TV-AVN: Training Verdict Based on Random Forest for Misbehavior Detection in Autonomous Vehicle Networks

Subsynchronous Interaction (SSI) phenomenon is known to be one of the most frequent and severe stability issues of a Wind Park (WP), and can potentially lead to a significant loss of power generation. The broad impacts of this phenomenon on a power grid have made WPs interesting targets for cyber attacks. To initiate the SSI, an adversary can target either the power grid (external attacks) or the cyber system of WPs (internal attacks). This paper proposes a mitigation scheme for attacks that initiate the SSI phenomenon in series compensated doubly-fed induction generator (DFIG)-based WPs. External attacks are addressed by employing a robust static-output-feedback Subsynchronous Damping Controller (SSDC), which is designed based on the insensitive strip region and Linear Matrix Inequality (LMI) techniques. Internal attacks, however, are detected by comparing the estimated and measured converters’ currents. Once the compromised measurements are detected, the designed SSDC is restructured to mitigate the attacks. The effectiveness of the proposed method is demonstrated using detailed Electromagnetic Transient (EMT) simulations for both internal and external cyber attacks. Additionally, the performance of the proposed method is corroborated using a real-time co-simulation framework.

Wireless networks-on-chips (NoCs) (WiNoCs) have emerged as a possible solution to the nonscalable multihop data transmission paths in traditional wired NoC architectures. Using low-power transceivers in NoC switches, novel WiNoC architectures have been shown to achieve higher energy efficiency with improved peak bandwidth and reduced on-chip data transfer latency. However, using wireless interconnects for intrachip data transfer over an unguided medium introduces additional security vulnerabilities in on-chip communication arising from either external attackers or internal hardware Trojans. In this article, we propose a mechanism to make the wireless communication in a WiNoC secure against persistent jamming-based denial-of-service (DoS) attacks and eavesdropping (ED) from both external and internal attackers. Persistent jamming attacks on the on-chip wireless medium will cause interference in data transfer over the duration of the attack resulting in errors in contiguous bits, known as burst errors. Therefore, we use a burst-error correction code to monitor the rate of burst errors received over the wireless medium and deploy a machine-learning (ML) classifier to detect the persistent jamming attack and distinguish it from random burst errors. In the event of a persistent jamming attack, alternate routing strategies are proposed to avoid the DoS attack over the wireless medium, so that a secure data transfer can be sustained even in the presence of persistent jamming. In the event of an external ED attack, we deploy a low-latency and lightweight data scrambling method to secure communication over the wireless channel. In the case of an internal ED, we propose a mechanism to identify the attacker and prevent the attack. We evaluate the proposed techniques on a WiNoC in the presence of DoS and ED attacks from both internal and external attackers. On an average, 99.87% of the attack on DoS detection was achieved with the chosen ML classifier. A bandwidth degradation of < 3% is experienced in the event of both DoS and ED internal attacks. The wireless interconnects are disabled in the presence of a persistent external jamming DoS attack for security, therefore eliminating the advantages of the wireless interconnections making the performance of the WiNoC comparable with that of a wired NoC. Although scrambling overheads are incurred in the presence of an external ED attack, the overheads are minimized by adopting simple XOR-based encoding and decoding.

Vehicular Ad-hoc Networks (VANETs) aim to increase, among others, traffic safety and efficiency by warning and informing the driver about road events and hazards. Due to their direct impact on drivers' safety, external and internal attacks have to be prevented. While authentication prevents most of the external attacks, internal attackers are still able to misuse the system and inject fake - but authenticated - messages. Therefore, misbehavior detection and prevention mechanisms are required to mitigate such attacks. In this paper we provide a categorization of internal attackers to identify most relevant attack variants. Instead of using simulations, as done by most related works, we use an implementation on real vehicles to demonstrate the feasibility of location-based attacks. Especially, we demonstrate that a malware application installed on a vehicle can provoke false warnings on benign vehicles that are within the attacker's communication range. This exemplary attack is possible due to insufficiently specified VANET security standards. By using our proposed countermeasures, we show that this internal attack is detected and blocked, preventing false driver warnings.

Wireless mesh networks (WMNs) upraised as superior technology offering all aspects of services as compared to conventional networks. Due to the absence of centralised authority, WMNs suffers from both external and internal attacks, which decrease the overall performance of WMNs. In this study, the authors proposed an efficient handoff authentication protocol with privacy preservation of nonce and transfer ticket against external attacks during handoff and proposed round trip time (RTT)-based detection protocol to resist against internal attacks in WMNs. For privacy preservation of nonce and transfer ticket, encryption of the nonce and transfer ticket during handoff authentication process was considered. For detection, the calculation of RTT and processing time to identify the malicious nodes forming wormhole link were considered. The proposed work prevents the AODV routing protocol against the wormhole attack in WMNs. The simulation of the proposed work was done using NS-3 simulator, and the experimental results show that the performance of the proposed method prevents WMNs from both external and internal attacks.

