communication; e y (i k h)=y(i k h)-y(t k h) represents the event triggering error on the sensing side, e u (t k h)=u(t k h)-u(j k h) represents the execution-side event triggering error; y(i k h),y(t k h) represents the current sampled value of the sensor and the system output that met the trigger condition at the previous moment, respectively; u(t) k h), u(j) k h) represents the current control quantity of the controller and the control quantity after being filtered to meet the trigger conditions at the previous moment, respectively, and i k h = t k h+mh(m∈N), t k h = j k h+nh (n∈N); h is the sampling period;

[0022] To address the non-uniformity of data transmission and resource constraints in the system, the triggering parameters are made dynamic. Considering the negative correlation between the rate of change of the adaptive discrete event communication triggering threshold and the fluctuation of system data, a triggering threshold function that adaptively adjusts according to system behavior is designed based on the cosine function.

[0023] Preferably, the trigger threshold function of the adaptive discrete event trigger A is as follows:

[0024]

[0025] Among them, e y (t k h)=y(i k h)-y(t k-1 h) represents the error in the transmission event at the sensing end; The upper and lower bounds of the adaptive discrete event communication triggering parameters for the sensing end; The allowable transmission event error threshold; α > 0 is the sensor end error influence factor; z A (t k h)=1-||y(t k-1 h)|| / ||y(t k h)|| is the normalized value of the transmission event error at the sensing end;

[0026] The trigger threshold function for adaptive discrete event trigger B is as follows:

[0027]

[0028] Among them, e u (j k h)=u(t k h)-u(j k-1 h) represents the transmission event error at the execution end; The upper and lower bounds of the adaptive discrete event communication triggering parameters for the execution end; The allowable transmission event error threshold; β > 0 is the execution-side error impact factor; z B (t k h)=1-||u(j k-1 h)|| / ||u(j k h)|| is the normalized value of the transmission event error at the sensing end;

[0029] Preferably, the back-end output of the system's two-sided communication network is as follows:

[0030]

[0031] in, These are the output signals from the communication network backends of the system's sensing and execution sides, respectively, under attack; y(t) k h),u(j k h) are the output signals of the communication network backends of the original system's sensing and execution sides, respectively; a y (t kh) is the sensor-side FDI attack signal; a u (j k h) is the execution side FDI attack signal.

[0032] Preferably, for FDI attack signals, based on the effectiveness and concealment conditions of multi-source covert FDI attacks, a multi-source covert FDI attack model based on system structure data is constructed, specifically as follows:

[0033]

[0034] in, and These are multiplicative attack information for FDI on the sensing and execution sides, respectively. and These are additive attack information for FDI on the sensing and execution sides, respectively. and These are progressive attack target selection matrices for FDI on the sensing and execution sides, respectively.

[0035] Preferably, the specific content of the system output data repaired by data reconstruction repairer A for the sensing side under FDI attack is as follows:

[0036] By collecting system network backend data from the sensor-side network that is under FDI attack. and normal system output data y(t) k h), and perform differential operations to complete the sensor-side FDI attack information a y (t k Extraction of h); As feature data, a y (t k h) Using the target data, a LightGBM attack reconstruction model optimized with the GCRA algorithm is trained, and a data repairer A is constructed by combining mechanistic analysis methods:

[0037]

[0038] in, The output data for the repaired system. For reconstructed FDI information;

[0039] During system operation, data is obtained from the actual network backend. Drive Data Repairer A actively repairs the system output data of the sensor-side network that has been attacked by FDI.

[0040] Preferably, the specific content of the data reconstruction and repair tool B used to repair control data subjected to FDI attacks on the execution side is as follows:

[0041] By collecting system network backend data that was subjected to FDI attacks on the execution side network and normal control data u(j k h), and perform differential operations to complete the execution-side FDI attack information a u (j k Extraction of h); As feature data, a u (j k h) Using the target data, a LightGBM attack reconstruction model optimized with the GCRA algorithm is trained, and a data reconstruction and repair tool B is constructed by combining mechanistic analysis methods:

[0042]

[0043] in, Output data for the repaired system; For reconstructed FDI information;

[0044] During system operation, data is obtained from the actual network backend. The Drive Data Reconstruction Repairer B actively repairs the control variables of the execution-side network that have been subjected to FDI attacks.

