Platoon control in intelligent and connected vehicles (ICVs) has garnered significant attention owing to its potential to reduce fuel consumption and increase transportation system efficiency. Although several commendable platoon control strategies have emerged [1], practical challenges remain. Information communicated over public vehicle-to-vehicle (V2V) networks is susceptible to malicious intrusions and cyberattacks, rendering ICVs vulnerable. Traditional platoon control methods often fail in security-centric ICVs, especially for constraints demanding heightened security assurances.

Secure platoon control is crucial when malicious vehicles in the network disregard established communication protocols, thereby misleading their counterparts. Byzantine attacks manifest when one or several vehicles deliberately disseminate deceptive data within the ICV network, jeopardizing platoon coordination, and possibly leading to collisions. The urgency to devise innovative control algorithms and detection mechanisms capable of addressing this malicious behavior cannot be overstated; they are vital for the safety and security of platoon systems. Given the computational complexity and inherently distributed structure of ICVs, distributed control approaches are appropriate. Thus, developing a resilient distributed platoon control system to prevent cyberattacks is of paramount importance.

Numerous secure control methods for ICVs under cyberattacks have emerged. Comprehensive overviews of this topic are available in Refs. [2], [3], [4].

Malicious cyberattacks targeting communication channels tend to undermine data availability, integrity, and confidentiality, as detailed in Refs. [5], [6], [7], [8]. Recognizing this threat, various secure control schemes have emerged for ICVs to counteract the detrimental effects of diverse cyberattacks, such as denial-of-service (DoS), deception, and eavesdropping attacks. For example, ICVs under DoS attacks were investigated in Ref. [9]. DoS attacks manifest as time delays, and researchers have used a combination of adaptive estimation and sliding mode control techniques to detect and gauge the impact of such attacks. Furthermore, DoS attacks represented by packet dropouts were examined in Ref. [10]. A resilient cooperative adaptive cruise control system was developed, pinpointing the resilience boundary against the most permissible consecutive packet dropouts. This subject has also received attention in recent studies [11], [12], [13]. Deception attacks on data integrity such as replay [14] and false data injection (FDI) attacks [15], [16], [17] pose challenges. In Ref. [14], a dynamic tracking controller melds the output feedback control with a robust reset control to counteract replay attacks that appear as significant random communication delays. For FDI attacks, two distinct detection mechanisms are prominent: one introduces a cloud-based sandboxing technique to assess and segregate adversarial attacks in ICV scenarios [15], and the other elucidates a partial differential equation-based observer to detect FDI attacks and determine their injection points in the ICV platoon [16]. Additionally, strides in privacy-preserving control methods for ICVs concerning data confidentiality have become evident [18], [19]. Specifically, proposed a differentially private data streaming approach that integrates noise within the data streams among vehicles [18].

In the following discussion, we briefly outline developments related to attacks executed on agents. A dominant strategy for addressing resilient control challenges is prevention, which is invoked before the onset of attacks; comprehensive insights into this methodology can be found in Refs. [20], [21], [22], [23]. Byzantine-resilient distributed observers were conceptualized for a fully distributed implementation, as highlighted in Ref. [24]. The mean sequence reduced (MSR) algorithm [25] empowers multi-agent systems (MASs) with bounded adversaries to attain resilient control objectives, provided that the communication graph meets certain robustness criteria. Specifically, the MSR algorithm shifts through the state values of neighboring systems, discarding outliers, and using the remaining conventional values to update the control input. Although several adaptations of MSR-type resilient algorithms for MAS have emerged under attack scenarios [20], [26], [27], these often face complications owing to coupled system states, complicating attack detection. Additionally, the bulk of the existing work primarily focuses on the theoretical facets of the resilient consensus of MAS. By contrast, research offering security assurances that are explicitly tailored for practical ICVs in the context of Byzantine attacks remains underexplored.

Conversely, distributed model predictive control (DMPC) has gained substantial attention owing to its exceptional capabilities in constraint management and computational resource optimization, as evidenced in Refs. [28], [29]. DMPC approaches for tackling cooperative stabilization challenges in MASs were explored in Ref. [30], whereas solutions addressing consensus issues in cooperative systems appeared in Refs. [31], [32]. Despite their merits, existing DMPC methodologies lack in the context of security-sensitive operations. This highlights the necessity for a unified and resilient DMPC-based strategy to safeguard ICVs against cyberattacks.

This study addresses platoon control in ICVs under physical constraints and Byzantine attacks, in which malicious information is transmitted between vehicles. Meeting both the constraint satisfaction and security demands of ICVs is a nontrivial task that requires the co-design of an effective control strategy and reliable attack detection mechanism.

(1) We develop a resilient distributed model predictive platoon control (RDMP2C) for constrained ICVs. This framework allows vehicles to detect and identify malicious information, thereby ensuring that they consistently meet the desired platoon control objectives. By integrating the predesigned optimal control with DMPC optimization, our approach ensures both superior control performance and constraint adherence.

(2) To address the challenge of high communication network robustness requirements in the existing resilient distributed control algorithms for ICVs under Byzantine attacks [25], [33], we designed a distributed attack detector based on previously broadcast information and a resilience set. Communication links are characterized by different levels of thrust based on the intensity of Byzantine attacks, and a novel second verification algorithm is designed to restore the thrust of communication links that are not severely attacked.

(3) We establish sufficient conditions for the recursive feasibility of the RDMP2C algorithm and the stability of the closed-loop ICV system. Notably, our method is the first attempt to concurrently address the cybersecurity, constraints, and control performance of constrained ICVs under potential attacks. Even during Byzantine attacks, our method maintains closed-loop stability and security in ICVs with reduced reliance on network robustness.

The remainder of this paper is organized as follows. Section 2 presents some basic preliminaries and formulates the resilient platoon control problem. In Section 3, we present the distributed detection algorithms for Byzantine attacks. In Section 4, we propose the RDMP2C framework for constrained ICVs. In Section 5, we prove the theoretical properties, including the recursive feasibility and closed-loop stability. Section 6 presents the simulation results and Section 7 concludes the paper.

