A cyber physical system(CPS)is a complex system that integrates sensing,computation,control and networking into physical processes and objects over Internet.It plays a key role in modern industry since it connects phy...A cyber physical system(CPS)is a complex system that integrates sensing,computation,control and networking into physical processes and objects over Internet.It plays a key role in modern industry since it connects physical and cyber worlds.In order to meet ever-changing industrial requirements,its structures and functions are constantly improved.Meanwhile,new security issues have arisen.A ubiquitous problem is the fact that cyber attacks can cause significant damage to industrial systems,and thus has gained increasing attention from researchers and practitioners.This paper presents a survey of state-of-the-art results of cyber attacks on cyber physical systems.First,as typical system models are employed to study these systems,time-driven and event-driven systems are reviewed.Then,recent advances on three types of attacks,i.e.,those on availability,integrity,and confidentiality are discussed.In particular,the detailed studies on availability and integrity attacks are introduced from the perspective of attackers and defenders.Namely,both attack and defense strategies are discussed based on different system models.Some challenges and open issues are indicated to guide future research and inspire the further exploration of this increasingly important area.展开更多
With the rapid integration of communication and information technology into substations,the risk of cyber attacks has significantly increased.Attackers may infiltrate substation networks,manipulate switches,and disrup...With the rapid integration of communication and information technology into substations,the risk of cyber attacks has significantly increased.Attackers may infiltrate substation networks,manipulate switches,and disrupt power lines,potentially causing severe damage to the power system.To minimize such risks,this paper proposes a three-layer defender-attacker-defender(DAD)model for optimally allocating limited defensive resources to substations.To model the uncertainty surrounding the knowledge of defender of potential attacks in realworld scenarios,we employ a fuzzy analytic hierarchy process combined with the decision-making trial and evaluation laboratory(FAHP-DEMATEL).This method accounts for the attack resource uncertainty by utilizing intelligence data on factors potentially influenced by attackers,which serves as an evaluation metric to simulate the likelihood of various attack scenarios.These uncertainty probabilities are then incorporated into the substation DAD model consisting three layers of agents:the decision-maker,the attacker,and the operator.The decision-maker devises a defense strategy before the attack,while the attacker aims to identify the strategy that causes the maximum load loss.Meanwhile,the operator seeks to minimize the load loss through optimal power flow scheduling.To solve the model,the original problem is transformed into a two-layer subproblem and a single-layer master problem,which are solved iteratively using a column-and-constraint generation algorithm.Case studies conducted on the IEEE RTS-96 system and the IEEE 118-node system demonstrate the effectiveness and practicality of the proposed model.Comparative experiments further highlight the advantages of the proposed model.展开更多
With the proliferation of advanced communication technologies and the deepening interdependence between cyber and physical components,power distribution networks are subject to miscellaneous security risks induced by ...With the proliferation of advanced communication technologies and the deepening interdependence between cyber and physical components,power distribution networks are subject to miscellaneous security risks induced by malicious attackers.To address the issue,this paper proposes a security risk assessment method and a risk-oriented defense resource allocation strategy for cyber-physical distribution networks(CPDNs)against coordinated cyber attacks.First,an attack graph-based CPDN architecture is constructed,and representative cyber-attack paths are drawn considering the CPDN topology and the risk propagation process.The probability of a successful coordinated cyber attack and incurred security risks are quantitatively assessed based on the absorbing Markov chain model and National Institute of Standards and Technology(NIST)standard.Next,a risk-oriented defense resource allocation strategy is proposed for CPDNs in different attack scenarios.The tradeoff between security risk and limited resource budget is formulated as a multi-objective optimization(MOO)problem,which is solved by an efficient optimal Pareto solution generation approach.By employing a generational distance metric,the optimal solution is prioritized from the optimal Pareto set of the MOO and leveraged for subsequent atomic allocation of defense resources.Several case studies on a modified IEEE 123-node test feeder substantiate the efficacy of the proposed security risk assessment method and risk-oriented defense resource allocation strategy.展开更多
This paper develops an adaptive two-stage unscented Kalman filter(ATSUKF)to accurately track operation states of the synchronous generator(SG)under cyber attacks.To achieve high fidelity,considering the excitation sys...This paper develops an adaptive two-stage unscented Kalman filter(ATSUKF)to accurately track operation states of the synchronous generator(SG)under cyber attacks.To achieve high fidelity,considering the excitation system of SGs,a detailed 9~(th)-order SG model for dynamic state estimation is established.Then,for several common cyber attacks against measurements,a two-stage unscented Kalman filter is proposed to estimate the model state and the bias in parallel.Subsequently,to solve the deterioration problem of state estimation performance caused by the mismatch between noise statistical characteristics and model assumptions,a multi-dimensional adaptive factor matrix is derived to modify the noise covariance matrix.Finally,a large number of simulation experiments are carried out on the IEEE 39-bus system,which shows that the proposed filter can accurately track the SG state under different abnormal test conditions.展开更多
This paper presents a transient energy based screening approach for quickly identifying potential critical attacks that might have significant impacts on power system transient stability.Specifically,the proposed appr...This paper presents a transient energy based screening approach for quickly identifying potential critical attacks that might have significant impacts on power system transient stability.Specifically,the proposed approach focuses on the total transient energy injected into power systems as the result of assumptive cyber attacks.The computational improvements of the proposed method are significant as the time-domain simulations can be avoided.The efficacy of the proposed approach is demonstrated using a practical power system with various cyber attack scenarios.The identification results of the proposed method can be used to guide more detailed impact analysis and to develop more effective countermeasures against cyber attacks.展开更多
