Zero Assignment via Generalized Sampler: A Countermeasure Against Zero-Dynamics Attack

Networked control systems have advantages such as flexibility, efficiency, but at the same time they are exposed to cyberattacks. Among many lethal attacks, the zero-dynamics attack is a model based attack and it is very hard to detect. In this paper, a new strategy for intrusion detection and defense against zero-dynamics attack is proposed, and it is based on the generalized sampler that takes a weighted average of multiple samples obtained during one sampling interval. By using the generalized sampler instead of the simple sampler, the zeros of the sampled-data system can be placed at arbitrary locations, and if all zeros are placed inside the unit circle, the attack signal becomes no longer effective. This strategy still works even if all the information is exposed to hackers and it is considerably insensitive to the shift of intrinsic zeros. A design procedure for the generalized sampler is provided under mild assumptions. Furthermore, optimal designs for the selection of desired zeros are formulated considering practical issues. Theoretical findings are validated through numerical simulations.


I. INTRODUCTION
Advanced communication technologies make it possible to control remote dynamic systems, monitor the status of geographically distributed systems such as power systems and smart factories, and make decisions for multi-agent systems. Although this high level of flexibility has been achieved, these systems are subject to cyber threats, as reported in real incidents such as StuxNet computer worm [1] and the attack on Ukrainian power plant [2].
Thus, ensuring security from cyber threats is a central issue these days and is gaining more and more attention. One of the main research streams on cyber security is to model and analyze the cyber-attacks (see, e.g., [3]- [8] and references therein) and develop defense strategies against those attacks [3], [9]- [13].
Among many cyber-attacks, we focus on the zerodynamics attack (ZDA) in this paper. It is one of the most dangerous cyber-attacks because it is stealthy and hardly possible The associate editor coordinating the review of this manuscript and approving it for publication was Sedat Akleylek . to detect. The attack signal is constructed by using the information of system's zero-dynamics so that the internal states corresponding to the zero-dynamics converge to that of ZDA while the effect of ZDA on the system output is almost negligible. Thus, ZDA is fatal to systems that have unstable zerodynamics (i.e, non-minimum phase systems) since a properly designed ZDA can drive the internal states unbounded while unnoticed. It is emphasized that modern networked control systems are vulnerable to ZDA since in many cases the system can be modeled as a sampled-data system with unstable zero-dynamics. In fact, if a continuous-time system has relative degree greater than two and the sampling time is sufficiently small, the corresponding sampled-data system has at least one unstable sampling zero [14], regardless of the stability of the zero-dynamics of the continuous-time systems.
Several strategies for intrusion detection and defense against ZDA have been proposed. [9] proposed a detection method of ZDA by modifying the input, output, and dynamic characteristics of the system. [12] introduced a (constant or time-varying) modulation matrix to the path of the input channel to hide the actual input gain matrix. Both approaches can detect the intrusion of ZDA, but the information on modification or modulation matrix should be hidden. [15] proposed a dual-rate control; construct a lifted discrete-time system by collecting a sufficient number of output measurements during a single sampling interval. It is shown that the lifted system has no unstable zeros except 1. Although this approach can be used to detect the intrusion of ZDA, a collection of output measurements should be transmitted, which requires fairly large communication load. Recently, [13] proposed a strategy employing the generalized hold (GH) [14] instead of the zero-order hold (ZOH). If properly designed, the zeros of the sampled-data system can be placed in the stable region so that ZDA is no longer effective.
In this paper, we propose a new strategy for intrusion detection and defense against ZDA. The idea is to shift the zeros of the sampled-data system so that the system has stable zero-dynamics, and this is done by replacing the simple sampler (SS) with the generalized sampler (GS) [14]. GS is a signal processing device that can be represented by a continuoustime system having an impulse response and generates a discrete-time signal from a continuous-time signal [14]. If the delta function is used for the impulse response, GS becomes the conventional SS.
Motivated by the notion of GS, we consider a GS that takes several instantaneous samples during one sampling interval and generates a discrete-time output that is a weighted average of the samples. The number of samples (during one sampling interval) and the weights are the design parameters of GS. Thanks to the additional degree of freedom, the zeros can be placed anywhere desired under mild assumptions, and a constructive design procedure to choose the weights of GS is also presented. We emphasize that the proposed approach has several advantages over existing strategies against ZDA; first, no information needs to be hidden, second, the zeros can be arbitrarily assigned, and finally, there is no intersample behavior. Based on the weight design for a given set of desired zeros, we further investigate how to find optimal zeros. We propose several metrics for the design considering practical issues such as output deviation of the newly generated signal from the original sampled output and the effect of noise. With these metrics, we present optimal designs that can be solved by using well known numerical tools for convex optimization. Numerical simulations on a two-mass system are conducted for noisy/noise-free cases to validate theoretical findings.
The rest of this paper is organized as follows. In Section II, we briefly recall the concept of ZDA and several strategies against it. In Section III, the generalized sampler as a zero assignment tool is introduced in detail and compared with a recently developed assignment method. Designs of GS from optimization perspective are given in Section V. In Section IV, we applied the design of GS to neutralize ZDA and simulation results are included. Finally, Section VI concludes the paper. Notation: R n denotes an n-dimensional Euclidean space. The set of natural numbers is denoted by N and N 0 := N∪{0}. The set of complex numbers is denoted by C. For a given a ∈ C, |a| denotes the magnitude of a. I n is the n × n identity matrix and 0 n denotes the n × 1 zero vector.

