A multimodal integrated security control method for industrial cyber-physical systems

By combining ADMETCS and a multimodal integrated security controller, the detection and reconstruction accuracy problem of ICPS under complex and covert FDI attacks is solved, the system's adaptability and communication resources are optimized, and the system's stability and control performance are improved.

CN121956582BActive Publication Date: 2026-06-30LANZHOU UNIVERSITY OF TECHNOLOGY

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
LANZHOU UNIVERSITY OF TECHNOLOGY
Filing Date
2026-03-30
Publication Date
2026-06-30

AI Technical Summary

Technical Problem

Existing Industrial Cyber-Physical Systems (ICPS) suffer from insufficient detection and reconstruction accuracy, unreasonable utilization of communication resources, and difficulty in adapting to different operating conditions when facing complex and covert spoofing (FDI) attacks, resulting in compromised system stability and performance.

Method used

An Adaptive Discrete Memory Event Triggered Communication (ADMETCS) mechanism is adopted, and a multimodal integrated security controller is designed by combining density space clustering and inverse distance weighted interpolation. The attack reconstruction is optimized by using the WGAN-GP model, real-time estimation is performed by a robust observer, and smooth mode switching of the control variable is realized.

Benefits of technology

It improves the system's adaptability and communication resource utilization efficiency, enhances the defense against complex and covert FDI attacks, ensures a more stable system output response, and improves control performance.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN121956582B_ABST
    Figure CN121956582B_ABST
Patent Text Reader

Abstract

This invention discloses a multimodal integrated security control method for industrial cyber-physical systems (ICPS), comprising: constructing an adaptive discrete memory event-triggered communication mechanism to process the output data of the sensing side of the ICPS to obtain system transmission values; after the values ​​are subjected to a false data injection attack, they form downstream data on the sensing side; using a trained attack reconstruction model to repair the downstream data on the sensing side; designing a robust observer based on the repaired downstream data on the sensing side; and generating initial control quantities through a multimodal integrated security controller based on the state estimates and fault estimates obtained by the observer; processing the initial control quantities using the aforementioned trigger communication mechanism to obtain control data; after the data is subjected to a false data injection attack, it forms downstream data on the execution side; and using the trained attack reconstruction model to reconstruct and compensate the downstream data on the execution side before applying it to the controlled object, thereby achieving integrated security control of the ICPS.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of security technology for industrial cyber-physical systems, and more specifically to a multimodal integrated security control method for industrial cyber-physical systems. Background Technology

[0002] Industrial Cyber-Physical Systems (ICPS) are intelligent systems where decision-making, control, and physical entities are deeply integrated and dynamically interact through networks. They are widely used in key industrial sectors such as smart grids, smart manufacturing, and petrochemicals. However, the open network environment and complex industrial environment of ICPS present them with severe security challenges: on the one hand, data transmission networks are vulnerable to various network attacks, such as False Data Injection (FDI) attacks and Denial of Service (DoS) attacks. Attackers can evade conventional anomaly detection by injecting carefully crafted false data, thereby affecting control decisions and causing physical system malfunctions or even paralysis. On the other hand, physical components such as actuators are prone to failure under harsh operating conditions, leading to system performance degradation. Furthermore, the contradiction between the demand for massive data transmission and limited network bandwidth is becoming increasingly prominent, becoming a bottleneck restricting the overall performance of the system.

[0003] Existing research on security controls for ICPS mainly focuses on two aspects: attack mechanisms and defense strategies. Regarding attack mechanisms, some studies have constructed fully covert FDI attack models capable of evading traditional industrial detection mechanisms, achieving their attack objectives by compromising the accuracy of system state estimation; others have considered the randomness of FDI attacks, constructing randomly occurring FDI attack models. However, existing attack models often focus only on a single characteristic and have not fully combined covertness and randomness to construct more destructive composite attack models, resulting in insufficient difficulty in designing intrusion tolerance strategies.

[0004] In terms of defense strategies, traditional methods mostly rely on output feedback control to enhance the robustness of the system. In recent years, machine learning techniques have been introduced into intrusion-tolerant control, such as FDI attack detection methods based on convolutional neural networks-long short-term memory networks (CNN-LSTM), and hybrid active-passive intrusion-tolerant strategies that combine data-driven approaches with mechanistic analysis. However, when dealing with complex FDI attacks that possess both stealth and randomness, the detection and reconstruction accuracy of these methods still needs improvement. Furthermore, generative adversarial networks (GANs) and their improved models have limitations in training stability and gradient vanishing issues, making it difficult to meet the requirements of real-time systems.

[0005] Regarding event-triggered communication mechanisms, the existing Adaptive Discrete Event Triggered Communication Mechanism (ADETCS) can adaptively adjust the trigger threshold according to changes in system state, effectively alleviating data transmission pressure. However, research shows that when system data is in an asymptotic region of abnormally slow change, the number of transmissions by ADETCS is far lower than the data requirements of the control unit, leading to state estimation bias and affecting control performance. Therefore, how to ensure data transmission quality while saving communication resources is an urgent problem to be solved.

[0006] In the design of integrated safety controllers, existing research mostly adopts single-modal integrated safety controllers, failing to fully consider the synergy between event triggering thresholds and controller design. When changes in system operating conditions lead to dynamic adjustments in triggering thresholds, a single integrated safety controller struggles to adapt to control requirements under different modes, and the mode switching process is prone to causing transient jitter, affecting system stability.

[0007] In summary, existing ICPS security control methods still have shortcomings in attack model construction, attack reconstruction accuracy, communication mechanism adaptability, and controller-communication mechanism co-design. Therefore, how to balance communication resource optimization and data transmission quality, effectively address complex and covert FDI attacks and actuator failures, and achieve adaptive mode switching of the integrated security controller are problems that urgently need to be solved by those skilled in the art. Summary of the Invention

[0008] In view of the above problems, the present invention proposes a multimodal integrated security control method for industrial cyber-physical systems to overcome or at least partially solve the above problems.

[0009] To achieve the above objectives, the present invention adopts the following technical solution:

[0010] A multimodal integrated security control method for industrial cyber-physical systems includes:

[0011] An adaptive discrete memory event-triggered communication mechanism is constructed to perform event-triggered filtering on the output data of the sensor side of the industrial cyber-physical system to obtain the system transmission value; the system transmission value is transmitted through the network and subjected to a false data injection attack to form the downstream data of the attacked sensor side.

[0012] The trained attack reconstruction model is used to reconstruct and compensate the real-time attacked downstream data of the sensor side to obtain the repaired system transmission value.

[0013] Based on the repaired system transmission values, a robust observer is designed; the robust observer is used to estimate the system state and actuator faults in real time, and state estimates and fault estimates are obtained.

[0014] Combining the state estimates and fault estimates, a multimodal integrated safety controller is designed based on density space clustering and inverse distance weighted interpolation; initial control variables are generated through the multimodal integrated safety controller.

[0015] The initial control quantity is filtered by the adaptive discrete memory event-triggered communication mechanism to obtain control data; after the control data is transmitted over the network and subjected to a fake data injection attack, it forms the attacked execution-side downstream data.

[0016] The trained attack reconstruction model is used to reconstruct and compensate the downstream data of the real-time attacked execution side and then applied to the controlled object to achieve comprehensive security control of the industrial cyber-physical system.

[0017] Furthermore, the adaptive discrete memory event-triggered communication mechanism includes sensing-side triggering conditions and execution-side triggering conditions;

[0018] The sensing-side triggering condition is expressed as follows:

[0019]

[0020] in, The number of historical data cached for industrial cyber-physical systems; Weights for event triggering errors on the sensing side; This is the error in triggering events on the sensing side, and - ; This is the index of the current sampling step number; This is the offset index within the historical data window on the sensing side; The sampling period; For the sensing side The logical index that successfully triggers sampling; For the sensing side The discrete time of each successful sampling trigger; For the sensing side The logical time index of the event trigger; For the sensing side The discrete time when the secondary event is triggered; For the sensor in discrete time The system sampled values ​​below; For the sensor in discrete time The system transfer value from the last successful system trigger; It is the transpose matrix; An event trigger weight matrix to be designed for the sensing side; For the sensing side The discrete time when the secondary event is triggered; The adaptive discrete memory event trigger threshold on the sensing side; For the sensing side in discrete time The historical average data transmission rate;

[0021] The execution-side triggering condition is expressed as follows:

[0022]

[0023] in, Weighting of the event triggering error on the execution side; To execute the event triggering error, and - ; The offset index within the historical data window on the execution side; For the sensing side The logical time index of the event trigger; For the sensing side The discrete time when the secondary event is triggered; To execute the side The logic time index for the successful transmission of the secondary system control quantity to the actuator; To execute the side The discrete time when the secondary system control quantity is successfully transmitted to the actuator; For integrated safety controllers in discrete time The system control quantity below; For integrated safety controllers in discrete time The control value transmitted after the previous successful control trigger; The event trigger weight matrix to be designed for the execution side; To execute the side The discrete time when the secondary system control quantity is successfully transmitted to the actuator; The adaptive discrete memory event trigger threshold on the execution side; For the execution side in discrete time The historical average value of control quantity transmission.

