Resilient Adaptive Finite-Time Fault-Tolerant Control for Heterogeneous Uncertain and Nonlinear Autonomous Connected Vehicles Platoons

This paper addresses the control problem of heterogeneous uncertain nonlinear autonomous vehicle platoons in the presence of adversarial threats arising in Vehicular Ad-hoc NETworks (VANET) during the information sharing process. As unpredictable faults and/or malicious attacks may affect the trustworthiness of the messages shared among vehicles, a suitable resilient control law, able to enhance the robustness of the platoon formation, is required for the prevention of dangerous events. With the aim of achieving a safe platoon control, we leverage Multi-Agent System (MAS) framework and we design a novel distributed backstepping finite-time control strategy, embedding adaptive mechanisms able to guarantee vehicles fleet resilience with respect to possible occurring faults. The proposed strategy falls into the passive fault-tolerant control framework and, hence, it does not require additional observers for fault detection and isolation, thus reducing the computational burden. Adaptive mechanisms are designed according to Lyapunov-based theory which, in combination with the Barbalat lemma, ensures the stability of the closed-loop vehicular network. More specifically, our approach allows guaranteeing the convergence towards zero of the spacing and speed errors, while ensuring that all adaptive signals are bounded in a finite-time interval. A detailed simulation analysis, including a comparison w.r.t. the technical literature, confirms the theoretical derivation, the effectiveness and the advantages of the proposed resilient control law in ensuring platoon formation for different driving scenarios despite the occurrence of unexpected faults.