A. ZERO-DYNAMICS ATTACK ON SAMPLED-DATA SYSTEM
We consider a continuous-time system controlled by a digital controller which is connected through a communication network. Suppose that the network has been compromised so that a malicious attack signal can be injected in the control signal. Precisely, the control system under attack is described byẋ where x(t) ∈ R n is the state vector, u(t) ∈ R is the control input, a(t) ∈ R is the attack signal, and y(t) ∈ R is the output. A, B and C are constant matrices with appropriate dimensions. Remark 1: ZDA is classified as an actuator attack that the attack signal is applied to an input channel of a system. As a counterpart of the actuator attack, there is a sensor attack, which applies an attack to sensor measurements transmitted over the network. Pole-dynamics attack is one of them and it is a dual of ZDA [16].
In most networked control systems, ZOH and SS are used to interface the system (1) with a digital controller that is connected through communication network as depicted in Fig. 1. ZOH located in the input side converts the discrete-time input signal u k := u(kT s ), ∀k ∈ N 0 coming from the controller into where T s is the sampling time, and SS converts the continuous-time signal y(t) into a discrete-time signal y k := y(kT s ), ∀k ∈ N 0 at each sampling time.
Suppose that a malicious attack signal intrudes into the compromised network at each sampling time so that the signal transmitted to ZOH becomes u k + a k . Thus, we have u(t) + a(t) = u k + a k , kT s ≤ t < (k + 1)T s . Then, it follows from the theory of linear system [17] that where the last relation is obtained by changing variable τ = τ − kT s . From this, we obtain a sampled-data system given by where x k = x(kT s ) and The system (2) can be rewritten in the normal form [18] given by where the dynamics of ξ explains the relation between the input and output and that of η describes the internal behavior. The dynamics η k+1 = S d η k is called the zero-dynamics, where the eigenvalues of S d correspond to the zeros of the sampled-data system (2) [18]. Let us briefly explain how (3) can be derived. See [18,Chapter 13] for more details. Suppose that the transfer function of (2) is given by where K ∈ R, D(z) and N (z) are monic polynomials whose degrees are n and n − ρ, respectively, and ρ is the relative degree. Let Q(z) and R(z) be the polynomials of degree ρ and ρ R ≤ ρ − 1, respectively, such that D(z) = N (z)Q(z) + R(z). Then, G(z) can be written as It can be seen that G(z) is a negative feedback system composed of 1 Q(z) in the forward loop (hence its output is y k ) and R(z) N (z) (with y k being its input) in the feedback loop, and K is the input gain. Let a state space realization of R(z) N (z) be given by which means that det(zI −S d ) = N (z) and q d (zI −S d ) −1 P d = R(z)/N (z). In addition, 1 Q(z) can be realized in the control canonical form given by where ξ ∈ R ρ , φ d is determined from Q(z), and the matrices and vectors are given by Combining (4) and (5), and denoting g d = K and ψ d = −q d , we have (3).
The attack considered in this paper is constructed using the zero-dynamics of the system (3), namely, Now we explain the behavior of the system under ZDA (6). Suppose that the system is stabilized by a static output feedback controller given by u k = −L d y k . Precisely, the closedloop system that is obtained by applying a k = 0 and u k = −L d y k = −L d C d x k to the system (2) is asymptotically stable. This means that the matrix A d − B d L d C d is Schur. Since the systems (2) and (3) are equivalent, the closed-loop system is asymptotically stable. If the attack (6) is applied to the closed-loop system, then one has from (6) and (3) It is noted that this dynamics has the same system matrix as (7). Hence, from the Schur stability of the closed-loop system, it follows that there exist constant κ > 0 and |λ| < 1 such that and z 0 are initial conditions of corresponding variables, and this relation implies that η k approaches z k as k increases sinceη k converges to zero. Thus, the lethality of ZDA becomes obvious when S d is unstable (at least one of the eigenvalues of S d is located outside the unit circle), i.e., the system (2) is of non-minimum phase. Let λ us be an unstable eigenvalue of S d and v us = 0 be a corresponding eigenvector, i.e., S d v us = λ us v us . If the attack (6) is generated with z 0 = µv us , µ = 0, then z k = µλ k us v us and a k = − µ g d ψ d λ k us v us . Hence, as time goes by, η k approaches µλ k us v us and thus diverges. However, this cannot be observed by monitoring the output y k because y k depends only on ξ k which converges to zero. Therefore, for nonminimum phase systems, the internal variable η k becomes unbounded whenever z k is excited by unstable modes of S d , while y k converges to zero so that the intrusion of attack cannot be monitored from y k .
The preceding discussion established that the system (1) is vulnerable to ZDA if the sampled-data system has at least one unstable zero and only may think that if the original continuous-time system is of minimum phase, then the system is safe from ZDA. Unfortunately, this is not true because the sampled-data system may have unstable zeros appearing from the sampling procedure. In fact, when the continuoustime system (1) has a relative degree greater than two and the sampling time is sufficiently small, it is inevitable that the sampled-data system has unstable zero-dynamics because at least one of the sampling zeros lies outside the unit circle [14]. Hence, the networked control system is vulnerable to ZDA if the sampled-data system has unstable zeros that come from the unstable zero of the continuous-time system or those emerge from the sampling procedure. This is illustrated in the following example.
Example 1: In this example, we consider that a malicious attacker carries out ZDA to a sampled-data system whose continuous-time system is given by .
Suppose that ZOH and SS are used as sample and hold devices, and T s = 0.1. Then, the zero of the sampled-data system is z = 1.22, which comes from the unstable zero of the continuous-time system. In addition, the parameters for ZDA are g d = 0.08, ψ d = −0.13, and µ is chosen as 0.01. Fig. 2 shows the result of executing ZDA to the system. The attack is initiated at t = 2, and y(t) denotes the continuoustime output of the system and y k,SS denotes the sampled output of y(t) by SS. It can be clearly seen from Fig. 2 that y(t) diverges due to ZDA but, there is no significant change in y k,SS which is transmitted over network. Therefore, it is difficult for the control and monitoring system to recognize that the system is being attacked. This shows the stealthy nature of ZDA.
Example 2: Consider a two-mass system (see Fig. 3) taken from [13], where m 1 = m 2 = 1kg, k 1 = k 2 = 1N/m and   b 2 = 1Ns/m. We assume for the time being that a = 0. The transfer function from u to y becomes and it is noted that the system is of minimum phase (one zero at −1). However, since the relative degree is 3, the sampleddata system under ZOH and SS will become a non-minimum phase system for a sufficiently small sampling time. Fig. 4 shows how the zeros of the sampled-data system vary as T s changes. As T s decreases, z 1 moves out of the unit circle.
Let T s = 0.1s. Then, the zeros of the sampled-data system are z 1

