Currently,cybersecurity threats such as data breaches and phishing have been on the rise due to the many differentattack strategies of cyber attackers,significantly increasing risks to individuals and organizations.Tr...Currently,cybersecurity threats such as data breaches and phishing have been on the rise due to the many differentattack strategies of cyber attackers,significantly increasing risks to individuals and organizations.Traditionalsecurity technologies such as intrusion detection have been developed to respond to these cyber threats.Recently,advanced integrated cybersecurity that incorporates Artificial Intelligence has been the focus.In this paper,wepropose a response strategy using a reinforcement-learning-based cyber-attack-defense simulation tool to addresscontinuously evolving cyber threats.Additionally,we have implemented an effective reinforcement-learning-basedcyber-attack scenario using Cyber Battle Simulation,which is a cyber-attack-defense simulator.This scenarioinvolves important security components such as node value,cost,firewalls,and services.Furthermore,we applieda new vulnerability assessment method based on the Common Vulnerability Scoring System.This approach candesign an optimal attack strategy by considering the importance of attack goals,which helps in developing moreeffective response strategies.These attack strategies are evaluated by comparing their performance using a variety ofReinforcement Learning methods.The experimental results show that RL models demonstrate improved learningperformance with the proposed attack strategy compared to the original strategies.In particular,the success rateof the Advantage Actor-Critic-based attack strategy improved by 5.04 percentage points,reaching 10.17%,whichrepresents an impressive 98.24%increase over the original scenario.Consequently,the proposed method canenhance security and risk management capabilities in cyber environments,improving the efficiency of securitymanagement and significantly contributing to the development of security systems.展开更多
A cyber physical system(CPS)is a complex system that integrates sensing,computation,control and networking into physical processes and objects over Internet.It plays a key role in modern industry since it connects phy...A cyber physical system(CPS)is a complex system that integrates sensing,computation,control and networking into physical processes and objects over Internet.It plays a key role in modern industry since it connects physical and cyber worlds.In order to meet ever-changing industrial requirements,its structures and functions are constantly improved.Meanwhile,new security issues have arisen.A ubiquitous problem is the fact that cyber attacks can cause significant damage to industrial systems,and thus has gained increasing attention from researchers and practitioners.This paper presents a survey of state-of-the-art results of cyber attacks on cyber physical systems.First,as typical system models are employed to study these systems,time-driven and event-driven systems are reviewed.Then,recent advances on three types of attacks,i.e.,those on availability,integrity,and confidentiality are discussed.In particular,the detailed studies on availability and integrity attacks are introduced from the perspective of attackers and defenders.Namely,both attack and defense strategies are discussed based on different system models.Some challenges and open issues are indicated to guide future research and inspire the further exploration of this increasingly important area.展开更多
Recently, the smart grid has been considered as a next-generation power system to modernize the traditional grid to improve its security, connectivity, efficiency and sustainability.Unfortunately, the smart grid is su...Recently, the smart grid has been considered as a next-generation power system to modernize the traditional grid to improve its security, connectivity, efficiency and sustainability.Unfortunately, the smart grid is susceptible to malicious cyber attacks, which can create serious technical, economical, social and control problems in power network operations. In contrast to the traditional cyber attack minimization techniques, this paper proposes a recursive systematic convolutional(RSC) code and Kalman filter(KF) based method in the context of smart grids.Specifically, the proposed RSC code is used to add redundancy in the microgrid states, and the log maximum a-posterior is used to recover the state information, which is affected by random noises and cyber attacks. Once the estimated states are obtained by KF algorithm, a semidefinite programming based optimal feedback controller is proposed to regulate the system states, so that the power system can operate properly. Test results show that the proposed approach can accurately mitigate the cyber attacks and properly estimate and control the system states.展开更多
With the development of electric power technology, information technology and military technology, the impact of cyber attack on electric power infrastructure has increasingly become a hot spot issue which calls both ...With the development of electric power technology, information technology and military technology, the impact of cyber attack on electric power infrastructure has increasingly become a hot spot issue which calls both domestic and foreign attention. First, main reasons of the impact on power infrastructure caused by cyber attack are analyzed from the following two aspects: 1) The dependence of electric power infrastructure on information infrastructure makes cyber attack issues in information field likely to affect electric power field. 2) As regards to the potential threat sources, it will be considerably profitable to launch cyber attacks on electric power infrastructure. On this basis, this paper gives a classified elaboration on the characteristics and the possibilities of cyber attacks on electrical infrastructures. Finally, the recently published actual events of cyber attacks in respect of threat sources, vulnerabilities and assaulting modes are analyzed and summarized.展开更多
