To improve the estimation accuracy of state of charge(SOC)and state of health(SOH)for lithium-ion batteries,in this paper,a joint estimation method of SOC and SOH at charging cut-off voltage based on genetic algorithm...To improve the estimation accuracy of state of charge(SOC)and state of health(SOH)for lithium-ion batteries,in this paper,a joint estimation method of SOC and SOH at charging cut-off voltage based on genetic algorithm(GA)combined with back propagation(BP)neural network is proposed,the research addresses the issue of data manipulation resulting fromcyber-attacks.Firstly,anomalous data stemming fromcyber-attacks are identified and eliminated using the isolated forest algorithm,followed by data restoration.Secondly,the incremental capacity(IC)curve is derived fromthe restored data using theKalman filtering algorithm,with the peak of the ICcurve(ICP)and its corresponding voltage serving as the health factor(HF).Thirdly,the GA-BP neural network is applied to map the relationship between HF,constant current charging time,and SOH,facilitating the estimation of SOH based on HF.Finally,SOC estimation at the charging cut-off voltage is calculated by inputting the SOH estimation value into the trained model to determine the constant current charging time,and by updating the maximum available capacity.Experiments show that the root mean squared error of the joint estimation results does not exceed 1%,which proves that the proposed method can estimate the SOC and SOH accurately and stably even in the presence of false data injection attacks.展开更多
The United States of America faces an increasing number of threats to its critical infrastructure due to cyber-attacks. With the constant advancement of technology and the interconnectedness of various systems, the vu...The United States of America faces an increasing number of threats to its critical infrastructure due to cyber-attacks. With the constant advancement of technology and the interconnectedness of various systems, the vulnerabilities in the nation’s infrastructure have become more pronounced. Cyber-attacks on critical infrastructure, such as power grids, transportation networks, and financial systems, pose a significant risk to national security and public safety. These attacks can disrupt essential services, cause economic losses, and potentially have severe consequences for the well-being of individuals and communities. The rise of cyber-terrorism is also a concern. Cyber-terrorists can exploit vulnerabilities in cyberspace to compromise infrastructure systems, causing chaos and panic among the population. The potential for destructive attacks on critical infrastructure is a pressing issue requiring constant attention and proactive measures.展开更多
Smart Industrial environments use the Industrial Internet of Things(IIoT)for their routine operations and transform their industrial operations with intelligent and driven approaches.However,IIoT devices are vulnerabl...Smart Industrial environments use the Industrial Internet of Things(IIoT)for their routine operations and transform their industrial operations with intelligent and driven approaches.However,IIoT devices are vulnerable to cyber threats and exploits due to their connectivity with the internet.Traditional signature-based IDS are effective in detecting known attacks,but they are unable to detect unknown emerging attacks.Therefore,there is the need for an IDS which can learn from data and detect new threats.Ensemble Machine Learning(ML)and individual Deep Learning(DL)based IDS have been developed,and these individual models achieved low accuracy;however,their performance can be improved with the ensemble stacking technique.In this paper,we have proposed a Deep Stacked Neural Network(DSNN)based IDS,which consists of two stacked Convolutional Neural Network(CNN)models as base learners and Extreme Gradient Boosting(XGB)as the meta learner.The proposed DSNN model was trained and evaluated with the next-generation dataset,TON_IoT.Several pre-processing techniques were applied to prepare a dataset for the model,including ensemble feature selection and the SMOTE technique.Accuracy,precision,recall,F1-score,and false positive rates were used to evaluate the performance of the proposed ensemble model.Our experimental results showed that the accuracy for binary classification is 99.61%,which is better than in the baseline individual DL and ML models.In addition,the model proposed for IDS has been compared with similar models.The proposed DSNN achieved better performance metrics than the other models.The proposed DSNN model will be used to develop enhanced IDS for threat mitigation in smart industrial environments.展开更多
In this paper, we study the supervisory control problem of discrete event systems assuming that cyber-attacks might occur. In particular, we focus on the problem of liveness enforcement and consider a sensor-reading m...In this paper, we study the supervisory control problem of discrete event systems assuming that cyber-attacks might occur. In particular, we focus on the problem of liveness enforcement and consider a sensor-reading modification attack(SM-attack) that may disguise the occurrence of an event as that of another event by intruding sensor communication channels. To solve the problem, we introduce non-deterministic supervisors in the paper, which associate to every observed sequence a set of possible control actions offline and choose a control action from the set randomly online to control the system. Specifically, given a bounded Petri net(PN) as the reference formalism and an SMattack, an algorithm that synthesizes a liveness-enforcing nondeterministic supervisor tolerant to the SM-attack is proposed for the first time.展开更多
Cyber-physical systems(CPSs)have emerged as an essential area of research in the last decade,providing a new paradigm for the integration of computational and physical units in modern control systems.Remote state esti...Cyber-physical systems(CPSs)have emerged as an essential area of research in the last decade,providing a new paradigm for the integration of computational and physical units in modern control systems.Remote state estimation(RSE)is an indispensable functional module of CPSs.Recently,it has been demonstrated that malicious agents can manipulate data packets transmitted through unreliable channels of RSE,leading to severe estimation performance degradation.This paper aims to present an overview of recent advances in cyber-attacks and defensive countermeasures,with a specific focus on integrity attacks against RSE.Firstly,two representative frameworks for the synthesis of optimal deception attacks with various performance metrics and stealthiness constraints are discussed,which provide a deeper insight into the vulnerabilities of RSE.Secondly,a detailed review of typical attack detection and resilient estimation algorithms is included,illustrating the latest defensive measures safeguarding RSE from adversaries.Thirdly,some prevalent attacks impairing the confidentiality and data availability of RSE are examined from both attackers'and defenders'perspectives.Finally,several challenges and open problems are presented to inspire further exploration and future research in this field.展开更多
