Injection Attacks Research Articles

Resilient Self-Triggered Model Predictive Control of Cyber-Physical Systems Under Two-Channel False Data Injection Attacks

Abstract This paper presents a novel resilient self-triggered model predictive control (ST-MPC) method to alleviate potential threats of false data injection (FDI) attacks on cyber-physical systems (CPSs). First, considering that the data transmitted via the sensor-to-controller (S–C) and controller-to-actuator (C–A) channels in CPS may be tampered with by FDI attacks, a novel input reconstruction strategy combined with the ST-MPC mechanism is proposed to alleviate the threats of FDI attacks while reducing the computational and communication resources, in which key optimal control signals are selected and protected based on systematic performance inequalities. Correspondingly, a resilient ST-MPC algorithm combined with the dual-mode strategy is further proposed. Moreover, the iterative feasibility and the closed-loop stability are strictly demonstrated. Finally, the effectiveness of the proposed strategy is verified via a simulation study.

Enhancing Linux System Security: A Kernel-Based Approach to Fileless Malware Detection and Mitigation

In the late 20th century, computer viruses emerged as powerful malware that resides permanently in target hosts. For a virus to function, it must load into memory from persistent storage, such as a file on a hard drive. Due to the significant destructive potential of viruses, numerous defense measures have been developed to protect computer systems. Among these, antivirus software is one of the most recognized and widely used. Typically, antivirus solutions rely on static analysis (signature-based) technologies to detect infections in files stored on permanent storage devices, such as hard drives or USB (Universal Serial Bus) flash drives. However, a new breed of malware, fileless malware, has been designed to evade detection and enhance durability. Fileless malware resides solely in the memory of the target hosts, circumventing traditional antivirus software, which cannot access or analyze processes executed directly from memory. This study proposes the Check-on-Execution (CoE) kernel-based approach to detect fileless malware on Linux systems. CoE intervenes by suspending code execution before a program executes code from a process’s writable and executable memory area. To prevent the execution of fileless malware, CoE extracts the code from memory, packages it with an ELF (Executable and Linkable Format) header to create an ELF file, and uses VirusTotal for analysis. Experimental results demonstrate that CoE significantly enhances a Linux system’s ability to defend against fileless malware. Additionally, CoE effectively protects against shell code injection attacks, including buffer and memory overflows, and can handle packed malware. However, it is important to note that this study focuses exclusively on fileless malware, and further research is needed to address other types of malware.

Fixed-time consensus and finite-time flocking of second-order nonlinear multi-agent systems under false data injection attacks

This paper focuses on addressing consensus and flocking issues in second-order nonlinear multi-agent systems (MASs) under the false data injection attacks. Novel adaptive control protocols are proposed to effectively mitigate the impact of these attacks by updating adaptive parameters. Based on algebraic graph theory, matrix theory and the Lyapunov approach, various sufficient conditions are established, which show the fixed-time consensus and finite-time flocking can be achieved for the MASs. Moreover, some upper bounds for the settling time are derived in terms of the parameters of the model. Finally, three simulation examples are presented to validate the efficacy of our proposed theoretical results.

Fault-Resistant Partitioning of Secure CPUs for System Co-Verification against Faults

Fault injection attacks are a serious threat to system security, enabling attackers to bypass protection mechanisms or access sensitive information. To evaluate the robustness of CPU-based systems against these attacks, it is essential to analyze the consequences of the fault propagation resulting from the complex interplay between the software and the processor. However, current formal methodologies combining hardware and software face scalability issues due to the monolithic approach used. To address this challenge, this work formalizes the k-fault-resistant partitioning notion to solve the fault propagation problem when assessing redundancy-based hardware countermeasures in a first step. Proven security guarantees can then reduce the remaining hardware attack surface when introducing the software in a second step. First, we validate our approach against previous work by reproducing known results on cryptographic circuits. In particular, we outperform state-of-the-art tools for evaluating AES under a three-fault-injection attack. Then, we apply our methodology to the OpenTitan secure element and formally prove the security of its CPU’s hardware countermeasure to single bit-flip injections. Besides that, we demonstrate that previously intractable problems, such as analyzing the robustness of OpenTitan running a secure boot process, can now be solved by a co-verification methodology that leverages a k-fault-resistant partitioning. We also report a potential exploitation of the register file vulnerability in two other software use cases. Finally, we provide a security fix for the register file, prove its robustness, and integrate it into the OpenTitan project.