This paper focuses on the robust control issue for interval type-2 Takagi-Sugeno(IT2 T-S)fuzzy discrete systems with input delays and cyber attacks.The lower and upper membership functions are first utilized to IT2 fu...This paper focuses on the robust control issue for interval type-2 Takagi-Sugeno(IT2 T-S)fuzzy discrete systems with input delays and cyber attacks.The lower and upper membership functions are first utilized to IT2 fuzzy discrete systems to capture parameter uncertainties.By considering the influences of input delays and stochastic cyber attacks,a newly fuzzy robust controller is established.Afterward,the asymptotic stability sufficient conditions in form of LMIs for the IT2 closed-loop systems are given via establishing a Lyapunov-Krasovskii functional.Afterward,a solving algorithm for obtaining the controller gains is given.Finally,the effectiveness of the developed IT2 fuzzy method is verified by a numerical example.展开更多
In this paper, we investigate a resilient control strategy for networked control systems(NCSs) subject to zero dynamic attacks which are stealthy false-data injection attacks that are designed so that they cannot be...In this paper, we investigate a resilient control strategy for networked control systems(NCSs) subject to zero dynamic attacks which are stealthy false-data injection attacks that are designed so that they cannot be detected based on control input and measurement data. Cyber resilience represents the ability of systems or network architectures to continue providing their intended behavior during attack and recovery. When a cyber attack on the control signal of a networked control system is computed to remain undetectable from passive model-based fault detection and isolation schemes, we show that the consequence of a zero dynamic attack on the state variable of the plant is undetectable during attack but it becomes apparent after the end of the attack. A resilient linear quadratic Gaussian controller, having the ability to quickly recover the nominal behavior of the closed-loop system after the attack end, is designed by updating online the Kalman filter from information given by an active version of the generalized likelihood ratio detector.展开更多
Currently,cybersecurity threats such as data breaches and phishing have been on the rise due to the many differentattack strategies of cyber attackers,significantly increasing risks to individuals and organizations.Tr...Currently,cybersecurity threats such as data breaches and phishing have been on the rise due to the many differentattack strategies of cyber attackers,significantly increasing risks to individuals and organizations.Traditionalsecurity technologies such as intrusion detection have been developed to respond to these cyber threats.Recently,advanced integrated cybersecurity that incorporates Artificial Intelligence has been the focus.In this paper,wepropose a response strategy using a reinforcement-learning-based cyber-attack-defense simulation tool to addresscontinuously evolving cyber threats.Additionally,we have implemented an effective reinforcement-learning-basedcyber-attack scenario using Cyber Battle Simulation,which is a cyber-attack-defense simulator.This scenarioinvolves important security components such as node value,cost,firewalls,and services.Furthermore,we applieda new vulnerability assessment method based on the Common Vulnerability Scoring System.This approach candesign an optimal attack strategy by considering the importance of attack goals,which helps in developing moreeffective response strategies.These attack strategies are evaluated by comparing their performance using a variety ofReinforcement Learning methods.The experimental results show that RL models demonstrate improved learningperformance with the proposed attack strategy compared to the original strategies.In particular,the success rateof the Advantage Actor-Critic-based attack strategy improved by 5.04 percentage points,reaching 10.17%,whichrepresents an impressive 98.24%increase over the original scenario.Consequently,the proposed method canenhance security and risk management capabilities in cyber environments,improving the efficiency of securitymanagement and significantly contributing to the development of security systems.展开更多
Cyber Defense is becoming a major issue for every organization to keep business continuity intact.The presented paper explores the effectiveness of a meta-heuristic optimization algorithm-Artificial Bees Colony Algori...Cyber Defense is becoming a major issue for every organization to keep business continuity intact.The presented paper explores the effectiveness of a meta-heuristic optimization algorithm-Artificial Bees Colony Algorithm(ABC)as an Nature Inspired Cyber Security mechanism to achieve adaptive defense.It experiments on the Denial-Of-Service attack scenarios which involves limiting the traffic flow for each node.Businesses today have adapted their service distribution models to include the use of the Internet,allowing them to effectively manage and interact with their customer data.This shift has created an increased reliance on online services to store vast amounts of confidential customer data,meaning any disruption or outage of these services could be disastrous for the business,leaving them without the knowledge to serve their customers.Adversaries can exploit such an event to gain unauthorized access to the confidential data of the customers.The proposed algorithm utilizes an Adaptive Defense approach to continuously select nodes that could present characteristics of a probable malicious entity.For any changes in network parameters,the cluster of nodes is selected in the prepared solution set as a probable malicious node and the traffic rate with the ratio of packet delivery is managed with respect to the properties of normal nodes to deliver a disaster recovery plan for potential businesses.展开更多
This article signals the use of Artificial Intelligence (AI) in information security where its merits, downsides as well as unanticipated negative outcomes are noted. It considers AI based models that can strengthen o...This article signals the use of Artificial Intelligence (AI) in information security where its merits, downsides as well as unanticipated negative outcomes are noted. It considers AI based models that can strengthen or undermine infrastructural functions and organize the networks. In addition, the essay delves into AI’s role in Cyber security software development and the need for AI-resilient strategies that could anticipate and thwart AI-created vulnerabilities. The document also touched on the socioeconomic ramifications of the emergence of AI in Cyber security as well. Looking into AI and security literature, the report outlines benefits including made threat detection precision, extended security ops efficiency, and preventive security tasks. At the same time, it emphasizes the positive side of AI, but it also shows potential limitations such as data bias, lack of interpretability, ethical concerns, and security flaws. The work similarly focuses on the characterized of misuse and sophisticated cyberattacks. The research suggests ways to diminish AI-generating maleficence which comprise ethical AI development, robust safety measures and constant audits and updates. With regard to the AI application in Cyber security, there are both pros and cons in terms of socio-economic issues, for example, job displacement, economic growth and the change in the required workforce skills.展开更多
