Adaptive Network Sustainability and Defense Based on Artificial Bees Colony Optimization Algorithm for Nature Inspired Cyber Security

Cyber Defense is becoming a major issue for every organization to keep business continuity intact.The presented paper explores the effectiveness of a meta-heuristic optimization algorithm-Artificial Bees Colony Algorithm(ABC)as an Nature Inspired Cyber Security mechanism to achieve adaptive defense.It experiments on the Denial-Of-Service attack scenarios which involves limiting the traffic flow for each node.Businesses today have adapted their service distribution models to include the use of the Internet,allowing them to effectively manage and interact with their customer data.This shift has created an increased reliance on online services to store vast amounts of confidential customer data,meaning any disruption or outage of these services could be disastrous for the business,leaving them without the knowledge to serve their customers.Adversaries can exploit such an event to gain unauthorized access to the confidential data of the customers.The proposed algorithm utilizes an Adaptive Defense approach to continuously select nodes that could present characteristics of a probable malicious entity.For any changes in network parameters,the cluster of nodes is selected in the prepared solution set as a probable malicious node and the traffic rate with the ratio of packet delivery is managed with respect to the properties of normal nodes to deliver a disaster recovery plan for potential businesses.

The Role of AI in Cyber Security: Safeguarding Digital Identity

This article signals the use of Artificial Intelligence (AI) in information security where its merits, downsides as well as unanticipated negative outcomes are noted. It considers AI based models that can strengthen or undermine infrastructural functions and organize the networks. In addition, the essay delves into AI’s role in Cyber security software development and the need for AI-resilient strategies that could anticipate and thwart AI-created vulnerabilities. The document also touched on the socioeconomic ramifications of the emergence of AI in Cyber security as well. Looking into AI and security literature, the report outlines benefits including made threat detection precision, extended security ops efficiency, and preventive security tasks. At the same time, it emphasizes the positive side of AI, but it also shows potential limitations such as data bias, lack of interpretability, ethical concerns, and security flaws. The work similarly focuses on the characterized of misuse and sophisticated cyberattacks. The research suggests ways to diminish AI-generating maleficence which comprise ethical AI development, robust safety measures and constant audits and updates. With regard to the AI application in Cyber security, there are both pros and cons in terms of socio-economic issues, for example, job displacement, economic growth and the change in the required workforce skills.

A Comprehensive Survey on Advanced Persistent Threat (APT) Detection Techniques

The increase in number of people using the Internet leads to increased cyberattack opportunities.Advanced Persistent Threats,or APTs,are among the most dangerous targeted cyberattacks.APT attacks utilize various advanced tools and techniques for attacking targets with specific goals.Even countries with advanced technologies,like the US,Russia,the UK,and India,are susceptible to this targeted attack.APT is a sophisticated attack that involves multiple stages and specific strategies.Besides,TTP(Tools,Techniques,and Procedures)involved in the APT attack are commonly new and developed by an attacker to evade the security system.However,APTs are generally implemented in multiple stages.If one of the stages is detected,we may apply a defense mechanism for subsequent stages,leading to the entire APT attack failure.The detection at the early stage of APT and the prediction of the next step in the APT kill chain are ongoing challenges.This survey paper will provide knowledge about APT attacks and their essential steps.This follows the case study of known APT attacks,which will give clear information about the APT attack process—in later sections,highlighting the various detection methods defined by different researchers along with the limitations of the work.Data used in this article comes from the various annual reports published by security experts and blogs and information released by the enterprise networks targeted by the attack.

A Survey of Cyber Attacks on Cyber Physical Systems:Recent Advances and Challenges

A cyber physical system(CPS)is a complex system that integrates sensing,computation,control and networking into physical processes and objects over Internet.It plays a key role in modern industry since it connects physical and cyber worlds.In order to meet ever-changing industrial requirements,its structures and functions are constantly improved.Meanwhile,new security issues have arisen.A ubiquitous problem is the fact that cyber attacks can cause significant damage to industrial systems,and thus has gained increasing attention from researchers and practitioners.This paper presents a survey of state-of-the-art results of cyber attacks on cyber physical systems.First,as typical system models are employed to study these systems,time-driven and event-driven systems are reviewed.Then,recent advances on three types of attacks,i.e.,those on availability,integrity,and confidentiality are discussed.In particular,the detailed studies on availability and integrity attacks are introduced from the perspective of attackers and defenders.Namely,both attack and defense strategies are discussed based on different system models.Some challenges and open issues are indicated to guide future research and inspire the further exploration of this increasingly important area.