B. EXISTING INTRUSION DETECTION AND DEFENSE STRATEGIES
To enhance security against ZDA, several strategies have been developed. [9] investigated how the system structure affects the stealthiness property of ZDA and proposed a strategy that involves the modification of system structure to reveal the attack. [12] introduced a modulation matrix in the input channel so that actual input gain matrix is hidden from hackers. An optimization based design is proposed and time-varying (periodic) modulation matrix is also considered. Although these approaches can reveal ZDA, they have a drawback that information on modification or modulation matrix should be hidden. Instead of modifying the internal structure, [15] proposed to use dual-rate control. The idea is to obtain a sufficiently large number of measurements during a single sampling interval and consider the collection of the measurements as a new output. They proved that the system with new output has no unstable zeros except 1. It is the main advantage that it is not necessary to hide any information from hackers. However, a large amount of information should be transmitted.
Recently, a new strategy employing the GH [14] has been introduced in [13]. They applied the fact that GH can change the system zeros [14], and suggested to shift all the zeros into the stable region so that the sampled-data system becomes of minimum phase, which makes ZDA ineffective. GH involves a function h g (t) so-called hold function that is defined as a piecewise continuous function. One candidate of hold function is a piecewise constant function given by where h i are constant gains and N is the number of subintervals. They presented optimal designs of hold function so that the difference between GH and ZOH is reduced as small as possible. Although it has several advantages over other strategies, this approach inherits one drawback of GH that undesirable intersample behaviors [14] can be induced. Common instances of the undesirable inter-sample behaviors are overshooting and undershooting of the continuous-time output [19]. The overshooting (or undershooting) between sampling times, a phenomenon in which the continuous-time output between consecutive sampled outputs fluctuates significantly, may bring system damage, such as wearing of a bearing, etc. The level of inter-sample behavior depends on the hold function that is closely related to the choice of desired zeros [14].

