Internet of connected vehicles against cyber-attacks based on resilient adaptive event trigger mechanism control

Abstract

In this paper, the challenges associated with controlling the Internet of connected vehicle (IOCV) system and mitigating the limited network communication bandwidth under the threat of denial-of-service (DoS) and deception attacks are addressed. To tackle these challenges, we present a centralized third-order model that better aligns with the dynamics of vehicles and design a resilient adaptive event-triggered mechanism (AETM) that incorporates countermeasures against cyber-attacks. Based on this mechanism, we propose a security controller to ensure the security state of the IOCV system. Utilizing the Lyapunov theory, we rigorously prove that the system is ultimately uniformly bounded and string stable. The efficacy of the proposed method is validated through numerical simulations, which demonstrate its effectiveness in addressing the issues under consideration.

Keywords

Internet of connected vehicles denial-of-service attack deception attack resilient adaptive event-triggered mechanism string stability

Introduction

Over the past two decades, there has been a significant rise in highway traffic, leading to serious issues such as congestion, air pollution, noise, huge economic losses, and even numerous fatalities (Michaud et al., 2006; Noormohammadpour and Raghavendra, 2018). As a result, more and more researchers are focusing on the field of automated highway/vehicle systems (AHVSs), with many studies being conducted in this area (Liu and Alleyne, 2014; Nilsson et al., 2017; Yue and Guo, 2012). The architecture of AHVS is typically based on the concept of “strings of vehicles,” meaning that groups of vehicles follow each other with a small gap between them. The widely used method for maintaining vehicle speed and inter-vehicle spacing is Internet of connected vehicle (IOCV) system (Kayacan, 2017; Lin and Nguyen, 2020), where vehicles are linked by a wireless network and automated control is performed by onboard computer systems. Since the IOCV system has proven to be effective in both increasing traffic efficiency and highway capacity and enhancing safety by reducing the chance of human error, it has gained great research interest in recent years.

Individual vehicle stability and string stability are two challenges that require special attention in the design of IOCV control systems. To achieve individual vehicle stability, it is essential that the relative speeds and distances of all nearby vehicles are kept close to their equilibrium states. This is a stability requirement that must be met by most tracking control systems (Feng et al., 2019; Guo et al., 2018; Kayacan, 2017; Sawant et al., 2021; Wu et al., 2021; Yue and Guo, 2012). However, string stability focuses on preventing the propagation of tracking errors along a string of vehicles, which is a unique issue in IOCV systems. This concept has drawn a significant amount of research interest, with Feng et al. (2019) providing a comprehensive summary of the studies conducted on string stability. String stability can be achieved without inter-vehicle communication through the use of variable spacing techniques. In this paper, however, we focus on the constant spacing (CS) policy–based IOCV control technique, where the requirements for string stability become more stringent as the inter-vehicle distance decreases. For instance, Wu et al. (2021) proposed a pulse control approach for a second-order homogeneous IOCV system using the CS strategy, while Sawant et al. (2021) proposed a sliding mode control approach that ensured string stability without relying on the lead vehicle’s acceleration. Guo et al. (2018) used neural networks to address the unknown nonlinear function in order to achieve string stability. Kayacan (2017) developed a multi-objective controller that ensured string stability by reducing the following distance. Finally, Yue and Guo (2012) designed a guaranteed cost controller based on an adaptive neural network compensator by controlling the vehicle with nonlinear dynamics and actuator delay. The proposed control scheme successfully achieves both individual vehicle stability and string stability.

Furthermore, while ensuring desired performance, it is also crucial to consider the overuse of scarce communication resources in the network. In the implementation of IOCV systems, the bandwidth capacity of the network transmission channel is limited. The design of an event-triggered mechanism (ETM) can effectively address this issue. ETM can reduce network energy and fuel consumption, while maintaining an acceptable level of control performance. The system only transmits the sampling signal when trigger conditions related to the state of the system are violated. Deng et al. (2021) introduced a novel dynamic periodic ETM. They designed a distributed observer that eliminates the effects of nonuniform communication delay using the event trigger signal from the previous sampling time. Li et al. (2021a) investigated ETM platoon control in the presence of random communication noise. Ge et al. (2021) explored the impact of unknown external interference and vehicle acceleration on IOCV control and developed a Dynamic ETM control strategy to schedule efficient communication between vehicles over time. The adaptive event-triggered mechanism (AETM) outperforms traditional ETM, as it adjusts the amount of data transmission by dynamically modifying the event trigger threshold, maintaining satisfactory control performance and improving the utilization of limited network resources. AETM has been widely adopted by researchers due to its many benefits. To improve lateral dynamic performance and network resource utilization in autonomous electric vehicles under unsafe communication conditions, Li et al. (2021b) proposed a fuzzy nonlinear lateral dynamic control algorithm based on AETM. Zhang et al. (2021b) studied the adaptive resilient AETM control of rear wheel–driven autonomous vehicles, balancing the frequency change of the vehicles during operation. Zhang et al. (2021a) introduced a distributed AETM observer that enables subsequent vehicles to access leader information.

The trigger mechanism currently in place in the IOCV system can effectively address communication constraints, but it is crucial to also consider security concerns within the communication network. In contrast to traditional vehicle networks that are confined to internal use, the IOCV system requires vehicles to communicate and share information, transforming the closed network into an open one. However, this increased openness makes the system vulnerable to cyber-attacks that can disrupt normal communication. For instance, an attacker can launch a denial-of-service (DoS) attack by disrupting the radio frequency on the wireless communication channel, leading to channel blockage. Malicious programs can also interfere with the exchange of information between the actuator and controller, causing delays and data loss in vehicle state information. Deception attacks, including data modification and false data injection, can also result in incorrect vehicle judgments, damaging the integrity of control data or altering sensor readings. These types of cyber-attacks can put the vehicle out of control, posing a significant threat to public safety (Dong et al., 2020; Moharm, 2019). Thus, finding effective solutions to security issues in the IOCV system network is a pressing matter.

So far, the issue of IOCV control in the presence of cyber-attacks has been explored from various angles. For example, Liu et al. (2021) proposed changes in communication topology caused by DoS attacks and explored the consensus of multi-agent systems under replay and DoS attacks. Xiao et al. (2022) investigated the distributed adaptive IOCV control problem in terms of vehicle security, taking into account the presence of intermittent DoS attacks in vehicular ad hoc networks. Mousavinejad et al. (2020) studied the impact of DoS attacks on autonomous platoon control, with the focus on delay and packet loss, and further developed a resilient controller to maintain system stability. Biroon et al. (2022) introduced an observer-based diagnostic algorithm to detect and isolate replay attacks, thereby ensuring the stability of IOCV. Zhao et al. (2020) designed an attack detection framework that allows safe driving through estimation and prediction, even if the vehicle does not have complete state information. Debruhl et al. (2015) expanded the attack detection strategy by incorporating sensor-based proportional differential links and communication feedforward links into a real-time switching control strategy in the presence of cyber-attacks.

Despite the fact that some scholars have explored various aspects of network attacks, there have been limited studies focused on the design of trigger mechanisms in IOCV systems under the influence of multiple network attacks. Specifically, the challenge of designing a novel structure that can effectively mitigate the gradual escalation of interference along a series of vehicles while preserving individual stability remains an open problem.

Inspired by the above analysis, the purpose of this paper is to study IOCV control problem with DoS attack and deception attack under resilient AETM scheme. The main contributions of the work are summarized as follows:

(1) A resilient AETM integrating cyber-attacks is established, which saves limited communication bandwidth on the basis of ensuring control performance.

(2) The performance loss caused by cyber-attacks on IOCV system is transformed into the change of resilient AETM trigger conditions, and the arbitrariness of cyber-attacks is depicted by setting cyber-attacks as state-independent information.

(3) It is proved that the IOCV system is asymptotically stable without cyber-attacks, when a cyber-attack occurs, the IOCV system is ultimately uniformly bounded, and the maximum performance loss boundary of the IOCV system under cyber-attacks is obtained. The rest of this paper is arranged as follows. In section “System model and problem formulation,” the third-order vehicle model is first given, and the structure of IOCV system is briefly described. In section “Resilient AETM design,” network cyber-attacks are integrated into the design of resilient AETM. Section “Design of safety controller” gives the sufficient conditions for the ultimate uniform boundedness of IOCV system and the design method of safety controller. Numerical simulation results are provided in section “Simulation.” Section “Conclusion” concludes this paper.

Notation

The notation used throughout this paper is fairly standard. The superscript “T” stands for the matrix transposition; · denotes the Euclidean norm. In symmetric block matrices, we use an asterisk (*) to represent a term that is induced by symmetry, and $diag {\dots}$ stands for a block-diagonal matrix. Matrices, if their dimensions are not explicitly stated, are assumed to be compatible for algebraic operations.

