SPECIAL SECTION ON INTELLIGENT INFORMATION SERVICES

Received February 16, 2020, accepted February 25, 2020, date of publication March 2, 2020, date of current version March 13, 2020.
Digital Object Identifier 10.1109/ACCESS.2020.2977423

A Survey of Network Attacks on

Cyber-Physical Systems
LIWEI CAO , XIAONING JIANG , YUMEI ZHAO ,
SHOUGUANG WANG , (Senior Member, IEEE),
DAN YOU , (Student Member, IEEE), AND XIANLI XU
School of Information and Electronic Engineering, Zhejiang Gongshang University, Hangzhou 310018, China
Corresponding author: Xiaoning Jiang (jiangxiaoning@[Link])
This work was supported in the part by the Zhejiang Provincial Key R&D Program of China under Grant 2018C01084, in part by the the
Zhejiang Natural Science Foundation under Grant LQ20F020009, in part by the Zhejiang Gongshang University, Zhejiang Provincial Key
Laboratory of New Network Standards and Technologies under Grant 2013E10012.

ABSTRACT A cyber-physical system (CPS) typically consists of the plant, sensors, actuators, the controller
and a communication network. The communication network connects the individual components to achieve
the computing and communication in the CPS. It also makes the CPS vulnerable to network attacks. How
to deal with the network attacks in CPSs has become a research hotspot. This paper surveys the types
of network attacks in CPSs, the intrusion detection methods and the attack defense strategies. The future
research directions of CPSs network security are also presented.

INDEX TERMS Cyber-physical systems, network attacks, intrusion detection, defense strategies.

I. INTRODUCTION
The notion of cyber-physical systems (CPSs) was
first proposed by National Aeronautics and Space
Administration (NASA) in 1992, and described in detail
by Baheti and Gill [1]. Nowadays, they have become the
core technology of the next generation of industrial revo-
lution [2], and many works have been done to prove their
importance, such as the top of eight information technolo-
gies [3], the German Industry 4.0 [4], Industrial Internet in
the U.S., [5], ARTEMIS (Advanced Research and Technol-
ogy for Embedded Intelligence and Systems) [6] and CPS
European Roadmap and Strategy in the European Union [7].
CPSs have been widely used in industrial control systems,
advanced communications, smart power grids [8], trans-
portation networks [9], vehicular social networks [10], [11],
and many areas closely related to daily fields. A CPS inte-
grates computation, communication and control (3C) tech-
nologies [12] to monitor and control processes [13], [14],
and its overall framework is shown in Fig. 1. A CPS can
FIGURE 1. Architecture of a CPS.
be divided into three layers according to the framework:
perception execution layer, data transmission layer, applica-
tion control layer [15], [16]. Perception execution layer con-
sists of physical components such as sensors and actuators. Data transmission layer connects the perception execution
Application control layer mainly provides services for users. layer and the application control layer, and is mainly used
to deliver information.
The associate editor coordinating the review of this manuscript and The data transmission layer transmits information
approving it for publication was Guanjun Liu . through the communication network, but the use of the

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see [Link]
VOLUME 8, 2020 44219
 L. Cao et al.: Survey of Network Attacks on CPSs

communication network makes CPSs more vulnerable to B. NETWORK ATTACKS ON THE DATA TRANSMISSION
network attacks. Some behaviors of a CPS may be changed LAYER
due to network attacks, and then the CPS will reach an unsafe Data transmission layer connects the perception execu-
state that damages the system. The unsafe state will affect tion layer and the application control layer to realize the
production processes and pose a threat to economic and goal of conveying information between these two layers.
society [17]–[19]. A communication network is the core bearer network of
Recently, the problem of network attacks in CPSs has the data transmission layer. It mainly transmits data through
become a research hotspot. The problem of intrusion detec- communication networks such as the Internet, a private net-
tion [20]–[22] and defense strategies in CPSs are reviewed work, and a local area network. The diversity of communica-
in this paper. There are many works developing intrusion tion network access methods and the complexity of network
detection methods and defense strategies for specific types equipment and architecture will bring certain security threats
of network attacks [20], [21], [23]–[25], such as deception to CPSs.
attacks, covert attacks and so on. The key point of defense The layer also has the ability to process and manage mas-
strategies is to detect intrusions on-line and protect the sys- sive information. Networks may be congested with a large
tem from damages by initiating a security module once an number of data to be transmitted in the data transmission layer
intrusion is detected. and then CPSs will be vulnerable to network attacks.
In this paper, we classify network attacks in CPSs and Although it is the most difficult for intruders to attack data
review the work on intrusion detection and defense strategies. transmission layer, after data transmission layer was success-
The content of the paper is organized as follows. In section 2, fully intruded, the intruder can freely change the information
we talk about the classification of network attacks in CPSs. transmitted in attacked network channel. The Man-in-the-
In Section 3, the development and classification of intrusion Middle Attack [26], as one of the most powerful network
detection technologies are introduced. In section 4, several attacks on the data transmission layer, can observe, hide,
different network attack defense strategies are summarized create, and even change the information transmitted from one
and section 5 concludes this paper and gives the research device to another in the communication channel [20]. In other
directions in the future work. words, for the attack to send fake data to any party, and then
CPS will be driven into an unsafe state that damages the
II. CLASSIFICATION OF NETWORK ATTACKS system.
Typically, there are three types of network attacks on CPSs The denial-of-service (DoS) [27]–[29] attack is a kind of
based on the framework in Fig. 1, i.e., network attacks on resource depletion attack, which takes the advantage of the
the perception execution layer, network attacks on the data network protocols/software defects or sends a lot of useless
transmission layer, and network attacks on the application requests to exhaust the resources of the attacked object.
control layer [15]. We introduce them in this section one after Finally, it makes the server or the communication networks
another. fail to provide services [30].
In CPSs, a DoS attack uses the malicious program to con-
sume the communication bandwidth to prevent the interaction
A. NETWORK ATTACKS ON THE PERCEPTION EXECUTION of information between controllers and actuators. DoS attacks
LAYER are mainly caused by malicious attacks. These attacks will cut
Perception execution layer is composed of various nodes off the connection between the actuator and the controller,
like sensors and actuators, where the data from the physical then the controller cannot get the feedback information in
components are collected and the commands from the con- time, thus the system will be out of control. A large number
trol center are communicated. Most nodes at this layer are of invalid service requests will occupy routing and server
deployed in an unsupervised environment. Thus, they are easy resources [31], finally the performance becomes bad, even
to be the targets of an intruder. collapse. During a DoS attack, no messages are sent or
The research on network attacks on the perception execu- received on the channel.
tion layer mainly focuses on the security issues of sensors and
actuators. There are basically four types of network attacks C. NETWORK ATTACKS ON THE APPLICATION CONTROL
on the perceptual execution layer, i.e., Actuator Enable- LAYER
ment attacks (AE-attacks), Actuator Disablement attacks Application control layer is made up of controllers and
(AD-attacks), Sensor Erasure attacks (SE-attacks), and Sen- user applications. After receiving the information transmitted
sor Insertion attacks (SI-attacks) [24]. Once a sensor or an from the data transmission layer, the application control layer
actuator is attacked, the information from the plant or the generates execution control commands after judgments, and
instruction to be executed on the plant may be tampered with. feeds back them to the underlying physical unit of the percep-
As a result, an unsafe state may be reached that damages the tion execution layer through the data transmission layer, and
system. There are other common attacks such as deception then the actuators perform related operations.
attacks, robust pole-dynamics attacks, covert attacks and Some applications in this layer will storage a large amount
robust attacks. of user privacy data, such as the personal information and