Aspects of human behavior in cyber security allow more natural security to the user. This research focuses the appearance of anticipating cyber threats and their abstraction hierarchy levels on the mental picture leve...Aspects of human behavior in cyber security allow more natural security to the user. This research focuses the appearance of anticipating cyber threats and their abstraction hierarchy levels on the mental picture levels of human. The study concerns the modeling of the behaviors of mental states of an individual under cyber attacks. The mental state of agents being not observable, we propose a non-stationary hidden Markov chain approach to model the agent mental behaviors. A renewal process based on a nonparametric estimation is also considered to investigate the spending time in a given mental state. In these approaches, the effects of the complexity of the cyber attacks are taken into account in the models.展开更多
Distributed Denial of Service (DDoS) is known to compromise availability of Information Systems today. Widely deployed Microsoft’s Windows 2003 & 2008 servers provide some built-in protection against common Distr...Distributed Denial of Service (DDoS) is known to compromise availability of Information Systems today. Widely deployed Microsoft’s Windows 2003 & 2008 servers provide some built-in protection against common Distributed Denial of Service (DDoS) attacks, such as TCP/SYN attack. In this paper, we evaluate the performance of built-in protection capabilities of Windows servers 2003 & 2008 against a special case of TCP/SYN based DDoS attack. Based on our measurements, it was found that the built-in security features which are available by default on Microsoft’s Windows servers were not sufficient in defending against the TCP/SYN attacks even at low intensity attack traffic. Under TCP/SYN attack traffic, the Microsoft 2003 server was found to crash due to processor resource exhaustion, whereas the 2008 server was found to crash due to its memory resource depletion even at low intensity attack traffic.展开更多
With the rapid integration of communication and information technology into substations,the risk of cyber attacks has significantly increased.Attackers may infiltrate substation networks,manipulate switches,and disrup...With the rapid integration of communication and information technology into substations,the risk of cyber attacks has significantly increased.Attackers may infiltrate substation networks,manipulate switches,and disrupt power lines,potentially causing severe damage to the power system.To minimize such risks,this paper proposes a three-layer defender-attacker-defender(DAD)model for optimally allocating limited defensive resources to substations.To model the uncertainty surrounding the knowledge of defender of potential attacks in realworld scenarios,we employ a fuzzy analytic hierarchy process combined with the decision-making trial and evaluation laboratory(FAHP-DEMATEL).This method accounts for the attack resource uncertainty by utilizing intelligence data on factors potentially influenced by attackers,which serves as an evaluation metric to simulate the likelihood of various attack scenarios.These uncertainty probabilities are then incorporated into the substation DAD model consisting three layers of agents:the decision-maker,the attacker,and the operator.The decision-maker devises a defense strategy before the attack,while the attacker aims to identify the strategy that causes the maximum load loss.Meanwhile,the operator seeks to minimize the load loss through optimal power flow scheduling.To solve the model,the original problem is transformed into a two-layer subproblem and a single-layer master problem,which are solved iteratively using a column-and-constraint generation algorithm.Case studies conducted on the IEEE RTS-96 system and the IEEE 118-node system demonstrate the effectiveness and practicality of the proposed model.Comparative experiments further highlight the advantages of the proposed model.展开更多
With the proliferation of advanced communication technologies and the deepening interdependence between cyber and physical components,power distribution networks are subject to miscellaneous security risks induced by ...With the proliferation of advanced communication technologies and the deepening interdependence between cyber and physical components,power distribution networks are subject to miscellaneous security risks induced by malicious attackers.To address the issue,this paper proposes a security risk assessment method and a risk-oriented defense resource allocation strategy for cyber-physical distribution networks(CPDNs)against coordinated cyber attacks.First,an attack graph-based CPDN architecture is constructed,and representative cyber-attack paths are drawn considering the CPDN topology and the risk propagation process.The probability of a successful coordinated cyber attack and incurred security risks are quantitatively assessed based on the absorbing Markov chain model and National Institute of Standards and Technology(NIST)standard.Next,a risk-oriented defense resource allocation strategy is proposed for CPDNs in different attack scenarios.The tradeoff between security risk and limited resource budget is formulated as a multi-objective optimization(MOO)problem,which is solved by an efficient optimal Pareto solution generation approach.By employing a generational distance metric,the optimal solution is prioritized from the optimal Pareto set of the MOO and leveraged for subsequent atomic allocation of defense resources.Several case studies on a modified IEEE 123-node test feeder substantiate the efficacy of the proposed security risk assessment method and risk-oriented defense resource allocation strategy.展开更多
This paper develops an adaptive two-stage unscented Kalman filter(ATSUKF)to accurately track operation states of the synchronous generator(SG)under cyber attacks.To achieve high fidelity,considering the excitation sys...This paper develops an adaptive two-stage unscented Kalman filter(ATSUKF)to accurately track operation states of the synchronous generator(SG)under cyber attacks.To achieve high fidelity,considering the excitation system of SGs,a detailed 9~(th)-order SG model for dynamic state estimation is established.Then,for several common cyber attacks against measurements,a two-stage unscented Kalman filter is proposed to estimate the model state and the bias in parallel.Subsequently,to solve the deterioration problem of state estimation performance caused by the mismatch between noise statistical characteristics and model assumptions,a multi-dimensional adaptive factor matrix is derived to modify the noise covariance matrix.Finally,a large number of simulation experiments are carried out on the IEEE 39-bus system,which shows that the proposed filter can accurately track the SG state under different abnormal test conditions.展开更多
