GUARDIAN: A Multi-Tiered Defense Architecture for Thwarting Prompt Injection Attacks on LLMs

This paper introduces a novel multi-tiered defense architecture to protect language models from adversarial prompt attacks. We construct adversarial prompts using strategies like role emulation and manipulative assistance to simulate real threats. We introduce a comprehensive, multi-tiered defense framework named GUARDIAN (Guardrails for Upholding Ethics in Language Models) comprising a system prompt filter, pre-processing filter leveraging a toxic classifier and ethical prompt generator, and pre-display filter using the model itself for output screening. Extensive testing on Meta’s Llama-2 model demonstrates the capability to block 100% of attack prompts. The approach also auto-suggests safer prompt alternatives, thereby bolstering language model security. Quantitatively evaluated defense layers and an ethical substitution mechanism represent key innovations to counter sophisticated attacks. The integrated methodology not only fortifies smaller LLMs against emerging cyber threats but also guides the broader application of LLMs in a secure and ethical manner.

Residual-Based False Data Injection Attacks Against Multi-Sensor Estimation Systems

This paper investigates the security issue of multisensor remote estimation systems.An optimal stealthy false data injection(FDI)attack scheme based on historical and current residuals,which only tampers with the measurement residuals of partial sensors due to limited attack resources,is proposed to maximally degrade system estimation performance.The attack stealthiness condition is given,and then the estimation error covariance in compromised state is derived to quantify the system performance under attack.The optimal attack strategy is obtained by solving several convex optimization problems which maximize the trace of the compromised estimation error covariance subject to the stealthiness condition.Moreover,due to the constraint of attack resources,the selection principle of the attacked sensor is provided to determine which sensor is attacked so as to hold the most impact on system performance.Finally,simulation results are presented to verify the theoretical analysis.

Kinematic Control of Serial Manipulators Under False Data Injection Attack

With advanced communication technologies,cyberphysical systems such as networked industrial control systems can be monitored and controlled by a remote control center via communication networks.While lots of benefits can be achieved with such a configuration,it also brings the concern of cyber attacks to the industrial control systems,such as networked manipulators that are widely adopted in industrial automation.For such systems,a false data injection attack on a control-center-to-manipulator(CC-M)communication channel is undesirable,and has negative effects on the manufacture quality.In this paper,we propose a resilient remote kinematic control method for serial manipulators undergoing a false data injection attack by leveraging the kinematic model.Theoretical analysis shows that the proposed method can guarantee asymptotic convergence of the regulation error to zero in the presence of a type of false data injection attack.The efficacy of the proposed method is validated via simulations.

Coot Optimization with Deep Learning-Based False Data Injection Attack Recognition

The recent developments in smart cities pose major security issues for the Internet of Things(IoT)devices.These security issues directly result from inappropriate security management protocols and their implementation by IoT gadget developers.Cyber-attackers take advantage of such gadgets’vulnerabilities through various attacks such as injection and Distributed Denial of Service(DDoS)attacks.In this background,Intrusion Detection(ID)is the only way to identify the attacks and mitigate their damage.The recent advancements in Machine Learning(ML)and Deep Learning(DL)models are useful in effectively classifying cyber-attacks.The current research paper introduces a new Coot Optimization Algorithm with a Deep Learning-based False Data Injection Attack Recognition(COADL-FDIAR)model for the IoT environment.The presented COADL-FDIAR technique aims to identify false data injection attacks in the IoT environment.To accomplish this,the COADL-FDIAR model initially preprocesses the input data and selects the features with the help of the Chi-square test.To detect and classify false data injection attacks,the Stacked Long Short-Term Memory(SLSTM)model is exploited in this study.Finally,the COA algorithm effectively adjusts the SLTSM model’s hyperparameters effectively and accomplishes a superior recognition efficiency.The proposed COADL-FDIAR model was experimentally validated using a standard dataset,and the outcomes were scrutinized under distinct aspects.The comparative analysis results assured the superior performance of the proposed COADL-FDIAR model over other recent approaches with a maximum accuracy of 98.84%.

Analysis of cascading failures of power cyber-physical systems considering false data injection attacks

This study considers the performance impacts of false data injection attacks on the cascading failures of a power cyber-physical system,and identifies vulnerable nodes.First,considering the monitoring and control functions of a cyber network and power flow characteristics of a power network,a power cyber-physical system model is established.Then,the influences of a false data attack on the decision-making and control processes of the cyber network communication processes are studied,and a cascading failure analysis process is proposed for the cyber-attack environment.In addition,a vulnerability evaluation index is defined from two perspectives,i.e.,the topology integrity and power network operation characteristics.Moreover,the effectiveness of a power flow betweenness assessment for vulnerable nodes in the cyberphysical environment is verified based on comparing the node power flow betweenness and vulnerability assessment index.Finally,an IEEE14-bus power network is selected for constructing a power cyber-physical system.Simulations show that both the uplink communication channel and downlink communication channel suffer from false data attacks,which affect the ability of the cyber network to suppress the propagation of cascading failures,and expand the scale of the cascading failures.The vulnerability evaluation index is calculated for each node,so as to verify the effectiveness of identifying vulnerable nodes based on the power flow betweenness.

