The stability problem of power grids has become increasingly serious in recent years as the size of novel power systems increases.In order to improve and ensure the stable operation of the novel power system,this stud...The stability problem of power grids has become increasingly serious in recent years as the size of novel power systems increases.In order to improve and ensure the stable operation of the novel power system,this study proposes an artificial emotional lazy Q-learning method,which combines artificial emotion,lazy learning,and reinforcement learning for static security and stability analysis of power systems.Moreover,this study compares the analysis results of the proposed method with those of the small disturbance method for a stand-alone power system and verifies that the proposed lazy Q-learning method is able to effectively screen useful data for learning,and improve the static security stability of the new type of power system more effectively than the traditional proportional-integral-differential control and Q-learning methods.展开更多
Static security assessment(SSA) is an important procedure to ensure the static security of the power system.Researches recently show that cyber-attacks might be a critical hazard to the secure and economic operations ...Static security assessment(SSA) is an important procedure to ensure the static security of the power system.Researches recently show that cyber-attacks might be a critical hazard to the secure and economic operations of the power system. In this paper, the influences of false data injection attack(FDIA) on the power system SSA are studied. FDIA is a major kind of cyber-attacks that can inject malicious data into meters, cause false state estimation results, and evade being detected by bad data detection. It is firstly shown that the SSA results could be manipulated by launching a successful FDIA, which can lead to incorrect or unnecessary corrective actions. Then,two kinds of targeted scenarios are proposed, i.e., fake secure signal attack and fake insecure signal attack. The former attack will deceive the system operator to believe that the system operates in a secure condition when it is actually not. The latter attack will deceive the system operator to make corrective actions, such as generator rescheduling, load shedding, etc. when it is unnecessary and costly. The implementation of the proposed analysis is validated with the IEEE-39 benchmark system.展开更多
In this letter,a new formulation of Lebesgue integration is used to evaluate the probabilistic static security of power system operation with uncertain renewable energy generation.The risk of power flow solutions viol...In this letter,a new formulation of Lebesgue integration is used to evaluate the probabilistic static security of power system operation with uncertain renewable energy generation.The risk of power flow solutions violating any pre-defined operation security limits is obtained by integrating a semialgebraic set composed of polynomials.With the high-order moments of historical data of renewable energy generation,the integration is reformulated as a generalized moment problem which is then relaxed to a semi-definite program(SDP).Finally,the effectiveness of the proposed method is verified by numerical examples.展开更多
To detect security vulnerabilities in a web application,the security analyst must choose the best performance Security Analysis Static Tool(SAST)in terms of discovering the greatest number of security vulnerabilities ...To detect security vulnerabilities in a web application,the security analyst must choose the best performance Security Analysis Static Tool(SAST)in terms of discovering the greatest number of security vulnerabilities as possible.To compare static analysis tools for web applications,an adapted benchmark to the vulnerability categories included in the known standard Open Web Application Security Project(OWASP)Top Ten project is required.The information of the security effectiveness of a commercial static analysis tool is not usually a publicly accessible research and the state of the art on static security tool analyzers shows that the different design and implementation of those tools has different effectiveness rates in terms of security performance.Given the significant cost of commercial tools,this paper studies the performance of seven static tools using a new methodology proposal and a new benchmark designed for vulnerability categories included in the known standard OWASP Top Ten project.Thus,the practitioners will have more precise information to select the best tool using a benchmark adapted to the last versions of OWASP Top Ten project.The results of this work have been obtaining using widely acceptable metrics to classify them according to three different degree of web application criticality.展开更多
This study presents a methodology to evaluate and prevent security vulnerabilities issues for web applications.The analysis process is based on the use of techniques and tools that allow to perform security assessment...This study presents a methodology to evaluate and prevent security vulnerabilities issues for web applications.The analysis process is based on the use of techniques and tools that allow to perform security assessments of white box and black box,to carry out the security validation of a web application in an agile and precise way.The objective of the methodology is to take advantage of the synergies of semi-automatic static and dynamic security analysis tools and manual checks.Each one of the phases contemplated in the methodology is supported by security analysis tools of different degrees of coverage,so that the results generated in one phase are used as feed for the following phases in order to get an optimized global security analysis result.The methodology can be used as part of other more general methodologies that do not cover how to use static and dynamic analysis tools in the implementation and testing phases of a Secure Software Development Life Cycle(SSDLC).A practical application of the methodology to analyze the security of a real web application demonstrates its effectiveness by obtaining a better optimized vulnerability detection result against the true and false positive metrics.Dynamic analysis with manual checking is used to audit the results,24.6 per cent of security vulnerabilities reported by the static analysis has been checked and it allows to study which vulnerabilities can be directly exploited externally.This phase is very important because it permits that each reported vulnerability can be checked by a dynamic second tool to confirm whether a vulnerability is true or false positive and it allows to study which vulnerabilities can be directly exploited externally.Dynamic analysis finds six(6)additional critical vulnerabilities.Access control analysis finds other five(5)important vulnerabilities such as Insufficient Protected Passwords or Weak Password Policy and Excessive Authentication Attacks,two vulnerabilities that permit brute force attacks.展开更多
