Optimal Attack Research Articles

Fast Algorithm for Cyber-Attack Estimation and Attack Path Extraction Using Attack Graphs with AND/OR Nodes

This paper studies the security issues for cyber–physical systems, aimed at countering potential malicious cyber-attacks. The main focus is on solving the problem of extracting the most vulnerable attack path in a known attack graph, where an attack path is a sequence of steps that an attacker can take to compromise the underlying network. Determining an attacker’s possible attack path is critical to cyber defenders as it helps identify threats, harden the network, and thwart attacker’s intentions. We formulate this problem as a path-finding optimization problem with logical constraints represented by AND and OR nodes. We propose a new Dijkstra-type algorithm that combines elements from Dijkstra’s shortest path algorithm and the critical path method. Although the path extraction problem is generally NP-hard, for the studied special case, the proposed algorithm determines the optimal attack path in polynomial time, O(nm), where n is the number of nodes and m is the number of edges in the attack graph. To our knowledge this is the first exact polynomial algorithm that can solve the path extraction problem for different attack graphs, both cycle-containing and cycle-free. Computational experiments with real and synthetic data have shown that the proposed algorithm consistently and quickly finds optimal solutions to the problem.

Optimal stealthy deception attack strategy under energy constraints

This article explores the issue of devising optimal stealthy deception attack strategy based on remote state estimation in cyber-phsical systens (CPSs) under energy constraints. Taking the energy limitations into consideration, the attacker needs to launch signals under stealth conditions and alters the transmitted data in a limited time span with a limited number of changes. The stealth attack model is proposed, which enables the attack signal to evade the detector without being detected. By analyzing various forms of continuous attacks and discrete attacks, we study five different attack sequences and find the optimal attack sequence by evaluating the long-range remote estimation error. Using the Lagrange multiplier means, the optimal parameters are obtained to maximize the long-range estimation error while guaranteeing the integral stealth of the detector. The calculation process is summarized in Algorithm 1. Simulation instances are given to demonstrate the authenticity of this paper’s work.

Resilient consensus of heterogeneous multi-agent systems under asynchronous optimal DoS attack schedules

This study aims to address the challenge of achieving resilient consensus in heterogeneous multi-agent systems (MASs) under asynchronous optimal Denial of Service (DoS) attack schedules. Considering the start and duration of adversaries vary from different communication channels of MASs, we mainly focus on how adversaries with limited energy choose channels to launch attacks to cause the greatest damage to system performance. Based on dynamic programming, an asynchronous optimal DoS attack schedules generation algorithm is obtained. Optimal DoS attack schedules provides a basis for designing more effective secure control methods. Then, a distributed resilient control strategy that utilizes an observer-based approach to achieve output consensus in heterogeneous MASs under asynchronous optimal DoS attack schedules is proposed. Additionally, we establish conditions regarding the durations and frequencies of DoS attacks as well. Finally, two simulations are performed to showcase the efficacy of our proposed method.

Optimal attack strategy in system identification with binary‐valued observations: An information entropy‐based approach

AbstractWith the advancements in network technology and artificial intelligence, the interaction between network nodes is getting more frequent. The malicious data tampering can be extremely damaging to system stability, therefore the network security is of great importance. In this paper, we address the problem of system identification with binary‐valued observations under data tampering attacks and an information entropy‐based approach to optimal attack strategy from the viewpoint of attacker. Under the constrained attack energy, a method is proposed to obtain the optimal attack strategy using the information entropy as the optimization index. It is interestingly demonstrated that such optimal attack strategy is equivalent to the one by using the estimation error of the identification algorithm as the optimization index. The rationality of the proposed method is verified through numerical simulations.

An Optimal Attack Strategy Based on Adversary-Modified Historical Innovations

An Optimal Attack Strategy Based on Adversary-Modified Historical Innovations

Optimal Intermittent Deception Attacks With Energy Constraints for Cyber-Physical Systems

Optimal Intermittent Deception Attacks With Energy Constraints for Cyber-Physical Systems

Effective SQL Injection Detection: A Fusion of Binary Olympiad Optimizer and Classification Algorithm

