The Smart Grid is an enhancement of the traditional grid system and employs new technologies and sophisticated communication techniques for electrical power transmission and distribution. The Smart Grid’s communicati...The Smart Grid is an enhancement of the traditional grid system and employs new technologies and sophisticated communication techniques for electrical power transmission and distribution. The Smart Grid’s communication network shares information about status of its several integrated IEDs (Intelligent Electronic Devices). However, the IEDs connected throughout the Smart Grid, open opportunities for attackers to interfere with the communications and utilities resources or take clients’ private data. This development has introduced new cyber-security challenges for the Smart Grid and is a very concerning issue because of emerging cyber-threats and security incidents that have occurred recently all over the world. The purpose of this research is to detect and mitigate Distributed Denial of Service [DDoS] with application to the Electrical Smart Grid System by deploying an optimized Stealthwatch Secure Network analytics tool. In this paper, the DDoS attack in the Smart Grid communication networks was modeled using Stealthwatch tool. The simulated network consisted of Secure Network Analytic tools virtual machines (VMs), electrical Grid network communication topology, attackers and Target VMs. Finally, the experiments and simulations were performed, and the research results showed that Stealthwatch analytic tool is very effective in detecting and mitigating DDoS attacks in the Smart Grid System without causing any blackout or shutdown of any internal systems as compared to other tools such as GNS3, NeSSi2, NISST Framework, OMNeT++, INET Framework, ReaSE, NS2, NS3, M5 Simulator, OPNET, PLC & TIA Portal management Software which do not have the capability to do so. Also, using Stealthwatch tool to create a security baseline for Smart Grid environment, contributes to risk mitigation and sound security hygiene.展开更多
Cloud computing technology provides flexible,on-demand,and completely controlled computing resources and services are highly desirable.Despite this,with its distributed and dynamic nature and shortcomings in virtualiz...Cloud computing technology provides flexible,on-demand,and completely controlled computing resources and services are highly desirable.Despite this,with its distributed and dynamic nature and shortcomings in virtualization deployment,the cloud environment is exposed to a wide variety of cyber-attacks and security difficulties.The Intrusion Detection System(IDS)is a specialized security tool that network professionals use for the safety and security of the networks against attacks launched from various sources.DDoS attacks are becoming more frequent and powerful,and their attack pathways are continually changing,which requiring the development of new detection methods.Here the purpose of the study is to improve detection accuracy.Feature Selection(FS)is critical.At the same time,the IDS’s computational problem is limited by focusing on the most relevant elements,and its performance and accuracy increase.In this research work,the suggested Adaptive butterfly optimization algorithm(ABOA)framework is used to assess the effectiveness of a reduced feature subset during the feature selection phase,that was motivated by this motive Candidates.Accurate classification is not compromised by using an ABOA technique.The design of Deep Neural Networks(DNN)has simplified the categorization of network traffic into normal and DDoS threat traffic.DNN’s parameters can be finetuned to detect DDoS attacks better using specially built algorithms.Reduced reconstruction error,no exploding or vanishing gradients,and reduced network are all benefits of the changes outlined in this paper.When it comes to performance criteria like accuracy,precision,recall,and F1-Score are the performance measures that show the suggested architecture outperforms the other existing approaches.Hence the proposed ABOA+DNN is an excellent method for obtaining accurate predictions,with an improved accuracy rate of 99.05%compared to other existing approaches.展开更多