This paper presents a transient energy based screening approach for quickly identifying potential critical attacks that might have significant impacts on power system transient stability.Specifically,the proposed appr...This paper presents a transient energy based screening approach for quickly identifying potential critical attacks that might have significant impacts on power system transient stability.Specifically,the proposed approach focuses on the total transient energy injected into power systems as the result of assumptive cyber attacks.The computational improvements of the proposed method are significant as the time-domain simulations can be avoided.The efficacy of the proposed approach is demonstrated using a practical power system with various cyber attack scenarios.The identification results of the proposed method can be used to guide more detailed impact analysis and to develop more effective countermeasures against cyber attacks.展开更多
With the growing concern about the security and privacy of smart grid systems,cyberattacks on critical power grid components,such as state estimation,have proven to be one of the top-priority cyber-related issues and ...With the growing concern about the security and privacy of smart grid systems,cyberattacks on critical power grid components,such as state estimation,have proven to be one of the top-priority cyber-related issues and have received significant attention in recent years.However,cyberattack detection in smart grids now faces new challenges,including privacy preservation and decentralized power zones with strategic data owners.To address these technical bottlenecks,this paper proposes a novel Federated Learning-based privacy-preserving and communication-efficient attack detection framework,known as FedDiSC,that enables Discrimination between power System disturbances and Cyberattacks.Specifically,we first propose a Federated Learning approach to enable Supervisory Control and Data Acquisition subsystems of decentralized power grid zones to collaboratively train an attack detection model without sharing sensitive power related data.Secondly,we put forward a representation learning-based Deep Auto-Encoder network to accurately detect power system and cybersecurity anomalies.Lastly,to adapt our proposed framework to the timeliness of real-world cyberattack detection in SGs,we leverage the use of a gradient privacy-preserving quantization scheme known as DP-SIGNSGD to improve its communication efficiency.Extensive simulations of the proposed framework on publicly available Industrial Control Systems datasets demonstrate that the proposed framework can achieve superior detection accuracy while preserving the privacy of sensitive power grid related information.Furthermore,we find that the gradient quantization scheme utilized improves communication efficiency by 40%when compared to a traditional federated learning approach without gradient quantization which suggests suitability in a real-world scenario.展开更多
This paper focuses on the robust control issue for interval type-2 Takagi-Sugeno(IT2 T-S)fuzzy discrete systems with input delays and cyber attacks.The lower and upper membership functions are first utilized to IT2 fu...This paper focuses on the robust control issue for interval type-2 Takagi-Sugeno(IT2 T-S)fuzzy discrete systems with input delays and cyber attacks.The lower and upper membership functions are first utilized to IT2 fuzzy discrete systems to capture parameter uncertainties.By considering the influences of input delays and stochastic cyber attacks,a newly fuzzy robust controller is established.Afterward,the asymptotic stability sufficient conditions in form of LMIs for the IT2 closed-loop systems are given via establishing a Lyapunov-Krasovskii functional.Afterward,a solving algorithm for obtaining the controller gains is given.Finally,the effectiveness of the developed IT2 fuzzy method is verified by a numerical example.展开更多
Cyber Defense is becoming a major issue for every organization to keep business continuity intact.The presented paper explores the effectiveness of a meta-heuristic optimization algorithm-Artificial Bees Colony Algori...Cyber Defense is becoming a major issue for every organization to keep business continuity intact.The presented paper explores the effectiveness of a meta-heuristic optimization algorithm-Artificial Bees Colony Algorithm(ABC)as an Nature Inspired Cyber Security mechanism to achieve adaptive defense.It experiments on the Denial-Of-Service attack scenarios which involves limiting the traffic flow for each node.Businesses today have adapted their service distribution models to include the use of the Internet,allowing them to effectively manage and interact with their customer data.This shift has created an increased reliance on online services to store vast amounts of confidential customer data,meaning any disruption or outage of these services could be disastrous for the business,leaving them without the knowledge to serve their customers.Adversaries can exploit such an event to gain unauthorized access to the confidential data of the customers.The proposed algorithm utilizes an Adaptive Defense approach to continuously select nodes that could present characteristics of a probable malicious entity.For any changes in network parameters,the cluster of nodes is selected in the prepared solution set as a probable malicious node and the traffic rate with the ratio of packet delivery is managed with respect to the properties of normal nodes to deliver a disaster recovery plan for potential businesses.展开更多