[0045] Preferably, the data reconstruction and repair error of the data reconstruction repairer is corrected. To treat this as a special type of measurement noise, a robust observer is designed, specifically as follows:

[0046]

[0047] in, Let A, B, C, and E be the estimated values ​​of the system state and output, respectively, and u(t) be the control input vector. f All are matrices of known appropriate dimensions; L2 is the state gain matrix, and F is the fault gain matrix. τ is the fault estimate. A (t) represents the data transmission delay of the sensing system, and τ(t) represents the data transmission delay of the entire system.

[0048] Preferably, the controller adopts a dynamic feedback integrated safety control strategy, specifically as follows:

[0049]

[0050] in, and For the observation results, K is the controller gain matrix. B is the state feedback control variable. * The fault regulation matrix satisfies (I-BB) * E f =0; This is the amount of active compensation for actuator failure.

[0051] A D-ADETCS-based ICPS integrated security control method based on GCRA-LightGBM, comprising:

[0052] The sampler samples the sensor's measurement output data at equal intervals.

[0053] The system output sample values ​​are filtered for transmission, and the system output data that meets data transmission condition A is transmitted through the communication network on the sensing side.

[0054] Repair the system output data that has been attacked by FDI on the sensing side. The repaired output data is then processed by a robust observer and controller to obtain the control quantity.

[0055] The control quantities are filtered for transmission, and those that meet data transmission condition B are transmitted through the communication network on the execution side.

[0056] Repair the control data that has been attacked by FDI on the execution side, maintain the repaired control data, and transmit it to the actuator to act on the controlled object, thus completing the comprehensive security control of ICPS.

[0057] As can be seen from the above technical solutions, compared with the prior art, this invention discloses an integrated ICPS security control system and method based on GCRA-LightGBM under D-ADETCS. Taking into account the concealment of FDI and the ability to select attack targets in actual industrial scenarios, it constructs a novel multi-source concealed FDI attack model to study the integrated ICPS security control problem of distributed network attacks and actuator failures coexisting under the D-ADETCS architecture of distributed adaptive discrete event triggered communication mechanism. Based on the GCRA algorithm, it optimizes some key hyperparameters of the LightGBM model, effectively improving the repair accuracy of the data reconstruction and repair device. By integrating data-driven and mechanism analysis methods, it constructs an integrated security control architecture that combines active fault tolerance, active-passive hybrid invasion tolerance, and communication collaboration. It deeply analyzes the negative correlation logic between triggering parameters and system data fluctuations, and designs a novel adaptive discrete event triggering threshold function based on cosine law to achieve dynamic balance control between optimized control performance and communication resources. This invention provides theoretical basis and technical support for achieving integrated security control with both fault tolerance and invasion tolerance in complex industrial systems. Attached Figure Description

[0058] To more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are only embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on the provided drawings without creative effort.

[0059] Figure 1 A schematic diagram of an ICPS integrated safety control system based on GCRA-LightGBM under D-ADETCS provided for this invention;

[0060] Figure 2 This is a timing diagram of non-uniform data transmission under dual-ended ADETCS provided by the present invention;

[0061] Figure 3 This is a schematic diagram of the data repair process based on GCRA-LightGBM provided by the present invention;

[0062] Figure 4 The flowchart of hyperparameter optimization based on GCRA provided for this invention;

[0063] Figure 5 A simulation verification diagram of the multi-source covert FDI attack provided by the present invention;

[0064] Figure 6 A schematic diagram of the output response of a system based on an elastic control method is provided for this invention.

[0065] Figure 7 This is a schematic diagram of the system output response under the ICPS integrated security control strategy provided by the present invention. Detailed Implementation

[0066] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0067] This invention discloses an ICPS integrated safety control system based on GCRA-LightGBM under D-ADETCS, such as... Figure 1 and Figure 2 It includes: the controlled object, intelligent sensing unit, dual-sided communication network, intelligent control unit and intelligent execution unit;

[0068] The intelligent sensing unit includes a sensor, a sampler, and an adaptive discrete event trigger A;

[0069] A sampler is used to periodically sample the sensor's measurement output data.

[0070] Adaptive discrete event trigger A is used to filter the system output sample values ​​for transmission, and transmit the system output data that meets the data transmission condition A to the intelligent control unit through the communication network on the sensing side.

[0071] The intelligent control unit data includes a data reconstruction and repairer A, a robust observer, a controller, and an adaptive discrete event trigger B;

[0072] Data reconstruction repairer A is used to repair the system output data that has been attacked by FDI on the sensing side. The repaired output data is used to obtain the control quantity after being processed by the robust observer and controller.

[0073] The adaptive discrete event trigger B is used to filter the transmission of control quantities and transmit the control quantities that meet the data transmission condition B to the intelligent execution unit through the communication network on the execution side.

