Zero Dynamics Attacks and Sampled-Data Control

Most modern controllers are implemented on digital computers using sample and hold mechanisms, where the controllers can be dealt with in a sampled-data (SD) framework. The SD nature of control systems in infrastructures such as power grids, transportation, and financial systems can generate additional vulnerability to stealthy attacks due to the unstable sampling zeros in the SD system. From controls system perspective, the hardest to defend are the so-called zero dynamics attacks on the output-feedback systems. If the closed-loop system possesses an unstable zero, an (ultimately) unbounded actuator (or sensor) attack cannot be observed by the monitoring data. The zero dynamics attacks can be easily implemented in the cyber space or injected into the communication links.


An interesting property of multirate sampling is its ability to remove certain unstable zeros of the discrete-time system when viewed in the lifted linear time-invariant (LTI) domain. This research aims to extend the L1 adaptive control theory to multirate SD systems. In continuous-time framework, the L1 adaptive control is known as a robust technique, for which performance bounds and robustness margins can be quantified analytically. The controller compensates for uncertainties within the bandwidth of a lowpass filter. Focusing on a multirate scheme that allows attacks to be detected, the control design objective is disturbance and uncertainty compensation for systems and to achieving uniform bounds on the reference tracking errors. In addition, analytical results are derived, that provide a sufficient condition on the sampling rate of SD system to preserve the performance of the underlying continuous-time structure.


(Left) A dual rate L1 adaptive controller is augmented to a multirate sampled-data (MSRD) baseline controller for detection of zero dynamics attacks and disturbance and uncertainty compensation. (Right) A criteria based on the fast estimation loop in the dual rate L1 control structure can detect zero dynamics attack in timely manner.


The mitigation of the zero dynamics attack signal d(t) can be realized by assuming a secure software/hardware structure for the CPS (ARSimplex). In such structure, a backup controller will operate the system, when the normal mode controller is compromised due to a cyber attack.


  1. H. Jafarnejadsani,  H. Lee, N. Hovakimyan, and P. G. Voulgaris, “Dual-rate L1 Adaptive Controller for Cyber-Physical Sampled-Data Systems”,  Submitted to IEEE Conference on Decision and Control, 2017.
  2. H. Jafarnejadsani, H. Lee, and N. Hovakimyan, “An L1 Adaptive Control Design for Output-Feedback Sampled-Data Systems”,  American Control Conference, 2017.
  3. X. Wang, E. Kharisov, and N. Hovakimyan, “Real-time L1 adaptive control algorithm for uncertain networked control systems,”  to appear in IEEE transactions on Automatic Control.