A joint diagnoser approach for diagnosability of discrete event systems under attack

This paper investigates the problem of diagnosing the occurrence of a fault event in a discrete event system (DES) subject to malicious attacks. We consider a DES monitored by an operator through the perceived sensor observations. It is assumed that an attacker can tamper with the sensor observations, and the system operator is not aware of the attacker's presence at the beginning. We propose a stealthy joint diagnoser (SJD) that (i) describes all possible stealthy attacks (i.e., undiscovered by the operator) in a given attack scenario; (ii) records the joint diagnosis state, i.e., the diagnosis state of the attacker consistent with the original observation and the diagnosis state of the operator consistent with the corrupted observation. The SJD is used for diagnosability verification under attack. From the attacker's point of view, we present two levels of stealthy attackers: one only temporarily degrades the diagnosis state of the operator, and the other permanently causes damage to the diagnosis state of the operator, thereby resulting in a violation of diagnosability. Finally, necessary and sufficient conditions for the existence of the two levels of attackers are presented.