This article has been accepted for publication in a future issue of this journal, but has not been

fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TCSII.2017.2690843, IEEE
Transactions on Circuits and Systems II: Express Briefs
1

An Intrusion Detection System for Cyber Attacks in

Wireless Networked Control Systems
Ahmad W. Al-Dabbagh, Student Member, IEEE, Yuzhe Li, and Tongwen Chen, Fellow, IEEE

Abstract—In this paper, a proposed topology for a wireless
networked control system is studied under several cyber attack
scenarios, and a distributed intrusion detection system (IDS) is
designed to identify the existence of attacks. More specifically, the
paper presents a modelling framework for the closed-loop control
system with the IDS, and a computational procedure to design
and compute the IDS. The computational procedure delivers a
stable closed-loop control system with the IDS being sensitive to
cyber attacks. Also, a simulation example is used to illustrate the
application of the proposed procedure as well as its effectiveness.
Index Terms—Cyber attacks, cyber-physical systems, dis-
tributed detection, wireless automation, secure control systems
I. I NTRODUCTION
In the literature, the use of both wired and wireless com-
munication networks in a closed-loop control system has
been studied in different horizons; for examples, see [1]–
[3]. Compared to wired communication networks, the use of
wireless communication networks provides many advantages.
However, several associated challenges also exist and require
further research. One of the challenges is the security of the
closed-loop control system. More specifically, in the presence
of an intruder (or attacker), the components and the com-
municated information in the control system are subject to
eavesdropping and manipulation which can affect its stability
and performance. Several types of attacks are described in
[4], where the associated goals of the attacker are specified.
For example, in a denial of service (DoS) attack, the attacker
influences communication channels such that communicated
information between devices are blocked (i.e., a receiving
device can no longer receive information from a transmitting
device); in a replay attack, the attacker eavesdrops as well as
influences communication channels such that communicated
information are retransmitted at a later time; and in a bias
injection attack, the attacker influences communication chan-
nels such that other information is injected and transmitted to a
receiving device. The security of control systems has also been
studied in different horizons. For example, the estimation and
control of linear systems when an attacker corrupts sensors and
actuators are addressed in [5]; the development of model-based
techniques for the detection of integrity attacks on the sensors
of a control system is investigated in [6]; and the problem of
network control system resiliency under the presence of replay
attacks is studied in [7].
Further, for a networked control system using wireless
communication networks, the modelling and design of a topol-
ogy consisting of plant, controller and intermediate network
systems were studied in [8] and [9], where the topology
builds on the concept of the Wireless Control Network (WCN)
architecture (for more details on the WCN, see for example
[10], [11], and related references listed in [9]). However, the
security of the topology was not considered in [8] and [9].
In this paper, the topology is addressed under the existence
of cyber attacks on the communicated information in the
topology. The contributions of the paper are summarized as
follows: a distributed IDS to detect cyber attacks in the closed-
loop control system is proposed; a modelling framework for
the closed-loop control system with the IDS is presented; and
a design procedure for the computation of the IDS under
a maximum number of cyber attacks on the communicated
information is discussed. Further, a simulation example is
presented to demonstrate the effectiveness of the IDS in
detecting cyber attacks.
II. BACKGROUND AND P RELIMINARIES
The topology for a wireless networked control system
proposed in [8] consists of a plant system with a set of sensor
nodes S = {s1 , . . . , sp } to provide process measurements
and a set of actuator nodes A = {a1 , . . . , am } to implement
decisions in the process, a controller system with a set of input
nodes Γ = {γ1 , . . . , γd } to accept inputs to the controller
system and a set of output nodes Θ = {θ1 , . . . , θt } to
issue control commands, and an intermediate network system
between the plant and controller systems with a set of nodes
N = {v1 , . . . , vN } to transmit information between the nodes
of the plant and the controller systems as well as to provide
additional computational functions. The plant system is mod-
elled as a discrete-time linear time invariant (LTI) system and
is defined as
xG (k + 1) = AxG (k) + B1 w(k) + B2 u(k),
z(k) = C1 xG (k) + D11 w(k) + D12 u(k), (1)
y(k) = C2 xG (k) + D21 w(k),