The application field for Unmanned Aerial Vehicle (UAV) technology and its adoption rate have been increasingsteadily in the past years. Decreasing cost of commercial drones has enabled their use at a scale broader th...The application field for Unmanned Aerial Vehicle (UAV) technology and its adoption rate have been increasingsteadily in the past years. Decreasing cost of commercial drones has enabled their use at a scale broader thanever before. However, increasing the complexity of UAVs and decreasing the cost, both contribute to a lack ofimplemented securitymeasures and raise new security and safety concerns. For instance, the issue of implausible ortampered UAV sensor measurements is barely addressed in the current research literature and thus, requires moreattention from the research community. The goal of this survey is to extensively review state-of-the-art literatureregarding common sensor- and communication-based vulnerabilities, existing threats, and active or passive cyberattacksagainst UAVs, as well as shed light on the research gaps in the literature. In this work, we describe theUnmanned Aerial System (UAS) architecture to point out the origination sources for security and safety issues.Weevaluate the coverage and completeness of each related research work in a comprehensive comparison table as wellas classify the threats, vulnerabilities and cyber-attacks into sensor-based and communication-based categories.Additionally, for each individual cyber-attack, we describe existing countermeasures or detectionmechanisms andprovide a list of requirements to ensureUAV’s security and safety.We also address the problem of implausible sensormeasurements and introduce the idea of a plausibility check for sensor data. By doing so, we discover additionalmeasures to improve security and safety and report on a research niche that is not well represented in the currentresearch literature.展开更多
The high performance of IoT technology in transportation networks has led to the increasing adoption of Internet of Vehicles(IoV)technology.The functional advantages of IoV include online communication services,accide...The high performance of IoT technology in transportation networks has led to the increasing adoption of Internet of Vehicles(IoV)technology.The functional advantages of IoV include online communication services,accident prevention,cost reduction,and enhanced traffic regularity.Despite these benefits,IoV technology is susceptible to cyber-attacks,which can exploit vulnerabilities in the vehicle network,leading to perturbations,disturbances,non-recognition of traffic signs,accidents,and vehicle immobilization.This paper reviews the state-of-the-art achievements and developments in applying Deep Transfer Learning(DTL)models for Intrusion Detection Systems in the Internet of Vehicles(IDS-IoV)based on anomaly detection.IDS-IoV leverages anomaly detection through machine learning and DTL techniques to mitigate the risks posed by cyber-attacks.These systems can autonomously create specific models based on network data to differentiate between regular traffic and cyber-attacks.Among these techniques,transfer learning models are particularly promising due to their efficacy with tagged data,reduced training time,lower memory usage,and decreased computational complexity.We evaluate DTL models against criteria including the ability to transfer knowledge,detection rate,accurate analysis of complex data,and stability.This review highlights the significant progress made in the field,showcasing how DTL models enhance the performance and reliability of IDS-IoV systems.By examining recent advancements,we provide insights into how DTL can effectively address cyber-attack challenges in IoV environments,ensuring safer and more efficient transportation networks.展开更多
We propose a new approach to discuss the consensus problem of multi-agent systems with time-varying delayed control inputs, switching topologies, and stochastic cyber-attacks under hybrid-triggered mechanism.A Bernoul...We propose a new approach to discuss the consensus problem of multi-agent systems with time-varying delayed control inputs, switching topologies, and stochastic cyber-attacks under hybrid-triggered mechanism.A Bernoulli variable is used to describe the hybrid-triggered scheme, which is introduced to alleviate the burden of the network.The mathematical model of the closed-loop control system is established by taking the influences of time-varying delayed control inputs,switching topologies, and stochastic cyber-attacks into account under the hybrid-triggered scheme.A theorem as the main result is given to make the system consistent based on the theory of Lyapunov stability and linear matrix inequality.Markov jumps with uncertain rates of transitions are applied to describe the switch of topologies.Finally, a simulation example demonstrates the feasibility of the theory in this paper.展开更多
In this paper, we investigate the group consensus for leaderless multi-agent systems. The group consensus protocol based on the position information from neighboring agents is designed. The network may be subjected to...In this paper, we investigate the group consensus for leaderless multi-agent systems. The group consensus protocol based on the position information from neighboring agents is designed. The network may be subjected to frequent cyberattacks, which is close to an actual case. The cyber-attacks are assumed to be recoverable. By utilizing algebraic graph theory, linear matrix inequality(LMI) and Lyapunov stability theory, the multi-agent systems can achieve group consensus under the proposed control protocol. The sufficient conditions of the group consensus for the multi-agent networks subjected to cyber-attacks are given. Furthermore, the results are extended to the consensus issue of multiple subgroups with cyber-attacks. Numerical simulations are performed to demonstrate the effectiveness of the theoretical results.展开更多
This paper examines the stabilization problem of a distributed networked control system under the effect of cyberattacks by employing a hybrid aperiodic triggering mechanism.The cyber-attack considered in the paper is...This paper examines the stabilization problem of a distributed networked control system under the effect of cyberattacks by employing a hybrid aperiodic triggering mechanism.The cyber-attack considered in the paper is a stochastic deception attack at the sensor-controller end. The probability of the occurrence of attack on a subsystem is represented using a random variable. A decentralized hybrid sampled-data strategy is introduced to save energy consumption and reduce the transmission load of the network. In the proposed decentralized strategy, each subsystem can decide independently whether its state should be transmitted to the controller or not. The scheme of the hybrid triggering mechanism for each subsystem composed of two stages: In the first stage, the next sampling instant is computed using a self-triggering strategy. Subsequently, in the second stage, an event-triggering condition is checked at these sampling instants and the control signal is computed only if the event-triggering condition is violated. The self-triggering condition used in the first stage is dependent on the selection of eventtriggering condition of the second stage. Finally, a comparison of the proposed approach with other triggering mechanisms existing in the literature is presented in terms of the sampling instants,transmission frequency and performance measures through simulation examples.展开更多
