Threshold design for fault detection with first order sliding mode observers

Sliding Mode Observer (SMO) based methods have been extensively used for Fault Estimation (FE). However, the fault detection (FD) problem for these SMO based FE methods has not been completely solved. In this paper a robust threshold on the so-called Equivalent Output Injection (EOI) is presented which enables FD for systems with measurement noise and unmatched uncertainties. This threshold is applicable to a large class of existing SMO based FE methods, and its applicability can easily be verified. Theoretical guarantees on the detection performance of this threshold are provided, and further demonstrated via a simulation study. © 2022TheAuthor(s).PublishedbyElsevierLtd.ThisisanopenaccessarticleundertheCCBYlicense (http://creativecommons.org/licenses/by/4.0/).


Introduction
Following the ever growing adoption of automation technologies, also safety critical systems, such as industrial processes and autonomous vehicles, are gaining increasing autonomy.Such development calls for robust fault detection, identification, and estimation (FDIE), in order to sustain system autonomy also in the presence of faults, without requiring intervention by a supervisor.
Nevertheless, a challenge that still needs to be addressed is the design of SMO-based FD methods when measurement noise is present.Such noise prevents ideal sliding motion to be reached: this causes the FE results to no longer be exact, and thus existing methods that use them for FD cannot lead to robust detection.In this work, we will address the FD problem for systems with measurement noise and (un)matched uncertainties, by developing a robust detection threshold.Some works consider the effects of measurement noise on SMO-based state and fault estimation using higher order SMOs, giving time-averaged/order bounds on the accuracy (de Loza et al., 2015;Fridman et al., 2007;Levant, 2003;Poznyak, 2003).However, the works considering the effect of measurement noise on FOSMO-based FE are very limited.In Zhirabok, Shumsky and Zuev (2021) it is required that measurement errors directly affect the state equation, whereas (Yang, Zhu, & Zhang, 2013) assumes the measurement noise derivatives to be bounded.Both these noise representations are restrictive and may limit the practical applicability.
In this work the FD problem for SMO based FDIE is addressed by designing a robust and deterministic FD threshold, applicable to a large class of FOSMOs, such as Alwi et al. (2008), Edwards et al. (2000), Keijzer et al. (2021), Tan and Edwards (2001, 2002, 2003) and Wang et al. (2017).Specifically, it will be proven that the threshold is applicable to the SMOs from Keijzer et al. (2021) and Tan and Edwards (2003).The designed threshold allows for robust FD on systems with measurement noise and (un)matched uncertainties.Furthermore, sufficient conditions will be presented (1) for which there exists a realisation of the uncertainty and measurement noise such that detection occurs and (2) for which detection is guaranteed for all uncertainty and noise realisations.
In Section 2 the threshold design problem is formulated.In Section 3 a time response of the so-called Equivalent Output Injection (EOI) is presented, such that it can be used as the basis of the fault detection threshold design in Section 4. In Section 5, guarantees on the detection performance are presented.In Section 6 it will be proven that the designed threshold is applicable to a large class of SMOs.Lastly, a simulation example of a collaborative vehicle platoon is used to demonstrate the threshold performance in Section 7.

Notation
For a vector x, x (i) denotes the ith element of x.Inequalities for vectors are evaluated element-wise.x and x denote the true, possibly unknown bounds on x which are defined element-wise x and x denote known bounds such that x ≥ x and x ≤ x always hold.Superscript 0 denotes healthy behaviour, and superscripts u and l denote the variable is related to the so-called upper and lower thresholds respectively.diag(X ) denotes a column vector containing the diagonal elements of a square matrix X .|x| denotes the elementwise absolute value of a matrix or vector x.Lastly, when x = 0, it is considered sign(x) = −sign(x nz ) where x nz is the last non-zero x.

Problem formulation
The aim of this paper is to present a design for a robust detection threshold that is applicable to a large class of FOSMO based fault estimation schemes.The class of systems to which the threshold is applicable will be characterised in this section using three propositions.Such statements are not restrictive, as they can be proven to hold for many existing SMOs.In Section 6, due to space constraints, the proofs will be presented only for two selected SMOs.Furthermore, in this section, the threshold design problem is formalised by introducing suitable design criteria.