The authors are with the Department of Electrical and Computer Engi-
neering, University of Alberta, Edmonton, AB T6G 1H9, Canada (e-mail:
aaldabba@ualberta.ca; yuzhe2@ualberta.ca; tchen@ualberta.ca).
The authors acknowledge financial support from the Natural Sciences and
Engineering Research Council of Canada (NSERC) and the Alberta Innovates
- Technology Futures and Alberta Innovation & Advanced Education.
where the system has a state vector xG ∈ Rn , an external
input vector w ∈ Rs , a controlled input vector u ∈ Rm that
corresponds to the set A, an external output vector z ∈ Rq ,
a measured output vector y ∈ Rp that corresponds to the
set S, and all matrices have appropriate dimensions. The

1549-7747 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TCSII.2017.2690843, IEEE
Transactions on Circuits and Systems II: Express Briefs
controller system is modelled as a discrete-time LTI system
and is defined as
xK (k + 1) = AK xK (k) + BK f(k),
(2)
g(k) = CK xK (k) + DK f(k),
where the system has a state vector xK ∈ Rr , an input
vector f ∈ Rd that corresponds to the set Γ, and an output
vector g ∈ Rt that corresponds to the set Θ, and all matrices
have appropriate dimensions. Further, the network system is
modelled as a discrete-time LTI system and is defined as
xN (k + 1) = ΩxN (k) + Λy(k) + Ψg(k),
u(k) = ΥxN (k) + Ξy(k) + ∆g(k),
f(k) = ΠxN (k) + Σy(k) + Φg(k),
where the system has a state vector xN ∈ RN that corre-
sponds to the set N . The network system is defined based
on aggregating the state of each node vi ∈ N , ai ∈ A,
and γi ∈ Γ, whose state equations are updated based on
the concept proposed in [10] using a weighted sum of the
states of their neighbouring nodes. Thus, each entry of the
matrices in (3) represents a multiplicative weight assigned to
each communicated information from the transmitting node
(for more details on the network system, see [8]).
III. D ESIGN OF THE I NTRUSION D ETECTION S YSTEM AND
M ODELLING OF THE C LOSED - LOOP C ONTROL S YSTEM
The communication between the nodes of the plant system,
controller system, and network system can be subject to cyber
attacks. An intruder (or attacker) can have eavesdropping
capabilities to access the information transmitted between the
nodes as well as manipulation capabilities to manipulate and
corrupt the transmitted information. In this paper, three types
of cyber attacks are addressed (for further details on types
of attacks, see [4]): (i) a DoS attack, where the attacker
blocks the transmission of information between the trans-
mitting and receiving nodes; (ii) a replay attack, where the
attacker eavesdrops and records transmitted information, and
replays the information at a later time; and (iii) a bias injection
attack, where the attacker injects values into the transmitted
information to manipulate the information.
To incorporate the cyber attacks in the modelling of the
closed-loop control system, consider the transmitted informa-
tion from node vi of the network system. Its state under cyber
attacks is denoted by x̃Ni and defined as x̃Ni (k) , xNi (k) +
∇Ni aNi (k), where ∇Ni ∈ B is a time-varying (namely,
switching) Boolean coefficient that determines whether an
attack is performed on the transmitted information from node
vi (i.e., 1 indicating an attack and 0 otherwise), and aNi (k) =
xaNi (k) − xNi (k) is the attack signal which contains xaNi that
determines the type of performed attack. Further, xaNi (k) is
defined as either xNi (kDoS ) under a DoS attack, xNi (k − τ )
under a replay attack, or % under a bias injection attack.
More specifically, xNi (kDoS ) is the last received signal at time
k = kDoS , xNi (k − τ ) is the signal delayed by time τ , and
% is an injected bias value. With this modelling approach and
under an attack scenario, the actual state xNi is cancelled and
an injected signal xNi (kDoS ), xNi (k − τ ), or % is used as the
received signal in each attack scenario.
1549-7747 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
2
A. The Closed-Loop Control System Under Cyber Attacks
The models of the plant system in (1), controller system in
(2) and network system in (3) are extended by incorporating
the attacked information. This is achieved by replacing the
vectors y, xN and g with their attacked representations defined
as ỹ, x̃N , and g̃, respectively. The vectors are constructed
based on aggregating the states of the nodes under cyber
attacks (namely, based on the modelling approach previously
discussed). Then, augmenting the plant, network and controller
systems to form the closed-loop control system with state
vector xP = [xTG xTN xTK ]T , input vectors w and aP =
(3) [aTy aTN aTg ]T , and output vector z results in the model defined
as
   
