Memory-based adaptive event-triggered secure control of Markovian jumping neural networks suffering from deception attacks

In this article,we study the secure control of the Markovian jumping neural networks(MJNNs)subject to deception attacks.Considering the limitation of the network bandwidth and the impact of the deception attacks,we propose two memory-based adaptive event-trigger mechanisms(AETMs).Different from the available event-trigger mechanisms,these two memory-based AETMs contain the historical triggered data not only in the triggering conditions,but also in the adaptive law.They can adjust the data transmission rate adaptively so as to alleviate the impact of deception attacks on the controlled system and to suppress the peak of the system response.In view of the proposed memory-based AETMs,a time-dependent Lyapunov functional is constructed to analyze the stability of the error system.Some sufficient conditions to ensure the asymptotical synchronization of master-slave MJNNs are obtained,and two easy-to-implement co-design algorithms for the feedback gain matrix and the trigger matrix are given.Finally,a numerical example is given to verify the feasibility and superiority of the two memory-based AETMs.

Adaptive cooperative secure control of networked multiple unmanned systems under FDI attacks

With the expanding applications of multiple unmanned systems in various fields,more and more research attention has been paid to their security.The aim is to enhance the anti-interference ability,ensure their reliability and stability,and better serve human society.This article conducts adaptive cooperative secure tracking consensus of networked multiple unmanned systems subjected to false data injection attacks.From a practical perspective,each unmanned system is modeled using high-order unknown nonlinear discrete-time systems.To reduce the communication bandwidth between agents,a quantizer-based codec mechanism is constructed.This quantizer uses a uniform logarithmic quantizer,combining the advantages of both quantizers.Because the transmission information attached to the false data can affect the accuracy of the decoder,a new adaptive law is added to the decoder to overcome this difficulty.A distributed controller is devised in the backstepping framework.Rigorous mathematical analysis shows that our proposed control algorithms ensure that all signals of the resultant systems remain bounded.Finally,simulation examples reveal the practical utility of the theoretical analysis.

Secure Synchronization Control for a Class of Cyber-Physical Systems With Unknown Dynamics

This paper investigates the secure synchronization control problem for a class of cyber-physical systems(CPSs)with unknown system matrices and intermittent denial-of-service(DoS)attacks.For the attack free case,an optimal control law consisting of a feedback control and a compensated feedforward control is proposed to achieve the synchronization,and the feedback control gain matrix is learned by iteratively solving an algebraic Riccati equation(ARE).For considering the attack cases,it is difficult to perform the stability analysis of the synchronization errors by using the existing Lyapunov function method due to the presence of unknown system matrices.In order to overcome this difficulty,a matrix polynomial replacement method is given and it is shown that,the proposed optimal control law can still guarantee the asymptotical convergence of synchronization errors if two inequality conditions related with the DoS attacks hold.Finally,two examples are given to illustrate the effectiveness of the proposed approaches.

Security for cyber-physical systems: Secure control against known-plaintext attack

There has been a surge of interests in the security of cyber-physical systems(CPSs), yet it is commonly assumed that the adversary has a full knowledge of physical system models. This paper argues that such an unrealistic assumption can be relaxed: the adversary might still be able to identify the system model by passively observing the control input and sensory data. In such a setup, the attack with knowledge of input-output data can be categorized as a Known-Plaintext Attack. A necessary and sufficient condition has been provided, under which the adversary can uniquely obtain the knowledge of the underlying physical system.From the defender's perspective, a secure controller design—which exhibits a low rank structure—is proposed which renders the system unidentifiable to the adversary, while trading off the control system's performance. Finally, a numerical example has been provided to demonstrate the effectiveness of the proposed secure controller design.

Controlled Secure Quantum Dialogue Using a Pure Entangled GHZ States

We present a controlled secure quantum dialogue protocol using a non-maximally （pure） entangled Greenberger-Horne-Zeibinger （GHZ） states at first, and then discuss the requirements for a real quantum dialogue. We show that the authorized two users can exchange their secret messages after purifying the non-maximally entangled GHZ states quantum channel unconditionally securely and simultaneously under the control of a third party.

Controlled Secure Direct Communication Protocol via the Three-Qubit Partially Entangled Set of States

In this paper,we first re-examine the previous protocol of controlled quantum secure direct communication of Zhang et al.’s scheme,which was found insecure under two kinds of attacks,fake entangled particles attack and disentanglement attack.Then,by changing the party of the preparation of cluster states and using unitary operations,we present an improved protocol which can avoid these two kinds of attacks.Moreover,the protocol is proposed using the three-qubit partially entangled set of states.It is more efficient by only using three particles rather than four or even more to transmit one bit secret information.Given our using state is much easier to prepare for multiqubit states and our protocol needs less measurement resource,it makes this protocol more convenient from an applied point of view.

