Supervisory Control Of Discrete Event Systems Modeled With Labeled Petri Nets Under Attacks

Petri nets are mathematical vehicles for modeling and control of discrete event systems since they can well characterize a wide range of discrete event system applications that include manufacturing systems,chemical batch plants,power grids,transportation systems,database management,communication protocols,logistics,and computer security.Cyber attacks may lead to serious risks,thus receiving much attention from researchers and practitioners.Far from being limited to economic damages from hacks on private information,the impact of cyber attacks is massive.This thesis addresses the supervisory control problem of discrete event systems modeled with labeled Petri nets under malicious attacks.The main contributions are introduced as the following:1.Constructing the reachability graph for a Petri net inevitably suffers from the state explosion problem in general.To overcome such a limitation,a reachability graph can be compactly represented by an observer obtained by merging the shared labels and hiding the unobservable labels.Attacks on a system can be categorized into actuator attacks and sensor attacks.The former may cause an actuator to fail to execute the commands issued from a supervisor that enforces a specification.The latter may attack a sensor to corrupt an observation(i.e.,a sequence of observable transition labels)by different types of attacks such as insertion,removal,and replacement of transition labels.For actuator attacks,if we can detect them and disable some particular controllable transition labels before reaching a state that does not satisfy the specification,then we can find a modified supervisor to enforce the specification.For sensor attacks,we assume that,once a time,only one type of attack can be carried out,i.e.,the attacker does not change the type of attack during an observation corruption.Given a specification,we consider in a plant model any two feasible transition sequences that share the same corrupted observation under attacks.It is shown that there exists a supervisor to enforce the specification if the one-step controllable extensions of the two transition sequences either satisfy or violate the specification simultaneously.Next,a novel structure,namely a product observation reachability graph constructed from a plant and its specification,is proposed to decide the existence of such a supervisor by checking whether each state in the graph satisfies a particular condition.2.Consider the problem of attacks detection.There are two cases of an observation corruption after an attack: 1)the observation corruption does not satisfy the specification language,then we can easily observe that the system is under attack;2)the observation corruption satisfies the specification language,then we need to detect whether the system is under attack,we construct a global diagnoser to detect whether the system is under attack.For 1),when we can easily observe that the system is under attack,by considering a practical problem,we only know the structure of the original system,and we can obtain the observation corruption but we cannot know what the original firing sequence and the attack structure is.We can only calculate by the observation corruption and the structure of the system to obtain the firing sequence and attack structure.We propose the maximum number of observation corruptions to infer the attack structure and how to infer the attack structure.