Since SQL injection allows attackers to interact with the database of applications, it is regarded as a significant security problem. By applying machine learning algorithms, SQL injection attacks can be identified. Problem: In the training stage of machine learning methods, effective features are used to develop an optimal classifier that is highly accurate. The specification of the features with the highest efficacy is considered to be an NP-complete combinatorial optimization challenge. Selecting the most effective features refers to the procedure of identifying the smallest and most effective features in the dataset. The rationale behind this paper is to optimize the accuracy, precision, and sensitivity parameters of the SQL injection attack detection method. Method: In this paper, a method for identifying SQL injection attacks was suggested. In the first step, a particular training dataset that included 13 features was developed. In the second step, to specify the best features of the dataset, a specific binary variety of the Olympiad optimization algorithm was developed. Various machine learning algorithms were used to create the optimal attack detector. Results: Based on the experiments carried out, the suggested SQL injection detector using an artificial neural network and the feature selector can achieve 99.35% accuracy, 100% precision, and 100% sensitivity. Owing to selecting about 30% of the effective features, the proposed method enhanced the efficacy of SQL injection detectors.

A Survey on Penetration Path Planning in Automated Penetration Testing

Penetration Testing (PT) is an effective proactive security technique that simulates hacker attacks to identify vulnerabilities in networks or systems. However, traditional PT relies on specialized experience and costs extraordinary time and effort. With the advancement of artificial intelligence technologies, automated PT has emerged as a promising solution, attracting attention from researchers increasingly. In automated PT, penetration path planning is a core task that involves selecting the optimal attack paths to maximize the overall efficiency and success rate of the testing process. Recent years have seen significant progress in the field of penetration path planning, with diverse methods being proposed. This survey aims to comprehensively examine and summarize the research findings in this domain. Our work first outlines the background and challenges of penetration path planning and establishes the framework for research methods. It then provides a detailed analysis of existing studies from three key aspects: penetration path planning models, penetration path planning methods, and simulation environments. Finally, this survey offers insights into the future development trends of penetration path planning in PT. This paper aims to provide comprehensive references for academia and industry, promoting further research and application of automated PT path planning methods.

Trojan-horse attack on a real-world quantum key distribution system: Theoretical and experimental security analysis

This paper presents a theoretical and experimental demonstration of a security analysis of a Trojan-horse attack (THA) on a real-world quantum key distribution (QKD) system. We show that the upper bound on the information leakage depends solely on the fidelity between the states of the adversary. We find the lower bound for fidelity between THA states in both the polarization- and phase-coding BB84 protocols, considering both pure and mixed states. Our bounds depend only on the mean photon number per pulse available to an adversary. We also present an experimental analysis of a QKD system, including optical time-domain reflectometry measurements with centimeter resolution and spectral transmittance measurements for optical defense elements ranging from 1100 to 1800 nm with a noise floor lower than −100 dB. Finally, by considering the optimal attack, we obtain the value of the mean photon number per pulse available to an adversary and calculate the key leakage that needs to be eliminated during the privacy amplification procedure. Published by the American Physical Society 2024

Physical model learning based false data injection attack on power system state estimation

The cyber security of power system state estimation (PSSE) is crucial, and its robustness against evolving false data injection attacks (FDIA) is being rigorously assessed to develop advanced countermeasures. Existing FDIA methods have achieved satisfactory success rates but often fail to align with practical constraints such as the assumption of partial or complete knowledge of the power system network by the attacker, modifications in generator output measurements, and the sparsity of the attacks. This work proposes a near practical, stealthy approach using a deep generative adversarial network-long short-term memory autoencoder (GAN-LSTMAE) learning based sparse FDIA method against AC PSSE, leveraging only measurement data. To evade the bad data detection (BDD) mechanism effectively, an LSTMAE-based PSSE mimic is proposed, further optimizing the GAN-based attack generator to embed the physical laws of the system along with measurement residuals and temporal dependencies of states to the generated false data. The proposed modified training data preparation algorithm, coupled with the attack sub-graph method, defines the optimal attack region while keeping generator output measurements intact. The generated attack is validated extensively using IEEE 14 and 118 bus test benchmarks against various defense techniques, demonstrating high success rates.