SAT-based Formal Verification of Fault Injection Countermeasures for Cryptographic Circuits

Fault injection attacks represent a type of active, physical attack against cryptographic circuits. Various countermeasures have been proposed to thwart such attacks, however, the design and implementation of which are intricate, error-prone, and laborious. The current formal fault-resistance verification approaches are limited in efficiency and scalability. In this paper, we formalize the fault-resistance verification problem and show that it is coNP-complete. We then devise a novel approach for encoding the fault-resistance verification problem as the Boolean satisfiability (SAT) problem so that modern off-the-shelf SAT solvers can be utilized. The approach is implemented in an open-source tool FIRMER which is evaluated extensively on realistic cryptographic circuit benchmarks. The experimental results show that FIRMER is able to verify fault-resistance of almost all (72/76) benchmarks in 3 minutes (the other three are verified in 35 minutes and the hardest one is verified in 4 hours). In contrast, the prior approach fails on 31 fault-resistance verification tasks even after 24 hours (per task).

Light-injection attack against practical continuous-variable measurement-device-independent quantum key distribution systems

Continuous-variable measurement-device-independent quantum key distribution (CV-MDI QKD) can defend all detection-side attacks effectively. Therefore, the source side is the final battlefield for performing quantum hacking attacks. This paper investigates the practical security of a CV-MDI QKD system under a light-injection attack. Here, we first describe two different light-injection attacks, i.e., the induced-photorefractive attack and the strong-power injection attack. Then, we consider three attack cases where Eve only attacks one of the parties or both parties of the CV-MDI QKD system. Based on the analysis of the parameter estimation, we find that the legitimate communication parties will overestimate the secret key rate of the system under the effect of a light-injection attack. This opens a security loophole for Eve to successfully obtain secret key information in a practical CV-MDI QKD system. In particular, compared to the laser-damage attack, the above attacks use a lower power of injected light and have a more serious effect on the security of the system. To eliminate the above effects, we can enhance the practical security of the system by doping the lithium niobate material with various impurities or by using protective devices, such as optical isolators, circulators, optical power limiters, and narrow-band filters. Apart from these, we can also use an intensity monitor or a photodetector to detect the light-injection attack.

Leader-Following Consensus Control of Unknown Nonlinear MASs Under False Data Injection Attacks

Leader-Following Consensus Control of Unknown Nonlinear MASs Under False Data Injection Attacks

Multichain-Assisted Lightweight Security for Code Mutated False Data Injection Attacks in Connected Autonomous Vehicles

Multichain-Assisted Lightweight Security for Code Mutated False Data Injection Attacks in Connected Autonomous Vehicles

Locational Detection of False Data Injection Attacks in the Edge Space via Hodge Graph Neural Network for Smart Grids

Locational Detection of False Data Injection Attacks in the Edge Space via Hodge Graph Neural Network for Smart Grids

Linear Extended State Observer-Based Distributed Secondary Control of DC Microgrids Under False Data Injection Attacks

Linear Extended State Observer-Based Distributed Secondary Control of DC Microgrids Under False Data Injection Attacks

LESSON: Multi-Label Adversarial False Data Injection Attack for Deep Learning Locational Detection

LESSON: Multi-Label Adversarial False Data Injection Attack for Deep Learning Locational Detection

Secure and Safe Control of Connected and Automated Vehicles Against False Data Injection Attacks

