Dear Editor,The letter deals with the distributed state and fault estimation of the whole physical layer for cyber-physical systems(CPSs) when the cyber layer suffers from DoS attacks. With the advancement of embedded...Dear Editor,The letter deals with the distributed state and fault estimation of the whole physical layer for cyber-physical systems(CPSs) when the cyber layer suffers from DoS attacks. With the advancement of embedded computing, communication and related hardware technologies, CPSs have attracted extensive attention and have been widely used in power system, traffic network, refrigeration system and other fields.展开更多
This paper investigates the secure impulsive consensus of Lipschitz-type nonlinear multi-agent systems(MASs) with input saturation. According to the coupling of input saturation and denial of service(DoS) attacks, imp...This paper investigates the secure impulsive consensus of Lipschitz-type nonlinear multi-agent systems(MASs) with input saturation. According to the coupling of input saturation and denial of service(DoS) attacks, impulsive control for MASs becomes extremely challenging. Considering general DoS attacks,this paper provides the sufficient conditions for the almost sure consensus of the MASs with input saturation, where the error system can achieve almost sure local exponential stability.Through linear matrix inequalities(LMIs), the relation between the trajectory boundary and DoS attacks is characterized, and the trajectory boundary is estimated. Furthermore, an optimization method of the domain of attraction is proposed to maximize the size. And a non-conservative and practical boundary is proposed to characterize the effect of DoS attacks on MASs. Finally, considering a multi-agent system with typical Chua's circuit dynamic model, an example is provided to illustrate the theorems' correctness.展开更多
Aiming at the industry cyber-physical system(ICPS)where Denial-of-Service(DoS)attacks and actuator failure coexist,the integrated security control problem of ICPS under multi-objective constraints was studied.First,fr...Aiming at the industry cyber-physical system(ICPS)where Denial-of-Service(DoS)attacks and actuator failure coexist,the integrated security control problem of ICPS under multi-objective constraints was studied.First,from the perspective of the defender,according to the differential impact of the system under DoS attacks of different energies,the DoS attacks energy grading detection standard was formulated,and the ICPS comprehensive security control framework was constructed.Secondly,a security transmission strategy based on event triggering was designed.Under the DoS attack energy classification detection mechanism,for large-energy attacks,the method based on time series analysis was considered to predict and compensate for lost data.Therefore,on the basis of passive and elastic response to small energy attacks,the active defense capability against DoS attacks was increased.Then by introducing the conecomplement linearization algorithm,the calculation methods of the state and fault estimation observer and the integrated safety controller were deduced,the goal of DoS attack active and passive hybrid intrusion tolerance and actuator failure active fault tolerance were realized.Finally,a simulation example of a four-capacity water tank system was given to verify the validity of the obtained conclusions.展开更多
The filter-based reactive packet filtering is a key technology in attack traffic filtering for defending against the Denial-of- Service (DOS) attacks. Two kinds of relevant schemes have been proposed as victim- end ...The filter-based reactive packet filtering is a key technology in attack traffic filtering for defending against the Denial-of- Service (DOS) attacks. Two kinds of relevant schemes have been proposed as victim- end filtering and source-end filtering. The first scheme prevents attack traffic from reaching the victim, but causes the huge loss of legitimate flows due to the scarce filters (termed as collateral damages); the other extreme scheme can obtain the sufficient filters, but severely degrades the network transmission performance due to the abused filtering routers. In this paper, we propose a router based packet filtering scheme, which provides relatively more filters while reducing the quantity of filtering touters. We implement this scheme on the emulated DoS scenarios based on the synthetic and real-world Internet topologies. Our evaluation results show that compared to the previous work, our scheme just uses 20% of its filtering routers, but only increasing less than 15 percent of its collateral damage.展开更多
This paper investigates the event-triggered security consensus problem for nonlinear multi-agent systems(MASs)under denial-of-service(Do S)attacks over an undirected graph.A novel adaptive memory observer-based anti-d...This paper investigates the event-triggered security consensus problem for nonlinear multi-agent systems(MASs)under denial-of-service(Do S)attacks over an undirected graph.A novel adaptive memory observer-based anti-disturbance control scheme is presented to improve the observer accuracy by adding a buffer for the system output measurements.Meanwhile,this control scheme can also provide more reasonable control signals when Do S attacks occur.To save network resources,an adaptive memory event-triggered mechanism(AMETM)is also proposed and Zeno behavior is excluded.It is worth mentioning that the AMETM's updates do not require global information.Then,the observer and controller gains are obtained by using the linear matrix inequality(LMI)technique.Finally,simulation examples show the effectiveness of the proposed control scheme.展开更多
This paper designs a decentralized resilient H_(∞)load frequency control(LFC)scheme for multi-area cyber-physical power systems(CPPSs).Under the network-based control framework,the sampled measurements are transmitte...This paper designs a decentralized resilient H_(∞)load frequency control(LFC)scheme for multi-area cyber-physical power systems(CPPSs).Under the network-based control framework,the sampled measurements are transmitted through the communication networks,which may be attacked by energylimited denial-of-service(DoS)attacks with a characterization of the maximum count of continuous data losses(resilience index).Each area is controlled in a decentralized mode,and the impacts on one area from other areas via their interconnections are regarded as the additional load disturbance of this area.Then,the closed-loop LFC system of each area under DoS attacks is modeled as an aperiodic sampled-data control system with external disturbances.Under this modeling,a decentralized resilient H_(∞)scheme is presented to design the state-feedback controllers with guaranteed H∞performance and resilience index based on a novel transmission interval-dependent loop functional method.When given the controllers,the proposed scheme can obtain a less conservative H_(∞)performance and resilience index that the LFC system can tolerate.The effectiveness of the proposed LFC scheme is evaluated on a one-area CPPS and two three-area CPPSs under DoS attacks.展开更多