System model and problem formulation

This article studies an IOCV system composed of n + 1 vehicles, as shown in Figure 1, where i = 0 represents the leading vehicle which periodically broadcasts its state signals (including position, velocity, and acceleration) to the ith vehicle via wireless network. The distance of neighboring vehicles is measured by radar. The position, velocity, and acceleration of all vehicles in the IOCV system can be measured by Global Positioning System (GPS), magnetic encoder, and accelerometer, respectively. Hereinafter, the IOCV dynamics, cyber-attacks, sensor and actuator attack and our objectives will be detailed in turn.

Figure 1.

IOCV system structure.

IOCV modeling

Vehicle dynamics is dependent on factors such as air mass, cross-sectional area, drag coefficient, and other parameters. To simplify the model, the following assumptions are made regarding the vehicle:

(1) Longitudinal offset of the tires can be disregarded.

(2) The body exhibits rigid symmetry.

(3) The effects of pitch and yaw motions are negligible.

(4) Acceleration and braking can be controlled inputs.

The tracking error between two adjacent vehicles can be defined as

δ_{i} (t) = d_{i - 1} (t) - d_{i} (t) - δ_{d} - l_{i}

(1)

where $d_{i}$ and $d_{i - 1}$ are the position of ith vehicle and (i − 1)th vehicle, respectively, $δ_{d}$ is the ideal distance, $l_{i}$ is the length of the vehicle, and $d_{0}$ represents the leader’s position.

According to the nonlinear model described in Huang and Ren (1998), Sheikholeslam and Desoer (1993) and Stankovic et al. (1997), the ith vehicle and (i − 1)th vehicle can be jointly modeled as

{\overset{\cdot}{δ}}_{i} (t) = v_{i - 1} (t) - v_{i} (t)

(2)

Δ {\overset{\cdot}{v}}_{i} (t) = a_{i - 1} (t) - a_{i} (t)

(3)

{\overset{\cdot}{a}}_{i} (t) = f_{i} (v_{i}, a_{i}) + g_{i} (v_{i}) c_{i}

(4)

where $v_{i - 1} (t)$ and $v_{i} (t)$ denotes the velocity of (i − 1)th vehicle and ith vehicle, respectively, $ς_{i}$ , $m_{i}$ , and $a_{i} (t)$ is the engine time constant, the mass and the acceleration of ith vehicle, respectively, $c_{i}$ denotes the engine input, $c_{i} > 0$ and $c_{i} < 0$ , respectively, represent throttle input and brake input, and the nonlinear term is given as

f_{i} (v_{i}, a_{i}) = - \frac{1}{ς_{i}} ({\overset{\cdot}{v}}_{i} + \frac{σ A_{i} c_{di}}{2 m_{i}} v_{i}^{2} + \frac{d_{mi}}{m_{i}}) - \frac{σ A_{i} c_{di} v_{i} a_{i}}{m_{i}}

(5)

g_{i} (v_{i}) = \frac{1}{ς_{i} m_{i}}

(6)

where $σ$ represents the specific mass of the air, and $A_{i}$ , $c_{di}$ , and $d_{mi}$ denotes the cross-sectional area, drag coefficient, and mechanical drag of the ith vehicle, respectively.

Remark 1. Note that $v_{i - 1} (t) - v_{i} (t)$ and ${\overset{\cdot}{δ}}_{i} (t)$ have the same physical meaning, which means the velocity error between two consecutive vehicles; however, the sources of the two are different. ${\overset{\cdot}{δ}}_{i} (t)$ can be obtained by derivation $δ_{i} (t)$ , which can be measured directly by the vehicle-mounted distance sensor. The velocity $v_{i - 1} (t)$ of the front car in $v_{i - 1} (t) - v_{i} (t)$ needs to be transmitted from (i − 1)th vehicle to ith vehicle via the wireless communication network, and it is the same for $a_{i - 1} (t) - a_{i} (t)$ and ${\overset{\cdot\cdot}{δ}}_{i} (t)$ . The detailed research can refer to Guo and Yue (2011).

After introducing feedback linearization technique

c_{i} = \frac{u_{i} m_{i} + σ A_{i} c_{di} v_{i}^{2}}{2 + d_{mi} + ς_{i} σ A_{i} c_{di} v_{i} a_{i}}

(7)

the equation (4) becomes

{\overset{\cdot}{a}}_{i} (t) = - \frac{1}{ς_{i}} a_{i} (t) + \frac{1}{ς_{i}} u_{i} (t)

(8)

where $u_{i} (t)$ represents the additional control input, which is designed to make IOCV system to meet certain criterion.

Define $X (t) = Col [x_{i} (t)]_{i = 1}^{n}$ , $U (t) = Col [u_{i} (t)]_{i = 1}^{n}$ , $Y (t) = Col [y_{i} (t)]_{i = 1}^{n}$ as the state, input, and output vectors, and $Col$ as the column vectors, where $x_{i} (t) = [\begin{matrix} δ_{i} (t) & v_{i - 1} (t) - v_{i} (t) & a_{i - 1} (t) - a_{i} (t) \end{matrix}]^{T}$ and $y_{i} (t) = [\begin{matrix} δ_{i} (t) & {\overset{\cdot}{δ}}_{i} (t) & {\overset{\cdot\cdot}{δ}}_{i} (t) & v_{0} (t) - v_{i} (t) & a_{0} (t) - a_{i} (t) \end{matrix}]^{T}$ .

For each connected vehicle, the general controller structure for IOCV is designed as follows

u_{i} (t) = q_{i} y_{i} (t)

(9)

where $q_{i}$ is the controller gain to be designed, $q_{i} = [\begin{matrix} q_{pi} & q_{vi} & q_{ai} & q_{vli} & q_{ali} \end{matrix}]$ .

The state-space equation and output equation of IOCV system can be expressed as

\begin{matrix} \overset{\cdot}{X} (t) = AX (t) + BU (t) + w (t), Y (t) = C_{1} X (t) \\ + C_{2} X (t) = Y_{c} (t) + Y_{o} (t) \end{matrix}

(10)

where

\begin{matrix} A_{i} = [\begin{matrix} A_{1 i} & 0 & \dots & 0 \\ 0 & A_{1 i} & \dots & 0 \\ \dots & ⋱ & ⋱ & \dots \\ 0 & \dots & 0 & A_{1 i} \end{matrix}], B_{i} = [\begin{matrix} B_{1 i} & 0 & \dots & 0 \\ B_{1 i} & - B_{1 i} & \dots & 0 \\ \dots & ⋱ & ⋱ & \dots \\ 0 & \dots & B_{1 i} & - B_{1 i} \end{matrix}] \\ C_{1} = [\begin{matrix} [\begin{matrix} c_{11 i} \\ 0 \end{matrix}] & 0 & \dots & 0 \\ 0 & [\begin{matrix} c_{11 i} \\ 0 \end{matrix}] & \dots & 0 \\ \dots & ⋱ & ⋱ & \dots \\ 0 & \dots & 0 & [\begin{matrix} c_{11 i} \\ 0 \end{matrix}] \end{matrix}] \\ C_{2} = [\begin{matrix} [\begin{matrix} 0 \\ c_{12 i} \end{matrix}] & 0 & \dots & 0 \\ [\begin{matrix} 0 \\ c_{12 i} \end{matrix}] & [\begin{matrix} 0 \\ c_{12 i} \end{matrix}] & \dots & 0 \\ \dots & ⋱ & ⋱ & \dots \\ [\begin{matrix} 0 \\ c_{12 i} \end{matrix}] & \dots & [\begin{matrix} 0 \\ c_{12 i} \end{matrix}] & [\begin{matrix} 0 \\ c_{12 i} \end{matrix}] \end{matrix}], A_{1 i} = [\begin{matrix} 0 & 1 & 0 \\ 0 & 0 & 1 \\ 0 & 0 & - \frac{1}{ς_{i}} \end{matrix}] \\ B_{1 i} = {[\begin{matrix} 0 & 0 & \frac{1}{ς_{i}} \end{matrix}]}^{T}, c_{11 i} = [\begin{matrix} 1 & 0 & 0 \\ 0 & 1 & 0 \\ 0 & 0 & 1 \end{matrix}], c_{12 i} = [\begin{matrix} 0 & 1 & 0 \\ 0 & 0 & 1 \end{matrix}] \end{matrix}

$w (t) = Col [w_{i} (t)]_{i = 1}^{n}$ is the external disturbance, with $w_{i} (t)$ represents the combined equivalent disturbance of the lead vehicle’s acceleration and possible wind gust effects from severe weather.

Based on IOCV system (10), the controller to be designed exists as the following output feedback

U (t) = QY (t) = Q_{c} Y_{c} (t) + Q_{o} Y_{o} (t) = U_{c} (t) + U_{o} (t)

(11)

where $Q$ is the controller gain to be designed, $Q_{c}$ and $Q_{o}$ are the physical layer and network layer controller gain, respectively, $Y_{c} (t)$ represents the information output between two adjacent interconnected vehicles, and $Y_{o} (t)$ is the information output between the current interconnected vehicle and the first vehicle. The controller can be divided into two parts— $U_{c} (t)$ is the physical layer controller and $U_{o} (t)$ is the network layer controller.