[0024] Furthermore, the adaptive discrete memory event triggering threshold on the sensing side The corresponding threshold function is expressed as:

[0025]

[0026]

[0027] in, The upper bound of the adaptive discrete memory event triggering threshold on the sensing side; This serves as the lower bound of the adaptive discrete memory event triggering threshold on the sensing side. , ; Errors triggered by historical events; and This is an adjustable parameter for the threshold function. Sensitivity to threshold changes Corresponding threshold smoothness; The first preset historical event trigger error threshold is set at the sensor side. The second preset historical event triggering error threshold is set; and ; This is the error scaling value; For the sensor in discrete time The system sampled values ​​below.

[0028] Furthermore, the event triggering error weights on the sensing side. Represented as:

[0029]

[0030] =

[0031]

[0032] in, It is a historical data weighting indicator, and ; For accumulating index variables; The weight distribution coefficients for historical data.

[0033] Furthermore, the FDI attack model corresponding to the aforementioned fake data injection attack is represented as follows:

[0034]

[0035] in, This is a sensor-side attack model; To execute a side attack model; Pre-determine the dimension matrix for the sensing side; A pre-defined dimension matrix is ​​provided for the execution side; Preset continuous amplitude attack for the sensing side; Pre-set sustained amplitude attack for the execution side; Preset intermittent amplitude attacks for the sensing side, and > ; To execute a pre-set intermittent amplitude attack; and > ; The probability of intermittent attack on the sensing side; To determine the probability of executing a side-interruption attack.

[0036] Furthermore, the training process of the attack reconstruction model includes:

[0037] Collect downstream data from the attacked sensor side and the corresponding unattacked system transmission values; collect downstream data from the attacked execution side and the corresponding unattacked control quantity transmission values; extract the FDI attack quantity from the sensor side and the FDI attack quantity from the collected data, and construct a training dataset;

[0038] Based on the collected data, an initial attack reconstruction model based on the WGAN-GP model was established;

[0039] Using root mean square error as the optimization objective, the Bayesian optimization algorithm was used to optimize the hyperparameters of the WGAN-GP model to obtain the optimal parameters;

[0040] The initial attack reconstruction model is trained based on the optimal parameters to generate the optimal attack reconstruction model.

[0041] Furthermore, the design of a robust observer based on the repaired system transmission values ​​specifically includes:

[0042] Based on the repaired system transmission values, construct the corresponding repaired system state equations;

[0043] Based on the observer gain matrix and fault gain matrix to be designed, an initial robust observer is constructed;

[0044] Based on the system state equation and the initial robust observer, and combined with the preset system state estimation error and the preset fault estimation error, an augmented error system is constructed.

[0045] Solve for the observer gain matrix and the fault gain matrix to make the augmented error system asymptotically stable when there is no disturbance and meet the preset performance index when there is a disturbance.

[0046] Based on the solved observer gain matrix and fault gain matrix, combined with the initial robust observer, the final robust observer is obtained.

[0047] Furthermore, the preset performance index is expressed as:

[0048]

[0049]

[0050] in, To augment the error; The perturbation suppression rate of the robust observer; It is the 2-norm of the vector; Sensor noise; This is an augmented matrix representing the rates of change of disturbances and faults; This is the preset system state estimation error; The preset fault estimation error is represented by T, which is the transpose of the equation. For sensor-side attack reconstruction error; To reconstruct errors for side-attacks; This is a matrix with a preset dimension.

[0051] Furthermore, the design of the multimodal integrated safety controller based on density space clustering and inverse distance weighted interpolation specifically includes:

[0052] The adaptive discrete memory event trigger threshold is collected from historical operation data, and the density space clustering algorithm is used to cluster the data to obtain several cluster centers, each of which corresponds to a control mode.

[0053] In real-time control, the Euclidean distance between the current adaptive discrete memory event trigger threshold and each cluster center is calculated, and the fusion weight of each control mode is calculated based on the Euclidean distance using the inverse distance weighted interpolation method.

[0054] The control laws of each control mode are weighted and fused according to the fusion weights to obtain the final system control quantity.

[0055] Furthermore, the control laws for each control mode are expressed as follows:

[0056]

[0057] in, Indicates the first The control law corresponding to each control mode; For the first The integrated safety controller gain matrix under each control mode; This is a state estimate; This is a fault estimate; It is a fault regulation matrix, and satisfies , Pre-set matrix for the system, A fault preset matrix is ​​provided; It is the identity matrix; This is the amount of active compensation for actuator failure; For the sensing side The discrete time at which the event is triggered.

[0058] As can be seen from the above technical solution, compared with the prior art, the present invention discloses a multimodal integrated security control method for industrial cyber-physical systems, which has the following beneficial effects:

[0059] This invention designs a novel adaptive discrete memory event-triggered communication mechanism (ADMETCS) that combines adaptability and memory. Compared to ADETCS, the ADMETCS designed in this paper balances communication resource conservation and data transmission quality, and has stronger adaptability to changes in system state.

[0060] This invention designs a composite, covert FDI attack model from the attacker's perspective, combining effectiveness, stealth, and randomness. From the defender's perspective, it designs an FDI attack reconstruction model based on adversarial game theory, using the WGAN-GP algorithm optimized by Bayesian optimization, and incorporates mechanistic analysis methods to design an intrusion-tolerant strategy. Compared to traditional Generative Adversarial Networks (GANs) and other algorithms, the model trained by WGAN-GP exhibits superior performance in attack reconstruction.

[0061] To enhance the correlation between trigger thresholds and the design of the integrated safety controller, this invention uses the DBSCAN algorithm for threshold clustering and the IDW strategy to perform online weight allocation and mode fusion for each mode of the multimodal integrated safety controller, achieving smooth soft switching between different modes. Compared with existing single-modal integrated safety control methods, the multimodal integrated safety controller designed in this invention significantly improves the system's control performance and results in a more stable system output response. Attached Figure Description

[0062] To more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are only embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on the provided drawings without creative effort.

[0063] Figure 1 This is a schematic diagram of the framework of the multimodal integrated security control method for an industrial cyber-physical system provided in this embodiment of the invention;

[0064] Figure 2 This is a schematic diagram of the timing of non-uniform data transmission under ADMETCS provided in an embodiment of the present invention;

[0065] Figure 3 This is a schematic diagram of a sensor-side composite covert FDI attack signal provided in an embodiment of the present invention;

[0066] Figure 4 This is a schematic diagram illustrating the effectiveness and stealth of the FDI attack provided in this embodiment of the invention;

[0067] Figure 5 This is a schematic diagram of the attack reconstruction error based on WGAN-GP provided in an embodiment of the present invention;

[0068] Figure 6 This is a schematic diagram illustrating the estimation performance of the robust observer provided in this embodiment of the invention;

[0069] Figure 7 This is a schematic diagram of control mode clustering evaluation provided in an embodiment of the present invention;

[0070] Figure 8 This is a schematic diagram of the control mode weight distribution provided in an embodiment of the present invention;

[0071] Figure 9 This is a schematic diagram of the system output response based on a comprehensive security control strategy provided in an embodiment of the present invention;

[0072] Figure 10 Schematic diagram of system output response under different control methods in existing related technologies;

[0073] Figure 11 This is a schematic diagram illustrating the verification of the sensing-side threshold function provided in an embodiment of the present invention;

[0074] Figure 12 This is a schematic diagram illustrating the adaptive weighting coefficients of historical data on the sensing side provided in an embodiment of the present invention. Detailed Implementation

[0075] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0076] This invention discloses a multimodal integrated security control method for industrial cyber-physical systems, comprising the following steps:

[0077] An adaptive discrete memory event-triggered communication mechanism is constructed to perform event-triggered filtering on the output data of the sensor side of the industrial cyber-physical system to obtain the system transmission value (i.e., sensor data). After the system transmission value is transmitted through the network and subjected to a false data injection attack, it forms the downstream data of the attacked sensor side.

[0078] The trained attack reconstruction model is used to reconstruct and compensate the real-time attacked downstream data of the sensor side to obtain the repaired system transmission value.

[0079] Based on the repaired system transmission values, a robust observer is designed; the robust observer is used to estimate the system state and actuator faults in real time, and the state estimate and fault estimate are obtained.

[0080] A multimodal integrated safety controller is designed based on density space clustering and inverse distance weighted interpolation by combining state estimates and fault estimates; the initial control variables are generated through the multimodal integrated safety controller.

[0081] An adaptive discrete memory event-triggered communication mechanism is used to filter the initial control quantity through event triggering to obtain control data; after the control data is transmitted through the network and subjected to a false data injection attack, it forms the attacked downstream data on the execution side.

[0082] By using a trained attack reconstruction model to reconstruct and compensate the downstream data of the execution side under real-time attack, the system can apply the reconstructed data to the controlled object, thereby achieving comprehensive security control of the industrial cyber-physical system.