A B2 Υ 0 B1
xP (k + 1) ,  ΛC2 Ω ΨCK  xP (k) +  ΛD21  w(k)
0 BK Π AK 0
 
0 B2 Υ∇N 0
+  Λ∇y ΩO ∇N Ψ∇g  aP (k), (4)
0 BK Π∇N 0
 
z(k) , C1 D12 Υ 0 xP (k) + D11 w(k)
 
+ 0 D12 Υ∇N 0 aP (k),
where 0 and I denote the zero and identity matrices of
appropriate dimensions, respectively, the matrix ΩO has the
same off-diagonal elements as the matrix Ω and zeros on
its diagonal, the matrices ∇y , ∇N , and ∇g are diagonal
matrices with Boolean coefficients along their diagonals, and
the vectors ay , aN , and ag are attack vectors consisting of
the attack signals. This modelling approach assumes that an
attacker attacks all the communicated information transmitted
from a node. Thus, when the value of a coefficient is 1, all
the communicated information will be manipulated, and in the
same fashion. In addition, for the sake of simplicity, the matrix
DK = 0 and is therefore omitted, and it is assumed that there
is no direct communication between the nodes of the plant and
controller systems, and all transmitted information will need
to flow through the nodes of the network system. Also, there is
no communication from the sensor nodes to the actuator nodes
of the plant system, and from the output nodes to the input
nodes of the controller system. Thus, the system matrices of
the network system ∆, Σ, Ξ, and Φ are omitted.
B. The IDS and the Extended Closed-Loop Control System
The design of a detector for the presence of cyber attacks
can be related to the design of a detector for fault detection
and isolation (FDI). In the literature, several methods were
developed to address the FDI problem (for example, see [12]
and [13]). In this paper, a distributed IDS is proposed for
the topology discussed in [8] and [9]. It is implemented by
incorporating an IDS in each node of the network system
vi , actuator node of the plant system ai , and input node
of the controller system γi . This is practical since each
node has the capability of performing computations. Also,
it allows for distributing the detection tasks such that each
node can solely detect an attack on the transmitted information
from the neighbouring nodes; and hence, an attack on the
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TCSII.2017.2690843, IEEE
Transactions on Circuits and Systems II: Express Briefs
3

