In federated learning,backdoor attacks have become an important research topic with their wide application in processing sensitive datasets.Since federated learning detects or modifies local models through defense mec...In federated learning,backdoor attacks have become an important research topic with their wide application in processing sensitive datasets.Since federated learning detects or modifies local models through defense mechanisms during aggregation,it is difficult to conduct effective backdoor attacks.In addition,existing backdoor attack methods are faced with challenges,such as low backdoor accuracy,poor ability to evade anomaly detection,and unstable model training.To address these challenges,a method called adaptive simulation backdoor attack(ASBA)is proposed.Specifically,ASBA improves the stability of model training by manipulating the local training process and using an adaptive mechanism,the ability of the malicious model to evade anomaly detection by combing large simulation training and clipping,and the backdoor accuracy by introducing a stimulus model to amplify the impact of the backdoor in the global model.Extensive comparative experiments under five advanced defense scenarios show that ASBA can effectively evade anomaly detection and achieve high backdoor accuracy in the global model.Furthermore,it exhibits excellent stability and effectiveness after multiple rounds of attacks,outperforming state-of-the-art backdoor attack methods.展开更多
According to the dynamic interaction process between cyber flow and power flow in grid cyber-physical systems(GCPS),attackers could gradually trigger large-scale power failures through cooperative cyber-attacks,subseq...According to the dynamic interaction process between cyber flow and power flow in grid cyber-physical systems(GCPS),attackers could gradually trigger large-scale power failures through cooperative cyber-attacks,subsequently forming cross-domain cascading failures(CDCF)that cross cyber-domain and power-domain and endanger the stable running of GCPS.To reveal the evolutionary mechanism of CDCF,an optimal attack scheme evaluation method is proposed,considering the spatiotemporal synergy of multiple attack-event-chains.First,in accordance with the spatiotemporal synergy of multiple attack-event-chains,the CDCF evolutionary mechanism is analyzed from the attackers'perspective,and a CDCF mathematical model is established.Furthermore,an attack graph model of CDCF evolution and its hazard calculation method are proposed.Then,the attackers'decision-making process for the optimal attack scheme of CDCF is deduced based on the attack graph model.Finally,both the evaluation and implementation processes of the optimal attack scheme are simulated in the GCPS experimental system based on IEEE-39 bus systems.展开更多
Federated Learning(FL)protects data privacy through a distributed training mechanism,yet its decentralized nature also introduces new security vulnerabilities.Backdoor attacks inject malicious triggers into the global...Federated Learning(FL)protects data privacy through a distributed training mechanism,yet its decentralized nature also introduces new security vulnerabilities.Backdoor attacks inject malicious triggers into the global model through compromised updates,posing significant threats to model integrity and becoming a key focus in FL security.Existing backdoor attack methods typically embed triggers directly into original images and consider only data heterogeneity,resulting in limited stealth and adaptability.To address the heterogeneity of malicious client devices,this paper proposes a novel backdoor attack method named Capability-Adaptive Shadow Backdoor Attack(CASBA).By incorporating measurements of clients’computational and communication capabilities,CASBA employs a dynamic hierarchical attack strategy that adaptively aligns attack intensity with available resources.Furthermore,an improved deep convolutional generative adversarial network(DCGAN)is integrated into the attack pipeline to embed triggers without modifying original data,significantly enhancing stealthiness.Comparative experiments with Shadow Backdoor Attack(SBA)across multiple scenarios demonstrate that CASBA dynamically adjusts resource consumption based on device capabilities,reducing average memory usage per iteration by 5.8%.CASBA improves resource efficiency while keeping the drop in attack success rate within 3%.Additionally,the effectiveness of CASBA against three robust FL algorithms is also validated.展开更多
The surge in smishing attacks underscores the urgent need for robust,real-time detection systems powered by advanced deep learning models.This paper introduces PhishNet,a novel ensemble learning framework that integra...The surge in smishing attacks underscores the urgent need for robust,real-time detection systems powered by advanced deep learning models.This paper introduces PhishNet,a novel ensemble learning framework that integrates transformer-based models(RoBERTa)and large language models(LLMs)(GPT-OSS 120B,LLaMA3.370B,and Qwen332B)to enhance smishing detection performance significantly.To mitigate class imbalance,we apply synthetic data augmentation using T5 and leverage various text preprocessing techniques.Our system employs a duallayer voting mechanism:weighted majority voting among LLMs and a final ensemble vote to classify messages as ham,spam,or smishing.Experimental results show an average accuracy improvement from 96%to 98.5%compared to the best standalone transformer,and from 93%to 98.5%when compared to LLMs across datasets.Furthermore,we present a real-time,user-friendly application to operationalize our detection model for practical use.PhishNet demonstrates superior scalability,usability,and detection accuracy,filling critical gaps in current smishing detection methodologies.展开更多
Dear Editor,This letter studies the problem of stealthy attacks targeting stochastic event-based estimation,alongside proposing measures for their mitigation.A general attack framework is introduced,and the correspond...Dear Editor,This letter studies the problem of stealthy attacks targeting stochastic event-based estimation,alongside proposing measures for their mitigation.A general attack framework is introduced,and the corresponding stealthiness condition is analyzed.To enhance system security,we advocate for a single-dimensional encryption method,showing that securing a singular data element is sufficient to shield the system from the perils of stealthy attacks.展开更多
Zero-click attacks represent an advanced cybersecurity threat,capable of compromising devices without user interaction.High-profile examples such as Pegasus,Simjacker,Bluebugging,and Bluesnarfing exploit hidden vulner...Zero-click attacks represent an advanced cybersecurity threat,capable of compromising devices without user interaction.High-profile examples such as Pegasus,Simjacker,Bluebugging,and Bluesnarfing exploit hidden vulnerabilities in software and communication protocols to silently gain access,exfiltrate data,and enable long-term surveillance.Their stealth and ability to evade traditional defenses make detection and mitigation highly challenging.This paper addresses these threats by systematically mapping the tactics and techniques of zero-click attacks using the MITRE ATT&CK framework,a widely adopted standard for modeling adversarial behavior.Through this mapping,we categorize real-world attack vectors and better understand how such attacks operate across the cyber-kill chain.To support threat detection efforts,we propose an Active Learning-based method to efficiently label the Pegasus spyware dataset in alignment with the MITRE ATT&CK framework.This approach reduces the effort of manually annotating data while improving the quality of the labeled data,which is essential to train robust cybersecurity models.In addition,our analysis highlights the structured execution paths of zero-click attacks and reveals gaps in current defense strategies.The findings emphasize the importance of forward-looking strategies such as continuous surveillance,dynamic threat profiling,and security education.By bridging zero-click attack analysis with the MITRE ATT&CK framework and leveraging machine learning for dataset annotation,this work provides a foundation for more accurate threat detection and the development of more resilient and structured cybersecurity frameworks.展开更多