[0083] Next, the multimodal integrated security control method for industrial cyber-physical systems provided by the present invention will be described in detail.

[0084] 1. System Structure and Attack Description:

[0085] 1.1 Integrated Security Control Architecture for Industrial Cyber-Physical Systems (ICPS) Driven by the Adaptive Discrete Event-triggered Communication Scheme (ADETCS):

[0086] To closely simulate the actual operating environment of ICPS, this invention designs a comprehensive ICPS security control architecture integrating actuator failure, composite covert spoofed data injection (FDI) attacks, external disturbances, and sensor noise, thereby simulating various challenges that ICPS may face in real-world operations. Furthermore, this invention also considers issues such as the mechanism of FDI attacks, network communication resources, and the joint design of a multimodal integrated security controller and triggering mechanism. It integrates data-driven and mechanism-based analysis methods to construct a schematic diagram of an ICPS comprehensive security control architecture driven by ADMETCS, as shown below. Figure 1 As shown.

[0087] The system consists of a controlled object, an intelligent sensing unit (sensor, sampler, data buffer 1 and adaptive discrete memory event trigger 1), a communication network, an intelligent control unit (data reconstruction compensator 1, observer, multimodal integrated safety controller, data buffer 2 and adaptive discrete memory event trigger 2), and an intelligent execution unit (data reconstruction compensator 2, zero-order hold and actuator).

[0088] Note 1: Existing literature 1, "Adaptive Integrated Security Control of ICPS Based on Data-Driven and Mechanistic Analysis Methods," proposes a hybrid active-passive attack tolerance strategy based on the integration of data-driven and mechanistic analysis methods to address covert FDI attacks. However, the difficulty in preventing and detecting FDI attacks stems not only from their single characteristic, but also from the fact that FDI attacks possess both covert and random characteristics, and can maximize their impact on the system state while minimizing the fluctuation of the system output residual. Compared with existing literature 1, the ICPS integrated security control architecture constructed in this invention is optimized in three aspects:

[0089] 1) This invention introduces an adaptive discrete memory event trigger in the upstream of the dual-sided network to filter the data on the sensing side and the execution side respectively, which further alleviates the network bandwidth pressure.

[0090] 2) Based on the attack model constructed in the existing literature 1, this invention considers the random characteristics of FDI attacks and constructs a composite FDI attack. This attack is more in line with the mechanism that makes FDI attacks difficult to defend against and predict, and has higher requirements for the design of the invasion tolerance strategy.

[0091] 3) This invention considers the correlation between the dual-sided trigger threshold and the design of the integrated safety controller. It uses the adaptive discrete memory event trigger threshold as the clustering feature of the DBSCAN algorithm to achieve a reasonable division of the integrated safety controller modes. Based on the inverse distance weighted interpolation theory, it realizes the online weight division and fusion of control modes to avoid transient jitter caused by instantaneous switching of different control modes.

[0092] 1.2 Description of the controlled object:

[0093] For ICPS with actuator failure, external disturbances, and noise, it is described as follows:

[0094] (1)

[0095] in, System state variables The derivative form of , and , For real numbers, n for dimensionality; It is a system control variable, and , for dimensionality; The actuator is experiencing continuous failures, and The derivative is bounded in range; External disturbance noise, and , for dimensionality; Indicates the continuous time of system operation; The system sample values ​​measured and sampled by the sensor; This is the index of the current sampling step number; For the sensing side The logical index that successfully triggers sampling; For the sensing side The discrete time of the event triggering satisfies ,in This refers to the data transmission delay of the entire system; and , for dimensionality; Discrete time System state variables under the following conditions; To measure noise for the sensor, and , for The dimension of A, B, C, , and All are matrices with appropriate preset dimensions.

[0096] 1.3 Design of ADMETCS:

[0097] To conserve data transmission resources in the system network, ADMETCS is designed to filter and transmit system output sample values ​​from the sensing side and system control quantities from the execution side, thereby optimizing system data transmission. The Adaptive Discrete Memory Event-Triggered Communication Mechanism (ADMETCS) includes sensing-side trigger conditions and execution-side trigger conditions, wherein:

[0098] The sensor-side trigger condition is expressed as follows:

[0099] (2)

[0100] in, The number of historical data cached for industrial cyber-physical systems; Weights for event triggering errors on the sensing side; This is the error in triggering events on the sensing side, and - ; This is the index of the current sampling step number; This is the offset index within the historical data window on the sensing side; The sampling period; For the sensing side The logical index that successfully triggers sampling the next time. For the sensing side The discrete time of each successful sampling trigger; For the sensing side The logical time index of the event trigger; For the sensing side The discrete time when the secondary event is triggered; For the sensor in discrete time The system sampled values ​​below; For the sensor in discrete time The system transfer value from the last successful system trigger; It is the transpose matrix; An event trigger weight matrix to be designed for the sensing side; For the sensing side The discrete time when the secondary event is triggered; The adaptive discrete memory event trigger threshold on the sensing side; For the sensing side in discrete time The historical average data transmission rate;

[0101] The execution-side trigger condition is expressed as follows:

[0102] (3)

[0103] in, Weighting of the event triggering error on the execution side; To execute the event triggering error, and - ; The offset index within the historical data window on the execution side; To execute the side The logical time index of when this event is triggered. For the sensing side The discrete time when the secondary event is triggered; To execute the side The logic time index for the successful transmission of the secondary system control quantity to the actuator; To execute the side The discrete time when the secondary system control quantity is successfully transmitted to the actuator; For integrated safety controllers in discrete time The system control quantity below; For integrated safety controllers in discrete time The control value transmitted after the previous successful control trigger; The event trigger weight matrix to be designed for the execution side; To execute the side The discrete time when the secondary system control quantity is successfully transmitted to the actuator; The adaptive discrete memory event trigger threshold on the execution side; For the execution side in discrete time The historical average transmission value of control quantities; and , h The sampling period is N It is a non-negative integer. The number of data trigger delay cycles on the execution side.

[0104] To address the non-uniformity of data transmission and resource constraints in control systems, the adaptive discrete memory event triggering threshold is designed as a power-law threshold function that dynamically changes according to system behavior. This adaptive discrete memory event triggering threshold on the sensing side... The corresponding threshold function is expressed as:

[0105] (4)

[0106] (5)

[0107] in, The upper bound of the adaptive discrete memory event triggering threshold on the sensing side; This is the lower bound of the adaptive discrete memory event triggering threshold on the sensing side; and , ; Errors triggered by historical events; and This is an adjustable parameter for the threshold function. Sensitivity to threshold changes Corresponding threshold smoothness; The first preset historical event trigger error threshold is set at the sensor side. The second preset historical event triggering error threshold is set; and ; This is the error scaling value; For the sensor in discrete time The system sampled values ​​below; and , N It is a non-negative integer. m The delay period for triggering data from the sensing side is m sampling cycles, which represents the time interval between the current sampling and the previous successful trigger. By incorporating historical trigger data into the threshold function, the threshold switching exhibits a memory-like property similar to the trigger error.

[0108] To address the issue that the error weights on the left side of the trigger condition need to be different under different operating conditions, this invention designs an adaptive historical data weight function whose weight distribution can dynamically change with the historical event trigger error. The sensor-side event trigger error weights are expressed as follows:

[0109] (6)

[0110] = (7)

[0111] in, It is a historical data weighting indicator, and ; The number of historical data cached for industrial cyber-physical systems; This is the offset index within the historical data window on the sensing side; Errors triggered by historical events; The first preset historical event trigger error threshold is set at the sensor side. The second preset historical event triggering error threshold is set; and ; For accumulating index variables; The weight distribution coefficients for historical data; For the first The sensor-side event trigger error weights for each historical data point, and The trigger threshold function and weight distribution function on the execution side are similar to those on the sensing side, and will not be described in detail here.

[0112] Note 2: Errors triggered by historical events Less than the allowed lower threshold ,at this time Historical data weights are evenly distributed to ensure the accuracy of trigger activation; when historical event triggering errors occur... Within the allowable threshold range, at this time According to Adaptive dynamic adjustment is performed, meaning the weight distribution of historical data is also adjusted according to... Adaptive dynamic changes are implemented, ensuring both trigger accuracy and real-time performance; when historical event triggering errors occur... Greater than the lower bound of the allowable threshold ,at this time At this point, the weight of the current event triggering error is 1, and the rest are 0. That is, ADMETCS degenerates into ADETCS in existing literature 1, ensuring the real-time triggering performance; through reasonable introduction The weight distribution function enables the triggering mechanism to adaptively adjust the weight of historical data when the system data fluctuates, and can automatically switch to the traditional ADETCS when the system data fluctuation is too large, so that the trigger depends entirely on the current data, thereby realizing the dynamic adjustment of the accuracy and real-time performance of event triggering.