Detection of Phishing in Internet-of-Things Using Hybrid Deep Belief Network

Increase in the use of internet of things owned devices is one of the reasonsforincreasednetworktraffic.Whileconnectingthesmartdeviceswith publicly available network many kinds of phishing attacks are able to enter into the mobile devices and corrupt the existing system.The Phishing is the slow and resilient attack stacking techniques probe the users.The proposed model is focused on detecting phishing attacks in internet of things enabled devices through a robust algorithm called Novel Watch and Trap Algorithm(NWAT).Though Predictive mapping,Predictive Validation and Predictive analysis mechanism is developed.For the test purpose Canadian Institute of cyber security(CIC)dataset is used for creating a robust prediction model.This attack generates a resilience corruption works that slowly gathers the credential information from the mobiles.The proposed Predictive analysis model(PAM)enabled NWAT algorithm is used to predict the phishing probes in the form of suspicious process happening in the IoT networks.The prediction system considers the peer-to-peer communication window open for the established communication,the suspicious process and its pattern is identified by the new approach.The proposed model is validated by finding thepredictionaccuracy,Precision,recallsF1score,errorrate,Mathew’sCorre-lationCoefficient(MCC)andBalancedDetectionRate(BDR).Thepresented approach is comparatively analyzed with the state-of-the-art approach of existing system related to various types of Phishing probes.

Optimal Cyber Attack Strategy Using Reinforcement Learning Based onCommon Vulnerability Scoring System

Currently,cybersecurity threats such as data breaches and phishing have been on the rise due to the many differentattack strategies of cyber attackers,significantly increasing risks to individuals and organizations.Traditionalsecurity technologies such as intrusion detection have been developed to respond to these cyber threats.Recently,advanced integrated cybersecurity that incorporates Artificial Intelligence has been the focus.In this paper,wepropose a response strategy using a reinforcement-learning-based cyber-attack-defense simulation tool to addresscontinuously evolving cyber threats.Additionally,we have implemented an effective reinforcement-learning-basedcyber-attack scenario using Cyber Battle Simulation,which is a cyber-attack-defense simulator.This scenarioinvolves important security components such as node value,cost,firewalls,and services.Furthermore,we applieda new vulnerability assessment method based on the Common Vulnerability Scoring System.This approach candesign an optimal attack strategy by considering the importance of attack goals,which helps in developing moreeffective response strategies.These attack strategies are evaluated by comparing their performance using a variety ofReinforcement Learning methods.The experimental results show that RL models demonstrate improved learningperformance with the proposed attack strategy compared to the original strategies.In particular,the success rateof the Advantage Actor-Critic-based attack strategy improved by 5.04 percentage points,reaching 10.17%,whichrepresents an impressive 98.24%increase over the original scenario.Consequently,the proposed method canenhance security and risk management capabilities in cyber environments,improving the efficiency of securitymanagement and significantly contributing to the development of security systems.

Fooling intrusion detection systems using adversarially autoencoder

Due to the increasing cyber-attacks,various Intrusion Detection Systems(IDSs)have been proposed to identify network anomalies.Most existing machine learning-based IDSs learn patterns from the features extracted from network traffic flows,and the deep learning-based approaches can learn data distribution features from the raw data to differentiate normal and anomalous network flows.Although having been used in the real world widely,the above methods are vulnerable to some types of attacks.In this paper,we propose a novel attack framework,Anti-Intrusion Detection AutoEncoder(AIDAE),to generate features to disable the IDS.In the proposed framework,an encoder transforms features into a latent space,and multiple decoders reconstruct the continuous and discrete features,respectively.Additionally,a generative adversarial network is used to learn the flexible prior distribution of the latent space.The correlation between continuous and discrete features can be kept by using the proposed training scheme.Experiments conducted on NSL-KDD,UNSW-NB15,and CICIDS2017 datasets show that the generated features indeed degrade the detection performance of existing IDSs dramatically.

