This paper explores the issue of secure synchronization control in piecewise-homogeneous Markovian jump delay neural networks affected by denial-of-service(DoS)attacks.Initially,a novel memory-based adaptive event-tri...This paper explores the issue of secure synchronization control in piecewise-homogeneous Markovian jump delay neural networks affected by denial-of-service(DoS)attacks.Initially,a novel memory-based adaptive event-triggered mechanism(MBAETM)is designed based on sequential growth rates,focusing on event-triggered conditions and thresholds.Subsequently,from the perspective of defenders,non-periodic DoS attacks are re-characterized,and a model of irregular DoS attacks with cyclic fluctuations within time series is further introduced to enhance the system's defense capabilities more effectively.Additionally,considering the unified demands of network security and communication efficiency,a resilient memory-based adaptive event-triggered mechanism(RMBAETM)is proposed.A unified Lyapunov-Krasovskii functional is then constructed,incorporating a loop functional to thoroughly consider information at trigger moments.The master-slave system achieves synchronization through the application of linear matrix inequality techniques.Finally,the proposed methods'effectiveness and superiority are confirmed through four numerical simulation examples.展开更多
Cyber-physical systems(CPSs)are regarded as the backbone of the fourth industrial revolution,in which communication,physical processes,and computer technology are integrated.In modern industrial systems,CPSs are widel...Cyber-physical systems(CPSs)are regarded as the backbone of the fourth industrial revolution,in which communication,physical processes,and computer technology are integrated.In modern industrial systems,CPSs are widely utilized across various domains,such as smart grids,smart healthcare systems,smart vehicles,and smart manufacturing,among others.Due to their unique spatial distribution,CPSs are highly vulnerable to cyber-attacks,which may result in severe performance degradation and even system instability.Consequently,the security concerns of CPSs have attracted significant attention in recent years.In this paper,a comprehensive survey on the security issues of CPSs under cyber-attacks is provided.Firstly,mathematical descriptions of various types of cyberattacks are introduced in detail.Secondly,two types of secure estimation and control processing schemes,including robust methods and active methods,are reviewed.Thirdly,research findings related to secure control and estimation problems for different types of CPSs are summarized.Finally,the survey is concluded by outlining the challenges and suggesting potential research directions for the future.展开更多
This paper investigates the adaptive neural network(NN)event-triggered secure formation control problem for nonholonomic mobile robots(NMRs)subject to deception attacks.The NNs are employed to approximate unknown nonl...This paper investigates the adaptive neural network(NN)event-triggered secure formation control problem for nonholonomic mobile robots(NMRs)subject to deception attacks.The NNs are employed to approximate unknown nonlinear functions in robotic dynamics.Since the transmission channel from sensor-to-controller is vulnerable to deception attacks,a NN estimation technique is introduced to estimate the unknown deception attacks.In order to alleviate the amount of communication between controller-and-actuator,an event-triggered mechanism with relative threshold strategy is established.Then,an adaptive NN event-triggered secure formation control method is proposed.It is proved that all closed-loop signals of controlled systems are bounded and the formation tracking errors converge a neighborhood of the origin in the presence of deception attacks.The comparative simulations illustrate the effectiveness of the proposed secure formation control scheme.展开更多
This paper introduces the Integrated Security Embedded Resilience Architecture (ISERA) as an advanced resilience mechanism for Industrial Control Systems (ICS) and Operational Technology (OT) environments. The ISERA f...This paper introduces the Integrated Security Embedded Resilience Architecture (ISERA) as an advanced resilience mechanism for Industrial Control Systems (ICS) and Operational Technology (OT) environments. The ISERA framework integrates security by design principles, micro-segmentation, and Island Mode Operation (IMO) to enhance cyber resilience and ensure continuous, secure operations. The methodology deploys a Forward-Thinking Architecture Strategy (FTAS) algorithm, which utilises an industrial Intrusion Detection System (IDS) implemented with Python’s Network Intrusion Detection System (NIDS) library. The FTAS algorithm successfully identified and responded to cyber-attacks, ensuring minimal system disruption. ISERA has been validated through comprehensive testing scenarios simulating Denial of Service (DoS) attacks and malware intrusions, at both the IT and OT layers where it successfully mitigates the impact of malicious activity. Results demonstrate ISERA’s efficacy in real-time threat detection, containment, and incident response, thus ensuring the integrity and reliability of critical infrastructure systems. ISERA’s decentralised approach contributes to global net zero goals by optimising resource use and minimising environmental impact. By adopting a decentralised control architecture and leveraging virtualisation, ISERA significantly enhances the cyber resilience and sustainability of critical infrastructure systems. This approach not only strengthens defences against evolving cyber threats but also optimises resource allocation, reducing the system’s carbon footprint. As a result, ISERA ensures the uninterrupted operation of essential services while contributing to broader net zero goals.展开更多