[0113] Under the combined action of the sampler and ADMETCS, the data transmission in the closed-loop control system exhibits non-uniformity, while the controlled object is continuous. Therefore, for the aforementioned non-uniform data transmission, this invention adopts mature time-delay system theory to define the time delay function as follows:

[0114] (8)

[0115] in, The data transmission delay is output to the sensing system. To account for the transmission delay of control inputs on the execution side system; The data transmission delay of the entire system, and , The maximum value of the threshold triggered by the sensing side. and the maximum value of the execution side trigger threshold The maximum allowable delay is determined jointly; Indicates the continuous time of system operation; Indicates the sampling period. Indicates the sensing side The discrete time when the secondary event is triggered. To execute the side The discrete time when the secondary system control quantity is successfully transmitted to the actuator; For the sensing side The discrete time when the secondary event is triggered; To execute the side The secondary system control quantity is successfully transmitted to the actuator at discrete time.

[0116] 1.4 Description of Composite Covert FDI Attacks:

[0117] From the attacker's perspective, considering that both the sensing and execution sides of the system's network transmission process are subjected to FDI attacks, the downstream output of the system's two-sided networks can be described as follows:

[0118] (9)

[0119] in: For downstream data from the attacked sensor side; For downstream data on the attacked execution side; The transmitted values ​​are those of an unattacked system, i.e., upstream data from the sensor. This indicates the control quantity transmission value that has not been attacked, i.e., upstream data on the execution side; This refers to the FDI attack volume on the sensing side; The amount of FDI attack on the execution side; Indicates the sensing side The discrete time when the secondary event is triggered; To execute the side The secondary system control quantity is successfully transmitted to the actuator at discrete time.

[0120] This invention aims to construct a composite, covert FDI attack model that combines small-scale, continuous attacks with large-scale, intermittent attacks, maximizing the damage to the system state while effectively circumventing industrial residual detection mechanisms. The specific design process is as follows:

[0121] Combining formulas (1) and (9), the system description under a composite covert FDI attack can be obtained as follows:

[0122] (10)

[0123] in, For continuous time t The internal state variables of the system under attack; for The derivative form; For system control variables; For continuous time t FDI attack volume on the lower execution side; The actuator is experiencing continuous failures, and The derivative is bounded in range; External disturbance noise; Discrete time during FDI attack The system output below; Discrete time during FDI attack The system's internal state variables; Discrete time The sensor measures noise; A, B, C, , and All are matrices with appropriate preset dimensions.

[0124] Based on conventional industrial residual detection mechanisms, the following robust observer is designed:

[0125] (11)

[0126] in: For continuous time The system state estimate under the following conditions; for The derivative form; For system control variables; This is the estimated fault value for the actuator; Output an estimated value for the system; For continuous time t The system transmission value below; This represents the observer gain matrix to be determined under no-attack conditions. Let be the fault gain matrix to be solved; The output data transmission delay is given to the sensing system.

[0127] Define the system state estimation error as The output residual is The state estimation error under an FDI attack is: To ensure the effectiveness of FDI attacks, Must meet:

[0128] (12)

[0129] in, The allowable error threshold for stable system operation.

[0130] To ensure the stealth of the FDI attack designed in this invention, the system output residual under the attack is defined to not exceed the alarm threshold during normal stable system operation. ,Right now:

[0131] (13)

[0132] in, This represents the system output residual variable under an FDI attack.

[0133] Based on the above conditions, the following composite covert FDI attack model is constructed:

[0134] (14)

[0135] in, This is a sensor-side attack model; To execute a side attack model; Pre-determine the dimension matrix for the sensing side; A pre-defined dimension matrix is ​​provided for the execution side; Preset continuous amplitude attack for the sensing side, that is, continuous small amplitude attack for the sensing side; The execution side is pre-set with a continuous amplitude attack, that is, the execution side continuously launches small amplitude attacks; Pre-set intermittent amplitude attacks for the sensing side, i.e., intermittent large amplitude attacks on the sensing side, and > ; To execute a side-preset intermittent amplitude attack; that is, to execute a side-intermittent large amplitude attack, and > ; The probability of intermittent attack on the sensing side; To determine the probability of executing a side-interruption attack.

[0136] 1.5 System Data Transmission Analysis:

[0137] Considering the latency effects introduced by the sampler and ADMETCS, the system data transmission process is as follows: Figure 2 As shown.

[0138] The data transmission process of the analysis system is as follows: The sampler in the intelligent sensing unit first samples the system output at equal intervals. The adaptive discrete memory event trigger 1 filters the data and transmits it to the intelligent control unit via the sensing-side network. The data reconstruction compensator 1 reconstructs the data after an attack and effectively compensates for the damage. The repaired data is then input to the robust observer to estimate the system state and actuator faults. Based on the estimation results, the multimodal integrated safety controller calculates the control input. Next, the adaptive discrete memory event trigger 2 filters the control input and transmits it to the intelligent execution unit via the execution-side network. The data reconstruction compensator 2 reconstructs the data after an attack and effectively compensates for the damage. Finally, the data is transmitted to the zero-order hold for holding and then input to the actuator, ultimately acting on the controlled object to achieve comprehensive safety control of the ICPS.

[0139] 2. Intrusion tolerance strategy for composite covert FDI attacks based on WGAN-GP:

[0140] As the foregoing analysis shows, the covert nature of composite covert FDI makes it difficult for traditional residual detection methods to detect accurately, and traditional regression models based on decision tree algorithms are ill-equipped to handle intermittent attacks with randomness. Therefore, this invention, based on the concept of adversarial game theory, utilizes generative adversarial networks (GANs) to design an active-passive collaborative attack tolerance strategy. By using data-driven techniques to analyze the attack information hidden in the attacked data, an attack reconstruction model based on WGAN-GP is constructed, and data compensation is designed to effectively repair the attacked data.

[0141] 2.1 Brief Introduction to WGAN-GP:

[0142] Generative Adversarial Networks (GANs) are an unsupervised learning method proposed by Ian Goodfellow et al. in 2014. They learn the data distribution through a two-player zero-sum game: a generator G generates samples to approximate the true distribution, and a discriminator D evaluates the authenticity of the samples. Classical GANs use Jensen-Shannon divergence to construct the objective, but this is prone to gradient vanishing and training instability when the support sets are separated in high dimensions. Wasserstein Generative Adversarial Networks (WGANs) use first-order Wasserstein distance to measure distribution differences, thus improving gradient properties and training stability. However, because they use weight clipping to approximate the 1-Lipschitz constraint, this results in limited expressive power and ill-conditioned training. Therefore, WGAN-GP replaces weight clipping with gradient penalty, allowing the Lipschitz constraint to be satisfied more smoothly, thus significantly improving stability and sample quality. The algorithm principle is briefly described below:

[0143] real samples The set formed is denoted as ,Right now ; will generate samples The set formed is denoted as ,Right now Linear interpolation samples The set formed is denoted as ,Right now Based on this, the discriminator objective function can be described as:

[0144] (15)

[0145] in, These are the parameters for the discriminator; This indicates that the discriminator parameter is Maximize the loss term of the original WGAN discriminator. E This is the expected value; The score for the input sample; To generate scores for the samples; Scoring of linearly interpolated samples; The gradient of the interpolated sample. This is the gradient penalty coefficient; For real samples and generate samples Linear interpolation samples between; Sampling is performed using the following linear interpolation method:

[0146] (16)

[0147] in, The interpolation coefficients follow a uniform distribution (0,1); U in probability theory is the Uniform distribution, representing a uniform distribution; the penalty / incentive term... This allows us to approximate the 1-Lipschitz constraint near the interpolated manifold.

[0148] The generator then minimizes the negative expectation corresponding to the adversarial term:

[0149] (17)

[0150] in, These are the generator parameters; This indicates that the generator parameter is The goal is to minimize the generator objective, i.e., to drive the generation of samples. To obtain a higher discrimination score, thereby enabling the generation of a sample set. To the real sample set Approaching.

[0151] Compared to traditional decision tree algorithms, WGAN-GP adds adversarial distribution constraints and consistency terms to supervised regression, making the statistical structure and correlation of the repaired data closer to real normal data, especially stable under distribution drift and noise conditions. However, its parameter tuning is relatively complex, with numerous parameters and varying tuning ranges. Therefore, this invention uses the Bayesian Optimization (BO) algorithm, which is widely used in practical engineering, to optimize the parameters of WGAN-GP.

[0152] The core idea of ​​the BO algorithm is to model the objective function by constructing a surrogate model and use a sampling function to guide sampling, thereby efficiently finding the global optimum. The surrogate model is an approximate model that fits the actual function, expressed as:

[0153] (18)

[0154] in, This is the prior distribution, i.e., the surrogate model distribution; To observe the distribution of data B; Given a proxy model, observe the distribution of data B; The posterior distribution represents the new distribution of the surrogate model given the observed data B, and is also the updated surrogate model distribution. Gaussian regression models are typically used as surrogate models, as the local optima of such surrogate models gradually converge to the optimum of the actual function, thus achieving the goal of optimization.