neighbouring node. More specifically, the IDS placed at each Proof: The matrix A in (5) has a lower triangular form
node of the network system has a form of a general discrete- with the system matrix of the augmented system in (4) in the
time LTI system defined as xD D D
Ni (k + 1) = ANi xNi (k) + upper left block and the system matrices of systems DA , DN ,
D D D D D and DΓ in the lower right block along the diagonal. Thus,
BNi xNi (k), rNi (k) = CNi xNi (k) + DNi xNi (k), where the
system has a state xD D
Ni and a residue rNi , and are expressed given that the augmented system is stable, the stability of each
in terms of the state of the system as well as the state of of the systems DA , DN , and DΓ is necessary and sufficient
the node itself. Further, aggregating the states of the IDSs for the stability of the closed-loop control system.
of the nodes of the network system results in an aggregated
IDS denoted by DN and defined as xD D D
N (k + 1) = AN xN (k) + IV. C OMPUTATIONAL P ROCEDURE FOR THE D ISTRIBUTED
BN xN (k), rN (k) = CN xN (k)+DN xN (k), where xD
D D D D D
N ∈R
N
I NTRUSION D ETECTION S YSTEM
D N
and rN ∈ R , and all system matrices are diagonal and The detection of cyber attacks on the communicated in-
of appropriate dimensions. Similarly, the IDSs placed at the formation in the closed-loop control system is achieved by
actuator nodes of the plant system and the input nodes of the monitoring the residue of the IDS of each node. The residues
controller system are denoted as DA and DΓ and are defined, are sensitive to cyber attacks (namely, when x̃N 6= xN , ỹ 6= y,
respectively, as xD D D D
A (k + 1) = AA xA (k) + BA ΥxN (k) + and g̃ 6= g) such that there would be a relatively significant
D D D D D
BA Υ∇N aN (k), rA (k) = CA xA (k) + DA ΥxN (k) + change in their values. Further, to facilitate the design of the
D
DA Υ∇N aN (k), xD D D D
Γ (k + 1) = AΓ xΓ (k) + BΓ ΠxN (k) + IDSs, the system matrices of the closed-loop control system
D D D D D
BΓ Π∇N aN (k), rΓ (k) = CΓ xΓ (k) + DΓ ΠxN (k) + A , B, C and D are expressed in terms of matrices affine on
DΓD Π∇N aN (k), where xD m D m D
A ∈ R , rA ∈ R , xΓ ∈ R , and
d
the system matrices of the IDSs. This is achieved by providing
rDΓ ∈ R d
, and all system matrices are diagonal and of appro- a similar representation of the system matrices presented in
priate dimensions. Further, the extended closed-loop control [14], [15], and [8]. More specifically, a detector parameter is
T DT T T
system with state vector x = [xTG xTN xTK xD A xN xD
Γ ] , denoted by D and defined as
input vector v = [wT aTy aTN aTg ]T , and output vector  D D

T D T DT T DA 0 0 CA 0 0
q = [zT rD A rN rΓ ] is defined as  0 DD 0 0 C D 0 
N N
x(k) , A x(k) + Bv(k),
 
 0 0 DD 0 0 C D 
D, Γ Γ , (6)
(5)  B D 0 0 AD 0 0 
q(k) , C x(k) + Dv(k),  A D A 
 0 BN 0 0 AD N 0

where the system matrices A , B, C and D are defined, D
0 0 BΓ 0 0 AΓ D
respectively, as
  and the matrices A , B, C and D are given in terms of D,
A B2 Υ 0 0 0 0 respectively, as A (D) , A11 + A12 DA13 , B(D) , B11 +
 ΛC2 Ω ΨCK 0 0 0 
  B12 DB13 , C (D) , C11 + C12 DA13 and D(D) , D11 +
 0 BK Π AK 0 0 0 
A , D12 DB13 , where the matrices are defined as
 0 B D Υ 0 AD 0 0  ,

A A  

 0 BN D
0 0 AD
 A B2 Υ 0 0
N 0
  
 ΛC2 Ω ΨCK 0 
D
0 BΓ Π 0 0 0 AΓ D
A11 ,   , A12 , 0 0 ,
   0 BK Π AK 0  0 I
B1 0 B2 Υ∇N 0
 ΛD21 Λ∇y ΩO ∇N Ψ∇g  0 0 0 0
   

 0 0 BK Π∇N 0 
 0 Υ00 B1 0 B2 Υ∇N 0
B, D
, 0 I 0 0  ΛD21 Λ∇y ΩO ∇N Ψ∇g 
 0 0 BA Υ∇N 0  A13 ,  0 Π 0 0  , B11 ,  0
  ,

 0 0 0 0 
 0 BK Π∇N 0 
0 0 BΓD Π∇N 0 0 0 0 I 0 0 0 0
   

C1 D12 Υ 0 0 0 0
 00 00 0 Υ∇N 0
 0 DD Υ 0 C D 0 0  0 I 0 0 0 0 0
C , A A , B12 ,  0 0 0 0  , B13 ,  0 Π∇N 0  ,
  
 0 DN D D
0 0 CN 0 
0 DΓD Π 0 0 0 CΓD 00 0 I 0 0 0
   
  C1 D12 Υ 0 00
D11 0 D12 Υ∇N 0 C11 , , C12 , ,
 0 0 DD Υ∇N 0  0 0 0 I 0
D , A .  
 0 0 0 0   00 00
0 0 DΓD Π∇N 0 D11 0 D12 Υ∇N 0  I 0 0 0
D11 , , D12 , 0 0 0 0.

