Co-Design Secure Control Based on Image Attack Detection and Data Compensation for Networked Visual Control Systems

The incomplete and untrue data caused by cyberattacks (e.g., image information leakage and tampering) will affect the control performance and even lead to system instability. To address this problem, a novel co-design secure control method based on image attack detection and data compensation for networked visual control systems (NVCSs) is proposed. First, the existing problems of NVCSs under image attacks are analyzed, and a co-design secure control method, including image encryption, watermarking-based attack detection, and online data compensation, is presented. Then, a detector based on double-layer detection mechanism of timeout and digital watermarking is designed for real time, integrity, and authenticity discrimination of the images. Furthermore, according to the detection results, an online compensation scheme based on cubic spline interpolation and postprediction update is proposed to reduce the effect of cumulative errors and improve the control performance. Finally, the online compensation scheme is optimized by considering the characters of networked inverted pendulum visual control systems, and experimental results demonstrate the feasibility and effectiveness of the proposed detection and control method.

sensing and image processing are widely used in different 29 industrial automation fields, e.g., robot control, unmanned 30 driving, and unmanned aircraft control [3], [4], [5]. This 31 leads to the rapid development of networked visual control 32 systems (NVCSs) [6]. However, when the images from 33 vision-based measurement are transmitted through the 34 network, NVCSs will face the challenge of image security 35 such as image leakage and tampering. It in turn leads to the 36 incomplete and untrue data and ultimately affects the stability 37 of NVCSs [7], [8]. 38 Such incomplete and untrue data mainly derive from two 39 categories: 1) network inherent factors such as data packet 40 losses and network-induced delay [9], [10], [11], [12] and 41 2) cyberattacks [13], [14], [15], [16], [17] such as denial-of-42 service (DoS) attacks, crop attacks, and noise attacks, leading 43 to information forgery or even loss [18], [19], [20], [21]. These 44 factors pose huge challenges to the security control of NVCSs. 45 These problems have stimulated some research works by 46 considering incomplete and untrue data caused by cyberat-47 tacks. For example, DoS attacks decline system performance 48 by blocking data transmission [22], and a compensation mech-49 anism using the latest received data packets is designed to 50 alleviate the influence of DoS attacks [23]. Deception attacks, 51 such as replay attacks and false data injection attacks (FDIAs), 52 destroy data authenticity [24], and a distributed observer 53 combined with attack detection algorithm is designed to resist 54 random or intermittent replay attacks [25]. To reduce the oscil-55 lation caused by FDIAs, a terminal integral adaptive sliding 56 mode control algorithm using the estimation error as an adap-57 tive factor is proposed [26]. Moreover, more different methods 58 on attack detection, state estimation, and security control under 59 cyberattacks are summarized in [27] and [28]. However, these 60 studies have not considered cyberattacks against the images.

61
In NVCSs, the mechanism of image attacks is more complex 62 than nonimage attacks because image attacks will damage the 63 quality of the transmitted images and lead to being unable 64 to extract complete and true state information. To explore 65 secure control methods of NVCSs under image attacks, the 66 existing studies are basically aimed at image information 67 leakage and tampering. To protect the security of the images, 68 a chaos theory is employed to design some image encryption 69 techniques based on image pixels [29], [30]. Furthermore, 70 by using the cyclic generation of confrontation network, the 71 1557-9662 © 2022 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See https://www.ieee.org/publications/rights/index.html for more information. The vision-based measurement of NVCSs is shown in 132 Fig. 1, which includes the controlled plant, industrial camera 133 (i.e., visual sensor), remote control terminal (including image 134 processing unit and controller), and the actuator. First, the 135 real-time images of the controlled plant are captured by an 136 industrial camera, which are then transmitted to the remote 137 control terminal via the network. Then, the states x k of 138 the controlled plant are extracted from the received images 139 in the image processing unit. Furthermore, according to x k , 140 the control signals u c k will be calculated in the controller 141 and transmitted to the actuator via the network. Finally, the 142 actuator derives the controlled plant to keep stability.

