System recovery of MIMO nonlinear systems against false data injection attack

Introduction

The integration of computation, communication and control units has led to the birth and rapid development of a new generation of intelligent systems (Khan et al., 2025b; Alsinai et al., 2025), i.e., the cyber-physical systems (CPSs), which have been increasingly used in transportation systems, smart grids, power systems, remote surveillance and other fields (Cheng, Shi & Sinopoli, 2017). Due to the openness of information exchange and the complexity of physical dynamics, the long-time running of CPSs may cause security problems (Alrslani et al., 2025). Security vulnerabilities of CPSs provide the malicious attackers with the opportunity to implement them with ulterior motives (Khan et al., 2025a).

Generally, the cyberattacks can be broadly categorized as three main categories: denial-of-service (DoS) attacks, replay attacks and false data injection (FDI) attacks. DoS attackers obstruct the communication between networked agents (Wang et al., 2025). Relay attackers record and cover the communication data to degrade the system performances (Markantonakis et al., 2024). Different from them, FDI attacks, which intend to tamper transmitted data packages causing false feedback information, are more dangerous and complicated (Li, Shi & Chen, 2018). For this reason, the researches on CPSs under FDI attacks recently become one of the main topics.

In the past decade, fruitful results have been made for CPSs under attacks on attack strategy design (Zhang & Ye, 2020b; Zhang, Ye & Shi, 2022), attack detection (Alfriehat et al., 2024; Tanyıldız et al., 2025), secure estimation (Sun & Yang, 2025) and secure control (Yang et al., 2024; Khan et al., 2025c). To name a few, based on self-generated FDI attacks, Zhang & Ye (2020b) proposed a necessary and sufficient condition for attack parameters such that FDI attacks can achieve complete stealthiness. Subsequently, they investigated decentralized FDI attacks that destabilize the estimation error dynamics but eliminate their influences on the residual in each sensor node. Pasqualetti, Dörfler & Bullo (2013) designed centralized and distributed attack detection and identification monitors for continuous-time descriptor systems. In addition, secure estimation and secure control have also received great attention, especially in recent years. In An & Yang (2019), with the help of a constrained set partitioning approach, a state estimation scheme was proposed for discrete-time linear CPSs to relieve the computational complexity on the premise of the estimation correctness. Besides, they also investigated the secure control problem for nonlinear interconnected systems against intermittent DoS attacks (An & Yang, 2018a). Although these approaches proved their efficiency in attack design, attack detection, secure estimation and secure control, they ignored the impact of the attack on the system itself and did not consider how to recover the system. Actually, depending on desired precision and safety criticality of a system, changes in the transient response can be highly undesirable (Chakrabortty & Arcak, 2007, 2009). This inspired research on performance recovery (Atassi & Khalil, 1999).

In the past dozen years, performance recovery for nonlinear control has begun to attract attention in the literature, where the controller recovers the nominal transient trajectory in the presence of plant uncertainties and external disturbances. Such results for certain nonlinear control designs were proved in Back & Shim (2007, 2009), Chakrabortty & Arcak (2007, 2009), where singular perturbation methods are adopted to prove performance recovery. However, disturbance and its derivative are assumed to be bounded in Back & Shim (2007, 2009), and the uncertainty is assumed to be a sufficiently smooth function in Chakrabortty & Arcak (2007, 2009). Additionally, the tracking problem was studied in Freidovich & Khalil (2008) for a partially feedback linearizable single-input-single-output (SISO) nonlinear system with stable zero dynamics, where the closed-loop system under the observer-based controller recovers the performance of the nominal linear model as the observer gain becomes sufficiently high. However, the disturbance and its derivative are required to be bounded. An extension of Freidovich & Khalil (2008) to multi-input multi-output (MIMO) nonlinear systems was presented in Wang, Isidori & Su (2015) where the system is required to have a well-defined vector relative degree. After that, in order to relax the condition on vector relative degree, Wu et al. (2019) investigated the performance recovery for MIMO nonlinear systems under the (substantially weak) assumption of invertibility. One should note that the uncertainty is required to be a smooth function in Wang, Isidori & Su (2015), Wu et al. (2019). Despite these efforts on performance recovery for nonlinear systems, a common drawback of them is that the disturbances or uncertainties are differentiable, even smooth. For the attack signal, it is deliberately designed by hackers to harm the system. Thus, the attack signal may be a discontinuous and fast changing signal. This feature makes the existing results on performance recovery cannot be applied to CPSs under FDI attacks without assumption on its derivative, and to our knowledge, there is still no result available on system recovery problem of CPSs under attacks. This motivates the present study.

To more intuitively demonstrate the necessity of researching the system recovery problem for MIMO nonlinear systems under attack, Table 1 compares the proposed approach with existing methods.