C. GENERALIZED SAMPLER
GS is basically a signal processing device that converts a continuous-time signal into a discrete-time sequence. We consider the GS introduced in [14], which can be represented by a linear system with an impulse response. By denoting the impulse response as h(t), the output of GS is given by wherey k is the output sample generated by GS. GS is naturally a generalization of SS (the one with h(t) = δ(t)). In [14], the author proposed two samplers by specifying the impulse responses of generalized samplers; Piecewise Constant GS (PCGS) and Sinusoidal GS (SGS). In addition, they showed that the PCGS and SGS can move the zeros with an example of a second-order integrator system. For further details, see [14].

III. WEIGHTED AVERAGING GENERALIZED SAMPLER AND ZERO ASSIGNMENT
In this section, we introduce a particular generalized sampler called weighted averaging generalized sampler with which the zeros of the sampled-data system can be placed at any desired locations. The proposed generalized sampler takes several measurements during one sampling interval and computes a weighted average. It will be seen that this special structure facilitates the design of generalized sampler from a given set of desired zeros.
To proceed, we would like to find a sampled-data system whose output isy k . Since the state vector x of the linear system (1) (with a(t) = 0 for simplicity) at time t, (k −1)T s ≤ t ≤ kT s , can be computed as Changing the variable τ =τ − (k − 1)T s results in and we can obtain, with i = N , From (11), we can compute the discrete-time transfer function from u k to y k as Note that the discrete-time transfer function (13) has an additional pole at the origin and this is becausey k is a function of x k−1 and u k−1 . It is also noted thatC d andD d contain the sampler weights w 1 , · · · , w N of GS which are design parameters. If the weights are chosen appropriately, it is expected that the numerator of the transfer function (13) can be chosen as desired. In fact, this is true under mild assumptions as can be seen in the next subsection.

