Event-Triggered Resilient Consensus for Multi-Agent Networks Under Deception Attacks

In this paper, a novel distributed algorithm derived from the event-triggered strategy is proposed for achieving resilient consensus of multi-agent networks (MANs) under deception attacks. These malicious deception attacks are intended to interfere with the communication channel causing periods in time at which the sending information among nodes is modified. In particular, we develop an event-triggered update rule which can mitigate the influence of the attackers and at the same time reduce the computing and communication consumption. Each node chooses the instances to update its state information by checking whether its neighbor set meets a given cardinality-dependent function or not. With specified prerequisite on the coupling weights and the sampling period, the consensus achievement of the MANs is independent of the deception attacks, but strictly depends on the robustness of the interconnection topology. Simulation examples are finally given to illustrate the efficacy of the theoretical results.


I. INTRODUCTION
Consensus problem is widely recognized as one of the most fundamental problems in coordinated control of multi-agent networks (MANs), which means that the states of a group of agents reach an agreement based only on local information. It is the necessary prerequisite for the correctness of other collective behaviors in MANs, such as flocking, formation, and distributed optimization. For this reason, a number of papers devoted to designing consensus algorithms in various scenarios have appeared during the past decade (e.g., [1]- [5]).
Unfortunately, most of the works on consensus problem are obtained based on the assumption that the MANs are working in a secure environment and hence these consensus schemes are easily disrupted by adversarial behavior. Since there is an increasingly usage of MANs in life or mission critical applications (e.g., [6], [7]), this gives a strong motivation to design and analyze secure consensus algorithms which can be robust to cyber-attacks. However, due to the inherent limitations in the communication and computing The associate editor coordinating the review of this manuscript and approving it for publication was Fangfei Li . resources available to the agents, existing computer security protection schemes (e.g., cryptographic techniques [8] and attack detection and identification techniques [9]) cannot be directly applied in MANs. Early in [10], a resilient consensus protocol was constructed for a system with fail-stop nodes. The design method therein follows from the classic probabilistic model and needs to possess a certain number of correct nodes. The work [11] explored the consensus problem for MANs with adversaries, but assumes that the network is complete. In [12], the authors analyzed the security performance of MANs under data falsification attacks, and proposed a robust distributed weighted average consensus algorithm. For systems with integrator type high-order dynamics, Feng et al. [13] proposed sufficient conditions to achieve secure consensus tracking control. Resilient consensus analysis for MANs of discrete-and continuous-time dynamics was addressed respectively in [14], [15]. The results have been later generalized to the case of switched MANs composed of discrete-and continuous-time subsystems [16]. In [17], random attacks on communication topology were considered when designing a distributed secure consensus controller. Combining the ideas of distributed algorithm and iterative VOLUME 8, 2020 This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/ learning control, a resilient finite-time consensus protocol for MANs was obtained in [18]. More recently, a class of computationally efficient resilient consensus protocols based on the Mean-Subsequence-Reduced (MSR) algorithm have been proposed in [19]- [22]. In these MSR-type algorithms, each non-fault node in the network does not need to identify the faulty nodes among the system and only executes a local filtering algorithm to eliminate potential misbehavior. Since such algorithms have lightweight computation and require no information on overall network topology, they are inherently suitable for large-scale distributed networks.
Recently, there have been a growing number of research results on event-triggered control whose aim is to reduce the computation and communication burden while ensuring satisfactory system performance. Inspired by this idea, a plenty of notable results on event-triggered consensus schemes for MANs have been derived in the literature. Robust consensus analysis for event-triggered control of continuous-time firstorder and second-order MANs was addressed respectively in [23], [24]. Finite-time consensus for a class of MANs with single integrator dynamics and scalar states was investigated in [25] by using a novel distributed event-triggered control approach. Specifically, in [26], the authors propose two event-triggered distributed time synchronization schemes from the viewpoint of multi-agent consensus, and show that synchronization can be achieved with less communication at guaranteed precision. Compared to static event-triggered methods, a dynamic event-triggered protocol was designed in [27], which can adaptively adjust the event-triggered function and thus may reduce the triggering times significantly. More details about event-triggered multi-agent consensus problems can be found in the recent survey paper [28].
However, most existing event-triggered schemes may also fail to work when a subset of nodes or communication links in the network is compromised by attacker. So far, only few papers address the event-triggered consensus control in MANs with cyber-attacks. Wang and Ishii [22] explored the resilient consensus of discrete-time MANs in the presence of malicious nodes in networks with directed topologies. By assuming that the maximum number of malicious nodes in the network is known, they propose two event-triggered consensus protocols for the updates of the non-faulty nodes. The authors in [29] investigated the event-triggered consensus problem of nonlinear MANs under denial-of-service (DoS) attacks, but assume the information of DoS attacks can be detected. In [30], an event-triggered strategy was adopted for distributed state estimation of nonlinear systems against DoS attacks. Besides, an event-based secure control for leader-following consensus was reported in [31], considering MANs with replay attacks and DoS attacks. The authors in [32] also studied the leader-following consensus problem in the presence of DoS attacks with event/selftriggered control schemes. In comparison with DoS attacks in [29]- [32], which interrupt information flow among the agents, deception attacks that compromise the integrity of data packets, can conduct more malicious manipulations on the whole consensus process.

