Resilience PI controller design for mitigating weak denial‐of‐service attacks in cyber‐physical systems

This paper is concerned with the security analysis and event-triggered control problem of the networked control system (NCSs) subject to denial of service (DoS) attacks. By considering the malicious DoS attacks and partial information via measured outputs, firstly, a relaxed triggering strategy is designed for the NCSs under DoS attacks. Then, the performance analysis and controller design are conducted by Lyapunov-krasovskii method and LMIs technique based on the proposed relaxed triggering strategy. At last, some simulation results show that the proposed relaxed triggering strategy is resilient to DoS attacks with some performance lost.

A denial of service (DOS) attack is any malicious attempt to deprive legitimate customers of their ability to access services, such as a Web server. DOS attacks fall into two broad categories: • Server vulnerability DOS attacks — attacks that exploit known bugs in operating systems and servers. These attacks typically will use the bugs to crash programs that users routinely rely upon, thereby depriving those users of their normal access to the services provided by those programs. Examples of vulnerable systems include all operating systems, such as Windows NT or Linux, and various Internet-based services such as DNS, Microsoft's IIS Servers, Web servers, etc. All of these programs, which have important and useful purposes, also have bugs that hackers exploit to bring them down or hack into them. This kind of DOS attack usually comes from a single location and searches for a known vulnerability in one of the programs it is targeting. Once it finds such a program, the DOS attack will attempt to crash the program to deny service to other users. Such an attack does not require high bandwidth. • Packet flooding DOS attacks — attacks that exploit weaknesses in the Internet infrastructure and its protocols. Floods of seemingly normal packets are used to overwhelm the processing resources of programs, thereby denying users the ability to use those services. Unlike the previous category of DOS attacks, which exploit bugs, flood attacks require high bandwidth in order to succeed. Rather than use the attacker's own infrastructure to mount the attack (which might be easier to detect), the attacker is increasingly likely to carry out attacks through intermediary computers (called zombies) that the attacker has earlier broken into. Zombies are coordinated by the hacker at a later time to launch a distributed DOS (DDOS) attack on a victim. Such attacks are extremely difficult to trace and defend with the present-day Internet. Most zombies come from home computers, universities, and other vulnerable infrastructures. Often, the owners of the computers are not even aware that their machines are being co- opted in such attacks. The hacker community has invented numerous scripts to make it convenient for those interested in mounting such attacks to set up and orchestrate the zombies. Many references are available on this topic.1–4

SummaryThis paper studies the networked control systems (NCS) predictive output feedback control issue with random time delay and denial of service (DoS) attacks. The mathematical description of the random DoS attacks and time delays in controller‐to‐actuator (C‐A) and sensor‐to‐controller (S‐C) communication channels is researched based on Markov stochastic theory. Considering the random characteristics of network‐induced attacks and delays, the closed‐loop NCS is modeled as a discrete‐time linear system with Markov DoS attack and time delay. The stochastic stability criterion of a class of networked predictive control systems with random attack and delay is proposed based on Lyapunov stability theory and the predictive compensation control method. The networked model predictive output feedback controller is designed by applying the parameter compensation method and linear matrix inequality (LMI) technique. Numerical simulation results are proposed to verify the effectiveness of the proposed control strategy.

This study is concerned with the output‐based resilient event‐triggered control for networked control systems (NCSs) subject to denial of service (DoS) attacks, where ‘resilient’ is interpreted as that the NCSs can tolerate a larger time delay with a certain degree of performance degradation when there are DoS attacks. Otherwise, the NCSs run with performance. In order to characterise DoS attacks, an additional positive term which implies the effects of DoS attacks is imposed on the pre‐designed triggering condition. By considering the fact that only partial output measurements can be obtained, the output‐based security performance analysis as well as an output feedback controller design under the proposed event‐triggered strategy is conducted with Lyapunov–Krasovskii method and linear matrix inequalities technique. At last, the simulation results show that the designed controller is resilient to DoS attacks with less dependent on the transmission packets while sacrificing some control performance.

This paper studies the design of network control system under forward and feedback random DoS(Denial of Service) attacks. A network predictive control scheme is proposed to compensate system forward and feedback channels block caused by DoS attacks, the random DoS attacks model is given. The predictive controller of a random time-varying DoS attacks network system is introduced, it predicts the control amount and the control compensator to select the latest control amount suitable for the controlled object. Finally, the stability criterion of the closed-loop system is given by using the pole assignment method.

