A Unified Framework for Attack-Resilient CLF-CBF Quadratic Programs for Nonlinear Control-Affine Systems

Mohamadamin Rajabinezhad; Shan Zuo

arxiv: 2605.20144 · v1 · pith:AYWSMUAYnew · submitted 2026-05-19 · 📡 eess.SY · cs.SY

A Unified Framework for Attack-Resilient CLF-CBF Quadratic Programs for Nonlinear Control-Affine Systems

Mohamadamin Rajabinezhad , Shan Zuo This is my paper

Pith reviewed 2026-05-20 03:26 UTC · model grok-4.3

classification 📡 eess.SY cs.SY

keywords attack-resilient controlcontrol Lyapunov functioncontrol barrier functionfalse data injection attackquadratic programnonlinear controlsafety-critical systems

0 comments

The pith

A unified quadratic program with adaptive compensation recovers finite-time to the nominal safe set for nonlinear systems under unbounded false data injection attacks.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

This paper introduces attack-resilient Control Lyapunov Functions and Control Barrier Functions that incorporate an adaptive compensation term for false data injection attacks on nonlinear control-affine systems. The attacks are assumed to grow at most exponentially, and the framework uses this growth rate characterization along with an online gain tuning law to adjust the compensation without needing a bound on the attack magnitude. In contrast to methods that rely on input-to-state stability and enlarge the safe set, this approach achieves uniform ultimate bounded stability and uniform ultimate safety with recovery to the original safe set. A single quadratic program enforces both the resilient stability and safety conditions simultaneously. Numerical examples show better performance than existing robust and ISS-based quadratic programs.

Core claim

The paper develops attack-resilient CLFs and CBFs by embedding a unified adaptive compensation term into the CLF decrease and CBF safety constraints. This enables finite-time recovery to the nominal safe set for systems subject to control-input false data injection attacks that satisfy an at-most-exponentially growing envelope, without requiring a prior magnitude bound on the attack. A unified quadratic program enforces the AR-CLF and AR-CBF conditions to guarantee uniformly ultimately bounded stability and uniform ultimate safety.

What carries the argument

The unified quadratic program (QP) that simultaneously enforces the attack-resilient CLF decrease condition and the attack-resilient CBF safety condition, with an embedded adaptive compensation term regulated by an online gain tuning law based on the known growth rate of the attack envelope.

If this is right

Guarantees uniformly ultimately bounded (UUB) stability of the closed-loop system under unbounded FDIA.
Guarantees uniform ultimate safety (UUS) with finite-time recovery to the nominal safe set.
Enables control design without a prior bound on the magnitude of the false data injection attack.
Provides a single optimization problem that handles both stability and safety constraints under attacks.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

Similar compensation mechanisms could be adapted for other types of disturbances or uncertainties in control systems beyond FDIA.
The approach might be tested on physical hardware to validate resilience in real-world cyber-physical systems.
Extensions to time-varying or state-dependent safe sets could follow from the same AR-CLF and AR-CBF structure.

Load-bearing premise

The false data injection attack is bounded by an at-most-exponentially growing envelope for which the growth rate can be characterized to design the online gain tuning law.

What would settle it

A simulation or experiment where the attack grows faster than the assumed exponential envelope and the state fails to return to the nominal safe set in finite time despite the gain tuning.

Figures

Figures reproduced from arXiv: 2605.20144 by Mohamadamin Rajabinezhad, Shan Zuo.

**Figure 2.** Figure 2: Performance of the proposed AR-CLF-CBF-QP under the () [PITH_FULL_IMAGE:figures/full_fig_p006_2.png] view at source ↗

read the original abstract

This letter introduces attack-resilient Control Lyapunov Functions (AR-CLFs) and attack-resilient Control Barrier Functions (AR-CBFs) for nonlinear control-affine systems subject to control-input false data injection attacks (FDIA) satisfying an at-most-exponentially growing envelope. The proposed framework embeds a unified adaptive compensation term into both the CLF decrease and CBF safety constraints. In contrast to input-to-state stability/safety (ISS/ISSf)-based methods that certify disturbance-dependent enlarged safe sets, the proposed approach enables finite-time recovery to the nominal safe set without requiring a prior magnitude bound on the FDIA, relying instead on a growth-rate characterization used for analysis and an online gain tuning law that regulates the compensation term. A unified quadratic program (QP) is developed to enforce the AR-CLF and AR-CBF conditions simultaneously, guaranteeing uniformly ultimately bounded (UUB) stability and uniform ultimate safety (UUS) under unbounded FDIA. Numerical results demonstrate improved resilience compared to existing ISS-CLF, ISSf-CBF, and robust CLF-CBF-QP approaches.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