Smart Grid(SG)technology utilizes advanced network communication and monitoring technologies to manage and regulate electricity generation and transport.However,this increased reliance on technology and connectivity a...Smart Grid(SG)technology utilizes advanced network communication and monitoring technologies to manage and regulate electricity generation and transport.However,this increased reliance on technology and connectivity also introduces new vulnerabilities,making SG communication networks susceptible to large-scale attacks.While previous surveys have mainly provided high-level overviews of SG architecture,our analysis goes further by presenting a comprehensive architectural diagram encompassing key SG components and communication links.This holistic view enhances understanding of potential cyber threats and enables systematic cyber risk assessment for SGs.Additionally,we propose a taxonomy of various cyberattack types based on their targets and methods,offering detailed insights into vulnerabilities.Unlike other reviews focused narrowly on protection and detection,our proposed categorization covers all five functions of the National Institute of Standards and Technology cybersecurity framework.This delivers a broad perspective to help organizations implement balanced and robust security.Consequently,we have identified critical research gaps,especially regarding response and recovery mechanisms.This underscores the need for further investigation to bolster SG cybersecurity.These research needs,among others,are highlighted as open issues in our concluding section.展开更多
The word“spatial”fundamentally relates to human existence,evolution,and activity in terrestrial and even celestial spaces.After reviewing the spatial features of many areas,the paper describes basics of high level m...The word“spatial”fundamentally relates to human existence,evolution,and activity in terrestrial and even celestial spaces.After reviewing the spatial features of many areas,the paper describes basics of high level model and technology called Spatial Grasp for dealing with large distributed systems,which can provide spatial vision,awareness,management,control,and even consciousness.The technology description includes its key Spatial Grasp Language(SGL),self-evolution of recursive SGL scenarios,and implementation of SGL interpreter converting distributed networked systems into powerful spatial engines.Examples of typical spatial scenarios in SGL include finding shortest path tree and shortest path between network nodes,collecting proper information throughout the whole world,elimination of multiple targets by intelligent teams of chasers,and withstanding cyber attacks in distributed networked systems.Also this paper compares Spatial Grasp model with traditional algorithms,confirming universality of the former for any spatial systems,while the latter just tools for concrete applications.展开更多
The emerging of false data injection attacks(FDIAs)can fool the traditional detection methods by injecting false data,which has brought huge risks to the security of smart grids.For this reason,a resilient active defe...The emerging of false data injection attacks(FDIAs)can fool the traditional detection methods by injecting false data,which has brought huge risks to the security of smart grids.For this reason,a resilient active defense control scheme based on interval observer detection is proposed in this paper to protect smart grids.The proposed active defense highlights the integration of detection and defense against FDIAs in smart girds.First,a dynamic physical grid model under FDIAs is modeled,in which model uncertainty and parameter uncertainty are taken into account.Then,an interval observer-based detection method against FDIAs is proposed,where a detection criteria using interval residual is put forward.Corresponding to the detection results,the resilient defense controller is triggered to defense the FDIAs if the system states are affected by FDIAs.Linear matrix inequality(LMI)approach is applied to design the resilient controller with H_(∞)performance.The system with the resilient defense controller can be robust to FDIAs and the gain of the resilient controller has a certain gain margin.Our active resilient defense approach can be built in real time and show accurate and quick respond to the injected FDIAs.The effectiveness of the proposed defense scheme is verified by the simulation results on an IEEE 30-bus grid system.展开更多
In response to the frequent safety accidents of industrial robots, this paper designs and implements a safety detection system for robot control. It can perform real-time security detection of robot operations on indu...In response to the frequent safety accidents of industrial robots, this paper designs and implements a safety detection system for robot control. It can perform real-time security detection of robot operations on industrial production lines to improve the security and reliability of robot control systems. This paper designs and implements a robot control system based Snort-BASE for real-time online detection of DoS attacks. The system uses a six-degree-of-freedom robotic arm as an example, uses Snort to record the network communication data of the robot arm control system in real time, and filters the network traffic through self-defined rules, and then uses the BASE analysis platform to achieve security analysis of the network traffic. The solution verifies the effectiveness of online real-time detection of attacks and visualisation of attack records by designing simulated robotic arm and real robotic arm attack experiments respectively, thus achieving the security of network communication of the robot remote control system.展开更多