This paper presents the attack tree modeling technique of quantifying cyber-attacks on a hypothetical school network system. Attack trees are constructed by decomposing the path in the network system where attacks are...This paper presents the attack tree modeling technique of quantifying cyber-attacks on a hypothetical school network system. Attack trees are constructed by decomposing the path in the network system where attacks are plausible. Considered for the network system are two possible network attack paths. One network path represents an attack through the Internet, and the other represents an attack through the Wireless Access Points (WAPs) in the school network. The probabilities of success of the events, that is, 1) the attack payoff, and 2) the commitment of the attacker to infiltrate the network are estimated for the leaf nodes. These are used to calculate the Returns on Attacks (ROAs) at the Root Nodes. For Phase I, the “As Is” network, the ROA values for both attack paths, are higher than 7 (8.00 and 9.35 respectively), which are high values and unacceptable operationally. In Phase II, countermeasures are implemented, and the two attack trees reevaluated. The probabilities of success of the events, the attack payoff and the commitment of the attacker are then re-estimated. Also, the Returns on Attacks (ROAs) for the Root Nodes are re-assessed after executing the countermeasures. For one attack tree, the ROA value of the Root Node was reduced to 4.83 from 8.0, while, for the other attack tree, the ROA value of the Root Node changed to 3.30 from 9.35. ROA values of 4.83 and 3.30 are acceptable as they fall within the medium value range. The efficacy of this method whereby, attack trees are deployed to mitigate computer network risks, as well as using it to assess the vulnerability of computer networks is quantitatively substantiated.展开更多
Detecting cyber-attacks undoubtedly has become a big data problem. This paper presents a tutorial on data mining based cyber-attack detection. First,a data driven defence framework is presented in terms of cyber secur...Detecting cyber-attacks undoubtedly has become a big data problem. This paper presents a tutorial on data mining based cyber-attack detection. First,a data driven defence framework is presented in terms of cyber security situational awareness. Then, the process of data mining based cyber-attack detection is discussed. Next,a multi-loop learning architecture is presented for data mining based cyber-attack detection. Finally,common data mining techniques for cyber-attack detection are discussed.展开更多
With the high-speed development of decentralized applications,account-based blockchain platforms have become a hotbed of various financial scams and hacks due to their anonymity and high financial value.Financial secu...With the high-speed development of decentralized applications,account-based blockchain platforms have become a hotbed of various financial scams and hacks due to their anonymity and high financial value.Financial security has become a top priority with the sustainable development of blockchain-based platforms because of an increasing number of cyber attacks,which have resulted in a huge loss of crypto assets in recent years.Therefore,it is imperative to study the real-time detection of cyber attacks to facilitate effective supervision and regulation.To this end,this paper proposes the weighted and extended isolation forest algorithms and designs a novel framework for the real-time detection of cyber-attack transactions by thoroughly studying and summarizing real-world examples.Furthermore,this study develops a new detection approach for locating the compromised address of a cyber attack to resolve the data scarcity of hack addresses and reduce time consumption.Moreover,three experiments are carried out not only to apply on different types of cyber attacks but also to compare the proposed approach with the widely used existing methods.The results demonstrate the high efficiency and generality of the proposed approach.Finally,the lower time consumption and robustness of our method were validated through additional experiments.In conclusion,the proposed blockchain-oriented approach in this study can handle real-time detection of cyber attacks and has significant scope for applications.展开更多
In light of the growing integration of renewable energy sources in power systems,the adoption of DC microgrids has become increasingly popular,due to its simple structure,having no frequency,power factor concerns.Howe...In light of the growing integration of renewable energy sources in power systems,the adoption of DC microgrids has become increasingly popular,due to its simple structure,having no frequency,power factor concerns.However,the dependence of DC microgrids on cyber-networks also makes them susceptible to cyber-attacks.Potential cyberattacks can disrupt power system facilities and result in significant economic and loss of life.To address this concern,this paper presents an attack-resilient control strategy for microgrids to ensure voltage regulation and power sharing with stable operation under cyber-attack on the actuators.This paper first formulates the cyber-security problem considering a distributed generation based microgrid using the converter model,after which an attack-resilient control is proposed to eliminate the actuator attack impact on the system.Steady state analysis and root locus validation illustrate the feasibility of the proposed method.The effectiveness of the proposed control scheme is demonstrated through simulation results.展开更多
The social engineering cyber-attack is where culprits mislead the users by getting the login details which provides the information to the evil server called phishing.The deep learning approaches and the machine learn...The social engineering cyber-attack is where culprits mislead the users by getting the login details which provides the information to the evil server called phishing.The deep learning approaches and the machine learning are compared in the proposed system for presenting the methodology that can detect phishing websites via Uniform Resource Locator(URLs)analysis.The legal class is composed of the home pages with no inclusion of login forms in most of the present modern solutions,which deals with the detection of phishing.Contrarily,the URLs in both classes from the login page due,considering the representation of a real case scenario and the demonstration for obtaining the rate of false-positive with the existing approaches during the legal login pages provides the test having URLs.In addition,some model reduces the accuracy rather than training the base model and testing the latest URLs.In addition,a feature analysis is performed on the present phishing domains to identify various approaches to using the phishers in the campaign.A new dataset called the MUPD dataset is used for evaluation.Lastly,a prediction model,the Dense forward-backwards Long Short Term Memory(LSTM)model(d−FBLSTM),is presented for combining the forward and backward propagation of LSMT to obtain the accuracy of 98.5%on the initiated login URL dataset.展开更多