The paper gives a unified QP that embeds adaptive compensation into AR-CLF and AR-CBF to recover the exact nominal safe set in finite time under unbounded FDIA, provided the attack obeys a known at-most-exponential growth envelope.

read the letter

The main thing to know is that the authors build a single quadratic program enforcing attack-resilient CLF decrease and CBF safety conditions at the same time. They insert the same adaptive compensation term into both, then adjust its gain online using a growth-rate characterization of the attack. This produces finite-time return to the original safe set and UUB/UUS guarantees without needing an a priori magnitude bound on the FDIA, unlike the ISS-based enlargements in the cited prior work.

Referee Report

2 major / 2 minor

Summary. The manuscript introduces attack-resilient Control Lyapunov Functions (AR-CLFs) and attack-resilient Control Barrier Functions (AR-CBFs) for nonlinear control-affine systems under false data injection attacks (FDIA) obeying an at-most-exponentially growing envelope. It embeds a unified adaptive compensation term into both the CLF decrease and CBF safety constraints within a single quadratic program, claiming uniformly ultimately bounded (UUB) stability and uniform ultimate safety (UUS) with finite-time recovery to the nominal (non-enlarged) safe set. This is achieved via a growth-rate characterization used for analysis together with an online gain tuning law that regulates the compensation term, without requiring a prior magnitude bound on the FDIA. Numerical results are stated to show improved resilience relative to ISS-CLF, ISSf-CBF, and robust CLF-CBF-QP baselines.

Significance. If the central derivations hold, the framework offers a meaningful distinction from ISS/ISSf methods by avoiding disturbance-dependent enlargement of the safe set and by not presupposing an attack-magnitude bound. The combination of a unified QP with an online tuning law based on growth-rate characterization could be practically relevant for safety-critical cyber-physical systems where attacks may grow without a known upper limit but admit an exponential envelope. The explicit credit for machine-checked proofs or reproducible code is not evident from the abstract, but the parameter-free aspect of the recovery claim (conditional on the growth-rate characterization) would be a strength if rigorously established.

major comments (2)

[Abstract] Abstract and theoretical development: The finite-time recovery to the nominal safe set and the UUB/UUS guarantees rest on the FDIA satisfying an at-most-exponentially growing envelope whose growth rate is known or characterizable for analysis. The manuscript must clarify, with explicit conditions or an algorithm, how this growth rate is obtained independently of the QP solution and the stability/safety margins; otherwise the online gain tuning law risks circularity because the same compensation term appears in both the AR-CLF decrease condition and the AR-CBF safety condition.
[Abstract] Abstract: The claim that numerical results demonstrate improved resilience is stated without any description of the simulation setup, system dynamics, attack parameters, performance metrics, or statistical details (error bars, number of trials). This omission is load-bearing for assessing whether the practical improvement supports the theoretical distinction from ISS-based methods.

minor comments (2)

The definitions of AR-CLF and AR-CBF should explicitly state the dependence of the compensation term on the online gain; the current abstract description leaves the functional form ambiguous.
Standard notation for the growth-rate parameter should be introduced early and used consistently when stating the envelope assumption.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for their constructive and detailed feedback on our manuscript. We have addressed the major comments point by point below, and we believe these clarifications will strengthen the presentation of our results.

read point-by-point responses

Referee: [Abstract] Abstract and theoretical development: The finite-time recovery to the nominal safe set and the UUB/UUS guarantees rest on the FDIA satisfying an at-most-exponentially growing envelope whose growth rate is known or characterizable for analysis. The manuscript must clarify, with explicit conditions or an algorithm, how this growth rate is obtained independently of the QP solution and the stability/safety margins; otherwise the online gain tuning law risks circularity because the same compensation term appears in both the AR-CLF decrease condition and the AR-CBF safety condition.

