Membership‐function‐dependent security control for networked T‐S fuzzy‐model‐based systems against DoS attacks

Funding information National Natural Science Foundation of China, Grant/Award Numbers: 61773097, U1813214; Fundamental Research Funds for the Central Universities, Grant/Award Number: N2004027; LiaoNing Revitalization Talents Program, Grant/Award Number: XLYC1907035 Abstract This paper focuses on the observer-based resilient event-triggered security control issue for networked T-S fuzzy-model-based systems suffered from energy-limited Denial-of-Service (DoS) attacks. Firstly, a novel resilient adaptive event-triggered mechanism (AETM) is designed to deal with the packet losses problem induced by energy-limited DoS attacks. Specifically, the resilient AETM threshold is adaptively updated based on the latest available packages. Secondly, according to Lyapunov theory, membership-function-dependent stabilisation criterions are obtained to ensure the control systems are stable with H∞ performance. Besides, the mismatched premise variables between model and controller are considered, and a slack matrix with the membership functions information is introduced to relax stability conditions. Then, the relationship between allowable duration of DoS attack and resilient AETM parameter is clarified. An algorithm is also presented to derive the resilient AETM parameter and observer-based controller gains simultaneously. Finally, two examples are provided to demonstrate the effectiveness of the proposed method.


INTRODUCTION
In fact, most physical processes are non-linear and difficult to be processed by traditional theories and methods. Fortunately, the fuzzy-model-based (FMB) method can be applied to approximate non-linear systems by connecting multiple local linear systems with non-linear membership functions (MFs) [1,2]. Due to its strong modeling ability, the FMB control has been widely concerned by scholars in [3][4][5][6][7][8][9][11][12][13][14]. In [5], the fault-tolerant controller is designed for a general polynomial FMB system. Then to relax stability conditions, the membership-functiondependent (MFD) stabilisation analysis approach is investigated in [6] for T-S FMB system. For parameter uncertainty IT2 fuzzy systems, the MFD stability analysis has been considered in [7][8][9]. Besides, the finite-time ET control issue in terms of linear matrix inequalities (LMIs) method [10] has been studied in [11] for Markov jump FMB system. Then, the authors in [12] introduce a new event-based fault detection filter, whose performance is better achieved with MFs information. In addition, for unmeasurable state variables, the observer-based controller is constructed in [13] for discrete time T-S FMB control systems, while the MFs of observer depend on plant state variables.
control problem is investigated in [22] to defense DoS attacks with a known probability distribution. In a specified control range, the optimal control and attack strategy are studied in [23] by assuming the maximum number of jamming. Moreover, a general attack model is discussed in [24], which restricts the attacker's behavior by limiting the frequency and duration of DoS attacks. In [25], a maximum robust resilient controller is designed to guarantee system stability performance in the presence of DoS attacks. Besides, the authors in [26] propose a unified game approach to achieve resilient control for NCSs against DoS attacks. However, the mentioned results in [21][22][23][24][25][26] only analyse system performance under DoS attacks, the limited communication bandwidth is not considered. In practical NCSs, the shared communication network can transmit related signals to realise resource sharing, remote control, and operation [27,28]. There are also some difficulties in the transmission network, such as access constraints [29], network delay [30], packet dropout [31], and bandwidth limitation [32,33] etc. Recently, how to construct an effective communication strategy to reduce network bandwidth is getting more and more attention [32][33][34][35][36][37][38][39][40][41][42][43]. In [34][35][36], a discrete ET mechanism is designed to make the NCSs satisfy desired performance, which is solved by time-delay system method [37]. Then, an AETM is proposed in [38] to further save network resources. Although the research of ET control has made great progress in [32][33][34][35][36][37][38], network security issues are also worth considering. The authors in [39] introduce a hybrid-triggered scheme to improve communication efficiency under stochastic cyber-attacks. In [40], a periodic ET control method is investigated, which can resist DoS attacks with limited frequency and duration. Furthermore, a resilient ET control strategy is discussed in [41] to make the established switching NCSs are globally exponentially stable against periodic DoS attacks. For non-periodic DoS attacks, a distributed state estimation issue is studied in [42]. Moreover, multiple cyber attacks are considered in [43] and [44] for multiarea power systems and multi-agent systems, respectively. Then, a resilient ET mechanism is applied in [45] to tolerate a degree of packets loss against energy-limited DoS attacks. However, the ET communication threshold in [39][40][41][42][43][44][45] is a given constant, which can not take full advantage of the information transmitted by packets. Therefore, when researching cyber attacks for FMB control systems, how to change the flexibility of the ET mechanism and further improve resource efficiency is a problem worth studying.
Motivated on the above analysis, the paper investigates the observer-based resilient adaptive ET security control issue for non-linear fuzzy systems subject to energy-limited DoS attacks. Here are the main contributions.
(i) Based on DoS attack characteristics, a new resilient AETM is well designed for observer-based fuzzy systems. Unlike the existing ET mechanism in [32-36, 38, 45], the proposed resilient AETM can improve resource utilisation efficiency and further tolerate data loss caused by cyber-attacks. (ii) Compared with the recent results in [39][40][41][42][43][44][45], the random attacks are handled with a more flexible communication mechanism method. It can fully utilise the adjacent trigger . . . . . .