System description
Let us consider a dynamical system with the form where x 1 ∈ R n−p and x 2 ∈ R p are partitions of the system state; y ∈ R p is the system output; u ∈ R w is the system input; f ∈ R r is a time varying term representing the fault to be detected; ζ 1 ∈ R q 1 is the system uncertainty; ζ 2 ∈ R q2 is the measurement noise; and h 1 : R p×w → R n−p and h 2 : R p×w → R p are known, possibly nonlinear functions.The following, common assumptions characterise the fault and the uncertainties.
Using the notation defined in Section 1.1, ζ1 , ζ2 and f are assumed to be known, deterministic values.
We will consider an SMO of the general form where x1 ∈ R n−p , x2 ∈ R p and ŷ ∈ R p are the state and output estimates; e y ≜ y − ŷ; and ν ∈ R p is the switching output feedback.The error dynamics then becomes , and where K ν ≻ 0 ∈ R p×p is the gain matrix of a stable filter, ν eq is the so-called Equivalent Output Injection (EOI), and g : R p → R r is the fault estimation function.
Remark 1.The function g(ν eq ) can vary and depends on the specific SMO which is used.However its definition does not affect the applicability of the threshold derived in the present work.

Threshold applicability propositions
Based on the error dynamics, Propositions 1-3 together provide a sufficient condition for the threshold to be applicable.As an exemplification, in Section 6 we will prove that they hold for the SMOs from Keijzer et al. (2021) and Tan and Edwards (2003).
Proposition 1.In Eq. (1), A 11 is Hurwitz, K ν ≻ 0 is a diagonal matrix, C 2 is invertible, and K 2 ̸ = 0. Proposition 2. The following conditions on e 2 hold.The relation between true-faulty and known-healthy bounds can thus be conveniently written as where δ e > 0 and δ ė > 0 represent the difference between the true and known bound, and δ f : R r → R p , δ + ḟ : R r → R p , and δ − ḟ : R r → R p represent the effect of a fault.Here, and in the following, the superscripts + and − denote a variable relates to time periods during which the sign of ė2 is, respectively, positive or negative.
Proposition 3.For any j and d f such that |f (j) | ≥ d f , there exists a γ > 0 and an index i such that either of the following holds.
Remark 3. Proposition 1 presents some requirements on the observer matrices which are common for SMOs.Furthermore, Proposition 2 bounds the area around the ideal sliding surface to which the observer error is attracted.These conditions will form the basis of the threshold design.Lastly, Proposition 3 requires the fault to affect the system, which is needed for the fault to be detected.

Threshold design problem
In this paper a threshold is designed on the EOI, ν eq .The lower and upper thresholds are denoted as νeq and ν eq respectively.Detection occurs if ν eq > νeq or ν eq < ν eq .The thresholds νeq and ν eq are designed such that: 1.The threshold is applicable to all systems and SMOs which fit the general error dynamics of (1) and for which Propositions 1-3 hold.2. The threshold is deterministic and robust to uncertainties, i.e. there are no false positives.
3. If δ e = 0 and δ ė = 0, for any non-zero fault there exists a realisation of the uncertainty and noise such that detection occurs.4. Any fault of sufficient magnitude, which is sustained for a sufficient duration, is detected for all realisations of the uncertainty and noise.Here the sufficient magnitude and duration are specified in Theorem 3.

Equivalent output injection dynamics
The detection logic which will be used in this paper is based on comparing the EOI, ν eq , to the detection threshold.Therefore, in this section we will first derive the time response of the EOI.
Then in Section 4 this will be used for threshold design.
Recall the definition of the EOI in Eq. ( 2).As ν is piecewise constant, the time response of each element of the EOI, ν eq,(i) , can be written in closed form.To simplify notation, for each element ν eq,(i) , let us denote k i = K ν,(i,i) .Furthermore, we define the so-called switching times, {t j } i , as the sequence of times at which ν (i) changes sign.Note that the switching times are not equally spaced, but depend on the system dynamics.In the following, wherever possible, derivations will be shown for one element ν fil,(i) and the subscript i will be dropped to ease notation.Furthermore, without loss of generality, it is assumed that ν (i) is positive during each period [t 2j t 2j+1 ], and ν (i) is negative during . (5) During the next period [t 2j+1 t 2j+2 ], ν (i) = −1, so the EOI response over any period [t 2j+1 t], where t 2j+1 ≤ t ≤ t 2j+2 , can be written as Substituting Eq. ( 5), with t = t 2j+1 , into Eq.( 6) gives for t 2j+1 ≤ t ≤ t 2j+2 .Substituting Eq. ( 7), with t = t 2j+2 , into itself, and repeating this process N times, the EOI at t 2N for any An example of a healthy EOI response, with the corresponding behaviour of e 2 is shown on the left in Fig. 1.

