The accelerating global energy transition,driven by climate imperatives and technological advancements,demands fundamen-tal transformations in power systems.Smart grids,characterized by cyber-physical integration,dist...The accelerating global energy transition,driven by climate imperatives and technological advancements,demands fundamen-tal transformations in power systems.Smart grids,characterized by cyber-physical integration,distributed renewable resources,and data-driven intelligence,have emerged as the backbone of this evolution.This convergence,however,introduces unprecedented complexities in resilience,security,stability,and market operation.This special issue presents five pivotal studies addressing these interconnected challenges,offering novel methodologies and insights to advance the efficiency,resilience,and sustainability of modern power systems.展开更多
The word“spatial”fundamentally relates to human existence,evolution,and activity in terrestrial and even celestial spaces.After reviewing the spatial features of many areas,the paper describes basics of high level m...The word“spatial”fundamentally relates to human existence,evolution,and activity in terrestrial and even celestial spaces.After reviewing the spatial features of many areas,the paper describes basics of high level model and technology called Spatial Grasp for dealing with large distributed systems,which can provide spatial vision,awareness,management,control,and even consciousness.The technology description includes its key Spatial Grasp Language(SGL),self-evolution of recursive SGL scenarios,and implementation of SGL interpreter converting distributed networked systems into powerful spatial engines.Examples of typical spatial scenarios in SGL include finding shortest path tree and shortest path between network nodes,collecting proper information throughout the whole world,elimination of multiple targets by intelligent teams of chasers,and withstanding cyber attacks in distributed networked systems.Also this paper compares Spatial Grasp model with traditional algorithms,confirming universality of the former for any spatial systems,while the latter just tools for concrete applications.展开更多
This paper introduces the Integrated Security Embedded Resilience Architecture (ISERA) as an advanced resilience mechanism for Industrial Control Systems (ICS) and Operational Technology (OT) environments. The ISERA f...This paper introduces the Integrated Security Embedded Resilience Architecture (ISERA) as an advanced resilience mechanism for Industrial Control Systems (ICS) and Operational Technology (OT) environments. The ISERA framework integrates security by design principles, micro-segmentation, and Island Mode Operation (IMO) to enhance cyber resilience and ensure continuous, secure operations. The methodology deploys a Forward-Thinking Architecture Strategy (FTAS) algorithm, which utilises an industrial Intrusion Detection System (IDS) implemented with Python’s Network Intrusion Detection System (NIDS) library. The FTAS algorithm successfully identified and responded to cyber-attacks, ensuring minimal system disruption. ISERA has been validated through comprehensive testing scenarios simulating Denial of Service (DoS) attacks and malware intrusions, at both the IT and OT layers where it successfully mitigates the impact of malicious activity. Results demonstrate ISERA’s efficacy in real-time threat detection, containment, and incident response, thus ensuring the integrity and reliability of critical infrastructure systems. ISERA’s decentralised approach contributes to global net zero goals by optimising resource use and minimising environmental impact. By adopting a decentralised control architecture and leveraging virtualisation, ISERA significantly enhances the cyber resilience and sustainability of critical infrastructure systems. This approach not only strengthens defences against evolving cyber threats but also optimises resource allocation, reducing the system’s carbon footprint. As a result, ISERA ensures the uninterrupted operation of essential services while contributing to broader net zero goals.展开更多
This review examines human vulnerabilities in cybersecurity within Microfinance Institutions, analyzing their impact on organizational resilience. Focusing on social engineering, inadequate security training, and weak...This review examines human vulnerabilities in cybersecurity within Microfinance Institutions, analyzing their impact on organizational resilience. Focusing on social engineering, inadequate security training, and weak internal protocols, the study identifies key vulnerabilities exacerbating cyber threats to MFIs. A literature review using databases like IEEE Xplore and Google Scholar focused on studies from 2019 to 2023 addressing human factors in cybersecurity specific to MFIs. Analysis of 57 studies reveals that phishing and insider threats are predominant, with a 20% annual increase in phishing attempts. Employee susceptibility to these attacks is heightened by insufficient training, with entry-level employees showing the highest vulnerability rates. Further, only 35% of MFIs offer regular cybersecurity training, significantly impacting incident reduction. This paper recommends enhanced training frequency, robust internal controls, and a cybersecurity-aware culture to mitigate human-induced cyber risks in MFIs.展开更多
Traditional fossil fuels powerplants and their supply logistics are easy targets compared to renewables–therefore renewable energy is paramount to securing energy resilience.While wind farms exhibit vulnerabilities,t...Traditional fossil fuels powerplants and their supply logistics are easy targets compared to renewables–therefore renewable energy is paramount to securing energy resilience.While wind farms exhibit vulnerabilities,they provide a great measure of power generation distribution across a vast area.This paper analyses the problems of ensuring the security of wind power plants(both onshore and offshore)in relation to military threats-missile and aviation strikes,sabotage or cyber-attacks.The article is based on the study of cases of damage to wind power plants,an analysis of their vulnerable points,and computer modelling using the AQWA diffraction motion response analysis program.The research has shown that wind power plants have some vulnerable points.Onshore installations being structurally more resistant to potential military strikes,and their cables are already hidden underground.Offshore turbines,particularly floating,exhibit more Particularly floating wind turbines’mooring lines and cables already often fail naturally,making them easy targets for sabotage.The cost of currently available risk mitigation measures ranges from 6.71% of total wind farm cost for land-based turbines to 12.72% for a floating wind farm.Additional technological and organisational measures should be implemented to increase the resilience of wind power systems in times of war.These solutions must be cost-effective to justify their deployment in times of peace.展开更多