44220 VOLUME 8, 2020

L. Cao et al.: Survey of Network Attacks on CPSs

consumption habits of users. An intruder injects a script attack strategies were very complex and required relying on
into the system maliciously or attacks a database, obtaining sound system knowledge. In addition, the attack signals were
unauthorized access to the system and then making a serious completely invisible in sensor readings. As a result, common
impact on the application control layer. Once the application fault diagnosis systems had been unable to detect such attacks
control layer is attacked, a lot of user privacy information can and trigger alerts. Hoehn et al. introduced a modulation
be leaked. At the same time, because a single defense strategy matrix to the path of the control variable. The input behavior
is difficult to meet requirements of multiple application sys- of the system was changed by modulation matrix, so the
tems, application control layer security faces huge challenges. intruder lost sound knowledge of the system, and then cover
To our best knowledge, the research in the literature mainly attacks and zero dynamic attacks can be detected.
focuses on network attacks at the perception execution layer Carvalho et al. [24] adopted a model-based approach to
and the data transmission layer. Thus, in the following two accurately capture the impact of vulnerabilities and attacks
sections, we review intrusion detection methods and defense on control systems. The model-based approach describes the
strategies for network attacks at the perception execution unsafe behavior that is possibly induced by attackers and the
layer and the data transmission layer only. resilience that the system defender wants to achieve. This
method also allows the monitoring deviations of the attacked
III. INTRUSION DETECTION system from the normal system conduct. Their work comple-
Intrusion detection [32] is an important technology to guaran- ments the work on anomaly/intrusion detection [43]–[46].
tee the security of networks so that illegal operations launched Teng et al. [47] proposed a self-adaptive collaboration
by intruders such as attackers and hackers can be avoided via intrusion detection method based on 2-class support vector
authentication identification. machines and decision trees. The collaborative and adaptive
The concepts of intrusion and intrusion detection were pro- intrusion detection model was created and implemented using
posed by Anderson for the first time [33]. Denning [34] put the Environments-classes, agents, roles, groups, and objects
forward the concept of real-time detection and a host-based (E-CARGO) model and adaptive scheduling mechanisms are
intrusion detection model named Intrusion Detection Expert developed. The feasibility and efficiency of their proposed
Systems (IDES). Lunt and Jagannathan [35] further improved method are validated by experimental results.
the intrusion detection model proposing the idea of When a CPS suffers from a stealthy attack, state estima-
real-time detection independent system platform based tion may be changed by injecting biased values into sensor-
on IDES. collected measurements. Acosta et al. [48] presented an
Houbeilein et al. [36] developed a network-based intrusion approach of intrusion detection to detect stealthy attacks. The
detection system named Network Security Monitor (NSM), approach is based on an extremely randomized tree algorithm
which directly used Network flows as the source of audit and kernel principal component analysis. It reduces the com-
data for the first time. Since then, intrusion detection methods putational cost by dimensionality reduction but guarantees
were divided into two types: host-based Intrusion Detection the feature of high accuracy.
Systems (IDS) and network-based IDS. Some host-based IDS
used the detection sequence of the server operating system
as the main input source to detect intrusion behaviors; while B. INTRUSION DETECTION ON DATA TRANSMISSION
most network-based IDS used monitoring network faults LAYER
as the detection mechanism, but some used server-based Zhengbing et al. [49] proposed a lightweight intrusion detec-
detection modes and typical IDS static anomaly detection tion system that can detect intrusions in real time, efficiently
algorithm. and effectively. In their study, behavior profiles and data
According to intrusion detection technology, intrusion mining techniques were tools to detect coordinated attacks.
detection can be divided into misuse detection and anomaly Lima et al. [20] developed an intrusion detection module
detection. Misuse detection includes expert systems [35], that can detect man-in-the middle attacks. This module can
simple pattern matching [37], model checking (MC) prevent the system from arriving in an unsafe state by forc-
method [38], and state transition analysis [39], etc. Anomaly ing managers to disable all controllable events of CPS after
detection includes statistical methods [40], profile-based detecting the intrusion that would definitely lead system to
method [41], neural network-based methods [40] and genetic lose resources.
algorithm based methods, etc. By injecting spoofed null data or a power save-poll
In the following two subsections, intrusion detection meth- (PS-Poll) frame to a system, attacker who launches a power
ods for network attacks at the perception execution layer and save denial of service (PS-Dos) attack to 802.11 networks
the data transmission layer are introduced in detail. will gain the buffered frames of the sleeping stations.
Agarwal et al. [50] proposed a method based on real-time
A. INTRUSION DETECTION ON PERCEPTION EXECUTION discrete event systems to detect PS-Dos attacks of 802.11 net-
LAYER works. This method has the characteristics of high accu-
Hoehn and Zhang [42] proposed a new method to detect cover racy and fast detection rate and overcomes the drawbacks
attacks and zero dynamic attacks on CPSs. The previous of 802.11 networks.

