Fault Diagnosis of Discrete Event Systems Under Sensor Attack

As technology advances and demands on system performance grow, systems are built with increasing size and complexity, which significantly raises the likelihood of system disruptions. In this thesis, we consider two possible sources of major disruptions, i.e., component faults and cyber attacks. A component fault is an indigenous activity that leads to the deviation of a system from its normal or intended behavior, which typically generates safety and performance concerns. In both academia and industry, fault diagnosis has been an active research area over recent decades. Fault Diagnosis is the process of timely and accurately detecting an abnormality in the system behavior according to the system output so that the engineers can repair the faults and restore the system. On the other hand, a cyber attack is an exogenous action that actively exploits the system's potential vulnerabilities and results in irreparable damage to the physical systems, which usually raises security concerns. It has recently become of great interest due to the growth in the use of communication networks in networked systems, such as cyber physical systems (CPS). In the framework of CPS, more and more efforts have been made to study different types of malicious attacks with the goal of tampering with the system data collection processes and interfering with critical decision-making processes, assuming that the attackers are sufficiently intelligent, instead of merely just generating random failures. These two sources are not always independent from each other. For example, a cyber attack may open a door for a component fault, e.g., by keeping it undetected. Based on this consideration, in this thesis, we study the effect of intelligent attacks on the diagnostic properties for component faults in a CPS whose high-level behaviors are abstracted as discrete event systems(DES). A DES is a dynamic system that transitions between its states in response to discrete events, such as completing a job or the occurrence of a component fault. We assume that a discrete abstraction of the underlying CPS has already been performed. In order to assess robust diagnosability, a bipartite diagnoser called joint diagnoser (JD) is constructed, which captures all possible attacks in a given attack scenario. We prove that the JD shows the joint diagnosis state for both the attacker (based on the original observation) and the operator (based on the corrupted observation). As a result, the JD provides a necessary and sufficient condition for robust diagnosability verification (i.e., the existence of a harmful attacker). Besides, the JD also allows to determine if an attacker may actively make stealthy choices in its attack strategies. To capture stealthy attacks only, we present a refined JD, i.e., stealthy joint diagnoser(SJD), which can be used to check the existence of a stealthy and harmful (i.e., successful) attacker. If such attackers exist, they can be synthesized using the SJD.To address this limitation, we further aim to find a more efficient arena for robust diagnosability verification. In this regard, a deterministic verifier under attack is explored. We prove that from the verifier, a pair of ambiguous words that lead to a violation of robust diagnosability can be found. Hence, such a verifier provides a necessary and sufficient condition for robust diagnosability against attacks, which can be verified with polynomial complexity in the size of the system.