L ATEST advances in Information and Communication
Technologies (ICTs) bring to an evolution of transportation studies towards the brand new Intelligent Transportation Systems (ITS) concept, which relies on the usage of several remote sensors to capture the real-time status of a road segment and, then, broadcast control signals to roadside units, as well as other road users [1]. In this research field, platooning driving pattern represents a promising method to improve road capacity through congestion decreasing, as well as to reduce carbon emission and to save fuel consumption via the mitigation of aerodynamic effects [2]. The The review of this article was arranged by Associate Editor Claudio Roncoli.
idea behind a platoon of autonomous connected vehicles is to organize them in a fleet with a twofold objective, i.e., maintaining closer intra-vehicle distance gap while tracking a desired speed profile as imposed by a leader [3], [4]. To guarantee a safe platoon formation, dedicated wireless Vehicular Ad-hoc NETworks (VANETs) are the key components of ITS, since they enable connectivity among vehicles via two main types of communication: infrastructurebased communication, usually referred as Vehicle-to-Infrastructure (V2I), and direct interaction among vehicles via the so-called Vehicles-to-Vehicle (V2V) communication paradigm [5], [6]. Both of them fall into the more general paradigm of Vehicle-to-everything technology (V2X), whose aim is to connect vehicles to everything surrounding them [7].
Unfortunately, V2X is sensitive to several adversarial threats, such as message disruption, manipulation and mutation [8]. For instance, in the platooning application, adversaries can manipulate and corrupt communication messages among vehicles, causing dangerous maneuvers through misleading information, such as imposing an acceleration command during braking maneuvers [9]. Beyond the malicious attacks, in practice, different types of faults may occur in the vehicular platoon, which could damage the main actuators such as the throttle and/or the brake systems due to unpredictable events. These mechanical and/or electronic faults may lead to a paralysis of the entire platoon system, thus bringing to significant safety risks for vehicles operations [10]. Therefore, it is of great significance to provide suitable fault tolerant capabilities into the vehicle control system, whether caused by unpredictable actuators anomalies and/or malicious actions, while guaranteeing a faster counteracting response of the vehicular platoon [11]. Due to its importance, this topic has gained great attention from the ITS research community.
For example, a novel resilience infrastructure-based cooperative adaptive cruise control has been suggested in [8], where machine learning tools are exploited for the detection and mitigation of cyber-attacks in V2V communication. The leader-following tracking control problem for autonomous vehicles platoon undergoing different cyber-physical threats has been studied in [12] via a novel integrated control framework, which combines a decentralized fault-estimation unknown input observer with a distributed anti-attack faulttolerant tracking control strategy. Cyber-attacks have been also investigated in [13] for homogeneous linear platoons, where a distributed secure adaptive control strategy has been designed to cope with both malicious actions and heterogeneous communication time delays. Again, a distributed event-triggered fault-tolerant control law has been proposed in [14] to counteract time-varying actuator faults while reducing the communication network workload. Herein, the Lyapunov stability analysis has proved that Zeno behaviour can be effectively avoided.
The above-mentioned recent studies confirm the increasing efforts towards the design of distributed resilient faulttolerant control strategies for vehicles platoon application. However, they neglect a critical performance criterion in fault tolerant control strategies, i.e., the convergence time, which plays a crucial role in enhancing the response performance against fault and malicious attacks occurrences, thus improving platoon safety and guaranteeing a timely reaction [15], [16]. Along this line, under the restrictive assumption of bidirectional communication topology, [17] has proposed a nonlinear observer, in order to estimate both actuator faults and external disturbances, in combination with a distributed sliding control strategy to guarantee that spacing errors converge in the neighborhood of the origin in a finite-time interval. By avoiding the use of observers, [11] has suggested an adaptive resilient control scheme to improve the string stability of vehicular platoon despite the presence of actuator faults with formation position errors converging to a small neighborhood of the origin in finite time. Again, a distributed finite-time observer has been employed also in [16] to detect the occurrence of sensor faults. Here, in the presence of actuator faults, an adaptive finite-time fault estimation law combined with a finite-time sliding mode controller have been designed to compensate the resulting induced deterioration. By leveraging again sliding-mode theory, an adaptive finite-time fault-tolerant controller has been also suggested in [18] for the specific driving scenario of braking maneuvers, where the presence of unknown disturbances and uncertainties have been neglected. The combination of adaptive terminal sliding mode control technique with barrier Lyapunov function has been investigated in [10], where two neuroadaptive fault-tolerant controllers are proposed to ensure reliability and safety of vehicular platoon despite unmodeled dynamics, disturbances and timevarying actuator faults. Here, Lyapunov analysis has proved that spacing errors converge to an arbitrarily small region in a finite-time interval.
From the literature overview, adaptive control theory emerges as the key tool to deal with uncertain system dynamics, especially in the presence of fault/malicious attacks occurrence. However, it is worth mentioning that in light of the above state-of-the-art, adaptive finite-time approaches usually lead to the solely practical bounded stability [19], [20], [21], which may not be sufficient in real applications when dangerous events occur.
Motivated by the above discussion, this work aims at presenting a novel resilient distributed adaptive finite-time control strategy for heterogeneous uncertain nonlinear vehicles platoon, subject to actuators vulnerabilities originated by the occurrence of faults and/or adversarial malicious attacks. Note that, by exploiting the MAS concept, a heterogeneous platoon is defined as a set of vehicles where each of them is characterized by its own dynamics which are different from the ones of the other members of the fleet [22]. The backstepping technique is employed to derive the proposed fault-tolerant protocol, which remains still valid for different arising communication topologies, thus overcoming the classical CACC system, which could be hence regarded as a particular case. The proposed solution falls into the context of the passive Fault-Tolerant Control (FTC), which does not rely on faulty information to control the plant and they are closely related to robust control theory. This is contrast with active FTC which requires Fault Detection and Isolation via the designing of additional observers [23]. It follows that our strategy allows reducing the implementation/computation complexity w.r.t. active solutions, as well as the additional time-delays, required for detection an isolation phases, should not be considered in the control designing phase. Furthermore, the adaptive control mechanisms are derived via Lyapunov stability analysis, which allows proving that all signals in the closed-loop vehicular network are bounded in a finite-time interval. Notably, unlike most of the existing distributed adaptive finite-time control strategies [24], the proposed control scheme ensures that spacing and speed tracking errors converge towards zero, thus overcoming the solely practical stabilization.
Motivations and contributions of the work can be summarized as follows: • unlike [16], [18], [20], where external disturbances and unknown uncertainties are neglected in control design, herein a more general longitudinal platoon model, embedding vehicles heterogeneity, external disturbances and unknown uncertainties, is considered; • to solve platoon formation task under input vulnerabilities, a distributed finite-time fault-tolerant backstepping strategy is designed by leveraging Lyapunov method which provides adaptive mechanisms to face vulnerabilities, without requiring an additional observer as in [12], [16], [17] for faults detection and isolation; • the proposed resilient distributed control protocol is able to ensure that all the adaptive signals of the closedloop system are bounded in finite-time, while spacing and speed tracking errors converge to zero as time approaches to infinity, thus overcoming the solely practical bounded stability usually resulting from existing adaptive finite-time controllers [10], [17], [11]. The remainder of this paper is organized as follows. In Section II, the mathematical background is presented. Vehicles platoon model subject to input vulnerabilities is detailed in Section III, where the problem formulation is also presented. The derivation of the proposed resilient adaptive distributed finite-time controller is highlighted in Section IV, while Section V shows the stability analysis of the entire vehicular network. Exhaustive simulation results, carried out in different platooning maneuvers, are disclosed in Section VI, thus confirming the theoretical derivation. Finally, conclusions and future works are drawn in Section VII.

