Robust Recovery and Control of Cyber-physical Discrete Event Systems under Actuator Attacks

Critical real-world applications strongly rely on Cyber-physical systems (CPS), but their dependence on communication networks introduces significant security risks, as attackers can exploit vulnerabilities to compromise their integrity and availability. This work explores the topic of cybersecurity in the context of CPS modeled as discrete event systems (DES), focusing on recovery strategies following the detection of cyberattacks. Specifically, we address actuator enablement attacks and propose a method that preserves the system’s full valid behavior under normal conditions. Upon detecting an attack, our proposed solution aims to guide the system toward a restricted yet robust behavior, ensuring operational continuity and resilience. Additionally, we introduce a property termed AE-robust recoverability, which characterizes the necessary and sufficient conditions for recovering a system from attacks while preventing further vulnerabilities. Finally, we showcase the proposed solution through a case study based on a manufacturing system.

💡 Research Summary

The paper addresses the problem of recovering a cyber‑physical discrete‑event system (CPDES) after an actuator‑enablement (AE) attack while preserving normal operation. Modeling the plant as a deterministic finite‑state automaton and the supervisor as a strict sub‑automaton, the authors first define vulnerable controllable events (Σc,v) and the set of vulnerable states Xv where such events are enabled. They then introduce a “robust region” Grobust, a sub‑automaton that excludes both vulnerable states and unsafe states XUS, guaranteeing that once the system resides in this region, further AE‑attacks are impossible.

A new property, AE‑robust recoverability, is proposed. It requires (i) the existence of a detection language Ldet that guarantees any attack will be detected, (ii) the existence of a safe transition from the detection point to Grobust, and (iii) that this transition can be carried out without allowing additional attacks. Based on these conditions, the authors develop an algorithm that synthesizes a robust‑recovery strategy: upon detection, the current state is examined, a safe path to Grobust is computed, and control commands are restricted to those that keep the system on that path. After reaching Grobust, a robust controller enforces that the closed‑loop behavior remains within the safe sub‑automaton, effectively neutralizing the attacker’s ability to re‑enable vulnerable events.

The approach is demonstrated on a manufacturing system where a specific machine action (σ6) is vulnerable. The attacked plant and supervisor models are constructed, and the robust‑recovery strategy is shown to redirect the system from the attacked behavior back to the initial safe states (1‑3) and then keep it within Grobust. Compared with prior methods that either disable all controllable events after detection or rely on probabilistic minimization, the proposed method maintains operational continuity, reduces downtime, and completely prevents entry into unsafe states.

Overall, the work contributes a rigorous supervisory‑control‑theoretic framework that simultaneously achieves safety, integrity, and availability in CPDES under persistent AE‑attacks, offering both theoretical guarantees and practical applicability.