A Survey of Cyber Attacks on Cyber Physical Systems:Recent Advances and Challenges

A cyber physical system(CPS)is a complex system that integrates sensing,computation,control and networking into physical processes and objects over Internet.It plays a key role in modern industry since it connects physical and cyber worlds.In order to meet ever-changing industrial requirements,its structures and functions are constantly improved.Meanwhile,new security issues have arisen.A ubiquitous problem is the fact that cyber attacks can cause significant damage to industrial systems,and thus has gained increasing attention from researchers and practitioners.This paper presents a survey of state-of-the-art results of cyber attacks on cyber physical systems.First,as typical system models are employed to study these systems,time-driven and event-driven systems are reviewed.Then,recent advances on three types of attacks,i.e.,those on availability,integrity,and confidentiality are discussed.In particular,the detailed studies on availability and integrity attacks are introduced from the perspective of attackers and defenders.Namely,both attack and defense strategies are discussed based on different system models.Some challenges and open issues are indicated to guide future research and inspire the further exploration of this increasingly important area.

Cyber Attack Protection and Control of Microgrids

Recently, the smart grid has been considered as a next-generation power system to modernize the traditional grid to improve its security, connectivity, efficiency and sustainability.Unfortunately, the smart grid is susceptible to malicious cyber attacks, which can create serious technical, economical, social and control problems in power network operations. In contrast to the traditional cyber attack minimization techniques, this paper proposes a recursive systematic convolutional(RSC) code and Kalman filter(KF) based method in the context of smart grids.Specifically, the proposed RSC code is used to add redundancy in the microgrid states, and the log maximum a-posterior is used to recover the state information, which is affected by random noises and cyber attacks. Once the estimated states are obtained by KF algorithm, a semidefinite programming based optimal feedback controller is proposed to regulate the system states, so that the power system can operate properly. Test results show that the proposed approach can accurately mitigate the cyber attacks and properly estimate and control the system states.

Analysis of Causes and Actual Events on Electric Power Infrastructure Impacted by Cyber Attack

With the development of electric power technology, information technology and military technology, the impact of cyber attack on electric power infrastructure has increasingly become a hot spot issue which calls both domestic and foreign attention. First, main reasons of the impact on power infrastructure caused by cyber attack are analyzed from the following two aspects: 1) The dependence of electric power infrastructure on information infrastructure makes cyber attack issues in information field likely to affect electric power field. 2) As regards to the potential threat sources, it will be considerably profitable to launch cyber attacks on electric power infrastructure. On this basis, this paper gives a classified elaboration on the characteristics and the possibilities of cyber attacks on electrical infrastructures. Finally, the recently published actual events of cyber attacks in respect of threat sources, vulnerabilities and assaulting modes are analyzed and summarized.

Modeling Abstraction Hierarchy Levels of the Cyber Attacks Using Random Process

Aspects of human behavior in cyber security allow more natural security to the user. This research focuses the appearance of anticipating cyber threats and their abstraction hierarchy levels on the mental picture levels of human. The study concerns the modeling of the behaviors of mental states of an individual under cyber attacks. The mental state of agents being not observable, we propose a non-stationary hidden Markov chain approach to model the agent mental behaviors. A renewal process based on a nonparametric estimation is also considered to investigate the spending time in a given mental state. In these approaches, the effects of the complexity of the cyber attacks are taken into account in the models.

Evaluation of Microsoft Windows Servers 2008 &2003 against Cyber Attacks

Distributed Denial of Service (DDoS) is known to compromise availability of Information Systems today. Widely deployed Microsoft’s Windows 2003 & 2008 servers provide some built-in protection against common Distributed Denial of Service (DDoS) attacks, such as TCP/SYN attack. In this paper, we evaluate the performance of built-in protection capabilities of Windows servers 2003 & 2008 against a special case of TCP/SYN based DDoS attack. Based on our measurements, it was found that the built-in security features which are available by default on Microsoft’s Windows servers were not sufficient in defending against the TCP/SYN attacks even at low intensity attack traffic. Under TCP/SYN attack traffic, the Microsoft 2003 server was found to crash due to processor resource exhaustion, whereas the 2008 server was found to crash due to its memory resource depletion even at low intensity attack traffic.