II. MATHEMATICAL BACKGROUND A. GRAPH THEORY
According to MAS paradigm, a set of autonomous connected vehicles can be modeled via a directed graph The information flow among vehicles is described by the adjacency matrix A = [a ij ] ∈ R N×N whose elements are such that: a ij = 1 if there exists a communication link between vehicle i and vehicle j, 0 otherwise. The communication graph is assumed to be directed, i.e., a ij = a ji . The associated Laplacian matrix is defined as When considering a leading vehicle imposing the reference behaviour for the fleet, the overall communication topology is described by an augmented graph G N+1 , where the leader has no neighbors and it is labeled with 0. The direct communication between the leader and the other member of the fleet is defined by the pinning matrix P = diag{a 10 , a 20 , . . . , a N0 } ∈ R N×N , whose elements are such that: a i0 = 1 when the leader information is directly available for the i−th vehicle, 0 otherwise. Communication graph G N+1 is such that the following assumption holds.
Assumption 1: G N+1 contains, at least, one spanning tree rooting at the leader node, i.e., every vehicle can obtain the leader information directly or indirectly.

B. LEMMAS
Herein we recall some useful lemmas for the derivation of the main results.
Lemma 1 [26]: If the communication topology is such that Assumption 1 holds, then the matrix (L + P) is positive definite.
The proof of Lemma 6, whose hints can be found in [19], allows providing an estimation of the settling time as: with ρ ∈ (0, 1). motion. This latter is modeled as the following uncertain nonlinear system:

III. PROBLEM STATEMENT
where and v i (t) [m/s] are the position and velocity of the i-th vehicle, respectively; m i [kg] is the unknown vehicle mass; u i (t) [Nm] is the control input representing the desired driving/brake force; the nonlinear function [m/s 2 ] models the intrinsic vehicle dynamics and accounts for aerodynamics effects, as well as the environmental disturbances π i (t) due to the presence of wind and slope. Note that, for sake of brevity, throughout this paper we omit the dependence of f i , as in (1), on v i and π i . Due to the presence of possible bias fault caused by actuators failures and/or malicious data injection cyber attacks, the control input u i (t) may be compromised by an unknown time-varying bias function δu i (t). This implies that, if δu i (t) is nonzero, then the control command u i (t) is corrupted with a faulty/malicious threat [31], [32].
Similar to (1), the leader vehicle, imposing the reference behavior for the whole fleet, is described by: where u 0 (t) [m/s 2 ] is the leader control input. Now, the following assumptions are considered.
In this context, the aim of this paper is to design an adaptive resilient distributed platoon control protocol for autonomous connected vehicles able to face the presence of unknown nonlinear heterogeneous dynamics while counteracting faulty and/or malicious actuator attacks. Hence the problem statement can be formulated as follows.
Problem 1: Consider a platoon composed of N autonomous uncertain nonlinear connected vehicles undergoing control input vulnerabilities as in (1) plus a leader as in (2) imposing the reference behaviour. Design an adaptive resilient distributed control u i (t) in (1), (∀i = 1, . . . , N), such that: where d i,j [m] is the desired spacing policy between vehicle i and vehicle j. According to [13], it is defined as

IV. DESIGN OF RESILIENT ADAPTIVE DISTRIBUTED FINITE-TIME CONTROL
To solve Problem 1, a resilient adaptive distributed finite-time control protocol is designed with the aid of the backstepping algorithm so to ensure the finite-time boundedness of all signal in the closed-loop, as well as the asymptotic stability of the position and speed tracking errors. For sake of clarity, Table 1 summarizes the main steps of the proposed control design procedure, which is recursively derived in detail below. Note that, the high computational/implementation complexity, usually required by backstepping approach, is here avoided due to the appraised vehicles dynamics in (1), which refer to a second-order nonlinear system [33]. Moreover, the feasibility of the designed approach is further guaranteed due to the fact that additional state observers for detection and isolation faults are not required [23].
Define the consensus tracking errors for the i−th vehicle as where a ij and a i0 are the elements of the adjacency and pinning matrices, respectively (see Section II-A), while l i = N j=1 a ij + a i0 . Note that, according to Assumption 1 l i = 0, ∀i = 1, . . . , N. Now, given the vehicle dynamics as in (1), the dynamics of the consensus errors (4) can be derived as: Then, introduce the following coordinate transformation: where α i,1 (t) is the i-th virtual control to be designed. Now, by leveraging the backstepping method, we perform for each vehicle i the following two-step procedure.
Step 1: According to (6), the derivative of z i,1 (t) is given by: Define the Lyapunov candidate function as Differentiating (8) along the trajectories of z i,1 (t), given (7), we obtain: Select the virtual control α i,1 (t) as being k i,1 and λ i,1 positive constants ∀i, while q ∈ (0.5, 1). Substituting (10) into (9) leads tȯ Step 2: According to (6), given (5), the derivative of z i,2 (t) is computed as: Define the Lyapunov candidate function as where γ i and β i are positive constants, whileθ i (t) andf i (t) are defined asθ beingθ i (t) andf i (t) the estimations ofθ i andf i (defined as in Assumption 4 and Remark 1), ∀i, respectively.
Considering the definition in (14) and the dynamics of z i,2 (t) in (12), based onV i,1 (t) in (11), the derivative of V i,2 (t) can be computed aṡ Under Assumption 2, define the control input as follows: where k i,2 and λ i,2 are positive constant values, while φ i (t) = e −ct , i = 1, . . . , N with c ∈ R + . Now consider that, according to Assumption 2, −m i /m i ≤ −1 as well as m i /m i ≤ 1. Moreover, Assumptions 4 and 5 lead to l i z i,2 (t)f i (t) ≤ l i |z i,2 (t)|f i and l i z i,2 (t)θ i (t) ≤ l i |z i,2 (t)|θ i i = 1, . . . , N, respectively. Therefore, by substituting (16) into (15), we can rewriteV i,2 (t) as: Then, by taking into account definitions in (14) and exploiting Lemma 2, (17) can be recast as follows: Finally, select the adaptive mechanisms as follows: VOLUME 4, 2023 485 Authorized licensed use limited to the terms of the applicable license agreement with IEEE. Restrictions apply.