A Survey of SQL Injection Attack Detection and Prevention

Structured Query Language Injection Attack (SQLIA) is the most exposed to attack on the Internet. From this attack, the attacker can take control of the database therefore be able to interpolate the data from the database server for the website. Hence, the big challenge became to secure such website against attack via the Internet. We have presented different types of attack methods and prevention techniques of SQLIA which were used to aid the design and implementation of our model. In the paper, work is separated into two parts. The first aims to put SQLIA into perspective by outlining some of the materials and researches that have already been completed. The section suggesting methods of mitigating SQLIA aims to clarify some misconceptions about SQLIA prevention and provides some useful tips to software developers and database administrators. The second details the creation of a filtering proxy server used to prevent a SQL injection attack and analyses the performance impact of the filtering process on web application.

Passivity-Based Robust Control Against Quantified False Data Injection Attacks in Cyber-Physical Systems

Secure control against cyber attacks becomes increasingly significant in cyber-physical systems(CPSs).False data injection attacks are a class of cyber attacks that aim to compromise CPS functions by injecting false data such as sensor measurements and control signals.For quantified false data injection attacks,this paper establishes an effective defense framework from the energy conversion perspective.Then,we design an energy controller to dynamically adjust the system energy changes caused by unknown attacks.The designed energy controller stabilizes the attacked CPSs and ensures the dynamic performance of the system by adjusting the amount of damping injection.Moreover,with the disturbance attenuation technique,the burden of control system design is simplified because there is no need to design an attack observer.In addition,this secure control method is simple to implement because it avoids complicated mathematical operations.The effectiveness of our control method is demonstrated through an industrial CPS that controls a permanent magnet synchronous motor.

An Effective Control Report Based Security Countermeasure against the Joint Attacks of False Report Injection Attack and Selective Forwarding Attack

Sensor networks are vulnerable to many attacks because the sensor networks operate in open environments. It is easy to incur one or more attacks such as a selective forwarding attack, a false report injection attack. It is hard to defend the sensor network from the multiple attacks through existing security methods. Thus, we suggest an energy-efficient security method in order to detect the multiple attacks. This paper presents a security method to detect the false report injection attack and the selective forwarding attack in the sensor network using a new message type. The message type is a filtering message. The filtering message prevents from generating and forwarding false alert messages. We evaluated performance of our proposed method through a simulation in comparison with an application of SEF (statistical enroute filtering scheme) and CHEMAS (Check point-based Multi-hop Acknowledgement Scheme). The simulation results represent that the proposed method is 10% more energy-efficient than the application when the number of false reports is great while retaining the detection performance.

基于最大似然估计的智能电网FDIA检测

智能电网的正常运行依赖于准确反映电网物理特性的状态估计。针对虚假数据注入攻击(False Data Injection Attack,FDIA)通过向电力系统量测单元注入恶意数据来篡改状态估计结果的问题,提出了一种基于最大似然估计(Maximum Likelihood Estimation,MLE)的电网FDIA检测方法,并以此提高状态估计结果的精度。首先,基于智能电网量测向量与FDIA攻击向量服从具有不同协方差多元高斯分布的特点,通过MLE计算法求得量测数据期望与协方差,根据该协方差判断是否存在虚假量测数据。其次,若数据正常,通过加权最小二乘(Weighted Least Square,WLS)算法依据该量测数据期望进行状态估计可以得到更加优秀的系统状态结果。最后,基于IEEE-14节点系统的算例证明了该算法的可行性。

Optimal Hybrid Deep Learning Enabled Attack Detection and Classificationin IoT Environment