[0074] The intelligent execution unit includes a data reconstruction and repair unit B, a zero-order hold, and an actuator;

[0075] Data Reconstruction Repairer B is used to repair control data that has been attacked by FDI on the execution side. It uses a zero-order hold to hold the repaired control quantity and transmits the holding result to the actuator. Finally, it is applied to the controlled object to complete the comprehensive security control of ICPS.

[0076] Adaptive discrete event triggers A and B constitute D-ADETCS to achieve multiple controls on system data transmission; data repairers A and B constitute a distributed active intrusion tolerance control framework to achieve active intrusion tolerance control against multi-source covert FDI attacks.

[0077] In this embodiment, the controlled object is first described. Specifically, for a type of continuous-time ICPS with actuator failure, external disturbance, and noise, it can be described as follows:

[0078]

[0079] In the formula, For system state variables, To control the input vector, This is the output vector measured and sampled by the sensor; and These are respectively measured noise and external disturbance; For a continuously time-varying fault in the actuator, and the derivative of f(t) is bounded, i.e., there exists a constant f1 such that... A,B,C,E f E w Ev All of them are matrices of known appropriate dimensions.

[0080] Under the combined action of the sampler and D-ADETCS, the data transmission in the closed-loop control system exhibits non-uniformity, while the controlled object is continuous. To address the non-uniform data transmission problem, a time delay function is defined as follows:

[0081] τ A (t)=tt k h,t∈[t k h,t k+1 h]

[0082] τ B (t)=t k hj k h,t k h∈[j k h,j k+1 h]

[0083] τ(t)=tj k h,t∈[j k h,j k+1 h]

[0084] In the formula, τ A (t) represents the data transmission delay of the sensing system, τ B (t) represents the data transmission delay of the execution-side system, τ(t) represents the data transmission delay of the entire system, and τ(t)∈[h,h1), where h1 is determined by D-ADETCS. The maximum allowable delay determined jointly.

[0085] To further implement the above technical solution, the triggering conditions for adaptive discrete event trigger A and adaptive discrete event trigger B are as follows:

[0086]

[0087] Where, Φ A ,Φ B These are the event triggering weight matrices for the sensing side and the execution side, respectively; σ A (t k h),σ B (t k h) is the triggering parameter for distributed adaptive discrete event communication; e y (i k h)=y(i k h)-y(t k h) represents the event triggering error on the sensing side, e u (t k h)=u(t k h)-u(j kh) represents the execution-side event triggering error; y(i k h),y(t k h) represents the current sampled value of the sensor and the system output that met the trigger condition at the previous moment, respectively; u(t) k h), u(j) k h) represents the current control quantity of the controller and the control quantity after being filtered to meet the trigger conditions at the previous moment, respectively, and i k h = t k h+mh(m∈N), t k h = j k h+nh (n∈N); h is the sampling period;

[0088] To address the non-uniformity of data transmission and resource constraints in the system, the triggering parameters are made dynamic. Considering the negative correlation between the rate of change of the adaptive discrete event communication triggering threshold and the fluctuation of system data, a triggering threshold function that adaptively adjusts according to system behavior is designed based on the cosine function.

[0089] To further implement the above technical solution, the trigger threshold function of the adaptive discrete event trigger A is specifically as follows:

[0090]

[0091] Among them, e y (t k h)=y(i k h)-y(t k-1 h) represents the error in the transmission event at the sensing end; The upper and lower bounds of the adaptive discrete event communication triggering parameters for the sensing end; The allowable transmission event error threshold; α > 0 is the sensor end error influence factor; z A (t k h)=1-||y(t k-1 h)|| / ||y(t k h)|| is the normalized value of the error in the transmission of the sensing end;

[0092] The trigger threshold function for adaptive discrete event trigger B is as follows:

[0093]

[0094]

[0095] Among them, e u (j k h)=u(t k h)-u(j k-1 h) represents the transmission event error at the execution end; The upper and lower bounds of the adaptive discrete event communication triggering parameters for the execution end; The allowable transmission event error threshold; β > 0 is the execution-side error impact factor; z B (t k h)=1-||u(j k-1 h)|| / ||u(j k h)|| is the normalized value of the transmission event error at the sensing end;

[0096] In this embodiment, the trigger threshold functions of adaptive discrete event triggers A and B, established based on the mathematical properties of the cosine function, both consider the negative correlation between the rate of change of the communication trigger threshold and the fluctuation of system data. That is, when the fluctuation of system data increases, the rate of decrease of the communication trigger threshold is faster; when the fluctuation of system data is smaller, the rate of decrease of the communication trigger parameter is slower.