VOLUME 8, 2020 44221

 L. Cao et al.: Survey of Network Attacks on CPSs

IV. DEFENSE STRATEGIES then shown that the optimal (or least restrictive) ABSRA
Defense strategies are of great importance to the security of existed and can be computed by a specific composition algo-
CPSs. Generally, we first detect network attacks in a CPS and rithm called ABSRA synthesis algorithm. Based on this algo-
then activate a corresponding defense strategy once a specific rithm, Su proposed a supervisor synthesis algorithm to ensure
attack is detected. that the non-empty synthesized supervisor would remain
The research on CPS network attacks is mostly based ‘‘robust’’ to any ABSRA. A supervisor that is ABSRA-robust
on the framework of discrete event systems (DESs). Some in the sense that any ABSRA will either be detectable or
works use Petri nets to model and analyze CPSs. Petri nets inflict no damage to the system.
as a mathematical tool has been used to handle many prob- Jeon and Eun [65] studied a sensor attack named Robust
lems [51]–[60] in DESs. Others use finite state automata to Pole-dynamics Attack (RPDA) of CPSs. The RPDA can be
model and analyze CPS, such as [61], [62]. Thorsley and built with limited knowledge of a target system and can stay
Teneketzis [22] studied the intrusion detection of network stealthy until the attack succeeds. Specifically, the attack
attacks under DES framework and how to mitigate the dam- manifested itself by injecting faulty data into the sensor
age caused by attacks. Attackers totally changed the set of to undermine the stability of the feedback controller. The
enabled events ordered by the monitor. The main goal of the feedback controller instability would make the system unsta-
research was to design a monitor that can meet the specifica- ble. When a unique nominal model of target dynamics was
tions after abnormal operations and attacks. known, stealth can be retained by deploying a mechanism
This section introduces defense strategies against the similar to the disturbance observer (DOB), which can be
attacks at the perception execution layer and the data trans- designed to absorb the effects of mismatches between nomi-
mission layer. Little research is about the defense strategies nal and actual dynamics until the attack was successful. The
at the application control layer, which is thereby not detailed success of the attack depended on whether the system state
in this paper. exceeded the threshold. Sensor attacks using the dynamics
of unstable systems had been studied before, and the gen-
A. DEFENSE STRATEGIES AGAINST PERCEPTION eration of such attacks needed an accurate understanding of
EXECUTION LAYER ATTACKS the stealth of the target system, in other words, the attack
1) ATTACK ON SENSORS must completely eliminate the effects of instability at the
Goes et al. [63] studied the security of CPSs. A general model sensor to avoid being detected. If not, the attack would be
to detect deception attacks was proposed. Deception attacks detected anomaly detection. In their work, the DOB mecha-
can change sensor readings and mislead the controller, with nism was used to absorb the attack mismatch and the degree
the purpose of inducing the CPS into an undesirable state. of absorption was selected to delay detection until the attack
A new bipartite transfer structure was introduced, called the was successful. Therefore, this attack posed a more serious
insertion-deletion structure (IDA), to capture the interaction threat to the CPS than a conventional attack.
between the system and the attacker. The IDA was a discrete Yin [62] considered the problem of network attacks
transformation system and the foundation of the attack strat- defense under the framework of Mealy automata. Under this
egy synthesis problem. It can predict all possible actions of framework, observable events can be observed only when
an attacker including some steady behaviors, and can predict the relevant sensors were working normally. Without any
which state the system will reach when the attacker toke restrictive assumptions, the problem of monitor synthesis
different actions. was addressed for security and non-blocking specifications.
Meira-Goes et al. [64] also studied the synthesis of decep- Yin proposed an approach based on mode-transformation
tion attacks by stealth sensors. The work [64] was based on method, which consisted of two stages. First, a transformation
the framework of a random DES, resulting in a broader class algorithm was proposed that transformed the non-blocking
of attack strategies. Goes et al. studied the problem from supervisor synthesis problem of Mealy automata into a con-
the attacker’s perspective and modeled the attack strategy as ventional supervisor synthesis problem under partial obser-
probabilistic automata. According to the possibility of the vation. Then it was proved that a comprehensive supervisor
system reaching an unsafe state, they presented an optimal for the converting problems can indeed solve the original
attack strategy. problem.
Su [19] studied deception attacks under the framework Wakaiki et al. [66] considered the supervisory control
of DES. After intercepting sensor readings from a target problem of DES with multiple intruders. The goal of the
system, an attacker can arbitrarily alter them. The changed supervisor was to enforce a specific language on the plant
sensor readings would induce a given supervisor to issue without knowing which the intruder was, regardless of the
an incorrect control command, which can drive the sys- behavior of the intruder. They proposed a new concept of
tem to an undesirable state. First, a new concept of attack observability under attacks, which took into account the abil-
ability and attack under bounded sensor reading alterations ity of attacker to change symbols. For replacement-removal
(ABSRA) were presented. The system was modeled as a attacks, a supervisor was constructed by a robust product
finite automaton. As long as the system model and a given automaton. Product automata were also used to test the
supervisor can be modeled by a finite-state automaton, it was observability under replacement-removal attacks.

44222 VOLUME 8, 2020

L. Cao et al.: Survey of Network Attacks on CPSs

Two algorithms were proposed to reconstruct state by sen- of attack (GF-attack) variant of safe controllability in [68].
sor measurements. The first algorithm reconstructed the state At the same time, a test was developed to verify ‘‘GF-safe
from a batch of sensor measurements while the other was controllability’’.
able to incorporate new measurements as they become avail- Lima et al. [23] proposed a defense strategy involving
able, in the spirit of a Luenberger observer [67]. However, security module that can prevent network attacks on sensors
these two algorithms would be damaged by noise imposed and/or actuators. When the system was not attacked, this strat-
by attackers. Shoukry and Tabuada introduced the notion of egy would not change the behavior of the closed-loop system,
sparse observability to describe how to solve this problem. that is, the security module only disabled controlled events
An event-triggered method was used to verify timing perfor- when an intrusion event caused the system to enter an unsafe
mance of these two algorithms. state. In addition, they introduced undetectable network
attack (DNA) security and detectable network attack (UNA)
2) ATTACK ON ACTUATORS security to verify some properties of this strategy and gave
Carvalho et al. [21] considered the AE-attacks. In the case necessary and sufficient conditions of these two definitions.
of the AE-attacks, some actuators were vulnerable to attacks. For sake of implement the security module, it is necessary
The problem that the authors address was to protect a sys- to ensure that it would not run counter to the designed
tem from a predefined set of unsafe states after an attack. supervisory control system. In the last, they also presented
The specific approach was as follows: firstly, they modeled the necessary and sufficient conditions for the UNA and DNA
the system under AE-attacks as a deterministic finite state security of the system.
automaton. Next, a model-based approach was adopted to Teixeira et al. [69] studied the typical control structure of
accurately capture the vulnerabilities and attacks of the con- control systems under network attacks. On this basis, a gen-
trol system. The unsafe behavior that an attacker was trying to eral antagonism model was discussed that was suitable for
induce and the resiliency that the system defender was hoping many attack scenarios, and the attack resources were mapped
to achieve can be described by the model-based methods. to the corresponding dimension of the attack space. By the
In addition, the model-based methods can monitor deviations detailed discussion of replay attacks, zero dynamic attacks
of the attacked system from normal system. Finally, based and bias injection attacks, the concept of confrontation model
on the results of supervisory control and fault diagnosis of and attack space were illustrated. Subsequently, the work [70]
DES, they proposed a defense strategy that can detect attacks mainly considered the case where an attacker performed the
and disable all controllable actuator events immediately once zero dynamic attack on the system. Firstly, the stealth char-
an attack was detected. The new concept of AE-security acteristics of the attack were characterized and analyzed, and
controllability was defined, which represented the ability to then the system structure was modified to detect such attacks.
use the proposed defense strategy to avoid the system entering Finally, the zero dynamic attack was solved by modifying the
an unsafe state after an attack, which was a variant of safe input, output and dynamic characteristics of the system.
controllability in [68]. Finally, an algorithm was proposed to Pasqualetti et al. [71] modeled CPS under attacks as a
verify whether the system can automatically control security. descriptor system whose constraints were unknown inputs
that affected state and measurement. Firstly, based on the
3) ATTACKS ON SENSORS AND ACTUATORS established model, the concepts of attack detectability and
Carvalho et al. [24] considered the intrusion detection and recognizability were defined by the impact of attacks on
mitigation problems of supervisory control systems under the output measurement. Then, the limitations of a class
AE-attacks, SE-attacks and SI-attacks. Attackers can intrude of monitors were pointed out from two aspects of system
some vulnerable sensors and then erase real sensor readings theory and graph theory. The main performance is as follows:
or insert false ones. It may lead the system to enter an unsafe 1) the monitor can detect the network physical attack if and
state. First, their work presented deterministic finite-state only if the signal of the attacker triggers zero dynamics of
automata for these classes of attacks. Then, a defense strategy the input/output system; 2) the monitor can carry out unde-
was proposed to detect such attacks online and disable all tectable or unrecognized attacks if the monitoring signal was
controllable events after detection. Finally, an algorithmic not clear, the monitor cannot detect or recognize attacks.
program was developed to verify whether the system can Finally, a graph theory description of undetectable attack was
be protected from damages caused by attacks, where the proposed.
damages were modeled as the accessibility of a predefined Park et al. [72] solved the problem of designing a robust
set of unsafe system states. The approach was similar to the attack for the opponent to break through the uncertain
work in [68], which proposed a strategy of fault detection CPS without being detected. First they reinterpreted the
on-line and reconfiguration of control law when faults are zero-dynamics attack in terms of the normal representation.
detected. In this case, the sufficient and necessary condition Then, a new zero dynamic attack method was proposed for
to be concerned with is ‘‘General Form of safe controllabil- uncertain systems [9], [70], [71]. The alternative method
ity (GF-safe controllability)’’, which was a property to be used a disturbance observer and did not need perfect system
satisfied if the system was successfully satisfied to prevent knowledge to stay stealthy. A robust zero-dynamics attack
damage caused by AE, SE or SI attacks and a General Form required a nominal model of a plant as well as the input and