Software vulnerabilities,when actively exploited by malicious parties,can lead to catastrophic consequences.Proper handling of software vulnerabilities is essential in the industrial context,particularly when the soft...Software vulnerabilities,when actively exploited by malicious parties,can lead to catastrophic consequences.Proper handling of software vulnerabilities is essential in the industrial context,particularly when the software is deployed in critical infrastructures.Therefore,several industrial standards mandate secure coding guidelines and industrial software developers’training,as software quality is a significant contributor to secure software.CyberSecurity Challenges(CSC)form a method that combines serious game techniques with cybersecurity and secure coding guidelines to raise secure coding awareness of software developers in the industry.These cybersecurity awareness events have been used with success in industrial environments.However,until now,these coached events took place on-site.In the present work,we briefly introduce cybersecurity challenges and propose a novel platform that allows these events to take place online.The introduced cybersecurity awareness platform,which the authors call Sifu,performs automatic assessment of challenges in compliance to secure coding guidelines,and uses an artificial intelligence method to provide players with solution-guiding hints.Furthermore,due to its characteristics,the Sifu platform allows for remote(online)learning,in times of social distancing.The CyberSecurity Challenges events based on the Sifu platform were evaluated during four online real-life CSC events.We report on three surveys showing that the Sifu platform’s CSC events are adequate to raise industry software developers awareness on secure coding.展开更多
Software vulnerabilities,when actively exploited by malicious parties,can lead to catastrophic consequences.Proper handling of software vulnerabilities is essential in the industrial context,particularly when the soft...Software vulnerabilities,when actively exploited by malicious parties,can lead to catastrophic consequences.Proper handling of software vulnerabilities is essential in the industrial context,particularly when the software is deployed in critical infrastructures.Therefore,several industrial standards mandate secure coding guidelines and industrial software developers’training,as software quality is a significant contributor to secure software.CyberSecurity Challenges(CSC)form a method that combines serious game techniques with cybersecurity and secure coding guidelines to raise secure coding awareness of software developers in the industry.These cybersecurity awareness events have been used with success in industrial environments.However,until now,these coached events took place on-site.In the present work,we briefly introduce cybersecurity challenges and propose a novel platform that allows these events to take place online.The introduced cybersecurity awareness platform,which the authors call Sifu,performs automatic assessment of challenges in compliance to secure coding guidelines,and uses an artificial intelligence method to provide players with solution-guiding hints.Furthermore,due to its characteristics,the Sifu platform allows for remote(online)learning,in times of social distancing.The CyberSecurity Challenges events based on the Sifu platform were evaluated during four online real-life CSC events.We report on three surveys showing that the Sifu platform’s CSC events are adequate to raise industry software developers awareness on secure coding.展开更多
The approach of available transfer capability (denoted as ATC) incorporating wind generation has been paid very high attention since the development of wind generation. Based on the maximum function, this paper pres...The approach of available transfer capability (denoted as ATC) incorporating wind generation has been paid very high attention since the development of wind generation. Based on the maximum function, this paper presents an ATC model. The characteristic of the new model is twofold. First, it considers wind turbines connected to power system and static security of power system simultaneously. Second, it is a system of semismooth equations and can be solved easily. By using the smoothing strategy, a smoothing Newton method is adopted for solving the proposed new ATC model. Numerical simulation results of the IEEE 30-bus and 118-bus system show that the new model and algorithm are feasible and effective. The impact of wind turbines connected to power system on ATC is also analyzed.展开更多
A power balance static random-access memory(SRAM) for resistance to differential power analysis(DPA) is proposed. In the proposed design, the switch power consumption and short-circuit power consumption are balanc...A power balance static random-access memory(SRAM) for resistance to differential power analysis(DPA) is proposed. In the proposed design, the switch power consumption and short-circuit power consumption are balanced by discharging and pre-charging the key nodes of the output circuit and adding an additional shortcircuit current path. Thus, the power consumption is constant in every read cycle. As a result, the DPA-resistant ability of the SRAM is improved. In 65 nm CMOS technology, the power balance SRAM is fully custom designed with a layout area of 5863.6 μm^2.The post-simulation results show that the normalized energy deviation(NED) and normalized standard deviation(NSD) are 0.099% and 0.04%, respectively. Compared to existing power balance circuits, the power balance ability of the proposed SRAM has improved 53%.展开更多
基金the Technology Project of China Southern Power Grid Digital Grid Research Institute Corporation,Ltd.(670000KK52220003)the National Key R&D Program of China(2020YFB0906000).