This article deals with the system recovery problem for a class of MIMO nonlinear systems subject to FDI attacks without assumption on its derivative. The system under consideration has a vector relative degree and a trivial zero dynamics, which can be transformed into a linear one by means of feedback-linearizing design. Then, a recursive attack-compensation input signal is constructed skillfully and added into the system input to almost fully compensate the attack, so that the system can be almost fully recovered. Compared to the existing results, our approach consists of the following main contributions and advantages: (i) A new perspective is provided for designing attack compensation scheme by compensating for the state deviation caused by the attack, which is helpful for designing an attack-compensated signal to recover the system. In fact, unlike the existing methods that enhance the robustness of control algorithms (e.g., Yang et al., 2024), the proposed method enhances the robustness of the plant itself; (ii) The existing results on CPSs mainly focus on attack design, attack detection, state estimation and secure control, but do not consider the state deviation of the system caused by the attack. In contrast, this article systematically investigates the recovery of CPSs under attacks for the first time; (iii) A common limitation of performance recovery for nonlinear system is that disturbances or uncertainties are required to be differentiable, even smooth (Back & Shim, 2007, 2009; Chakrabortty & Arcak, 2007, 2009; Freidovich & Khalil, 2008; Wang, Isidori & Su, 2015; Wu et al., 2019). Unlike disturbances and uncertainties, the attacks under consideration are not restricted to be differentiable or smooth.

Notations: Let $O(T)$ represent the infinitesimal of the same order as T. For a matrix A, let A′ denote its transpose and ${\lambda }_{min}(A)$ denote its minimum eigenvalue. $L_{f}h(x)\triangleq \frac{\mathrm{\partial }h}{\mathrm{\partial }x}f(x)$ is called the Lie Derivative of $h$ with respect to $f$. For any positive integer $r$, $A_r$ denotes a shift matrix of $r\times r$ dimension, $B_r\triangleq [0,\dots ,0,1{]}^{\prime }\in {\mathbb{R}}^d$, and $C_r\triangleq [1,0,\dots ,0]\in {\mathbb{R}}^{1\times d}$. For a matrix $b$, the notation $b^{+}$ represents the pseudo-inverse.

Problem statement

Consider the system recovery problem of the following MIMO nonlinear systems under FDI attack,

(1) $$\dot{x}=f(x)+g(x)(u+u_a),y=h(x),$$where $x\in {\mathbb{R}}^n$, $u\in {\mathbb{R}}^m$ and $y\in {\mathbb{R}}^q$ denote the state vector, the control input and the output, respectively. $f(x)$, $g(x)=[g_1(x),\dots ,g_m(x)]$ and $h(x)=[h_1(x),\dots ,h_q(x){]}^{\prime }=[y_1,\dots ,y_q{]}^{\prime }$ are known smooth mappings with $f(0)=0$ and $h(0)=0$. The vector $u_a\in {\mathbb{R}}^m$ denotes the norm bounded FDI attack (Zhang & Ye, 2020b; Zhang, Ye & Shi, 2022), which is injected into the system by a malicious attacker.

Under Assumption 1, with the help of the Structure Algorithm (Teel & Praly, 1995; Freidovich & Khalil, 2008), there exist a diffeomorphism

(4) $$\mathrm{\Phi }(x)=\left[\begin{array}{c}{h}_1(x)\\ L_f{h}_1(x)\\ ⋮\\ L_f^{r_1-1}{h}_1(x)\\ ⋮\\ h_q(x)\\ L_f{h}_q(x)\\ ⋮\\ L_f^{r_q-1}{h}_q(x)\end{array}\right]$$which brings the system Eq. (1) to the system modeled by equations of the normal form:

(5) $$\begin{gathered} \{\begin{array}{ccc}{\dot{x}}_{1,i}& =& x_{1,i+1},\mathrm{\forall }1\le i\le r_1-1\hfill \\ {\dot{x}}_{1,r_1}& =& a_1(x)+b_1(x)(u+u_a)\hfill \\ y_1& =& x_{1,1}\hfill \end{array} \\ \{\begin{array}{ccc}{\dot{x}}_{2,i}& =& x_{2,i+1},\mathrm{\forall }1\le i\le r_2-1\hfill \\ {\dot{x}}_{2,r_2}& =& a_2(x)+b_2(x)(u+u_a)\hfill \\ y_2& =& x_{2,1}\hfill \end{array} \\ \{\begin{array}{ccc}{\dot{x}}_{k,i}& =& x_{k,i+1},\mathrm{\forall }1\le i\le r_k-1\hfill \\ {\dot{x}}_{k,r_k}& =& a_k(x)+b_k(x)(u+u_a)\hfill \\ y_k& =& x_{k,1}\hfill \end{array} \end{gathered}$$with $k=3,\dots ,q$, $r_1+r_2+\cdots +r_q=n$, where $b_k(x)$ is the $k$-th row of $b(x)$ and $\mathrm{\Phi }(x)=[x_{1,1},\dots ,x_{1,r_1},\dots ,$ $x_{q,1},\dots ,x_{q,r_q}{]}^{\prime }$.