Terminals and their access represent a vulnerable aspect in the security framework of 5G-railway(5G-R)system.To enhance the control of 5G-R terminals and their access to applications,this paper analyzes the applicatio...Terminals and their access represent a vulnerable aspect in the security framework of 5G-railway(5G-R)system.To enhance the control of 5G-R terminals and their access to applications,this paper analyzes the application scenarios,operational modes,services supported by 5G-R terminals,and the data paths between these terminals and the connected railway application service systems.Further analysis concentrates on the security risks posed by the characteristics of intelligent 5G-R handheld terminals,lightweight Internet of Things(IoT)communication terminals,and onboard integrated wireless transmission equipment with public-private convergence.In light of the risks above,this paper presents the terminal security control requirements.Furthermore,based on the planned architecture of the 5G-R system and security technologies such as terminal identity authentication and behavior auditing,the paper proposes a solution package for the 5G-R terminal security control system,including the overall architecture,functional implementation,and interface configuration.These solutions aim to achieve unified control over the admission and access of 5G-R handheld terminals,IoT communication terminals,and onboard integrated wireless communication equipment to railway application systems.Additionally,they enable the security control and analysis of terminal behaviors and application data,facilitate the security management of terminals,and ensure the secure release,download,and installation of mobile applications.展开更多
In this article,we study the secure control of the Markovian jumping neural networks(MJNNs)subject to deception attacks.Considering the limitation of the network bandwidth and the impact of the deception attacks,we pr...In this article,we study the secure control of the Markovian jumping neural networks(MJNNs)subject to deception attacks.Considering the limitation of the network bandwidth and the impact of the deception attacks,we propose two memory-based adaptive event-trigger mechanisms(AETMs).Different from the available event-trigger mechanisms,these two memory-based AETMs contain the historical triggered data not only in the triggering conditions,but also in the adaptive law.They can adjust the data transmission rate adaptively so as to alleviate the impact of deception attacks on the controlled system and to suppress the peak of the system response.In view of the proposed memory-based AETMs,a time-dependent Lyapunov functional is constructed to analyze the stability of the error system.Some sufficient conditions to ensure the asymptotical synchronization of master-slave MJNNs are obtained,and two easy-to-implement co-design algorithms for the feedback gain matrix and the trigger matrix are given.Finally,a numerical example is given to verify the feasibility and superiority of the two memory-based AETMs.展开更多
This paper investigates the secure synchronization control problem for a class of cyber-physical systems(CPSs)with unknown system matrices and intermittent denial-of-service(DoS)attacks.For the attack free case,an opt...This paper investigates the secure synchronization control problem for a class of cyber-physical systems(CPSs)with unknown system matrices and intermittent denial-of-service(DoS)attacks.For the attack free case,an optimal control law consisting of a feedback control and a compensated feedforward control is proposed to achieve the synchronization,and the feedback control gain matrix is learned by iteratively solving an algebraic Riccati equation(ARE).For considering the attack cases,it is difficult to perform the stability analysis of the synchronization errors by using the existing Lyapunov function method due to the presence of unknown system matrices.In order to overcome this difficulty,a matrix polynomial replacement method is given and it is shown that,the proposed optimal control law can still guarantee the asymptotical convergence of synchronization errors if two inequality conditions related with the DoS attacks hold.Finally,two examples are given to illustrate the effectiveness of the proposed approaches.展开更多
There has been a surge of interests in the security of cyber-physical systems(CPSs), yet it is commonly assumed that the adversary has a full knowledge of physical system models. This paper argues that such an unreali...There has been a surge of interests in the security of cyber-physical systems(CPSs), yet it is commonly assumed that the adversary has a full knowledge of physical system models. This paper argues that such an unrealistic assumption can be relaxed: the adversary might still be able to identify the system model by passively observing the control input and sensory data. In such a setup, the attack with knowledge of input-output data can be categorized as a Known-Plaintext Attack. A necessary and sufficient condition has been provided, under which the adversary can uniquely obtain the knowledge of the underlying physical system.From the defender's perspective, a secure controller design—which exhibits a low rank structure—is proposed which renders the system unidentifiable to the adversary, while trading off the control system's performance. Finally, a numerical example has been provided to demonstrate the effectiveness of the proposed secure controller design.展开更多
We present a controlled secure quantum dialogue protocol using a non-maximally (pure) entangled Greenberger-Horne-Zeibinger (GHZ) states at first, and then discuss the requirements for a real quantum dialogue. We ...We present a controlled secure quantum dialogue protocol using a non-maximally (pure) entangled Greenberger-Horne-Zeibinger (GHZ) states at first, and then discuss the requirements for a real quantum dialogue. We show that the authorized two users can exchange their secret messages after purifying the non-maximally entangled GHZ states quantum channel unconditionally securely and simultaneously under the control of a third party.展开更多
In this paper,we first re-examine the previous protocol of controlled quantum secure direct communication of Zhang et al.’s scheme,which was found insecure under two kinds of attacks,fake entangled particles attack a...In this paper,we first re-examine the previous protocol of controlled quantum secure direct communication of Zhang et al.’s scheme,which was found insecure under two kinds of attacks,fake entangled particles attack and disentanglement attack.Then,by changing the party of the preparation of cluster states and using unitary operations,we present an improved protocol which can avoid these two kinds of attacks.Moreover,the protocol is proposed using the three-qubit partially entangled set of states.It is more efficient by only using three particles rather than four or even more to transmit one bit secret information.Given our using state is much easier to prepare for multiqubit states and our protocol needs less measurement resource,it makes this protocol more convenient from an applied point of view.展开更多