[0097] Specifically, when the system data transmission error is too large, that is... Trigger parameters are The limitations on data transmission bandwidth are significantly relaxed, allowing the system to enter a high-frequency data transmission state, thereby improving system control accuracy. When the system data transmission error is too small, to address the potential monitoring failure caused by the data transmission error falling below a set threshold, a preset trigger parameter upper limit is used to strictly limit the data transmission delay within a controllable range, effectively avoiding the risk of misjudgment by the control unit due to transmission channel failure. When the data transmission error is within a preset range, a preset error influence factor is used to adjust the correlation between the normalized value of the transmission event error and the trigger threshold. A nonlinear trigger parameter adjustment mechanism is constructed based on the cosine law to achieve reasonable control of the trigger threshold adjustment rate according to data fluctuations. When the normalized value of the transmission event error exceeds the critical threshold, Λ A (t k h) Set to zero to put the system into a high-frequency data transmission state, thereby increasing the overall system adjustment efficiency.

[0098] To further implement the above technical solution, the back-end output of the system's dual-sided communication network is specifically as follows:

[0099]

[0100] in, These are the output signals from the communication network backends of the system's sensing and execution sides, respectively, under attack; y(t) k h),u(j k h) are the output signals of the communication network backends of the original system's sensing and execution sides, respectively; a y (t k h) is the sensor-side FDI attack signal; a u (j kh) is the execution side FDI attack signal.

[0101] To further implement the above technical solution, based on the conventional industrial residual detection mechanism, the following observer with fault tolerance and anti-interference capabilities is preset:

[0102]

[0103] in, , respectively, represent the estimated values ​​of the system state and output; L1 represents the conventional state gain matrix to be solved.

[0104] The normal system state estimation error is And the system state estimation error under attack is To ensure the effectiveness of FDI, the state estimation error component introduced by multi-source covert FDI attacks... Not lower than the allowable error threshold e during stable system operation th :

[0105]

[0106] The system output residual is To ensure that FDI meets the attack stealth requirements, the system output residual of a multi-source stealthy FDI attack... The residual threshold J is not exceeded during normal and stable system operation. th :

[0107]

[0108] Based on the effectiveness and stealth conditions of multi-source covert FDI attacks, a multi-source covert FDI attack model based on system structure data is constructed as follows:

[0109]

[0110]

[0111] in, and These are multiplicative attack information for FDI on the sensing and execution sides, respectively. and These are additive attack information for FDI on the sensing and execution sides, respectively. and These are progressive attack target selection matrices for FDI on the sensing and execution sides, respectively.

[0112] To further implement the above technical solutions, such as Figure 3 The specific content of the data reconstruction and repair tool A repairing the system output data that was attacked by FDI on the sensing side is as follows:

[0113] By collecting system network backend data from the sensor-side network that is under FDI attack. and normal system output data y(t) k h), and perform differential operations to complete the sensor-side FDI attack information a y (t k Extraction of h); As feature data, a y (t k h) Using the target data, a LightGBM attack reconstruction model optimized with the GCRA algorithm is trained, and a data repairer A is constructed by combining mechanistic analysis methods:

[0114]

[0115] in, The output data for the repaired system. For reconstructed FDI information;

[0116] During system operation, data is obtained from the actual network backend. Drive Data Repairer A actively repairs the system output data of the sensor-side network that has been attacked by FDI.

[0117] To further implement the above technical solution, the specific content of the data reconstruction and repair tool B used to repair control data on the execution side that has been subjected to an FDI attack is as follows:

[0118] By collecting system network backend data that was subjected to FDI attacks on the execution side network and normal control data u(j k h), and perform differential operations to complete the execution-side FDI attack information a u (j k Extraction of h); As feature data, a u (j k h) Using this as target data, a LightGBM attack reconstruction model optimized with the GCRA algorithm is trained, and a data reconstruction and repair tool B is constructed by combining mechanistic analysis methods.

[0119]

[0120] in, Output data for the repaired system; For reconstructed FDI information;

[0121] During system operation, data is obtained from the actual network backend. The Drive Data Reconstruction Repairer B actively repairs the control variables of the execution-side network that have been subjected to FDI attacks.