This article signals the use of Artificial Intelligence (AI) in information security where its merits, downsides as well as unanticipated negative outcomes are noted. It considers AI based models that can strengthen o...This article signals the use of Artificial Intelligence (AI) in information security where its merits, downsides as well as unanticipated negative outcomes are noted. It considers AI based models that can strengthen or undermine infrastructural functions and organize the networks. In addition, the essay delves into AI’s role in Cyber security software development and the need for AI-resilient strategies that could anticipate and thwart AI-created vulnerabilities. The document also touched on the socioeconomic ramifications of the emergence of AI in Cyber security as well. Looking into AI and security literature, the report outlines benefits including made threat detection precision, extended security ops efficiency, and preventive security tasks. At the same time, it emphasizes the positive side of AI, but it also shows potential limitations such as data bias, lack of interpretability, ethical concerns, and security flaws. The work similarly focuses on the characterized of misuse and sophisticated cyberattacks. The research suggests ways to diminish AI-generating maleficence which comprise ethical AI development, robust safety measures and constant audits and updates. With regard to the AI application in Cyber security, there are both pros and cons in terms of socio-economic issues, for example, job displacement, economic growth and the change in the required workforce skills.展开更多
In this paper, we investigate a resilient control strategy for networked control systems(NCSs) subject to zero dynamic attacks which are stealthy false-data injection attacks that are designed so that they cannot be...In this paper, we investigate a resilient control strategy for networked control systems(NCSs) subject to zero dynamic attacks which are stealthy false-data injection attacks that are designed so that they cannot be detected based on control input and measurement data. Cyber resilience represents the ability of systems or network architectures to continue providing their intended behavior during attack and recovery. When a cyber attack on the control signal of a networked control system is computed to remain undetectable from passive model-based fault detection and isolation schemes, we show that the consequence of a zero dynamic attack on the state variable of the plant is undetectable during attack but it becomes apparent after the end of the attack. A resilient linear quadratic Gaussian controller, having the ability to quickly recover the nominal behavior of the closed-loop system after the attack end, is designed by updating online the Kalman filter from information given by an active version of the generalized likelihood ratio detector.展开更多
We propose a new approach to discuss the consensus problem of multi-agent systems with time-varying delayed control inputs, switching topologies, and stochastic cyber-attacks under hybrid-triggered mechanism.A Bernoul...We propose a new approach to discuss the consensus problem of multi-agent systems with time-varying delayed control inputs, switching topologies, and stochastic cyber-attacks under hybrid-triggered mechanism.A Bernoulli variable is used to describe the hybrid-triggered scheme, which is introduced to alleviate the burden of the network.The mathematical model of the closed-loop control system is established by taking the influences of time-varying delayed control inputs,switching topologies, and stochastic cyber-attacks into account under the hybrid-triggered scheme.A theorem as the main result is given to make the system consistent based on the theory of Lyapunov stability and linear matrix inequality.Markov jumps with uncertain rates of transitions are applied to describe the switch of topologies.Finally, a simulation example demonstrates the feasibility of the theory in this paper.展开更多
In this paper, we investigate the group consensus for leaderless multi-agent systems. The group consensus protocol based on the position information from neighboring agents is designed. The network may be subjected to...In this paper, we investigate the group consensus for leaderless multi-agent systems. The group consensus protocol based on the position information from neighboring agents is designed. The network may be subjected to frequent cyberattacks, which is close to an actual case. The cyber-attacks are assumed to be recoverable. By utilizing algebraic graph theory, linear matrix inequality(LMI) and Lyapunov stability theory, the multi-agent systems can achieve group consensus under the proposed control protocol. The sufficient conditions of the group consensus for the multi-agent networks subjected to cyber-attacks are given. Furthermore, the results are extended to the consensus issue of multiple subgroups with cyber-attacks. Numerical simulations are performed to demonstrate the effectiveness of the theoretical results.展开更多
Without the known state equation, a new state estimation strategy is designed to be against malicious attacks for cyber physical systems. Inspired by the idea of data reconstruction, the compressive sensing (CS) is ...Without the known state equation, a new state estimation strategy is designed to be against malicious attacks for cyber physical systems. Inspired by the idea of data reconstruction, the compressive sensing (CS) is applied to reconstruction of residual measurements after the detection and identification scheme based on the Markov graph of the system state, which increases the resilience of state estimation strategy against deception attacks. First, the observability analysis is introduced to decide the triggering time of the measurement reconstruction and the damage level from attacks. In particular, the dictionary learning is proposed to form the over-completed dictionary by K-singular value decomposition (K-SVD), which is produced adaptively according to the characteristics of the measurement data. In addition, due to the irregularity of residual measurements, a sampling matrix is designed as the measurement matrix. Finally, the simulation experiments are performed on 6-bus power system. Results show that the reconstruction of measurements is completed well by the proposed reconstruction method, and the corresponding effects are better than reconstruction scheme based on the joint dictionary and the traditional Gauss or Bernoulli random matrix respectively. Especially, when only 29% available clean measurements are left, performance of the proposed strategy is still extraordinary, which reflects generality for five kinds of recovery algorithms.展开更多
基金supported by the Institute of Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea Government(MSIT)(No.RS2022-II220961).