The increase in number of people using the Internet leads to increased cyberattack opportunities.Advanced Persistent Threats,or APTs,are among the most dangerous targeted cyberattacks.APT attacks utilize various advan...The increase in number of people using the Internet leads to increased cyberattack opportunities.Advanced Persistent Threats,or APTs,are among the most dangerous targeted cyberattacks.APT attacks utilize various advanced tools and techniques for attacking targets with specific goals.Even countries with advanced technologies,like the US,Russia,the UK,and India,are susceptible to this targeted attack.APT is a sophisticated attack that involves multiple stages and specific strategies.Besides,TTP(Tools,Techniques,and Procedures)involved in the APT attack are commonly new and developed by an attacker to evade the security system.However,APTs are generally implemented in multiple stages.If one of the stages is detected,we may apply a defense mechanism for subsequent stages,leading to the entire APT attack failure.The detection at the early stage of APT and the prediction of the next step in the APT kill chain are ongoing challenges.This survey paper will provide knowledge about APT attacks and their essential steps.This follows the case study of known APT attacks,which will give clear information about the APT attack process—in later sections,highlighting the various detection methods defined by different researchers along with the limitations of the work.Data used in this article comes from the various annual reports published by security experts and blogs and information released by the enterprise networks targeted by the attack.展开更多
The authors consider the property of detectability of discrete event systems in the presence of sensor attacks in the context of cyber-security.The authors model the system using an automaton and study the general not...The authors consider the property of detectability of discrete event systems in the presence of sensor attacks in the context of cyber-security.The authors model the system using an automaton and study the general notion of detectability where a given set of state pairs needs to be(eventually or periodically)distinguished in any estimate of the state of the system.The authors adopt the ALTER sensor attack model from previous work and formulate four notions of CA-detectability in the context of this attack model based on the following attributes:strong or weak;eventual or periodic.The authors present verification methods for strong CA-detectability and weak CA-detectability.The authors present definitions of strong and weak periodic CA-detectability that are based on the construction of a verifier automaton called the augmented CA-observer.The development also resulted in relaxing assumptions in prior results on D-detectability,which is a special case of CA-detectability.展开更多
The widespread use of internet technologies is limited because people are worried about cybersecurity.With phishing,cyber criminals pose as reputable entities to trick users and access important information.Standard d...The widespread use of internet technologies is limited because people are worried about cybersecurity.With phishing,cyber criminals pose as reputable entities to trick users and access important information.Standard detection approaches are difficult to follow along with the constantly changing strategies of cybercriminals.A new phishing attack detection framework is presented in this research,using the Gated Recurrent Unit(GRU)Artificial Intelligence(AI)model.Labels have been added to the Uniform Resource Locators(URLs)in the PhishTank dataset,so the model learns what is phishing and what is not.A good data preprocessing method involving feature extraction,dealing with missing data,and running outlier detection checks is applied to maintain high data quality.The performance of the GRU model is outstanding,reaching 98.01%accuracy,F1-score of 98.14%,98.41%recall,as well as 98.67%precision,better than that of classical Machine Learning(ML)methods,including Adaptive Boosting(AdaBoost)and Long Short-Term Memory(LSTM).The proposed approach correctly handles dependencies among elements in a URL,resulting in a strong method for detecting phishing pages.Results from experiments verify the model’s potential in accurately identifying phishing attacks,offering significant advancements in cybersecurity defense systems.展开更多
The rapid development of large language models(LLMs)has opened new avenues across various fields,including cybersecurity,which faces an evolving threat landscape and demand for innovative technologies.Despite initial ...The rapid development of large language models(LLMs)has opened new avenues across various fields,including cybersecurity,which faces an evolving threat landscape and demand for innovative technologies.Despite initial explorations into the application of LLMs in cybersecurity,there is a lack of a comprehensive overview of this research area.This paper addresses this gap by providing a systematic literature review,covering the analysis of over 300 works,encompassing 25 LLMs and more than 10 downstream scenarios.Our comprehensive overview addresses three key research questions:the construction of cybersecurity-oriented LLMs,the application of LLMs to various cybersecurity tasks,the challenges and further research in this area.This study aims to shed light on the extensive potential of LLMs in enhancing cybersecurity practices and serve as a valuable resource for applying LLMs in this field.We also maintain and regularly update a list of practical guides on LLMs for cybersecurity at https://github.com/tmylla/Aweso me-LLM4C ybers ecurity.展开更多
In the context of large-scale photovoltaic integration,flexibility scheduling is essential to ensure the secure and efficient operation of distribution networks(DNs).Recently,deep reinforcement learning(DRL)has been w...In the context of large-scale photovoltaic integration,flexibility scheduling is essential to ensure the secure and efficient operation of distribution networks(DNs).Recently,deep reinforcement learning(DRL)has been widely applied to scheduling problems.However,most methods neglect the vulnerability of DRL to state adversarial attacks such as load redistribution attacks,significantly undermining its security and reliability.To this end,a flexibility scheduling method is proposed based on robust graph DRL(RoGDRL).A flexibility gain improvement model considering temperature-dependent resistance is first proposed,which considers weather factors as additional variables to enhance the precision of flexibility analysis.Based on this,a state-adversarial two-player zero-sum Markov game(SA-TZMG)model is proposed,which converts the robust DRL scheduling problem into a Nash equilibrium problem.The proposed SA-TZMG model considers the physical constraints of state attacks that guarantee the maximal flexibility gain for the defender when confronted with the most sophisticated and stealthy attacker.A two-stage RoGDRL algorithm is proposed,which introduces the graph sample and aggregate(GraphSAGE)driven soft actor-critic to capture the complex feature about the neighbors of nodes and their properties via inductive learning,thereby solving the Nash equilibrium policies more efficiently.Simulations based on the modified IEEE 123-bus system demonstrates the efficacy of the proposed method.展开更多