Resilient AETM design

Resilient AETM

In the IOCV system, the acceleration information of the lead vehicle must be transmitted to the following vehicles via the network in order to implement control over the system. However, network security is vulnerable, and attackers may launch cyber-attacks on the IOCV system, disrupting the real-time transmission of state information and control signals between connected vehicles and affecting the performance of the system. In order to mitigate uncertainty in the control of the IOCV system, a resilient margin is typically established to account for the system’s state uncertainty. According to the resilient control principle described above, the trigger states under cyber-attacks can be divided into the following three categories:

(1) Healthy region: no cyber-attacks occur, or cyber-attacks do not change the original trigger conditions.

(2) Sub-health area: cyber-attacks cause trigger packets not to be received on the actuator side even if event trigger conditions change, but the system error is still tolerable.

(3) Morbid region: serious system error caused by cyber-attacks makes system performance extremely poor and unacceptable.

This section mainly studies DoS attack and deception attack. DoS attacks can break the control loop, resulting in IOCV system performance degradation and even collapse. Deception attacks mean that attackers maliciously and secretly add attack signals to system information, which deteriorates the performance of IOCV systems.

Remark 2. The attacker’s attack energy is limited, and in order to reduce the probability of detection, the attacker can only launch attacks in a short time interval.

$℘ (t) = Y_{0} (i_{k} h) - Y_{0} (t_{k} h)$ is defined as the sampling state error, $Y_{0} (t_{k} h)$ represents the latest data that need to be transmitted through the network, $Y_{0} (i_{k} h)$ represents the current sampling data, and $i_{k} h = t_{k} h + jh (j \in N)$ . $α (i_{k} h) \in {0, 1}$ is used to characterize whether there are cyber-attacks in IOCV system, namely

α (i_{k} h) = {\begin{matrix} 1 & Cyber - attack \\ 0 & No cyber - attack \end{matrix}

$η (i_{k} h) \in {0, 1}$ indicates whether DoS attack occurs in the system.

Remark 3. When DoS attack occurs, the communication channel will neither send nor receive information, and the deception attack only adds the attack data to the system, which indirectly leads to the delay of sending real data. Therefore, the impact of DoS attack on IOCV is much greater than that of deception attack. Therefore, when the DoS attack occurs, the system performance has dropped to the worst regardless of whether there is a deception attack. When $α (i_{k} h) = 0$ , no cyber-attacks occurred. When $α (i_{k} h) = 1$ , if $η (i_{k} h) = 1$ , the attacker successfully launched DoS attack on IOCV system, if $η (i_{k} h) = 0$ , the attacker launched deception attack on IOCV system.

Remark 4. When cyber-attacks occur, because the correct information cannot be transmitted, the controller will use the latest received information to control the IOCV system, which leads to the continuous increase of error. When the event trigger condition is met at a certain time point, the subsequent states can be successfully sent.

Because the attacker’s attack energy is limited and the system state of IOCV has security constraints, the maximum allowable error caused by cyber-attacks is bounded, and the maximum allowable error $β (Δ^{dos}) \leq β$ caused by DoS attack is defined. Maximum allowable error $ε (Δ^{dec}) \leq ε$ caused by deception attack. First, the following definitions are given.

$h$ is defined as the sampling period and $h > 0$ , $t_{k} h$ is the trigger time, where $t_{k}$ is a non-negative integer and $k = 0, 1, 2, \dots$ , the initial trigger time $t_{0} h$ is set to $t_{0} h = 0$ . For the ith connected vehicle, there is the following trigger protocol

\begin{matrix} ℘^{T} (i_{k} h) Λ ℘ (i_{k} h) \leq \partial (i_{k} h) y_{0}^{T} (t_{k} h) Λ y_{0} (t_{k} h) \\ + α (i_{k} h) [η (i_{k} h) β + (1 - η (i_{k} h)) ε] \end{matrix}

(12)

where $\partial (i_{k} h)$ is the threshold parameter satisfying the following adaptive law, and $Λ > 0$ is the trigger matrix to be designed

\overset{\cdot}{\partial} (i_{k} h) = \frac{γ}{\partial (i_{k} h)} (\frac{1}{\partial (i_{k} h)} - μ) ℘^{T} (i_{k} h) Λ ℘ (i_{k} h)

(13)

where $0 < \partial (t) \leq 1$ , $γ > 0$ , $μ > 0$ is used to adjust the convergence rate. When the system is stable, $\partial (i_{k} h)$ becomes a constant.

Remark 5. How the values of $α (i_{k} h)$ and $η (i_{k} h)$ determine whether $β$ and $ε$ exist, which is also one of the embodiments of resilient in the resilient trigger strategy.

Based on the trigger protocol equation (12), the next trigger time is

\begin{matrix} t_{k + 1} h = t_{k} h + min_{j \in N} {jh | ℘^{T} (i_{k} h) Λ ℘ (i_{k} h) - \partial (i_{k} h) y_{0}^{T} (t_{k} h) Λ y_{0} (t_{k} h) \\ - α (i_{k} h) [η (i_{k} h) β + (1 - η (i_{k} h)) ε] > 0} \end{matrix}

(14)

It should be noted that the next trigger time in equation (14) is the sum of the current trigger time and the minimum interval violated the trigger protocol equation (12). A trigger judgment is performed at each sample interval h, once the transmission information violates trigger condition (12), the event is triggered and the information is transmitted, if this sampling does not meet the conditions, the next sampling time continues to judge until the event trigger. It also can be seen from equation (12) that the sampling time is a discrete time $t_{k} h (k = 0, 1, 2, \dots)$ . In resilient AETM equation (14), the minimum trigger interval is $h$ . Therefore, Zeno phenomenon can be avoided.

This section also considers the transmission delay, which is more in line with the actual application. Set $τ_{k}$ and $τ_{k + 1}$ as the communication delay of the leader at $t_{k} h$ and $t_{k + 1} h$ , respectively. The interval $[t_{k} h + τ_{k}, t_{k + 1} h + τ_{k + 1})$ can be divided into $j_{m} + 1$ subintervals, namely, $[t_{k} h + τ_{k}, t_{k + 1} h + τ_{k + 1}) = \cup_{j = 0}^{j_{m}} [t_{k} h + jh + τ_{k}, t_{k} h + (j + 1) h + τ_{k + 1})$ . $j_{m}$ is a normal number, $τ (t) \overset{Δ}{=} t - t_{k} h - jh = t - i_{k} h$ , $j = 0, 1, 2, \dots$ , $0 \leq τ_{m} < τ (t) \leq τ_{M}$ , $τ_{M}$ is the upper bound of delay.

Considering the time delay caused by event triggering and the influence of cyber-attacks, the corresponding controller can be designed as follows

U (t) = Q_{c} Y_{c} (t) + Q_{0} Y_{0} (t - τ (t) - ℘ (i_{k} h))

(15)

IOCV system (10) can be converted to the following form

\begin{matrix} \overset{\cdot}{X} (t) = (A + B Q_{c} C_{1}) X (t) + w (t) + B [Q_{0} C_{2} (X (t - τ (t)) - ℘ (i_{k} h))], \\ Y (t) = C_{1} X (t) + C_{2} X (t - τ (t) - ℘ (i_{k} h)) \end{matrix}

(16)

The objective

The control objective of the research is to meet the following requirements under the control of the proposed controller:

(1) String Stability: spacing error will not propagate and enlarge along the string of vehicles, namely, $‖ δ_{i} (s) / δ_{i - 1} (s) ‖ \leq 1$ , where $δ_{i} (s)$ is the Laplace transform of $δ_{i} (t)$ .

(2) Control objectives under security boundary constraints:

(a) When the IOCV system does not have a cyber-attack, equation (16) is asymptotically stable and has $H_{\infty}$ performance for external disturbance $w (t)$ , namely, $‖ Y (t) ‖ \leq κ ‖ w (t) ‖$ .

(b) When the IOCV system suffers cyber-attacks, equation (16) is ultimately uniformly bounded under the resilient trigger strategy equation (14), that is, when $t \to \infty$ , $‖ L (X (t)) ‖ \leq ℵ$ is the security state boundary of the IOCV system under cyber-attacks, where $‖ L (X (t)) ‖$ represents the performance loss of IOCV system caused by cyber-attacks.

Design of safety controller

In this section, the security performance of IOCV system based on resilient AETM equation (14) under cyber-attacks is analyzed, and then the corresponding security controller is designed. Finally, the string stability is analyzed.

