Detection and isolation of faults and attacks
Claudio De Persis
University of GroningenSapienza University of Rome
Current problems in Control Theory
In honor of Prof. Alberto Isidori
Department of Computer Control and Management EngineeringSapienza University of Rome
September 24 2012
1 / 22
Fault detection and isolation
Fault
A fault in a device (airplane, ship, robot, etc.) is a deviation of thestructure of the system or of its parameters from a nominal situation
Fault detection and isolation
Fault detection and isolation is an engineering field dealing with methodsfor
Revealing the presence of such deviations (fault detection)
Differentiating between possible faults and disturbances (faultisolation)
It is a discipline at the crossroad of multiple engineering branches
Automatic controlComputer engineeringSignal processing. . .
2 / 22
Model-based fault detection
Model-based fault detection
In model-based fault detection the device under monitoring is described bya mathematical model
Systems of linear ordinary differential equations
x = Ax + Bu + Lm + Pwy = Cx
Systems of nonlinear ordinary differential equations
x = f (x)︸︷︷︸dynamics
+ g(x)u︸ ︷︷ ︸control
+ `(x)m︸ ︷︷ ︸faults
+ p(x)w︸ ︷︷ ︸disturbance
y︸︷︷︸measurements
= h(x)
3 / 22
Example: VTOL aircraft
Simplified equations of motion of a VTOL aircraft in a vertical lateral plan
x1, x2 horizontal position and velocityy1, y2 vertical position and velocityθ1, θ2 roll angle and velocity
y = h(x)
x1x2θ1θ2
= h(x)
x1x2y1y2θ1θ2
︸ ︷︷ ︸
x
=
x20y2−gθ20
︸ ︷︷ ︸
f (x)
+
0 0− sin(θ1) cos(θ1)
0 0cos(θ1) sin(θ1)
0 0
0`M
J
cos(α)
sin(α)
︸ ︷︷ ︸
g(x)
1
MT
2 sin(α)
MF
︸ ︷︷ ︸
u
4 / 22
Example: VTOL aircraft
A power loss of the actuators can be modeled as
mi = −(1 + ϕi )ui , ϕi ∈ [−1, 0]
to obtain the system
x = f (x) + g(x)u + g(x)︸︷︷︸`(x)
m
DP-DE SANTIS-ISIDORI. Nonlinear actuator fault detection and isolationfor a VTOL aircraft. American Control Conference (2001) 4449–4454.
5 / 22
Fault detection
The monitored system
x = f (x)︸︷︷︸dynamics
+ g(x)u︸ ︷︷ ︸control
+ `(x)m︸ ︷︷ ︸faults
+ p(x)w︸ ︷︷ ︸disturbances
y︸︷︷︸measurments
= h(x)
can be depicted as
6 / 22
Fault detection
The fault detection is carried out by a diagnostic filter
It is a dynamical system with the measured signals u, y as inputsIt generates diagnostic signals (residuals) r
ξ = ϕ(ξ, y) + χ(ξ, y)u, r = ψ(ξ, y)
7 / 22
Fault detection
Fundamental problem of residual generation (FPRG)
Given a device affected by a fault m and a disturbance w , find a filterwhich generates a diagnostic signal r called “residual” such that
r depends “non trivially” by m, i.e. it is affected by m
r depends “trivially” by w , i.e. it is unaffected by w
r converges to zero whenever m = 0
10 / 22
Extended problem of residual generation (EPRG)
Fault detection and isolation
Given a device affected by faults m1 . . .ms and a disturbance w , find afilter which generates diagnostic signals r1 . . . rs such that
ri depends “non trivially” by mi , i = 1, . . . , s
ri depends “trivially” by w ,mj for all j 6= s
ri converges to zero whenever mi = 0
11 / 22
Fundamental problem of residual generation
F(E)PRG formulated for linear systems by Massoumnia-Willsky-Verghese at the end of the ’80s
The analysis was based on the linear geometric control theoryintroduced by Basile-Marro and Morse-Wonham at the end of the ’60s
Solving FPRG ⇒ solving the EPRG
Limitations
Most of the engineering devices are nonlinear
Tools for the solution of the problem were not available
Filter syntesis for nonlinear systems is much more difficult than forlinear systems
12 / 22
Fundamental problem of residual generation
Device + filter
(x
ξ
)=
(f (x)ϕ(ξ, y)
)+
(g(x)χ(ξ, y)
)u +
`e︷ ︸︸ ︷(`(x)
0
)m +
pe︷ ︸︸ ︷(p(x)
0
)w
r = ψ(ξ, h(x))
The germs of the solution were provided in Alberto’s workr depends “non trivially” by m ⇔ `e 6∈ (Ωe)⊥
r depends “trivially” by w ⇔ pe ∈ (Ωe)⊥
13 / 22
Unobservability distributions
The missing geometric concept was named unobservability distribution
It plays a fundamental role in the solution of the problem
It can be computed from f , g , p, h via suitable algorithms
S0 = spanpSk+1 = Sk + [g ,Sk ∩ kerdh]
Sk → Sp∗
Q0 = (Sp∗ )⊥ ∩ spandh
Qk+1 = Qk ∩ (LgQk + spandh)
Qk → Qp∗
DP-ISIDORI. On the observability codistributions of a nonlinear system.Systems & Control Letters, 40 (2000) 297–304.