Authors: We appreciate the referee's concern about potential circularity in the derivation. The growth rate characterization is an assumption on the class of admissible attacks and is employed only in the offline analysis to establish the UUB stability and UUS safety guarantees. It is independent of the QP solution and the online compensation term. The online gain tuning law is formulated using measurable state information and does not rely on the specific value of the growth rate. The unified QP incorporates the adaptive compensation in a manner that the analysis holds uniformly for attacks within the exponential envelope. To make this distinction explicit and eliminate any ambiguity, we will revise the manuscript by adding a new remark following the main theorem that details the separation between the analysis parameter and the runtime tuning law, along with guidelines for characterizing the growth rate from the attack model. revision: yes
Referee: [Abstract] Abstract: The claim that numerical results demonstrate improved resilience is stated without any description of the simulation setup, system dynamics, attack parameters, performance metrics, or statistical details (error bars, number of trials). This omission is load-bearing for assessing whether the practical improvement supports the theoretical distinction from ISS-based methods.

Authors: The abstract provides a high-level overview and, due to length constraints, omits detailed simulation parameters. The full manuscript includes a comprehensive Numerical Results section that specifies the system dynamics, the FDIA model with chosen growth rates, the metrics for resilience (including convergence times and safety margins), and comparisons based on multiple simulation runs. We will update the abstract to concisely reference the simulation context, for example by noting that the results are obtained from a representative nonlinear control-affine system under unbounded FDIA. revision: partial

Circularity Check

0 steps flagged

No significant circularity; derivation chain is self-contained

full rationale

The paper introduces AR-CLF and AR-CBF conditions that embed an adaptive compensation term whose gain is regulated by an online tuning law derived from the at-most-exponential growth-rate envelope. The unified QP is constructed to enforce the resulting decrease and safety inequalities simultaneously. UUB stability and UUS safety then follow from standard Lyapunov and barrier-function arguments applied to the closed-loop system under the stated attack envelope. No step reduces by construction to a fitted parameter renamed as prediction, no self-definitional loop appears in the CLF/CBF definitions, and no load-bearing uniqueness theorem or ansatz is imported solely via self-citation. The growth-rate characterization is an explicit modeling assumption used for analysis, not retrofitted to the stability margins it supports. The finite-time recovery claim rests on the mathematical properties of the tuned compensation inside the QP, which are independent of the final performance metrics.

Axiom & Free-Parameter Ledger

1 free parameters · 1 axioms · 1 invented entities

The framework rests on standard nonlinear control assumptions plus new definitions and a growth-rate characterization whose independence from the target stability margins is not shown in the abstract.

free parameters (1)

growth-rate parameter for FDIA envelope
Used to characterize the attack for analysis and to drive the online gain tuning law; value not specified in abstract.

axioms (1)

domain assumption System is control-affine and nonlinear dynamics are known
Invoked to formulate the CLF and CBF conditions for the QP.

invented entities (1)

AR-CLF and AR-CBF no independent evidence
purpose: Attack-resilient versions of Lyapunov and barrier functions that incorporate adaptive compensation
New functions introduced to handle FDIA without prior magnitude bound.

pith-pipeline@v0.9.0 · 5727 in / 1430 out tokens · 41730 ms · 2026-05-20T03:26:03.441724+00:00 · methodology

discussion (0)

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

IndisputableMonolith/Cost/FunctionalEquation.lean washburn_uniqueness_aczel unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

Assumption 1 … ∥d(t)∥ ≤ γ e^{κ t} … online gain tuning law … ˙ρ(t) = q ∥L_g V(x)∥ … Ψ_V(x,t) := (L_g V)(L_g V)^T / (∥L_g V∥ + ϕ_V(t) e^{ρ(t)})
IndisputableMonolith/Foundation/RealityFromDistinction.lean reality_from_one_distinction unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