0 0 0 0
Then, by observing the system matrices of the closed-loop
00 I 0
control system A , B, C and D, the following result is ob-
tained. Then, the procedures discussed in [15], [11], and [8] are
Theorem 1: Suppose the augmented system consisting of extended to compute the IDSs for the closed-loop control
the plant, network, and controller systems defined in (4) is system under cyber attacks. Consider the following result from
stable. Then, the closed-loop control system in (5) is stable if [15] applied to characterize the stability of the closed-loop
and only if each of the systems DA , DN , and DΓ is stable. control system in (5) in terms of the detector parameter D.

1549-7747 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TCSII.2017.2690843, IEEE
Transactions on Circuits and Systems II: Express Briefs
4

Lemma 1: Suppose the closed-loop control system in (5) Algorithm 1 Computational Algorithm for the Topology Un-
is asymptotically stable. Then, there exists a feasible set der Maximum Cyber Attacks
of matrices X, Y, Z and D such that the following matrix 1. Set the outter-layer iteration index i = 0, and the
inequality diagonal entries of the matrix diag(∇y ∇N ∇g ) with 1s and
0s elsewhere.
X Z A (D) B(D)
 
 ∗ Y C (D) D(D)  2. Set the feasibility parameter η > 0, the inner-layer
 ∗ ∗ X −1
 >0 (7) iteration index k = 0 and the initial matrix X0 with an
0 
arbitrary symmetric matrix.
∗ ∗ ∗ I
3. Compute D by solving the convex optimization problem
holds for the detector parameter in (6) and the matrices [D] = arg min η
A (D), B(D), C (D) and D(D). Y,D,X,Z
Then, the following result can be deduced to characterize subject to
the maximum number of attacked nodes for which an IDS is 
X Z A (D) B(D)

computed (the proof can be easily obtained based on Lemma 1  ∗ Y C (D) D(D) 
and considering the structure of the matrix diag(∇y ∇N ∇g )).  > 0.
Xk−1 (2I − XXk−1 )