143
To well construct the above NVCSs, three basics of 144 vision-based measurement [2] are discussed by taking 145 the networked inverted pendulum visual control system 146 (NIPVCS) [38]  The above has presented the framework of traditional 228 NVCSs and analyzed the corresponding drawbacks. To cope 229 with the drawbacks, a new co-design secure control method 230 for NVCSs is fully designed.   2) Attack Detector: Since the image may be lost or cor-244 rupted from attacks, an image detector is deployed in 245 the remote control terminal. When the image arrives at 246 the attack detector beyond the maximum allowable time, 247 it will be discarded, going directly to data compensa-248 tion unit; otherwise, the image tampering detection is 249 performed and the whole process will be analyzed in 250 Section III-B.

251
3) Data Compensation: When the image is judged as 252 "invalid" by the attack detector, the lost state infor-253 mation will be online compensated by the following 254 Section III-D.  For convenience, a flag γ k is used to indicate whether 259 data transmission is normal. γ k = 1 represents the normal 260 transmission of data, which means that true state information 261 can be extracted from the received image. γ k = 0 represents 262 the invalidity of data, which means that the predicted value 263 should be used to compensate. Then, the controller input signal 264 can be expressed as timer, if the image reaches attack detector timeout, it will be 282 judged as "invalid" and then directly enter the data compen-283 sation unit; otherwise, it is "valid" image. Moreover, the timer 284 will be reset after each image arrival or time-out.

311
Then, the original image I o is encrypted by Key 1, where the 312 pixel of the images at the i th row and j th column is denoted 313 by P i, j . The specific encryption steps are given as follows. 314 1) Keys Updating: Getting the image time stamp T n , offset 315 Keys 1 and 2 by considering T n as a disturbance 316 T n ← mod(T n , 1000)/1000 where "←" represents the assignment operation.   (4). 333 Moreover, overwriting the selected sequence number 334 with the last unselected sequence number stored in 335 the recorder and update N row by (4). After that, the 336 unencrypted row numbers are stored in the first N row 337 positions of the recorder. Finally, repeat these steps four 338 times to select four rows. It follows that: So does columns selection, i.e., where " * " represents a rounding down operation.
where "" and " " represent rotate right and left 357 operation and ⊕ represents the XOR operation. Then, 358 the rows and columns are swapped in pairs where "↔" represents the replacement operator.   The result from the double-level attack detector will be 394 represented by a trigger signal γ k . If the image is judged as 395 "invalid" (i.e., γ k = 0), then the image is discarded and the 396 next process will directly enter the data compensation unit; 397 otherwise, γ k = 1, and the "valid" image will be decrypted by Rows and columns selection (4) and (5), 5: Encryption parameters generation (6), 6: Pixels encryption (7) and rank swapping (8), 7: repeat 8: Watermarking parameters generation, 9: Watermarkings embedding (9), 10: until All intersections are embedded with watermarkings. 11: the detection efficiency of algorithm. In comparison with 404 authenticity detection of state information extracted from the 405 image, the proposed double-level attack detection has a higher 406 real-time capability. The former needs to extract information 407 from the image before detection, whereas the latter detects first 408 the validity of the image; only a "valid" image is processed to 409 extract the state information. Therefore, under the latter case, 410 state information extraction may be skipped if the detector 411 judges the image as "invalid," which avoid the meaningless 412 time-consuming of image processing.

413
Remark 4: In comparison with the retransmission mech-414 anism [41], the proposed double-level detection mechanism 415 can detect tampering locations on the images. For instance, 416 if 1% of 1000 frames of the images (i.e., 10 frames) have 417 timed out and 2% (i.e., 20 frames) are judged as 'invalid" 418 under image attacks, then more 30-time retransmission will 419 be produced based on the retransmission mechanism, which 420 cannot guarantee system stability because the retransmitted 421 image may not reach remote control terminal in time. How-422 ever, the proposed double-level detection mechanism does 423 not need the retransmission, which can directly judge the 424 attacked images as "invalid." They will then be compensated 425 in the data compensation unit, so it can improve the efficiency 426 because the computational time of compensation is far less 427 than retransmission time.