By feedback linearization, the input $u$ of the system Eq. (5), which is also the input of the system Eq. (1), is designed against the attack as

(7) $$u=b^{+}(x)[-a(x)+v+v_c]=\underset{u_d}{\underbrace{b^{+}(x)[-a(x)+v]}}+\underset{u_c}{\underbrace{b^{+}(x)v_c}}$$with $a(x)=[a_1(x),\dots ,a_q(x){]}^{\prime }$, where $u_d$ denotes the desired input (or called reference input) which is designed according to the nominal model, and $u_c$ is the attack-compensation signal which is added into the system input and will be designed skillfully to almost fully compensate the attack $u_a$.

Under the above system input Eq. (7), the input-output model Eq. (5) will be transformed into the following linear one

(8) $$\dot{\xi }=A\xi +B[v+(v_c+a)],y=C\xi ,$$where $a\triangleq b(x)u_a$, $\xi \triangleq [x_{1,1},\dots ,x_{1,r_1},\dots ,x_{q,1},\dots ,x_{q,r_q}{]}^{\prime }$, $A\triangleq \mathrm{b}\mathrm{l}\mathrm{k}\mathrm{d}\mathrm{i}\mathrm{a}\mathrm{g}(A_{r_1},\dots ,A_{r_q})$, $B\triangleq \mathrm{b}\mathrm{l}\mathrm{k}\mathrm{d}\mathrm{i}\mathrm{a}\mathrm{g}(B_{r_1},\dots ,$ $B_{r_q})$, $C\triangleq \mathrm{b}\mathrm{l}\mathrm{k}\mathrm{d}\mathrm{i}\mathrm{a}\mathrm{g}(C_{r_1},$ $\dots ,C_{r_q})$, and the operator $\mathrm{b}\mathrm{l}\mathrm{k}\mathrm{d}\mathrm{i}\mathrm{a}\mathrm{g}(\cdot )$ builds a block diagonal matrix from its argument. Furthermore, one can check that $a$ is bounded under Assumption 2.

For convenience of expression, let $x_n$, ${\xi }_n$ and $y_n$ denote the nominal values of $x$, $\xi$ and $y$ respectively (i.e., the values in the attack-free system or called the values in the nominal system). That is, $x_n$, ${\xi }_n$ and $y$ satisfy

(9) $${\dot{x}}_n=f(x_n)+g(x_n)u,{\dot{\xi }}_n=A{\xi }_n+Bv,y_n=C{\xi }_n$$with $x_n(t_0)=x(t_0)$ and ${\xi }_n(t_0)=\xi (t_0)$.

Design objective: The purpose of this article is to design the additional attack-compensation input $u_c$ in Eq. (7) for the MIMO nonlinear system Eq. (1) such that the mapping relationship between the desired input $u_d$ and system states $x$ is almost the same as the one in the nominal system. In other words, the attack is almost fully compensated such that the system under consideration is almost recovered.

For the linear system Eq. (8), since $CB=0$ which violates the observer matching condition (Corless & Tu, 1998), the attack-related term $a$ is hard to be estimated and compensated effectively by the existing results. Fortunately, this system has another obvious feature which makes it possible to almost completely compensate for the attacks-related term $a$. That is, all states of the linear system Eq. (8) are derivatives of the output, i.e., $x_{i,j}=y_i^{(j-1)}$ for all $i=1,\dots ,q$ and $j=1,\dots ,r_i$. Many approaches (e.g., high-gain approximate differentiators (Kalsi et al., 2010) and sliding mode exact differentiator (Floquet, Edwards & Spurgeon, 2007)) have been proposed to obtain the estimation of system states. As in Kalsi et al. (2010), the following lemma is established to obtain the system states with any arbitrary accuracy.

Obviously, one can see easily from Lemma 1 that $x_{i,j}$ can be replaced by $x_{i,j,h}$ with any arbitrary accuracy. For this reason and the convenience of description, it is reasonable to assume that $\xi$ is available for system recovery design. Also, the system input Eq. (7) can be rewritten as

(11) $$u=\underset{u_d}{\underbrace{b^{+}({\mathrm{\Phi }}^{-1}(\xi ))[-a({\mathrm{\Phi }}^{-1}(\xi ))+v]}}+\underset{u_c}{\underbrace{b^{+}({\mathrm{\Phi }}^{-1}(\xi ))v_c}}$$where ${\mathrm{\Phi }}^{-1}(\cdot )$ represents the inverse operator of $\mathrm{\Phi }(\cdot )$.