FIGURE 1
The description of DoS attacks information and further dynamically change the threshold parameters according to the packet loss induced by DoS attacks. (iii) A quantitative relationship among the resilient AETM parameters under attacks, AETM parameters without attacks, and the number of consecutive packet losses is presented. Furthermore, mismatched premises are considered between fuzzy model and controller, then the slack matrices and characteristics of MFs are well considered in stability analysis.
This paper is organised as follows. The definition of energylimited DoS attacks and novel resilient AETMs are displayed in Section 2. In Section 3, some basic knowledge about system is stated. Then the main results are presented for observer-based control systems in Section 4. Two examples are shown in Section 5 and the conclusions are given in Section 6.
Notation: ℝ n expresses the n-dimensional Euclidean space and the mark * means the symmetric entry. L 2 [0, ∞) stands for the space of square-integrable vector function over [0, ∞).

RESILIENT AETM WITH DoS ATTACKS
In the section, an energy-limited DoS attack is introduced and a novel resilient AETM is proposed to ensure the control system is stable under attacks.
It is known that DoS attacks can cause network communication interruption, then the packets will be lost during attack duration. As stated in Figure 1, the l th DoS attack occurs at random instants t dos−l with duration d dos−l . Define b l is the number of the consecutive packet losses in the l th attacks interval, then the maximum one is b = max{b 1 , … , b l , …}. Inspired by [45], we consider an energy-limited DoS attack, whose l th duration satisfy the following relationship where h is the sampling period. At present, the risk of network communication attacks is increasing day by day in actual system. When the network is affected by DoS attacks, there will be a great probability of data loss, and the traditional ET mechanism will be ineffective. Hence, it is necessary to study a flexible resilient ET communication strategy that is immune to network attacks. First of   Remark 1. If h = d k h, the ET mechanism becomes timetriggered. When d k h = t k h, it implies that there are no DoS attacks in wireless network channel and all the triggered packets are transmitted to controller. If t k h < d k h, it means that there exist DoS attacks and packets loss between wireless network channel and controller.
The diagram of networked T-S FMB control systems with AETM is displayed in Figure 2. Besides, whether the current sampled datax( h) should be transmitted to wireless network channel is decided by the AETM condition (2). When the obtained signal is conveyed, then the ET threshold is calculated by adaptive rule (3) and stored in Buffer 1. The triggered packet is also placed in Buffer 2 for the later utilisation of ET conditions. Then next release time of AETM under no attacks satisfies the following condition.
where Ω > 0 is an appropriate dimension matrix to be designed.
is the error between the current sampled packet t k h + dh and latest released data t k h. Furthermore, the ET threshold parameter 1 (t k h) is decided by the following update rule where is the initial value of 1 (t k h), that is to say, 1 (0) = m1 . 0 ≤ m1 < m2 < 1, a > 0 and b > 0 are known parameters.
Remark 2. As we all know, the bounded invert tangent function atan(.) satisfies atan(.) ∈ [− 2 , 2 ]. Then the adaptively updated ET threshold 1 (t k h) can be obtained from given parameters a and b. For instance, if ||x(t k h + dh)|| − ||x(t k h)|| > 0, it can be seen that 1 (t k+1 h) < 1 (t k h). Then the update rule (3) uses a smaller 1 (t k+1 h) to permit more transmitted package data to reduce the error between ||x(t k h + dh)|| and ||x(t k h)||. In contrast, the larger 1 (t k+1 h) can save more communication bandwidth.
Besides, the network-induced delay t k which happens in release time t k h is also considered in the paper. Due to the existence of ZOH, the controller receives datax(t k h) from wireless network channel in the time Here, t k , t k+1 ∈ (0, ]. Then, for the mentioned interval we have to consider two cases.
Case 1: Hence, the actual input of the controller can be stated aŝ In addition, when suffered from DoS attacks, some packets may be lost through the AETM (2). Then the AETM (2) can not be used to decide whether packets are transmitted or not. Therefore, we have to design a novel resilient AETM to eliminate the effect of packet loss induced by DoS attacks Remark 3. The resilient AETM (5) is constructed on the basis of AETM (2). Due to the existence of DoS attacks, some packets may be lost in successive trigger intervals [t k h, t k+1 h). In order to ensure system stability, k whose value is lower than 1 (t k h) is designed to allow more data packages to be transmitted. It can improve utilisation efficiency without attack, and the system stability performance is further ensured in the presence of attacks.