Robust Control for Interval Type-2 T-S Fuzzy Discrete Systems with Input Delays and Cyber Attacks

This paper focuses on the robust control issue for interval type-2 Takagi-Sugeno(IT2 T-S)fuzzy discrete systems with input delays and cyber attacks.The lower and upper membership functions are first utilized to IT2 fuzzy discrete systems to capture parameter uncertainties.By considering the influences of input delays and stochastic cyber attacks,a newly fuzzy robust controller is established.Afterward,the asymptotic stability sufficient conditions in form of LMIs for the IT2 closed-loop systems are given via establishing a Lyapunov-Krasovskii functional.Afterward,a solving algorithm for obtaining the controller gains is given.Finally,the effectiveness of the developed IT2 fuzzy method is verified by a numerical example.

FedDiSC:A computation-efficient federated learning framework for power systems disturbance and cyber attack discrimination

With the growing concern about the security and privacy of smart grid systems,cyberattacks on critical power grid components,such as state estimation,have proven to be one of the top-priority cyber-related issues and have received significant attention in recent years.However,cyberattack detection in smart grids now faces new challenges,including privacy preservation and decentralized power zones with strategic data owners.To address these technical bottlenecks,this paper proposes a novel Federated Learning-based privacy-preserving and communication-efficient attack detection framework,known as FedDiSC,that enables Discrimination between power System disturbances and Cyberattacks.Specifically,we first propose a Federated Learning approach to enable Supervisory Control and Data Acquisition subsystems of decentralized power grid zones to collaboratively train an attack detection model without sharing sensitive power related data.Secondly,we put forward a representation learning-based Deep Auto-Encoder network to accurately detect power system and cybersecurity anomalies.Lastly,to adapt our proposed framework to the timeliness of real-world cyberattack detection in SGs,we leverage the use of a gradient privacy-preserving quantization scheme known as DP-SIGNSGD to improve its communication efficiency.Extensive simulations of the proposed framework on publicly available Industrial Control Systems datasets demonstrate that the proposed framework can achieve superior detection accuracy while preserving the privacy of sensitive power grid related information.Furthermore,we find that the gradient quantization scheme utilized improves communication efficiency by 40%when compared to a traditional federated learning approach without gradient quantization which suggests suitability in a real-world scenario.

Adaptive Network Sustainability and Defense Based on Artificial Bees Colony Optimization Algorithm for Nature Inspired Cyber Security

Cyber Defense is becoming a major issue for every organization to keep business continuity intact.The presented paper explores the effectiveness of a meta-heuristic optimization algorithm-Artificial Bees Colony Algorithm(ABC)as an Nature Inspired Cyber Security mechanism to achieve adaptive defense.It experiments on the Denial-Of-Service attack scenarios which involves limiting the traffic flow for each node.Businesses today have adapted their service distribution models to include the use of the Internet,allowing them to effectively manage and interact with their customer data.This shift has created an increased reliance on online services to store vast amounts of confidential customer data,meaning any disruption or outage of these services could be disastrous for the business,leaving them without the knowledge to serve their customers.Adversaries can exploit such an event to gain unauthorized access to the confidential data of the customers.The proposed algorithm utilizes an Adaptive Defense approach to continuously select nodes that could present characteristics of a probable malicious entity.For any changes in network parameters,the cluster of nodes is selected in the prepared solution set as a probable malicious node and the traffic rate with the ratio of packet delivery is managed with respect to the properties of normal nodes to deliver a disaster recovery plan for potential businesses.

The Role of AI in Cyber Security: Safeguarding Digital Identity

This article signals the use of Artificial Intelligence (AI) in information security where its merits, downsides as well as unanticipated negative outcomes are noted. It considers AI based models that can strengthen or undermine infrastructural functions and organize the networks. In addition, the essay delves into AI’s role in Cyber security software development and the need for AI-resilient strategies that could anticipate and thwart AI-created vulnerabilities. The document also touched on the socioeconomic ramifications of the emergence of AI in Cyber security as well. Looking into AI and security literature, the report outlines benefits including made threat detection precision, extended security ops efficiency, and preventive security tasks. At the same time, it emphasizes the positive side of AI, but it also shows potential limitations such as data bias, lack of interpretability, ethical concerns, and security flaws. The work similarly focuses on the characterized of misuse and sophisticated cyberattacks. The research suggests ways to diminish AI-generating maleficence which comprise ethical AI development, robust safety measures and constant audits and updates. With regard to the AI application in Cyber security, there are both pros and cons in terms of socio-economic issues, for example, job displacement, economic growth and the change in the required workforce skills.