文摘Currently,cybersecurity threats such as data breaches and phishing have been on the rise due to the many differentattack strategies of cyber attackers,significantly increasing risks to individuals and organizations.Traditionalsecurity technologies such as intrusion detection have been developed to respond to these cyber threats.Recently,advanced integrated cybersecurity that incorporates Artificial Intelligence has been the focus.In this paper,wepropose a response strategy using a reinforcement-learning-based cyber-attack-defense simulation tool to addresscontinuously evolving cyber threats.Additionally,we have implemented an effective reinforcement-learning-basedcyber-attack scenario using Cyber Battle Simulation,which is a cyber-attack-defense simulator.This scenarioinvolves important security components such as node value,cost,firewalls,and services.Furthermore,we applieda new vulnerability assessment method based on the Common Vulnerability Scoring System.This approach candesign an optimal attack strategy by considering the importance of attack goals,which helps in developing moreeffective response strategies.These attack strategies are evaluated by comparing their performance using a variety ofReinforcement Learning methods.The experimental results show that RL models demonstrate improved learningperformance with the proposed attack strategy compared to the original strategies.In particular,the success rateof the Advantage Actor-Critic-based attack strategy improved by 5.04 percentage points,reaching 10.17%,whichrepresents an impressive 98.24%increase over the original scenario.Consequently,the proposed method canenhance security and risk management capabilities in cyber environments,improving the efficiency of securitymanagement and significantly contributing to the development of security systems.
基金supported by Institutional Fund Projects(IFPNC-001-135-2020)technical and financial support from the Ministry of Education and King Abdulaziz University,DSR,Jeddah,Saudi Arabia。
文摘A cyber physical system(CPS)is a complex system that integrates sensing,computation,control and networking into physical processes and objects over Internet.It plays a key role in modern industry since it connects physical and cyber worlds.In order to meet ever-changing industrial requirements,its structures and functions are constantly improved.Meanwhile,new security issues have arisen.A ubiquitous problem is the fact that cyber attacks can cause significant damage to industrial systems,and thus has gained increasing attention from researchers and practitioners.This paper presents a survey of state-of-the-art results of cyber attacks on cyber physical systems.First,as typical system models are employed to study these systems,time-driven and event-driven systems are reviewed.Then,recent advances on three types of attacks,i.e.,those on availability,integrity,and confidentiality are discussed.In particular,the detailed studies on availability and integrity attacks are introduced from the perspective of attackers and defenders.Namely,both attack and defense strategies are discussed based on different system models.Some challenges and open issues are indicated to guide future research and inspire the further exploration of this increasingly important area.
文摘Recently, the smart grid has been considered as a next-generation power system to modernize the traditional grid to improve its security, connectivity, efficiency and sustainability.Unfortunately, the smart grid is susceptible to malicious cyber attacks, which can create serious technical, economical, social and control problems in power network operations. In contrast to the traditional cyber attack minimization techniques, this paper proposes a recursive systematic convolutional(RSC) code and Kalman filter(KF) based method in the context of smart grids.Specifically, the proposed RSC code is used to add redundancy in the microgrid states, and the log maximum a-posterior is used to recover the state information, which is affected by random noises and cyber attacks. Once the estimated states are obtained by KF algorithm, a semidefinite programming based optimal feedback controller is proposed to regulate the system states, so that the power system can operate properly. Test results show that the proposed approach can accurately mitigate the cyber attacks and properly estimate and control the system states.
文摘With the development of electric power technology, information technology and military technology, the impact of cyber attack on electric power infrastructure has increasingly become a hot spot issue which calls both domestic and foreign attention. First, main reasons of the impact on power infrastructure caused by cyber attack are analyzed from the following two aspects: 1) The dependence of electric power infrastructure on information infrastructure makes cyber attack issues in information field likely to affect electric power field. 2) As regards to the potential threat sources, it will be considerably profitable to launch cyber attacks on electric power infrastructure. On this basis, this paper gives a classified elaboration on the characteristics and the possibilities of cyber attacks on electrical infrastructures. Finally, the recently published actual events of cyber attacks in respect of threat sources, vulnerabilities and assaulting modes are analyzed and summarized.
