Output Feedback NCS of DoS Attacks Triggered by Double-Ended Events

In recent years, the research of the network control system under the event triggering mechanism subjected to network attacks has attracted foreign and domestic scholars’ wide attention. Among all kinds of network attacks, denial-of-service (DoS) attack is considered the most likely to impact the performance of NCS significantly. +e existing results on event triggering do not assess the occurrence of DoS attacks and controller changes, which will reduce the control performance of the addressed system. Aiming at the network control system attacked by DoS, this paper combines double-ended elastic event trigger control, DoS attack, and quantitative feedback control to study the stability of NCS with quantitative feedback of DoS attack triggered by a double-ended elastic event. Simulation examples show that this method can meet the requirements of control performance and counteract the known periodic DoS attacks, which save limited resources and improve the system’s antijamming ability.


Introduction
Scholars have recently devoted much energy to studying network security and control stability of network systems against malicious attacks, including denial of service (DoS) attacks, replay attacks, and spoofing attacks. e research results on different types of network attacks can be obtained in the literature [1][2][3][4][5].
Among all kinds of network attacks, the DoS attack is considered the most likely type of network attack to impact the performance of NCS [6] significantly. In the past few years, the stability analysis of NCS under DoS attacks has been reported in the literature [7,8]. Besides, because the event-triggered mechanism can be used to reduce the transmission of information without reducing the overall system performance, in recent years, more and more literature have used the event-triggered method to study the control stability of NCS under DoS attacks [9]. For example, in [6], the author, for the first time, investigated the stability analysis of event-triggered networked linear continuoustime systems under known pulse width modulation DoS attacks. Inspired by this work, the author proposes a more general DoS attack model in [10], in which the DoS attack signal is only constrained by DoS frequency and duration. Some extensions are also reported based on this idea, such as the dynamic output feedback controller [11] and distributed NCS [12].
An event trigger mechanism dependent on the Lyapunov function is proposed for nonlinear continuous systems in [13]. Eqtami et al. [14] use ISS's technology to propose a selftriggering mechanism and a new event triggering mechanism for nonlinear discrete systems. A new event mechanism is proposed for nonlinear systems through Lyapunov in [15]. e asymptotic stability of the system is verified by using the distributed event trigger mechanism in [16], and the small gain theorem for the ISS-Lyapunov function [11] solved the resource consumption and resilient control strategy design of NCS subjected to malicious DoS attacks. In the presence of DoS attacks, the proposed system framework can still guarantee a strictly positive and lower bound on the event time. A system design framework is proposed for the output-based dynamic event trigger control (ETC) system under DoS attacks. De Persis and Tesi [17] studied the effective control strategy of nonlinear systems under a DoS attacks and provided the character of the maximum percentage of time that feedback information can be lost without causing feedback instability. It is based on the design of the event's elastic control strategy, and the fixed pattern is used as an exact representation of the interval activity interval. e controller triggered by the event has made a clear representation of the minimum cross-sampling time of the controller. Su et al. [18] proposed incremental algorithms for rapidly evolving the network strategies, and the redundancy rules are further processed.
Focusing on defensive strategies against network attacks in cyberphysical system (CPS), Tian et al. [19] proposed both low-and high-interaction honeypots into CPS as a security management tool deliberately designed to be probed, attacked, and compromised. To improve the attack detection capability of content centric network (CCN), Xu et al. [20] proposed a way of interest flooding attack (IFA) making use of the characteristics of self-similarity of traffic and the information entropy of content name of interest packet.
Distributed Denial-of-Service (DDos) attack has become one of the most destructive network attack. Cheng et al. [21] proposed a detection method of DDos' attacks based on generalized multiple kernel learning combining with the constructed parameter R, and the proposed method can effectively detect DDos' attacks in complex environments with a higher rate and lower error rate. Chen et al. [22] provided the active approach based on the integrated entropy calculations to detect DDos' attack. It is a lightweight approach could be applied in mobile device.

LMI.
e research on LMI (linear matrix inequalities) has been widespread. When it is used to solve control problems, LMI will be used to simplify the practical issues involved. Here are some definitions of LMI and many practical issues of LMI implementation used in later sections [23]. In general, the specific LMI, formula is (1) is the general form of LMI, but through the exploration of scholars, most of the content of its solution is a variable matrix. If the following Lyapunov inequality where Q ∈ R n×n is a real symmetric matrix, A ∈ R n×n is a constantly fixed matrix, X ∈ R n×n is an unknown solution matrix, so most of the contents of the LMI solution are variable matrices. Formulas (1) and (2) are two representations of LMI, but they embody the same essence. erefore, the resolution of a kind of LMI problem [24] is obtained as follows: for the existing LMI G(x) < 0, we can use the function that comes with LMI to solve it, in which there is a function with special meaning, which can be used to test whether the existing x satisfies G(x) < 0. is kind of case is the LMI technique to solve the problem, and the solver in the function is expressed by feasp.