This paper characterizes the joint effects of plant uncertainty,Denial-of-Service(DoS)attacks,and fading channel on the stabilization problem of networked control systems(NCSs).It is assumed that the controller remote...This paper characterizes the joint effects of plant uncertainty,Denial-of-Service(DoS)attacks,and fading channel on the stabilization problem of networked control systems(NCSs).It is assumed that the controller remotely controls the plant and the control input is transmitted over a fading channel.Meanwhile,considering the sustained attack cycle and frequency of DoS attacks are random,the packet-loss caused by DoS attacks is modelled by a Markov process.The sampled-data NCS is transformed into a stochastic form with Markov jump and uncertain parameter.Then,based on Lyapunov functional method,linear matrix inequality(LMI)-based sufficient conditions are presented to ensure the stability of uncertain NCSs.The main contribution of this article lies in the construction of NCSs based on DoS attacks into Markov jump system(MJS)and the joint consideration of fading channel and plant uncertainty.展开更多
Mobile Edge Computing(MEC)is a pivotal technology that provides agile-response services by deploying computation and storage resources in proximity to end-users.However,resource-constrained edge servers fall victim to...Mobile Edge Computing(MEC)is a pivotal technology that provides agile-response services by deploying computation and storage resources in proximity to end-users.However,resource-constrained edge servers fall victim to Denial-of-Service(DoS)attacks easily.Failures to mitigate DoS attacks effectively hinder the delivery of reliable and sustainable edge services.Conventional DoS mitigation solutions in cloud computing environments are not directly applicable in MEC environments because their design did not factor in the unique characteristics of MEC environments,e.g.,constrained resources on edge servers and requirements for low service latency.Existing solutions mitigate edge DoS attacks by transferring user requests from edge servers under attacks to others for processing.Furthermore,the heterogeneity in end-users’resource demands can cause resource fragmentation on edge servers and undermine the ability of these solutions to mitigate DoS attacks effectively.User requests often have to be transferred far away for processing,which increases the service latency.To tackle this challenge,this paper presents a fragmentationaware gaming approach called HEDMGame that attempts to minimize service latency by matching user requests to edge servers’remaining resources while making request-transferring decisions.Through theoretical analysis and experimental evaluation,we validate the effectiveness and efficiency of HEDMGame,and demonstrate its superiority over the state-of-the-art solution.展开更多
In this paper,the authors consider how to design defensive countermeasures against DoS attacks for remote state estimation of multiprocess systems.For each system,a sensor will measure its state and transmits the data...In this paper,the authors consider how to design defensive countermeasures against DoS attacks for remote state estimation of multiprocess systems.For each system,a sensor will measure its state and transmits the data packets through an unreliable channel which is vulnerable to be jammed by an attacker.Under limited communication bandwidth,only a subset of sensors are allowed for data transmission,and how to select the optimal one to maximize the accuracy of remote state estimation is the focus of the proposed work.The authors first formulate this problem as a Markov decision process and investigate the existence of optimal policy.Moreover,the authors demonstrate the piecewise monotonicity structure of optimal policy.Given the difficulty of obtaining an optimal policy of large-scale problems,the authors develop a suboptimal heuristic policy based on the aforementioned policy structure and Whittle’s index.Moreover,a closed form of the indices is derived in order to reduce implementation complexity of proposed scheduling policy and numerical examples are provided to illustrate the proposed developed results.展开更多
This paper addresses the consensus problem of nonlinear multi-agent systems subject to external disturbances and uncertainties under denial-ofservice(DoS)attacks.Firstly,an observer-based state feedback control method...This paper addresses the consensus problem of nonlinear multi-agent systems subject to external disturbances and uncertainties under denial-ofservice(DoS)attacks.Firstly,an observer-based state feedback control method is employed to achieve secure control by estimating the system's state in real time.Secondly,by combining a memory-based adaptive eventtriggered mechanism with neural networks,the paper aims to approximate the nonlinear terms in the networked system and efficiently conserve system resources.Finally,based on a two-degree-of-freedom model of a vehicle affected by crosswinds,this paper constructs a multi-unmanned ground vehicle(Multi-UGV)system to validate the effectiveness of the proposed method.Simulation results show that the proposed control strategy can effectively handle external disturbances such as crosswinds in practical applications,ensuring the stability and reliable operation of the Multi-UGV system.展开更多
The rapid progression of the Internet of Things(IoT)technology enables its application across various sectors.However,IoT devices typically acquire inadequate computing power and user interfaces,making them susceptibl...The rapid progression of the Internet of Things(IoT)technology enables its application across various sectors.However,IoT devices typically acquire inadequate computing power and user interfaces,making them susceptible to security threats.One significant risk to cloud networks is Distributed Denial-of-Service(DoS)attacks,where attackers aim to overcome a target system with excessive data and requests.Among these,low-rate DoS(LR-DoS)attacks present a particular challenge to detection.By sending bursts of attacks at irregular intervals,LR-DoS significantly degrades the targeted system’s Quality of Service(QoS).The low-rate nature of these attacks confuses their detection,as they frequently trigger congestion control mechanisms,leading to significant instability in IoT systems.Therefore,to detect the LR-DoS attack,an innovative deep-learning model has been developed for this research work.The standard dataset is utilized to collect the required data.Further,the deep feature extraction process is executed using the Residual Autoencoder with Sparse