Malicious Cyber Attacks Research Articles

Distributed filtering for nonlinear systems under Dempster–Shafer theory subject to malicious cyber attacks

AbstractThis paper addresses the problem of network security for distributed filtering when subject to malicious cyber attacks. First, based on the Dempster–Shafer (D‐S) theory a protector for each sensor is proposed, that can decide whether to use data sent by neighboring sensors. Furthermore, a distributed estimator is proposed for the nonlinear system with the designed detector. Besides, a sufficient condition is presented for the stability of the estimator equipped with the designed protector when under cyber attacks. Finally, several numerical examples are presented to verify the proposed protection strategy's efficacy.

An Extreme Value Theory-Based Catastrophe Bond Design for Cyber Risk Management of Power Systems

Cybersecurity is emerging as one of the most critical issues for the power system operation in recent years. The most recent studies have shown that cyber-insurance can be an effective solution for the cyber risk management of power grids. In these early attempts, actuarial frameworks and premium schemes were designed for the insurance companies to cope with the risks on power system cybersecurity. However, due to the potentially catastrophic consequences of malicious cyberattacks on power grids, the tail risk events may expose the insurance companies to undue financial risks even if applicable premiums have been designed and collected, which will demotivate the insurance companies from entering the market and providing insurance to the power system stakeholders. In this paper, a Catastrophe (CAT) bond scheme is proposed for insurance companies to address the tail risk of power system cybersecurity by seeking protection from the capital market. The CAT bonds are designed based on the extreme value theory (EVT) to quantify the underlying risk of tail cybersecurity events in power systems. A stochastic model is developed and used in this paper to evaluate the potential losses of power system stakeholders due to malicious cyberattacks on the grids. An example on the IEEE Reliability Test System (RTS-96) was conducted and analyzed to demonstrate the validity and performance of the proposed EVT based CAT bond scheme. The results of the example show that the proposed CAT bond design can effectively manage the insolvency risk of insurers when providing cyber insurance to various stakeholders in power systems.

Robust Extended Kalman Filtering for Systems With Measurement Outliers

Outliers can be caused by sensor errors, model uncertainties, changes in the ambient environment, data loss, or malicious cyberattacks to contaminate the measurement process of many nonlinear dynamic systems. When the extended Kalman filter (EKF) is applied to such systems for state estimation, the outliers can seriously reduce the estimation accuracy. This brief proposes an innovation saturation mechanism to make the EKF robust against outliers. This mechanism applies a saturation function to the innovation process that the EKF leverages to correct the state estimation. As such, when outliers occur, the distorted innovation is saturated, so as not to undermine the state estimation. The mechanism features an adaptive adjustment of the saturation bounds. The design leads to the development of robust EKF approaches for both continuous- and discrete-time systems. The stability of the proposed approaches when applied to linear systems is characterized, showing that they are capable of performing bounded-error estimation in the presence of bounded outlier disturbances in this case. A simulation study about mobile robot localization is presented to illustrate the efficacy of the proposed design. Compared to existing methods, the proposed approaches can effectively reject outliers of various magnitudes, types, and durations, at significant computational efficiency and without requiring additional measurement redundancy.

Consensus tracking control for uncertain non‐strict feedback multi‐agent system under cyber attack via resilient neuroadaptive approach

AbstractMulti‐agent system (MAS) is a common cyber‐physical system (CPS). Due to it often uses a relatively open network platform, it is vulnerable to malicious cyber attacks in the process of system operation, so the control scheme design is critical to ensure the system operation security. In this article, we propose a new resilient neuroadaptive dynamic surface control scheme for non‐linear MASs with potential cyber attacks (false data injection and denial‐of‐service), system uncertainty, unknown control gain, and output constraints which are usually seen on CPSs. In this scheme, the neuroadaptive controller design ensures that all signals of the closed loop system are semi‐globally uniform ultimately bounded when the MAS even exists time‐varying cyber attacks on data links among agents, and the links between controllers, actuators, and sensors. Using Gaussian radial basis function neural network, the system uncertainty, non‐strict feedback terms, unknown control gain, and some cyber attacks are effectively solved and the process of controller design is extremely simplified. Finally, we provide a simulation result to verify the effectiveness and superiority of the proposed control scheme.

