Abstract

Cyber-Physical Systems (CPSs) are typically defined as physical systems that are integrated with computational and communication capabilities, offering the potential to significantly enhance traditional engineering systems in terms of efficiency, reliability, and performance. However, these enhanced features also introduce potential vulnerabilities to cyber-attacks, as evidenced by the various types of attacks reported against CPSs. Over the past decade, numerous control solutions have been proposed to detect these attacks and mitigate their impact on CPSs. Most of the proposed solutions are based on the assumption of precise a priori knowledge of the system’s dynamical model. However, acquiring an accurate mathematical model can be challenging, particularly when the system’s behavior is affected by unknown or uncertain factors, such as disturbances. Consequently, recent efforts have focused on developing data-driven control approaches to safeguard the safety of constrained CPSs against cyber-attacks.


In this thesis, the safety and security problems in constrained Cyber-Physical Systems using data-driven methods are addressed. In the first part of this thesis, we propose an active detection mechanism using the concept of dimensionality reduction, Principal Component Analysis (PCA), and optimal reconstruction for the detection of intelligent and coordinated cyber-attacks. In particular, we design a novel attack detection strategy based on a time-varying (random) encoding mechanism, which encodes the sensor measurements into a random latent space and prevents the attacker from accessing some part of the information.


In the second part of this thesis, we first introduce a data-driven method for computing backward reachable sets and Set-Theoretic Model Predictive Control (ST-MPC) tailored for constrained control systems, subject state, and control input constraints. Then, we use the developed data-driven ST-MPC along with data-driven backward and forward reachability concepts to design data-driven detection and mitigation control architectures aimed at preserving the safety and tracking performance of constrained CPSs against cyber attacks. In particular, in the first architecture, a data-driven anomaly detector based on the forward one-step evolution of the system is designed to detect the presence of attacks on the measurement channel. Moreover, on the plant’s side, a data-driven safety verification module is designed to assess whether the received control input ensures a safe evolution of the plant. If necessary, it replaces the networked controller with a local data-driven, set-theoretic model predictive controller, which aims to maintain the plant’s trajectory within a predefined safe configuration until normal operation is restored following the attack. In the second architecture, we extend the first solution in order to minimize whenever possible, the tracking performance loss of constrained CPSs in the presence of cyber attacks on the measurement channel. For this purpose, an add-on tracking supervisor module is designed which operates in an open-loop fashion in case of unreliable measurements. Moreover, on the plant side, the safety verification module is enhanced to consider multiple safety equilibrium points which allows to reduce the tracking performance loss in the presence of cyber-attacks on the actuation channel.