A Generalized Hold Based Countermeasure Against Zero-Dynamics Attack With Application to DC-DC Converter

Zero-dynamics attack (ZDA) is a model based cyber attack. It is stealthy in the sense that the existence of attack signal cannot be determined by monitoring the system output, and it is effective to systems that have unstable zero-dynamics. Several countermeasures against ZDA have been introduced, and the one employing the generalized hold (GH) is considered in this paper. The GH is a generalized version of zero-order hold that is commonly used in the digital control systems. In this paper, the lethality of ZDA and the effectiveness of GH as a countermeasure are demonstrated on a control system that involves a DC-DC converter. Through extensive simulations and experiments, the design of the proposed scheme is presented in detail and relevant practical issues are discussed.


I. INTRODUCTION
Monitoring and controlling geographically distributed systems are essential technologies in modern engineering, and one of key ingredients that enables these is the communication network. For example, utilities companies schedule and dispatch generation through communication between suppliers and users [1], and thousands of miles of pipelines have a lot of sensors and valves that need to be monitored and controlled coordinately [2]. Obviously, it is not possible to operate these systems without communication network. Despite the tremendous benefits, the presence of network makes the systems vulnerable to cyber attacks. Well known instances of cyber attacks include Stuxnet on Iranian nuclear facilities, massive blackouts at South American power plants, and cyber attacks on the Ukrainian power grid SCADA, [3]- [6], which results in social and economic losses [3], [7], [8].
The associate editor coordinating the review of this manuscript and approving it for publication was Tiago Cruz .
A number of cyber attacks have been reported in the literature, for example, false data injection attack [9], denial-ofservice (DoS) [10], zero-dynamics attack (ZDA) [11]; see the papers and references therein for details. Among these cyber attacks, ZDA gained plenty of attention in the control system society [11]- [19] and is considered in this paper. This attack exploits the zero-dynamics of the system, which describes the internal behavior of a system, in a way that the attack signal is constructed from a dynamics that is identical to the zero-dynamics of the given system. If the system has unstable zero-dynamics, then the attack signal will drive the internal state of the system unbounded while the presence of attack signal cannot be detected by monitoring the system output. In this respect, ZDA is classified as a stealthy actuator attack [12], [20]. It is noted that robust versions of ZDA for linear systems [21] and nonlinear systems [22] have been proposed, which do not require complete knowledge on the system dynamics and increased the threat of ZDA significantly.
Several countermeasures against ZDA have been reported in the literature. In [23], the authors proposed a modulation VOLUME 10, 2022 This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/ matrix based approach. This matrix can be regarded as an additional input gain that explains how the input affects the dynamics of the system, and this information is kept confidential. A time-varying modulation matrix was also introduced to increase the security. In [24], the authors presented a dual rate control scheme as a defense strategy against ZDA.
It was proposed to sample the system output at a higher rate than the control signal generated. Moreover, it has been shown that this can stabilize the zero-dynamics of the closedloop system. A countermeasure employing the generalized hold (GH) [25] was studied in [26]. This approach is motivated by the fact that if GH is used instead of the zero-order hold (ZOH), then the zeros of the sampled-data system can be assigned at any desired locations. As a solution to the security problem, the authors proposed a design procedure to place all the zeros inside the unit circle so that the modified system does not have any unstable zero, implying that ZDA is not effective anymore. Recently, an approach using the generalized sampler (GS) [25] was presented in [27] and [28]. In this approach, the sampler that samples the output at each sampling time is replaced by GS, which can be regarded as a filter that processes more samples between the sampling time. It is known that GS can also place the zeros at any desired locations and the same idea used in the work [26] is applied to develop a countermeasure against ZDA.
Literature containing experimental results on cyber attacks can be summarized as follows. In [29] and [12], the authors reported experimental results on several cyber attacks, such as replay attack, bias injection attack, and ZDA. The target system of the cyber attacks is a quadruple tank system controlled over a network, attracting considerable amount of attention to ZDA.
The authors in [14] proposed a detection (and defense) strategy based on multirate sampling, and demonstrated the strategy on a quadrotor system. In the experiment, it is shown that the proposed strategy can detect ZDA faster than single-rate detection method. In [30], the authors dealt with the zero sum attack which is one of the stealth attacks, and reported experimental results on DC microgrid.
In this paper, we are concerned with the security of DC-DC converters controlled through a communication network and it is motivated by the fact that remote control problem on this system is an active research topic [31]- [33]. Clearly, this system is also exposed to cyber attacks and we focus on ZDA. By conducting a laboratory-scale experiment, we show that a DC-DC converter controlled over a network can be vulnerable to ZDA. In addition, we propose a GH based countermeasure for the DC-DC converter, which enhances security against ZDA.
The contributions of the paper are summarized as follows.
• It is shown that a DC-DC converter controlled over a network can have unstable zeros and is therefore vulnerable to ZDA.
• The lethality of ZDA to the converter has been verified with a laboratory-scale experimental system. • A GH is designed considering the dynamics of DC-DC converter and it is experimentally verified that the GH-based defense strategy can neutralize (or detect) ZDA on the converter. The rest of the paper is organized as follows. Section II briefly summarizes ZDA and GH, and presents a design procedure for a particular class of GH. The DC-DC converter used in the paper is explained in Section III. Section IV describes how a ZDA can be designed and demonstrates through simulations that the attack is effective. In Section V, a countermeasure employing GH is designed for the DC-DC converter, and it is validated numerically. Section VI explains the attack and defense scenarios used in the experiments and presents the experimental results showing the effectiveness of the proposed scheme. Finally, we conclude and discuss future work in section VII.