VOLUME 8, 2020 44223

 L. Cao et al.: Survey of Network Attacks on CPSs

output signals of the system. The presented attack illustrated randomly injected the control packets in the system.
how the attackers can use disclosure resources of CPSs rather Befekadu et al. introduced a new equivalent probability mea-
than perfect model knowledge. sure to characterize all properties of a stochastic process.
Hoehn and Zhang [42] inserted the modulation matrix Then a hidden Markov model was extended by a memory-
into the actuator signal path to alter the output behavior of less Bernoulli process to get a perfect risk-sensitive control
system and detect attacks, and Fritz and Zhang [73] extended strategy.
this method to all actuator and sensor channels to detect Amin et al. [76] studied the effects of DoS attacks on
replay attacks and covert attacks, and adapted it to meet the the performance of linear quadratic gaussian (LQG) control.
requirements of DES. They accomplished attack detection They aimed to design a control strategy to minimize sys-
by comparing the received signals from the CPS with the tem cost function in DoS attack environment and pro-
expected behavior of the model. Fritz and Zhang mainly posed an optimal solution based on positive semidefinite
contributed to the attack model for covert attacks and replay programming.
attacks of CPS modeled by DES, as well as detection methods Foroush and Martinez [77] presented an plant-jammer-
for such network attacks. On the basis of altering the input operator control strategy for periodic DoS attacks with
and output behavior, the proposed approach can be easily limited power in the control system. They proposed an
achieved by a permutation matrix. In addition, it didn’t limit event-triggering time-sequence to reduce communication.
the vulnerability of sensor and actuator channels. Therefore, In addition, they proved this triggering time-sequence can
an attacker can access all sensor and actuator data, that is, all resist DoS attack and ensure the stability of the system state
sensor and actuator signals can be observed and changed. under some circumstances.
De Persis and Tesi [78] presented a general DoS attack
B. DEFENSE STRATEGIES AGAINST DATA TRANSMISSION model that only constrains the attacker action in time by
LAYER ATTACKS posing limitations on the frequency of DoS attacks and their
duration. It is possible to capture many different types of
1) MAN-IN-THE-MIDDLE ATTACKS
DoS attacks, including trivial, periodic, random and protocol-
Man-in-the-middle attacks are one of the most powerful net-
aware jamming attacks. Later, based on the DoS attack
work attacks of CPSs. Once a CPS suffered from a man-in-
model in [78], Feng and Tesi [79] studied maximally robust
the-middle attack, the intruder can observe, hide, create or
controllers under DoS attacks. They aimed to maximize
change information in the attacked sensor or control commu-
frequency and continuance of DoS attacks without undam-
nication channel [20], [25].
aging closed-loop stability. And Dolk et al. [80] studied a
Lima et al. [20] studied the man-in-the-middle attack.
framework for output-based dynamic event-triggered con-
They built a deterministic model of systems under sensor
trol (ETC) systems under DoS attacks.
channel attacks and actuator channel attacks, and proposed
While advanced controllers were exchanging information,
a defense strategy that detected intrusions and protected the
a DoS attack may analyze the transmitted information and
system from damages caused by man-in-the-middle attacks
find vulnerabilities. Once a vulnerability of system was dis-
on communication networks channels in CPS. In addition,
covered, the system can be intruded by the DoS attack, which
they defined a safe controllability under network attacks,
caused a (Direct current) DC microgrid to enter an unsafe
called NA-safe controllability, which can detect attacks in the
state. A framework was proposed to study the fault ride-
network and prevented the system from reaching an unsafe
through capability of DC microgrids in DoS attacks [81].
state, and an algorithm was presented to verify this attribute.
In the last, two simulation case studies showed the effective-
Finally, a kind of computing device was developed to detect
ness of that framework.
the attack that led to an unsafe state, which was called intru-
sion detection module.
V. CONCLUSION AND FUTURE WORK
Lima et al. [25] extended the work [20]. First, they proved
With the advent of the 5G era, information systems and phys-
that correctness of the NA-safe controllability verification
ical systems are undergoing tremendous changes. CPSs have
algorithm in [20]. They showed how to use a security module
become prevalent in a vast range of applications, including
against attacks in the communication network channel of
industrial control systems, advanced communication, smart
CPS, and finally proved that NA-safe controllability was a
power grids and transportation networks. However, people
sufficient and necessary condition for the security module.
cannot ignore the serious threats to CPSs caused by net-
work attacks while considering saving production costs and
2) DENIAL-OF-SERVICE ATTACKS improving production efficiency. Therefore, it is increasingly
At present, mathematical models such as Queuing model [67], important to improve the safety and performance of CPSs.
Bernoulli model [74] and Markov model [75] have been In recent years, more and more cases of network attacks on
applied to the study of CPSs performance under DoS attacks. CPSs show that the destructiveness and pertinence of network
Befekadu et al. [75] studied a finite-horizon risk-sensitive attacks have been improved than before. Attackers can use
control problem of DoS attacks under a Markov modu- the network to launch attacks on public infrastructures such
lated model. Attackers would use a hidden Markov model, as smart grids, smart transportation, and large hydropower