Vehicular networks are vulnerable to various attacks such as Sybil, denial-of-service (DoS) and false alert generation attacks. Cryptographic methods can provide some protection to vehicular networks from external attacks but are found to be vulnerable to internal attacks. A misbehavior detection system (MDS) can be deployed to detect and prevent internal attacks. In this paper, we propose a machine learning and reputation based MDS to enhance the detection accuracy as well as to ensure the reliability of both vehicles and messages. Proposed MDS is trained using datasets generated through extensive simulation based on the realistic vehicular network environment. To improve the accuracy of the detection, we have employed the Dempster-Shafer (DS) theory-based collaborative misbehavior detection system. In the proposed scheme, the reputation score of each vehicle is used as a belief value for Dempster-Shafer based feedback combination. In addition, we propose a beta distribution based reputation update and revocation scheme. Moreover, we show that our proposed scheme is better compared to previous methods in terms of accurately identifying various misbehaviors.

European and North American governments are actively working on improving road safety and traffic efficiency. To this end, their corresponding standardization bodies: ETSI and IEEE are developing the Cooperative Intelligent Transport Systems (C-ITS). In this system, vehicles and road side units communicate in order to enable new services and propose cooperative safety applications. However, the system is vulnerable to new types of threats if not adequately secured. The security and privacy protection is crucial to the user acceptance of such new system. Currently, the ETSI and IEEE proposed using a specific vehicular Public Key Infrastructure (PKI) to protect the C-ITS system. The PKI can protect the system against external attackers but it still vulnerable to internal attacks. Registered vehicles with valid certificates can still disturb the system by misusing its applications. The aim of misbehavior detection is to detect and mitigate the effect of internal attackers. The current misbehavior detection architecture includes a local embedded component and a cloud component. In this paper, we propose a misbehavior reports dataset of derived from the local embedded detection of misbehaving entities. This dataset can be used to further develop and evaluate the cloud component. The set includes different road topology, varying attacker penetration rates and attack scenarios.

The routing protocols, one of the fundamental components in the operation of the Internet, lack basic efficient and effective security schemes to prevent internal and external attacks. Existing cryptographic techniques can protect IP routing infrastructure from external attack at the expense of performance but is difficult to protect a network from internal attacks. This paper describes a novel computational method for verifying routing messages in distance vector routing protocols that can effective and efficient to protect routing protocols from internal attacks such as mis-configuration or compromise.

The idea of next-generation ports has become more apparent in the last ten years - in response to the challenge posed by the rising demand for efficiency and the ever-increasing volume of goods. In this new era of intelligent infrastructure and facilities, it is evident that cyber-security has recently received the most significant attention from the seaport and maritime authorities, and it is a primary concern on the agenda of most ports. Traditional security solutions like firewalls and antivirus software can be applied to safeguard IoT and Cyber-Physical Systems (CPS) from harmful entities. Nevertheless, security researchers can only watch, examine, and learn about the behaviors of attackers if these solutions operate more transparently. Herein, honeypots are potential solutions since they offer valuable information about the attackers. Honeypots can be virtual or physical. Virtual honeypots must be more realistic to entice attackers, necessitating better high-fidelity. To this end, Digital Twin (DT) technology can be employed to increase the complexity and simulation fidelity of the honeypots. Seaports can be attacked from both their existing devices and external devices at the same time. Existing intrusion detection mechanisms are insufficient to detect external attacks; therefore, the current systems cannot handle attacks at the desired level. DT and honeypot technologies can be used together to tackle them. Consequently, we suggest a DT-assisted honeypot, called TwinPot, for external attacks in smart seaports. Moreover, we propose an intelligent attack detection mechanism to handle different attack types using DT technology for internal attacks. Finally, we build an extensive smart seaport dataset for internal and external attacks using the MANSIM tool and two existing datasets to test the performance of our system. We show that under both simultaneous internal and external attacks on the system, our solution successfully detects internal and external attacks.

Attacks on the organization networks can be classified as external and internal attacks. For the purpose of this paper we consider that external attacks are generated by the attackers or from hosts outside the organization, and internal attacks are generated by malicious insiders within the organization. Insider attacks have always been challenging to deal with as insiders have legitimate and physical access to the systems within the organization, and they have knowledge of the organization networks and more importantly, are aware of the security environment enforced within the organization. In this paper we propose novel trust enhanced security techniques to deal with the insider attack problem. Our architecture detects the attacks by monitoring the user activity as well as the state of the system using trusted computing in exposing and analyzing suspicious behaviour. We will demonstrate how an insider can exploit the weakness in the systems to generate different attacks and how our architecture can help to prevent such attacks.