[0122] In an embodiment, such as Figure 4 The specific content of training the LightGBM attack reconstruction model optimized by the GCRA algorithm is as follows:

[0123] Based on the GCRA algorithm, some key hyperparameters of LightGBM (learning rate, number of decision trees, maximum depth of decision trees, and number of leaf nodes) are optimized, such as... Figure 4 As shown, the optimization process of GCRA is divided into two stages: search and development.

[0124] During the search phase, the cane rat population (X) forages from different nests. Each cane rat plans its own search trajectory based on path information left by the dominant male, which can be expressed mathematically as follows:

[0125]

[0126] In the formula, x i,j This represents the individual mouse at position i in dimension j. Indicates the new individual mouse position, x k,j The position of the dominant male rat is represented by C, which is a random number defined within the problem space boundary, and r is the coefficient for simulating the reduction of food sources.

[0127] After each search, the system evaluates the fitness of each male mouse to update the dominant male mouse, achieving a global traversal of the search space and ensuring that the algorithm can find potential optimal solutions. Its mathematical expression is:

[0128]

[0129] In the formula, X i F represents the state of the i-th upcoming or new cane rat population. i This represents the target fitness value of the dominant mouse, where α and β are preset parameters.

[0130] During the development phase, male mice leave the group, while the remaining mice gather in areas rich in food resources to forage. In this process, the group randomly selects the location of a female mouse to determine a new foraging site and then forages around that location. This mechanism allows the algorithm to perform refined exploration within a specific area, thus achieving local optimization. Its mathematical expression is:

[0131]

[0132] In the formula, x m,j This indicates the position of the selected female mouse, where u is a preset parameter.

[0133] To further implement the above technical solution, the data reconstruction and repair error of the data reconstruction repairer will be addressed. To treat this as a special type of measurement noise, a robust observer is designed, specifically as follows:

[0134]

[0135] in, Let A, B, C, and E be the estimated values ​​of the system state and output, respectively, and u(t) be the control input vector. f All are matrices of known appropriate dimensions; L2 is the state gain matrix, and F is the fault gain matrix. τ is the fault estimate. A (t) represents the data transmission delay of the sensing system, and τ(t) represents the data transmission delay of the entire system.

[0136] In this embodiment, the robust observer is designed as follows:

[0137] Reconstructing Multi-Source Covert FDI Attack Information Using GCRA-LightGBM and Based on this information, proactive repairs were performed on the system data affected by the FDI attack. The network backend output after the repair is described below:

[0138]

[0139] make The data reconstruction and repair errors at the sensing and execution ends are respectively. These errors objectively exist during system operation and are uncertain; therefore, they can be regarded as special measurement noise. Combining the system description and the repaired network backend output description, the following system description can be obtained:

[0140]

[0141] definition The following description of the augmented error system can be obtained:

[0142]

[0143] For ease of calculation, let The above error systems are integrated into an augmented error system:

[0144]

[0145] In the formula,

[0146]

[0147] Furthermore, a Lyapunov-Krasovskii functional of the following form is constructed:

[0148]

[0149] in,

[0150]

[0151] According to Lyapunov's second method, the state and fault gain matrices L2 and F are obtained, which make the augmented error system asymptotically stable in the absence of disturbance and satisfy the performance index under disturbance:

[0152]

[0153] In this embodiment, to address data reconstruction and repair errors under multi-source covert FDI attacks, the observer design employs a mechanistic analysis method to treat these errors as a special type of noise and handles them using a robust coping strategy, thus achieving a clever fusion of data-driven and mechanistic analysis methods. Simultaneously, a dual γ-constraint mechanism is introduced to address multi-source data reconstruction and repair errors. and Targeted constraints are applied to further enhance ICPS's defense capabilities against multi-source covert FDI attacks.

[0154] Because the observation data after attack compensation contains sensor data reconstruction and repair errors, although the data reconstruction repairer and robust observer have performed reconstruction repair and robustness against multi-source covert FDI attacks, there are still residual attack energy that has not been completely processed.

[0155] To further implement the above technical solution, the controller design not only possesses fault tolerance capabilities but also implicitly includes the ability to withstand multi-source FDI attacks, balancing fault tolerance and attack resistance performance. A dynamic feedback integrated security control strategy is adopted, specifically:

[0156]

[0157] in, and For the observation results, K is the controller gain matrix. B is the state feedback control variable. * The fault regulation matrix satisfies (I-BB) * E f =0; This is the amount of active compensation for actuator failure.

