key: cord-0597401-b3u52un2
authors: Zheng, Yu; Anubi, Olugbenga Moses
title: Attack-resilient observer pruning for path-tracking control of Wheeled Mobile Robot
date: 2020-09-07
journal: nan
DOI: nan
sha: 2e5e5ee610fcd323e868f9cf18160d6b4350458e
doc_id: 597401
cord_uid: b3u52un2

Path-tracking control of wheeled mobile robot (WMR) has gained a lot of research attention, primarily because of its wide applicability -- for example intelligent wheelchairs, exploration-assistant remote WMR. Recent increase in remote and autonomous operationsrequirements for WMR has led to more and more use of IoT devices within the control loop. Consequently, providing interfaces for malicious interactions through false data injection attacks (FDIA). Moreover, optimization-based FDIAs have been shown to cause catastrophic consequences in feedback control systems while by-passing any residual-based monitoring system. Since these attacks target system measurement process, this paper focuses on the problem of improving the resiliency of dynamical observers against FDIA. Specifically, we propose an attack-resilient pruning algorithm which attempts to exclude compromised channels from being processed by the observer. The proposed pruning algorithm improves attack-localization precision to $100%$ with high probability, which correspondingly improves the resiliency of the underlying UKF to FDIA. The improvements due to the developed resilient pruning-based observer is validated through a numerical simulation of a two-layer path-tracking control platform of differential-driven wheeled mobile robot (DDWMR) under FDIA.

Nonholonomic wheeled mobile robots (WMRs) have attracted much attention in the past two decades due to its great mobility and the broad range of applications [1] . Quite a lot of researchers have developed path-tracking controllers for wheeled mobile robots considering nonlinearities [2, 3, 4] , robustness against model uncertainties [5, 6] , robustness against noise [7, 8] . The control strategies depend on the measurements of the robots' velocities and/or location coordinates. However, due to the increasing dependence on IoT devices and wireless communica-tion, the resulting tight coupling of computation, communication and physical components enables malicious agents to inject attacks via the sensors and actuators [9] . Consequently, controller would make decision based on attacked measurements or the vehicle would receive malicious control signals. One type of attacks, false data injection attacks (FDIAs), has been shown to be capable of fooling bad data detection (BDD) scheme to compromise the integrity of the state estimator, even with very sparse measurements corruption. This results in false operations of the whole system without any alarm [10, 11] . Therefore, it is necessary to develop an attack-resilient observer-based control scheme to mitigate the effect of those attacks.

Many authors [9, 12, 13] have proposed an 0 -based resilient state estimators with different modifications or under different scenarios. These estimators have been validated using cruise control of autonomous ground vehicle, electrical power systems, industrial control systems. However, with the exception of [13] , none of the estimators were validated against large percentage FDIA. Also, in [14] , a robot intrusion detection system (RIDS) is designed by leveraging physical dynamics of mobile robots. However, the detection engine is a residual-based Chi-square scheme, which is known to be vulnerable to coordinated FDIAs considered in this paper.

Inspired by recent developments in estimation and compressive sensing, we propose a pruning algorithm to mitigate the effect of FDIA on UKF. Consider a linear measurement model under attack:

where, H ∈ R m×n is the linear measurement operator, x ∈ R n is the state vector, y ∈ R m is the attacked measurement corrupted by a sparse attack vector e ∈ R m . Consequently, attack-resilient estimation is often formulated as a classical error correction problem [12, 15, 13, 9] :

Minimize : e 0 Subject to: y = Fe, where F ∈ R n×m is a coding matrix with n m and FH = 0. It is known [16, 17] that if the number of attacked nodes is small enough, exact state estimation can be guaranteed by solving the above problem. However, it is shown [18] that exact recovery is unattainable by solving the problem above if more than 50% of the sensor nodes are attacked. Moreover, the 0 optimization problem above is NP-hard and is often relaxed by solving a convex problem if coding matrix satisfies Restricted Isometry Property (RIP) [16, 19] .