44224 VOLUME 8, 2020

L. Cao et al.: Survey of Network Attacks on CPSs

stations, which have seriously threatened national security, [10] X. Wang, Z. Ning, M. Zhou, X. Hu, L. Wang, Y. Zhang, F. R. Yu, and
social stability, and economic development. Therefore, it is B. Hu, ‘‘Privacy-preserving content dissemination for vehicular social net-
works: Challenges and solutions,’’ IEEE Commun. Surveys Tuts., vol. 21,
urgent to quickly and effectively improve the CPS defense no. 2, pp. 1314–1345, 2nd Quart., 2019.
capability. This paper reviews the types of network attacks [11] Y. Xie, L. Liu, R. Li, J. Hu, Y. Han, and X. Peng, ‘‘Security-aware signal
in CPS, intrusion detection methods and defense strategies in packing algorithm for CAN-based automotive cyber-physical systems,’’
IEEE/CAA J. Automatica Sinica, vol. 2, no. 4, pp. 422–430, Oct. 2015.
the literature. [12] E. A. Lee, ‘‘Cyber physical systems: Design challenges,’’ in Proc. 11th
CPSs in the future may no longer face a single attack IEEE Int. Symp. Object Compon.-Oriented Real-Time Distrib. Comput.
only but face multiple attacks. It could happen that a CPS (ISORC), Orlando, FL, USA, May 2008, pp. 363–369.
[13] J. Shi, J. Wan, H. Yan, and H. Suo, ‘‘A survey of cyber-physical systems,’’
is attacked by multiple intruders at the same time or the in Proc. Int. Conf. Wireless Commun. Signal Process. (WCSP), 2011,
intruder is capable of launching multiple network attacks pp. 1–6.
simultaneously on the system. For example, a system may be [14] Y. Mo, T. H.-J. Kim, K. Brancik, D. Dickinson, H. Lee, A. Perrig, and
B. Sinopoli, ‘‘Cyber–physical security of a smart grid infrastructure,’’
subjected to replay attacks and covert attacks simultaneously.
Proc. IEEE, vol. 100, no. 1, pp. 195–209, Jan. 2012.
Obviously, the existing detection methods and defense strate- [15] T. Lu, B. Xu, X. Guo, L. Zhao, and F. Xie, ‘‘A new multilevel framework
gies for a single attack are not enough to ensure the security for cyber-physical system security,’’ in Proc. 1st Int. Workshop Swarm
of CPSs in this case. An important object of our future work Edge Cloud, 2013, pp. 1–2.
[16] Y. Liu, Y. Peng, B. Wang, S. Yao, and Z. Liu, ‘‘Review on cyber-physical
is thus detecting each of the multiple attacks quickly and systems,’’ IEEE/CAA J. Autom. Sinica, vol. 4, no. 1, pp. 27–40, Jan. 2017.
designing a comprehensive defense strategy to make the sys- [17] Y. Cherdantseva, P. Burnap, A. Blyth, P. Eden, K. Jones, H. Soulsby, and
tem run normally. Wakaiki et al. [66] first studied multiple K. Stoddart, ‘‘A review of cyber security risk assessment methods for
SCADA systems,’’ Comput. Secur., vol. 56, pp. 1–27, Feb. 2016.
attacks and Gao et al. [82] recently studied how to detect [18] N. Evancich and J. Li, ‘‘Attacks on industrial control systems,’’ in Cyber-
multiple attacks on DESs but did not provide corresponding Security of SCADA and Other Industrial Control Systems. Springer, 2016,
defense strategies. In summary, the current research on intru- ch. 6, pp. 95–110, doi: 10.1007/978-3-319-32125-7_6.
[19] R. Su, ‘‘Supervisor synthesis to thwart cyber attack with bounded sensor
sion detection and defense strategy design for multiple attacks reading alterations,’’ Automatica, vol. 94, pp. 35–44, Aug. 2018.
is still in its infancy. How to deal with multiple network [20] P. M. Lima, M. V. S. Alves, L. K. Carvalho, and M. V. Moreira, ‘‘Secu-
attacks in CPSs should be investigated in the future work. rity against network attacks in supervisory control systems,’’ IFAC-
On the other hand, the attack issues in the future work may be PapersOnLine, vol. 50, no. 1, pp. 12333–12338, Jul. 2017.
[21] L. K. Carvalho, Y.-C. Wu, R. Kwong, and S. Lafortune, ‘‘Detection and
studied by generalizing the problem setting on the considered prevention of actuator enablement attacks in supervisory control systems,’’
CPSs. We may consider the case that we do not know for in Proc. 13th Int. Workshop Discrete Event Syst. (WODES), Xi’an, China,
sure the initial state of the system or we can only get the May 2016, pp. 298–305.
[22] D. Thorsley and D. Teneketzis, ‘‘Intrusion detection in controlled discrete
partial observation of the behavior of the considered system. event systems,’’ in Proc. 45th IEEE Conf. Decis. Control, San Diego, CA,
Besides, since almost all studies in the literature use automata USA, Dec. 2006, pp. 6047–6054.
to model CPSs when dealing with attack issues, we may try to [23] P. M. Lima, L. K. Carvalho, and M. V. Moreira, ‘‘Detectable and unde-
tectable network attack security of cyber-physical systems,’’ IFAC-
use Petri nets as a modelling tool to solve the problem to see PapersOnLine, vol. 51, no. 7, pp. 179–185, 2018.
if we can gain some advantages in computational complexity. [24] L. K. Carvalho, Y.-C. Wu, R. Kwong, and S. Lafortune, ‘‘Detection and
mitigation of classes of attacks in supervisory control systems,’’ Automat-
ica, vol. 97, pp. 121–133, Nov. 2018.
REFERENCES [25] P. M. Lima, M. V. S. Alves, L. K. Carvalho, and M. V. Moreira, ‘‘Secu-
[1] R. Baheti and H. Gill, ‘‘Cyber-physical systems,’’ Impact Control Technol., rity against communication network attacks of cyber-physical systems,’’
vol. 12, no. 1, pp. 161–166, Mar. 2011. J. Control, Autom. Electr. Syst., vol. 30, no. 1, pp. 125–135, Feb. 2019.
[2] H. Ge, D. Yue, X. P. Xie, S. Deng, and S. L. Hu, ‘‘Analysis of cyber phys- [26] D. E. Comer and R. E. Droms, Computer Networks and Internets.
ical systems security issue via uncertainty approaches,’’ in Proc. Adv. Upper Saddle River, NJ, USA: Prentice-Hall, 2003. [Online]. Available:
Comput. Methods Life Syst. Model. Simulation. Nanjing, China: Springer, [Link]
2017, ch. 6, sec. 6, pp. 421–431. [27] A. D. Wood and J. A. Stankovic, ‘‘Denial of service in sensor networks,’’
[3] L. U. Challenge, ‘‘Leadership under challenge: Information technology Computer, vol. 35, no. 10, pp. 54–62, Oct. 2002.
R&D in a competitive world, president’s council of advisors on science [28] W. Xu, K. Ma, W. Trappe, and Y. Zhang, ‘‘Jamming sensor networks:
and technology (PCAST) report,’’ Tech. Rep., 2007. Attack and defense strategies,’’ IEEE Netw., vol. 20, no. 3, pp. 41–47,
[4] H. Kagermann, ‘‘Change through digitization-Value creation in the age of May/Jun. 2006.
Industry 4.0,’’ in Management of Permanent Change, National Academy [29] S. Liu, X. P. Liu, and A. El Saddik, ‘‘Denial-of-Service (dos) attacks on
of Science and Engineering, Berlin, Germany: Springer, 2015, ch. 2, load frequency control in smart grids,’’ in Proc. IEEE PES Innov. Smart
pp. 23–45. Grid Technol. Conf. (ISGT), Washington, DC, USA, Feb. 2013, pp. 1–6.
[5] M. Annunziata and P. C. Evans, ‘‘The industrial Internet@ work,’’ Gen. [30] P. Srikantha and D. Kundur, ‘‘Denial of service attacks and mitigation
Electr., Boston, MA, USA, White Paper, 2013. for stability in cyber-enabled power grid,’’ in Proc. IEEE Power Energy
[6] Advanced Research and Technology for Embedded Intelligence and Sys- Soc. Innov. Smart Grid Technol. Conf. (ISGT), Washington, DC, USA,
tems, ARTEMIS Ind. Assoc., Eindhoven, The Netherlands, 2007. Feb. 2015, pp. 1–5.
[7] B. Schätz, M. Törngren, R. Passerone, H. Pfeifer, S. Bensalem, [31] J. Zhang, R. S. Blum, L. M. Kaplan, and X. Lu, ‘‘Functional forms of opti-
J. McDermid, A. S. Vincentelli, and M. V. Cengarle, ‘‘CyPhERS- mum spoofing attacks for vector parameter estimation in quantized sensor
cyber-physical European roadmap and strategy,’’ Fortiss GmbH, Munich, networks,’’ IEEE Trans. Signal Process., vol. 65, no. 3, pp. 705–720,
Germany, Tech. Rep. 611430, 2015. Feb. 2017.
[8] M. M. Rana, L. Li, and S. W. Su, ‘‘Cyber attack protection and control of [32] S. Teng, N. Wu, W. Zhang, and X. Fu, ‘‘Cooperative intrusion detection
microgrids,’’ IEEE/CAA J. Automatica Sinica, vol. 5, no. 2, pp. 602–609, based on object monitoring,’’ Acta Sci. Nat. Univ. Sunyatseni, vol. 47, no. 6,
Mar. 2018. pp. 76–81, 2008.
[9] A. Teixeira, I. Shames, H. Sandberg, and K. H. Johansson, ‘‘A secure con- [33] J. P. Anderson, ‘‘Computer security threat monitoring and surveil-
trol framework for resource-limited adversaries,’’ Automatica, vol. 51, lance,’’ James P. Anderson Company, Philadelphia, PA, USA, Tech. Rep.
pp. 135–148, Jan. 2015. 79F296400, Apr. 1980.