This study pursues the objective of analyzing and verifying the knowledge of the agents of the Institut Supérieur Pédagogique/ISP-Bukavu (TTC = Teachers’ training College) in relation to the practical flaws...This study pursues the objective of analyzing and verifying the knowledge of the agents of the Institut Supérieur Pédagogique/ISP-Bukavu (TTC = Teachers’ training College) in relation to the practical flaws resulting from the lack of knowledge of the observable rules in information system security. In a clearer way, it aims to verify the level of knowledge of the vulnerabilities, to verify the level of use of the antivirus software, to analyze the frequency of use of Windows update, the use of an anti-spyware software as well as a firewall software on the computer. Through a survey conducted on a sample of 100 agents of the Institut Supérieur Pédagogique/ISP-Bukavu (TTC = Teachers’ training College), the results revealed that 48% of the sample has no knowledge on computer vulnerabilities;for the use of antivirus software: 47% do not use the antivirus;for Windows update: 29% never update the Windows operating system;for anti-spyware: 48% never use;for the firewall: 50% are not informed. In fine, our results proposed a protection model VMAUSP (Vulnerability Measurability Measures Antivirus, Update, Spyware and Firewall) to users based on the behavioral approach, learning how the model works.展开更多
The increasing utilization of digital technologies presents risks to critical systems due to exploitation by terrorists. Cybersecurity entails proactive and reactive measures designed to protect software and electroni...The increasing utilization of digital technologies presents risks to critical systems due to exploitation by terrorists. Cybersecurity entails proactive and reactive measures designed to protect software and electronic devices from any threats. However, the rising cases of cyber threats are carried out by domestic terrorists who share particular ideologies or grievances. This paper analyzes the increasing cyber-attack instances and mechanisms to counter these threats. Additionally, it addresses the growing concern of domestic terrorism and its impact on national security. Finally, it provides an overview of gaps and possible areas of future research to promote cybersecurity.展开更多
In this paper, we study stealthy cyber-attacks on actuators of cyber-physical systems(CPS), namely zero dynamics and controllable attacks. In particular, under certain assumptions, we investigate and propose condition...In this paper, we study stealthy cyber-attacks on actuators of cyber-physical systems(CPS), namely zero dynamics and controllable attacks. In particular, under certain assumptions, we investigate and propose conditions under which one can execute zero dynamics and controllable attacks in the CPS. The above conditions are derived based on the Markov parameters of the CPS and elements of the system observability matrix. Consequently, in addition to outlining the number of required actuators to be attacked, these conditions provide one with the minimum system knowledge needed to perform zero dynamics and controllable cyber-attacks. As a countermeasure against the above stealthy cyber-attacks, we develop a dynamic coding scheme that increases the minimum number of the CPS required actuators to carry out zero dynamics and controllable cyber-attacks to its maximum possible value. It is shown that if at least one secure input channel exists, the proposed dynamic coding scheme can prevent adversaries from executing the zero dynamics and controllable attacks even if they have complete knowledge of the coding system. Finally, two illustrative numerical case studies are provided to demonstrate the effectiveness and capabilities of our derived conditions and proposed methodologies.展开更多
The Internet of Things (IoT) enables the integration of data from virtual and physical worlds. It involves smart objects that can understand and react to their environment in a variety of industrial, commercial and ho...The Internet of Things (IoT) enables the integration of data from virtual and physical worlds. It involves smart objects that can understand and react to their environment in a variety of industrial, commercial and household settings. As the IoT expands the number of connected devices, there is the potential to allow cyber-attackers into the physical world in which we live, as they seize on security holes in these new systems. New security issues arise through the heterogeneity of IoT applications and devices and their large-scale deployment.展开更多
The number of cybersecurity incidents is on the rise despite significant investment in security measures.The existing conventional security approaches have demonstrated limited success against some of the more complex...The number of cybersecurity incidents is on the rise despite significant investment in security measures.The existing conventional security approaches have demonstrated limited success against some of the more complex cyber-attacks.This is primarily due to the sophistication of the attacks and the availability of powerful tools.Interconnected devices such as the Internet of Things(IoT)are also increasing attack exposures due to the increase in vulnerabilities.Over the last few years,we have seen a trend moving towards embracing edge technologies to harness the power of IoT devices and 5G networks.Edge technology brings processing power closer to the network and brings many advantages,including reduced latency,while it can also introduce vulnerabilities that could be exploited.Smart cities are also dependent on technologies where everything is interconnected.This interconnectivity makes them highly vulnerable to cyber-attacks,especially by the Advanced Persistent Threat(APT),as these vulnerabilities are amplified by the need to integrate new technologies with legacy systems.Cybercriminals behind APT attacks have recently been targeting the IoT ecosystems,prevalent in many of these cities.In this paper,we used a publicly available dataset on Advanced Persistent Threats(APT)and developed a data-driven approach for detecting APT stages using the Cyber Kill Chain.APTs are highly sophisticated and targeted forms of attacks that can evade intrusion detection systems,resulting in one of the greatest current challenges facing security professionals.In this experiment,we used multiple machine learning classifiers,such as Naïve Bayes,Bayes Net,KNN,Random Forest and Support Vector Machine(SVM).We used Weka performance metrics to show the numeric results.The best performance result of 91.1%was obtained with the Naïve Bayes classifier.We hope our proposed solution will help security professionals to deal with APTs in a timely and effective manner.展开更多
基金funded by the Scientific Research Project of the Education Department of Jilin Province(No.JJKH20230121KJ).