Graph Neural Networks(GNNs)have proven highly effective for graph classification across diverse fields such as social networks,bioinformatics,and finance,due to their capability to learn complex graph structures.Howev...Graph Neural Networks(GNNs)have proven highly effective for graph classification across diverse fields such as social networks,bioinformatics,and finance,due to their capability to learn complex graph structures.However,despite their success,GNNs remain vulnerable to adversarial attacks that can significantly degrade their classification accuracy.Existing adversarial attack strategies primarily rely on label information to guide the attacks,which limits their applicability in scenarios where such information is scarce or unavailable.This paper introduces an innovative unsupervised attack method for graph classification,which operates without relying on label information,thereby enhancing its applicability in a broad range of scenarios.Specifically,our method first leverages a graph contrastive learning loss to learn high-quality graph embeddings by comparing different stochastic augmented views of the graphs.To effectively perturb the graphs,we then introduce an implicit estimator that measures the impact of various modifications on graph structures.The proposed strategy identifies and flips edges with the top-K highest scores,determined by the estimator,to maximize the degradation of the model’s performance.In addition,to defend against such attack,we propose a lightweight regularization-based defense mechanism that is specifically tailored to mitigate the structural perturbations introduced by our attack strategy.It enhances model robustness by enforcing embedding consistency and edge-level smoothness during training.We conduct experiments on six public TU graph classification datasets:NCI1,NCI109,Mutagenicity,ENZYMES,COLLAB,and DBLP_v1,to evaluate the effectiveness of our attack and defense strategies.Under an attack budget of 3,the maximum reduction in model accuracy reaches 6.67%on the Graph Convolutional Network(GCN)and 11.67%on the Graph Attention Network(GAT)across different datasets,indicating that our unsupervised method induces degradation comparable to state-of-the-art supervised attacks.Meanwhile,our defense achieves the highest accuracy recovery of 3.89%(GCN)and 5.00%(GAT),demonstrating improved robustness against structural perturbations.展开更多
Knowledge-based VisualQuestion Answering(VQA)requires the integration of visual information with external knowledge reasoning.Existing approaches typically retrieve information from external corpora and rely on pretra...Knowledge-based VisualQuestion Answering(VQA)requires the integration of visual information with external knowledge reasoning.Existing approaches typically retrieve information from external corpora and rely on pretrained language models for reasoning.However,their performance is often hindered by the limited capabilities of retrievers and the constrained size of knowledge bases.Moreover,relying on image captions to bridge the modal gap between visual and language modalities can lead to the omission of critical visual details.To address these limitations,we propose the Reflective Chain-of-Thought(ReCoT)method,a simple yet effective framework inspired by metacognition theory.ReCoT effectively activates the reasoning capabilities ofMultimodal Large LanguageModels(MLLMs),providing essential visual and knowledge cues required to solve complex visual questions.It simulates a metacognitive reasoning process that encompasses monitoring,reflection,and correction.Specifically,in the initial generation stage,an MLLM produces a preliminary answer that serves as the model’s initial cognitive output.During the reflective reasoning stage,this answer is critically examined to generate a reflective rationale that integrates key visual evidence and relevant knowledge.In the final refinement stage,a smaller language model leverages this rationale to revise the initial prediction,resulting in amore accurate final answer.By harnessing the strengths ofMLLMs in visual and knowledge grounding,ReCoT enables smaller language models to reason effectively without dependence on image captions or external knowledge bases.Experimental results demonstrate that ReCoT achieves substantial performance improvements,outperforming state-of-the-art methods by 2.26%on OK-VQA and 5.8%on A-OKVQA.展开更多
Numerical simulations and theoretical models are developed in this paper for the Detonation-Wave/Boundary-Layer Interactions(DWBLIs)under reflections.Transient flow fields demonstrate the highly non-stationarity of th...Numerical simulations and theoretical models are developed in this paper for the Detonation-Wave/Boundary-Layer Interactions(DWBLIs)under reflections.Transient flow fields demonstrate the highly non-stationarity of the DWBLIs when Mach Reflection(MR)occur,and subsequent analyses show that the subsonic region introduced by the boundary layer exacerbates the instability.Further quantitative analyses show that viscosity has little effect on propulsive performance and the separation wave can be considered as an oblique detonation wave.Influence parameters to DWBLIs such as combustion chamber height,incoming Mach number,equivalence ratio,and inlet channel length are categorized and studied.Besides simulations,theoretical analytical modeling is established for Regular Reflection(RR)and MR of DWBLIs.Multiple formulas for the separation zone length are obtained according to the mass conservation under different transformation type between inviscid and viscid reflections.Comparison with the numerical simulations verifies the validity of the model and it can be further generalized to the curved DWBLIs.The developed model makes the theoretical solution process of DWBLIs possible and provides the key foundation for further analysis and solution.展开更多
In recent years,with the rapid advancement of artificial intelligence,object detection algorithms have made significant strides in accuracy and computational efficiency.Notably,research and applications of Anchor-Free...In recent years,with the rapid advancement of artificial intelligence,object detection algorithms have made significant strides in accuracy and computational efficiency.Notably,research and applications of Anchor-Free models have opened new avenues for real-time target detection in optical remote sensing images(ORSIs).However,in the realmof adversarial attacks,developing adversarial techniques tailored to Anchor-Freemodels remains challenging.Adversarial examples generated based on Anchor-Based models often exhibit poor transferability to these new model architectures.Furthermore,the growing diversity of Anchor-Free models poses additional hurdles to achieving robust transferability of adversarial attacks.This study presents an improved cross-conv-block feature fusion You Only Look Once(YOLO)architecture,meticulously engineered to facilitate the extraction ofmore comprehensive semantic features during the backpropagation process.To address the asymmetry between densely distributed objects in ORSIs and the corresponding detector outputs,a novel dense bounding box attack strategy is proposed.This approach leverages dense target bounding boxes loss in the calculation of adversarial loss functions.Furthermore,by integrating translation-invariant(TI)and momentum-iteration(MI)adversarial methodologies,the proposed framework significantly improves the transferability of adversarial attacks.Experimental results demonstrate that our method achieves superior adversarial attack performance,with adversarial transferability rates(ATR)of 67.53%on the NWPU VHR-10 dataset and 90.71%on the HRSC2016 dataset.Compared to ensemble adversarial attack and cascaded adversarial attack approaches,our method generates adversarial examples in an average of 0.64 s,representing an approximately 14.5%improvement in efficiency under equivalent conditions.展开更多
The advancement of next-generation high-frequency communication systems and stealth detection technologies necessitate the development of efficient,multi-spectrum compatible shielding materials.However,the achievement...The advancement of next-generation high-frequency communication systems and stealth detection technologies necessitate the development of efficient,multi-spectrum compatible shielding materials.However,the achievement of simultaneous high efficiency and low reflectivity across microwave,terahertz,and infrared spectra remains a formidable challenge.Herein,a carbonized MXene/polyimide(C-MXene/PI)aerogel material integrating a spatially coupled hierarchically anisotropic structure with stepwise conductivity gradients was constructed.Electromagnetic waves propagate through the top-down vertical disordered horizontal architecture and progressive conductivity gradient of C-MXene/PI aerogel,undergoing stepwise absorption-dissipation-re-dissipation processes.The C-MXene/PI aerogel exhibits an average electromagnetic interference(EMI)shielding effectiveness of91.0 dB in X-band and a reflection coefficient of 0.40.In the terahertz frequency band,the average EMI shielding performance reaches66.2 dB with a reflection coefficient of 0.33.Furthermore,the heterolayered porous architecture of C-MXene/PI aerogels exhibits low thermal conductivity and reduced infrared emissivity,enabling exceptional infrared stealth capability across the 2-16μm wavelength spectrum.This study provides an feasible strategy for constructing low-reflectivity multi-spectrum compatible shielding materials.展开更多