 ∗ ∗ 0 
Theorem 2: If the following optimization problem is solved ∗ ∗ ∗ I
for some nonzero matrix diag(∇y ∇N ∇g ):
4. If η < 0, end; else, set k = k + 1 and return to Step 3.
maximize trace(diag(∇y ∇N ∇g )) If no solution exists, proceed to Step 5.
subject to the inequality (7) holds 5. In the matrix diag(∇y ∇N ∇g ), sequentially replace a 1
with a 0 in each entry of the diagonal, increment i by 1,
then the maximum number of attacked nodes for which the and return to Step 2. If all attempts are made, use the last
parameter D can be computed such that the closed-loop feasible solution.
control system in (5) is asymptotically stable is equal to the
number of nonzero entries along the diagonal of the matrix
diag(∇y ∇N ∇g ). IDSs of the nodes of the network system, the actuator nodes
The computational procedure of the detector parameter D of the plant system, and the input nodes of the controller
follows an extension of the procedures discussed in [15] and system to be greater than 0.1 to ensure that the detector
[8] with utilizing the result from Theorem 2, as summarized of each node has all system coefficients (namely, to avoid
in Algorithm 1. The algorithm consists of two layers: the having zero coefficients) and to be less than 1 to ensure the
first layer specifies the number and location of cyber attacks stability of each detector (namely, to have a stable closed-
by beginning with the assumption that all communicated loop control system, as discussed in Theorem 1). The sys-
information is being attacked (namely, setting each of the tem coefficients of each detector are computed as AD a1 =
diagonal entries of the matrix diag(∇y ∇N ∇g ) as 1) and 0.8155, BaD1 = 0.1660, CaD1 = 0.5102, DaD1 = 0.5437, AD γ1 =
sequentially removing an attack assumption until a solution D D D
0.4932, Bγ1 = 0.6419, Cγ1 = 0.5105, Dγ1 = 0.5448, and
exists, as implemented in Steps 1 and 5. In the second layer, AD D D D
Ni = 0.3985, BNi = 0.2154, CNi = 0.5077, DNi = 0.5105
the closed-loop control system is computed under the maxi- for i = 1, . . . , 4. Further, the computed detectors are used to
mum attack assumption. This is achieved by finding a stable detect cyber attacks in the closed-loop control system. This
configuration in Steps 2 − 4, where the non-convex term X −1 is simulated as presented in Fig. 1, with specifying the initial
in (7) is linearized by replacing it with a linearization operator conditions for the state vectors of the systems as arbitrary
(namely, defined by Xk−1 (2I−XXk−1 ); for more details on the nonzero values and the external inputs as w1 = w2 = 0. A
linearization, see [15]) and the feasibility parameter η defines cyber attack is simulated on the information transmitted from
the convergence of the algorithm to provide a parameter D node v1 of the network system between times 90 ≤ k < 100,
satisfying the LMI in Step 3 for a maximum number of from node θ1 of the controller system between times 140 ≤
attacked nodes. k < 170, and finally from node v4 of the network system
between times 200 ≤ k < 220. The attacks are simulated
V. S IMULATION as bias injection attacks, where the injected values are 0.3
The application of the distributed IDS for detecting cyber for the information from node v1 and 0.1 for the information
attacks in the topology is demonstrated using the 2nd order from nodes v4 and θ1 . As can be observed from the residues
D D D D
plant system from [8]. The design procedure from [9] for rN 1
, rN2
, rN 3
, rN 4
, raD1 and rγD1 in the bottom right plot in
jointly computing a network system and a controller system Fig. 1, at least one of the residues of the detector systems
is implemented, and the system matrices defined in (3) and is sensitive to each of the three injected attacks.
(2) are computed to provide a stable and locally optimal
closed-loop control system. Then, Algorithm 1 is implemented
using MATLAB’s Robust Control Toolbox with setting all the
coefficients of the matrix diag(∇y ∇N ∇g ) with 1s (namely, all VI. C ONCLUSION AND F UTURE W ORK
communicated information is attacked), and with specifying The paper discussed the design of a distributed intrusion
each of the nonzero elements of the system matrices of the detection system for a proposed topology for a wireless

1549-7747 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TCSII.2017.2690843, IEEE
Transactions on Circuits and Systems II: Express Briefs
5

4 10
w1 w2 z1 z2 xG xG xN xN xN xN xK xK
1 2 1 2 3 4 1 2
5
2
0
0
-5
-2
-10

-4 -15
0 50 100 150 200 250 300 0 50 100 150 200 250 300
Time (Samples) Time (Samples)

10 10
D D D D D D
xN xN xN xN xa x rD
N
rD
N
rD
N
rD
N
rD
a
rD
1 2 3 4 1 1 1 2 3 4 1 1
5 5
0.8
0.6
0.4
0 0 0.2
0
-0.2
-5 -5 100 150 200

-10 -10
0 50 100 150 200 250 300 0 50 100 150 200 250 300
Time (Samples) Time (Samples)

Fig. 1. The simulation results for having bias injection attacks on a set of nodes in the closed-loop control system.