[0158] The ICPS closed-loop model is further obtained as follows:

[0159]

[0160] in, To reconstruct and repair errors in the execution-side data; state estimation error e x (t-τ A (t) and fault estimation error ef (t-τ A (t) all converge asymptotically; To address the characteristics of continuous fault sampling, the cross-term inequality technique is employed to obtain results with less conservatism.

[0161] Furthermore, a Lyapunov-Krasovskii functional of the following form is constructed:

[0162]

[0163] in,

[0164]

[0165] According to Lyapunov's second method, the control gain matrix K and the event triggering weight matrix Φ are obtained. A ,Φ B This ensures that the closed-loop control system is asymptotically stable in the absence of disturbances and meets performance indicators under disturbances:

[0166]

[0167] In another embodiment, the effectiveness and performance advantages of the present invention are verified based on a typical industrial four-tank simulation example, specifically:

[0168] (1) Simulation verification of the effectiveness, concealment, and target selectivity of multi-source covert FDI, such as... Figure 5 As shown, Figure 5 Figure (a) shows the variation curve of the state estimation error component introduced by the multi-source covert FDI attack, which is used to verify the effectiveness of multi-source covert FDI. Figure 5 Figure (b) shows the variation curve of the system output residual under a multi-source covert FDI attack, which is used to verify the covertness of multi-source covert FDI.

[0169] When 200s≤t≤650s, the system is attacked by multi-source covert FDI. The internal state estimation error component of the system under attack is significantly higher than the error threshold (0.2), while the system output residuals are all lower than the residual threshold (0.47). This indicates that the FDI model preset in this invention achieves the expected attack effect while satisfying the covertness.

[0170] Figure 5 Figure (c) in the middle and Figure 5 Figure (d) shows the variation curves of the front / back end output errors of the communication network on the sensor side and execution side of the system under a multi-source covert FDI attack, which are used to verify the target selectivity of multi-source covert FDI attacks.

[0171] When 200s≤t≤400s, the system execution side network is attacked by FDI and exhibits the ability to progressively expand with different output channels; when 250s≤t≤650s, the system sensing side network is also attacked by FDI and similarly exhibits the ability to progressively expand with different output channels.

[0172] (2) In order to demonstrate the performance advantages of the D-ADETCS designed in this invention, Table 1 shows the system data transmission under different trigger schemes DETCS, ADETCS and D-ADETCS. It can be seen that the data transmission volume under D-ADETCS of this invention is lower and the energy saving rate (η=(Nm) / N×100%, where N is the total number of data packets and m is the data transmission volume) is significantly improved compared with the control scheme, indicating that D-ADETCS has a better effect in optimizing the dynamic balance between the control performance and communication resource allocation of ICPS with multiple network nodes.

[0173] Table 1. System data transmission under different triggering schemes:

[0174]

[0175] (3) To verify the effectiveness and advantages of the comprehensive security control strategy constructed in this invention, Figure 6 The system output response curve based on the elastic control method is given. Figure 7 The system output response curve of this invention is given. It can be seen that... Figure 6 The system output exhibits significant fluctuations, making it impossible to maintain the system output within a controllable fluctuation range; analysis Figure 7 We can conclude that: when t < 200s, the system output response quickly stabilizes; when 200 ≤ t ≤ 250s, the system's execution-side network is attacked by FDI, and the system output response remains stable without significant fluctuations; when 250 ≤ t ≤ 300s, both sides of the system's network are attacked by FDI, and the system output response exhibits slight fluctuations but remains stable; when 300 ≤ t ≤ 400s, both sides of the system's network are attacked by FDI and an actuator failure occurs, causing fluctuations in the system output response, with a sudden change to -0.12 at t = 300s, the fluctuation amplitude being small and its impact on the system negligible; when 400 ≤ t ≤ 650s, the system's sensing-side network is attacked by FDI and affected by an actuator failure, the system output response fluctuations are within ±0.06, and its impact on the system is also negligible; when 650 ≤ t ≤ 800s, the system is only affected by an actuator failure, and the system output response shows no significant fluctuations and remains stable.

[0176] A D-ADETCS-based ICPS integrated security control method using GCRA-LightGBM, comprising:

[0177] The sampler samples the sensor's measurement output data at equal intervals.

[0178] The system output sample values ​​are filtered for transmission, and the system output data that meets data transmission condition A is transmitted through the communication network on the sensing side.

[0179] Repair the system output data that has been attacked by FDI on the sensing side. The repaired output data is then processed by a robust observer and controller to obtain the control quantity.

[0180] The control quantities are filtered for transmission, and those that meet data transmission condition B are transmitted through the communication network on the execution side.