T-S fuzzy model
Considering a class of non-linear systems which can be represented as T-S fuzzy model with s fuzzy rules [35].
where K i is the fuzzy term of rule i corresponding to premise variable h (x(t )), = 1, 2, ⋅ ⋅ ⋅, o, i = 1, 2, ⋅ ⋅ ⋅, s, o and s are positive integers that stand for the number of premise variable and fuzzy rules, respectively. x(t ) ∈ ℝ n and y(t ) ∈ ℝ r are the system state and measurement output, respectively. u(t ) ∈ ℝ u and z(t ) ∈ ℝ r are control input and output. (t ) ∈ ℝ w is the unknown external disturbance which belongs to and B 1i are known system matrices. The system dynamics are of the following formaṫ , , where is the grade of membership corresponding to fuzzy term K i .

Observer and controller design
The observer and system do not share the same premise variables and the observer premise variables depend on the estimated state variablesx(t ) [35]. Then the j th fuzzy rule is obtained as follows.
wherex ∈ ℝ n andŷ ∈ ℝ r are the estimated state and measurement output, respectively. L j is observer gains. The global observer dynamics are shown as followṡx where is the grade of membership corresponding to fuzzy term K j .
Owing to that there exists an AETM between the observer output and controller input, then the premises variables between observer and controller are asynchronous. Besides, the mismatched premise variables are considered between controller and fuzzy model to improve design flexibility. Then, the l th fuzzy rule of controller is described as follows.
Rule l : where F l are controller parameters. Then the global fuzzy controller is stated as where M l is the fuzzy term of rule l corresponding to premise variable f (x(t )), For simplicity, g i (x(t )), g j (x(t )) and q l (x(t k h)) are written as g i ,ĝ j andq k l , respectively.

Observer-based error systems
The augmented system is obtained by using the actual control input (4), fuzzy model (6), fuzzy observer (7) and fuzzy controller (9). where Then, the following lemmas are needed in the stability analysis.

MAIN RESULTS
The H ∞ stability conditions of augmented system (10) under an AETM (2) are presented in Theorem 1. In Theorem 2, a resilient AETM (5) against DoS attacks is proposed and the corresponding H ∞ performance is also guaranteed. Furthermore, in order to derive both observer and controller gains simultaneously, a matrix decoupling technique is provided in Theorem 3. Besides, an algorithm with the consideration of dichotomy method is introduced to describe how to obtain co-designed controller and communication gains.