文摘To improve the estimation accuracy of state of charge(SOC)and state of health(SOH)for lithium-ion batteries,in this paper,a joint estimation method of SOC and SOH at charging cut-off voltage based on genetic algorithm(GA)combined with back propagation(BP)neural network is proposed,the research addresses the issue of data manipulation resulting fromcyber-attacks.Firstly,anomalous data stemming fromcyber-attacks are identified and eliminated using the isolated forest algorithm,followed by data restoration.Secondly,the incremental capacity(IC)curve is derived fromthe restored data using theKalman filtering algorithm,with the peak of the ICcurve(ICP)and its corresponding voltage serving as the health factor(HF).Thirdly,the GA-BP neural network is applied to map the relationship between HF,constant current charging time,and SOH,facilitating the estimation of SOH based on HF.Finally,SOC estimation at the charging cut-off voltage is calculated by inputting the SOH estimation value into the trained model to determine the constant current charging time,and by updating the maximum available capacity.Experiments show that the root mean squared error of the joint estimation results does not exceed 1%,which proves that the proposed method can estimate the SOC and SOH accurately and stably even in the presence of false data injection attacks.
文摘The United States of America faces an increasing number of threats to its critical infrastructure due to cyber-attacks. With the constant advancement of technology and the interconnectedness of various systems, the vulnerabilities in the nation’s infrastructure have become more pronounced. Cyber-attacks on critical infrastructure, such as power grids, transportation networks, and financial systems, pose a significant risk to national security and public safety. These attacks can disrupt essential services, cause economic losses, and potentially have severe consequences for the well-being of individuals and communities. The rise of cyber-terrorism is also a concern. Cyber-terrorists can exploit vulnerabilities in cyberspace to compromise infrastructure systems, causing chaos and panic among the population. The potential for destructive attacks on critical infrastructure is a pressing issue requiring constant attention and proactive measures.
文摘Smart Industrial environments use the Industrial Internet of Things(IIoT)for their routine operations and transform their industrial operations with intelligent and driven approaches.However,IIoT devices are vulnerable to cyber threats and exploits due to their connectivity with the internet.Traditional signature-based IDS are effective in detecting known attacks,but they are unable to detect unknown emerging attacks.Therefore,there is the need for an IDS which can learn from data and detect new threats.Ensemble Machine Learning(ML)and individual Deep Learning(DL)based IDS have been developed,and these individual models achieved low accuracy;however,their performance can be improved with the ensemble stacking technique.In this paper,we have proposed a Deep Stacked Neural Network(DSNN)based IDS,which consists of two stacked Convolutional Neural Network(CNN)models as base learners and Extreme Gradient Boosting(XGB)as the meta learner.The proposed DSNN model was trained and evaluated with the next-generation dataset,TON_IoT.Several pre-processing techniques were applied to prepare a dataset for the model,including ensemble feature selection and the SMOTE technique.Accuracy,precision,recall,F1-score,and false positive rates were used to evaluate the performance of the proposed ensemble model.Our experimental results showed that the accuracy for binary classification is 99.61%,which is better than in the baseline individual DL and ML models.In addition,the model proposed for IDS has been compared with similar models.The proposed DSNN achieved better performance metrics than the other models.The proposed DSNN model will be used to develop enhanced IDS for threat mitigation in smart industrial environments.
基金supported in part by the Public Technology Research Plan of Zhejiang Province (LGJ21F030001)the National Natural Science Foundation of China (62302448)the Zhejiang Provincial Key Laboratory of New Network Standards and Technologies (2013E10012)。
文摘In this paper, we study the supervisory control problem of discrete event systems assuming that cyber-attacks might occur. In particular, we focus on the problem of liveness enforcement and consider a sensor-reading modification attack(SM-attack) that may disguise the occurrence of an event as that of another event by intruding sensor communication channels. To solve the problem, we introduce non-deterministic supervisors in the paper, which associate to every observed sequence a set of possible control actions offline and choose a control action from the set randomly online to control the system. Specifically, given a bounded Petri net(PN) as the reference formalism and an SMattack, an algorithm that synthesizes a liveness-enforcing nondeterministic supervisor tolerant to the SM-attack is proposed for the first time.
