A Joint Estimation Method of SOC and SOH for Lithium-ion Battery Considering Cyber-Attacks Based on GA-BP

To improve the estimation accuracy of state of charge(SOC)and state of health(SOH)for lithium-ion batteries,in this paper,a joint estimation method of SOC and SOH at charging cut-off voltage based on genetic algorithm(GA)combined with back propagation(BP)neural network is proposed,the research addresses the issue of data manipulation resulting fromcyber-attacks.Firstly,anomalous data stemming fromcyber-attacks are identified and eliminated using the isolated forest algorithm,followed by data restoration.Secondly,the incremental capacity(IC)curve is derived fromthe restored data using theKalman filtering algorithm,with the peak of the ICcurve(ICP)and its corresponding voltage serving as the health factor(HF).Thirdly,the GA-BP neural network is applied to map the relationship between HF,constant current charging time,and SOH,facilitating the estimation of SOH based on HF.Finally,SOC estimation at the charging cut-off voltage is calculated by inputting the SOH estimation value into the trained model to determine the constant current charging time,and by updating the maximum available capacity.Experiments show that the root mean squared error of the joint estimation results does not exceed 1%,which proves that the proposed method can estimate the SOC and SOH accurately and stably even in the presence of false data injection attacks.

Increasing Threats to United States of America Infrastructure Based on Cyber-Attacks

The United States of America faces an increasing number of threats to its critical infrastructure due to cyber-attacks. With the constant advancement of technology and the interconnectedness of various systems, the vulnerabilities in the nation’s infrastructure have become more pronounced. Cyber-attacks on critical infrastructure, such as power grids, transportation networks, and financial systems, pose a significant risk to national security and public safety. These attacks can disrupt essential services, cause economic losses, and potentially have severe consequences for the well-being of individuals and communities. The rise of cyber-terrorism is also a concern. Cyber-terrorists can exploit vulnerabilities in cyberspace to compromise infrastructure systems, causing chaos and panic among the population. The potential for destructive attacks on critical infrastructure is a pressing issue requiring constant attention and proactive measures.

Hybrid-triggered consensus for multi-agent systems with time-delays,uncertain switching topologies, and stochastic cyber-attacks

We propose a new approach to discuss the consensus problem of multi-agent systems with time-varying delayed control inputs, switching topologies, and stochastic cyber-attacks under hybrid-triggered mechanism.A Bernoulli variable is used to describe the hybrid-triggered scheme, which is introduced to alleviate the burden of the network.The mathematical model of the closed-loop control system is established by taking the influences of time-varying delayed control inputs,switching topologies, and stochastic cyber-attacks into account under the hybrid-triggered scheme.A theorem as the main result is given to make the system consistent based on the theory of Lyapunov stability and linear matrix inequality.Markov jumps with uncertain rates of transitions are applied to describe the switch of topologies.Finally, a simulation example demonstrates the feasibility of the theory in this paper.

Group consensus of multi-agent systems subjected to cyber-attacks

In this paper, we investigate the group consensus for leaderless multi-agent systems. The group consensus protocol based on the position information from neighboring agents is designed. The network may be subjected to frequent cyberattacks, which is close to an actual case. The cyber-attacks are assumed to be recoverable. By utilizing algebraic graph theory, linear matrix inequality(LMI) and Lyapunov stability theory, the multi-agent systems can achieve group consensus under the proposed control protocol. The sufficient conditions of the group consensus for the multi-agent networks subjected to cyber-attacks are given. Furthermore, the results are extended to the consensus issue of multiple subgroups with cyber-attacks. Numerical simulations are performed to demonstrate the effectiveness of the theoretical results.

Aperiodic Sampled-Data Control of Distributed Networked Control Systems Under Stochastic Cyber-Attacks

This paper examines the stabilization problem of a distributed networked control system under the effect of cyberattacks by employing a hybrid aperiodic triggering mechanism.The cyber-attack considered in the paper is a stochastic deception attack at the sensor-controller end. The probability of the occurrence of attack on a subsystem is represented using a random variable. A decentralized hybrid sampled-data strategy is introduced to save energy consumption and reduce the transmission load of the network. In the proposed decentralized strategy, each subsystem can decide independently whether its state should be transmitted to the controller or not. The scheme of the hybrid triggering mechanism for each subsystem composed of two stages: In the first stage, the next sampling instant is computed using a self-triggering strategy. Subsequently, in the second stage, an event-triggering condition is checked at these sampling instants and the control signal is computed only if the event-triggering condition is violated. The self-triggering condition used in the first stage is dependent on the selection of eventtriggering condition of the second stage. Finally, a comparison of the proposed approach with other triggering mechanisms existing in the literature is presented in terms of the sampling instants,transmission frequency and performance measures through simulation examples.

