Cyber-physical systems(CPSs)are regarded as the backbone of the fourth industrial revolution,in which communication,physical processes,and computer technology are integrated.In modern industrial systems,CPSs are widel...Cyber-physical systems(CPSs)are regarded as the backbone of the fourth industrial revolution,in which communication,physical processes,and computer technology are integrated.In modern industrial systems,CPSs are widely utilized across various domains,such as smart grids,smart healthcare systems,smart vehicles,and smart manufacturing,among others.Due to their unique spatial distribution,CPSs are highly vulnerable to cyber-attacks,which may result in severe performance degradation and even system instability.Consequently,the security concerns of CPSs have attracted significant attention in recent years.In this paper,a comprehensive survey on the security issues of CPSs under cyber-attacks is provided.Firstly,mathematical descriptions of various types of cyberattacks are introduced in detail.Secondly,two types of secure estimation and control processing schemes,including robust methods and active methods,are reviewed.Thirdly,research findings related to secure control and estimation problems for different types of CPSs are summarized.Finally,the survey is concluded by outlining the challenges and suggesting potential research directions for the future.展开更多
With the development of cyber-physical systems,system security faces more risks from cyber-attacks.In this work,we study the problem that an external attacker implements covert sensor and actuator attacks with resourc...With the development of cyber-physical systems,system security faces more risks from cyber-attacks.In this work,we study the problem that an external attacker implements covert sensor and actuator attacks with resource constraints(the total resource consumption of the attacks is not greater than a given initial resource of the attacker)to mislead a discrete event system under supervisory control to reach unsafe states.We consider that the attacker can implement two types of attacks:One by modifying the sensor readings observed by a supervisor and the other by enabling the actuator commands disabled by the supervisor.Each attack has its corresponding resource consumption and remains covert.To solve this problem,we first introduce a notion of combined-attackability to determine whether a closedloop system may reach an unsafe state after receiving attacks with resource constraints.We develop an algorithm to construct a corrupted supervisor under attacks,provide a verification method for combined-attackability in polynomial time based on a plant,a corrupted supervisor,and an attacker's initial resource,and propose a corresponding attack synthesis algorithm.The effectiveness of the proposed method is illustrated by an example.展开更多
In this paper, we study stealthy cyber-attacks on actuators of cyber-physical systems(CPS), namely zero dynamics and controllable attacks. In particular, under certain assumptions, we investigate and propose condition...In this paper, we study stealthy cyber-attacks on actuators of cyber-physical systems(CPS), namely zero dynamics and controllable attacks. In particular, under certain assumptions, we investigate and propose conditions under which one can execute zero dynamics and controllable attacks in the CPS. The above conditions are derived based on the Markov parameters of the CPS and elements of the system observability matrix. Consequently, in addition to outlining the number of required actuators to be attacked, these conditions provide one with the minimum system knowledge needed to perform zero dynamics and controllable cyber-attacks. As a countermeasure against the above stealthy cyber-attacks, we develop a dynamic coding scheme that increases the minimum number of the CPS required actuators to carry out zero dynamics and controllable cyber-attacks to its maximum possible value. It is shown that if at least one secure input channel exists, the proposed dynamic coding scheme can prevent adversaries from executing the zero dynamics and controllable attacks even if they have complete knowledge of the coding system. Finally, two illustrative numerical case studies are provided to demonstrate the effectiveness and capabilities of our derived conditions and proposed methodologies.展开更多