VOLUME 8, 2020 44225

 L. Cao et al.: Survey of Network Attacks on CPSs

[34] D. E. Denning, ‘‘An intrusion-detection model,’’ IEEE Trans. Softw. Eng., [58] G. Liu, C. Jiang, and M. Zhou, ‘‘Two simple deadlock prevention poli-
vol. SE-13, no. 2, pp. 222–232, Feb. 1987. cies for S3 PR based on key-resource/operation-place pairs,’’ IEEE Trans.
[35] T. F. Lunt and R. Jagannathan, ‘‘A prototype real-time intrusion-detection Autom. Sci. Eng., vol. 7, no. 4, pp. 945–957, Oct. 2010.
expert system,’’ in Proc. IEEE Symp. Secur. Privacy, Oakland, CA, USA, [59] G. J. Liu, C. J. Jiang, and M. C. Zhou, ‘‘Improved sufficient condition
Apr. 1988, pp. 59–66. for the controllability of dependent siphons in system of simple sequen-
[36] L. T. Heberlein, G. V. Dias, K. N. Levitt, B. Mukherjee, J. Wood, and tial processes with resources,’’ IET Control Theory Appl., vol. 5, no. 9,
D. Wolber, ‘‘A network security monitor,’’ Dept. Elect. Eng. Comput. pp. 1059–1068, Jun. 2011.
Sci., Lawrence Livermore Nat. Lab., California Univ., Davis, CA, USA, [60] Y. Wang, H. Liu, W. Zheng, Y. Xia, Y. Li, P. Chen, K. Guo, and H. Xie,
Tech. Rep. UCRL-CR-105095 and DE91007139, 1989. ‘‘Multi-objective workflow scheduling with deep-Q-network-based multi-
[37] M. Roesch, ‘‘Lightweight intrusion detection for networks,’’ in Proc. LISA, agent reinforcement learning,’’ IEEE Access, vol. 7, pp. 39974–39982,
2005, pp. 229–238. 2019.
[38] W. Zhu, M. Deng, and Q. Zhou, ‘‘An intrusion detection algorithm for [61] F. G. Cabral, M. V. Moreira, O. Diene, and J. C. Basilio, ‘‘A Petri net
wireless networks based on ASDL,’’ IEEE/CAA J. Automatica Sinica, diagnoser for discrete event systems modeled by finite state automata,’’
vol. 5, no. 1, pp. 92–107, Jan. 2018. IEEE Trans. Autom. Control, vol. 60, no. 1, pp. 59–71, Jan. 2015.
[39] K. Ilgun, R. A. Kemmerer, and P. A. Porras, ‘‘State transition analysis: A [62] X. Yin, ‘‘Supervisor synthesis for mealy automata with output functions:
rule-based intrusion detection approach,’’ IEEE Trans. Softw. Eng., vol. 21, A model transformation approach,’’ IEEE Trans. Autom. Control, vol. 62,
no. 3, pp. 181–199, Mar. 1995. no. 5, pp. 2576–2581, May 2017.
[40] M. Markou and S. Singh, ‘‘Novelty detection: A review-part 1: Statistical
[63] R. M. Goes, E. Kang, R. Kwong, and S. Lafortune, ‘‘Stealthy deception
approaches,’’ Signal Process., vol. 83, no. 12, pp. 2481–2497, Dec. 2003.
attacks for cyber-physical systems,’’ in Proc. IEEE 56th Annu. Conf. Decis.
[41] K. Scarfone and P. Mell, ‘‘Guide to intrusion detection and prevention
Control (CDC), Melbourne, VIC, Australia, Dec. 2017, pp. 4224–4230.
systems (IDPS),’’ Nat. Inst. Standards Technol., Gaithersburg, MA, USA,
[64] R. Meira-Goes, R. Kwong, and S. Lafortune, ‘‘Synthesis of sensor decep-
Tech. Rep. NIST SP 800-94, 2012.
tion attacks for systems modeled as probabilistic automata,’’ in Proc. Amer.
[42] A. Hoehn and P. Zhang, ‘‘Detection of covert attacks and zero dynamics
Control Conf. (ACC), Philadelphia, PA, USA, Jul. 2019, pp. 5620–5626.
attacks in cyber-physical systems,’’ in Proc. Amer. Control Conf. (ACC),
Boston, MA, USA, Jul. 2016, pp. 302–307. [65] H. Jeon and Y. Eun, ‘‘A stealthy sensor attack for uncertain cyber-physical
[43] K. Hoffman, D. Zage, and C. Nita-Rotaru, ‘‘A survey of attack and defense systems,’’ IEEE Internet Things J., vol. 6, no. 4, pp. 6345–6352, Aug. 2019.
techniques for reputation systems,’’ ACM Comput. Surv., vol. 42, no. 1, [66] M. Wakaiki, P. Tabuada, and J. P. Hespanha, ‘‘Supervisory control of
pp. 1–31, Dec. 2009. discrete-event systems under attacks,’’ Dyn. Games Appl., vol. 9, no. 4,
[44] A. Lazarevic, V. Kumar, and J. Srivastava, ‘‘Intrusion detection: A survey,’’ pp. 965–983, Sep. 2018.
in Managing Cyber Threats. Springer, 2005, ch. 1, sec. 2, pp. 19–78. [67] Y. Shoukry and P. Tabuada, ‘‘Event-triggered state observers for sparse
[Online]. Available: [Link] sensor Noise/Attacks,’’ IEEE Trans. Autom. Control, vol. 61, no. 8,
24230-9_2 pp. 2079–2091, Aug. 2016.
[45] C. Modi, D. Patel, B. Borisaniya, H. Patel, A. Patel, and M. Rajarajan, [68] A. Paoli, M. Sartini, and S. Lafortune, ‘‘Active fault tolerant control of
‘‘A survey of intrusion detection techniques in cloud,’’ J. Netw. Comput. discrete event systems using online diagnostics,’’ Automatica, vol. 47,
Appl., vol. 36, no. 1, pp. 42–57, Jan. 2013. no. 4, pp. 639–649, Apr. 2011.
[46] C. V. Zhou, C. Leckie, and S. Karunasekera, ‘‘A survey of coordinated [69] A. Teixeira, D. Pérez, H. Sandberg, and K. H. Johansson, ‘‘Attack models
attacks and collaborative intrusion detection,’’ Comput. Secur., vol. 29, and scenarios for networked control systems,’’ in Proc. 1st Int. Conf.
