Ellipsoidal-Set Design of Robust and Secure Control Against Denial-of-Service Cyber Attacks in Electric-Vehicle Induction Motor Drives

Abstract

Electric vehicles face increasing cybersecurity threats that can compromise the integrity of their electric drive systems, especially under Denial-of-Service (DoS) attacks. To precisely regulate torque and speed in electric vehicles, vector-controlled induction motor drives rely on continuous communication between controllers and sensors. This flow could be broken by a DoS attack, which could result in unstable motor operation or complete drive system failure. To address this, we propose a novel ellipsoidal-set-based state feedback controller with integral action, formulated via linear matrix inequalities (LMIs). This controller improves disturbance rejection, maintains system stability under DoS-induced input disruptions, and enhances security by constraining the system response within a bounded invariant set. The proposed tracker has a faster dynamic reaction and better disturbance attenuation capabilities than the traditional H_ꚙ control method. The effectiveness of the proposed controller is validated through a series of diverse testing scenarios.

1. Introduction

The motivation and literature review of the secure control of electric vehicles are summarized as follows. The global transportation system is rapidly changing due to environmental concerns, energy efficiency goals, and new technologies. Electric vehicles (EVs) are leading this transformation by increasingly using smart digital systems to improve their performance and integration with broader infrastructures. Smart digital systems are central to EV development, enabling real-time data acquisition, intelligent control, advanced diagnostics, and easy connection with smart grids and transportation networks.

The Internet of Things (IoT) has transformed EV component monitoring and management. Embedded sensors and controllers enable continuous data collection, which is handled on EVs and in the cloud, leading to predictive maintenance, remote diagnostics, and performance optimization. These capabilities enhance user experience and system reliability [1]. Artificial Intelligence (ML) and Artificial Intelligence (AI) have been progressively used to optimize energy management, forecast battery condition, and analyze driver behavior, contributing to extended battery life and improved vehicle range [2].

Vehicle-to-Everything (V2X) communication represents another crucial advancement, enabling real-time information sharing among EVs, infrastructure, and the power grid. This allows for adaptive routing, traffic coordination, and demand-side energy management, ultimately improving operational efficiency and grid stability [3]. Additionally, digital twin technology is increasingly significant, providing real-time simulation and virtual prototyping for predictive performance analysis and fault detection without physical testing [4].

The expanding use of networked control systems (NCSs) to connect EV components (sensors, actuators, controllers) presents new reliability and security challenges. NCSs are preferred for their lower costs, flexibility, simplicity of installation, and dependability. However, they are exposed to cyber threats due to the open nature of communication channels. Wireless networks used in NCSs, while enabling remote control and feedback as illustrated in Figure 1, are particularly susceptible to cyberattacks such as False Data Injection (FDI) and Denial-of-Service (DoS) attacks. These threats can degrade system performance or cause instability by disrupting control signals [5].

DoS attacks are sophisticated cyber-physical threats that disrupt sensors and actuator data in embedded systems by injecting malicious signals into control loops. EV system functionality depends heavily on reliable sensor data and real-time communication between Electronic Control Units (ECUs). As a result of using protocol vulnerabilities or injecting harmful inputs, DoS attacks can impair critical EV functions such as torque control, regenerative braking, and motor speed regulation [6,7].

EV drive systems depend on a well-matched relationship between inverter operations and motor control. Figure 2 demonstrates an effective DoS attack can result in instability, energy inefficiency, or hardware failure. The nature of these attacks makes them difficult to detect, often bypassing conventional software-based security methods. With the beginning of V2X communication and cloud integration, the EV attack surface has expanded significantly. Therefore, understanding and mitigating DoS attacks is essential for ensuring secure motor control and protecting power electronic components [8]. Therefore, researchers are developing advanced intrusion detection systems (IDS) and secure control frameworks to detect anomalies and enhance system resilience. These approaches are essential in enhancing EV systems against false signals and maintaining operational integrity [9,10].

Several recent studies have explored fault-tolerant and resilient control frameworks to mitigate DoS effects; however, most rely on assumptions of known disturbance profiles or constant attack patterns. Conventional controllers, such as PID or model predictive control, often lack of stability under unpredictable, stochastic cyber disturbances and are vulnerable to delayed or lost feedback [11].

The digitalization of EVs creates numerous cybersecurity risks, as EVs increasingly depend on complex networks of sensors, controllers, and communication modules. Components such as Battery Management Systems (BMS), V2X modules, and cloud interfaces are at risk of unauthorized access and DoS attacks. These threats can compromise safety-critical systems, including braking, steering, and energy management, posing risks to passengers and the public [12].

Note that compromised EVs can act as entry points for broader cyberattacks targeting smart grids, charging infrastructure, and transportation networks. The increase in Vehicle-to-Grid (V2G) technology further intensifies these risks, potentially disrupting the grid or exposing sensitive user data. Therefore, implementing robust cybersecurity architectures, real-time intrusion detection systems, and secure communication protocols is essential to mitigate these vulnerabilities [13].

Cybersecurity is vital for protecting individual EVs and for enabling their integration into smart transport and energy systems. Active research and the implementation of standardized security measures is essential in maintaining system integrity, user trust, and public safety.

The EV drive system consists of electric motors, power electronic converters, energy storage units, and control subsystems, operating to deliver reliable propulsion and optimized energy consumption. Among the several motor technologies, Induction Motors (IMs) and Brushless DC (BLDC) motors are the most widely used due to their robust performance characteristics. IMs are robust and cheap in high-power applications, while BLDC motors offer higher efficiency, compact form, and better torque control, making them suitable for light-duty EVs and two-wheelers [14].

Using new materials like silicon carbide (SiC) and gallium nitride (GaN) in the power converters of EVs has enhanced inverter performance by enabling higher switching frequencies, reduced thermal losses, and improved power density. These advancements contribute directly to increased driving range and system efficiency [15,16].