This article investigates the switching-like event-triggered control for networked control systems (NCSs) under the malicious denial of service (DoS) attacks. First, by dividing the DoS attacks into S-interval (DoS-free case) and D-interval (DoS case), a switching-like event-triggered communication scheme (SETC) is well designed to deal with intermittent DoS attacks to improve communication efficiency while keeping the desired control performance. Second, by considering the SETC and NCSs into a unified framework, the studied system is transferred into a time-delay system. Then, under the constraint of the number of maximum allowable data dropouts induced by DoS attacks, a stability criterion and a stabilization criterion are derived, which can be used to estimate the event-triggered communication parameters and obtain the security controller gain simultaneously. Moreover, the derived stabilization criterion can also provide a tradeoff to balance communication efficiency and $H_{\infty }$ control performance. At last, a networked invert pendulum on a cart is conducted to show the effectiveness of the proposed method.

In this paper, security of networked control system (NCS) under denial of service (DoS) attack is considered. Different from the existing literatures from the perspective of control systems, this paper considers a novel method of dynamic allocation of network bandwidth for NCS under DoS attack. Firstly, time-constrained DoS attack and its impact on the communication channel of NCS are introduced. Secondly, details for the proposed dynamic bandwidth allocation structure are presented along with an implementation, which is a bandwidth allocation strategy based on error between current state and equilibrium state and available bandwidth. Finally, a numerical example is given to demonstrate the effectiveness of the proposed bandwidth allocation approach.

Software Defined Networking (SDN) stands to transmute our modern networks and data centers, opening them up into highly agile frameworks that can be reconfigured depending on the requirement. Denial of Service (DoS) attacks are considered as one of the most destructive attacks. This paper, is about DoS attack detection and mitigation using SDN. DoS attack can minimize the bandwidth utilization, leaving the network unavailable for legitimate traffic. To provide a solution to the problem, concept of performance aware Software Defined Networking is used which involves real time network monitoring using sFlow as a visibility protocol. So, OpenFlow along with sFlow is used as an application to fight DoS attacks. Our analysis and results demonstrate that using this technique, DoS attacks are successfully defended implying that SDN has promising potential to detect and mitigate DoS attacks.

This paper addresses the attack frequency estimation for networked control systems suffering from denial of service (DoS) attacks. First, the networked control systems (NCSs) subjecting to DoS attacks are modeled as switched systems between normal systems and attacked systems. Secondly, by considering the worst scenario of DoS attacks with energy constraints, the maximum allowable update interval is well characterized under consideration of the limitation of the event-triggered control scheme and discrete sampling. Then, by use of Lyapunov theory, a stability criterion is derived to obtain the maximum number of DoS attacks while ensuring the globally exponentially stable of studied system. Finally, an example is used to show the validity of proposed results.

Switching LPV approach for analysis and control of TCP-based cyber-physical systems under DoS attack

Attack-model-independent stabilization of networked control systems under a jump-like TOD scheduling protocol

The security problem of networked control systems (NCSs) suffering denial of service(DoS) attacks with incomplete information is investigated in this paper. Data transmission among different components in NCSs may be blocked due to DoS attacks. We use the concept of security level to describe the degree of security of different components in an NCS. Intrusion detection system (IDS) is used to monitor the invalid data generated by DoS attacks. At each time slot, the defender considers which component to monitor while the attacker considers which place for invasion. A one-shot game between attacker and defender is built and both the complete information case and the incomplete information case are considered. Furthermore, a repeated game model with updating beliefs is also established based on the Bayes’ rule. Finally, a numerical example is provided to illustrate the effectiveness of the proposed method.

Static output-feedback control for Cyber-physical LPV systems under DoS attacks

A new switching law for event-triggered switched systems under DoS attacks

Problem statement: Seeking for defense mechanisms against low rate De nial of Service (DoS) attacks as a new generation of DoS attacks ha s received special attention during recent years. A s a decisive factor, evaluating the performance of th e offered mitigation techniques based on different metrics for determining the viability and ability o f these countermeasures requires more research. Approach: The development of a new generalized discrete event simulator has been deliberated in detail. The research conducted places high emphasis on the benefits of creating a customized discrete event simulator for the analysis of security and in particular the DoS attacks. The simulator possesse s a niche in terms of the small scale, low execution ti me, portability and ease of use. The attributes and mechanism of the developed simulator is complemented with the proposed framework. Results: The simulator has been extensively evaluated and has pr oven to provide an ideal tool for the analysis and exploration of DoS attacks. In-depth analysis is en abled by this simulator for creating multitudes of defense mechanisms against HTTP low rate DoS attacks. The acquired results from the simulation tool have been compared against a simulator from the same domain. Subsequently, it enables the validation of developed simulator utilizing selected performan ce metrics including mean in-system time, average delay and average buffer size. Conclusion: The proposed simulator serves as an efficient and scalable performance analysis tool for the analysis of HTTP low rate DoS attack defense mechanism. Future work can encompass the development of discrete event simulators for analysis of other security issues such as Intrusion Detection Systems.