Dear Editor,This letter deals with state estimation issues of discrete-time nonlinear systems subject to denial-of-service(DoS)attacks under the try-once-discard(TOD)protocol.More specifically,to reduce the communicat...Dear Editor,This letter deals with state estimation issues of discrete-time nonlinear systems subject to denial-of-service(DoS)attacks under the try-once-discard(TOD)protocol.More specifically,to reduce the communication burden,a TOD protocol with novel update rules on protocol weights is designed for scheduling measurement outputs.In addition,unknown nonlinear functions vulnerable to DoS attacks are considered due to the openness and vulnerability of the network.展开更多
本文提出一种面向不平衡数据的DDoS攻击检测模型,提升对DDoS洪泛攻击的检测效果。以OpenStack为核心技术设计网络靶场,并使用Ceph分布式存储替换OpenStack原生存储系统,提出一种OpenStack与Ceph的超融合网络靶场方案,可以实现对计算、...本文提出一种面向不平衡数据的DDoS攻击检测模型,提升对DDoS洪泛攻击的检测效果。以OpenStack为核心技术设计网络靶场,并使用Ceph分布式存储替换OpenStack原生存储系统,提出一种OpenStack与Ceph的超融合网络靶场方案,可以实现对计算、存储、网络资源的统一管理。首先,针对Ceph集群在存储时的数据分布不均情况对平台存储性能的影响,提出一种基于好感度的数据存储优化算法,利用好感度因子约束数据的存储位置,有效提高集群中所有OSD节点存储数据的均衡性。同时,设计了一种基于软件定义网络(Software Defined Network,SDN)的DDoS洪泛攻击检测与缓解方法,有效降低了对物理设备性能的要求,最后结合Ryu控制器的可编程性,实现DDoS洪泛攻击缓解方法。展开更多
针对现有的DDoS(distributed denial of service)攻击检测模型面临大量数据时,呈现出检测效率低的问题。为适应当前网络环境,通过研究DDoS攻击检测模型、提取流量特征、计算攻击密度,提出一种基于融合稀疏注意力机制的DDoS攻击检测模型G...针对现有的DDoS(distributed denial of service)攻击检测模型面临大量数据时,呈现出检测效率低的问题。为适应当前网络环境,通过研究DDoS攻击检测模型、提取流量特征、计算攻击密度,提出一种基于融合稀疏注意力机制的DDoS攻击检测模型GVBNet(global variable block net),使用攻击密度自适应计算稀疏注意力。利用信息熵以及信息增益分析提取攻击流量的连续字节作为特征向量,通过构建基于GVBNet的网络模型在两种数据集上进行训练。实验结果表明,该方法具有良好的识别效果、检测速度以及抗干扰能力,在不同的环境下具有应用价值。展开更多
Internet of Things(IoTs)provides better solutions in various fields,namely healthcare,smart transportation,home,etc.Recognizing Denial of Service(DoS)outbreaks in IoT platforms is significant in certifying the accessi...Internet of Things(IoTs)provides better solutions in various fields,namely healthcare,smart transportation,home,etc.Recognizing Denial of Service(DoS)outbreaks in IoT platforms is significant in certifying the accessibility and integrity of IoT systems.Deep learning(DL)models outperform in detecting complex,non-linear relationships,allowing them to effectually severe slight deviations fromnormal IoT activities that may designate a DoS outbreak.The uninterrupted observation and real-time detection actions of DL participate in accurate and rapid detection,permitting proactive reduction events to be executed,hence securing the IoT network’s safety and functionality.Subsequently,this study presents pigeon-inspired optimization with a DL-based attack detection and classification(PIODL-ADC)approach in an IoT environment.The PIODL-ADC approach implements a hyperparameter-tuned DL method for Distributed Denial-of-Service(DDoS)attack detection in an IoT platform.Initially,the PIODL-ADC model utilizes Z-score normalization to scale input data into a uniformformat.For handling the convolutional and adaptive behaviors of IoT,the PIODL-ADCmodel employs the pigeon-inspired optimization(PIO)method for feature selection to detect the related features,considerably enhancing the recognition’s accuracy.Also,the Elman Recurrent Neural Network(ERNN)model is utilized to recognize and classify DDoS attacks.Moreover,reptile search algorithm(RSA)based hyperparameter tuning is employed to improve the precision and robustness of the ERNN method.A series of investigational validations is made to ensure the accomplishment of the PIODL-ADC method.The experimental outcome exhibited that the PIODL-ADC method shows greater accomplishment when related to existing models,with a maximum accuracy of 99.81%.展开更多
The distributed denial of service (DDoS) attack is one of the dangers in intrusion modes. It's difficult to defense and can cause serious damage to the system. Based on a careful study of the attack principles and...The distributed denial of service (DDoS) attack is one of the dangers in intrusion modes. It's difficult to defense and can cause serious damage to the system. Based on a careful study of the attack principles and characteristics, an object-oriented formalized description is presented, which contains a three-level framework and offers full specifications of all kinds of DDoS modes and their features and the relations between one another. Its greatest merit lies in that it contributes to analyzing, checking and judging DDoS. Now this formalized description has been used in a special IDS and it works very effectively.(展开更多