Theorem 1 … UUB … finite-time recovery to the nominal safe set … AR-CLF-CBF-QP (20)

What do these tags mean?

matches: The paper's claim is directly supported by a theorem in the formal canon.
supports: The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends: The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses: The paper appears to rely on the theorem as machinery.
contradicts: The paper's claim conflicts with a theorem or certificate in the canon.
unclear: Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

12 extracted references · 12 canonical work pages

[1]

Robust control barrier and control lyapunov functions with fixed-time convergence guarantees,

K. Garg and D. Panagou, “Robust control barrier and control lyapunov functions with fixed-time convergence guarantees,” in2021 American Control Conference (ACC). IEEE, 2021, pp. 2292–2297

work page 2021
[2]

Control barrier function based quadratic programs for safety critical systems,

A. D. Ames, X. Xu, J. W. Grizzle, and P. Tabuada, “Control barrier function based quadratic programs for safety critical systems,”IEEE Trans. Autom. Control, vol. 62, no. 8, pp. 3861–3876, Aug. 2017

work page 2017
[3]

Control barrier function based quadratic programs with application to adaptive cruise control,

A. D. Ames, J. W. Grizzle, and P. Tabuada, “Control barrier function based quadratic programs with application to adaptive cruise control,” inProc. 53rd IEEE Conf. Decision and Control (CDC), Los Angeles, CA, USA, Dec. 2014, pp. 6271–6278

work page 2014
[4]

Safety barrier certificates for collision-free multirobot systems,

L. Wang, A. D. Ames, and M. Egerstedt, “Safety barrier certificates for collision-free multirobot systems,”IEEE Trans. Robot., vol. 33, no. 3, pp. 661–674, Jun. 2017

work page 2017
[5]

Robust control barrier functions using uncer- tainty estimation with application to mobile robots,

E. Das and J. W. Burdick, “Robust control barrier functions using uncer- tainty estimation with application to mobile robots,”IEEE Transactions on Automatic Control, 2025. 7

work page 2025
[6]

Input-to-state safety with control barrier functions,

S. Kolathaya and A. D. Ames, “Input-to-state safety with control barrier functions,”IEEE control systems letters, vol. 3, no. 1, pp. 108–113, 2018

work page 2018
[7]

Privacy-preserving, safety-aware, and attack-resilient distributed cooperative control in ac microgrids against exponentially unbounded fdi attacks,

M. Rajabinezhad, N. Shams, Y . Wang, and S. Zuo, “Privacy-preserving, safety-aware, and attack-resilient distributed cooperative control in ac microgrids against exponentially unbounded fdi attacks,”IEEE Trans- actions on Industry Applications, 2025

work page 2025
[8]

Lyapunov-certified resilient secondary defense strategies of ac micro- grids under exponentially energy-unbounded fdi attacks,

M. Rajabinezhad, N. Shams, A. A. Khan, O. A. Beg, and S. Zuo, “Lyapunov-certified resilient secondary defense strategies of ac micro- grids under exponentially energy-unbounded fdi attacks,”IEEE Control Systems Letters, 2025

work page 2025
[9]

Adversarial resilience for sampled-data systems under high-relative-degree safety constraints,

J. Usevitch and D. Panagou, “Adversarial resilience for sampled-data systems under high-relative-degree safety constraints,”IEEE Transac- tions on Automatic Control, vol. 68, no. 3, pp. 1537–1552, 2022

work page 2022
[10]

Safe control for nonlinear systems under faults and attacks via control barrier functions,

H. Zhang, Z. Li, and A. Clark, “Safe control for nonlinear systems under faults and attacks via control barrier functions,”IEEE Transactions on Automatic Control, 2025

work page 2025
[11]

Khalil,Nonlinear Systems, 3rd ed

H. Khalil,Nonlinear Systems, 3rd ed. Prentice hall Upper Saddle River, NJ, 2002

work page 2002
[12]

Safe controller synthesis with tunable input-to-state safe control barrier functions,