II. PRELIMINARIES
A. ZERO-DYNAMICS ATTACK ON A NETWORKED CONTROL SYSTEM Consider a linear system given bẏ where x(t) ∈ R n is the state, u(t) ∈ R is the input, and y(t) ∈ R denotes the output. Suppose that the continuous-time system (1) is controlled remotely by a digital controller as shown in Fig. 1. The system and controller are connected by a communication network through which the plant output y(t) and control input u(t) are transmitted at each sampling time t = kT s , where T s > 0 is the sampling period. Based on the measurements, a control input is generated from the digital controller and transmitted to the system. In what follows, u k and y k stand for u(kT s ) and y(kT s ), respectively. The input is applied to the continuous-time system by using the hold device that converts the discrete-time control input into a continuous-time control input, i.e., u(t) := u k for kT s ≤ t < (k+1)T s . In this case, the sampled-data system of (1) becomes where The security problem under consideration is closely related to the internal dynamics of a system and this dynamics can be clearly identified once the system is rewritten in the Byrnes-Isidori normal form [34]. Precisely, there exists a coordinate transform η k ξ k = Tx k (3) which transforms the system (2) into the normal form given by where ρ is the relative degree of the system, η k ∈ R n−ρ and ξ k ∈ R ρ are vectors corresponding to the internal and external state of the system, respectively, and 0 n−ρ ∈ R n−ρ denotes the zero vector. In addition, and P d , S d , ψ d , φ d , and g d are the parameters that are uniquely determined by A d , B d , C d , and ρ. Let us explain the internal dynamics in more detail. Noting that the output y k depends only on the state ξ k , we can construct an input u k that results in a nontrivial behavior of η k while y k is identically zero. In fact, when ξ 0 = 0, the input u k = 1 meaning that the input completely decouples the dynamics of ξ k and η k and the behavior of η k cannot be observed from system output. The internal dynamics η k+1 = S d η k is called the zero-dynamics of the system since the eigenvalues of S d correspond to the zeros of the transfer function of (2) [34].
Suppose that A d is Schur stable and let η 0 and ξ 0 be the initial condition of the system. Then, from the fact thatÃ d is also Schur stable, it follows that, under zero input (u k = 0) there exist κ > 0 and |λ| < 1 such that and this property will be used shortly when we discuss the effect of ZDA. ZDA targets the networked control systems, exploiting vulnerability that arises from the presence of the network. Now, suppose that a malicious attacker can inject an attack signal into the input channel. Then, the system (1) under ZDA is given byẋ where a(t) ∈ R is the attack signal. Similar to (2), the sampled-data system of (5) becomes Assuming that the attacker has acquired the system parameters S d , g d , and ψ d , the ZDA is constructed as where ζ k ∈ R n−ρ is the state of the attack generator. Then, in the coordinates (η k , ξ k ) defined in (3), we have From the fact that the system matrix of η k -dynamics is identical to that of ζ k -dynamics, we have SinceÃ d is Schur stable by assumption, we have, under Above inequality implies that ξ k and η k − ζ k converge to zero as k increases, which explains the danger of ZDA. In fact, if S d has at least one unstable mode (S d may be unstable even if A d is stable), ζ k can be unbounded by (7), which results in that η k is also unbounded. Meanwhile, since y k depends only on ξ k , the divergence of the internal state cannot be observed from y k . It is emphasized that the stability of the zero-dynamics of the continuous-time system does not guarantee that the system is safe from ZDA. This is because of the fact that if a continuous-time system has a relative degree greater than 2 then the corresponding sampled-date system has at least one unstable zero for sufficiently small sampling period, and this zero is called the sampling zero [25].