[0155] 2.2 Intrusion Control Strategy:

[0156] This invention targets complex, covert FDI attacks, integrating data-driven methods with mechanistic analysis to design a hybrid active-passive attack tolerance control scheme based on WGAN-GP. The scheme mainly consists of two stages: attack reconstruction model training and data compensation and repair. The specific implementation steps are as follows:

[0157] Step 1: Data Acquisition and Preprocessing. Acquire downstream data from the sensor side affected by FDI attacks. and the corresponding system transmission values ​​not affected by FDI attacks ; and collecting downstream execution-side data under FDI attack. and the corresponding control quantity transmission value that is not affected by FDI attacks Extract FDI attack volume from the collected data on the sensor side. FDI attack volume on the execution side ; indicates as:

[0158] (19)

[0159] Based on the downstream network data after the attack and the FDI attack information, feature datasets and target datasets for model training are constructed respectively, and training sets and test sets are divided.

[0160] Step 2: Build the WGAN-GP model. Based on the processed dataset described above, build an initial attack reconstruction model based on the WGAN-GP model.

[0161] Step 3: Optimize the hyperparameters of the WGAN-GP model (learning rate, supervised loss weight coefficients, reconstruction loss weight coefficients, adversarial loss weight coefficients, gradient penalty weight coefficients, etc.) based on the Bayesian optimization algorithm. Use the root mean square error (RMSE) as the Bayesian optimization objective to obtain the optimal parameters, calculated as follows:

[0162] (20)

[0163] in: and These are the model reconstruction value and the actual value, respectively. The total number of sampled values; i Index of the number of sampled values;

[0164] Step 4: Train the WGAN-GP model using the optimal parameters found by the BO algorithm, and then evaluate it based on the test set using the RMSE and R-squared metrics. 2 Evaluate the model.

[0165] Step 5: Connect the trained model to the ICPS integrated security control system, and use the trained model to reconstruct the sensor-side attack information from the attacked data downstream of the network. and execution-side attack information And use the attack information to compensate and repair the data of the attacked system:

[0166] (twenty one)

[0167] in, The transmitted values ​​are the values ​​of the repaired system. Transmit the repaired control values; For downstream data from the sensing side that has been attacked by FDI; This is downstream data from the execution side that is under FDI attack.

[0168] 3. Design of a robust ICPS observer under ADMETCS:

[0169] The attack information reconstructed using WGAN-GP is used to proactively compensate and repair the system data affected by FDI attacks. The downstream network output after repair is described as follows:

[0170] (twenty two)

[0171] Record the reconstruction error of sensor-side attack Reconstruction error of execution-side attack While its size is smaller than the system data during system operation, it is considered a special type of noise due to its uncertainty. Combining formulas (1) and (22), the corresponding corrected system state equation can be obtained:

[0172] (twenty three)

[0173] in, System state variables The derivative form; For system control variables; The actuator is experiencing continuous failures, and The derivative is bounded in range; External disturbance noise; Indicates the continuous time of system operation; The transmitted values ​​are the values ​​of the repaired system. Discrete time The internal state of the system under the following conditions; Discrete time The sensor measures noise; A, B, C, , , For an appropriate preset dimension matrix.

[0174] Considering attack error, an initial robust observer is constructed based on the observer gain matrix and fault gain matrix to be designed;

[0175] (twenty four)

[0176] in: For continuous time The system state estimate under the following conditions; for The derivative form; For system control variables; This is the estimated fault value for the actuator; for The derivative form; Output an estimated value for the system; For continuous time t The repaired system transmission values ​​are as follows; L Let be the observer gain matrix to be solved; Let be the fault gain matrix to be solved; The data transmission delay is output to the sensing system; A, B, C, For an appropriate preset dimension matrix.

[0177] Record the system state estimation error under attack and fault estimation error Combining equations (23) and (24), the following error system description can be obtained:

[0178] (25)

[0179] in, System state estimation error under attack The derivative form; Fault estimation error The derivative form;

[0180] For ease of analysis, and Expanded into a whole, that is The augmented error system is described as follows:

[0181] (26)

[0182] in, ; ; ; ; ; ; To augment the error The derivative form;

[0183] Furthermore, a Lyapunov-Krasovskii functional of the following form is constructed:

[0184]

[0185] in:

[0186]

[0187] Among them: sensor-side augmentation error increment , All are positive definite symmetric matrices; This represents the maximum allowable delay for the observer. To augment the error system in arrive The values ​​between; for The derivative of represents exist arrive The rate of change between them; and All parameters are functionally adjustable; the state and fault gain matrices are obtained by solving the second Lyapunov method. L , F This ensures that the augmented error system is asymptotically stable without disturbances and meets performance specifications under disturbances:

[0188] (28)

[0189] in, To augment the error; It is the 2-norm of the vector; The perturbation suppression rate of the robust observer; Sensor noise; This is an augmented matrix representing the rates of change of disturbances and faults; For sensor-side attack reconstruction error; To reconstruct errors for side-attacks.

[0190] Note 3: In response to data reconstruction errors under FDI attacks, this invention treats them as special noise when designing a robust observer and addresses them through a robust control strategy, thereby achieving a hybrid active-passive invasion tolerance control.

[0191] 4. Design of ICPS Integrated Safety Controller under ADMETCS:

[0192] To address the issue of insufficient coordination between the integrated safety controller and ADMETCS, this invention uses the DBSCAN algorithm to scientifically and rationally cluster event trigger thresholds and classifies the modes of the integrated safety controller based on the clustering results. Subsequently, based on inverse distance interpolation theory, the weights of each mode of the integrated safety controller are assigned online to achieve smooth switching between different control modes. The aim is to improve the bidirectional adaptability between system communication resources and control performance by designing a multimodal integrated safety controller.

[0193] 4.1 Trigger Threshold Clustering Based on DBSCAN Clustering Algorithm:

[0194] To ensure the rationality of the modal partitioning of the integrated safety controller, this invention employs the DBSCAN algorithm to jointly cluster the trigger thresholds of the system's dual-sided triggers to facilitate inverse distance weighted interpolation as described below. The DBSCAN algorithm is a density-based clustering method that identifies and connects density regions in the data space, grouping high-density regions into the same class. Compared to traditional distance-based clustering algorithms, DBSCAN can discover clusters of any shape and is more robust to noise and outliers. The specific clustering steps are as follows:

[0195] Step 1: Integrate the adaptive discrete memory event trigger thresholds of the sensing side at all time points into a dataset. The dataset integrates the adaptive discrete memory event triggering thresholds of the execution side at all times. For the dataset respectively and dataset Normalize.

[0196] Step 2: Determine the distance metric and set the domain radius And the minimum number of domain points.

[0197] Step 3: Calculate the neighborhood of each point, mark the points that meet the neighborhood point requirements as core points, and regard the rest as non-core points.

[0198] Step 4: Start a new cluster from any unvisited core point, add points in its neighborhood to the cluster. If the newly added points include core points, continue to merge them into their neighborhoods and expand until no more new points are generated. Finally, mark the points that are not assigned to any cluster as noise points.

[0199] Step 5: Output the cluster centers and cluster ranges that meet the criteria.

[0200] 4.2 Modal fusion of integrated safety controller based on inverse distance weighted interpolation:

[0201] The clustering of thresholds described above determines the number of modes in the integrated safety controller. However, in actual system operation, if a hard switching scheme is adopted for the switching of integrated safety controller modes, it will directly lead to system control oscillation and reduce system control performance. Therefore, this invention achieves a smoother soft switching based on the inverse distance weighted interpolation method. The specific design scheme is as follows:

[0202] First, adaptive discrete memory event trigger thresholds are collected from historical operational data, and then clustered using a density space clustering algorithm to obtain... There are 10 cluster centers, each cluster center corresponding to one control mode, i.e., there are 100 cluster centers. One control mode; specifically: the cluster center set is obtained by a clustering algorithm. , It is a positive integer, and the maximum value of the threshold is triggered by adaptive discrete memory events on the sensing side. and minimum value Determine the threshold scaling factor on the sensing side The maximum value of the threshold is triggered by adaptive discrete memory events on the execution side. and minimum value Determine the execution-side threshold scaling factor Then, the threshold of the real-time input. The scale-normalized Euclidean distance is used to measure the proximity of the input points to each center point, and the calculation formula is as follows:

[0203] (29)

[0204] in, Indicates the first Cluster centers corresponding to each control mode; The threshold representing the real-time input and the first The Euclidean distance between the cluster centers corresponding to each control mode; Indicates the first The adaptive discrete memory event triggering threshold on the sensing side corresponding to each cluster center; Indicates the first The adaptive discrete memory event triggering threshold on the execution side corresponding to each cluster center;

[0205] Subsequently, the power exponent was adopted. Inverse distance weight form:

[0206] (30)

[0207] in: The first before normalization The weights of each control mode; This is a smoothing factor used to control the smoothness of the weights; Indicates the real-time threshold and the first Euclidean distance between cluster centers; It is a very small constant. This is to prevent Euclidean distance A minimal constant that divides by zero. The final weights are obtained through normalization:

[0208] (31)

[0209] in, For the normalized first The weights of each control mode; To control the total number of modes, and must be a positive integer;

[0210] Finally, the control laws of the integrated safety controller modes are fused using the modal weight coefficients calculated in real time to obtain the final system control quantity. :

[0211] (32)

[0212] in, Indicates the relationship with the first The control law corresponding to each control mode;

[0213] Note 4: Regarding the switching problem of the integrated safety controller mode, this invention treats it as a problem of handling the distance between the real-time threshold and the threshold cluster center. This not only solves the transient jitter problem caused by hard switching of the integrated safety controller mode, but also makes the weight division of each mode more detailed. In addition, for real-time threshold points that coincide with the cluster center, this invention resets the integrated safety controller weight of the mode corresponding to the overlapping cluster center to 1, and the rest to 0.