Analysis and Improvement of an Efficient Controlled Quantum Secure Direct Communication and Authentication Protocol

The controlled quantum secure direct communication(CQSDC)with authentication protocol based on four particle cluster states via quantum one-time pad and local unitary operations is cryptanalyzed.It is found that there are some serious security issues in this protocol.An eavesdropper(Eve)can eavesdrop on some information of the identity strings of the receiver and the controller without being detected by the selective-CNOT-operation(SCNO)attack.By the same attack,Eve can also steal some information of the secret message that the sender transmits.In addition,the receiver can take the same kind of attack to eavesdrop on some information of the secret message out of the control of the controller.This means that the requirements of CQSDC are not satisfied.At last,we improve the original CQSDC protocol to a secure one.

A Quantitative Security Metric Model for Security Controls:Secure Virtual Machine Migration Protocol as Target of Assessment

Quantitative security metrics are desirable for measuring the performance of information security controls. Security metrics help to make functional and business decisions for improving the performance and cost of the security controls. However, defining enterprise-level security metrics has already been listed as one of the hard problems in the Info Sec Research Council's hard problems list. Almost all the efforts in defining absolute security metrics for the enterprise security have not been proved fruitful. At the same time, with the maturity of the security industry, there has been a continuous emphasis from the regulatory bodies on establishing measurable security metrics. This paper addresses this need and proposes a relative security metric model that derives three quantitative security metrics named Attack Resiliency Measure(ARM), Performance Improvement Factor(PIF), and Cost/Benefit Measure(CBM) for measuring the performance of the security controls. For the effectiveness evaluation of the proposed security metrics, we took the secure virtual machine(VM) migration protocol as the target of assessment. The virtual-ization technologies are rapidly changing the landscape of the computing world. Devising security metrics for virtualized environment is even more challenging. As secure virtual machine migration is an evolving area and no standard protocol is available specifically for secure VM migration. This paper took the secure virtual machine migration protocol as the target of assessment and applied the proposed relative security metric model for measuring the Attack Resiliency Measure, Performance Improvement Factor, and Cost/Benefit Measure of the secure VM migration protocol.

Controlled Secure Quantum Communication Using Pure Entangled W Class States

We present a controlled secure quantum communication protocol using non-maximally （pure） entangled W states first, and then discuss the basic requirements for a real quantum communication. We show that the authorized two users can exchange their secret messages with the help of the controller after purifying the non-maximally entangled states quantum channel unconditionally securely and simultaneously. Our quantum communication protocol seems even more feasible within present technologies.

Networked Control Systems:A Survey of Trends and Techniques

Networked control systems are spatially distributed systems in which the communication between sensors, actuators,and controllers occurs through a shared band-limited digital communication network. Several advantages of the network architectures include reduced system wiring, plug and play devices,increased system agility, and ease of system diagnosis and maintenance. Consequently, networked control is the current trend for industrial automation and has ever-increasing applications in a wide range of areas, such as smart grids, manufacturing systems,process control, automobiles, automated highway systems, and unmanned aerial vehicles. The modelling, analysis, and control of networked control systems have received considerable attention in the last two decades. The ‘control over networks’ is one of the key research directions for networked control systems. This paper aims at presenting a survey of trends and techniques in networked control systems from the perspective of ‘control over networks’, providing a snapshot of five control issues: sampled-data control, quantization control, networked control, event-triggered control, and security control. Some challenging issues are suggested to direct the future research.

Reliability and sensitivity analysis of loop-designed security and stability control system in interconnected power systems

Security and stability control system(SSCS)in power systems involves collecting information and sending the decision from/to control stations at different layers;the tree structure of the SSCS requires more levels.Failure of a station or channel can cause all the execution stations(EXs)to be out of control.The randomness of the controllable capacity of the EXs increases the difficulty of the reliability evaluation of the SSCS.In this study,the loop designed SSCS and reliability analysis are examined for the interconnected systems.The uncertainty analysis of the controllable capacity based on the evidence theory for the SSCS is proposed.The bidirectional and loop channels are introduced to reduce the layers and stations of the existing SSCS with tree configuration.The reliability evaluation and sensitivity analysis are proposed to quantify the controllability and vulnerable components for the SSCS in different configurations.By aiming at the randomness of the controllable capacity of the EXs,the uncertainty analysis of the controllable capacity of the SSCS based on the evidence theory is proposed to quantify the probability of the SSCS for balancing the active power deficiency of the grid.