A directed graph $\mathcal{G}\left(t\right)=\{\mathcal{V},\mathcal{E}\left(t\right),\mathcal{A}\left(t\right)\}$ is used to describe the information exchange among the ICVs, in which $\mathcal{V}=\{1,2,\cdots ,M\}$ denotes the vertex set, M $\in \mathbb{N}$, $\mathcal{E}\left(t\right)\subseteq \{\left(i,j\right)\mid i,j\in \mathcal{V},i\ne j\}$ represents the edge set, $t\in \mathbb{N}$, $\mathbb{N}$ denotes the set of nonnegative integers and $\mathcal{A}\left(t\right)=\left[a_{\mathit{ij}}\left(t\right)\right]\in {\mathbb{R}}^{n\times n}$ represents the adjacency matrix with $a_{\mathit{ij}}\left(t\right)>\alpha$, $0<\alpha <1$. An edge $\left(j,i\right)$ with $a_{\mathit{ij}}\left(t\right)\ne 0$ implies that vehicle $j$ can send information to vehicle $i$ at time $t$. The in-degree of vehicle $i$ is denoted by ${\text{deg}}_i={\sum }_{j=1,j\ne i}^M{a}_{\mathit{ij}}\left(t\right)$. For the in-degree matrix $\mathcal{D}\left(t\right)=\text{diag}\left({\text{deg}}_1,\cdots ,{\text{deg}}_M\right)$, the Laplacian matrix is given as $\mathcal{L}\left(t\right)\in {\mathbb{R}}^{n\times n}=\mathcal{D}\left(t\right)-\mathcal{A}\left(t\right)$. The neighbors of vehicle $i$ are denoted by ${\mathcal{N}}_i\left(t\right)=\{v_j\in \mathcal{V}\left(t\right)\mid \left(v_i,v_j\right)\in \mathcal{E}\left(t\right),i\ne j\}$. Only a subset of follower vehicles can receive information from leader vehicle $0$ in this work. The corresponding pinning matrix is given as $G=\text{diag}\left(g_{10},\cdots ,g_{M0}\right)$ with a pinning gain $g_{i0}$. Follower vehicle $i$ receives information from the preceding vehicles $i-1$ and $i-2$, $i=\{2,\cdots ,M\}$. The notations of $r$-reachable set and $r$-robustness introduced in Ref. [25] characterize graph robustness properties.

Definition 1.( $r$-reachable set). Given a graph $\mathcal{G}$ and a nonempty subset $\mathcal{S}\subset \mathcal{V}$, the set $\mathcal{S}$ is $r$-reachable if $\exists i\in \mathcal{S}$ such that $\left|{\mathcal{V}}_i⧹\mathcal{S}\right|\ge r$, $r\in \mathbb{N}$.

Definition 2. ( $r$-robust graph). A nonempty graph $\mathcal{G}$ is $r$-robust ( $r<M$) if at least one of the subsets is $r$-reachable for any pair of nonempty disjoint subsets $\mathcal{V}$, at least one of the subsets is $r$-reachable.

For precise control over the longitudinal dynamics, we adopt certain assumptions [34]. We neglect the longitudinal slip of the tire, assume a rigid and symmetric vehicle, and disregard any lateral effects. These assumptions streamline the model, ensuring that longitudinal dynamics are both predictable and accurately controllable. The longitudinal dynamics of vehicle $i$, $i\in \mathcal{V}$, are detailed in Ref. [34].

where $s_i$ and ${\mu }_i$ are, respectively, the position and the velocity along the longitudinal axis; $\eta$ is the mechanical efficiency of the driveline; $R_{\text{w}}$ is the tire radius; $C_{\text{A}}$ is the aerodynamic drag coefficient; $m$ is the vehicle mass; $g$ is the gravity constant; $f$ is the rolling resistance; $F_i$ is the actual driving torque; $F_{i,\text{des}}$ is the desired driving torque; and $\tau$ is the inertial lag of the longitudinal dynamic of the vehicle. A feedback linearization technique is adopted to transform the nonlinear longitudinal dynamics Eq. 1 into a linear system model as follows:

in which $u_i\left(t\right)$ denotes the control input. For acceleration $a_i\left(t\right)={\dot{\mu }}_i\left(t\right)$ of vehicle $i$:

From Eqs. 1, 2, 3, we obtain the compact form

in which $x_i=\text{col}\left(s_i,{\mu }_i,a_i\right)$,

The dynamics of the vehicle Eq. 4 in discrete time follows

where

with $T$ being the sampling period. For the sake of notation simplicity, we abbreviate ${\mathit{A}}_{\mathbf{d}}$ and ${\mathit{B}}_{\mathbf{d}}$ as $\mathit{A}$ and $\mathit{B}$, respectively.

Note that the ICV in Eq. 6 is subject to the state and control input constraints.

in which the sets ${\mathcal{X}}_i=\{x\in {\mathbb{R}}^3\mid x_{\mathrm{m}\mathrm{i}\mathrm{n}}\le x\le x_{\mathrm{m}\mathrm{a}\mathrm{x}}\}$ and ${\mathcal{U}}_i=\{u\in {\mathbb{R}}^1\mid u_{\mathrm{m}\mathrm{i}\mathrm{n}}\le u\le u_{\mathrm{m}\mathrm{a}\mathrm{x}}\}$ are compact and contain the origin as the interior point, with the state bounds $x_{\mathrm{m}\mathrm{i}\mathrm{n}},x_{\mathrm{m}\mathrm{a}\mathrm{x}}$ and control input bounds $u_{\mathrm{m}\mathrm{i}\mathrm{n}},u_{\mathrm{m}\mathrm{a}\mathrm{x}}$.

