## I Introduction

In the last two decades, the control of multi-agent systems has attracted substantial attention due to the progress of technologies in communication and computation areas, and some of the key applications can be found in formation control, control of large-scale systems and distributed sensor networks [1]. In particular, nowadays a closed-loop control system integrates sensors, computers and communication devices, which complies with the concept of cyber-physical systems (CPSs). While the industry notably benefits from the technology bloom in CPSs, a challenging situation also emerges along with the benefits due to malicious cyber attacks on CPSs such as deceptive attacks and Denial-of-Service (DoS) [2, 3].

This paper deals with DoS attacks, which induce packet drops maliciously and hence corrupt the availability of data. The communication failures induced by DoS can exhibit a temporal profile quite different from those caused by genuine packet losses due to network congestion; particularly packet dropouts resulting from malicious DoS need not follow a given class of probability distributions

[4], and therefore the analysis techniques relying on probabilistic arguments may not be applicable. This poses new challenges in theoretical analysis and controller design.In this paper, our focus is on the effects of DoS attacks on multi-agent
systems. Recently, systems under such attacks have been studied from
a control-theoretic viewpoint [5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15].
In [5], a framework is introduced where DoS attacks are characterized by their levels of *frequency* and *duration*.
There, they derived an explicit characterization of DoS frequency and duration under which stability can be preserved
through state-feedback control. For multi-agent systems under DoS, there are some recent results for consensus problems with infinite data-rate communication. For example, the paper [14] presents theoretical as well as comprehensive simulation studies for continuous-time system consensus under DoS attacks with the utilization of event-triggered control.

Even without attacks, real-time data exchanged within networked control systems may suffer from communication constraints. In particular, we address issues arising from constraints on data rate that can occur in multi-agent systems. Such a constraint can be modeled by introducing quantization with a finite number of discrete outputs. Centralized control systems under quantized communication have been extensively studied in the last two decades, for example by the seminal papers [16, 17, 18] and the book [19]. The results in such works show that insufficient bit rate in communication channel influences the stability of a networked control system. The paper [8] extended these results to the case with DoS attacks. In the last decade, quantized consensus problems of multi-agent systems have been broadly studied [20, 21, 22, 23, 24, 25, 26] and some of them take data rate constraints into considerations. Also, the related problem of quantized resilient consensus is studied in [27, 28] where some agents are malicious and may prevent consensus to take place. The part of leaderless consensus of our paper is partially inspired by the quantized control of multi-agent systems in the work [23].

More specifically in this paper, we address three issues related to the joint effects of DoS attacks and data rate constraints for both the leaderless and leader-follower consensus problems: (i) For the dynamic quantization, when the global information of agent states is not available, a critical issue is to keep the states of each agent within the quantization range so as to avoid any quantizer saturation. Especially, when data may be missing due to DoS, we must keep track of the states by scaling up the quantization range even if the quantization becomes coarse. (ii) After constructing the quantization of the states properly, the next issue is to find the tolerable bound of DoS attacks for achieving consensus. Especially, if the agent dynamics is unstable, sufficient data must be exchanged among the multi-agent systems to realize the global objective of consensus. We will explicitly demonstrate the trade-off between the resilience against DoS and the available data rate in communication. Furthermore, it will be shown that in the absence of DoS attacks, our result in the part of leaderless consensus is consistent with the one in [23]. (iii) Last but not least, this paper also reveals another trade-off between the data rate for the leader state quantization and the one for the follower state quantization, when one deploys non-identical quantizers for them. It is possible to reduce the overall data rate exchanged through the communication channel while maintaining the resilience by tuning the data rate for the leader state quantization.

This paper is organized as follows. In Section II, we introduce the framework consisting of multi-agent systems of general dynamics and the class of DoS attacks. Section III presents the results of leaderless consensus, which includes the controller architecture with the zooming-in and zooming-out dynamic quantization mechanism and sufficient conditions for data rate and DoS bound under which consensus can be achieved. Section IV briefly presents the corresponding results for leader-follower consensus. A numerical example is presented in Section V, and finally Section VI ends the paper with conclusions and possible future research directions. The preliminary results of the problems of quantized leaderless and leader-follower consensus under DoS can be found in our previous papers [29] and [30], respectively. Compared with them, this paper provides full proofs of the results, more discussions and comparisons between the two dynamic quantized consensus problems.

