Supervisory Control Of Partially Observed Petri Nets Under External Attacks

Petri nets are mathematical vehicles for modeling and control of discrete event systems since they can well characterize a wide range of discrete event system applications.Cyber attack-s on the system may lead to serious risks,thus receiving much attention from researchers and practitioners.In this thesis we consider supervisory control of partially observed Petri nets(POPNs)under malicious attacks that may corrupt an observation(i.e.,a sequence of observable events).The different attack types include insertion,removal and replacement of event labels.For a POPN,since part of its places is observable,that is,we can observe the change of the number of tokens in the partially observable places,by observing the change of the number of tokens,we divide unobservable transitions into quasi-observable transitions and truly unobservable transitions.Under this premise,when these quasi-observable transi-tions fire,we can equate these quasi-observable transitions with observable transitions,so as to obtain discernible transitions containing all observable transitions and quasi-observable transitions.Therefore,it provides a more efficient formal model for modeling many practi-cal applications.Given a POPN,we first convert it into the reachability graph and then compute the observer of the reachability graph by its discernible transitions.By analyzing the states of the ob-server under attacks to control the controllable transitions to be enabled or disabled,we can obtain a supervisor to enforce a specification language.Given an observation sequence,we assume that,once a time,only one attack type can be carried out,i.e.,the attacker does not change the attack type during an observation corruption.Here a supervisor is constructed to enforce a control specification without knowing which attack type actually occurs.Giv-en a control specification,we consider in a plant any two feasible transition sequences that share the same corrupted observation under attacks.It is shown that there exists a super-visor to enforce the control specification if both of the one-step controllable extensions of the two transition sequences either satisfy or violate the control specification simultaneously.Moreover,for a POPN,we consider two different specifications:the first is given in the form of a graph and the second is given in the form of a constraint about the number of markings.For the first specification,we can directly use the observer to analyze it,but for the second specification,we need to introduce the notion of discernible markings to design a reduced state estimator called the discernible reachability graph(DRG).A DRG is a compact state estimator whose nodes represent the discernible markings at which the system resides after an observation sequence occurs.Since the DRG can show the change of the number of to-kens in the partially observable places,we analyze the given constraint about the number of markings according to the constructed DRG to represent this specification in the form of a graph.In this way,we can analyze the second specification by the analysis method of the first specification.In addition,we present a novel structure called the product automaton,which is constructed from a plant and its specification,and proposed to decide the existence of a supervisor by checking whether each of its states satisfies the particular condition.