Resilient and Safe Platooning Control of Connected Automated Vehicles Against Intermittent Denial-of-Service Attacks

Connected automated vehicles(CAVs)serve as a promising enabler for future intelligent transportation systems because of their capabilities in improving traffic efficiency and driving safety,and reducing fuel consumption and vehicle emissions.A fundamental issue in CAVs is platooning control that empowers a convoy of CAVs to be cooperatively maneuvered with desired longitudinal spacings and identical velocities on roads.This paper addresses the issue of resilient and safe platooning control of CAVs subject to intermittent denial-of-service(DoS)attacks that disrupt vehicle-to-vehicle communications.First,a heterogeneous and uncertain vehicle longitudinal dynamic model is presented to accommodate a variety of uncertainties,including diverse vehicle masses and engine inertial delays,unknown and nonlinear resistance forces,and a dynamic platoon leader.Then,a resilient and safe distributed longitudinal platooning control law is constructed with an aim to preserve simultaneous individual vehicle stability,attack resilience,platoon safety and scalability.Furthermore,a numerically efficient offline design algorithm for determining the desired platoon control law is developed,under which the platoon resilience against DoS attacks can be maximized but the anticipated stability,safety and scalability requirements remain preserved.Finally,extensive numerical experiments are provided to substantiate the efficacy of the proposed platooning method.

Variance-Constrained Filtering Fusion for Nonlinear Cyber-Physical Systems With the Denial-of-Service Attacks and Stochastic Communication Protocol

In this paper,a new filtering fusion problem is studied for nonlinear cyber-physical systems under errorvariance constraints and denial-of-service attacks.To prevent data collision and reduce communication cost,the stochastic communication protocol is adopted in the sensor-to-filter channels to regulate the transmission order of sensors.Each sensor is allowed to enter the network according to the transmission priority decided by a set of independent and identicallydistributed random variables.From the defenders’view,the occurrence of the denial-of-service attack is governed by the randomly Bernoulli-distributed sequence.At the local filtering stage,a set of variance-constrained local filters are designed where the upper bounds(on the filtering error covariances)are first acquired and later minimized by appropriately designing filter parameters.At the fusion stage,all local estimates and error covariances are combined to develop a variance-constrained fusion estimator under the federated fusion rule.Furthermore,the performance of the fusion estimator is examined by studying the boundedness of the fused error covariance.A simulation example is finally presented to demonstrate the effectiveness of the proposed fusion estimator.

Sliding Mode Control for Nonlinear Markovian Jump Systems Under Denial-of-Service Attacks

This paper investigates the sliding mode control(SMC) problem for a class of discrete-time nonlinear networked Markovian jump systems(MJSs) in the presence of probabilistic denial-of-service(Do S) attacks. The communication network via which the data is propagated is unsafe and the malicious adversary can attack the system during state feedback. By considering random Denial-of-Service attacks, a new sliding mode variable is designed, which takes into account the distribution information of the probabilistic attacks. Then, by resorting to Lyapunov theory and stochastic analysis methods, sufficient conditions are established for the existence of the desired sliding mode controller, guaranteeing both reachability of the designed sliding surface and stability of the resulting sliding motion.Finally, a simulation example is given to demonstrate the effectiveness of the proposed sliding mode control algorithm.

Periodic event-triggered secure consensus for networked mechanical systems under Denial-of-Service attacks

This paper concentrates on the secure consensus problem of networked mechanical/Euler–Lagrange systems.First,a new periodic event-triggered(PET)secure distributed observer is proposed to estimate the leader information.The proposed distributed observer only relies on the PET data from its neighbors,which can significantly reduce the communication and computational burden.More importantly,it is secure in the sense that it can work normally regardless of the Denial-of-Service(DoS)attacks.Second,based on the proposed distributed observer,an adaptive fuzzy control law is proposed for each Euler–Lagrange system.A PET mechanism is integrated into the controller,which can reduce the control update.This is helpful for both energy saving and fault tolerance of actuators.Moreover,the PET mechanism naturally makes the controller easy to be implemented in digital platform.The property of fuzzy logic systems and Gronwall inequality are skillfully utilized to show the stability of the closed-loop system.Finally,the proposed control scheme is verified on real Euler–Lagrange systems,which contain a robot manipulator and several servo motors.