Modified Particle Filters for Detection of False Data Injection Attacks and State Estimation in Networked Nonlinear Systems

Networked control systems which transfer data over communication networks may suffer from malicious cyber attacks by injecting false data to the transferred information. Such attacks can cause performance degradation of the closed-loop system and the filtering problem. The sequential importance sampling (SIS) particle filtering (PF) methods employ the sequential Monte Carlo approach to estimate the generally non-Gaussian posterior probability density function (pdf) for Bayesian estimation of generally non-linear non-Gaussain systems. In this paper, it is firstly shown that with the normal SIS PF, the injected false data to the networked systems remains stealthy and therefore it is not possible to reduce the degrading effect of the attack on the estimation. However, with a modification in the proposal pdf, a modified SIS PF is then proposed which guarantees the attack detectability where the attacked measurements are incorporated in the particle generation process and thus the particles are updated and make the attack detectable. Using the derived thresholds and under small enough measurement noises, it is also proved that no false alarm occurs. After estimation of the attack value, the posterior pdf conditioned on truly detected attack leads to an estimation equivalent to the attack free SIS PF in terms of estimation bias and estimation covariance error. Finally, the accuracy of the presented concepts is demonstrated for a networked interconnected four-tank system.

Sino-Russian Cyber Security Cooperation

With mounting cyber conflicts, cyber crimes and other security threats in the wake of technological advancement, Russia and China have suffered from malicious cyber attacks, data insecurity, cyberterrorism, among others. Despite domestic efforts in regulation and releasing a series of laws on cyber security, both nations still find it difficult to solve all cyber security issues, because the cyber space itself is highly open, extends beyond borders and has no boundaries. As such, mutual cooperation is needed to yield the expected results. So far China and Russia have mainly conducted multilateral and bilateral cooperation. The former is done under the SCO and BRICS frameworks, of which SCO emphasizes on cooperation to prevent cyberterrorism, and BRICS leans towards cooperation on data security. Though bilateral cooperation has witnessed a later start, it has achieved some results, mainly in establishing a communication channel to mutually respond to international information safety threats. Experts from both countries believe that as a whole, the Sino-Russian cyber safety cooperation mechanism is quite comprehensive, and has made substantial progress at the technical and infrastructure building level. That being said, there are still some limitations. For instance, both countries still lack substantial safety cooperation, and there is still room for improvement on cyber mutual trust. Nonetheless, when compared with the relation between the US and its allies, the cooperation between China and Russia pays greater attention to equality and mutual respect, and therefore has shown more trends of sustainability.

Securing Digital Ledger Technologies-Enabled IoT Devices: Taxonomy, Challenges, and Solutions

With the faster maturity and stability of digitization, connectivity and edge technologies, the number of the Internet of Things (IoT) devices and sensors is flourishing fast in important junctions such as homes, hotels, hospitals, retail stores, manufacturing floors, railway stations, airports, oil wells, warehouses, etc. However, in this extremely connected world, the security implications for IoT devices are getting worse with the constant rise in malicious cyberattacks. The challenge is how to secure IoT sensors, services and data. The blockchain technology, a prominent distributed ledger technology (DLT), is being pronounced as the way forward for safeguarding IoT devices and data. The Directed Acyclic Graph (DAG)-based DLT has the inherent potential to realize the benefits of blockchain with better performance. IOTA is a DAG-based blockchain implementation for the IoT era. The Tangle, the IOTA’s network immutably records the exchange of data and value. It ensures that the information is trustworthy and cannot be tampered with nor destroyed. In this work, we depict a thorough analysis of the existing security studies for IOTA. Then, we identify the gaps and the limitations of these security solution schemes, and finally, propose future security research recommendations that can potentially fill these gaps to secure DLT-enabled IoT devices.

