This paper addresses the consensus problem of nonlinear multi-agent systems subject to external disturbances and uncertainties under denial-ofservice(DoS)attacks.Firstly,an observer-based state feedback control method...This paper addresses the consensus problem of nonlinear multi-agent systems subject to external disturbances and uncertainties under denial-ofservice(DoS)attacks.Firstly,an observer-based state feedback control method is employed to achieve secure control by estimating the system's state in real time.Secondly,by combining a memory-based adaptive eventtriggered mechanism with neural networks,the paper aims to approximate the nonlinear terms in the networked system and efficiently conserve system resources.Finally,based on a two-degree-of-freedom model of a vehicle affected by crosswinds,this paper constructs a multi-unmanned ground vehicle(Multi-UGV)system to validate the effectiveness of the proposed method.Simulation results show that the proposed control strategy can effectively handle external disturbances such as crosswinds in practical applications,ensuring the stability and reliable operation of the Multi-UGV system.展开更多
Ballet is one of the finalists of the block cipher project in the 2019 National Cryptographic Algorithm Design Competition.This study aims to conduct a comprehensive security evaluation of Ballet from the perspective ...Ballet is one of the finalists of the block cipher project in the 2019 National Cryptographic Algorithm Design Competition.This study aims to conduct a comprehensive security evaluation of Ballet from the perspective of differential-linear(DL)cryptanalysis.Specifically,we present an automated search for the DL distinguishers of Ballet based on MILP/MIQCP.For the versions with block sizes of 128 and 256 bits,we obtain 16 and 22 rounds distinguishers with estimated correlations of 2^(-59.89)and 2^(-116.80),both of which are the publicly longest distinguishers.In addition,this study incorporates the complexity information of key-recovery attacks into the automated model,to search for the optimal key-recovery attack structures based on DL distinguishers.As a result,we mount the key-recovery attacks on 16-round Ballet-128/128,17-round Ballet-128/256,and 21-round Ballet-256/256.The data/time complexities for these attacks are 2^(108.36)/2^(120.36),2^(115.90)/2^(192),and 2^(227.62)/2^(240.67),respectively.展开更多
Zero-click attacks represent an advanced cybersecurity threat,capable of compromising devices without user interaction.High-profile examples such as Pegasus,Simjacker,Bluebugging,and Bluesnarfing exploit hidden vulner...Zero-click attacks represent an advanced cybersecurity threat,capable of compromising devices without user interaction.High-profile examples such as Pegasus,Simjacker,Bluebugging,and Bluesnarfing exploit hidden vulnerabilities in software and communication protocols to silently gain access,exfiltrate data,and enable long-term surveillance.Their stealth and ability to evade traditional defenses make detection and mitigation highly challenging.This paper addresses these threats by systematically mapping the tactics and techniques of zero-click attacks using the MITRE ATT&CK framework,a widely adopted standard for modeling adversarial behavior.Through this mapping,we categorize real-world attack vectors and better understand how such attacks operate across the cyber-kill chain.To support threat detection efforts,we propose an Active Learning-based method to efficiently label the Pegasus spyware dataset in alignment with the MITRE ATT&CK framework.This approach reduces the effort of manually annotating data while improving the quality of the labeled data,which is essential to train robust cybersecurity models.In addition,our analysis highlights the structured execution paths of zero-click attacks and reveals gaps in current defense strategies.The findings emphasize the importance of forward-looking strategies such as continuous surveillance,dynamic threat profiling,and security education.By bridging zero-click attack analysis with the MITRE ATT&CK framework and leveraging machine learning for dataset annotation,this work provides a foundation for more accurate threat detection and the development of more resilient and structured cybersecurity frameworks.展开更多
This paper investigates the problem of optimal secure control for networked control systems under hybrid attacks.A control strategy based on the Stackelberg game framework is proposed,which differs from conventional m...This paper investigates the problem of optimal secure control for networked control systems under hybrid attacks.A control strategy based on the Stackelberg game framework is proposed,which differs from conventional methods by considering both denial-of-service(DoS)and false data injection(FDI)attacks simultaneously.Additionally,the stability conditions for the system under these hybrid attacks are established.It is technically challenging to design the control strategy by predicting attacker actions based on Stcakelberg game to ensure the system stability under hybrid attacks.Another technical difficulty lies in establishing the conditions for mean-square asymptotic stability due to the complexity of the attack scenarios Finally,simulations on an unstable batch reactor system under hybrid attacks demonstrate the effectiveness of the proposed strategy.展开更多
Vehicular Ad Hoc Networks(VANETs)are central to Intelligent Transportation Systems(ITS),especially for real-time communication involving emergency vehicles.Yet,Distributed Denial of Service(DDoS)attacks can disrupt sa...Vehicular Ad Hoc Networks(VANETs)are central to Intelligent Transportation Systems(ITS),especially for real-time communication involving emergency vehicles.Yet,Distributed Denial of Service(DDoS)attacks can disrupt safety-critical channels and undermine reliability.This paper presents a robust,scalable framework for detecting DDoS attacks in highway VANETs.We construct a new dataset with Network Simulator 3(NS-3)and Simulation of Urban Mobility(SUMO),enriched with real mobility traces from Germany’s A81 highway(OpenStreetMap).Three traffic classes are modeled:DDoS,Voice over IP(VoIP),and Transmission Control Protocol Based(TCP-based)video streaming(VideoTCP).The pipeline includes normalization,feature selection with SHapley Additive exPlanations(SHAP),and class balancing via Synthetic Minority Over-sampling Technique(SMOTE).Eleven classifiers are benchmarked—including eXtreme Gradient Boosting(XGBoost),Categorical Boosting(CatBoost),Adaptive Boosting(AdaBoost),Gradient Boosting(GB),and an Artificial Neural Network(ANN)—using stratified 5-fold cross-validation.XGBoost,GB,CatBoost and ANN achieve the highest performance(weighted F1-score=97%).To assess robustness under non-ideal conditions,we introduce an adversarial evaluation with packet-loss and traffic-jitter(small-sample deformation);the top models retain strong performance,supporting real-time applicability.Collectively,these results demonstrate that the proposed highway-focused framework is accurate,resilient,and well-suited for deployment in VANET security for emergency communications.展开更多
