The wide-area damping controllers(WADCs),which are essential for mitigating regional low-frequency oscillations,face cyber-physical security threats due to the vulnerability of wide-area measurement system to cyber at...The wide-area damping controllers(WADCs),which are essential for mitigating regional low-frequency oscillations,face cyber-physical security threats due to the vulnerability of wide-area measurement system to cyber attacks and wind power uncertainties.This paper introduces reachability analysis method to quantify the impact of varying-amplitude attacks and uncertain wind fluctuations on the performance of WADC.Firstly,considering wind farm integration and attack injection,a nonlinear power system model with multiple buses is constructed based on Kron reduction method to improve computational efficiency and mitigate the constraints imposed by algebraic constraints.Then,a zonotope-based polytope construction method is employed to effectively model the range of attack amplitudes and wind uncertainties.By conducting reachability analysis,the reachable set preserving the nonlinear characteristics of studied system is computed,which enables the quantification of the maximum fluctuation range of regional oscillations under the dual disturbances.Case studies are undertaken on two multi-machine power systems with wind farm integration.The obtained results emphasize the efficacy of designed method,providing valuable insights into the magnitude of the impact that attacks exert on the operational characteristics of power system under various uncertain factors.展开更多
A cyber physical system(CPS)is a complex system that integrates sensing,computation,control and networking into physical processes and objects over Internet.It plays a key role in modern industry since it connects phy...A cyber physical system(CPS)is a complex system that integrates sensing,computation,control and networking into physical processes and objects over Internet.It plays a key role in modern industry since it connects physical and cyber worlds.In order to meet ever-changing industrial requirements,its structures and functions are constantly improved.Meanwhile,new security issues have arisen.A ubiquitous problem is the fact that cyber attacks can cause significant damage to industrial systems,and thus has gained increasing attention from researchers and practitioners.This paper presents a survey of state-of-the-art results of cyber attacks on cyber physical systems.First,as typical system models are employed to study these systems,time-driven and event-driven systems are reviewed.Then,recent advances on three types of attacks,i.e.,those on availability,integrity,and confidentiality are discussed.In particular,the detailed studies on availability and integrity attacks are introduced from the perspective of attackers and defenders.Namely,both attack and defense strategies are discussed based on different system models.Some challenges and open issues are indicated to guide future research and inspire the further exploration of this increasingly important area.展开更多
Wide-area measurement systems enable the transmission of measurement and control signals for wide-area damping controllers (WADCs) in smart grids.However,the vulnerability of the communication network makes the WADC s...Wide-area measurement systems enable the transmission of measurement and control signals for wide-area damping controllers (WADCs) in smart grids.However,the vulnerability of the communication network makes the WADC susceptible to malicious cyber attacks,such as false data injection (FDI) attack and denial of service (DoS) attack.Researchers develope numerous supervised machine-learning and model-based solutions for attack detection.However,the partially labeled attack data,skewed class distributions,and the need for precise mathematical models present significant challenges for real-world attack detection.This paper introduces the cyber attack-resilient wide-area damping controller (CyResWadc) system framework to address these challenges.The proposed framework leverages semi-supervised generative adversarial network (SSGAN) model to handle partially labeled attack data.It utilizes the support vector machine-based synthetic minority oversampling technique (SVM-SMOT) for data oversampling to manage skewed class distributions.Furthermore,probing signals are used to stimulate the power system,facilitating the generation of synthetic attack scenarios under different operational conditions.If any attack is detected,an alternate pair of measurement and control signals is used for attack mitigation.The performance is validated on a developed hardware-in-the-loop (HIL) cyber-physical testbed built using the open parallel architecture laboratory-real time (OPAL-RT) simulator,industry-grade hardware,Network Simulator 3 (NS-3),and open platform for data collection (OpenPDC).展开更多
With the rapid integration of communication and information technology into substations,the risk of cyber attacks has significantly increased.Attackers may infiltrate substation networks,manipulate switches,and disrup...With the rapid integration of communication and information technology into substations,the risk of cyber attacks has significantly increased.Attackers may infiltrate substation networks,manipulate switches,and disrupt power lines,potentially causing severe damage to the power system.To minimize such risks,this paper proposes a three-layer defender-attacker-defender(DAD)model for optimally allocating limited defensive resources to substations.To model the uncertainty surrounding the knowledge of defender of potential attacks in realworld scenarios,we employ a fuzzy analytic hierarchy process combined with the decision-making trial and evaluation laboratory(FAHP-DEMATEL).This method accounts for the attack resource uncertainty by utilizing intelligence data on factors potentially influenced by attackers,which serves as an evaluation metric to simulate the likelihood of various attack scenarios.These uncertainty probabilities are then incorporated into the substation DAD model consisting three layers of agents:the decision-maker,the attacker,and the operator.The decision-maker devises a defense strategy before the attack,while the attacker aims to identify the strategy that causes the maximum load loss.Meanwhile,the operator seeks to minimize the load loss through optimal power flow scheduling.To solve the model,the original problem is transformed into a two-layer subproblem and a single-layer master problem,which are solved iteratively using a column-and-constraint generation algorithm.Case studies conducted on the IEEE RTS-96 system and the IEEE 118-node system demonstrate the effectiveness and practicality of the proposed model.Comparative experiments further highlight the advantages of the proposed model.展开更多