In order to show the proposed system recovery strategy more clearly, its block diagram is drawn in Fig. 1. The proposed attack-compensation strategy has the following obvious feature: it is an inner-loop controller so that it can be added on the existing closed-loop system working in harmony with a pre-designed outer-loop controller.

System recovery design in a recursive fashion

Define an auxiliary variable $\eta =[{\eta }_1,\dots ,{\eta }_q{]}^{\prime }$ with

(12) $${\eta }_i\triangleq {\ell }_{i,1}{y}_i+{\ell }_{i,2}{y}_i^{(1)}+\cdots +{\ell }_{i,r_i-1}{y}_i^{(r_i-2)}+y_i^{(r_i-1)},$$for all $1\le i\le q$, where the parameters ${\ell }_{i,1},\dots ,{\ell }_{i,r_i-1}$ are selected such that the roots of the equation ${\ell }_{i,1}+{\ell }_{i,2}s+\cdots +{\ell }_{i,r_i-1}{s}^{r_i-2}+s^{r_i-1}=0$ have negative real parts.

Obviously, $\eta$ can be rewritten as

(13) $$\eta =L\xi$$where $L\triangleq \mathrm{b}\mathrm{l}\mathrm{k}\mathrm{d}\mathrm{i}\mathrm{a}\mathrm{g}(L_1,\dots ,L_q)$ with $L_i\triangleq [{\ell }_{i,1},\dots ,{\ell }_{i,r_i-1},1]$.

According to the knowledge of calculus, $\eta$ meets

(14) $$\eta (t)=L{e}^A(t-t_0)\xi (t_0)+{\int }_{t_0}^{t}L{e}^{A(t-\tau )}B[v(\tau )+v_c(\tau )+a(\tau )]d\tau$$where $t_0$ denotes the start time of the system under consideration.

Before analyzing the impact of attacks on the original nonlinear system Eq. (1), we first analyze the impact of attacks on auxiliary variable $\eta$ which will provide great convenience for analyzing the original system. So let’s start now. If $v_c(t)$ can fully compensate for the impact of the attack on the auxiliary variable $\eta$, the following condition must be satisfied obviously.

(15) $${\int }_{t_0}^{t}L{e}^{A(t-\tau )}B[v_c(\tau )+a(\tau )]d\tau \equiv 0,\mathrm{\forall }t\ge t_0$$that is, $v_c(t)+a(t)\equiv 0,\mathrm{\forall }t\ge t_0$. In other words, $a(t)$ is required to be known in real-time a priori. Nevertheless, this condition is too strict for many practical systems, and thus, the following problem will naturally be encountered: whether the impact of the attack on the auxiliary variable $\eta$ can be compensated by removing the aforementioned restriction? The answer happens to be yes, and we will show that the impact of the attack on $\eta$ can almost completely compensated by a skillfully designed attack-compensation input signal $v_c(t)$.

The design process of the attack-compensation input signal includes the following two steps.

Step 1: Removing the strict requirements of real-time.

In order to eliminate the strict requirement of real-time, small time-delay will be adopted to replace real-time. In details, for the auxiliary variable $\eta$ in Eq. (14), we divide the whole time-domain of the right-hand side into interval segments with period $T>0$, as follows

(16) $$\begin{array}{rl}\eta (nT+t_0)& =L{e}^{A(nT)}\xi (t_0)+{\int }_{t_0}^{nT+t_0}L{e}^{A(nT+t_0-\tau )}Bv(\tau )d\tau +{\int }_{t_0}^{nT+t_0}L{e}^{A(nT+t_0-\tau )}B[v_c(\tau )\\ & +a(\tau )]d\tau =L{e}^{A(nT)}\xi (t_0)+{\int }_{t_0}^{nT+t_0}L{e}^{A(nT+t_0-\tau )}Bv(\tau )d\tau \\ & +{\int }_{t_0}^{T+t_0}L{e}^{A(nT+t_0-\tau )}B{v}_c(\tau )d\tau +{\int }_{T+t_0}^{2T+t_0}L{e}^{A(nT+t_0-\tau )}B{v}_c(\tau )d\tau +\cdots \\ & +{\int }_{kT+t_0}^{(k+1)T+t_0}L{e}^{A(nT+t_0-\tau )}B{v}_c(\tau )d\tau +\cdots +{\int }_{(n-1)T+t_0}^{nT+t_0}L{e}^{A(nT+t_0-\tau )}B{v}_c(\tau )d\tau \\ & +{\int }_{t_0}^{T+t_0}L{e}^{A(nT+t_0-\tau )}Ba(\tau )d\tau +{\int }_{T+t_0}^{2T+t_0}L{e}^{A(nT+t_0-\tau )}Ba(\tau )d\tau +\cdots \\ & +{\int }_{kT+t_0}^{(k+1)T+t_0}L{e}^{A(nT+t_0-\tau )}Ba(\tau )d\tau +\cdots +{\int }_{(n-1)T+t_0}^{nT+t_0}L{e}^{A(nT+t_0-\tau )}Ba(\tau )d\tau \end{array}$$where $n$ represents any positive integer and the positive constant T is called the period of compensation signal. Also, T is a small positive constant which denotes the small time-delay.