ARP-based Distributed Denial of Service (DDoS) attacks due to ARP-storms can happen in local area networks where many computer systems are infected by worms such as Code Red or by DDoS agents. In ARP attack, the DDoS ...ARP-based Distributed Denial of Service (DDoS) attacks due to ARP-storms can happen in local area networks where many computer systems are infected by worms such as Code Red or by DDoS agents. In ARP attack, the DDoS agents constantly send a barrage of ARP requests to the gateway, or to a victim computer within the same sub-network, and tie up the resource of attacked gateway or host. In this paper, we set to measure the impact of ARP-attack on resource exhaustion of computers in a local area network. Based on attack experiments, we measure the exhaustion of processing and memory resources of a victim computer and also other computers, which are located on the same network as the victim computer. Interestingly enough, it is observed that an ARP-attack not only exhausts resource of the victim computer but also significantly exhausts processing resource of other non-victim computers, which happen to be located on the same local area network as the victim computer.展开更多
在软件定义网络(Software Defined Networking,SDN)中,控制层很容易受到分布式拒绝服务(Distributed Denial of Service,DDoS)攻击的威胁。攻击者通过恶意请求或数据流等方式,向SDN控制器发送大量请求,从而使控制器资源耗尽,导致控制器...在软件定义网络(Software Defined Networking,SDN)中,控制层很容易受到分布式拒绝服务(Distributed Denial of Service,DDoS)攻击的威胁。攻击者通过恶意请求或数据流等方式,向SDN控制器发送大量请求,从而使控制器资源耗尽,导致控制器不能正常工作。因此,防范和处理控制层DDoS攻击是SDN安全的关键。该文提出一种基于区块链与排队理论的DDoS攻击检测防御机制,该防御机制结合区块链技术,设计了一种新的SDN架构模型,该模型对SDN控制层重新进行构造,在SDN控制层加入容量监控模块、安全模块及区块链模块。容量监控模块基于排队理论,计算进入控制器数据包队列的长度阈值,当队列内数据包数目连续2次超过阈值或控制器规则表容量达到70%容量触发报警,安全模块用于触发报警后在设置报警的数据包进行DDoS特征匹配,如果被确定为异常数据则将数据包摘要信息上传至区块链,利用智能合约共享异常数据包信息摘要,既能够防止过多的信息记录在区块链造成系统负载,又能够使SDN网络信息达成共识。对该攻击检测防御机制进行仿真实验,选出了效果最优参数,实验结果表明,与同类型系统相比,该机制对异常数据流的检测率及正常数据流的误报率均有所提升。展开更多
传统电力系统容易受到网络干扰和攻击,系统中某一部分受到攻击可能会导致整个电力系统瘫痪。由于现代电力系统的广域性和灵活性会导致出现更多的网络攻击点,因此针对新领域研究更多的防御策略变得至关重要。基于此,利用连续时域模型对...传统电力系统容易受到网络干扰和攻击,系统中某一部分受到攻击可能会导致整个电力系统瘫痪。由于现代电力系统的广域性和灵活性会导致出现更多的网络攻击点,因此针对新领域研究更多的防御策略变得至关重要。基于此,利用连续时域模型对各种攻击策略进行建模,并分析电力系统防御拒绝服务(Denial of Service,DoS)攻击的机制。展开更多
Cyber attacks are continuing to hamper working of Internet services despite increase in the use of network security systems such as, firewalls and Intrusion protection systems (IPS). Recent Denial of Service (DoS) att...Cyber attacks are continuing to hamper working of Internet services despite increase in the use of network security systems such as, firewalls and Intrusion protection systems (IPS). Recent Denial of Service (DoS) attack on Independence Day weekend, on July 4th, 2009 launched to debilitate the US and South Korean governments’ websites is indicative of the fact that the security systems may not have been adequately deployed to counteract such attacks. IPS is a vital security device which is commonly used as a front line defense mechanism to defend against such DoS attacks. Before deploying a firewall or an IPS device for network protection, in many deployments, the performance of firewalls is seldom evaluated for their effectiveness. Many times, these IPS’s can become bottleneck to the network performance and they may not be effective in stopping DoS attacks. In this paper, we intend to drive the point that deploying IPS may not always be effective in stopping harmful effects of DoS attacks. It is important to evaluate the capability of IPS before they are deployed to protect a network or a server against DoS attacks. In this paper, we evaluate performance of a commercial grade IPS Cisco ASA-5510 IPS to measure its effectiveness in stopping a DoS attacks namely TCP-SYN, UDP Flood, Ping Flood and ICMP Land Attacks. This IPS comes with features to counteract and provide security against these attacks. Performance of the IPS is measured under these attacks protection and compared with its performance when these protection features were not available (i.e. disabled). It was found that the IPS was unable to provide satisfactory protection despite the availability of the protection features against these flooding attacks. It is important for the network managers to measure the actual capabilities of an IPS system before its deployment to protect critical information infrastructure.展开更多
