Extended state observer-based fault-tolerant control for an unmanned surface vehicle under asynchronous injection and deception attacks

1. INTRODUCTION

For the past few years, the relevant technology of unmanned surface vehicles (USVs) has undergone rapid advancements, garnering substantial attention across various fields including military operations^[1], ocean exploration^[2], and maritime monitoring ^[3]. An overview of control methods for USVs can be seen ^[4]. Notably, considerable attention has been devoted to the fault-tolerant control (FTC) of nonlinear steering controlled^[5], underactuated^[6], and fully actuated ^[7] USVs. An active FTC method for the USV is discussed ^[8], while^[9] provides insights into a passive FTC approach. More cutting-edge research on FTC can be seen ^[10–12]. Consequently, further exploration of FTC strategies for USVs is imperative to bolster reliability and stability of the system.

Given the intricacies of the marine environment, numerous accidents, including sensor faults (dead fault, biased fault, and random drift) and actuator faults (stuck steering mechanism-type fault and noise-type fault) along with insufficient thrust due to external disturbances, are prone to occur during mission execution. The smooth movement of USVs hinges upon various factors such as environmental perception and attitude control. These physical threats not only degrade the overall performance of USVs but also pose the risk of severe accidents. Hence, the FTC issues of USVs under physical threats are now receiving considerable attention ^[13–15]. An observer is constructed based on an intermediate variable and an FTC protocol is designed for a USV with actuator faults and partial transmission data loss ^[15]. Specifically, the FTC of USVs under actuator faults ^[16], sensor faults ^[17], thruster faults ^[18], actuator faults and disturbances ^[19] is investigated. In the FTC research, the observer-based active FTC method stands as a prominent choice ^{[8, 20, 21]}. This approach revolves around extracting fault information from the fault estimation (FE) and subsequently designing an FTC strategy based on the estimated information. However, prevailing observer-based FTC methods conventionally separate the front-end FE from the back-end FTC which complicates the research of USVs. Conversely, the co-design of FE and FTC not only mitigates complexity but also abbreviates fault response durations, rendering it more conducive for a USV to move in complex environments. Therefore, it is necessary to further explore the applicability of FE and FTC co-design framework within the realm of USVs.

In addition to the adverse effects stemming from the aforementioned physical threats, the advancement of USV intelligence is also accompanied by cyber risks. On the one hand, attacks in the networked layer damage the connectivity of transmission channels and the integrity of data, diminishing the reliability of the USV and potentially leading to the deviation from prescribed routes and loss of control. Therefore, when facing such malicious attacks as denial of service (DoS) attack, deception attack, injection attack, how to design a suitable FTC scheme to withstand the impact is crucial. A concise summary of cyber threats faced by USVs across different domains is provided, and a data protection scheme is presented ^[22]. Under the framework of co-design, a distributed control method based on the distributed unknown input observer is adopted to solve the distributed security control problem of multiple USVs under aperiodic DoS attacks ^[23]. An event-triggered communication scheme and an event-based switching control system are proposed to deal with both delayed and aperiodic DoS attacks ^[24]. A new defense and tolerance technology is adopted to deal with malicious connection hybrid attacks in the networked layer and solve the distributed tracking control problem of multiple USVs ^[25]. However, the predominant focus of current research lies in the FTC for USVs under periodic/aperiodic DoS attacks ^{[23, 24, 26]}. Different from DoS attacks which lead to serious communication interruption, deception attacks and injection attacks compromise the integrity and confidentiality of transmitted data by manipulating them, which causes misoperation of USVs and brings substantial security risks. On the other hand, the presence of network-induced delay significantly influences the real-time efficacy of USV control instructions, which greatly limits the flexibility of the system when performing tasks requiring rapid response such as obstacle avoidance. An event-triggered control design method for multiple USVs constrained by communication delay and drive resources is proposed to solve the dynamic target tracking problem ^[27]. A novel nonlinear networked predictive control approach, leveraging the discrete sliding mode framework, is introduced to address the trajectory tracking challenges encountered by USVs in the presence of communication limitations, encompassing network delay, packet loss, and packet disorder ^[28]. The dynamic nature and inherent uncertainty associated with network-induced delay exert a notable influence on control precision, which establishes it as one of the key factors in USV control research. Furthermore, apart from the types of cyber threats, it is pertinent to contemplate the location of their influence. Most cyber threats involved in the research are imposed on the controller-actuator channel ^{[13, 26, 29]} or sensor-to-fault detection filter channel ^{[30, 31]}, ignoring other cases, particularly the sensor-to-observer (SO) and observer-to-controller (OC) channels. In the case of SO and OC channels facing cyber threats, the control system receives imprecise estimated information, thereby causing incorrect fault response. Consequently, in scenarios where both SO and OC channels encounter cyber attacks and delays and the system is subjected to physical threats, the design of an observer-based FTC strategy is significant to safeguard the security and stability of a USV in complex environments.