Quantitative Evaluation of Cyber-Attacks on a Hypothetical School Computer Network

This paper presents the attack tree modeling technique of quantifying cyber-attacks on a hypothetical school network system. Attack trees are constructed by decomposing the path in the network system where attacks are plausible. Considered for the network system are two possible network attack paths. One network path represents an attack through the Internet, and the other represents an attack through the Wireless Access Points (WAPs) in the school network. The probabilities of success of the events, that is, 1) the attack payoff, and 2) the commitment of the attacker to infiltrate the network are estimated for the leaf nodes. These are used to calculate the Returns on Attacks (ROAs) at the Root Nodes. For Phase I, the “As Is” network, the ROA values for both attack paths, are higher than 7 (8.00 and 9.35 respectively), which are high values and unacceptable operationally. In Phase II, countermeasures are implemented, and the two attack trees reevaluated. The probabilities of success of the events, the attack payoff and the commitment of the attacker are then re-estimated. Also, the Returns on Attacks (ROAs) for the Root Nodes are re-assessed after executing the countermeasures. For one attack tree, the ROA value of the Root Node was reduced to 4.83 from 8.0, while, for the other attack tree, the ROA value of the Root Node changed to 3.30 from 9.35. ROA values of 4.83 and 3.30 are acceptable as they fall within the medium value range. The efficacy of this method whereby, attack trees are deployed to mitigate computer network risks, as well as using it to assess the vulnerability of computer networks is quantitatively substantiated.

Data Mining Based Cyber-Attack Detection

Detecting cyber-attacks undoubtedly has become a big data problem. This paper presents a tutorial on data mining based cyber-attack detection. First,a data driven defence framework is presented in terms of cyber security situational awareness. Then, the process of data mining based cyber-attack detection is discussed. Next,a multi-loop learning architecture is presented for data mining based cyber-attack detection. Finally,common data mining techniques for cyber-attack detection are discussed.

An Algebraic Detection Approach for Control Systems under Multiple Stochastic Cyber-attacks

In order to compromise a target control system successfully, hackers possibly attempt to launch multiple cyberattacks aiming at multiple communication channels of the control system. However, the problem of detecting multiple cyber-attacks has been hardly investigated so far. Therefore, this paper deals with the detection of multiple stochastic cyber-attacks aiming at multiple communication channels of a control system. Our goal is to design a detector for the control system under multiple cyberattacks. Based on frequency-domain transformation technique and auxiliary detection tools, an algebraic detection approach is proposed. By applying the presented approach, residual information caused by different attacks is obtained respectively and anomalies in the control system are detected. Sufficient and necessary conditions guaranteeing the detectability of the multiple stochastic cyber-attacks are obtained. The presented detection approach is simple and straightforward. Finally, two simulation examples are provided, and the simulation results show that the detection approach is effective and feasible. © 2014 Chinese Association of Automation.

On Zero Dynamics and Controllable Cyber-Attacks in Cyber-Physical Systems and Dynamic Coding Schemes as Their Countermeasures

In this paper, we study stealthy cyber-attacks on actuators of cyber-physical systems(CPS), namely zero dynamics and controllable attacks. In particular, under certain assumptions, we investigate and propose conditions under which one can execute zero dynamics and controllable attacks in the CPS. The above conditions are derived based on the Markov parameters of the CPS and elements of the system observability matrix. Consequently, in addition to outlining the number of required actuators to be attacked, these conditions provide one with the minimum system knowledge needed to perform zero dynamics and controllable cyber-attacks. As a countermeasure against the above stealthy cyber-attacks, we develop a dynamic coding scheme that increases the minimum number of the CPS required actuators to carry out zero dynamics and controllable cyber-attacks to its maximum possible value. It is shown that if at least one secure input channel exists, the proposed dynamic coding scheme can prevent adversaries from executing the zero dynamics and controllable attacks even if they have complete knowledge of the coding system. Finally, two illustrative numerical case studies are provided to demonstrate the effectiveness and capabilities of our derived conditions and proposed methodologies.