V. STABILITY ANALYSIS
The stability of the proposed control strategy is proven by the following theorem. Theorem 1: Consider a platoon composed of N uncertain nonlinear vehicles as in (1). Let Assumptions 1-6 hold. The closed-loop system under the adaptive control given by (16), (10), (19) is finite-time stable with tracking errors reaching zero as time approaches to infinity.

VI. SIMULATION RESULTS
To show the effectiveness of the proposed distributed resilient control scheme, an exemplary heterogeneous platoon of N = 5 vehicles plus a leader is considered. Information sharing is enabled through the representative Leader-Predecessor-Follower (L-P-F) communication topology (see Figure 1), which guarantees that each vehicle i, ∀i = 1, . . . , 5, is able to communicate with both its predecessor i − 1 and the leader vehicle, labeled with 0. Note that, L-P-F is one of the different platoon communication structures that may arise in V2V paradigm and similar results accounting for different communication topologies have been omitted here for the sake of brevity. The nonlinear vector field f i (t) in (1) is a bounded function capturing the aerodynamic force, i.e., ∀i = 1, . . . , N, where C A,i is the aerodynamic drag coefficient. The platoon control performance is evaluated by exploiting MATLAB/Simulink simulation platform, while the initial conditions and vehicles parameters are reported in Table 2. Other parameters involved in Theorem 1 are selected as follows: With the aim of proving the resilience of the proposed distributed control law with respect to actuator faults and/or malicious attacks, it is assumed that healthy control input u i (t) of the i-th vehicle is corrupted with faulty/malicious signal δu i (t), ∀i at a different time. Specifically, a time interval of 70 [s] is investigated for simulation purpose, where the VOLUME 4, 2023 487 Authorized licensed use limited to the terms of the applicable license agreement with IEEE. Restrictions apply.
Simulation campaign involves four different driving scenarios, namely: i) case 1, where the leader travels with a constant speed; ii) case 2, where the leader performs an exemplary trapezoidal maneuver, which can be useful to mimic the effect of traffic jam; iii) case 3, which involves an emergency braking situation; iv) case 4, where the robustness of the approach w.r.t. leader trapezoidal maneuvers is also assessed in presence of uncertain parameters variations. Finally, a comparison analysis w.r.t. a different fault-tolerant state-of-the-art control strategy discloses the benefits of the proposed solution.

A. CASE 1
Here, the ability of the control input (16)- (19) in tracking the leader motion, while counteracting the presence of faulty/malicious signals δu i (t) in (32), is disclosed for a con-  This trapezoidal speed profile is useful to model sudden deceleration due to possible obstacles, followed by an acceleration phase in order to restore the target speed as soon as it is possible (see [25] and references therein). Results in Figure 3 highlight the robustness and the resilience of the proposed controller in guaranteeing that all vehicles accurately track the reference speed as imposed by the leader, while maintaining the desired spacing gap   i = 1, . . . , N, e) adaptive signalθi (t), i = 1, . . . , 5. of the closed-loop signals can be appreciated in Figure 3 (b)-(d)-(e), where, in particular, adaptive signalsf i (t) and θ i (t), ∀i = 1, . . . , 5 converge to constant steady-state values after each transient phase whenever the leader-tracking process is completed (see Figure 3 (b)-(d)-(e)). Also in this case, the settling time is T R ≈ 16 [s], while its evolution with respect to ρ is similar to the one obtained in Figure 2 (f) and, hence, it is omitted here for the sake of brevity. For the sake of clarity, the time-history of control input u i (t) ∀i is shown in Figure 3 (c).