Fault detection threshold
In this section the detection threshold is designed as an upper bound on the healthy EOI response.This way, by construction, the threshold is guaranteed to have no false positives, i.e. design criterion 2 is satisfied.The resulting threshold consists of two parts.First, a threshold is designed bounding the EOI response considering only one period between switches.This threshold is called the peak threshold.However, for this threshold no sufficient conditions guaranteeing detection exist.Therefore, a so-called sustained condition is designed to serve as an initial condition for the peak threshold.The resulting threshold will be called the combined threshold.Sufficient conditions for fault detection using the combined threshold are presented in Section 5.
Because the threshold is modelled as a bound on the healthy EOI, first recall the EOI responses in Eqs. ( 5) and ( 8).From these EOI responses, a particular observation can be made, which will form the basis of the whole threshold design: the EOI can be determined by the knowledge of its initial value and by the duration of the periods between switches, t j − t j−1 .These periods between switches can be bound based on the known limits on e 2 from Proposition 2. Bounding the duration of these periods in healthy conditions will thus form the core of the threshold design.
Remark 4. In the following the design procedure will only be shown for the upper threshold.The lower one can be derived similarly and only the end result will be stated.

Peak threshold
The peak threshold considers the worst-case behaviour of the healthy EOI over one period between switches.As can be seen in Eq. ( 5), this occurs for the maximum duration of a period between switches, which we will denote t0,u .t0,u occurs for the hypothetical behaviour of e 2 where e 2 moves from its minimum, −ẽ 0 2 , to its maximum, ẽ0 2 , with the minimum rate, ė0,+ , where we will drop the subscript i to ease notation.With these definitions, by Proposition 2, t0, in Eq. ( 5), gives the bound on the healthy EOI νpeak eq,(i) (t 2j ) ≜ e −kt 0,u ν eq,(i) (t 2j ) + 1 − e −kt 0,u , which is the so-called peak threshold.Here the argument t 2j denotes the time at which the threshold is calculated, or reset based on the current value of the EOI, ν eq,(i) (t 2j ).The resulting threshold is constant until a new peak threshold is calculated at t 2(j+1) .This threshold is used with the fault detection logic A lower peak threshold can be designed similarly as , for which the fault detection logic is ∃ i, j s.t.ν eq,(i) (t) < ν peak eq,(i) (t 2j+1 ) for t ∈ [t 2j+1 t 2j+3 ] . (10) This lower threshold has to be calculated, or reset, at every t 2j+1 based on the current value of the EOI ν eq,(i) (t 2j+1 ), and holds until t 2j+3 .The peak thresholds, as presented above, are applicable to the considered SMOs, and are deterministic, i.e. design criteria 1 and 2 hold. 1 However, its detection capabilities are not consistent, thus failing to meet criterion 4.This issue is formalised by the following theorem.
, no sufficient condition on f exists guaranteeing fault detection using the peak thresholds.That is, regardless of f there always exists a realisation of ζ 2 (t) such that neither of the detection conditions are satisfied.
Proof.From (3) and the hypothesis, Substituting this ζ 2 in the definition of e y from (1) gives e y = 0. Thus there always exists a ζ 2 such that e y = 0.By the definition of the sign function (see Section 1.1), a switch occurs when e y = 0, thus there always exists a realisation of ζ 2 that makes the time between switches arbitrarily small.Detection with the peak threshold occurs only if the time between two switches is sufficiently large, specifically if t 2j+1 − t 2j > min( t0,u , t0,l ).Therefore, detection with the peak threshold can never be guaranteed.□ 1 Design criterion 3 also holds for the peak thresholds, however due to space constraints the proof will not be provided.
Remark 5.In Section 6 it will be proven that ẽ2 ≤ max holds for the two selected SMOs.
To satisfy design criterion 4, the threshold design needs to be changed.In particular, we no longer want to use ν eq (t 2j ) and ν eq (t 2j+1 ) as reset conditions for the peak thresholds.This will allow to decouple the detection performances from the actual trajectory of ν eq , which depends on the uncertainty realisation and not only on the fault f .To achieve this, in the following section global bounds on ν eq (t 2j ) and ν eq (t 2j+1 ) will be designed.