文摘The stability problem of power grids has become increasingly serious in recent years as the size of novel power systems increases.In order to improve and ensure the stable operation of the novel power system,this study proposes an artificial emotional lazy Q-learning method,which combines artificial emotion,lazy learning,and reinforcement learning for static security and stability analysis of power systems.Moreover,this study compares the analysis results of the proposed method with those of the small disturbance method for a stand-alone power system and verifies that the proposed lazy Q-learning method is able to effectively screen useful data for learning,and improve the static security stability of the new type of power system more effectively than the traditional proportional-integral-differential control and Q-learning methods.
基金supported by the Hong Kong Polytechnic University(1-YW1Q)
文摘Static security assessment(SSA) is an important procedure to ensure the static security of the power system.Researches recently show that cyber-attacks might be a critical hazard to the secure and economic operations of the power system. In this paper, the influences of false data injection attack(FDIA) on the power system SSA are studied. FDIA is a major kind of cyber-attacks that can inject malicious data into meters, cause false state estimation results, and evade being detected by bad data detection. It is firstly shown that the SSA results could be manipulated by launching a successful FDIA, which can lead to incorrect or unnecessary corrective actions. Then,two kinds of targeted scenarios are proposed, i.e., fake secure signal attack and fake insecure signal attack. The former attack will deceive the system operator to believe that the system operates in a secure condition when it is actually not. The latter attack will deceive the system operator to make corrective actions, such as generator rescheduling, load shedding, etc. when it is unnecessary and costly. The implementation of the proposed analysis is validated with the IEEE-39 benchmark system.
基金This work was supported by the National Natural Science Foundation of China(No.52007163)in part by China Postdoctoral Science Foundation(No.2020M671718).
文摘In this letter,a new formulation of Lebesgue integration is used to evaluate the probabilistic static security of power system operation with uncertain renewable energy generation.The risk of power flow solutions violating any pre-defined operation security limits is obtained by integrating a semialgebraic set composed of polynomials.With the high-order moments of historical data of renewable energy generation,the integration is reformulated as a generalized moment problem which is then relaxed to a semi-definite program(SDP).Finally,the effectiveness of the proposed method is verified by numerical examples.
文摘To detect security vulnerabilities in a web application,the security analyst must choose the best performance Security Analysis Static Tool(SAST)in terms of discovering the greatest number of security vulnerabilities as possible.To compare static analysis tools for web applications,an adapted benchmark to the vulnerability categories included in the known standard Open Web Application Security Project(OWASP)Top Ten project is required.The information of the security effectiveness of a commercial static analysis tool is not usually a publicly accessible research and the state of the art on static security tool analyzers shows that the different design and implementation of those tools has different effectiveness rates in terms of security performance.Given the significant cost of commercial tools,this paper studies the performance of seven static tools using a new methodology proposal and a new benchmark designed for vulnerability categories included in the known standard OWASP Top Ten project.Thus,the practitioners will have more precise information to select the best tool using a benchmark adapted to the last versions of OWASP Top Ten project.The results of this work have been obtaining using widely acceptable metrics to classify them according to three different degree of web application criticality.
文摘This study presents a methodology to evaluate and prevent security vulnerabilities issues for web applications.The analysis process is based on the use of techniques and tools that allow to perform security assessments of white box and black box,to carry out the security validation of a web application in an agile and precise way.The objective of the methodology is to take advantage of the synergies of semi-automatic static and dynamic security analysis tools and manual checks.Each one of the phases contemplated in the methodology is supported by security analysis tools of different degrees of coverage,so that the results generated in one phase are used as feed for the following phases in order to get an optimized global security analysis result.The methodology can be used as part of other more general methodologies that do not cover how to use static and dynamic analysis tools in the implementation and testing phases of a Secure Software Development Life Cycle(SSDLC).A practical application of the methodology to analyze the security of a real web application demonstrates its effectiveness by obtaining a better optimized vulnerability detection result against the true and false positive metrics.Dynamic analysis with manual checking is used to audit the results,24.6 per cent of security vulnerabilities reported by the static analysis has been checked and it allows to study which vulnerabilities can be directly exploited externally.This phase is very important because it permits that each reported vulnerability can be checked by a dynamic second tool to confirm whether a vulnerability is true or false positive and it allows to study which vulnerabilities can be directly exploited externally.Dynamic analysis finds six(6)additional critical vulnerabilities.Access control analysis finds other five(5)important vulnerabilities such as Insufficient Protected Passwords or Weak Password Policy and Excessive Authentication Attacks,two vulnerabilities that permit brute force attacks.