Security Risk Prevention and Control Deployment for 5G Private Industrial Networks

In this paper,we investigate and analyze the network security risks faced by 5G private industrial networks.Based on current network security architecture and 3GPP requirements and considering the actual application of 5G private industrial networks,a comparative analysis is used to plan and design a private network security construction scheme.The network security construction model,network organization,and key processes of 5G private industrial networks at the current stage are investigated.In addition,the key direction for the next stage of construction is discussed.

Towards a Dynamic Controller Scheduling-Timing Problem in Software-Defined Networking

Controller vulnerabilities allow malicious actors to disrupt or hijack the Software-Defined Networking. Traditionally, it is static mappings between the control plane and data plane. Adversaries have plenty of time to exploit the controller's vulnerabilities and launch attacks wisely. We tend to believe that dynamically altering such static mappings is a promising approach to alleviate this issue, since a moving target is difficult to be compromised even by skilled adversaries. It is critical to determine the right time to conduct scheduling and to balance the overhead afforded and the security levels guaranteed. Little previous work has been done to investigate the economical time in dynamic-scheduling controllers. In this paper, we take the first step to both theoretically and experimentally study the scheduling-timing problem in dynamic control plane. We model this problem as a renewal reward process and propose an optimal algorithm in deciding the right time to schedule with the objective of minimizing the long-term loss rate. In our experiments, simulations based on real network attack datasets are conducted and we demonstrate that our proposed algorithm outperforms given scheduling schemes.

Security,Controllability,Manageability and Survivability in Trustworthy Network

The Internet plays increasingly important roles in everyone's life; however, the existence of a mismatch between the basic architectural idea beneath the Internet and the emerging requirements for it is becoming more and more obvious. Although the Internet community came up with a consensus that the future network should be trustworthy, the concept of 'trustworthy networks' and the ways leading us to a trustworthy network are not yet clear. This research insists that the security, controllability, manageability, and survivability should be basic properties of a trustworthy network. The key ideas and techniques involved in these properties are studied, and recent developments and progresses are surveyed. At the same time, the technical trends and challenges are briefly discussed. The network trustworthiness could and should be eventually achieved.

A New Intrusion Detection Algorithm AE-3WD for Industrial Control Network

In this paper,we propose a intrusion detection algorithm based on auto-encoder and three-way decisions(AE-3WD)for industrial control networks,aiming at the security problem of industrial control network.The ideology of deep learning is similar to the idea of intrusion detection.Deep learning is a kind of intelligent algorithm and has the ability of automatically learning.It uses self-learning to enhance the experience and dynamic classification capabilities.We use deep learning to improve the intrusion detection rate and reduce the false alarm rate through learning,a denoising AutoEncoder and three-way decisions intrusion detection method AE-3WD is proposed to improve intrusion detection accuracy.In the processing,deep learning AutoEncoder is used to extract the features of high-dimensional data by combining the coefficient penalty and reconstruction loss function of the encode layer during the training mode.A multi-feature space can be constructed by multiple feature extractions from AutoEncoder,and then a decision for intrusion behavior or normal behavior is made by three-way decisions.NSL-KDD data sets are used to the experiments.The experiment results prove that our proposed method can extract meaningful features and effectively improve the performance of intrusion detection.

Radio Frequency Fingerprint-Based Satellite TT&C Ground Station Identification Method

This study presents a radio frequency(RF)fingerprint identification method combining a convolutional neural network(CNN)and gated recurrent unit(GRU)network to identify measurement and control signals.The proposed algorithm(CNN-GRU)uses a convolutional layer to extract the IQ-related learning timing features.A GRU network extracts timing features at a deeper level before outputting the final identification results.The number of parameters and the algorithm’s complexity are reduced by optimizing the convolutional layer structure and replacing multiple fully-connected layers with gated cyclic units.Simulation experiments show that the algorithm achieves an average identification accuracy of 84.74% at a -10 dB to 20 dB signal-to-noise ratio(SNR)with fewer parameters and less computation than a network model with the same identification rate in a software radio dataset containing multiple USRP X310s from the same manufacturer,with fewer parameters and less computation than a network model with the same identification rate.The algorithm is used to identify measurement and control signals and ensure the security of the measurement and control link with theoretical and engineering applications.