The integration of artificial intelligence(AI)with advanced power technologies is transforming energy system management,particularly through real-time data monitoring and intelligent decision-making driven by Artifici...The integration of artificial intelligence(AI)with advanced power technologies is transforming energy system management,particularly through real-time data monitoring and intelligent decision-making driven by Artificial Intelligence Generated Content(AIGC).However,the openness of power system channels and the resource-constrained nature of power sensors have led to new challenges for the secure transmission of power data and decision instructions.Although traditional public key cryptographic primitives can offer high security,the substantial key management and computational overhead associated with these primitives make them unsuitable for power systems.To ensure the real-time and security of power data and command transmission,we propose a lightweight identity authentication scheme tailored for power AIGC systems.The scheme utilizes lightweight symmetric encryption algorithms,minimizing the resource overhead on power sensors.Additionally,it incorporates a dynamic credential update mechanism,which can realize the rotation and update of temporary credentials to ensure anonymity and security.We rigorously validate the security of the scheme using the Real-or-Random(ROR)model and AVISPA simulation,and the results show that our scheme can resist various active and passive attacks.Finally,performance comparisons and NS3 simulation results demonstrate that our proposed scheme offers enhanced security features with lower overhead,making it more suitable for power AIGC systems compared to existing solutions.展开更多
Given the unique challenges facing the railway industry, cybersecurity is a crucial issue that must be addressed proactively. This paper aims to provide a systematic review of cybersecurity threats that could impact t...Given the unique challenges facing the railway industry, cybersecurity is a crucial issue that must be addressed proactively. This paper aims to provide a systematic review of cybersecurity threats that could impact the safety and operations of rolling stock, the privacy and security of passengers and employees, and the public in general. The systematic literature review revealed that cyber threats to the railway industry can take many forms, including attacks on operational technology systems, data breaches, theft of sensitive information, and disruptions to train services. The consequences of these threats can be severe, leading to operational disruptions, financial losses, and loss of public trust in the railway system. To address these threats, railway organizations must adopt a proactive approach to security and implement robust cybersecurity measures tailored to the industry’s specific needs and challenges. This includes regular testing of systems for vulnerabilities, incident response plans, and employee training to identify and respond to cyber threats. Ensuring the system remains available, reliable, and maintainable is fundamental given the importance of railways as critical infrastructure and the potential harm that can be caused by cyber threats.展开更多
Cyber-Physical Systems(CPS)represent an integration of computational and physical elements,revolutionizing industries by enabling real-time monitoring,control,and optimization.A complementary technology,Digital Twin(D...Cyber-Physical Systems(CPS)represent an integration of computational and physical elements,revolutionizing industries by enabling real-time monitoring,control,and optimization.A complementary technology,Digital Twin(DT),acts as a virtual replica of physical assets or processes,facilitating better decision making through simulations and predictive analytics.CPS and DT underpin the evolution of Industry 4.0 by bridging the physical and digital domains.This survey explores their synergy,highlighting how DT enriches CPS with dynamic modeling,realtime data integration,and advanced simulation capabilities.The layered architecture of DTs within CPS is examined,showcasing the enabling technologies and tools vital for seamless integration.The study addresses key challenges in CPS modeling,such as concurrency and communication,and underscores the importance of DT in overcoming these obstacles.Applications in various sectors are analyzed,including smart manufacturing,healthcare,and urban planning,emphasizing the transformative potential of CPS-DT integration.In addition,the review identifies gaps in existing methodologies and proposes future research directions to develop comprehensive,scalable,and secure CPSDT systems.By synthesizing insights fromthe current literature and presenting a taxonomy of CPS and DT,this survey serves as a foundational reference for academics and practitioners.The findings stress the need for unified frameworks that align CPS and DT with emerging technologies,fostering innovation and efficiency in the digital transformation era.展开更多
The increasing reliance on interconnected Internet of Things(IoT)devices has amplified the demand for robust anonymization strategies to protect device identities and ensure secure communication.However,traditional an...The increasing reliance on interconnected Internet of Things(IoT)devices has amplified the demand for robust anonymization strategies to protect device identities and ensure secure communication.However,traditional anonymization methods for IoT networks often rely on static identity models,making them vulnerable to inference attacks through long-term observation.Moreover,these methods tend to sacrifice data availability to protect privacy,limiting their practicality in real-world applications.To overcome these limitations,we propose a dynamic device identity anonymization framework using Moving Target Defense(MTD)principles implemented via Software-Defined Networking(SDN).In our model,the SDN controller periodically reconfigures the network addresses and routes of IoT devices using a constraint-aware backtracking algorithmthat constructs new virtual topologies under connectivity and performance constraints.This address-hopping scheme introduces continuous unpredictability at the network layer dynamically changing device identifiers,routing paths,and even network topology which thwarts attacker reconnaissance while preserving normal communication.Experimental results demonstrate that our approach significantly reduces device identity exposure and scan success rates for attackers compared to static networks.Moreover,the dynamic schememaintains high data availability and network performance.Under attack conditions it reduced average communication delay by approximately 60% vs.an unprotected network,with minimal overhead on system resources.展开更多