With the proliferation of advanced communication technologies and the deepening interdependence between cyber and physical components,power distribution networks are subject to miscellaneous security risks induced by ...With the proliferation of advanced communication technologies and the deepening interdependence between cyber and physical components,power distribution networks are subject to miscellaneous security risks induced by malicious attackers.To address the issue,this paper proposes a security risk assessment method and a risk-oriented defense resource allocation strategy for cyber-physical distribution networks(CPDNs)against coordinated cyber attacks.First,an attack graph-based CPDN architecture is constructed,and representative cyber-attack paths are drawn considering the CPDN topology and the risk propagation process.The probability of a successful coordinated cyber attack and incurred security risks are quantitatively assessed based on the absorbing Markov chain model and National Institute of Standards and Technology(NIST)standard.Next,a risk-oriented defense resource allocation strategy is proposed for CPDNs in different attack scenarios.The tradeoff between security risk and limited resource budget is formulated as a multi-objective optimization(MOO)problem,which is solved by an efficient optimal Pareto solution generation approach.By employing a generational distance metric,the optimal solution is prioritized from the optimal Pareto set of the MOO and leveraged for subsequent atomic allocation of defense resources.Several case studies on a modified IEEE 123-node test feeder substantiate the efficacy of the proposed security risk assessment method and risk-oriented defense resource allocation strategy.展开更多
This paper presents a transient energy based screening approach for quickly identifying potential critical attacks that might have significant impacts on power system transient stability.Specifically,the proposed appr...This paper presents a transient energy based screening approach for quickly identifying potential critical attacks that might have significant impacts on power system transient stability.Specifically,the proposed approach focuses on the total transient energy injected into power systems as the result of assumptive cyber attacks.The computational improvements of the proposed method are significant as the time-domain simulations can be avoided.The efficacy of the proposed approach is demonstrated using a practical power system with various cyber attack scenarios.The identification results of the proposed method can be used to guide more detailed impact analysis and to develop more effective countermeasures against cyber attacks.展开更多
This paper focuses on the robust control issue for interval type-2 Takagi-Sugeno(IT2 T-S)fuzzy discrete systems with input delays and cyber attacks.The lower and upper membership functions are first utilized to IT2 fu...This paper focuses on the robust control issue for interval type-2 Takagi-Sugeno(IT2 T-S)fuzzy discrete systems with input delays and cyber attacks.The lower and upper membership functions are first utilized to IT2 fuzzy discrete systems to capture parameter uncertainties.By considering the influences of input delays and stochastic cyber attacks,a newly fuzzy robust controller is established.Afterward,the asymptotic stability sufficient conditions in form of LMIs for the IT2 closed-loop systems are given via establishing a Lyapunov-Krasovskii functional.Afterward,a solving algorithm for obtaining the controller gains is given.Finally,the effectiveness of the developed IT2 fuzzy method is verified by a numerical example.展开更多
In this paper, we investigate a resilient control strategy for networked control systems(NCSs) subject to zero dynamic attacks which are stealthy false-data injection attacks that are designed so that they cannot be...In this paper, we investigate a resilient control strategy for networked control systems(NCSs) subject to zero dynamic attacks which are stealthy false-data injection attacks that are designed so that they cannot be detected based on control input and measurement data. Cyber resilience represents the ability of systems or network architectures to continue providing their intended behavior during attack and recovery. When a cyber attack on the control signal of a networked control system is computed to remain undetectable from passive model-based fault detection and isolation schemes, we show that the consequence of a zero dynamic attack on the state variable of the plant is undetectable during attack but it becomes apparent after the end of the attack. A resilient linear quadratic Gaussian controller, having the ability to quickly recover the nominal behavior of the closed-loop system after the attack end, is designed by updating online the Kalman filter from information given by an active version of the generalized likelihood ratio detector.展开更多
This paper develops an adaptive two-stage unscented Kalman filter(ATSUKF)to accurately track operation states of the synchronous generator(SG)under cyber attacks.To achieve high fidelity,considering the excitation sys...This paper develops an adaptive two-stage unscented Kalman filter(ATSUKF)to accurately track operation states of the synchronous generator(SG)under cyber attacks.To achieve high fidelity,considering the excitation system of SGs,a detailed 9~(th)-order SG model for dynamic state estimation is established.Then,for several common cyber attacks against measurements,a two-stage unscented Kalman filter is proposed to estimate the model state and the bias in parallel.Subsequently,to solve the deterioration problem of state estimation performance caused by the mismatch between noise statistical characteristics and model assumptions,a multi-dimensional adaptive factor matrix is derived to modify the noise covariance matrix.Finally,a large number of simulation experiments are carried out on the IEEE 39-bus system,which shows that the proposed filter can accurately track the SG state under different abnormal test conditions.展开更多
This paper addresses the diagnosability analysis problem under external malicious attacks of a networked discrete event system modeled by labeled Petri net.In particular,we focus on a stealthy replacement attack to al...This paper addresses the diagnosability analysis problem under external malicious attacks of a networked discrete event system modeled by labeled Petri net.In particular,we focus on a stealthy replacement attack to alter or corrupt the observation of the system,in which the transition labels are replaced by others or empty string,and its attack stealthiness requires that the corrupted observations should be contained in the behavior of system.The aim of this work is,from an attacker viewpoint,to design a stealthy replacement attack for violating the diagnosability of system.To this end,we first build a new structure,called complete unfolded verifier,with the notion of a predefined elementary unsound path that leads to the violation of diagnosability,which is used to enumerate all the potential attacked paths to be transformed into elementary unsound ones.Then an optimal attack synthesis problem in terms of minimum energy cost is formulated by determining whether an elementary unsound path is generated via solving a set of integer nonlinear programming problems.Finally,we show that the nonlinear programming problems can be transformed into integer linear programming problems by introducing additional linear constraints.Examples are used to illustrate the proposed attack strategy.展开更多