The primary contributions of this paper are as follows. (1) In contrast to previous investigations of USVs focusing on the single side such as faults ^{[17, 18]} or cyber attacks ^{[31, 32]}, this paper presents a more comprehensive analysis by considering the combined impact of multiple cyber-physical threats. Different from the independent design of FE and FTC, this paper deduces the co-design criteria of FE and FTC under the unified framework based on Lyapunov-Krasovskii functional, and eliminates equality constraints, which alleviates the dilemma of solving nonlinear matrix inequalities; and (2) Unlike the prevailing emphasis on deception attacks and injection attacks ^[31–33], the complex case of dual-channel asynchronous injection and deception attacks is considered, with the attacks specifically aimed at SO and OC channels. The fault-tolerant controller devised in this paper diverges from conventional active FTC configurations predicated on pure estimation data ^{[21, 34]}. Instead, it integrates adversarial and benign scenario considerations. Leveraging damaged estimation information, it strengthens the resilience of the USV to multiple cyber threats, rendering it more practical.

2. PROBLEM FORMULATION

2.1. USV modeling

The movement challenges encountered by a USV on the horizontal plane are examined within this paper, with due attention given to disturbances arising from environmental factors. Emphasis is placed exclusively on the sway-yaw-roll motion pattern of USV, illustrated in Figure 1, with the repercussions of the heave-surge-pitch motion treated as perturbations. The dynamic model representing the USV is given as follows:

(1) $$ \begin{equation} \left\{ \begin{array}{l} \begin{aligned} \dot r(t)&= {K_{vr}}v(t)/{T_r} + {\omega _\psi }(t)/{T_r} + {K_{ar}}\delta (t)/{T_r} - r(t)/{T_r}\\ \dot p(t)&= \omega _n^2{K_{ap}}\delta (t) - 2\zeta {\omega _n}p(t) + \omega _n^2{\omega _\phi }(t)- {\omega _n^2}\phi (t) + \omega _n^2{K_{vp}}v(t)\\ \dot v(t) &= {K_{av}}\delta (t)/{T_v} - v(t)/{T_v}\\ \dot \psi (t) &= r(t)\\ \dot \phi (t) &= p(t) \end{aligned} \end{array} \right. \end{equation} $$

Figure 1. The sway-yaw-roll motion of USV illustrated in body-fixed coordinate frame.

where $$ r(t) $$, $$ v(t) $$, $$ p(t) $$, $$ \phi (t) $$, $$ \delta (t) $$, and $$ \psi (t) $$ represent the yaw velocity, sway velocity, roll velocity, roll angle, rudder angle, and heading angle, respectively. $$ {\omega _\psi }(t) $$ and $$ {\omega _\phi }(t) $$ signify the external disturbances influencing the heading and roll velocity channels due to wave-induced effects. $$ \omega _n $$ and $$ \zeta $$ stand for the undamped natural frequency and damping ratio, respectively. The channel gains are denoted by $$ K_{ap} $$, $$ K_{ar} $$, $$ K_{vp} $$, $$ K_{vr} $$, and $$ K_{av} $$, while $$ T_r $$ and $$ T_v $$ represent the time constants. To simplify the analysis, it is assumed that the speed of the USV remains the same.