Theorem 1. Under resilient AETM equation (14), for the given safety controller gain matrices $Q_{c}$ and $Q_{0}$ , scalar $0 \leq τ_{m} < τ_{M}$ , $β$ and $ε$ , if there are positive definite matrices $P > 0$ , $G > 0$ , $Z_{i} > 0$ , $Q_{i} > 0$ $(i = 1, 2)$ and any matrix $D$ with appropriate dimensions, the following linear matrix inequalities are established

Ψ = [\begin{matrix} Ψ_{11} & Ψ_{12} \\ * & Ψ_{22} \end{matrix}] < 0, [\begin{matrix} Q_{2} & D \\ * & Q_{2} \end{matrix}] > 0

(17)

where

\begin{matrix} Ψ_{11} = [\begin{matrix} φ_{11} & Q_{1} & φ_{13} & 0 & - PB Q_{0} C_{2} & P \\ * & φ_{22} & φ_{23} & D & 0 & 0 \\ * & * & φ_{33} & φ_{34} & ‖ \partial (i_{k} h) ‖ Λ & 0 \\ * & * & * & φ_{44} & 0 & 0 \\ * & * & * & * & - Λ + ‖ \partial (i_{k} h) ‖ Λ & 0 \\ * & * & * & * & * & - κ^{2} I \end{matrix}], \\ Ψ_{12} = [\begin{matrix} τ_{m} W^{T} & (τ_{M} - τ_{m}) W^{T} & τ_{M} W^{T} & C_{1}^{T} \\ 0 & 0 & 0 & 0 \\ τ_{m} O^{T} & (τ_{M} - τ_{m}) O^{T} & τ_{M} O^{T} & C_{2}^{T} \\ 0 & 0 & 0 & 0 \\ - τ_{m} O^{T} & - (τ_{M} - τ_{m}) O^{T} & - τ_{M} O^{T} & - C_{2}^{T} \\ τ_{m} & (τ_{M} - τ_{m}) & τ_{M} & 0 \end{matrix}] \\ W = A + B Q_{c} C_{1}, O = B Q_{0} C_{2}, Ψ_{22} = diag [\begin{matrix} - Q_{1}^{- 1} & - Q_{2}^{- 1} & - G^{- 1} & - I \end{matrix}] \\ φ_{11} = (A + B Q_{c} C_{1})^{T} P + P (A + B Q_{c} C_{1}) + Z_{1} - Q_{1} - \frac{π^{2}}{4} G, \\ φ_{13} = PB Q_{0} C_{2} + \frac{π^{2}}{4} G, φ_{22} = Z_{2} - Z_{1} - Q_{1} - Q_{2} φ_{23} = Q_{2} - D, \\ φ_{33} = - 2 Q_{2} - \frac{π^{2}}{4} G + D + D^{T}, φ_{34} = Q_{2} - D, φ_{44} = - Z_{2} - Q_{2} \end{matrix}

There are:

(1) When the IOCV system does not have a cyber-attack, the IOCV system (16) is asymptotically stable and has $H_{\infty}$ performance for external disturbance $w (t)$ , namely, $‖ Y (t) ‖ \leq κ ‖ w (t) ‖$ .

(2) When the IOCV system is subjected to cyber-attacks, the IOCV system (16) is ultimately uniformly bounded under the resilient AETM equation (14). When DoS attack occurs, the final uniform security state of IOCV system is $‖ X (t) ‖ \leq \sqrt{V (0) + \frac{β}{ϖ} / λ (P)}$ ; when a deception attack occurs, the final consistent security state is $‖ X (t) ‖ \leq \sqrt{V (0) + \frac{ε}{ϖ} / λ (P)}$ . The maximum performance loss caused by DoS attack on IOCV system is $ℵ_{1} = {‖ L (X (t)) ‖ \leq \sqrt{β / ϖ λ (P)}}$ ; the maximum performance loss caused by deception attack on IOCV system is $ℵ_{2} = {‖ L (X (t)) ‖ \leq \sqrt{ε / ϖ λ (P)}}$ .

IOCV system (16) based on resilient AETM equation (14) is secure under cyber-attacks. In the formula, $ϖ$ is the maximum eigenvalue of $Ψ$ and $λ (P)$ is the minimum eigenvalue of $λ (P)$ .

Proof. Select the following Lyapunov–Krasovskii functional

\begin{matrix} V (X (t)) = V_{1} (X (t)) + V_{2} (X (t)) + V_{3} (X (t)) + V_{4} (X (t)) \\ V_{1} (X (t)) = X^{T} (t) PX (t) \end{matrix}

(18)

where

\begin{array}{l} V_{2} (X (t)) = \int_{t - τ_{m}}^{t} X^{T} (s) Z_{1} X (s) d s + \int_{t - τ_{M}}^{t - τ_{m}} X^{T} (s) Z_{2} X (s) d s \\ V_{3} (X (t)) = τ_{m} \int_{- τ_{m}}^{0} \int_{t + θ}^{t} {\dot{X}}^{T} (s) Q_{1} \dot{X} (s) d s d θ + (τ_{M} - τ_{m}) \\ \int_{- τ_{M}}^{- τ_{m}} \int_{t + θ}^{t} {\dot{X}}^{T} (s) Q_{2} \dot{X} (s) d s d θ \\ V_{4} (X (t)) = τ_{m}^{2} \int_{i_{k} h}^{t} {\dot{X}}^{T} (s) G \dot{X} (s) d s - \frac{π^{2}}{4} \int_{i_{k} h}^{t} {[X (s) - X (i_{k} h)]}^{T} \\ G [X (s) - X (i_{k} h)] d s \end{array}

Derived the above Lyapunov functional and substituted equation (16) to obtain

\begin{matrix} {\overset{\cdot}{V}}_{1} (X (t)) = 2 X^{T} (t) P \\ [(A + B Q_{c} C_{1}) X (t) + B Q_{0} C_{2} X (t - τ (t)) - B Q_{0} C_{2} ℘ (i_{k} h) + w (t)] \end{matrix}

(19)

\begin{matrix} {\overset{\cdot}{V}}_{2} (X (t)) = X^{T} (t - τ_{m}) (Z_{2} - Z_{1}) X (t - τ_{m}) + X^{T} (t) Z_{1} X (t) \\ - X^{T} (t - τ_{M}) Z_{2} X (t - τ_{M}) \end{matrix}

(20)

\begin{matrix} {\overset{\cdot}{V}}_{3} (X (t)) = - τ_{m} \int_{t - τ_{m}}^{t} {\overset{\cdot}{X}}^{T} (s) Q_{1} \overset{\cdot}{X} (s) ds + {\overset{\cdot}{X}}^{T} (t) [{(τ_{M} - τ_{m})}^{2} Q_{2} + τ_{m}^{2} Q_{1}] \overset{\cdot}{X} (t) \\ - (τ_{M} - τ_{m}) \int_{t - τ_{M}}^{t - τ_{m}} {\overset{\cdot}{X}}^{T} (s) Q_{2} \overset{\cdot}{X} (s) ds \end{matrix}

(21)

\begin{matrix} {\overset{\cdot}{V}}_{4} (X (t)) = - \frac{π^{2}}{4} {[X (t) - X (t - τ (t))]}^{T} G [X (t) - X (t - τ (t))] \\ + τ_{m}^{2} {\overset{\cdot}{X}}^{T} (t) G \overset{\cdot}{X} (t) \end{matrix}

(22)

Using the Jensen inequality, the integral part of ${\overset{\cdot}{V}}_{3} (X (t))$ can be treated as follows

\begin{matrix} - τ_{m} \int_{t - τ_{m}}^{t} {\overset{\cdot}{X}}^{T} (s) Q_{1} \overset{\cdot}{X} (s) ds \leq - {[X (t) - X (t - τ_{m})]}^{T} \\ Q_{1} [X (t) - X (t - τ_{m})] \end{matrix}

(23)

As can be seen from equation (17)

[\begin{matrix} Q_{2} & D \\ * & Q_{2} \end{matrix}] > 0

so the integral part of ${\overset{\cdot}{V}}_{3} (X (t))$ can be treated as

\begin{matrix} - (τ_{M} - τ_{m}) \int_{t - τ_{M}}^{t - τ_{m}} {\overset{\cdot}{X}}^{T} (s) Q_{2} \overset{\cdot}{X} (s) ds \leq - {[X (t - τ_{m}) - X (t - τ_{M})]}^{T} \\ Q_{2} [X (t - τ_{m}) - X (t - τ_{M})] \\ - {[X (t - τ (t)) - X (t - τ_{M})]}^{T} Q_{2} [X (t - τ (t)) - X (t - τ_{M})] \\ - 2 {[X (t - τ_{m}) - X (t - τ (t))]}^{T} D [X (t - τ (t)) - X (t - τ_{M})] \end{matrix}

(24)