no. 1, pp. 124–140, Feb. 2010. High Confidence Netw. Syst. (HiCoNS), Montreal, QC, Canada, 2012,
[47] S. Teng, N. Wu, H. Zhu, L. Teng, and W. Zhang, ‘‘SVM-DT-based adap- pp. 55–64.
tive and collaborative intrusion detection,’’ IEEE/CAA J. Automatica [70] A. Teixeira, I. Shames, H. Sandberg, and K. H. Johansson, ‘‘Revealing
Sinica, vol. 5, no. 1, pp. 108–118, Jan. 2018. stealthy attacks in control systems,’’ in Proc. 50th Annu. Allerton Conf.
[48] M. R. C. Acosta, S. Ahmed, C. E. Garcia, and I. Koo, ‘‘Extremely random- Commun., Control, Comput. (Allerton), Monticello, IL, USA, Oct. 2012,
ized trees-based scheme for stealthy cyber-attack detection in smart grid pp. 1806–1813.
networks,’’ IEEE Access, vol. 8, pp. 19921–19933, 2020. [71] F. Pasqualetti, F. Dorfler, and F. Bullo, ‘‘Attack detection and identification
[49] H. Zhengbing, S. Jun, and V. P. Shirochin, ‘‘An intelligent lightweight in cyber-physical systems,’’ IEEE Trans. Autom. Control, vol. 58, no. 11,
intrusion detection system with forensics technique,’’ in Proc. 4th IEEE pp. 2715–2729, Nov. 2013.
Workshop Intell. Data Acquisition Adv. Comput. Syst., Technol. Appl., [72] G. Park, H. Shim, C. Lee, Y. Eun, and K. H. Johansson, ‘‘When adver-
Dortmund, Germany, Sep. 2007, pp. 647–651. sary encounters uncertain cyber-physical systems: Robust zero-dynamics
[50] M. Agarwal, S. Purwar, S. Biswas, and S. Nandi, ‘‘Intrusion detection attack with disclosure resources,’’ in Proc. IEEE 55th Conf. Decis. Control
system for PS-poll DoS attack in 802.11 networks using real time discrete (CDC), Las Vegas, NV, USA, Dec. 2016, pp. 5085–5090.
event system,’’ IEEE/CAA J. Automat. Sinica, vol. 4, no. 4, pp. 792–808, [73] R. Fritz and P. Zhang, ‘‘Modeling and detection of cyber attacks on dis-
Oct. 2017. crete event systems,’’ IFAC-PapersOnLine, vol. 51, no. 7, pp. 285–290,
[51] X. Guo, S. Wang, D. You, Z. Li, and X. Jiang, ‘‘A siphon-based deadlock May 2018.
prevention strategy for S3PR,’’ IEEE Access, vol. 7, pp. 86863–86873,
[74] S. Amin, G. A. Schwartz, and S. S. Sastry, ‘‘Security of interdependent
2019.
and identical networked control systems,’’ Automatica, vol. 49, no. 1,
[52] S. Wang, D. You, and M. Zhou, ‘‘A necessary and sufficient condition for a
pp. 186–192, Jan. 2013.
resource subset to generate a strict minimal siphon in s 4PR,’’ IEEE Trans.
[75] G. K. Befekadu, V. Gupta, and P. J. Antsaklis, ‘‘Risk-sensitive control
Autom. Control, vol. 62, no. 8, pp. 4173–4179, Aug. 2017.
under Markov modulated Denial-of-Service (DoS) attack strategies,’’
[53] Y. Teng, Y. Du, L. Qi, and W. Luan, ‘‘A logic Petri net-based method for
IEEE Trans. Autom. Control, vol. 60, no. 12, pp. 3299–3304, Dec. 2015.
repairing process models with concurrent blocks,’’ IEEE Access, vol. 7,
pp. 8266–8282, 2019. [76] S. Amin, A. A. Cárdenas, and S. S. Sastry, ‘‘Safe and secure networked
[54] W. Duo, X. Jiang, O. Karoui, X. Guo, D. You, S. Wang, and control systems under denial-of-service attacks,’’ in Proc. Int. Workshop
Y. Ruan, ‘‘A deadlock prevention policy for a class of multithreaded Hybrid Syst., Comput. Control, San Francisco, CA, USA, 2009, pp. 31–45.
software,’’ IEEE Access, vol. 8, pp. 16676–16688, 2020, doi: [77] H. S. Foroush and S. Martinez, ‘‘On event-triggered control of linear
10.1109/ACCESS.2020.2964312. systems under periodic denial-of-service jamming attacks,’’ in Proc. IEEE
[55] S. Wang, D. You, and C. Seatzu, ‘‘A novel approach for constraint trans- 51st IEEE Conf. Decis. Control (CDC), Dec. 2012, pp. 2551–2556.
formation in Petri nets with uncontrollable transitions,’’ IEEE Trans. Syst., [78] C. De Persis and P. Tesi, ‘‘Input-to-State stabilizing control under Denial-
Man, Cybern., Syst., vol. 48, no. 8, pp. 1403–1410, Aug. 2018. of-Service,’’ IEEE Trans. Autom. Control, vol. 60, no. 11, pp. 2930–2944,
[56] S. Wang, C. Wang, M. Zhou, and Z. Li, ‘‘A method to compute strict min- Nov. 2015.
imal siphons in a class of Petri nets based on loop resource subsets,’’ IEEE [79] S. Feng and P. Tesi, ‘‘Resilient control under Denial-of-service: Robust
Trans. Syst., Man, Cybern. A, Syst. Humans, vol. 42, no. 1, pp. 226–237, design,’’ Automatica, vol. 79, pp. 42–51, May 2017.
Jan. 2012. [80] V. S. Dolk, P. Tesi, C. De Persis, and W. P. M. H. Heemels, ‘‘Event-
[57] G. Liu, ‘‘Complexity of the deadlock problem for Petri nets modeling triggered control systems under Denial-of-Service attacks,’’ IEEE Trans.
resource allocation systems,’’ Inf. Sci., vol. 363, pp. 190–197, Oct. 2016. Control Netw. Syst., vol. 4, no. 1, pp. 93–105, Mar. 2017.

