Open Access
Security and Safety
Volume 1, 2022
Article Number 2022004
Number of page(s) 29
Section Industrial Control
Published online 08 August 2022

© The Author(s) 2022. Published by EDP Sciences and China Science Publishing & Media Ltd.

Licence Creative CommonsThis is an Open Access article distributed under the terms of the Creative Commons Attribution License (, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

1. Introduction

In the era of industry 4.0, automatic control systems as the centrepiece of industrial cyber physical systems (CPSs) are fully equipped with intelligent sensors, actuators and an excellent information infrastructure. It is a logical consequence of ever increasing demands for system performance and production efficiency that today’s automatic control systems are of an extremely high degree of integration, automation and complexity. Maintaining reliable and safe operations of automatic control systems is of elemental importance for optimally managing industrial CPSs over the whole operation life cycle. As an indispensable maintenance functionality, real-time monitoring and diagnosis are widely integrated in automatic control systems and run parallel to the embedded control systems.

In a traditional automatic control system, monitoring and diagnosis were mainly dedicated to maintaining functionalities of sensors and actuators as the key components embedded in the system [1, 2]. As a response to wide networking in modern automatic control systems, monitoring and diagnosis of networked control systems as a whole have received considerable attention as well in recent years [3]. Over the past three decades, innumerable capable diagnosis schemes have been developed with various specifications, for instance, detecting abrupt component failures [4], identifying and predicting functionality loss caused by ageing in system components [5, 6], and intermittent faults depending on system operation conditions [7]. Recently, new type of malfunctions, the so-called cyberattacks on automatic control systems, have drawn attention on the urgent need for developing new monitoring and diagnosis strategies [811]. Cyberattacks can not only considerably affect functionalities of sensors and actuators, but also impair communications among the system components and sub-systems, which may cause immense damage during system operations [1215]. In addition, different from technical faults, cyberattacks are artificially created and could be designed by attackers in such a way that they cannot be detected using the existing diagnosis techniques. Such cyberattacks are called stealthy [11]. A further type of cyberattack is the so-called eavesdropping attack. Although such attacks do not cause changes in system dynamics and performance degradation, they enable an adversary to gain system knowledge which can be used to design, for instance, stealthy attacks. In a nutshell, the management of cyberattacks, besides functionality maintenance, raises cyber security issues in the framework of monitoring and diagnosis in automatic control systems.

The objective of this note was to address monitoring and diagnosis issues from an integrated viewpoint of functionality maintenance and cyber security of automatic control systems. We would like to draw the reader’s attention to the following three aspects:

  • application of the control and detection unified framework [16] to enhancing the diagnosis capability of feedback control systems,

  • alternative technique of detecting faults in dynamic systems towards complementary and explainable applications of model- and machine learning (ML)-based methods to diagnosis, and

  • system performance degradation detection issues,

which are, to our best knowledge, not the current research mainstream in the relevant thematic fields. We will report ideas and research efforts, present conceptual schemes, and illustrate, also by means of examples, why research efforts in these three aspects could contribute to the development of capable monitoring and diagnosis methods towards enhancing functionality safety and cyber security of automatic control systems.

This note is motivated by our observations and research experiences in the field of fault diagnosis in technical systems and its industrial applications over the past years. Reviewing publications on fault diagnosis in automatic control systems gives a clear picture of research efforts. That is, they were mainly devoted to the development of fault diagnosis functionality as a separate system running in parallel to the control system. With the increasing complexity of control systems under consideration, from single-loop feedback control systems to networked control systems and recently CPSs, the set of investigated diagnosis issues has been continuously extended, and correspondingly capable but often complicated diagnosis methods have been developed, without paying attention to technical specifications and configurations of controllers embedded in the control system. For instance, successful solutions of detecting the so-called covert, zero dynamics and replay cyberattacks are achieved by extending the well-established observer-based detection scheme with a moving target or an auxiliary system [1719] or injecting watermark signals [2022]. On the other hand, the unified control and detection framework [16] not only highlights the common information basis of control and detection, but also gives a functionalization of a control system, which enables an integrated configuration of control and detection functionality with enhanced diagnosis capacity. Our recent work demonstrates successful applications of the unified framework to uniform detection of covert, zero dynamics and replay cyberattacks without adding additional systems or signals [23].

Thanks to the close relations of observers and controllers, observer-based diagnosis is the most popular technique applied for fault detection in automatic control systems [1, 2]. Observing the recent development in the thematic field of monitoring and diagnosis in industrial systems and processes, it can be clearly identified that ML-based methods form the mainstream of research. A detailed survey of publications on ML-based diagnosis in automatic control systems reveals obvious deficits in making use of system knowledge, which is no doubt available, since most of plants, partially or as a whole, are engineering systems. In fact, most of ML-based diagnosis methods are, in their core, based on the principle of reconstructing process variables or simply modelling of system fault-free operations. Thanks to the learning capacity of ML algorithms, in particular neural networks (NNs), and on the assumption of availability of rich data, ML-methods are potential technical solutions. Nevertheless, such diagnosis solutions could be far from optimal with respect to diagnosis performance, also due to the reason that often diagnostic specifications are not or could not be integrated into the existing ML algorithms. In comparison, model-based diagnosis methods, especially the observer-based ones, are fully based on the dynamic model of the system under consideration, and pursue optimal diagnosis performance. To approach this objective, advanced methods of control theory serve as major investigation tools. On the other hand, these methods, compared with ML-based ones, are less capable of dealing with a huge number of data and, above all, lack the learning ability. From these observations, a reasonable question arises: is it possible to efficiently integrate the model- and ML-based diagnosis methods to significantly enhance diagnosis performance? Our recent work on the so-called projection-based fault detection strategy is motivated by this question [24]. The first results showcase that complementary applications of model- and ML-based methods result in enhanced detection performance. The proposed projection-based fault detection method not only provides us with an alternative and more capable model-based solution than the observer-based ones, but also leads to explainable applications of ML-based methods.

It can be well observed that the major attention of the existing diagnosis methods has been dedicated to faults in hardware components of automatic control systems like sensors and actuators. We call those corresponding diagnosis methods component-oriented diagnosis (COD). In the recent decade, considerable efforts have been made in automation industry to increase the component reliability and, more recently, to enhance the intelligent degree of those key system components. Smart sensors and actuators are nowadays state of the art. In addition, the new generation of smart system components are of the ability of self-diagnosis and self-repair. In an industrial CPS, COD is an issue to be addressed both at the process level and locally. At the system level, due to the extremely high degree of automation and complexity, the system performance is often susceptible to variations of operation and environmental conditions. Moreover, it could considerably suffer not only from faults in sub-systems, but also from, for example, mismatching of coupled and networked control loops and controller parameters, interferences in system information infrastructure and cyberattacks as well. This calls for research endeavour to develop new strategies of monitoring and detecting performance degradations, called performance-oriented diagnosis (POD) [25].

The remainder of this note consists of three main sections, respectively dedicated to the three topics, (i) the unified control and detection framework towards enhancing the diagnosis capability of feedback control systems, (ii) projection-based detection of faults in dynamic systems and complementary, explainable applications of model- and ML-based methods, and (iii) study on POD issues. We would like to emphasize that the main intention of this note is to report ideas, research efforts, and conceptual schemes for the development of capable monitoring and diagnosis methods towards enhancing functionality safety and cyber security of automatic control systems. So far, no comparison study or survey of relevant publications is included. Concerning related issues, only representative works will be cited if needed. In order to have easy understandable descriptions, we avoid rigorous control theoretical and mathematical formulations, when there is no misleading interpretation orconfusion.