Discovery method for distributed denial-of-service attack behavior in SDNs using a feature-pattern graph model

The security threats to software-defined networks(SDNs)have become a significant problem,generally because of the open framework of SDNs.Among all the threats,distributed denial-of-service(DDoS)attacks can have a devastating impact on the network.We propose a method to discover DDoS attack behaviors in SDNs using a feature-pattern graph model.The feature-pattern graph model presented employs network patterns as nodes and similarity as weighted links;it can demonstrate not only the traffc header information but also the relationships among all the network patterns.The similarity between nodes is modeled by metric learning and the Mahalanobis distance.The proposed method can discover DDoS attacks using a graph-based neighborhood classification method;it is capable of automatically finding unknown attacks and is scalable by inserting new nodes to the graph model via local or global updates.Experiments on two datasets prove the feasibility of the proposed method for attack behavior discovery and graph update tasks,and demonstrate that the graph-based method to discover DDoS attack behaviors substantially outperforms the methods compared herein.

System identification with binary-valued observations under both denial-of-service attacks and data tampering attacks:the optimality of attack strategy

With the development of wireless communication technology,cyber physical systems are applied in various fields such as industrial production and infrastructure,where lots of information exchange brings cyber security threats to the systems.From the perspective of system identification with binary-valued observations,we study the optimal attack problem when the system is subject to both denial of service attacks and data tampering attacks.The packet loss rate and the data tampering rate caused by the attack is given,and the estimation error is derived.Then the optimal attack strategy to maximize the identification error with the least energy is described as a min–max optimization problem with constraints.The explicit expression of the optimal attack strategy is obtained.Simulation examples are presented to verify the effectiveness of the main conclusions.

Towards Risk Evaluation of Denial-of-Service Vulnerabilities in Security Protocols

Denial-of-Service （DOS） attacks are virulent to both computer and networked systems. Modeling and evaluating DoS attacks are very important issues to networked systems; they provide both mathematical foundations and theoretic guidelines to security system design. As defense against DoS has been built more and more into security protocols, this paper studies how to evaluate the risk of DoS in security protocols. First, we build a formal framework to model protocol operations and attacker capabilities. Then we propose an economic model for the risk evaluation. By characterizing the intruder capability with a probability model, our risk evaluation model specifies the ＂Value-at-Risk＂ （VaR） for the security protocols. Tile ＂Value-at-Risk＂ represents how much computing resources are expected to lose with a given level of confidence. The proposed model can help users to have a better understanding of the protocols they are using, and in the meantime help designers to examine their designs and get clues of improvement. Finally we apply the proposed model to analyze a key agreement protocol used in sensor networks and identify a DoS flaw there, and we also validate the applicability and effectiveness of our risk evaluation model by applying it to analyze and compare two public key authentication protocols.

Risk Assessment and Defense Resource Allocation of Cyber-physical Distribution Systems Under Denial-of-service Attacks

With the help of advanced information technology,real-time monitoring and control levels of cyber-physical distribution systems(CPDS)have been significantly improved.However due to the deep integration of cyber and physical systems,attackers could still threaten the stable operation of CPDS by launching cyber-attacks,such as denial-of-service(DoS)attacks.Thus,it is necessary to study the CPDS risk assessment and defense resource allocation methods under DoS attacks.This paper analyzes the impact of DoS attacks on the physical system based on the CPDS fault self-healing control.Then,considering attacker and defender strategies and attack damage,a CPDS risk assessment framework is established.Furthermore,risk assessment and defense resource allocation methods,based on the Stackelberg dynamic game model,are proposed under conditions in which the cyber and physical systems are launched simultaneously.Finally,a simulation based on an actual CPDS is performed,and the calculation results verify the effectiveness of the algorithm.