To improve the estimation accuracy of state of charge(SOC)and state of health(SOH)for lithium-ion batteries,in this paper,a joint estimation method of SOC and SOH at charging cut-off voltage based on genetic algorithm...To improve the estimation accuracy of state of charge(SOC)and state of health(SOH)for lithium-ion batteries,in this paper,a joint estimation method of SOC and SOH at charging cut-off voltage based on genetic algorithm(GA)combined with back propagation(BP)neural network is proposed,the research addresses the issue of data manipulation resulting fromcyber-attacks.Firstly,anomalous data stemming fromcyber-attacks are identified and eliminated using the isolated forest algorithm,followed by data restoration.Secondly,the incremental capacity(IC)curve is derived fromthe restored data using theKalman filtering algorithm,with the peak of the ICcurve(ICP)and its corresponding voltage serving as the health factor(HF).Thirdly,the GA-BP neural network is applied to map the relationship between HF,constant current charging time,and SOH,facilitating the estimation of SOH based on HF.Finally,SOC estimation at the charging cut-off voltage is calculated by inputting the SOH estimation value into the trained model to determine the constant current charging time,and by updating the maximum available capacity.Experiments show that the root mean squared error of the joint estimation results does not exceed 1%,which proves that the proposed method can estimate the SOC and SOH accurately and stably even in the presence of false data injection attacks.展开更多
Connected automated vehicles(CAVs)rely heavily on intelligent algorithms and remote sensors.If the control center or on-board sensors are under cyber-attack due to the security vulnerability of wireless communication,...Connected automated vehicles(CAVs)rely heavily on intelligent algorithms and remote sensors.If the control center or on-board sensors are under cyber-attack due to the security vulnerability of wireless communication,it can cause significant damage to CAVs or passengers.The primary objective of this study is to model cyberattacked traffic flow and evaluate the impacts of cyber-attack on the traffic system filled with CAVs in a connected environment.Based on the analysis on environmental perception system and possible cyber-attacks on sensors,a novel lane-changing model for CAVs is proposed and multiple traffic scenarios for cyber-attacks are designed.The impact of the proportion of cyber-attacked vehicles and the severity of the cyber-attack on the lanechanging process is then quantitatively analyzed.The evaluation indexes include spatio-temporal evolution of average speed,spatial distribution of selected lane-changing gaps,lane-changing rate distribution,lane-changing preparation search time,efficiency and safety.Finally,the numerical simulation results show that the freeway traffic near an off-ramp is more sensitive to the proportion of cyber-attacked vehicles than to the severity of the cyber-attack.Also,when the traffic system is under cyber-attack,more unsafe back gaps are chosen for lane-changing,especially in the center lane.Therefore,more lane-changing maneuvers are concentrated on approaching the off-ramp,causing severe congestions and potential rear-end collisions.In addition,as the number of cyber-attacked vehicles and the severity of cyber-attacks increase,the road capacity and safety level will rapidly decrease.The results of this study can provide a theoretical basis for accident avoidance and efficiency improvement for the design of CAVs and management of automated highway systems.展开更多
We propose a new approach to discuss the consensus problem of multi-agent systems with time-varying delayed control inputs, switching topologies, and stochastic cyber-attacks under hybrid-triggered mechanism.A Bernoul...We propose a new approach to discuss the consensus problem of multi-agent systems with time-varying delayed control inputs, switching topologies, and stochastic cyber-attacks under hybrid-triggered mechanism.A Bernoulli variable is used to describe the hybrid-triggered scheme, which is introduced to alleviate the burden of the network.The mathematical model of the closed-loop control system is established by taking the influences of time-varying delayed control inputs,switching topologies, and stochastic cyber-attacks into account under the hybrid-triggered scheme.A theorem as the main result is given to make the system consistent based on the theory of Lyapunov stability and linear matrix inequality.Markov jumps with uncertain rates of transitions are applied to describe the switch of topologies.Finally, a simulation example demonstrates the feasibility of the theory in this paper.展开更多
In this paper, we investigate the group consensus for leaderless multi-agent systems. The group consensus protocol based on the position information from neighboring agents is designed. The network may be subjected to...In this paper, we investigate the group consensus for leaderless multi-agent systems. The group consensus protocol based on the position information from neighboring agents is designed. The network may be subjected to frequent cyberattacks, which is close to an actual case. The cyber-attacks are assumed to be recoverable. By utilizing algebraic graph theory, linear matrix inequality(LMI) and Lyapunov stability theory, the multi-agent systems can achieve group consensus under the proposed control protocol. The sufficient conditions of the group consensus for the multi-agent networks subjected to cyber-attacks are given. Furthermore, the results are extended to the consensus issue of multiple subgroups with cyber-attacks. Numerical simulations are performed to demonstrate the effectiveness of the theoretical results.展开更多
