In this article, we propose a networked control architecture to ensure the plant's safety in the presence of cyber‐attacks on the communication channels. In particular, we consider systems subject to both state and input constraints that must be preserved for safety reasons despite any admissible attack scenario. To this end, first, two different detectors are proposed to detect attacks on the setpoint signal as well as on the control inputs and sensor measurements. Then, an emergency controller (EC), local to the plant, is designed to replace the networked controller whenever an attack is detected. Finally, the concept of robust N‐step attack‐safe region is introduced to ensure that the EC is activated, regardless of the detector performance, at least one‐step before the safety constraints are violated. It is formally proved that the plant trajectory is uniformly ultimately bounded in an admissible region regardless of the attacker's actions and duration. Finally, by considering a continuous‐stirred tank reactor system, numerical simulations are presented to show the proposed solution's capabilities.

中文翻译：

---

网络物理系统的安全保护控制体系结构

在本文中，我们提出了一种网络控制架构，以确保在通信通道上存在网络攻击的情况下确保工厂的安全。特别是，我们认为系统受制于状态约束和输入约束，尽管存在任何允许的攻击情形，但出于安全原因，必须保留这些约束。为此，首先提出了两种不同的检测器，用于检测对设定值信号以及控制输入和传感器测量值的攻击。然后，将工厂本地的紧急控制器（EC）设计为在检测到攻击时替换联网的控制器。最后，引入鲁棒的N步攻击安全区域的概念，以确保在不违反安全约束的前提下，无论检测器性能如何，都至少激活一个EC。正式证明，不管攻击者的行动和持续时间如何，植物的轨迹最终最终都统一在一个可允许的区域内。最后，通过考虑连续搅拌的罐式反应器系统，进行了数值模拟，以显示所提出的解决方案的功能。