Suppose there is an oracle which gives the exact supp(e) a priori, then the resilient state estimation problem becomes trivial since any decent regression algorithm will be able to recover the states exactly from the non-attacked set. The challenge, however, is that no such oracle exists. Although, there is a host of localization algorithms [20] designed to serve this purpose, they are always not exact with significant false positive and false negative rates. This observation is the central motivation for developing the pruning algorithm. Therefore, the pruning problem to increase the signal-to-attack-ratio of the measurement system using any pre-designed inexact attack localization scheme (subsequently referred to as the oracle). Then the existing least-square based robust estimation algorithms can be implemented for the pruned measurements sets to create a resilient estimator. This process requires a certain amount of redundancy in the measurement system. Otherwise, the estimation problem will be rendered under-determined by the pruning process. Quantifying the required redundancy level for a given oracle is beyond the scope of this present work and will be addressed in future work.

Although, there is a lot of work in the literature on resilient Kalman filtering, typical least-square based robust estimator, mitigating sensors failures, distortion, delay, strong noise interference and more reasons for corrupt signals [21, 22, 23] . However, the specific characteristics of attack, unbounded but sparse, make those resilient filters be hard to perform attack-resiliently. To the best of the authors' knowledge, this paper represents one of the earliest approach to prune measurement channels in realtime in order to improve the resiliency of an underlying observer against FDIA.

The rest of paper is organized as follows. In Section 2, a two-layer controller is designed, with UKF, to track a reference trajectory with noisy measurement system. In Section 3, an optimization-based FDIA algorithm designed to bypass the monitor is also implemented. In Section 4, the channel pruning algorithm is developed and combined with traditional UKF to create a resilient observer. In Section 5, simulation results are presented to validate the proposed pruning-based resilient observer. In Section 6, concluding remarks and future directions are given.

In this section, we present a basic two-layer observer-based path tracking controller for a differential-driven wheeled mobile robot (DDWMR). This will be the platform where subsequent pruning algorithm and FDIA are implemented. Figure. 1 shows the schematic of the DDWMR considered in this paper.

The dynamic and kinematic models of DDWMR are given 

where, q = [v ω] is the generalized body velocities vector, u τ = [τ R τ L ] is a vector of the wheels torques, and z = [x y] is the task-space position vector, x = [θ v ω] is defined as a state vector, w ∼ N (0, R) is the process noise in dynamics.

The kinematic and dynamical parameters are given by:

, where z d (t) ∈ R 2 is the corresponding planar Cartesian coordinates of the desired trajectory. We assume that z d (t) is continuously differentiable with bounded derivatives, and that all its derivative up to the 2nd order are known. Next, consider the tracking error given by

Then, the control law is then designed as:

where,

and k q , k e are positive scalar control gains.

Consider the control law given in (3), if control gains k q > 0 and k e > 0, then the tracking errors in (2) converges to zero asymptotically. Moreover, the generalized velocities tracking error q = q − q d converges to zero asymptotically withż d = C(θ)q d satisfied in the limit.

Proof. Consider the candidate Lyapunov function:

taking the first time derivative and substituting (1), (2), (3) yieldṡ

This implies thatV is negative semi-definite, and since V is positive, it follows that V ∈ L ∞ . From (4), it follows that q, e ∈ L ∞ , which also implies that e θ ∈ L ∞ .

Integrating (5) yields

∈ L ∞ , which implies that e and q are uniformly continuous. Thus, by Barbalat's Lemma [25] , it follows that

An attacker can inject false data computed based on a partial or complete knowledge of system model, in order to covertly and accurately change the physical behavior of the plant [26] . This section gives the notion of a monitor used in this paper. Based on the monitor, we give a design of FDIA algorithm while assuming an attacker has complete knowledge of system.

For the DDWMR described in previous section, we consider a redundant measurement system of the form:

consisting of both linear and nonlinear components, where x = [θ v ω] is defined as a state vector, and v denotes measurement noises.

Based on the closed-loop system in Figure. 2, a monitor scheme is any mapping of the form:

where, Y T =∈ R m×T ,U T ∈ R l×T are historical measurements and controlled inputs for T horizon respectively, Ψ 1 = {0(sa f e), 1(unsa f e)} is the first output argument indicating whether or not the data contains attacks, Ψ 2 = 2 {1,2,··· ,m} is the second output argument indicating the support of attacks' location.