Networked predictive control(NPC) has gained significant attention in recent years for its ability to effectively and actively address communication constraints in networked control systems(NCSs),such as network-induc...Networked predictive control(NPC) has gained significant attention in recent years for its ability to effectively and actively address communication constraints in networked control systems(NCSs),such as network-induced delays,packet dropouts,and packet disorders.Despite significant advancements,the increasing complexity and dynamism of network environments,along with the growing complexity of systems,pose new challenges for NPC.These challenges include difficulties in system modeling,cyber attacks,component faults,limited network bandwidth,and the necessity for distributed collaboration.This survey aims to provide a comprehensive review of NPC strategies.It begins with a summary of the primary challenges faced by NCSs,followed by an introduction to the control structure and core concepts of NPC.The survey then discusses several typical NPC schemes and examines their extensions in the areas of secure control,fault-tolerant control,distributed coordinated control,and event-triggered control.Moreover,it reviews notable works that have implemented these schemes.Finally,the survey concludes by exploring typical applications of NPC schemes and highlighting several challenging issues that could guide future research efforts.展开更多
The emerging of false data injection attacks(FDIAs)can fool the traditional detection methods by injecting false data,which has brought huge risks to the security of smart grids.For this reason,a resilient active defe...The emerging of false data injection attacks(FDIAs)can fool the traditional detection methods by injecting false data,which has brought huge risks to the security of smart grids.For this reason,a resilient active defense control scheme based on interval observer detection is proposed in this paper to protect smart grids.The proposed active defense highlights the integration of detection and defense against FDIAs in smart girds.First,a dynamic physical grid model under FDIAs is modeled,in which model uncertainty and parameter uncertainty are taken into account.Then,an interval observer-based detection method against FDIAs is proposed,where a detection criteria using interval residual is put forward.Corresponding to the detection results,the resilient defense controller is triggered to defense the FDIAs if the system states are affected by FDIAs.Linear matrix inequality(LMI)approach is applied to design the resilient controller with H_(∞)performance.The system with the resilient defense controller can be robust to FDIAs and the gain of the resilient controller has a certain gain margin.Our active resilient defense approach can be built in real time and show accurate and quick respond to the injected FDIAs.The effectiveness of the proposed defense scheme is verified by the simulation results on an IEEE 30-bus grid system.展开更多
In response to the frequent safety accidents of industrial robots, this paper designs and implements a safety detection system for robot control. It can perform real-time security detection of robot operations on indu...In response to the frequent safety accidents of industrial robots, this paper designs and implements a safety detection system for robot control. It can perform real-time security detection of robot operations on industrial production lines to improve the security and reliability of robot control systems. This paper designs and implements a robot control system based Snort-BASE for real-time online detection of DoS attacks. The system uses a six-degree-of-freedom robotic arm as an example, uses Snort to record the network communication data of the robot arm control system in real time, and filters the network traffic through self-defined rules, and then uses the BASE analysis platform to achieve security analysis of the network traffic. The solution verifies the effectiveness of online real-time detection of attacks and visualisation of attack records by designing simulated robotic arm and real robotic arm attack experiments respectively, thus achieving the security of network communication of the robot remote control system.展开更多
Currently,cybersecurity threats such as data breaches and phishing have been on the rise due to the many differentattack strategies of cyber attackers,significantly increasing risks to individuals and organizations.Tr...Currently,cybersecurity threats such as data breaches and phishing have been on the rise due to the many differentattack strategies of cyber attackers,significantly increasing risks to individuals and organizations.Traditionalsecurity technologies such as intrusion detection have been developed to respond to these cyber threats.Recently,advanced integrated cybersecurity that incorporates Artificial Intelligence has been the focus.In this paper,wepropose a response strategy using a reinforcement-learning-based cyber-attack-defense simulation tool to addresscontinuously evolving cyber threats.Additionally,we have implemented an effective reinforcement-learning-basedcyber-attack scenario using Cyber Battle Simulation,which is a cyber-attack-defense simulator.This scenarioinvolves important security components such as node value,cost,firewalls,and services.Furthermore,we applieda new vulnerability assessment method based on the Common Vulnerability Scoring System.This approach candesign an optimal attack strategy by considering the importance of attack goals,which helps in developing moreeffective response strategies.These attack strategies are evaluated by comparing their performance using a variety ofReinforcement Learning methods.The experimental results show that RL models demonstrate improved learningperformance with the proposed attack strategy compared to the original strategies.In particular,the success rateof the Advantage Actor-Critic-based attack strategy improved by 5.04 percentage points,reaching 10.17%,whichrepresents an impressive 98.24%increase over the original scenario.Consequently,the proposed method canenhance security and risk management capabilities in cyber environments,improving the efficiency of securitymanagement and significantly contributing to the development of security systems.展开更多
Cyber Defense is becoming a major issue for every organization to keep business continuity intact.The presented paper explores the effectiveness of a meta-heuristic optimization algorithm-Artificial Bees Colony Algori...Cyber Defense is becoming a major issue for every organization to keep business continuity intact.The presented paper explores the effectiveness of a meta-heuristic optimization algorithm-Artificial Bees Colony Algorithm(ABC)as an Nature Inspired Cyber Security mechanism to achieve adaptive defense.It experiments on the Denial-Of-Service attack scenarios which involves limiting the traffic flow for each node.Businesses today have adapted their service distribution models to include the use of the Internet,allowing them to effectively manage and interact with their customer data.This shift has created an increased reliance on online services to store vast amounts of confidential customer data,meaning any disruption or outage of these services could be disastrous for the business,leaving them without the knowledge to serve their customers.Adversaries can exploit such an event to gain unauthorized access to the confidential data of the customers.The proposed algorithm utilizes an Adaptive Defense approach to continuously select nodes that could present characteristics of a probable malicious entity.For any changes in network parameters,the cluster of nodes is selected in the prepared solution set as a probable malicious node and the traffic rate with the ratio of packet delivery is managed with respect to the properties of normal nodes to deliver a disaster recovery plan for potential businesses.展开更多