The Internet of Vehicles (IoV) enables vehicles to communicate with each other and infrastructure through basic safety messages (BSMs), thereby reducing accidents by means of early warnings and collision avoidance. In fact, IoV networks are vulnerable to positional attacks induced by malicious vehicles, which can severely compromise traffic safety and system reliability. In spite of the existing works devoted to misbehavior detection for certain types of attacks, extracting statistical features from BSMs to defend against all positional attacks in IoV networks has been largely overlooked. In this paper, we extract six types of positional attacks from the VeReMi-Extension dataset and discover hidden attack patterns. Based on these discovered patterns and our data analysis, we categorize them into the statistical features of Gaussian-like, Lévy-like sparse, and Lévy-like ordinary positional attacks. Then, we propose a three-feature misbehavior detection mechanism to distinguish between normal and malicious vehicles, where the first feature detection employs the Jarque-Bera test to identify Gaussian-like positional attacks, the second feature detection identifies Lévy-like sparse positional attacks by evaluating data sparsity, and the third feature detection uses Isolation Forest to detect Lévy-like ordinary positional attacks. Simulation results show that the proposed solution achieves promising false alarm and miss detection rates, and acts robustly across diverse parameter settings.

A vehicular ad hoc network (VANET) is one of the applications of mobile ad hoc network (MANET). VANET is used to reduce road traffic and accidents to save millions of lives by providing safety applications. Whereas, the current evolution of the Internet is the Internet of Things (IoT), where billions of smart computing devices, including smart vehicles are connected to the Internet to transfer data without human intervention. The existing two technologies VANETs and IoT define new technology called internet of vehicles (IoV). The IoT enables various value-added services; however, IoV is susceptible to various security threats from malicious entities. The collective efforts of researchers enhance security against internal and external attacks. To secure the IoV against the attacks from malicious nodes, most of the existing technologies provided centralized and computation overhead-based solutions. Many researchers have proposed cryptography and trust management-based security solutions. These schemes have their own limitations. The cryptography-based schemes provide security over external attacks, whereas trust management schemes provide security over internal attacks. The new Blockchain technology enables decentralized and distributed operations. The chapter has proposed blockchain-based security solution for IoV to authenticate vehicles, calculate reward points and 158compute new trust value. The proposed Blockchain networks employ both private and public Blockchain networks. The first uniqueness of proposed scheme, it employs the combination of both public and private Blockchains, it is called consortium blockchain And second uniqueness, the transmission and computation overhead in IoV are overcome by making use of deep neural networks at RSUs and ATA. The simulation results and comparative analysis of V2V, V21, private, and public Blockchain networks are presented and it shows performance of the proposed scheme is comparably enhanced by minimizing transmission and computation overheads.

The realtime identification of missing items, e.g., valuables or confidential documents in shops and warehouses, is one of the most important system. Although many RFID-based schemes that quickly identify missing tag-attached items are proposed, most of the schemes overlooks the possibility of the internal crime. If a person controls an untrusted reader, he/she can freely forge responses from tags and steal items without being detected. In this paper, we propose a secure and fast missing tags identification against both the internal and external attackers. Our scheme first identifies tags stolen by an external attacker with a channel estimation based scheme. Then, our scheme lets tags send cryptographically generated responses, which are socalled MAC (Message Authentication Code), and verifies them to identify stolen tags by an internal attacker. In order to shorten the time to collect responses, our scheme lets multiple tags transmit responses simultaneously and decodes them by leveraging the estimated channels. By the security analysis and the computer simulation, we show the effectiveness of our scheme.

Trust-based security solutions are used to improve cooperation among sensor nodes of a sensor network. Wireless sensor network (WSN) is vulnerable to internal and external attacks. Internal attacks are more severe than external attacks. Moreover, congestion in the network also reduces the performance of a network. In a sensor network, sensor nodes become congested since many packets came from other sensor nodes during the interaction process. To detect the congestion and mitigate the internal attacks from the WSN, we have proposed a Congestion Aware Trust model (CATM) for wireless sensor networks. The proposed Congestion Aware Trust model (CATM) employs a lightweight trust assessment scheme and a congestion detection scheme in a wireless sensor network. To analyze the performance of CATM, we intentionally injected some selfish nodes in the WSN. The proposed trust model feasibility has been tested with MATLAB. Simulation results are obtained in terms of trust evaluation, malicious node detection rate and malicious node false alarm rate.

We study the problem of detecting data exfiltration in computer networks. We focus on the performance of optimal defense strategies with respect to an attacker’s knowledge about typical network behavior and his ability to influence the standard traffic. Internal attackers know the typical upload behavior of the compromised host and may be able to discontinue standard uploads in favor of the exfiltration. External attackers do not immediately know the behavior of the compromised host, but they can learn it from observations.

Wireless sensor networks (WSNs) are placed in open environments for the collection of data and are vulnerable to external and internal attacks. The cryptographic mechanisms implemented so far, such as authorization and authentication, are used to restrict external sensor node attacks but cannot prevent internal node attacks. In order to evade internal attacks trust mechanisms are used. In trust mechanisms, firstly, the sensor nodes are monitored using the popular Watchdog mechanism. However, traditional trust models do not pay much attention to selective forwarding and consecutive packet dropping. Sometimes, sensitive data are dropped by internal attackers. This problem is addressed in our proposed model by detecting selective forwarding and consecutive failure of sending packets using the Beta probability density function model.