Attention(ResAE-SA),which helps derive the significant feature required for detection.Ultimately,the Adaptive Dense Recurrent Neural Network(ADRNN)is implemented to detect LR-DoS effectively.To enhance the detection process,the parameters present in the ADRNN are optimized using the Renovated Random Attribute-based Fennec Fox Optimization(RRA-FFA).The proposed optimization reduces the False Discovery Rate and False Positive Rate,maximizing the Matthews Correlation Coefficient from 23,70.8,76.2,84.28 in Dataset 1 and 70.28,73.8,74.1,82.6 in Dataset 2 on EPC-ADRNN,DPO-ADRNN,GTO-ADRNN,FFA-ADRNN respectively to 95.8 on Dataset 1 and 91.7 on Dataset 2 in proposed model.At batch size 4,the accuracy of the designed RRA-FFA-ADRNN model progressed by 9.2%to GTO-ADRNN,11.6%to EFC-ADRNN,10.9%to DPO-ADRNN,and 4%to FFA-ADRNN for Dataset 1.The accuracy of the proposed RRA-FFA-ADRNN is boosted by 12.9%,9.09%,11.6%,and 10.9%over FFCNN,SVM,RNN,and DRNN,using Dataset 2,showing a better improvement in accuracy with that of the proposed RRA-FFA-ADRNN model with 95.7%using Dataset 1 and 94.1%with Dataset 2,which is better than the existing baseline models.展开更多
The implementation of Countermeasure Techniques(CTs)in the context of Network-On-Chip(NoC)based Multiprocessor System-On-Chip(MPSoC)routers against the Flooding Denial-of-Service Attack(F-DoSA)falls under Multi-Criter...The implementation of Countermeasure Techniques(CTs)in the context of Network-On-Chip(NoC)based Multiprocessor System-On-Chip(MPSoC)routers against the Flooding Denial-of-Service Attack(F-DoSA)falls under Multi-Criteria Decision-Making(MCDM)due to the three main concerns,called:traffic variations,multiple evaluation criteria-based traffic features,and prioritization NoC routers as an alternative.In this study,we propose a comprehensive evaluation of various NoC traffic features to identify the most efficient routers under the F-DoSA scenarios.Consequently,an MCDM approach is essential to address these emerging challenges.While the recent MCDM approach has some issues,such as uncertainty,this study utilizes Fuzzy-Weighted Zero-Inconsistency(FWZIC)to estimate the criteria weight values and Fuzzy Decision by Opinion Score Method(FDOSM)for ranking the routers with fuzzy Single-valued Neutrosophic under names(SvN-FWZIC and SvN-FDOSM)to overcome the ambiguity.The results obtained by using the SvN-FWZIC method indicate that the Max packet count has the highest importance among the evaluated criteria,with a weighted score of 0.1946.In contrast,the Hop count is identified as the least significant criterion,with a weighted score of 0.1090.The remaining criteria fall within a range of intermediate importance,with enqueue time scoring 0.1845,packet count decremented and traversal index scoring 0.1262,packet count incremented scoring 0.1124,and packet count index scoring 0.1472.In terms of ranking,SvN-FDOSM has two approaches:individual and group.Both the individual and group ranking processes show that(Router 4)is the most effective router,while(Router 3)is the lowest router under F-DoSA.The sensitivity analysis provides a high stability in ranking among all 10 scenarios.This approach offers essential feedback in making proper decisions in the design of countermeasure techniques in the domain of NoC-based MPSoC.展开更多
This paper investigates the problem of optimal secure control for networked control systems under hybrid attacks.A control strategy based on the Stackelberg game framework is proposed,which differs from conventional m...This paper investigates the problem of optimal secure control for networked control systems under hybrid attacks.A control strategy based on the Stackelberg game framework is proposed,which differs from conventional methods by considering both denial-of-service(DoS)and false data injection(FDI)attacks simultaneously.Additionally,the stability conditions for the system under these hybrid attacks are established.It is technically challenging to design the control strategy by predicting attacker actions based on Stcakelberg game to ensure the system stability under hybrid attacks.Another technical difficulty lies in establishing the conditions for mean-square asymptotic stability due to the complexity of the attack scenarios Finally,simulations on an unstable batch reactor system under hybrid attacks demonstrate the effectiveness of the proposed strategy.展开更多
In this paper,we investigate the observer-based event-triggered consensus problem for linear multi-agent systems(MASs)under a directed graph and denial-of-service(DoS)attacks.A type of DoS attacks launched by maliciou...In this paper,we investigate the observer-based event-triggered consensus problem for linear multi-agent systems(MASs)under a directed graph and denial-of-service(DoS)attacks.A type of DoS attacks launched by malicious attackers at irregular intervals is considered,which can cause communication channel disruption.A novel event-triggered secure control scheme based on a closed-loop observer is proposed to determine the scheduling of the controller update,and a separation method with less conservativeness is employed to design the controller and observer gains.Then,the frequency and duration of DoS attacks that can be tolerated are analysed for the observer-based secure consensus problem.In addition,a strictly positive minimal event-triggered time interval for each agent is designed with the help of the proposed eventtriggered condition to eliminate the Zeno behaviour.Finally,a numerical simulation is given to verify the theoretical analysis.展开更多
This paper addresses the bipartite consensus over cooperation-competition networks affected by denial-of-service(DoS) attacks.Consider that a network consists of multiple interactive agents, and the relationship betwe...This paper addresses the bipartite consensus over cooperation-competition networks affected by denial-of-service(DoS) attacks.Consider that a network consists of multiple interactive agents, and the relationship between neighboring agents is cooperative or competitive. Meanwhile, information transmission among the agents is unavailable during the intervals of attacks. In order to save communication resources and exclude the Zeno behavior, an event-triggered scheme depending on the sampled-data information from neighboring agents is proposed, and efficient defense strategies in response to the attacks are put forward.Suppose that the frequency and duration of DoS attacks meet certain requirements, then according to the signed graph theory,the La Salle’s invariance principle, and the convergence of monotone sequences, the results of bipartite consensus via the eventtriggered protocol are provided, which are mainly related to the communication topology of the network, the sampling period,and the threshold parameters in the event-triggered scheme. It is shown that the bipartite consensus is realized even though the DoS attacks take place frequently. Furthermore, this paper discusses the bipartite consensus in the presence of DoS attacks with a random unsuccessful rate. Finally, numerical simulations illustrate the theoretical results.展开更多