FY-3G is the first polar-orbiting satellite equipped with a precipitation measurement radar(PMR)operating at Ku-andKa-band frequencies in China.In this study,we compare the reflectivity data from the FY-3G PMR Ku prod...FY-3G is the first polar-orbiting satellite equipped with a precipitation measurement radar(PMR)operating at Ku-andKa-band frequencies in China.In this study,we compare the reflectivity data from the FY-3G PMR Ku product and groundbasedradars(GRs)during 2024.Also,the FY-3G PMR is used as a third-party reference to evaluate the reflectivityconsistency among different GRs.The FY-3G PMR and GRs share similarities in their general distribution,characteristics,and intensity of reflectivity in strong precipitation cloud systems,though the former presents less detailed system structure.Systematic deviations between the FY-3G PMR and GRs and between GRs are comparable,albeit the reflectivity of the FY-3G PMR is generally slightly stronger than that of GRs(especially X-band GRs),with a mean bias ranging from 0.7 to 1.7dB.S-band GRs exhibit the smallest systematic deviation(STD=3.09 dB)from the FY-3G PMR,whereas the X-band GRsshow the largest(STD=3.61 dB),indirectly indicating the highest internal consistency among S-band GRs and the lowestamong X-band GRs.Besides,both S-and C-band GRs display similar deviations when paired with the FY-3G PMR as wellas when paired with their adjacent S/C-band GRs,suggesting good consistency between these two bands.In contrast,XbandGRs exhibit relatively poor consistency with S-band GRs and the FY-3G PMR,showing a deviation ranging from 3.0to 4.6 dB.展开更多
Objectives This study aimed to explore and clarify the concept of reflective supervision as a professional self-care strategy to create a positive Intensive Care Unit(ICU)practice environment.Methods Walker and Avant...Objectives This study aimed to explore and clarify the concept of reflective supervision as a professional self-care strategy to create a positive Intensive Care Unit(ICU)practice environment.Methods Walker and Avant’s eight-step concept analysis approach was utilized to identify and define the attributes,antecedents,and consequences of reflective supervision in the ICU.An extensive literature search was conducted across various databases,including Google Scholar,CINAHL,PubMed.Articles published from 2005 to 2025 were identified.We followed the Preferred Reporting Items for Systematic Reviews and Meta-Analyses(PRISMA)2020 statement to indicate the included articles and extract related data based on relevance.Results Forty articles were included in the analysis.The identified attributes included the supervisor-supervisee relationship,effective communication,teamwork,collaborations,reflection,competencies,feedback,continuous support,and autonomous choice.The identified antecedents included participation,supportive supervision,flexibility,open-door policy,training,and motivation.Consequences impacting the success of reflective supervision were identified as promotion of resiliency,autonomy,work-life balance,self-awareness,increased self-esteem,professional development,critical thinking,increased job satisfaction,and enhanced commitment.Conclusions Reflective supervision is a complex professional self-care strategy that enhances ICU practice,by promoting nurses’well-being,self-awareness,therapeutic skills,and professional development.展开更多
Large language models(LLMs)have revolutionized AI applications across diverse domains.However,their widespread deployment has introduced critical security vulnerabilities,particularly prompt injection attacks that man...Large language models(LLMs)have revolutionized AI applications across diverse domains.However,their widespread deployment has introduced critical security vulnerabilities,particularly prompt injection attacks that manipulate model behavior through malicious instructions.Following Kitchenham’s guidelines,this systematic review synthesizes 128 peer-reviewed studies from 2022 to 2025 to provide a unified understanding of this rapidly evolving threat landscape.Our findings reveal a swift progression from simple direct injections to sophisticated multimodal attacks,achieving over 90%success rates against unprotected systems.In response,defense mechanisms show varying effectiveness:input preprocessing achieves 60%–80%detection rates and advanced architectural defenses demonstrate up to 95%protection against known patterns,though significant gaps persist against novel attack vectors.We identified 37 distinct defense approaches across three categories,but standardized evaluation frameworks remain limited.Our analysis attributes these vulnerabilities to fundamental LLM architectural limitations,such as the inability to distinguish instructions from data and attention mechanism vulnerabilities.This highlights critical research directions such as formal verification methods,standardized evaluation protocols,and architectural innovations for inherently secure LLM designs.展开更多
Internet of Things(IoTs)devices are bringing about a revolutionary change our society by enabling connectivity regardless of time and location.However,The extensive deployment of these devices also makes them attracti...Internet of Things(IoTs)devices are bringing about a revolutionary change our society by enabling connectivity regardless of time and location.However,The extensive deployment of these devices also makes them attractive victims for themalicious actions of adversaries.Within the spectrumof existing threats,Side-ChannelAttacks(SCAs)have established themselves as an effective way to compromise cryptographic implementations.These attacks exploit unintended,unintended physical leakage that occurs during the cryptographic execution of devices,bypassing the theoretical strength of the crypto design.In recent times,the advancement of deep learning has provided SCAs with a powerful ally.Well-trained deep-learningmodels demonstrate an exceptional capacity to identify correlations between side-channel measurements and sensitive data,thereby significantly enhancing such attacks.To further understand the security threats posed by deep-learning SCAs and to aid in formulating robust countermeasures in the future,this paper undertakes an exhaustive investigation of leading-edge SCAs targeting Advanced Encryption Standard(AES)implementations.The study specifically focuses on attacks that exploit power consumption and electromagnetic(EM)emissions as primary leakage sources,systematically evaluating the extent to which diverse deep learning techniques enhance SCAs acrossmultiple critical dimensions.These dimensions include:(i)the characteristics of publicly available datasets derived from various hardware and software platforms;(ii)the formalization of leakage models tailored to different attack scenarios;(iii)the architectural suitability and performance of state-of-the-art deep learning models.Furthermore,the survey provides a systematic synthesis of current research findings,identifies significant unresolved issues in the existing literature and suggests promising directions for future work,including cross-device attack transferability and the impact of quantum-classical hybrid computing on side-channel security.展开更多
Transformer-based models have significantly advanced binary code similarity detection(BCSD)by leveraging their semantic encoding capabilities for efficient function matching across diverse compilation settings.Althoug...Transformer-based models have significantly advanced binary code similarity detection(BCSD)by leveraging their semantic encoding capabilities for efficient function matching across diverse compilation settings.Although adversarial examples can strategically undermine the accuracy of BCSD models and protect critical code,existing techniques predominantly depend on inserting artificial instructions,which incur high computational costs and offer limited diversity of perturbations.To address these limitations,we propose AIMA,a novel gradient-guided assembly instruction relocation method.Our method decouples the detection model into tokenization,embedding,and encoding layers to enable efficient gradient computation.Since token IDs of instructions are discrete and nondifferentiable,we compute gradients in the continuous embedding space to evaluate the influence of each token.The most critical tokens are identified by calculating the L2 norm of their embedding gradients.We then establish a mapping between instructions and their corresponding tokens to aggregate token-level importance into instructionlevel significance.To maximize adversarial impact,a sliding window algorithm selects the most influential contiguous segments for relocation,ensuring optimal perturbation with minimal length.This approach efficiently locates critical code regions without expensive search operations.The selected segments are relocated outside their original function boundaries via a jump mechanism,which preserves runtime control flow and functionality while introducing“deletion”effects in the static instruction sequence.Extensive experiments show that AIMA reduces similarity scores by up to 35.8%in state-of-the-art BCSD models.When incorporated into training data,it also enhances model robustness,achieving a 5.9%improvement in AUROC.展开更多