429
A process control system has less strict requirement on 430 the control period, which is usually on the second or minute 431 level [42], [43]. However, a motion control system with 432 fast-changing characteristics and its control period is generally 433 on the millisecond level [44], [45]. As an ideal motion control 434 platform, NIPVCS can keep stability under high real-time 435 conditions. historical compensation data become historical data, they will 496 have an impact on future data compensation. Therefore, only 497 data prediction cannot fulfill stable operation requirements for 498 high real-time control systems. It is necessary to improve the 499 existing algorithm. 500 2) Design of Online Compensation Scheme: It is found 501 by the experiments that when only predictions are made in 502 the above cubic spline interpolation algorithm, there exist the 503 following drawbacks. 504 1) If the current control signal u k is correlated with the 505 current state x k and buffer {z k−1 } including the previous 506 states, the historical prediction error will decline the 507 control performance when x k is not lost and x k−1 is lost. 508 2) Under poor network environments, the historical data 509 x k−1 will be used to predict the current lost data, but 510 the prediction error will adversely affect the current 511 prediction.

512
Due to the existence of prediction errors described above, 513 the cumulative errors will lead to an excessive accumulation 514 of errors after a period of operation, which affects the stability 515 of NVCSs. To solve the above problems, we propose an online 516 compensation strategy based on cubic spline interpolation, 517 which is mainly divided into the data prediction phase and 518 reupdating phase of historical prediction data. The data from 519 the prediction phase will be transmitted to the controller 520 to calculate control signals, while the reupdating phase of 521 historical prediction data reduces the accumulated errors to 522 provide more accurate historical data for the next prediction 523 by improving the accuracy of historical prediction data.

524
To achieve an online compensation strategy, a buffer is 525 first deployed to record historical data {z k−1 } for supporting 526 data compensation of invalid images. When invalid images are 527 discarded, the lost data are replaced byx k , which is predicted 528 in the data compensation unit by {z k−1 } from the buffer. Then, 529 the received first valid states x k after discarding data will 530 be used to update historical compensation data and will be 531 transferred to the buffer.

532
Specifically, three cases (i.e., the current data are invalid, the 533 current data are valid and previous data were invalid, and both 534 the current data and previous data are valid) are processed. 535 1) When the current data x k are judged as invalid, taking 536 the previous data {z k−1 } as known data, the current data 537 are predicted by a cubic spline external interpolation 538 algorithm, and {z k } will be updated by the predicted 539 valuex k . It is treated as the prediction phase.  3) When both x k and x k−1 are valid, the buffer {z k } is 546 updated directly.

551
Therefore, the pseudocode of online compensation strategy 552 is summarized in Algorithm 2.

5:
Using cubic spline interpolation prediction to obtainx k , 6: z k ←x k , 7: else 8: if τ k−1 = 0 then 9: Using cubic spline interpolation to updatê  As mentioned above, the compensation of invalid data is 554 divided into two main phases: prediction and update.

555
The prediction phase uses a multistep prediction approach.

Remark 6:
The predicted valuesx k will be used in the 571 calculation of control signal u c k , which has an effect on the 572 motion of the controlled plant, so historical prediction data 573 are also considered as known historical data for next invalid 574 data in the case of successive invalidation. It is worth noting 575 that as the time interval between the prediction data and real 576 valid data increases, the accuracy of the prediction gradually 577 decreases in a short-period sampling system.

578
To improve the accuracy of historical prediction data when 579 the next continuous invalid data occur, an update phase after 580 prediction is proposed to form prepredict and postupdate 581 strategies. When the first valid data x k appear after continuous 582 data invalidation at τ k−1 instants, a multistep update is used 583 to interpolate historical prediction data x k−1 , . . . , x k−τ one 584 by one based on the current real data x k and historical data 585 where j is the number of known 586 data selected in the update phase) to ensure that the used 587 historical data are closer to the real data when data invalidation 588 occurs again.

589
Remark 7: A multistep update is defined as a process of τ 590 update based on historical forecast data, and the corresponding 591 updation process is shown in Fig. 6. According to the number 592 of τ of historical prediction data, τ rounds of updation are 593 performed, in the order of time interval between historical 594 prediction data and the latest real data from near to far. Only 595 one historical prediction data are updated in each round, and 596 the buffer will be updated at the end.