B. GENERALIZED HOLD: A COUNTERMEASURE AGAINST ZERO-DYNAMICS ATTACK
In this subsection, we introduce GH as a countermeasure against ZDA. It is motivated by the fact that if a properly designed GH is used instead of ZOH, then the zeros of the new sampled-data system can be placed at any given desired locations.
Consider again the networked control system shown in Fig. 1. Since the controller (discrete-time system) and the system (continuous-time system) have different time domains, hold and sample devices are required, which operate as an analog-to-digital and a digital-to-analog converter, respectively.
In [25] and [35], the authors have introduced more general concept of a hold device known as GH. GH is a linear hold device with an impulse response h(t), and a sampled-data VOLUME 10, 2022 system with GH is given by Note that ZOH is a special case of GH in which impulse response is given by h g (t) = 1, t ∈ [0, T s ) and h g (t) = 0 otherwise. It is known that the zeros of (9) can be located arbitrarily by properly designing h g (t), and one can neutralize the ZDA by selecting the desired zeros inside the unit circle [26], [36].
We consider the piecewise constant GH [36] which can be implemented easily compared to general continuous ones. Suppose that the pair (A d , C d ) is observable, and let h g (t) be given by where N is the number of subintervals. During each subinterval, GH generates a continuous-time signal u(t) = h i u k as depicted in Fig. 2b.
The design of h g (t) is done by choosing the gains h i and this can be done as follows.
Design procedure 1. Choose N ≥ n and the desired zeros and obtain A ctr , B ctr , and C ctr . 3. Calculate the observability matrices O d of (A d , C d ) and O ctr of (A ctr , C ctr ) as

Find
The above design procedure constructively determines the gains for GH so that the transfer function of (9) becomes identical to G * d (z). See [26], [36] for more details.

III. DC-DC CONVERTER CONTROL SYSTEM: EXPERIMENTAL PLATFORM
The main objective of this paper is to demonstrate that systems that are controlled over a network are vulnerable to ZDA and a GH based countermeasure can protect the systems from ZDA. A DC-DC converter control system is chosen to validate the idea since it is widely used in various engineering systems and it is common to control this system using a digital controller which generates a control input and send it to the actuator through a network. Consider a power generation system shown in Fig. 3 in which a DC-DC converter controls the power flow between a generator and load, and the DC-DC converter is controlled by a digital controller. The controller produces a control input u k and sends it to the converter through a communication network, and a hold device generates a continuous-time input signal u(t). The continuous-time output of the system y(t) is sampled by a sampler, and it is transmitted to the controller for feedback. We suppose that an attacker with a malicious purpose can inject an attack signal a k so that the actual input signal transmitted to the hold device is u k + a k rather than u k , i.e., the actual input u(t) applied to the system will be generated from u k + a k .
In this paper, the cyber attack scenario described above is studied using a lab-scale control system. In what follows, we describe the components and explain mathematical models that are used to construct a ZDA and its countermeasure.

A. SYSTEM CONFIGURATION
The system shown in Fig. 4 is the experimental platform with which our theory is demonstrated. It consists of a power supply, converter, load, and a digital controller. The signal flow between components is described in Fig. 5a. The power supply (TPE-25010S, Toyotech Co., Ltd.) keeps the input voltage applied to the converter at 48 V. The converter (LM5170-Q1, Texas Instruments) outputs the current i c (t), which is generated by adding the currents from two channels (k c = 2 explains this). The maximum output current is 30 A when the control input is 0.75 V. Fig. 5b shows the structure of the converter. The converter consists of a compensator and a switching circuit, whose transfer functions are denoted by G COMP (s) and G CIR (s), respectively. It also has an error amplifier whose transconductance is denoted by k e (represented as a gain in the block diagram), and a current sense amplifier whose gain is k m .
The converter has a load that is represented by a resistorcapacitor circuit; see Fig. 5c. The input of the load is the output current of the converter, and the output of the load is the voltage across the capacitor C 3 , denoted by y(t). The load circuit can be interpreted as a case in which a capacitor C 1 , a resistor R 1 , and a battery [37] are connected in parallel.
A proportional-integral (PI) type controller is implemented in the micro-controller (TMS320F28335, Texas Instruments) and it regulates the error between the reference v ref (t) and the system output y k . The gains are given by k p = 3 and k i = 1. The controller sends the generated control input to the converter, and it receives the sampled output voltage y k through the network.