During the propulsion of USVs, occurrences of actuator faults, such as noise-type faults and stuck steering mechanism-type faults, are inevitable. Consequently, the USV subject to external disturbances and actuator faults is modeled as:

(2) $$ \begin{equation} \left\{ \begin{array}{*{20}{l}} {\dot x(t) = Ax(t) + Bu(t) + {E}\omega (t)+ {F}f(t)}\\ {y(t) = Cx(t) } \end{array} \right. \end{equation} $$

where $$ x(t) = {\left[ {v(t)}\; {r(t)}\; {\psi (t)}\; {p (t)}\; {\phi (t)} \right]^T} $$ is the state of the USV. $$ u(t) = \delta (t) $$ and $$ y(t) $$ represent the input and output of the system, respectively. $$ \omega(t) = {\left[ {{\omega _\psi }(t)}\; {{\omega _\phi }(t)} \right]^T} $$ and $$ f(t) $$ characterize the wave-induced disturbances and actuator faults. Matrices $$ A $$, $$ B $$, $$ C $$, $$ E $$ and $$ F $$ are constant matrices, with $$ A $$, $$ B $$, and $$ E $$ derived from (1),

(3) $$ \begin{equation} \begin{array}{*{20}{l}} A= \left[ {\begin{array}{*{20}{c}} { - {1}/{{{T_v}}}}&0&0&0&0\\ {{{{K_{vr}}}}/{{{T_r}}}}&{ - {1}/{{{T_r}}}}&0&0&0\\ 0&1&0&0&0\\ {\omega _n^2{K_{{\rm{vp}}}}}&0&0&{ - 2\zeta {\omega _n}}&{ - \omega _n^2}\\ 0&0&0&1&0 \end{array}} \right], \\ B= {\left[ {\begin{array}{*{20}{c}} {{{{K_{av}}}}/{{{T_\nu }}}}\\{{{{K_{ar}}}}/{{{T_r}}}}\\0\\{\omega _n^2{K_{{\rm{ap}}}}}\\0 \end{array}} \right]}, \; {E}= {\left[ {\begin{array}{*{20}{c}} 0&0\\{{1}/{{{T_r}}}}&0\\0&0\\0&{\omega _n^2}\\0&0 \end{array}} \right]}. \end{array} \end{equation} $$

2.2. Asynchronous injection and deception attacks modeling

Concerning threats in the networked layer, considerable focus has been directed toward assessing the combined impact of network-induced delays, as well as asynchronous injection and deception attacks targeting transmitted signals across SO and OC channels, as portrayed in Figure 2.

Figure 2. Dual-channel time-varying delays and asynchronous injection and deception attacks.

Under the joint impact of time-varying delays and injection attacks, the output signal $$ y(t) $$ transmitted on the SO channel is transformed into the following form,

(4) $$ \bar{y} \left ( t \right ) =y(t-\beta \left ( t \right ) )+\alpha y(t-\beta \left ( t \right ) )=\bar{\alpha }y(t-\beta \left ( t \right ) ) $$

where $$ \bar{y} \left (t \right) $$ indicates the affected output signal, and $$ \beta \left (t \right) $$ represents the time-varying delay caused by network transmission process. The scaling factor $$ \alpha $$ denotes the attack amplitude.

In intricate maritime settings, direct acquisition of the state information of the USV is unfeasible owing to the prevalence of interferences such as magnetic fields and waves. Hence, an extended state observer is proposed to simultaneously estimate state and fault information. The extended state observer is constructed as follows:

(5) $$ \begin{equation} \left\{ {\begin{array}{*{20}{l}} \begin{aligned} {\dot {\hat x}}(t) &=A\hat x(t) +Bu(t)+F\hat f(t)-L(\bar y(t) - \hat y(t))\\ \hat y(t) &= C\hat x(t)\\ {\dot {\hat f}}(t)&=Q(\bar y(t) - \hat y(t)) \end{aligned} \end{array}}\right. \end{equation} $$

where $$ {\hat x}(t) $$ and $$ {\hat f}(t) $$ represent the estimation of state information and fault information, respectively, which are transmitted to the fault-tolerant controller through OC channel. $$ L $$ and $$ Q $$ both are gain matrices to be determined.