This article signals the use of Artificial Intelligence (AI) in information security where its merits, downsides as well as unanticipated negative outcomes are noted. It considers AI based models that can strengthen o...This article signals the use of Artificial Intelligence (AI) in information security where its merits, downsides as well as unanticipated negative outcomes are noted. It considers AI based models that can strengthen or undermine infrastructural functions and organize the networks. In addition, the essay delves into AI’s role in Cyber security software development and the need for AI-resilient strategies that could anticipate and thwart AI-created vulnerabilities. The document also touched on the socioeconomic ramifications of the emergence of AI in Cyber security as well. Looking into AI and security literature, the report outlines benefits including made threat detection precision, extended security ops efficiency, and preventive security tasks. At the same time, it emphasizes the positive side of AI, but it also shows potential limitations such as data bias, lack of interpretability, ethical concerns, and security flaws. The work similarly focuses on the characterized of misuse and sophisticated cyberattacks. The research suggests ways to diminish AI-generating maleficence which comprise ethical AI development, robust safety measures and constant audits and updates. With regard to the AI application in Cyber security, there are both pros and cons in terms of socio-economic issues, for example, job displacement, economic growth and the change in the required workforce skills.展开更多
The word“spatial”fundamentally relates to human existence,evolution,and activity in terrestrial and even celestial spaces.After reviewing the spatial features of many areas,the paper describes basics of high level m...The word“spatial”fundamentally relates to human existence,evolution,and activity in terrestrial and even celestial spaces.After reviewing the spatial features of many areas,the paper describes basics of high level model and technology called Spatial Grasp for dealing with large distributed systems,which can provide spatial vision,awareness,management,control,and even consciousness.The technology description includes its key Spatial Grasp Language(SGL),self-evolution of recursive SGL scenarios,and implementation of SGL interpreter converting distributed networked systems into powerful spatial engines.Examples of typical spatial scenarios in SGL include finding shortest path tree and shortest path between network nodes,collecting proper information throughout the whole world,elimination of multiple targets by intelligent teams of chasers,and withstanding cyber attacks in distributed networked systems.Also this paper compares Spatial Grasp model with traditional algorithms,confirming universality of the former for any spatial systems,while the latter just tools for concrete applications.展开更多
Smart Grid(SG)technology utilizes advanced network communication and monitoring technologies to manage and regulate electricity generation and transport.However,this increased reliance on technology and connectivity a...Smart Grid(SG)technology utilizes advanced network communication and monitoring technologies to manage and regulate electricity generation and transport.However,this increased reliance on technology and connectivity also introduces new vulnerabilities,making SG communication networks susceptible to large-scale attacks.While previous surveys have mainly provided high-level overviews of SG architecture,our analysis goes further by presenting a comprehensive architectural diagram encompassing key SG components and communication links.This holistic view enhances understanding of potential cyber threats and enables systematic cyber risk assessment for SGs.Additionally,we propose a taxonomy of various cyberattack types based on their targets and methods,offering detailed insights into vulnerabilities.Unlike other reviews focused narrowly on protection and detection,our proposed categorization covers all five functions of the National Institute of Standards and Technology cybersecurity framework.This delivers a broad perspective to help organizations implement balanced and robust security.Consequently,we have identified critical research gaps,especially regarding response and recovery mechanisms.This underscores the need for further investigation to bolster SG cybersecurity.These research needs,among others,are highlighted as open issues in our concluding section.展开更多
Due to the increasing cyber-attacks,various Intrusion Detection Systems(IDSs)have been proposed to identify network anomalies.Most existing machine learning-based IDSs learn patterns from the features extracted from n...Due to the increasing cyber-attacks,various Intrusion Detection Systems(IDSs)have been proposed to identify network anomalies.Most existing machine learning-based IDSs learn patterns from the features extracted from network traffic flows,and the deep learning-based approaches can learn data distribution features from the raw data to differentiate normal and anomalous network flows.Although having been used in the real world widely,the above methods are vulnerable to some types of attacks.In this paper,we propose a novel attack framework,Anti-Intrusion Detection AutoEncoder(AIDAE),to generate features to disable the IDS.In the proposed framework,an encoder transforms features into a latent space,and multiple decoders reconstruct the continuous and discrete features,respectively.Additionally,a generative adversarial network is used to learn the flexible prior distribution of the latent space.The correlation between continuous and discrete features can be kept by using the proposed training scheme.Experiments conducted on NSL-KDD,UNSW-NB15,and CICIDS2017 datasets show that the generated features indeed degrade the detection performance of existing IDSs dramatically.展开更多
The increase in number of people using the Internet leads to increased cyberattack opportunities.Advanced Persistent Threats,or APTs,are among the most dangerous targeted cyberattacks.APT attacks utilize various advan...The increase in number of people using the Internet leads to increased cyberattack opportunities.Advanced Persistent Threats,or APTs,are among the most dangerous targeted cyberattacks.APT attacks utilize various advanced tools and techniques for attacking targets with specific goals.Even countries with advanced technologies,like the US,Russia,the UK,and India,are susceptible to this targeted attack.APT is a sophisticated attack that involves multiple stages and specific strategies.Besides,TTP(Tools,Techniques,and Procedures)involved in the APT attack are commonly new and developed by an attacker to evade the security system.However,APTs are generally implemented in multiple stages.If one of the stages is detected,we may apply a defense mechanism for subsequent stages,leading to the entire APT attack failure.The detection at the early stage of APT and the prediction of the next step in the APT kill chain are ongoing challenges.This survey paper will provide knowledge about APT attacks and their essential steps.This follows the case study of known APT attacks,which will give clear information about the APT attack process—in later sections,highlighting the various detection methods defined by different researchers along with the limitations of the work.Data used in this article comes from the various annual reports published by security experts and blogs and information released by the enterprise networks targeted by the attack.展开更多
基金supported in part by the Young Elite Scientists Sponsorship Program by the Chinese Society for Electrical Engineering under Grant CSEE-YESS-2022019in part by the Guangzhou Basic and Applied Basic Research Foundation under Grand 2024A04J3672in part by the National Natural Science Foundation of China under Grant 52207106.