LDoS (Low-rate Denial of Service) attack, exploiting the flaws in the congestion avoidance mechanism of TCP protocol,is periodic, stealthy, and with high efficiency. Since BGP uses TCP as a transport protocol, it is...LDoS (Low-rate Denial of Service) attack, exploiting the flaws in the congestion avoidance mechanism of TCP protocol,is periodic, stealthy, and with high efficiency. Since BGP uses TCP as a transport protocol, it is subject to LDoS attacks as well. LDoS attacks can cause table reset, route flapping of BGP protocol. A deliberately constructed distributed low-rate DOS attacks can even generate surge of updates throughout the Internet. In this paper, we investigate the promotion of attack efficiency of this novel attack, and then propose an attack model to simulate the LDoS attack. Experiments prove that this attack model can exponentially lower the attack costs and improve the attack effect.展开更多
Connected automated vehicles(CAVs)serve as a promising enabler for future intelligent transportation systems because of their capabilities in improving traffic efficiency and driving safety,and reducing fuel consumpti...Connected automated vehicles(CAVs)serve as a promising enabler for future intelligent transportation systems because of their capabilities in improving traffic efficiency and driving safety,and reducing fuel consumption and vehicle emissions.A fundamental issue in CAVs is platooning control that empowers a convoy of CAVs to be cooperatively maneuvered with desired longitudinal spacings and identical velocities on roads.This paper addresses the issue of resilient and safe platooning control of CAVs subject to intermittent denial-of-service(DoS)attacks that disrupt vehicle-to-vehicle communications.First,a heterogeneous and uncertain vehicle longitudinal dynamic model is presented to accommodate a variety of uncertainties,including diverse vehicle masses and engine inertial delays,unknown and nonlinear resistance forces,and a dynamic platoon leader.Then,a resilient and safe distributed longitudinal platooning control law is constructed with an aim to preserve simultaneous individual vehicle stability,attack resilience,platoon safety and scalability.Furthermore,a numerically efficient offline design algorithm for determining the desired platoon control law is developed,under which the platoon resilience against DoS attacks can be maximized but the anticipated stability,safety and scalability requirements remain preserved.Finally,extensive numerical experiments are provided to substantiate the efficacy of the proposed platooning method.展开更多
This paper investigates the sliding mode control(SMC) problem for a class of discrete-time nonlinear networked Markovian jump systems(MJSs) in the presence of probabilistic denial-of-service(Do S) attacks. The communi...This paper investigates the sliding mode control(SMC) problem for a class of discrete-time nonlinear networked Markovian jump systems(MJSs) in the presence of probabilistic denial-of-service(Do S) attacks. The communication network via which the data is propagated is unsafe and the malicious adversary can attack the system during state feedback. By considering random Denial-of-Service attacks, a new sliding mode variable is designed, which takes into account the distribution information of the probabilistic attacks. Then, by resorting to Lyapunov theory and stochastic analysis methods, sufficient conditions are established for the existence of the desired sliding mode controller, guaranteeing both reachability of the designed sliding surface and stability of the resulting sliding motion.Finally, a simulation example is given to demonstrate the effectiveness of the proposed sliding mode control algorithm.展开更多
Multi-agent systems are usually equipped with open communication infrastructures to improve interactions efficiency,reliability and sustainability.Although technologically costeffective,this makes them vulnerable to c...Multi-agent systems are usually equipped with open communication infrastructures to improve interactions efficiency,reliability and sustainability.Although technologically costeffective,this makes them vulnerable to cyber-attacks with potentially catastrophic consequences.To this end,we present a novel control architecture capable to deal with the distributed constrained regulation problem in the presence of time-delay attacks on the agents’communication infrastructure.The basic idea consists of orchestrating the interconnected cyber-physical system as a leader-follower configuration so that adequate control actions are computed to isolate the attacked unit before it compromises the system operations.Simulations on a multi-area power system confirm that the proposed control scheme can reconfigure the leader-follower structure in response to denial ofservice(DoS)attacks.展开更多
In this paper,denial of service(DoS)attack management for destroying the collaborative estimation in sensor networks and minimizing attack energy from the attacker perspective is studied.In the communication channels ...In this paper,denial of service(DoS)attack management for destroying the collaborative estimation in sensor networks and minimizing attack energy from the attacker perspective is studied.In the communication channels between sensors and a remote estimator,the attacker chooses some channels to randomly jam DoS attacks to make their packets randomly dropped.A stochastic power allocation approach composed of three steps is proposed.Firstly,the minimum number of channels and the channel set to be attacked are given.Secondly,a necessary condition and a sufficient condition on the packet loss probabilities of the channels in the attack set are provided for general and special systems,respectively.Finally,by converting the original coupling nonlinear programming problem to a linear programming problem,a method of searching attack probabilities and power to minimize the attack energy is proposed.The effectiveness of the proposed scheme is verified by simulation examples.展开更多
基金supported by the National Natural Science Foundation of China(62303273,62373226)the National Research Foundation,Singapore through the Medium Sized Center for Advanced Robotics Technology Innovation(WP2.7)
文摘Dear Editor,The letter deals with the distributed state and fault estimation of the whole physical layer for cyber-physical systems(CPSs) when the cyber layer suffers from DoS attacks. With the advancement of embedded computing, communication and related hardware technologies, CPSs have attracted extensive attention and have been widely used in power system, traffic network, refrigeration system and other fields.