Due to the increasing cyber-attacks,various Intrusion Detection Systems(IDSs)have been proposed to identify network anomalies.Most existing machine learning-based IDSs learn patterns from the features extracted from n...Due to the increasing cyber-attacks,various Intrusion Detection Systems(IDSs)have been proposed to identify network anomalies.Most existing machine learning-based IDSs learn patterns from the features extracted from network traffic flows,and the deep learning-based approaches can learn data distribution features from the raw data to differentiate normal and anomalous network flows.Although having been used in the real world widely,the above methods are vulnerable to some types of attacks.In this paper,we propose a novel attack framework,Anti-Intrusion Detection AutoEncoder(AIDAE),to generate features to disable the IDS.In the proposed framework,an encoder transforms features into a latent space,and multiple decoders reconstruct the continuous and discrete features,respectively.Additionally,a generative adversarial network is used to learn the flexible prior distribution of the latent space.The correlation between continuous and discrete features can be kept by using the proposed training scheme.Experiments conducted on NSL-KDD,UNSW-NB15,and CICIDS2017 datasets show that the generated features indeed degrade the detection performance of existing IDSs dramatically.展开更多
基金supported by Institutional Fund Projects(IFPNC-001-135-2020)technical and financial support from the Ministry of Education and King Abdulaziz University,DSR,Jeddah,Saudi Arabia。
文摘A cyber physical system(CPS)is a complex system that integrates sensing,computation,control and networking into physical processes and objects over Internet.It plays a key role in modern industry since it connects physical and cyber worlds.In order to meet ever-changing industrial requirements,its structures and functions are constantly improved.Meanwhile,new security issues have arisen.A ubiquitous problem is the fact that cyber attacks can cause significant damage to industrial systems,and thus has gained increasing attention from researchers and practitioners.This paper presents a survey of state-of-the-art results of cyber attacks on cyber physical systems.First,as typical system models are employed to study these systems,time-driven and event-driven systems are reviewed.Then,recent advances on three types of attacks,i.e.,those on availability,integrity,and confidentiality are discussed.In particular,the detailed studies on availability and integrity attacks are introduced from the perspective of attackers and defenders.Namely,both attack and defense strategies are discussed based on different system models.Some challenges and open issues are indicated to guide future research and inspire the further exploration of this increasingly important area.
基金supported by National Natural Science Foundation of China(No.52377115)。
文摘With the rapid integration of communication and information technology into substations,the risk of cyber attacks has significantly increased.Attackers may infiltrate substation networks,manipulate switches,and disrupt power lines,potentially causing severe damage to the power system.To minimize such risks,this paper proposes a three-layer defender-attacker-defender(DAD)model for optimally allocating limited defensive resources to substations.To model the uncertainty surrounding the knowledge of defender of potential attacks in realworld scenarios,we employ a fuzzy analytic hierarchy process combined with the decision-making trial and evaluation laboratory(FAHP-DEMATEL).This method accounts for the attack resource uncertainty by utilizing intelligence data on factors potentially influenced by attackers,which serves as an evaluation metric to simulate the likelihood of various attack scenarios.These uncertainty probabilities are then incorporated into the substation DAD model consisting three layers of agents:the decision-maker,the attacker,and the operator.The decision-maker devises a defense strategy before the attack,while the attacker aims to identify the strategy that causes the maximum load loss.Meanwhile,the operator seeks to minimize the load loss through optimal power flow scheduling.To solve the model,the original problem is transformed into a two-layer subproblem and a single-layer master problem,which are solved iteratively using a column-and-constraint generation algorithm.Case studies conducted on the IEEE RTS-96 system and the IEEE 118-node system demonstrate the effectiveness and practicality of the proposed model.Comparative experiments further highlight the advantages of the proposed model.
基金supported by the National Natural Science Foundation of China(No.52377086)the Postgraduate Research&Practice Innovation Program of Jiangsu Province(No.SJCX23_0063)。
文摘With the proliferation of advanced communication technologies and the deepening interdependence between cyber and physical components,power distribution networks are subject to miscellaneous security risks induced by malicious attackers.To address the issue,this paper proposes a security risk assessment method and a risk-oriented defense resource allocation strategy for cyber-physical distribution networks(CPDNs)against coordinated cyber attacks.First,an attack graph-based CPDN architecture is constructed,and representative cyber-attack paths are drawn considering the CPDN topology and the risk propagation process.The probability of a successful coordinated cyber attack and incurred security risks are quantitatively assessed based on the absorbing Markov chain model and National Institute of Standards and Technology(NIST)standard.Next,a risk-oriented defense resource allocation strategy is proposed for CPDNs in different attack scenarios.The tradeoff between security risk and limited resource budget is formulated as a multi-objective optimization(MOO)problem,which is solved by an efficient optimal Pareto solution generation approach.By employing a generational distance metric,the optimal solution is prioritized from the optimal Pareto set of the MOO and leveraged for subsequent atomic allocation of defense resources.Several case studies on a modified IEEE 123-node test feeder substantiate the efficacy of the proposed security risk assessment method and risk-oriented defense resource allocation strategy.
基金supported by the National Natural Science Foundation of China(No.62073121)the National Natural Science Foundation of China-State Grid Joint Fund for Smart Grid(No.U1966202)+1 种基金the Six Talent Peaks High Level Project of Jiangsu Province(No.2017-XNY-004)the Natural Sciences and Engineering Research Council(NSERC)of Canada。
文摘This paper develops an adaptive two-stage unscented Kalman filter(ATSUKF)to accurately track operation states of the synchronous generator(SG)under cyber attacks.To achieve high fidelity,considering the excitation system of SGs,a detailed 9~(th)-order SG model for dynamic state estimation is established.Then,for several common cyber attacks against measurements,a two-stage unscented Kalman filter is proposed to estimate the model state and the bias in parallel.Subsequently,to solve the deterioration problem of state estimation performance caused by the mismatch between noise statistical characteristics and model assumptions,a multi-dimensional adaptive factor matrix is derived to modify the noise covariance matrix.Finally,a large number of simulation experiments are carried out on the IEEE 39-bus system,which shows that the proposed filter can accurately track the SG state under different abnormal test conditions.