44226 VOLUME 8, 2020

L. Cao et al.: Survey of Network Attacks on CPSs

[81] J. Liu, X. Lu, and J. Wang, ‘‘Resilience analysis of DC microgrids under SHOUGUANG WANG (Senior Member, IEEE)
denial of service threats,’’ IEEE Trans. Power Syst., vol. 34, no. 4, received the B.S. degree in computer science from
pp. 3199–3208, Jul. 2019. the Changsha University of Science and Tech-
[82] C. Gao, C. Seatzu, Z. Li, and A. Giua, ‘‘Multiple attacks detection on nology, Changsha, China, in 2000, and the Ph.D.
discrete event systems,’’ in Proc. IEEE Int. Conf. Syst., Man Cybern. degree in electrical engineering from Zhejiang
(SMC), Bari, Italy, Oct. 2019, pp. 2352–2357. University, Hangzhou, China, in 2005.
In 2005, he joined Zhejiang Gongshang Uni-
versity, where he is currently a Professor with the
School of Information and Electronic Engineering,
the Director of the Discrete-Event Systems Group,
LIWEI CAO received the B.S. degree from the and the Dean of the System Modeling and Control Research Institute.
School of Information and Electronic Engineering, He was a Visiting Professor with the Department of Electrical and Computer
Zhejiang Gongshang University, China, in 2018, Engineering, New Jersey Institute of Technology, Newark, NJ, USA, from
where she is currently pursuing the M.S. degree. 2011 to 2012, and the Electrical and Electronic Engineering Department,
Her main interests include supervisory control of University of Cagliari, Cagliari, Italy, from 2014 to 2015. He was the Dean
discrete event systems and Petri net theory and of the Department of Measuring and Control Technology and Instrument,
application. from 2011 to 2014. He is currently an Associate Editor of IEEE ACCESS and
the IEEE/CAA JOURNAL OF AUTOMATICA SINICA.

DAN YOU (Student Member, IEEE) received

XIAONING JIANG received the M.E. degree the B.S. and M.S. degrees from the School of
in electronic engineering from Hangzhou Dianzi Information and Electronic Engineering, Zhejiang
University, Hangzhou, China, in 1993, and the Gongshang University, China, in 2014 and 2017,
Ph.D. degree in computer science and technol- respectively. Her research interests include super-
ogy from Zhejiang University, Hangzhou, in 2000. visory control of discrete event systems, fault
He is currently an Associate Professor and a Senior prediction, and deadlock control and siphon com-
Engineer with Zhejiang Gongshang University, putation in Petri nets.
where he is also the Vice Dean of the IoT Research
Institute. He has published more than 30 research
articles and ten invention patents. His research
interests include applied information systems, network and information secu-
rity, the industrial IoT, visual analytic, and Fin-tech.

XIANLI XU received the B.S. and master’s degrees

in automatic control and Computer Engineering
from Zhejiang University, China, in 1994 and
YUMEI ZHAO received the B.S. degree from the 2002, respectively. His research directions are
School of Information and Electronic Engineering, automatic control, communication technology,
Zhejiang Gongshang University, China, in 2019, image processing, artificial intelligence, and block
where she is currently pursuing the M.S. degree. chain application. He has presided over 3D draw-
Her main interests include supervisory control of ing of the global lighting graphics accelerated ren-
discrete event systems and Petri net theory and dering research, the Zhejiang Province Science
application. and Technology Department project, Ei published
in the Journal of Electronics and Informatics in Multichannel 3D ink
rendering model for contour optimization.

VOLUME 8, 2020 44227