It can be seen from equations (19)–(24) that

\begin{matrix} \overset{\cdot}{V} (X (t)) \leq X^{T} (t) [{(A + B Q_{c} C_{1})}^{T} P + P (A + B Q_{c} C_{1}) + Z_{1} - Q_{1} - \frac{π^{2}}{4} G] X (t) \\ + X^{T} (t - τ (t)) (Q_{2} - D)^{T} X (t - τ_{m}) + X^{T} (t) Pw (t) \\ + X^{T} (t) (PB Q_{0} C_{2} + \frac{π^{2}}{4} G) X (t - τ (t)) - X^{T} (t) PB Q_{0} C_{2} ℘ (i_{k} h) \\ + X^{T} (t - τ_{m}) Q_{1}^{T} X (t) + X^{T} (t - τ_{m}) (Z_{2} - Z_{1} - Q_{1} - Q_{2}) X (t - τ_{m}) \\ + X^{T} (t - τ_{m}) (Q_{2} - D) X (t - τ (t)) + X^{T} (t - τ_{m}) DX (t - τ_{M}) \\ + X^{T} (t - τ (t)) (- 2 Q_{2} - \frac{π^{2}}{4} G + D + D^{T}) X (t - τ (t)) \\ + X^{T} (t - τ (t)) (Q_{2} - D) X (t - τ_{M}) + X^{T} (t - τ_{M}) D^{T} X (t - τ_{m}) \\ - ℘^{T} (i_{k} h) PB Q_{0} C_{2} X (t) - X^{T} (t - τ_{M}) (Z_{2} + Q_{2}) X (t - τ_{M}) \\ + X^{T} (t - τ (t)) {(PB Q_{0} C_{2} + \frac{π^{2}}{4} G)}^{T} X (t) + X^{T} (t) Q_{1} X (t - τ_{m}) \\ + {\overset{\cdot}{X}}^{T} (t) [τ_{m}^{2} Q_{1} + {(τ_{M} - τ_{m})}^{2} Q_{2} + τ_{m}^{2} G] \overset{\cdot}{X} (t) + w^{T} (t) PX (t) \\ + X^{T} (t - τ_{M}) (Q_{2} - D)^{T} X (t - τ (t)) \end{matrix}

(25)

Equation (25) can be further transformed into

\frac{d}{dt} V (X (t)) \leq Θ^{T} (t) [Ω_{1} + Ξ_{1}^{T} (τ_{m}^{2} Q_{1} + {(τ_{M} - τ_{m})}^{2} Q_{2} + τ_{m}^{2} G) Ξ_{1}] Θ (t)

(26)

where

\begin{matrix} Θ (t) = [\begin{matrix} X^{T} (t) & X^{T} (t - τ_{m}) & X^{T} (t - τ (t)) \end{matrix} {\begin{matrix} X^{T} (t - τ_{M}) & ℘^{T} (i_{k} h) & w^{T} (t) \end{matrix}]}^{T} \\ Ω_{1} = [\begin{matrix} φ_{11} & Q_{1} & φ_{13} & 0 & - PB Q_{0} C_{2} & P \\ * & φ_{22} & φ_{23} & D & 0 & 0 \\ * & * & φ_{33} & φ_{34} & 0 & 0 \\ * & * & * & φ_{44} & 0 & 0 \\ * & * & * & * & 0 & 0 \\ * & * & * & * & 0 & 0 \end{matrix}], \\ Ξ_{1} = [\begin{matrix} A + B Q_{c} C_{1} & 0 & B Q_{0} C_{2} & 0 & - B Q_{0} C_{2} & I \end{matrix}] \\ φ_{11} = (A + B Q_{c} C_{1})^{T} P + P (A + B Q_{c} C_{1}) + Z_{1} - Q_{1} - \frac{π^{2}}{4} G, \\ φ_{13} = PB Q_{0} C_{2} + \frac{π^{2}}{4} G, φ_{22} = Z_{2} - Z_{1} - Q_{1} - Q_{2} φ_{23} = Q_{2} - D, \\ φ_{33} = - 2 Q_{2} - \frac{π^{2}}{4} G + D + D^{T}, φ_{34} = Q_{2} - D, φ_{44} = - Z_{2} - Q_{2} \end{matrix}

Then, considering the $H_{\infty}$ performance under any nonzero uncertainty disturbance $w (t)$ , the performance index $‖ Y (t) ‖ \leq κ ‖ w (t) ‖$ can be derived

\frac{d}{dt} V (X (t)) + Y^{T} (t) Y (t) - κ w^{T} (t) w (t) \leq 0

(27)

Furthermore

\begin{matrix} \frac{d}{dt} V (X (t)) \leq Θ^{T} (t) \\ [Ω_{2} + Ξ_{1}^{T} (τ_{m}^{2} Q_{1} + {(τ_{M} - τ_{m})}^{2} Q_{2} + τ_{m}^{2} G) Ξ_{1} + Ξ_{2}^{T} Ξ_{2}] Θ (t) \end{matrix}

(28)

where

\begin{matrix} Ω_{2} = [\begin{matrix} φ_{11} & Q_{1} & φ_{13} & 0 & - PB Q_{0} C_{2} & P \\ * & φ_{22} & φ_{23} & D & 0 & 0 \\ * & * & φ_{33} & φ_{34} & 0 & 0 \\ * & * & * & φ_{44} & 0 & 0 \\ * & * & * & * & 0 & 0 \\ * & * & * & * & 0 & - κ^{2} \end{matrix}], \\ φ_{11} = (A + B Q_{c} C_{1})^{T} P + P (A + B Q_{c} C_{1}) + Z_{1} - Q_{1} - \frac{π^{2}}{4} G \\ Ξ_{2} = [\begin{matrix} C_{1} & 0 & C_{2} & 0 & - C_{2} & 0 \end{matrix}], φ_{13} = PB Q_{0} C_{2} + \frac{π^{2}}{4} G, \\ φ_{22} = Z_{2} - Z_{1} - Q_{1} - Q_{2}, φ_{23} = Q_{2} - D \\ φ_{33} = - 2 Q_{2} - \frac{π^{2}}{4} G + D + D^{T}, φ_{34} = Q_{2} - D, \\ φ_{44} = - Z_{2} - Q_{2} \end{matrix}

Obviously, when the following conditions are satisfied

Ω_{2} + Ξ_{1}^{T} (τ_{m}^{2} Q_{1} + {(τ_{M} - τ_{m})}^{2} Q_{2} + τ_{m}^{2} G) Ξ_{1} + Ξ_{2}^{T} Ξ_{2} < 0

(29)

There is a scalar $κ$ that makes $d / dtV (X (t)) < ‖ Θ (t) ‖^{2} < - κ ‖ X (t) ‖$ . That is, IOCV system (16) is asymptotically stable under $H_{\infty}$ disturbance attenuation $κ$ .

Next, consider the resilient AETM mechanism equation (14), obviously

℘^{T} (i_{k} h) Λ ℘ (i_{k} h) \leq \partial (t) y_{0}^{T} (t_{k} h) Λ y_{0} (t_{k} h) + α (i_{k} h) [η (i_{k} h) β + (1 - η (i_{k} h)) ε]

(30)

It can be deduced from equation (30)

\begin{array}{l} \frac{d}{d t} V (X (t)) \leq \frac{d}{d t} V (X (t)) + \partial (t) y_{0}^{T} (t_{k} h) Λ y_{0} (t_{k} h) \\ + α (i_{k} h) [η (i_{k} h) β + (1 - η (i_{k} h)) ε] - ℘^{T} (i_{k} h) Λ ℘ (i_{k} h) \\ \leq Θ^{T} (t) Ψ Θ (t) + α (i_{k} h) [η (i_{k} h) β + (1 - η (i_{k} h)) ε] \end{array}

(31)

where $Ψ$ can be seen in Theorem 1.

Theorem 1 shows that $Ψ < 0$ , then $Θ^{T} (t) Ψ Θ (t) \leq - ϖ V (t)$ holds, where $ϖ$ is an appropriate scalar. Based on the above description, we can obtain

\frac{d}{dt} V (X (t)) \leq - ϖ V (t) + α (i_{k} h) [η (i_{k} h) β + (1 - η (i_{k} h)) ε]

(32)

Now, equation (32) is simplified, and the left and right parts of equation (32) are multiplied by $e^{ϖ t}$ , respectively, and then the integral is carried out to obtain

\begin{matrix} V (t) \leq \frac{α (i_{k} h) η (i_{k} h) β}{ϖ} (1 - e^{- ϖ t}) + e^{ϖ t} V (0) + \frac{α (i_{k} h) (1 - η (i_{k} h)) ε}{ϖ} (1 - e^{- ϖ t}) \\ \leq \frac{α (i_{k} h) η (i_{k} h) β}{ϖ} + \frac{α (i_{k} h) (1 - η (i_{k} h)) ε}{ϖ} + V (0) \end{matrix}

(33)

Obviously

X^{T} (t) PX (t) \leq V (t) \leq \frac{α (i_{k} h) η (i_{k} h) β}{ϖ} + \frac{α (i_{k} h) (1 - η (i_{k} h)) ε}{ϖ} + V (0)

(34)

Therefore, when a cyber-attack occurs, if it is a DoS attack, there is

‖ X (t) ‖ \leq \sqrt{\frac{\frac{β}{ϖ} + V (0)}{λ_{min} (P)}}

(35)

For deception attack, there is

‖ X (t) ‖ \leq \sqrt{\frac{\frac{ε}{ϖ} + V (0)}{λ_{min} (P)}}

(36)

where $λ_{min} (P)$ is the minimum eigenvalue of the $P$ matrix.