A. STATEMENT OF CONTRIBUTIONS
In this paper, we first characterize the negative effect of deception attacks on the distributed multi-agent consensus process, and then quantify the resilience of the systems against such attacks using the concept of network robustness. Compared with most of the existing works which consider event-based consensus problems for continuous-time systems that need the triggering condition to be checked continuously at all times, a discrete-time system is carried out in this paper and the event condition is only required to be examined when a new neighboring message received which consumes much less computation resources.
Specifically, the main contributions of this paper can be highlighted as follows.
1) From the perspective of control theory, we characterize the effect of deception attacks on the performance of the distributed consensus algorithms for MANs. Moreover, based on the natural assumption that deception attacks are restricted in terms of attacker's capacity, we establish the corresponding mathematical attack model. 2) Under the attack model, an event-triggered control law is designed for realizing the resilient consensus of MAN, as well as an important discriminant value for each agent. 3) An explicit analysis of the attack model and network robustness is provided, as well as some sufficient conditions for the designed protocol, which guarantee that all the agents can achieve consensus in the presence of attackers. 4) Different from identifying and isolating the attacks in [17], [29], this paper studies lightweight attack-tolerant control strategy, which is suitable for large-scale distributed MANs with limited resources. Experimental results are presented to verify the effectiveness of our proposed methods. The remainder of this paper is organized as follows.
In Section II, we present preliminaries on graph theory and attack behaviors in MANs, and then formulate the problem. The design procedure of the secure event-triggered consensus scheme and the main results are shown in Section III. We give simulation results in Section IV to illustrate and verify the main results presented in this paper, and conclude in Section V.
Notations: In our development, the symbols N, R and R + denote the set of natural, real, and positive real numbers, respectively. Let A and B be two sets, then |A| is the cardinality of set A and we denote by A ∪ B, A ∩ B and A\B the union, intersection and difference of the sets. a b denotes that the number b is far larger than a.

II. PRELIMINARIES AND PROBLEM FORMULATION
In this section, first some basic concepts in the graph theory and attack models that will be used throughout the paper are reviewed, then the problem to be considered is formulated.

A. GRAPH THEORY AND NETWORK ROBUSTNESS
Here we collect some basic concepts about graphs, and one can find further details in [33].
A directed graph (digraph for short) is a triple D = (V, E, A) consisting of a set of nodes (or vertices) V = {1, 2, . . . , n}, a set of edges E = V × V, and an adjacency which means that the node j can obtain information from the node i, and node i and j are said to be neighbors. Assume a ij > 0 ⇔ e ji ∈ E and a ij = 0 otherwise, and a ii = 0 for all i ∈ {1, 2, . . . , n}. The in-neighbors, or just neighbors, of node i are denoted by the Likewise, the out-neighbors of node i are denoted by the sets N out Before proceeding further, we introduce a graph property known as network robustness, which was proposed in [34], and later studied in [19], [21], [35].
Definition 1 (r-Reachable Set [34]): For a digraph D, the subset S of the node set V is said to be r-reachable if there exists a node that has at least r in-neighbours outside its own set S, where r ∈ N.
Definition 2 (r-Robust Graph [34]): {V, E} is said to be r-robust, with r ∈ N, if for every pair of nonempty, disjoint subsets S 1 , S 2 ⊂ V, at least one of the subsets satisfies r-reachable.
For the better description of the topology conditions for networks, we introduce two new concepts extended from the above definitions.
E} is said to be extra robust if for every pair of nonempty, disjoint subsets S 1 , S 2 ⊂ V, at least one of the subsets satisfies extra reachable.
In Fig. 1, we display one example graph with 4 nodes. One can check by Definitions 1-4 that the graph has enough connectivity to be 2-robust and extra robust.