Increasing Threats to United States of America Infrastructure Based on Cyber-Attacks

The United States of America faces an increasing number of threats to its critical infrastructure due to cyber-attacks. With the constant advancement of technology and the interconnectedness of various systems, the vulnerabilities in the nation’s infrastructure have become more pronounced. Cyber-attacks on critical infrastructure, such as power grids, transportation networks, and financial systems, pose a significant risk to national security and public safety. These attacks can disrupt essential services, cause economic losses, and potentially have severe consequences for the well-being of individuals and communities. The rise of cyber-terrorism is also a concern. Cyber-terrorists can exploit vulnerabilities in cyberspace to compromise infrastructure systems, causing chaos and panic among the population. The potential for destructive attacks on critical infrastructure is a pressing issue requiring constant attention and proactive measures.

Fast Screening Severe Cyber Attacks via Transient Energy-based Impact Analysis

This paper presents a transient energy based screening approach for quickly identifying potential critical attacks that might have significant impacts on power system transient stability.Specifically,the proposed approach focuses on the total transient energy injected into power systems as the result of assumptive cyber attacks.The computational improvements of the proposed method are significant as the time-domain simulations can be avoided.The efficacy of the proposed approach is demonstrated using a practical power system with various cyber attack scenarios.The identification results of the proposed method can be used to guide more detailed impact analysis and to develop more effective countermeasures against cyber attacks.

Hybrid-triggered consensus for multi-agent systems with time-delays,uncertain switching topologies, and stochastic cyber-attacks

We propose a new approach to discuss the consensus problem of multi-agent systems with time-varying delayed control inputs, switching topologies, and stochastic cyber-attacks under hybrid-triggered mechanism.A Bernoulli variable is used to describe the hybrid-triggered scheme, which is introduced to alleviate the burden of the network.The mathematical model of the closed-loop control system is established by taking the influences of time-varying delayed control inputs,switching topologies, and stochastic cyber-attacks into account under the hybrid-triggered scheme.A theorem as the main result is given to make the system consistent based on the theory of Lyapunov stability and linear matrix inequality.Markov jumps with uncertain rates of transitions are applied to describe the switch of topologies.Finally, a simulation example demonstrates the feasibility of the theory in this paper.

Group consensus of multi-agent systems subjected to cyber-attacks

In this paper, we investigate the group consensus for leaderless multi-agent systems. The group consensus protocol based on the position information from neighboring agents is designed. The network may be subjected to frequent cyberattacks, which is close to an actual case. The cyber-attacks are assumed to be recoverable. By utilizing algebraic graph theory, linear matrix inequality(LMI) and Lyapunov stability theory, the multi-agent systems can achieve group consensus under the proposed control protocol. The sufficient conditions of the group consensus for the multi-agent networks subjected to cyber-attacks are given. Furthermore, the results are extended to the consensus issue of multiple subgroups with cyber-attacks. Numerical simulations are performed to demonstrate the effectiveness of the theoretical results.

Quantitative Evaluation of Cyber-Attacks on a Hypothetical School Computer Network

This paper presents the attack tree modeling technique of quantifying cyber-attacks on a hypothetical school network system. Attack trees are constructed by decomposing the path in the network system where attacks are plausible. Considered for the network system are two possible network attack paths. One network path represents an attack through the Internet, and the other represents an attack through the Wireless Access Points (WAPs) in the school network. The probabilities of success of the events, that is, 1) the attack payoff, and 2) the commitment of the attacker to infiltrate the network are estimated for the leaf nodes. These are used to calculate the Returns on Attacks (ROAs) at the Root Nodes. For Phase I, the “As Is” network, the ROA values for both attack paths, are higher than 7 (8.00 and 9.35 respectively), which are high values and unacceptable operationally. In Phase II, countermeasures are implemented, and the two attack trees reevaluated. The probabilities of success of the events, the attack payoff and the commitment of the attacker are then re-estimated. Also, the Returns on Attacks (ROAs) for the Root Nodes are re-assessed after executing the countermeasures. For one attack tree, the ROA value of the Root Node was reduced to 4.83 from 8.0, while, for the other attack tree, the ROA value of the Root Node changed to 3.30 from 9.35. ROA values of 4.83 and 3.30 are acceptable as they fall within the medium value range. The efficacy of this method whereby, attack trees are deployed to mitigate computer network risks, as well as using it to assess the vulnerability of computer networks is quantitatively substantiated.