In summary, the performance loss under the resilient AETM mechanism equation (14) can be further obtained. When DoS attack occurs, the performance loss can be expressed as

ℵ_{1} \in {L (X (t)) : ‖ L (X (t)) ‖ \leq \sqrt{\frac{β}{ϖ λ (P)}}}

(37)

Performance losses when a deception attack occurs can be expressed as

ℵ_{2} \in {L (X (t)) : ‖ L (X (t)) ‖ \leq \sqrt{\frac{ε}{ϖ λ (P)}}}

(38)

where $ℵ_{1} = \sqrt{β / ϖ λ (P)}$ and $ℵ_{2} = \sqrt{ε / ϖ λ (P)}$ .

So far, Theorem 1 proves to be completed.

Remark 6. Theorem 1 not only shows the steady-state performance index of the controller algorithm with disturbance and delay in the system but also the effect of resilient AETM equation (14) on the final convergence state of IOCV system, which takes into account the impact of cyber-attacks, is more practical than the event trigger scheme in Deng et al. (2021) and Li et al. (2021a) and Yue et al. (2017). It can be seen from equations (37) and (38) that the performance loss of IOCV system is closely related to DoS attack and deception attack, that is, the larger $β$ and $ε$ are, the greater the performance loss of IOCV system is. In addition, besides the upper bound of attack energy, the convergence index $ϖ$ also directly determines the performance loss of IOCV system. The larger $ϖ$ is, the less performance loss is. The above description also directly reflects the relationship between convergence index $ϖ$ and the robustness of the system to cyber-attacks, which is superior to the controller designed in Yue et al. (2017), and the robustness of IOCV system will increase with the increase in convergence index $ϖ$ .

Then, based on Theorem 1, Theorem 2 is given to design the safety controller and obtain the controller gain $Q_{c}$ and $Q_{0}$ .

Theorem 2. Under resilient AETM equation (14), for given scalars $0 \leq τ_{m} < τ_{M}$ , $β$ and $ε$ , if there are positive definite matrices $\bar{P} > 0$ , $\bar{G} > 0$ , ${\bar{Z}}_{i} > 0$ , ${\bar{Q}}_{i} > 0$ , $(i = 1, 2)$ and any matrix $\bar{D}$ with appropriate dimensions, the following linear matrix inequalities are established

\tilde{Ψ} = [\begin{matrix} {\tilde{Ψ}}_{11} & {\tilde{Ψ}}_{12} \\ * & {\tilde{Ψ}}_{22} \end{matrix}] < 0, [\begin{matrix} {\tilde{Q}}_{2} & \tilde{D} \\ * & {\tilde{Q}}_{2} \end{matrix}] > 0

(39)

where

\begin{matrix} {\tilde{Ψ}}_{11} = [\begin{matrix} {\tilde{φ}}_{11} & {\tilde{Q}}_{1} & {\tilde{φ}}_{13} & 0 & - B Y_{0} C_{2} & P \\ * & {\tilde{φ}}_{22} & {\tilde{φ}}_{23} & \tilde{D} & 0 & 0 \\ * & * & {\tilde{φ}}_{33} & {\tilde{φ}}_{34} & ‖ \partial (i_{k} h) ‖ \tilde{Λ} & 0 \\ * & * & * & {\tilde{φ}}_{44} & 0 & 0 \\ * & * & * & * & - \tilde{Λ} + ‖ \partial (i_{k} h) ‖ \tilde{Λ} & 0 \\ * & * & * & * & * & - κ^{2} I \end{matrix}], \\ {\tilde{Ψ}}_{12} = [\begin{matrix} τ_{m} {\tilde{W}}^{T} & (τ_{M} - τ_{m}) {\tilde{W}}^{T} & τ_{M} {\tilde{W}}^{T} & C_{1}^{T} \\ 0 & 0 & 0 & 0 \\ τ_{m} {\tilde{O}}^{T} & (τ_{M} - τ_{m}) {\tilde{O}}^{T} & τ_{M} {\tilde{O}}^{T} & C_{2}^{T} \\ 0 & 0 & 0 & 0 \\ - τ_{m} {\tilde{O}}^{T} & - (τ_{M} - τ_{m}) {\tilde{O}}^{T} & - τ_{M} {\tilde{O}}^{T} & - C_{2}^{T} \\ τ_{m} & (τ_{M} - τ_{m}) & τ_{M} & 0 \end{matrix}] \\ \tilde{W} = A + B Q_{c} C_{1}, \tilde{O} = B Y_{0} C_{2}, \\ {\tilde{Ψ}}_{22} = diag [\begin{matrix} {\tilde{Q}}_{1} - 2 X & {\tilde{Q}}_{2} - 2 X & \tilde{G} - 2 X & - I \end{matrix}] \\ {\tilde{φ}}_{11} = X (A + B Q_{c} C_{1})^{T} + (A + B Q_{c} C_{1}) X + {\tilde{Z}}_{1} - {\tilde{Q}}_{1} - \frac{π^{2}}{4} \tilde{G}, \\ {\tilde{φ}}_{13} = B Y_{0} C_{2} + \frac{π^{2}}{4} \tilde{G}, {\tilde{φ}}_{22} = {\tilde{Z}}_{2} - {\tilde{Z}}_{1} - {\tilde{Q}}_{1} - {\tilde{Q}}_{2} \\ {\tilde{φ}}_{23} = {\tilde{Q}}_{2} - \tilde{D}, {\tilde{φ}}_{33} = - 2 {\tilde{Q}}_{2} - \frac{π^{2}}{4} \tilde{G} + \tilde{D} + {\tilde{D}}^{T}, {\tilde{φ}}_{34} = {\tilde{Q}}_{2} - \tilde{D}, \\ {\tilde{φ}}_{44} = - {\tilde{Z}}_{2} - {\tilde{Q}}_{2} \end{matrix}

the security controller based on equation (14) IOCV system (16) under cyber-attacks can be obtained through $Q_{c} = Y_{c} X^{- 1}$ , $Q_{0} = Y_{0} X^{- 1}$ , and there are:

(2) When the IOCV system is subjected to cyber-attacks, the IOCV system (16) is ultimately uniformly bounded under the resilient AETM equation (14). When DoS attack occurs, the final uniform security state of IOCV system is $‖ X (t) ‖ \leq \sqrt{V (0) + (β / ϖ) / λ (P)}$ ; when a deception attack occurs, the final consistent security state is $‖ X (t) ‖ \leq \sqrt{V (0) + (ε / ϖ) / λ (P)}$ . The maximum performance loss caused by DoS attack on IOCV system is $ℵ_{1} = {‖ L (X (t)) ‖ \leq \sqrt{β / ϖ λ (P)}}$ ; the maximum performance loss caused by deception attack on IOCV system is $ℵ_{2} = {‖ L (X (t)) ‖ \leq \sqrt{ε / ϖ λ (P)}}$ .

Proof. In order to simplify the analysis, the following definitions are given first: $X = P^{- 1}$ , $\tilde{Λ} = X Λ X$ , $\tilde{D} = XDX$ , ${\tilde{Q}}_{i} = X Q_{i} X$ , ${\tilde{Z}}_{i} = X Z_{i} X$ , and $(i = 1, 2)$ . Then, by multiplying $[\begin{matrix} Ψ_{11} & Ψ_{12} \\ * & Ψ_{22} \end{matrix}]$ left by $diag [\begin{matrix} X & X \end{matrix}]$ and right by $diag [\begin{matrix} X & X & X & X & X & I & X & X & X & I \end{matrix}]$ in Theorem 1 and considering $- S U^{- 1} S \leq U - 2 S$ , Theorem 2 can be obtained, and then the expression of the safety controller can be obtained. Proof completed.

String stability analysis

String stability, that is, the transient spacing error will not increase with the increase in the number of IOCV system vehicles. In this part, based on the controller equation (11) and resilient AETM equation (14), the string stability problem is studied.

When the ith vehicle is under the control of the controller equation (11), from equation (1), the following equation about its spacing error can be obtained

\overset{\dots}{δ_{i}} (t) = {\overset{\cdot}{a}}_{i - 1} (t) - {\overset{\cdot}{a}}_{i} (t)

(40)

Substitute equation (9) into equation (8) to obtain

{\overset{\cdot}{a}}_{i} (t) = - \frac{1}{ς_{i}} a_{i} (t) + \frac{1}{ς_{i}} q_{i} y_{i} (t)

(41)

In conjunction with equation (41), the equation for spacing error can be expressed as

\begin{matrix} ς_{i} \overset{\dots}{δ_{i}} (t) = - {\overset{\cdot\cdot}{δ}}_{i} (t) + q_{p} δ_{i - 1} (t) + q_{v} {\overset{\cdot}{δ}}_{i - 1} (t) + q_{a} {\overset{\cdot\cdot}{δ}}_{i - 1} (t) - q_{p} δ_{i} (t) \\ - q_{v} {\overset{\cdot}{δ}}_{i} (t) - q_{a} {\overset{\cdot\cdot}{δ}}_{i} (t) - q_{v} {\overset{\cdot}{δ}}_{i} (t - τ (t)) - q_{al} {\overset{\cdot\cdot}{δ}}_{i} (t - τ (t)) \end{matrix}

(42)

The Laplace transformation of equation (42) formula can be obtained

G (s) = \frac{δ_{i} (s)}{δ_{i - 1} (s)} = \frac{q_{p} + q_{v} s + q_{a} s^{2}}{q_{p} + q_{v} s + (1 + q_{a}) s^{2} + ς_{i} s^{3} + (q_{vl} s + q_{al} s^{2}) e^{- τ s}}

(43)

Based on the transfer function equation (43), the following theorems about string stability are obtained.