Optimization Models in Cyber-Physical Power Systems: A Review

The growing interconnection between information networks and power grids enables a more efficient and economical operation, but also introduces significant challenges in modern cyber-physical power systems, such as malicious cyber-attacks. Several cyber-attacks have been reported in the recent decade, affecting hundreds of thousands of people. These attacks can lead to large power system blackouts, and optimization models are essential tools for optimal decision-making in reliable and secure operation of cyber-physical power systems. In this paper, optimization models in cyber-physical power systems are extensively reviewed and classified based on their applications, including cyber-security and optimal operation. One major application of optimization is in cyber-security evaluation of smart grids. This paper investigates the models to implement cyber-attacks against state estimation, coordinated cyber-physical attacks aiming to cover each other, and financially-motivated attacks in electricity markets; optimal defense strategies and interactions between the attacker and the defender are also introduced. Furthermore, optimization models used in the operation and dispatching of cyber-physical power and energy systems, optimal routing of information networks, and privacy-preserving models are presented. Finally, as solving optimization models is a crucial step in optimal decision-making, solvers in the literature are also introduced.

The Anonymity of the Dark Web: A Survey

The dark web is a section of the Internet that is not accessible to search engines and requires an anonymizing browser called Tor. Its hidden network and anonymity pave the way for illegal activities and help cybercriminals to execute well-planned, coordinated, and malicious cyberattacks. Cyber security experts agree that online criminal activities are increasing exponentially, and they are also becoming more rampant and intensified. These illegal cyber activities include various destructive crimes that may target a single person or a whole nation, for example, data breaches, ransomware attacks, black markets, mafias, and terrorist attacks. So, maintaining data privacy and secrecy is the new dilemma of the era. This paper has extensively reviewed various attacks and attack patterns commonly applied in the dark web. We have also classified these attacks in our unique trilogies classification system. Furthermore, a detailed overview of existing threat detection techniques and their limitations is discussed for anonymity providing services like Tor, I2P, and Freenet. Finally, the paper has identified significant weaknesses that make the dark web vulnerable to different attacks.

Cyber-Physical Coordinated Risk Mitigation in Smart Grids Based on Attack-Defense Game

Since modern smart grids have various and deeply coupled cyber-physical components, they are vulnerable to malicious cyber attacks. Although regular defenses including firewall and IDS are deployed, they may be weakened by zero-day vulnerabilities and sophisticated attack schemes. Therefore, defense strategies to mitigate the risk of blackouts during cyber attacks are necessary. This paper proposes a cyber-physical coordinated defense strategy to overcome the disruption and minimize the risk as much as possible. At the cyber layer, a zero-sum multilevel Markovian Stackelberg game is proposed to model sequential actions of the attacker and the defender. The defender distributes defensive resources to protect lines in a real-time manner, according to the attacker's action. If cyber attacks should result in physical outages, defense at the physical layer is then employed. A security-constrained optimal power flow reserving security margin of critical components will be performed to minimize the blackout scale and potential future risk. To solve the corresponding optimization problem and further get the optimal defense strategy, this paper devises a novel “water-pouring” algorithm. Lastly, test results show that the proposed dynamic defense strategy mitigates risk significantly and outperforms existing methods.

Detection analysis of malicious cyber attacks using machine learning algorithms

Cybersecurity is the practice of safeguarding information and the systems that store or process information. Cybersecurity violations are the foremost persecution instigated by cyber attackers through one or more systems on single or several networks or systems. This kind of cyber threats can ruthlessly trigger data loss or theft besides halting the network systems partially or fully. Among various cybersecurity attacks, the Denial of Service (DoS) attack is one of the most dominant hacking modus operandi over the internet. The hackers use the weapons at their disposal to disrupt traffic in and around the network surroundings or the target system by bombarding it with a lot of malicious requests. This paper introduced machine learning algorithms such as Gaussian Naïve Bayes and Nearest Centroid to identify the attacks via classifying the given dataset into normal and malicious traffic. Furthermore, metrics such as accuracy, f-score, FNR, precision, and prediction time etc., were calculated to identify the best performing model.