In the context of deception attacks occurring on the OC channel, a stochastic variable denoted as $$ \rho \left (t \right) $$ is introduced to delineate the probability associated with attack occurrences. The stochastic variable $$ \rho \left (t \right) $$ is governed by the Bernoulli distribution and embodies the mathematical expectation formulated as follows:

(6) $$ {\rm Pr}(\rho (t)=1)=\mathbb{E}\{ \rho (t)\}=\bar{\rho } , \mathbb{E}\{ {{\left ( \rho \left ( t \right ) -\bar{\rho } \right )}^{2} } \}=\bar{\rho} \left ( 1-\bar{\rho} \right ), \bar{\rho}\in\left [ 0, 1 \right ] $$

In addition to deception attacks, the existence of time-varying delays is also taken into account within the OC channel. When the estimated information $$ {\hat x}(t) $$ and $$ {\hat f}(t) $$ are transmitted through the OC channel to the fault-tolerant controller without being subjected to Bernoulli deception attacks, the received data are denoted as $$ {\hat x}(t-\sigma \left (t \right)) $$ and $$ {\hat f}(t-\sigma \left (t \right)) $$, respectively. Conversely, in the event of attacks, the data integrity is damaged, resulting in post-attack signals represented as $$ \aleph \left ({\dot {\hat x}}(t-\theta \left (t \right)) \right) $$ and $$ \aleph \left ({\dot {\hat f}}(t-\theta \left (t \right)) \right) $$. Both $$ \sigma \left (t \right) $$ and $$ \theta \left (t \right) $$ represent the time-varying delay on the OC channel.

Remark 1: The injection attacks on the SO channel and the deception attacks on the OC channel give rise to an asynchronous independent attacks phenomenon attributed to varying delays across channels. The disparity in delays and attack modalities poses challenges to the investigation of the controllability and reliability of the USV. Concerning the injection attack on the SO channel, it injects the attack signal by combining with the state information, which is more targeted and elusive than the attack that directly injects irrelevant information. In addition, in contrast to other researches focusing on Bernoulli deception attacks on channels ^{[35, 36]}, no analogous constraint is imposed on the attacks.

Assumption 1:^{[5, 6, 37]} The time-varying delays occurring on either SO or OC channels have known upper bounds, i.e., $$ \beta \left (t \right)\in\left [0, \beta _{M} \right] $$, $$ \sigma \left (t \right)\in\left [0, \sigma _{M} \right] $$, $$ \theta \left (t \right)\in\left [0, \theta _{M} \right] $$. In addition, both the derivative of the fault vector $$ {\dot f}(t) $$ and the disturbance vector have an unknown upper bound, i.e., $$ \left \| {\dot f}(t) \right \| \le \bar{f} $$, $$ \bar{f}> 0 $$, $$ \left \| \omega \left (t \right) \right \| \le \bar{\omega} $$, $$ \bar{\omega}> 0 $$.

Assumption 2:^[24] The system matrix $$ C^T $$ satisfies full column rank.

Lemma 1:^[37] For the provided matrix $$ C^T \in {\mathbb{R}^{n\times l} } $$ and positive definite matrix $$ W\in {\mathbb{R}^{n\times n} } $$, there is a matrix $$ N\in {\mathbb{R}^{l\times l} } $$ such that $$ WC^T=C^TN $$ if and only if

(7) $$ \begin{equation} W = {J^T}\left[ {\begin{array}{*{20}{c}} {{W_{11}}}&0\\ 0&{{W_{22}}} \end{array}} \right]J \end{equation} $$

where $$ W_{11}\in {\mathbb{R}^{l\times l}} $$, $$ W_{22}\in {\mathbb{R}^{(n-l)\times (n-l)}} $$, and $$ J $$ is an orthogonal matrix.

Control objective: The main purpose is to design a fault-tolerant controller $$ u(t) $$ within the FE and FTC co-design framework that enables the USV system (2) to achieve asymptotic stability under multiple cyber-physical threats such as disturbances, actuator faults, time-varying delays, injection attacks, and deception attacks.

3. MAIN RESULTS

In this section, the $$ u(t) $$ is designed using the information estimated by the extended state observer. A sufficient condition for asymptotic stability of the USV system (2) is derived under the framework of FE and FTC co-design, and a method to eliminate the equality constraints is proposed to solve the unknown gain matrix to ensure the sufficient condition.