This paper examines the stabilization problem of a distributed networked control system under the effect of cyberattacks by employing a hybrid aperiodic triggering mechanism.The cyber-attack considered in the paper is...This paper examines the stabilization problem of a distributed networked control system under the effect of cyberattacks by employing a hybrid aperiodic triggering mechanism.The cyber-attack considered in the paper is a stochastic deception attack at the sensor-controller end. The probability of the occurrence of attack on a subsystem is represented using a random variable. A decentralized hybrid sampled-data strategy is introduced to save energy consumption and reduce the transmission load of the network. In the proposed decentralized strategy, each subsystem can decide independently whether its state should be transmitted to the controller or not. The scheme of the hybrid triggering mechanism for each subsystem composed of two stages: In the first stage, the next sampling instant is computed using a self-triggering strategy. Subsequently, in the second stage, an event-triggering condition is checked at these sampling instants and the control signal is computed only if the event-triggering condition is violated. The self-triggering condition used in the first stage is dependent on the selection of eventtriggering condition of the second stage. Finally, a comparison of the proposed approach with other triggering mechanisms existing in the literature is presented in terms of the sampling instants,transmission frequency and performance measures through simulation examples.展开更多
This paper presents the attack tree modeling technique of quantifying cyber-attacks on a hypothetical school network system. Attack trees are constructed by decomposing the path in the network system where attacks are...This paper presents the attack tree modeling technique of quantifying cyber-attacks on a hypothetical school network system. Attack trees are constructed by decomposing the path in the network system where attacks are plausible. Considered for the network system are two possible network attack paths. One network path represents an attack through the Internet, and the other represents an attack through the Wireless Access Points (WAPs) in the school network. The probabilities of success of the events, that is, 1) the attack payoff, and 2) the commitment of the attacker to infiltrate the network are estimated for the leaf nodes. These are used to calculate the Returns on Attacks (ROAs) at the Root Nodes. For Phase I, the “As Is” network, the ROA values for both attack paths, are higher than 7 (8.00 and 9.35 respectively), which are high values and unacceptable operationally. In Phase II, countermeasures are implemented, and the two attack trees reevaluated. The probabilities of success of the events, the attack payoff and the commitment of the attacker are then re-estimated. Also, the Returns on Attacks (ROAs) for the Root Nodes are re-assessed after executing the countermeasures. For one attack tree, the ROA value of the Root Node was reduced to 4.83 from 8.0, while, for the other attack tree, the ROA value of the Root Node changed to 3.30 from 9.35. ROA values of 4.83 and 3.30 are acceptable as they fall within the medium value range. The efficacy of this method whereby, attack trees are deployed to mitigate computer network risks, as well as using it to assess the vulnerability of computer networks is quantitatively substantiated.展开更多
Detecting cyber-attacks undoubtedly has become a big data problem. This paper presents a tutorial on data mining based cyber-attack detection. First,a data driven defence framework is presented in terms of cyber secur...Detecting cyber-attacks undoubtedly has become a big data problem. This paper presents a tutorial on data mining based cyber-attack detection. First,a data driven defence framework is presented in terms of cyber security situational awareness. Then, the process of data mining based cyber-attack detection is discussed. Next,a multi-loop learning architecture is presented for data mining based cyber-attack detection. Finally,common data mining techniques for cyber-attack detection are discussed.展开更多
The United States of America faces an increasing number of threats to its critical infrastructure due to cyber-attacks. With the constant advancement of technology and the interconnectedness of various systems, the vu...The United States of America faces an increasing number of threats to its critical infrastructure due to cyber-attacks. With the constant advancement of technology and the interconnectedness of various systems, the vulnerabilities in the nation’s infrastructure have become more pronounced. Cyber-attacks on critical infrastructure, such as power grids, transportation networks, and financial systems, pose a significant risk to national security and public safety. These attacks can disrupt essential services, cause economic losses, and potentially have severe consequences for the well-being of individuals and communities. The rise of cyber-terrorism is also a concern. Cyber-terrorists can exploit vulnerabilities in cyberspace to compromise infrastructure systems, causing chaos and panic among the population. The potential for destructive attacks on critical infrastructure is a pressing issue requiring constant attention and proactive measures.展开更多