文摘Aspects of human behavior in cyber security allow more natural security to the user. This research focuses the appearance of anticipating cyber threats and their abstraction hierarchy levels on the mental picture levels of human. The study concerns the modeling of the behaviors of mental states of an individual under cyber attacks. The mental state of agents being not observable, we propose a non-stationary hidden Markov chain approach to model the agent mental behaviors. A renewal process based on a nonparametric estimation is also considered to investigate the spending time in a given mental state. In these approaches, the effects of the complexity of the cyber attacks are taken into account in the models.
文摘Distributed Denial of Service (DDoS) is known to compromise availability of Information Systems today. Widely deployed Microsoft’s Windows 2003 & 2008 servers provide some built-in protection against common Distributed Denial of Service (DDoS) attacks, such as TCP/SYN attack. In this paper, we evaluate the performance of built-in protection capabilities of Windows servers 2003 & 2008 against a special case of TCP/SYN based DDoS attack. Based on our measurements, it was found that the built-in security features which are available by default on Microsoft’s Windows servers were not sufficient in defending against the TCP/SYN attacks even at low intensity attack traffic. Under TCP/SYN attack traffic, the Microsoft 2003 server was found to crash due to processor resource exhaustion, whereas the 2008 server was found to crash due to its memory resource depletion even at low intensity attack traffic.
基金supported by National Natural Science Foundation of China(No.52377115)。
文摘With the rapid integration of communication and information technology into substations,the risk of cyber attacks has significantly increased.Attackers may infiltrate substation networks,manipulate switches,and disrupt power lines,potentially causing severe damage to the power system.To minimize such risks,this paper proposes a three-layer defender-attacker-defender(DAD)model for optimally allocating limited defensive resources to substations.To model the uncertainty surrounding the knowledge of defender of potential attacks in realworld scenarios,we employ a fuzzy analytic hierarchy process combined with the decision-making trial and evaluation laboratory(FAHP-DEMATEL).This method accounts for the attack resource uncertainty by utilizing intelligence data on factors potentially influenced by attackers,which serves as an evaluation metric to simulate the likelihood of various attack scenarios.These uncertainty probabilities are then incorporated into the substation DAD model consisting three layers of agents:the decision-maker,the attacker,and the operator.The decision-maker devises a defense strategy before the attack,while the attacker aims to identify the strategy that causes the maximum load loss.Meanwhile,the operator seeks to minimize the load loss through optimal power flow scheduling.To solve the model,the original problem is transformed into a two-layer subproblem and a single-layer master problem,which are solved iteratively using a column-and-constraint generation algorithm.Case studies conducted on the IEEE RTS-96 system and the IEEE 118-node system demonstrate the effectiveness and practicality of the proposed model.Comparative experiments further highlight the advantages of the proposed model.
基金supported by the National Natural Science Foundation of China(No.52377086)the Postgraduate Research&Practice Innovation Program of Jiangsu Province(No.SJCX23_0063)。
文摘With the proliferation of advanced communication technologies and the deepening interdependence between cyber and physical components,power distribution networks are subject to miscellaneous security risks induced by malicious attackers.To address the issue,this paper proposes a security risk assessment method and a risk-oriented defense resource allocation strategy for cyber-physical distribution networks(CPDNs)against coordinated cyber attacks.First,an attack graph-based CPDN architecture is constructed,and representative cyber-attack paths are drawn considering the CPDN topology and the risk propagation process.The probability of a successful coordinated cyber attack and incurred security risks are quantitatively assessed based on the absorbing Markov chain model and National Institute of Standards and Technology(NIST)standard.Next,a risk-oriented defense resource allocation strategy is proposed for CPDNs in different attack scenarios.The tradeoff between security risk and limited resource budget is formulated as a multi-objective optimization(MOO)problem,which is solved by an efficient optimal Pareto solution generation approach.By employing a generational distance metric,the optimal solution is prioritized from the optimal Pareto set of the MOO and leveraged for subsequent atomic allocation of defense resources.Several case studies on a modified IEEE 123-node test feeder substantiate the efficacy of the proposed security risk assessment method and risk-oriented defense resource allocation strategy.
基金supported by the National Natural Science Foundation of China(No.62073121)the National Natural Science Foundation of China-State Grid Joint Fund for Smart Grid(No.U1966202)+1 种基金the Six Talent Peaks High Level Project of Jiangsu Province(No.2017-XNY-004)the Natural Sciences and Engineering Research Council(NSERC)of Canada。
文摘This paper develops an adaptive two-stage unscented Kalman filter(ATSUKF)to accurately track operation states of the synchronous generator(SG)under cyber attacks.To achieve high fidelity,considering the excitation system of SGs,a detailed 9~(th)-order SG model for dynamic state estimation is established.Then,for several common cyber attacks against measurements,a two-stage unscented Kalman filter is proposed to estimate the model state and the bias in parallel.Subsequently,to solve the deterioration problem of state estimation performance caused by the mismatch between noise statistical characteristics and model assumptions,a multi-dimensional adaptive factor matrix is derived to modify the noise covariance matrix.Finally,a large number of simulation experiments are carried out on the IEEE 39-bus system,which shows that the proposed filter can accurately track the SG state under different abnormal test conditions.