文摘The wide-area damping controllers(WADCs),which are essential for mitigating regional low-frequency oscillations,face cyber-physical security threats due to the vulnerability of wide-area measurement system to cyber attacks and wind power uncertainties.This paper introduces reachability analysis method to quantify the impact of varying-amplitude attacks and uncertain wind fluctuations on the performance of WADC.Firstly,considering wind farm integration and attack injection,a nonlinear power system model with multiple buses is constructed based on Kron reduction method to improve computational efficiency and mitigate the constraints imposed by algebraic constraints.Then,a zonotope-based polytope construction method is employed to effectively model the range of attack amplitudes and wind uncertainties.By conducting reachability analysis,the reachable set preserving the nonlinear characteristics of studied system is computed,which enables the quantification of the maximum fluctuation range of regional oscillations under the dual disturbances.Case studies are undertaken on two multi-machine power systems with wind farm integration.The obtained results emphasize the efficacy of designed method,providing valuable insights into the magnitude of the impact that attacks exert on the operational characteristics of power system under various uncertain factors.
基金supported by Institutional Fund Projects(IFPNC-001-135-2020)technical and financial support from the Ministry of Education and King Abdulaziz University,DSR,Jeddah,Saudi Arabia。
文摘A cyber physical system(CPS)is a complex system that integrates sensing,computation,control and networking into physical processes and objects over Internet.It plays a key role in modern industry since it connects physical and cyber worlds.In order to meet ever-changing industrial requirements,its structures and functions are constantly improved.Meanwhile,new security issues have arisen.A ubiquitous problem is the fact that cyber attacks can cause significant damage to industrial systems,and thus has gained increasing attention from researchers and practitioners.This paper presents a survey of state-of-the-art results of cyber attacks on cyber physical systems.First,as typical system models are employed to study these systems,time-driven and event-driven systems are reviewed.Then,recent advances on three types of attacks,i.e.,those on availability,integrity,and confidentiality are discussed.In particular,the detailed studies on availability and integrity attacks are introduced from the perspective of attackers and defenders.Namely,both attack and defense strategies are discussed based on different system models.Some challenges and open issues are indicated to guide future research and inspire the further exploration of this increasingly important area.
基金supported by Science and Engineering Research Board(No.CRG/2021/003827/EEC).
文摘Wide-area measurement systems enable the transmission of measurement and control signals for wide-area damping controllers (WADCs) in smart grids.However,the vulnerability of the communication network makes the WADC susceptible to malicious cyber attacks,such as false data injection (FDI) attack and denial of service (DoS) attack.Researchers develope numerous supervised machine-learning and model-based solutions for attack detection.However,the partially labeled attack data,skewed class distributions,and the need for precise mathematical models present significant challenges for real-world attack detection.This paper introduces the cyber attack-resilient wide-area damping controller (CyResWadc) system framework to address these challenges.The proposed framework leverages semi-supervised generative adversarial network (SSGAN) model to handle partially labeled attack data.It utilizes the support vector machine-based synthetic minority oversampling technique (SVM-SMOT) for data oversampling to manage skewed class distributions.Furthermore,probing signals are used to stimulate the power system,facilitating the generation of synthetic attack scenarios under different operational conditions.If any attack is detected,an alternate pair of measurement and control signals is used for attack mitigation.The performance is validated on a developed hardware-in-the-loop (HIL) cyber-physical testbed built using the open parallel architecture laboratory-real time (OPAL-RT) simulator,industry-grade hardware,Network Simulator 3 (NS-3),and open platform for data collection (OpenPDC).
基金supported by National Natural Science Foundation of China(No.52377115)。
文摘With the rapid integration of communication and information technology into substations,the risk of cyber attacks has significantly increased.Attackers may infiltrate substation networks,manipulate switches,and disrupt power lines,potentially causing severe damage to the power system.To minimize such risks,this paper proposes a three-layer defender-attacker-defender(DAD)model for optimally allocating limited defensive resources to substations.To model the uncertainty surrounding the knowledge of defender of potential attacks in realworld scenarios,we employ a fuzzy analytic hierarchy process combined with the decision-making trial and evaluation laboratory(FAHP-DEMATEL).This method accounts for the attack resource uncertainty by utilizing intelligence data on factors potentially influenced by attackers,which serves as an evaluation metric to simulate the likelihood of various attack scenarios.These uncertainty probabilities are then incorporated into the substation DAD model consisting three layers of agents:the decision-maker,the attacker,and the operator.The decision-maker devises a defense strategy before the attack,while the attacker aims to identify the strategy that causes the maximum load loss.Meanwhile,the operator seeks to minimize the load loss through optimal power flow scheduling.To solve the model,the original problem is transformed into a two-layer subproblem and a single-layer master problem,which are solved iteratively using a column-and-constraint generation algorithm.Case studies conducted on the IEEE RTS-96 system and the IEEE 118-node system demonstrate the effectiveness and practicality of the proposed model.Comparative experiments further highlight the advantages of the proposed model.