The state estimation error and FE error are respectively defined as $$ e_{x} =\hat{x} \left (t \right) -x\left (t \right) $$, $$ e_{f} =\hat{f} \left (t \right) -f\left (t \right) $$. The dynamics of the estimation errors are deduced by using (2) and (5) as follows:

When time-varying delays and Bernoulli deception attacks exist within the OC channel, the state estimation information $$ {\hat x}(t) $$ and FE information $$ {\hat f}(t) $$ are utilized to construct the fault-tolerant controller $$ u(t) $$ for the USV system (2), formulated as follows:

In combination with (5), (8), and (9), the augmented system is constructed as follows:

where $$ \xi (t) = {\left[ {{e_x^T}(t)}\; {{e_f^T}(t)}\; {{{\hat x}^T}(t)}\; {{{\hat f}^T}(t)} \right]^T} $$, and $$ \varpi (t)=\left[{\begin{array}{*{20}{c}} \omega^T (t)\; {\dot f}^T(t) \end{array}} \right]^T $$ are the augmented vectors. $$ \hat{A} = \left[{\begin{array}{*{20}{c}} A&F&LC&0\\ 0&0&{-QC}&0\\ 0&0&{A + LC}&F\\ 0&0&{-QC}&0 \end{array}} \right] $$, $$ \hat{B} = \left[{\begin{array}{*{20}{c}} 0&0\\ 0&0\\ {BK}&{-BG}\\ 0&0 \end{array}} \right] $$, $$ M = \left[{\begin{array}{*{20}{c}} 0&0&{ I}&0\\ 0&0&0&I\\ \end{array}} \right] $$, $$ \hat{C} = \left[{\begin{array}{*{20}{c}} \bar{\alpha }LC&0&-\bar{\alpha }LC&0\\ {-\bar{\alpha }QC}&0&{\bar{\alpha }QC}&0\\ \bar{\alpha }LC&0&-\bar{\alpha }LC&0\\ {-\bar{\alpha }QC}&0&{\bar{\alpha }QC}&0\\ \end{array}} \right] $$, and $$ \hat{E} = \left[{\begin{array}{*{20}{c}} {{-E}}&0\\ 0&-I\\ 0&0\\ 0&0 \end{array}} \right] $$ are the augmented matrices.

Given the positive parameter $$ \gamma > 0 $$, the asymptotic stability of the USV system (2) is equivalent to the augmented system (9) satisfying the following $$ H_{\infty } $$ performance index.

Theorem 1: Given the known parameters $$ {\beta_M} $$, $$ {\sigma_M} $$, $$ {\theta_M} $$, $$ \bar\rho $$, $$ \gamma $$, and matrices $$ \hat{A} $$, $$ \hat{B} $$, $$ \hat{C} $$, $$ \hat{E} $$, $$ M $$, the augmented system (9) can achieve asymptotic stability under the zero initial condition with an $$ {H_\infty } $$ index $$ \gamma $$, if there exist positive definite matrices $$ P $$, $$ \Theta_i $$, and $$ \Psi_i (i=1, 2, 3) $$ satisfying the following matrix inequality:

where

Proof: The Lyapunov-Krasovskii functional $$ V(t) $$ is framed as $$ V(t) = {V_1}(t) + {V_2}(t) + {V_3}(t) $$ with the following form

Then, the $$ \mathbb{E}\{ {{\dot V}}(t)\} $$ can be formulated as $$ \mathbb{E}\{ {{\dot V}}(t)\} = \mathbb{E}\{ {{\dot V}_1}(t)\} + \mathbb{E}\{ {{\dot V}_2}(t)\} + \mathbb{E}\{ {{\dot V}_3}(t)\} $$, as delineated by the subsequent expressions.

where

From the Jensen inequality, the following inequalities hold

In order to ensure that the augment system (9) satisfies $$ H_\infty $$ index (10), the following calculation is performed under the zero initial condition,

The inequality (11) is a sufficient condition for $$ \mathbb{E}\{ \dot V(t) + \xi ^T(t){\xi }(t)- {\gamma ^2}{\varpi ^T}(t)\varpi (t){\rm{\} }}< 0 $$ with the definition of $$ s(t) = [{{\xi ^T}(t)} \; {{\xi ^T}(t - \beta(t))}$$$${{\xi ^T}(t - \beta_M)} \; {{\xi ^T}(t - \sigma(t))}$$$${{\xi ^T}(t - \sigma_M)} \; {{\xi ^T}(t - \theta_M)}$$$${\aleph^T(M\xi (t - \theta(t)))}$$$${{\varpi ^T}(t)}]^T $$ through using the Schur complement in the inequality (15).