Theorem 3. For any disturbance $w > 0$ of IOCV error system (43), $| δ_{i} (jw) / δ_{i - 1} (jw) | \leq 1$ holds if the following conditions are satisfied

\begin{matrix} {\begin{matrix} (a) q_{v} q_{al} - (q_{vl} - q_{a} q_{vl}) \leq 0 \\ (b) q_{v} q_{vl} - q_{p} q_{al} \leq 0 \\ (c) (q_{al} + q_{a} q_{al}) - ς_{i} q_{vl} = 0 \\ (d) q_{vl}^{2} - 2 q_{p} + 2 (q_{v} q_{vl} - q_{p} q_{al}) \geq 0 \\ (e) 1 + 2 q_{a} - 2 ς_{i} q_{v} + 2 τ (q_{v} q_{al} - (q_{vl} - q_{a} q_{vl})) \geq 0 \end{matrix} \end{matrix}

(44)

Proof. First, $| δ_{i} (jw) / δ_{i - 1} (jw) |$ can be formed as

G (jw) = | \frac{δ_{i} (jw)}{δ_{i - 1} (jw)} | = \sqrt{\frac{a}{a + b}}

(45)

where

\begin{matrix} a = (q_{p} - q_{a} w^{2})^{2} + q_{v} w^{2} \\ b = [2 q_{p} q_{vl} \sin (τ w)] w + 2 (q_{v} q_{al} - q_{vl} - q_{a} q_{vl}) \sin (τ w) w^{3} + ς_{i}^{2} w^{6} \\ + [q_{vl}^{2} - 2 q_{p} + 2 (q_{v} q_{vl} - q_{p} q_{al}) \cos (τ w)] w^{2} - 2 ς_{i} q_{al} \sin (τ w) w^{5} \\ + [1 + q_{al}^{2} + 2 q_{a} - 2 ς_{i} q_{v} + 2 (q_{al} - q_{a} q_{al} - ς_{i} q_{vl}) \cos (τ w)] w^{4} \end{matrix}

Because $a > 0$ , if $b \geq 0$ , then $| δ_{i} (jw) / δ_{i - 1} (jw) | \leq 1$ is established, then the IOCV system is string stable. Considering equation (44a) and $\sin (τ w) \leq τ w \leq 1$ , for $w > 0$ , there is

\begin{matrix} b \geq [1 + q_{al}^{2} + 2 q_{a} - 2 ς_{i} q_{v} + 2 τ (q_{v} q_{al} + q_{a} q_{vl} - q_{vl})] w^{4} \\ + (2 q_{p} q_{vl} \sin (τ w)) w - 2 ς_{i} q_{al} \sin (τ w) w^{5} + ς_{i}^{2} w^{6} \\ + [q_{vl}^{2} - 2 q_{p} + 2 (q_{v} q_{vl} - q_{p} q_{al}) \cos (τ w)] w^{2} \end{matrix}

Considering equations (44b) and (44c) and $\cos (τ w) \leq 1$ , there is

\begin{matrix} b \geq (2 q_{p} q_{vl} \sin (τ w)) w + ς_{i}^{2} w^{6} \\ + [1 + q_{al}^{2} + 2 q_{a} - 2 ς_{i} q_{v} + 2 τ (q_{v} q_{al} + q_{a} q_{vl} - q_{vl})] w^{4} \\ + [q_{vl}^{2} - 2 q_{p} + 2 (q_{v} q_{vl} - q_{p} q_{al}) \cos (τ w)] w^{2} \end{matrix}

Therefore, if equations (44d) and (44e) are established, then there is $b \geq 0$ , certificated.

Remark 7. In this paper, the proposed controller is divided into two parts: the physical layer controller $U_{c} (t)$ and the network layer controller $U_{o} (t)$ , the received information can be analyzed and utilized more accurately by processing separately, which is completely superior to the general information controller (Yue et al., 2017). In addition, different from other researches (Guo and Yue, 2011; Liu et al., 2021; Zou and Li, 2019), this paper fully considers the control effect of the network layer under various types of external attacks and designs a new resilient adaptive event trigger mechanism, which can weaken the influence of external attacks on the controller. In Theorems 1 and 2, based on the Lyapunov theory, the ultimate uniform boundedness of the system is proved, and the stable controller parameters are obtained. In Theorem 3, the string stability of the IOCV system is also ensured.

Simulations

Simulation scene and simulation parameters

In this section, the designed controller is applied to the IOCV system composed of five vehicles to verify its effectiveness in suppressing attacks under various driving conditions. The virtual simulation experiments are established in MATLAB.

The minimum safe distance between two adjacent vehicles is set as $δ_{d} = 1 m$ . The other vehicle parameters are shown in Table 1.

Table 1.

The parameters of vehicle.

Name of relevant parameters	Parameter value	Unit
Specific mass of the air	$σ = 1$	$kg / m^{3}$
Cross-sectional area	$A_{i} = 2.2$	$m^{2}$
Mechanical drag	$d_{mi} = 5$	$N$
mass	$m_{i} = 1464$	$kg$
Drag coefficient	$C_{di} = 0.35$	−
Engine time constant	$ς_{i} = 0.25$	−
Length of vehicle	$l_{i} = 2$	$m$

Substituting these parameters into dynamic equations (4)–(6) yields

{\overset{\cdot}{a}}_{i} = - \frac{1}{ς_{i}} ({\overset{\cdot}{v}}_{i} + \frac{0.49}{1464} v_{i}^{2} + \frac{5}{1464}) - \frac{0.92 {\overset{\cdot}{v}}_{i} v_{i}}{1464} + \frac{c_{i}}{1464 ς_{i}}

(46)

The linearization controller in equation (7) is given as

c_{i} = \frac{1464 u_{i} + 0.49 v_{i}^{2}}{2 + 5 + 0.92 {\overset{\cdot}{v}}_{i} v_{i} ς_{i}}

(47)

Select the following parameters to simulate a vehicle equipped with intelligent sensors

A_{1 i} = [\begin{matrix} 0 & 1 & 0 \\ 0 & 0 & 1 \\ 0 & 0 & - 4 \end{matrix}], B_{1 i} = [\begin{matrix} 0 \\ 0 \\ 4 \end{matrix}]

The starting positions of five connected vehicles are set to 50, 43, 36, 29, and 22 m, respectively. The sampling period $h = 0.01 seconds$ is set. According to the controller design method in Theorem 2, the network layer controller matrix of each connected vehicle is $q_{0 i} = [\begin{matrix} 0 & 0 & 0 & 0.02 & - 0.05 \end{matrix}]$ , the physical layer controller gain matrix is $q_{ci} = [\begin{matrix} 3 & 15 & 4.3 & 0 & 0 \end{matrix}]$ , and the trigger matrix is

Λ = [\begin{matrix} 35 & 0 \\ 12.1 & 66.3 \end{matrix}]

Let the resilient region boundary (maximum allowable error) caused by DoS attack be the maximum acceleration given by IOCV system simulation, namely, $β = 2$ . The resilient region boundary (maximum allowable error) caused by deception attack is defined as $ε = 0.6$ . In order to verify that the designed resilient AETM mechanism equation (14) and security controller equation (11) can effectively control the IOCV system when cyber-attacks occur, DoS attacks and deception attacks are set to random occurrence, and the duration of attacks is not fixed. The attack effect is shown in Figure 2.

Figure 2.

Cyber-attacks’ effect diagram.

In order to verify the effectiveness of the proposed scheme, simulation verification will be carried out in two scenarios, which are described as follows:

Scenario 1: normal acceleration and deceleration of the leader, from 0 to 14 m/s, then deceleration to 2 m/s after uniform speed.

Scenario 2: the acceleration of the leader changes in a short time, resulting in frequent acceleration and deceleration of the vehicle.

Simulation results and analysis

By adopting the resilient AETM mechanism equation (14), IOCV system can reduce the transmission of unnecessary information, thereby reducing the pressure on network bandwidth. Take the fifth car, for example, the trigger state is shown in Figure 3.

Figure 3.

Triggering state of the fifth vehicle under resilient AETM: (a) scenario 1 and (b) scenario 2.