[0214] 4.3 Design of a multimodal integrated safety controller:

[0215] Although the data reconstruction compensator can effectively repair the attacked system data, the observer's observation results are still affected by the data reconstruction error. Therefore, the multimodal integrated security controller designed in this invention not only has fault tolerance capability, but also includes passive intrusion tolerance capability against FDI attacks.

[0216] Based on observation results , and the The corresponding cluster center is designed. Integrated security control law for each modality :

[0217] (33)

[0218] in: For the first The integrated safety controller gain matrix under each control mode; For the first State feedback control quantity under each control mode; This is a state estimate; This is a fault estimate; For the fault adjustment matrix, satisfying , Pre-set matrix for the system, I is the fault preset matrix; I is the identity matrix; This is the amount of active compensation for actuator failure; For the sensing side The discrete time at which the event is triggered.

[0219] Combining formulas (24) and (33), the following ICPS closed-loop model can be obtained:

[0220] (34)

[0221] in, The data transmission delay is output to the sensing system. For continuous time The system status values ​​are as follows; for The derivative form; System state estimation error under discrete-time attacks; The fault estimation error under discrete-time attack conditions; External disturbance noise; The derivative of the actuator's continuous failures; To reconstruct errors for side-attack execution; A, B, , For an appropriate preset dimension matrix.

[0222] Furthermore, a Lyapunov-Krasovskii functional of the following form is constructed:

[0223]

[0224] in:

[0225]

[0226] Among them: sensor-side system state increment , All are positive definite symmetric matrices.

[0227] in, This indicates the maximum allowable delay for the multimodal integrated safety controller;

[0228] The control gain matrix is ​​obtained by solving the second method of Lyapunov. and event trigger weight matrix and This ensures that the augmented error system is asymptotically stable without disturbances and meets performance specifications under disturbances:

[0229] (37)

[0230] in: For system state variables; It is the 2-norm of the vector; The disturbance rejection rate of the comprehensive safety controller; This is an augmented matrix representing the rates of change of disturbances and faults; The system state estimation error under FDI attack; This represents the fault estimation error; To reconstruct errors for side-attacks;

[0231] 5. Simulation Experiment and Result Analysis:

[0232] 5.1 System Instance Description:

[0233] To verify the feasibility of the method provided by this invention, a typical industrial four-tank system is used as the industrial physical layer, and the intelligent control unit as the decision-making layer. The two are interconnected via a communication network to form a complete ICPS. The system's preset adaptation matrix is ​​defined as follows:

[0234] ; ; ; ; ;

[0235] Sensor sampling period The initial state of the system Actuator fault matrix of closed-loop system The actuator's continuous time-varying fault is:

[0236]

[0237] 5.2 Analysis of Composite Covert FDI Attacks:

[0238] From the attacker's perspective, this study verifies whether a composite, covert FDI attack possesses effectiveness, covertness, and randomness.

[0239] When the system is not under attack and is under maximum disturbance conditions, the system state error detection threshold is determined through simulation analysis. The system outputs a residual detection threshold of 0.2. The value is 0.5. The parameters of the composite covert FDI attack model are set based on the system anomaly detection threshold.

[0240] According to equation (15), the parameters of the FDI attack model on the sensing side and the execution side are set as follows:

[0241]

[0242]

[0243] in, and These are continuous small-scale attacks and random large-scale attacks on the sensing side, respectively. This is the attack vector for the sensing side; and These are continuous small-scale attacks and random large-scale attacks on the execution side, respectively. This is the execution side attack vector; and These represent the large FDI attack probabilities on the sensing and execution sides, respectively, and both follow a Bernoulli distribution. To ensure the effectiveness of the FDI attack while maximizing its stealth, this invention selects Bernoulli distribution probability parameters of 0.15 and 0.08, respectively. Under these parameters, the impact of the FDI attack on the system state and output residuals reaches a balanced state, meaning that it achieves good stealth while ensuring effectiveness.

[0244] Based on the above model, the sensor-side attack signal of a composite covert FDI attack is as follows: Figure 3 As shown, the impact on the system's internal state estimation error and output residual is as follows: Figure 4 As shown. Among them, Figure 4 Figure (a) shows the effectiveness of the attack; Figure (b) shows the stealth of the attack.

[0245] analyze Figure 3 The simulation results show that when At that time, the system was continuously subjected to small-scale FDI attacks. At that time, the system was additionally subjected to a large-scale attack with random timing and amplitude. The FDI attack signal on the execution side was similar to that on the sensing side, and will not be described in detail here. Analysis Figure 4 The simulation results show that when the system is attacked by FDI, its internal state estimation error is significantly higher than the error threshold (0.2), while the system output residual is significantly lower than the detection threshold (0.5), indicating that the FDI attack model designed in this invention can cause destructive attacks on the system while also possessing perfect stealth characteristics.

[0246] 5.3 Evaluation of the attack reconstruction effect based on WGAN-GP:

[0247] To verify the performance of the attack reconstruction model trained by the WGAN-GP algorithm, from the defender's perspective, based on the invasion tolerance strategy scheme in Section 2.2, relevant data was collected, and a standardized experimental dataset was constructed. Based on this dataset, WGAN-GP, GAN, and RF models were trained respectively, and comparative experiments were conducted under the same conditions. Figure 5 This represents the reconstruction error of each channel of the system after reconstruction and prediction using the WGAN-GP model from 150 sets of sample data randomly selected from the test set. Figure 5 The left-hand side diagram shows the attack reconstruction error of each channel on the sensor side. Figure 5 The right side of the figure shows the attack reconstruction error of each channel on the execution side; secondly, the specific performance comparison of each model is shown in Table 1 and Table 2.

[0248] Table 1: Performance Evaluation of Sensor-Side Attack Reconstruction Based on Different Models

[0249]

[0250] Table 2: Performance Evaluation of Execution-Side Attack Reconstruction Based on Different Models

[0251]

[0252] Depend on Figure 5 Analysis shows that the reconstruction performance of the attack reconstruction model varies across different channels due to differences in the amplitude of transmitted data fluctuations. The reconstruction error of sensor-side channel 1 is larger than that of the other three channels, but it is still controlled within 0.01. The overall reconstruction performance of the execution-side channels is similar, controlled within 0.43. This indicates that the reconstruction performance of the WGAN-GP model varies across different channels, but the reconstruction error is within a controllable range, which can meet the requirements of the active intrusion tolerance strategy of real-time systems.

[0253] Analysis and comparison of the experimental results in Tables 1 and 2 show that the attack reconstruction model based on traditional GAN ​​training is difficult to meet the requirements of intrusion tolerance control in dealing with FDI attacks. This is because it lacks more stringent targeted constraints and relevant loss functions. In contrast, the WGAN-GP used in this invention employs first-order Wasserstein distance to measure distribution differences, thereby avoiding gradient explosion and improving training stability. Furthermore, it uses gradient penalty instead of traditional weight pruning, significantly optimizing training stability. Data shows that WGAN-GP has significantly lower RMSE on both the sensing and execution sides than WGAN and GAN, and its average R... 2 The value is closer to the ideal value of 1. Furthermore, compared to traditional decision tree algorithms, the WGAN-GP model also shows a significant improvement in reconstruction error on the execution side. This indicates that the WGAN-GP model has significant advantages in both data repair accuracy and model fit.

[0254] 5.4 Verification of the effectiveness of system state and fault estimation:

[0255] When sensor-side system data suffers from FDI attacks and actuator failures, it is transmitted to a robust observer after data reconstruction and compensation to estimate the internal state of the system and actuator failures. Figure 6 Figures (a) and (b) show the estimation errors of the robust observer for system state and actuator failure, respectively.

[0256] Depend on Figure 6 The experimental results show that, under the action of the robust observer, although there are small oscillations in the system state and actuator fault error, they are all maintained within the controllable threshold range. This indicates that the robust observer designed in this invention can accurately estimate the system state and actuator fault. It also shows that the attack reconstruction compensator designed in this invention based on the WGAN-GP algorithm can suppress the attacks on the system within a controllable range, laying the foundation for the implementation of subsequent comprehensive security control.