The controlled quantum secure direct communication(CQSDC)with authentication protocol based on four particle cluster states via quantum one-time pad and local unitary operations is cryptanalyzed.It is found that there...The controlled quantum secure direct communication(CQSDC)with authentication protocol based on four particle cluster states via quantum one-time pad and local unitary operations is cryptanalyzed.It is found that there are some serious security issues in this protocol.An eavesdropper(Eve)can eavesdrop on some information of the identity strings of the receiver and the controller without being detected by the selective-CNOT-operation(SCNO)attack.By the same attack,Eve can also steal some information of the secret message that the sender transmits.In addition,the receiver can take the same kind of attack to eavesdrop on some information of the secret message out of the control of the controller.This means that the requirements of CQSDC are not satisfied.At last,we improve the original CQSDC protocol to a secure one.展开更多
Quantitative security metrics are desirable for measuring the performance of information security controls. Security metrics help to make functional and business decisions for improving the performance and cost of the...Quantitative security metrics are desirable for measuring the performance of information security controls. Security metrics help to make functional and business decisions for improving the performance and cost of the security controls. However, defining enterprise-level security metrics has already been listed as one of the hard problems in the Info Sec Research Council's hard problems list. Almost all the efforts in defining absolute security metrics for the enterprise security have not been proved fruitful. At the same time, with the maturity of the security industry, there has been a continuous emphasis from the regulatory bodies on establishing measurable security metrics. This paper addresses this need and proposes a relative security metric model that derives three quantitative security metrics named Attack Resiliency Measure(ARM), Performance Improvement Factor(PIF), and Cost/Benefit Measure(CBM) for measuring the performance of the security controls. For the effectiveness evaluation of the proposed security metrics, we took the secure virtual machine(VM) migration protocol as the target of assessment. The virtual-ization technologies are rapidly changing the landscape of the computing world. Devising security metrics for virtualized environment is even more challenging. As secure virtual machine migration is an evolving area and no standard protocol is available specifically for secure VM migration. This paper took the secure virtual machine migration protocol as the target of assessment and applied the proposed relative security metric model for measuring the Attack Resiliency Measure, Performance Improvement Factor, and Cost/Benefit Measure of the secure VM migration protocol.展开更多
With the expanding applications of multiple unmanned systems in various fields,more and more research attention has been paid to their security.The aim is to enhance the anti-interference ability,ensure their reliabil...With the expanding applications of multiple unmanned systems in various fields,more and more research attention has been paid to their security.The aim is to enhance the anti-interference ability,ensure their reliability and stability,and better serve human society.This article conducts adaptive cooperative secure tracking consensus of networked multiple unmanned systems subjected to false data injection attacks.From a practical perspective,each unmanned system is modeled using high-order unknown nonlinear discrete-time systems.To reduce the communication bandwidth between agents,a quantizer-based codec mechanism is constructed.This quantizer uses a uniform logarithmic quantizer,combining the advantages of both quantizers.Because the transmission information attached to the false data can affect the accuracy of the decoder,a new adaptive law is added to the decoder to overcome this difficulty.A distributed controller is devised in the backstepping framework.Rigorous mathematical analysis shows that our proposed control algorithms ensure that all signals of the resultant systems remain bounded.Finally,simulation examples reveal the practical utility of the theoretical analysis.展开更多
We present a controlled secure quantum communication protocol using non-maximally (pure) entangled W states first, and then discuss the basic requirements for a real quantum communication. We show that the authorize...We present a controlled secure quantum communication protocol using non-maximally (pure) entangled W states first, and then discuss the basic requirements for a real quantum communication. We show that the authorized two users can exchange their secret messages with the help of the controller after purifying the non-maximally entangled states quantum channel unconditionally securely and simultaneously. Our quantum communication protocol seems even more feasible within present technologies.展开更多
Security issues and lnternet of Things (loT) become indispensable part in digital community as loT develops with the pervasive introduction of additional "smart" sensors and devices over the last decades, and it n...Security issues and lnternet of Things (loT) become indispensable part in digital community as loT develops with the pervasive introduction of additional "smart" sensors and devices over the last decades, and it necessitates the implementation of information security principle in digital community system. A three-level criticality model to determine the potential impact is proposed in digital community system when various devices lost in this paper. Combining the actual security requirement of digital community and characteristics of loT, a hierarchical security architecture including defense-in-deep cybersecurity and distribute secure control is proposed. A high-assurance trust model, which assumes insider compromise, which exists in the digital community, is finally proposed according to the security issues analysis.展开更多