MTH-IDS: A Multitiered Hybrid Intrusion Detection System for Internet of Vehicles

Modern vehicles, including connected vehicles and autonomous vehicles, nowadays involve many electronic control units connected through intra-vehicle networks to implement various functionalities and perform actions. Modern vehicles are also connected to external networks through vehicle-to-everything technologies, enabling their communications with other vehicles, infrastructures, and smart devices. However, the improving functionality and connectivity of modern vehicles also increase their vulnerabilities to cyber-attacks targeting both intra-vehicle and external networks due to the large attack surfaces. To secure vehicular networks, many researchers have focused on developing intrusion detection systems (IDSs) that capitalize on machine learning methods to detect malicious cyber-attacks. In this paper, the vulnerabilities of intra-vehicle and external networks are discussed, and a multi-tiered hybrid IDS that incorporates a signature-based IDS and an anomaly-based IDS is proposed to detect both known and unknown attacks on vehicular networks. Experimental results illustrate that the proposed system can detect various types of known attacks with 99.99% accuracy on the CAN-intrusion-dataset representing the intra-vehicle network data and 99.88% accuracy on the CICIDS2017 dataset illustrating the external vehicular network data. For the zero-day attack detection, the proposed system achieves high F1-scores of 0.963 and 0.800 on the above two datasets, respectively. The average processing time of each data packet on a vehicle-level machine is less than 0.6 ms, which shows the feasibility of implementing the proposed system in real-time vehicle systems. This emphasizes the effectiveness and efficiency of the proposed IDS.

Single-dimensional encryption against innovation-based stealthy attacks on remote state estimation

Remote state estimation through a wireless communication network is usually vulnerable to malicious cyber-attacks, which can manipulate transmitted data without even being detected. This paper presents a countermeasure based on single-dimensional encryption to defend against stealthy attacks. Instead of encrypting one entry of the original measurements, a linear or nonlinear transformation of them is encrypted in order to enhance the security level of the system. It is proved that for most systems, single-dimensional encryption can completely resist innovation-based stealthy attacks. For other special cases, the worst-case constrained attack that yields the greatest estimation error is analyzed. Accordingly, a suboptimal encryption strategy can reduce the influence of attacks effectively. In addition, a new type of innovation-based stealthy attack is proposed. This attack model does not require the calculation of the nominal innovation and can usually lead to greater estimation errors. The worst-case attack for this model is derived analytically. The effectiveness of single-dimensional encryption against the proposed attack is also analyzed. For the above two innovation-based stealthy attacks, the proposed single-dimensional encryption scheme provides an effective defense.

Probabilistic-Constrained H ∞ Tracking Control for a Class of Stochastic Nonlinear Systems Subject to DoS Attacks and Measurement Outliers

In this study, the probabilistic-constrained <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$\mathcal {H}_{\infty }$ </tex-math></inline-formula> tracking control problem is addressed for a class of stochastic nonlinear systems subject to measurement outliers, stochastic nonlinearities and DoS attacks. The considered systems have the following characters: 1) an unequal redundant-channel communication protocol is adopted to resist the DoS attacks and enhance the reliability of packet transmission. Different from some existing redundant-channel approaches, the considered two channels have different transmission abilities. 2) The measurement outliers (e.g., some unexpected large amplitude disturbances) are concerned and a saturation-function-based observer is proposed to avert the side effects from measurement outliers. 3) The DoS jamming attacks are considered in this paper, and an aperiodic DoS model is utilized. 4) Both sector-bounded nonlinear function and stochastic nonlinear function are involved in the considered systems, which makes the considered systems more general. To compensate the negative effect of the DoS jamming attacks and enhance the reliability of the packet transmission, a novel redundant-channel-based switching protocol is proposed to schedule data transmission when the plant suffers malicious cyber attacks. The primary objective of the present study is to design tracking controller such that the prescribed <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$\mathcal {H}_{\infty }$ </tex-math></inline-formula> control performance is reached and probabilistic constraints on the tracking error are satisfied simultaneously. To achieve this objective, a probabilistic-constrained <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$\mathcal {H}_{\infty }$ </tex-math></inline-formula> tracking control algorithm is established to obtain tracking controller gains and minimize the prescribed set of the constraint. Finally, two simulation examples are used to validate the practicability of our devised strategy.