[0257] 5.5 Control Mode Division and Modal Fusion Verification:

[0258] To achieve bidirectional adaptation between the integrated safety controller and ADMETCS, this invention uses the DBSCAN algorithm to cluster the system's two-sided trigger thresholds to determine the optimal number of control modes. The Davies-Bouldin Index (DBI) is used to evaluate the clustering effect, and the upper and lower limits of the two-sided trigger thresholds are set as follows: , , , The clustering results are as follows Figure 7 As shown.

[0259] analyze Figure 7 It can be seen that when the number of clusters is 3, the trigger threshold DBI index on the sensing side reaches the lowest value (0.0074), while the DBI index on the execution side has a good index when the number of clusters is more than 2. In order to facilitate the inverse distance weighted interpolation modal fusion of the present invention, the optimal number of clusters on both sides is selected as 3, that is, the optimal mode of the multimodal integrated safety controller is 3. The clustering results are shown in Tables 3 and 4.

[0260] Table 3: Clustering results

[0261]

[0262] Table 4: Clustering results

[0263]

[0264] Based on the cluster centers and distribution ranges of the trigger thresholds in Tables 3 and 4, the modes can be divided into three types: low, medium, and high. Using the method described in section 4.2, these three types are considered as three center points. The Euclidean distance between the two-sided thresholds and the center points during real-time system operation is calculated. The weights of each control mode are calculated using inverse distance weighted interpolation. The weight distribution during online simulation is shown below. Figure 8 As shown.

[0265] like Figure 8 As shown, the weight coefficients of each mode in the multimodal integrated safety controller can be adaptively and dynamically adjusted according to the real-time trigger thresholds on both sides. After the system is attacked, the adaptive threshold is dynamically reduced to increase the amount of data transmission. At this time, the weight of high mode decreases rapidly, while the weight of medium and low mode increases rapidly. This realizes a close connection between the threshold and the modes of the multimodal integrated security controller, and at the same time realizes smooth soft switching between control modes, ensuring the stability of the system during the mode switching process of the multimodal integrated security controller.

[0266] 5.6 Simulation Verification of Multimodal Integrated Security Control under Composite Covert FDI Attacks:

[0267] The system output response under the combined action of the robust observer and the multimodal integrated safety controller is as follows: Figure 9 As shown. Analysis Figure 9 We can conclude that when When the system output response converges rapidly and tends to stabilize; when At that time, the system's sensor-side network was subjected to a small-scale FDI attack, with no significant fluctuations; when At that time, the system experienced continuous actuator failures, and the system output response fluctuated significantly. The system output response abruptly changed to -0.108, but quickly recovered to a stable state under active fault-tolerant control; when At that time, both sides of the system's network were attacked simultaneously. Under the hybrid active and passive intrusion tolerance control, the system's output response showed slight fluctuations; when At that time, the system suffered a mixed FDI attack consisting of continuous small attacks and random large attacks. The system output response showed slightly larger oscillations, but the fluctuation range remained within a certain range. Within a certain range, the impact on the system can be ignored; when When the system's attack reverts to a sustained, small-amplitude attack from both sides, the oscillations in the output response decrease, and the fluctuations are minimal; when At that time, the system was only affected by the actuator failure, and the system output response did not fluctuate significantly and remained in a stable state.

[0268] To further verify the effectiveness of the comprehensive security control strategy constructed in this invention, system output responses based on different control strategies are presented under the same operating conditions. Under pure fault conditions, the system output response obtained by the resilient control strategy proposed in existing literature 2, "Adaptive event-triggered resilient control of industrial cyber-physical systems under asynchronous data injection attack," is as follows: Figure 10 As shown in Figure (a), under the condition of both network attacks and failures, the system output response based on the elastic control strategy in existing literature 2 is as follows. Figure 10 As shown in Figure (b). The system output response based on the single-modal integrated safety control in existing literature 1 is as follows. Figure 10 As shown in Figure (c).

[0269] like Figure 10 As shown in Figure (a), when a system failure occurs, the traditional flexible control strategy can make the system output response relatively stable; while... Figure 10 As shown in Figure (b), when dealing with system conditions where attacks and faults coexist, the resilient control strategy is unable to keep the system output response within a small range of fluctuations, indicating that the traditional resilient control strategy is difficult to effectively contain attacks. Figure 10 Figure (c) shows that although the system output response is somewhat controlled under the single-mode control strategy, it is far less effective than... Figure 9 The multimodal control strategy demonstrated by this invention exhibits superior intrusion and fault tolerance control performance when the system is subjected to both attacks and faults.

[0270] 5.7 Validation of ADMETCS's Weight Adaptation and Threshold Adaptation:

[0271] The ADMETCS designed in this invention introduces adaptive weights from historical data. By changing the weight coefficients, the triggering mechanism can dynamically switch according to the event triggering error, thereby achieving an adaptive memory effect. Furthermore, the triggering threshold function of this invention also employs an adaptive strategy, dynamically adjusting the triggering threshold according to the event triggering error. Under the same operating conditions, with a historical data set of 10, a comparative experiment was conducted between the power function threshold function designed in this invention and the exponential function in existing literature 1. Figure 11 As shown in Figure (a), the sensor-side trigger threshold adapts as follows: Figure 11 As shown in Figure (b), the historical data weighting coefficients adapt and change as follows: Figure 12 As shown.

[0272] Analysis Figure 11 As shown in Figure (a), when the event triggering error is small, it indicates that the system's transmitted data fluctuates less, allowing for reduced data transmission to conserve network communication resources. In this case, the power-function triggering threshold designed in this invention is significantly higher than the exponential triggering threshold, and its decreasing rate is slower, effectively conserving communication resources. Conversely, when the event triggering error is large, it indicates that the system's transmitted data fluctuates more, requiring increased data transmission to improve system control performance. In this case, the power-function triggering threshold designed in this invention is lower than the exponential triggering threshold, and the threshold function designed in this invention decreases faster when facing large data fluctuations, indicating that the threshold function designed in this invention can respond more quickly to changes in system state. Figure 11 Figure (b) illustrates how the adaptive threshold function designed in this invention can dynamically adjust itself when system data fluctuates, combined with... Figure 12 The historical data weights also clearly demonstrate that the memory event triggering mechanism designed in this invention can adopt a weighted average strategy when data is stable, while adaptively adjusting the weights dynamically when data fluctuations are large, and even degenerating into ADETCS at critical moments to maximize data transmission. By adopting bidirectional adaptive adjustment of the threshold function and historical data weights, the adaptability between system communication resources and data transmission quality can be effectively guaranteed.

[0273] Meanwhile, to verify the transmission quality of the adaptive discrete memory event triggering mechanism proposed in this invention, it was compared with ADETCS proposed in existing literature 1 under the same operating conditions. This comparison verified ADMETCS in the asymptotic anomaly region, i.e., compared the two mechanisms in... The number of successful transmissions in 100 samples. The data transmission volume in the progressive anomaly region is shown in Table 5, and the transmission volume under different triggering mechanisms is shown in Table 6.

[0274] Table 5: Data transmission volume in progressively anomalous regions on the sensing side (100 samples)

[0275]

[0276] Table 6: Data transmission volume under different triggering mechanisms

[0277]

[0278] Analysis of Tables 5 and 6 shows that, compared with ADETCS, ADMETCS increases the transmission efficiency by 208.33% when the data on the sensing side undergoes gradual abnormal changes, while the total transmission volume only increases by 12.56%.

[0279] Furthermore, ADMETCS significantly improves transmission efficiency compared to DETCS, which lacks adaptive capabilities. This demonstrates that the ADMETCS designed in this invention achieves optimal performance in both data transmission efficiency and quality.

[0280] 6. Conclusion:

[0281] This invention studies the intrusion and fault tolerance strategies of ICPS under composite covert FDI attacks from the perspectives of attackers and defenders respectively. Under the ADMETCS drive, an integrated ICPS security control architecture is constructed that integrates actuator failure, composite covert FDI attacks, external disturbances and sensor noise. Through system simulation experiments, the following conclusions were drawn: From the attacker's perspective, by integrating the effectiveness, concealment, and randomness of FDI attacks in real industrial scenarios, a composite concealed FDI attack model capable of simultaneously launching attacks on both sides of the system's network was established. This model is used to study intrusion tolerance control strategies that are more closely aligned with actual working conditions. Addressing the issue of insufficient transmission volume in ADETCS when facing progressively anomalous data changes, historical data weighting is used to amplify abnormal data fluctuations, balancing data transmission efficiency and quality in the communication network. From the defender's perspective, an active intrusion tolerance control strategy based on WGAN-GP was proposed, and a passive intrusion tolerance control strategy was studied using mechanistic analysis methods, achieving a collaborative design of a hybrid active and passive intrusion tolerance control strategy. To address the insufficient synergy between trigger thresholds and the design of the integrated security controller, the DBSCAN clustering algorithm was introduced to reasonably divide the control modes offline. Furthermore, a soft-switching method combining online weight coefficient division and mode fusion, based on inverse distance weighted interpolation theory, was proposed to eliminate transient jitter during mode switching.