基金supported in part by the National Science Foundation under Grant ECCS-0955265.
文摘This paper presents a transient energy based screening approach for quickly identifying potential critical attacks that might have significant impacts on power system transient stability.Specifically,the proposed approach focuses on the total transient energy injected into power systems as the result of assumptive cyber attacks.The computational improvements of the proposed method are significant as the time-domain simulations can be avoided.The efficacy of the proposed approach is demonstrated using a practical power system with various cyber attack scenarios.The identification results of the proposed method can be used to guide more detailed impact analysis and to develop more effective countermeasures against cyber attacks.
文摘With the growing concern about the security and privacy of smart grid systems,cyberattacks on critical power grid components,such as state estimation,have proven to be one of the top-priority cyber-related issues and have received significant attention in recent years.However,cyberattack detection in smart grids now faces new challenges,including privacy preservation and decentralized power zones with strategic data owners.To address these technical bottlenecks,this paper proposes a novel Federated Learning-based privacy-preserving and communication-efficient attack detection framework,known as FedDiSC,that enables Discrimination between power System disturbances and Cyberattacks.Specifically,we first propose a Federated Learning approach to enable Supervisory Control and Data Acquisition subsystems of decentralized power grid zones to collaboratively train an attack detection model without sharing sensitive power related data.Secondly,we put forward a representation learning-based Deep Auto-Encoder network to accurately detect power system and cybersecurity anomalies.Lastly,to adapt our proposed framework to the timeliness of real-world cyberattack detection in SGs,we leverage the use of a gradient privacy-preserving quantization scheme known as DP-SIGNSGD to improve its communication efficiency.Extensive simulations of the proposed framework on publicly available Industrial Control Systems datasets demonstrate that the proposed framework can achieve superior detection accuracy while preserving the privacy of sensitive power grid related information.Furthermore,we find that the gradient quantization scheme utilized improves communication efficiency by 40%when compared to a traditional federated learning approach without gradient quantization which suggests suitability in a real-world scenario.
基金This research was supported by the National Natural Science Foundation of China under Grant No.61903167.
文摘This paper focuses on the robust control issue for interval type-2 Takagi-Sugeno(IT2 T-S)fuzzy discrete systems with input delays and cyber attacks.The lower and upper membership functions are first utilized to IT2 fuzzy discrete systems to capture parameter uncertainties.By considering the influences of input delays and stochastic cyber attacks,a newly fuzzy robust controller is established.Afterward,the asymptotic stability sufficient conditions in form of LMIs for the IT2 closed-loop systems are given via establishing a Lyapunov-Krasovskii functional.Afterward,a solving algorithm for obtaining the controller gains is given.Finally,the effectiveness of the developed IT2 fuzzy method is verified by a numerical example.
文摘Cyber Defense is becoming a major issue for every organization to keep business continuity intact.The presented paper explores the effectiveness of a meta-heuristic optimization algorithm-Artificial Bees Colony Algorithm(ABC)as an Nature Inspired Cyber Security mechanism to achieve adaptive defense.It experiments on the Denial-Of-Service attack scenarios which involves limiting the traffic flow for each node.Businesses today have adapted their service distribution models to include the use of the Internet,allowing them to effectively manage and interact with their customer data.This shift has created an increased reliance on online services to store vast amounts of confidential customer data,meaning any disruption or outage of these services could be disastrous for the business,leaving them without the knowledge to serve their customers.Adversaries can exploit such an event to gain unauthorized access to the confidential data of the customers.The proposed algorithm utilizes an Adaptive Defense approach to continuously select nodes that could present characteristics of a probable malicious entity.For any changes in network parameters,the cluster of nodes is selected in the prepared solution set as a probable malicious node and the traffic rate with the ratio of packet delivery is managed with respect to the properties of normal nodes to deliver a disaster recovery plan for potential businesses.