networked control system. The IDS consists of distributed
detectors that are placed with the nodes of the network system,
the actuator nodes of the plant system, and the input nodes of
the controller system. In future research, the design of an IDS
will be investigated for the closed-loop control system with
all of its communication links as well as the design of the
network and controller system along with the IDS. Further,
the investigation of incorporating more advanced techniques,
such as state estimation and filtering, into the functionality of
the nodes and detectors; considering noise and disturbance,
and frequency specification of the attacks; and the design
of the detectors while accounting for performance measures
in addition to the stability of the closed-loop control system
are avenues for future research (for interesting methods for
possible application, see [16]–[18]).
R EFERENCES
[1] K.-Z. Liu, R. Wang, and G.-P. Liu, “Tradeoffs between transmission
intervals and delays for decentralized networked control systems based
on a gain assignment approach,” IEEE Transactions on Circuits and
Systems II: Express Briefs, vol. 63, no. 5, pp. 498–502, 2016.
[2] G. P. Liu, “Predictive controller design of networked systems with
communication delays and data loss,” IEEE Transactions on Circuits
and Systems II: Express Briefs, vol. 57, no. 6, pp. 481–485, 2010.
[3] K. Gatsis, A. Ribeiro, and G. J. Pappas, “Optimal power management
in wireless control systems,” IEEE Transactions on Automatic Control,
vol. 59, no. 6, pp. 1495–1510, 2014.
[4] A. Teixeira, I. Shames, H. Sandberg, and K. H. Johansson, “A se-
cure control framework for resource-limited adversaries,” Automatica,
vol. 51, pp. 135–148, 2015.
[5] H. Fawzi, P. Tabuada, and S. Diggavi, “Secure estimation and control for
cyber-physical systems under adversarial attacks,” IEEE Transactions on
Automatic Control, vol. 59, no. 6, pp. 1454–1467, 2014.
[6] Y. Mo, R. Chabukswar, and B. Sinopoli, “Detecting integrity attacks on
SCADA systems,” IEEE Transactions on Control Systems Technology,
vol. 22, no. 4, pp. 1396–1407, 2014.
[7] M. Zhu and S. Martı́nez, “On the performance analysis of resilient
networked control systems under replay attacks,” IEEE Transactions on
Automatic Control, vol. 59, no. 3, pp. 804–808, 2014.
[8] A. W. Al-Dabbagh and T. Chen, “Modelling and control of wireless
networked control systems: A fixed structure approach,” in IEEE Con-
ference on Control Applications, Sydney, Australia, September 2015, pp.
1051–1056.
[9] ——, “Design considerations for wireless networked control systems,”
IEEE Transactions on Industrial Electronics, vol. 63, no. 9, pp. 5547–
5557, 2016.
[10] M. Pajic, S. Sundaram, G. J. Pappas, and R. Mangharam, “The wireless
control network: a new approach for control over networks,” IEEE
Transactions on Automatic Control, vol. 56, no. 10, pp. 2305–2318,
2011.
[11] R. Mangharam and M. Pajic, “Distributed control for cyber-physical
systems,” Journal of the Indian Institute of Science, vol. 93, no. 3, pp.
353–388, 2013.
[12] I. Hwang, S. Kim, Y. Kim, and C. E. Seah, “A survey of fault detection,
isolation, and reconfiguration methods,” IEEE Transactions on Control
Systems Technology, vol. 18, no. 3, pp. 636–653, 2010.
[13] M. R. Davoodi, K. Khorasani, H. A. Talebi, and H. R. Momeni,
“Distributed fault detection and isolation filter design for a network
of heterogeneous multiagent systems,” IEEE Transactions on Control
Systems Technology, vol. 22, no. 3, pp. 1061–1069, 2014.
[14] R. E. Skelton, T. Iwasaki, and K. M. Grigoriadis, A Unified Algebraic
Approach to Linear Control Design. Taylor & Francis, 1998.
[15] J. Han and R. E. Skelton, “An LMI optimization approach for structured
linear controllers,” in 42nd IEEE Conference on Decision and Control,
vol. 5, Maui, Hawaii, USA, 2003, pp. 5143–5148.
[16] X. Li and H. Gao, “Reduced-order generalized H∞ filtering for linear
discrete-time systems with application to channel equalization,” IEEE
Transactions on Signal Processing, vol. 62, no. 13, pp. 3393–3402, 2014.
[17] C. K. Ahn, P. Shi, and M. V. Basin, “Two-dimensional dissipative control
and filtering for Roesser model,” IEEE Transactions on Automatic
Control, vol. 60, no. 7, pp. 1745–1759, 2015.
[18] ——, “Deadbeat dissipative FIR filtering,” IEEE Transactions on Cir-
cuits and Systems I: Regular Papers, vol. 63, no. 8, pp. 1210–1221,
2016.

1549-7747 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.