基金the Natural Sciences and Engineering Research Council(NSERC)of Canada。
文摘Cyber-physical systems(CPSs)have emerged as an essential area of research in the last decade,providing a new paradigm for the integration of computational and physical units in modern control systems.Remote state estimation(RSE)is an indispensable functional module of CPSs.Recently,it has been demonstrated that malicious agents can manipulate data packets transmitted through unreliable channels of RSE,leading to severe estimation performance degradation.This paper aims to present an overview of recent advances in cyber-attacks and defensive countermeasures,with a specific focus on integrity attacks against RSE.Firstly,two representative frameworks for the synthesis of optimal deception attacks with various performance metrics and stealthiness constraints are discussed,which provide a deeper insight into the vulnerabilities of RSE.Secondly,a detailed review of typical attack detection and resilient estimation algorithms is included,illustrating the latest defensive measures safeguarding RSE from adversaries.Thirdly,some prevalent attacks impairing the confidentiality and data availability of RSE are examined from both attackers'and defenders'perspectives.Finally,several challenges and open problems are presented to inspire further exploration and future research in this field.
基金the FederalMinistry of Education and Research of Germany under Grant Numbers 16ES1131 and 16ES1128K.
文摘The application field for Unmanned Aerial Vehicle (UAV) technology and its adoption rate have been increasingsteadily in the past years. Decreasing cost of commercial drones has enabled their use at a scale broader thanever before. However, increasing the complexity of UAVs and decreasing the cost, both contribute to a lack ofimplemented securitymeasures and raise new security and safety concerns. For instance, the issue of implausible ortampered UAV sensor measurements is barely addressed in the current research literature and thus, requires moreattention from the research community. The goal of this survey is to extensively review state-of-the-art literatureregarding common sensor- and communication-based vulnerabilities, existing threats, and active or passive cyberattacksagainst UAVs, as well as shed light on the research gaps in the literature. In this work, we describe theUnmanned Aerial System (UAS) architecture to point out the origination sources for security and safety issues.Weevaluate the coverage and completeness of each related research work in a comprehensive comparison table as wellas classify the threats, vulnerabilities and cyber-attacks into sensor-based and communication-based categories.Additionally, for each individual cyber-attack, we describe existing countermeasures or detectionmechanisms andprovide a list of requirements to ensureUAV’s security and safety.We also address the problem of implausible sensormeasurements and introduce the idea of a plausibility check for sensor data. By doing so, we discover additionalmeasures to improve security and safety and report on a research niche that is not well represented in the currentresearch literature.
基金This paper is financed by the European Union-NextGenerationEU,through the National Recovery and Resilience Plan of the Republic of Bulgaria,Project No.BG-RRP-2.004-0001-C01.
文摘The high performance of IoT technology in transportation networks has led to the increasing adoption of Internet of Vehicles(IoV)technology.The functional advantages of IoV include online communication services,accident prevention,cost reduction,and enhanced traffic regularity.Despite these benefits,IoV technology is susceptible to cyber-attacks,which can exploit vulnerabilities in the vehicle network,leading to perturbations,disturbances,non-recognition of traffic signs,accidents,and vehicle immobilization.This paper reviews the state-of-the-art achievements and developments in applying Deep Transfer Learning(DTL)models for Intrusion Detection Systems in the Internet of Vehicles(IDS-IoV)based on anomaly detection.IDS-IoV leverages anomaly detection through machine learning and DTL techniques to mitigate the risks posed by cyber-attacks.These systems can autonomously create specific models based on network data to differentiate between regular traffic and cyber-attacks.Among these techniques,transfer learning models are particularly promising due to their efficacy with tagged data,reduced training time,lower memory usage,and decreased computational complexity.We evaluate DTL models against criteria including the ability to transfer knowledge,detection rate,accurate analysis of complex data,and stability.This review highlights the significant progress made in the field,showcasing how DTL models enhance the performance and reliability of IDS-IoV systems.By examining recent advancements,we provide insights into how DTL can effectively address cyber-attack challenges in IoV environments,ensuring safer and more efficient transportation networks.
基金Project supported by the National Natural Science Foundation of China(Grant Nos.61074159 and 61703286)
文摘We propose a new approach to discuss the consensus problem of multi-agent systems with time-varying delayed control inputs, switching topologies, and stochastic cyber-attacks under hybrid-triggered mechanism.A Bernoulli variable is used to describe the hybrid-triggered scheme, which is introduced to alleviate the burden of the network.The mathematical model of the closed-loop control system is established by taking the influences of time-varying delayed control inputs,switching topologies, and stochastic cyber-attacks into account under the hybrid-triggered scheme.A theorem as the main result is given to make the system consistent based on the theory of Lyapunov stability and linear matrix inequality.Markov jumps with uncertain rates of transitions are applied to describe the switch of topologies.Finally, a simulation example demonstrates the feasibility of the theory in this paper.
基金Project supported by the National Natural Science Foundation of China(Grant Nos.61807016 and 61772013)the Natural Science Foundation of Jiangsu Province,China(Grant No.BK20181342)
文摘In this paper, we investigate the group consensus for leaderless multi-agent systems. The group consensus protocol based on the position information from neighboring agents is designed. The network may be subjected to frequent cyberattacks, which is close to an actual case. The cyber-attacks are assumed to be recoverable. By utilizing algebraic graph theory, linear matrix inequality(LMI) and Lyapunov stability theory, the multi-agent systems can achieve group consensus under the proposed control protocol. The sufficient conditions of the group consensus for the multi-agent networks subjected to cyber-attacks are given. Furthermore, the results are extended to the consensus issue of multiple subgroups with cyber-attacks. Numerical simulations are performed to demonstrate the effectiveness of the theoretical results.