This subsection describes the characterization of the Byzantine attack model. Here, a vehicle under Byzantine attack is called a Byzantine vehicle. If a vehicle is free of attack, it is called a normal vehicle and always obeys a predefined control strategy. Let ${\mathcal{V}}_{\mathrm{N}}\subset \mathcal{V}$ and ${\mathcal{V}}_{\mathrm{A}}\subset \mathcal{V}$ denote the set of normal and Byzantine vehicles, respectively. The cardinality of the normal vehicle set is denoted as $\left|{\mathcal{V}}_{\mathrm{N}}\right|$. The cardinality of the Byzantine vehicle set is denoted as $\left|{\mathcal{V}}_{\mathrm{A}}\right|$.

In the following section, we introduce the notations for Byzantine vehicles, normal vehicles, and $F$-local Byzantine attacks [25].

Definition 3. (Byzantine vehicle). Vehicle $i,i\in \mathcal{V}$ in Eq. 4 is Byzantine if it broadcasts arbitrarily different state values to its neighbors.

Definition 4. (Normal vehicle). Vehicle $i,i\in \mathcal{V}$ in Eq. 4 is normal if it updates and broadcasts its state values based on the designed control protocol.

Definition 5. ( $F$-local Byzantine attacks). Given graph $\mathcal{G}$ and a number $F\in \mathbb{N}$, if the number of Byzantine vehicles in the neighborhood of the normal vehicle $i$, $i\in {\mathcal{V}}_{\mathrm{N}}$ is no more than $F$, that is, $\left|{\mathcal{N}}_i\cap {\mathcal{V}}_{\mathrm{A}}\right|\le F$, then we say that the ICV is subject to $F$-local Byzantine attacks.

ICVs typically have inter-vehicle communication networks, such as V2V and intra-vehicle networks (e.g., controller area networks) for controller–sensor communication. Moreover, these vehicles have an array of sensors dedicated to perception [2]. However, although these connected networks and sensors enhance intra- and inter-vehicle communication, they also present vulnerabilities. These can become entry points for adversarial Byzantine attacks, causing arbitrary system updates. Notably, a vehicle under malicious attack transmits identical state values to all neighboring vehicles [25]. Consequently, this malicious vehicle can be regarded as a specific example of a Byzantine vehicle.

In the realm of vehicle platooning, Byzantine attacks pose a significant risk, as they occur when an adversarial vehicle disseminates deceptive data, such as its position, speed, or acceleration, to other vehicles within the platoon. Such misinformation can throw off the synchronized movement of a platoon, creating operational inefficiencies and potential safety hazards. Risks escalate if the compromised vehicle is situated at the front of the platoon, where it has considerable influence over the entire formation. Addressing the challenges posed by Byzantine attacks on vehicle platooning systems involves a two-pronged approach. First, control strategies must be designed to preserve the stability and security of the platoon, even in the face of malicious actors within the ranks. Second, these strategies must demonstrate resilience to different types of adversarial incursions. Achieving this resilience requires the creation of innovative control algorithms and robust detection mechanisms capable of identifying and mitigating malicious activities.

Byzantine attacks can occur in various manners during platoon operations, ranging from FDI and packet loss to more elaborate replay attacks. The perpetrators of these attacks could be insiders with access to the communication systems or external agents of the platoon. Furthermore, these attacks can vary in duration and frequency, whether intermittent or sustained.

Let $t_k^i$ denote the Byzantine attack time instant for vehicle $i$, with $i\in \mathcal{V}$, $k\in {\mathbb{N}}_{\ge 1}$, and ${\mathbb{N}}_{\ge 1}$ being the set of integers in interval $\left[1,+\infty )\right.$. We define $H_i>0$ as the duration of the Byzantine attack, and vehicle $i$ is attacked by a Byzantine attacker during ${\mathbb{N}}_{\left[t_k^i,t_k^i+H_i\right]}$. Following are the assumptions for the Byzantine attack model and ICVs:

Assumption 1. Constants $F\in \mathbb{N}$ and $W\in \mathbb{N}$ exist such that: ① the attack duration satisfies $H_i\le W$ for $k\in {\mathbb{N}}_{\ge 1}$; ② the intensity of malicious Byzantine attacks remains unchanged in the attack duration ${\mathbb{N}}_{\left[t_k^i,t_k^i+H_i\right]}$; ③ the ICVs in Eq. 6 are subject to $F$-local Byzantine attacks, and the upper bound $F$ is available for the normal vehicles; ④ the lead vehicle $0$ is attack-free.

Given the limited energy of adversarial cyberattacks, assuming the number of Byzantine attacks $F$ and maximum attack duration $W$ for the ICV is reasonable. A similar assumption can be made in the DoS attack results [35], [36].

This work aims to develop a resilient and distributed platoon control framework such that constrained ICVs under $F$-local Byzantine attacks achieve the following two objectives:

(1) Resilient platoon: Byzantine vehicles can be detected and isolated. Normal vehicle $i,i\in {\mathcal{V}}_N$ keeps a desired distance from lead vehicle $0$ and tracks the speed of lead vehicle $0$, that is, ${\mathrm{l}\mathrm{i}\mathrm{m}}_{t\to \infty }\left|s_i\left(t\right)-s_0\left(t\right)\right|=d_{i0}$ and ${\mathrm{l}\mathrm{i}\mathrm{m}}_{t\to \infty }\left|{\mu }_i\left(t\right)-{\mu }_0\left(t\right)\right|=0$, where $d_{i0}=id$ and the constant $d>0$ is the desired gap between two consecutive vehicles.

(2) Constraint satisfaction: normal vehicle $i,i\in {\mathcal{V}}_N$

satisfies the physical constraints in Eq. 8 for all $t\in \mathbb{N}$.

The proposed RDMP2C framework for ICV in the right lane is outlined in Fig. 1. Each follower vehicle comprises five parts: the broadcaster (block a), controlled vehicle (block b), DMPC controller (block c), attack detector (block d), and receiver (block e). The information transmitted between vehicles is broadcast and received by a broadcaster and receiver, respectively. The attack detector is responsible for determining malicious information and retaining normal information from its neighbors. Given normal broadcast information, the optimal platoon control input $u_i^{\ast }$ is generated for vehicle $i$ by solving the DMPC problem (see Section 4).

