Control techniques in NCS

Paper Reading: Control methodologies in networked control systems

After reading paper “Simulation of Network Attacks on SCADA system”, I was thinking maybe I could do a series of simulation to analyze the effects of network attacks on NCS. Different from previous work, I was thinking to make two situations, one with full-fledged DoS attack on routers so that the network will be essentially broken at that point and result in a loss of regulatory function of the controller, complete loss of the communication between controller and plant; the other with only attacking some factors inside plant, not the whole plant, so that the controller is not blind to any of the required sensors, but its regulation function could be still hampered by it not being able to control all the factors in the plant. This requires a deep understanding on the NCS we are using in NCSWT. This is the idea coming from control perspective. Maybe I could make some change to the NCS to output some more factors or let it have some more input values besides x, y, id we already had. This is why I read thoroughly over control technique.

Some valued points got from this paper:

In the NCS research field, regardless of the type of network used, the overall NCS performance is always affected by network delays. This network delay (time-varying, constant, periodic) still significantly affects the close-loop system. And it requires an advanced control methodology. (Before that, I was thinking with the development of network today, network speed, network bandwidth is making this delay almost ignorable. It may not be necessary to make network delay as research object since it may not have a significant effect on NCS performance. I was wrong.)

This network delay is composed of sensor-to-controller delay and controller-to-actuator delay for all the NCS, including hierarchical structure (multiple control system with one or multiple main controller).

To be noted that, for the effects of delays in the close-loop control system, it only has two main effects. One is widely known to degrade system performances of a control system, such as higher overshoot and the longer settling time when the delays are longer than expected. The other one is to destabilize the system by reducing the system stability margin. There have been several studies to derive stability criteria for an NCS in order to guarantee that the NCS can remain stable in a certain condition. However, there is no generic stability analysis that can be applied on every NCS. I guess this could still use the frequency domain analysis for checking stability when the delays are added into the system.

For the control techniques used to solve this network delay problem, you have to maintain the stability of the system first and then try to maintain the performance of the system. Two methods were caught into the eyes:

Sampling time scheduling methodology, to appropriately select a sampling period for an NCS such that network delays do not significantly affect the control system performance;

Event based methodology, instead of using time, this method uses a system motion as the reference of the system.

To be continued…

Research fields in CPS

During my survey last week, I attempt to have a comprehensive study of current research on CPS area. Reading papers from ICCPS'10, I found that CPS covers a wide area, such as foundation of CPS, the CPS's application, CPS testbed, CPS security, and CPS design, CPS resource allocation. I will focus on the CPS security survey.

A brief history about CPS could make us have a good understanding on it. NSF awarded a five-year $5 million grant to a research project titled “ Science of Integration for Cyber-Physical Systems,”. This project is a joint effort of many research centers (Vandy, ND, General Motors Research and Development Center, UCB, Memphis). Vanderbilt will lead the project. It aims to develop the theory, methods and tools to build cps, by combining seamlessly the necessary heterogeneous computational and physical components. The Notre Dame team will be using the theoretical concepts such as passivity and symmetry to address system uncertainties and the interdependence of design concerns.

Also, by looking into the paper, I found that nowadays all the CPS research has a great real-world testbed, not just simulation. Even model designed CPS research has tried to build their testbed so as to evaluate its performance.

Two papers were taken a lot of thought when I'm reading.

A Testbed for Secure and Robust SCADA Systems

Simulation of Network Attacks on SCADA Systems

both of them were written by guys from ISIS. They claim that it is good to use C2WT as testbed for evaluation of effect by network attack over SCADA. By doing this, you have to know more about control system used in C2WT, how plant and controller are related. Considering NCS we are using is from Emeka's model, I'm asking for further reading from Emeka about this NCS.

Paper Reading on: Modeling Load Redistribution Attacks in Power Systems

This paper introduces a special type of false data injection attack, called load redistribution attacks, defined by the authors themselves. It is very similar to what I did as Deception Attack in CPS. However, it is also very specific to Smart Power Grid System, to affect the outcome of the state estimation and then further mislead the operation and control functions of Energy Management System. With some assumptions, this paper come up with a unique attack type, LR, increasing load at some buses and reducing loads at other buses while maintaining the total load unchanged. In this kind of attack, only load bus injection measurements and line power flow measurements are attackable. It can mislead the state estimation process without being detected by any of the existing techniques for bad data detection. (Not quite understand about this. It cannot be detected? Really?)

And then, the author quantitatively analyzed its damage to system operation using 6 different LR attack case. By increasing the magnitude of attack, the system operation cost is increased. From the damaging effect analysis, the author differentiate two attacking goals: immediate attacking goal and delayed attacking goal. This is a good selling point for this paper. Do a damage effect analysis using a bi-level model and a KKT-based method is used to identify the most damaging attack from an attacker's perspective. It is aiming to maximize the operation cost immediately after the attacks. The upper level represents the attacker, and the lower level represents the reactor, subject to some constraints that make it as LR attack.