597
Taking the update phase shown in Fig. 7 as an example, 598 the data at t 4 and t 5 are historical prediction data, which 599 means that the amount of historical prediction data is 2 and 600 A visual sensor has the highest frame rate up to 120 frames/s 639 and the highest resolution up to 659 × 492, which can satisfy 640 the measurement resolution and real-time requirements of 641 inverted pendulum control system.

642
Considering NIPVCS under a time-triggered mechanism, 643 the effective sampling period T s needs to be selected to 644 satisfy T s > T (T represents the upper bound of system 645 delay). In fact, system delay fluctuates due to the influence 646 of computation processing ability, network environment, and 647 other factors, so there exist upper bound T and lower bound T . Therefore, T s = 35 ms > T is taken as the sampling period.

654
NIPVCS with fast time variation has large sawtooth fluctua-655 tions in the pendulum angle curve due to a short control period, 656 which is not conducive to long-term data prediction compen-657 sation. Therefore, its state is considered to be segmented to 658 obtain the smoother state curve. From the pendulum angle 659 curves at the 2kth and (2k + 1)th shown in Section I.E of 660 Supplementary Material, it appears the gentler motion trend 661 between the interval sampling points of the state compared 662 to the original one, which makes it more suitable for data 663 compensation. Therefore, the state are divided into two time 664 series (2kth and (2k + 1)th) for compensation. 665 However, the above division reduces the correlation of the 666 prediction information. Therefore, to ensure the prediction 667 accuracy, considering the correlation between x k and x k−1 , the 668 prediction results are corrected by the state information of the 669 previous instant in the prediction phase. It follows that: where e pre is the correction scale factor, e pre ∈ (0, 1),x k is 672 the predicted value of the invalid state x k , z k−1 is the state 673 of previous instant cached in the buffer, andx k|k−1 is the 674 correction value ofx k , which will be recorded as z k .

675
In the update phase, assuming that the current new valid 676 state belongs to the 2kth series, then only the historical 677 predicted state of the 2kth series will be updated in the 678 update phase, while the (2k + 1)th series can be updated until 679 next valid state appears. However, the calculation of control 680 signal is highly correlated with the state of previous instant, 681 so the state updation starts from a preupdate of the nearest 682 neighboring historical prediction data. It follows that: where e up is preupdate scale factor, e up ∈ (0, 1), x k is new 685 valid state, andx k−1|k is the preupdate value of z k−1 . The 686 correction scale factor e pre = 0.8 and the preupdated scale 687 factor e up = 0.7 are selected by several experiments.  Table I, it can be concluded that for local tamper-753 ing (cropping, splicing, and copy-move attacks), tampering 754 rate 2 can effectively represent the true tampering ratio and the 755 ratio of tampering rate 1 to 2 is close to 1:2. Moreover, when 756 the tampered area is greater than 17%, the inverted pendulum 757 cannot maintain stability. For replay attack, the whole image is 758 tampered and no valid information can be obtained to maintain 759 system stability, but the ratio of tampering rate 1 to 2 is also 760 close to 1:2. Therefore, these types of area-based tampering 761 can be considered as having a ratio of "tampering rate 1" to 762 "tampering rate 2" close to 1:2, and 17% can be selected as the 763 threshold of "tampering rate 2." The threshold of "tampering 764 rate 2" is 17%, which means that the area-type attacks with 765 "tampering rate 2" less than 17% can be resisted by the 766 controller and the impact on image information can be ignored. 767 From Table II, it can be concluded that for global tamper-768 ing (Gaussian noise and salt-and-pepper noise), the ratio of 769 "tampering rate 2" to "tampering rate 1" increases and then 770 decreases as the noise intensity increases, and the ratio of two 771 to 17% as the first threshold. If it is less than 17%, the images 796 are valid. If it is greater than 17%, we then analyze the ratio 797 of "tampering rate 1" and "tampering rate 2." If "tampering 798 rate 2" is three times or more than "tampering rate 1" and 799 "tampering rate 1" is less than 18%, the image is valid and 800 otherwise invalid.