B. THE ATTACK BEHAVIORS OF ADVERSARIES
Typically, there are two major types of attack behaviors that have been widely discussed in the networked control literature: disruption attacks (also known as DoS attacks [29], [36] or jamming attacks [37]) and deception attacks (or false data injection attacks [12], [38], [39]). In particular, we have to mention the deception attacks, which refer to the possibility of compromising the integrity of packets. It is shown that the deception attacks may be undetectable if the attacker launches attack sequences strategically [40]. Owing to the openness of MANs, false data can be injected into the exchanging state information among agents by the adversaries. Under this situation, the designed consensus algorithm may not work correctly, leading to the failure of the overall system.
In this paper, we consider the case where the communication channels among neighboring nodes are suffering from deception attacks, i.e., attack spreads through links of a network. In this setting, a mathematical model for a deception attack on communication link from node j to node i at time k can be presented as where x a j (k) is the false information injected by a deception attack, and p ij (k) is the decision variable of attack acting on the directed communication channel from node j to node i, which is given by The attacker' objective is to designedly disrupt consensus process of the network via false data injection attacks. Assume x a j (k) is arbitrary bounded real number. Then from (1) one can find that the compromised state valuex j can be equal to any arbitrary value that the attacker wants through its carefully designed value x a j . It is quite clear that no consensus among the nodes can be achieved without any constraint on the attacker's action, thus it is necessary to restrict the amount of such compromised links. For the problem of considering the range of attacks, there are two attack distribution models which have been widely used in the existing multi-agent consensus results [16], [19], [20], [34], [35]: • F-global model. Under this model, the total number of compromised links in the graph is upper bounded by the number F ∈ N.
• F-local model. Under this model, there are up to F ∈ N compromised links in the neighborhood of every node in the graph. Considering the limited capacity of the attacker, we assume it can compromise up to F in-neighboring links of each node at one time. This is a commonplace assumption in the literature [13], [41], [42]. Therefore, we can properly adopt the F-local attack distribution model in this work. Based on this assumption, we obtain the following constraint condition VOLUME 8, 2020 for parameter p ij (k), where F is a known finite positive number, which relates to the network topology as well as the attack model. Remark 5: Notice that F-global attack model is in fact a special case of F-local model, and thus any resilience guarantees that hold for the latter model will also apply to the former model.

C. SYSTEM MODEL
Consider a distributed discrete-time MAN consisting of n agents, whose dynamics are described by where T ∈ R + is the sample period, x i (kT ) ∈ R is the state value of agent i and u i (kT ) is the control input to be designed later. To simplify the notations, we replace all ''(kT )'' with ''(k)'' whenever no confusion would arise.
Concerning the cyber-attacks in MANs, the concept of resilient consensus has been extensively studied in the recent years [16], [19], [21], [22]. A major feature of resilient consensus is that it can effectively mitigate the influence of malicious attacks and guarantees the system achieves consensus to a value that lies in a so-called safety interval.
To be convenient, let us define Note that by the above definitions, x min (k) and x max (k) represent the smallest and largest states among the nodes at time step k, respectively. Then, we define the resilient consensus problem for the system (3) under attacks as follow. Definition 6 (Resilient Consensus): Given any initial conditions, we say the nodes of a MAN in the presence of malicious attacks have reached a resilient consensus if for any initial conditions, we have and The purpose of this paper is to design an effective event-triggered consensus control strategy such that the system (3) can achieve resilient consensus defined by Definition 6 in the presence of deception attacks.