[0282] Simulation results demonstrate that the proposed integrated security control method exhibits superior intrusion and fault tolerance capabilities when facing complex, covert FDI attacks and actuator failures, while also conserving communication resources and ensuring high data transmission quality. Furthermore, thanks to its data-driven nature and independence from precise system models, the method possesses strong versatility, thus exhibiting good portability and environmental adaptability. Specifically, the method has been effectively validated on typical experimental platforms such as four-tank systems and shows potential for application in various complex industrial scenarios. However, it must be acknowledged that a gap remains between laboratory validation and actual industrial applications. Therefore, future research will focus on practical validation in specific industrial scenarios, such as conducting experimental tests in real power grid environments, to bridge the gap between experimental research and engineering practice and enhance the method's engineering usability and promotional value.

[0283] The various embodiments in this specification are described in a progressive manner, with each embodiment focusing on its differences from other embodiments. Similar or identical parts between embodiments can be referred to interchangeably. For the apparatus disclosed in the embodiments, since they correspond to the methods disclosed in the embodiments, the description is relatively simple; relevant parts can be referred to the method section.

[0284] The above description of the disclosed embodiments enables those skilled in the art to make or use the invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the general principles defined herein may be implemented in other embodiments without departing from the spirit or scope of the invention. Therefore, the invention is not to be limited to the embodiments shown herein, but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims

1. A multimodal integrated security control method for an industrial cyber-physical system, characterized in that, include: An adaptive discrete memory event-triggered communication mechanism is constructed to perform event-triggered filtering on the output data of the sensor side of the industrial cyber-physical system to obtain the system transmission value. The system's transmitted values, after being transmitted over the network and subjected to a fake data injection attack, form the attacked downstream data on the sensing side. The trained attack reconstruction model is used to reconstruct and compensate the real-time attacked downstream data of the sensor side to obtain the repaired system transmission value. Design a robust observer based on the repaired system transmission values; The robust observer is used to estimate the system state and actuator faults in real time, and the state estimate and fault estimate are obtained. Combining the state estimates and fault estimates, a multimodal integrated safety controller is designed based on density space clustering and inverse distance weighted interpolation; initial control variables are generated through the multimodal integrated safety controller. The initial control quantity is filtered by the adaptive discrete memory event-triggered communication mechanism to obtain control data; after the control data is transmitted over the network and subjected to a fake data injection attack, it forms the attacked execution-side downstream data. The trained attack reconstruction model is used to reconstruct and compensate the real-time attacked downstream execution data and then apply it to the controlled object to achieve comprehensive security control of the industrial cyber-physical system. The adaptive discrete memory event-triggered communication mechanism includes sensing-side triggering conditions and execution-side triggering conditions; The sensing-side triggering condition is expressed as follows: in, The number of historical data cached for industrial cyber-physical systems; Weights for event triggering errors on the sensing side; This is the error in triggering events on the sensing side, and - ; This is the index of the current sampling step number; This is the offset index within the historical data window on the sensing side; The sampling period; For the sensing side The logical index that successfully triggers sampling; For the sensing side The discrete time of each successful sampling trigger; For the sensing side The logical time index of the event trigger; For the sensing side The discrete time when the secondary event is triggered; For the sensor in discrete time The system sampled values ​​below; For the sensor in discrete time The system transfer value from the last successful system trigger; It is the transpose matrix; An event trigger weight matrix to be designed for the sensing side; For the sensing side The discrete time when the secondary event is triggered; The adaptive discrete memory event trigger threshold on the sensing side; For the sensing side in discrete time The historical average data transmission rate; The execution-side triggering condition is expressed as follows: in, Weighting of the event triggering error on the execution side; To execute the event triggering error, and - ; The offset index within the historical data window on the execution side; For the sensing side The logical time index of the event trigger; For the sensing side The discrete time when the secondary event is triggered; To execute the side The logic time index for the successful transmission of the secondary system control quantity to the actuator; To execute the side The discrete time when the secondary system control quantity is successfully transmitted to the actuator; For integrated safety controllers in discrete time The system control quantity below; For integrated safety controllers in discrete time The control value transmitted after the previous successful control trigger; The event trigger weight matrix to be designed for the execution side; To execute the side The discrete time when the secondary system control quantity is successfully transmitted to the actuator; The adaptive discrete memory event trigger threshold on the execution side; For the execution side in discrete time The historical average value of control quantity transmission.

2. The multimodal integrated security control method for industrial cyber-physical systems as described in claim 1, characterized in that, Adaptive discrete memory event triggering threshold on the sensing side The corresponding threshold function is expressed as: in, The upper bound of the adaptive discrete memory event triggering threshold on the sensing side; This serves as the lower bound of the adaptive discrete memory event triggering threshold on the sensing side. , ; Errors triggered by historical events; and This is an adjustable parameter for the threshold function. Sensitivity to threshold changes Corresponding threshold smoothness; The first preset historical event trigger error threshold is set at the sensor side. The second preset historical event triggering error threshold is set; and ; This is the error scaling value; For the sensor in discrete time The system sampled values ​​below.

3. The multimodal integrated security control method for industrial cyber-physical systems as described in claim 2, characterized in that, Sensor-side event triggering error weights Represented as: = in, It is a historical data weighting indicator, and ; For accumulating index variables; The weight distribution coefficients for historical data.

4. The multimodal integrated security control method for industrial cyber-physical systems as described in claim 1, characterized in that, The FDI attack model corresponding to the fake data injection attack is represented as follows: in, This is a sensor-side attack model; To execute a side attack model; Pre-determine the dimension matrix for the sensing side; A pre-defined dimension matrix is ​​provided for the execution side; Preset continuous amplitude attack for the sensing side; Pre-set sustained amplitude attack for the execution side; Preset intermittent amplitude attacks for the sensing side, and > ; To execute a pre-set intermittent amplitude attack; and > ; The probability of intermittent attack on the sensing side; To determine the probability of executing a side-interruption attack.

5. The multimodal integrated security control method for industrial cyber-physical systems as described in claim 1, characterized in that, The training process of the attack reconstruction model includes: Collect downstream data from the attacked sensor side and the corresponding unattacked system transmission values; collect downstream data from the attacked execution side and the corresponding unattacked control quantity transmission values; extract the FDI attack quantity from the sensor side and the FDI attack quantity from the collected data, and construct a training dataset; Based on the collected data, an initial attack reconstruction model based on the WGAN-GP model was established; Using root mean square error as the optimization objective, the Bayesian optimization algorithm was used to optimize the hyperparameters of the WGAN-GP model to obtain the optimal parameters; The initial attack reconstruction model is trained based on the optimal parameters to generate the optimal attack reconstruction model.

6. The multimodal integrated security control method for industrial cyber-physical systems as described in claim 1, characterized in that, The design of a robust observer based on the repaired system transmission values ​​specifically includes: Based on the repaired system transmission values, construct the corresponding repaired system state equations; Based on the observer gain matrix and fault gain matrix to be designed, an initial robust observer is constructed; Based on the system state equation and the initial robust observer, and combined with the preset system state estimation error and the preset fault estimation error, an augmented error system is constructed. Solve for the observer gain matrix and the fault gain matrix to make the augmented error system asymptotically stable when there is no disturbance and meet the preset performance index when there is a disturbance. Based on the solved observer gain matrix and fault gain matrix, combined with the initial robust observer, the final robust observer is obtained.

7. The multimodal integrated security control method for industrial cyber-physical systems as described in claim 6, characterized in that, The preset performance index is expressed as follows: in, To augment the error; The perturbation suppression rate of the robust observer; It is the 2-norm of the vector; Sensor noise; This is an augmented matrix representing the rates of change of disturbances and faults; This is the preset system state estimation error; The preset fault estimation error is represented by T, which is the transpose of the equation. For sensor-side attack reconstruction error; To reconstruct errors for side-attacks; This is a matrix with a preset dimension.

8. The multimodal integrated security control method for industrial cyber-physical systems as described in claim 1, characterized in that, The multimodal integrated safety controller designed based on density space clustering and inverse distance weighted interpolation specifically includes: The adaptive discrete memory event trigger threshold is collected from historical operation data, and the density space clustering algorithm is used to cluster the data to obtain several cluster centers, each of which corresponds to a control mode. In real-time control, the Euclidean distance between the current adaptive discrete memory event trigger threshold and each cluster center is calculated, and the fusion weight of each control mode is calculated based on the Euclidean distance using the inverse distance weighted interpolation method. The control laws of each control mode are weighted and fused according to the fusion weights to obtain the final system control quantity.

9. The multimodal integrated security control method for industrial cyber-physical systems as described in claim 8, characterized in that, The control laws for each control mode are expressed as follows: in, Indicates the first The control law corresponding to each control mode; For the first The integrated safety controller gain matrix under each control mode; This is a state estimate; This is a fault estimate; It is a fault regulation matrix, and satisfies , Pre-set matrix for the system, A fault preset matrix is ​​provided; It is the identity matrix; This is the amount of active compensation for actuator failure; For the sensing side The discrete time at which the event is triggered.