The Internet of Things (IoT) paradigm enables end users to accessnetworking services amongst diverse kinds of electronic devices. IoT securitymechanism is a technology that concentrates on safeguarding the devicesand networks connected in the IoT environment. In recent years, False DataInjection Attacks (FDIAs) have gained considerable interest in the IoT environment.Cybercriminals compromise the devices connected to the networkand inject the data. Such attacks on the IoT environment can result in a considerableloss and interrupt normal activities among the IoT network devices.The FDI attacks have been effectively overcome so far by conventional threatdetection techniques. The current research article develops a Hybrid DeepLearning to Combat Sophisticated False Data Injection Attacks detection(HDL-FDIAD) for the IoT environment. The presented HDL-FDIAD modelmajorly recognizes the presence of FDI attacks in the IoT environment.The HDL-FDIAD model exploits the Equilibrium Optimizer-based FeatureSelection (EO-FS) technique to select the optimal subset of the features.Moreover, the Long Short Term Memory with Recurrent Neural Network(LSTM-RNN) model is also utilized for the purpose of classification. At last,the Bayesian Optimization (BO) algorithm is employed as a hyperparameteroptimizer in this study. To validate the enhanced performance of the HDLFDIADmodel, a wide range of simulations was conducted, and the resultswere investigated in detail. A comparative study was conducted between theproposed model and the existing models. The outcomes revealed that theproposed HDL-FDIAD model is superior to other models.

基于RNN的智能电网拓扑变异型FDI攻击检测方法

针对近年来对智能电网运行状态构成严重安全威胁的虚假数据注入问题,提出一种基于循环神经网络的智能电网拓扑变异型虚假数据注入攻击检测方法.通过分析电力系统状态估计方法的不足和虚假数据注入攻击绕过系统监测与防御的入侵方式,引入循环神经网络分析连续数据序列的时序变化,并在IEEE-30节点系统上进行仿真验证.仿真结果表明,提出的方法能够高效、准确地检测智能电网中产生的虚假数据注入攻击行为,其检测准确率可达99.9%,相比于其他检测方法具有较大的优势.

XQuery Injection Attack and Countermeasures

As a database that allows data to be stored in XML format, XML database suffers from some similar attacks as traditional relational database does. These attacks include injection attack by XQuey function in application software. These include BaseX, eXist and MarkLogic. In order to defeat these attacks, countermeasures are proposed.

基于卡尔曼滤波的直流微电网抵御FDI攻击的二次控制策略

针对微电网物理层和信息层交互过程中存在虚假数据注入(FDI)攻击的情况,提出了基于卡尔曼滤波的直流微电网抵御FDI攻击的二次控制策略。考虑常数FDI攻击和时变FDI攻击,利用卡尔曼滤波器滤除二次控制中引入的攻击信号,将经过滤波后的二次控制信号输入一次控制中,实现恢复电压和精确分配功率的目的。通过2个仿真案例验证了所提方法的有效性。

面向电力SCADA系统的FDIA检测方法综述

信息通信技术的发展和智能设备的引入使电力系统逐渐演变为电力信息物理系统,而信息层与物理层之间的深度耦合也加剧了电力系统遭受网络攻击的风险。虚假数据注入攻击(false data injection attack,FDIA)作为一种兼具隐蔽性、灵活性和攻击导向性的网络攻击方式,对电力数据采集与监控(supervisory control and data acquisition,SCADA)系统的安全稳定构成很大威胁。为应对这一威胁挑战,学者们研究了各种各样的FDIA检测方法。该文对面向电力SCADA系统的FDIA检测方法进行综述,首先介绍了FDIA的攻击原理及构建方法,梳理了FDIA检测算法的发展历程,并按照模型驱动和数据驱动对算法进行了分类整理,针对模型驱动中的基于状态估计、图论、物理特性等检测方法和数据驱动中的有监督学习、无监督学习、半监督学习、对抗博弈学习和强化学习等检测方法分别进行了机理分析;然后对比分析了相关算法的检测性能、优缺点及其适用场景;最后,对FDIA检测防御的后续研究方向进行了展望。

结合图卷积神经网络和集成方法的推荐系统恶意攻击检测

推荐系统已被广泛应用于电子商务、社交媒体、信息分享等大多数互联网平台中,有效解决了信息过载问题。然而,这些平台面向所有互联网用户开放,导致不法用户利用系统设计缺陷通过恶意干扰、蓄意攻击等行为非法操纵评分数据,进而影响推荐结果,严重危害推荐服务的安全性。现有的检测方法大多都是基于从评级数据中提取的人工构建特征进行的托攻击检测,难以适应更复杂的共同访问注入攻击,并且人工构建特征费时且区分能力不足,同时攻击行为规模远远小于正常行为,给传统检测方法带来了不平衡数据问题。因此,文中提出堆叠多层图卷积神经网络端到端学习用户和项目之间的多阶交互行为信息得到用户嵌入和项目嵌入,将其作为攻击检测特征,以卷积神经网络作为基分类器实现深度行为特征提取,结合集成方法检测攻击。在真实数据集上的实验结果表明,与流行的推荐系统恶意攻击检测方法相比,所提方法对共同访问注入攻击行为有较好的检测效果并在一定程度上克服了不平衡数据的难题。