Remark 2: In formulating the aforementioned Lyapunov-Krasovskii functional $$ V(t) $$, the parameters $$ \beta_M $$, $$ \sigma_M $$ and $$ \theta_M $$ signify the upper bounds of the corresponding channel delays to model worst-case scenarios. Thus, inequality (10) persists under the condition that the time-varying delays of the channels remain within the prescribed upper bounds in all cases.

The resolution of matrix inequalities (11) poses challenges in directly solving the unknown matrix parameters employing the linear matrix inequalities (LMI) technique, attributed to the inclusion of partial nonlinear terms. Consequently, a method is introduced in the following theorem to eliminate equality constraints, thereby linearizing the nonlinear terms, and subsequently resolving multiple undetermined matrix parameters via a matrix inequality.

Theorem 2: Given the scalars $$ {\beta _M} $$, $$ {\sigma _M} $$, $$ {\theta _M} $$, $$ \bar \rho $$, $$ \gamma $$, $$ {\epsilon_i} (i = 1, 2, 3, 4) $$ and matrices $$ \hat{A} $$, $$ \hat{B} $$, $$ \hat{C} $$, $$ \hat{E} $$, after eliminating the equality constraint, the augmented system (9) achieves the $$ {H_\infty } $$ performance index (10) if there exist positive definite matrices $$ W $$, $$ {\tilde{\Theta }_i} $$, $$ {\Psi_i} (i=1, 2, 3) $$ and matrices $$ \tilde{Q} $$, $$ \tilde{L} $$, $$ \tilde{K} $$, $$ G $$ such that the following inequalities can be solved,

where

Proof: For the matrix $$ C^T\in {\mathbb{R}^{n \times l}} $$ of the full column rank, there exist two orthogonal matrices $$ J \in {\mathbb{R}^{n \times n}} $$ and $$ Y \in {\mathbb{R}^{l \times l}} $$ such that

where $$ J_1 \in {R^{l \times n}} $$, $$ J_2 \in {R^{(n-l) \times n}} $$, and $$ \Delta = {\rm {Diag}} \{ {\sigma _1}, \cdots, {\sigma _l}\} $$ for $$ {\sigma _1}, \cdots, {\sigma _l} $$ being nonzero singular values of $$ C^T $$. Constructing the following matrix $$ W $$,

where $$ W_{11} $$ and $$ W_{22} $$ are symmetric positive definite matrices with $$ J_1 $$ and $$ J_2 $$ defined in (17).

It follows from $$ \rm Lemma 1 $$ that for the full column rank matrix $$ C^T \in {\mathbb{R}^{n\times l} } $$, there exists the nonsingular matrix $$ N $$ such that $$ WC^{T}=C^{T}N $$ holds. The inequality (16) is verified by the premultiplication and postmultiplication of (11) with $$ \Gamma $$ and $$ \Gamma^T $$, respectively. The correlation matrices are constructed as follows:

Finally, solving the LMI (16) and the following equation (19) enables the determination of the extended state observer gain matrices $$ Q $$, $$ L $$ and the controller gain matrix $$ K $$ within the co-design framework of FE and FTC.

The proof is completed.

4. SIMULATION

In this section, since the forward speed is the key parameter, simulations are conducted under two distinct scenarios: low speed and high speed of the USV. The parameters corresponding to the low-speed $$ V $$ = 3.8 m/s and high-speed $$ V $$ = 7.8 m/s configurations are delineated in Table 1. To align with practical scenarios and demonstrate the proposed algorithm's robustness to initial condition deviations, the initial state of the USV is set as $$ x(0)=\left[\begin{array}{lllll} 0.8 & -0.5 & 0.5 & -0.5 & 0.6 \end{array}\right]^{T} $$.

The system matrices $$ A, B, E $$ in (3) derived from the parameters in Table 1 are shown in Table 2. It is noteworthy that in both scenarios, the system matrix $$ C $$ and the fault coefficient matrix $$ F $$ in (2) are chosen to be the same. At the same time, $$ C $$ satisfies the full column rank condition in Assumption 2. The specific values of $$ C $$ and $$ F $$ are also shown in Table 2. According to Lemma 1, the correlation matrices with the singular value decomposition of the matrix $$ C $$ manifest as follows.