文摘This paper examines the stabilization problem of a distributed networked control system under the effect of cyberattacks by employing a hybrid aperiodic triggering mechanism.The cyber-attack considered in the paper is a stochastic deception attack at the sensor-controller end. The probability of the occurrence of attack on a subsystem is represented using a random variable. A decentralized hybrid sampled-data strategy is introduced to save energy consumption and reduce the transmission load of the network. In the proposed decentralized strategy, each subsystem can decide independently whether its state should be transmitted to the controller or not. The scheme of the hybrid triggering mechanism for each subsystem composed of two stages: In the first stage, the next sampling instant is computed using a self-triggering strategy. Subsequently, in the second stage, an event-triggering condition is checked at these sampling instants and the control signal is computed only if the event-triggering condition is violated. The self-triggering condition used in the first stage is dependent on the selection of eventtriggering condition of the second stage. Finally, a comparison of the proposed approach with other triggering mechanisms existing in the literature is presented in terms of the sampling instants,transmission frequency and performance measures through simulation examples.
文摘This paper presents the attack tree modeling technique of quantifying cyber-attacks on a hypothetical school network system. Attack trees are constructed by decomposing the path in the network system where attacks are plausible. Considered for the network system are two possible network attack paths. One network path represents an attack through the Internet, and the other represents an attack through the Wireless Access Points (WAPs) in the school network. The probabilities of success of the events, that is, 1) the attack payoff, and 2) the commitment of the attacker to infiltrate the network are estimated for the leaf nodes. These are used to calculate the Returns on Attacks (ROAs) at the Root Nodes. For Phase I, the “As Is” network, the ROA values for both attack paths, are higher than 7 (8.00 and 9.35 respectively), which are high values and unacceptable operationally. In Phase II, countermeasures are implemented, and the two attack trees reevaluated. The probabilities of success of the events, the attack payoff and the commitment of the attacker are then re-estimated. Also, the Returns on Attacks (ROAs) for the Root Nodes are re-assessed after executing the countermeasures. For one attack tree, the ROA value of the Root Node was reduced to 4.83 from 8.0, while, for the other attack tree, the ROA value of the Root Node changed to 3.30 from 9.35. ROA values of 4.83 and 3.30 are acceptable as they fall within the medium value range. The efficacy of this method whereby, attack trees are deployed to mitigate computer network risks, as well as using it to assess the vulnerability of computer networks is quantitatively substantiated.
文摘Detecting cyber-attacks undoubtedly has become a big data problem. This paper presents a tutorial on data mining based cyber-attack detection. First,a data driven defence framework is presented in terms of cyber security situational awareness. Then, the process of data mining based cyber-attack detection is discussed. Next,a multi-loop learning architecture is presented for data mining based cyber-attack detection. Finally,common data mining techniques for cyber-attack detection are discussed.
基金supported by the National Natural Science Foundation of China(72171059,71771041,72121001)the Fundamental Research Funds for the Central Universities(FRFCU5710000220)the Natural Science Foundation of Heilongjiang Province,China(No.YQ2020G003).
文摘With the high-speed development of decentralized applications,account-based blockchain platforms have become a hotbed of various financial scams and hacks due to their anonymity and high financial value.Financial security has become a top priority with the sustainable development of blockchain-based platforms because of an increasing number of cyber attacks,which have resulted in a huge loss of crypto assets in recent years.Therefore,it is imperative to study the real-time detection of cyber attacks to facilitate effective supervision and regulation.To this end,this paper proposes the weighted and extended isolation forest algorithms and designs a novel framework for the real-time detection of cyber-attack transactions by thoroughly studying and summarizing real-world examples.Furthermore,this study develops a new detection approach for locating the compromised address of a cyber attack to resolve the data scarcity of hack addresses and reduce time consumption.Moreover,three experiments are carried out not only to apply on different types of cyber attacks but also to compare the proposed approach with the widely used existing methods.The results demonstrate the high efficiency and generality of the proposed approach.Finally,the lower time consumption and robustness of our method were validated through additional experiments.In conclusion,the proposed blockchain-oriented approach in this study can handle real-time detection of cyber attacks and has significant scope for applications.
基金supported by VILLUM FONDEN,Denmark under the VILLUM Investigator Grant(No.25920):Center for Research on Microgrids(CROM)。
文摘In light of the growing integration of renewable energy sources in power systems,the adoption of DC microgrids has become increasingly popular,due to its simple structure,having no frequency,power factor concerns.However,the dependence of DC microgrids on cyber-networks also makes them susceptible to cyber-attacks.Potential cyberattacks can disrupt power system facilities and result in significant economic and loss of life.To address this concern,this paper presents an attack-resilient control strategy for microgrids to ensure voltage regulation and power sharing with stable operation under cyber-attack on the actuators.This paper first formulates the cyber-security problem considering a distributed generation based microgrid using the converter model,after which an attack-resilient control is proposed to eliminate the actuator attack impact on the system.Steady state analysis and root locus validation illustrate the feasibility of the proposed method.The effectiveness of the proposed control scheme is demonstrated through simulation results.
文摘The social engineering cyber-attack is where culprits mislead the users by getting the login details which provides the information to the evil server called phishing.The deep learning approaches and the machine learning are compared in the proposed system for presenting the methodology that can detect phishing websites via Uniform Resource Locator(URLs)analysis.The legal class is composed of the home pages with no inclusion of login forms in most of the present modern solutions,which deals with the detection of phishing.Contrarily,the URLs in both classes from the login page due,considering the representation of a real case scenario and the demonstration for obtaining the rate of false-positive with the existing approaches during the legal login pages provides the test having URLs.In addition,some model reduces the accuracy rather than training the base model and testing the latest URLs.In addition,a feature analysis is performed on the present phishing domains to identify various approaches to using the phishers in the campaign.A new dataset called the MUPD dataset is used for evaluation.Lastly,a prediction model,the Dense forward-backwards Long Short Term Memory(LSTM)model(d−FBLSTM),is presented for combining the forward and backward propagation of LSMT to obtain the accuracy of 98.5%on the initiated login URL dataset.