To remove the strict requirement of real-time, one way is to adopt $v_c(t)$ in the interval $t\in [kT+t_0,(k+1)T+t_0)$ for compensating the impact of $a(t)$ on auxiliary variable $\eta$ in the interval $t\in [(k-1)T+t_0,kT+t_0)$ (please see Fig. 2). Obviously, by choosing a small T, the attack can still be compensated timely to avoid the continuous impact of the attack on the auxiliary variable $\eta$. According to this design thinking, $\mathrm{\forall }k\in \{0,1,2,\cdots \}$, let

(17) $${\int }_{kT+t_0}^{(k+1)T+t_0}L{e}^{A(nT+t_0-\tau )}B{v}_c(\tau )d\tau +{\int }_{(k-1)T+t_0}^{kT+t_0}L{e}^{A(nT+t_0-\tau )}Ba(\tau )d\tau =0.$$

Under Eq. (17), one has

(18) $$\eta (nT+t_0)=L{e}^{A(nT)}\xi (t_0)+{\int }_{t_0}^{nT+t_0}L{e}^{A(nT+t_0-\tau )}Bv(\tau )d\tau +{\int }_{(n-1)T+t_0}^{nT+t_0}L{e}^{A(nT+t_0-\tau )}a(\tau )d\tau .$$

Obviously, when T is small enough, $\eta (nT+t_0)\approx L{e}^{A(nT)}\xi (t_0)+{\int }_{t_0}^{nT+t_0}L{e}^{A(nT+t_0-\tau )}Bv(\tau )d\tau$. One can see that, at time instants $t=nT+t_0,\mathrm{\forall }n\in \mathbb{N}$, the auxiliary variable $\eta$ is almost the same as the one in the nominal system (when the system is not attacked). Thus, at time instants $t=nT+t_0,\mathrm{\forall }n\in \mathbb{N}$, the attack-compensation input signal $v_c(t)$ defined in Eq. (17) can almost eliminate the impact of $a(t)$ on the auxiliary variable $\eta$ with a small time-delay T. It should be pointed out that the same result can be guaranteed for the interval $(nT+t_0,(n+1)T+t_0),\mathrm{\forall }n\in \mathbb{N}$ which will be proved in the next section.

By some mathematical calculation, Eq. (17) can be rewritten for all $k\in \{0,1,2,\dots \}$ as

(19) $$e^{A(n-k)T}{\int }_{kT+t_0}^{(k+1)T+t_0}L{e}^{A(kT+t_0-\tau )}B{v}_c(\tau )d\tau +e^{A(n-k)T}{\int }_{(k-1)T+t_0}^{kT+t_0}L{e}^{A(kT+t_0-\tau )}Ba(\tau )d\tau =0$$which is equivalent to

(20) $${\int }_0^{T}L{e}^{-A\tau }B{v}_c(kT+t_0+\tau )d\tau +{\int }_{(k-1)T+t_0}^{kT+t_0}L{e}^{A(kT+t_0-\tau )}Ba(\tau )d\tau =0.$$

Let $v_c(kT+t_0+\tau )=-B^{\prime }{e}^{-A^{\prime }\tau }{L}^{\prime }{\overline{v}}_c(k),\tau \in (0,T)$. By substituting it into Eq. (20), one has

(21) $${\overline{v}}_c(k)=-{\left({\int }_0^{T}L{e}^{-A\tau }B{B}^{\prime }{e}^{-A^{\prime }\tau }{L}^{\prime }d\tau \right)}^{-1}{\int }_{(k-1)T+t_0}^{kT+t_0}L{e}^{A(kT+t_0-\tau )}Ba(\tau )d\tau$$where we have used the fact that ${\int }_0^{T}L{e}^{-A\tau }B{B}^{\prime }{e}^{-A^{\prime }\tau }{L}^{\prime }d\tau$ is invertible since the pair $(A,B)$ is controllable and L is row full rank. Therefore, it is pretty easy to obtain for all $k\in \{0,1,2,\dots \}$ and $\tau \in (0,T)$ that