Notation. We denote by the set of reals. Given , and denote the sets of reals no smaller than and reals greater than , respectively; and represent the sets of reals no larger than and reals smaller than , respectively; denotes the set of integers. For any , we denote . Let be the floor function such that

. Given a vector

and a matrix , let and denote the - and - norms of vector , respectively, and and represent the corresponding induced norms of matrix . denotes the spectral radius of . Given an interval , denotes its length. The Kronecker product is denoted by . Let and denote the column vectors with compatible dimensions, having all and elements, respectively.## Ii Framework: multi-agent systems and DoS

### Ii-a Communication graph

We let graph denote the communication topology between agents, where denotes the set of agents and denotes the set of edges. Let denote the set of the neighbors of agent , where . In this paper, we assume that the graph is undirected and connected, i.e. if , then . Let denote the adjacency matrix of the graph , where if and only if and . Define the Laplacian matrix , in which and if . Let (

) denote the eigenvalues of

and in particular we have due to the graph being connected.### Ii-B System description

The agents interacting over the network are expressed as homogeneous linear time-invariant systems. For each , agent is given as a sampled-data system with sampling period in the form of

(1) |

where , and . It is assumed that is stabilizable. denotes the state of agent with as the initial condition. We assume that an upper bound is known, i.e. . Let denote its control input, whose computation will be given later.

We assume that the communication channel among the agents is bandwidth limited and subject to DoS, where transmission attempts take place periodically at time with . Moreover, we assume that the transmission is acknowledgment based and free of delay. This implies that the decoders send acknowledgments to the encoders immediately when they receive encoded signals successfully. If some acknowledgments are not received by the encoders, it implies that due to the presence of DoS, the decoders do not receive any data at all, and hence they do not send acknowledgments.

Agent can only exchange information with its neighbor agents . Due to the constraints of network bandwidth, signals are encoded with a limited number of bits. In the presence of DoS, some of the transmission attempts may fail. For the ease of notation, we let represent the instants of successful transmissions. Note that is the instant when the first successful transmission occurs. Also, we let denote the time instant .

### Ii-C Time-constrained DoS

In this paper, we refer to DoS as the event for which all the encoded signals cannot be received by the decoders and it affects all the agents.
We consider a general DoS model
that describes the attacker’s action by the frequency of DoS attacks and their duration. Let
with denote the sequence
of DoS *off/on* transitions, that is,
the time instants at which DoS exhibits
a transition from zero (transmissions are successful) to one
(transmissions are not successful).
Hence,
represents the -th DoS time-interval, of a length ,
over which the network is in DoS status. If , then
takes the form of a single pulse at .
Given with ,
let
denote the number of DoS *off/on* transitions
over , and let
be the subset of where the network is in DoS status.

###### Assumption 1

(*DoS frequency*).
There exist constants
and
such that

(2) |

for all with .

###### Assumption 2

(*DoS duration*).
There exist constants and such that

(3) |

for all with .

###### Remark 1

Assumptions 1 and 2
do only constrain a given DoS signal in terms of its *average* frequency and duration.
Following [31],
can be defined as the average dwell-time between
consecutive DoS off/on transitions, while is the chattering bound.
Assumption 2 expresses a similar
requirement with respect to the duration of DoS.
It expresses the property that, on the average,
the total duration over which communication is
interrupted does not exceed a certain *fraction* of time,
as specified by .
Like , the constant plays the role
of a regularization term. It is needed because
during a DoS interval, one has .
Thus serves to make (3) consistent.
Conditions and imply that DoS cannot occur at an infinitely
fast rate or be always active.

The next lemmas relate DoS parameters and the number of unsuccessful and successful transmissions, respectively.

###### Lemma 1

Consider a periodic transmission with sampling interval along with DoS attacks under Assumptions 1 and 2. If , then , representing the number of unsuccessful transmissions between and with , satisfies

(4) |

*Proof*.
This lemma can be easily derived from Lemma 1 in [32] and we refer the readers to the full proof there.

For the ease of notation, we let represent in the subsequent sections.

###### Lemma 2

Consider the DoS attacks characterized by Assumptions 1 and 2 and the network sampling period . If , then , denoting the number of successful transmissions within the interval , satisfies

(5) |

*Proof.* This lemma can be easily derived from Lemma 3 in [33] and we refer the readers to that paper.

###### Remark 2

If the network is free of DoS attacks ( and ), then and , i.e. there is no failure in transmissions between and for every , and every transmission attempt will be successful, respectively. Therefore, they reduce to nominal standard periodic transmissions.

### Ii-D Uniform quantizer

The limitation of bandwidth implies that transmitted signals are subject to quantization. Let be the original scalar signal before quantization and be the quantization function for scalar input values as

(6) |

where is to be designed and , and . If the quantizer is unsaturated such that , then the error induced by quantization satisfies

(7) |

Observe that the quantizer has levels and is determined by two parameters and , which determine the density and quantization range of the quantizer, respectively. Moreover, we define the vector version of the quantization function as , where with .

## Iii Leaderless quantized consensus under DoS

The objective of this section is to design a quantized controller, possibly dynamic, in such a way that a finite-level quantizer is not overflowed and the multi-agent system (1) can tolerate as many DoS attacks as possible for reaching consensus. Specifically, we introduce the average of the states

(8) |

and consensus among the agents is defined by

(9) |

For the ease of illustration, in the remainder of the paper we simply let represent , *e.g.* represents .