基金supported by the National Natural Science Foundation of China(62373302,62333009)
文摘This paper investigates the secure impulsive consensus of Lipschitz-type nonlinear multi-agent systems(MASs) with input saturation. According to the coupling of input saturation and denial of service(DoS) attacks, impulsive control for MASs becomes extremely challenging. Considering general DoS attacks,this paper provides the sufficient conditions for the almost sure consensus of the MASs with input saturation, where the error system can achieve almost sure local exponential stability.Through linear matrix inequalities(LMIs), the relation between the trajectory boundary and DoS attacks is characterized, and the trajectory boundary is estimated. Furthermore, an optimization method of the domain of attraction is proposed to maximize the size. And a non-conservative and practical boundary is proposed to characterize the effect of DoS attacks on MASs. Finally, considering a multi-agent system with typical Chua's circuit dynamic model, an example is provided to illustrate the theorems' correctness.
基金supported by Gansu Higher Education Innovation Fund Project(No.2023B-439)。
文摘Aiming at the industry cyber-physical system(ICPS)where Denial-of-Service(DoS)attacks and actuator failure coexist,the integrated security control problem of ICPS under multi-objective constraints was studied.First,from the perspective of the defender,according to the differential impact of the system under DoS attacks of different energies,the DoS attacks energy grading detection standard was formulated,and the ICPS comprehensive security control framework was constructed.Secondly,a security transmission strategy based on event triggering was designed.Under the DoS attack energy classification detection mechanism,for large-energy attacks,the method based on time series analysis was considered to predict and compensate for lost data.Therefore,on the basis of passive and elastic response to small energy attacks,the active defense capability against DoS attacks was increased.Then by introducing the conecomplement linearization algorithm,the calculation methods of the state and fault estimation observer and the integrated safety controller were deduced,the goal of DoS attack active and passive hybrid intrusion tolerance and actuator failure active fault tolerance were realized.Finally,a simulation example of a four-capacity water tank system was given to verify the validity of the obtained conclusions.
基金supported in part by the funding agencies of china:the Doctoral Fund of Northeastern University of Qinhuangdao(Grant No.XNB201410)the Fundamental Research Funds for the Central Universities(Grant No.N130323005)
文摘The filter-based reactive packet filtering is a key technology in attack traffic filtering for defending against the Denial-of- Service (DOS) attacks. Two kinds of relevant schemes have been proposed as victim- end filtering and source-end filtering. The first scheme prevents attack traffic from reaching the victim, but causes the huge loss of legitimate flows due to the scarce filters (termed as collateral damages); the other extreme scheme can obtain the sufficient filters, but severely degrades the network transmission performance due to the abused filtering routers. In this paper, we propose a router based packet filtering scheme, which provides relatively more filters while reducing the quantity of filtering touters. We implement this scheme on the emulated DoS scenarios based on the synthetic and real-world Internet topologies. Our evaluation results show that compared to the previous work, our scheme just uses 20% of its filtering routers, but only increasing less than 15 percent of its collateral damage.
基金supported by the National Natural Science Foundation of China(61773056)the Scientific and Technological Innovation Foundation of Shunde Graduate School,University of Science and Technology Beijing(USTB)(BK19AE018)+2 种基金the Fundamental Research Funds for the Central Universities of USTB(FRF-TP-20-09B,230201606500061,FRF-DF-20-35,FRF-BD-19-002A)supported by Zhejiang Natural Science Foundation(LD21F030001)supported by the National Research Foundation of Korea(NRF)grant funded by the Korea government(Ministry of Science and Information and Communications Technology)(NRF-2020R1A2C1005449)。
文摘This paper investigates the event-triggered security consensus problem for nonlinear multi-agent systems(MASs)under denial-of-service(Do S)attacks over an undirected graph.A novel adaptive memory observer-based anti-disturbance control scheme is presented to improve the observer accuracy by adding a buffer for the system output measurements.Meanwhile,this control scheme can also provide more reasonable control signals when Do S attacks occur.To save network resources,an adaptive memory event-triggered mechanism(AMETM)is also proposed and Zeno behavior is excluded.It is worth mentioning that the AMETM's updates do not require global information.Then,the observer and controller gains are obtained by using the linear matrix inequality(LMI)technique.Finally,simulation examples show the effectiveness of the proposed control scheme.
基金supported by the National Natural Science Foundation(NNSF)of China(62003037,61873303)。
文摘This paper designs a decentralized resilient H_(∞)load frequency control(LFC)scheme for multi-area cyber-physical power systems(CPPSs).Under the network-based control framework,the sampled measurements are transmitted through the communication networks,which may be attacked by energylimited denial-of-service(DoS)attacks with a characterization of the maximum count of continuous data losses(resilience index).Each area is controlled in a decentralized mode,and the impacts on one area from other areas via their interconnections are regarded as the additional load disturbance of this area.Then,the closed-loop LFC system of each area under DoS attacks is modeled as an aperiodic sampled-data control system with external disturbances.Under this modeling,a decentralized resilient H_(∞)scheme is presented to design the state-feedback controllers with guaranteed H∞performance and resilience index based on a novel transmission interval-dependent loop functional method.When given the controllers,the proposed scheme can obtain a less conservative H_(∞)performance and resilience index that the LFC system can tolerate.The effectiveness of the proposed LFC scheme is evaluated on a one-area CPPS and two three-area CPPSs under DoS attacks.