Federated Graph Neural Networks (FedGNNs) have achieved significant success in representation learning for graph data, enabling collaborative training among multiple parties without sharing their raw graph data and so...Federated Graph Neural Networks (FedGNNs) have achieved significant success in representation learning for graph data, enabling collaborative training among multiple parties without sharing their raw graph data and solving the data isolation problem faced by centralized GNNs in data-sensitive scenarios. Despite the plethora of prior work on inference attacks against centralized GNNs, the vulnerability of FedGNNs to inference attacks has not yet been widely explored. It is still unclear whether the privacy leakage risks of centralized GNNs will also be introduced in FedGNNs. To bridge this gap, we present PIAFGNN, the first property inference attack (PIA) against FedGNNs. Compared with prior works on centralized GNNs, in PIAFGNN, the attacker can only obtain the global embedding gradient distributed by the central server. The attacker converts the task of stealing the target user’s local embeddings into a regression problem, using a regression model to generate the target graph node embeddings. By training shadow models and property classifiers, the attacker can infer the basic property information within the target graph that is of interest. Experiments on three benchmark graph datasets demonstrate that PIAFGNN achieves attack accuracy of over 70% in most cases, even approaching the attack accuracy of inference attacks against centralized GNNs in some instances, which is much higher than the attack accuracy of the random guessing method. Furthermore, we observe that common defense mechanisms cannot mitigate our attack without affecting the model’s performance on mainly classification tasks.展开更多
In this paper, the attack detection problem is investigated for a class of closed-loop systems subjected to unknownbutbounded noises in the presence of stealthy attacks. The measurement outputs from the sensors are qu...In this paper, the attack detection problem is investigated for a class of closed-loop systems subjected to unknownbutbounded noises in the presence of stealthy attacks. The measurement outputs from the sensors are quantized before transmission.A specific type of perfect stealthy attack, which meets certain rather stringent conditions, is taken into account. Such attacks could be injected by adversaries into both the sensor-toestimator and controller-to-actuator channels, with the aim of disrupting the normal data flow. For the purpose of defending against these perfect stealthy attacks, a novel scheme based on watermarks is developed. This scheme includes the injection of watermarks(applied to data prior to quantization) and the recovery of data(implemented before the data reaches the estimator).The watermark-based scheme is designed to be both timevarying and hidden from adversaries through incorporating a time-varying and bounded watermark signal. Subsequently, a watermark-based attack detection strategy is proposed which thoroughly considers the characteristics of perfect stealthy attacks,thereby ensuring that an alarm is activated upon the occurrence of such attacks. An example is provided to demonstrate the efficacy of the proposed mechanism for detecting attacks.展开更多
Dear Editor,The letter deals with the distributed state and fault estimation of the whole physical layer for cyber-physical systems(CPSs) when the cyber layer suffers from DoS attacks. With the advancement of embedded...Dear Editor,The letter deals with the distributed state and fault estimation of the whole physical layer for cyber-physical systems(CPSs) when the cyber layer suffers from DoS attacks. With the advancement of embedded computing, communication and related hardware technologies, CPSs have attracted extensive attention and have been widely used in power system, traffic network, refrigeration system and other fields.展开更多
Dear Editor,This letter deals with the stabilization of a resilient model predictive control(MPC)algorithm with a dynamic event-triggered mechanism subject to Denial-of-Service(Do S)attacks.Different from previous wor...Dear Editor,This letter deals with the stabilization of a resilient model predictive control(MPC)algorithm with a dynamic event-triggered mechanism subject to Denial-of-Service(Do S)attacks.Different from previous works,this letter is based on the designed threshold function to dynamically trigger and gives the upper bound conditions for intersampling intervals with attack and attack-free scenarios to converge.展开更多
The Industrial Internet of Things(IIoT)is increasingly vulnerable to sophisticated cyber threats,particularly zero-day attacks that exploit unknown vulnerabilities and evade traditional security measures.To address th...The Industrial Internet of Things(IIoT)is increasingly vulnerable to sophisticated cyber threats,particularly zero-day attacks that exploit unknown vulnerabilities and evade traditional security measures.To address this critical challenge,this paper proposes a dynamic defense framework named Zero-day-aware Stackelberg Game-based Multi-Agent Distributed Deep Deterministic Policy Gradient(ZSG-MAD3PG).The framework integrates Stackelberg game modeling with the Multi-Agent Distributed Deep Deterministic Policy Gradient(MAD3PG)algorithm and incorporates defensive deception(DD)strategies to achieve adaptive and efficient protection.While conventional methods typically incur considerable resource overhead and exhibit higher latency due to static or rigid defensive mechanisms,the proposed ZSG-MAD3PG framework mitigates these limitations through multi-stage game modeling and adaptive learning,enabling more efficient resource utilization and faster response times.The Stackelberg-based architecture allows defenders to dynamically optimize packet sampling strategies,while attackers adjust their tactics to reach rapid equilibrium.Furthermore,dynamic deception techniques reduce the time required for the concealment of attacks and the overall system burden.A lightweight behavioral fingerprinting detection mechanism further enhances real-time zero-day attack identification within industrial device clusters.ZSG-MAD3PG demonstrates higher true positive rates(TPR)and lower false alarm rates(FAR)compared to existing methods,while also achieving improved latency,resource efficiency,and stealth adaptability in IIoT zero-day defense scenarios.展开更多
Federated Learning(FL),a practical solution that leverages distributed data across devices without the need for centralized data storage,which enables multiple participants to jointly train models while preserving dat...Federated Learning(FL),a practical solution that leverages distributed data across devices without the need for centralized data storage,which enables multiple participants to jointly train models while preserving data privacy and avoiding direct data sharing.Despite its privacy-preserving advantages,FL remains vulnerable to backdoor attacks,where malicious participants introduce backdoors into local models that are then propagated to the global model through the aggregation process.While existing differential privacy defenses have demonstrated effectiveness against backdoor attacks in FL,they often incur a significant degradation in the performance of the aggregated models on benign tasks.To address this limitation,we propose a novel backdoor defense mechanism based on differential privacy.Our approach first utilizes the inherent out-of-distribution characteristics of backdoor samples to identify and exclude malicious model updates that significantly deviate from benign models.By filtering out models that are clearly backdoor-infected before applying differential privacy,our method reduces the required noise level for differential privacy,thereby enhancing model robustness while preserving performance.Experimental evaluations on the CIFAR10 and FEMNIST datasets demonstrate that our method effectively limits the backdoor accuracy to below 15%across various backdoor scenarios while maintaining high main task accuracy.展开更多