FedDiSC:A computation-efficient federated learning framework for power systems disturbance and cyber attack discrimination

With the growing concern about the security and privacy of smart grid systems,cyberattacks on critical power grid components,such as state estimation,have proven to be one of the top-priority cyber-related issues and have received significant attention in recent years.However,cyberattack detection in smart grids now faces new challenges,including privacy preservation and decentralized power zones with strategic data owners.To address these technical bottlenecks,this paper proposes a novel Federated Learning-based privacy-preserving and communication-efficient attack detection framework,known as FedDiSC,that enables Discrimination between power System disturbances and Cyberattacks.Specifically,we first propose a Federated Learning approach to enable Supervisory Control and Data Acquisition subsystems of decentralized power grid zones to collaboratively train an attack detection model without sharing sensitive power related data.Secondly,we put forward a representation learning-based Deep Auto-Encoder network to accurately detect power system and cybersecurity anomalies.Lastly,to adapt our proposed framework to the timeliness of real-world cyberattack detection in SGs,we leverage the use of a gradient privacy-preserving quantization scheme known as DP-SIGNSGD to improve its communication efficiency.Extensive simulations of the proposed framework on publicly available Industrial Control Systems datasets demonstrate that the proposed framework can achieve superior detection accuracy while preserving the privacy of sensitive power grid related information.Furthermore,we find that the gradient quantization scheme utilized improves communication efficiency by 40%when compared to a traditional federated learning approach without gradient quantization which suggests suitability in a real-world scenario.

A DoS Attacks Detection Aglorithm Based on Snort-BASE for Robotic Arm Control Systems

In response to the frequent safety accidents of industrial robots, this paper designs and implements a safety detection system for robot control. It can perform real-time security detection of robot operations on industrial production lines to improve the security and reliability of robot control systems. This paper designs and implements a robot control system based Snort-BASE for real-time online detection of DoS attacks. The system uses a six-degree-of-freedom robotic arm as an example, uses Snort to record the network communication data of the robot arm control system in real time, and filters the network traffic through self-defined rules, and then uses the BASE analysis platform to achieve security analysis of the network traffic. The solution verifies the effectiveness of online real-time detection of attacks and visualisation of attack records by designing simulated robotic arm and real robotic arm attack experiments respectively, thus achieving the security of network communication of the robot remote control system.

Robust Control for Interval Type-2 T-S Fuzzy Discrete Systems with Input Delays and Cyber Attacks

This paper focuses on the robust control issue for interval type-2 Takagi-Sugeno(IT2 T-S)fuzzy discrete systems with input delays and cyber attacks.The lower and upper membership functions are first utilized to IT2 fuzzy discrete systems to capture parameter uncertainties.By considering the influences of input delays and stochastic cyber attacks,a newly fuzzy robust controller is established.Afterward,the asymptotic stability sufficient conditions in form of LMIs for the IT2 closed-loop systems are given via establishing a Lyapunov-Krasovskii functional.Afterward,a solving algorithm for obtaining the controller gains is given.Finally,the effectiveness of the developed IT2 fuzzy method is verified by a numerical example.

On modeling of electrical cyber-physical systems considering cyber security

This paper establishes a new framework for modeling electrical cyber-physical systems(ECPSs),integrating both power grids and communication networks. To model the communication network associated with a power transmission grid, we use a mesh network that considers the features of power transmission grids such as high-voltage levels, long-transmission distances, and equal importance of each node. Moreover, bidirectional links including data uploading channels and command downloading channels are assumed to connect every node in the communication network and a corresponding physical node in the transmission grid. Based on this model,the fragility of an ECPS is analyzed under various cyber attacks including denial-of-service(Do S) attacks, replay attacks, and false data injection attacks. Control strategies such as load shedding and relay protection are also verified using this model against these attacks.