2. Unified control and detection framework towards enhancing the diagnosis capability of feedback control systems

As the methodological basis of our subsequent discussion, we first introduce the unified framework of control and detection. On this basis, we present functionalization of a control system and its applications for enhancing the diagnosis capability of feedback control systems.

Throughout this note, standard notations known in linear algebra and advanced control theory are adopted. In addition, ℛℋ is used to denote the set of all stable systems. In the context of cyberattacks, when signal ξ is attacked, it is denoted by ξa, and the corresponding (injected) attack signal by aξ, i.e. ξa = ξ + aξ.

2.1. System representations and controller parameterization

2.1.1. System factorizations, observer-based residual generation, and signal subspaces

In automatic control engineering, transfer functions are a standard model form for system input–output dynamics, which is written as


with u and y as the plant input and output vectors, respectively. It is assumed that G(z) is a proper real-rational matrix and its minimal state space realization is given by the following discrete-time linear time invariant (LTI) system,


where x ∈ ℛn is the state vector and x0 is the initial condition of the system. Matrices A, B, C, D are appropriately dimensioned real constant matrices. By means of the well-established coprime factorization, G(z) can be further factorized as


with and (M(z),N(z)) as left and right coprime pairs (LCP and RCP), which lead to alternative system representations,

(5, 6)

for some signal v(z). Their state space realizations are given, respectively, by


System (7) is a state observer and builds, together with (8) (equivalently with (5)), an observer-based residual generator with residual vector ry as its output. If or there exist uncertainties in the system, ry(k) will deviate from zero. In other words, ry(k) is an indicator for uncertainties in the system. In system (9)–(10), the input vector u(k)=Fx(k)+v(k) can be interpreted as a state feedback controller with v as reference signal. Corresponding to these interpretations, matrices F and L are called state feedback gain and observer gain matrices and so selected such that A + BF and A − LC are Schur matrices. Systems KG in (5) and IG in (6) are also called stable kernel and image representations (SKR and SIR) of system (1).

Remark 1    Hereafter, we may drop out the domain variable z or k when there is no risk of confusion.

SKR and SIR are two alternative representations of dynamic systems, based on which the following definitions of kernel and image subspaces are introduced [26].

Definition. Given the model (1) and the corresponding LCP and RCP and the subspaces 𝒦G and ℐG defined by

(11, 12)

are called kernel and image subspace of G, respectively.

It is evident that 𝒦G and ℐG are subspaces in the (m+p)-dimensional data space and have the following properties:

  • 𝒦G = ℐG,

  • G is uniquely generated by the p-dimensional signal and thus

  • vector v can be understood as a latent (hidden) variable.

These properties enable applications of the projection-based technique to deal with fault diagnosis issues and hence build a bridge between the model- and ML-based methods. This promises the development of more efficient and capable methods for fault diagnosis, performance degradation monitoring and detection of cyberattacks, as will be discussed in the remainder of this note.

It follows from the definition of coprime factorization that there exist two RCP and LCP and (X,Y) so that the so-called Bezout identity holds [26, 27],


It is of considerable interest to note their special state space realizations as controllers, i.e. an observer-based state feedback controller and its input–output dynamics [16],

as well as an observer-based state feedback controller and a closed-loop “residual generator”,

2.1.2. Parameterization of stabilising controllers and basics of the unified control and detection framework

It is a well-known result that, given plant model (1), all stabilizing controllers are parameterized by

(14, 15, 16)

with the parameter system Q(z)∈ℛℋ, where the RCPs and LCPs (M,N), and , (X,Y) are given before and satisfy Bezout identity (13). The parameterization expression (14)–(15) is called Youla parameterization [27]. It follows from (5) to (6) and Bezout identity [16, 28] that any (stabilizing) output feedback controller,


with v(z) being the reference signal can be equivalently written as


where is the state estimate delivered by the observer (7). In other words, any output feedback controller is an observer-based controller and driven by the residual signal ry. In [16], a further parameterization form of all stabilizing controllers,


is introduced, where K0 is an output stabilizing controller, and Q0 denotes the parameterization system. Consequently, also those widely used industrial controllers like PI controllers can be written in the form of (19), as far as they stabilize the control loops.

thumbnail Figure 1.

Feedback control loop under consideration

2.2. Mapping from the signal space to residual space

Consider the feedback control loop sketched in Figure 1 with the plant model (1) and controller (17). It turns out,

(20, 21)

From (21), it is obvious that the system signal pair (u,y) consists of two terms: the first one reflects the feed-forward control and the second one the response to the feedback control driven by the residual signal. Denoting uncertainties related to the controller by , which may, for instance, be caused by attacks on actuators like the injection of unknown signal, we have,


Relation (22) gives a one-to-one mapping between the signal pairs and (ru,ry) (for given ). While (u,y) are the system measurement variables and represent the system dynamics, (ru,ry) build an information (residual) space and act as indicators for uncertainties in the system, including not only disturbances and parameter variations, but also faults and cyberattacks when available. Hence, (22) can serve as a residual generator for detecting faults, performance degradation and cyberattacks. Recall that the core of feedback control is residual-driven. That implies the feedback of residuals is sufficient for the control purpose. In this context, system (22) can be interpreted as an encoder that delivers the residuals (ru,ry) as code. It is noteworthy that, on the one hand, an identification of the system dynamics by means of the code (ru,ry) is generally impossible, and on the other hand, the cyberattacks can be identified using the residual pair (ru,ry) under certain conditions [23].

2.3. Functionalization of all stabilizing feedback controllers

In light of the observer-based realization of stabilizing controllers given in (18), a feedback controller can be divided into several functional modules [16]:

  • an observer and an observer-based residual generator, as given in (7)–(8), which serve as an information provider for the controller and diagnostic system, and deliver a state estimation, as well as the primary residual,

  • the control law,

    including a feedback controller, and a feed-forward controller, and in addition,

  • for the detection purpose, a detector R(z)ry(z) with R(z) as a stable post-filter.

This modular structure provides us with a clear parameterization of the functional modules: the state observer is parameterized by the observer gain L, the feedback controller by F, Q, the feed-forward controller by and the detector by R. Although all five parameters are available for the design and online optimization objectives, they have evidently different functionalities, as summarized below [16]:

  • state feedback and observer gains determine the stability and eigen-dynamics of the closed-loop,

  • R, V̂ have no influence on the system stability, and R serves for the optimization of the detectability, while for the tracking behavior, and

  • Q is used to enhance the system robustness and control performance. The design and update of Q will have influence on the system dynamics and stability, when parameter uncertainties or degradations are present in the system.

It is evident that the above five parameters have to be, due to their different functionalities, treated with different priorities. Recall that system stability and eigen-dynamics are the fundamental requirement on an automatic control system. This requires that the system stability should be guaranteed, also in case of cyberattacks. Differently, Q, R and are used to optimize control or detection performance. In case that a temporary system performance degradation is tolerable, the real-time demand and the priority for an online optimization of are relatively low.

When an automatic control system is integrated into a CPS, the cyber security becomes a critical issue. In this context, the unified framework and the functionalization of controllers offer a useful design tool towards a cyber security-conscious system configuration. To delineate potential applications, consider the controller in its original form and in the observer-based realization form, respectively,

and suppose that the plant is networked with a control station (refer to Figure 2 as an example). It is clear that for the implementation of the controller in its original form, i.e. (17), the system data (u,y) should be real-time transmitted over the network. Moreover, for any optimization or degradation recovering effort, controller K(z) should be updated which may yield unexpected dynamic behaviour. Differently, for the implementation of observer-based controller (18), an observer and an observer-based residual generator can be implemented on the plant side. This offers several benefits:

  • transformation of residual ry from the plant (local) side to the control station and from the control station to the plant, which prevent adversary to gain system knowledge by means of eavesdropping attacks [23],

  • when performance optimization or degradation recovery is the need, real-time tuning Q(z) is an effective way, as reported in [29], which can run in the control station,

  • updating feedback gain and observer gain matrices, F and L, which will be performed only in very critical operation situations (and thus occasionally) and in the control station. Their transmission to the plant should be well encrypted [30].