With the integration of informatization and intelligence into the Communication-Based Train Control(CBTC)systems,the system is facing an increasing number of information security threats.As an important method of char...With the integration of informatization and intelligence into the Communication-Based Train Control(CBTC)systems,the system is facing an increasing number of information security threats.As an important method of characterizing the system security status,the security situation assessment is used to analyze the system security situation.However,existing situation assessment methods fail to integrate the coupling relationship between the physical layer and the information layer of the CBTC systems,and cannot dynamically characterize the real-time security situation changes under cyber attacks.In this paper,a hierarchical security situation assessment approach is proposed to address the security challenges of CBTC systems,which can perceive cyber attacks,quantify the security situation,and characterize the security situation changes under cyber attacks.Specifically,for the physical layer ofCBTC systems,the impact of cyber attacks is evaluated with the train punctuality rate and train departure interval indicators.For the information layer of CBTC systems,the system vulnerabilities and system threats are selected as static level indicators,and the critical network characteristics are selected as dynamic level indicators to quantify the real-time security situation.Finally,the comprehensive security situation assessment value of the CBTC systems is obtained by integrating the physical and information layer indicators.Simulation results illustrate that the proposed approach can dynamically characterize the real-time security situation of CBTC systems,enhancing the ability to perceive and assess information security risks.展开更多
Moving Target Defense(MTD)necessitates scientifically effective decision-making methodologies for defensive technology implementation.While most MTD decision studies focus on accurately identifying optimal strategies,...Moving Target Defense(MTD)necessitates scientifically effective decision-making methodologies for defensive technology implementation.While most MTD decision studies focus on accurately identifying optimal strategies,the issue of optimal defense timing remains underexplored.Current default approaches—periodic or overly frequent MTD triggers—lead to suboptimal trade-offs among system security,performance,and cost.The timing of MTD strategy activation critically impacts both defensive efficacy and operational overhead,yet existing frameworks inadequately address this temporal dimension.To bridge this gap,this paper proposes a Stackelberg-FlipIt game model that formalizes asymmetric cyber conflicts as alternating control over attack surfaces,thereby capturing the dynamic security state evolution of MTD systems.We introduce a belief factor to quantify information asymmetry during adversarial interactions,enhancing the precision of MTD trigger timing.Leveraging this game-theoretic foundation,we employMulti-Agent Reinforcement Learning(MARL)to derive adaptive temporal strategies,optimized via a novel four-dimensional reward function that holistically balances security,performance,cost,and timing.Experimental validation using IP addressmutation against scanning attacks demonstrates stable strategy convergence and accelerated defense response,significantly improving cybersecurity affordability and effectiveness.展开更多
Domain Generation Algorithms(DGAs)continue to pose a significant threat inmodernmalware infrastructures by enabling resilient and evasive communication with Command and Control(C&C)servers.Traditional detection me...Domain Generation Algorithms(DGAs)continue to pose a significant threat inmodernmalware infrastructures by enabling resilient and evasive communication with Command and Control(C&C)servers.Traditional detection methods-rooted in statistical heuristics,feature engineering,and shallow machine learning-struggle to adapt to the increasing sophistication,linguistic mimicry,and adversarial variability of DGA variants.The emergence of Large Language Models(LLMs)marks a transformative shift in this landscape.Leveraging deep contextual understanding,semantic generalization,and few-shot learning capabilities,LLMs such as BERT,GPT,and T5 have shown promising results in detecting both character-based and dictionary-based DGAs,including previously unseen(zeroday)variants.This paper provides a comprehensive and critical review of LLM-driven DGA detection,introducing a structured taxonomy of LLM architectures,evaluating the linguistic and behavioral properties of benchmark datasets,and comparing recent detection frameworks across accuracy,latency,robustness,and multilingual performance.We also highlight key limitations,including challenges in adversarial resilience,model interpretability,deployment scalability,and privacy risks.To address these gaps,we present a forward-looking research roadmap encompassing adversarial training,model compression,cross-lingual benchmarking,and real-time integration with SIEM/SOAR platforms.This survey aims to serve as a foundational resource for advancing the development of scalable,explainable,and operationally viable LLM-based DGA detection systems.展开更多
End-host address mutation is one of the key network moving target defense mechanisms to defend against reconnaissance.However,frequently changing host addresses increases the transmission de-lay of active sessions,whi...End-host address mutation is one of the key network moving target defense mechanisms to defend against reconnaissance.However,frequently changing host addresses increases the transmission de-lay of active sessions,which may cause serious ram-ifications.In this paper,by leveraging the advanced DPDK technology,we proposed a high-performance MTD gateway framework,called HPMG,which can not only prevent adversaries from reconnaissance ef-fectively,but also retain high-speed data packet pro-cessing capabilities.Firstly,every moving target host is assigned three different IP addresses,called real IP,virtual IP,and external IP,to realize multi-level net-work address architecture.To delay the scanning tech-niques of adversaries,HPMG mutates virtual IP and virtual MAC addresses,and replies with fake host re-sponses.Besides,to be transparent to the end-hosts,HPMG keeps real IP and real MAC unchanged.Fi-nally,we optimized the forwarding and processing performance of the HPMG based on the fast path framework of DPDK.Our theoretical analysis,imple-mentation,and evaluation show that HPMG can effec-tively defend against reconnaissance attacks and de-crease the processing delay caused by address muta-tion.展开更多
