A Fuzzy Set-Based Approach for Model-Based Internet-Banking System Security Risk Assessment

A fuzzy set-based evaluation approach is demonstrated to assess the security risks for internet-banking System. The Internet-banking system is semi-formally described using Unified Modeling Language （UML） to specify the behavior and state of the system on the base of analyzing the existing qualitative risk assessment methods. And a quantitative method based on fuzzy set is used to measure security risks of the system, A case study was performed on the WEB server of the Internet-banking System using fuzzy-set based assessment algorithm to quantitatively compute the security risk severity. The numeric result also provides a method to decide the most critical component which should amuse the system administrator enough attention to take the appropriate security measure or controls to alleviate the risk severity. The experiments show this method can be used to quantify the security properties for the Internet-banking System in practice.

The Effective Enhancement of Power System Security by Flexible Transmission Line Impedance with Minimal Rescheduling of Generators

After the digital revolution, the power system security becomes an important issue and it urges the power producers to maintain a well secured system in order to supply a quality power to the end users. This paper presents an integrated Corrective Security Constrained Optimal Power Flow (CSCOPF) with Flexible Transmission Line Impedance (FTLI) to enhance the power system security. The corrective approach of SCOPF is chosen, because it allows the corrective equipment to bring back the system to a stable operating point and hence, it offers high flexibility and better economics. The concept of FTLI arises from the ability of FACTS devices such as Thyristor Controlled Series Capacitor (TCSC), which can vary the line reactance to a certain extent. An enhanced security can be achieved by incorporating FTLI into the CSCOPF problem, since the power flow in a system is highly dependent on the line reactance. FTLI based CSCOPF can reduce the amount of rescheduling of generators, but it will result in an increased number of variables and thus, the complexity to the optimization process is increased. This highly complex problem is solved by using nonlinear programming. The AC based OPF model is preferred, since the corrective security actions require highly accurate solutions. IEEE 30 bus system is used to test the proposed scheme and the results are compared with the traditional CSCOPF. It can be seen that the proposed idea provides a notable improvement in the reduction of cost incurred for restoring the system security.

Analysis and Recommendations for the Adaptability of China’s Power System Security and Stability Relevant Standards

In developing power grids,setting standards is critical to its success.The development of China’s power industry has proposed new requirements for power systems to ensure secure and stable operations.The principal standards for the security and stability of China’s current power systems are analyzed in terms of operational control,generator-grid coordination and simulation.The shortcomings are pointed out and the directions of future development are discussed.In the end,the study highlighted the following key areas that require further research and improvement:the evaluation criteria of power system security and stability should be improved to ensure the secure and stable operation of China’s power systems;the operational control standards should be constantly enhanced to increase the reliability and flexibility of operational control strategies;generatorgrid coordination standards should be upgraded to improve the coordination between the generator control protection system and the grid;and the simulation methodology should be standardized in future power system security and stability research.

Concepts of Safety Critical Systems Unification Approach &Security Assurance Process

The security assurance of computer-based systems that rely on safety and security assurance, such as consistency, durability, efficiency and accessibility, require or need resources. This targets the System-of-Systems (SoS) problems with the exception of difficulties and concerns that apply similarly to subsystem interactions on a single system and system-as-component interactions on a large information system. This research addresses security and information assurance for safety-critical systems, where security and safety are addressed before going to actual implementation/development phase for component-based systems. For this purpose, require a conceptual idea or strategy that deals with the application logic security assurance issues. This may explore the vulnerability in single component or a reuse of specification in existing logic in component-based system. Keeping in view this situation, we have defined seven concepts of security assurance and security assurance design strategy for safety-critical systems.

Reliability Analysis of Heterogeneous Sensor-Cloud Systems against Targeted Attacks

Based on the wide application of cloud computing and wireless sensor networks in various fields,the Sensor-Cloud System(SCS)plays an indispensable role between the physical world and the network world.However,due to the close connection and interdependence between the physical resource network and computing resource network,there are security problems such as cascading failures between systems in the SCS.In this paper,we propose a model with two interdependent networks to represent a sensor-cloud system.Besides,based on the percolation theory,we have carried out a formulaic theoretical analysis of the whole process of cascading failure.When the system’s subnetwork presents a steady state where there is no further collapse,we can obtain the largest remaining connected subgroup components and the penetration threshold.Theoretically,this result is the critical maximum that the coupled SCS can withstand.To verify the correctness of the theoretical results,we further carried out actual simulation experiments.The results show that a scale-free network priority attack’s percolation threshold is always less than that of ER network which is priority attacked.Similarly,when the scale-free network is attacked first,adding the power law exponentλcan be more intuitive and more effective to improve the network’s reliability.

Mechanism and Defense on Malicious Code

With the explosive growth of network applications, the threat of the malicious code against network security becomes increasingly serious. In this paper we explore the mechanism of the malicious code by giving an attack model of the malicious code, and discuss the critical techniques of implementation and prevention against the malicious code. The remaining problems and emerging trends in this area are also addressed in the paper.