A remedial action framework against cyberattacks targeting energy hubs integrated with distributed energy resources

Operation of modern power systems integrated by distributed energy resources is only possible if information/communication technologies are leveraged in the system. This results in cyber-physical power systems which are vulnerable to malicious cyberattacks. Hence, it is crucial to propose practical solutions to enhance the resilience of smart grids against cyberattacks. Targeting energy hubs integrated by distributed energy resources, a cyberattack based on min–max formulation is presented in this paper. A remedial action scheme, which changes status (i.e., connection/disconnection) of the energy hub components, is proposed to mitigate the economic effect of the aforementioned cyberattack. The electricity/heat demands of the energy hub are supplied by electricity/gas networks and the energy hub components including combined heat and power, wind turbine, electrical/thermal storages, boiler, and demand response. The attacker utilizes the energy hub components to increase the associated costs. However, the system operator controls the costs by changing the status of the energy hub devices. Obtained results verify that the proposed framework leads to an effective mechanism to proactively mitigate the economic-related consequences of cyberattacks on energy hubs. The simulation results demonstrate that: 1) disconnection of the energy hub from electricity networks under the cyberattack mitigates the increased cost by 40%, 2) disconnection of the energy hub from boiler and connection of thermal storage to the system under the experienced cyberattack reduce the imposed cost by 76%.

Parameter tampering cyberattack and event-trigger detection in game-based interactive demand response

The cybersecurity defense strength is weaker on the demand side (DS) than that in the power grid side, resulting in potential security threats on the power system, and the related security research is scared with DS. The vulnerability to the false data injection (FDI) attack in the DS under the framework of interactive demand response (IDR) is analyzed, and the process of the FDI attack to the user energy management system (UEMS) is introduced. Then a leader–follower game framework is proposed to model the FDI attacking process in UEMS, where the attacker is the leader while the prosumers under the IDR framework formulated as a non-cooperative game are followers. The parameters in the dynamic electricity cost functions are chosen to tamper in the FDI attacks for their good concealment and vital roles in IDR. The existence and uniqueness of the Stackelberg equilibrium are also proved. A distributed event trigger mechanism combined with a machine learning-based detecting method is proposed to detect the malicious cyberattack. The event trigger mechanism is implemented with a state machine model, and the attack detection is conducted in the energy retailer using the long short-term memory model. Finally, the attacking results and sensitivity of the parameters determined by the attacker on the attacking effects are analyzed in the case study, and the distributed event trigger detection mechanism is compared with the time trigger mechanism in terms of accuracy and detection time under different events trigger thresholds and attack rates.

Smart city and cyber-security; technologies used, leading challenges and future recommendations

Today, some cities around the world have tended to use new technologies and become smart city. New technologies improve the quality of citizens’ life. However, the use of any technology raises new issues and challenges. In a smart city, the vulnerable action of an individual or organization can put the entire city at risk. Due to the reliance of various components of smart cities on information and communication technology, cyber-security challenges (such as information leakage and malicious cyber-attacks) in this field affect smart cities behavior. Therefore, in order to respond to the enthusiastic acceptance of global smart city technologies, cyber security must develop in same direction. The aim of this paper is survey and discus on explanation of cyber security, smart cities, and survey of available relevant literature on security in that technology. For this purpose, the present study focuses on the four main components of a smart city, i.e. smart grid, Smart building, Smart transportation system, and Smart healthcare. In particular, summary of two deep learning method and cyber-security programs as well as technology correlation in smart cities are discussed. Furthermore, effective functional solutions in maintaining cyber-security and user privacy in smart cities are explained. The next progress trends of smart city with cyber security are described. Solutions need to be devised to address each of the security issues. The research in this study showed that meeting these challenges depends on the hard work of governments, developers of equipment and software and companies providing IT security services. In addition, designing flexible systems with high information protection capabilities is essential to prevent serious security incidents as these incidents can lead to disastrous financial, data, credit and loss of public trust.