Dear Editor,The letter deals with the distributed state and fault estimation of the whole physical layer for cyber-physical systems(CPSs) when the cyber layer suffers from DoS attacks. With the advancement of embedded...Dear Editor,The letter deals with the distributed state and fault estimation of the whole physical layer for cyber-physical systems(CPSs) when the cyber layer suffers from DoS attacks. With the advancement of embedded computing, communication and related hardware technologies, CPSs have attracted extensive attention and have been widely used in power system, traffic network, refrigeration system and other fields.展开更多
The recent years have witnessed unprecedented growth in digital infrastructure,driven by rapid advances in cloud computing,the Internet of Things(IoT),smart cities,healthcare informatics,and industrial automation.Whil...The recent years have witnessed unprecedented growth in digital infrastructure,driven by rapid advances in cloud computing,the Internet of Things(IoT),smart cities,healthcare informatics,and industrial automation.While these technologies have improved efficiency and connectivity,they have also created complex vulnerabilities that more sophisticated cyber adversaries can exploit.Cybersecurity is no longer a static domain but a constantly evolving field where threats such as ransomware,advanced persistent threats,and zero-day exploits demand adaptive,intelligent,and proactive responses.Emergent technologies such as artificial intelligence(AI),deep learning,distributed architectures,chaos theory,and post-quantum cryptography are transforming the way we conceptualise and implement information security.These approaches offer not only enhanced accuracy and robustness but also scalability,adaptability,and resilience across diverse,resource-limited environments.Consequently,the goal of this Special Issue on Emerging Technologies in Information Security is to compile innovative contributions that advance the boundaries of theory and practice in this swiftly evolving field.展开更多
The current global cybersecurity landscape, characterized by the increasing scale and sophistication of cyberattacks, underscores the importance of integrating Cyber Threat Intelligence (CTI) into Land Administration ...The current global cybersecurity landscape, characterized by the increasing scale and sophistication of cyberattacks, underscores the importance of integrating Cyber Threat Intelligence (CTI) into Land Administration Systems (LAS). LAS services involve requests and responses concerning public and private cadastral data, including credentials of parties, ownership, and spatial parcels. This study explores the integration of CTI in LAS to enhance cyber resilience, focusing on the unique vulnerabilities of LAS, such as sensitive data management and interconnection with other critical systems related to spatial data uses and changes. The approach employs a case study of a typical country-specific LAS to analyse structured vulnerabilities and their attributes to determine the degree of vulnerability of LAS through a quantitative inductive approach. The analysis results indicate significant improvements in identifying and mitigating potential threats through CTI integration, thus enhancing cyber resilience. These findings are crucial for policymakers and practitioners to develop robust cybersecurity strategies for LAS.展开更多
Ransomware,particularly crypto-ransomware,remains a significant cybersecurity challenge,encrypting victim data and demanding a ransom,often leaving the data irretrievable even if payment is made.This study proposes an...Ransomware,particularly crypto-ransomware,remains a significant cybersecurity challenge,encrypting victim data and demanding a ransom,often leaving the data irretrievable even if payment is made.This study proposes an early detection approach to mitigate such threats by identifying ransomware activity before the encryption process begins.The approach employs a two-tiered approach:a signature-based method using hashing techniques to match known threats and a dynamic behavior-based analysis leveraging Cuckoo Sandbox and machine learning algorithms.A critical feature is the integration of the most effective Application Programming Interface call monitoring,which analyzes system-level interactions such as file encryption,key generation,and registry modifications.This enables the detection of both known and zero-day ransomware variants,overcoming limitations of traditional methods.The proposed technique was evaluated using classifiers such as Random Forest,Support Vector Machine,and K-Nearest Neighbors,achieving a detection accuracy of 98%based on 26 key ransomware attributes with an 80:20 training-to-testing ratio and 10-fold cross-validation.By combining minimal feature sets with robust behavioral analysis,the proposed method outperforms existing solutions and addresses current challenges in ransomware detection,thereby enhancing cybersecurity resilience.展开更多
This paper provides a systematic review on the resilience analysis of active distribution networks(ADNs)against hazardous weather events,considering the underlying cyber-physical interdependencies.As cyber-physical sy...This paper provides a systematic review on the resilience analysis of active distribution networks(ADNs)against hazardous weather events,considering the underlying cyber-physical interdependencies.As cyber-physical systems,ADNs are characterized by widespread structural and functional interdependen-cies between cyber(communication,computing,and control)and physical(electric power)subsystems and thus present complex hazardous-weather-related resilience issues.To bridge current research gaps,this paper first classifies diverse hazardous weather events for ADNs according to different time spans and degrees of hazard,with model-based and data-driven methods being utilized to characterize weather evolutions.Then,the adverse impacts of hazardous weather on all aspects of ADNs’sources,physical/cyber networks,and loads are analyzed.This paper further emphasizes the importance of situational awareness and cyber-physical collaboration throughout hazardous weather events,as these enhance the implementation of preventive dispatches,corrective actions,and coordinated restorations.In addition,a generalized quantitative resilience evaluation process is proposed regarding additional considerations about cyber subsystems and cyber-physical connections.Finally,potential hazardous-weather-related resilience challenges for both physical and cyber subsystems are discussed.展开更多
文摘The accelerating global energy transition,driven by climate imperatives and technological advancements,demands fundamen-tal transformations in power systems.Smart grids,characterized by cyber-physical integration,distributed renewable resources,and data-driven intelligence,have emerged as the backbone of this evolution.This convergence,however,introduces unprecedented complexities in resilience,security,stability,and market operation.This special issue presents five pivotal studies addressing these interconnected challenges,offering novel methodologies and insights to advance the efficiency,resilience,and sustainability of modern power systems.