基金supported in part by the National Science Foundation under Grant ECCS-0955265.
文摘This paper presents a transient energy based screening approach for quickly identifying potential critical attacks that might have significant impacts on power system transient stability.Specifically,the proposed approach focuses on the total transient energy injected into power systems as the result of assumptive cyber attacks.The computational improvements of the proposed method are significant as the time-domain simulations can be avoided.The efficacy of the proposed approach is demonstrated using a practical power system with various cyber attack scenarios.The identification results of the proposed method can be used to guide more detailed impact analysis and to develop more effective countermeasures against cyber attacks.
基金This research was supported by the National Natural Science Foundation of China under Grant No.61903167.
文摘This paper focuses on the robust control issue for interval type-2 Takagi-Sugeno(IT2 T-S)fuzzy discrete systems with input delays and cyber attacks.The lower and upper membership functions are first utilized to IT2 fuzzy discrete systems to capture parameter uncertainties.By considering the influences of input delays and stochastic cyber attacks,a newly fuzzy robust controller is established.Afterward,the asymptotic stability sufficient conditions in form of LMIs for the IT2 closed-loop systems are given via establishing a Lyapunov-Krasovskii functional.Afterward,a solving algorithm for obtaining the controller gains is given.Finally,the effectiveness of the developed IT2 fuzzy method is verified by a numerical example.
基金supported by the Ministry of the Higher Education and Scientific Research in Tunisia
文摘In this paper, we investigate a resilient control strategy for networked control systems(NCSs) subject to zero dynamic attacks which are stealthy false-data injection attacks that are designed so that they cannot be detected based on control input and measurement data. Cyber resilience represents the ability of systems or network architectures to continue providing their intended behavior during attack and recovery. When a cyber attack on the control signal of a networked control system is computed to remain undetectable from passive model-based fault detection and isolation schemes, we show that the consequence of a zero dynamic attack on the state variable of the plant is undetectable during attack but it becomes apparent after the end of the attack. A resilient linear quadratic Gaussian controller, having the ability to quickly recover the nominal behavior of the closed-loop system after the attack end, is designed by updating online the Kalman filter from information given by an active version of the generalized likelihood ratio detector.
基金supported by the Institute of Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea Government(MSIT)(No.RS2022-II220961).
文摘Currently,cybersecurity threats such as data breaches and phishing have been on the rise due to the many differentattack strategies of cyber attackers,significantly increasing risks to individuals and organizations.Traditionalsecurity technologies such as intrusion detection have been developed to respond to these cyber threats.Recently,advanced integrated cybersecurity that incorporates Artificial Intelligence has been the focus.In this paper,wepropose a response strategy using a reinforcement-learning-based cyber-attack-defense simulation tool to addresscontinuously evolving cyber threats.Additionally,we have implemented an effective reinforcement-learning-basedcyber-attack scenario using Cyber Battle Simulation,which is a cyber-attack-defense simulator.This scenarioinvolves important security components such as node value,cost,firewalls,and services.Furthermore,we applieda new vulnerability assessment method based on the Common Vulnerability Scoring System.This approach candesign an optimal attack strategy by considering the importance of attack goals,which helps in developing moreeffective response strategies.These attack strategies are evaluated by comparing their performance using a variety ofReinforcement Learning methods.The experimental results show that RL models demonstrate improved learningperformance with the proposed attack strategy compared to the original strategies.In particular,the success rateof the Advantage Actor-Critic-based attack strategy improved by 5.04 percentage points,reaching 10.17%,whichrepresents an impressive 98.24%increase over the original scenario.Consequently,the proposed method canenhance security and risk management capabilities in cyber environments,improving the efficiency of securitymanagement and significantly contributing to the development of security systems.
文摘Cyber Defense is becoming a major issue for every organization to keep business continuity intact.The presented paper explores the effectiveness of a meta-heuristic optimization algorithm-Artificial Bees Colony Algorithm(ABC)as an Nature Inspired Cyber Security mechanism to achieve adaptive defense.It experiments on the Denial-Of-Service attack scenarios which involves limiting the traffic flow for each node.Businesses today have adapted their service distribution models to include the use of the Internet,allowing them to effectively manage and interact with their customer data.This shift has created an increased reliance on online services to store vast amounts of confidential customer data,meaning any disruption or outage of these services could be disastrous for the business,leaving them without the knowledge to serve their customers.Adversaries can exploit such an event to gain unauthorized access to the confidential data of the customers.The proposed algorithm utilizes an Adaptive Defense approach to continuously select nodes that could present characteristics of a probable malicious entity.For any changes in network parameters,the cluster of nodes is selected in the prepared solution set as a probable malicious node and the traffic rate with the ratio of packet delivery is managed with respect to the properties of normal nodes to deliver a disaster recovery plan for potential businesses.
文摘This article signals the use of Artificial Intelligence (AI) in information security where its merits, downsides as well as unanticipated negative outcomes are noted. It considers AI based models that can strengthen or undermine infrastructural functions and organize the networks. In addition, the essay delves into AI’s role in Cyber security software development and the need for AI-resilient strategies that could anticipate and thwart AI-created vulnerabilities. The document also touched on the socioeconomic ramifications of the emergence of AI in Cyber security as well. Looking into AI and security literature, the report outlines benefits including made threat detection precision, extended security ops efficiency, and preventive security tasks. At the same time, it emphasizes the positive side of AI, but it also shows potential limitations such as data bias, lack of interpretability, ethical concerns, and security flaws. The work similarly focuses on the characterized of misuse and sophisticated cyberattacks. The research suggests ways to diminish AI-generating maleficence which comprise ethical AI development, robust safety measures and constant audits and updates. With regard to the AI application in Cyber security, there are both pros and cons in terms of socio-economic issues, for example, job displacement, economic growth and the change in the required workforce skills.