The disturbances are selected as $$ {\omega _\psi }(t) = {\omega _1}(t){{0.9s}}/({{{s^2} + 2.2s + 1}}) $$ and $$ {\omega _\phi }(t)= 0.15 \rm cos(t) $$, where $$ \omega _{1} $$ represent a vector of zero-mean Gaussian white noises. The upper bound of the delays on the SO and OC channels is selected as $$ {\beta_M} = 0.2 $$, $$ {\sigma_M} = 0.1 $$, $$ {\theta_M} = 0.15 $$. For Bernoulli deception attacks on the OC channel, the probability is set to $$ \bar{\rho} =0.3 $$ and a smooth nonlinear function $$ \tanh \left (\cdot \right) $$ is introduced to characterize the attacks. The specific forms of the deception attacks are as follows.

According to Theorem 2, the relevant parameters given are set as $$ \gamma =1.2 $$, $$ \epsilon _{1} =0.6 $$, $$ \epsilon _{2} =1.8 $$, $$ \epsilon _{3} =0.9 $$, $$ \epsilon _{4} = 1.8 $$. The gain matrices $$ L $$ and $$ Q $$ of the observer and the gain matrices $$ K $$ and $$ G $$ of the controller are obtained by solving inequality 16 and equation 19, as shown in Table 3.

To assess the efficacy of the algorithm when the USV faces the above multiple cyber-physical threats, four comparative simulation cases under two scenarios are given. In all subsequent experiments, the units of the components of the state vector $$ x\left (t \right) $$ are $$ v\left (t \right) \left (m/s \right) $$, $$ r\left (t \right) \left (rad/s \right) $$, $$ \psi\left (t \right) \left (rad \right) $$, $$ p\left (t \right) \left (rad/s \right) $$ and $$ \phi\left (t \right) \left (rad \right) $$.

Case 1: In this situation, the USV is solely considered to face pure physical threats such as noise-type faults and disturbances. The specific form of noise-type fault is as follows. The state response $$ x(t) $$ of the USV under noise-type actuator faults and disturbances is illustrated in Figure 3. Upon observation of the Figure 3, it is evident that the USV under the high-speed condition is significantly affected by disturbances and noise-type faults, resulting in a longer time for the system to achieve asymptotic stability compared to the low-speed condition. Nevertheless, across both low- and high-speed scenarios, the curves converge to bounded within a certain period of time, which verifies the effectiveness of the proposed algorithm in USV against physical threats.

Figure 3. The state response $$ x(t) $$ to disturbances and noise-type faults under two scenarios.

Case 2: This case is based on Case 1 to verify the effectiveness of the algorithm in the case of constant injection attacks and time-varying delays occurring within SO channel. The state response $$ x(t) $$ of the USV under noise-type actuator faults, disturbances, time-varying delays and constant injection attacks is illustrated in Figure 4. Figure 4 shows that the curve fluctuates more frequently when the SO channel suffers from time-varying delays and constant injection attacks, but even under the high-speed scenario, the state response $$ x(t) $$ still starts to stabilize at about 20s under the influence of the proposed algorithm.

Figure 4. The state response $$ x(t) $$ to noise-type actuator faults, disturbances, time-varying delays and constant injection attacks under two scenarios.

Case 3: Based on Case 2, this case considers the existence of Bernoulli deception attacks and time-varying delays on OC channel, thus forming dual-channel asynchronous independent injection and deception attacks. Figure 5 illustrates the trend of the state $$ x(t) $$ of the USV in the face of multiple cyber-physical threats (noise-type actuator faults, disturbances, dual-channel asynchronous independent injection and deception attacks) under the two scenarios. It can be seen from Figure 5 that even though Bernoulli deception attacks occur frequently, the state of the USV tends to be stable quickly and fluctuates less under both low- and high-speed scenarios, which verifies the feasibility of the proposed algorithm. Figure 6 illustrates the state estimation error $$ e_x(t) $$ and FE error $$ e_f(t) $$ of the USV under the two scenarios, respectively. It can be seen from Figure 6 that both the state estimation error $$ e_x(t) $$ and the FE error $$ e_f(t) $$ only fluctuate within a small range regardless of the low or high speed, even with many influences, thus demonstrating the good performance of the extended state observer proposed in this paper. Figure 7 illustrates the variation in the control input response $$ u\left (t \right) $$ of the USV under the specified physical threat scenario. It is observed that as the USV's state reaches stabilization, the control input progressively stabilizes. It is noteworthy that the inclusion of disturbances and integrators within the simulation framework leads to the generation of FE even in the absence of actual faults.