Cyber-attack-tolerant Frequency Control of Power Systems

Cyber attacks are emerging threats in the Internet of Things applications,and power systems are typical cyber attack targets.As one of the most essential operation functions,frequency control is threatened by cyber intrusions,and the existing centralized control mode cannot effectively address cyber risks.In this study,a new distributed cyber-attack-tolerant frequency control scheme is designed.The distributed control mode also serves as a convenient tool for attack identification.The designed cyber-attack-tolerant frequency controller adopts the idea of passive fault attenuation,thus simplifying the design procedure.With the aid of graph theory and consensus techniques,distributed integral based and model predictive control(MPC)based controllers are designed.Compared with the integral type,the MPC-based controller can simultaneously improve the dynamic responses and the tolerance ability under attack.The proposed controller is validated via an IEEE benchmark system,and the effectiveness of its application in actual power systems is verified.

Fast Screening Severe Cyber Attacks via Transient Energy-based Impact Analysis

This paper presents a transient energy based screening approach for quickly identifying potential critical attacks that might have significant impacts on power system transient stability.Specifically,the proposed approach focuses on the total transient energy injected into power systems as the result of assumptive cyber attacks.The computational improvements of the proposed method are significant as the time-domain simulations can be avoided.The efficacy of the proposed approach is demonstrated using a practical power system with various cyber attack scenarios.The identification results of the proposed method can be used to guide more detailed impact analysis and to develop more effective countermeasures against cyber attacks.

Resilient Control for Networked Control Systems Subject to Cyber/Physical Attacks

In this paper, we investigate a resilient control strategy for networked control systems（NCSs） subject to zero dynamic attacks which are stealthy false-data injection attacks that are designed so that they cannot be detected based on control input and measurement data. Cyber resilience represents the ability of systems or network architectures to continue providing their intended behavior during attack and recovery. When a cyber attack on the control signal of a networked control system is computed to remain undetectable from passive model-based fault detection and isolation schemes, we show that the consequence of a zero dynamic attack on the state variable of the plant is undetectable during attack but it becomes apparent after the end of the attack. A resilient linear quadratic Gaussian controller, having the ability to quickly recover the nominal behavior of the closed-loop system after the attack end, is designed by updating online the Kalman filter from information given by an active version of the generalized likelihood ratio detector.

Active resilient defense control against false data injection attacks in smart grids

The emerging of false data injection attacks(FDIAs)can fool the traditional detection methods by injecting false data,which has brought huge risks to the security of smart grids.For this reason,a resilient active defense control scheme based on interval observer detection is proposed in this paper to protect smart grids.The proposed active defense highlights the integration of detection and defense against FDIAs in smart girds.First,a dynamic physical grid model under FDIAs is modeled,in which model uncertainty and parameter uncertainty are taken into account.Then,an interval observer-based detection method against FDIAs is proposed,where a detection criteria using interval residual is put forward.Corresponding to the detection results,the resilient defense controller is triggered to defense the FDIAs if the system states are affected by FDIAs.Linear matrix inequality(LMI)approach is applied to design the resilient controller with H_(∞)performance.The system with the resilient defense controller can be robust to FDIAs and the gain of the resilient controller has a certain gain margin.Our active resilient defense approach can be built in real time and show accurate and quick respond to the injected FDIAs.The effectiveness of the proposed defense scheme is verified by the simulation results on an IEEE 30-bus grid system.

Automated Penetration Testing with Fine-Grained Control through Deep Reinforcement Learning

Penetration testing(PT)is an active method of evaluating the security of a network by simulating various types of cyber attacks in order to identify and exploit vulnerabilities.Traditional PT involves a time-consuming and labor-intensive process that is prone to errors and cannot be easily formulated.Researchers have been investigating the potential of deep reinforcement learning(DRL)to develop automated PT(APT)tools.However,using DRL in APT is challenged by partial observability of the environment and the intractability problem of the huge action space.This paper introduces RLAPT,a novel DRL approach that directly overcomes these challenges and enables intelligent automation of the PT process with precise control.The proposed method exhibits superior efficiency,stability,and scalability in finding the optimal attacking policy on the simulated experiment scenario.