This article investigates the distributed recursive filtering problem for discrete-time stochastic cyber–physical systems.A particular feature of our work is that we consider systems in which the state is constrained...This article investigates the distributed recursive filtering problem for discrete-time stochastic cyber–physical systems.A particular feature of our work is that we consider systems in which the state is constrained by saturation.Measurements are transmitted to nodes of a sensor network over unreliable wireless channels.We propose a linear coding mechanism,together with a distributed method for obtaining a state estimate at each node.These designs aim to minimize the state estimation error covariance.In addition,we derive a bound on this covariance,and accommodate the design parameters to minimize this bound.The resulting design depends on the packet loss probabilities of the wireless channels.This permits applying the proposed scheme to systems in which communications suffer from denial-of-service attacks,as such attacks typically affect those probabilities.Finally,we present a numerical example illustrating this application.展开更多
With the increasing emphasis on personal information protection,encryption through security protocols has emerged as a critical requirement in data transmission and reception processes.Nevertheless,IoT ecosystems comp...With the increasing emphasis on personal information protection,encryption through security protocols has emerged as a critical requirement in data transmission and reception processes.Nevertheless,IoT ecosystems comprise heterogeneous networks where outdated systems coexist with the latest devices,spanning a range of devices from non-encrypted ones to fully encrypted ones.Given the limited visibility into payloads in this context,this study investigates AI-based attack detection methods that leverage encrypted traffic metadata,eliminating the need for decryption and minimizing system performance degradation—especially in light of these heterogeneous devices.Using the UNSW-NB15 and CICIoT-2023 dataset,encrypted and unencrypted traffic were categorized according to security protocol,and AI-based intrusion detection experiments were conducted for each traffic type based on metadata.To mitigate the problem of class imbalance,eight different data sampling techniques were applied.The effectiveness of these sampling techniques was then comparatively analyzed using two ensemble models and three Deep Learning(DL)models from various perspectives.The experimental results confirmed that metadata-based attack detection is feasible using only encrypted traffic.In the UNSW-NB15 dataset,the f1-score of encrypted traffic was approximately 0.98,which is 4.3%higher than that of unencrypted traffic(approximately 0.94).In addition,analysis of the encrypted traffic in the CICIoT-2023 dataset using the same method showed a significantly lower f1-score of roughly 0.43,indicating that the quality of the dataset and the preprocessing approach have a substantial impact on detection performance.Furthermore,when data sampling techniques were applied to encrypted traffic,the recall in the UNSWNB15(Encrypted)dataset improved by up to 23.0%,and in the CICIoT-2023(Encrypted)dataset by 20.26%,showing a similar level of improvement.Notably,in CICIoT-2023,f1-score and Receiver Operation Characteristic-Area Under the Curve(ROC-AUC)increased by 59.0%and 55.94%,respectively.These results suggest that data sampling can have a positive effect even in encrypted environments.However,the extent of the improvement may vary depending on data quality,model architecture,and sampling strategy.展开更多
An attack-resilient distributed Nash equilibrium(NE) seeking problem is addressed for noncooperative games of networked systems under malicious cyber-attacks,i.e.,false data injection(FDI) attacks.Different from many ...An attack-resilient distributed Nash equilibrium(NE) seeking problem is addressed for noncooperative games of networked systems under malicious cyber-attacks,i.e.,false data injection(FDI) attacks.Different from many existing distributed NE seeking works,it is practical and challenging to get resilient adaptively distributed NE seeking under unknown and unbounded FDI attacks.An attack-resilient NE seeking algorithm that is distributed(i.e.,independent of global information on the graph's algebraic connectivity,Lipschitz and monotone constants of pseudo-gradients,or number of players),is presented by means of incorporating the consensus-based gradient play with a distributed attack identifier so as to achieve simultaneous NE seeking and attack identification asymptotically.Another key characteristic is that FDI attacks are allowed to be unknown and unbounded.By exploiting nonsmooth analysis and stability theory,the global asymptotic convergence of the developed algorithm to the NE is ensured.Moreover,we extend this design to further consider the attack-resilient NE seeking of double-integrator players.Lastly,numerical simulation and practical experiment results are presented to validate the developed algorithms' effectiveness.展开更多
The wide-area damping controllers(WADCs),which are essential for mitigating regional low-frequency oscillations,face cyber-physical security threats due to the vulnerability of wide-area measurement system to cyber at...The wide-area damping controllers(WADCs),which are essential for mitigating regional low-frequency oscillations,face cyber-physical security threats due to the vulnerability of wide-area measurement system to cyber attacks and wind power uncertainties.This paper introduces reachability analysis method to quantify the impact of varying-amplitude attacks and uncertain wind fluctuations on the performance of WADC.Firstly,considering wind farm integration and attack injection,a nonlinear power system model with multiple buses is constructed based on Kron reduction method to improve computational efficiency and mitigate the constraints imposed by algebraic constraints.Then,a zonotope-based polytope construction method is employed to effectively model the range of attack amplitudes and wind uncertainties.By conducting reachability analysis,the reachable set preserving the nonlinear characteristics of studied system is computed,which enables the quantification of the maximum fluctuation range of regional oscillations under the dual disturbances.Case studies are undertaken on two multi-machine power systems with wind farm integration.The obtained results emphasize the efficacy of designed method,providing valuable insights into the magnitude of the impact that attacks exert on the operational characteristics of power system under various uncertain factors.展开更多
文摘In federated learning,backdoor attacks have become an important research topic with their wide application in processing sensitive datasets.Since federated learning detects or modifies local models through defense mechanisms during aggregation,it is difficult to conduct effective backdoor attacks.In addition,existing backdoor attack methods are faced with challenges,such as low backdoor accuracy,poor ability to evade anomaly detection,and unstable model training.To address these challenges,a method called adaptive simulation backdoor attack(ASBA)is proposed.Specifically,ASBA improves the stability of model training by manipulating the local training process and using an adaptive mechanism,the ability of the malicious model to evade anomaly detection by combing large simulation training and clipping,and the backdoor accuracy by introducing a stimulus model to amplify the impact of the backdoor in the global model.Extensive comparative experiments under five advanced defense scenarios show that ASBA can effectively evade anomaly detection and achieve high backdoor accuracy in the global model.Furthermore,it exhibits excellent stability and effectiveness after multiple rounds of attacks,outperforming state-of-the-art backdoor attack methods.