The accurate functioning of EVs depends on the communication protocols that coordinate interactions among sensors, controllers, actuators, and external infrastructure. In-vehicle communication protocols, such as Controller Area Network (CAN), Local Interconnect Network (LIN), and FlexRay, enable deterministic, real-time data exchange critical for motor control, regenerative breaking, and battery management [17]. Meanwhile, V2X technologies, including V2G, Vehicle-to-Infrastructure (V2I), and Vehicle-to-Vehicle (V2V) communication, are being increasingly implemented to support advanced functions such as traffic optimization, energy coordination, and safety assurance in connected EV ecosystems [18]. The collaboration between advanced motor technologies and intelligent communication protocols forms the backbone of modern, energy-optimized, and connected EV platforms.

EVs are becoming more connected and using more software, which means they are more at risk of cyberattacks. One of the most critical attacks is the DoS attack, which targets the communication network inside the EV, like the CAN bus. Although many safety-critical functions are logically separated from infotainment or non-critical systems, they are often connected via shared communication backbones such as CAN, FlexRay, or Ethernet. These protocols, particularly CAN, lack inherent encryption and authentication mechanisms, which make them vulnerable to message injections, spoofing, or flooding. A well-timed DoS attack targeting the CAN bus can delay or block transmission of control signals, indirectly affecting critical functions such as motor torque control, regenerative braking, or inverter operation. By overwhelming or stopping communication pathways, a DoS attack can harm essential vehicle operations, such as powertrain control, battery management, and braking. This can make the EV perform badly or lead to dangerous situations [19].

Besides DoS attacks, there are other serious threats like Man-in-the-Middle (MitM) attacks, where someone secretly listens in, and attacks where fake messages are sent (spoofing) or old messages are used again to cause trouble (replay attacks), particularly within V2X communication channels. These types of attacks can compromise authentication, disrupt vehicle-to-infrastructure coordination, and impair traffic safety [20]. Additionally, telematics systems, On-Board Diagnostics (OBD-II) ports, and over-the-air (OTA) update mechanisms can be developed by malicious actors to inject unauthorized code or disable critical services.

Research has proposed various anomaly detection and encryption-based techniques to secure in-vehicle networks; however, these often act after an attack has occurred rather than preemptively enhancing system-level resilience. Control approaches that do not explicitly model input uncertainties due to DoS attacks cannot ensure stability during transient disconnections or erratic packet loss.

Since EVs are turning into software-based systems, the need for comprehensive cybersecurity frameworks becomes necessary. This means having different kinds of security levels, such as encrypted communications, intrusion detection systems, secure firmware updates, and continuous system monitoring to maintain vehicle reliability and user trust [21].

Some weaknesses have been found in different parts of EVs, which, if used, can compromise vehicle functionality and user safety. The main one is the in-vehicle CAN bus network, which lacks inherent support for encryption or authentication. Attackers can inject large volumes of high-priority but invalid messages to monopolize the CAN bus, preventing legitimate control messages from reaching the motor controller. This form of DoS attack has been validated in testbeds and commercial EV models and can result in unexpected motor behavior, such as failure to accelerate, irregular torque delivery, or controller shutdown due to safety triggers. Even when drive control ECUs are technically isolated, the use of shared network gateways or insufficient access control in diagnostic tools creates indirect pathways for compromise. These vulnerabilities become especially critical as more EVs integrate V2X communication, which opens attack surfaces beyond the physical vehicle. This limitation allows attackers to inject malicious messages or manipulate control signals, potentially affecting critical functions like acceleration or braking [19].

Public EV charging stations are not always secure either. Stations that operate with outdated firmware or unsecured communication protocols are subject to manipulation, enabling energy theft, billing fraud, or service denial [22,23]. For example, the Open Charge Point Protocol (OCPP), widely used in EV charging, has been shown to transmit unencrypted messages, exposing it to interception or replay attacks [24].

Another area of concern is the V2G interface. Without robust security measures, attackers may send unauthorized control commands to the grid or extract sensitive user data. Furthermore, OTA update systems designed to streamline software maintenance can serve as attack vectors if not safeguarded by strong encryption and authentication mechanisms. These security gaps highlight the urgent need for industry-standardized cybersecurity solutions. Implementing secure communication protocols, real-time intrusion detection, and resilient system architectures is essential to protect the integrity and safety of EV systems against evolving cyber threats.

The paper structure is as follows: Section 2 provides essential context through a Background and Literature Review. It covers the basics of EV drive systems and their communication, common cyber threats to modern EVs, and an analysis of known vulnerabilities. Section 3 then defines the problem, introducing models for Vector-Control Induction Motors and DoS attacks. Section 4 details the methodology, focusing on linearizing the IM model and the design of the ellipsoid tracker and H_ꚙ controller. Section 5 presents the results from various test scenarios. The Discussion section addresses the challenges in securing EV drive systems against cyber threats and suggests future research and technological advancements. Finally, the paper concludes with a summary of its key findings.

This research addresses the critical challenge of ensuring the dependable and secure operation of EV vector-controlled induction motor drive systems when subjected to parametric uncertainty and DoS attacks. The DoS attack is formulated as an external disturbance, necessitating effective attenuation of its impact. The primary control objective is to steer the system’s state towards and maintain it within an invariant set, specifically an ellipsoid centered at the origin. Minimizing the volume of this invariant ellipsoid serves as a guarantee of system stability and a means of mitigating the effects of external disturbances. Given the limitations of existing methods, this paper introduces an ellipsoidal-set-based robust control strategy that actively constrains system behavior within a bounded invariant set, offering preemptive security and stability guarantees even under stochastic cyber disruptions and physical uncertainty.

The key contributions of this paper are as follows:

• The use of the ellipsoidal-set technique to improve the system’s robustness against inherent uncertainties and offer security against DoS cyberattacks.
• The creation of a robust and secure invariant-set control approach based on the state-input and disturbance matrices’ quadratic boundedness of uncertainty.
• Unlike prior use of ellipsoidal methods in autonomous navigation, our contribution applies to the robust and secure control of EV induction motor drives under cyberattacks, a novel and distinct use case.

