Mitigating performance degradation of network-based control systems under denial of service attacks

One obstacle for the widespread deployment of network-based control systems (NBCS) is the stochastic delay induced by the underlying shared and open networks. Denial of service (DoS) attacks cause significant disruptions to the Internet, compounding the delay jitter and loss of packets that are used to transmit sensor measurements and control signals. Existing works have mainly focused on controller design under network normal operation, which might be inadequate to the threats of DoS attacks. In this paper, the authors present two mitigation measures from the viewpoint of network intrusion detection and response. The basic idea is that the routers close to the attack sources actively drop the attack traffic or lower-priority traffic to protect the resource for the legitimate application traffic. The simulation results indicate that the proposed defense measures are effective for ameliorating the NBCS performance degradation. We suggest that a plausible direction for the security of NBCS may combine the proposed network defense measures with specific controller design to compensate for delay jitter/packet loss.