基金supported by National Natural Science Foundation of China(51977155 and 61833008).
文摘According to the dynamic interaction process between cyber flow and power flow in grid cyber-physical systems(GCPS),attackers could gradually trigger large-scale power failures through cooperative cyber-attacks,subsequently forming cross-domain cascading failures(CDCF)that cross cyber-domain and power-domain and endanger the stable running of GCPS.To reveal the evolutionary mechanism of CDCF,an optimal attack scheme evaluation method is proposed,considering the spatiotemporal synergy of multiple attack-event-chains.First,in accordance with the spatiotemporal synergy of multiple attack-event-chains,the CDCF evolutionary mechanism is analyzed from the attackers'perspective,and a CDCF mathematical model is established.Furthermore,an attack graph model of CDCF evolution and its hazard calculation method are proposed.Then,the attackers'decision-making process for the optimal attack scheme of CDCF is deduced based on the attack graph model.Finally,both the evaluation and implementation processes of the optimal attack scheme are simulated in the GCPS experimental system based on IEEE-39 bus systems.
基金supported by the National Natural Science Foundation of China(Grant No.62172123)the Key Research and Development Program of Heilongjiang Province,China(GrantNo.2022ZX01A36).
文摘Federated Learning(FL)protects data privacy through a distributed training mechanism,yet its decentralized nature also introduces new security vulnerabilities.Backdoor attacks inject malicious triggers into the global model through compromised updates,posing significant threats to model integrity and becoming a key focus in FL security.Existing backdoor attack methods typically embed triggers directly into original images and consider only data heterogeneity,resulting in limited stealth and adaptability.To address the heterogeneity of malicious client devices,this paper proposes a novel backdoor attack method named Capability-Adaptive Shadow Backdoor Attack(CASBA).By incorporating measurements of clients’computational and communication capabilities,CASBA employs a dynamic hierarchical attack strategy that adaptively aligns attack intensity with available resources.Furthermore,an improved deep convolutional generative adversarial network(DCGAN)is integrated into the attack pipeline to embed triggers without modifying original data,significantly enhancing stealthiness.Comparative experiments with Shadow Backdoor Attack(SBA)across multiple scenarios demonstrate that CASBA dynamically adjusts resource consumption based on device capabilities,reducing average memory usage per iteration by 5.8%.CASBA improves resource efficiency while keeping the drop in attack success rate within 3%.Additionally,the effectiveness of CASBA against three robust FL algorithms is also validated.
基金funded by the Deanship of Scientific Research(DSR)at King Abdulaziz University,Jeddah,under Grant No.(GPIP:1074-612-2024).
文摘The surge in smishing attacks underscores the urgent need for robust,real-time detection systems powered by advanced deep learning models.This paper introduces PhishNet,a novel ensemble learning framework that integrates transformer-based models(RoBERTa)and large language models(LLMs)(GPT-OSS 120B,LLaMA3.370B,and Qwen332B)to enhance smishing detection performance significantly.To mitigate class imbalance,we apply synthetic data augmentation using T5 and leverage various text preprocessing techniques.Our system employs a duallayer voting mechanism:weighted majority voting among LLMs and a final ensemble vote to classify messages as ham,spam,or smishing.Experimental results show an average accuracy improvement from 96%to 98.5%compared to the best standalone transformer,and from 93%to 98.5%when compared to LLMs across datasets.Furthermore,we present a real-time,user-friendly application to operationalize our detection model for practical use.PhishNet demonstrates superior scalability,usability,and detection accuracy,filling critical gaps in current smishing detection methodologies.
基金supported by the National Natural Science Foundation of China(62303353,62273030,62573320)。
文摘Dear Editor,This letter studies the problem of stealthy attacks targeting stochastic event-based estimation,alongside proposing measures for their mitigation.A general attack framework is introduced,and the corresponding stealthiness condition is analyzed.To enhance system security,we advocate for a single-dimensional encryption method,showing that securing a singular data element is sufficient to shield the system from the perils of stealthy attacks.
文摘Zero-click attacks represent an advanced cybersecurity threat,capable of compromising devices without user interaction.High-profile examples such as Pegasus,Simjacker,Bluebugging,and Bluesnarfing exploit hidden vulnerabilities in software and communication protocols to silently gain access,exfiltrate data,and enable long-term surveillance.Their stealth and ability to evade traditional defenses make detection and mitigation highly challenging.This paper addresses these threats by systematically mapping the tactics and techniques of zero-click attacks using the MITRE ATT&CK framework,a widely adopted standard for modeling adversarial behavior.Through this mapping,we categorize real-world attack vectors and better understand how such attacks operate across the cyber-kill chain.To support threat detection efforts,we propose an Active Learning-based method to efficiently label the Pegasus spyware dataset in alignment with the MITRE ATT&CK framework.This approach reduces the effort of manually annotating data while improving the quality of the labeled data,which is essential to train robust cybersecurity models.In addition,our analysis highlights the structured execution paths of zero-click attacks and reveals gaps in current defense strategies.The findings emphasize the importance of forward-looking strategies such as continuous surveillance,dynamic threat profiling,and security education.By bridging zero-click attack analysis with the MITRE ATT&CK framework and leveraging machine learning for dataset annotation,this work provides a foundation for more accurate threat detection and the development of more resilient and structured cybersecurity frameworks.
基金funded by the National Key Research and Development Program of China(Grant No.2024YFE0209000)the NSFC(Grant No.U23B2019).