As reported in our recent work [23], the modules of the observer-based controller (18) together with the Bezout identity (13) can serve as encoders and decoders distributed at the plant and control station sides. It is noteworthy that the observer-based controller form (18) can be viewed as “control sharing”, which is similar to the secret sharing scheme well-known in cryptography [30]. This additional function enables efficient detection of cyberattacks and enhances the cyber security of automatic control systems, which are, for instance, implemented in the form of cloud-based control [30].

thumbnail Figure 2.

The original configuration of the automatic control system under consideration

In the following example, we introduce a conceptual configuration of an encrypted control system based on the above controller functionalization.

Example 1    Consider a networked automatic control system schematically sketched in Figure 2. The plant is modelled by (1), equipped with a (local) feedback controller,

and networked with a control and monitoring system (CMS). It receives signal from CMS,


where v is the reference signal and Q(z)y(z) represents a correction of the control signal, for instance, to recover control performance degradation [16]. A natural procedure to realize the control law (23) is, as shown in Figure 2, as follows: (i) the plant sends the measurement data y to CMS, and (ii) CMS computes and sends it to the plant. Suppose that integrity cyberattacks could be executed on the system I/O interface via the network. Now, we introduce a conceptual reconfiguration of the systems on both network sides, on the basis of the unified control and detection framework, aiming at:

  • a reliable detection of integrity cyberattacks, and

  • preventing attackers to gain system knowledge by means of system identification using the transmitted data

Moreover, it is required that the local controller K0 should not be changed. For our purpose, consider the control signal,

Following the functionalization of control systems, u0 and u can be equivalently written into

for some Q0(z),Q1(z)∈ℛℋ. It turns out


Run the following residual generation algorithm on the plant side,



with au denoting integrity cyberattacks on the actuators. It yields, recalling (22),

Thus, attack au can be detected. In the attack-free case, ry is sent to CMS, otherwise, alarm is triggered. On the CMS side, a detection algorithm is applied to check if the residual signal received from the plant side is corrupted by attack signal ay, i.e.

In case of no attack, computed using algorithm (24) is sent to the plant side. Figure 3 shows the above described control system schematically.

thumbnail Figure 3.

Reconfiguration of the automatic control system under consideration

We would like to summarize the main results of this example as follows:

  • the proposed control system is capable for a reliable attack detection thanks to the use of the residual pair (ru,ry),

  • system (24) and residual generator (25) serve simultaneously as encoders, and

  • the control system operates stable also in the case of an interrupted communication between the plant and CMS.

It should be moreover mentioned that the control system located at the plant side runs only based on the controller parameters, K0(z) as well as without knowledge about Q1(z) that is set by CMS for enhancing the control performance.

With the following remarks we would like to conclude this section.

  • The control and detection unified framework forms a methodical basis for the development of advanced diagnosis methods aiming at maintaining system functionality and enhancing cyber security of automatic control systems. It deals with the implementation of control, detection and monitoring algorithms. In this context, the information infrastructure for the configuration of automatic control systems plays an essential role. For instance, the networked system in Figure 3 could be alternatively configured using cloud-based system structure, in which the CMS is realized by means of cloud computing.

  • Although only LTI systems are addressed in this note, an extension of the unified control and detection framework to linear time-varying (LTV) systems is straightforward using the well-established system coprime factorization methods and Youla parameterization of LTV control systems [31]. Concerning nonlinear control systems, corresponding results have been reported in [16, 32, 33].

  • In our example, the application of the unified framework to the detection of cyberattacks is schematically and shortly illustrated. The reader is referred to [23] for a more systematic and detailed description of this application. In a nutshell, this work results in the detection of those stealthy cyberattacks, which cannot be detected using the existing observer-based detection methods [34]. These include the so-called covert, zero dynamics and replay cyberattacks [811].

3. Projection-based diagnosis methods and their ML-aided explainable realization

In this section, we introduce a new framework for fault diagnosis in dynamic control systems. The theoretical foundation of this framework is the alternative system representations SIR, SKR and the associated image and kernel subspaces, as well as orthogonal projection technique. Although this framework has been developed in the model-based fashion [24], the associated concepts, algorithms and diagnosis approaches can be realized in the data-driven form and using ML-based methods.

In this section, the following notations are adopted. ℒ2 = ℒ2(−∞,0] ⊕ ℒ2[0,∞) is the time domain space of all square summable Lebesgue signals (signals with bounded energy) [35]. For transfer matrix G(z),G*(z)=GT(z−1). 𝒫𝒦 is an orthogonal projection operator onto subspace 𝒦, whose norm is denoted by ||𝒫𝒦||. is the adjoint of 𝒫𝒦. 𝒦 represents the orthogonal complement of 𝒦.

3.1. A general framework of projection-based diagnosis methods

3.1.1. Basic idea

The basic idea of (orthogonal) projection-based fault detection can be schematically explained by Figure 4. Given a system subspace as the nominal system model, which can be presented in the model-based form (in terms of SIR or SKR) or data-driven or by means of an NN, by (orthogonally) projecting the measurement vector onto the system subspace, the distance between the measurement vector and its projection indicates if the measurement vector belongs to the nominal system operations or it is faulty. To this end, the following mathematical concepts and work are necessary:

  • definition and computation of orthogonal projection operator,

  • computation of

  • online realization algorithms towards constructing a fault detection system, and

  • determination of threshold for decision making.

thumbnail Figure 4.

Schemetic description of projection-based classification ( denotes the projection of onto 𝒦)

3.1.2. Orthogonal projection: mathematical preliminaries

An orthogonal projection on a subspace 𝒱, denoted by 𝒫𝒱, in Hilbert space endowed with the inner product,


is a linear operator satisfying [36]


The following well-known properties and definitions of an orthogonal projection are of importance for our subsequent study [36]:

  • given y ∈ ℒ2, ∀x ∈ 𝒱 ∈ ℒ


  • given a closed subspace 𝒱 ∈ ℒ2 and a vector the distance between y and 𝒱, dist(y,𝒱), is defined as

    which, following (28), can be computed as

    Here, ℐ is the unit operator.

In order to measure the distance between two (closed) subspaces in Hilbert space, the concept of gap metric is established [36]. Given two closed subspaces 𝒱, 𝒰 ∈ ℒ2, the gap metric between them is defined by

(29, 30)

Here, is called directed gap. The following properties are well-known [36] and useful for our subsequent investigation:

3.1.3. Orthogonal projection onto image subspace and its system realizations

In our subsequent study on projection-based fault diagnosis framework, the so-called normalized SKR and SIR play an important role, which are denoted by KN and IN and defined by

where and (M0,N0) are LCP and RCP with special settings of the observer and state feedback gain matrices using the known algorithms, for example, given in [37]. It is a known result that the orthogonal projection onto the image subspace ℐG is given by


Correspondingly, the difference between and pG is subject to


and called projection-based residual. Due to the relation,

projection-based residual generation (32) can be equivalently written as


The l2-norm of rG,


is the distance from to ℐG. Moreover, the fact that KN is a normalized SKR leads to the following implementation form of the residual vector,


That means, for the detection purpose with the residual evaluation function the needed online computation is the observer-based residual generator (7)–(8) or equivalently the SKR (5) with the observer gain setting for a normalized SKR.