A. ALGORITHM DESIGN
Before giving our event-triggered control algorithm, we make the following assumptions.
Assumption 8: Nodes in the network transmit their state information over the channel with a communication delay i, where 0 < i T , i ∈ V, and for all i = j, i = j, i.e., the messages received by node i from all its in-neighbors in the sampling interval [kT , kT + T ) are asynchronous.
In our scheme, each node i ∈ V needs to construct a detector to determine its own update moments. More specifically, node i receives a state value x j (kT + j) from one of its neighbors, and instantaneously records this value in the memory. The triggering condition is where N in i,k (t) is the in-neighboring set of i at time step k, and F is the upper limit of number of compromised links among i' adjacent nodes. Note that the threshold depends on the upper limit number F. An event for node i is triggered as soon as the condition in (7) is satisfied, resulting in node i updating its state for the next time step. This triggering condition is easy to determine, and each node in the network is only required to be aware of the number of its neighbors.
Specifically, suppose that the deception attacks are restricted to form an F-local set, where F ∈ N. The nodes do not need to know which (if any) of their incoming communication links are compromised which makes this suitable for saving distributed computational resources. At each time-step k, node i ∈ V performs the following actions in parallel with the other nodes: 1) Node i collects the state values {x j (k), j ∈ N in i (k)} of its in-neighbors. 2) Once the triggering condition (7) is satisfied, node i simply stops collecting new values and starts to re-label the nodes in N in i,k (t) as j 1 , j 2 , . . . , j 2F+1 according to their states from largest to smallest, that is, 3) Letx j (k) denote the (F + 1)-th node' value in N in i,k (t), i.e.,x j (k) = x j F+1 . Then node i applies the following control law where φ ij > 0 denotes the coupling weight chosen from any finite set. With (8), the closed form of the system (3) is It should be noted that the identities of the neighboring nodes need not be known to the nodes in this paper and are used only for the analysis.
From the above description of our algorithm, we can observe that node i only uses 2F + 1 values received from its neighbouring nodes in each time step k. The computational complexity of (7)-(9) is clearly O(|N in i,k |) for each node i. We reduce the computational complexity of previous resilient consensus algorithms [11], [14], [15], [19], [21] by adopting an event-triggered function.
The attackers do not want the system to reach a consensus or intend to let the system agree on an critical value which beyond the safety interval [x min (0), x max (0)], thus they will inject some false information that one can imagine into compromised links to achieve their purpose during the whole consensus process.
Our proposed algorithm mitigates the misbehavior of deception attacks by just choosing only one neighbor's information for each node to update its own state. With a sufficient number of neighboring nodes, our algorithm can adaptively eliminate the extreme values so that the false information is eventually isolated from the network.
Remark 9: With the help of the event-triggered update mechanism, we can find that there are fewer neighbor nodes that exchange information in each sampling period. Therefore, the resilience of our algorithm comes at the expense of lower computation, communication and memory costs in comparison with the existing resilient consensus algorithms [6], [13]- [15], [19], [22]. And thus it is more suitable for large-scale interconnected MANs with limited resources.
Remark 10: In our algorithm, we have relatively few requirements for any single node, that is, each node in the network knows nothing but a priori the maximum number F of compromised incoming links in its neighborhood.