### Iii-a Control architecture for leaderless consensus

For each agent , the control input is expressed as a function of the relative states available locally at time . Specifically, it is given by

(10) |

where

denotes the estimation of the state of agent

by agent , whose computation will be given later. Here we assume that there exists a feedback gain such that the spectral radius of(11) |

satisfies . This is a necessary and sufficient condition for consensus when no DoS is present and infinite bandwidth is available for communication [34].

In (10), the estimate of the state of agent by agent equals the one estimated by agent such that with , then we omit the superscripts and let

(12) |

Agent estimates the states of its neighbors based on the information available from communication. Also, to stay consistent with the neighbors, it will compute the estimate of its own. These estimated states will be computed at each time as

(13) |

where and the initial estimates will be set as . Here, contains the information of and is defined as

(14) |

An important parameter in the quantization in (14) is the scaling parameter . By adjusting its size dynamically, the state will be kept within the bounded quantization range without saturation. The scaling parameter can be updated as

(15) |

with , where and . The parameters and are for zooming in and out such that the quantization scaling parameter changes dynamically to mitigate the influence of DoS. Under DoS attacks, the states of the multi-agent systems may diverge. Therefore, the quantizers must zoom out and increase their ranges so that the states can be measured properly. If the transmissions succeed, the quantizers zoom in and decreases by using . The design of , and will be specified later. Observe that the scaling parameter is updated locally at each agent by checking the presence of DoS attacks over time.

Due to the constraints of channel bandwidth, the information about the state is quantized into as in (14). If the transmission attempts succeed, the decoders estimate by the first equation in (13) and the scaling parameter in the encoders and decoders zooms in as in the first equation in (15). If the transmission attempt fails, the information of cannot be acquired by the decoders since is corrupted by DoS. Then, the decoders estimate by the second equation in (13) and the scaling parameter in the encoders and decoders zooms out as in the second equation in (15).

Note that in the control input (12), we use to compute instead of . Due to space limitation, we omit the details of the rationales and refer the readers to the discussion regarding (52) in [23] and the references therein.

Let and . One can obtain the compact form of (13) as

(16) |

for . Let denote the estimation error and let and . Then one obtains the compact form of the dynamics of the agents

(17) |

where

(18) |

Recall the average of the states in (8). The discrepancy between the state of agent and is denoted by . By defining , one has . By applying it to (17), one obtains

(19) |

It is clear that the eigenvalues of equal to those of in (11). Recall that under the feedback gain . Hence the spectral radius of is less than 1. Then it is clear that if as , consensus of the multi-agent system (1) is achieved as in (9). If for all , it is obvious that consensus is achieved due to . Under DoS attacks, however, may diverge and consequently consensus among the agents may not be achieved.

### Iii-B Dynamics of the multi-agent systems

In this subsection, we present the dynamics of the multi-agent system under quantization, in terms of with and for the two cases, i.e. in the absence and presence of DoS attacks.

*If the transmission succeeds* such that for , then according to (16), one has

(20) |

Note that

(21) |

where

(22) |

Then (III-B) can be rewritten as

(23) |

*If the transmission fails* such that for , then in view of (16), one has

(24) |

In the above, we have presented the system dynamics using and . To facilitate the analysis, we let

(25) |

where is given in (15). Then we formulate the system dynamics in terms of and .

*If the transmission succeeds* such that , in view of the first relation in (15), (19) and (III-B), one has

(26) | ||||

(27) |

It is easy to infer that if , then by (7) one has .

*If the transmission fails* such that , then according to the second case in (15), (19) and (III-B), one has

(28) | ||||

(29) |

Compared with (27), induced by (29) may not satisfy . In the event that , there is a possibility that , which demonstrates that quantizer overflow occurs.

We explain the intuition of the zooming-in and zooming-out mechanism in the context of quantized control of multi-agent systems under transmission losses. In the dynamics of and in (26) and (27) under successful transmissions, one can see that appears in the denominators on the right-hand sides. Similarly, in (28) and (29), appears in the case of transmission failures. Intuitively, when the systems are in the open-loop status due to DoS attacks, if we can find a sufficiently large that can compensate the growth of and by dividing , then and are likely to remain “small” during DoS. As a result, it is possible to keep during DoS, which implies that quantizer overflow will not occur during DoS.

While the idea of zooming-in and zooming-out is intuitive, the computation of the parameters and are challenging in the context of quantized control of multi-agent systems. Compared with quantized control of centralized systems, e.g. in [8, 17, 35], one of the challenges in this paper is raised by the constraint of distributed systems, where each agent knows only a fraction of the global information. Due to this, the “decedent” state estimation/prediction scheme as in the papers [8, 17, 35] is very difficult to implement here and more importantly the estimation error also depends on the state, e.g. depends on in (29). By contract, in quantized control of centralized systems, this coupling problem between estimation error and state can be tackled.