Before discussing the distributed detection algorithms for ICVs under Byzantine attacks, we introduce two pivotal sets: the estimation error set and the resilience set. The estimation error set was meticulously designed and integrated into the DMPC problem to facilitate parallel execution of the distributed control algorithm. Building upon the estimation error set, we design a tube $X_i\left(t\right)$, $i\in \mathcal{V}$ centered around the prior broadcast state sequence. This tube constrains the current broadcast state sequence shared among vehicles. Expanding the estimation error set, we formulate a resilience set to detect and identify potential attacks targeting vehicles. Consequently, the resilience tube $R_i\left(t\right)$, $i\in \mathcal{V}$ leveraging the previously broadcast predicted state sequence and the resilience set, is structured within the attack detector (the attack detection mechanism) (block d) for vehicle $i$.

Typically, cooperative agents calculate the optimal predicted state sequences and exchange them simultaneously [37], [38]. However, this approach is not feasible in practice. To address this problem, the predicted states of each vehicle broadcast at the previous time instant $t$ (termed as “the assumed predicted states”) are used to estimate the current predicted system states at time $t+1$, $t\in {\mathbb{N}}_{\ge 0}$. Consequently, vehicles can implement distributed control algorithms simultaneously. Let ${\hat{\mathit{x}}}_i\left(t+1\right)=\left\{{\hat{x}}_i\left(t+1|t+1\right),{\hat{x}}_i\left(t+2|t+1\right),\dots \right\}$ be the assumed predicted state sequence of vehicle $i$, $i\in \mathcal{V}$ hereafter, which is used to estimate the current optimal predicted state sequence ${\mathit{x}}_i^{\ast }\left(t+1\right)=\{x_i^{\ast }\left(t+1|t+1\right),x_i^{\ast }\left(t+2|t+1\right),\dots \}$ at time $t+1$. More precisely, ${\widehat{x}}_i\left(t+1+k|t+1\right)$ is given by

where $k,t\in {\mathbb{N}}_{\ge 0}$, and ${\mathit{x}}_i^{\ast }\left(t\right)$ denotes the optimal predicted state sequence generated by solving the DMPC problem ${\mathcal{P}}_i$. As indicated in Eq. 10, the assumed predicted states exchanged among the ICV inevitably lead to estimation errors. In this case, the estimation errors induced by a more practical transmission were treated as external disturbances. Note that an estimation error set $\mathit{\Delta }$ used to limit the estimation error $e_i\left(t+k|t\right)={\widehat{x}}_i\left(t+k|t\right)-x_i^{\ast }\left(t+k|t\right)$ is specified for the ICV, aiming at achieving the desired formation. The estimation error set plays an important role in the ICV that distributively performs the control algorithm. Accordingly, the optimized predicted states of vehicle $i$, $i\in \mathcal{V}$ are required to lie in a specified neighborhood of the assumed predicted states for $k\in {\mathbb{N}}_{\ge 0}$,

in which the estimation error set $\mathit{\Delta }=\{\delta \in {\mathbb{R}}^3\mid \Vert \delta \Vert <\eta \}$ is convex and contains the origin, with $\eta >0$ and $\Vert \bullet \Vert$ denoting the Euclidean norm.

Inspired by the tube-based MPC for linear systems with external disturbances, the estimation errors between the current optimal predicted states and assumed states are treated as external disturbances. Constraint Eq. 11 is incorporated into the robust DMPC optimization problem ${\mathcal{P}}_i$ to constrain the optimal predicted state sequence $x_i\left(t+k|t\right)$ within the predesigned tube $X_i\left(t\right)$ centered along the assumed state ${\widehat{x}}_i\left(t+k|t\right)$. Moreover, this constraint ensures that the robust DMPC optimization problem can be solved in a distributed fashion. Note that the estimation error set provides consistency between the intended behaviors of a vehicle and what makes the neighbors believe how it will behave from the perspective of the broadcaster (the vehicle is the broadcaster when it broadcasts the predicted states to its neighbors; likewise, the receiver refers to the vehicle that receives the predicted states from its neighbors) (block a).

As achieving resilient platoon control requires reliable and secure information from neighboring vehicles, each vehicle must be able to detect adversarial vehicles and communication links. To identify potential Byzantine attacks, we construct a resilience set for the distributed attack detector (block d), as shown in Fig. 1. For communication networks $\mathcal{G}\left(t\right)$ of the ICV that can afford resilience against $F$-local Byzantine vehicles, each normal vehicle must detect and discard adversarial interconnections to eliminate adverse effects; otherwise, resilient platoon control of the ICV cannot be guaranteed. To this end, the resilience set $\mathcal{R}$ is designed based on the estimation error set to detect and identify Byzantine adversaries. More precisely, resilience set $\mathcal{R}$ is given by

where the constant $\sigma >1$ is a resilience parameter. The design parameter $\sigma$ reflects the ability of the ICV to tolerate cyber-attacks.

Next, based on the estimation error set and resilience set, vehicle $i$, $i\in \mathcal{V}$ categorizes the received predicted state sequence from neighbors $j$, $j\in {\mathcal{N}}_i\left(t\right)$ into three levels: normal, recoverable, and adversarial communication.

(1) Normal communication: If the assumed predicted state sequence of neighbors ${\widehat{\mathit{x}}}_j\left(t\right)$, $j\in {\mathcal{N}}_i\left(t\right)$ transmitted from vehicle $j$ to vehicle $i$ satisfies

with $k\in {\mathbb{N}}_{\ge 0}$, then the communication link $\left(j,i\right)$ is normal at time $t$. From Eq. 13, it can be seen that the assumed predicted state sequence ${\widehat{\mathit{x}}}_j\left(t-1\right)$ broadcast at time $t-1$ serves as the center of the tube $X_i\left(t\right)$.