A broad learning-based comprehensive defence against SSDP reflection attacks in IoTs

The proliferation of Internet of Things(IoT)rapidly increases the possiblities of Simple Service Discovery Protocol(SSDP)reflection attacks.Most DDoS attack defence strategies deploy only to a certain type of devices in the attack chain,and need to detect attacks in advance,and the detection of DDoS attacks often uses heavy algorithms consuming lots of computing resources.This paper proposes a comprehensive DDoS attack defence approach which combines broad learning and a set of defence strategies against SSDP attacks,called Broad Learning based Comprehensive Defence(BLCD).The defence strategies work along the attack chain,starting from attack sources to victims.It defends against attacks without detecting attacks or identifying the roles of IoT devices in SSDP reflection attacks.BLCD also detects suspicious traffic at bots,service providers and victims by using broad learning,and the detection results are used as the basis for automatically deploying defence strategies which can significantly reduce DDoS packets.For evaluations,we thoroughly analyze attack traffic when deploying BLCD to different defence locations.Experiments show that BLCD can reduce the number of packets received at the victim to 39 without affecting the standard SSDP service,and detect malicious packets with an accuracy of 99.99%.

Resource Exhaustion Attack Detection Scheme for WLAN Using Artificial Neural Network

IEEE 802.11 Wi-Fi networks are prone to many denial of service(DoS)attacks due to vulnerabilities at the media access control(MAC)layer of the 802.11 protocol.Due to the data transmission nature of the wireless local area network(WLAN)through radio waves,its communication is exposed to the possibility of being attacked by illegitimate users.Moreover,the security design of the wireless structure is vulnerable to versatile attacks.For example,the attacker can imitate genuine features,rendering classificationbased methods inaccurate in differentiating between real and false messages.Althoughmany security standards have been proposed over the last decades to overcome many wireless network attacks,effectively detecting such attacks is crucial in today’s real-world applications.This paper presents a novel resource exhaustion attack detection scheme(READS)to detect resource exhaustion attacks effectively.The proposed scheme can differentiate between the genuine and fake management frames in the early stages of the attack such that access points can effectively mitigate the consequences of the attack.The scheme is built through learning from clustered samples using artificial neural networks to identify the genuine and rogue resource exhaustion management frames effectively and efficiently in theWLAN.The proposed scheme consists of four modules whichmake it capable to alleviates the attack impact more effectively than the related work.The experimental results show the effectiveness of the proposed technique by gaining an 89.11%improvement compared to the existing works in terms of detection.

DoS Attack Detection Based on Deep Factorization Machine in SDN

Software-Defined Network(SDN)decouples the control plane of network devices from the data plane.While alleviating the problems presented in traditional network architectures,it also brings potential security risks,particularly network Denial-of-Service(DoS)attacks.While many research efforts have been devoted to identifying new features for DoS attack detection,detection methods are less accurate in detecting DoS attacks against client hosts due to the high stealth of such attacks.To solve this problem,a new method of DoS attack detection based on Deep Factorization Machine(DeepFM)is proposed in SDN.Firstly,we select the Growth Rate of Max Matched Packets(GRMMP)in SDN as detection feature.Then,the DeepFM algorithm is used to extract features from flow rules and classify them into dense and discrete features to detect DoS attacks.After training,the model can be used to infer whether SDN is under DoS attacks,and a DeepFM-based detection method for DoS attacks against client host is implemented.Simulation results show that our method can effectively detect DoS attacks in SDN.Compared with the K-Nearest Neighbor(K-NN),Artificial Neural Network(ANN)models,Support Vector Machine(SVM)and Random Forest models,our proposed method outperforms in accuracy,precision and F1 values.