A Survey of Cyber Attacks on Cyber Physical Systems:Recent Advances and Challenges

A cyber physical system(CPS)is a complex system that integrates sensing,computation,control and networking into physical processes and objects over Internet.It plays a key role in modern industry since it connects physical and cyber worlds.In order to meet ever-changing industrial requirements,its structures and functions are constantly improved.Meanwhile,new security issues have arisen.A ubiquitous problem is the fact that cyber attacks can cause significant damage to industrial systems,and thus has gained increasing attention from researchers and practitioners.This paper presents a survey of state-of-the-art results of cyber attacks on cyber physical systems.First,as typical system models are employed to study these systems,time-driven and event-driven systems are reviewed.Then,recent advances on three types of attacks,i.e.,those on availability,integrity,and confidentiality are discussed.In particular,the detailed studies on availability and integrity attacks are introduced from the perspective of attackers and defenders.Namely,both attack and defense strategies are discussed based on different system models.Some challenges and open issues are indicated to guide future research and inspire the further exploration of this increasingly important area.

Secure H_(∞) control against time-delay attacks in cyber-physical systems

This paper is concerned with the secure H_(∞) control problem for cyber-physical systems(CPSs)under time-delay attacks,which cause the systems’information to be received with delays.Through transforming the H_(∞) control problem to a two-player zero-sum game problem,the H_(∞) controller can be obtained by solving the saddle point for the game.Due to the unknown system parameters,a model-free reinforcement learning(RL)method is applied,and the measurement feedback controller is designed based on the historical inputs and the tracking errors.To obviate the requirement of the initial admissible policy,the value iteration(VI)of the adaptive dynamic program(ADP)algorithm is proposed to solve the approximate saddle point.Moreover,the con-vergence of the proposed algorithm is proved.Finally,a networked circuit system is employed to show the effectiveness of the proposed methods.

A distributed authentication and authorization scheme for in-network big data sharing

Big data has a strong demand for a network infrastructure with the capability to support data sharing and retrieval efficiently. Information-centric networking （ICN） is an emerging approach to satisfy this demand, where big data is cached ubiquitously in the network and retrieved using data names. However, existing authentication and authorization schemes rely mostly on centralized servers to provide certification and mediation services for data retrieval. This causes considerable traffic overhead for the secure distributed sharing of data. To solve this problem, we employ identity-based cryptography （IBC） to propose a Distributed Authentication and Authorization Scheme （DAAS）, where an identity-based signature （IBS） is used to achieve distributed verifications of the identities of publishers and users. Moreover, Ciphertext-Policy Attribnte-based encryption （CP-ABE） is used to enable the distributed and fine-grained authorization. DAAS consists of three phases： initialization, secure data publication, and secure data retrieval, which seamlessly integrate authentication and authorization with the in- terest/data communication paradigm in ICN. In particular, we propose trustworthy registration and Network Operator and Authority Manifest （NOAM） dissemination to provide initial secure registration and enable efficient authentication for global data retrieval. Meanwhile, Attribute Manifest （AM） distribution coupled with automatic attribute update is proposed to reduce the cost of attribute retrieval. We examine the performance of the proposed DAAS, which shows that it can achieve a lower bandwidth cost than existing schemes.

Complex Cyber-Physical Networks： From Cybersecurity to Security Control

Complex cyber-physical network refers to a new generatio~ of complex networks whose normal functioning significantly relies on tight interactions between its physical and cyber compo- nents. Many modern critical infrastructures can be appropriately modelled as complex cyber-physical networks. Typical examples of such infrastructures are electrical power grids, WWW, public trans- portation systems, state financial networks, and the Interact. These critical facilities play important roles in ensuring the stability of society as well as the development of economy. Advances in informa- tion and communication technology open opportunities for malicious attackers to launch coordinated attacks on cyber-physical critical facilities in networked infrastructures from any Interact-accessible place. Cybersecurity of complex cyber-physical networks has emerged as a hot topic within this con- text. In practice, it is also very crucial to understand the interplay between the evolution of underlying network structures and the collective dynamics on these complex networks and consequently to design efficient security control strategies to protect the evolution of these networks. In this paper, cybersecu- rity of complex cyber-physical networks is first outlined and then some security enhancing techniques, with particular emphasis on safety communications, attack detection and fault-tolerant control, are suggested. Furthermore, a new class of efficient secure the achievement of desirable pinning synchronization control strategies are proposed for guaranteeing behaviors in complex cyber-physical networks against malicious attacks on nodes. The authors hope that this paper motivates to design enhanced security strategies for complex cyber-physical network systems, to realize resilient and secure critical infrastructures.