文摘Graph Neural Networks(GNNs)have proven highly effective for graph classification across diverse fields such as social networks,bioinformatics,and finance,due to their capability to learn complex graph structures.However,despite their success,GNNs remain vulnerable to adversarial attacks that can significantly degrade their classification accuracy.Existing adversarial attack strategies primarily rely on label information to guide the attacks,which limits their applicability in scenarios where such information is scarce or unavailable.This paper introduces an innovative unsupervised attack method for graph classification,which operates without relying on label information,thereby enhancing its applicability in a broad range of scenarios.Specifically,our method first leverages a graph contrastive learning loss to learn high-quality graph embeddings by comparing different stochastic augmented views of the graphs.To effectively perturb the graphs,we then introduce an implicit estimator that measures the impact of various modifications on graph structures.The proposed strategy identifies and flips edges with the top-K highest scores,determined by the estimator,to maximize the degradation of the model’s performance.In addition,to defend against such attack,we propose a lightweight regularization-based defense mechanism that is specifically tailored to mitigate the structural perturbations introduced by our attack strategy.It enhances model robustness by enforcing embedding consistency and edge-level smoothness during training.We conduct experiments on six public TU graph classification datasets:NCI1,NCI109,Mutagenicity,ENZYMES,COLLAB,and DBLP_v1,to evaluate the effectiveness of our attack and defense strategies.Under an attack budget of 3,the maximum reduction in model accuracy reaches 6.67%on the Graph Convolutional Network(GCN)and 11.67%on the Graph Attention Network(GAT)across different datasets,indicating that our unsupervised method induces degradation comparable to state-of-the-art supervised attacks.Meanwhile,our defense achieves the highest accuracy recovery of 3.89%(GCN)and 5.00%(GAT),demonstrating improved robustness against structural perturbations.
基金supported by the National Natural Science Foundation of China(Nos.62572017,62441232,62206007)R&D Program of Beijing Municipal Education Commission(KZ202210005008).
文摘Knowledge-based VisualQuestion Answering(VQA)requires the integration of visual information with external knowledge reasoning.Existing approaches typically retrieve information from external corpora and rely on pretrained language models for reasoning.However,their performance is often hindered by the limited capabilities of retrievers and the constrained size of knowledge bases.Moreover,relying on image captions to bridge the modal gap between visual and language modalities can lead to the omission of critical visual details.To address these limitations,we propose the Reflective Chain-of-Thought(ReCoT)method,a simple yet effective framework inspired by metacognition theory.ReCoT effectively activates the reasoning capabilities ofMultimodal Large LanguageModels(MLLMs),providing essential visual and knowledge cues required to solve complex visual questions.It simulates a metacognitive reasoning process that encompasses monitoring,reflection,and correction.Specifically,in the initial generation stage,an MLLM produces a preliminary answer that serves as the model’s initial cognitive output.During the reflective reasoning stage,this answer is critically examined to generate a reflective rationale that integrates key visual evidence and relevant knowledge.In the final refinement stage,a smaller language model leverages this rationale to revise the initial prediction,resulting in amore accurate final answer.By harnessing the strengths ofMLLMs in visual and knowledge grounding,ReCoT enables smaller language models to reason effectively without dependence on image captions or external knowledge bases.Experimental results demonstrate that ReCoT achieves substantial performance improvements,outperforming state-of-the-art methods by 2.26%on OK-VQA and 5.8%on A-OKVQA.
基金support of the National Natural Science Foundation of China(Nos.U20A2069,U21B6003,12302389 and 12472337)the Advanced Aero-Power Innovation Workstation,China(No.HKCX2024-01-017)。
文摘Numerical simulations and theoretical models are developed in this paper for the Detonation-Wave/Boundary-Layer Interactions(DWBLIs)under reflections.Transient flow fields demonstrate the highly non-stationarity of the DWBLIs when Mach Reflection(MR)occur,and subsequent analyses show that the subsonic region introduced by the boundary layer exacerbates the instability.Further quantitative analyses show that viscosity has little effect on propulsive performance and the separation wave can be considered as an oblique detonation wave.Influence parameters to DWBLIs such as combustion chamber height,incoming Mach number,equivalence ratio,and inlet channel length are categorized and studied.Besides simulations,theoretical analytical modeling is established for Regular Reflection(RR)and MR of DWBLIs.Multiple formulas for the separation zone length are obtained according to the mass conservation under different transformation type between inviscid and viscid reflections.Comparison with the numerical simulations verifies the validity of the model and it can be further generalized to the curved DWBLIs.The developed model makes the theoretical solution process of DWBLIs possible and provides the key foundation for further analysis and solution.
文摘In recent years,with the rapid advancement of artificial intelligence,object detection algorithms have made significant strides in accuracy and computational efficiency.Notably,research and applications of Anchor-Free models have opened new avenues for real-time target detection in optical remote sensing images(ORSIs).However,in the realmof adversarial attacks,developing adversarial techniques tailored to Anchor-Freemodels remains challenging.Adversarial examples generated based on Anchor-Based models often exhibit poor transferability to these new model architectures.Furthermore,the growing diversity of Anchor-Free models poses additional hurdles to achieving robust transferability of adversarial attacks.This study presents an improved cross-conv-block feature fusion You Only Look Once(YOLO)architecture,meticulously engineered to facilitate the extraction ofmore comprehensive semantic features during the backpropagation process.To address the asymmetry between densely distributed objects in ORSIs and the corresponding detector outputs,a novel dense bounding box attack strategy is proposed.This approach leverages dense target bounding boxes loss in the calculation of adversarial loss functions.Furthermore,by integrating translation-invariant(TI)and momentum-iteration(MI)adversarial methodologies,the proposed framework significantly improves the transferability of adversarial attacks.Experimental results demonstrate that our method achieves superior adversarial attack performance,with adversarial transferability rates(ATR)of 67.53%on the NWPU VHR-10 dataset and 90.71%on the HRSC2016 dataset.Compared to ensemble adversarial attack and cascaded adversarial attack approaches,our method generates adversarial examples in an average of 0.64 s,representing an approximately 14.5%improvement in efficiency under equivalent conditions.
基金supported by the Fundamental Research Funds for the Central Universities under No.2024KQ130the National Natural Science Foundation of China(No.52373259)。
文摘The advancement of next-generation high-frequency communication systems and stealth detection technologies necessitate the development of efficient,multi-spectrum compatible shielding materials.However,the achievement of simultaneous high efficiency and low reflectivity across microwave,terahertz,and infrared spectra remains a formidable challenge.Herein,a carbonized MXene/polyimide(C-MXene/PI)aerogel material integrating a spatially coupled hierarchically anisotropic structure with stepwise conductivity gradients was constructed.Electromagnetic waves propagate through the top-down vertical disordered horizontal architecture and progressive conductivity gradient of C-MXene/PI aerogel,undergoing stepwise absorption-dissipation-re-dissipation processes.The C-MXene/PI aerogel exhibits an average electromagnetic interference(EMI)shielding effectiveness of91.0 dB in X-band and a reflection coefficient of 0.40.In the terahertz frequency band,the average EMI shielding performance reaches66.2 dB with a reflection coefficient of 0.33.Furthermore,the heterolayered porous architecture of C-MXene/PI aerogels exhibits low thermal conductivity and reduced infrared emissivity,enabling exceptional infrared stealth capability across the 2-16μm wavelength spectrum.This study provides an feasible strategy for constructing low-reflectivity multi-spectrum compatible shielding materials.