Sustained condition & combined threshold
In this section the so-called sustained condition, denoted by νeq,0,(i) , is introduced as an initial condition for the peak threshold.
The sustained condition replaces the reset to ν eq,(i) (t 2j ), which was used for the upper peak threshold.The sustained condition will be defined later.Using the sustained condition as initial condition for the peak threshold gives the so-called combined threshold as νeq,(i) (t 2j ) = e −kt 0,u νeq,0,(i To guarantee that the combined threshold does not result in any false detection, for healthy behaviour the sustained condition should globally upper-bound ν eq,(i) (t 2j ).By doing so the combined threshold can globally bound the healthy EOI without requiring the resets previously needed for the peak threshold.Furthermore, ν eq,0 should be an initial condition for the peak threshold.Therefore, the hypothetical behaviour of e 2 leading to ν eq,0 should also be an initial condition for the behaviour of e 2 leading to the peak threshold.Therefore, as the hypothetical behaviour leading to the peak threshold starts at e 2 = −ẽ 2 , for the design of νeq,0 , e 2 needs to be constrained as e 2 (t 2j ) = −ẽ 2 ∀j, as can be seen in Fig. 2. Now we will use the bounds on e 2 from Proposition 2, together with the newly found constraint e 2 (t 2j ) = −ẽ 2 ∀j to bound the time between switches as e 2,(i) (t 2j+2 ) − e 2,(i where ė0,+ 2,(i) and ė−,0 2,(i) are the average of |ė 0 2,(i) | over periods [t 2j t 2j+1 ], and [t 2j+1 t 2j+2 ], respectively.These averages, ė0,+ 2,(i) and ė−,0 2,(i) , can be bound in the same way as |ė 0 2 | is bound by Proposition 2. Using these bounds, the ratio between switching times defined in Eq. ( 12) can be bound for healthy behaviour as . , and t j− = t 2j −t 2j−1 , such that we can write t 2j+1 − t 2j ≤ r 0,u e t j− .Using this bound in the EOI response from Eq. ( 8) gives the upper sustained condition as νeq,0,(i) ) .
(13) which can be calculated at time t 2j , for each j ∈ Z + , and is valid over the period [t 2j t 2j+2 ].Substituting this sustained condition in Eq. ( 11) gives the combined threshold.Note that, by construction, this combined threshold satisfies design criteria 1 and 2. The corresponding detection logic is given in Eq. ( 9).
A lower combined threshold can be designed similarly as ν eq,(i) (t 2j+1 ) =e −kt 0,l ν eq,0,(i) (t 2j+1 ) − 1 + e −kt 0,l , ν eq,0,(i) (t 2j+1 ) =e −k(1+r 0,l e ) ∑ j ℓ=0 t ℓ+ ν eq,(i) (t 1 ) + e −k(1+r 0,l e ) ∑ j ℓ=0 t ℓ+ ) , , and the detection logic as in Eq. ( 10).Even though this combined threshold is not reset at every switch, like the peak threshold was, it still requires to be recalculated at every switch, as t j− and t j+ are actual durations between switches.Furthermore, as t j− and t j+ are also influenced by the system uncertainty and measurement noise, the combined threshold is different for each realisation.Therefore, in the next section a constant upper-bound to the combined threshold will be designed, which can be calculated off-line.