文摘This study pursues the objective of analyzing and verifying the knowledge of the agents of the Institut Supérieur Pédagogique/ISP-Bukavu (TTC = Teachers’ training College) in relation to the practical flaws resulting from the lack of knowledge of the observable rules in information system security. In a clearer way, it aims to verify the level of knowledge of the vulnerabilities, to verify the level of use of the antivirus software, to analyze the frequency of use of Windows update, the use of an anti-spyware software as well as a firewall software on the computer. Through a survey conducted on a sample of 100 agents of the Institut Supérieur Pédagogique/ISP-Bukavu (TTC = Teachers’ training College), the results revealed that 48% of the sample has no knowledge on computer vulnerabilities;for the use of antivirus software: 47% do not use the antivirus;for Windows update: 29% never update the Windows operating system;for anti-spyware: 48% never use;for the firewall: 50% are not informed. In fine, our results proposed a protection model VMAUSP (Vulnerability Measurability Measures Antivirus, Update, Spyware and Firewall) to users based on the behavioral approach, learning how the model works.
文摘The increasing utilization of digital technologies presents risks to critical systems due to exploitation by terrorists. Cybersecurity entails proactive and reactive measures designed to protect software and electronic devices from any threats. However, the rising cases of cyber threats are carried out by domestic terrorists who share particular ideologies or grievances. This paper analyzes the increasing cyber-attack instances and mechanisms to counter these threats. Additionally, it addresses the growing concern of domestic terrorism and its impact on national security. Finally, it provides an overview of gaps and possible areas of future research to promote cybersecurity.
基金the financial support received from NATO under the Emerging Security Challenges Division programthe support received from NPRP (10-0105-17017) from the Qatar National Research Fund (a member of Qatar Foundation)+1 种基金the support received from the Natural Sciences and Engineering Research Council of Canada (NSERC) and the Department of National Defence (DND) under the Discovery Grant and DND Supplemental Programssupported in part by funding from the Innovation for Defence Excellence and Security (IDEaS) program from the Department of National Defence (DND)。
文摘In this paper, we study stealthy cyber-attacks on actuators of cyber-physical systems(CPS), namely zero dynamics and controllable attacks. In particular, under certain assumptions, we investigate and propose conditions under which one can execute zero dynamics and controllable attacks in the CPS. The above conditions are derived based on the Markov parameters of the CPS and elements of the system observability matrix. Consequently, in addition to outlining the number of required actuators to be attacked, these conditions provide one with the minimum system knowledge needed to perform zero dynamics and controllable cyber-attacks. As a countermeasure against the above stealthy cyber-attacks, we develop a dynamic coding scheme that increases the minimum number of the CPS required actuators to carry out zero dynamics and controllable cyber-attacks to its maximum possible value. It is shown that if at least one secure input channel exists, the proposed dynamic coding scheme can prevent adversaries from executing the zero dynamics and controllable attacks even if they have complete knowledge of the coding system. Finally, two illustrative numerical case studies are provided to demonstrate the effectiveness and capabilities of our derived conditions and proposed methodologies.
文摘The Internet of Things (IoT) enables the integration of data from virtual and physical worlds. It involves smart objects that can understand and react to their environment in a variety of industrial, commercial and household settings. As the IoT expands the number of connected devices, there is the potential to allow cyber-attackers into the physical world in which we live, as they seize on security holes in these new systems. New security issues arise through the heterogeneity of IoT applications and devices and their large-scale deployment.
基金supported in part by the School of Computing and Digital Technology at Birmingham City UniversityThe work of M.A.Rahman was supported in part by the Flagship Grant RDU190374.
文摘The number of cybersecurity incidents is on the rise despite significant investment in security measures.The existing conventional security approaches have demonstrated limited success against some of the more complex cyber-attacks.This is primarily due to the sophistication of the attacks and the availability of powerful tools.Interconnected devices such as the Internet of Things(IoT)are also increasing attack exposures due to the increase in vulnerabilities.Over the last few years,we have seen a trend moving towards embracing edge technologies to harness the power of IoT devices and 5G networks.Edge technology brings processing power closer to the network and brings many advantages,including reduced latency,while it can also introduce vulnerabilities that could be exploited.Smart cities are also dependent on technologies where everything is interconnected.This interconnectivity makes them highly vulnerable to cyber-attacks,especially by the Advanced Persistent Threat(APT),as these vulnerabilities are amplified by the need to integrate new technologies with legacy systems.Cybercriminals behind APT attacks have recently been targeting the IoT ecosystems,prevalent in many of these cities.In this paper,we used a publicly available dataset on Advanced Persistent Threats(APT)and developed a data-driven approach for detecting APT stages using the Cyber Kill Chain.APTs are highly sophisticated and targeted forms of attacks that can evade intrusion detection systems,resulting in one of the greatest current challenges facing security professionals.In this experiment,we used multiple machine learning classifiers,such as Naïve Bayes,Bayes Net,KNN,Random Forest and Support Vector Machine(SVM).We used Weka performance metrics to show the numeric results.The best performance result of 91.1%was obtained with the Naïve Bayes classifier.We hope our proposed solution will help security professionals to deal with APTs in a timely and effective manner.