一种基于路由器矢量边采样的IP追踪技术

提出了一种新型的边采样方法"路由器矢量边采样"(RVES),使得概率包标记(probability packet marking,简称PPM)设备容易实现和部署.在图论模型上,RVES以网络接口替代路由器作为顶点,以路由器"矢量边"替代传统采样边.该方法实施简单,标记概率的策略配置灵活,可以有效解决分布式拒绝服务(router's vector-edge-sampling,简称DDoS)攻击的重构问题.基于传统边采样的PPM相关技术依然适用于RVES方法.原理样机已经研制出并部署在Internet上.实验结果验证了该方法的有效性和可行性.

SGuard：A Lightweight SDN Safe-Guard Architecture for DoS Attacks

Software Defined Networking(SDN) is a revolutionary networking paradigm towards the future network,experiencing rapid development nowadays.However,its main characteristic,the separation of control plane and data plane,also brings about new security challenges,i.e.,Denial-of-Service(DoS) attacks specific to Open Flow SDN networks to exhaust the control plane bandwidth and overload the buffer memory of Open Flow switch.To mitigate the DoS attacks in the Open Flow networks,we design and implement SGuard,a security application on top of the NOX controller that mainly contains two modules:Access control module and Classification module.We employ novel six-tuple as feature vector to classify traffic flows,meanwhile optimizing classification by feature ranking and selecting algorithms.All the modules will cooperate with each other to complete a series of tasks such as authorization,classification and so on.At the end of this paper,we experimentally use Mininet to evaluate SGuard in a software environment.The results show that SGuard works efficiently and accurately without adding more overhead to the SDN networks.

Adaptive Memory Event-Triggered Observer-Based Control for Nonlinear Multi-Agent Systems Under DoS Attacks

This paper investigates the event-triggered security consensus problem for nonlinear multi-agent systems(MASs)under denial-of-service(Do S)attacks over an undirected graph.A novel adaptive memory observer-based anti-disturbance control scheme is presented to improve the observer accuracy by adding a buffer for the system output measurements.Meanwhile,this control scheme can also provide more reasonable control signals when Do S attacks occur.To save network resources,an adaptive memory event-triggered mechanism(AMETM)is also proposed and Zeno behavior is excluded.It is worth mentioning that the AMETM's updates do not require global information.Then,the observer and controller gains are obtained by using the linear matrix inequality(LMI)technique.Finally,simulation examples show the effectiveness of the proposed control scheme.

An IoT-Based Intrusion Detection System Approach for TCP SYN Attacks

The success of Internet of Things(IoT)deployment has emerged important smart applications.These applications are running independently on different platforms,almost everywhere in the world.Internet of Medical Things(IoMT),also referred as the healthcare Internet of Things,is the most widely deployed application against COVID-19 and offering extensive healthcare services that are connected to the healthcare information technologies systems.Indeed,with the impact of the COVID-19 pandemic,a large number of interconnected devices designed to create smart networks.These networks monitor patients from remote locations as well as tracking medication orders.However,IoT may be jeopardized by attacks such as TCP SYN flooding and sinkhole attacks.In this paper,we address the issue of detecting Denial of Service attacks performed by TCP SYN flooding attacker nodes.For this purpose,we develop a new algorithm for Intrusion Detection System(IDS)to detect malicious activities in the Internet of Medical Things.The proposed scheme minimizes as possible the number of attacks to ensure data security,and preserve confidentiality of gathered data.In order to check the viability of our approach,we evaluate analytically and via simulations the performance of our proposed solution under different probability of attacks.