Constant combined threshold
In this section a constant upper-bound to the combined threshold is designed.This threshold will be called the constant combined threshold.A constant threshold reduces the computational burden to a single off-line calculation.To calculate the constant threshold, first, without loss of generality, assume t j− = t − for all j.This allows us to rewrite Eq. ( 13) as νeq,0,(i) =e −k(1+r 0,u e )Nt− ν eq,(i) (t 0 ) + 2(e −kt− − 1) Considering the effect of N alone, this bound will always increase for increasing N. Therefore, take N → ∞ to get a simplified constant threshold.
Only considering the effect of t − , this expression is maximised for minimal t − .So, by taking the limit for t − → 0, once again a simplified upper-bound on the time-varying threshold is obtained.Using L'Hospital's rule this gives Substituting the definition of r 0,u e this gives νconst eq,0 Substituting this expression in Eq. ( 11) gives the constant combined threshold as νconst eq,(i) = e −kt 0,u νconst eq,0,(i) + 1 − e −kt 0,u . ( The used detection logic can be found in Eq. ( 9).A lower combined constant threshold can be designed similarly, resulting in ν const eq,(i) = e −kt 0,l ν const eq,0,(i) , with detection logic as in Eq. ( 10).
To summarise, in this section, first the so-called peak threshold νpeak eq has been designed in Section 4.1.This threshold does allow for fault detection, but, detection can never be guaranteed.To address this sensitivity to measurement noise, the sustained condition, νeq,0 , was introduced in Section 4.2 as a global ini- tial condition from which the combined threshold, νeq , can be calculated.For this combined threshold fault detection can be guaranteed, as will be proven in Section 5.However, it still has to be recalculated online at every switch of ν.To reduce the computational burden, in Section 4.3, a constant combined threshold νconst eq has been designed which over-bounds the combined threshold.
Remark 7. The derived detection thresholds are based on a novel approach to bound ν eq .As such, a full analytical derivation and a suitable notation were required.However, this does not lead to a high computational cost.νeq can be obtained online by Eqs. ( 11) and ( 14); νconst eq can be obtained offline by Eqs. ( 16) and ( 17).

Detectability analysis
In this section the performance of the combined threshold is analysed.In doing so it will be proven that the threshold satisfies design criteria 3 and 4. First, in Theorem 2 a condition will be presented for which there exists a realisation of the noise and uncertainty such that detection occurs.Then, in Corollary 1, it will be proven that without uncertainty the condition from Theorem 2 reduces to f ̸ = 0, proving design criterion 3 is satisfied.
2 ), and 2 +δ e ė0,+ 2 there exists a realisation of the uncertainty ζ 1 and noise ζ 2 such that detection occurs with the combined threshold.
Proof.In order to prove that there exists a realisations of ζ 1 and ζ 2 such that detection occurs (using the upper threshold), we first design a function νeq such that ∃t, ζ 1 , ζ 2 s.t.ν eq (t) ≥ νeq .Then, based on this function νeq > νeq (18) needs to hold to prove the theorem.The behaviour leading to the upper combined threshold is based on the realisations of ζ 1 and ζ 2 that maximise ν eq .Therefore, with the same methodology, but using the faulty-true bounds instead of the healthy-known bounds, νeq is defined as νeq,(i) = e −kt u νeq,0,(i) + (1 − e −kt u ), where tu = 2ẽ 2 ˜ė + 2 and νeq,0,(i) is defined as in Eq. ( 13) where we replace r 0,u . Satisfying relation ( 18) is now implied by tu > t0,u and ru e > r 0,u e .Using Eq. ( 4) tu > t0,u can be written as and ru e > r 0,u e can be written as Similarly, using the lower peak threshold, we obtain Assume δ e = 0 and δ ė = 0.If f ̸ = 0 there exists a realisation ζ 2 and ζ 1 for which detection occurs.
Proof.Using the equalities in the theorem statement, the condi- By Proposition 3 these conditions are implied by f ̸ = 0. □ In the following, a sufficient condition will be presented guaranteeing fault detection in terms of a minimum fault magnitude, i.e. all faults continuously larger than this magnitude are guaranteed to be detected in finite time.
a fault is guaranteed to be detected within finite time.
Proof.To prove that detection is guaranteed for all realisations of ζ 1 and ζ 2 , first define a function such that ∃t s.t.ν eq (t) ≥ νeq ∀ζ 1 , ζ 2 .Then, based on this function, the relation needs to hold to prove the theorem statement.
With this, detection can be guaranteed, according to Eq. ( 19), if > νeq,(i) which can be simplified to where subscript (i) is dropped to ease notation.Similarly considering detection by the lower threshold we obtain Corollary 2. If f is sufficiently large there always exists an f such that the conditions in Theorem 3 hold.
Proof.By Assumption 2 and Proposition 3 there exists an f Substituting this in the first condition of Theorem 3 -for detection with the upper threshold -gives Similarly for detection with the lower threshold we get .
Therefore, if f satisfies Eqs. ( 20) or ( 21), there exists an f s.t.one of the conditions in Theorem 3 holds.□