Vehicle-to-grid technology is an emerging field that allows unused power from Electric Vehicles(EVs)to be used by the smart grid through the central aggregator.Since the central aggregator is connected to the smart gr...Vehicle-to-grid technology is an emerging field that allows unused power from Electric Vehicles(EVs)to be used by the smart grid through the central aggregator.Since the central aggregator is connected to the smart grid through a wireless network,it is prone to cyber-attacks that can be detected and mitigated using an intrusion detection system.However,existing intrusion detection systems cannot be used in the vehicle-to-grid network because of the special requirements and characteristics of the vehicle-to-grid network.In this paper,the effect of denial-of-service attacks of malicious electric vehicles on the central aggregator of the vehicle-to-grid network is investigated and an intrusion detection system for the vehicle-to-grid network is proposed.The proposed system,central aggregator–intrusion detection system(CA-IDS),works as a security gateway for EVs to analyze andmonitor incoming traffic for possible DoS attacks.EVs are registered with a Central Aggregator(CAG)to exchange authenticated messages,and malicious EVs are added to a blacklist for violating a set of predefined policies to limit their interaction with the CAG.A denial of service(DoS)attack is simulated at CAG in a vehicle-to-grid(V2G)network manipulating various network parameters such as transmission overhead,receiving capacity of destination,average packet size,and channel availability.The proposed system is compared with existing intrusion detection systems using different parameters such as throughput,jitter,and accuracy.The analysis shows that the proposed system has a higher throughput,lower jitter,and higher accuracy as compared to the existing schemes.展开更多
文摘The Smart Grid is an enhancement of the traditional grid system and employs new technologies and sophisticated communication techniques for electrical power transmission and distribution. The Smart Grid’s communication network shares information about status of its several integrated IEDs (Intelligent Electronic Devices). However, the IEDs connected throughout the Smart Grid, open opportunities for attackers to interfere with the communications and utilities resources or take clients’ private data. This development has introduced new cyber-security challenges for the Smart Grid and is a very concerning issue because of emerging cyber-threats and security incidents that have occurred recently all over the world. The purpose of this research is to detect and mitigate Distributed Denial of Service [DDoS] with application to the Electrical Smart Grid System by deploying an optimized Stealthwatch Secure Network analytics tool. In this paper, the DDoS attack in the Smart Grid communication networks was modeled using Stealthwatch tool. The simulated network consisted of Secure Network Analytic tools virtual machines (VMs), electrical Grid network communication topology, attackers and Target VMs. Finally, the experiments and simulations were performed, and the research results showed that Stealthwatch analytic tool is very effective in detecting and mitigating DDoS attacks in the Smart Grid System without causing any blackout or shutdown of any internal systems as compared to other tools such as GNS3, NeSSi2, NISST Framework, OMNeT++, INET Framework, ReaSE, NS2, NS3, M5 Simulator, OPNET, PLC & TIA Portal management Software which do not have the capability to do so. Also, using Stealthwatch tool to create a security baseline for Smart Grid environment, contributes to risk mitigation and sound security hygiene.