文摘Software vulnerabilities,when actively exploited by malicious parties,can lead to catastrophic consequences.Proper handling of software vulnerabilities is essential in the industrial context,particularly when the software is deployed in critical infrastructures.Therefore,several industrial standards mandate secure coding guidelines and industrial software developers’training,as software quality is a significant contributor to secure software.CyberSecurity Challenges(CSC)form a method that combines serious game techniques with cybersecurity and secure coding guidelines to raise secure coding awareness of software developers in the industry.These cybersecurity awareness events have been used with success in industrial environments.However,until now,these coached events took place on-site.In the present work,we briefly introduce cybersecurity challenges and propose a novel platform that allows these events to take place online.The introduced cybersecurity awareness platform,which the authors call Sifu,performs automatic assessment of challenges in compliance to secure coding guidelines,and uses an artificial intelligence method to provide players with solution-guiding hints.Furthermore,due to its characteristics,the Sifu platform allows for remote(online)learning,in times of social distancing.The CyberSecurity Challenges events based on the Sifu platform were evaluated during four online real-life CSC events.We report on three surveys showing that the Sifu platform’s CSC events are adequate to raise industry software developers awareness on secure coding.
文摘Software vulnerabilities,when actively exploited by malicious parties,can lead to catastrophic consequences.Proper handling of software vulnerabilities is essential in the industrial context,particularly when the software is deployed in critical infrastructures.Therefore,several industrial standards mandate secure coding guidelines and industrial software developers’training,as software quality is a significant contributor to secure software.CyberSecurity Challenges(CSC)form a method that combines serious game techniques with cybersecurity and secure coding guidelines to raise secure coding awareness of software developers in the industry.These cybersecurity awareness events have been used with success in industrial environments.However,until now,these coached events took place on-site.In the present work,we briefly introduce cybersecurity challenges and propose a novel platform that allows these events to take place online.The introduced cybersecurity awareness platform,which the authors call Sifu,performs automatic assessment of challenges in compliance to secure coding guidelines,and uses an artificial intelligence method to provide players with solution-guiding hints.Furthermore,due to its characteristics,the Sifu platform allows for remote(online)learning,in times of social distancing.The CyberSecurity Challenges events based on the Sifu platform were evaluated during four online real-life CSC events.We report on three surveys showing that the Sifu platform’s CSC events are adequate to raise industry software developers awareness on secure coding.
基金This research is supported by the National Natural Science Foundation of China under Grant Nos. 10871031, 10926189, the Natural Science United Foundation of Hunan-Hengyang under Grant No. 10JJS008, and the Educational Department of Hunan under Grant No. 10A015
文摘The approach of available transfer capability (denoted as ATC) incorporating wind generation has been paid very high attention since the development of wind generation. Based on the maximum function, this paper presents an ATC model. The characteristic of the new model is twofold. First, it considers wind turbines connected to power system and static security of power system simultaneously. Second, it is a system of semismooth equations and can be solved easily. By using the smoothing strategy, a smoothing Newton method is adopted for solving the proposed new ATC model. Numerical simulation results of the IEEE 30-bus and 118-bus system show that the new model and algorithm are feasible and effective. The impact of wind turbines connected to power system on ATC is also analyzed.
基金Project supported by the Zhejiang Provincial Natural Science Foundation of China(No.LQ14F040001)the National Natural Science Foundation of China(Nos.61274132,61234002)the K.C.Wong Magna Fund in Ningbo University,China
文摘A power balance static random-access memory(SRAM) for resistance to differential power analysis(DPA) is proposed. In the proposed design, the switch power consumption and short-circuit power consumption are balanced by discharging and pre-charging the key nodes of the output circuit and adding an additional shortcircuit current path. Thus, the power consumption is constant in every read cycle. As a result, the DPA-resistant ability of the SRAM is improved. In 65 nm CMOS technology, the power balance SRAM is fully custom designed with a layout area of 5863.6 μm^2.The post-simulation results show that the normalized energy deviation(NED) and normalized standard deviation(NSD) are 0.099% and 0.04%, respectively. Compared to existing power balance circuits, the power balance ability of the proposed SRAM has improved 53%.