Deep neural networks(DNNs)have found extensive applications in safety-critical artificial intelligence systems,such as autonomous driving and facial recognition systems.However,recent research has revealed their susce...Deep neural networks(DNNs)have found extensive applications in safety-critical artificial intelligence systems,such as autonomous driving and facial recognition systems.However,recent research has revealed their susceptibility to backdoors maliciously injected by adversaries.This vulnerability arises due to the intricate architecture and opacity of DNNs,resulting in numerous redundant neurons embedded within the models.Adversaries exploit these vulnerabilities to conceal malicious backdoor information within DNNs,thereby causing erroneous outputs and posing substantial threats to the efficacy of DNN-based applications.This article presents a comprehensive survey of backdoor attacks against DNNs and the countermeasure methods employed to mitigate them.Initially,we trace the evolution of the concept from traditional backdoor attacks to backdoor attacks against DNNs,highlighting the feasibility and practicality of generating backdoor attacks against DNNs.Subsequently,we provide an overview of notable works encompassing various attack and defense strategies,facilitating a comparative analysis of their approaches.Through these discussions,we offer constructive insights aimed at refining these techniques.Finally,we extend our research perspective to the domain of large language models(LLMs)and synthesize the characteristics and developmental trends of backdoor attacks and defense methods targeting LLMs.Through a systematic review of existing studies on backdoor vulnerabilities in LLMs,we identify critical open challenges in this field and propose actionable directions for future research.展开更多
This paper proposes a model-based control framework for vehicle platooning systems with secondorder nonlinear dynamics operating over switching signed networks,time-varying delays,and deception attacks.The study inclu...This paper proposes a model-based control framework for vehicle platooning systems with secondorder nonlinear dynamics operating over switching signed networks,time-varying delays,and deception attacks.The study includes two configurations:a leaderless structure using Finite-Time Non-Singular Terminal Bipartite Consensus(FNTBC)and Fixed-Time Bipartite Consensus(FXTBC),and a leader—follower structure ensuring structural balance and robustness against deceptive signals.In the leaderless model,a bipartite controller based on impulsive control theory,gauge transformation,and Markovian switching Lyapunov functions ensures mean-square stability and coordination under deception attacks and communication delays.The FNTBC achieves finite-time convergence depending on initial conditions,while the FXTBC guarantees fixed-time convergence independent of them,providing adaptability to different operating states.In the leader—follower case,a discontinuous impulsive control law synchronizes all followers with the leader despite deceptive attacks and switching topologies,maintaining robust coordination through nonlinear corrective mechanisms.To validate the approach,simulations are conducted on systems of five and seventeen vehicles in both leaderless and leader—follower configurations.The results demonstrate that the proposed framework achieves rapid consensus,strong robustness,and high resistance to deception attacks,offering a secure and scalable model-based control solution for modern vehicular communication networks.展开更多
Recent research on adversarial attacks has primarily focused on white-box attack techniques,with limited exploration of black-box attack methods.Furthermore,in many black-box research scenarios,it is assumed that the ...Recent research on adversarial attacks has primarily focused on white-box attack techniques,with limited exploration of black-box attack methods.Furthermore,in many black-box research scenarios,it is assumed that the output label and probability distribution can be observed without imposing any constraints on the number of attack attempts.Unfortunately,this disregard for the real-world practicality of attacks,particularly their potential for human detectability,has left a gap in the research landscape.Considering these limitations,our study focuses on using a similar color attack method,assuming access only to the output label,limiting the number of attack attempts to 100,and subjecting the attacks to human perceptibility testing.Through this approach,we demonstrated the effectiveness of black box attack techniques in deceiving models and achieved a success rate of 82.68%in deceiving humans.This study emphasizes the significance of research that addresses the challenge of deceiving both humans and models,highlighting the importance of real-world applicability.展开更多
False Data Injection Attacks(FDIAs)pose a critical security threat to modern power grids,corrupting state estimation and enabling malicious control actions that can lead to severe consequences,including cascading fail...False Data Injection Attacks(FDIAs)pose a critical security threat to modern power grids,corrupting state estimation and enabling malicious control actions that can lead to severe consequences,including cascading failures,large-scale blackouts,and significant economic losses.While detecting attacks is important,accurately localizing compromised nodes or measurements is even more critical,as it enables timely mitigation,targeted response,and enhanced system resilience beyond what detection alone can offer.Existing research typically models topological features using fixed structures,which can introduce irrelevant information and affect the effectiveness of feature extraction.To address this limitation,this paper proposes an FDIA localization model with adaptive neighborhood selection,which dynamically captures spatial dependencies of the power grid by adjusting node relationships based on data-driven similarities.The improved Transformer is employed to pre-fuse global spatial features of the graph,enriching the feature representation.To improve spatio-temporal correlation extraction for FDIA localization,the proposed model employs dilated causal convolution with a gating mechanism combined with graph convolution to capture and fuse long-range temporal features and adaptive topological features.This fully exploits the temporal dynamics and spatial dependencies inherent in the power grid.Finally,multi-source information is integrated to generate highly robust node embeddings,enhancing FDIA detection and localization.Experiments are conducted on IEEE 14,57,and 118-bus systems,and the results demonstrate that the proposed model substantially improves the accuracy of FDIA localization.Additional experiments are conducted to verify the effectiveness and robustness of the proposed model.展开更多