Networked control systems are spatially distributed systems in which the communication between sensors, actuators,and controllers occurs through a shared band-limited digital communication network. Several advantages ...Networked control systems are spatially distributed systems in which the communication between sensors, actuators,and controllers occurs through a shared band-limited digital communication network. Several advantages of the network architectures include reduced system wiring, plug and play devices,increased system agility, and ease of system diagnosis and maintenance. Consequently, networked control is the current trend for industrial automation and has ever-increasing applications in a wide range of areas, such as smart grids, manufacturing systems,process control, automobiles, automated highway systems, and unmanned aerial vehicles. The modelling, analysis, and control of networked control systems have received considerable attention in the last two decades. The ‘control over networks’ is one of the key research directions for networked control systems. This paper aims at presenting a survey of trends and techniques in networked control systems from the perspective of ‘control over networks’, providing a snapshot of five control issues: sampled-data control, quantization control, networked control, event-triggered control, and security control. Some challenging issues are suggested to direct the future research.展开更多
Security and stability control system(SSCS)in power systems involves collecting information and sending the decision from/to control stations at different layers;the tree structure of the SSCS requires more levels.Fai...Security and stability control system(SSCS)in power systems involves collecting information and sending the decision from/to control stations at different layers;the tree structure of the SSCS requires more levels.Failure of a station or channel can cause all the execution stations(EXs)to be out of control.The randomness of the controllable capacity of the EXs increases the difficulty of the reliability evaluation of the SSCS.In this study,the loop designed SSCS and reliability analysis are examined for the interconnected systems.The uncertainty analysis of the controllable capacity based on the evidence theory for the SSCS is proposed.The bidirectional and loop channels are introduced to reduce the layers and stations of the existing SSCS with tree configuration.The reliability evaluation and sensitivity analysis are proposed to quantify the controllability and vulnerable components for the SSCS in different configurations.By aiming at the randomness of the controllable capacity of the EXs,the uncertainty analysis of the controllable capacity of the SSCS based on the evidence theory is proposed to quantify the probability of the SSCS for balancing the active power deficiency of the grid.展开更多
In this paper,we investigate and analyze the network security risks faced by 5G private industrial networks.Based on current network security architecture and 3GPP requirements and considering the actual application o...In this paper,we investigate and analyze the network security risks faced by 5G private industrial networks.Based on current network security architecture and 3GPP requirements and considering the actual application of 5G private industrial networks,a comparative analysis is used to plan and design a private network security construction scheme.The network security construction model,network organization,and key processes of 5G private industrial networks at the current stage are investigated.In addition,the key direction for the next stage of construction is discussed.展开更多
Controller vulnerabilities allow malicious actors to disrupt or hijack the Software-Defined Networking. Traditionally, it is static mappings between the control plane and data plane. Adversaries have plenty of time to...Controller vulnerabilities allow malicious actors to disrupt or hijack the Software-Defined Networking. Traditionally, it is static mappings between the control plane and data plane. Adversaries have plenty of time to exploit the controller's vulnerabilities and launch attacks wisely. We tend to believe that dynamically altering such static mappings is a promising approach to alleviate this issue, since a moving target is difficult to be compromised even by skilled adversaries. It is critical to determine the right time to conduct scheduling and to balance the overhead afforded and the security levels guaranteed. Little previous work has been done to investigate the economical time in dynamic-scheduling controllers. In this paper, we take the first step to both theoretically and experimentally study the scheduling-timing problem in dynamic control plane. We model this problem as a renewal reward process and propose an optimal algorithm in deciding the right time to schedule with the objective of minimizing the long-term loss rate. In our experiments, simulations based on real network attack datasets are conducted and we demonstrate that our proposed algorithm outperforms given scheduling schemes.展开更多
The Internet plays increasingly important roles in everyone's life; however, the existence of a mismatch between the basic architectural idea beneath the Internet and the emerging requirements for it is becoming m...The Internet plays increasingly important roles in everyone's life; however, the existence of a mismatch between the basic architectural idea beneath the Internet and the emerging requirements for it is becoming more and more obvious. Although the Internet community came up with a consensus that the future network should be trustworthy, the concept of 'trustworthy networks' and the ways leading us to a trustworthy network are not yet clear. This research insists that the security, controllability, manageability, and survivability should be basic properties of a trustworthy network. The key ideas and techniques involved in these properties are studied, and recent developments and progresses are surveyed. At the same time, the technical trends and challenges are briefly discussed. The network trustworthiness could and should be eventually achieved.展开更多
文摘This paper explores the issue of secure synchronization control in piecewise-homogeneous Markovian jump delay neural networks affected by denial-of-service(DoS)attacks.Initially,a novel memory-based adaptive event-triggered mechanism(MBAETM)is designed based on sequential growth rates,focusing on event-triggered conditions and thresholds.Subsequently,from the perspective of defenders,non-periodic DoS attacks are re-characterized,and a model of irregular DoS attacks with cyclic fluctuations within time series is further introduced to enhance the system's defense capabilities more effectively.Additionally,considering the unified demands of network security and communication efficiency,a resilient memory-based adaptive event-triggered mechanism(RMBAETM)is proposed.A unified Lyapunov-Krasovskii functional is then constructed,incorporating a loop functional to thoroughly consider information at trigger moments.The master-slave system achieves synchronization through the application of linear matrix inequality techniques.Finally,the proposed methods'effectiveness and superiority are confirmed through four numerical simulation examples.