801
Remark 10: When the system still remains stability under 802 noise attacks, the tampering rate detected by Gaussian noise 803 and salt-and-pepper noise demonstrates a large difference, so a 804 uniform threshold cannot be obtained to classify them. This is 805 due to the global characteristics of Gaussian noise, which will 806 add different intensities of Gaussian interfere to each pixel, 807 while the watermarking information is embedded in each bit 808 of the pixel that it has a better detection effect. On the other 809 hand, salt-and-pepper noise is selected a certain percentage of 810 pixels to change its value to 0 or 255, and the watermark-811 ing information is also embedded at intervals; naturally, the 812 detection probability of it will be lower. Therefore, the smaller 813 tampering rate among them is selected as the second threshold 814 value conservatively.

816
Experiments 817 An experimental analysis is performed on NIPVCS to 818 compare the proposed online compensation schemes step by 819 step, and they are experimented under different network envi-820 ronments to analyze the factors affecting their performance. 821

1) Control Performance Comparison Under Different 822
Compensation Schemes: Considering the invalidation of data 823 equated to data loss, the frequency of data invalidation will be 824 expressed as the loss rate ρ. To verify the effectiveness of the 825 prediction phase (without the update phase), the traditional 826 method (deferring the previous data), single-step prediction 827 (based on cubic spline interpolation), and multistep prediction 828 are compared under the number of consecutive loss τ = 4. The 829 performance of the above three prediction compensation meth-830 ods is tested by gradually increasing ρ, and the performance 831 of the above three prediction methods is compared under the 832 same ρ, as shown in Figs. 10 and 11.

833
From Fig. 10, with τ = 4, it can be obtained that the 834 tolerance to the loss rate is multistep prediction > single-835 step prediction > traditional method. From Fig. 11, under 836 ρ = 15%, it can be obtained that the control curve fluctuation 837 situation is multistep prediction < single-step prediction < 838 traditional method. Multistep prediction performs best in both 839 tolerance of loss rate and control stability. Next, under τ = 4 and with multistep prediction phase, 841 three update methods of nonupdate, single-step update, 842 and multistep update were compared, and their perfor-843 mances are tested by gradually increasing ρ, as shown in 844 Figs. 10(c) and 12. It can be obtained that the tolerance to the 845 loss rate is multistep update > single-step update > nonupdate. 846 Furthermore, the prediction error based on cubic spline 847 interpolation will accumulate excessively after a period of 848 time, which will affect the stability of NVCSs. Therefore, 849 two updating methods (i.e., single-step update and multistep 850 update) are used to reduce the prediction error in real-851 world experiments, which provides more accurate historical 852

875
To summarize, multistep prediction compensation works 876 best in the prediction stage, and multistep update works best 877 in the update stage. The online compensation strategy based 878

2) Control Performance Comparison Under Different
the predicted data can reduce the cumulative error, the effect of 916 the error still requires some time for the normal control process 917 to eliminate. Moreover, the increase in ρ makes multiple 918 continuous loss periods too close to each other on the time 919 scale, which will lead to the accumulation of the error not 920 being eliminated and accumulated to the next loss period. 921 In this way, the prediction error will keep increasing, and then, 922 the system gradually destabilizes over time.

924
In this article, a novel co-design secure control method 925 based on image attack detection and data compensation for 926 NVCSs is proposed to address the incomplete and untrue 927 data caused by cyberattacks. First, a detector based on a 928 double-layer detection mechanism of timeout strategy and 929 digital watermarking has been designed for image real-time 930 and integrity discrimination to achieve image information 931 protection and integrity detection simultaneously. Then, based 932 on the detection results, an online compensation scheme 933 based on cubic spline interpolation has been proposed to 934 improve the control performance. Finally, the feasibility and 935 effectiveness of the proposed method are confirmed on a 936 practical platform. Limited by high real-time requirement of 937 system, the method proposed compensates for the data in 938 the perspective of nonvisual information, and thus, future 939 research will be devoted to the efficiency improvement of the 940 recovery algorithm on the images.