基金Natural Sciences and Engineering Research Council of Canada(NSERC)[Funding reference number 06351].
文摘Smart Grid(SG)technology utilizes advanced network communication and monitoring technologies to manage and regulate electricity generation and transport.However,this increased reliance on technology and connectivity also introduces new vulnerabilities,making SG communication networks susceptible to large-scale attacks.While previous surveys have mainly provided high-level overviews of SG architecture,our analysis goes further by presenting a comprehensive architectural diagram encompassing key SG components and communication links.This holistic view enhances understanding of potential cyber threats and enables systematic cyber risk assessment for SGs.Additionally,we propose a taxonomy of various cyberattack types based on their targets and methods,offering detailed insights into vulnerabilities.Unlike other reviews focused narrowly on protection and detection,our proposed categorization covers all five functions of the National Institute of Standards and Technology cybersecurity framework.This delivers a broad perspective to help organizations implement balanced and robust security.Consequently,we have identified critical research gaps,especially regarding response and recovery mechanisms.This underscores the need for further investigation to bolster SG cybersecurity.These research needs,among others,are highlighted as open issues in our concluding section.
文摘The word“spatial”fundamentally relates to human existence,evolution,and activity in terrestrial and even celestial spaces.After reviewing the spatial features of many areas,the paper describes basics of high level model and technology called Spatial Grasp for dealing with large distributed systems,which can provide spatial vision,awareness,management,control,and even consciousness.The technology description includes its key Spatial Grasp Language(SGL),self-evolution of recursive SGL scenarios,and implementation of SGL interpreter converting distributed networked systems into powerful spatial engines.Examples of typical spatial scenarios in SGL include finding shortest path tree and shortest path between network nodes,collecting proper information throughout the whole world,elimination of multiple targets by intelligent teams of chasers,and withstanding cyber attacks in distributed networked systems.Also this paper compares Spatial Grasp model with traditional algorithms,confirming universality of the former for any spatial systems,while the latter just tools for concrete applications.
基金supported by the National Nature Science Foundation of China(Nos.62103357,62203376)the Science and Technology Plan of Hebei Education Department(No.QN2021139)+1 种基金the Nature Science Foundation of Hebei Province(Nos.F2021203043,F2022203074)the Open Research Fund of Jiangsu Collaborative Innovation Center for Smart Distribution Network,Nanjing Institute of Technology(No.XTCX202203).
文摘The emerging of false data injection attacks(FDIAs)can fool the traditional detection methods by injecting false data,which has brought huge risks to the security of smart grids.For this reason,a resilient active defense control scheme based on interval observer detection is proposed in this paper to protect smart grids.The proposed active defense highlights the integration of detection and defense against FDIAs in smart girds.First,a dynamic physical grid model under FDIAs is modeled,in which model uncertainty and parameter uncertainty are taken into account.Then,an interval observer-based detection method against FDIAs is proposed,where a detection criteria using interval residual is put forward.Corresponding to the detection results,the resilient defense controller is triggered to defense the FDIAs if the system states are affected by FDIAs.Linear matrix inequality(LMI)approach is applied to design the resilient controller with H_(∞)performance.The system with the resilient defense controller can be robust to FDIAs and the gain of the resilient controller has a certain gain margin.Our active resilient defense approach can be built in real time and show accurate and quick respond to the injected FDIAs.The effectiveness of the proposed defense scheme is verified by the simulation results on an IEEE 30-bus grid system.
文摘In response to the frequent safety accidents of industrial robots, this paper designs and implements a safety detection system for robot control. It can perform real-time security detection of robot operations on industrial production lines to improve the security and reliability of robot control systems. This paper designs and implements a robot control system based Snort-BASE for real-time online detection of DoS attacks. The system uses a six-degree-of-freedom robotic arm as an example, uses Snort to record the network communication data of the robot arm control system in real time, and filters the network traffic through self-defined rules, and then uses the BASE analysis platform to achieve security analysis of the network traffic. The solution verifies the effectiveness of online real-time detection of attacks and visualisation of attack records by designing simulated robotic arm and real robotic arm attack experiments respectively, thus achieving the security of network communication of the robot remote control system.
文摘The increase in number of people using the Internet leads to increased cyberattack opportunities.Advanced Persistent Threats,or APTs,are among the most dangerous targeted cyberattacks.APT attacks utilize various advanced tools and techniques for attacking targets with specific goals.Even countries with advanced technologies,like the US,Russia,the UK,and India,are susceptible to this targeted attack.APT is a sophisticated attack that involves multiple stages and specific strategies.Besides,TTP(Tools,Techniques,and Procedures)involved in the APT attack are commonly new and developed by an attacker to evade the security system.However,APTs are generally implemented in multiple stages.If one of the stages is detected,we may apply a defense mechanism for subsequent stages,leading to the entire APT attack failure.The detection at the early stage of APT and the prediction of the next step in the APT kill chain are ongoing challenges.This survey paper will provide knowledge about APT attacks and their essential steps.This follows the case study of known APT attacks,which will give clear information about the APT attack process—in later sections,highlighting the various detection methods defined by different researchers along with the limitations of the work.Data used in this article comes from the various annual reports published by security experts and blogs and information released by the enterprise networks targeted by the attack.