[0181] Repair the control data that has been attacked by FDI on the execution side, maintain the repaired control data, and transmit it to the actuator to act on the controlled object, thus completing the comprehensive security control of ICPS.

[0182] In this embodiment, while deploying an adaptive discrete event triggering mechanism at the sensing end, an adaptive discrete event triggering mechanism is also introduced at the execution end. D-ADETCS filters the system's output data and control quantities respectively, thereby ensuring control performance while further alleviating the contradiction between massive control data transmission and communication resources of each network node in the system. Based on the characteristics of actual FDI, the mechanism of FDI intercepting system data and injecting false data is simulated in the communication network module. The aim is to achieve more realistic FDI intrusion control through in-depth simulation and analysis of typical FDI behaviors. For multi-source covert FDI attacks, a first data reconstruction repairer and a second data reconstruction repairer based on GCRA-LightGBM are introduced in the system control unit and execution unit respectively. This is used to reconstruct the covert FDI attacks that appear in each network node of the system, and the attack reconstruction information is used to repair the data under the attack, in order to achieve proactive intrusion control against multi-source covert FDI attacks.

[0183] A processing terminal includes a memory and a processor. The memory stores a computer program that can run on the processor. When the processor executes the computer program, it implements an ICPS integrated security control method based on GCRA-LightGBM.

[0184] The various embodiments in this specification are described in a progressive manner, with each embodiment focusing on its differences from other embodiments. Similar or identical parts between embodiments can be referred to interchangeably. For the apparatus disclosed in the embodiments, since they correspond to the methods disclosed in the embodiments, the description is relatively simple; relevant parts can be referred to the method section.

[0185] The above description of the disclosed embodiments enables those skilled in the art to make or use the invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the general principles defined herein may be implemented in other embodiments without departing from the spirit or scope of the invention. Therefore, the invention is not to be limited to the embodiments shown herein, but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims

1. A D-ADETCS-based ICPS integrated safety control system using GCRA-LightGBM, characterized in that, include: Controlled object, intelligent sensing unit, two-sided communication network, intelligent control unit and intelligent execution unit; The intelligent sensing unit includes a sensor, a sampler, and an adaptive discrete event trigger A; A sampler is used to periodically sample the sensor's measurement output data. Adaptive discrete event trigger A is used to filter the system output sample values ​​for transmission, and transmit the system output data that meets the data transmission condition A to the intelligent control unit through the communication network on the sensing side. The intelligent control unit data includes a data reconstruction and repairer A, a robust observer, a controller, and an adaptive discrete event trigger B; Data reconstruction repairer A is used to repair the system output data that has been attacked by FDI on the sensing side. The repaired output data is used to obtain the control quantity after being processed by the robust observer and controller. The adaptive discrete event trigger B is used to filter the transmission of control quantities and transmit the control quantities that meet the data transmission condition B to the intelligent execution unit through the communication network on the execution side. The intelligent execution unit includes a data reconstruction and repair unit B, a zero-order hold, and an actuator; Data Reconstruction Repairer B is used to repair control data that has been attacked by FDI on the execution side. It uses a zero-order hold to hold the repaired control quantity and transmits the holding result to the actuator. Finally, it is applied to the controlled object to complete the comprehensive security control of ICPS. The specific content of the data reconstruction and repair tool A that repairs the system output data of the sensor side after it has been subjected to an FDI attack is as follows: By collecting system network backend data from the sensor-side network that is under FDI attack. and normal system output data And perform differential operations to complete the sensor-side FDI attack information. Extraction; As feature data, Using target data, a LightGBM attack reconstruction model optimized with the GCRA algorithm is trained, and a data repairer A is constructed by combining mechanistic analysis methods. in, The output data for the repaired system. For reconstructed FDI information; During system operation, data is obtained from the actual network backend. Drive Data Repairer A actively repairs the system output data of the sensor-side network that has been subjected to an FDI attack. Data Reconstruction Repairer B is used to repair control data that has been subjected to an FDI attack on the execution side. The specific content of this repairer is as follows: By collecting system network backend data that was subjected to FDI attacks on the execution side network and normal control data And perform differential operations to complete the execution-side FDI attack information. Extraction; As feature data, Using target data, a LightGBM attack reconstruction model optimized with the GCRA algorithm is trained, and a data reconstruction and repair tool B is constructed by combining mechanistic analysis methods. in, Output data for the repaired system; For reconstructed FDI information; During system operation, data is obtained from the actual network backend. The Drive Data Reconstruction Repairer B actively repairs the control variables of the execution-side network that have been subjected to FDI attacks.

