Error- and Tamper-Tolerant Decentralized Diagnosability of Discrete Event Systems under Cost Constraints

This paper deals with decentralized fault diagnosis for a discrete-event system that is observed at multiple observation sites through communication channels that can be attacked. The fault diagnosis architecture consists of a plant, local observation sites, and a coordinator that is responsible for ultimately diagnosing the faults occurring in the system, as well as communication channels between the various sensing devices and the local observation sites. An attacker, assumed to have full knowledge of the system model and ability to attack a subset of communication channels, aims to inhibit the ability of the coordinator to diagnose a fault. The type of attacks considered in this paper contain symbol insertion, symbol deletion, and symbol replacement attacks, each of which is associated with a positive cost (inversely correlated to the likelihood of the corresponding attack). A communication channel attack affects the outcome of a communication channel (from a sensing device to one of the observation sites) and results in a "local" symbol insertion/deletion/replacement (i.e., only the site associated with the communication channel under attack is affected). We describe a tamper-tolerant decentralized fault diagnosis protocol, which allows the coordinator to perform fault diagnosis despite the possible presence of attacks that are not greater than a certain total cost.