Secure and Safe Control of Connected and Automated Vehicles Against False Data Injection Attacks

Distributed Event-Triggered Learning-Based Control for Battery Energy Storage Systems Under Persistent False Data Injection Attacks

Distributed Event-Triggered Learning-Based Control for Battery Energy Storage Systems Under Persistent False Data Injection Attacks

Expression of Concern: “Neural network based single index evaluation for SQL injection attack detection in health care data”

Expression of Concern: “Neural network based single index evaluation for SQL injection attack detection in health care data”

Fault-tolerant control of underactuated unmanned surface vessels in presence of deception and injection attacks

This paper studies the trajectory tracking control problem of underactuated unmanned surface vessels (USVs) under the influence of internal and external uncertainties, actuator faults, and injection and deception attacks. In the control design, we separately designed virtual adaptive laws to compensate for the time-varying gains suffered by the kinematics channel and combined the event-triggered control (ETC) mechanism to establish an online approximator to compensate for the time-varying gains of the kinematics channels and the loss-of-effectiveness (LOE) and bias faults suffered by the system. Combining robust neural damping technology and finite-time disturbance observer (FTDO), the dynamic uncertainties and external disturbances are suppressed. Finally, a novel robust adaptive trajectory tracking control scheme is proposed. The scheme achieves active compensation for heterogeneous uncertainties including internal and external uncertainties, actuator faults, and attack signals. The Lyapunov stability theory analysis shows that all signals of the tracking system are bounded. The simulation results prove the effectiveness of this control scheme.

SQL injection attack: Detection, prioritization & prevention

Web applications have become central in the digital landscape, providing users instant access to information and allowing businesses to expand their reach. Injection attacks, such as SQL injection (SQLi), are prominent attacks on web applications, given that most web applications integrate a database system. While there have been solutions proposed in the literature for SQLi attack detection using learning-based frameworks, the problem is often formulated as a binary, single-attack vector problem without considering the prioritization and prevention component of the attack. In this work, we propose a holistic solution, SQLR34P3R, that formulates the SQLi attack as a multi-class, multi-attack vector, prioritization, and prevention problem. For attack detection and classification, we gathered 457,233 samples of benign and malicious network traffic, as well as 70,023 samples that had SQLi and benign payloads. After evaluating several machine-learning-based algorithms, the hybrid CNN-LSTM models achieve an average F1-Score of 97% in web and network traffic filtering. Furthermore, by using CVEs of SQLi vulnerabilities, SQLR34P3R incorporates a novel risk analysis approach which reduces additional effort while maintaining reasonable coverage to assist businesses in allocating resources effectively by focusing on patching vulnerabilities with high exploitability. We also present an in-the-wild evaluation of the proposed solution by integrating SQLR34P3R into the pipeline of known vulnerable web applications such as Damn Vulnerable Web Application (DVWA) and Vulnado and via network traffic captured using Wireshark from SQLi DNS exfiltration conducted with SQLMap for real-time detection. Finally, we provide a comparative analysis with state-of-the-art SQLi attack detection and risk ratings solutions.

The data recovery strategy on machine learning against false data injection attacks in power cyber physical systems

During the transmission of power measurement data through communication networks from remote terminal unit (RTU) to the state estimator in Supervisory Control and Data Acquisition (SCADA), power cyber-physical systems (PCPSs) are more susceptible to cyber-attacks. To mitigate that threat, this paper is concerned with a new data recovery strategy on machine learning against false data injection attacks (FDIAs) in PCPSs. Firstly, in view of the limited resources (such as limited energy) of adversaries and system protections, a sparse target false data injection attack (FDIA) is constructed. Then, the FDIA detection problem is transformed into a tripartite separation problem, and the alternating direction method of multipliers on proximal exchange (ADMM-PE) is adopted to complete the intrusion detection of FDIAs. In addition, with the help of reliable mask information and real incomplete measurement data provided by the FDIA detection, a similar supervised generative adversarial imputation networks (GAIN) is proposed to complete the measurement data recovery after FDIAs. Specifically, the pseudo labels generated by data analysis methods such as k-means clustering and support vector machine (SVM) to improve the accuracy of measurement data recovery. Finally, the experimental results of PCPSs show the effectiveness and superiority of the proposed data recovery strategy against FDIAs.