2. Induction Motor (IM) Modeling and Problem Formulation

2.1. Notations and Facts

Standard notation is used throughout. Small Greek letters stand for scalars, small letters for vectors, and capital letters for matrices. (.)′ indicates transposition for vectors or matrices. For symmetric matrices, X is positive definite (nonnegative definite) if X > 0 (≥0). Sets of real numbers are denoted by R. Trace (X) denotes the trace function of X for square matrices, while the sign (*) generically indicates each of its symmetric blocks to simplify the notation of partitioned symmetric matrices.

The following matrix inequalities are used in the sequel.

Fact 1-Bounding inequality [25]:

For any real matrices $X_1$, $X_2$, and $X_3$ with appropriate dimensions and ${\mathit{X}}_3^{\prime }{\mathit{X}}_3\le \mathit{I},$ it follows that

$$X_1 X_3 X_2+\ast \le \epsilon X_1 X_1^{\prime }+{\epsilon }^{-1} X_2^{\prime }{X}_2, \forall scalar \epsilon >0$$

Fact 2-Schur complement [25]:

For a matrix X composed of constant matrices $X_1$, $X_2$, $X_3$, where $X_1=X_1^{\prime }$ and $0<X_2=X_2^{\prime }$ as follows

$$X=\left[\begin{array}{cc}{X}_1& X_3\\ \ast & X_2\end{array}\right],$$

we have the following result: $X>0$, if and only if

$$X_2>0,X_1-X_3{X}_2^{-1}{X}_3^{\prime }>0,$$

2.2. Vector-Control Induction Motor Modeling

The following equations model the IM dynamics in the dq-reference frame [24].

$$\left.\begin{array}{c}{\displaystyle \frac{i_{ds}}{dt}}={\displaystyle \frac{-1}{\sigma L_s}}\left(R_s+R_r{\displaystyle \frac{M^2}{L_r^2}}\right)i_{ds}+{\omega }_s{i}_{qs}+{\omega }_s{\displaystyle \frac{M{R}_r}{\sigma L_s{L}_r^2}}{\varphi }_{dr}+{\omega }_r{\displaystyle \frac{M}{\sigma L_s{L}_r}}{\varphi }_{qr}+{\displaystyle \frac{1}{\sigma L_s}}{u}_{ds}\\ \begin{array}{c}{\displaystyle \frac{i_{qs}}{dt}}=-{\omega }_s{i}_{ds}-{\displaystyle \frac{1}{\sigma L_s}}\left(R_s+R_r{\displaystyle \frac{M^2}{L_r^2}}\right)i_{qs}-{\omega }_r{\displaystyle \frac{M}{\sigma L_s{L}_r}}{\varphi }_{dr}+{\displaystyle \frac{M{R}_r}{\sigma L_s{L}_r}}{\varphi }_{qr}+{\displaystyle \frac{1}{\sigma L_s}}{u}_{qs}\\ \begin{array}{c}{\displaystyle \frac{{\varphi }_{dr}}{dt}}={\displaystyle \frac{M{R}_r}{L_r}}{i}_{ds}-{\displaystyle \frac{R_r}{L_r}}{\varphi }_{dr}+{\omega }_{slip}{\varphi }_{qr}\\ \begin{array}{c}{\displaystyle \frac{{\varphi }_{qr}}{dt}}={\displaystyle \frac{M{R}_r}{L_r}}{i}_{qs}-{\omega }_{slip}{\varphi }_{dr}-{\displaystyle \frac{R_r}{L_r}}{\varphi }_{qr}\\ {\displaystyle \frac{d{\omega }_r}{dt}}={\displaystyle \frac{p^{2}M}{J{L}_r}}{\varphi }_{dr}{i}_{qs}-{\displaystyle \frac{p^{2}M}{J{L}_r}}{\varphi }_{qr}{i}_{ds}-{\displaystyle \frac{p}{J}}{T}_L\end{array}\end{array}\end{array}\end{array}\right\}$$

(1)

The parameters of the study IM are described in

Table 1. IM model parameters.

Notation	Description
ids, iqs	dq-reference frame of stator current
ϕdr, ϕqr	dq-reference frame of rotor fluxes
ωr	Angular speed of rotor
ωslip	Slip
ωs	Synchronous angular speed
Rr, Rs	Resistance of rotor and stator respectively
M	Mutual inductance between rotor and stator
Lr, Ls	Self-inductance of rotor and stator respectively
p	Number of pole pairs of induction motor.
J	Motor moment of inertia
${\varphi }_r=\sqrt{{\varphi }_{dr}^2+{\varphi }_{qr}^2}$	Rotor Flux

.

• where $\sigma =1-{\displaystyle \frac{M^2}{L_s{L}_r}},$ the state variables are stator currents (i_ds, i_qs), the rotor fluxes (ϕ_dr, ϕ_qr), and the rotor speed (ω_r). Applying the vector control principle, the rotor fluxes ϕ_qr = 0 and ϕ_r = ϕ_dr. Therefore, the slip speed (ω_slip) = ${\displaystyle \frac{M{R}_r}{L_r{\varphi }_{dr}}}{i}_{qs}$ [24]. The mathematical model in Equation (1) becomes the following:

  $$\left.\begin{array}{c}{\displaystyle \frac{i_{ds}}{dt}}={\displaystyle \frac{-1}{\sigma L_s}}\left(R_s+R_r{\displaystyle \frac{M^2}{L_r^2}}\right)i_{ds}+{\omega }_s{i}_{qs}+{\omega }_s{\displaystyle \frac{M{R}_r}{\sigma L_s{L}_r^2}}{\varphi }_r+{\displaystyle \frac{1}{\sigma L_s}}{u}_{ds}\\ {\displaystyle \frac{i_{qs}}{dt}}=-{\omega }_s{i}_{ds}-{\displaystyle \frac{1}{\sigma L_s}}\left(R_s+R_r{\displaystyle \frac{M^2}{L_r^2}}\right)i_{qs}-{\omega }_r{\displaystyle \frac{M}{\sigma L_s{L}_r}}{\varphi }_r+{\displaystyle \frac{1}{\sigma L_s}}{u}_{qs}\\ \begin{array}{c}{\displaystyle \frac{{\varphi }_r}{dt}}={\displaystyle \frac{M{R}_r}{L_r}}{i}_{ds}-{\displaystyle \frac{R_r}{L_r}}{\varphi }_r\\ {\displaystyle \frac{d{\omega }_r}{dt}}={\displaystyle \frac{p^{2}M}{J{L}_r}}{\varphi }_r{i}_{qs}-{\displaystyle \frac{p}{J}}{T}_L\end{array}\end{array}\right\}$$