This paper investigates the secure impulsive consensus of Lipschitz-type nonlinear multi-agent systems(MASs) with input saturation. According to the coupling of input saturation and denial of service(DoS) attacks, imp...This paper investigates the secure impulsive consensus of Lipschitz-type nonlinear multi-agent systems(MASs) with input saturation. According to the coupling of input saturation and denial of service(DoS) attacks, impulsive control for MASs becomes extremely challenging. Considering general DoS attacks,this paper provides the sufficient conditions for the almost sure consensus of the MASs with input saturation, where the error system can achieve almost sure local exponential stability.Through linear matrix inequalities(LMIs), the relation between the trajectory boundary and DoS attacks is characterized, and the trajectory boundary is estimated. Furthermore, an optimization method of the domain of attraction is proposed to maximize the size. And a non-conservative and practical boundary is proposed to characterize the effect of DoS attacks on MASs. Finally, considering a multi-agent system with typical Chua's circuit dynamic model, an example is provided to illustrate the theorems' correctness.展开更多
A security issue with multi-sensor unmanned aerial vehicle(UAV)cyber physical systems(CPS)from the viewpoint of a false data injection(FDI)attacker is investigated in this paper.The FDI attacker can employ attacks on ...A security issue with multi-sensor unmanned aerial vehicle(UAV)cyber physical systems(CPS)from the viewpoint of a false data injection(FDI)attacker is investigated in this paper.The FDI attacker can employ attacks on feedback and feed-forward channels simultaneously with limited resource.The attacker aims at degrading the UAV CPS's estimation performance to the max while keeping stealthiness characterized by the Kullback-Leibler(K-L)divergence.The attacker is resource limited which can only attack part of sensors,and the attacked sensor as well as specific forms of attack signals at each instant should be considered by the attacker.Also,the sensor selection principle is investigated with respect to time invariant attack covariances.Additionally,the optimal switching attack strategies in regard to time variant attack covariances are modeled as a multi-agent Markov decision process(MDP)with hybrid discrete-continuous action space.Then,the multi-agent MDP is solved by utilizing the deep Multi-agent parameterized Q-networks(MAPQN)method.Ultimately,a quadrotor near hover system is used to validate the effectiveness of the results in the simulation section.展开更多
This research paper tackles the complexities of achieving global fuzzy consensus in leader-follower systems in robotic systems,focusing on robust control systems against an advanced signal attack that integrates senso...This research paper tackles the complexities of achieving global fuzzy consensus in leader-follower systems in robotic systems,focusing on robust control systems against an advanced signal attack that integrates sensor and actuator disturbances within the dynamics of follower robots.Each follower robot has unknown dynamics and control inputs,which expose it to the risks of both sensor and actuator attacks.The leader robot,described by a secondorder,time-varying nonlinear model,transmits its position,velocity,and acceleration information to follower robots through a wireless connection.To handle the complex setup and communication among robots in the network,we design a robust hybrid distributed adaptive control strategy combining the effect of sensor and actuator attack,which ensures asymptotic consensus,extending beyond conventional bounded consensus results.The proposed framework employs fuzzy logic systems(FLSs)as proactive controllers to estimate unknown nonlinear behaviors,while also effectively managing sensor and actuator attacks,ensuring stable consensus among all agents.To counter the impact of the combined signal attack on follower dynamics,a specialized robust control mechanism is designed,sustaining system stability and performance under adversarial conditions.The efficiency of this control strategy is demonstrated through simulations conducted across two different directed communication topologies,underscoring the protocol’s adaptability,resilience,and effectiveness in maintaining global consensus under complex attack scenarios.展开更多
This paper focuses on the design of event-triggered controllers for the synchronization of delayed Takagi-Sugeno(T-S)fuzzy neural networks(NNs)under deception attacks.The traditional event-triggered mechanism(ETM)dete...This paper focuses on the design of event-triggered controllers for the synchronization of delayed Takagi-Sugeno(T-S)fuzzy neural networks(NNs)under deception attacks.The traditional event-triggered mechanism(ETM)determines the next trigger based on the current sample,resulting in network congestion.Furthermore,such methods suffer from the issues of deception attacks and unmeasurable system states.To enhance the system stability,we adaptively detect the occurrence of events over a period of time.In addition,deception attacks are recharacterized to describe general scenarios.Specifically,the following enhancements are implemented:First,we use a Bernoulli process to model the occurrence of deception attacks,which can describe a variety of attack scenarios as a type of general Markov process.Second,we introduce a sum-based dynamic discrete event-triggered mechanism(SDDETM),which uses a combination of past sampled measurements and internal dynamic variables to determine subsequent triggering events.Finally,we incorporate a dynamic output feedback controller(DOFC)to ensure the system stability.The concurrent design of the DOFC and SDDETM parameters is achieved through the application of the cone complement linearization(CCL)algorithm.We further perform two simulation examples to validate the effectiveness of the algorithm.展开更多
Today’s Internet of Things (IoT) application domains are widely distributed, which exposes them to several security risks and assaults, especially when data is being transferred between endpoints with constrained res...Today’s Internet of Things (IoT) application domains are widely distributed, which exposes them to several security risks and assaults, especially when data is being transferred between endpoints with constrained resources and the backbone network. Numerous researchers have put a lot of effort into addressing routing protocol security vulnerabilities, particularly regarding IoT RPL-based networks. Despite multiple studies on the security of IoT routing protocols, routing attacks remain a major focus of ongoing research in IoT contexts. This paper examines the different types of routing attacks, how they affect Internet of Things networks, and how to mitigate them. Then, it provides an overview of recently published work on routing threats, primarily focusing on countermeasures, highlighting noteworthy security contributions, and drawing conclusions. Consequently, it achieves the study’s main objectives by summarizing intriguing current research trends in IoT routing security, pointing out knowledge gaps in this field, and suggesting directions and recommendations for future research on IoT routing security.展开更多
基金The National Natural Science Foundation of China(W2431048)The Science and Technology Research Program of Chongqing Municipal Education Commission,China(KJZDK202300807)The Chongqing Natural Science Foundation,China(CSTB2024NSCQQCXMX0052).