Next, on the assumption that the system dynamics with uncertainty is described by


the threshold is to be determined. Considering that the idea of setting threshold is to avoid false alarms caused by model uncertainty during fault-free operations, a basic requirement on the threshold is that


which is obviously different from ℐG0,

In [24], it is proved that the threshold setting problem (37) is equivalent to

with δ(ℐG,ℐG0) denoting the gap metric between ℐG0 and ℐG. It leads to


Compared with the well-established threshold setting for observer-based fault detection schemes [38], threshold (38) is of significant advantage that it is considerably robust against uncertainties and sensitive to the faulty operations. In fact, this point becomes more apparent, when the threshold and the residual are normalized as follows:

It can be seen that the threshold Jth, N(u,y) reaches its maximal value during the fault-free operations, and becomes smaller as the system is in faulty operations. In this way, the robustness and fault detectability are remarkably enhanced.

Example 2    In this example, we introduce a data-driven realization of the projection-based detection scheme. Departing from the system model (2)–(3), the system dynamics can be written as


where ys(k),us(k) are signal vectors of the data format

and s is an integer giving the length of the time interval [ks,k of interest. To simplify our study, assume that the system is stable, and x(ks) is neglectable. By defining the orthogonal projection,

a projection-based residual vector is constructed as follows:

Note that

builds a residual vector and can be interpreted as a data-driven realization of an observer-based residual generator. Moreover, it holds

It turns out

Suppose that ΔHu, s represents the uncertainty in the system,

Define the residual evaluation function,

It follows from (38) that the threshold is set equal to

Remark 2    At the end of this subsection, we would like to give an interpretation of the orthogonal projection PG in the context of reconstructing the system variables (u,y) and its relation to the latent variable v. It is apparent that

is an estimation of (u,y) for the nominal operations. Note that is the conjugate of IN. Let the state space representation of be denoted by

It is known that the above system is dual to IN and its output can be interpreted as a reconstruction of the input variable of i.e. v[16]. In other words, the reconstruction of (u,y) is achieved by an estimation of latent variable v. This interpretation is helpful to extend the projection-based detection method to nonlinear control systems. To this end, the so-called Hamiltonian extension of nonlinear systems and its application to the construction of normalized (nonlinear) image representations build useful tools [16, 39]. Moreover, aided by this interpretation, we will introduce, in the next subsection, explainable ML-based fault diagnosis methods.

3.2. Complementary and explainable application of model-based and ML-based methods

In this subsection, we would like to discuss about a complementary and explainable application of model-based and machine learning methods to enhancing the capability of fault diagnosis systems. To this end, we will demonstrate the realization of the projection-based fault diagnosis schemes using the so-called auto-encoder method, a well-established ML-technique.

3.2.1. Auto-encoder technique: preliminaries

thumbnail Figure 5.

Basic configuration of an auto-encoder

As sketched in Figure 5, the essential function of an auto-encoder (AE) is to reconstruct (estimate) the system variables under consideration using NNs and learning mechanisms. In Figure 5, 𝒩𝒩en and 𝒩𝒩de represent two neural networks serving as encoder and decoder, respectively, and their parameters, θen and θde, are, roughly speaking, learnt using sufficient measurement data, (u,y), by minimizing the loss function

with respect to θen and θde. The basic idea of applying an AE to fault detection can be schematically described as follows. Under assumption that the AE is well trained using fault-free operation data, the minimum value of ℒ(θen,θde) can be adopted as the threshold,

Running the trained AE online to generate projection-based residual r and computing the evaluation function J,

fault detection is then achieved by the detection logic,

It is well-known that hidden variable h in an AE plays a central role as the information carrier of the system under consideration and, more importantly, in the context of the so-called information bottleneck [40, 41]. Unfortunately, this aspect has been merely taken into account in most of AE applications to fault diagnosis issues. Typically, the hidden variable is viewed as features, as it is (generated) and as the output of the optimization (training) process, without any explainable interpretation with regard to the system and the fault diagnosis problem under consideration. This motivates the work presented in the next subsection.

3.2.2. AE-aided realization of projection-based fault detection and estimation

The basic idea of applying AE technique to realize a projection-based fault detection consists in training the NNs to follow the major properties of an orthogonal projection onto the system image subspace. In the sequel, we briefly describe the conceptual realization of the idea by means of two examples. For our purpose, recurrent neural networks are used for the realization of dynamic systems, denoted by ℛ𝒩𝒩en and for encoder and decoder.

Example 3    AE-aided realization of projection-based fault detection. Let 𝒫AE defined by

be an AE. Suppose that M batches of system data are available for the training purpose, and each of them includes N system data,

Given vectors let

For training purpose, a cost function consisting of three or four terms is defined,

Except the basic term,

the following regularized terms are added:

  • realization of idempotent operator 𝒫AE (refer to (27)),

    (40, 41)

  • realization of self-adjoint operator 𝒫AE,

  • (optional) realization of the normalized SIR,

It follows from the projection-based fault detection method that the (online) residual evaluation function and the threshold are defined by

where δ denotes the value

achieved by training.

This example clearly demonstrates that,

  • the objective of the construction and, in particular, the training of the AE is the realization of the projection-based optimal fault detection;

  • hidden variable h can be interpreted as the so-called reference signal v in the context of SIR and image subspace, and this information is fully integrated in the training process. Considering that during fault-free operations the system variables (u,y) are uniquely determined by v and thus can be fully recovered using v without any redundancy, such an AE is optimal in the context of information bottleneck [40, 41];

  • trained AE is embedded in the residual evaluation and threshold computation as well, which, in most of AE-based fault detection schemes, has not been incorporated.

As a next example, we present a conceptual scheme of optimal fault estimation in dynamic systems. To this end, the fault estimation problem is firstly formulated in a general form: considering system dynamics described by


find an estimator


where operator 𝒢 represents the system dynamics, operator is a dynamic estimator, y is an m-dimensional measurement vector, and f denotes a p-dimensional unknown input vector that is called fault vector, but could also be cyberattack signals or disturbances. It is well-known that the solution of (42) is not unique. We are interested in solving the above estimation problem in the data-driven fashion, that is, instead of the system model 𝒢, sufficient data, (y(i)(kj),f(i)(kj)),  j = 1, ⋯, N,  i = 1, ⋯, M, are available and used for the estimation purpose. Moreover, the estimate should be the so-called least squares (LS) estimation , i.e.

with a specified confidence.

In the sequel, we first briefly introduce the model-based LS-solution, which serves as the basis for our AE-based algorithm. Let

be a co-inner-outer factorization of 𝒢 [16]. Here are co-outer and co-inner operators, respectively, satisfying

with as conjugate of 𝒢ci. It is well known that


is the LS estimate of f. Furthermore, the estimation error,


is defined as a specified confidence whose distribution and certain norm indicate the estimation performance.

Example 4    Optimal fault estimation in dynamic systems. An AE-based realization of the dynamic estimator (44) is schematically described in this example. As delineated in Figure 6, is achieved by means of two recurrent neural networks ℛ𝒩𝒩𝒬(θ𝒬) and ℛ𝒩𝒩de(θde), where ℛ𝒩𝒩de(θde) is the decoder trained in the AE for constructing . The AE is trained using the data set (y,f), (y(i)(kj),f(i)(kj)), j = 1, ⋯, N, i = 1, ⋯, M, while the confidence η is generated based on the AE. To train the NNs, the total loss function ℒ(θ𝒬,θen,θde) consists of three terms and is set as follows:

  • 1 (θQ)

    that minimises

  • 2 (θQ, θen, θde):

    which minimises

  • 3 (θen, θde): realization of an AE-based orthogonal projection presented in the previous subsection.

The specified confidence could be computed using the (sample) distribution or a certain norm of variable η.

thumbnail Figure 6.