Cyber-Security of Smart Grids: Attacks, Detection, Countermeasure Techniques, and Future Directions

One of the significant challenges that smart grid networks face is cyber-security. Several studies have been conducted to highlight those security challenges. However, the majority of these surveys classify attacks based on the security requirements, confidentiality, integrity, and availability, without taking into consideration the accountability requirement. In this survey paper, we provide a classification of attacks based on the OSI model and discuss in more detail the cyber-attacks that can target the different layers of smart grid networks communication. We also propose new classifications for the detection and countermeasure techniques and describe existing techniques under each category. Finally, we discuss challenges and future research directions.

Data Mining Based Cyber-Attack Detection

Detecting cyber-attacks undoubtedly has become a big data problem. This paper presents a tutorial on data mining based cyber-attack detection. First,a data driven defence framework is presented in terms of cyber security situational awareness. Then, the process of data mining based cyber-attack detection is discussed. Next,a multi-loop learning architecture is presented for data mining based cyber-attack detection. Finally,common data mining techniques for cyber-attack detection are discussed.

信息物理多重攻击下配电网状态估计关键技术评述

配电网数字化转型将进一步促进信息系统与物理系统的深度耦合,由于配电网信息安全防御资源有限,难以将信息侧安全风险隔离于物理系统之外,这也使得配电网状态估计正面临全新的挑战。首先,文中简要介绍了配电网信息物理系统体系结构,并构建了面向信息物理系统的配电网状态估计技术框架;其次,较为全面地梳理了信息物理融合背景下配电网状态估计技术的国内外研究现状,包括考虑网络攻击的配电网伪量测建模与分析、配电网虚假数据注入攻击分析与防御以及配电网信息物理系统安全风险分析与可靠性评估等方向;最后,对该领域未来进一步发展所面临的关键问题进行了探讨和分析。

The Knowledge of Cyber-Security Vulnerabilities in an Institution of Higher and University Education. A Case of ISP-Bukavu (Institut Supérieur Pédagogique de Bukavu) (TTC = Teachers’ Training College)

This study pursues the objective of analyzing and verifying the knowledge of the agents of the Institut Supérieur Pédagogique/ISP-Bukavu (TTC = Teachers’ training College) in relation to the practical flaws resulting from the lack of knowledge of the observable rules in information system security. In a clearer way, it aims to verify the level of knowledge of the vulnerabilities, to verify the level of use of the antivirus software, to analyze the frequency of use of Windows update, the use of an anti-spyware software as well as a firewall software on the computer. Through a survey conducted on a sample of 100 agents of the Institut Supérieur Pédagogique/ISP-Bukavu (TTC = Teachers’ training College), the results revealed that 48% of the sample has no knowledge on computer vulnerabilities;for the use of antivirus software: 47% do not use the antivirus;for Windows update: 29% never update the Windows operating system;for anti-spyware: 48% never use;for the firewall: 50% are not informed. In fine, our results proposed a protection model VMAUSP (Vulnerability Measurability Measures Antivirus, Update, Spyware and Firewall) to users based on the behavioral approach, learning how the model works.

Cybersecurity and Domestic Terrorism: Purpose and Future

The increasing utilization of digital technologies presents risks to critical systems due to exploitation by terrorists. Cybersecurity entails proactive and reactive measures designed to protect software and electronic devices from any threats. However, the rising cases of cyber threats are carried out by domestic terrorists who share particular ideologies or grievances. This paper analyzes the increasing cyber-attack instances and mechanisms to counter these threats. Additionally, it addresses the growing concern of domestic terrorism and its impact on national security. Finally, it provides an overview of gaps and possible areas of future research to promote cybersecurity.