文摘This article signals the use of Artificial Intelligence (AI) in information security where its merits, downsides as well as unanticipated negative outcomes are noted. It considers AI based models that can strengthen or undermine infrastructural functions and organize the networks. In addition, the essay delves into AI’s role in Cyber security software development and the need for AI-resilient strategies that could anticipate and thwart AI-created vulnerabilities. The document also touched on the socioeconomic ramifications of the emergence of AI in Cyber security as well. Looking into AI and security literature, the report outlines benefits including made threat detection precision, extended security ops efficiency, and preventive security tasks. At the same time, it emphasizes the positive side of AI, but it also shows potential limitations such as data bias, lack of interpretability, ethical concerns, and security flaws. The work similarly focuses on the characterized of misuse and sophisticated cyberattacks. The research suggests ways to diminish AI-generating maleficence which comprise ethical AI development, robust safety measures and constant audits and updates. With regard to the AI application in Cyber security, there are both pros and cons in terms of socio-economic issues, for example, job displacement, economic growth and the change in the required workforce skills.
基金supported by the Ministry of the Higher Education and Scientific Research in Tunisia
文摘In this paper, we investigate a resilient control strategy for networked control systems(NCSs) subject to zero dynamic attacks which are stealthy false-data injection attacks that are designed so that they cannot be detected based on control input and measurement data. Cyber resilience represents the ability of systems or network architectures to continue providing their intended behavior during attack and recovery. When a cyber attack on the control signal of a networked control system is computed to remain undetectable from passive model-based fault detection and isolation schemes, we show that the consequence of a zero dynamic attack on the state variable of the plant is undetectable during attack but it becomes apparent after the end of the attack. A resilient linear quadratic Gaussian controller, having the ability to quickly recover the nominal behavior of the closed-loop system after the attack end, is designed by updating online the Kalman filter from information given by an active version of the generalized likelihood ratio detector.
基金Project supported by the National Natural Science Foundation of China(Grant Nos.61074159 and 61703286)
文摘We propose a new approach to discuss the consensus problem of multi-agent systems with time-varying delayed control inputs, switching topologies, and stochastic cyber-attacks under hybrid-triggered mechanism.A Bernoulli variable is used to describe the hybrid-triggered scheme, which is introduced to alleviate the burden of the network.The mathematical model of the closed-loop control system is established by taking the influences of time-varying delayed control inputs,switching topologies, and stochastic cyber-attacks into account under the hybrid-triggered scheme.A theorem as the main result is given to make the system consistent based on the theory of Lyapunov stability and linear matrix inequality.Markov jumps with uncertain rates of transitions are applied to describe the switch of topologies.Finally, a simulation example demonstrates the feasibility of the theory in this paper.
基金Project supported by the National Natural Science Foundation of China(Grant Nos.61807016 and 61772013)the Natural Science Foundation of Jiangsu Province,China(Grant No.BK20181342)
文摘In this paper, we investigate the group consensus for leaderless multi-agent systems. The group consensus protocol based on the position information from neighboring agents is designed. The network may be subjected to frequent cyberattacks, which is close to an actual case. The cyber-attacks are assumed to be recoverable. By utilizing algebraic graph theory, linear matrix inequality(LMI) and Lyapunov stability theory, the multi-agent systems can achieve group consensus under the proposed control protocol. The sufficient conditions of the group consensus for the multi-agent networks subjected to cyber-attacks are given. Furthermore, the results are extended to the consensus issue of multiple subgroups with cyber-attacks. Numerical simulations are performed to demonstrate the effectiveness of the theoretical results.
基金This work was supported by the Natural Science Foundation of China (NSFC)-Guangdong Joint Foundation Key Project (No. U1401253), the NSFC (Nos. 61573153, 616721 74), the Foundation of Guangdong Provincial Science and Technology Projects (No. 2013B010401001 ), the Fundamental Research Funds for the Central Universities (No. 2015ZZ099), the Guangzhou Science and Technology Plan Project (No. 201510010132), the Maoming Science and Technology Plan Project (No. MM201 7000004), and the National Natural Science Foundation of Guangdong Province (No. 2016A030313510).
文摘Without the known state equation, a new state estimation strategy is designed to be against malicious attacks for cyber physical systems. Inspired by the idea of data reconstruction, the compressive sensing (CS) is applied to reconstruction of residual measurements after the detection and identification scheme based on the Markov graph of the system state, which increases the resilience of state estimation strategy against deception attacks. First, the observability analysis is introduced to decide the triggering time of the measurement reconstruction and the damage level from attacks. In particular, the dictionary learning is proposed to form the over-completed dictionary by K-singular value decomposition (K-SVD), which is produced adaptively according to the characteristics of the measurement data. In addition, due to the irregularity of residual measurements, a sampling matrix is designed as the measurement matrix. Finally, the simulation experiments are performed on 6-bus power system. Results show that the reconstruction of measurements is completed well by the proposed reconstruction method, and the corresponding effects are better than reconstruction scheme based on the joint dictionary and the traditional Gauss or Bernoulli random matrix respectively. Especially, when only 29% available clean measurements are left, performance of the proposed strategy is still extraordinary, which reflects generality for five kinds of recovery algorithms.