文摘This paper addresses the consensus problem of nonlinear multi-agent systems subject to external disturbances and uncertainties under denial-ofservice(DoS)attacks.Firstly,an observer-based state feedback control method is employed to achieve secure control by estimating the system's state in real time.Secondly,by combining a memory-based adaptive eventtriggered mechanism with neural networks,the paper aims to approximate the nonlinear terms in the networked system and efficiently conserve system resources.Finally,based on a two-degree-of-freedom model of a vehicle affected by crosswinds,this paper constructs a multi-unmanned ground vehicle(Multi-UGV)system to validate the effectiveness of the proposed method.Simulation results show that the proposed control strategy can effectively handle external disturbances such as crosswinds in practical applications,ensuring the stability and reliable operation of the Multi-UGV system.
基金National Natural Science Foundation of China(62272147,12471492,62072161,12401687)Shandong Provincial Natural Science Foundation(ZR2024QA205)+1 种基金Science and Technology on Communication Security Laboratory Foundation(6142103012207)Innovation Group Project of the Natural Science Foundation of Hubei Province of China(2023AFA021)。
文摘Ballet is one of the finalists of the block cipher project in the 2019 National Cryptographic Algorithm Design Competition.This study aims to conduct a comprehensive security evaluation of Ballet from the perspective of differential-linear(DL)cryptanalysis.Specifically,we present an automated search for the DL distinguishers of Ballet based on MILP/MIQCP.For the versions with block sizes of 128 and 256 bits,we obtain 16 and 22 rounds distinguishers with estimated correlations of 2^(-59.89)and 2^(-116.80),both of which are the publicly longest distinguishers.In addition,this study incorporates the complexity information of key-recovery attacks into the automated model,to search for the optimal key-recovery attack structures based on DL distinguishers.As a result,we mount the key-recovery attacks on 16-round Ballet-128/128,17-round Ballet-128/256,and 21-round Ballet-256/256.The data/time complexities for these attacks are 2^(108.36)/2^(120.36),2^(115.90)/2^(192),and 2^(227.62)/2^(240.67),respectively.
文摘Zero-click attacks represent an advanced cybersecurity threat,capable of compromising devices without user interaction.High-profile examples such as Pegasus,Simjacker,Bluebugging,and Bluesnarfing exploit hidden vulnerabilities in software and communication protocols to silently gain access,exfiltrate data,and enable long-term surveillance.Their stealth and ability to evade traditional defenses make detection and mitigation highly challenging.This paper addresses these threats by systematically mapping the tactics and techniques of zero-click attacks using the MITRE ATT&CK framework,a widely adopted standard for modeling adversarial behavior.Through this mapping,we categorize real-world attack vectors and better understand how such attacks operate across the cyber-kill chain.To support threat detection efforts,we propose an Active Learning-based method to efficiently label the Pegasus spyware dataset in alignment with the MITRE ATT&CK framework.This approach reduces the effort of manually annotating data while improving the quality of the labeled data,which is essential to train robust cybersecurity models.In addition,our analysis highlights the structured execution paths of zero-click attacks and reveals gaps in current defense strategies.The findings emphasize the importance of forward-looking strategies such as continuous surveillance,dynamic threat profiling,and security education.By bridging zero-click attack analysis with the MITRE ATT&CK framework and leveraging machine learning for dataset annotation,this work provides a foundation for more accurate threat detection and the development of more resilient and structured cybersecurity frameworks.
基金supported in part by Shanghai Rising-Star Program,China under grant 22QA1409400in part by National Natural Science Foundation of China under grant 62473287 and 62088101in part by Shanghai Municipal Science and Technology Major Project under grant 2021SHZDZX0100.
文摘This paper investigates the problem of optimal secure control for networked control systems under hybrid attacks.A control strategy based on the Stackelberg game framework is proposed,which differs from conventional methods by considering both denial-of-service(DoS)and false data injection(FDI)attacks simultaneously.Additionally,the stability conditions for the system under these hybrid attacks are established.It is technically challenging to design the control strategy by predicting attacker actions based on Stcakelberg game to ensure the system stability under hybrid attacks.Another technical difficulty lies in establishing the conditions for mean-square asymptotic stability due to the complexity of the attack scenarios Finally,simulations on an unstable batch reactor system under hybrid attacks demonstrate the effectiveness of the proposed strategy.
文摘Vehicular Ad Hoc Networks(VANETs)are central to Intelligent Transportation Systems(ITS),especially for real-time communication involving emergency vehicles.Yet,Distributed Denial of Service(DDoS)attacks can disrupt safety-critical channels and undermine reliability.This paper presents a robust,scalable framework for detecting DDoS attacks in highway VANETs.We construct a new dataset with Network Simulator 3(NS-3)and Simulation of Urban Mobility(SUMO),enriched with real mobility traces from Germany’s A81 highway(OpenStreetMap).Three traffic classes are modeled:DDoS,Voice over IP(VoIP),and Transmission Control Protocol Based(TCP-based)video streaming(VideoTCP).The pipeline includes normalization,feature selection with SHapley Additive exPlanations(SHAP),and class balancing via Synthetic Minority Over-sampling Technique(SMOTE).Eleven classifiers are benchmarked—including eXtreme Gradient Boosting(XGBoost),Categorical Boosting(CatBoost),Adaptive Boosting(AdaBoost),Gradient Boosting(GB),and an Artificial Neural Network(ANN)—using stratified 5-fold cross-validation.XGBoost,GB,CatBoost and ANN achieve the highest performance(weighted F1-score=97%).To assess robustness under non-ideal conditions,we introduce an adversarial evaluation with packet-loss and traffic-jitter(small-sample deformation);the top models retain strong performance,supporting real-time applicability.Collectively,these results demonstrate that the proposed highway-focused framework is accurate,resilient,and well-suited for deployment in VANET security for emergency communications.