文摘Cyber-physical systems(CPSs)are regarded as the backbone of the fourth industrial revolution,in which communication,physical processes,and computer technology are integrated.In modern industrial systems,CPSs are widely utilized across various domains,such as smart grids,smart healthcare systems,smart vehicles,and smart manufacturing,among others.Due to their unique spatial distribution,CPSs are highly vulnerable to cyber-attacks,which may result in severe performance degradation and even system instability.Consequently,the security concerns of CPSs have attracted significant attention in recent years.In this paper,a comprehensive survey on the security issues of CPSs under cyber-attacks is provided.Firstly,mathematical descriptions of various types of cyberattacks are introduced in detail.Secondly,two types of secure estimation and control processing schemes,including robust methods and active methods,are reviewed.Thirdly,research findings related to secure control and estimation problems for different types of CPSs are summarized.Finally,the survey is concluded by outlining the challenges and suggesting potential research directions for the future.
基金supported by the National Natural Science Foundation of China under 62173172.
文摘This paper investigates the adaptive neural network(NN)event-triggered secure formation control problem for nonholonomic mobile robots(NMRs)subject to deception attacks.The NNs are employed to approximate unknown nonlinear functions in robotic dynamics.Since the transmission channel from sensor-to-controller is vulnerable to deception attacks,a NN estimation technique is introduced to estimate the unknown deception attacks.In order to alleviate the amount of communication between controller-and-actuator,an event-triggered mechanism with relative threshold strategy is established.Then,an adaptive NN event-triggered secure formation control method is proposed.It is proved that all closed-loop signals of controlled systems are bounded and the formation tracking errors converge a neighborhood of the origin in the presence of deception attacks.The comparative simulations illustrate the effectiveness of the proposed secure formation control scheme.
基金funded by the Office of Gas and Electricity Markets(Ofgem)and supported by De Montfort University(DMU)and Nottingham Trent University(NTU),UK.
文摘This paper introduces the Integrated Security Embedded Resilience Architecture (ISERA) as an advanced resilience mechanism for Industrial Control Systems (ICS) and Operational Technology (OT) environments. The ISERA framework integrates security by design principles, micro-segmentation, and Island Mode Operation (IMO) to enhance cyber resilience and ensure continuous, secure operations. The methodology deploys a Forward-Thinking Architecture Strategy (FTAS) algorithm, which utilises an industrial Intrusion Detection System (IDS) implemented with Python’s Network Intrusion Detection System (NIDS) library. The FTAS algorithm successfully identified and responded to cyber-attacks, ensuring minimal system disruption. ISERA has been validated through comprehensive testing scenarios simulating Denial of Service (DoS) attacks and malware intrusions, at both the IT and OT layers where it successfully mitigates the impact of malicious activity. Results demonstrate ISERA’s efficacy in real-time threat detection, containment, and incident response, thus ensuring the integrity and reliability of critical infrastructure systems. ISERA’s decentralised approach contributes to global net zero goals by optimising resource use and minimising environmental impact. By adopting a decentralised control architecture and leveraging virtualisation, ISERA significantly enhances the cyber resilience and sustainability of critical infrastructure systems. This approach not only strengthens defences against evolving cyber threats but also optimises resource allocation, reducing the system’s carbon footprint. As a result, ISERA ensures the uninterrupted operation of essential services while contributing to broader net zero goals.