C. CASE 3
In this section, an emergency braking situation is emulated, where the leader initially travels with a constant speed v 0 (t) =  As disclosed in Figure 4, similar good tracking performance can be obtained also in this dangerous case, meaning that followers vehicles are able to accurately synchronize their motion to the leader reference speed behaviour (see Figure 4 (a)), while maintaining the required distance d i,i−1 = 20 [m] among them (Figure 4(b)) and successfully counteracting the faulty/malicious information coming from (32). Time-histories of adaptive signalsf i (t) and θ i (t), ∀i = 1, . . . , 5, are reported in 4 (d)-(e), respectively. Also in this case, it is shown the achievement of the practical finite-time boundedness as adaptive signals reach constant values, once synchronization process is obtained after the transient phase. Finally, the evolution of control input u i (t), ∀i = 1, . . . , 5, over the time is highlighted in Figure 4 (c).

D. CASE 4
Herein, we evaluate the robustness of the proposed faulttolerant platoon control to unknown parameters uncertainties in the same driving scenario reported as in Section VI-B. To this end, we model the vehicle parameters m i and C A,i as random variables, assumed to be uniformly distributed, and we exploit the Latin Hypercube Sampling (LHS) approach [3] for the assessment of the platoon performance for all the different values of the unknown parameters uncertainties, as well as for all the possible combinations of them. As uncertainty ranges we consider the following ones: m i ∈ [ −20%m i ; +20%m i ] and C A,i ∈ [−5%C A,i ; +5%C A,i ], withm i andC A,i the nominal values of the appraised parameters as reported in Table 2. Results are reported in Figure 5, where we disclose the 100 performed simulations in this uncertain condition (see black lines) versus the performance achievable in nominal parameters conditions (see yellow dashed line). As it is possible to observe herein, the proposed control strategy is robust to parameters uncertainties. Indeed, thanks to proposed adaptive mechanisms, the platoon achieves good tracking performance even in this uncertain scenario.

E. COMPARISON ANALYSIS
To further confirm the advantages of the proposed distributed approach, here we compare the performance of our control strategy w.r.t. the one achievable via another state-of-the-art resilient fault-tolerant controller, recently proposed in [16]. For the comparison analysis we consider the platoon formation maneuver as in Case 1 and the uncertain parameters variations as in  Comparing closed-loop performance results (see Figure 2(a) vs Figure 6) it is possible to note that the control approach in [16] results in worst dynamic performance during platoon formation, which clearly brings to the worsening of passengers comfort during transient maneuvers.
For the performance evaluation, we also exploit the Average Tracking Error (ATE) as key performance index [16]. By naming χ s (t) = [z 1,s (t), δ v,s (t)] and indicating with T is the simulation time, the ATE is computed as: where the subscript s (s = 1, . . . , 100) indicates the ATE evaluation in the s-th simulation running. Overall comparison results are summarized in Table 3, where it is shown how the achieved performance are improved via our control approach.

VII. CONCLUSION
In this paper, a distributed resilient adaptive control strategy for heterogeneous uncertain nonlinear connected autonomous vehicles platoons is proposed to solve platoon formation task in a safe manner, despite the presence of input vulnerabilities in the forms of faults and/or malicious attacks. The proposed fault-tolerant protocol is derived by leveraging adaptive backstepping theory, where the Lyapunov method provides all the required adaptive mechanisms. The stability and the robustness of the entire vehicular network have been analytically proven via Lyapunov theory along with the Barbalat lemma, which allows ensuring that all signals involved in the closed-loop remain bounded in a finite-time interval, while spacing and speed errors converge to zero as time approaches to infinity. Extensive numerical simulations, carried-out for different platooning maneuvers, have confirmed the effectiveness of theoretical derivation in ensuring the achievement of platoon formation control objectives even if a vulnerability of the control inputs occurs. Future works could include the extension of the proposed approach for nonlinear third-order autonomous vehicles platoon, with the integration of Dynamic Surface Control approach or the command backstepping technique in order to successfully face the complexity explosion problem, usually appearing in nonlinear system with order greater than 3 under backstepping-based control [33], [34].