(2) Recoverable communication: The adversarial predicted state sequence of neighbors ${\widehat{\mathit{x}}}_j\left(t\right)$ may be in the resilience tube that centers along the previous broadcast assumed predicted state sequence ${\widehat{\mathit{x}}}_j\left(t-1\right)$, with $k\in {\mathbb{N}}_{\ge 0}$. If the assumed predicted-state sequence ${\widehat{\mathit{x}}}_j\left(t\right)$ satisfies

with $k\in {\mathbb{N}}_{\ge 0}$, then the communication link $\left(j,i\right)$ is adversarial but recoverable at time $t$. $\mathcal{R}⧹\mathit{\Delta }:=\{x\in {\mathbb{R}}^3\mid x\in \mathcal{R},x\notin \mathit{\Delta }\}$. Let ${\mathcal{N}}_i^r\left(t\right)$ denote the set of all recoverable communication links, with ${\mathcal{N}}_i^r\left(t\right)\subset {\mathcal{N}}_i\left(t\right)$. The weight $a_{\mathit{ij}}\left(t\right)$ used in the platoon control design becomes $a_{\mathit{ij}}\left(t\right)=a_{\mathit{ij}}\left(t-1\right)/\sigma$, which dynamically adjusts the level of trust in the corresponding communication link/channel among the ICV.

(3) Adversarial communication: If the received assumed predicted state sequence ${\widehat{\mathit{x}}}_j\left(t\right)$ satisfies

with $k\in {\mathbb{N}}_{\ge 0}$, then the communication link $\left(j,i\right)$ is adversarial. The adversarial predicted state information is discarded and not used in the platoon control design for vehicle $i$ (which implies $a_{\mathit{ij}}\left(t\right)=0$).

This study assumes no Byzantine attacks on the ICV at the initial time $t=0$. For vehicle $i$, $i\in \mathcal{V}$, the corresponding trustworthiness weight at the initial time $0$, with $a_{\mathit{ij}}\left(0\right)=1/\left|{\mathcal{N}}_i\left(0\right)\right|$. At time $t$, the trustworthiness weight becomes:

where ${\mathcal{N}}_i^n\left(t\right)$, ${\mathcal{N}}_i^r\left(t\right)$, and ${\mathcal{N}}_i^m\left(t\right)$ represent the normal, recoverable, and adversarial neighboring sets, respectively.

Note that normal vehicles do not require an exact determination of which of their neighboring vehicles is adversarial. Only the adversarial communication induced by Byzantine adversaries must be detected based on the assumed predicted states broadcast at the last time instant, estimation error set, and resilience set.

In this subsection, we present the distributed attack detection algorithm and the second verification algorithm for ICV in the presence of $F$-local Byzantine attacks.

MSR-type algorithms [20], [25], [39] usually require each agent to gather the neighboring state information, sort the received information, and discard the $2F$ extreme system state values. These algorithms collect and detect adversarial agents in a centralized manner, which is a requirement for robust communication networks. More precisely, the communication network $\mathcal{G}\left(t\right)$ is at least ( $2F+1$)-robust. In contrast, the proposed detection algorithm distributively detects broadcast information from neighbors, which significantly relaxes the restriction on network robustness. Each normal vehicle only ignores at most $F$ received neighbors’ information for the ICV in the presence of $F$-local Byzantine attacks.

Algorithm 1 summarizes the implementation of the distributed attack detection scheme for vehicle $i$, $i\in \mathcal{V}$ at time $t$ in this paper.

Before proceeding, we make the following remarks on Algorithm 1.

Redundant network interconnections are crucial for a resilient ICV platoon under $F$-local Byzantine attacks. Typically, MSR-type algorithms filter adversarial information from neighbors by discarding $2F$ suspicious system state values at each time step, which requires the communication network to be at least ( $2F+1$)-robust [20], [24], [40]. By contrast, our distributed attack detection algorithm relaxes the network robustness requirement from ( $2F+1$) to ( $F+1$). Owing to the resilience set and assumed predicted states, each normal vehicle can detect the received neighbor information under relaxed graph robustness. This constitutes a distinct contribution to this study.

Applying Algorithm 1 identifies and ignores severely adversarial assumed predicted states from neighbors, as indicated in Eq. 15, in the distributed control strategy. Now, let us consider the special case (slight cyberattacks) where the broadcast assumed predicted states violate the estimation error set while remaining within the resilience set, as given in Eq. 14. In Algorithm 1, instead of discarding this information directly, we dynamically adjust the edge weight $a_{\mathit{ij}}\left(t\right)$ of the adjacency matrix $\mathcal{A}\left(t\right)$ to eliminate the adverse effects of Byzantine attacks. A question arises naturally: If the communication link $a_{\mathit{ij}}\left(t\right)$, $j\in {\mathcal{N}}_i^r\left(t\right)$ becomes normal, is it possible to recover the confidence weight? To address this problem, we provide a “second verification” mechanism for recovering less severe communication links. Under this verification mechanism, if attacks recur in the same communication channel/link and vehicles broadcast the misbehaving assumed predicted state given in Eq. 15, we consider the vehicle vulnerable and discard it. Conversely, if Byzantine attacks Eq. 14 occur at time $t_k^i$, then we will restore the trustworthiness of the associated vehicle and communication links at $t=t_k^i+W$ based on Algorithm 1.

This algorithm is referred to as the second verification algorithm and is summarized in Algorithm 2.

The detection and isolation mechanism (i.e., detecting attacks and isolating corrupted communication links/agents) for MAS under cyberattacks has recently gained attention [20], [41]. In contrast to these existing attack detection methodologies, the proposed secondary verification algorithm enhances the resilience of the system to a higher number of Byzantine attacks without increasing the robustness threshold of the network.

In this section, we present a DMPC-based platoon control algorithm for constrained ICVs in the presence of $F$-local Byzantine attacks. Inspired by the “pre-stabilizing” control method [42], the proposed control policy $u_i\left(t\right)={\varkappa }_i\left(t\right)+c_i^{\ast }\left(t\right)$ is designed in two steps:

(1) Pre-design the optimal platoon control strategy ${\varkappa }_i\left(t\right)$ for the unconstrained ICV based on the reliable predicted state information from the normal neighbors and the updated communication network $\mathcal{G}\left(t\right)$.