Schematic configuration of the fault estimator

3.2.3. A critical remark

The current enthusiasm for ML and big data technologies is significantly influencing the developments in the diagnosis research and engineering domains. It is a logical consequence that most of the existing ML methods and concepts have been introduced into this thematic field. Reviewing the course of this development, it seems that it is becoming a competition of publishing applications of newly developed ML-methods and algorithms to fault diagnosis. The consequence of this “copy-and-paste” style of research efforts is that very essential engineering requirements on diagnosis in automatic control systems have not been or cannot be fully considered in the use of ML-methods and algorithms. The reason is simple: the construction of most popular learning machines like deep NNs is less explainable, in particular in the context of diagnosis in dynamic systems. This issue becomes even more critical, when such methods are applied for the purpose of functional safety and cyber security. It is remarkable that explainability and interpretability build a very actual research focus in the ML-community [42]. This research endeavour is helpful for applying ML-based methods to diagnosis in automatic control systems. On the other hand, it should be kept in mind that, although enormously powerful and capable, ML-technology is a tool and its engineering applications should meet technical requirements and be explainable in the engineering context. In this regard, considerable efforts should be made to achieve diagnosis-oriented explainable applications of ML-based methods. Our discussion and the examples in this subsection have plainly documented that complementary and explainable application of model- and ML-based methods is a convincing way to develop advanced diagnosis methods towards enhancing functional safety and cyber security.

4. Performance degradation monitoring towards functional safety and cyber security

Control performance monitoring is an application-driven research area and has its applications mainly in process industry [43]. Roughly speaking, the essential tasks of control performance monitoring consist of assessment of control loop performance, detection of performance degradation and diagnosis of (component) faults [25]. Recently, new research efforts on POD can be observed [29, 44], in which performance of automatic control systems is assessed at the system level and under various aspects like energy consumption, system reliability safety etc. Moreover, different from the traditional efforts focused on recovering performance degradation caused by component faults [4547], advanced methods for control performance degradation monitoring and loop performance recovery have been reported [25, 44, 48].

In this section, we address POD issues with a focus on residual-centred modelling and detection of system performance degradation.

4.1. Residual-centred system model

In [16], a so-called observer-based input–output model is introduced, which models the input–output dynamics of any LTI automatic control systems and is expressed, given the system nominal model (1)–(3), by

(46, 47)

It is evident that the centrepiece of the above model is a state observer. Different from the state space model (2)–(3) that solely represents the nominal system dynamics, model (46)–(47) gives the system input–output dynamics also for the case that uncertainties exist in the system. As illustrated in [16], the influences of any uncertainties in the system are showcased by residual vector r, which is available and accessible in the model (46)–(47). Moreover, in light of the observer-based and residual-driven realization of any feedback controllers introduced in Section 2,


any standard control loop shown in Figure 1 can be equivalently represented by the model (46)–(48), which is called residual-centred system model to underline the role of the residual vector in the model. Figure 7 showcases the equivalence between the standard control loop and its residual-centred model, in which Δ is used to denote system uncertainties schematically.

thumbnail Figure 7.

From the standard model to the observer-based I/O-model: a schematic description

The advantages of the residual-centred system model lie on hand:

  • all system variables in the model, independent of the existence of any uncertainties, are accessible (for further computations),

  • the implementation of the model is numerically reliable and stable, since only stable dynamics are concerned in the model, and

  • with the embedded residual vector, the model is equipped with a capable indicator for the existence of uncertainties in the system.

The last function can be further ground using the projection-based method introduced in the previous section. According to (35), the l2-norm of the residual vector generated by the normalized SKR (and the corresponding observer) is the distance of the measurement data (u,y) to the system image subspace and thus an indicator for the intensity of the uncertainty in the system. Accordingly,


is an indicator for the quality of the residual-centred model as well as system operation performance. It can, for instance, substitute the numerical involved algorithm for online estimation of gap metric and system stability margin adopted in [29].

Example 5    In this example, we introduce a conceptual configuration of automatic control systems, which consists of four functional layers and is schematically sketched in Figure 8. “Information layer” is the core of the multi-layer configuration, whose centrepiece is the observer-based input–output model (46)–(47). Except for providing the needed online information for real-time control and diagnosis, various additional functionalities, in particular those safety and cyber security-related ones, can be well integrated in this layer, for instance, serving as

  • a fusing algorithm of sensor data,

  • soft sensors for estimation of plant key variables,

  • an encoder for encrypting the plant data as described in Section 2,

  • an indicator for system uncertainties as given by (49).

In “Real-time control and diagnosis layer”, the standard (feedback) control and diagnosis algorithms described in Section 2.3 are performed. “Performance monitoring and optimization layer” includes advanced performance degradation detection and recovery algorithms, for instance reported in [25, 29, 44, 48] or described below. In “Learning and adaptation layer”, ML-algorithms like the AEs introduced in Section 3.2 run aiming at updating the functional layers to match changes in the system.

thumbnail Figure 8.

Schematic configuration of a multi-layer automatic control system

4.2. Functionality-oriented performance degradation monitoring

Consider system (1)–(3). Associated with it, the following Lyapunov equation provides us with a basic form of performance models for the system functionality and control,


Here, matrices S, Q ∈ ℛn × n are functions of the system matrices (A,B,C) and state feedback gain matrix F, which are given corresponding to the following (representative) system functionalities and controller configuration:

  • for


    P as the solution of (50) is the controllability gramian that indicates the capability of the actuators,

  • for


    P is the observability gramian indicating the capability of the sensors,

  • for either (51) or (52), ℋ2-norm of transfer function C(zIA)−1B as performance can be assessed as follows:

  • for

    performance of an LQ state feedback controller, u = Fx,

    is assessed.

There exist several strategies to monitor the above-described system performance. Assume that the system dynamics is governed by

and x(k) is measurable. Define

It holds


during degradation-free operations. Hence, introducing performance residual rp defined by

performance degradation can be detected using standard residual-based detection schemes. This endeavour is unfortunately limited to a theoretical concept and often vain in practical applications due to its minor detection capability and strict constraints on the system dynamics. Aiming at improving the detection performance, [49] have proposed a sophisticated detection scheme, which is briefly described in the sequel.

By means of a vectorization of P matrix, re-write the performance model




In the above equation, hvec(P) denotes a half-vectorization of symmetric matrix P ∈ ℛn × n, represents the parameters to be identified (considering P = PT) and satisfies,

with Dn being the so-called duplication matrix [50]. Notation ⊗ stands for the Kronecker product. Suppose that, a sufficient number of data, x(k + i), i = 0, ⋯, N, are collected, which enables us to write (55) into


As a result, on the assumption of sufficient excitation, matrix P can be identified using, for example, a standard LS estimation algorithm. If the difference between the identified and the nominal goes beyond a decision threshold, performance degradation is declared. Considering that the solution of (50) is a symmetric positive definite (SPD) matrix, the Riemannian metric method [16, 49] can be applied to achieve an efficient degradation detection. In [16], variations of the above algorithm are provided to solve the similar performance degradation problems using system output data y(k) instead of the state variable x(k).

Note that the above presented detection schemes are limited to the case that u = Fx. Although extensions have been proposed in [16], a general solution for arbitrary input u remains to be an open issue. In the following example, we present a conceptual solution for performance degradation detection.

Example 6    For simplicity, we only consider controllability gramian as functionality performance with the system model

and a function

It yields

which can be further written into

(57, 58)

Note that (57) is of the identical form with (54). Consequently, applying the same procedure with (55)–(56), matrix Φ can be identified, which then enables a reliable performance degradation detection. It is noteworthy that Φ contains more information than P, which can be adopted for monitoring other system performance as well. For instance, given and R, the value

with denoting the identified sub-block of matrix Φ, gives an estimation of ℋ2-norm of transfer function Cs(zIA)−1 B, i.e.

which could, for example, represent the system dynamics from u to a certain sensor block modelled by Cs x.