The monitor outputs Ψ 1 = {0} for any measurement vector history Y T = [y k , y k−1 , · · · , y k−T +1 ] and corresponding control history

where ε w and ε v are any real numbers related to process noise and measurement noise. Otherwise, the monitor outputs Ψ 1 = {1} and the support of the sparsest attack vector history E T = {e k , e k−1 , · · · , e k−T +1 } such that

After linearizing (6) about the operating point x 0 = [θ 0 v 0 ω 0 ] , we discretize it using Euler's approximation with a sampling time T s , and iterate forward T f samples, one obtains:

where, Y f = y k y k+1 · · · y k+T f , 

where, U 1 ∈ R m×n , U 2 ∈ R m×(m−n) , ∑ 1 = diag(σ 1 , σ 2 , · · · , σ n ), and V ∈ R n×n , it is obvious that, the FDIA would pass the monitor if the attack vector e is defined such that the attack measurement y a is in the range space of the observation matrix H (= Range(U 1 ) ). Consequently, the FDIA is generated by solving the optimization problem:

for a given support T of attack locations under upper bound of percentage of attack injection, and α is a threshold value related to observation matrix H and monitor's threshold ε v .

Data-driven attack localization algorithms [27, 28] are effective ways of achieving resiliency under FDIA. However, it is challenging to correctly locate all attacked nodes due to the fundamental inexactness associated with data-driven algorithms. In this section, we propose a pruning algorithm to improve the accuracy of localization algorithms. The underlying philosophy is that if the measurement set is sufficiently redundant, a subset with reduced attacked percentage can be obtained by systematically pruning the measurement set. If the attack percentage is reduced to 0, the pruned measurement set is then used with UKF to produce an improved resilient state estimation under FDIA.

Let the unknown actual support of safe measurements be T c = supp(1 − e) with an indicator vector q given, elementwise, as:

Suppose the localization oracle gives an estimated supportT c withq. Then, the disagreement between the oracle and the actual support can be modeled as:

where ε i depicts the agreement between the estimated and actual support as follows:

It is assumed that ε i ∼ B(1, p i ), where p i is given by the true positive rate from the oracle ROC statistics. Moreover, one can see that ∑ m i=1 ε i is Poisson-Binomially distributed with probability mass function given by:

where [29] , r =

Thus, given a reliability level η ∈ (0, 1), we define the maximum integer l η ≤ m for which oracle will correctly localize at least l η nodes with a probability of at least η:

Next, we retain the oracle output for the first l η most trusted nodes. Let s ∈ [0, 1] m be a vector of confidence values for the oracle output for each node, then a robust support can be estimated as:

Remark 1. (13) and (14) constitute a pruning scheme for which the resultingT c η excludes all attacked channel with a probability larger than η,

Following the pruning operation, the safe measurement model used for a UKF is:

Following standard unscented transformation [30] , we use 2n + 1 sigma points to approximate the n-dimensional normally distributed state x with assumed meanx and covariance P x as follows:

The corresponding weights for the sigma points are then given by:

where, λ = α 2 (n + κ) − n represents how far the sigma points are away from the state, κ ≥ 0, α ∈ (0, 1], and β = 2 is the optimal choice for Gaussian distribution. Assume x k−1 ∼ N (x k−1 , P x,k−1 ), sigma points update through time in sequence with the pruning measurement model in (15) . Moreover, according to the corresponding weight, we can predict the new time step state and calculate the new error covariances between the sigma points and the predicted state as follow:

Next, the measurements and Kalman gains updates are given by:ŷ

where, Q and R are the measurement and process noise covariance matrices respectively.

In order to numerically verify that the robust support generated by (14) can achieve 100% localization with a probability of at least η, we implemented the pruning localization algorithm in a numerical simulation with time-varying FDIAs. The results Figure. 3 shows that the algorithm achieves 100% localization even for reliability setting η = 0.5! When the reliability is set to just 0.1, this algorithm misses only two attacked measurement nodes. 

In this section, numerical simulation is carried out for DDWMR using three observer strategies under FDIA and the resulting path tracking performance and estimated inner states are compared. The observers compared are: (1) Only UKF, (2) UKF combine directly with the oracle and (3) the proposed pruning-based UKF. For the path-tracking control system, the control gains are set as k 1 = k 2 = 10. The nominal performance of the control system with UKF in an attack-free setting is shown in Figure 4 . It is seen that the control system, together with UKF, performs well when measurement contains no attack. Next, a FDIA is implemented and the generated attack vector is added to the system measurements. The oracle is simulated based on the uncertainty model in (10) with defined true positive rate r p = 0.6 and confidence for each node localization s = 0.5. Localization results were then generated to match the specified ROC statistics. The pruning algorithm is implemented with η = 0.8. The codes for simulation can be found in https://github.com/ZYblend/ Resilient-Pruning-Observer-against-False-Data-Injection-Attacks. Figures 5, 6 and 7 show the comparison of the performance of three observer strategies under FDIA: "only UKF", "UKF with machine learning" and "pruning observer. The results show that robot cannot track the trajectory under FDIA without any localization and pruning operation, and the estimated dynamic states has very large deviation from the true states. With the oracle, due to the uncertainty, the tracking path is very oscillatory although not as bad as with UKF alone. However, with the proposed observer, the robot was able to track the reference path very closely and smoothly. 