(22) $$v_c(kT+t_0+\tau )=-B^{\prime }{e}^{-A^{\prime }\tau }{L}^{\prime }{\left({\int }_0^{T}L{e}^{-A\tau }B{B}^{\prime }{e}^{-A^{\prime }\tau }{L}^{\prime }d\tau \right)}^{-1}{\int }_{(k-1)T+t_0}^{kT+t_0}L{e}^{A(kT+t_0-\tau )}Ba(\tau )d\tau$$which is equivalent to

(23) $$v_c(\tau )=-B^{\prime }{e}^{A^{\prime }(kT+t_0-\tau )}{L}^{\prime }{\left({\int }_0^{T}L{e}^{-A\tau }B{B}^{\prime }{e}^{-A^{\prime }\tau }{L}^{\prime }d\tau \right)}^{-1}{\int }_{(k-1)T+t_0}^{kT+t_0}L{e}^{A(kT+t_0-\tau )}Ba(\tau )d\tau$$holds for all $k\in \{0,1,2,\dots \}$ and $\tau \in (kT+t_0,(k+1)T+t_0)$. Unfortunately, ${\int }_{(k-1)T+t_0}^{kT+t_0}L{e}^{A(kT+t_0-\tau )}Ba(\tau )d\tau$ in Eq. (23) is not directly implementable if the attack signal is unknown. In the following Step 2, we will propose an alternative approach to solve the above problem.

Step 2: An alternative approach for solving the term ${\int }_{(k-1)T+t_0}^{kT+t_0}L{e}^{A(kT+t_0-\tau )}Ba(\tau )d\tau$.

It is easy to get from Eq. (8) that

(24) $$\begin{array}{rl}{\int }_{(k-1)T+t_0}^{kT+t_0}L{e}^{A(kT+t_0-\tau )}Ba(\tau )d\tau & =L\xi (kT+t_0)-L{e}^{AT}\xi ((k-1)T+t_0)\\ & -{\int }_{(k-1)T+t_0}^{kT+t_0}L{e}^{A(kT+t_0-\tau )}B[v(\tau )+v_c(\tau )]d\tau .\end{array}$$

With the help of Steps 1–2, and by combining Eqs. (23) and (24), one can obtain the following causal and implementable recursive attack-compensation input signal

(25) $$\begin{array}{rl}{v}_c(t)=& -B^{\prime }{e}^{A^{\prime }(kT+t_0-t)}{L}^{\prime }{\left({\int }_0^{T}L{e}^{-A\tau }B{B}^{\prime }{e}^{-A^{\prime }\tau }{L}^{\prime }d\tau \right)}^{-1}[L\xi (kT+t_0)-L{e}^{AT}\xi ((k-1)T+t_0)\\ & -{\int }_{(k-1)T+t_0}^{kT+t_0}L{e}^{A(kT+t_0-\tau )}B(v(\tau )+v_c(\tau ))d\tau ]\end{array}$$which holds for all $k\in \{0,1,2,\dots \}$ and $t\in (kT+t_0,(k+1)T+t_0)$.

Note that, the boundness of $\xi$ is required to be satisfied a priori of the high-gain observer Eq. (10) in Lemma 1. This condition is quite easy to satisfy, as will be proved in the following.

Proof On the one hand, for $t\in (kT+t_0,(k+1)T+t_0)$, one can see from Eq. (23) that

(26) $$\begin{array}{rl}\Vert v_c(t)\Vert & \le \underset{\tau \in [0,T]}{max}\Vert B^{\prime }{e}^{-A^{\prime }\tau }{L}^{\prime }\Vert {\left\{T{min}_{\tau \in [0,T]}||L{e}^{-A\tau }B{B}^{\prime }{e}^{-A^{\prime }\tau }{L}^{\prime }\Vert \right\}}^{-1}T\underset{\tau \in [0,T]}{max}\Vert L{e}^{A\tau }B\Vert \\ & \times \underset{\tau \in [(k-1)T+t_0,kT+t_0]}{max}\Vert a(t)\Vert \\ & =\frac{{max}_{\tau \in [0,T]}\Vert B^{\prime }{e}^{-A^{\prime }\tau }{L}^{\prime }\Vert \times {max}_{\tau \in [0,T]}\Vert L{e}^{A\tau }B\Vert }{{min}_{\tau \in [0,T]}\Vert L{e}^{-A\tau }B{B}^{\prime }{e}^{-A^{\prime }\tau }{L}^{\prime }\Vert }\underset{\tau \in [(k-1)T+t_0,kT+t_0]}{max}\Vert a(t)\Vert \end{array}$$which implies that the signal $v_c(t)$ is uniformly bounded. Also, one can further check that

(27) $$\underset{T\to 0}{lim}\underset{\tau \in [0,T]}{min}\Vert L{e}^{-A\tau }B{B}^{\prime }{e}^{-A^{\prime }\tau }{L}^{\prime }\Vert =1.$$

On the other hand, let’s consider the linear system Eq. (8), which can be rewritten as

(28) $$\dot{\xi }=A\xi +Bv+d$$where the pair $(A,B)$ is controllable, and $d\triangleq B(v_c+a)$ is bounded since $v_c$ and $a$ are both bounded. Thus, according to Lyapunov stability theorem, it is pretty easy to see that $\xi$ is uniformly bounded when $v$ stabilizes the system Eq. (28).