Finding Complete Impossible Differential Attacks on AndRX Ciphers and Efficient Distinguishers for ARX Designs

The impossible differential (ID) attack is one of the most important cryptanalytic techniques for block ciphers. There are two phases to finding an ID attack: searching for the distinguisher and building a key recovery upon it. Previous works only focused on automated distinguisher discovery, leaving key recovery as a manual post-processing task, which may lead to a suboptimal final complexity. At EUROCRYPT 2023, Hadipour et al. introduced a unified constraint programming (CP) approach based on satisfiability for finding optimal complete ID attacks in strongly aligned ciphers. While this approach was extended to weakly-aligned designs like PRESENT at ToSC 2024, its application to ARX and AndRX ciphers remained as future work. Moreover, this method only exploited ID distinguishers with direct contradictions at the junction of two deterministic transitions. In contrast, some ID distinguishers, particularly for ARX and AndRX designs, may not be detectable by checking only the existence of direct contradictions.This paper fills these gaps by extending Hadipour et al.’s method to handle indirect contradictions and adapting it for ARX and AndRX designs. We also present a similar method for identifying zero-correlation (ZC) distinguishers. Moreover, we extend our new model for finding ID distinguishers to a unified optimization problem that includes both the distinguisher and the key recovery for AndRX designs. Our method improves ID attacks and introduces new distinguishers for several ciphers, such as SIMON, SPECK, Simeck, ChaCha, Chaskey, LEA, and SipHash. For example, we achieve a one-round improvement in ID attacks against SIMON-64-96, SIMON-64-128, SIMON-128-128, SIMON-128-256 and a two-round improvement against SIMON-128- 192. These results significantly contribute to our understanding of the effectiveness of automated tools in the cryptanalysis of different design paradigms.

Optimal innovation-based attacks against remote state estimation with side information and historical data

This work investigates the attack strategy design problem of the false data injection attack against the cyber-physical system. Distinct from the relevant results which utilise the current intercepted data or additionally consider side information, a more universal attack model is proposed which combines historical data and side information with the current intercepted data to synergistically deteriorate the system estimation performance. In order to quantify the impact resulting from the proposed attack strategy, the optimisation objective is characterised by deriving the error covariance matrix under the attacks, which becomes more intricate since the proposed attack model introduces more decision variables and coupled terms. Take the stealthiness which is characterised by Kullback-Leibler divergence as the constraints, the problem investigated in this work is equivalently transformed into the constrained multi-variable non-convex optimisation problems, which are not able to be solved directly by the methods in the relevant results. By utilising the Lagrange multiplier method, the structural characteristic of the optimal mean and the optimal covariance which only related to the Lagrange multiplier are derived, such that the optimal distribution of the modified innovation is able to be obtained by a simple search procedure. Following that, the design of the optimal attack strategy is completed by using semi-definite programming to derive the optimal attack matrices. Finally, the simulation examples are given such that the validity of the results is verified.

Finite-Time Convergence Guidance Law for Hypersonic Morphing Vehicle

Aiming at the interception constraint posed by defensive aircrafts against hypersonic morphing vehicles (HMVs) during the terminal guidance phase, this paper designed a guidance law with the finite-time convergence theory and control allocation methods based on the event-triggered theory, achieving evasion of the defensive aircraft and targeting objectives for a morphing vehicle in the terminal guidance phase. Firstly, this paper established the aircraft motion model; the relative motion relationships between HMV, defensive aircraft, and target; and the control equations for the guidance system. Secondly, a guidance law with finite-time convergence was designed, establishing a controller with the angle between the aircraft–target–defense aircraft triplet as the state variable and lift as the control variable. By ensuring the angle was non-zero, the aircraft maintained a certain relative distance from the defense aircraft, achieving evasion of interception. The delay characteristic of the aircraft’s flight controller was considered, analyzing its delay stability and applying control compensation. Thirdly, a multi-model switching control allocation method based on an event-triggered mechanism was designed. Optimal attack and bank angles were determined based on acceleration control variables, considering different sweep angles. Finally, simulations were conducted to validate the effectiveness and robustness of the designed guidance laws.

Decentralized Event-Triggered Model Predictive Control for Fuzzy Cyber-physical Systems Under Optimal Jamming Attacks

Decentralized Event-Triggered Model Predictive Control for Fuzzy Cyber-physical Systems Under Optimal Jamming Attacks

Optimal strategy of data tampering attacks for FIR system identification with average entropy and binary‐valued observations

SummaryIn the era of digitalization boom, cyber‐physical system (CPS) has been widely used in several fields. However, malicious data tampering in communication networks may lead to degradation of the state estimation performance, which may affect the control decision and cause significant losses. In this paper, for the identification of finite impluse response (FIR) systems with binary‐valued observations under data tampering attack, an optimal attack strategy based on the average entropy is designed from the perspective of the attacker. In the case of unknown parameters, the regression matrix is used to give the estimation method of the system parameters, the algorithmic flow of the data tampering attack for the implementation of the on‐line attack is designed. Finally, the effectiveness of the algorithm and the reliability of the conclusions is verified through the examples.