基金supported by the National Natural Science Foundation of China(No.52377086)the Postgraduate Research&Practice Innovation Program of Jiangsu Province(No.SJCX23_0063)。
文摘With the proliferation of advanced communication technologies and the deepening interdependence between cyber and physical components,power distribution networks are subject to miscellaneous security risks induced by malicious attackers.To address the issue,this paper proposes a security risk assessment method and a risk-oriented defense resource allocation strategy for cyber-physical distribution networks(CPDNs)against coordinated cyber attacks.First,an attack graph-based CPDN architecture is constructed,and representative cyber-attack paths are drawn considering the CPDN topology and the risk propagation process.The probability of a successful coordinated cyber attack and incurred security risks are quantitatively assessed based on the absorbing Markov chain model and National Institute of Standards and Technology(NIST)standard.Next,a risk-oriented defense resource allocation strategy is proposed for CPDNs in different attack scenarios.The tradeoff between security risk and limited resource budget is formulated as a multi-objective optimization(MOO)problem,which is solved by an efficient optimal Pareto solution generation approach.By employing a generational distance metric,the optimal solution is prioritized from the optimal Pareto set of the MOO and leveraged for subsequent atomic allocation of defense resources.Several case studies on a modified IEEE 123-node test feeder substantiate the efficacy of the proposed security risk assessment method and risk-oriented defense resource allocation strategy.
基金supported in part by the National Science Foundation under Grant ECCS-0955265.
文摘This paper presents a transient energy based screening approach for quickly identifying potential critical attacks that might have significant impacts on power system transient stability.Specifically,the proposed approach focuses on the total transient energy injected into power systems as the result of assumptive cyber attacks.The computational improvements of the proposed method are significant as the time-domain simulations can be avoided.The efficacy of the proposed approach is demonstrated using a practical power system with various cyber attack scenarios.The identification results of the proposed method can be used to guide more detailed impact analysis and to develop more effective countermeasures against cyber attacks.
基金This research was supported by the National Natural Science Foundation of China under Grant No.61903167.
文摘This paper focuses on the robust control issue for interval type-2 Takagi-Sugeno(IT2 T-S)fuzzy discrete systems with input delays and cyber attacks.The lower and upper membership functions are first utilized to IT2 fuzzy discrete systems to capture parameter uncertainties.By considering the influences of input delays and stochastic cyber attacks,a newly fuzzy robust controller is established.Afterward,the asymptotic stability sufficient conditions in form of LMIs for the IT2 closed-loop systems are given via establishing a Lyapunov-Krasovskii functional.Afterward,a solving algorithm for obtaining the controller gains is given.Finally,the effectiveness of the developed IT2 fuzzy method is verified by a numerical example.
基金supported by the Ministry of the Higher Education and Scientific Research in Tunisia
文摘In this paper, we investigate a resilient control strategy for networked control systems(NCSs) subject to zero dynamic attacks which are stealthy false-data injection attacks that are designed so that they cannot be detected based on control input and measurement data. Cyber resilience represents the ability of systems or network architectures to continue providing their intended behavior during attack and recovery. When a cyber attack on the control signal of a networked control system is computed to remain undetectable from passive model-based fault detection and isolation schemes, we show that the consequence of a zero dynamic attack on the state variable of the plant is undetectable during attack but it becomes apparent after the end of the attack. A resilient linear quadratic Gaussian controller, having the ability to quickly recover the nominal behavior of the closed-loop system after the attack end, is designed by updating online the Kalman filter from information given by an active version of the generalized likelihood ratio detector.
基金supported by the National Natural Science Foundation of China(No.62073121)the National Natural Science Foundation of China-State Grid Joint Fund for Smart Grid(No.U1966202)+1 种基金the Six Talent Peaks High Level Project of Jiangsu Province(No.2017-XNY-004)the Natural Sciences and Engineering Research Council(NSERC)of Canada。
文摘This paper develops an adaptive two-stage unscented Kalman filter(ATSUKF)to accurately track operation states of the synchronous generator(SG)under cyber attacks.To achieve high fidelity,considering the excitation system of SGs,a detailed 9~(th)-order SG model for dynamic state estimation is established.Then,for several common cyber attacks against measurements,a two-stage unscented Kalman filter is proposed to estimate the model state and the bias in parallel.Subsequently,to solve the deterioration problem of state estimation performance caused by the mismatch between noise statistical characteristics and model assumptions,a multi-dimensional adaptive factor matrix is derived to modify the noise covariance matrix.Finally,a large number of simulation experiments are carried out on the IEEE 39-bus system,which shows that the proposed filter can accurately track the SG state under different abnormal test conditions.
基金supported in part by the IN2CCAM Project that had received funding from the European Union’s Horizon Europe research and Innovation Programme(101076791).
文摘This paper addresses the diagnosability analysis problem under external malicious attacks of a networked discrete event system modeled by labeled Petri net.In particular,we focus on a stealthy replacement attack to alter or corrupt the observation of the system,in which the transition labels are replaced by others or empty string,and its attack stealthiness requires that the corrupted observations should be contained in the behavior of system.The aim of this work is,from an attacker viewpoint,to design a stealthy replacement attack for violating the diagnosability of system.To this end,we first build a new structure,called complete unfolded verifier,with the notion of a predefined elementary unsound path that leads to the violation of diagnosability,which is used to enumerate all the potential attacked paths to be transformed into elementary unsound ones.Then an optimal attack synthesis problem in terms of minimum energy cost is formulated by determining whether an elementary unsound path is generated via solving a set of integer nonlinear programming problems.Finally,we show that the nonlinear programming problems can be transformed into integer linear programming problems by introducing additional linear constraints.Examples are used to illustrate the proposed attack strategy.