基金supported by the Innovation and Development Special Project of the China Meteorological Administration(Grant No.CXFZ2024J058)the Guangdong Province Basic and Applied Basic Research Foundation Meteorological Joint Fund Project(Grant No.2024A1515510036)+1 种基金the National Key R&D Program of China(Grant No.2022YFC3004101)the Technical Innovation Team Project of Guangzhou Meteorological Satellite Ground Station(Grant No.CXTD202401).
文摘FY-3G is the first polar-orbiting satellite equipped with a precipitation measurement radar(PMR)operating at Ku-andKa-band frequencies in China.In this study,we compare the reflectivity data from the FY-3G PMR Ku product and groundbasedradars(GRs)during 2024.Also,the FY-3G PMR is used as a third-party reference to evaluate the reflectivityconsistency among different GRs.The FY-3G PMR and GRs share similarities in their general distribution,characteristics,and intensity of reflectivity in strong precipitation cloud systems,though the former presents less detailed system structure.Systematic deviations between the FY-3G PMR and GRs and between GRs are comparable,albeit the reflectivity of the FY-3G PMR is generally slightly stronger than that of GRs(especially X-band GRs),with a mean bias ranging from 0.7 to 1.7dB.S-band GRs exhibit the smallest systematic deviation(STD=3.09 dB)from the FY-3G PMR,whereas the X-band GRsshow the largest(STD=3.61 dB),indirectly indicating the highest internal consistency among S-band GRs and the lowestamong X-band GRs.Besides,both S-and C-band GRs display similar deviations when paired with the FY-3G PMR as wellas when paired with their adjacent S/C-band GRs,suggesting good consistency between these two bands.In contrast,XbandGRs exhibit relatively poor consistency with S-band GRs and the FY-3G PMR,showing a deviation ranging from 3.0to 4.6 dB.
文摘Objectives This study aimed to explore and clarify the concept of reflective supervision as a professional self-care strategy to create a positive Intensive Care Unit(ICU)practice environment.Methods Walker and Avant’s eight-step concept analysis approach was utilized to identify and define the attributes,antecedents,and consequences of reflective supervision in the ICU.An extensive literature search was conducted across various databases,including Google Scholar,CINAHL,PubMed.Articles published from 2005 to 2025 were identified.We followed the Preferred Reporting Items for Systematic Reviews and Meta-Analyses(PRISMA)2020 statement to indicate the included articles and extract related data based on relevance.Results Forty articles were included in the analysis.The identified attributes included the supervisor-supervisee relationship,effective communication,teamwork,collaborations,reflection,competencies,feedback,continuous support,and autonomous choice.The identified antecedents included participation,supportive supervision,flexibility,open-door policy,training,and motivation.Consequences impacting the success of reflective supervision were identified as promotion of resiliency,autonomy,work-life balance,self-awareness,increased self-esteem,professional development,critical thinking,increased job satisfaction,and enhanced commitment.Conclusions Reflective supervision is a complex professional self-care strategy that enhances ICU practice,by promoting nurses’well-being,self-awareness,therapeutic skills,and professional development.
基金supported by 2023 Higher Education Scientific Research Planning Project of China Society of Higher Education(No.23PG0408)2023 Philosophy and Social Science Research Programs in Jiangsu Province(No.2023SJSZ0993)+2 种基金Nantong Science and Technology Project(No.JC2023070)Key Project of Jiangsu Province Education Science 14th Five-Year Plan(Grant No.B-b/2024/02/41)the Open Fund of Advanced Cryptography and System Security Key Laboratory of Sichuan Province(Grant No.SKLACSS-202407).
文摘Large language models(LLMs)have revolutionized AI applications across diverse domains.However,their widespread deployment has introduced critical security vulnerabilities,particularly prompt injection attacks that manipulate model behavior through malicious instructions.Following Kitchenham’s guidelines,this systematic review synthesizes 128 peer-reviewed studies from 2022 to 2025 to provide a unified understanding of this rapidly evolving threat landscape.Our findings reveal a swift progression from simple direct injections to sophisticated multimodal attacks,achieving over 90%success rates against unprotected systems.In response,defense mechanisms show varying effectiveness:input preprocessing achieves 60%–80%detection rates and advanced architectural defenses demonstrate up to 95%protection against known patterns,though significant gaps persist against novel attack vectors.We identified 37 distinct defense approaches across three categories,but standardized evaluation frameworks remain limited.Our analysis attributes these vulnerabilities to fundamental LLM architectural limitations,such as the inability to distinguish instructions from data and attention mechanism vulnerabilities.This highlights critical research directions such as formal verification methods,standardized evaluation protocols,and architectural innovations for inherently secure LLM designs.
基金The Key R&D Program of Hunan Province(Grant No.2025AQ2024)of the Department of Science and Technology of Hunan Province.Distinguished Young Scientists Fund(Grant No.24B0446)of Hunan Education Department.
文摘Internet of Things(IoTs)devices are bringing about a revolutionary change our society by enabling connectivity regardless of time and location.However,The extensive deployment of these devices also makes them attractive victims for themalicious actions of adversaries.Within the spectrumof existing threats,Side-ChannelAttacks(SCAs)have established themselves as an effective way to compromise cryptographic implementations.These attacks exploit unintended,unintended physical leakage that occurs during the cryptographic execution of devices,bypassing the theoretical strength of the crypto design.In recent times,the advancement of deep learning has provided SCAs with a powerful ally.Well-trained deep-learningmodels demonstrate an exceptional capacity to identify correlations between side-channel measurements and sensitive data,thereby significantly enhancing such attacks.To further understand the security threats posed by deep-learning SCAs and to aid in formulating robust countermeasures in the future,this paper undertakes an exhaustive investigation of leading-edge SCAs targeting Advanced Encryption Standard(AES)implementations.The study specifically focuses on attacks that exploit power consumption and electromagnetic(EM)emissions as primary leakage sources,systematically evaluating the extent to which diverse deep learning techniques enhance SCAs acrossmultiple critical dimensions.These dimensions include:(i)the characteristics of publicly available datasets derived from various hardware and software platforms;(ii)the formalization of leakage models tailored to different attack scenarios;(iii)the architectural suitability and performance of state-of-the-art deep learning models.Furthermore,the survey provides a systematic synthesis of current research findings,identifies significant unresolved issues in the existing literature and suggests promising directions for future work,including cross-device attack transferability and the impact of quantum-classical hybrid computing on side-channel security.