基金supported in part by the National Natural Science Foundation of China(Nos.62173206,62103229)the China Postdoctoral Science Foundation(Nos.2021M691849,2021M692024)+1 种基金the Natural Science Foundation of Shandong Province(Nos.ZR2021ZD13,ZR2021QF026)the National Key R&D Program of China(No.2021YFE0193900)。
文摘This paper characterizes the joint effects of plant uncertainty,Denial-of-Service(DoS)attacks,and fading channel on the stabilization problem of networked control systems(NCSs).It is assumed that the controller remotely controls the plant and the control input is transmitted over a fading channel.Meanwhile,considering the sustained attack cycle and frequency of DoS attacks are random,the packet-loss caused by DoS attacks is modelled by a Markov process.The sampled-data NCS is transformed into a stochastic form with Markov jump and uncertain parameter.Then,based on Lyapunov functional method,linear matrix inequality(LMI)-based sufficient conditions are presented to ensure the stability of uncertain NCSs.The main contribution of this article lies in the construction of NCSs based on DoS attacks into Markov jump system(MJS)and the joint consideration of fading channel and plant uncertainty.
基金partially funded by the National Natural Science Foundation of China(No.62272001).
文摘Mobile Edge Computing(MEC)is a pivotal technology that provides agile-response services by deploying computation and storage resources in proximity to end-users.However,resource-constrained edge servers fall victim to Denial-of-Service(DoS)attacks easily.Failures to mitigate DoS attacks effectively hinder the delivery of reliable and sustainable edge services.Conventional DoS mitigation solutions in cloud computing environments are not directly applicable in MEC environments because their design did not factor in the unique characteristics of MEC environments,e.g.,constrained resources on edge servers and requirements for low service latency.Existing solutions mitigate edge DoS attacks by transferring user requests from edge servers under attacks to others for processing.Furthermore,the heterogeneity in end-users’resource demands can cause resource fragmentation on edge servers and undermine the ability of these solutions to mitigate DoS attacks effectively.User requests often have to be transferred far away for processing,which increases the service latency.To tackle this challenge,this paper presents a fragmentationaware gaming approach called HEDMGame that attempts to minimize service latency by matching user requests to edge servers’remaining resources while making request-transferring decisions.Through theoretical analysis and experimental evaluation,we validate the effectiveness and efficiency of HEDMGame,and demonstrate its superiority over the state-of-the-art solution.
基金supported by the National Natural Science Foundation of China under Grant No.20231120102304001,STIC under Grant Nos.62303212 and ZDSYS20220330161800001.
文摘In this paper,the authors consider how to design defensive countermeasures against DoS attacks for remote state estimation of multiprocess systems.For each system,a sensor will measure its state and transmits the data packets through an unreliable channel which is vulnerable to be jammed by an attacker.Under limited communication bandwidth,only a subset of sensors are allowed for data transmission,and how to select the optimal one to maximize the accuracy of remote state estimation is the focus of the proposed work.The authors first formulate this problem as a Markov decision process and investigate the existence of optimal policy.Moreover,the authors demonstrate the piecewise monotonicity structure of optimal policy.Given the difficulty of obtaining an optimal policy of large-scale problems,the authors develop a suboptimal heuristic policy based on the aforementioned policy structure and Whittle’s index.Moreover,a closed form of the indices is derived in order to reduce implementation complexity of proposed scheduling policy and numerical examples are provided to illustrate the proposed developed results.
基金The National Natural Science Foundation of China(W2431048)The Science and Technology Research Program of Chongqing Municipal Education Commission,China(KJZDK202300807)The Chongqing Natural Science Foundation,China(CSTB2024NSCQQCXMX0052).
文摘This paper addresses the consensus problem of nonlinear multi-agent systems subject to external disturbances and uncertainties under denial-ofservice(DoS)attacks.Firstly,an observer-based state feedback control method is employed to achieve secure control by estimating the system's state in real time.Secondly,by combining a memory-based adaptive eventtriggered mechanism with neural networks,the paper aims to approximate the nonlinear terms in the networked system and efficiently conserve system resources.Finally,based on a two-degree-of-freedom model of a vehicle affected by crosswinds,this paper constructs a multi-unmanned ground vehicle(Multi-UGV)system to validate the effectiveness of the proposed method.Simulation results show that the proposed control strategy can effectively handle external disturbances such as crosswinds in practical applications,ensuring the stability and reliable operation of the Multi-UGV system.
基金funded by the Ministry of Higher Education Malaysia,Fundamental Research Grant Scheme(FRGS),FRGS/1/2024/ICT07/UPNM/02/1.