B. ZERO ASSIGNMENT: FROM DESIRED ZEROS TO WEIGHTS
In this subsection, we first show that if the sampled-data system is controllable, the zeros of the system (11) (or (13)) can be placed at desired locations by adjusting the weights w 1 , · · · , w N and then present a design procedure how to determine the weights.
Let z d,1 , . . . , z d,n ∈ C be the desired zeros and k d is a highfrequency gain. Define, with q * (z) being monic, Then, we have the following result.
has full column rank. The weights are computed as where M † is the pseudo-inverse of M . Proof: LetḠ * d (z) = p * (z) q * (z) , and suppose that p * (z) and q * (z) are given by Then,Ḡ * d (z) can be realized in the control canonical form [20] given by [20]. Since the pair (A d , B d ) is controllable, this relation is equivalent tȏ C d C d = C con C con (17) where C d is the controllability matrix of (A d , B d ) and C con is that of (A con , B con ), namely,

It is obvious that
Since (A d , B d ) is controllable, we have from (17) thatC d = C con C con C −1 d . In addition, it is trivial to see thatD d = k d . Thus, the existence ofC d andD d is proved.
One can easily show the relation (15) by rewriting (12) as (18) which completes the proof.
From Lemma 1, we propose a design procedure for GS as follows.
Design Procedure 1: 1) Choose the number of subintervals N .

VOLUME 9, 2021
2) Choose n desired zeros z d,1 , z d,2 , . . . , z d,n and the gain k d . 3) ComputeC d = C con C con C −1 d andD d = k d . 4) The weights w 1 , . . . , w N are given by w Sometimes, it is desirable that w i = 1 to ensure that y k = y(kT s ) when y(t) is constant on ((k − 1)T s , kT s ]. In this case, solve (15) with k d = 1 and w replaced by w * , and then set k d = 1/( w * i ) and w = k d w * . Example 3: In this example, we would like to apply the developed zero assignment method to the two-mass system shown in Fig. 3 [13]. Following the design of GH proposed in [13] with the desired zeros z d,1 = e −T s , z d,2 = z d,3 = 0, we have a piecewise constant GH with the gain h = [20.89, −21.97, 3.14, 1.94] . Fig. 7

shows step responses of system; one with GH and SS, and the other with ZOH and GS. The response with GH shows a severe fluctuation in the signalÿ(t) (shown in red) between sampling instants. This phenomenon is typically observed when GH is used instead of ZOH because the continuoustime input u(t) during one sampling interval depends on the time-varying pattern of GH. On the contrary, for the case with GS, the inter-sample behavior is significantly improved (shown in blue) because u(t) is constant due to ZOH.
If the intrinsic zero is shifted by 0.002%, the signalÿ GH (t) fluctuates more severely (shown in Fig. 7a (right)). For the case with GS,ÿ GS (t) remains near the system output y(t) even if the intrinsic zero is shifted by 0.002% and 5% (shown in Fig. 7b).