### Iii-C Overflow-free quantizer and leaderless consensus

In this subsection, we will present the results for quantized leaderless consensus under DoS, showing the number of quantizer levels such that it is not overflowed, and a sufficient condition for consensus. Before presenting the results, we introduce some preliminaries that will be used in the theorem.

In view of the matrices , and in (18) and (22), respectively, we define the matrices

(30) |

where and are compatible submatrices with dimensions in and the integer satisfies as in Lemma 1. Then, we define and as

(31) | ||||

(32) |

in which the unitary matrix

is(33) |

where with satisfies . Let the matrix denote the remaining parts of in (32) after deleting the first rows and columns. Then we define the set as

(34) |

Note that is reduced to in (11) then , which is independent of . If , when is dependent on . With the matrices and in (30), and and in (18) , we let

(35) |

and then compute

(36) |

With such , we further compute

(37) |

where the parameters satisfy , and depends on the choices of and .

Now we are ready to present the results for quantized leaderless consensus under DoS attacks.

###### Theorem 1

Consider the multi-agent system (1) with control inputs (12) to (15), where they exchange information via the undirected graph . The communication attempts are periodic with sampling interval . Suppose that the DoS attacks characterized in Assumptions 1 and 2 satisfy . Let and be chosen such that , where and are in (11) and (34), respectively, and let . Then, the quantizer (6) is not overflowed, if satisfies

(38) |

with in (37), , in (30) and in Lemma 1. Moreover, if (38) holds and DoS attacks satisfy

(39) |

then consensus of is achieved as in (9) when .

To facilitate the proof of Theorem 1, we first introduce the lemma below, whose proof is provided in the Appendix.

###### Lemma 3

*Proof of Theorem 1.*
In the following, we will first show that the uniform quantizer (6) does not saturate if the number of quantization levels satisfy (38). Then, we show that the leaderless consensus among the agents is achieved under (39).

The unsaturation of the quantizer is proved by induction. More specifically we show that if the quantizer is not overflowed such that for , then the quantizer will not saturate at the transmission attempts within and hence .

*a)* If , in view of (27), it is easy to verify that the quantizer is not overflowed in the sense that

(42) |

where the norm of is given in Lemma 3. This implies .

*b)* If , it means that the transmissions before at the instants , , fail, where . We verify that the quantizer is also free of overflow at the instants , , and since

(43) |

This implies . In view of *a)* and *b)*, by induction, we conclude that the quantizer satisfying (38) is not overflowed for all transmissions.

Now we will show leaderless consensus in the states. If the quantizer is not saturated, then one has

(44) |

for , where the third inequality is obtained from (41). Incorporating the scenario of , we have

(45) |

where . Recall the definition of in Lemma 2 and let denote the number of unsuccessful transmissions in . In view of , one has

(46) |

where and

(47) |

by (39). Thus, we have when , which implies that leaderless consensus is achieved.

###### Remark 3

This remark concerns the rationale of the computations of and . The iteration of depends on the spectral radius of , where denotes the number of unsuccessful transmissions between and . If one selects and as (40), then , which essentially implies that is not a diverging sequence along despite that there are transmission failures between and . If no DoS attacks occur between and , then and hence the iteration of based on depends on , which is the result achieved in [23].

###### Remark 4

In view of the right-hand side of (39), it is good to have small and for improving the robustness, though a small will result in large data rate. In view of the remark above, it is clear that can affect directly in (38). More importantly, can also affect in the sense that if one lets , then . It is clear that if there are no DoS attacks in the network, then and the control approach in this paper reduces to the one in [23]. The principle of selecting is to make hold, where . Then, essentially depends on the systems to be controlled, the communication topology and that depends on DoS (see Lemma 1).

## Iv Leader-follower consensus under DoS

In this section, we will discuss the problem of leader-follower consensus under DoS attacks. The dynamics of the followers is taken as (1). Let be the index for the leader. The dynamics of the leader is given as an autonomous system such that

(48) |

where is the state of the leader, and and are the same as in (1). Similarly to the scenario of leaderless consensus, we assume that an upper bound on the initial state of the leader is known as . For the ease of analysis, we assume that . We say that the leader-follower consensus is achieved if

(49) |

In this section, the communication topology among the followers is represented by an undirected and connected graph as in Section II–A, whose Laplacian matrix is denoted by . We also assume that only a fraction of the followers can receive the information from the leader. Let represent the leader-follower interaction, i.e. if agent can directly receive the information from the leader, then , and otherwise . Moreover, we let the diagonal matrix be . For simplicity, in the following analysis, we let represent .

Comments

There are no comments yet.