(2) Design the DMPC optimization problem ${\mathcal{P}}_i$ for vehicle $i$, $i\in \mathcal{V}$ to explicitly handle the estimation errors and the physical constraints, including the state and control input constraints. Solving the DMPC optimization problem ${\mathcal{P}}_i$ yields the optimal control input $c_i^{\ast }\left(t\right)$.

At time $t$, communication network $\mathcal{G}\left(t\right)$ may be updated when Byzantine attacks occur. In this work, we design an optimal platoon control ${\varkappa }_i\left(t\right)$ for the unconstrained ICV to achieve optimal control performance. Specifically, the predesigned optimal platoon control for vehicle $i$ depends on the relative states with its normal neighbors, that is,

where $\mathit{K}\left(t\right)$ denotes the predesigned optimal control gain matrix. For vehicle $i$, the assumed predicted states of neighbors ${\widehat{x}}_j\left(t\right)$ are employed to construct the predesigned optimal platoon control law. Consequently, the predesigned platoon control input in Eq. 17 can be written as follows:

Once the Byzantine vehicles are detected by Algorithm 1 and Algorithm 2, information from these vehicles is discarded. That is, Byzantine vehicles were isolated from the ICV, yielding a time-dependent communication network, $\mathcal{G}\left(t\right)$. When the communication networks change, we update the predesigned optimal control gain matrix $\mathit{K}\left(t\right)$, using various methods outlined in Refs. [43], [44].

At time $t$, the cost function $J_i\left({\mathbf{c}}_i\left(t\right)\right)$ for vehicle $i$, $i\in \mathcal{V}$ is designed as

where the weighting matrix $Q$ is positive definite and ${\mathit{c}}_i\left(t\right)=\text{col}\left(c_i\left(t|t\right),...,c_i\left(t+k|t\right),...\right)$ denotes the control sequence. Note that ${\left[c_1^{\text{T}},...,c_n^{\text{T}}\right]}^{\text{T}}$ is written as $\text{col}\left(c_1,\cdots ,c_n\right)$ and $\Vert c_i{\Vert }_Q^2$ denotes the weighted Euclidean norm ${c_i}^{\text{T}}Q{c}_i$.

At time $t$, given the current system state $x_i\left(t\right)$ of each vehicle $i$, $i\in \mathcal{V}$ and its neighbors’ assumed states ${\widehat{\mathit{x}}}_j\left(t\right)$, $j\in {\mathcal{N}}_i\left(t\right)$, the DMPC problem ${\mathcal{P}}_i$ is given as

where $k\in {\mathbb{N}}_{\ge 0}$. $x_i\left(t\right)$ denotes the state $x$ at time $t$, and $x_i\left(t+k|t\right)$ denotes the predicted state at future time $t+k$ determined at time $t$. Let ${\mathit{c}}_i^{\ast }\left(t\right)=\text{col}\left(c_i^{\ast }\left(t|t\right),...,c_i^{\ast }\left(t+k|t\right),...\right)$ be the optimal solution to problem ${\mathcal{P}}_i$ at time $t$. Then, we obtain the optimal control input for vehicle $i$

where $k\in {\mathbb{N}}_{\ge 0}$, the optimal control input sequence at time $t$ is ${\mathit{u}}_i^{\ast }\left(t\right)=\text{col}\left(u_i^{\ast }\left(t|t\right),...,u_i^{\ast }\left(t+k|t\right),...\right)$ and the corresponding optimal predicted state becomes

where $t\in \mathbb{N}$, the optimal state sequence is denoted by ${\mathit{x}}_i^{\ast }\left(t\right)=\text{col}\left(x_i^{\ast }\left(t|t\right),...,x_i^{\ast }\left(t+k|t\right),...\right)$. Furthermore, applying the first term of the optimal control input in Eq. 21 to the vehicle system in Eq. 4 yields

with $c_i\left(t\right)=c_i^{\ast }\left(t|t\right)$.

In what follows, some discussions of computation, stability, and optimality are provided.

(1) Discussion on computation and stability. The DMPC problem with an infinite prediction horizon usually has a high computational resource requirement, facilitating theoretical analysis, for example, feasibility and stability analysis. In practical applications, we use a DMPC problem with a sufficiently long finite prediction horizon to estimate an infinite prediction horizon case [45]. The stability analysis of finite horizon DMPC for ICV deserves further investigation.

(2) Discussion on optimality and constraint satisfaction. For an unconstrained ICV, a predesigned platoon control law is optimal for a specific cost function [44]. By contrast, the proposed DMPC-based platoon control gradually converges to the optimal control input and achieves suboptimal platoon control performance. Therefore, the algorithm handles physical constraints and achieves a trade-off between optimality and constraint satisfaction.

The overall RDMP2C algorithm for vehicle $i$, $i\in \mathcal{V}$ is summarized in Algorithm 3.

Note that each vehicle verifies the information from its neighbors in step 2 of Algorithm 3 based on Algorithms 1 and 2 at each time step. When the communication networks change, the predesigned platoon control gain matrix $\mathit{K}\left(t\right)$ in Eq. 21 is recalculated and updated.

In this section, the recursive feasibility of Algorithm 3 and the convergence analysis of the ICV under Byzantine attacks are discussed. We first present three technical lemmas before proceeding with the feasibility and convergence analyses in Theorem 1.

The following lemma on the nonnegative sequences $\left\{{\alpha }_k\right\}$, $\left\{{\beta }_k\right\},$ and $\left\{{\gamma }_k\right\}$ are fundamental to the resilient platoon analysis, and the proof can be found in Ref. [46].

Lemma 1. Let $\left\{{\alpha }_k\right\}$, $\left\{{\beta }_k\right\}$ and $\left\{{\gamma }_k\right\}$ be nonnegative sequences, suppose ${\sum }_{k=1}^{\infty }{\gamma }_k<\infty$ and

then the sequence $\left\{{\alpha }_k\right\}$ converges and ${\sum }_{k=1}^{\infty }{\beta }_k<\infty$.