B. SYSTEM MODELING
Since the controller is a discrete-time system, hold and sample devices are required to interface the controller and plant. The input of the converter u(t) is generated by the hold device in the micro-controller. The sample device, which converts y(t) to y k , used in our experiments is a voltage sensor (AD7607, Analog Devices, ±10 V of measurement range). At each sampling time, the controller receives the measurement y k from this device.
In this subsection, we derive a mathematical model of the experimental platform shown in Fig. 4. We find transfer functions of the DC-DC converter and the load, and compare the step responses of the model and experimental system.
According to the manufacturer's document (LM5170-Q1 datasheet), the transfer functions of the compensator and the switching circuit of the converter (see Fig. 5b) are given by where a L, 3 The parameters are given by R 1 = 0.5 , R 2 = 1 , R 3 = 1 , C 1 = 739 µF, C 2 = 1 mF, C 3 = 1 mF. From (12) and (13) From the numerical values of the system, it is seen that the converter part is much faster than the load part. In fact, the poles of G CONV (s) are given by −1.56 × 10 6 and −3.73 × 10 4 ± j7.59 × 10 4 , while G LOAD (s) has poles at −4.63 × 10 3 , −2.16 × 10 3 , and −2.71 × 10 2 . Based on this observation, we approximate G CONV (s) as a constant g conv = G CONV (0) = 40, and obtain a simplified model G(s) ofḠ(s) as G(s) = g conv G LOAD (s).
The numerical models G(s) andḠ(s) are quite accurate in the sense that the step responses have little difference compared with that of experimental system. The step responses are shown in Fig. 6 and it is observed that the difference between the step responses ofḠ(s) and G(s) is less than To proceed, we obtain a sampled-data model of G(s). Suppose that ZOH is used as a hold device and T s = 0.8 ms. Then, we have where a d,2 = −1.01, a d, In this paper, we assume that the system is operating at u op = 0.375 V and y op = 7.5 V. Thus, the linear models G(s) andḠ(s) are obtained around this operating condition and the actual control input applied to the DC-DC converter is expressed as u(t) := u c (t) + u offset where u offset = 0.375 V corresponds to the input at the operating point and u c (t) is the control input generated by the hold device.

IV. ZERO-DYNAMICS ATTACK ON DC-DC CONVERTER
In this section, we consider a situation that an attacker injects ZDA to the control system shown in Fig. 4. The construction of attack signal is explained in detail and the effect of the attack is demonstrated by numerical simulations.
Suppose that G d (z) given in (15) is exposed to the attacker. Let D d (z) (assumed to be monic) and N d (z) be the denominator and numerator of G d (z), respectively, namely where Q d (z) = 0.73z − 1.62 and R d (z) = 2.82z + 0.13. We then rewrite G d (z) as , which can be regarded as the transfer function of a closed-loop system that is composed of two systems with transfer functions 1 Q d (z) and R d (z) N d (z) , as shown in Fig. 7.
We now realize the transfer functions R d (z) N d (z) and 1 Q d (z) in the state space as follows. First, the transfer function R d (z) is realized in the controllable canonical form, i.e., where η k ∈ R 2 is the state and ω k ∈ R is the output of the subsystem. It is noted that the eigenvalues of S d correspond to the zeros of N d (z) (equivalently G d (z)) and hence the dynamics of η with y k ≡ 0 is the zero-dynamics of G d (z). Meanwhile, one can realize 1 Q d (z) as ξ k+1 = 2.23ξ k + 1.37 e k = : φ d ξ k + g d e k y k = ξ k (18) where ξ k ∈ R is the state and e k := u k − ω k . Then, from (17) and (18), the transfer function G d (z) is realized in normal form given by Since S d has an unstable eigenvalue at −1.17, the system under consideration is vulnerable to ZDA in the sense that an attack generated by the dynamics (7) with any ζ 0 belonging to the eigenspace corresponding to an unstable eigenvalue of S d will drive η k unbounded while y k converges to zero due to stability of the system. The effect of ZDA is demonstrated by numerical simulations. In the simulation, we assume that the system has transfer functionḠ(s) and a ZDA is constructed using G(s). The DC-DC converter used in the experiment has an input limit (0 A to 0.75 A) and this is also considered in the simulation. In addition, a threshold of 0.1 V is set so that if the voltage deviation of the output voltage from its normal value (7.5 V) is greater than this threshold, then it is determined that an attack is present.
The attack that has been constructed from the approximate system model G(s) has two state variables and is applied to the system at T a = 0.04. The initial condition of ZDA is chosen as ζ 0 = −0.651 0.759 × 10 −8 . Fig. 8 shows the output behavior of the system under ZDA. Since S d has an unstable eigenvalue, the attack signal a k diverges as k increases, and the effect of the attack appears on the continuous-time output y(t). On the other hand, the sampled output y k resides within the normal region, which implies that the monitoring system cannot recognize that the system is under attack.
It is noted that the state of zero-dynamics does not diverge but oscillates and this is due to physical limitation on the  input signal. If there is no limit on the input, then the state of the zero-dynamics will diverge as is expected by the theory. Although bounded, the large oscillation in the state makes the output signal y(t) exceed the threshold and this undesirable oscillation may shorten the lifetime of the circuit or cause damage and thus can be a target of malicious attack.