Stability analysis with DoS attacks
Theorem 2. For the given positive scalars̄, m2 , , 1 , l , h, the augmented system (10) with resilient AETM (5) is stable subject to H ∞ performance , if there exist symmetric matrices P > 0, R > 0, S > 0,Θ i and matrices H , Ω, L j , F l i, j, l = 1, … , s, such that the LMIs (11)- (14) hold withq k l − lĝl ≥ 0, 0 < l ≤ 1 and the resilient parameters k satisfy Remark 5. For the known number of successive packet losses b k in interval [t k h, t k+1 h), the resilient parameter k can be calculated from (18). In reverse, based on given resilient parameter k , one can obtain the number of successive packet losses b k from (18) where ⌊Δ⌋ provides the largest integer smaller than or equal to Δ. Furthermore, the DoS attacks duration d k D in the interval [t k h, t k+1 h) can be derived Then, it is not difficult to obtain the maximum attack duration Consider a successful broadcast release interval [t k h, t k+1 h), and assume that there are b k unsuccessfully transmitted broadcast packets For p = 0, 1, … , b k , we obtain the following equation from constraint condition (5) Then Based on (2), it follows That is Then assume that there exist positive constants 1 such that |x(t ) −x(t )| ≤ 1 |x(t )|. We can derive the following inequality from the solutionx(t )| t =d p+1 h of (7), (22) and (24) where is defined in Theorem 2. □ , the state error between t and t k h is obtained from (21) and (25) From (21) and (25), it follows Then the following inequality is derived by taking (27) into (26) Based on (18) and (28), we have According to (29), it can be seen that the AETM (2) in Theorem 1 is ensured by the resilient AETM (5). That is to say, if the resilient AETM (5) is applied, then Theorem 2 can be easily derived from Theorem 1. This completes the proof.

4.3
The design of observer-based controller Theorem 3. For the given positive scalars̄, m2 , , 1 , , l and h, the augmented system (10) with resilient AETM (5) is stable subject to H ∞ performance, if there exist symmetric matrices U > 0,R > 0,Ŝ > 0,Θ i and matricesĤ ,Ω, T j ,F l i, j, l = 1, … , s, such that the resilient parameters k satisfy (18) and the following LMIs hold withq k wherê Then the observer, controller and AETM gains are obtained as  [41,43] do not happen randomly but are generated periodically, which may be conservative. However, the DoS attacks in the paper are not necessary to occur periodically. It happens randomly which is more practical. In addition, we have assumed that the output matrices have a common one in this work, which is C i = C, C ∈ ℝ r×n . Compared with the particle swarm optimisation algorithm in [28] that deals with non-linear coupling problems, the system gain matrix in the paper can be obtained at once by LMIs.

An algorithm to obtain communication and control gains
In Theorem 3, the communication parameters m2 , Ω, time delaȳ, observer gain L j and controller parameter F l are coupled together. Besides, the above mentioned parameters are related to network resource utilisation and control performance. Therefore, an algorithm is necessary to be introduced to calculate these parameters at the same time while ensuring the desired H ∞ performance and further improving communication efficiency. In addition, the maximum time delaȳis calculated by a dichotomy method. Then based on network-induced delay upper bound , the simulation sample time h =̄− .

SIMULATION EXAMPLES
This section provides practical and numerical examples to demonstrate the effectiveness of proposed method. All simulations are implemented by using Matlab 8.4.0 (R2014b) running on a PC with 3.40 GHz Intel Core i7 CPU, 8GB RAM, and Windows 7 64-bit Ultimate. ALGORITHM 1 : Algorithm to obtain the communication parameter m2 , k , Ω, allowable delay upper bound̄, observer gain L j and controller parameter F l Step 1: For the given number of consecutive lost packets b k , network-induced delay upper bound and ET initial threshold m1 , set ET threshold upper bound m2 = m2 − , where is the decreased step of m2 ∈ (0, 1).
Step 3: Apply the Matlab LMI toolbox and dichotomy approach to search the maximum delay upper bound̄( m2 ), and calculate the corresponding parameters L j ( m2 ), F l ( m2 ) and Ω( m2 ).
Step 4: Choose the sampling period h =̄( m2 ) − . If h ≤ 0, go to Step 1, else set a simulation time T, based on L j ( m2 ), F l ( m2 ) and Ω( m2 ) in Step 3, obtain the adaptive updated parameters 1 (t k h) from the communication scheme (2).
Step 5: Based on the given number of successive packet losses b k and adaptive adjusted parameters value 1 (t k h) in Step 4, the maximum resilient AETM threshold k (b k , 1 (t k h)) can be derived from constraint condition (18). If k (b k , 1 (t k h)) > 0, set a simulation time T to validate the proposed resilient AETM (5) method by Matlab, otherwise, go to Step 6.