14 / 22
Solution of the FPRG
Systemx = f (x) + g(x)u + `(x)m + p(x)wy = h(x)
Fundamental problem of residual generation (FPRG)
Given a device affected by a fault m and a disturbance w , find a filterwhich generates a diagnostic signal r called “residual” such that
r depends “non trivially” by m, i.e. it is affected by m
r depends “trivially” by w , i.e. it is unaffected by w
r converges to zero whenever m = 0
Theorem
There exists a solution to the FPRG ⇔ ` 6∈ (Qp∗ )⊥
15 / 22
Synthesis of the diagnostic filter
` 6∈ (Qp∗ )⊥ implies
z1z2z3
= Φ(x),
(y1y2
)= Ψ(y)
so thatz1 = f1(z1, z2) + g1(z1, z2)u + `1(z)mz2 = f2(z) + g2(z)u + `2(z)m + p2(z)wz3 = f3(z) + g3(z)u + `3(z)m + p3(z)wy1 = h1(z1)y2 = z2
with
`1(z) 6= 0 for every z
f1, g1, h1 (locally weakly) observable
DP-ISIDORI. A geometric approach to nonlinear fault detection andisolation. IEEE Transactions on Automatic Control, 46, 6 (2001), 853–865
16 / 22
Solution of the FPRG
The process
z1 = f1(z1, y2) + g1(z1, y2)u + `1(z)m. . .
y1 = h1(z1), y2 = z2
The diagnostic filter
ξ = ϕ(ξ, u, y) = f1(ξ, y2) + g1(ξ, y2)u + G (y1 − h1(ξ))r = ψ(ξ, y) = y1 − h1(ξ)
17 / 22
Cyber-attacks
A hacker succeeded in breaking in the control system of a pumping stationturning one of the pumps on and off frequently until it burned out
18 / 22
Cyber-attacks
Networked Control Systems (NCS) are used to control large scaleinfrastructures (electric networks, gas and water distribution systems)
The use of the network exposes the control system to possibleexternal attacks
Examples of these attacks include the so-called “deception attacks” inwhich the sensors measurements and the control actions aremanipulated (for example with the addition of spurious signals) tocompromise the functioning of the whole infrastructure
19 / 22
Hydraulic networks
Hydraulic networks consist of the interconnection of four kinds ofcomponents (pumps, valves, tanks and pipes)
Figure: L. Fabrizi.Water supply in smallcommunities.
There exist mathematical models to describe them
s = Dqq = ϕ(DTq) + Buy = h(q)
where
s level in the tank, q flow in the pipes
y measured pressure, u actuator pressure
ϕ constitutive relation of the components
D incidence matrix (network topology)
B pumps location matrix in the network
DP-KALLESØE. Pressure regulation in nonlinearhydraulic networks. IEEE-TCST, 19(6) (2011), 1371–1383
20 / 22
Attacks on hydraulic networks
Many type of attacks on the network can be included in the model
s = Dq +
offtake︷︸︸︷ms
q = ϕ(DTq) + B(u +
actuator attack︷︸︸︷mu ) +
offtake︷︸︸︷mq
y = h(q) +
sensor attacks︷︸︸︷my
The geometric methods constitute a very powerful tool for the detection ofcybernetic attacks.
Limitations
The geometric methods lead to centralized filters
The attacks are carried out by intelligent entities that may know thedevice they are attacking and the possible attack detectors
21 / 22