文摘The rapid progression of the Internet of Things(IoT)technology enables its application across various sectors.However,IoT devices typically acquire inadequate computing power and user interfaces,making them susceptible to security threats.One significant risk to cloud networks is Distributed Denial-of-Service(DoS)attacks,where attackers aim to overcome a target system with excessive data and requests.Among these,low-rate DoS(LR-DoS)attacks present a particular challenge to detection.By sending bursts of attacks at irregular intervals,LR-DoS significantly degrades the targeted system’s Quality of Service(QoS).The low-rate nature of these attacks confuses their detection,as they frequently trigger congestion control mechanisms,leading to significant instability in IoT systems.Therefore,to detect the LR-DoS attack,an innovative deep-learning model has been developed for this research work.The standard dataset is utilized to collect the required data.Further,the deep feature extraction process is executed using the Residual Autoencoder with Sparse Attention(ResAE-SA),which helps derive the significant feature required for detection.Ultimately,the Adaptive Dense Recurrent Neural Network(ADRNN)is implemented to detect LR-DoS effectively.To enhance the detection process,the parameters present in the ADRNN are optimized using the Renovated Random Attribute-based Fennec Fox Optimization(RRA-FFA).The proposed optimization reduces the False Discovery Rate and False Positive Rate,maximizing the Matthews Correlation Coefficient from 23,70.8,76.2,84.28 in Dataset 1 and 70.28,73.8,74.1,82.6 in Dataset 2 on EPC-ADRNN,DPO-ADRNN,GTO-ADRNN,FFA-ADRNN respectively to 95.8 on Dataset 1 and 91.7 on Dataset 2 in proposed model.At batch size 4,the accuracy of the designed RRA-FFA-ADRNN model progressed by 9.2%to GTO-ADRNN,11.6%to EFC-ADRNN,10.9%to DPO-ADRNN,and 4%to FFA-ADRNN for Dataset 1.The accuracy of the proposed RRA-FFA-ADRNN is boosted by 12.9%,9.09%,11.6%,and 10.9%over FFCNN,SVM,RNN,and DRNN,using Dataset 2,showing a better improvement in accuracy with that of the proposed RRA-FFA-ADRNN model with 95.7%using Dataset 1 and 94.1%with Dataset 2,which is better than the existing baseline models.
文摘The implementation of Countermeasure Techniques(CTs)in the context of Network-On-Chip(NoC)based Multiprocessor System-On-Chip(MPSoC)routers against the Flooding Denial-of-Service Attack(F-DoSA)falls under Multi-Criteria Decision-Making(MCDM)due to the three main concerns,called:traffic variations,multiple evaluation criteria-based traffic features,and prioritization NoC routers as an alternative.In this study,we propose a comprehensive evaluation of various NoC traffic features to identify the most efficient routers under the F-DoSA scenarios.Consequently,an MCDM approach is essential to address these emerging challenges.While the recent MCDM approach has some issues,such as uncertainty,this study utilizes Fuzzy-Weighted Zero-Inconsistency(FWZIC)to estimate the criteria weight values and Fuzzy Decision by Opinion Score Method(FDOSM)for ranking the routers with fuzzy Single-valued Neutrosophic under names(SvN-FWZIC and SvN-FDOSM)to overcome the ambiguity.The results obtained by using the SvN-FWZIC method indicate that the Max packet count has the highest importance among the evaluated criteria,with a weighted score of 0.1946.In contrast,the Hop count is identified as the least significant criterion,with a weighted score of 0.1090.The remaining criteria fall within a range of intermediate importance,with enqueue time scoring 0.1845,packet count decremented and traversal index scoring 0.1262,packet count incremented scoring 0.1124,and packet count index scoring 0.1472.In terms of ranking,SvN-FDOSM has two approaches:individual and group.Both the individual and group ranking processes show that(Router 4)is the most effective router,while(Router 3)is the lowest router under F-DoSA.The sensitivity analysis provides a high stability in ranking among all 10 scenarios.This approach offers essential feedback in making proper decisions in the design of countermeasure techniques in the domain of NoC-based MPSoC.
基金supported in part by Shanghai Rising-Star Program,China under grant 22QA1409400in part by National Natural Science Foundation of China under grant 62473287 and 62088101in part by Shanghai Municipal Science and Technology Major Project under grant 2021SHZDZX0100.
文摘This paper investigates the problem of optimal secure control for networked control systems under hybrid attacks.A control strategy based on the Stackelberg game framework is proposed,which differs from conventional methods by considering both denial-of-service(DoS)and false data injection(FDI)attacks simultaneously.Additionally,the stability conditions for the system under these hybrid attacks are established.It is technically challenging to design the control strategy by predicting attacker actions based on Stcakelberg game to ensure the system stability under hybrid attacks.Another technical difficulty lies in establishing the conditions for mean-square asymptotic stability due to the complexity of the attack scenarios Finally,simulations on an unstable batch reactor system under hybrid attacks demonstrate the effectiveness of the proposed strategy.
基金the National Natural Science Foundation of China[61873338]Natural Science Foundation of Shandong Province[ZR2020KF034]Taishan Scholars[tsqn201812052].
文摘In this paper,we investigate the observer-based event-triggered consensus problem for linear multi-agent systems(MASs)under a directed graph and denial-of-service(DoS)attacks.A type of DoS attacks launched by malicious attackers at irregular intervals is considered,which can cause communication channel disruption.A novel event-triggered secure control scheme based on a closed-loop observer is proposed to determine the scheduling of the controller update,and a separation method with less conservativeness is employed to design the controller and observer gains.Then,the frequency and duration of DoS attacks that can be tolerated are analysed for the observer-based secure consensus problem.In addition,a strictly positive minimal event-triggered time interval for each agent is designed with the help of the proposed eventtriggered condition to eliminate the Zeno behaviour.Finally,a numerical simulation is given to verify the theoretical analysis.