Figure 5. The state response $$ x(t) $$ to noise-type actuator faults, disturbances, and dual-channel asynchronous injection and deception attacks under two scenarios.

Figure 6. The state error response $$ e_x(t) $$ and the fault error response $$ e_f(t) $$ to noise-type actuator faults, disturbances, and dual-channel asynchronous injection and deception attacks under two scenarios.

Figure 7. The control input response $$ u\left (t \right) $$ under two scenarios.

Case 4: In this situation, firstly, the noise-type actuator faults in case 3 are replaced with stuck steering mechanism-type faults. Figure 8 and Figure 9 show the state response $$ x(t) $$ and the error response $$ e_x(t) $$ and $$ e_f(t) $$ under the influence of stuck steering mechanism-type faults, disturbance, dual-channel asynchronous constant injection and Bernoulli deception attacks, respectively. Compared with the noise-type faults in Case 3, the abrupt change of the stuck steering mechanism-type faults makes the stability of the USV more difficult, but the algorithm proposed in this paper still makes the USV tend to be stable in a certain period of time under the two scenarios. At the same time, the stuck steering mechanism-type faults also make the convergence of estimation error become relatively slow in the high-speed scenario. Secondly, in order to better characterize the impact of injection attacks, the constant injection attacks are replaced by time-varying or adaptive injection attacks. The specific forms of the stuck steering mechanism-type faults and the two types of injection attacks are as follows. It can be seen from Figure 10 and Figure 11 that the existence of time-varying injection attacks makes the state response $$ x(t) $$ and error responses $$ e_x(t) $$ and $$ e_f(t) $$ fluctuate more sharply, but these fluctuations are still maintained in a tolerable range. Figure 12 and Figure 13 show that the adopted FTC scheme based on the extended state observer performs well against the adaptive injection attack.

Figure 8. The error response $$ x(t) $$ to stuck steering mechanism-type faults, disturbances, and dual-channel asynchronous injection and deception attacks under two scenarios.

Figure 9. The error response $$ e_x(t) $$ and $$ e_f(t) $$ to stuck steering mechanism-type faults, disturbances, and dual-channel asynchronous injection and deception attacks under two scenarios.

Figure 10. The state response $$ x(t) $$ to noise-type faults, disturbances, and dual-channel asynchronous time-varying injection and deception attacks under two scenarios.

Figure 11. The error response $$ e_x(t) $$ and $$ e_f(t) $$ to noise-type faults, disturbances, and dual-channel asynchronous time-varying injection and deception attacks under two scenarios.

Figure 12. The state response $$ x(t) $$ to noise-type faults, disturbances, and dual-channel asynchronous adaptive injection and deception attacks under two scenarios.

Figure 13. The error response $$ e_x(t) $$ and $$ e_f(t) $$ to noise-type faults, disturbances, and dual-channel asynchronous adaptive injection and deception attacks under two scenarios.

where $$ \omega _{2} $$ is also a Gaussian white noise with variance 1.

5. CONCLUSIONS

A co-design method of FE and FTC for an underactuated USV under actuator faults, disturbances and cyber threats is proposed in this paper to achieve the smooth movement of the USV. To address the delays, uncertainties, and signal disruptions caused by dual-channel independent asynchronous injection and deception attacks, an extended state observer and a fault-tolerant controller were constructed using the compromised information, ensuring robust control of the USV under multiple cyber-physical threats. Utilizing the Lyapunov-Krasovskii functional, a sufficient condition for the integrated design was derived, and a method for eliminating equality constraints was proposed to overcome the challenges of solving nonlinear matrix inequalities. Simulation results validate the efficacy of the extended state observer-based FTC approach.This study advances theoretical foundations for the design of integrated FTC strategies and stability analysis of USVs under multi-layered adverse conditions. At the same time, it provides valuable insights for USVs to reliably navigate in modern complex network environments. Prospective research is encouraged to introduce the idea of the co-design into the cooperative control scenario of multi-USVs, aiming to enhance overall performance amidst the presence of diverse cyber-physical threats. In addition, insights from advanced control methods, such as reinforcement learning ^[38], can further enhance the adaptability of USVs in complex environments.

DECLARATIONS