Secure Synchronization Control for a Class of Cyber-Physical Systems With Unknown Dynamics

This paper investigates the secure synchronization control problem for a class of cyber-physical systems(CPSs)with unknown system matrices and intermittent denial-of-service(DoS)attacks.For the attack free case,an optimal control law consisting of a feedback control and a compensated feedforward control is proposed to achieve the synchronization,and the feedback control gain matrix is learned by iteratively solving an algebraic Riccati equation(ARE).For considering the attack cases,it is difficult to perform the stability analysis of the synchronization errors by using the existing Lyapunov function method due to the presence of unknown system matrices.In order to overcome this difficulty,a matrix polynomial replacement method is given and it is shown that,the proposed optimal control law can still guarantee the asymptotical convergence of synchronization errors if two inequality conditions related with the DoS attacks hold.Finally,two examples are given to illustrate the effectiveness of the proposed approaches.

A Resilient Control Strategy for Cyber-Physical Systems Subject to Denial of Service Attacks:A Leader-Follower Set-Theoretic Approach

Multi-agent systems are usually equipped with open communication infrastructures to improve interactions efficiency,reliability and sustainability.Although technologically costeffective,this makes them vulnerable to cyber-attacks with potentially catastrophic consequences.To this end,we present a novel control architecture capable to deal with the distributed constrained regulation problem in the presence of time-delay attacks on the agents’communication infrastructure.The basic idea consists of orchestrating the interconnected cyber-physical system as a leader-follower configuration so that adequate control actions are computed to isolate the attacked unit before it compromises the system operations.Simulations on a multi-area power system confirm that the proposed control scheme can reconfigure the leader-follower structure in response to denial ofservice(DoS)attacks.

Decentralized Resilient H_∞Load Frequency Control for Cyber-Physical Power Systems Under DoS Attacks

This paper designs a decentralized resilient H_(∞)load frequency control(LFC)scheme for multi-area cyber-physical power systems(CPPSs).Under the network-based control framework,the sampled measurements are transmitted through the communication networks,which may be attacked by energylimited denial-of-service(DoS)attacks with a characterization of the maximum count of continuous data losses(resilience index).Each area is controlled in a decentralized mode,and the impacts on one area from other areas via their interconnections are regarded as the additional load disturbance of this area.Then,the closed-loop LFC system of each area under DoS attacks is modeled as an aperiodic sampled-data control system with external disturbances.Under this modeling,a decentralized resilient H_(∞)scheme is presented to design the state-feedback controllers with guaranteed H∞performance and resilience index based on a novel transmission interval-dependent loop functional method.When given the controllers,the proposed scheme can obtain a less conservative H_(∞)performance and resilience index that the LFC system can tolerate.The effectiveness of the proposed LFC scheme is evaluated on a one-area CPPS and two three-area CPPSs under DoS attacks.

Security Control for Uncertain Networked Control Systems under DoS Attacks and Fading Channels

This paper characterizes the joint effects of plant uncertainty,Denial-of-Service(DoS)attacks,and fading channel on the stabilization problem of networked control systems(NCSs).It is assumed that the controller remotely controls the plant and the control input is transmitted over a fading channel.Meanwhile,considering the sustained attack cycle and frequency of DoS attacks are random,the packet-loss caused by DoS attacks is modelled by a Markov process.The sampled-data NCS is transformed into a stochastic form with Markov jump and uncertain parameter.Then,based on Lyapunov functional method,linear matrix inequality(LMI)-based sufficient conditions are presented to ensure the stability of uncertain NCSs.The main contribution of this article lies in the construction of NCSs based on DoS attacks into Markov jump system(MJS)and the joint consideration of fading channel and plant uncertainty.

An Early Stage Detecting Method against SYN Flooding Attacks

Existing detection methods against SYN flooding attacks are effective only at the later stages when attacking signatures are obvious.In this paper an early stage detecting method(ESDM) is proposed.The ESDM is a simple but effective method to detect SYN flooding attacks at the early stage.In the ESDM the SYN traffic is forecasted by autoregressive integrated moving average model, and non-parametric cumulative sum algorithm is used to find the SYN flooding attacks according to the forecasted traffic.Trace-driven simulations show that ESDM is accurate and efficient to detect the SYN flooding attacks.