基金supported by Key Laboratory of Cyberspace Security,Ministry of Education,China。
文摘Transformer-based models have significantly advanced binary code similarity detection(BCSD)by leveraging their semantic encoding capabilities for efficient function matching across diverse compilation settings.Although adversarial examples can strategically undermine the accuracy of BCSD models and protect critical code,existing techniques predominantly depend on inserting artificial instructions,which incur high computational costs and offer limited diversity of perturbations.To address these limitations,we propose AIMA,a novel gradient-guided assembly instruction relocation method.Our method decouples the detection model into tokenization,embedding,and encoding layers to enable efficient gradient computation.Since token IDs of instructions are discrete and nondifferentiable,we compute gradients in the continuous embedding space to evaluate the influence of each token.The most critical tokens are identified by calculating the L2 norm of their embedding gradients.We then establish a mapping between instructions and their corresponding tokens to aggregate token-level importance into instructionlevel significance.To maximize adversarial impact,a sliding window algorithm selects the most influential contiguous segments for relocation,ensuring optimal perturbation with minimal length.This approach efficiently locates critical code regions without expensive search operations.The selected segments are relocated outside their original function boundaries via a jump mechanism,which preserves runtime control flow and functionality while introducing“deletion”effects in the static instruction sequence.Extensive experiments show that AIMA reduces similarity scores by up to 35.8%in state-of-the-art BCSD models.When incorporated into training data,it also enhances model robustness,achieving a 5.9%improvement in AUROC.
基金supported by the KGJ Basic Research Fund(JCKY2023110C080)the National Natural Science Foundation of China(62322306,62173057,62033006)+2 种基金Aviation Science Foundation Project(2022Z018063001)the Argentinean Agency for Scientific and Technological Promotion(PICT-2021-I-A-00730)the National Foreign Expert Individual Project(H20240983).
文摘This article investigates the distributed recursive filtering problem for discrete-time stochastic cyber–physical systems.A particular feature of our work is that we consider systems in which the state is constrained by saturation.Measurements are transmitted to nodes of a sensor network over unreliable wireless channels.We propose a linear coding mechanism,together with a distributed method for obtaining a state estimate at each node.These designs aim to minimize the state estimation error covariance.In addition,we derive a bound on this covariance,and accommodate the design parameters to minimize this bound.The resulting design depends on the packet loss probabilities of the wireless channels.This permits applying the proposed scheme to systems in which communications suffer from denial-of-service attacks,as such attacks typically affect those probabilities.Finally,we present a numerical example illustrating this application.
基金supported by the Institute of Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(No.RS-2023-00235509Development of security monitoring technology based network behavior against encrypted cyber threats in ICT convergence environment).
文摘With the increasing emphasis on personal information protection,encryption through security protocols has emerged as a critical requirement in data transmission and reception processes.Nevertheless,IoT ecosystems comprise heterogeneous networks where outdated systems coexist with the latest devices,spanning a range of devices from non-encrypted ones to fully encrypted ones.Given the limited visibility into payloads in this context,this study investigates AI-based attack detection methods that leverage encrypted traffic metadata,eliminating the need for decryption and minimizing system performance degradation—especially in light of these heterogeneous devices.Using the UNSW-NB15 and CICIoT-2023 dataset,encrypted and unencrypted traffic were categorized according to security protocol,and AI-based intrusion detection experiments were conducted for each traffic type based on metadata.To mitigate the problem of class imbalance,eight different data sampling techniques were applied.The effectiveness of these sampling techniques was then comparatively analyzed using two ensemble models and three Deep Learning(DL)models from various perspectives.The experimental results confirmed that metadata-based attack detection is feasible using only encrypted traffic.In the UNSW-NB15 dataset,the f1-score of encrypted traffic was approximately 0.98,which is 4.3%higher than that of unencrypted traffic(approximately 0.94).In addition,analysis of the encrypted traffic in the CICIoT-2023 dataset using the same method showed a significantly lower f1-score of roughly 0.43,indicating that the quality of the dataset and the preprocessing approach have a substantial impact on detection performance.Furthermore,when data sampling techniques were applied to encrypted traffic,the recall in the UNSWNB15(Encrypted)dataset improved by up to 23.0%,and in the CICIoT-2023(Encrypted)dataset by 20.26%,showing a similar level of improvement.Notably,in CICIoT-2023,f1-score and Receiver Operation Characteristic-Area Under the Curve(ROC-AUC)increased by 59.0%and 55.94%,respectively.These results suggest that data sampling can have a positive effect even in encrypted environments.However,the extent of the improvement may vary depending on data quality,model architecture,and sampling strategy.
基金supported in part by the National Natural Science Foundation of China(62373022,U2241217,62141604)Beijing Natural Science Foundation(4252043,JQ23019)+4 种基金the Fundamental Research Funds for the Central Universities(JKF-2025037448805,JKF-2025086098295)the Aeronautical Science Fund(2023Z034051001)the Academic Excellence Foundation of BUAA for Ph.D. Studentsthe Science and Technology Innovation2030—Key Project of New Generation Artificial Intelligence(2020AAA0108200)the National Key Research and Development Program of China(2022YFB3305600)。
文摘An attack-resilient distributed Nash equilibrium(NE) seeking problem is addressed for noncooperative games of networked systems under malicious cyber-attacks,i.e.,false data injection(FDI) attacks.Different from many existing distributed NE seeking works,it is practical and challenging to get resilient adaptively distributed NE seeking under unknown and unbounded FDI attacks.An attack-resilient NE seeking algorithm that is distributed(i.e.,independent of global information on the graph's algebraic connectivity,Lipschitz and monotone constants of pseudo-gradients,or number of players),is presented by means of incorporating the consensus-based gradient play with a distributed attack identifier so as to achieve simultaneous NE seeking and attack identification asymptotically.Another key characteristic is that FDI attacks are allowed to be unknown and unbounded.By exploiting nonsmooth analysis and stability theory,the global asymptotic convergence of the developed algorithm to the NE is ensured.Moreover,we extend this design to further consider the attack-resilient NE seeking of double-integrator players.Lastly,numerical simulation and practical experiment results are presented to validate the developed algorithms' effectiveness.
基金supported in part by the Young Elite Scientists Sponsorship Program by the Chinese Society for Electrical Engineering under Grant CSEE-YESS-2022019in part by the Guangzhou Basic and Applied Basic Research Foundation under Grand 2024A04J3672in part by the National Natural Science Foundation of China under Grant 52207106.
文摘The wide-area damping controllers(WADCs),which are essential for mitigating regional low-frequency oscillations,face cyber-physical security threats due to the vulnerability of wide-area measurement system to cyber attacks and wind power uncertainties.This paper introduces reachability analysis method to quantify the impact of varying-amplitude attacks and uncertain wind fluctuations on the performance of WADC.Firstly,considering wind farm integration and attack injection,a nonlinear power system model with multiple buses is constructed based on Kron reduction method to improve computational efficiency and mitigate the constraints imposed by algebraic constraints.Then,a zonotope-based polytope construction method is employed to effectively model the range of attack amplitudes and wind uncertainties.By conducting reachability analysis,the reachable set preserving the nonlinear characteristics of studied system is computed,which enables the quantification of the maximum fluctuation range of regional oscillations under the dual disturbances.Case studies are undertaken on two multi-machine power systems with wind farm integration.The obtained results emphasize the efficacy of designed method,providing valuable insights into the magnitude of the impact that attacks exert on the operational characteristics of power system under various uncertain factors.