文摘The word“spatial”fundamentally relates to human existence,evolution,and activity in terrestrial and even celestial spaces.After reviewing the spatial features of many areas,the paper describes basics of high level model and technology called Spatial Grasp for dealing with large distributed systems,which can provide spatial vision,awareness,management,control,and even consciousness.The technology description includes its key Spatial Grasp Language(SGL),self-evolution of recursive SGL scenarios,and implementation of SGL interpreter converting distributed networked systems into powerful spatial engines.Examples of typical spatial scenarios in SGL include finding shortest path tree and shortest path between network nodes,collecting proper information throughout the whole world,elimination of multiple targets by intelligent teams of chasers,and withstanding cyber attacks in distributed networked systems.Also this paper compares Spatial Grasp model with traditional algorithms,confirming universality of the former for any spatial systems,while the latter just tools for concrete applications.
基金funded by the Office of Gas and Electricity Markets(Ofgem)and supported by De Montfort University(DMU)and Nottingham Trent University(NTU),UK.
文摘This paper introduces the Integrated Security Embedded Resilience Architecture (ISERA) as an advanced resilience mechanism for Industrial Control Systems (ICS) and Operational Technology (OT) environments. The ISERA framework integrates security by design principles, micro-segmentation, and Island Mode Operation (IMO) to enhance cyber resilience and ensure continuous, secure operations. The methodology deploys a Forward-Thinking Architecture Strategy (FTAS) algorithm, which utilises an industrial Intrusion Detection System (IDS) implemented with Python’s Network Intrusion Detection System (NIDS) library. The FTAS algorithm successfully identified and responded to cyber-attacks, ensuring minimal system disruption. ISERA has been validated through comprehensive testing scenarios simulating Denial of Service (DoS) attacks and malware intrusions, at both the IT and OT layers where it successfully mitigates the impact of malicious activity. Results demonstrate ISERA’s efficacy in real-time threat detection, containment, and incident response, thus ensuring the integrity and reliability of critical infrastructure systems. ISERA’s decentralised approach contributes to global net zero goals by optimising resource use and minimising environmental impact. By adopting a decentralised control architecture and leveraging virtualisation, ISERA significantly enhances the cyber resilience and sustainability of critical infrastructure systems. This approach not only strengthens defences against evolving cyber threats but also optimises resource allocation, reducing the system’s carbon footprint. As a result, ISERA ensures the uninterrupted operation of essential services while contributing to broader net zero goals.
文摘This review examines human vulnerabilities in cybersecurity within Microfinance Institutions, analyzing their impact on organizational resilience. Focusing on social engineering, inadequate security training, and weak internal protocols, the study identifies key vulnerabilities exacerbating cyber threats to MFIs. A literature review using databases like IEEE Xplore and Google Scholar focused on studies from 2019 to 2023 addressing human factors in cybersecurity specific to MFIs. Analysis of 57 studies reveals that phishing and insider threats are predominant, with a 20% annual increase in phishing attempts. Employee susceptibility to these attacks is heightened by insufficient training, with entry-level employees showing the highest vulnerability rates. Further, only 35% of MFIs offer regular cybersecurity training, significantly impacting incident reduction. This paper recommends enhanced training frequency, robust internal controls, and a cybersecurity-aware culture to mitigate human-induced cyber risks in MFIs.