IV. NEUTRALIZATION OF ZERO-DYNAMICS ATTACK VIA WEIGHTED AVERAGING GENERALIZED SAMPLER
As discussed in Section II-A, ZDA exploits the property that the unstable attack signal, that is constructed using unstable mode of the zero-dynamics, cannot be detected by monitoring the system output, i.e., ZDA is effective for non-minimum phase systems. Thus, if we can place all the zeros inside the unit circle, then zero-dynamics of new sampled-data system has stable zero-dynamics so that ZDA is not effective anymore. As described in Section III, GS can indeed do this, and thus it can be used as a promising security tool against ZDA.
The following result establishes that if we can design a GS so that the system with new outputy k becomes of minimum phase, then any diverging ZDA is detected by monitoring the signaly k .
Lemma 2: Suppose that the discrete-time system (2) with ZOH and SS is of non-minimum phase and asymptotically stable. Let a k be a ZDA designed for this system. If there exists a GS of the form (9) such that the transfer function (13) with the GS is of minimum phase, theny k can detect the ZDA. That is to say, the outputy k of the system (19) becomes unbounded as k goes to infinity. Proof: Lety(z) and a(z) be the z-Transform ofy k and a k , respectively. From the dynamics attack signal (6), one has where z 0 is the initial condition of attack dynamics. Then, from (14),y(z) becomes where p * (z) = (z−z d,1 ) · · · (z−z d,n ) with z d,1 , . . . , z d,n being the new zeros determined by the weights w 1 , . . . , w N of GS.
By assumption, all the zeros z d,1 , . . . , z d,n are located inside the unit circle, while at least one root of q a (z) is unstable (S d is unstable). If this root is denoted by p u , then, |p u | > 1 andy k contains a term cp k u , c = 0, which diverges. This completes the proof.
As a security tool, GS has several advantages over existing strategies. First, we do not need to hide key information such as the weights and the number sub-intervals. Indeed, suppose the hacker has full information on the system and GS. If a ZDA is constructed based on this information, the attack will converge to zero since the target sampled-data system has stable zero-dynamics. In the case that the hacker assumes that ZOH and SS are used and a ZDA is constructed using this information, then the zero-dynamics will be quite different from the real one, hence it will be detected by the new signals from GS. Second, there is no theoretical limit on the choice of zeros under mild conditions (see Lemma 1) and this is because the degree of freedom for the design of GS is quite large. It is noted that the approach by [15] guarantees that the lifted system has no unstable zero except 1, but they did not provide a zero assignment strategy. Third, as discussed in Example 3, the proposed approach does not induce violent inter-sample behavior that is a drawback of the GH based approach. It is also observed that the proposed approach is remarkably insensitive to the shift of intrinsic zeros compared to [13].
Remark 2: The proposed solution does not require any additional sensor to measure more state variables. This means that the system structure remains unchanged and this is in sharp contrast to the solutions such as [9], [12] that involve modification of system structure. Meanwhile, the approaches that modify system structure using additional sensors (or actuators) can change controllability and observability of a system, but this does not mean that the zeros can be assigned as desired. In this paper, we restrict ourselves that the system structure is fixed and would like to focus on the zero assignment. Clearly, combining the idea of modification of system structure and zero assignment is a very interesting future research topic.
In the next example, we illustrate that ZDA can be detected by using GS.
Example 4: Consider the system discussed in Example 3. The sampled-date system under ZOH and SS has unstable zero-dynamics. Using this information, a ZDA is constructed as shown in Fig. 8a. As can be seen from Fig. 8b, the sampled output y k,SS generated by SS still remains zero and the ZDA is not detected, while the continuous-time output diverges. Now we consider the case with GS that has been designed with the desired zeros chosen in Example 3. With this GS, the attack is clearly detected (Fig. 8b) because the sampled outputy k,Z d generated by GS also diverges.

V. OPTIMAL DESIGN OF WEIGHTED AVERAGING GENERALIZED SAMPLER
As shown in the previous section, we can assign zeros by employing GS and the weights are design parameters determined from the desired zeros. Although the location of zeros can be arbitrary, we consider the case where the desired zeros lie inside the unit disk so that the approach can be applied to develop a countermeasure against ZDA.
In this section, we develop an optimal design for the desired zeros that minimize the discrepancy between the output from SS (y k ) and that of GS (y k ). In addition, optimal designs considering the size of the weights are also covered. It is noted that the proposed designs are in fact solved by convex optimization tools [21].