  (2)

Equation (2) can be expressed as follows:

$$\dot{x}\left(t\right)=f\left(x\right) x\left(t\right)+Bu\left(t\right)+Dw\left(t\right),$$

(3)

where the n-dimension state vector x(t) = [i_ds i_qs ϕ_r ω_r]′ = [x₁ x₂ x₃ x₄]′, the m-dim control vector u(t) = [u_ds u_qs]′, and the disturbance vector D = $-{\displaystyle \frac{p}{J}}, w=T_L$.

Consider:

$$\alpha ={\displaystyle \frac{-1}{\sigma L_s}}\left(R_s+R_r{\displaystyle \frac{M^2}{L_r^2}}\right), \beta ={\displaystyle \frac{M}{\sigma L_s{L}_r}}, \gamma ={\displaystyle \frac{R_r}{L_r}}, E={\displaystyle \frac{p^{2}M}{J{L}_r}}, F={\displaystyle \frac{M{R}_r}{L_r}}, and k_1={\displaystyle \frac{1}{\sigma L_s}}$$

So, the mathematical model in Equation (2) becomes the following:

$$\dot{x}=\left[\begin{array}{c}\alpha x_1+{\omega }_s{x}_2+\beta \gamma x_3\\ -{\omega }_s{x}_1+\alpha x_2-\beta x_3{x}_4\\ \begin{array}{c}F{x}_1-\gamma x_3\\ E{x}_2{x}_3\end{array}\end{array}\right]+\left[\begin{array}{c}\begin{array}{cc}{k}_1& 0\\ 0& k_1\end{array}\\ \begin{array}{cc}0& 0\\ 0& 0\end{array}\end{array}\right]u\left(t\right)+\left[\begin{array}{c}0\\ 0\\ \begin{array}{c}0\\ {\displaystyle \frac{-p}{J}}\end{array}\end{array}\right]T_L$$

(4)

Since, ${\omega }_s={\omega }_r+{\omega }_{slip}=x_4+{\displaystyle \frac{M{R}_r}{L_r}}{\displaystyle \frac{x_2}{x_3}}=x_4+F{\displaystyle \frac{x_2}{x_3}}$, therefore Equation (4) becomes the following:

$$\dot{x}=\left[\begin{array}{c}\alpha x_1+x_4{x}_2+F{\displaystyle \frac{x_2^2}{x_3}}+\beta \gamma x_3\\ -x_4{x}_1-F{\displaystyle \frac{x_1{x}_2}{x_3}}+\alpha x_2-\beta x_3{x}_4\\ \begin{array}{c}F{x}_1-\gamma x_3\\ E{x}_2{x}_3\end{array}\end{array}\right]+\left[\begin{array}{c}\begin{array}{cc}{k}_1& 0\\ 0& k_1\end{array}\\ \begin{array}{cc}0& 0\\ 0& 0\end{array}\end{array}\right]u\left(t\right)+\left[\begin{array}{c}0\\ 0\\ \begin{array}{c}0\\ {\displaystyle \frac{-p}{J}}\end{array}\end{array}\right]T_L$$

(5)

The inherent nonlinearities present in the induction motor model defined by Equation (5) necessitate linearization around a specified operating point. The continuous-time linearized IM model is

$$\dot{x}=A_{c}x+B_{c}u+D_{c}w, y=Cx, C=\left[\begin{array}{cccc}0& 0& 0& 1\end{array}\right]$$

(6)

where x(t) and u(t) are as defined before, whereas w(t) = load torque external-disturbance T_L. The l-dimensional y(t) is the output vector for feedback. Matrix C is selected for motor speed control.

The induction motor parameter values are listed in

Table 2. Induction motor parameter values.

Notation	Value
Rs	4.8500 Ω
Rr	3.8050 Ω
Ls	0.2740 H
Lr	0.2740 H
M	0.2580 H
p	2
J	0.0031 kg·m2

.

2.3. IM Discrete-Time Model Under DoS Attack

In the car-motor industry, digital computers are used intensively. To use digital computer control directly, the system dynamics must be discretized. The IM dynamics (6) are discretized with a suitable sampling time $T_s$ (selected as one tenth of the time constant of the fastet mode) as linear time-invariant, LTI

$$x\left(k+1\right)=A_{d}x\left(k\right)+B_{d}u\left(k\right)+D_{d}w\left(k\right),y\left(k\right)=Cx\left(k\right),z\left(k\right)=y\left(k\right)$$

(7)

where k = time instant. The vector z is the output to be optimized.

The study system exhibits steady-state errors for a step input because it is a type 0. The integral control must be inserted to increase the system type and remove such errors. A new state is added for every integral control, as seen in Figure 3.