Remark 3    Even though only LTI systems are considered in the schemes introduced above, the ideas can be well adopted to address performance degradation monitoring of nonlinear control systems. Below, we schematically outline the conceptual steps of approaching solutions. Let the system performance under monitoring be

Analogue to (53), it holds


On the assumption that J(k) as solution of (59) could be approximated by


where {ϕi(x(k),u(k)),i=1,⋯,N} is the set of some basic functions and wi, i = 1, ⋯, N, are weights [51], difference equation (59) is re-written into


Equation (61) is similar to (54) and can serve as a performance model. During online operations, the system performance can be assessed by an online identification of weights wi, i = 1, ⋯, N, and computation of J(k) according to (60). It is noteworthy that the performance value function J(k) can be generally approximated using NNs [52].

At the end of this subsection, we would like to draw the reader’s attention to the fact that application of the aforementioned schemes requires knowledge of the system state vector x(k), which is, unfortunately, not available in most of real practical applications. It is an open and challenging issue to realize those performance degradation monitoring schemes using system data (u,y) instead of the state vector x. In [16], this issue has been investigated.

4.3. Performance degradation monitoring in the probabilistic setting

Considering that the performance degradation schemes presented in the previous subsection are based on the assumption of ideal system models without uncertainty, adaptations are needed before they are efficiently applied in practice. Although their extensions to systems with normally distributed process and measurement noises have been addressed in [16], efficient handling of model uncertainties remains to be an open issue. Recently, [5355] have proposed to apply the so-called distributionally robust optimization (DRO) technique [56, 57] to enhancing the robustness of fault detection systems against model uncertainties. In particular, it is advantageous that DRO technique enables handlings and solutions in a probabilistic setting. In this subsection, we briefly introduce the ideas of applying DRO technique to performance degradation detection by means of two examples.

In the sequel, notation Ξ is adopted for support, ℙ is used for probability. ℙξ and 𝔼ξ represent probability distribution of ξ and expectation taken with respect to ξ following ℙξ.

Example 7    In this example, we delineate a data-driven realization of performance indicator (49) in the probabilistic setting. Departing from the system model,

with ω(k),υ(k) being the process and measurement noise vectors, the system dynamics are written as


where ys(k),us(k),Γs, Hu, s are given in Example 2, and are as follows:

To simplify our study, assume that the system is stable, x(ks) is a random vector and ϕs(k) is a wide sense stationary (w.s.s) stochastic process. We then further write (62) into


Using the results presented in Example 2, the projection-based residual vector and the corresponding evaluation function are equivalently realized as follows:

Note that rs(k) can be written as

where ΔHu, s represents uncertainty in the system, which leads to

Suppose that the distribution of unknown random vector belongs to the moment-based ambiguity set [56],

where vector μ0, matrix Σ0, and constants γ1 ≥ 0, γ2 ≥ 1 are estimated using the sufficient number of collected data and thus assumed to be known. It is obvious that threshold setting

would result in considerably conservative performance degradation detection. More reasonable setting can be achieved in the probabilistic setting as follows:

where α is a tolerable upper bound of false alarm rate. In this context, the probabilistic performance degradation problem is formulated as: given α ∈ (0,1), solve

(64, 65)

for the threshold Jth. The DRO problem (64)–(65) can be solved using well-established DRO technique, see for example [53, 56].

Example 8    Consider observer-based input–output model (46)–(47). Suppose that and the residual vector is a w.s.s. stochastic process over the time interval [k − s, k), and its (unknown) distribution belongs to the moment-based ambiguity set,

where s is a sufficiently large integer so that . We would like to draw the reader’s attention to random vector rs − 1. As described in Section 4.1, it represents uncertainties in the system, including noises and model uncertainty. Define cost function for control performance assessment as

(66, 67)

It follows from (46) that


Assume that Θ is of full row-rank. The moment-based ambiguity set of rx is given by

where γ3, γ4 and are known. The probabilistic performance degradation detection problem is then formulated as: given α ∈ (0,1), solve

(69, 70)

for the threshold Jth.

The above two examples showcase that DRO technique can serve as a powerful tool to deal with performance degradation detection issues efficiently. It is noteworthy that various ambiguity sets are investigated in the DRO framework [56], which enables us to handle different types of model uncertainties and study performance degradation detection issues both in model-based and data-driven fashions. A further aspect is to address safety issues in a probabilistic setting [58]. For instance, let

denote the set of the system state variables that are in the safe region defined by the safety requirements gi(x)≤0, i = 1, ⋯, κ. Then, the probability,


can be, as a constraint, embedded in a probabilistic performance degradation detection and recovery problem.

5. Conclusion

In this note, we have discussed about diagnosis and performance degradation detection issues from an integrated viewpoint of functionality maintenance and cyber security of automatic control systems. Three aspects have been addressed:

  • application of a control and detection unified framework to enhancing the diagnosis capability of feedback control systems, in which the functionalization of the control system plays an essential role. It is showcased that rational utilization of the residual signal as an information provider and cyber security-oriented configuration of functional units of the control system promises enhanced capacity of detecting technical faults and cyber attacks, and preventing attackers to gain system knowledge by means of system identification using the transmitted data;

  • projection-based technique of detecting faults in dynamic systems, which is based on an orthogonal projection of the system data onto the system image and kernel subspaces. This technique is more capable than the well-established observer-based schemes in dealing with detecting faults in dynamic systems. In addition, more importantly, it enables explainable applications of ML-based technique like AE methods to diagnosis. It is illustrated that complementary application of model- and ML-based methods is the future of the diagnosis technique for industrial automatic control systems;

  • system performance degradation detection, which is of elemental importance for industrial CPSs and, unfortunately, has received less attention in the research domain. The residual-centred model form for dynamic systems is a useful system tool to deal with performance degradation detection issues. Moreover, some performance degradation monitoring schemes are introduced, whose core, roughly speaking, is modelling of system performance and online identification of the associated model parameters. It is demonstrated that by means of DRO technique, performance degradation detection can be handled in a probabilistic setting, which enables an efficient and more reliable degradation detection.

We have reported ideas, presented conceptual schemes, and illustrated by means of examples why research efforts in these three aspects could contribute to the future development of capable monitoring and diagnosis methods towards enhancing functionality safety and cyber security of automatic control systems. We would like to mention that a number of the basic design schemes and algorithms reported in this note have been successfully tested on laboratory systems, including

  • application of the control and detection unified framework to cyberattack detection in three-tank control system [23],

  • projection-based fault detection in three-tank control system [24],

  • DRO technique-based fault detection in three-tank control system [53, 55],

  • performance degradation monitoring and recovery of vision-based inverted pendulum control system [59].

The focus of this note is on diagnosis and performance degradation detection issues. So far, key maintenance technologies like condition monitoring (CM), prognostics and health management (PHM), performance degradation recovery (PDR) or fault-tolerant control (FTC) are not addressed. The interested reader is referred to [5, 16, 25, 6063] and references cited therein. We would like to emphasize the two aspects of fault diagnosis and performance degradation monitoring in automatic control systems. On the one hand, it builds the technical basis and an indispensable part of technologies like CM, PHM, PDR and FTC. Consequently, its development is significantly stamped by progresses in these technologies. On the other hand, as a basic function of today’s automatic control systems, fault diagnosis and performance monitoring should match ongoing developments in automatic control systems. CPS, internet of things (IoT) and cloud computing as a service are the key technologies that will decisively impact the evolution of automatic control systems in the era of industry 4.0. In this context, integrated study on functional safety and cyber security of automatic control systems is of essential importance. Our work reported in this note is a contribution to this study.