A. OPTIMAL DESIGN MINIMIZING OUTPUT DEVIATION
We define the difference between the outputs from SS and GS by e k = y k −y k .
from which we propose an objective function given by .
Note that f (w) is a quadratic form with respect to w. Since f (w) is square of the induced 2-norm of the linear mapping from [u k−1 x k−1 ] to e k , it is a reasonable metric indicating how much the output of GS is different from that of SS. Obviously, simply taking w = [0, . . . , 0, 1] leads to f (w) = 0, and this gives e k = 0 for any pair of (x k−1 , u k−1 ).
With the objective function f (w), we now formulate a quadratic optimization problem with the constraint that the sampled-data system's zero-dynamics is Schur stable.
In order to reflect the stability of the zero-dynamics, we first rewrite p * (z) in terms of w. From (16), we have p * (z) = k d z n + (c n−1 + k d d n−1 )z n−1 + · · · + (c 1 + k d d 1 )z + c 0 + k d d 0 . The coefficients c 0 , . . . , c n−1 , and k d depend on w and can be obtained from the relations (17) and (18), i.e., c 0 · · · c n−1 = C con = wC d,N C d C −1 con =: w VOLUME 9, 2021 Applying the sufficient condition for Schur stability derived by [22], i.e., a polynomial α n z n +α n−1 z n−1 +· · ·+α 0 is Schur stable if n−1 i=0 |α i | ≤ |α n |, we arrive at a constraint for stable zero-dynamics given by where i is the ith column of C d,N C d C −1 con . The resulting optimization problem for the zero assignment problem is then described by (P.1) Note that the problem is not convex due to the inequality constraint. However, as described in the work by [13], we can obtain a practical solution by solving two convex optimization problems and take the one with smaller f (w); one with where is a small positive number. See [13] for more details.
Example 5: In this example, we continue Example 3 to illustrate that the GS obtained by solving the optimization problem (P.1) results in smaller output deviation compared to the one from the GS with pre-determined desired zeros. With = 10 −10 and N = 5, the convex optimization solver CVX [21] gives the optimal weight w P1 = [−8.57, 30.81, −36.94, 15.69, 0.00]. The corresponding zeros of the sampled-data system are e −Ts , −0.01, and −0.52 ± j0.82, which make the zero-dynamics Schur stable. Fig. 9 shows the system output y(t) and the signals obtained by GSs when the unit step input is applied to the sampled-data system. In the figure,y k,Z d denotes the output of GS, which is obtained by following Design Procedure 1 with the set of desired zeros Z d = {e −T s , 0, 0, 0}, andy k,P1 denotes that of the optimal GS for the problem (P.1).
It is clearly seen thaty k,P1 is closer to y k thany k,Z d . The values of the objective function for the cases are f (w Z d ) = 9.7 × 10 −3 and f (w P1 ) = 2.36 × 10 −6 , where w Z d denotes the sampling weight associated to Z d .