文摘Terminals and their access represent a vulnerable aspect in the security framework of 5G-railway(5G-R)system.To enhance the control of 5G-R terminals and their access to applications,this paper analyzes the application scenarios,operational modes,services supported by 5G-R terminals,and the data paths between these terminals and the connected railway application service systems.Further analysis concentrates on the security risks posed by the characteristics of intelligent 5G-R handheld terminals,lightweight Internet of Things(IoT)communication terminals,and onboard integrated wireless transmission equipment with public-private convergence.In light of the risks above,this paper presents the terminal security control requirements.Furthermore,based on the planned architecture of the 5G-R system and security technologies such as terminal identity authentication and behavior auditing,the paper proposes a solution package for the 5G-R terminal security control system,including the overall architecture,functional implementation,and interface configuration.These solutions aim to achieve unified control over the admission and access of 5G-R handheld terminals,IoT communication terminals,and onboard integrated wireless communication equipment to railway application systems.Additionally,they enable the security control and analysis of terminal behaviors and application data,facilitate the security management of terminals,and ensure the secure release,download,and installation of mobile applications.
基金supported by the National Natural Science Foundation of China (Grant Nos.61973199,62003794,and 62173214)the Shandong Provincial Natural Science Foundation (Grant Nos.ZR2020QF050 and ZR2021MF003)the Taishan Scholar Project of Shandong Province of China。
文摘In this article,we study the secure control of the Markovian jumping neural networks(MJNNs)subject to deception attacks.Considering the limitation of the network bandwidth and the impact of the deception attacks,we propose two memory-based adaptive event-trigger mechanisms(AETMs).Different from the available event-trigger mechanisms,these two memory-based AETMs contain the historical triggered data not only in the triggering conditions,but also in the adaptive law.They can adjust the data transmission rate adaptively so as to alleviate the impact of deception attacks on the controlled system and to suppress the peak of the system response.In view of the proposed memory-based AETMs,a time-dependent Lyapunov functional is constructed to analyze the stability of the error system.Some sufficient conditions to ensure the asymptotical synchronization of master-slave MJNNs are obtained,and two easy-to-implement co-design algorithms for the feedback gain matrix and the trigger matrix are given.Finally,a numerical example is given to verify the feasibility and superiority of the two memory-based AETMs.
基金supported in part by the National Natural Science Foundation of China(61873050)the Fundamental Research Funds for the Central Universities(N180405022,N2004010)+1 种基金the Research Fund of State Key Laboratory of Synthetical Automation for Process Industries(2018ZCX14)Liaoning Revitalization Talents Program(XLYC1907088)。
文摘This paper investigates the secure synchronization control problem for a class of cyber-physical systems(CPSs)with unknown system matrices and intermittent denial-of-service(DoS)attacks.For the attack free case,an optimal control law consisting of a feedback control and a compensated feedforward control is proposed to achieve the synchronization,and the feedback control gain matrix is learned by iteratively solving an algebraic Riccati equation(ARE).For considering the attack cases,it is difficult to perform the stability analysis of the synchronization errors by using the existing Lyapunov function method due to the presence of unknown system matrices.In order to overcome this difficulty,a matrix polynomial replacement method is given and it is shown that,the proposed optimal control law can still guarantee the asymptotical convergence of synchronization errors if two inequality conditions related with the DoS attacks hold.Finally,two examples are given to illustrate the effectiveness of the proposed approaches.
基金supported by the National Natural Science Foundation of China (Grant No. 91748112)the National Key Research and Development Program of China (Grant No. 2018AAA0101601)。
文摘There has been a surge of interests in the security of cyber-physical systems(CPSs), yet it is commonly assumed that the adversary has a full knowledge of physical system models. This paper argues that such an unrealistic assumption can be relaxed: the adversary might still be able to identify the system model by passively observing the control input and sensory data. In such a setup, the attack with knowledge of input-output data can be categorized as a Known-Plaintext Attack. A necessary and sufficient condition has been provided, under which the adversary can uniquely obtain the knowledge of the underlying physical system.From the defender's perspective, a secure controller design—which exhibits a low rank structure—is proposed which renders the system unidentifiable to the adversary, while trading off the control system's performance. Finally, a numerical example has been provided to demonstrate the effectiveness of the proposed secure controller design.
基金The project supported by National Natural Science Foundation of China under Grant No. 10575017
文摘We present a controlled secure quantum dialogue protocol using a non-maximally (pure) entangled Greenberger-Horne-Zeibinger (GHZ) states at first, and then discuss the requirements for a real quantum dialogue. We show that the authorized two users can exchange their secret messages after purifying the non-maximally entangled GHZ states quantum channel unconditionally securely and simultaneously under the control of a third party.