文摘Traditional fossil fuels powerplants and their supply logistics are easy targets compared to renewables–therefore renewable energy is paramount to securing energy resilience.While wind farms exhibit vulnerabilities,they provide a great measure of power generation distribution across a vast area.This paper analyses the problems of ensuring the security of wind power plants(both onshore and offshore)in relation to military threats-missile and aviation strikes,sabotage or cyber-attacks.The article is based on the study of cases of damage to wind power plants,an analysis of their vulnerable points,and computer modelling using the AQWA diffraction motion response analysis program.The research has shown that wind power plants have some vulnerable points.Onshore installations being structurally more resistant to potential military strikes,and their cables are already hidden underground.Offshore turbines,particularly floating,exhibit more Particularly floating wind turbines’mooring lines and cables already often fail naturally,making them easy targets for sabotage.The cost of currently available risk mitigation measures ranges from 6.71% of total wind farm cost for land-based turbines to 12.72% for a floating wind farm.Additional technological and organisational measures should be implemented to increase the resilience of wind power systems in times of war.These solutions must be cost-effective to justify their deployment in times of peace.
文摘The integration of artificial intelligence(AI)with advanced power technologies is transforming energy system management,particularly through real-time data monitoring and intelligent decision-making driven by Artificial Intelligence Generated Content(AIGC).However,the openness of power system channels and the resource-constrained nature of power sensors have led to new challenges for the secure transmission of power data and decision instructions.Although traditional public key cryptographic primitives can offer high security,the substantial key management and computational overhead associated with these primitives make them unsuitable for power systems.To ensure the real-time and security of power data and command transmission,we propose a lightweight identity authentication scheme tailored for power AIGC systems.The scheme utilizes lightweight symmetric encryption algorithms,minimizing the resource overhead on power sensors.Additionally,it incorporates a dynamic credential update mechanism,which can realize the rotation and update of temporary credentials to ensure anonymity and security.We rigorously validate the security of the scheme using the Real-or-Random(ROR)model and AVISPA simulation,and the results show that our scheme can resist various active and passive attacks.Finally,performance comparisons and NS3 simulation results demonstrate that our proposed scheme offers enhanced security features with lower overhead,making it more suitable for power AIGC systems compared to existing solutions.
文摘Given the unique challenges facing the railway industry, cybersecurity is a crucial issue that must be addressed proactively. This paper aims to provide a systematic review of cybersecurity threats that could impact the safety and operations of rolling stock, the privacy and security of passengers and employees, and the public in general. The systematic literature review revealed that cyber threats to the railway industry can take many forms, including attacks on operational technology systems, data breaches, theft of sensitive information, and disruptions to train services. The consequences of these threats can be severe, leading to operational disruptions, financial losses, and loss of public trust in the railway system. To address these threats, railway organizations must adopt a proactive approach to security and implement robust cybersecurity measures tailored to the industry’s specific needs and challenges. This includes regular testing of systems for vulnerabilities, incident response plans, and employee training to identify and respond to cyber threats. Ensuring the system remains available, reliable, and maintainable is fundamental given the importance of railways as critical infrastructure and the potential harm that can be caused by cyber threats.
文摘Cyber-Physical Systems(CPS)represent an integration of computational and physical elements,revolutionizing industries by enabling real-time monitoring,control,and optimization.A complementary technology,Digital Twin(DT),acts as a virtual replica of physical assets or processes,facilitating better decision making through simulations and predictive analytics.CPS and DT underpin the evolution of Industry 4.0 by bridging the physical and digital domains.This survey explores their synergy,highlighting how DT enriches CPS with dynamic modeling,realtime data integration,and advanced simulation capabilities.The layered architecture of DTs within CPS is examined,showcasing the enabling technologies and tools vital for seamless integration.The study addresses key challenges in CPS modeling,such as concurrency and communication,and underscores the importance of DT in overcoming these obstacles.Applications in various sectors are analyzed,including smart manufacturing,healthcare,and urban planning,emphasizing the transformative potential of CPS-DT integration.In addition,the review identifies gaps in existing methodologies and proposes future research directions to develop comprehensive,scalable,and secure CPSDT systems.By synthesizing insights fromthe current literature and presenting a taxonomy of CPS and DT,this survey serves as a foundational reference for academics and practitioners.The findings stress the need for unified frameworks that align CPS and DT with emerging technologies,fostering innovation and efficiency in the digital transformation era.
基金supported by the National Key Research and Development Program of China(Project No.2022YFB3104300).
文摘The increasing reliance on interconnected Internet of Things(IoT)devices has amplified the demand for robust anonymization strategies to protect device identities and ensure secure communication.However,traditional anonymization methods for IoT networks often rely on static identity models,making them vulnerable to inference attacks through long-term observation.Moreover,these methods tend to sacrifice data availability to protect privacy,limiting their practicality in real-world applications.To overcome these limitations,we propose a dynamic device identity anonymization framework using Moving Target Defense(MTD)principles implemented via Software-Defined Networking(SDN).In our model,the SDN controller periodically reconfigures the network addresses and routes of IoT devices using a constraint-aware backtracking algorithmthat constructs new virtual topologies under connectivity and performance constraints.This address-hopping scheme introduces continuous unpredictability at the network layer dynamically changing device identifiers,routing paths,and even network topology which thwarts attacker reconnaissance while preserving normal communication.Experimental results demonstrate that our approach significantly reduces device identity exposure and scan success rates for attackers compared to static networks.Moreover,the dynamic schememaintains high data availability and network performance.Under attack conditions it reduced average communication delay by approximately 60% vs.an unprotected network,with minimal overhead on system resources.