The state space equations for the study system are as follows:

$$\left.\begin{array}{c}\mathit{x}\left(\mathit{k}+\mathbf{1}\right)={\mathit{A}}_{\mathit{d}}\mathit{x}\left(\mathit{k}\right)+{\mathit{B}}_{\mathit{d}}\mathit{u}\left(\mathit{k}\right)+{\mathit{D}}_{\mathit{d}}\mathit{w}\left(\mathit{k}\right),\mathit{y}\left(\mathit{k}\right)=\mathit{C}\mathit{x}\left(\mathit{k}\right)\\ \overline{\mathit{x}}(\mathit{k}+\mathbf{1})=\overline{\mathit{x}}(\mathit{k})+\mathit{r}(\mathit{k})-\mathit{y}(\mathit{k})+\left[\begin{array}{c}0\\ I_l\end{array}\right]r(k)\end{array}\right\}$$

$$\mathit{u}\left(\mathit{k}\right)={\mathit{K}}_{\mathit{x}}\mathit{x}\left(\mathit{k}\right)+{\mathit{K}}_{\mathit{I}}\overline{\mathit{x}}\left(\mathit{k}\right)$$

(8)

Note that the reference $r\left(k\right)=∆ w_r^{\ast }=0,$ The state estimation vector $\overline{x}$ is lx1. The state equations can be combined and rewritten as an augmented state vector $x_a\left(k\right)={\left[x\left(k\right),\overline{x}\left(k\right)\right]}^{\prime },$ Figure 3, as

$$\left.\left[\begin{array}{c}x\left(k+1\right)\\ \overline{x}\left(k+1\right)\end{array}\right]=\left[\begin{array}{cc}{A}_d& 0\\ -C& I_l\end{array}\right]\left[\begin{array}{c}x\left(k\right)\\ \overline{x}\left(k\right)\end{array}\right]+\left[\begin{array}{c}{B}_d\\ 0\end{array}\right]\left[\begin{array}{cc}{K}_x& K_i\end{array}\right]\left[\begin{array}{c}x\left(k\right)\\ \overline{x}\left(k\right)\end{array}\right]+\left[\begin{array}{c}{D}_d\\ 0\end{array}\right]w\left(k\right)+\left[\begin{array}{c}0\\ I_l\end{array}\right]r\left(k\right)\right\}$$

$$y\left(k\right)=\left[\begin{array}{cc}C& 0\end{array}\right]\left[\begin{array}{c}x\left(k\right)\\ \overline{x}\left(k\right)\end{array}\right]$$

(9)

Or

$$\left.x_a\left(k+1\right)=A{x}_a\left(k\right)+Bu\left(k\right)+Dw\left(k\right)+\left[\begin{array}{c}0\\ I_l\end{array}\right]r\left(k\right),\right\}$$

$$u\left(k\right)=K{x}_a\left(k\right), y\left(k\right)=C_a{x}_a\left(k\right)$$

(10)

where

$$A=\left[\begin{array}{cc}{A}_d& 0\\ -C& I_l\end{array}\right], B=\left[\begin{array}{c}{B}_d\\ 0\end{array}\right], K=\left[\begin{array}{cc}{K}_x& K_i\end{array}\right], D=\left[\begin{array}{c}{D}_d\\ 0\end{array}\right], \mathrm{a}\mathrm{n}\mathrm{d} C_a=\left[\begin{array}{cc}C& 0\end{array}\right]$$

The dynamics under a DoS attack can be modelled by a stochastic model (Markov or Bernoulli). In the case of vector-controlled induction motor drives, real-time synchronization between the controller and sensors is crucial for maintaining stable torque and speed control. Even intermittent disruptions, such as those modelled via Bernoulli processes, can result in missed control updates, loss of synchronization, or outdated sensor feedback. This leads to degraded dynamic performance, oscillations, or instability, especially under load transients or parameter variations. As such, intermittent DoS attacks are capable of significantly undermining motor performance even without continuous or permanent disruption.

Moreover, since vector control relies on accurate estimation and decoupling of rotor flux and torque-producing components, any delay or dropout in control inputs (e.g., voltage commands from the inverter) directly affects the flux trajectory, causing torque ripple, speed deviation, or shutdown due to fault protection.

The Bernoulli model for the following LTI system is as follows:

$$x_a\left(k+1\right)=A{x}_a\left(k\right)+\beta \left(k\right)Bu\left(k\right)+Dw\left(k\right)+\left[\begin{array}{c}0\\ I_l\end{array}\right]r(k)$$

(11)

where x_a(k) ∈ $R^{n+l}$, u(k) ∈ $R^m$ are the state variables and control input, respectively. In our study system, n = 4, m = 2, l = 1. The independent, identically distributed (i.i.d.) sequence is modelled by The Bernoulli distribution β(k). (The discrete probability Bernoulli distribution is a random variable which takes the value 1 with probability p and the value 0 with probability q = 1 − p. In other words, $\beta \left(k\right)$ switches between two values, 0, and 1). Hence, the input matrix under a DoS attack switches between two values $0_{n.m},B_{n.m}$. This can be modelled as

$$x_a\left(k+1\right)=A{x}_a\left(k\right)+\left(B+∆B\right)u\left(k\right)+Dw\left(k\right)+\left[\begin{array}{c}0\\ I_l\end{array}\right]r(k)$$

(12)

where

$$∆B=-B.diag\left({\beta }_1\left(k\right)\dots {\beta }_m\left(k\right)\right)=-B.{∆}_B\left(k\right).I=H_B{∆}_B\left(k\right)F_B,‖{∆}_{\mathit{B}}\left(k\right)‖\le 1$$

With

$$H_B=-B, F_B=I$$

System (12) is the Bernoulli model that uses the norm-bounded format [26] to model the DoS attack. This stochastic modelling of the DoS attack using the Bernoulli distribution effectively captures the intermittent loss of control input, which mimics real-world network disruptions in electric-vehicle drive systems. It enables a mathematically tractable and realistic representation of input dropout scenarios commonly encountered in EV applications.

2.4. IM Discrete-Time Model Under DoS Attack and System Uncertainty

Adding parameters uncertainty (due to, e.g., IM load changes), system (12) becomes

$$x_a\left(k+1\right)=\left(A+∆A\right)x_a\left(k\right)+\left(B+∆B\right)u\left(k\right)+Dw\left(k\right)+\left[\begin{array}{c}0\\ I_l\end{array}\right]r(k)$$

(13)

The uncertainty in matrix A can be modelled in the norm-bounded form

$$∆A=H_A{∆}_A\left(k\right)F_A,‖{∆}_A‖\le 1$$

where $‖{∆}_{\mathit{A}}‖\le 1$. It is required to design state feedback

$$u\left(k\right)=K{x}_a\left(k\right)$$

(14)

to stabilize (13) with controller (14), which is robust against system uncertainties and secure in the face of DoS attacks. The combination of norm-bounded uncertainty (to reflect physical parameter variations, such as rotor resistance drift) and the Bernoulli-based DoS modelling ensures that the proposed control framework simultaneously addresses both cybersecurity threats and intrinsic EV system uncertainties. This dual robustness is essential for realistic EV operation.