Proving the applicability propositions
In this section, Propositions 1-3 from Section 2 are proven for the SMOs proposed in Keijzer et al. (2021) and Tan and Edwards (2003).Similar proofs exist for many other existing SMOs such as Alwi et al. (2008), Edwards et al. (2000), Tan andEdwards (2001, 2002) and Wang et al. (2017).However, due to space constraints these proofs are omitted.Keijzer et al. (2021) The work by Keijzer et al. is one of the few which relaxes the matching condition for fault estimation while still only using a single FOSMO.By doing so, however, the state partition x 1 cannot be estimated.Furthermore, Keijzer et al. (2021) already considers system uncertainties and measurement noise, such that the threshold is applicable without any change to the observer.The SMO error dynamics in Keijzer et al. (2021) can be written as  Tan and Edwards (2003) The SMO design by Tan and Edwards considers a system with model uncertainty to estimate both actuator and sensor faults.The work, however, does not consider measurement noise and requires the matching condition.Here, the SMO is applied on a system with measurement noise F ζ 2 .With the measurement noise, the observer error dynamics from equations ( 23) and ( 24) in Tan and Edwards (2003) can be written in the general form (1) as

SMO from
where ζ 1 , ζ 2 and f are bounded (see Eq. ( 3) and below in Tan and Edwards (2003)), such that Assumption 2 holds.Below we will present the proofs of Propositions 1-3, as introduced in Section 2.2.
Proof of Proposition 1.The proof can be found in Eq. ( 19), the Remark below Equation ( 21) and Equation (24) of Tan and Edwards (2003).□ Proof of Proposition 2. We extend Proposition 1 in Tan and Edwards (2003).Here statement (26) in Tan and Edwards (2003) depends on e ⊤ 2 Pν < 0 2 , which is true trivially for a system without measurement noise.For a system with measurement noise this can be untrue if −F ζ 2 < e 2 < F ζ 2 .Therefore, only practical convergence to an area |e 2 | ≤ max t (F ζ 2 ) = ẽ2 can be proven.This allows to define ē2 = |F | ζ2 .By substituting ρ in the right hand side of Equation ( 24) in Tan and Edwards (2003) it can be proven that sign(ė 2 ) = −sign(Pe y ).Furthermore, bounds on ė2 can be obtained by bounding the right hand side of Equation ( 24) in Tan and Edwards (2003).□ Proof of Proposition 3. From the bounds on e 2 in Proposition 2 it can directly be found that δ f = 0 and δ − ḟ = δ + ḟ = N 2 f , where N 2 is full column rank.□

Simulation example
As a simulation example, we consider a platoon of cooperative autonomous cars.Collaboration occurs by communication of the control input to the following car and only longitudinal dynamics are considered.The communicated control input is subject to Man-In-The-Middle attacks, which should be detected.Below, first, the considered system will be introduced.Then, the observer from Keijzer et al. (2021) will be applied to this system using two 2 Tan and Edwards ( 2003) use e y to denote e 2 .
different sets of observer parameters.A discussion is presented on the effect of these parameter choices.The model used by the SMO for car i is taken from Keijzer and Ferrari (2021) and can be stated as where ζ 2 is white noise.To obtain this model, we assume ∆ỹ = 0 in Equation (3) in Keijzer and Ferrari (2021) 1.