基金Project supported by NSFC(Grant Nos.61671087,61272514,61170272,61003287,61571335,61628209)the Fok Ying Tong Education Foundation(Grant No.131067)+2 种基金the National Key R&D Program of China under Grant 2017YFB0802300the Open Foundation of Guizhou Provincial Key Laboratory of Public Big Data(2018BDKFJJ016)Hubei Science Foundation(2016CFA030,2017AAA125)。
文摘In this paper,we first re-examine the previous protocol of controlled quantum secure direct communication of Zhang et al.’s scheme,which was found insecure under two kinds of attacks,fake entangled particles attack and disentanglement attack.Then,by changing the party of the preparation of cluster states and using unitary operations,we present an improved protocol which can avoid these two kinds of attacks.Moreover,the protocol is proposed using the three-qubit partially entangled set of states.It is more efficient by only using three particles rather than four or even more to transmit one bit secret information.Given our using state is much easier to prepare for multiqubit states and our protocol needs less measurement resource,it makes this protocol more convenient from an applied point of view.
基金This work was supported by National Natural Science Foundation of China(Grant No.61502101)the Six Talent Peaks Project of Jiangsu Province(Grant No.XYDXX-003)+1 种基金Scientific Research Foundation of the science and Technology Department of Fujian Province(Grant No.JK2015023)Shangda Li Education Foundation of Jimei University(Grant No.ZC2013010).
文摘The controlled quantum secure direct communication(CQSDC)with authentication protocol based on four particle cluster states via quantum one-time pad and local unitary operations is cryptanalyzed.It is found that there are some serious security issues in this protocol.An eavesdropper(Eve)can eavesdrop on some information of the identity strings of the receiver and the controller without being detected by the selective-CNOT-operation(SCNO)attack.By the same attack,Eve can also steal some information of the secret message that the sender transmits.In addition,the receiver can take the same kind of attack to eavesdrop on some information of the secret message out of the control of the controller.This means that the requirements of CQSDC are not satisfied.At last,we improve the original CQSDC protocol to a secure one.
文摘Quantitative security metrics are desirable for measuring the performance of information security controls. Security metrics help to make functional and business decisions for improving the performance and cost of the security controls. However, defining enterprise-level security metrics has already been listed as one of the hard problems in the Info Sec Research Council's hard problems list. Almost all the efforts in defining absolute security metrics for the enterprise security have not been proved fruitful. At the same time, with the maturity of the security industry, there has been a continuous emphasis from the regulatory bodies on establishing measurable security metrics. This paper addresses this need and proposes a relative security metric model that derives three quantitative security metrics named Attack Resiliency Measure(ARM), Performance Improvement Factor(PIF), and Cost/Benefit Measure(CBM) for measuring the performance of the security controls. For the effectiveness evaluation of the proposed security metrics, we took the secure virtual machine(VM) migration protocol as the target of assessment. The virtual-ization technologies are rapidly changing the landscape of the computing world. Devising security metrics for virtualized environment is even more challenging. As secure virtual machine migration is an evolving area and no standard protocol is available specifically for secure VM migration. This paper took the secure virtual machine migration protocol as the target of assessment and applied the proposed relative security metric model for measuring the Attack Resiliency Measure, Performance Improvement Factor, and Cost/Benefit Measure of the secure VM migration protocol.
基金supported in part by the National Natural Science Foundation of China under Grant U20B2073,Grant 62103047Beijing Institute of Technology Research Fund Program for Young ScholarsYoung Elite Scientists Sponsorship Program by BAST(Grant No.BYESS2023365)
文摘With the expanding applications of multiple unmanned systems in various fields,more and more research attention has been paid to their security.The aim is to enhance the anti-interference ability,ensure their reliability and stability,and better serve human society.This article conducts adaptive cooperative secure tracking consensus of networked multiple unmanned systems subjected to false data injection attacks.From a practical perspective,each unmanned system is modeled using high-order unknown nonlinear discrete-time systems.To reduce the communication bandwidth between agents,a quantizer-based codec mechanism is constructed.This quantizer uses a uniform logarithmic quantizer,combining the advantages of both quantizers.Because the transmission information attached to the false data can affect the accuracy of the decoder,a new adaptive law is added to the decoder to overcome this difficulty.A distributed controller is devised in the backstepping framework.Rigorous mathematical analysis shows that our proposed control algorithms ensure that all signals of the resultant systems remain bounded.Finally,simulation examples reveal the practical utility of the theoretical analysis.
基金The project supported by National Natural Science Foundation of China under Grant No.10575017
文摘We present a controlled secure quantum communication protocol using non-maximally (pure) entangled W states first, and then discuss the basic requirements for a real quantum communication. We show that the authorized two users can exchange their secret messages with the help of the controller after purifying the non-maximally entangled states quantum channel unconditionally securely and simultaneously. Our quantum communication protocol seems even more feasible within present technologies.