In order to accurately receive early warning of the cascading failures caused by coordinated cyber-attacks(CFCC)in grid cyber-physical systems(GCPS),an adaptive early warning method of CFCC is proposed.First,the evolu...In order to accurately receive early warning of the cascading failures caused by coordinated cyber-attacks(CFCC)in grid cyber-physical systems(GCPS),an adaptive early warning method of CFCC is proposed.First,the evolutionary mechanism of CFCC is analyzed from the attackers'view,the CFCC mathematical model is established,and the transition processes of GCPS running states under the influence of CFCC staged failures are discussed.Then,the mathematical model of the adaptive early warning method is established.Further,the mathematical model of the adaptive early warning method is mapped as an adaptive control process with tolerating staged failures damage,and the solving process is presented to infer the CFCC and its next evolution trend.A decision-making idea for the optimal active defense scheme is proposed considering the costs and gains of various defense measures.Finally,to verify the effectiveness of the adaptive early warning method,the warning and defense processes of a typical CFCC are simulated in a GCPS experimental system based on CEPRI-36 BUS.展开更多
The exponential growth of the Internet of Things(IoT)has introduced significant security challenges,with zero-day attacks emerging as one of the most critical and challenging threats.Traditional Machine Learning(ML)an...The exponential growth of the Internet of Things(IoT)has introduced significant security challenges,with zero-day attacks emerging as one of the most critical and challenging threats.Traditional Machine Learning(ML)and Deep Learning(DL)techniques have demonstrated promising early detection capabilities.However,their effectiveness is limited when handling the vast volumes of IoT-generated data due to scalability constraints,high computational costs,and the costly time-intensive process of data labeling.To address these challenges,this study proposes a Federated Learning(FL)framework that leverages collaborative and hybrid supervised learning to enhance cyber threat detection in IoT networks.By employing Deep Neural Networks(DNNs)and decentralized model training,the approach reduces computational complexity while improving detection accuracy.The proposed model demonstrates robust performance,achieving accuracies of 94.34%,99.95%,and 87.94%on the publicly available kitsune,Bot-IoT,and UNSW-NB15 datasets,respectively.Furthermore,its ability to detect zero-day attacks is validated through evaluations on two additional benchmark datasets,TON-IoT and IoT-23,using a Deep Federated Learning(DFL)framework,underscoring the generalization and effectiveness of the model in heterogeneous and decentralized IoT environments.Experimental results demonstrate superior performance over existing methods,establishing the proposed framework as an efficient and scalable solution for IoT security.展开更多
随着大量分布式能源的并网,能源互联网面临严重的网络攻击威胁。攻击者可利用通信层的漏洞,集成庞大的分布式僵尸网络。现有的网络攻击手段难以适配具有随机空间分布特性的僵尸网络,并且多侧重攻击的破坏性而忽视了对攻击隐蔽性的研究...随着大量分布式能源的并网,能源互联网面临严重的网络攻击威胁。攻击者可利用通信层的漏洞,集成庞大的分布式僵尸网络。现有的网络攻击手段难以适配具有随机空间分布特性的僵尸网络,并且多侧重攻击的破坏性而忽视了对攻击隐蔽性的研究。该文提出了从分布式僵尸网络实现对综合能源系统经济效益破坏的新型攻击方法。首先,建立基于僵尸节点的重要对象拒绝服务(denial of service,DoS)攻击模型,通过信息收集判断邻域中重要程度最高的节点,并推导出在有限攻击资源下影响DoS攻击效果的显式因素。其次,提出僵尸节点间的共谋虚假数据注入(false data injection,FDI)攻击策略,并分析不同的FDI攻击实现形式,旨在寻找对能源系统经济性最具破坏性的攻击模式。考虑典型的恶意节点检测机制,制定了僵尸节点自调节过程,使得攻击的实现对防御措施具有鲁棒性。最后,通过IEEE39-32节点的热电耦合系统拓扑仿真验证了所提攻击策略的有效性。展开更多
在综合能源系统(Integrated energy systems,IESs)经济调度问题的分布式优化框架中,节点协同机制的拓扑设计必然受到信息交互方式的约束。现有研究主要分为两类通信协议、同步通信和异步通信。然而,同步通信需要满足时序一致性,等待各...在综合能源系统(Integrated energy systems,IESs)经济调度问题的分布式优化框架中,节点协同机制的拓扑设计必然受到信息交互方式的约束。现有研究主要分为两类通信协议、同步通信和异步通信。然而,同步通信需要满足时序一致性,等待各通信者之间达成同步响应或确认后才能执行后续操作,这在大规模网络环境中很难实现。该文首先基于Gossip算法的异步特点,提出了一种基于Gossip的异步通信分布式经济调度算法。利用矩阵扰动理论和特征值定理,严格证明了算法的收敛性。进一步地,考虑了两种典型的网络攻击模型,拒绝服务攻击(denial of service,DoS)和虚假数据攻击(false data injection,FDI),设计了一种弹性安全策略以缓解网络攻击对最优经济调度的影响。最后,基于IEEE39-32节点的IES进行算例分析,结合不同的调度场景、攻击者的表现以及同步通信方式的对比,从多个角度验证了所提策略在通信方式和网络安全方面的有效性和优越性。展开更多
Cyber-attacks that tamper with measurement information threaten the security of state estimation for the current distribution system.This paper proposes a cyber-attack detection strategy based on distribution system s...Cyber-attacks that tamper with measurement information threaten the security of state estimation for the current distribution system.This paper proposes a cyber-attack detection strategy based on distribution system state estimation(DSSE).The uncertainty of the distribution network is represented by the interval of each state variable.A three-phase interval DSSE model is proposed to construct the interval of each state variable.An improved iterative algorithm(IIA)is developed to solve the interval DSSE model and to obtain the lower and upper bounds of the interval.A cyber-attack is detected when the value of the state variable estimated by the traditional DSSE is out of the corresponding interval determined by the interval DSSE.To validate the proposed cyber-attack detection strategy,the basic principle of the cyber-attack is studied,and its general model is formulated.The proposed cyber-attack model and detection strategy are conducted on the IEEE 33-bus and 123-bus systems.Comparative experiments of the proposed IIA,Monte Carlo simulation algorithm,and interval Gauss elimination algorithm prove the validation of the proposed method.展开更多