信息物理多重攻击下配电网状态估计关键技术评述

配电网数字化转型将进一步促进信息系统与物理系统的深度耦合,由于配电网信息安全防御资源有限,难以将信息侧安全风险隔离于物理系统之外,这也使得配电网状态估计正面临全新的挑战。首先,文中简要介绍了配电网信息物理系统体系结构,并构建了面向信息物理系统的配电网状态估计技术框架;其次,较为全面地梳理了信息物理融合背景下配电网状态估计技术的国内外研究现状,包括考虑网络攻击的配电网伪量测建模与分析、配电网虚假数据注入攻击分析与防御以及配电网信息物理系统安全风险分析与可靠性评估等方向;最后,对该领域未来进一步发展所面临的关键问题进行了探讨和分析。

攻防对抗视角下的网络安全主动防御体系研究

为了解决纵深防御体系中防御能力固化、灵活性不足等问题,从攻防对抗视角出发,提出一种网络安全主动防御体系。首先,基于情报收集、监测预警、防御指挥和防御行动等要素的详细描述,设计了用于规划主动防御系统的能力组成框架;其次,选择网络杀伤链、ATT&CK知识库和OODA循环法则,设计了一个以攻助防的防御模型,并分析了引入博弈论进行防御算法设计的优势;最后,以实现为目标,构想了一个典型应用场景,以期为安全能力的体系化设计提供有益借鉴。

新型配电系统分布式经济调度信息安全问题研究综述

随着大规模高比例的分布式电源接入电网运行,分布式经济调度系统因其优势显著受到更多的关注。但是,该系统特有的分布式通信构架、优化问题迭代求解过程和多利益主体参与模式为从系统内部和外部实施网络攻击提供了更宽广的时空条件,攻击模式和手段更加复杂多样,解决信息安全问题是提高分布式经济调度系统实用化程度的重要前提和基础。文中对分布式经济调度系统可能出现的信息安全问题及应对措施的研究现状进行了综述。首先,讨论了电力系统各种通信技术对分布式经济调度系统的适应性以及通信技术本身存在的安全风险;其次,介绍了外部网络攻击和内部恶意行为两类典型的信息安全问题,并进行了相关的特点分析和影响评估;然后,归纳和分析了两类信息安全问题的检测、预防、抑制措施和方法;最后,对信息安全问题模型的建立和综合安全防御体系构建进行了探讨。

医院近源网络攻击风险分析及对策建议

目的/意义分析医院面临的近源网络攻击风险,提出对策建议。方法/过程结合实际工作经验,先以近源网络攻击者视角对医院网络架构、现场物理环境、人员行为等方面进行风险分析,再以防守者视角,结合合规要求和技术实践做法,提出对策建议。结果/结论识别出无线局域网破解、有线网络插口暴露、自助机配置不当、投毒与钓鱼、敏感信息泄漏5类主要风险,提出加强Wi-Fi管理、联网终端准入全覆盖、多部门协作管理自助机设备、内网终端禁用移动存储介质、网络安全教育应与时俱进5条防范建议。

针对自动驾驶智能模型的攻击与防御

近年来,以深度学习算法为代表的人工智能技术为人类生产生活的方方面面带来了巨大的革新,尤其是在自动驾驶领域,部署着自动驾驶系统的智能汽车已经走进入们的生活,成为了重要的生产力工具.然而,自动驾驶系统中的人工智能模型面临着潜在的安全隐患和风险,这给人民群众生命财产安全带来了严重威胁.本文通过回顾自动驾驶智能模型攻击和防御的相关研究工作,揭示自动驾驶系统在物理世界下面临的安全风险并归纳总结了相应的防御对策.具体来说,本文首先介绍了包含攻击面、攻击能力和攻击目标的自动驾驶系统安全风险模型.其次,面向自动驾驶系统的三个关键功能层——传感器层、感知层和决策层,本文依据受攻击的智能模型和攻击手段归纳、分析了对应的攻击方法以及防御对策,并探讨了现有方法的局限性.最后,本文讨论和展望了自动驾驶智能模型攻击与防御技术面临的难题与挑战,并指出了未来潜在的研究方向和发展趋势.

Cyber-attack Detection Strategy Based on Distribution System State Estimation

Cyber-attacks that tamper with measurement information threaten the security of state estimation for the current distribution system.This paper proposes a cyber-attack detection strategy based on distribution system state estimation(DSSE).The uncertainty of the distribution network is represented by the interval of each state variable.A three-phase interval DSSE model is proposed to construct the interval of each state variable.An improved iterative algorithm(IIA)is developed to solve the interval DSSE model and to obtain the lower and upper bounds of the interval.A cyber-attack is detected when the value of the state variable estimated by the traditional DSSE is out of the corresponding interval determined by the interval DSSE.To validate the proposed cyber-attack detection strategy,the basic principle of the cyber-attack is studied,and its general model is formulated.The proposed cyber-attack model and detection strategy are conducted on the IEEE 33-bus and 123-bus systems.Comparative experiments of the proposed IIA,Monte Carlo simulation algorithm,and interval Gauss elimination algorithm prove the validation of the proposed method.