Let ${\stackrel{\sim }{\mathit{c}}}_i\left(t+1\right)$ be the candidate control input sequence for optimization problem ${\mathcal{P}}_i$ at time $t+1$. Depending on whether the ICV is under attack at time $t+1$, two candidate input sequences ${\stackrel{\sim }{\mathit{c}}}_i\left(t+1\right)$ can be constructed.

Case 1. The network $\mathcal{G}\left(t+1\right)$ does not change at time $t+1$.

A candidate input sequence ${\stackrel{\sim }{\mathit{c}}}_i\left(t+1\right)$ at $t+1$ is then created by dropping the first input and appending a terminal zero element of the optimal control at $t$,

Case 2. The network $\mathcal{G}\left(t+1\right)$ changes at time $t+1$.

A candidate input sequence ${\stackrel{\sim }{\mathbf{c}}}_i\left(t+1\right)$ is constructed based on the optimal control sequence $u_i^{\ast }\left(t+k|t\right)$, that is

Lemma 2. For the ICV in the presence of $F$-local Byzantine attacks, if the initial state $x_i\left(0\right)$ is feasible and ${\sum }_{k=0}^{\infty }\Vert c_i\left(t+k|t\right){\Vert }_Q^2<\infty$, $t\in {\mathbb{N}}_{\ge 0}$, then the control sequence $c_i\left(t\right)$ satisfies ${\mathrm{l}\mathrm{i}\mathrm{m}}_{t\to \infty }{c}_i\left(t\right)=0$.

Proof of Lemma 2.To prove the convergence of $c_i\left(t\right)$ as $t\to \infty$, we introduce the following function

By choosing the control input sequence ${\stackrel{\sim }{\mathit{c}}}_i\left(t+1\right)=\text{col}\left(c_i^{\ast }\left(t+1|t\right),c_i^{\ast }\left(t+2|t\right),...\right)$ for the ICV when there are no attacks at $t+1$, the following relationship can be obtained:

The control input sequence ${\stackrel{\sim }{\mathbf{c}}}_i\left(t+1\right)$ is feasible but not necessarily an optimal solution to the problem ${\mathcal{P}}_i$ at $t+1$. Then, one has

It holds that

Note that there are at most $F$-local Byzantine attacks for vehicle $i$, $i\in \mathcal{V}$, which implies that the control input candidate in Eq. 26 is adopted no more than $F$ times during the time interval ${\mathbb{N}}_{\left[1,t_F^i\right]}$. Additionally, ${\stackrel{\leftharpoonup }{C}}_i=2\sum _{\tau =1}^F\sum _{k=0}^{\infty }\Vert {\stackrel{\sim }{c}}_i\left(t_{\tau }^i+k|t_{\tau }^i\right){\Vert }_Q^2<\infty$, with $\tau \in {\mathbb{N}}_{\left[1,F\right]}$.

Upon summing up $V_i\left(t+1\right)-V_i\left(t\right)$ in Eq. 30 from $t=0$ to $k$, we obtain

and $V_i\left(t\right)$ as $t\to \infty$, satisfies

in which $V_i\left(\infty \right)={\mathrm{l}\mathrm{i}\mathrm{m}}_{t\to \infty }{V}_i\left(t\right)$. From Lemma 1, we obtain that $V_i\left(t\right)$ converges as $t\to \infty$. Therefore, we have ${\mathrm{l}\mathrm{i}\mathrm{m}}_{t\to \infty }\Vert c_i^{\ast }\left(t|t\right){\Vert }_Q^2=0$, which implies that ${\mathrm{l}\mathrm{i}\mathrm{m}}_{t\to \infty }\Vert c_i\left(t\right)\Vert =0$.

Lemma 3. For any given scalar $\theta \in \left(0,1\right)$, suppose that the summable sequence $\left\{\kappa \left(t\right)\right\}$ satisfies ${\mathrm{l}\mathrm{i}\mathrm{m}}_{t\to \infty }\kappa \left(t\right)=0$, then it holds that ${\mathrm{l}\mathrm{i}\mathrm{m}}_{k\to \infty }{\sum }_{t=0}^k{\theta }^{k-t}\kappa \left(t\right)=0$.

The main theoretical results of ICV under the RDMP2C algorithm are as follows. Note that $\rho \left(\mathit{S}\right)$ represents its spectral radius of the matrix $\mathit{S}$.

Theorem 1. Consider constrained ICV Eq. 6 in the presence of $F$-local Byzantine attacks. Suppose that the communication network $\mathcal{G}$ is ( $F+1$)-robust, and Byzantine attacks can be detected using Algorithms 1 and 2. If the conditions $\rho \left({\mathrm{l}\mathrm{i}\mathrm{m}}_{p\to \infty }{\sum }_{s=0}^p{\mathit{A}}_K^{p-s}\mathit{B}\mathit{K}\left(t\right)\right)\le 1,\rho \left(A_K\right)<1$ are satisfied, with ${\mathit{A}}_K=\mathit{A}+\mathit{B}\mathit{K}\left(t\right)$, and the optimization problem ${\mathcal{P}}_i$ is feasible at $t$, $i\in {\mathcal{V}}_N\left(t\right)$, $t\in {\mathbb{N}}_{\ge 0}$, then

(1) the optimization problem has a feasible solution at $t+1$;

(2) the normal vehicles achieve resilient platoon, with $i,j\in {\mathcal{V}}_N\left(t\right)$ and $v^{\prime }=\left|{\mathcal{V}}_N\left(t\right)\right|$.

Proof of Theorem 1. (1) Proof of the recursive feasibility. For case 1 (i.e., network $\mathcal{G}\left(t+1\right)$ does not change), the proof directly follows the proof in Ref. [47] and is omitted here.