3. Ellipsoidal Design of Robust and Secure IM Control

3.1. The Proposed Control via Ellipsoidal Design

Given an LTI norm-bounded uncertain system (13)

$$x_a\left(k+1\right)=\left(A+∆A\right)x_a\left(k\right)+\left(B+∆B\right)u\left(k\right)+Dw\left(k\right),z\left(k\right)=C_a{x}_a\left(k\right)$$

$$‖{∆}_A‖\le 1,‖{∆}_B‖\le 1$$

The concept of the ellipsoidal control design is that the state trajectory x_a(k) has to be attracted into a small region around the origin (ellipsoid, centered the origin)

$$E=x_a^{\prime }\left(k\right)P^{-1}{x}_a\left(k\right)\le 1,P>0$$

(15)

When the time evolves, x_a(k) remains in E after the state trajectory reaches the ellipsoid (time-invariant ellipsoid). Ellipsoid E is hence said to as attractive or invariant. It is necessary to reduce the ellipsoid volume in terms of the linear function trace (P) in order to lessen the effect of the external disturbance on the system performance. The following theorem provides a solution to this issue.

Theorem 1 

([27]). The uncertain system (13) can be stabilized if there is a feasible solution to the following minimization problem.

$$minimize tr \left[C_{a}P{C\prime }_a\right]$$

subject to the following constraints

$$\left[\begin{array}{ccccc}-\alpha P& {\left(AP+BY\right)}^{\prime }& 0& P{H}_A^{\prime }& {\left(H_{B}Y\right)}^{\prime }\\ \ast & \Psi & D& 0& 0\\ \ast & \ast & -\left(1-\alpha \right)I& 0& 0\\ \ast & \ast & \ast & -{\epsilon }_{1}I& 0\\ \ast & \ast & \ast & \ast & -{\epsilon }_{2}I\end{array}\right]\le 0,$$

$$P>0,$$

$$and the scalars 0<\alpha <1,{\epsilon }_1>0,{\epsilon }_2>0$$

where

$$\mathsf{\Psi }=-P+{\epsilon }_1{F}_A{F}_A^{\prime }+{\epsilon }_2{F}_B{F}_B^{\prime }$$

and the minimization is carried out concerning the matrix variables $P=P^{\prime }$, scalar variables ε₁, ε₂, and the scalar parameter α. The solution $\widehat{P}, \widehat{Y}$ of this problem defines the matrix $C_{a}P{C\prime }_a$ of the output bounding ellipsoid and the state regulator

$$\widehat{K}=\widehat{Y}{\widehat{P}}^{-1}$$

The derivation of Theorem 1 uses Facts 1, 2 [26]. Note that the optimization problem in Theorem 1 is a nonlinear matrix inequality due to the product term $\alpha P.$ This difficulty can be overcome by an iterative algorithm as follows. The scalar $\alpha$ is fixed in an outer loop, and the resulting LMIs are solved in the inner loop.

In the IM control under consideration, the uncertain system under DoS attack (13) is

$$x_a\left(k+1\right)=\left(A+∆A\right)x_a\left(k\right)+\left(B+∆B\right)u\left(k\right)+Dw\left(k\right)$$

where

$$∆A=F_A{∆}_A{H}_A, ∆B=F_B{∆}_B{H}_B$$

$$with F_B=-B,H_B=I, ‖{∆}_A‖\le 1, ‖{∆}_B‖\le 1$$

Note that the uncertainty in (13) is also modelled in the norm-bounded form. The above problem can be solved using the following theorem.

Theorem 2. 

The uncertain system under DoS attack (13) can be stabilized if there is a feasible solution to the following minimization problem

$$minimize \mathrm{t}\mathrm{r}\mathrm{a}\mathrm{c}\mathrm{e}\left[C_{a}P{C}_a^{\prime }\right]$$

subject to the following constraints

$$\left[\begin{array}{ccccc}-\alpha P& {\left(AP+BY\right)}^{\prime }& 0& P{H}_A^{\prime }& {\left(Y\right)}^{\prime }\\ \ast & -P+{\epsilon }_1{F}_A{F}_A^{\prime }+{\epsilon }_{2}BB\prime & D& 0& 0\\ \ast & \ast & -\left(1-\alpha \right)I& 0& 0\\ \ast & \ast & \ast & -{\epsilon }_{1}I& 0\\ \ast & \ast & \ast & \ast & -{\epsilon }_{2}I\end{array}\right]\le 0,$$

$$P>0,$$

$$and the scalars 0<\alpha <1,{\epsilon }_1>0,{\epsilon }_2>0$$

The solution $\widehat{P},\widehat{Y}$ of this problem defines the matrix $C_{a}P{C}_a^{\prime }$ of the output bounding ellipsoid and the secure (against cyber-attack), robust (against load uncertainty) state regulator is

$$\widehat{K}=\widehat{Y}{\widehat{P}}^{-1}$$

Proof. 

Substitute $F_B=-B,{ H}_B=I$ in Theorem 1. □

3.2. Comparison with $H_{\infty }$ Control

The $H_{\mathrm{\infty }}$ control can be obtained as follows

$$minimize \gamma$$

Subject to

$$\left[\begin{array}{cccc}P& AP-BY& D& 0\\ \ast & P& 0& P{C}^{\prime }\\ \ast & \ast & \gamma I& 0\\ \ast & \ast & \ast & \gamma I\end{array}\right]>0,P>0,\gamma >0$$

The resulting controller is

$$K_{\mathrm{\infty }}=Y{P}^{-1}$$

(16)

Note that the objective function to be minimized is selected as the trace function, which is a linear function. Hence, the cyberattacks or uncertainties reduce to an optimization problem for minimizing a linear objective function subject to linear constraints. This is a convex optimization problem cast in the LMI form, easy to solve by the MATLAB robust control toolbox.