H ∞ Control eory.
As the core part of robust control, H ∞ , the theory provides many analysis ideas for control systems and effective solutions for robustness exploration. It can realize the calculation of H ∞ the norm. By optimizing this kind of function and then designing the controller reasonably within the prescribed constraint conditions, the robustness of the system becomes very good. e block diagram of H ∞ control is shown in Figure 1.
In addition, u is the output information of the controller, P is the controlled object, w is the external interference information, z is the information output of the object, y is the measured value, and K is the controller.
System objects are considered as follows: where u(t) ∈ R m is the input vector of the system, y(t) ∈ R s is the measured output of the system, x(t) ∈ R n denotes the state vector, z(t) ∈ R q represents the control output of the system, and w(t) ∈ L 2 [0, ∞) represents the information of the disturbance signal. A 11 , D 32 , B 11 , B 1w , C 33 , D 21 , C 22 , D 11 , D 12 is a fixed constant matrix. For any c > 0, if formula (3) contains the following properties: (1) If w(t) � 0, then the system is stable.
(2) If the function Φ(s) is used to represent the relationship between z(t) and w(t) by calculating the norm, we have And, then it is equal to en, system (5) has H ∞ performance c [25]. Formula (5) is the ability of anti-interference to the outside world, so c is called the suppression system to the outside world. e smaller the value of c is, the better the control performance of the system will be.

Lemma 2. (Schur complement lemma). For symmetric
" * " is a symmetric term, and the following conditions are equivalent:

Lemma 3.
For the real matrix Θ > 0, X and the given scalar δ, the following formula holds:

Problem Description
In the current research results, most of the studies are completed under the assumption that the object can be measured. In the actual system, the information of the object cannot be measured directly, so the NCSs' study of state feedback under the DoS attack of event-triggered mechanism cannot act on the system directly. erefore, the NCSs' research of output feedback under the DoS attack is critical.

System Description.
e model of the system is as follows: where u(t) ∈ R m is the input vector, x a (t) ∈ R n is the state vector, w(t) ∈ L 2 [0, ∞) is the interference signal, y(t) ∈ R q is the measured output, and A a , B a , C a , C a 1 , D a , B w , D a1 is the constant matrix with appropriate dimension. ΔA a (t) matrix is an uncertain matrix and must satisfy the condition of (8): where D and E is a fixed constant matrix and F(t) is a timevarying unknown matrix with respect to time t is Lebesque and satisfies F T (t)F(t) ≤ I.
To improve the anti-interference ability of the system in the network, save the limited network resources, and apply the network model attacked by DoS to the control system, the system structure block diagram is shown in Figure 2.

Establishment of DoS Attack Model.
Consider a general attack model that limits the actions of attackers only by limiting the frequency and duration of DoS attacks. It is a kind of periodic network interference signal with energy constraint in the form of pulse width modulation (PWM). Its specific expression is as follows: where n ∈ N is a periodic natural number, T ∈ R >0 is an attack period, T off ∈ R >0 (T off < T) is the zero boundary point of DoS attack and non-DoS attack, and T min off < T off < T < ∞. e interval of the network system that is not attacked by DoS is [(n − 1)T, (n − 1)T + T off ), and the interval of the network system that is attacked by DoS is

Establish a Double-Ended Elastic Event Trigger
Mechanism. In view of the situation that the controlled object cannot be measured directly, we propose a two-terminal elastic event trigger mechanism which depends on the information of the object and the controller, which can enhance the anti-interference ability of the system and reduce the amount of data transmitted in the network channel at the same time.
e latest sensor trigger time is expressed by b k h, and b k+1 h is used to indicate the next trigger time. If there is no DoS attack, the elastic trigger conditions on the sensor side are where ξ y (t) is used to represent the threshold function and W y > 0 is used to represent the matrix that needs to be solved, and at the same time, it must satisfy where δ y ≥ 1 is the known constant, y(b k h + qh) the sampling state of the current time, and y(b k h) shows the latest state of the event trigger. If there is a DoS attack, the trigger condition of the sensor-side trigger will be defined as

Security and Communication Networks
If the designed elastic event trigger satisfies condition (10) or (12) and the current state y(b k h + qh) is defined as the latest state y(b k+1 h), then it is sent to the network. d k h indicates the latest time of the controller, and d k+1 h indicates the next trigger time. If there is no DoS attack, the elastic trigger conditions of the controller are as follows: Using W u > 0 to express the matrix that needs to be solved, it must satisfy If there is a DoS attack, the event trigger conditions on the controller side need to be met as follows:

Establish the Model of Closed-Loop
System. According to the study of timing and event mechanism in [25], we define According to the duration of ZOH, it is finally divided into segments h: In e combination of (18)- (20) can be described as follows: k . e set of real-time update times of the feedback forward channel zero-order holder will be expressed as τ, t 1,n , t 2,n , . . . , where t k,n � b k,n h + τ. According to the relevant properties of ZOH, the input information of output feedback is e control input of the controlled plant (7) is  Several functions are defined as follows.
(1) Define the function: According to formulas (22), (23), and (25), the controller inputs as (2) Define the function: According to formulas (22), (24), and (25), the control input of the controlled object (7) is e feedback controller for output dynamics is where y(t) is the input vector of dynamic output feedback, u(t) is the output vector, and x c (t) ∈ R n matrix is the matrix with a proper dimension of the state vector A c , A c d , K, B c . In the same timing, the input u(t) of (29) is substituted into model (7), and the input y(t) of (26) is brought into (29). e final closed-loop model is In order to facilitate the analysis, this chapter introduces the switching signal: Based on the set switching signal ψ(t), the closed-loop system (30) can be simplified as follows: Security and Communication Networks

Stability Analysis of Closed-Loop System
rough the LMI method and the related theory of Lyapunov, aiming at whether the networked control system is attacked by DoS or not in the unmeasurable state, based on the proposed two-terminal elastic event trigger mechanism, the exponential stability of the system is proved. Theorem 1. For a given state gain matrix K and interference signal P DoS (t) (9), the parameters T and T min off are known. Consider system (33), for the known positive scalar α i , h > 0 and c > 0 and the double-ended elastic event trigger parameter 0 < δ y < 1 and 0 < δ u < 1, if there is a positive definite matrix W u , W y , P i , Q i , R i , and Z i and the matrix then along the system trajectories (4)- (21), for any n ∈ N, there are Proof. Select the following time-varying Lyapunov functions: When

Security and Communication Networks
According to the literature [25], we can obtain e simplified expressions of the two-terminal elastic event-triggering mechanisms (10)-(13) and trigger functions (23) and (28) can be obtained from the same time sequence ψ m k of the input y(t) of equation (23) and the object input u(t) of (28):

Security and Communication Networks
By using Shur Lemma, the following results are obtained: On the contrary, when t ∈ [t 2,n , t 1,n+1 ), the same result is obtained: According to the condition 2 < 0, it is proved that it is completed if it satisfies _ V 2 (t) ≤ 2α 2 V 2 (t).

Theorem 2.
For a given state gain matrix K and interference signal P DoS (t) (9), consider system (33), when the sequence satisfies nT { } n∈N , and parameters T and T min off are known. For known positive scalars α i , μ i , h > 0 and c > 0 and the trigger parameter 0 < δ y < 1, 0 < δ u < 1, such as symmetric, positive, definite matrix, W y , W u , P i , Q i , R i , and Z i , and matrix M i , N i , S i , i ∈ 1, 2 { }. Both (35) and the following inequalities are satisfied: e closed-loop system (33) under known periodic DoS interference attacks (9) is globally exponentially stable with a decay rate.
According to the judgment basis of eorems 1 and 2, it is determined that the system is globally exponentially stable. However, there is a coupling relationship between the corresponding matrix (A c , A cd , K, B c ) and P i in formula (29), so the controller cannot be directly designed. erefore, Section 5 is needed to design the controller further.

Design of H ' Dynamic Output Feedback Controller
Theorem 3. For the given matrix K and pulse width interference signal P DoS (t) (9), the sequence nT { } n∈N and parameters T and T min off are known. Considering series (33), for the known positive scalar, α i , h > 0, c > 0, c n (n � 1, 2, 3, 4, 5) and, double-ended elastic event trigger parameter, 0 < δ y < 1 and 0 < δ u < 1. If it exists in the positive definite matrix, W u , W y , P i , Q i , R i , Z i , X, and Y and the matrix which is satisfied at the same time: (52) en, the closed-loop system (33) is globally exponentially stable under the double-ended elastic event trigger mechanism (11) to (23). Also, the gain matrix of the output feedback controller (29) can be calculated as follows: Proof. e matrix P is decomposed into using Lemma 1 Define the matrix: By using Ω to perform the congruent transformation of the conditions in eorem 1, the result is obtained:

Security and Communication Networks
For conversions, Applying Lemma 3 to deal with the coupling term in Υ e gain matrix of the controller with output feedback is Because equation (59) contains an unknown matrix N, the gain (A c , A cd , K, B c ) cannot be solved directly. erefore, through the transformation of x c (t) � N − 1 x c (t), the equivalent of solution (29) is as follows: e gain of the controller is expressed as follows: (62)

Example Simulation
Considering the general satellite system model in [26,27] as an example, the specific state-space model is described as (7), and the described matrix is given: Because the eigenvalue of the system matrix isλ 1 � λ 2 � 0, λ 3 � − 0.0043 − 0.7843i, and λ 4 � − 0.0043 + 0.7843i, the system is unstable without a controller.
In the following, this paper jointly designs the event trigger parameter (δ y , W y ) and (δ u , W u ) and the control parameter form of the event trigger state feedback, and the closed-loop system (33) is exponentially stable in periodic DoS interference attack.
Other parameter settings are as miu1 � miu2 � 1.3, T min off � 2.76, gg � 50, c n � 3 n � 1, 2, 3, 4, 5 u . (64) By using Matlab, the parameters of the two-terminal elastic event trigger mechanism (10), (12), (13), and (15) e internal initial condition system is given x 0 � 0.1 − 0.1 − 0.01 − 0.04 T , and the simulation time is assumed to be 40s. e state graph of DoS attack NCS based on output feedback is shown in Figure 3. Obviously, the system can have good stability through eorem 3. Figures 4 and 5 show the data trigger status of the controller and sensor side under the double-ended elastic event trigger mechanism designed in this chapter. e simulation results show that 120 data on the sensor side can meet the conditions of the elastic mechanism (10) and (12), and a total of 132 sampled data on the controller side meet the conditions of the elastic trigger mechanism (13) and (15).
A total of 300 data are required to be sent to the network, and the trigger interval must be 0.1 s. erefore, after using the method of output feedback, the sensor has 134 data that can meet the conditions of the event mechanism.
As can be seen from Tables 1 and 2, compared with the two-terminal elastic event mechanism and periodic trigger mechanism proposed in this section, it is found that the controller and the sensor side save 55.60% and 60.00% of resources, respectively, and the transmission cycle increases by 0.1273 s and 0.1400 s, respectively. Compared with the single-ended mechanism DoS attack in [28], the controller and sensor side save 4.67% and 55.60% resources, respectively, and the cycle changes are 0.0261 s and 0.1273 s, respectively.
erefore, the double-ended elastic event mechanism proposed in this section meets the performance requirements of the system very well, counteracts the known periodic DoS attacks, saves limited network resources, and improves the antijamming ability of the system.
In order to verify the influence of event trigger parameters δ x and δ u on system stability, Tables 3 and 4 are  obtained. To sum up, it can be concluded that (1) the system is stable; (2) the event trigger mechanism can reduce the traffic    Event trigger mechanism Sensor side (%) Controller side (%) Periodic trigger mechanism 100 100 Single-ended event mechanism DoS attack in literature [28] 44.67 e double-ended elastic mechanism DoS attack proposed in this chapter 0.00 44.40 in the system; (3) the event-based output feedback controller does counteract the impact of periodic interference attacks.

Conclusion
Because the information of many objects cannot be directly monitored and there are DoS attacks in the network, this section studies the NCS under the output feedback of DoS attacks triggered by double-ended elastic events. First of all, this work proposes an elastic event trigger mechanism transmission scheme that depends on the information of the object and the controller, in order to reduce the burden of computing and communication and, at the same time, counteract the DoS interference attack imposed by the power-limited pulse width modulation (PWM) jammer. Secondly, based on the elastic event trigger mechanism and the DoS attack model, the closed-loop time-delay switching model of the system is established. en, through LMI technology and Lyapunov knowledge, the stability criterion of H ∞ is obtained, which contains the relationship among elastic event trigger mechanism, DoS attack, stability, and delay, and the sufficient conditions of dynamic output feedback controller and elastic event mechanism are obtained. Finally, through a numerical example, it is proved that the double-ended elastic event trigger mechanism designed in this work can not only counteract the impact of DoS attack interference and save network resources but also can better ensure the performance of the system.

Data Availability
e data used to support the findings of this study are available from the corresponding author upon request.

Conflicts of Interest
e authors declare that there are no conflicts of interest regarding the publication of this paper.

Event trigger mechanism
Sensor side (s) Controller side (s) Periodic trigger mechanism 1/10 1/10 Single-ended event mechanism DoS attack in literature [28] 0.2239 1/10 e double-ended elastic mechanism DoS attack proposed in this chapter 0.2500 0.2273