基金supported by the National Natural Science Foundation of China(62173002,62403235,62403010,52301408,62173255)the Beijing Natural Science Foundation(L241015,4222045)+2 种基金the Yuxiu Innovation Project of NCUT(2024NCUTYXCX111)the China Postdoctoral Science Foundation(2025T180466)the Beijing Postdoctoral Research Foundation(2025-ZZ-70)。
文摘Networked predictive control(NPC) has gained significant attention in recent years for its ability to effectively and actively address communication constraints in networked control systems(NCSs),such as network-induced delays,packet dropouts,and packet disorders.Despite significant advancements,the increasing complexity and dynamism of network environments,along with the growing complexity of systems,pose new challenges for NPC.These challenges include difficulties in system modeling,cyber attacks,component faults,limited network bandwidth,and the necessity for distributed collaboration.This survey aims to provide a comprehensive review of NPC strategies.It begins with a summary of the primary challenges faced by NCSs,followed by an introduction to the control structure and core concepts of NPC.The survey then discusses several typical NPC schemes and examines their extensions in the areas of secure control,fault-tolerant control,distributed coordinated control,and event-triggered control.Moreover,it reviews notable works that have implemented these schemes.Finally,the survey concludes by exploring typical applications of NPC schemes and highlighting several challenging issues that could guide future research efforts.
基金supported by the National Nature Science Foundation of China(Nos.62103357,62203376)the Science and Technology Plan of Hebei Education Department(No.QN2021139)+1 种基金the Nature Science Foundation of Hebei Province(Nos.F2021203043,F2022203074)the Open Research Fund of Jiangsu Collaborative Innovation Center for Smart Distribution Network,Nanjing Institute of Technology(No.XTCX202203).
文摘The emerging of false data injection attacks(FDIAs)can fool the traditional detection methods by injecting false data,which has brought huge risks to the security of smart grids.For this reason,a resilient active defense control scheme based on interval observer detection is proposed in this paper to protect smart grids.The proposed active defense highlights the integration of detection and defense against FDIAs in smart girds.First,a dynamic physical grid model under FDIAs is modeled,in which model uncertainty and parameter uncertainty are taken into account.Then,an interval observer-based detection method against FDIAs is proposed,where a detection criteria using interval residual is put forward.Corresponding to the detection results,the resilient defense controller is triggered to defense the FDIAs if the system states are affected by FDIAs.Linear matrix inequality(LMI)approach is applied to design the resilient controller with H_(∞)performance.The system with the resilient defense controller can be robust to FDIAs and the gain of the resilient controller has a certain gain margin.Our active resilient defense approach can be built in real time and show accurate and quick respond to the injected FDIAs.The effectiveness of the proposed defense scheme is verified by the simulation results on an IEEE 30-bus grid system.
文摘In response to the frequent safety accidents of industrial robots, this paper designs and implements a safety detection system for robot control. It can perform real-time security detection of robot operations on industrial production lines to improve the security and reliability of robot control systems. This paper designs and implements a robot control system based Snort-BASE for real-time online detection of DoS attacks. The system uses a six-degree-of-freedom robotic arm as an example, uses Snort to record the network communication data of the robot arm control system in real time, and filters the network traffic through self-defined rules, and then uses the BASE analysis platform to achieve security analysis of the network traffic. The solution verifies the effectiveness of online real-time detection of attacks and visualisation of attack records by designing simulated robotic arm and real robotic arm attack experiments respectively, thus achieving the security of network communication of the robot remote control system.
基金supported by the Institute of Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea Government(MSIT)(No.RS2022-II220961).
文摘Currently,cybersecurity threats such as data breaches and phishing have been on the rise due to the many differentattack strategies of cyber attackers,significantly increasing risks to individuals and organizations.Traditionalsecurity technologies such as intrusion detection have been developed to respond to these cyber threats.Recently,advanced integrated cybersecurity that incorporates Artificial Intelligence has been the focus.In this paper,wepropose a response strategy using a reinforcement-learning-based cyber-attack-defense simulation tool to addresscontinuously evolving cyber threats.Additionally,we have implemented an effective reinforcement-learning-basedcyber-attack scenario using Cyber Battle Simulation,which is a cyber-attack-defense simulator.This scenarioinvolves important security components such as node value,cost,firewalls,and services.Furthermore,we applieda new vulnerability assessment method based on the Common Vulnerability Scoring System.This approach candesign an optimal attack strategy by considering the importance of attack goals,which helps in developing moreeffective response strategies.These attack strategies are evaluated by comparing their performance using a variety ofReinforcement Learning methods.The experimental results show that RL models demonstrate improved learningperformance with the proposed attack strategy compared to the original strategies.In particular,the success rateof the Advantage Actor-Critic-based attack strategy improved by 5.04 percentage points,reaching 10.17%,whichrepresents an impressive 98.24%increase over the original scenario.Consequently,the proposed method canenhance security and risk management capabilities in cyber environments,improving the efficiency of securitymanagement and significantly contributing to the development of security systems.