SQL Injection Attack Detection Based on Similarity Matching Between Vectors Extracted From Design Time and Run-Time Queries

Everyone uses web-based applications to carry out daily business and personal tasks. These programmes are vulnerable to attack by hackers, who may also misuse the data. The most serious attack with the greatest damaging potential on digital platforms is the structured query language injection attack (SQLiA). The backend databases could be corrupted or destroyed by SQLiA if it manages to breach security protections. Using SQLiA tactics, hackers can get unauthorized access, steal important data, and take over the network completely or partially. An automatic SQL injection prevention and detection technique is needed to safeguard web-based applications from SQLiA. This research suggests a novel similarity-matching algorithm of vectors extracted from design time and run-time queries. This technique allocates the weights of different SQL keywords used in design time and run-time queries and further design time and run-time vectors have been created from respective queries. The similarity between the design time and run time vector is determined by calculating the angle between these two vectors. The angle of deviation between the design time vector and run time vector is calculated and if the angle of deviation is zero, then it is concluded as no SQL injection otherwise, it indicates the existence of SQLiA vulnerability. The proposed algorithm is validated against the GitHub dataset. In the first dataset, out of 1300 injected queries, the proposed method identifies 1219 injected queries; out of 300 normal queries, it identifies 290 normal queries with 93.76% and 96.66% detection accuracy, respectively. Similarly, for the second dataset, out of 10489 injected queries, it identifies 10280 injected queries and out of 301 normal queries, it identifies 280 normal queries with 98.01% and 93.02% detection accuracy, respectively.

Fuzzy Adaptive Approaches for Robust Containment Control in Nonlinear Multi-Agent Systems under False Data Injection Attacks

This study addresses the problem of fractional-order nonlinear containment control of heterogeneous multi-agent systems within a leader–follower framework, focusing on the impact of False Data Injection (FDI) attacks. By employing adaptive mechanisms and fuzzy logic, the suggested method enhances system resilience, ensuring reliable coordination and stability even in the presence of deceptive disturbances. To deal with these uncertainties, our controller makes use of interval type-II (IT2) fuzzy sets, and we create matrix equalities and inequalities to account for the asymmetry of Laplace matrices. Also, we use the Lyapunov functions for the stability analysis of our system. Lastly, we explain the numerical simulations for the effectiveness of our theoretical results, and these simulated examples are used to verify the effectiveness of our approach and designed model.

Optimal innovation-based attacks against remote state estimation with side information and historical data

This work investigates the attack strategy design problem of the false data injection attack against the cyber-physical system. Distinct from the relevant results which utilise the current intercepted data or additionally consider side information, a more universal attack model is proposed which combines historical data and side information with the current intercepted data to synergistically deteriorate the system estimation performance. In order to quantify the impact resulting from the proposed attack strategy, the optimisation objective is characterised by deriving the error covariance matrix under the attacks, which becomes more intricate since the proposed attack model introduces more decision variables and coupled terms. Take the stealthiness which is characterised by Kullback-Leibler divergence as the constraints, the problem investigated in this work is equivalently transformed into the constrained multi-variable non-convex optimisation problems, which are not able to be solved directly by the methods in the relevant results. By utilising the Lagrange multiplier method, the structural characteristic of the optimal mean and the optimal covariance which only related to the Lagrange multiplier are derived, such that the optimal distribution of the modified innovation is able to be obtained by a simple search procedure. Following that, the design of the optimal attack strategy is completed by using semi-definite programming to derive the optimal attack matrices. Finally, the simulation examples are given such that the validity of the results is verified.