文摘Cyber-physical systems(CPSs)are regarded as the backbone of the fourth industrial revolution,in which communication,physical processes,and computer technology are integrated.In modern industrial systems,CPSs are widely utilized across various domains,such as smart grids,smart healthcare systems,smart vehicles,and smart manufacturing,among others.Due to their unique spatial distribution,CPSs are highly vulnerable to cyber-attacks,which may result in severe performance degradation and even system instability.Consequently,the security concerns of CPSs have attracted significant attention in recent years.In this paper,a comprehensive survey on the security issues of CPSs under cyber-attacks is provided.Firstly,mathematical descriptions of various types of cyberattacks are introduced in detail.Secondly,two types of secure estimation and control processing schemes,including robust methods and active methods,are reviewed.Thirdly,research findings related to secure control and estimation problems for different types of CPSs are summarized.Finally,the survey is concluded by outlining the challenges and suggesting potential research directions for the future.
基金partially supported by the Science Technology Development Fund,Macao Special Administrative Region(0029/2023/RIA1)the National Research Foundation Singapore under its AI Singapore Programme(AISG2-GC-2023-007)
文摘With the development of cyber-physical systems,system security faces more risks from cyber-attacks.In this work,we study the problem that an external attacker implements covert sensor and actuator attacks with resource constraints(the total resource consumption of the attacks is not greater than a given initial resource of the attacker)to mislead a discrete event system under supervisory control to reach unsafe states.We consider that the attacker can implement two types of attacks:One by modifying the sensor readings observed by a supervisor and the other by enabling the actuator commands disabled by the supervisor.Each attack has its corresponding resource consumption and remains covert.To solve this problem,we first introduce a notion of combined-attackability to determine whether a closedloop system may reach an unsafe state after receiving attacks with resource constraints.We develop an algorithm to construct a corrupted supervisor under attacks,provide a verification method for combined-attackability in polynomial time based on a plant,a corrupted supervisor,and an attacker's initial resource,and propose a corresponding attack synthesis algorithm.The effectiveness of the proposed method is illustrated by an example.
基金the financial support received from NATO under the Emerging Security Challenges Division programthe support received from NPRP (10-0105-17017) from the Qatar National Research Fund (a member of Qatar Foundation)+1 种基金the support received from the Natural Sciences and Engineering Research Council of Canada (NSERC) and the Department of National Defence (DND) under the Discovery Grant and DND Supplemental Programssupported in part by funding from the Innovation for Defence Excellence and Security (IDEaS) program from the Department of National Defence (DND)。
文摘In this paper, we study stealthy cyber-attacks on actuators of cyber-physical systems(CPS), namely zero dynamics and controllable attacks. In particular, under certain assumptions, we investigate and propose conditions under which one can execute zero dynamics and controllable attacks in the CPS. The above conditions are derived based on the Markov parameters of the CPS and elements of the system observability matrix. Consequently, in addition to outlining the number of required actuators to be attacked, these conditions provide one with the minimum system knowledge needed to perform zero dynamics and controllable cyber-attacks. As a countermeasure against the above stealthy cyber-attacks, we develop a dynamic coding scheme that increases the minimum number of the CPS required actuators to carry out zero dynamics and controllable cyber-attacks to its maximum possible value. It is shown that if at least one secure input channel exists, the proposed dynamic coding scheme can prevent adversaries from executing the zero dynamics and controllable attacks even if they have complete knowledge of the coding system. Finally, two illustrative numerical case studies are provided to demonstrate the effectiveness and capabilities of our derived conditions and proposed methodologies.
基金funded by the Scientific Research Project of the Education Department of Jilin Province(No.JJKH20230121KJ).