基金Supported by the National Science Foundation of China of Shanxi(2015011040)
文摘Security issues and lnternet of Things (loT) become indispensable part in digital community as loT develops with the pervasive introduction of additional "smart" sensors and devices over the last decades, and it necessitates the implementation of information security principle in digital community system. A three-level criticality model to determine the potential impact is proposed in digital community system when various devices lost in this paper. Combining the actual security requirement of digital community and characteristics of loT, a hierarchical security architecture including defense-in-deep cybersecurity and distribute secure control is proposed. A high-assurance trust model, which assumes insider compromise, which exists in the digital community, is finally proposed according to the security issues analysis.
基金supported in part by the Australian Research Council Discovery Project(DP160103567)
文摘Networked control systems are spatially distributed systems in which the communication between sensors, actuators,and controllers occurs through a shared band-limited digital communication network. Several advantages of the network architectures include reduced system wiring, plug and play devices,increased system agility, and ease of system diagnosis and maintenance. Consequently, networked control is the current trend for industrial automation and has ever-increasing applications in a wide range of areas, such as smart grids, manufacturing systems,process control, automobiles, automated highway systems, and unmanned aerial vehicles. The modelling, analysis, and control of networked control systems have received considerable attention in the last two decades. The ‘control over networks’ is one of the key research directions for networked control systems. This paper aims at presenting a survey of trends and techniques in networked control systems from the perspective of ‘control over networks’, providing a snapshot of five control issues: sampled-data control, quantization control, networked control, event-triggered control, and security control. Some challenging issues are suggested to direct the future research.
基金supported by Science and Technology Project of SGCC“Research on Flat Architecture and Implementation Technology of Security and Stability Control System in Ultra Large Power Grid”(52170221000U).
文摘Security and stability control system(SSCS)in power systems involves collecting information and sending the decision from/to control stations at different layers;the tree structure of the SSCS requires more levels.Failure of a station or channel can cause all the execution stations(EXs)to be out of control.The randomness of the controllable capacity of the EXs increases the difficulty of the reliability evaluation of the SSCS.In this study,the loop designed SSCS and reliability analysis are examined for the interconnected systems.The uncertainty analysis of the controllable capacity based on the evidence theory for the SSCS is proposed.The bidirectional and loop channels are introduced to reduce the layers and stations of the existing SSCS with tree configuration.The reliability evaluation and sensitivity analysis are proposed to quantify the controllability and vulnerable components for the SSCS in different configurations.By aiming at the randomness of the controllable capacity of the EXs,the uncertainty analysis of the controllable capacity of the SSCS based on the evidence theory is proposed to quantify the probability of the SSCS for balancing the active power deficiency of the grid.
文摘In this paper,we investigate and analyze the network security risks faced by 5G private industrial networks.Based on current network security architecture and 3GPP requirements and considering the actual application of 5G private industrial networks,a comparative analysis is used to plan and design a private network security construction scheme.The network security construction model,network organization,and key processes of 5G private industrial networks at the current stage are investigated.In addition,the key direction for the next stage of construction is discussed.
基金supported by the Foundation for Innovative Research Groups of the National Natural Science Foundation of China (No. 61521003)The National Key R&D Program of China (No.2016YFB0800101)+1 种基金the National Science Foundation for Distinguished Young Scholars of China (No.61602509)Henan Province Key Technologies R&D Program of China(No.172102210615)
文摘Controller vulnerabilities allow malicious actors to disrupt or hijack the Software-Defined Networking. Traditionally, it is static mappings between the control plane and data plane. Adversaries have plenty of time to exploit the controller's vulnerabilities and launch attacks wisely. We tend to believe that dynamically altering such static mappings is a promising approach to alleviate this issue, since a moving target is difficult to be compromised even by skilled adversaries. It is critical to determine the right time to conduct scheduling and to balance the overhead afforded and the security levels guaranteed. Little previous work has been done to investigate the economical time in dynamic-scheduling controllers. In this paper, we take the first step to both theoretically and experimentally study the scheduling-timing problem in dynamic control plane. We model this problem as a renewal reward process and propose an optimal algorithm in deciding the right time to schedule with the objective of minimizing the long-term loss rate. In our experiments, simulations based on real network attack datasets are conducted and we demonstrate that our proposed algorithm outperforms given scheduling schemes.
基金the National Key BasicResearch Program (973 Program) under Grant2007CB307104.
文摘The Internet plays increasingly important roles in everyone's life; however, the existence of a mismatch between the basic architectural idea beneath the Internet and the emerging requirements for it is becoming more and more obvious. Although the Internet community came up with a consensus that the future network should be trustworthy, the concept of 'trustworthy networks' and the ways leading us to a trustworthy network are not yet clear. This research insists that the security, controllability, manageability, and survivability should be basic properties of a trustworthy network. The key ideas and techniques involved in these properties are studied, and recent developments and progresses are surveyed. At the same time, the technical trends and challenges are briefly discussed. The network trustworthiness could and should be eventually achieved.