Mass-spring systems
Consider the following non-linear mass-spring systems [27] x where the MFs are chosen as g 1 = 1 − x 2 1 and g 2 = 1 − g 1 , respectively, with x 1 ∈ [−1, 1]. Then the non-linear mass-spring systems are modeled as the following T-S fuzzy model with two rules.
Rule 1: IF x 1 (t ) is g 1 , then , B 11 = B 12 = 0, Besides, the MFs of observer and controller are considered aŝ Setting scalars a = 2, b = 1.2 and the initial value of AETM (2) m1 = 0.1. When the number of successive packet losses b k = 1, the adaptive variation of 1 (t k h) and k are provided in Figure 3, one can see that both them can be dynamically adjusted. Then, Figure 4(a) plots the release instants and release interval of AETM, in which only 64 times are triggered among the total time sampled 1000 times. It can be seen from the figures that the system with AETM can save network resources.
In addition, under no DoS attacks, the number of transmitted packets for different ET schemes is shown in Table 1. One can conclude that the designed AETM has smaller transmitted packets than ET generator with fixed parameters in [32][33][34][35][36] even   [32][33][34][35][36] can transmit 6.4% packets, which implies that the constructed AETM can improve communication resource utilisation efficiency.
Next, if the wireless network under DoS attacks, then the corresponding AETM becomes the resilient adaptive one (5). Its parameter k is related to AETM (2) threshold parameter 1 (t k h) in trigger interval [t k h, t k+1 h). Therefore, the corresponding ET parameters in each triggered moment are timevarying. To compensate for lost packets caused by DoS attacks, a smaller resilient AETM threshold is required to allow more packets to be transmitted in trigger interval [t k h, t k+1 h). When the number of successive packet losses b k = 1, b k = 2, then the corresponding resilient AETM (5) parameters k for different 1 (t k h) can be calculated from (18). Some data have been shown in Table 2. One can see that the more consecutive packet loss, the smaller the resilient AETM coefficient. If the successive packet losses number b k = 1, then the release instants and release interval of the resilient AETM are plotted in Figure 4(b), which has 108 trigger times. From Figure 4, one can conclude that the resilient AETM (5) can tolerate 44 times of data loss induced by cyber-attacks. Then, Figure 5 plots the response of estimation error and control input. It is can be seen that

Numerical example
A numerical T-S fuzzy model (6) with 2-rule is considered with the following parameters Then, the MFs of model, observer and controller are given ,ĝ 2 = 1 −ĝ 1 and  Under the consideration of AETM with scalars a = 3, b = 2 some simulations are presented. When the number of successive packet losses b k = 2, the adaptive variation of 1 (t k h) and k are displayed in Figure 6. Under AETM (2), the release instants and release interval is shown in Figure 7(a), which has 74 trigger times among the total time sampled 666 times. Based on the figures, it can conclude that the observer system with AETM can reduce network bandwidth.
Although the AETM (2) saves network resources in the absence of network attacks, it cannot solve data packet loss problem caused by network attacks. Hence, a smaller resilient AETM (5) threshold is needed to allow more packets to be transmitted. If under DoS attacks, the release instants and release interval of the resilient AETM (5) are plotted in In this work 220 178 153 146

FIGURE 8
Responses of estimation error and control input Figure 7(b), which has 220 trigger times. Figure 7 implies that the resilient AETM (5) can tolerate 146 times of data loss induced by cyber-attacks. Besides, Table 3 provides the number of transmitted packets for different ET methods under DoS attacks. It is easy to see that when m1 takes different values, the resilient AETM (5) has better network resource utilisation than the resilient ET mechanism in [45]. Furthermore, the responses of estimation error and control input are displayed in Figure 8. The above results show that the proposed resilient AETM method can improve resource utilisation efficiency and further tolerate DoS attacks with desired performance.

CONCLUSIONS
This paper solves the observer-based security control issue for T-S FMB systems under energy-limited DoS attacks. The newly designed resilient AETM can not only improve resource utilisation efficiency without DoS attacks but also tolerate data loss caused by cyber-attacks. Then the MFD stability criterions are provided in three theorems to ensure the control systems are stable with desired H ∞ performance. In addition, a fuzzy observer is constructed to estimate the unknown states and a slack matrix is introduced with the MFs information. Furthermore, the observer-based controller gains and resilient AETM parameters are derived based on Algorithm 1. Simulations about practical and numerical examples are shown to demonstrate the effectiveness of our method.