CFDI: Coordinated false data injection attack in active distribution network

AbstractThe active distribution network (ADN) can obtain measurement data, estimate system states, and control distributed energy resources (DERs) and flexible loads to ensure voltage stability. However, the ADN is more vulnerable to cyber attacks due to the recent wave of digitization and automation efforts. In this article, false data injection (FDI) attacks are focused on and they are classified into two types, that is, type I attacks on measurement data and type II attacks on control commands. After studying the impact of these two FDI attacks on the ADN, a new threat is revealed called coordinated FDI attack, which can maximize the voltage deviation by coordinating type I and type II FDI attacks. From the attacker's perspective, the scheme of CFDI is proposed and an algorithm is developed to find the optimal attack strategy. The feasibility of CFDI attacks has been validated on a smart distribution testbed. Moreover, simulation results on an ADN benchmark have demonstrated that CFDI attacks could cause remarkable voltage deviation that may deteriorate the stability of the distribution network. Moreover, the impact of CFDI attacks is higher than pure type I or type II attacks. To mitigate the threat, some countermeasures against CFDI attacks are also proposed.

Free-Running tests for the rapidity of the aerodynamic lift-increasing planing craft

Free-running model test is one of the main test methods to study the performance of ships. In this study, a free-running test model was designed based on the planing trimaran model. The test model has a propulsion system and a data acquisition system, which can complete the functions of remote control, collecting thrust value and speed data and remote transmission data. Two kinds of wings were added to the test model, including the canard wing and the main wing. The test mainly studied the influence of the aerodynamic lift generated by the canard and the main wing on the rapidity of the planing trimaran. The test results show that with the increase of speed, the wing structure can produce considerable aerodynamic lift, and the purpose of reducing drag can be achieved by changing the pitch of the hull and lifting the hull. The test results verify the feasibility of using aerodynamic lift to improve the rapidity of high-speed planing craft. The combination of canard and main wing at the optimal attack angle can reduce hull resistance by 16.5 %.

Optimal data injection attack design for spacecraft systems via a model free Q‐learning approach

Optimal data injection attack design for spacecraft systems via a model free Q‐learning approach

Linear System Identification-Oriented Optimal Tampering Attack Strategy and Implementation Based on Information Entropy with Multiple Binary Observations

With the rapid development of computer technology, communication technology, and control technology, cyber-physical systems (CPSs) have been widely used and developed. However, there are massive information interactions in CPSs, which lead to an increase in the amount of data transmitted over the network. The data communication, once attacked by the network, will seriously affect the security and stability of the system. In this paper, for the data tampering attack existing in the linear system with multiple binary observations, in the case where the estimation algorithm of the defender is unknown, the optimization index is constructed based on information entropy from the attacker’s point of view, and the problem is modeled. For the problem of the multi-parameter optimization with energy constraints, this paper uses particle swarm optimization (PSO) to obtain the optimal data tampering attack solution set, and gives the estimation method of unknown parameters in the case of unknown parameters. To implement the real-time improvement of online implementation, the BP neural network is designed. Finally, the validity of the conclusions is verified through numerical simulation. This means that the attacker can construct effective metrics based on information entropy without the knowledge of the defense’s discrimination algorithm. In addition, the optimal attack strategy implementation based on PSO and BP is also effective.

Optimal Stealthy Attacks With Energy Constraint Against Remote State Estimation.

This article investigates the problem of energy-constrained stealthy attack strategy against remote state estimation for cyber-physical systems. Taking into account the energy constraint, the malicious attacker is required to schedule the off-line generated signals to modify the transmitted data with limited times over a finite-time horizon under the stealthiness condition, which makes the design of attack strategy more complex. Different from the attack schedules which are studied on the basis of prescribed attack signals in the existing results, the attack strategy is presented under the framework of collaborative design to deteriorate the estimation performance to the largest extent, which yet leads to the coupling between the attack schedules and attack signals. To overcome the difficulty without sacrificing the optimality, the attack design problem is solved in two steps. First, analyze the problem with the given attack schedule to derive the optimal attack signals. Then, the optimal schedule is obtained by efficiently solving the nonlinear 0-1 programming problem based on the algorithm of reducing the search space which is designed to eliminate a part of the nonoptimal solutions. To demonstrate the theoretical results, a simulation example is provided.