Parameter study
In this section we will investigate the detection performance of the designed detection threshold for the system presented above.To this end we introduce two sets of design parameters which will be referred to as the slow and fast parameter sets.The slow parameter set is ] is presented for both parameter sets and for varying measurement noise bounds ζ2 .Note that for this parameter study the measurement noise bounds on each measurement are equal.One can see that for low noise bounds better detection results are obtained with the fast parameter set.However, for larger noise bounds the attack is no longer detected with the fast parameter set.This because for the same noise bound the threshold corresponding to the fast parameter set is higher than for the slow parameter set.Based on this result, the optimal parameter set for any application of the presented detection threshold depends on the system uncertainty, including measurement noise, and the expected fault/attack magnitude.Furthermore, the fault/attack shape is another factor that is not taken into consideration here.As the detector is guaranteed to have no false detections, it is possible to simultaneously use multiple detectors, without loss in accuracy.Each detector can then be designed for a specific type of fault.

Detection results for a simulation scenario
The scenario that has been simulated considers a platoon of two cars, the leader vehicle (vehicle 0) and the follower vehicle (vehicle 1).The true input of the leader vehicle is shown with the dashed black line in Fig. 4a.Furthermore, two attacks are introduced on the communication from the leader vehicle to the follower vehicle, which are depicted by the red solid line in Fig. 4a.First, at 2 s a varying step-like attack is introduced.Secondly, at 37 s a ramp attack is introduced.
For the scenario presented above we have applied the SMO from Keijzer et al. (2021) with the slow and fast parameter sets presented above.Detection performance for both parameter sets are shown in Figs.4b and c, where the blue line is the element of the EOI relevant for detection, the solid purple line is the corresponding lower combined threshold, the dashed purple line is the lower constant combined threshold, and the red areas indicate cyber-attack detection by the constant combined threshold.Furthermore, note that for the considered combination of system and observer, by Proposition 3, we have f = −ν eq,(2) .Therefore, the estimation capability of the SMO can also directly be seen from Figs. 4b and c.As shown in Figs.4b and c, the threshold for the slow parameter set is closer to zero than for the fast parameter set.In general, the threshold is lower for lower values of K 2 and K ν .Therefore, with the slow parameter set smaller cyber-attacks can be detected.This can also be seen in the presented scenario where the ramp-shaped attack is detected at 55.8 s with the slow parameter set but not with the fast parameter set.Conversely, if the attack is sufficiently large, detection with the fast parameter set is faster as illustrated by detection of the first step-like attack.Here the attack is detected at 3 s with the fast parameter set and at 7.1 s with the slow parameter set.In the considered platooning scenario, the steplike attack causes a crash between the vehicles at 6.2 s, meaning only detection with the fast parameter set is sufficiently fast.For the ramp attack a crash occurs at 56.2 s, meaning detection with the slow parameter set at 55.8 s is sufficiently fast.Therefore, both parameter sets need to be used simultaneously to provide sufficiently fast detection for this simulation example.

Concluding remarks
Sliding Mode Observers (SMOs) have been used extensively for fault estimation (FE), allowing for exact fault estimation under idealised assumptions such as the absence of measurement noise.In this paper the fault detection (FD) problem is addressed when these SMOs are applied to systems with unmatched uncertainties and measurement noise.To this end time-varying and constant robust thresholds are designed for which theoretical guarantees on detection performance are provided.
The applicability of the designed threshold can be evaluated based on three propositions relating the structure of the SMO error dynamics, boundedness of the healthy SMO errors, and the influence of the fault.Based on this, it can be concluded the threshold is applicable to a large class of SMOs.The SMO is finally applied to two existing SMOs, one of which is then demonstrated in a simulation of a Collaborative Vehicle Platoon.The simulation example shows that the theoretical detection guarantees provided hold in this scenario.
illustrated in the right part of Fig. 1, leading to the definition below.Similarly also the known bound t0,u i is defined below, based on the known bounds on e 2 .
Now we will use this bound on the duration between switches to bound the EOI.Let us define r 0

Fig. 2 .
Fig. 2. Worst-case EOI response for the sustained condition design with corresponding hypothetical e 2 behaviour.

Fig. 3 .
Fig. 3. Detection time of a step attack of 2.8 m/s 2 for different measurement noise bounds ζ2 .ζ1 = 1 is kept constant.

Fig. 4 .
Fig. 4. (a) Input of lead vehicle and cyber-attack.(b), (c) Second element of EOI with its lower threshold.Vertical axes are inverted to highlight the estimation capability of the SMO.(b) Fast parameters; (c) Slow parameters.

Table 1
Parameters used in simulation.