Conflict of Interest

The author declares no conflict of interest.

Data Availability

The original data are available from the corresponding author upon reasonable request.


The author is very grateful to Dr.-Ing. L. Li for the collaborative work on the unified framework of control and detection as well as on the projection-based detection methods, to Dr.-Ing. Z. Chen for the valuable contributions to ML-methods and AE-based realization of projection methods, and to Dr. D. Zhao for the intensive and valuable discussions on cyber security issues. Also, the author is thankful to the anonymous reviewers for their valuable and constructive comments and suggestions.


This research did not receive any funding.


  1. Frank PM. Fault diagnosis in dynamic systems using analytical and knowledge-based redundancy - A survey. Automatica 1990; 26: 459–74. [CrossRef] [Google Scholar]
  2. Frank PM and Ding X. Survey of robust residual generation and evaluation methods in observer-based fault detection systems. J Process Contr 1997; 7: 403–24. [CrossRef] [Google Scholar]
  3. Ding SX, Zhang P and Yin S et al. An integrated design framework of fault-tolerant wireless networked control systems for industrial automatic control applications. IEEE Trans Ind Inform 2013; 9: 462–71. [CrossRef] [Google Scholar]
  4. Gao ZW, Cecati C and Ding SX. A survey of fault diagnosis and fault-tolerant techniques, part I: Fault diagnosis with model-based and signal-based approaches. IEEE Trans Ind Electron 2015; 62: 3757–67. [CrossRef] [Google Scholar]
  5. Hwang I, Kim S and Kim Y et al. A survey of fault detection, isolation, and reconfiguration methods. IEEE Trans Contr Syst Tech 2010; 18: 636–53. [CrossRef] [Google Scholar]
  6. Wen CL, Lv FY and Bao ZJ et al. A review of data driven-based incipient fault diagnosis. Acta Automat Sin 2016; 42: 1285–99. [Google Scholar]
  7. Zhou DH, Zhao Y and Wang Z et al. Review on diagnosis techniques for intermittent faults in dynamic systems. IEEE Trans Ind Electron 2020; 67: 2337–47. [CrossRef] [Google Scholar]
  8. Dibaji SM, Pirani M and Flamholz DB et al. A systems and control perspective of CPS security. Ann Rev Contr 2019; 47: 394–411. [CrossRef] [Google Scholar]
  9. Ding D, Han QL and Xiang Y et al. A survey on security control and attack detection for industrial cyber-physical systems. Neurocomputing 2018; 275: 1674–83. [CrossRef] [Google Scholar]
  10. Giraldo J, Urbina D and Cardenas A et al. A survey of physics-based attack detection in cyber-physical systems. ACM Comput Surv 2018; 51: 76. [Google Scholar]
  11. Pasqualetti F, Doerfler F and Bullo F. Attack detection and identification in cyber-physical systems. IEEE Trans Automat Contr 2013; 58: 2715–29. [CrossRef] [Google Scholar]
  12. Tan S, Guerrero JM and Xie P et al. Brief survey on attack detection methods for cyber-physical systems. IEEE Syst J 2020; 14: 5329–39. [CrossRef] [Google Scholar]
  13. Yan W, Mestha LK and Abbaszadeh M. Attack detection for securing cyber physical systems. IEEE Internet Things J 2019; 6: 8471–81. [CrossRef] [Google Scholar]
  14. Zhang D, Wang Q-G and Feng G et al. A survey on attack detection, estimation and control of industrial cyber-physical systems. ISA Trans 2021; 116: 1–16. [CrossRef] [PubMed] [Google Scholar]
  15. Zhou C, Hu B and Shi Y et al. A unified architectural approach for cyberattack-resilient industrial control systems. Proc IEEE 2021; 109: 517–41. [CrossRef] [Google Scholar]
  16. Ding SX. Advanced Methods for Fault Diagnosis and Fault-tolerant Control. Berlin: Springer-Verlag, 2020. [Google Scholar]
  17. Griffioen P, Weerakkody S and Sinopoli B. A moving target defense for securing cyber-physical systems. IEEE Trans Automat Contr 2021; 66: 2016–31. [CrossRef] [Google Scholar]
  18. Schellenberger C and Zhang P. Detection of covert attacks on cyber-physical systems by extending the system dynamics with an auxiliary system. In: 2017 IEEE 56th Annual Conference on Decision and Control (CDC), Melbourne, Australia, 2017, 1374–9. [CrossRef] [Google Scholar]
  19. Weerakkody S and Sinopoli B. Detecting integrity attacks on control systems using a moving target approach. In: 2015 54th IEEE Conference on Decision and Control (CDC), Osaka, Japan, 2015, 5820–6. [CrossRef] [Google Scholar]
  20. Ferrari RMG and Teixeira AMH. A switching multiplicative watermarking scheme for detection of stealthy cyberattacks. IEEE Trans Automat Contr 2021; 66: 2558–73. [CrossRef] [Google Scholar]
  21. Mo Y, Weerakkody S and Sinopoli B. Physical authentication of control systems: Designing watermarked control inputs to detect counterfeit sensor outputs. IEEE Contr Syst Mag 2015; 35: 93–109. [Google Scholar]
  22. Porter M, Hespanhol P and Aswani A et al. Detecting generalized replay attacks via time-varying dynamic watermarking. IEEE Trans Automat Contr 2021; 66: 3502–17. [CrossRef] [Google Scholar]
  23. Ding SX, Li L and Zhao D et al. Application of the unified control and detection framework to detecting stealthy integrity cyberattacks on feedback control systems. Automatica 2022; 142: 110352. [CrossRef] [Google Scholar]
  24. Ding SX, Li L and Liu T. An alternative paradigm of fault diagnosis in dynamic systems: Orthogonal projection-based methods. ArXiv preprint [arXiv:2202.08108], 2022. [Google Scholar]
  25. Ding SX and Li L. Control performance monitoring and degradation recovery in automatic control systems: A review, some new results, and future perspectives. Contr Eng Pract 2021; 111: 104790. [CrossRef] [Google Scholar]
  26. Vinnicombe G. Uncertainty and Feedback: H∞ Loop-Shaping and the ν Gap Metric. London, UK: World Scientific, 2000. [CrossRef] [Google Scholar]
  27. Zhou K. Essential of Robust Control. Englewood Cliffs, NJ: Prentice-Hall, 1998. [Google Scholar]
  28. Ding SX, Yang G and Zhang P et al. Feedback control structures, embedded residual signals and feedcak control schemes with an integrated residual access. IEEE Trans Contr Syst Tech 2010; 18: 352–67. [CrossRef] [Google Scholar]
  29. Li L, Luo H and Ding SX et al. Performance-based fault detection and fault-tolerant control for automatic control systems. Automatica 2019; 99: 309–16. [Google Scholar]
  30. Schulze DM, Alexandru AB and Quevedo DE et al. Encrypted control for networked systems: An illustrative introduction and current challenges. IEEE Contr Syst Mag 2021; 41: 58–78. [CrossRef] [Google Scholar]
  31. Feintuch A. Robust Control Theory in Hilbert Space. New York: Springer-Verlag, 1998. [CrossRef] [Google Scholar]
  32. Han H, Yang Y and Li L et al. Control performance-based fault detection and fault-tolerant control schemes for a class of nonlinear systems. Int J Robust Nonlinear Control 2019; 30: 1431–50. [Google Scholar]
  33. Han H, Yang Y and Li L et al. Performance-based fault detection and fault-tolerant control for nonlinear systems with t-s fuzzy implementation. IEEE Trans Cybern 2021; 51: 801–14. [CrossRef] [PubMed] [Google Scholar]
  34. Ding SX. Model-Based Fault Diagnosis Techniques - Design Schemes, Algorithms, and Tools. Berlin: Springer-Verlag, 2008. [Google Scholar]
  35. Francis BA. A Course in H-Infinity Control Theory. Berlin - New York: Springer-Verlag, 1987. [CrossRef] [Google Scholar]
  36. Kato T. Perturbation Theory for Linear Operators. Berlin: Springer-Verlag, 1995. [CrossRef] [Google Scholar]
  37. Hoffmann JW. Normalized coprime factorizations in continuous and discrete time - a joint state-space approach. IMA J Math Contr Inform 1996; 13: 359–84. [CrossRef] [Google Scholar]
  38. Li L and Ding SX. Gap metric techniques and their application to fault detection performance analysis and fault isolation schemes. Automatica 2020; 118: 109029. [CrossRef] [Google Scholar]
  39. Van der Schaft A. L2 - Gain and Passivity Techniques in Nonlinear Control. London: Springer, 2000. [CrossRef] [Google Scholar]
  40. Bengio Y, Courville A and Vincent P. Representation learning: A review and new perspectives. IEEE Trans Pattern Anal Mach Intell 2013; 35: 1798–1828. [CrossRef] [PubMed] [Google Scholar]
  41. Geiger BC. On information plane analyses of neural network classifiers-a review. IEEE Trans Neural Netw Learn Syst 2021, in press. [Google Scholar]
  42. Burkart N and Huber MF. A survey on the explainability of supervised machine learning. J Artif Intell Res 2021; 70: 245–317. [CrossRef] [Google Scholar]
  43. Bauer M, Horch A and Xie L et al. The current state of control loop performance monitoring, a survey of application in industry. J Process Contr 2016; 38: 1–10. [CrossRef] [Google Scholar]
  44. Li L and Ding SX. Performance supervised fault detection schemes for industrial feedback control systems and their data-driven implementation. IEEE Trans Ind Inform 2020; 16: 2849–58. [CrossRef] [Google Scholar]
  45. Perez T, Goodwin GC and Seron MM. Performance degradation in feedback control due to constraints. IEEE Trans Automat Contr 2003; 48: 1381–85. [CrossRef] [Google Scholar]
  46. Zhang Y and Jiang J. Fault tolerant control system design with explicit consideration of performance degradation. IEEE Trans Aerosp Electron Syst 2003; 39: 838–48. [CrossRef] [Google Scholar]
  47. Zhang Y, Jiang J and Theilliol D. Incorporating performance degradation in fault tolerant control system design with multiple actuator failures. J Contr Automat Syst 2008; 6: 327–38. [Google Scholar]
  48. Li L, Ding SX and Luo H et al. Performance-based fault-tolerant control approaches for industrial processes with multiplicative faults. IEEE Trans Ind Inform 2020; 16: 4759–68. [CrossRef] [Google Scholar]
  49. Li L, Li S and Ding SX et al. Riemannian metric based performance monitoring and diagnosis for a class of feedback control systems. Acta Automat Sin 2022, in press. [Google Scholar]
  50. Magnus JR. Linear Structures. Oxford, UK: Oxford University Press, 1988. [Google Scholar]
  51. Parr R, Li L and Taylor G et al. An analysis of linear models, linear value-function approximation, and feature selection for reinforcement learning. In: Proceedings of the 25th International Conference on Machine Learning. ICML '08, 2008. Association for Computing Machinery, New York, NY, USA, 752–9. [Google Scholar]
  52. Al-Tamimi A, Lewis FL and Abu-Khalaf M. Discrete-time nonlinear hjb solution using approximate dynamic programming: Convergence proof. IEEE Trans Syst Man Cybern Part B (Cybern) 2008; 38: 943–9. [CrossRef] [PubMed] [Google Scholar]
  53. Shang C, Ding SX and Ye H. Distributionally robust fault detection design and assessment for dynamical systems. Automatica 2021; 125: 109434. [CrossRef] [Google Scholar]
  54. Wan Y, Ma Y and Zhong M. Distributionally robust trade-off design of parity relation based fault detection systems. Int J Robust Nonlinear Contr 2021; 31: 9149–74. [CrossRef] [Google Scholar]
  55. Xue T, Zhong M and Li L et al. An optimal data-driven approach to distribution independent fault detection. IEEE Trans Ind Inform 2020; 16: 6826–36. [CrossRef] [Google Scholar]
  56. Lin F, Fang X and Gao Z. Distributionally robust optimization: A review on theory and applications. Numer Algeb Contr Optim 2022; 12: 159–212. [CrossRef] [Google Scholar]
  57. Rahimian H and Mehrotra S. Distributionally robust optimization: A review. ArXiv preprint [arXiv:1908.05659], 2019. [Google Scholar]
  58. Yang I. A dynamic game approach to distributionally robust safety specifications for stochastic systems. Automatica 2018; 94: 94–101. [CrossRef] [Google Scholar]
  59. Xu Y, Ding SX and Yin S et al. Performance degradation monitoring and recovery of vision-based control systems. IEEE Trans Contr Syst Technol 2021; 29: 2712–9. [CrossRef] [Google Scholar]
  60. Lei Y, Li N and Guo L et al. Machinery health prognostics: A systematic review from data acquisition to rul prediction. Mech Syst Signal Process 2018; 104: 799–834. [CrossRef] [Google Scholar]
  61. Liao L and Köttig F. Review of hybrid prognostics approaches for remaining useful life prediction of engineered systems, and an application to battery life prediction. IEEE Trans Reliabil 2014; 63: 191–207. [CrossRef] [Google Scholar]
  62. Si X, Ren Z and Hu X et al. A novel degradation modeling and prognostic framework for closed-loop systems with degrading actuator. IEEE Trans Ind Electron 2020; 67: 9635–47. [CrossRef] [Google Scholar]
  63. Yin S, Xiao B and Ding SX et al. A review on recent development of spacecraft attitude fault-tolerant control system. IEEE Trans Ind Electron 2016; 63: 3311–20. [CrossRef] [Google Scholar]
Steven X. Ding