Stability analysis

In this section, the stability of the original nonlinear system Eq. (1) with the system input Eq. (11) will be established.

Let ${\eta }_n$ denote the nominal value of the signal $\eta$. That is,

(29) $${\eta }_n=L{\xi }_n$$with ${\eta }_n(t_0)=\eta (t_0)$.

Now, let us analyze the impact of the attacks on the auxiliary variable $\eta$.

Proof The proof is divided into the following two cases: (1) $t=kT+t_0$; and (2) $t\in (kT+t_0,(k+1)T+t_0)$.

Case 1: $t=kT+t_0$. It is quite natural to obtain from Eqs. (8), (9), (14) and (29) that

(30) $$\begin{array}{rl}\Vert \tilde{\eta }(kT+t_0)\Vert & =\Vert L{e}^{A(kT)}\tilde{\xi }(t_0)+{\int }_{(k-1)T+t_0}^{kT+t_0}L{e}^{A(kT+t_0-\tau )}Ba(\tau )d\tau \Vert \\ & =\Vert {\int }_{(k-1)T+t_0}^{kT+t_0}L{e}^{A(kT+t_0-\tau )}Ba(\tau )d\tau \Vert \\ & \le T\times \underset{\tau \in [0,T]}{max}\Vert L{e}^{A\tau }B\Vert \times \underset{\tau \in [(k-1)T+t_0,kT+t_0]}{max}\Vert a(t)\Vert \end{array}$$where $\tilde{\xi }\triangleq \xi -{\xi }_n$.

Case 2: $t\in (kT+t_0,(k+1)T+t_0)$. One can see from Eqs. (14) and (29) that

(31) $$\begin{array}{rl}\tilde{\eta }(t)& =L{e}^{A(t-t_0)}\tilde{\xi }(t_0)+{\int }_{t_0}^{t}L{e}^{A(t-\tau )}B[v_c(\tau )+a(\tau )]d\tau \\ & ={\int }_{t_0}^{t_0+T}L{e}^{A(t-\tau )}B{v}_c(\tau )d\tau +\cdots +{\int }_{kT+t_0}^{(k+1)T+t_0}L{e}^{A(t-\tau )}B{v}_c(\tau )d\tau \\ & -{\int }_t^{(k+1)T+t_0}L{e}^{A(t-\tau )}B{v}_c(\tau )d\tau +{\int }_{t_0}^{T+t_0}L{e}^{A(t-\tau )}Ba(\tau )d\tau +\cdots \\ & +{\int }_{(k-1)T+t_0}^{kT+t_0}L{e}^{A(t-\tau )}Ba(\tau )d\tau +{\int }_{kT+t_0}^{t}L{e}^{A(t-\tau )}Ba(\tau )d\tau \\ & =-{\int }_t^{(k+1)T+t_0}L{e}^{A(t-\tau )}B{v}_c(\tau )d\tau +{\int }_{kT+t_0}^{t}L{e}^{A(t-\tau )}Ba(\tau )d\tau \end{array}$$

Therefore, with the help of Eq. (23), the deviation $\tilde{\eta }(t)$ satisfies

(32) $$\begin{array}{rl}\Vert \tilde{\eta }(t)\Vert & \le \Vert {\int }_t^{(k+1)T+t_0}L{e}^{A(t-\tau )}B{v}_c(\tau )d\tau \Vert +\Vert {\int }_{kT+t_0}^{t}L{e}^{A(t-\tau )}Ba(\tau )d\tau \Vert \\ & \le \Vert {\int }_t^{(k+1)T+t_0}L{e}^{A(t-\tau )}B{v}_c(\tau )d\tau \Vert +T\underset{\tau \in [0,T]}{max}\Vert L{e}^{A\tau }B\Vert \times \underset{\tau \in [kT+t_0,(k+1)T+t_0]}{max}\Vert a(\tau )\Vert \end{array}$$where the first term on the right-hand side of the above inequality for $t\in (kT+t_0,(k+1)T+t_0)$ obeys that