文摘To improve the estimation accuracy of state of charge(SOC)and state of health(SOH)for lithium-ion batteries,in this paper,a joint estimation method of SOC and SOH at charging cut-off voltage based on genetic algorithm(GA)combined with back propagation(BP)neural network is proposed,the research addresses the issue of data manipulation resulting fromcyber-attacks.Firstly,anomalous data stemming fromcyber-attacks are identified and eliminated using the isolated forest algorithm,followed by data restoration.Secondly,the incremental capacity(IC)curve is derived fromthe restored data using theKalman filtering algorithm,with the peak of the ICcurve(ICP)and its corresponding voltage serving as the health factor(HF).Thirdly,the GA-BP neural network is applied to map the relationship between HF,constant current charging time,and SOH,facilitating the estimation of SOH based on HF.Finally,SOC estimation at the charging cut-off voltage is calculated by inputting the SOH estimation value into the trained model to determine the constant current charging time,and by updating the maximum available capacity.Experiments show that the root mean squared error of the joint estimation results does not exceed 1%,which proves that the proposed method can estimate the SOC and SOH accurately and stably even in the presence of false data injection attacks.
基金jointly supported by the National Key Research and Development Program of China(No.2022ZD0115600)National Natural Science Foundation of China(No.52072067)+3 种基金Natural Science Foundation of Jiangsu Province(No.BK20210249)China Postdoctoral Science Foundation(No.2020M681466)Jiangsu Planned Projects for Postdoctoral Research Funds(No.SBK2021041144)Jiangsu Planned Projects for Postdoctoral Research Funds(No.2021K094A)。
文摘Connected automated vehicles(CAVs)rely heavily on intelligent algorithms and remote sensors.If the control center or on-board sensors are under cyber-attack due to the security vulnerability of wireless communication,it can cause significant damage to CAVs or passengers.The primary objective of this study is to model cyberattacked traffic flow and evaluate the impacts of cyber-attack on the traffic system filled with CAVs in a connected environment.Based on the analysis on environmental perception system and possible cyber-attacks on sensors,a novel lane-changing model for CAVs is proposed and multiple traffic scenarios for cyber-attacks are designed.The impact of the proportion of cyber-attacked vehicles and the severity of the cyber-attack on the lanechanging process is then quantitatively analyzed.The evaluation indexes include spatio-temporal evolution of average speed,spatial distribution of selected lane-changing gaps,lane-changing rate distribution,lane-changing preparation search time,efficiency and safety.Finally,the numerical simulation results show that the freeway traffic near an off-ramp is more sensitive to the proportion of cyber-attacked vehicles than to the severity of the cyber-attack.Also,when the traffic system is under cyber-attack,more unsafe back gaps are chosen for lane-changing,especially in the center lane.Therefore,more lane-changing maneuvers are concentrated on approaching the off-ramp,causing severe congestions and potential rear-end collisions.In addition,as the number of cyber-attacked vehicles and the severity of cyber-attacks increase,the road capacity and safety level will rapidly decrease.The results of this study can provide a theoretical basis for accident avoidance and efficiency improvement for the design of CAVs and management of automated highway systems.
基金Project supported by the National Natural Science Foundation of China(Grant Nos.61074159 and 61703286)
文摘We propose a new approach to discuss the consensus problem of multi-agent systems with time-varying delayed control inputs, switching topologies, and stochastic cyber-attacks under hybrid-triggered mechanism.A Bernoulli variable is used to describe the hybrid-triggered scheme, which is introduced to alleviate the burden of the network.The mathematical model of the closed-loop control system is established by taking the influences of time-varying delayed control inputs,switching topologies, and stochastic cyber-attacks into account under the hybrid-triggered scheme.A theorem as the main result is given to make the system consistent based on the theory of Lyapunov stability and linear matrix inequality.Markov jumps with uncertain rates of transitions are applied to describe the switch of topologies.Finally, a simulation example demonstrates the feasibility of the theory in this paper.
基金Project supported by the National Natural Science Foundation of China(Grant Nos.61807016 and 61772013)the Natural Science Foundation of Jiangsu Province,China(Grant No.BK20181342)
文摘In this paper, we investigate the group consensus for leaderless multi-agent systems. The group consensus protocol based on the position information from neighboring agents is designed. The network may be subjected to frequent cyberattacks, which is close to an actual case. The cyber-attacks are assumed to be recoverable. By utilizing algebraic graph theory, linear matrix inequality(LMI) and Lyapunov stability theory, the multi-agent systems can achieve group consensus under the proposed control protocol. The sufficient conditions of the group consensus for the multi-agent networks subjected to cyber-attacks are given. Furthermore, the results are extended to the consensus issue of multiple subgroups with cyber-attacks. Numerical simulations are performed to demonstrate the effectiveness of the theoretical results.