Scenario 1

As shown in Figure 4, the maximum spacing error of all vehicles in IOCV system under the control of the proposed controller is 0.46 m, and the spacing error becomes zero in about 40 seconds. The maximum spacing error of IOCV system under the control of the controller proposed in Yue et al. (2017) is 0.48 m. When the IOCV system is subjected to cyber-attacks, the spacing error has always been jittering, and the system becomes extremely unstable. As can be seen from Figures 5 and 6, the IOCV system under the control of the proposed controller realizes accurate tracking of speed and acceleration of all following vehicles in about 30 seconds. However, the speed and acceleration tracking of IOCV system under the control of the controller proposed in Yue et al. (2017) has always been jittering, and the acceleration jitter will bring passengers uncomfortable ride experience, which is not allowed in practical engineering applications. In summary, the controller performance designed in this paper is better than that designed in Yue et al. (2017).

Figure 4.

The response curves of spacing error: (a) the controller control proposed in this paper and (b) controller control proposed in Yue et al. (2017).

Figure 5.

The response curves of velocity: (a) the controller control proposed in this paper and (b) controller control proposed in Yue et al. (2017).

Figure 6.

The response curves of acceleration: (a) the controller control proposed in this paper and (b) controller control proposed in Yue et al. (2017).

Scenario 2

As shown in Figure 7, the IOCV system is string stable under the control of both controllers. The maximum spacing error of all vehicles in the IOCV system under the control of the controller proposed in this paper is 0.57 m, which is less than 0.81 m of the maximum spacing error of the IOCV system under the control of the controller in Yue et al. (2017), and the spacing error of the IOCV system under the control of the controller in Yue et al. (2017) has been in a jitter state. It can be seen from Figures 8 and 9 that even in this complex scenario, the controller proposed in this paper can quickly and accurately track the velocity and acceleration. In Yue et al. (2017), the speed and acceleration under the control of the controller do not achieve accurate tracking; in addition, the acceleration also exists jitter phenomenon, which is not allowed in practical engineering. In summary, the controller performance designed in this paper is better than that designed in Yue et al. (2017).

Figure 7.

The response curves of spacing error: (a) the controller control proposed in this paper and (b) controller control proposed in Yue et al. (2017).

Figure 8.

The response curves of velocity: (a) the controller control proposed in this paper and (b) controller control proposed in Yue et al. (2017).

Figure 9.

The response curves of acceleration: (a) the controller control proposed in this paper and (b) controller control proposed in Yue et al. (2017).

Conclusion

This paper considers cyber-attacks including DoS attacks and deception attacks and describes the maximum performance loss of IOCV system caused by DoS attacks and deception attacks through the designed resilient AETM trigger strategy. A safety controller based on resilient AETM is proposed. The security of IOCV system is analyzed using the Lyapunov theory. Finally, the effectiveness of the proposed control scheme is verified by numerical simulation.

Footnotes

Declaration of conflicting interests

The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding

The author(s) disclosed receipt of the following financial support for the research, authorship, and/or publication of this article: This work was funded in part by the Dalian High-Level Talent Innovation Support Program, grant/award no. 2020RQ060; the Dalian Science and Technology Innovation Fund, grant/award no. 2019J12GX040, and Fundamental Research Funds for the Central Universities, grant/award no. 3132019355.

ORCID iD

Wei Yue

References

Biroon

Biron

Pisu

(2022) False data injection attack in a platoon of CACC: Real-time detection and isolation with a PDE approach. IEEE Transactions on Intelligent Transportation Systems 23(7): 8692–8703.

Debruhl

Weerakkody

Sinopoli

, et al. (2015) Is your commute driving you crazy? A study of misbehavior in vehicular platoons. In: The 8th ACM conference on security & privacy in wireless and mobile networks, New York, 22–26 June.

Deng

Che

(2021) A dynamic periodic event-triggered approach to consensus of heterogeneous linear multiagent systems with time-varying communication delays. IEEE Transactions on Cybernetics 51(4): 1812–1821.

Dong

Wang

, et al. (2020) Impact evaluation of cyber-attacks on traffic flow of connected and automated vehicles. IEEE Access 8: 86824–86835.

Feng

Zhang

, et al. (2019) String stability for vehicular platoon control: Definitions and analysis methods. Annual Reviews in Control 47: 81–97.

Han

Wang

, et al. (2021) Dynamic event-triggered vehicle platooning control: Trade-off between communication efficiency and platoon performance. In: 2021 40th Chinese control conference (CCC), Shanghai, China, 26–28 July 2021, pp. 4883–4888. New York: IEEE.

Guo

Yue

(2011) Hierarchical platoon control with heterogeneous information feedback. IET Control Theory and Applications 5(15): 1766–1781.

Guo

Wang

Liao

, et al. (2018) CNN-based distributed adaptive control for vehicle-following platoon with input saturation. IEEE Transactions on Intelligent Transportation Systems 19(10): 3121–3132.

Huang

Ren

(1998) Longitudinal control with time delay in platooning. IEE Proceedings-Control Theory and Applications 145(2): 211–217.

10.

Kayacan

(2017) Multi-objective H∞ control for string stability of cooperative adaptive cruise control systems. IEEE Transactions on Intelligent Vehicles 2(1): 52–61.

11.

Chen

, et al. (2021a) Event-triggered vehicle platoon control under random communication noises. IEEE Access 9: 51722–51733.

12.

Xie

Wong

, et al. (2021b) Adaptive-event-trigger-based fuzzy nonlinear lateral dynamic control for autonomous electric vehicles under insecure communication networks. IEEE Transactions on Industrial Electronics 68(3): 2447–2459.

13.

Lin

Nguyen

HLT

(2020) Adaptive neuro-fuzzy predictor-based control for cooperative adaptive cruise control system. IEEE Transactions on Intelligent Transportation Systems 21(3): 1054–1063.

14.

Liu

Yin

Yue

, et al. (2021) Event-based secure leader-following consensus control for multiagent systems with multiple cyber attacks. IEEE Transactions on Cybernetics 51(1): 162–173.

15.

Liu

Alleyne

(2014) Iterative learning identification applied to automated off-highway vehicle. IEEE Transactions on Control Systems Technology 22(1): 331–337.

16.

Michaud

Lepage

Frenette

, et al. (2006) Coordinated maneuvering of automated vehicles in platoons. IEEE Transactions on Intelligent Transportation Systems 7(4): 437–447.

17.

Moharm

(2019) State of the art in big data applications in microgrid: A review. Advanced Engineering Informatics 42; 100945.

18.

Mousavinejad

Yang

Han

, et al. (2020) Distributed cyber attacks detection and recovery mechanism for vehicle platooning. IEEE Transactions on Intelligent Transportation Systems 21(9): 3821–3834.

19.

Nilsson

Laine

Jacobson

(2017) A simulator study comparing characteristics of manual and automated driving during lane changes of long combination vehicles. IEEE Transactions on Intelligent Transportation Systems 18(9): 2514–2524.

20.

Noormohammadpour

Raghavendra

(2018) Datacenter traffic control: Understanding techniques and tradeoffs. IEEE Communications Surveys & Tutorials 20(2): 1492–1525.

21.

Sawant

Chaskar

Ginoya

(2021) Robust control of cooperative adaptive cruise control in the absence of information about preceding vehicle acceleration. IEEE Transactions on Intelligent Transportation Systems 22(9): 5589–5598.

22.

Sheikholeslam

Desoer

(1993) Longitudinal control of a platoon of vehicles with no communication of lead vehicle information: A system level study. IEEE Transactions on Vehicular Technology 42(4): 546–554.

23.

Stankovic

Stanojevic

Siljak

(1997) Decentralized suboptimal LQ control of a platoon of vehicles. IFAC Proceedings Volumes 30(8): 83–88.

24.

Sun

(2021) Consensus-based connected vehicles platoon control via impulsive control method. Physica A-statistical Mechanics and Its Applications 580; 126190.

25.

Xiao

Han

, et al. (2022) Secure distributed adaptive platooning control of automated vehicles over vehicular Ad-Hoc networks under denial-of-service attacks. IEEE Transactions on Cybernetics 52(11): 12003–12015.

26.

Yue

Guo

(2012) Guaranteed cost adaptive control of nonlinear platoons with actuator delay. Journal of Dynamic Systems Measurement and Control-transactions of the ASME 134(5): 051012.

27.

Yue

Wang

Guo

(2017) Event-triggered platoon control of vehicles with time-varying delay and probabilistic faults. Mechanical Systems and Signal Processing 87(3): 96–117.

28.

Zhang

Liu

Wang

, et al. (2021a) Distributed adaptive event-triggered control and stability analysis for vehicular platoon. IEEE Transactions on Intelligent Transportation Systems 22(3): 1627–1638.

29.

Zhang

, et al. (2021b) Adaptive resilient event-triggered control design of autonomous vehicles with an iterative single critic learning framework. IEEE Transactions on Neural Networks and Learning Systems 32(12): 5502–5511.

30.

Zhao

Liu

Wong

, et al. (2020) Distributed resilient platoon control of vehicular cyber physical systems subject to DoS attacks. In: 39th Chinese control conference (CCC), Shenyang, China, 27–29 July, pp. 5590–5595. New York: IEEE.

31.

Zou

(2019) Event-driven connected vehicular platoon control with mixed time-varying delay. IEEE Access 7: 111477–111486.