基金supported by the National Natural Science Foundation of China(Nos.62176122 and 62061146002).
文摘Federated Graph Neural Networks (FedGNNs) have achieved significant success in representation learning for graph data, enabling collaborative training among multiple parties without sharing their raw graph data and solving the data isolation problem faced by centralized GNNs in data-sensitive scenarios. Despite the plethora of prior work on inference attacks against centralized GNNs, the vulnerability of FedGNNs to inference attacks has not yet been widely explored. It is still unclear whether the privacy leakage risks of centralized GNNs will also be introduced in FedGNNs. To bridge this gap, we present PIAFGNN, the first property inference attack (PIA) against FedGNNs. Compared with prior works on centralized GNNs, in PIAFGNN, the attacker can only obtain the global embedding gradient distributed by the central server. The attacker converts the task of stealing the target user’s local embeddings into a regression problem, using a regression model to generate the target graph node embeddings. By training shadow models and property classifiers, the attacker can infer the basic property information within the target graph that is of interest. Experiments on three benchmark graph datasets demonstrate that PIAFGNN achieves attack accuracy of over 70% in most cases, even approaching the attack accuracy of inference attacks against centralized GNNs in some instances, which is much higher than the attack accuracy of the random guessing method. Furthermore, we observe that common defense mechanisms cannot mitigate our attack without affecting the model’s performance on mainly classification tasks.
基金supported in part by the National Natural Science Foundation of China(61933007,62273087,62273088,U21A2019)the Shanghai Pujiang Program of China(22PJ1400400)+2 种基金the Hainan Province Science and Technology Special Fund of China(ZDYF2022SHFZ105)the Royal Society of U.K.the Alexander von Humboldt Foundation of Germany
文摘In this paper, the attack detection problem is investigated for a class of closed-loop systems subjected to unknownbutbounded noises in the presence of stealthy attacks. The measurement outputs from the sensors are quantized before transmission.A specific type of perfect stealthy attack, which meets certain rather stringent conditions, is taken into account. Such attacks could be injected by adversaries into both the sensor-toestimator and controller-to-actuator channels, with the aim of disrupting the normal data flow. For the purpose of defending against these perfect stealthy attacks, a novel scheme based on watermarks is developed. This scheme includes the injection of watermarks(applied to data prior to quantization) and the recovery of data(implemented before the data reaches the estimator).The watermark-based scheme is designed to be both timevarying and hidden from adversaries through incorporating a time-varying and bounded watermark signal. Subsequently, a watermark-based attack detection strategy is proposed which thoroughly considers the characteristics of perfect stealthy attacks,thereby ensuring that an alarm is activated upon the occurrence of such attacks. An example is provided to demonstrate the efficacy of the proposed mechanism for detecting attacks.
基金supported by the National Natural Science Foundation of China(62303273,62373226)the National Research Foundation,Singapore through the Medium Sized Center for Advanced Robotics Technology Innovation(WP2.7)
文摘Dear Editor,The letter deals with the distributed state and fault estimation of the whole physical layer for cyber-physical systems(CPSs) when the cyber layer suffers from DoS attacks. With the advancement of embedded computing, communication and related hardware technologies, CPSs have attracted extensive attention and have been widely used in power system, traffic network, refrigeration system and other fields.
文摘Dear Editor,This letter deals with the stabilization of a resilient model predictive control(MPC)algorithm with a dynamic event-triggered mechanism subject to Denial-of-Service(Do S)attacks.Different from previous works,this letter is based on the designed threshold function to dynamically trigger and gives the upper bound conditions for intersampling intervals with attack and attack-free scenarios to converge.
基金funded in part by the Humanities and Social Sciences Planning Foundation of Ministry of Education of China under Grant No.24YJAZH123National Undergraduate Innovation and Entrepreneurship Training Program of China under Grant No.202510347069the Huzhou Science and Technology Planning Foundation under Grant No.2023GZ04.
文摘The Industrial Internet of Things(IIoT)is increasingly vulnerable to sophisticated cyber threats,particularly zero-day attacks that exploit unknown vulnerabilities and evade traditional security measures.To address this critical challenge,this paper proposes a dynamic defense framework named Zero-day-aware Stackelberg Game-based Multi-Agent Distributed Deep Deterministic Policy Gradient(ZSG-MAD3PG).The framework integrates Stackelberg game modeling with the Multi-Agent Distributed Deep Deterministic Policy Gradient(MAD3PG)algorithm and incorporates defensive deception(DD)strategies to achieve adaptive and efficient protection.While conventional methods typically incur considerable resource overhead and exhibit higher latency due to static or rigid defensive mechanisms,the proposed ZSG-MAD3PG framework mitigates these limitations through multi-stage game modeling and adaptive learning,enabling more efficient resource utilization and faster response times.The Stackelberg-based architecture allows defenders to dynamically optimize packet sampling strategies,while attackers adjust their tactics to reach rapid equilibrium.Furthermore,dynamic deception techniques reduce the time required for the concealment of attacks and the overall system burden.A lightweight behavioral fingerprinting detection mechanism further enhances real-time zero-day attack identification within industrial device clusters.ZSG-MAD3PG demonstrates higher true positive rates(TPR)and lower false alarm rates(FAR)compared to existing methods,while also achieving improved latency,resource efficiency,and stealth adaptability in IIoT zero-day defense scenarios.