文摘Cloud computing technology provides flexible,on-demand,and completely controlled computing resources and services are highly desirable.Despite this,with its distributed and dynamic nature and shortcomings in virtualization deployment,the cloud environment is exposed to a wide variety of cyber-attacks and security difficulties.The Intrusion Detection System(IDS)is a specialized security tool that network professionals use for the safety and security of the networks against attacks launched from various sources.DDoS attacks are becoming more frequent and powerful,and their attack pathways are continually changing,which requiring the development of new detection methods.Here the purpose of the study is to improve detection accuracy.Feature Selection(FS)is critical.At the same time,the IDS’s computational problem is limited by focusing on the most relevant elements,and its performance and accuracy increase.In this research work,the suggested Adaptive butterfly optimization algorithm(ABOA)framework is used to assess the effectiveness of a reduced feature subset during the feature selection phase,that was motivated by this motive Candidates.Accurate classification is not compromised by using an ABOA technique.The design of Deep Neural Networks(DNN)has simplified the categorization of network traffic into normal and DDoS threat traffic.DNN’s parameters can be finetuned to detect DDoS attacks better using specially built algorithms.Reduced reconstruction error,no exploding or vanishing gradients,and reduced network are all benefits of the changes outlined in this paper.When it comes to performance criteria like accuracy,precision,recall,and F1-Score are the performance measures that show the suggested architecture outperforms the other existing approaches.Hence the proposed ABOA+DNN is an excellent method for obtaining accurate predictions,with an improved accuracy rate of 99.05%compared to other existing approaches.
基金supported in part by the Shandong Provincial Natural Science Foundation(ZR2021QF057)Taishan Scholars Program(tsqn202211203)+3 种基金Shandong Provincial Higher Education Youth Innovation Team Development Project(2022KJ 290)“20 New Universities”Project of Jinan City(202228077)QLU/SDAS Computer Science and Technology Fundamental Research Enhancement Program(2021JC02023)QLU/SDAS Pilot Project for Integrated Innovation of Science,Education,and Industry(2022JBZ01-01).
文摘Dear Editor,This letter deals with state estimation issues of discrete-time nonlinear systems subject to denial-of-service(DoS)attacks under the try-once-discard(TOD)protocol.More specifically,to reduce the communication burden,a TOD protocol with novel update rules on protocol weights is designed for scheduling measurement outputs.In addition,unknown nonlinear functions vulnerable to DoS attacks are considered due to the openness and vulnerability of the network.