Steven Ding received his Ph.D. degree in electrical engineering from the Gerhard-Mercator University of Duisburg, Germany, in 1992. From 1992 to 1994, he was a R&D engineer at Rheinmetall GmbH. From 1995 to 2001, he was a professor of control engineering at the University of Applied Science Lausitz in Senftenberg, Germany, and served as vice president of this university during 1998–2000. Since 2001, he has been a chair professor of control engineering and the head of the Institute for Automatic Control and Complex Systems (AKS) at the University of Duisburg-Essen, Germany. His research interests are model-based and data-driven fault diagnosis, control and fault-tolerant systems as well as their applications in industry with a focus on automotive systems, chemical processes and renewable energy systems.

All Figures

thumbnail Figure 1.

Feedback control loop under consideration

In the text
thumbnail Figure 2.

The original configuration of the automatic control system under consideration

In the text
thumbnail Figure 3.

Reconfiguration of the automatic control system under consideration

In the text
thumbnail Figure 4.

Schemetic description of projection-based classification ( denotes the projection of onto 𝒦)

In the text
thumbnail Figure 5.

Basic configuration of an auto-encoder

In the text
thumbnail Figure 6.

Schematic configuration of the fault estimator

In the text
thumbnail Figure 7.

From the standard model to the observer-based I/O-model: a schematic description

In the text
thumbnail Figure 8.

Schematic configuration of a multi-layer automatic control system

In the text

Current usage metrics show cumulative count of Article Views (full-text article views including HTML views, PDF and ePub downloads, according to the available data) and Abstracts Views on Vision4Press platform.

Data correspond to usage on the plateform after 2015. The current usage metrics is available 48-96 hours after online publication and is updated daily on week days.

Initial download of the metrics may take a while.