论网络攻击溯源困境下的战争伦理规制

网络攻击溯源旨在确定虚拟网络空间中发起攻击的行为主体,使得攻击者受到应有制裁,这对于实现网络空间的安全具有重大意义。然而,现实中网络攻击溯源遭遇困境,通过技术手段难以最终锁定发动攻击者,通过法律途径也难以将某攻击责任归因于一国政府。解决溯源问题需要转换研究视域,从问题追溯的理路转向直面攻击行为本身,从各种网络攻击中区分出国家网络攻击并进行伦理规制。国家网络攻击本质上是一种新型战争方式,是体现国家意志有组织的暴力行为,已有战争伦理规范难以适用于这种新型战争,国际网络空间实质上处于一种伦理缺失状态,只有重塑战争伦理才能规制国家网络攻击,也才能从根本上破解溯源困境。要抛弃“武力至上”的现实主义伦理观念,在网络空间中树立正义战争观。通过宣告原则主动标识国家网络行为,要遵循恰当性原则接受正义性审视。要遵循网络平等均衡原则促进构建和平正义的国际环境。

Non-Deterministic Liveness-Enforcing Supervisor Tolerant to Sensor-Reading Modification Attacks

In this paper, we study the supervisory control problem of discrete event systems assuming that cyber-attacks might occur. In particular, we focus on the problem of liveness enforcement and consider a sensor-reading modification attack(SM-attack) that may disguise the occurrence of an event as that of another event by intruding sensor communication channels. To solve the problem, we introduce non-deterministic supervisors in the paper, which associate to every observed sequence a set of possible control actions offline and choose a control action from the set randomly online to control the system. Specifically, given a bounded Petri net(PN) as the reference formalism and an SMattack, an algorithm that synthesizes a liveness-enforcing nondeterministic supervisor tolerant to the SM-attack is proposed for the first time.

Cybersecurity Landscape on Remote State Estimation:A Comprehensive Review

Cyber-physical systems(CPSs)have emerged as an essential area of research in the last decade,providing a new paradigm for the integration of computational and physical units in modern control systems.Remote state estimation(RSE)is an indispensable functional module of CPSs.Recently,it has been demonstrated that malicious agents can manipulate data packets transmitted through unreliable channels of RSE,leading to severe estimation performance degradation.This paper aims to present an overview of recent advances in cyber-attacks and defensive countermeasures,with a specific focus on integrity attacks against RSE.Firstly,two representative frameworks for the synthesis of optimal deception attacks with various performance metrics and stealthiness constraints are discussed,which provide a deeper insight into the vulnerabilities of RSE.Secondly,a detailed review of typical attack detection and resilient estimation algorithms is included,illustrating the latest defensive measures safeguarding RSE from adversaries.Thirdly,some prevalent attacks impairing the confidentiality and data availability of RSE are examined from both attackers'and defenders'perspectives.Finally,several challenges and open problems are presented to inspire further exploration and future research in this field.

异构防火墙IP封堵系统的设计与实现

互联网网络安全形势日趋严峻,在企事业单位的互联网业务应用遭受网络攻击等网络安全紧急事件时,如何及时有效地阻断来自互联网的恶意攻击,降低甚至消除网络攻击对互联网业务应用系统的影响,保障企事业单位业务的正常运转,显得尤其重要。结合互联网业务应用通常的部署架构,在互联网业务应用的边界提出基于防火墙IP黑名单功能或者访问控制策略的阻断方式,在广泛结合主流防火墙的基础上,分别提出不同的解决方案,并在实际网络中进行部署,实践结果表明,该方案可实现对恶意攻击IP的快速有效甚至秒级封堵。

A Survey on Sensor-and Communication-Based Issues of Autonomous UAVs

The application field for Unmanned Aerial Vehicle (UAV) technology and its adoption rate have been increasingsteadily in the past years. Decreasing cost of commercial drones has enabled their use at a scale broader thanever before. However, increasing the complexity of UAVs and decreasing the cost, both contribute to a lack ofimplemented securitymeasures and raise new security and safety concerns. For instance, the issue of implausible ortampered UAV sensor measurements is barely addressed in the current research literature and thus, requires moreattention from the research community. The goal of this survey is to extensively review state-of-the-art literatureregarding common sensor- and communication-based vulnerabilities, existing threats, and active or passive cyberattacksagainst UAVs, as well as shed light on the research gaps in the literature. In this work, we describe theUnmanned Aerial System (UAS) architecture to point out the origination sources for security and safety issues.Weevaluate the coverage and completeness of each related research work in a comprehensive comparison table as wellas classify the threats, vulnerabilities and cyber-attacks into sensor-based and communication-based categories.Additionally, for each individual cyber-attack, we describe existing countermeasures or detectionmechanisms andprovide a list of requirements to ensureUAV’s security and safety.We also address the problem of implausible sensormeasurements and introduce the idea of a plausibility check for sensor data. By doing so, we discover additionalmeasures to improve security and safety and report on a research niche that is not well represented in the currentresearch literature.