基金supported in part by the project of the State Key Laboratory of Advanced Rail Autonomous Operation(RAO2023ZZ004)in part by the Beijing Natural Science Foundation-Fengtai Rail Transit Frontier Research Joint Fund(L211002)+2 种基金in part by the Foundation of China State Railway Group Corporation Limited under Grant L2021G003in part by the Scientific and Technical Research Fund of China Academy of Railway Sciences Corporation Limited under Grant 2021YJ094in part by the Project I23L00200 and Project I24F00010.
文摘With the integration of informatization and intelligence into the Communication-Based Train Control(CBTC)systems,the system is facing an increasing number of information security threats.As an important method of characterizing the system security status,the security situation assessment is used to analyze the system security situation.However,existing situation assessment methods fail to integrate the coupling relationship between the physical layer and the information layer of the CBTC systems,and cannot dynamically characterize the real-time security situation changes under cyber attacks.In this paper,a hierarchical security situation assessment approach is proposed to address the security challenges of CBTC systems,which can perceive cyber attacks,quantify the security situation,and characterize the security situation changes under cyber attacks.Specifically,for the physical layer ofCBTC systems,the impact of cyber attacks is evaluated with the train punctuality rate and train departure interval indicators.For the information layer of CBTC systems,the system vulnerabilities and system threats are selected as static level indicators,and the critical network characteristics are selected as dynamic level indicators to quantify the real-time security situation.Finally,the comprehensive security situation assessment value of the CBTC systems is obtained by integrating the physical and information layer indicators.Simulation results illustrate that the proposed approach can dynamically characterize the real-time security situation of CBTC systems,enhancing the ability to perceive and assess information security risks.
基金funded by National Natural Science Foundation of China No.62302520.
文摘Moving Target Defense(MTD)necessitates scientifically effective decision-making methodologies for defensive technology implementation.While most MTD decision studies focus on accurately identifying optimal strategies,the issue of optimal defense timing remains underexplored.Current default approaches—periodic or overly frequent MTD triggers—lead to suboptimal trade-offs among system security,performance,and cost.The timing of MTD strategy activation critically impacts both defensive efficacy and operational overhead,yet existing frameworks inadequately address this temporal dimension.To bridge this gap,this paper proposes a Stackelberg-FlipIt game model that formalizes asymmetric cyber conflicts as alternating control over attack surfaces,thereby capturing the dynamic security state evolution of MTD systems.We introduce a belief factor to quantify information asymmetry during adversarial interactions,enhancing the precision of MTD trigger timing.Leveraging this game-theoretic foundation,we employMulti-Agent Reinforcement Learning(MARL)to derive adaptive temporal strategies,optimized via a novel four-dimensional reward function that holistically balances security,performance,cost,and timing.Experimental validation using IP addressmutation against scanning attacks demonstrates stable strategy convergence and accelerated defense response,significantly improving cybersecurity affordability and effectiveness.
基金the Deanship of Scientific Research at King Khalid University for funding this work through large group under grant number(GRP.2/663/46).
文摘Domain Generation Algorithms(DGAs)continue to pose a significant threat inmodernmalware infrastructures by enabling resilient and evasive communication with Command and Control(C&C)servers.Traditional detection methods-rooted in statistical heuristics,feature engineering,and shallow machine learning-struggle to adapt to the increasing sophistication,linguistic mimicry,and adversarial variability of DGA variants.The emergence of Large Language Models(LLMs)marks a transformative shift in this landscape.Leveraging deep contextual understanding,semantic generalization,and few-shot learning capabilities,LLMs such as BERT,GPT,and T5 have shown promising results in detecting both character-based and dictionary-based DGAs,including previously unseen(zeroday)variants.This paper provides a comprehensive and critical review of LLM-driven DGA detection,introducing a structured taxonomy of LLM architectures,evaluating the linguistic and behavioral properties of benchmark datasets,and comparing recent detection frameworks across accuracy,latency,robustness,and multilingual performance.We also highlight key limitations,including challenges in adversarial resilience,model interpretability,deployment scalability,and privacy risks.To address these gaps,we present a forward-looking research roadmap encompassing adversarial training,model compression,cross-lingual benchmarking,and real-time integration with SIEM/SOAR platforms.This survey aims to serve as a foundational resource for advancing the development of scalable,explainable,and operationally viable LLM-based DGA detection systems.
基金supported by National Natural Science Foundation of China(No.61821001)Science and Tech-nology Key Project of Guangdong Province,China(2019B010157001).
文摘End-host address mutation is one of the key network moving target defense mechanisms to defend against reconnaissance.However,frequently changing host addresses increases the transmission de-lay of active sessions,which may cause serious ram-ifications.In this paper,by leveraging the advanced DPDK technology,we proposed a high-performance MTD gateway framework,called HPMG,which can not only prevent adversaries from reconnaissance ef-fectively,but also retain high-speed data packet pro-cessing capabilities.Firstly,every moving target host is assigned three different IP addresses,called real IP,virtual IP,and external IP,to realize multi-level net-work address architecture.To delay the scanning tech-niques of adversaries,HPMG mutates virtual IP and virtual MAC addresses,and replies with fake host re-sponses.Besides,to be transparent to the end-hosts,HPMG keeps real IP and real MAC unchanged.Fi-nally,we optimized the forwarding and processing performance of the HPMG based on the fast path framework of DPDK.Our theoretical analysis,imple-mentation,and evaluation show that HPMG can effec-tively defend against reconnaissance attacks and de-crease the processing delay caused by address muta-tion.