Adaptive Two-stage Unscented Kalman Filter for Dynamic State Estimation of Synchronous Generator Under Cyber Attacks Against Measurements

This paper develops an adaptive two-stage unscented Kalman filter(ATSUKF)to accurately track operation states of the synchronous generator(SG)under cyber attacks.To achieve high fidelity,considering the excitation system of SGs,a detailed 9~(th)-order SG model for dynamic state estimation is established.Then,for several common cyber attacks against measurements,a two-stage unscented Kalman filter is proposed to estimate the model state and the bias in parallel.Subsequently,to solve the deterioration problem of state estimation performance caused by the mismatch between noise statistical characteristics and model assumptions,a multi-dimensional adaptive factor matrix is derived to modify the noise covariance matrix.Finally,a large number of simulation experiments are carried out on the IEEE 39-bus system,which shows that the proposed filter can accurately track the SG state under different abnormal test conditions.

Power system restoration:a literature review from 2006 to 2016

Power system restoration has attracted more attention and made great progress recently. Research progress of the power system restoration from 2006 to 2016 is reviewed in this paper, including black-start, network reconfiguration and load restoration. Some emerging methods and key techniques are also discussed in the context of the integration of variable renewable energy and development of the smart grid. There is a long way to go to achieve automatic self-healing in bulk power systems because of its extreme complexity. However, rapidly developing artificial intelligence technology will eventually enable the step-by-step dynamic decision-making based on the situation awareness of supervisory control and data acquisition systems(SCADA) and wide area measurement systems(WAMS) in the near future.

Stochastic stability analysis of networked control systems with random cryptographic protection under random zero-measurement attacks

Security issues in networked control systems（NCSs） have received increasing attention in recent years.However, security protection often requires extra energy consumption, computational overhead, and time delays,which could adversely affect the real-time and energy-limited system. In this paper, random cryptographic protection is implemented. It is less expensive with respect to computational overhead, time, and energy consumption,compared with persistent cryptographic protection. Under the consideration of weak attackers who have little system knowledge, ungenerous attacking capability and the desire for stealthiness and random zero-measurement attacks are introduced as the malicious modification of measurements into zero signals. NCS is modeled as a stochastic system with two correlated Bernoulli distributed stochastic variables for implementation of random cryptographic protection and occurrence of random zero-measurement attacks; the stochastic stability can be analyzed using a linear matrix inequality（LMI） approach. The proposed stochastic stability analysis can help determine the proper probability of running random cryptographic protection against random zero-measurement attacks with a certain probability. Finally, a simulation example is presented based on a vertical take-off and landing（VTOL） system. The results show the effectiveness, robustness, and application of the proposed method, and are helpful in choosing the proper protection mechanism taking into account the time delay and in determining the system sampling period to increase the resistance against such attacks.

U.S. Resilience to large-scale power outages in 2002–2019

Prolonged power outages debilitate the economy and threaten public health. Existing research is generally limitedin its scope to a single event, an outage cause, or a region. Here, we provide one of the most comprehensiveanalyses of large-scale power outages in the U.S. from 2002 to 2019. This analysis is based on the outage datacollected under U.S. federal mandates that concern large blackouts, typically of transmission systems and excludemuch more common but smaller blackouts, typically, of distribution systems. We categorized the data into fouroutage causes and computed reliability metrics, which are commonly used for distribution-level small outagesonly but useful for analyzing large blackouts. Our spatiotemporal analysis reveals six of the most resilient U.S.states since 2010, improvement of power resilience against natural hazards in the south and northeast regions,and a disproportionately large number of human attacks for its population in the Western Electricity CoordinatingCouncil region. Our regression analysis identifies several statistically significant predictors and hypotheses forU.S. resilience to large blackouts. Furthermore, we propose a novel framework for analyzing outage data usingdifferential weighting and influential points to better understand power resilience. We share curated data andcode as Supplementary Materials.