(33) $$\begin{array}{rl}\Vert {\int }_t^{(k+1)T+t_0}L{e}^{A(t-\tau )}B{v}_c(\tau )d\tau \Vert & =\Vert {\int }_t^{(k+1)T+t_0}L{e}^{A(t-{\tau }_1)}B{B}^{\prime }{e}^{A^{\prime }(kT+t_0-{\tau }_1)}{L}^{\prime }\\ & \times {\left({\int }_0^{T}L{e}^{-A\tau }B{B}^{\prime }{e}^{-A^{\prime }\tau }{L}^{\prime }d\tau \right)}^{-1}{\int }_{(k-1)T+t_0}^{kT+t_0}L{e}^{A(kT+t_0-{\tau }_2)}Ba({\tau }_2)d{\tau }_{2}d{\tau }_1\Vert \\ & \le {\int }_t^{(k+1)T+t_0}\Vert L{e}^{A(t-{\tau }_1)}B{B}^{\prime }{e}^{A^{\prime }(kT+t_0-{\tau }_1)}{L}^{\prime }\Vert d{\tau }_1\Vert {\left({\int }_0^{T}L{e}^{-A\tau }B{B}^{\prime }{e}^{-A^{\prime }\tau }{L}^{\prime }d\tau \right)}^{-1}\Vert \\ & \times \Vert {\int }_{(k-1)T+t_0}^{kT+t_0}L{e}^{A(kT+t_0-{\tau }_2)}Ba({\tau }_2)d{\tau }_2\Vert \\ & \le \underset{{\tau }_1,{\tau }_2\in [0,T]}{max}||L{e}^{-A{\tau }_1}B{B}^{\prime }{e}^{-A^{\prime }{\tau }_2}{L}^{\prime }\Vert \underset{\tau \in [0,T]}{max}\Vert L{e}^{A\tau }B\Vert \\ & \times \underset{\tau \in [(k-1)T+t_0,kT+t_0]}{max}\Vert a(\tau )||T^2\Vert {\int }_0^{T}L{e}^{-A\tau }B{B}^{\prime }{e}^{-A^{\prime }\tau }{L}^{\prime }d\tau {\Vert }^{-1}.\end{array}$$

Combining Eqs. (32) and (33), one can conclude that

(34) $$\begin{array}{rl}\Vert \tilde{\eta }(t)\Vert & \le T\times \underset{\tau \in [0,T]}{max}\Vert L{e}^{A\tau }B\Vert \times \underset{\tau \in [kT+t_0,(k+1)T+t_0]}{max}\Vert a(\tau )\Vert +T^2{\mathrm{\Delta }}^{-1}(T)\\ & \times \underset{{\tau }_1,{\tau }_2\in [0,T]}{max}\Vert L{e}^{-A{\tau }_1}B{B}^{\prime }{e}^{-A^{\prime }{\tau }_2}{L}^{\prime }\Vert \times \underset{\tau \in [0,T]}{max}\Vert L{e}^{A\tau }B\Vert \times \underset{\tau \in [(k-1)T+t_0,kT+t_0]}{max}\Vert a(\tau )\Vert \end{array}$$holds for $t\in (kT+t_0,(k+1)T+t_0)$, where $\mathrm{\Delta }(T)\triangleq ||{\int }_0^{T}L{e}^{-A\tau }B{B}^{\prime }{e}^{-A^{\prime }\tau }{L}^{\prime }d\tau ||$.

To sum up, one can conclude from Cases 1-2 that the deviation $\tilde{\eta }(t)$ satisfies

(35) $$\begin{array}{rl}\Vert \tilde{\eta }(t)\Vert & \le T\underset{\tau \in [0,T]}{max}\Vert L{e}^{A\tau }B\Vert \times \underset{\tau \in [(k-1)T+t_0,(k+1)T+t_0]}{max}\Vert a(\tau )\Vert +T^2\mathrm{\Delta }(T{)}^{-1}\\ & \times \underset{{\tau }_1,{\tau }_2\in [0,T]}{max}\Vert L{e}^{-A{\tau }_1}B{B}^{\prime }{e}^{-A^{\prime }{\tau }_2}{L}^{\prime }\Vert \times \underset{\tau \in [0,T]}{max}\Vert L{e}^{A\tau }B\Vert \times \underset{\tau \in [(k-1)T+t_0,kT+t_0]}{max}\Vert a(\tau )\Vert \\ & =O(T)\end{array}$$where we have used the fact that $\mathrm{\Delta }(T)=O(T)$, and $a=b(x)u_a$ is bounded under Assumption 2. The right-hand side of the above inequality is an infinitesimal of the same order as T, and thus $\tilde{\eta }(t)$ can be arbitrary small when a small enough period T is chosen. Hence, the proof is completed.