V. GENERALIZED HOLD FOR DC-DC CONVERTER
In this section, we design a GH for a DC-DC converter system and demonstrate that GH can improve security against ZDA. As explained in Section II-B, the main idea is to relocate all the zeros inside the unit circle so that the attack signal based on the new zero-dynamics converges to zero posing little threat to the system.
We follow the design procedure described in Section II-B to design a GH. In step 1, we choose N = 4, z d,1 = −0.6, and z d,2 = 0. Then,G * d becomes whereb d,1 = −z d, 1 . In step 2, we realizeG * d in controllable canonical form as In step 3, we compute B g = O −1 d O ctr B ctr to have B g = 1 1.89 × 10 3 −3.78 × 10 6 . In step 4, we compute the VOLUME 10, 2022   Fig. 9 represents the zeros of the sampled-data system with ZOH and GH, respectively. The circles denote the zeros of the systems. As can be seen in the figure, one of the zeros of G(s) with ZOH is located outside of the unit circle. Whereas all the zeros of G(s) with GH are inside the unit circle, which implies that ZDA has little or no influence. We note that the proposed GH has robustness against plant uncertainty in the sense that although it is designed for the approximated model G(s), it also places all the zeros ofḠ(s) inside the unit circle as shown in Fig. 9. Fig. 10 shows the response of the systemḠ(s) under ZDA when the proposed GH is used instead of ZOH. The attack is constructed based on the zero-dynamics of G * d (z). As can be seen from the response, the ZDA has little effect on the FIGURE 11. Output of a system using generalized hold under zero-dynamics attack based on the zero-dynamics of a system G(s) using zero-order hold.
system and this is because the attack is based on a stable zero-dynamics and thus converges to zero asymptotically.
If the attacker insists on injecting ZDA using the unstable zero-dynamics (that of the case using ZOH), this can be recognized by the monitoring system. Fig. 11 illustrates this situation. Since the dynamics of the attack signal is no longer the same as that of the target, the effect of ZDA appears on the output so that the monitoring system can take appropriate action to protect the system.