A. Alan, A. J. Taylor, C. R. He, G. Orosz, and A. D. Ames, “Safe controller synthesis with tunable input-to-state safe control barrier functions,”IEEE Control Systems Letters, vol. 6, pp. 908–913, 2021

work page 2021

[1] [1]

Robust control barrier and control lyapunov functions with fixed-time convergence guarantees,

K. Garg and D. Panagou, “Robust control barrier and control lyapunov functions with fixed-time convergence guarantees,” in2021 American Control Conference (ACC). IEEE, 2021, pp. 2292–2297

work page 2021

[2] [2]

Control barrier function based quadratic programs for safety critical systems,

A. D. Ames, X. Xu, J. W. Grizzle, and P. Tabuada, “Control barrier function based quadratic programs for safety critical systems,”IEEE Trans. Autom. Control, vol. 62, no. 8, pp. 3861–3876, Aug. 2017

work page 2017

[3] [3]

Control barrier function based quadratic programs with application to adaptive cruise control,

A. D. Ames, J. W. Grizzle, and P. Tabuada, “Control barrier function based quadratic programs with application to adaptive cruise control,” inProc. 53rd IEEE Conf. Decision and Control (CDC), Los Angeles, CA, USA, Dec. 2014, pp. 6271–6278

work page 2014

[4] [4]

Safety barrier certificates for collision-free multirobot systems,

L. Wang, A. D. Ames, and M. Egerstedt, “Safety barrier certificates for collision-free multirobot systems,”IEEE Trans. Robot., vol. 33, no. 3, pp. 661–674, Jun. 2017

work page 2017

[5] [5]

Robust control barrier functions using uncer- tainty estimation with application to mobile robots,

E. Das and J. W. Burdick, “Robust control barrier functions using uncer- tainty estimation with application to mobile robots,”IEEE Transactions on Automatic Control, 2025. 7

work page 2025

[6] [6]

Input-to-state safety with control barrier functions,

S. Kolathaya and A. D. Ames, “Input-to-state safety with control barrier functions,”IEEE control systems letters, vol. 3, no. 1, pp. 108–113, 2018

work page 2018

[7] [7]

Privacy-preserving, safety-aware, and attack-resilient distributed cooperative control in ac microgrids against exponentially unbounded fdi attacks,

M. Rajabinezhad, N. Shams, Y . Wang, and S. Zuo, “Privacy-preserving, safety-aware, and attack-resilient distributed cooperative control in ac microgrids against exponentially unbounded fdi attacks,”IEEE Trans- actions on Industry Applications, 2025

work page 2025

[8] [8]

Lyapunov-certified resilient secondary defense strategies of ac micro- grids under exponentially energy-unbounded fdi attacks,

M. Rajabinezhad, N. Shams, A. A. Khan, O. A. Beg, and S. Zuo, “Lyapunov-certified resilient secondary defense strategies of ac micro- grids under exponentially energy-unbounded fdi attacks,”IEEE Control Systems Letters, 2025

work page 2025

[9] [9]

Adversarial resilience for sampled-data systems under high-relative-degree safety constraints,

J. Usevitch and D. Panagou, “Adversarial resilience for sampled-data systems under high-relative-degree safety constraints,”IEEE Transac- tions on Automatic Control, vol. 68, no. 3, pp. 1537–1552, 2022

work page 2022

[10] [10]

Safe control for nonlinear systems under faults and attacks via control barrier functions,

H. Zhang, Z. Li, and A. Clark, “Safe control for nonlinear systems under faults and attacks via control barrier functions,”IEEE Transactions on Automatic Control, 2025

work page 2025

[11] [11]

Khalil,Nonlinear Systems, 3rd ed

H. Khalil,Nonlinear Systems, 3rd ed. Prentice hall Upper Saddle River, NJ, 2002

work page 2002

[12] [12]

Safe controller synthesis with tunable input-to-state safe control barrier functions,

A. Alan, A. J. Taylor, C. R. He, G. Orosz, and A. D. Ames, “Safe controller synthesis with tunable input-to-state safe control barrier functions,”IEEE Control Systems Letters, vol. 6, pp. 908–913, 2021

work page 2021