In this paper, an attack-resilient path tracking control scheme for wheeled mobile robot under an optimization-based FDIA was designed. The main contributions include: (1) Stable path-tracking control system for DDWMR, (2) Optimizationbased FDIA for DDWMR, and (3) The pruning-based observer design using UKF as the underlying observer. It was shown that the proposed pruning-based observer significantly improves the signal-to-attack ratio such that the UKF is able to resiliently estimate the state of the DDWMR even when portion of the sen- sor measurements were subject to an FDIA. Although this paper shows how promising the resiliency boosting through pruning algorithm is, the results presented only represent the initial stages of this development. Hence there are several open problems that need to be addressed. We name a few:

1. As with other resilient observers, the pruning-based resilient observer relies heavily on the inherent redundancy in the measurement system [31] . However, there is no systematic way to quantify the level of redundancy required given any oracle. With 1 -based methods, the RIP property partly provide answers to this question. What would be interesting to see is how much of a relaxation do we get on the RIP

Robust path tracking control of nonholonomic wheeled mobile robot: Experimental validation

Tracking control of a two-wheeled mobile robot using input-output linearization

Wmr control via dynamic feedback linearization: design, implementation, and experimental validation

Dynamic feedback linearization of nonholonomic wheeled mobile robots

Robust tracking and regulation control for mobile robots

Trajectorytracking and path-following of underactuated autonomous vehicles with parametric modeling uncertainty

Kalman techniques for intelligent control systems: theory and robotics experiments

Path-following control of mobile robots in presence of uncertainties

Design and implementation of attack-resilient cyberphysical systems: With a focus on attack-resilient state estimators

False data injection attacks against state estimation in wireless sensor networks

False data injection attacks in control systems

Secure estimation and control for cyber-physical systems under adversarial attacks

Resilient optimal estimation using measurement prior

Exploiting physical dynamics to detect actuator and sensor attacks in mobile robots

Robust resilient signal reconstruction under adversarial attacks

Decoding by linear programming

Stable signal recovery from incomplete and inaccurate measurements

Attack-resilient state estimation for noisy dynamical systems

The restricted isometry property and its implications for compressed sensing

Cyberattack detection, localization, and neutralization for unmanned aerial vehicles

Stochastically resilient extended kalman filtering for discrete-time nonlinear systems with sensor failures

Resilient L 2 -L ∞ filtering of polytopic systems with state delays

The optimal robust finitehorizon kalman filtering for multiple sensors with different stochastic failure rates

Dynamic modelling of differential-drive mobile robots using lagrange and newton-euler methodologies: A unified framework

Systemes dâȂŹéquations différentielles dâȂŹoscillations non linéaires

Covert attacks in cyber-physical control systems

Automated attack localization and detection

An application-driven perspective on wireless sensor network security

Closed-form expression for the poisson-binomial probability density function

New extension of the kalman filter to nonlinear systems

A framework for identifying compromised nodes in sensor networks

Modified-cs: Modifying compressive sensing for problems with partially known support

 Figure 8 . FDIAs are localized wrongly by residual-based monitor requirements by including pruning? Partial answer to this question can be found in [32] . We plan to expand on the results as it applies to this problem. 2. It would be beneficial to see some results on the potential gain by combining pruning and 1 -based methods. 3. There are indications from this paper that it is possible to combine pruning directly with the update laws of Kalman filtering algorithms. In future, we will develop a systematic way to achieve this. 4. We plan to generalize and identify the salient properties for a class of oracles that would combine well with a given underlying estimator.

Thanks to Florida State University and the Center for Advanced Power Systems for remote working support on this paper during the COVID-19 outbreak. The authors wish everyone safety in these difficult times.