B. OPTIMAL DESIGN WITH REGULARIZATION
In practice, it is inevitable that the measured output of the system is contaminated by sensor noise. Since the new output y k is a weighted average of multiple measurements, large weights will amplify the measurement noise.
Motivated by this, we introduce a regularization term [23] to have new objective functionf (w) = f (w) + γ w 2 2 where γ > 0 is a scaling parameter. In addition, another constraint w1 N = 1, 1 N := [1 · · · 1] ∈ R N , is introduced to ensure Step response: continuous-time output y (t ), sampled outputy k,Z d obtained by GS with pre-determined zeros, sampled outputy k,P1 obtained by optimal GS from (P.1). that two signals generated by GS and SS are identical for the case of constant output.
Taking both the regularization term and the constraint for constant measurement into account, we have the second optimization problem as One may explicitly add a constraint concerning the size of w instead of including the regularization term in the cost function. Denoting the maximum allowable size of w 2 by δ > 0, we have Example 6: In this example, we investigate the effect of measurement noise on GS in terms of false alarm. For the system considered in previous examples, we assume that the measurement of GS is contaminated by noise v k,l , applied at t = kT s + lT s /N , k = 0, 1, . . . , l = 0, 1, . . . , N − 1, and that v k,l is zero-mean white Gaussian with variance R. We consider an attack detector employing GS, which decides whether the system is under attack or not. When the output of GS exceeds a threshold, it is determined that the system is under attack and an alarm is raised. Under this setting, we define a false alarm as a case that the output signal exceeds the threshold even though there is no attack, or that an attack is present but the output signal is within the threshold [24], [25]. Fig. 10a shows the effect of noise with R = 10 −5 for the system considered in Example 4 under a GS designed in that example. It is seen that several samples ofy k,Z d exceed the threshold although there is no attack, leading to a false alarm.  This is because large sampling weights of GS amplify the effect of noise. This undesirable situation can be avoided by the optimized design with regularization. Fig. 10b shows the sampled output from GS that is designed by solving (P.2). The parameter γ is chosen as 5.0 × 10 −4 and the optimal weights of GS are determined as w P2 = [2.11, −0.59, −2.05, −1.25, 2.78]. It is seen that the effect of noise is reduced so thaty k,P2 lies within the threshold before an attack is injected, and the attack is successfully detected. Table 1 shows the false alarm rate of each GS, which is examined through repeated simulations. In each simulation, we examine the situation for 5 seconds each, before and after the attack, and the number of false alarm is counted. This simulation repeats three times and the false alarm rate is defined as the ratio of false alarms to the total number of outputs collected over the entire simulation. Four GSs, the one obtained by Design Procedure 1 and the others from (P.1) to (P.3), are compared. The weights of GSs are denoted by w Z d , w P1 , w P2 , and w P3 , where the first two weights are those obtained in Examples 4 and 5, the third one obtained above in this example, and the last one, obtained by solving (P.3), is w P3 = [0.10, 2.59, −1.95, −4.31, 4.56] (δ is chosen as 50). As can be seen from Table 1, the false alarm rate is substantially decreased when the size of weight is included in the cost function or a constraint on the size is imposed. Example 7: In this example, we would like to illustrate that the regularization term added to the objective function can be used to reduce the effect of noise. We consider the case mentioned in Example 5 and assume that process noise and measurement noise, denoted by w k,l and v k,l , are added to the state and output at t = kT s + lT s /N , k = 0, 1, . . . , l = 0, 1, . . . , N − 1, where w k,l and v k,l are zero-mean white Gaussian with variance 0.1 I 4 and 10 −3 , respectively. Fig. 11 shows the output signals generated by four GSs used in the previous example wherey k,P3 is the output associated to w P3 , and y k,l denotes the system output at t = kTs + lT s /N corrupted with noise v k,l . One can observe from Fig. 11 that the impulse response of the system (y k,l ) is slightly different from the case without process noise (See Fig. 9). It can be observed that the effect of noise is substantially reduced in the signalsy k,P2 andy k,P3 compared to the signals y k,Z d andy k,P1 . It is mainly because the weights w Z d and w P1 are relatively very larger than w P2 and w P3 .

VI. CONCLUSION
A new countermeasure against the zero-dynamics attack has been proposed. It employs the generalized sampler, which takes a weighted average of inter-samples, instead of simple sampler that is frequently used in practice. Although this approach shares the same idea of zero assignment with the generalized hold based approach, the proposed strategy seems to be more effective since the unfavorable inter-sample behavior can be avoided. Compared to other approaches, the proposed idea does not need to hide information on the system and the generalized sampler, which is an additional benefit. Optimal designs for GS considering the output deviation and the effect of noise have been provided, and it is illustrated that the designs can be directly applied to neutralize the zero-dynamics attack.
We are currently working on a robust zero assignment problem that can allow system uncertainties and plan to conduct real experiments. Extension to MIMO systems and application to output feedback stabilization of non-minimum phase systems are also interesting future research topics. In addition, a study on establishing defense techniques for situations in which an attacker can modify both control input and feedback signals would also be a practical research topic. VOLUME 9, 2021