2. The ICPS integrated safety control system based on GCRA-LightGBM under D-ADETCS according to claim 1, characterized in that, The specific triggering conditions for adaptive discrete event trigger A and adaptive discrete event trigger B are as follows: in, These are the event triggering weight matrices for the sensing side and the execution side, respectively; For distributed adaptive discrete event communication triggering parameters; For sensor-side event triggering error, Errors caused by event triggering on the execution side; These are the current sampled value of the sensor and the system output that met the trigger condition at the previous moment, respectively. , These are the current control quantity of the controller and the control quantity after being filtered to meet the trigger conditions at the previous moment, respectively. , ; The sampling period; To address the non-uniformity of data transmission and resource constraints in the system, the triggering parameters are made dynamic. Considering the negative correlation between the rate of change of the adaptive discrete event communication triggering threshold and the fluctuation of system data, a triggering threshold function that adaptively adjusts according to system behavior is designed based on the cosine function.

3. The ICPS integrated safety control system based on GCRA-LightGBM under D-ADETCS according to claim 2, characterized in that, The trigger threshold function for adaptive discrete event trigger A is as follows: in, Errors in event transmission at the sensor end; The upper and lower bounds of the adaptive discrete event communication triggering parameters for the sensing end; , The allowable sensor-end transmission event error threshold, and ; This refers to the influence factor of sensor error. This is the normalized value of the error in the transmission of events at the sensing end; ; The trigger threshold function for adaptive discrete event trigger B is as follows: in, Transmit event errors to the execution end; The upper and lower bounds of the adaptive discrete event communication triggering parameters for the execution end; , To allow the execution end to transmit event error thresholds, and ; The execution-side error impact factor; This is the normalized value for the error in the event transmitted at the execution end; .

4. The ICPS integrated safety control system based on GCRA-LightGBM under D-ADETCS according to claim 1, characterized in that, The back-end output of the system's two-sided communication network is as follows: in, These are the communication network backend output signals for the sensing and execution sides of the system under attack, respectively. These are the output signals from the back-end of the communication network for the sensing and execution sides of the original system, respectively. This is a sensor-side FDI attack signal; This is a signal for executing a side-side FDI attack.

5. The ICPS integrated safety control system based on GCRA-LightGBM under D-ADETCS according to claim 1, characterized in that, For FDI attack signals, based on the effectiveness and concealment conditions of multi-source covert FDI attacks, a multi-source covert FDI attack model based on system structure data is constructed, specifically as follows: in, and These are multiplicative attack information for FDI on the sensing and execution sides, respectively. and These are additive attack information for FDI on the sensing and execution sides, respectively. and These are progressive attack target selection matrices for FDI on the sensing and execution sides, respectively.

6. The ICPS integrated safety control system based on GCRA-LightGBM under D-ADETCS according to claim 5, characterized in that, The data reconstruction repairer will repair data reconstruction errors. , Treating this as a special type of measurement noise, a robust observer is designed, specifically as follows: in, Let A, B, C, and E be the estimated values ​​of the system state and output, respectively, and u(t) be the control input vector. f All are matrices of known appropriate dimensions. The state gain matrix is... The fault gain matrix, This is a fault estimate. For the data transmission delay of the sensing system, This refers to the data transmission latency of the entire system.

7. The ICPS integrated safety control system based on GCRA-LightGBM under D-ADETCS according to claim 1, characterized in that, The controller employs a dynamic feedback integrated safety control strategy, specifically: in, and For the observation results, For the controller gain matrix, This is a state feedback control variable. For the fault adjustment matrix, satisfying ; This is the amount of active compensation for actuator failure.

8. A comprehensive ICPS security control method based on GCRA-LightGBM under D-ADETCS, characterized in that, A D-ADETCS-based ICPS integrated safety control system based on GCRA-LightGBM according to any one of claims 1-7, comprising: The sampler samples the sensor's measurement output data at equal intervals. The system output sample values ​​are filtered for transmission, and the system output data that meets data transmission condition A is transmitted through the communication network on the sensing side. Repair the system output data that has been attacked by FDI on the sensing side. The repaired output data is then processed by a robust observer and controller to obtain the control quantity. The control quantities are filtered for transmission, and those that meet data transmission condition B are transmitted through the communication network on the execution side. Repair the control data that has been attacked by FDI on the execution side, maintain the repaired control data, and transmit it to the actuator to act on the controlled object, thus completing the comprehensive security control of ICPS.