基金supported by the National Natural Science Foundation of China (Grant Nos. 61833005,and 11972156)the Natural Science Foundation of Jiangsu Province (Grant No. BK20181342)the work of J.H.Park was supported by the National Research Foundation of Korea (NRF)and the Korea Government (MSIT)(Grant No. 2020R1A2B5B02002002)。
文摘This paper addresses the bipartite consensus over cooperation-competition networks affected by denial-of-service(DoS) attacks.Consider that a network consists of multiple interactive agents, and the relationship between neighboring agents is cooperative or competitive. Meanwhile, information transmission among the agents is unavailable during the intervals of attacks. In order to save communication resources and exclude the Zeno behavior, an event-triggered scheme depending on the sampled-data information from neighboring agents is proposed, and efficient defense strategies in response to the attacks are put forward.Suppose that the frequency and duration of DoS attacks meet certain requirements, then according to the signed graph theory,the La Salle’s invariance principle, and the convergence of monotone sequences, the results of bipartite consensus via the eventtriggered protocol are provided, which are mainly related to the communication topology of the network, the sampling period,and the threshold parameters in the event-triggered scheme. It is shown that the bipartite consensus is realized even though the DoS attacks take place frequently. Furthermore, this paper discusses the bipartite consensus in the presence of DoS attacks with a random unsuccessful rate. Finally, numerical simulations illustrate the theoretical results.
文摘LDoS (Low-rate Denial of Service) attack, exploiting the flaws in the congestion avoidance mechanism of TCP protocol,is periodic, stealthy, and with high efficiency. Since BGP uses TCP as a transport protocol, it is subject to LDoS attacks as well. LDoS attacks can cause table reset, route flapping of BGP protocol. A deliberately constructed distributed low-rate DOS attacks can even generate surge of updates throughout the Internet. In this paper, we investigate the promotion of attack efficiency of this novel attack, and then propose an attack model to simulate the LDoS attack. Experiments prove that this attack model can exponentially lower the attack costs and improve the attack effect.
基金supported in part by Australian Research Council Discovery Early Career Researcher Award(DE210100273)。
文摘Connected automated vehicles(CAVs)serve as a promising enabler for future intelligent transportation systems because of their capabilities in improving traffic efficiency and driving safety,and reducing fuel consumption and vehicle emissions.A fundamental issue in CAVs is platooning control that empowers a convoy of CAVs to be cooperatively maneuvered with desired longitudinal spacings and identical velocities on roads.This paper addresses the issue of resilient and safe platooning control of CAVs subject to intermittent denial-of-service(DoS)attacks that disrupt vehicle-to-vehicle communications.First,a heterogeneous and uncertain vehicle longitudinal dynamic model is presented to accommodate a variety of uncertainties,including diverse vehicle masses and engine inertial delays,unknown and nonlinear resistance forces,and a dynamic platoon leader.Then,a resilient and safe distributed longitudinal platooning control law is constructed with an aim to preserve simultaneous individual vehicle stability,attack resilience,platoon safety and scalability.Furthermore,a numerically efficient offline design algorithm for determining the desired platoon control law is developed,under which the platoon resilience against DoS attacks can be maximized but the anticipated stability,safety and scalability requirements remain preserved.Finally,extensive numerical experiments are provided to substantiate the efficacy of the proposed platooning method.
基金supported in part by the National Natural Science Foundation of China(61773209)the Six Talent Peaks Project in Jiangsu Province(XYDXX-033)+1 种基金the Postdoctoral Science Foundation of China(2014M551598)the Natural Science Foundation of Jiangsu Province(BK20190021)。
文摘This paper investigates the sliding mode control(SMC) problem for a class of discrete-time nonlinear networked Markovian jump systems(MJSs) in the presence of probabilistic denial-of-service(Do S) attacks. The communication network via which the data is propagated is unsafe and the malicious adversary can attack the system during state feedback. By considering random Denial-of-Service attacks, a new sliding mode variable is designed, which takes into account the distribution information of the probabilistic attacks. Then, by resorting to Lyapunov theory and stochastic analysis methods, sufficient conditions are established for the existence of the desired sliding mode controller, guaranteeing both reachability of the designed sliding surface and stability of the resulting sliding motion.Finally, a simulation example is given to demonstrate the effectiveness of the proposed sliding mode control algorithm.
文摘Multi-agent systems are usually equipped with open communication infrastructures to improve interactions efficiency,reliability and sustainability.Although technologically costeffective,this makes them vulnerable to cyber-attacks with potentially catastrophic consequences.To this end,we present a novel control architecture capable to deal with the distributed constrained regulation problem in the presence of time-delay attacks on the agents’communication infrastructure.The basic idea consists of orchestrating the interconnected cyber-physical system as a leader-follower configuration so that adequate control actions are computed to isolate the attacked unit before it compromises the system operations.Simulations on a multi-area power system confirm that the proposed control scheme can reconfigure the leader-follower structure in response to denial ofservice(DoS)attacks.
基金supported by the National Natural ScienceFoundation(NNSF)of China(61973082)Six Talent Peaks Project inJiangsu Province(XYDXX-005)。
文摘In this paper,denial of service(DoS)attack management for destroying the collaborative estimation in sensor networks and minimizing attack energy from the attacker perspective is studied.In the communication channels between sensors and a remote estimator,the attacker chooses some channels to randomly jam DoS attacks to make their packets randomly dropped.A stochastic power allocation approach composed of three steps is proposed.Firstly,the minimum number of channels and the channel set to be attacked are given.Secondly,a necessary condition and a sufficient condition on the packet loss probabilities of the channels in the attack set are provided for general and special systems,respectively.Finally,by converting the original coupling nonlinear programming problem to a linear programming problem,a method of searching attack probabilities and power to minimize the attack energy is proposed.The effectiveness of the proposed scheme is verified by simulation examples.