文摘Cyber Defense is becoming a major issue for every organization to keep business continuity intact.The presented paper explores the effectiveness of a meta-heuristic optimization algorithm-Artificial Bees Colony Algorithm(ABC)as an Nature Inspired Cyber Security mechanism to achieve adaptive defense.It experiments on the Denial-Of-Service attack scenarios which involves limiting the traffic flow for each node.Businesses today have adapted their service distribution models to include the use of the Internet,allowing them to effectively manage and interact with their customer data.This shift has created an increased reliance on online services to store vast amounts of confidential customer data,meaning any disruption or outage of these services could be disastrous for the business,leaving them without the knowledge to serve their customers.Adversaries can exploit such an event to gain unauthorized access to the confidential data of the customers.The proposed algorithm utilizes an Adaptive Defense approach to continuously select nodes that could present characteristics of a probable malicious entity.For any changes in network parameters,the cluster of nodes is selected in the prepared solution set as a probable malicious node and the traffic rate with the ratio of packet delivery is managed with respect to the properties of normal nodes to deliver a disaster recovery plan for potential businesses.
文摘This article signals the use of Artificial Intelligence (AI) in information security where its merits, downsides as well as unanticipated negative outcomes are noted. It considers AI based models that can strengthen or undermine infrastructural functions and organize the networks. In addition, the essay delves into AI’s role in Cyber security software development and the need for AI-resilient strategies that could anticipate and thwart AI-created vulnerabilities. The document also touched on the socioeconomic ramifications of the emergence of AI in Cyber security as well. Looking into AI and security literature, the report outlines benefits including made threat detection precision, extended security ops efficiency, and preventive security tasks. At the same time, it emphasizes the positive side of AI, but it also shows potential limitations such as data bias, lack of interpretability, ethical concerns, and security flaws. The work similarly focuses on the characterized of misuse and sophisticated cyberattacks. The research suggests ways to diminish AI-generating maleficence which comprise ethical AI development, robust safety measures and constant audits and updates. With regard to the AI application in Cyber security, there are both pros and cons in terms of socio-economic issues, for example, job displacement, economic growth and the change in the required workforce skills.
文摘The word“spatial”fundamentally relates to human existence,evolution,and activity in terrestrial and even celestial spaces.After reviewing the spatial features of many areas,the paper describes basics of high level model and technology called Spatial Grasp for dealing with large distributed systems,which can provide spatial vision,awareness,management,control,and even consciousness.The technology description includes its key Spatial Grasp Language(SGL),self-evolution of recursive SGL scenarios,and implementation of SGL interpreter converting distributed networked systems into powerful spatial engines.Examples of typical spatial scenarios in SGL include finding shortest path tree and shortest path between network nodes,collecting proper information throughout the whole world,elimination of multiple targets by intelligent teams of chasers,and withstanding cyber attacks in distributed networked systems.Also this paper compares Spatial Grasp model with traditional algorithms,confirming universality of the former for any spatial systems,while the latter just tools for concrete applications.
基金Natural Sciences and Engineering Research Council of Canada(NSERC)[Funding reference number 06351].
文摘Smart Grid(SG)technology utilizes advanced network communication and monitoring technologies to manage and regulate electricity generation and transport.However,this increased reliance on technology and connectivity also introduces new vulnerabilities,making SG communication networks susceptible to large-scale attacks.While previous surveys have mainly provided high-level overviews of SG architecture,our analysis goes further by presenting a comprehensive architectural diagram encompassing key SG components and communication links.This holistic view enhances understanding of potential cyber threats and enables systematic cyber risk assessment for SGs.Additionally,we propose a taxonomy of various cyberattack types based on their targets and methods,offering detailed insights into vulnerabilities.Unlike other reviews focused narrowly on protection and detection,our proposed categorization covers all five functions of the National Institute of Standards and Technology cybersecurity framework.This delivers a broad perspective to help organizations implement balanced and robust security.Consequently,we have identified critical research gaps,especially regarding response and recovery mechanisms.This underscores the need for further investigation to bolster SG cybersecurity.These research needs,among others,are highlighted as open issues in our concluding section.
文摘Due to the increasing cyber-attacks,various Intrusion Detection Systems(IDSs)have been proposed to identify network anomalies.Most existing machine learning-based IDSs learn patterns from the features extracted from network traffic flows,and the deep learning-based approaches can learn data distribution features from the raw data to differentiate normal and anomalous network flows.Although having been used in the real world widely,the above methods are vulnerable to some types of attacks.In this paper,we propose a novel attack framework,Anti-Intrusion Detection AutoEncoder(AIDAE),to generate features to disable the IDS.In the proposed framework,an encoder transforms features into a latent space,and multiple decoders reconstruct the continuous and discrete features,respectively.Additionally,a generative adversarial network is used to learn the flexible prior distribution of the latent space.The correlation between continuous and discrete features can be kept by using the proposed training scheme.Experiments conducted on NSL-KDD,UNSW-NB15,and CICIDS2017 datasets show that the generated features indeed degrade the detection performance of existing IDSs dramatically.
文摘The increase in number of people using the Internet leads to increased cyberattack opportunities.Advanced Persistent Threats,or APTs,are among the most dangerous targeted cyberattacks.APT attacks utilize various advanced tools and techniques for attacking targets with specific goals.Even countries with advanced technologies,like the US,Russia,the UK,and India,are susceptible to this targeted attack.APT is a sophisticated attack that involves multiple stages and specific strategies.Besides,TTP(Tools,Techniques,and Procedures)involved in the APT attack are commonly new and developed by an attacker to evade the security system.However,APTs are generally implemented in multiple stages.If one of the stages is detected,we may apply a defense mechanism for subsequent stages,leading to the entire APT attack failure.The detection at the early stage of APT and the prediction of the next step in the APT kill chain are ongoing challenges.This survey paper will provide knowledge about APT attacks and their essential steps.This follows the case study of known APT attacks,which will give clear information about the APT attack process—in later sections,highlighting the various detection methods defined by different researchers along with the limitations of the work.Data used in this article comes from the various annual reports published by security experts and blogs and information released by the enterprise networks targeted by the attack.