基金supported in part by the US National Science Foundation under Grant Nos.ECCS-2146615 and ECCS-2144416.
文摘The authors consider the property of detectability of discrete event systems in the presence of sensor attacks in the context of cyber-security.The authors model the system using an automaton and study the general notion of detectability where a given set of state pairs needs to be(eventually or periodically)distinguished in any estimate of the state of the system.The authors adopt the ALTER sensor attack model from previous work and formulate four notions of CA-detectability in the context of this attack model based on the following attributes:strong or weak;eventual or periodic.The authors present verification methods for strong CA-detectability and weak CA-detectability.The authors present definitions of strong and weak periodic CA-detectability that are based on the construction of a verifier automaton called the augmented CA-observer.The development also resulted in relaxing assumptions in prior results on D-detectability,which is a special case of CA-detectability.
文摘The widespread use of internet technologies is limited because people are worried about cybersecurity.With phishing,cyber criminals pose as reputable entities to trick users and access important information.Standard detection approaches are difficult to follow along with the constantly changing strategies of cybercriminals.A new phishing attack detection framework is presented in this research,using the Gated Recurrent Unit(GRU)Artificial Intelligence(AI)model.Labels have been added to the Uniform Resource Locators(URLs)in the PhishTank dataset,so the model learns what is phishing and what is not.A good data preprocessing method involving feature extraction,dealing with missing data,and running outlier detection checks is applied to maintain high data quality.The performance of the GRU model is outstanding,reaching 98.01%accuracy,F1-score of 98.14%,98.41%recall,as well as 98.67%precision,better than that of classical Machine Learning(ML)methods,including Adaptive Boosting(AdaBoost)and Long Short-Term Memory(LSTM).The proposed approach correctly handles dependencies among elements in a URL,resulting in a strong method for detecting phishing pages.Results from experiments verify the model’s potential in accurately identifying phishing attacks,offering significant advancements in cybersecurity defense systems.
基金supported by the Strategic Priority Research Programr of Chinese Academy of Sciences,the System of Cybersecurity Large Model.
文摘The rapid development of large language models(LLMs)has opened new avenues across various fields,including cybersecurity,which faces an evolving threat landscape and demand for innovative technologies.Despite initial explorations into the application of LLMs in cybersecurity,there is a lack of a comprehensive overview of this research area.This paper addresses this gap by providing a systematic literature review,covering the analysis of over 300 works,encompassing 25 LLMs and more than 10 downstream scenarios.Our comprehensive overview addresses three key research questions:the construction of cybersecurity-oriented LLMs,the application of LLMs to various cybersecurity tasks,the challenges and further research in this area.This study aims to shed light on the extensive potential of LLMs in enhancing cybersecurity practices and serve as a valuable resource for applying LLMs in this field.We also maintain and regularly update a list of practical guides on LLMs for cybersecurity at https://github.com/tmylla/Aweso me-LLM4C ybers ecurity.
基金supported by the National Natural Science Foundation of China(No.52077149)Key Program for National Natural Science Foundation of China Joint Funds(No.U2166202)National Natural Science Foundation of China Young Scientist Fund(No.52407134).
文摘In the context of large-scale photovoltaic integration,flexibility scheduling is essential to ensure the secure and efficient operation of distribution networks(DNs).Recently,deep reinforcement learning(DRL)has been widely applied to scheduling problems.However,most methods neglect the vulnerability of DRL to state adversarial attacks such as load redistribution attacks,significantly undermining its security and reliability.To this end,a flexibility scheduling method is proposed based on robust graph DRL(RoGDRL).A flexibility gain improvement model considering temperature-dependent resistance is first proposed,which considers weather factors as additional variables to enhance the precision of flexibility analysis.Based on this,a state-adversarial two-player zero-sum Markov game(SA-TZMG)model is proposed,which converts the robust DRL scheduling problem into a Nash equilibrium problem.The proposed SA-TZMG model considers the physical constraints of state attacks that guarantee the maximal flexibility gain for the defender when confronted with the most sophisticated and stealthy attacker.A two-stage RoGDRL algorithm is proposed,which introduces the graph sample and aggregate(GraphSAGE)driven soft actor-critic to capture the complex feature about the neighbors of nodes and their properties via inductive learning,thereby solving the Nash equilibrium policies more efficiently.Simulations based on the modified IEEE 123-bus system demonstrates the efficacy of the proposed method.
文摘Due to the increasing cyber-attacks,various Intrusion Detection Systems(IDSs)have been proposed to identify network anomalies.Most existing machine learning-based IDSs learn patterns from the features extracted from network traffic flows,and the deep learning-based approaches can learn data distribution features from the raw data to differentiate normal and anomalous network flows.Although having been used in the real world widely,the above methods are vulnerable to some types of attacks.In this paper,we propose a novel attack framework,Anti-Intrusion Detection AutoEncoder(AIDAE),to generate features to disable the IDS.In the proposed framework,an encoder transforms features into a latent space,and multiple decoders reconstruct the continuous and discrete features,respectively.Additionally,a generative adversarial network is used to learn the flexible prior distribution of the latent space.The correlation between continuous and discrete features can be kept by using the proposed training scheme.Experiments conducted on NSL-KDD,UNSW-NB15,and CICIDS2017 datasets show that the generated features indeed degrade the detection performance of existing IDSs dramatically.