B. MAIN RESULTS
We assume that the following prerequisite about the coupling weights and the sampling period of the system are satisfied: Prerequisite 11: α < T φ ij a ij < 1, 0 < α < 1, ∀j ∈ N in i . Based on Definition 2, the following lemma is readily obtained.
Lemma 12: For an r-robust digraph D, one has |N in i | ≥ r, ∀i ∈ V.
Theorem 13: Consider a digraph D with an F-local set of compromised links. If each node updates its state value according to update rule (9), and there are at least 2F + 1 in-neighbors in each node' neighborhood, i.e., |N in i | ≥ 2F + 1. Then with Prerequisite 11, we have Proof: Since there are at least 2F + 1 in-neighbors in each node' neighborhood, so the trigger condition (7) in control law can be guaranteed, which will keep the node's update process running. By the definitions of x min [k], x max [k] and F-local attack distribution model, each node in the network will receive at most F values outside the interval [x min (k), x max (k)] at each time step k. And it also means that such node will receive at least F + 1 values inside the interval [x min (k), x max (k)]. Then by using control protocol (8), it is clear that no nodes will adopt a value outside [x min (k), x max (k)] at each time-step.
With Prerequisite 11, the update rule (9) is a convex combination of node i's own value and the (F + 1)-th node' value in N in i,k (t), which implies that both x max (k) and x min (k) are monotone and bounded functions of k.
Then follow the update rule (9), we have where κ = T φ ij a ij ∈ (0, 1) based on Prerequisite 11. As a result, we have x max (k + 1) ≤ x max (k). Similarly, we can use the same method to prove that x min (k + 1) ≥ x min (k), which is omitted here for brevity.
Iterating, we obtain for any k, which concludes the proof. Theorem 13 shows that if the nodes in the network have a sufficient number of neighbors, the states of all agents under the proposed distributed control law are guaranteed to be within a so-called safety interval determined by the initial conditions. Now, we are in a position to present some sufficient consensus conditions for the MANs with deception attacks.
Theorem 14: Consider a network D = {V, E, A} with an F-local set of compromised links, and let Assumptions 7 and 8 hold. Suppose the communication graph D satisfies an extra robust graph, and that the system (3) evolves under the control law (8) triggered by the event condition (7). Then, the whole group of agents can achieve resilient consensus.
Proof: By Lemma 12 and Assumptions 7, we know that each node in D has at least 2F + 1 in-neighbors. Then according to Theorem 13, we know that x min (k) and x max (k) defined in (4) are monotone functions of k and thus both of these two functions have a limited value. For the ease of notation, let us denote them byx min andx max , respectively. It is clear that ifx min =x max , the consensus is achieved for all nodes. We prove this by contradiction. Assume this is not the case, i.e.,x min =x max . Remember thatx min <x max as defined in (4). From this, we further define a constant 0 > 0 such thatx min + 0 <x max − 0 .
At the same time, given a sequence { i } of positive numbers, we define the sets, Now one can choose a sufficiently small quantity < α n 1−α n 0 and note that this is smaller than 0 . Then from the definition of convergence, we know that there exists a time-step k such that for any k ≥ k , x max (k) <x max + and x min (k) > x min − . Now we consider the sets X M (k , 0 ) and X m (k , 0 ). It follows from the definition of 0 that the sets X M (k , 0 ) and X m (k , 0 ) are disjoint.
Since the communication topology of the network is extra robust, we know that there is at least one node in either X M (k , 0 ) or X m (k , 0 ) (or both) is extra reachable, i.e., the number of its neighbors from outside are more than the number of its neighbors from inside. For definiteness, let us say, for example, that node i ∈ X M (k , 0 ) is extra reachable.
By Lemma 12, we know that node i has at least 2F + 1 inneighbors, which ensures the triggering of its status update by the detector (7). Then by update rule (9),x j (k ) from (8) will choose a value of its neighbor from outside X M (k , 0 ). By definition, an upper bound on the value of this neighbor from outside X M (k , 0 ) isx max − 0 .
From (9), we see that the value of i at the next time-step is a convex combination of its own value andx j (k ), and each coefficient in the combination is lower bounded by α. Since the largest possible state value that i may have at time-step k is x max (k ), placing the largest possible weight 1 − α on x max (k ) in (9), we have Similarly, let us consider the case that node i in set X m (k , 0 ) is extra reachable. By applying the same analysis as in case i ∈ X M (k , 0 ), we get that Then let us further consider the sets X M (k + 1, 1 ) and X m (k + 1, 1 ). According to the previous analysis, we know that there either exists at least one node in X M (k , 0 ) whose value will be less thanx max − 1 at time step k + 1, or one node in X m (k , 0 ) whose value will be large thanx min + 1 at time step k + 1. Therefore, from the definition of X M (k + 1, 1 ) and X m (k + 1, 1 ), we have either |X M (k + 1, 1 )| < |X M (k , 0 )| or |X m (k + 1, 1 )| < |X m (k , 0 )|. Note that 1 < 0 , which guarantees that X M (k + 1, 1 ) and X m (k + 1, 1 ) are still disjoint.
We continue in this manner by defining s = α s−1 − (1 − α) , s ≥ 1. It is easy to verify that s < s−1 . Recursively extending the previous analysis to s steps, where s ≤ n, one can find that for X M (k + s, s ) and X m (k + s, s ), at least one of them will be empty.
If X M (k + s, s ) = ∅, then from the definition of X M (k + s, s ), we have Similarly, when X m (k + s, s ) = ∅, we have x i (k + s) ≥x min + s . Now we will arrive at a contradiction that the largest value monotonically converges tox max or that the smallest value monotonically converges tox min with the aid of the condition s > 0. We will show this must be the case. Recall that < α n 1−α n 0 and 0 < α < 1 by the definitions, we have Thus, we get a contradiction. This implies that 0 must be 0, namely,x max =x min , which concludes the proof.