文摘This paper examines the stabilization problem of a distributed networked control system under the effect of cyberattacks by employing a hybrid aperiodic triggering mechanism.The cyber-attack considered in the paper is a stochastic deception attack at the sensor-controller end. The probability of the occurrence of attack on a subsystem is represented using a random variable. A decentralized hybrid sampled-data strategy is introduced to save energy consumption and reduce the transmission load of the network. In the proposed decentralized strategy, each subsystem can decide independently whether its state should be transmitted to the controller or not. The scheme of the hybrid triggering mechanism for each subsystem composed of two stages: In the first stage, the next sampling instant is computed using a self-triggering strategy. Subsequently, in the second stage, an event-triggering condition is checked at these sampling instants and the control signal is computed only if the event-triggering condition is violated. The self-triggering condition used in the first stage is dependent on the selection of eventtriggering condition of the second stage. Finally, a comparison of the proposed approach with other triggering mechanisms existing in the literature is presented in terms of the sampling instants,transmission frequency and performance measures through simulation examples.
文摘This paper presents the attack tree modeling technique of quantifying cyber-attacks on a hypothetical school network system. Attack trees are constructed by decomposing the path in the network system where attacks are plausible. Considered for the network system are two possible network attack paths. One network path represents an attack through the Internet, and the other represents an attack through the Wireless Access Points (WAPs) in the school network. The probabilities of success of the events, that is, 1) the attack payoff, and 2) the commitment of the attacker to infiltrate the network are estimated for the leaf nodes. These are used to calculate the Returns on Attacks (ROAs) at the Root Nodes. For Phase I, the “As Is” network, the ROA values for both attack paths, are higher than 7 (8.00 and 9.35 respectively), which are high values and unacceptable operationally. In Phase II, countermeasures are implemented, and the two attack trees reevaluated. The probabilities of success of the events, the attack payoff and the commitment of the attacker are then re-estimated. Also, the Returns on Attacks (ROAs) for the Root Nodes are re-assessed after executing the countermeasures. For one attack tree, the ROA value of the Root Node was reduced to 4.83 from 8.0, while, for the other attack tree, the ROA value of the Root Node changed to 3.30 from 9.35. ROA values of 4.83 and 3.30 are acceptable as they fall within the medium value range. The efficacy of this method whereby, attack trees are deployed to mitigate computer network risks, as well as using it to assess the vulnerability of computer networks is quantitatively substantiated.
文摘Detecting cyber-attacks undoubtedly has become a big data problem. This paper presents a tutorial on data mining based cyber-attack detection. First,a data driven defence framework is presented in terms of cyber security situational awareness. Then, the process of data mining based cyber-attack detection is discussed. Next,a multi-loop learning architecture is presented for data mining based cyber-attack detection. Finally,common data mining techniques for cyber-attack detection are discussed.
文摘The United States of America faces an increasing number of threats to its critical infrastructure due to cyber-attacks. With the constant advancement of technology and the interconnectedness of various systems, the vulnerabilities in the nation’s infrastructure have become more pronounced. Cyber-attacks on critical infrastructure, such as power grids, transportation networks, and financial systems, pose a significant risk to national security and public safety. These attacks can disrupt essential services, cause economic losses, and potentially have severe consequences for the well-being of individuals and communities. The rise of cyber-terrorism is also a concern. Cyber-terrorists can exploit vulnerabilities in cyberspace to compromise infrastructure systems, causing chaos and panic among the population. The potential for destructive attacks on critical infrastructure is a pressing issue requiring constant attention and proactive measures.
基金supported by National Natural Science Foundation of China(No.51977155).
文摘In order to accurately receive early warning of the cascading failures caused by coordinated cyber-attacks(CFCC)in grid cyber-physical systems(GCPS),an adaptive early warning method of CFCC is proposed.First,the evolutionary mechanism of CFCC is analyzed from the attackers'view,the CFCC mathematical model is established,and the transition processes of GCPS running states under the influence of CFCC staged failures are discussed.Then,the mathematical model of the adaptive early warning method is established.Further,the mathematical model of the adaptive early warning method is mapped as an adaptive control process with tolerating staged failures damage,and the solving process is presented to infer the CFCC and its next evolution trend.A decision-making idea for the optimal active defense scheme is proposed considering the costs and gains of various defense measures.Finally,to verify the effectiveness of the adaptive early warning method,the warning and defense processes of a typical CFCC are simulated in a GCPS experimental system based on CEPRI-36 BUS.