Suspension of Australian National Electricity Market in 2022 Necessitates Mechanism Evolution Ensuring Power Supply Security

The National Electricity Market(NEM)in Australia was suspended during June 15-23,2022,with a primary attribution to the lack of available generation capacity.This incident is noteworthy because it was the first market suspension in NEM’s history and took place in a major energy exporting country.In this letter,we review the outline and impacts of the incident.From the perspectives of market regulation,electricity supply,and electricity demand,we identify three underlying causes of the market suspension and offer four recommendations for the market mechanism evolution to ensure power supply security.

A buffer overflow detection and defense method based on RiSC-V instruction set extension

Buffer overflow poses a serious threat to the memory security of modern operating systems.It overwrites the con-tents of other memory areas by breaking through the buffer capacity limit,destroys the system execution environ-ment,and provides implementation space for various system attacks such as program control flow hijacking.That makes it a wide range of harms.A variety of security technologies have been proposed to deal with system security problems including buffer overflow.For example,No eXecute(NX for short)is a memory management technology commonly used in Harvard architecture.It can refuse the execution of code which residing in a specific memory,and can effectively suppress the abnormal impact of buffer overflow on control flow.Therefore,in recent years,it has also been used in the field of system security,deriving a series of solutions based on NX technology,such as ExecShield,DEP,StackGuard,etc.However,these security solutions often rely too much on the processor archi-tecture so that the protection coverage is insufficient and the accuracy is limited.Especially in the emerging system architecture field represented by RiSC-V,there is still a lack of effective solutions for buffer overflow vulnerabilities.With the continuous rapid development of the system architecture,it is urgent to develop defense methods that are applicable to different system application environments and oriented to all executable memory spaces to meet the needs of system security development.Therefore,we propose BOP,A new system memory security design method based on RISC-V extended instructions,to build a RISC-V buffer overflow detection and defense system and deal with the buffer overflow threat in RIsC-V.According to this method,NX technology can be combined with program control flow analysis,and Nx bit mechanism can be used to manage the executability of memory space,so as to achieve a more granular detection and defense of buffer overflow attacks that may occur in RISC-V system environment.In addition,The memory management and control function of BOP is not only very suitable for solving the security problems in the existing single architecture system,but also widely applicable to the combina-tion of multiple heterogeneous systems.

Online Frequency Security Assessment Based on Analytical Model Considering Limiting Modules

Due to the increasing implementation of high voltage direct current(HVDC)and the integration of renewable resources,frequency stability problems in power systems are drawing greater attention in recent years.It has become necessary to carry out online frequency security assessments to ensure the safe operation of power systems.Considering the low time-efficiency of simulation-based methods,analytical models,such as the frequency nadir prediction(FNP)model,are more suitable for online assessment,which requires calculating the worst frequency deviation under various contingencies.Based on the FNP model,the FNP-L model for online frequency security assessment is proposed in this paper.The proposed model implements security assessment by calculating and checking the frequency features,including the nadir time and frequency,followed by contingencies.The effect of the governor,including nonlinear constraints,is approximated into polynomial functions so that the results are obtained by solving multiple polynomial equations.Case studies are carried out using the New-England 39-bus system and a regional power grid,which shows that the proposed model could achieve both high speed and high accuracy,and can therefore be applied in online security assessment.

Optimal generation mix for frequency response adequacy in future power system

Strict enforcement of government policies to integrate high generation share from renewable energy sources(RES)like wind and PV would create inevitable operational challenges for the utilities to deliver Frequency Response(FR)services.Uncertain RES generation characteristics would worsen the situation for SO,to detain initial frequency deviation following the largest generation outage.This necessitates investigation of optimal generator combination for securing PFR adequacy with simultaneous characterization of uncertainty.In this regard,this paper proposes a novel Modified Interval(MI)based optimal generation mix formulation for operation cost minimization and FR adequacy.RES uncertainty is characterised by forecasted upper and lower bound,while hourly ramp needs are based on the net load scenarios.Proposed model is assessed on one area IEEE reliability test system.Rate of change of frequency(ROCOF)and frequency deviation are considered as network security limits to obtain optimal generation mix.Results obtained provide,overall cost performance,PFR and optimal generation mix,without violating system security criteria.This model would certainly assist SO,to enhance system’s inertia and PFR adequacy at short-term system operations and could be extended for long-term planning framework.

Data-driven Approach for State Prediction and Detection of False Data Injection Attacks in Smart Grid

In a smart grid,state estimation(SE)is a very important component of energy management system.Its main functions include system SE and detection of cyber anomalies.Recently,it has been shown that conventional SE techniques are vulnerable to false data injection(FDI)attack,which is a sophisticated new class of attacks on data integrity in smart grid.The main contribution of this paper is to propose a new FDI attack detection technique using a new data-driven SE model,which is different from the traditional weighted least square based SE model.This SE model has a number of unique advantages compared with traditional SE models.First,the prediction technique can better maintain the inherent temporal correlations among consecutive measurement vectors.Second,the proposed SE model can learn the actual power system states.Finally,this paper shows that this SE model can be effectively used to detect FDI attacks that otherwise remain stealthy to traditional SE-based bad data detectors.The proposed FDI attack detection technique is evaluated on a number of standard bus systems.The performance of state prediction and the accuracy of FDI attack detection are benchmarked against the state-ofthe-art techniques.Experimental results show that the proposed FDI attack detection technique has a higher detection rate compared with the existing techniques while reducing the false alarms significantly.