文摘本文提出一种面向不平衡数据的DDoS攻击检测模型,提升对DDoS洪泛攻击的检测效果。以OpenStack为核心技术设计网络靶场,并使用Ceph分布式存储替换OpenStack原生存储系统,提出一种OpenStack与Ceph的超融合网络靶场方案,可以实现对计算、存储、网络资源的统一管理。首先,针对Ceph集群在存储时的数据分布不均情况对平台存储性能的影响,提出一种基于好感度的数据存储优化算法,利用好感度因子约束数据的存储位置,有效提高集群中所有OSD节点存储数据的均衡性。同时,设计了一种基于软件定义网络(Software Defined Network,SDN)的DDoS洪泛攻击检测与缓解方法,有效降低了对物理设备性能的要求,最后结合Ryu控制器的可编程性,实现DDoS洪泛攻击缓解方法。
文摘Internet of Things(IoTs)provides better solutions in various fields,namely healthcare,smart transportation,home,etc.Recognizing Denial of Service(DoS)outbreaks in IoT platforms is significant in certifying the accessibility and integrity of IoT systems.Deep learning(DL)models outperform in detecting complex,non-linear relationships,allowing them to effectually severe slight deviations fromnormal IoT activities that may designate a DoS outbreak.The uninterrupted observation and real-time detection actions of DL participate in accurate and rapid detection,permitting proactive reduction events to be executed,hence securing the IoT network’s safety and functionality.Subsequently,this study presents pigeon-inspired optimization with a DL-based attack detection and classification(PIODL-ADC)approach in an IoT environment.The PIODL-ADC approach implements a hyperparameter-tuned DL method for Distributed Denial-of-Service(DDoS)attack detection in an IoT platform.Initially,the PIODL-ADC model utilizes Z-score normalization to scale input data into a uniformformat.For handling the convolutional and adaptive behaviors of IoT,the PIODL-ADCmodel employs the pigeon-inspired optimization(PIO)method for feature selection to detect the related features,considerably enhancing the recognition’s accuracy.Also,the Elman Recurrent Neural Network(ERNN)model is utilized to recognize and classify DDoS attacks.Moreover,reptile search algorithm(RSA)based hyperparameter tuning is employed to improve the precision and robustness of the ERNN method.A series of investigational validations is made to ensure the accomplishment of the PIODL-ADC method.The experimental outcome exhibited that the PIODL-ADC method shows greater accomplishment when related to existing models,with a maximum accuracy of 99.81%.
文摘The distributed denial of service (DDoS) attack is one of the dangers in intrusion modes. It's difficult to defense and can cause serious damage to the system. Based on a careful study of the attack principles and characteristics, an object-oriented formalized description is presented, which contains a three-level framework and offers full specifications of all kinds of DDoS modes and their features and the relations between one another. Its greatest merit lies in that it contributes to analyzing, checking and judging DDoS. Now this formalized description has been used in a special IDS and it works very effectively.(
文摘ARP-based Distributed Denial of Service (DDoS) attacks due to ARP-storms can happen in local area networks where many computer systems are infected by worms such as Code Red or by DDoS agents. In ARP attack, the DDoS agents constantly send a barrage of ARP requests to the gateway, or to a victim computer within the same sub-network, and tie up the resource of attacked gateway or host. In this paper, we set to measure the impact of ARP-attack on resource exhaustion of computers in a local area network. Based on attack experiments, we measure the exhaustion of processing and memory resources of a victim computer and also other computers, which are located on the same network as the victim computer. Interestingly enough, it is observed that an ARP-attack not only exhausts resource of the victim computer but also significantly exhausts processing resource of other non-victim computers, which happen to be located on the same local area network as the victim computer.
