A Resilient Control Strategy for Cyber-Physical Systems Subject to Denial of Service Attacks: A Leader-Follower Set-Theoretic Approach Giuseppe Franzè, Senior Member, IEEE, Domenico Famularo, Walter Lucia, Member, IEEE, and Francesco Tedesco, Member, IEEE Abstract—Multi-agent systems are usually equipped with open communication infrastructures to improve interactions efficiency, reliability and sustainability. Although technologically cost- effective, this makes them vulnerable to cyber-attacks with potentially catastrophic consequences. To this end, we present a novel control architecture capable to deal with the distributed constrained regulation problem in the presence of time-delay attacks on the agents’ communication infrastructure. The basic idea consists of orchestrating the interconnected cyber-physical system as a leader-follower configuration so that adequate control actions are computed to isolate the attacked unit before it compromises the system operations. Simulations on a multi-area power system confirm that the proposed control scheme can reconfigure the leader-follower structure in response to denial of- service (DoS) attacks. Index Terms—Denial-of-service (DoS) attacks, distributed model predictive control, leader-follower paradigm, resilient control.   I. Introduction M ULTI-AGENT systems control and coordination is a current research hot topics [1]–[5]. This is partly due to broad applications of multi-agent systems (MAS) in cooperative control of unmanned air vehicles (UAV) and/or unmanned ground vehicles (UGV), scheduling of automated highway systems, formation control of satellite clusters and congestion control in communication networks, see e.g., [6]. For these systems category, the appellation “cyber-physical system” (CPS) [7] is used by the researchers because the interaction between computers, networking media/resources, and physical systems is arranged so that multi-disciplinary technologies (embedded systems, computers, communications and controls) are required to accomplish prescribed missions, see e.g., [8]. Moreover, it is important to take care that the rapid development of automotive telematics is going to evolve the traditional Vehicular Ad-Hoc Networks to the Internet of Vehicles, which promises efficient and intelligent prospect for future transportation systems [9].   A. Motivations Whereas CPSs employing non-stationary nodes, which are gradually integrated into the physical world, ensuring their safety and security become a nonetheless crucial goal. Due to their real-time, energy and safety constraints, coupled with their reliance on communication mediums that are subject to interference and intentional jamming, the projected complexities in CPSs will far exceed those of traditional computing systems. Such an increase in complexity widens the malicious opportunities for foes because with many components interacting together, the capability to discriminate between normal and abnormal behaviors becomes really awkward. In particular, when agents fail to exchange critical information, adverse effects occur since the agents work more independently. These undesirable phenomena are categorized as denial of services (DoS) whose main consequence is the degradation in communication performance, i.e., increasing latency effects [10]. Along these lines, control theory can be used to detect and attenuate the consequences of cyber-attacks on networked control systems (NCS) by means of fault diagnosis and reconfiguration techniques [11], predictive- based robust and constrained approaches [12], and so on, see [13] and references therein.   B. Related Work Cyber-attacks on control systems compromising measure- ment and actuator data integrity and availability have been considered in [14], where the authors modeled their effects on the physical dynamics. Availability attacks have been further analyzed in [15], [16] for resource-constrained attackers with full-state information. Particularly, these contributions considered DoS attacks where the attacker could be capable to jam the communication channels and prevent measure- ment/actuator data to reach its destination, rendering the data unavailable. Moreover, a particular instance of the DoS attack in which the attacker does not have any a priori system knowledge has been detailed in [15]. A common feature of these works is the analysis on the effects of attacks in the data communication phase for NCS, see also [17], [18]. In [17] a Manuscript received October 15, 2019; revised January 19, 2020; accepted February 22, 2020. Recommended by Associate Editor Giuseppe Maria Luigi Sarnè. (Corresponding author: Francesco Tedesco.) Citation: G. Franzè, D. Famularo, W. Lucia, and F. Tedesco, “A resilient control strategy for cyber-physical systems subject to denial of service attacks: A leader-follower set-theoretic approach,” IEEE/CAA J. Autom. Sinica, vol. 7, no. 5, pp. 1204–1214, Sept. 2020. G. Franzè, D. Famularo, and F. Tedesco are with DIMES Department, Università della Calabria, Via Pietro Bucci 87036, Italy (e-mail: giuseppe.franze@unical.it; domenico.famularo@unical.it; francesco.tedesco@ unical.it). W. Lucia is with CIISE Department, Concordia University, Montreal, Quebec H3G-1M8, Canada (e-mail: walter.lucia@concordia.ca). Color versions of one or more of the figures in this paper are available online at http://ieeexplore.ieee.org. Digital Object Identifier 10.1109/JAS.2020.1003189 1204 IEEE/CAA JOURNAL OF AUTOMATICA SINICA, VOL. 7, NO. 5, SEPTEMBER 2020