By enforcing the system state to remain within a bounded invariant ellipsoidal set, the proposed control design ensures guaranteed performance despite both cyber-induced input loss and parametric uncertainty. This approach forms a unified, mathematically sound solution to address cyber-physical challenges in EV induction motor drives.

4. Simulation Verification

The nonlinear nature of the induction motor model, as described by Equation (5), demands linearization at a specific operating point. This linearization process was performed using the MATLAB command jacobian (version 2023b). Subsequently, the system’s A-matrix in Equation (3) is derived under two distinct operating scenarios: (i) a light-load condition, assuming no variation in the rotor resistance (R_r = 100% of its nominal value), yielding the state matrix denoted as A1; and (ii) a heavy -load condition, incorporating a parameter variation in the rotor resistance (R_r = 150% of its nominal value), corresponds to A2. Substituting in (2), the resulting linearized continuous-time state matrices are

$$A_1=\left[\begin{array}{c}-32.153\\ -333.15\\ \begin{array}{c}3.5828\\ 0.0\end{array}\end{array}\begin{array}{c} 309.55\\ 37.727\\ \begin{array}{c}0.0\\ 364.99\end{array}\end{array}\begin{array}{c} 44.756\\ -1097\\ \begin{array}{c}-13.887\\ 485.99\end{array}\end{array}\begin{array}{c} 0.4\\ -1.3045\\ \begin{array}{c}0.0\\ 0.0\end{array}\end{array}\right], A_2=\left[\begin{array}{c}-32.153\\ -270.9\\ \begin{array}{c}3.5828\\ 0.0\end{array}\end{array}\begin{array}{c} 267.91\\ 38.423\\ \begin{array}{c}0.0\\ 485.99\end{array}\end{array}\begin{array}{c} 28.733\\ -904.72\\ \begin{array}{c}-13.887\\ 1215\end{array}\end{array}\begin{array}{c} 1.0\\ -1.7726\\ \begin{array}{c}0.0\\ 0.0\end{array}\end{array}\right]$$

The corresponding discrete-time matrices, with sampling time Ts = 0.002 s, are calculated. The average matrix (between the extremities, light and heavy loads) for the discrete-time system is

$$A_d=\left[\begin{array}{c}0.87094\\ -0.30934\\ \begin{array}{c}0.0082771\\ -0.1478\end{array}\end{array}\begin{array}{c} 0.30051\\ 0.85689\\ \begin{array}{c}0.0013947 \\ 0.91087\end{array}\end{array}\begin{array}{c}-0.081021\\ -1.0079 \\ \begin{array}{c} 0.96578\\ 1.1669\end{array}\end{array}\begin{array}{c} 0.00077577\\ -0.0034537\\ \begin{array}{c}{4.8094\times 10}^{-6}\\ 0.99832\end{array}\end{array}\right]$$

The uncertainty in matrix A can be modelled in the norm-bounded form as follows.

$\mathrm{T}\mathrm{h}\mathrm{e} \mathrm{d}\mathrm{e}\mathrm{v}\mathrm{i}\mathrm{a}\mathrm{t}\mathrm{i}\mathrm{o}\mathrm{n} ∆A=F_A∆H_A$ is obtained using the singular value decomposition as [25]

$$F_A=\left[\begin{array}{c}-0.0097054\\ 0.036624\\ -0.007476\\ 0.79907\end{array}\right], \mathrm{a}\mathrm{n}\mathrm{d} H_A=\left[\begin{array}{cccc}-0.0050178& -0.013707& 0.79987& {-8.8012\times 10}^{-5}\end{array}\right]$$

Furthermore,

$$B_d=\left[\begin{array}{cc}0.0078198& 0\\ 0& 0.0078198\\ 0& 0\\ 0& 0\end{array}\right], C=\left[\begin{array}{cccc}0& 0& 0& 1\end{array}\right],\mathrm{a}\mathrm{n}\mathrm{d} D_d=\left[\begin{array}{c}0\\ 0\\ 0\\ -1.2903\end{array}\right]$$

Solving Theorem 2, the proposed control is

$$K_x=\left[\begin{array}{cccc}-56.681& -6.7124& -1.4943& 2.7297\\ 36.425& -103.17& 48.43& -38.711\end{array}\right],\mathrm{a}\mathrm{n}\mathrm{d} K_i=\left[\begin{array}{c}4.2475\\ 2.2548\end{array}\right]$$

The H_ꚙ control is

$$K_{x\infty }=\left[\begin{array}{cccc}-135.32& 94.704 & 175.94& 149.47\\ 67.868& -294.97& -267.34& -201.92\end{array}\right], and K_{i\infty }=\left[\begin{array}{c}-2.0331\\ -0.30943\end{array}\right]$$

The performance analysis of the EV induction motor drive is conducted using the MATLAB 2023b software package. A block diagram representation of the developed controller is illustrated in Figure 2. The system model incorporating the proposed controller was evaluated under typical operating conditions, encompassing step variations in the load torque and the presence of a DoS attack. The vector-controlled induction motor drive system, integrated with the proposed tracking mechanism, was assessed across two different scenarios: one without and one with the DoS attack. These scenarios involved deterministic load torque disturbances and parameter variations, specifically rotor resistance variation. Within each scenario, a three-stage DoS attack was simulated using a Bernoulli stochastic variable with a probability of 0.8. The temporal characteristics of the DoS attacks are listed in

Table 3. Timing of the DoS Attack.

Attack #	Time	Status
1	t = 5 s	During a step load torque increase
2	t = 20 s	At normal operation
3	t = 32 s	During step load torque decrease

. The efficacy of the proposed tracking controller was benchmarked against that of H_ꚙ controllers in each scenario to ascertain its relative performance.