IV. SIMULATION EXAMPLE
In this section, we present one simulation example to illustrate our results. Simulation experiments have been performed with MATLAB.
To illustrate the performance of the designed control law, let us consider a MAN consisting of 6 agents, whose interaction topology is modelled by a digraph with 6 nodes and 22 links (see Fig. 1). In Fig. 1, arrows indicate the direction of communication links and red solid lines indicate the compromised links which convey the false data injected by the attacker. The initial state of agents are selected randomly as x(0) = col (15,8,4, −1, −7, −12). For simplicity, the adjacency matrix is selected as a binary matrix, whose element is either 1 or 0, and the coupling weight matrix = [φ ij ] is chosen as Then, by appropriately choosing sampling time T = 0.5s, one can check that T φ ij a ij < 1, ∀j ∈ N i , which meets Prerequisite 11. Suppose that the links (1, 3), (1, 6), (2,4), (3,2), (3,5), (5,1) are compromised by deception attacks. Let us select the following false information x a j (k):  where the adversary's goal is to drive the system' trajectory to a repetitive oscillation. One also notices that it satisfies the deploy requirements of 1-local attack model. As stated in Definitions 2 and 4, it can be verified that the digraph in Fig. 1 satisfies both 3-robust and extra robust, indicating that up to one compromised links can be tolerated by our scheme with F = 1. Fig. 3 shows the state trajectories of the system equipped with a standard linear consensus protocol (LCP) [1]. Without any security strategy, the LCP algorithm is very vulnerable to attacks, and hence we can see from the figure that the adversary is able to make the state values of all agents constantly oscillate, just by intentionally injecting the above false information x a j (k) into these compromised links. The safe boundary values (black dashed line) of initial states defined by Definition 6 is also shown in Fig. 3. Now we show how the communication topology condition (2F + 1)-robustness affects the convergence performance of the proposed algorithm. For this purpose, let us temporarily remove communication link from node 1 to node 4 in Fig. 1.  With this change, one can verify that the robustness of network is still 3-robust but do not satisfy the condition of extra robust. Consider the event-triggered control protocol (8) and the triggering condition (7). Set the event-triggering threshold |N in i,k (t)| = 3. With these control parameters, the simulated trajectories by executing the protocol (8) is plotted in Fig. 4. As stated in Theorem 13, we can observe that, as time goes on, our algorithm ensures nodes updating their states in a certain safe state interval despite false data interferences, but cannot guarantee the convergence of the system.
Next, we reconnect the link (1,4) to make sure that the network satisfies an extra robust graph again. We execute the protocol (8) again. Simulation results are presented in Fig. 5. From Fig. 5, one can see that consensus is achieved by getting rid of the influence of deception attacks, which is consistent with Theorem 14.
Furthermore, we compare our algorithm with the W-MSR algorithm [19]. Compared to our method, the W-MSR algorithm has no event-triggered control mechanism, and hence needs to communicate with more neighboring nodes in the network at each sampling period. The simulation results are presented in Fig. 6. We can observe from the figure that the performances of two algorithms are similar. However, our method employs less resource, i.e., less memory, computation, and perception. Furthermore, our method has a faster convergence speed than the W-MSR algorithm, which implies that more communication does not necessarily lead to faster convergence. On the contrary, this may not only result in more communication resources consuming, but also provides more opportunities for adversaries to launch attacks.

V. CONCLUSION
In order to mitigate the impact of deception attacks and meanwhile reduce network resource consumption, a distributed resilient control scheme is developed to ensure that the consensus of MANs can be realized. The proposed scheme is event-triggered in the sense that each node selectively updates its state value in a directed network with the proper interconnection topology design. Under this scheme, the threshold condition proposed is only dependent on the number of received message coming from neighboring nodes. As a consequence, our algorithm does not rely on delicate hardware for continuous monitoring, and therefore it is more suitable for large-scale distributed MANs with limited resources for every single agent. In the end, a simulation example has been presented to illustrate the theoretical results.
In the future, we may further consider the eventtriggered resilient consensus problem for the systems with second-order dynamics. Utilizing the proposed protocols in formation control of unmanned aerial vehicles, distributed filtering, and wireless sensor networks are other topics for future work.