文摘在软件定义网络(Software Defined Networking,SDN)中,控制层很容易受到分布式拒绝服务(Distributed Denial of Service,DDoS)攻击的威胁。攻击者通过恶意请求或数据流等方式,向SDN控制器发送大量请求,从而使控制器资源耗尽,导致控制器不能正常工作。因此,防范和处理控制层DDoS攻击是SDN安全的关键。该文提出一种基于区块链与排队理论的DDoS攻击检测防御机制,该防御机制结合区块链技术,设计了一种新的SDN架构模型,该模型对SDN控制层重新进行构造,在SDN控制层加入容量监控模块、安全模块及区块链模块。容量监控模块基于排队理论,计算进入控制器数据包队列的长度阈值,当队列内数据包数目连续2次超过阈值或控制器规则表容量达到70%容量触发报警,安全模块用于触发报警后在设置报警的数据包进行DDoS特征匹配,如果被确定为异常数据则将数据包摘要信息上传至区块链,利用智能合约共享异常数据包信息摘要,既能够防止过多的信息记录在区块链造成系统负载,又能够使SDN网络信息达成共识。对该攻击检测防御机制进行仿真实验,选出了效果最优参数,实验结果表明,与同类型系统相比,该机制对异常数据流的检测率及正常数据流的误报率均有所提升。
文摘传统电力系统容易受到网络干扰和攻击,系统中某一部分受到攻击可能会导致整个电力系统瘫痪。由于现代电力系统的广域性和灵活性会导致出现更多的网络攻击点,因此针对新领域研究更多的防御策略变得至关重要。基于此,利用连续时域模型对各种攻击策略进行建模,并分析电力系统防御拒绝服务(Denial of Service,DoS)攻击的机制。
文摘Cyber attacks are continuing to hamper working of Internet services despite increase in the use of network security systems such as, firewalls and Intrusion protection systems (IPS). Recent Denial of Service (DoS) attack on Independence Day weekend, on July 4th, 2009 launched to debilitate the US and South Korean governments’ websites is indicative of the fact that the security systems may not have been adequately deployed to counteract such attacks. IPS is a vital security device which is commonly used as a front line defense mechanism to defend against such DoS attacks. Before deploying a firewall or an IPS device for network protection, in many deployments, the performance of firewalls is seldom evaluated for their effectiveness. Many times, these IPS’s can become bottleneck to the network performance and they may not be effective in stopping DoS attacks. In this paper, we intend to drive the point that deploying IPS may not always be effective in stopping harmful effects of DoS attacks. It is important to evaluate the capability of IPS before they are deployed to protect a network or a server against DoS attacks. In this paper, we evaluate performance of a commercial grade IPS Cisco ASA-5510 IPS to measure its effectiveness in stopping a DoS attacks namely TCP-SYN, UDP Flood, Ping Flood and ICMP Land Attacks. This IPS comes with features to counteract and provide security against these attacks. Performance of the IPS is measured under these attacks protection and compared with its performance when these protection features were not available (i.e. disabled). It was found that the IPS was unable to provide satisfactory protection despite the availability of the protection features against these flooding attacks. It is important for the network managers to measure the actual capabilities of an IPS system before its deployment to protect critical information infrastructure.
基金Basic Science Research Program through the National Research Foundation of Korea(NRF)funded by the Ministry of Education(NRF-2021R1A6A1A03039493).
文摘Vehicle-to-grid technology is an emerging field that allows unused power from Electric Vehicles(EVs)to be used by the smart grid through the central aggregator.Since the central aggregator is connected to the smart grid through a wireless network,it is prone to cyber-attacks that can be detected and mitigated using an intrusion detection system.However,existing intrusion detection systems cannot be used in the vehicle-to-grid network because of the special requirements and characteristics of the vehicle-to-grid network.In this paper,the effect of denial-of-service attacks of malicious electric vehicles on the central aggregator of the vehicle-to-grid network is investigated and an intrusion detection system for the vehicle-to-grid network is proposed.The proposed system,central aggregator–intrusion detection system(CA-IDS),works as a security gateway for EVs to analyze andmonitor incoming traffic for possible DoS attacks.EVs are registered with a Central Aggregator(CAG)to exchange authenticated messages,and malicious EVs are added to a blacklist for violating a set of predefined policies to limit their interaction with the CAG.A denial of service(DoS)attack is simulated at CAG in a vehicle-to-grid(V2G)network manipulating various network parameters such as transmission overhead,receiving capacity of destination,average packet size,and channel availability.The proposed system is compared with existing intrusion detection systems using different parameters such as throughput,jitter,and accuracy.The analysis shows that the proposed system has a higher throughput,lower jitter,and higher accuracy as compared to the existing schemes.