To capture the dynamic effects of DoS attacks, three distinct temporal instances were selected: during a torque step-up (t = 5 s), at steady-state operation (t = 20 s), and during a torque step-down (t = 32 s). The Bernoulli model used a probability of 0.8, representing frequent control packet loss. These scenarios simulate realistic cyberattack patterns and their interaction with transient and steady-state dynamics in the EV drive system.

4.1. Scenario 1: Deterministic Load Torque Disturbance

To validate the sufficiency of the proposed control approach under DoS attack conditions and realistic vehicle assumptions, extensive simulations are carried out with varying load disturbances and stochastic DoS profiles, mimicking real EV operational scenarios.

4.1.1. Case 1: Without DoS Attack

A step up-and-down load torque disturbance is examined with random occurrence at 5 and 30 s, Figure 4a. The deviation of induction motor speed response without attack under load torque disturbances is depicted in Figure 4b. The proposed tracker and H_ꚙ controller with the up-and-down load torque step changes demonstrate the superiority of the suggested method over the H_ꚙ controller in terms of percentage overshoot, settling time, rise time, and steady-state error.

4.1.2. Case 2: With DoS Attack

The system’s response to a step-up-and-down load torque disturbance is investigated under the influence of DoS attacks as depicted in Figure 5a and Figure 6a. The DoS attacks profile is illustrated in Figure 5b and Figure 6b. The transient response of the EV induction motor speed with the proposed tracker and under these combined load torque disturbances and DoS attacks is presented in Figure 5c. Figure 6c shows the performance of the H_ꚙ controller under simultaneous DoS attacks and step changes in load torque, revealing its limited ability to effectively manage these concurrent disturbances. Figure 7 provides a detailed examination of the controller’s behavior under varying attack timings and load torque disturbances, highlighting the slow response and significant overshoots exhibited by the H_ꚙ controller. Conversely, the proposed tracking controller demonstrates superior disturbance rejection capabilities compared to the H_ꚙ controller in the presence of these disturbances.

4.2. Scenario 2: Robustness Against Parameter Variation (Rotor Resistance Variations)

To further establish robustness, the controller is tested under varying rotor resistance values representing parameter drift, combined with DoS-induced input dropout. This joint disturbance scenario reflects realistic stress conditions experienced by EV motor drives.

4.2.1. Case 1: Without DoS Attack

This case presents a comparative analysis of the proposed tracker and the H_ꚙ controller. The robustness of the suggested tracker is evaluated on the EV induction motor drive system under parametric uncertainty, specifically ±50% variations in rotor resistance (R_r). Figure 8a illustrates the multi-step changes in the load. The speed error responses of the EV vector-controlled induction motor drive system, employing both the proposed tracker and the H_ꚙ controller, are shown in Figure 8b for a 50% R_r. Similarly, Figure 8c,d depict the speed error responses of the induction motor drive system utilizing the proposed tracker and the H_ꚙ controller at 100% R_r and 150% R_r, respectively. The proposed tracker demonstrates rapid and robust responses across the tested rotor resistance variations (50%, 100%, and 150%) and during the step changes in the load torque.

4.2.2. Case 2: Under DoS Attack

This case undertakes a comparative analysis of the proposed tracking controller against an H_ꚙ controller. The robustness of the proposed tracker is rigorously evaluated within the context of an EV induction motor drive system operating under conditions of parametric uncertainty, specifically considering ±50% variations in R_r, and subjected to a Denial-of-Service (DoS) attack and multi-step change in load torque. The temporal profiles of the multi-step load variations and the instances of the DoS attack are presented in Figure 9a,b, Figure 10a,b, and Figure 11a,b. The dynamic response of the EV induction motor drive’s speed error under a +50% R_r perturbation is illustrated in Figure 9c–h. Figure 9c,d,h delineates the performance of the proposed controller during three discrete DoS attack intervals, while Figure 9f–h depicts the corresponding response of the H_ꚙ controller under identical DoS attack scenarios. Analogous speed error responses for rotor resistance variations of 100% R_r and 150% R_r are provided in Figure 10c–e and Figure 10f–h, and Figure 11c–e and Figure 11f–h, respectively. The proposed tracking demonstrates rapid and robust performance when subjected concurrently to variations of 50% and 100% R_r, multi-step load changes, and a DoS attack. Moreover, the proposed tracker demonstrates comparatively superior performance to the H_ꚙ controller under simultaneous variations in the three rotor resistance parameters and the application of a DoS attack when these disturbances are simultaneously applied.

It was observed that the impact of DoS attacks varied significantly with their timing and the operating condition of the system. Attacks occurring during torque transients caused more pronounced speed deviations and overshoots compared to those at steady state. Additionally, system degradation was more severe under high rotor resistance variations, revealing a compounded vulnerability when cyber and physical disturbances co-occur. These results emphasize the necessity for integrated robust control that anticipates both the intensity and timing of cyberattacks.

5. Conclusions

A novel control design methodology is introduced to achieve effective and rapid speed regulation of the electric-vehicle (EV) vector-controlled induction motor drive system in the presence of parametric uncertainty and Denial-of-Service (DoS) attacks. The invariant ellipsoid design proposed yields a state feedback controller with integral action.

The nonlinear model of the EV vector-controlled induction motor drive is derived, and a linearized model is then obtained to represent system parameter uncertainties and DoS attacks, facilitating the application of the derived tracking controller. The efficacy of this controller is evaluated across diverse operational conditions and during simulated DoS attacks. These scenarios encompass deterministic load variations and system parameter deviations.

Remarkably, the EV vector-controlled induction motor drive system, integrated with the proposed tracker, demonstrates successful stabilization under these operational conditions and in the face of DoS attacks. The control strategy exhibits resilience against DoS attacks and robustness to system uncertainties. Performance analysis substantiates its superiority when compared to an H_ꚙ controller. This methodology treats the DoS attack as a norm-bounded uncertainty in the input matrix. Load changes of the induction motor result in parameter uncertainties, modelled in a norm-bounded format within the state matrix (considered an external disturbance). The effect of these composite disturbances is attenuated through the minimization of the invariant-ellipsoidal volume.