文摘Federated Learning(FL),a practical solution that leverages distributed data across devices without the need for centralized data storage,which enables multiple participants to jointly train models while preserving data privacy and avoiding direct data sharing.Despite its privacy-preserving advantages,FL remains vulnerable to backdoor attacks,where malicious participants introduce backdoors into local models that are then propagated to the global model through the aggregation process.While existing differential privacy defenses have demonstrated effectiveness against backdoor attacks in FL,they often incur a significant degradation in the performance of the aggregated models on benign tasks.To address this limitation,we propose a novel backdoor defense mechanism based on differential privacy.Our approach first utilizes the inherent out-of-distribution characteristics of backdoor samples to identify and exclude malicious model updates that significantly deviate from benign models.By filtering out models that are clearly backdoor-infected before applying differential privacy,our method reduces the required noise level for differential privacy,thereby enhancing model robustness while preserving performance.Experimental evaluations on the CIFAR10 and FEMNIST datasets demonstrate that our method effectively limits the backdoor accuracy to below 15%across various backdoor scenarios while maintaining high main task accuracy.
基金supported in part by the National Natural Science Foundation of China under Grants No.62372087 and No.62072076the Research Fund of State Key Laboratory of Processors under Grant No.CLQ202310the CSC scholarship.
文摘Deep neural networks(DNNs)have found extensive applications in safety-critical artificial intelligence systems,such as autonomous driving and facial recognition systems.However,recent research has revealed their susceptibility to backdoors maliciously injected by adversaries.This vulnerability arises due to the intricate architecture and opacity of DNNs,resulting in numerous redundant neurons embedded within the models.Adversaries exploit these vulnerabilities to conceal malicious backdoor information within DNNs,thereby causing erroneous outputs and posing substantial threats to the efficacy of DNN-based applications.This article presents a comprehensive survey of backdoor attacks against DNNs and the countermeasure methods employed to mitigate them.Initially,we trace the evolution of the concept from traditional backdoor attacks to backdoor attacks against DNNs,highlighting the feasibility and practicality of generating backdoor attacks against DNNs.Subsequently,we provide an overview of notable works encompassing various attack and defense strategies,facilitating a comparative analysis of their approaches.Through these discussions,we offer constructive insights aimed at refining these techniques.Finally,we extend our research perspective to the domain of large language models(LLMs)and synthesize the characteristics and developmental trends of backdoor attacks and defense methods targeting LLMs.Through a systematic review of existing studies on backdoor vulnerabilities in LLMs,we identify critical open challenges in this field and propose actionable directions for future research.
基金Deanship of Research and Graduate Studies at King Khalid University for funding this work through Large Research Project under grant number RGP.2/103/46”Deanship of Scientific Research at Northern Border University,Arar,Saudi Arabia for funding this research work through project number“NBU-FFR-2025-871-15”funding from Prince Sattam bin Abdulaziz University project number(PSAU/2025/R/1447).
文摘This paper proposes a model-based control framework for vehicle platooning systems with secondorder nonlinear dynamics operating over switching signed networks,time-varying delays,and deception attacks.The study includes two configurations:a leaderless structure using Finite-Time Non-Singular Terminal Bipartite Consensus(FNTBC)and Fixed-Time Bipartite Consensus(FXTBC),and a leader—follower structure ensuring structural balance and robustness against deceptive signals.In the leaderless model,a bipartite controller based on impulsive control theory,gauge transformation,and Markovian switching Lyapunov functions ensures mean-square stability and coordination under deception attacks and communication delays.The FNTBC achieves finite-time convergence depending on initial conditions,while the FXTBC guarantees fixed-time convergence independent of them,providing adaptability to different operating states.In the leader—follower case,a discontinuous impulsive control law synchronizes all followers with the leader despite deceptive attacks and switching topologies,maintaining robust coordination through nonlinear corrective mechanisms.To validate the approach,simulations are conducted on systems of five and seventeen vehicles in both leaderless and leader—follower configurations.The results demonstrate that the proposed framework achieves rapid consensus,strong robustness,and high resistance to deception attacks,offering a secure and scalable model-based control solution for modern vehicular communication networks.
基金supported by the Research Resurgence under the Glocal University 30 Project at Gyeongsang National University in 2024.
文摘Recent research on adversarial attacks has primarily focused on white-box attack techniques,with limited exploration of black-box attack methods.Furthermore,in many black-box research scenarios,it is assumed that the output label and probability distribution can be observed without imposing any constraints on the number of attack attempts.Unfortunately,this disregard for the real-world practicality of attacks,particularly their potential for human detectability,has left a gap in the research landscape.Considering these limitations,our study focuses on using a similar color attack method,assuming access only to the output label,limiting the number of attack attempts to 100,and subjecting the attacks to human perceptibility testing.Through this approach,we demonstrated the effectiveness of black box attack techniques in deceiving models and achieved a success rate of 82.68%in deceiving humans.This study emphasizes the significance of research that addresses the challenge of deceiving both humans and models,highlighting the importance of real-world applicability.
基金supported by National Key Research and Development Plan of China(No.2022YFB3103304).