Securing communications between smart grids and real users; providing a methodology based on user authentication

Smart power grid is a two-way interconnected network in which information plays a fundamental role in the process of energy transmission and distribution. The smart grid is based on combining ICT with the processing capabilities of computers and electrical systems to increase communication between users. However, smart grids are exposed to a variety of malicious cyber-attacks that can lead to the destruction of basic infrastructure and disrupt communication between the grid and users. Meanwhile, by authenticating the authenticated users, cyber-security can be created in the smart grid. One of the main components of a smart power grid is smart meters. However, to maintain security in a communication, smart meter authentication alone is not enough and it must be ensured that the electricity company’s server is not forgery. Therefore, there is a need for two-way authentication between the smart meter on the home side and the electricity company server. The present work provides a key management layout (based on the elliptic curve cryptography) with two-way authentication for communication outside the home area network The proposed solution is two-way authentication among the smart meter and the security associate in the power company. In other words, the proposed methodology creates a solution to establish a connection between valid users and the smart grid. The proposed protocol evaluates the behavior of cyber-attacks on the smart grid. Attacks such as man-in the middle attacks and retransmission attacks are considered. It was found that, the proposed methodology improves the reliance between smart grid and authenticated users with the increase of secure communications. Moreover, the proposed protocol can prevent an extensive experiment attack. The results also showed that, as the false factor increases, the detection time by the proposed algorithm increases. As the false factor increases from 0.1 to 0.3, the detection time increases by 1.4 s.

Resilient output regulation in heterogeneous networked systems under Byzantine agents

In this paper, we consider the problem of output regulation in heterogeneous networked systems. In order to cooperatively achieve the global objective, each agent is required to share information in its neighborhood through communication channels, which might be exposed to malicious cyber attacks. Past work shows that the performance of cooperative control can be seriously affected by network misbehaviors. Inspired by such security concerns, this paper considers the resilient cooperative output regulation (COR) in adversarial environment. Despite the presence of so-called Byzantine agents, the normally behaving ones still aim to achieve the goal of trajectory tracking or disturbance rejection. Towards this end, resilient observers with low computational cost are first developed based on a continuous-time resilient consensus protocol. When the number of Byzantine nodes is locally upper bounded and the network structure satisfies certain robustness properties, the designed observers enable each benign agent to exponentially track the exogenous signal. After that, decentralized controllers are proposed facilitating the achievement of resilient COR in the heterogeneous networks. A numerical example is finally given to illustrate the effectiveness of our approach.

DoS and DDoS mitigation using Variational Autoencoders

DoS and DDoS attacks have been growing in size and number over the last decade and existing solutions to mitigate these attacks are largely inefficient. Compared to other types of malicious cyber attacks, DoS and DDoS attacks are particularly challenging to combat. Because of their ability to mask themselves as legitimate traffic, it has proven difficult to develop methods to detect these types of attacks on a packet or flow level. In this paper, we explore the potential of Variational Autoencoders to serve as a component within an intelligent security solution that differentiates between normal and malicious traffic. The motivation behind resorting to Variational Autoencoders is that unlike normal encoders that would code an input flow as a single point, they encode a flow as a distribution over the latent space which avoids overfitting. Intuitively, this allows a Variational Autoencoder to not only learn latent representations of seen input features, but to generalize in a way that allows for an interpretation of unseen flows and flow features with slight variations.Two methods based on the ability of Variational Autoencoders to learn latent representations from network traffic flows of both benign and malicious traffic, are proposed. The first method resorts to a classifier based on the latent encodings obtained from Variational Autoencoders learned from traffic traces. The second method is an anomaly detection method, where the Variational Autoencoder is used to learn the abstract feature representations of exclusively legitimate traffic. Anomalies are then filtered out by relying on the reconstruction loss of the Variational Autoencoder. In this sense, the construction loss of the autoencoder is fed as input to a classifier that outputs the class of the traffic including benign and malign, and eventually the attack type. Thus, the second approach operates with two separate training processes on two separate data sources: the first training involving only legitimate traffic, and the second training involving all traffic classes. This is different from the first approach which operates only a single training process on the whole traffic dataset. Thus, the autoencoder of the first approach aspires to learn a general feature representation of the flows while the autoencoder of the second approach aims to exclusively learn a representation of the benign traffic. The second approach is thus more susceptible to finding zero day attacks and discovering new attacks as anomalies.Both of the proposed methods have been thoroughly tested on two separate datasets with a similar feature space. The results show that both methods are promising, with the classifier-based method being slightly superior to the anomaly-based one.