Optimal State Estimation Synthesis over Unreliable Network in Presence of Denial-of-Service Attack: an Operator Framework Approach

Mohammad Naghnaeian

arxiv: 1907.10682 · v1 · pith:2M72AMUQnew · submitted 2019-07-24 · 🧮 math.OC · cs.SY· eess.SY

Optimal State Estimation Synthesis over Unreliable Network in Presence of Denial-of-Service Attack: an Operator Framework Approach

Mohammad Naghnaeian This is my paper

Pith reviewed 2026-05-24 16:28 UTC · model grok-4.3

classification 🧮 math.OC cs.SYeess.SY

keywords state estimationdenial-of-service attackLuenberger observeroperator-gainlinear programmingconvex optimizationworst-case designswitching measurements

0 comments

The pith

The optimal state estimator minimizing worst-case error under DoS attacks is obtained by linear programming over stable factors of an operator-gain.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper treats state estimation when a denial-of-service attack can switch the plant from full to partial sensor measurements. It first characterizes every estimator that keeps the error stable no matter which attack sequence the adversary chooses. Every such estimator turns out to be a generalized Luenberger observer whose gain is an operator that may be unbounded. The remaining task of choosing the observer that yields the smallest possible worst-case error then reduces to a linear program whose decision variables are the stable factors of that operator. A reader would care because the approach converts an apparently non-convex robust-design problem into a standard, solvable convex program.

Core claim

We parameterize the set of all state-estimators that result in stable estimation error for the worst-case attack scenario. Any state-estimator in this set can be written as a generalized Luenberger observer with an appropriately defined observer-gain. This observer-gain, in general, can be an operator and possibly unbounded as opposed to the classical static observer-gain. Furthermore, finding the optimal state-estimator that results in the minimum estimation error can be cast as a convex program over the set of stable factors of the observer operator-gain; this optimization is in fact linear programming and tractable.

What carries the argument

The observer operator-gain together with its stable factors; these objects parameterize every stabilizing estimator and convert the min-max error objective into a linear program.

If this is right

The synthesis problem is solved by a standard linear program rather than a search over all possible estimators.
The resulting estimator is guaranteed to be optimal for the worst-case attack sequence.
Stability of the estimation error holds for every attack pattern once the program is feasible.
The method directly accommodates the switching measurement structure induced by the attack.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

The same operator parameterization could be applied to other switching or intermittent observation problems outside DoS attacks.
If the linear program is solved online, the approach might support adaptive estimators that react to detected attacks.
The framework suggests that static-gain observers are generally suboptimal when attacks can arbitrarily drop measurements.

Load-bearing premise

Every estimator that keeps the error stable against the worst attack sequence can be expressed as a generalized Luenberger observer whose gain is some operator.

What would settle it

An explicit counter-example of a stable estimator that cannot be realized by any generalized Luenberger observer with operator gain, or a concrete instance where the linear program returns a higher error than a known stable estimator.

read the original abstract

In this paper, we consider the problem of state-estimation in the presence of Denial-of-Service (DoS) attack. We formulate this problem as an state estimation problem for a plant with switching measured outputs. In the absence of attack, the state-estimator has access to all measured outputs, however, in the presence of attack, only a subset of all measurements are made available to the state-estimator. We seek to find an state-estimator that results in the minimum estimation error for the worst-case attack strategy. First, we parameterize the set of all state-estimators that result in stable estimation error for the worst-case attack scenario. Then, we will show that any state-estimator in this set can be written as a generalized Luenberger observer with an appropriately defined observer-gain. This observer-gain, in general, can be an operator and possibly unbounded as opposed to the classical static observer-gain. Furthermore, we will show that finding the optimal state-estimator that results in the minimum estimation error can be cast as a convex program over the set of stable factors of the observer operator-gain. This optimization in, in fact, linear programming and tractable.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

0 major / 3 minor

Summary. The manuscript addresses optimal state estimation for linear plants under Denial-of-Service attacks on sensors. The problem is formulated as estimation for a system with switching measured outputs (full measurements absent attack, subset available under attack). The authors parameterize all estimators guaranteeing stable error dynamics against the worst-case attack sequence, represent every such estimator as a generalized Luenberger observer whose gain is an (possibly unbounded) operator, and reduce the search for the minimum worst-case-error estimator to a linear program over the stable factors of that operator gain.

Significance. If the parameterization and reduction to LP are correct, the work supplies a convex, computationally tractable synthesis procedure for robust estimators in adversarial networked settings. The extension of Youla-type factorization to operator gains in the switched-output case induced by DoS is a technical contribution that unifies the treatment of attack-induced switching within a single convex program; the explicit claim of linear-programming tractability is a concrete strength when supported by the derivations.

minor comments (3)

[Abstract] Abstract: 'an state-estimator' should read 'a state-estimator'.
[Abstract] Abstract: 'This optimization in, in fact, linear programming' contains a repeated 'in,' and should read 'This optimization is, in fact, linear programming'.
[Abstract / Introduction] The manuscript would benefit from an explicit statement of the precise norm or cost functional being minimized in the LP (e.g., induced norm of the error operator) and from a brief remark on how the Youla factors enter the objective linearly.

Simulated Author's Rebuttal

0 responses · 0 unresolved

We thank the referee for the positive evaluation of the manuscript and the recommendation of minor revision. The work parameterizes stable estimators for switched-output systems induced by DoS attacks and reduces optimal design to linear programming over stable operator factors; we are pleased that the convex synthesis procedure and technical unification are viewed as contributions.

Circularity Check

0 steps flagged

No significant circularity; derivation self-contained within stated LTI framework

full rationale

The provided abstract and skeptic review describe a parameterization of stable estimators as generalized Luenberger observers followed by reduction to LP over stable factors via Youla-type factorization. No equations, self-citations, or explicit reductions to fitted inputs are quoted in the given text. The parameterization is presented as internally consistent for the switched-output setting without load-bearing self-citation chains or self-definitional steps. Absent specific paper equations showing equivalence by construction, no circular steps are identifiable.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

Abstract-only review yields no identifiable free parameters, axioms, or invented entities; the approach is described at the level of standard control-theoretic concepts whose detailed assumptions cannot be extracted.

pith-pipeline@v0.9.0 · 5750 in / 1158 out tokens · 33521 ms · 2026-05-24T16:28:50.255730+00:00 · methodology

discussion (0)

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

IndisputableMonolith/Cost/FunctionalEquation.lean washburn_uniqueness_aczel unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

any state-estimator in this set can be written as a generalized Luenberger observer with an appropriately defined observer-gain... cast as a convex program over the set of stable factors of the observer operator-gain. This optimization is in fact linear programming
IndisputableMonolith/Foundation/RealityFromDistinction.lean reality_from_one_distinction unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

parametrize the set of all stable state-estimators... Tσ Xσ [Cσ; ΛA−I] = I

What do these tags mean?

matches: The paper's claim is directly supported by a theorem in the formal canon.
supports: The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends: The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses: The paper appears to rely on the theorem as machinery.
contradicts: The paper's claim conflicts with a theorem or certificate in the canon.
unclear: Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.