For case 2 (i.e., the network $\mathrm{G}\left(t+1\right)$ changes), the control input ${\stackrel{\sim }{\mathit{u}}}_i\left(t+1\right)=\text{col}\left({\stackrel{\sim }{u}}_i\left(t+1|t+1\right),{\stackrel{\sim }{u}}_i\left(t+1+2|t+1\right),...\right)$ becomes

where $k\in {\mathbb{N}}_{\ge 0}$. The constraint ${\stackrel{\sim }{u}}_i\left(t+1+k|t+1\right)\in {\mathcal{U}}_i$ holds at time $t+1$.

With the initial condition ${\stackrel{\sim }{x}}_i\left(t+1|t+1\right)=x_i^{\ast }\left(t+1|t\right)$ and the control inputs in Eq. 33, the corresponding system state ${\stackrel{\sim }{x}}_i\left(t+1+k|t+1\right)$ becomes

where $k\in {\mathbb{N}}_{\ge 0}$. Hence, constraints Eqs. (20e) and (20f) hold.

From Eqs. 22, 23, the feasibility is established at time $t+1$ when attacks occur.

(2) Proof of the convergence for the resilient platoon.

By substituting Eq. 21 into Eq. 4, we obtain

where $\mathit{x}\left(t\right)=\text{col}\left(x_1\left(t\right),x_2\left(t\right),...,x_{v\prime }\left(t\right)\right)$, ${\mathcal{L}}_{\mathit{G}}=\mathcal{L}+\mathit{G}$, $\mathit{G}=\mathit{G}\left(t\right)$, $\mathcal{L}=\mathcal{L}\left(t\right)$, $\mathbf{c}\left(t\right)=\text{col}\left(c_1\left(t\right),c_2\left(t\right),...,c_{v\prime }\left(t\right)\right)$, $\mathit{K}=\mathit{K}\left(t\right)$, $I_{v\prime }\in {\mathbb{R}}^{v\prime \times v\prime }$ is the identity matrix, and the symbol $\otimes$ denotes the Kronecker product. The corresponding variables and matrices for normal vehicles in Eq. 35 have compatible dimensions.

The state of the leader vehicle 0 is $x_0\left(t\right)\in {\mathbb{R}}^n$,

Define ${\check{x}}_i\left(t\right)=x_i\left(t\right)+d_{i0}$, ${\zeta }_i\left(t\right)={\check{x}}_i\left(t\right)-x_0\left(t\right)$ and $\mathit{\zeta }=\text{col}\left({\zeta }_1,{\zeta }_2,\dots ,{\zeta }_{v\prime }\right)$, $i\in {\mathcal{V}}_N\left(t\right)$, then we have

in which ${\mathit{u}}_0\left(t\right)=\mathbf{1}\otimes u_0\left(t\right)$ and $\mathbf{1}$ is a compatible vector with all elements to be $1$.

There always exists an orthogonal matrix $\mathit{U}=\left[\mathbf{1}/\sqrt{v\prime },U_2,...,U_{v\prime }\right]\in {\mathbb{R}}^{v\prime \times v\prime }$ such that the Laplacian matrix is diagonalized, that is, ${\mathit{U}}^{\text{T}}{\mathcal{L}}_G\mathit{U}=\text{diag}\left(0,{\lambda }_2,\dots ,{\lambda }_{v\prime }\right)$, where $U_i$, $i\in {\mathbb{N}}_{\left[2,v\prime \right]}$ is an orthogonal eigenvector of ${\mathcal{L}}_G$.

Using the property of Kronecker product, one obtains

Define $\stackrel{\sim }{\mathit{\zeta }}\left(t\right)=\text{col}\left({\stackrel{\sim }{\zeta }}_1\left(t\right),{\stackrel{\sim }{\zeta }}_2\left(t\right),\dots ,{\stackrel{\sim }{\zeta }}_{v\prime }\right)=\left({\mathit{U}}^{\text{T}}\otimes I_n\right)\mathit{\zeta }\left(t\right)$, then Eq. 37 is expressed by

Next, we define the transition matrix $\mathit{\Phi }=\text{diag}\left(\mathit{A},\mathit{A}+{\lambda }_2\mathit{B}\mathit{K},\dots ,\mathit{A}+{\lambda }_{v\prime }\mathit{B}\mathit{K}\right)$ and $\mathcal{B}=\left({\mathit{U}}^{\text{T}}\otimes I_n\right)\left(I_{v\prime }\otimes \mathit{B}\right)$, then Eq. 37 becomes

which implies that $\stackrel{\sim }{\mathbf{\zeta }}\left(t\right)={\mathit{\Phi }}^t\stackrel{\sim }{\mathbf{\zeta }}\left(0\right)+{\sum }_{k=0}^{t-1}{\mathit{\Phi }}^k\mathcal{B}\mathbf{c}\left(t-1-k\right)-{\sum }_{k=0}^{t-1}{\mathit{\Phi }}^k\mathcal{B}{\mathit{u}}_0\left(t-1-k\right),t\in {\mathbb{N}}_{\ge 1}.$

It holds that ${\stackrel{\sim }{\zeta }}_1\left(t\right)=1/\sqrt{v\prime }\left({\sum }_{i=1}^{v\prime }{\zeta }_i\left(t\right)\right)=0$. Also, owing to $\rho \left(\mathit{A}+{\lambda }_i\mathit{B}\mathit{K}\right)<1$, $i\in {\mathbb{N}}_{\left[2,v\prime \right]}$, we obtain the term ${\mathrm{l}\mathrm{i}\mathrm{m}}_{t\to \infty }{\mathit{\Phi }}^t\stackrel{\sim }{\mathbf{\zeta }}\left(0\right)=0$.

In light of $\rho \left(\mathit{A}+{\lambda }_i\mathit{B}\mathit{K}\right)<1$, there always exists a constant $\beta \in \left(0,1\right)$, such that

Define $E\left(t-1-k\right)=\Vert I_{v\prime }\otimes \mathit{B}\Vert \Vert \mathit{c}\left(t-1-k\right)\Vert$. Using the Cauchy–Schwarz inequality and Eq. 41, we have