基于相关特征-多标签级联提升森林的电网虚假数据注入攻击定位检测

虚假数据注入攻击严重威胁了电网安全稳定运行。由于电力量测数据维度高、特征复杂,传统攻击定位检测方法存在定位精度不足的问题。为此,提出一种基于相关特征-多标签级联提升森林的电网虚假数据注入攻击定位检测方法来精确定位电网受攻击的位置。所提方法通过融入极端梯度提升算法来增强多标签级联森林对复杂电力量测数据的拟合能力,进而识别系统各节点状态量的异常;引入“相关特征”算法来对原始电力量测数据中的高信息性特征进行提取,提升多标签级联森林的泛化能力,以获得更精确的定位检测。在IEEE-14和IEEE-57节点系统中进行仿真测试,验证了所提方法的有效性,且与其他方法相比,所提方法具有更优的准确率、查准率、灵敏度和F1分数。

基于多智能体遗传算法的云平台抗虚假数据注入攻击方法

为确保云平台内数据传输安全,提出一种基于多智能体遗传算法的云平台抗虚假数据注入攻击方法。采用开源平台OpenStack搭建云平台,并分析云平台虚假数据注入攻击过程;以该攻击过程为基础,结合Copula函数与GAN生成对抗网络构建虚假数据注入攻击检测框架,利用Copula GAN函数模型中的判别器与生成器对云平台原始量测数据进行对抗训练,再采用极端随机树分类器检测虚假数据,判断云平台中是否存在虚假数据注入攻击情况;利用三层攻防博弈模型防御云平台中的虚假数据注入攻击,同时由该模型为各条数据传输线路分配防御资源,并设置对应的约束条件;采用多智能体遗传算法对模型进行优化求解,完成云平台虚假数据注入攻击目标防御。实验结果表明,该方法可以精准检测云平台虚假数据并及时采取防御措施,具备较强的抗虚假数据注入攻击能力。

数据注入攻击下ICPS的自适应事件触发弹性控制

为使工业信息物理系统(ICPS)抵御数据注入攻击,本文研究了事件触发弹性控制策略,采用自适应事件触发以减少通信资源,构建攻击估计器以降低攻击对系统性能的影响.通过H∞渐近稳定性准则推导估计器参数,采用Lyapunov-Krasovskii函数推导事件触发、数据注入攻击、网络延迟和弹性控制器之间的定量关系.以二自由度质量–弹簧–阻尼串联系统为被控对象, MATLAB仿真验证基于自适应事件触发的ICPS在数据注入攻击下的系统性能,结果表明所采取策略能保证系统的稳定性,并有效减少通信资源.

Adaptive security control of time-varying constraints nonlinear cyber-physical systems with false data injection attacks

In this article,an adaptive security control scheme is presented for cyber-physical systems(CPSs)suffering from false data injection(FDI)attacks and time-varying state constraints.Firstly,an adaptive bound estimation mechanism is introduced in the backstepping control design to mitigate the effect of FDI attacks.Secondly,to solve the unknown sign time-varying statefeedback gains aroused by the FDI attacks,a type of Nussbaum function is employed in the adaptive security control.Then,by constructing a barrier Lyapunov function,it can be ensured that all signals of controlled system are bounded and the time-varying state constraints are not transgressed.Finally,the provided simulation examples demonstrate the effectiveness of the proposed controller.

Game Theory based Optimal Defensive Resources Allocation with Incomplete Information in Cyber-physical Power Systems against False Data Injection Attacks

Modern power grid is fast emerging as a complex cyber-physical power system(CPPS)integrating physical current-carrying components and processes with cyber-embedded computing,which faces increasing cy-berspace security threats and risks.In this paper,the state(i.e.,voltage)offsets resulting from false data injection(FDI)attacks and the bus safety characterization are applied to quantify the attack consequences.The state offsets are obtained by the state estimation method,and the bus safety characterization considers the power net-work topology as well as the vulnerability and connection relationship of buses.Considering the indeterminacy of attacker’s resource consumption and reward,a zero-sum game-theoretical model from the defender’s perspective with incomplete information is explored for the optimal allocation of limited defensive resources.The attacker aims to falsify measurements without triggering threshold alarms to break through the protection,leading to load shedding,over-voltage or under-voltage.The defender attempts to ensure the estimation results to be as close to the actual states as possible,and guarantee the system’s safety and efficient defensive resource utilization.The proposed solution is extensively evaluated through simu-lations using the IEEE 33-bus test network and real-time digital simulator(RTDS)based testbed experiments of the IEEE 14-bus network.The results demonstrate the effec-tiveness of the proposed game-theoretical approach for optimal defensive resource allocation in CPPS when lim-ited resources are available when under FDI attacks.Index Terms—Optimal strategy,game theory,Nash equilibrium,CPPS,FDI attack.