VI. EXPERIMENTAL RESULT
This section presents the experimental results for the control system shown in Fig. 4. We consider the situation in which the system is stabilized by a PI controller that is implemented in a micro-controller. The proportional and integral gains of the controller are chosen as k p = 3 and k i = 1, respectively. In addition, as described in Section III-B, the values corresponding to the operating condition are given by u offset = 0.375 V and y op = 7.5 V. The sampling time is given by T s = 0.8 ms. The output measured by an oscilloscope is denoted by y(t) and the attack is initiated at T a = 0.04 s.
Under this configuration, we consider the following scenarios for experiment.
• Scenario 2: injecting GH based ZDA into the system with GH.
• Scenario 3: injecting ZOH based ZDA into the system with GH.
A. SCENARIO 1 In the first scenario, we consider a situation that an attacker injects ZDA to the system that has ZOH as the hold device.
The system is vulnerable to ZDA because zero-dynamics of the system is unstable. The parameters and initial value ζ 0 of ZDA are chosen as the same values given in Section IV. Fig. 12a shows the input signal (u c (t)+u offset +a(t)) applied to the converter. Before the attack is injected, a constant voltage (u offset , operating condition) and control input u c (t) are applied to the converter. After t = T a , it can be seen that the input voltage is affected as the attack increases. Due to the input constraints, the actual input applied to the converter u(t) FIGURE 12. System behavior under a stealthy attack: the system has zero-order hold in the input side and the zero-dynamics attack is constructed from G(s) with zero-order hold, i.e. from (15) or (17).
is saturated and oscillates within the input constraint range (0 V to 0.75 V).
The output current of the converter i c (t) (see Fig. 5) measured with an oscilloscope is shown in Fig. 12b. Since the input applied to the converter oscillates under the effect of an attack, it can be seen that the output of the converter also oscillates in proportion. Fig. 12c shows the system outputs y(t) and y k . The signal y(t) is measured using an oscilloscope and can be regarded as the continuous-time signal, while y k is measured every sampling period T s using a voltage sensor. Due to the effect of ZDA, the continuous-time output y(t) of the system oscillates over time, but the discrete-time output y k does not exceed the threshold, so it is difficult to recognize that the system is under attack by remote monitoring.

B. SCENARIO 2
Suppose a GH, instead of ZOH, is used as a hold device. If the GH is designed so that the zero-dynamics of the new FIGURE 13. Neutralization of zero-dynamics attack under generalized hold: zero-dynamics attack is constructed from G(s) with generalized hold whose zero-dynamics is stable and converges to zero. sampled-data system is stable, then the ZDA based on this new zero-dynamics converges to zero asymptotically, meaning that it has no or little effect on the system. The hold gain h is set to (23) and ζ 0 = −0.858 0.515 × 10 −8 . The attack is generated by using the zero-dynamics of the system with GH, and the parameters are given by S d,GH = 0 1 0 −0.6 , ψ d,GH = 3.53 × 10 −3 −1.13 , g d,GH = 1.45 × 10 −9 . Fig. 13 shows the experimental result for this scenario. The initial condition ζ 0 is chosen similarly to Scenario 1, but the initial value of a k is larger than Scenario 1 because the gain 1 g d is large so that the effect of ZDA appears immediately. However, the attack signal converges to zero eventually since the zero-dynamics is stable. C. SCENARIO 3 In the last scenario, we consider the case where the attacker is unaware of the existence of GH and apply the ZDA that VOLUME 10, 2022 FIGURE 14. Detection of zero-dynamics attack: the attack is based on the unstable zero-dynamics considered in Scenario 1, while the actual zero-dynamics under generalized hold is stable.
is used in Scenario 1. If the system with GH has stable zerodynamics, then the unstable attack will be clearly detected by monitoring the sampled output. Fig. 14 demonstrates the detection of the unstable ZDA when GH is employed. The hold gain h for GH is chosen as (23), and the parameters for ZDA are the same as in Scenario 1. It is clearly seen that unlike Scenario 1, the sampled output y k oscillates outside the threshold and hence the presence of attack can be detected by the monitoring system and actions to protect the system can be initiated.

VII. CONCLUSION
In this paper, we consider the security problem of DC-DC converter which is widely used in many applications. It is shown that even if the continuous-time system has stable zero-dynamics, the zero-dynamics of the sampled-data system can be unstable when ZOH is employed, which implies that the system is vulnerable to ZDA. The effect of ZDA is then demonstrated by simulations and experiments. In order to protect the system from ZDA, a countermeasure employing GH is introduced. Considering both situations where the attacker knows the presence of GH or not, it has been experimentally verified that this stealthy attack can be effectively neutralized or detected using GH. As a future research topic, we plan to study the zero assignment problem that is robust to system uncertainty. In addition, the study of defense techniques considering nonlinear systems will be an interesting research topic. Group, Electrical and Electronic Engineering, Imperial College London, U.K. He is currently a Professor with the School of Robotics, Kwangwoon University, Seoul. His research interests include nonlinear control, estimation, multi-agent systems, and their applications to renewable energy systems, vehicle control systems, and robotics. He is an Associate Editor of the Systems and Control Letters and IEEE CONTROL SYSTEMS LETTERS. VOLUME 10, 2022