基金supported by the National Natural Science Foundation of China(62303273,62373226)the National Research Foundation,Singapore through the Medium Sized Center for Advanced Robotics Technology Innovation(WP2.7)
文摘Dear Editor,The letter deals with the distributed state and fault estimation of the whole physical layer for cyber-physical systems(CPSs) when the cyber layer suffers from DoS attacks. With the advancement of embedded computing, communication and related hardware technologies, CPSs have attracted extensive attention and have been widely used in power system, traffic network, refrigeration system and other fields.
文摘The recent years have witnessed unprecedented growth in digital infrastructure,driven by rapid advances in cloud computing,the Internet of Things(IoT),smart cities,healthcare informatics,and industrial automation.While these technologies have improved efficiency and connectivity,they have also created complex vulnerabilities that more sophisticated cyber adversaries can exploit.Cybersecurity is no longer a static domain but a constantly evolving field where threats such as ransomware,advanced persistent threats,and zero-day exploits demand adaptive,intelligent,and proactive responses.Emergent technologies such as artificial intelligence(AI),deep learning,distributed architectures,chaos theory,and post-quantum cryptography are transforming the way we conceptualise and implement information security.These approaches offer not only enhanced accuracy and robustness but also scalability,adaptability,and resilience across diverse,resource-limited environments.Consequently,the goal of this Special Issue on Emerging Technologies in Information Security is to compile innovative contributions that advance the boundaries of theory and practice in this swiftly evolving field.
文摘The current global cybersecurity landscape, characterized by the increasing scale and sophistication of cyberattacks, underscores the importance of integrating Cyber Threat Intelligence (CTI) into Land Administration Systems (LAS). LAS services involve requests and responses concerning public and private cadastral data, including credentials of parties, ownership, and spatial parcels. This study explores the integration of CTI in LAS to enhance cyber resilience, focusing on the unique vulnerabilities of LAS, such as sensitive data management and interconnection with other critical systems related to spatial data uses and changes. The approach employs a case study of a typical country-specific LAS to analyse structured vulnerabilities and their attributes to determine the degree of vulnerability of LAS through a quantitative inductive approach. The analysis results indicate significant improvements in identifying and mitigating potential threats through CTI integration, thus enhancing cyber resilience. These findings are crucial for policymakers and practitioners to develop robust cybersecurity strategies for LAS.
基金funded by the National University of Sciences and Technology(NUST)supported by the Basic Science Research Program through the National Research Foundation of Korea(NRF),funded by the Ministry of Education(2021R1IIA3049788).
文摘Ransomware,particularly crypto-ransomware,remains a significant cybersecurity challenge,encrypting victim data and demanding a ransom,often leaving the data irretrievable even if payment is made.This study proposes an early detection approach to mitigate such threats by identifying ransomware activity before the encryption process begins.The approach employs a two-tiered approach:a signature-based method using hashing techniques to match known threats and a dynamic behavior-based analysis leveraging Cuckoo Sandbox and machine learning algorithms.A critical feature is the integration of the most effective Application Programming Interface call monitoring,which analyzes system-level interactions such as file encryption,key generation,and registry modifications.This enables the detection of both known and zero-day ransomware variants,overcoming limitations of traditional methods.The proposed technique was evaluated using classifiers such as Random Forest,Support Vector Machine,and K-Nearest Neighbors,achieving a detection accuracy of 98%based on 26 key ransomware attributes with an 80:20 training-to-testing ratio and 10-fold cross-validation.By combining minimal feature sets with robust behavioral analysis,the proposed method outperforms existing solutions and addresses current challenges in ransomware detection,thereby enhancing cybersecurity resilience.
基金supported by the National Natural Science Foundation of China(52477132 and U2066601).
文摘This paper provides a systematic review on the resilience analysis of active distribution networks(ADNs)against hazardous weather events,considering the underlying cyber-physical interdependencies.As cyber-physical systems,ADNs are characterized by widespread structural and functional interdependen-cies between cyber(communication,computing,and control)and physical(electric power)subsystems and thus present complex hazardous-weather-related resilience issues.To bridge current research gaps,this paper first classifies diverse hazardous weather events for ADNs according to different time spans and degrees of hazard,with model-based and data-driven methods being utilized to characterize weather evolutions.Then,the adverse impacts of hazardous weather on all aspects of ADNs’sources,physical/cyber networks,and loads are analyzed.This paper further emphasizes the importance of situational awareness and cyber-physical collaboration throughout hazardous weather events,as these enhance the implementation of preventive dispatches,corrective actions,and coordinated restorations.In addition,a generalized quantitative resilience evaluation process is proposed regarding additional considerations about cyber subsystems and cyber-physical connections.Finally,potential hazardous-weather-related resilience challenges for both physical and cyber subsystems are discussed.