文摘False Data Injection Attacks(FDIAs)pose a critical security threat to modern power grids,corrupting state estimation and enabling malicious control actions that can lead to severe consequences,including cascading failures,large-scale blackouts,and significant economic losses.While detecting attacks is important,accurately localizing compromised nodes or measurements is even more critical,as it enables timely mitigation,targeted response,and enhanced system resilience beyond what detection alone can offer.Existing research typically models topological features using fixed structures,which can introduce irrelevant information and affect the effectiveness of feature extraction.To address this limitation,this paper proposes an FDIA localization model with adaptive neighborhood selection,which dynamically captures spatial dependencies of the power grid by adjusting node relationships based on data-driven similarities.The improved Transformer is employed to pre-fuse global spatial features of the graph,enriching the feature representation.To improve spatio-temporal correlation extraction for FDIA localization,the proposed model employs dilated causal convolution with a gating mechanism combined with graph convolution to capture and fuse long-range temporal features and adaptive topological features.This fully exploits the temporal dynamics and spatial dependencies inherent in the power grid.Finally,multi-source information is integrated to generate highly robust node embeddings,enhancing FDIA detection and localization.Experiments are conducted on IEEE 14,57,and 118-bus systems,and the results demonstrate that the proposed model substantially improves the accuracy of FDIA localization.Additional experiments are conducted to verify the effectiveness and robustness of the proposed model.
基金supported by the National Natural Science Foundation of China(62373302,62333009)
文摘This paper investigates the secure impulsive consensus of Lipschitz-type nonlinear multi-agent systems(MASs) with input saturation. According to the coupling of input saturation and denial of service(DoS) attacks, impulsive control for MASs becomes extremely challenging. Considering general DoS attacks,this paper provides the sufficient conditions for the almost sure consensus of the MASs with input saturation, where the error system can achieve almost sure local exponential stability.Through linear matrix inequalities(LMIs), the relation between the trajectory boundary and DoS attacks is characterized, and the trajectory boundary is estimated. Furthermore, an optimization method of the domain of attraction is proposed to maximize the size. And a non-conservative and practical boundary is proposed to characterize the effect of DoS attacks on MASs. Finally, considering a multi-agent system with typical Chua's circuit dynamic model, an example is provided to illustrate the theorems' correctness.
文摘A security issue with multi-sensor unmanned aerial vehicle(UAV)cyber physical systems(CPS)from the viewpoint of a false data injection(FDI)attacker is investigated in this paper.The FDI attacker can employ attacks on feedback and feed-forward channels simultaneously with limited resource.The attacker aims at degrading the UAV CPS's estimation performance to the max while keeping stealthiness characterized by the Kullback-Leibler(K-L)divergence.The attacker is resource limited which can only attack part of sensors,and the attacked sensor as well as specific forms of attack signals at each instant should be considered by the attacker.Also,the sensor selection principle is investigated with respect to time invariant attack covariances.Additionally,the optimal switching attack strategies in regard to time variant attack covariances are modeled as a multi-agent Markov decision process(MDP)with hybrid discrete-continuous action space.Then,the multi-agent MDP is solved by utilizing the deep Multi-agent parameterized Q-networks(MAPQN)method.Ultimately,a quadrotor near hover system is used to validate the effectiveness of the results in the simulation section.
文摘This research paper tackles the complexities of achieving global fuzzy consensus in leader-follower systems in robotic systems,focusing on robust control systems against an advanced signal attack that integrates sensor and actuator disturbances within the dynamics of follower robots.Each follower robot has unknown dynamics and control inputs,which expose it to the risks of both sensor and actuator attacks.The leader robot,described by a secondorder,time-varying nonlinear model,transmits its position,velocity,and acceleration information to follower robots through a wireless connection.To handle the complex setup and communication among robots in the network,we design a robust hybrid distributed adaptive control strategy combining the effect of sensor and actuator attack,which ensures asymptotic consensus,extending beyond conventional bounded consensus results.The proposed framework employs fuzzy logic systems(FLSs)as proactive controllers to estimate unknown nonlinear behaviors,while also effectively managing sensor and actuator attacks,ensuring stable consensus among all agents.To counter the impact of the combined signal attack on follower dynamics,a specialized robust control mechanism is designed,sustaining system stability and performance under adversarial conditions.The efficiency of this control strategy is demonstrated through simulations conducted across two different directed communication topologies,underscoring the protocol’s adaptability,resilience,and effectiveness in maintaining global consensus under complex attack scenarios.
基金Project supported by the National Natural Science Foundation of China(Nos.T2121002,62473321,62403014,and 62233001)。
文摘This paper focuses on the design of event-triggered controllers for the synchronization of delayed Takagi-Sugeno(T-S)fuzzy neural networks(NNs)under deception attacks.The traditional event-triggered mechanism(ETM)determines the next trigger based on the current sample,resulting in network congestion.Furthermore,such methods suffer from the issues of deception attacks and unmeasurable system states.To enhance the system stability,we adaptively detect the occurrence of events over a period of time.In addition,deception attacks are recharacterized to describe general scenarios.Specifically,the following enhancements are implemented:First,we use a Bernoulli process to model the occurrence of deception attacks,which can describe a variety of attack scenarios as a type of general Markov process.Second,we introduce a sum-based dynamic discrete event-triggered mechanism(SDDETM),which uses a combination of past sampled measurements and internal dynamic variables to determine subsequent triggering events.Finally,we incorporate a dynamic output feedback controller(DOFC)to ensure the system stability.The concurrent design of the DOFC and SDDETM parameters is achieved through the application of the cone complement linearization(CCL)algorithm.We further perform two simulation examples to validate the effectiveness of the algorithm.
文摘Today’s Internet of Things (IoT) application domains are widely distributed, which exposes them to several security risks and assaults, especially when data is being transferred between endpoints with constrained resources and the backbone network. Numerous researchers have put a lot of effort into addressing routing protocol security vulnerabilities, particularly regarding IoT RPL-based networks. Despite multiple studies on the security of IoT routing protocols, routing attacks remain a major focus of ongoing research in IoT contexts. This paper examines the different types of routing attacks, how they affect Internet of Things networks, and how to mitigate them. Then, it provides an overview of recently published work on routing threats, primarily focusing on countermeasures, highlighting noteworthy security contributions, and drawing conclusions. Consequently, it achieves the study’s main objectives by summarizing intriguing current research trends in IoT routing security, pointing out knowledge gaps in this field, and suggesting directions and recommendations for future research on IoT routing security.