基金supported by Princess Nourah bint Abdulrahman University Researchers Supporting Project Number(PNURSP2025R97)Princess Nourah bint Abdulrahman University,Riyadh,Saudi Arabia.
文摘The exponential growth of the Internet of Things(IoT)has introduced significant security challenges,with zero-day attacks emerging as one of the most critical and challenging threats.Traditional Machine Learning(ML)and Deep Learning(DL)techniques have demonstrated promising early detection capabilities.However,their effectiveness is limited when handling the vast volumes of IoT-generated data due to scalability constraints,high computational costs,and the costly time-intensive process of data labeling.To address these challenges,this study proposes a Federated Learning(FL)framework that leverages collaborative and hybrid supervised learning to enhance cyber threat detection in IoT networks.By employing Deep Neural Networks(DNNs)and decentralized model training,the approach reduces computational complexity while improving detection accuracy.The proposed model demonstrates robust performance,achieving accuracies of 94.34%,99.95%,and 87.94%on the publicly available kitsune,Bot-IoT,and UNSW-NB15 datasets,respectively.Furthermore,its ability to detect zero-day attacks is validated through evaluations on two additional benchmark datasets,TON-IoT and IoT-23,using a Deep Federated Learning(DFL)framework,underscoring the generalization and effectiveness of the model in heterogeneous and decentralized IoT environments.Experimental results demonstrate superior performance over existing methods,establishing the proposed framework as an efficient and scalable solution for IoT security.
文摘随着大量分布式能源的并网,能源互联网面临严重的网络攻击威胁。攻击者可利用通信层的漏洞,集成庞大的分布式僵尸网络。现有的网络攻击手段难以适配具有随机空间分布特性的僵尸网络,并且多侧重攻击的破坏性而忽视了对攻击隐蔽性的研究。该文提出了从分布式僵尸网络实现对综合能源系统经济效益破坏的新型攻击方法。首先,建立基于僵尸节点的重要对象拒绝服务(denial of service,DoS)攻击模型,通过信息收集判断邻域中重要程度最高的节点,并推导出在有限攻击资源下影响DoS攻击效果的显式因素。其次,提出僵尸节点间的共谋虚假数据注入(false data injection,FDI)攻击策略,并分析不同的FDI攻击实现形式,旨在寻找对能源系统经济性最具破坏性的攻击模式。考虑典型的恶意节点检测机制,制定了僵尸节点自调节过程,使得攻击的实现对防御措施具有鲁棒性。最后,通过IEEE39-32节点的热电耦合系统拓扑仿真验证了所提攻击策略的有效性。
文摘在综合能源系统(Integrated energy systems,IESs)经济调度问题的分布式优化框架中,节点协同机制的拓扑设计必然受到信息交互方式的约束。现有研究主要分为两类通信协议、同步通信和异步通信。然而,同步通信需要满足时序一致性,等待各通信者之间达成同步响应或确认后才能执行后续操作,这在大规模网络环境中很难实现。该文首先基于Gossip算法的异步特点,提出了一种基于Gossip的异步通信分布式经济调度算法。利用矩阵扰动理论和特征值定理,严格证明了算法的收敛性。进一步地,考虑了两种典型的网络攻击模型,拒绝服务攻击(denial of service,DoS)和虚假数据攻击(false data injection,FDI),设计了一种弹性安全策略以缓解网络攻击对最优经济调度的影响。最后,基于IEEE39-32节点的IES进行算例分析,结合不同的调度场景、攻击者的表现以及同步通信方式的对比,从多个角度验证了所提策略在通信方式和网络安全方面的有效性和优越性。
基金supported in part by the National Key Research and Development Program of China(No.2017YFB0902900)the State Grid Corporation of China
文摘Cyber-attacks that tamper with measurement information threaten the security of state estimation for the current distribution system.This paper proposes a cyber-attack detection strategy based on distribution system state estimation(DSSE).The uncertainty of the distribution network is represented by the interval of each state variable.A three-phase interval DSSE model is proposed to construct the interval of each state variable.An improved iterative algorithm(IIA)is developed to solve the interval DSSE model and to obtain the lower and upper bounds of the interval.A cyber-attack is detected when the value of the state variable estimated by the traditional DSSE is out of the corresponding interval determined by the interval DSSE.To validate the proposed cyber-attack detection strategy,the basic principle of the cyber-attack is studied,and its general model is formulated.The proposed cyber-attack model and detection strategy are conducted on the IEEE 33-bus and 123-bus systems.Comparative experiments of the proposed IIA,Monte Carlo simulation algorithm,and interval Gauss elimination algorithm prove the validation of the proposed method.
