RESILIENT FLOCKING CONTROL FOR CONNECTED AND AUTOMATED VEHICLES WITH CYBER-ATTACK THREATS

ASME Letters in Dynamic Systems and Control ◽

10.1115/1.4050123 ◽

2021 ◽

pp. 1-7

Author(s):

Fengchen Wang ◽

Yan Chen

Keyword(s):

Detection Method ◽

Tracking Error ◽

Attack Detection ◽

Cyber Attacks ◽

Vehicle Tracking ◽

Cyber Attack ◽

Dynamics Model ◽

Automated Vehicles ◽

Tracking Errors ◽

Error Dynamics

Abstract To improve the cybersecurity of flocking control for connected and automated vehicles (CAVs), this paper proposes a novel resilient flocking control by specifically considering cyber-attack threats on vehicle tracking errors. Using the vehicle tracking error dynamics model, a dual extended Kalman filter (DEKF) is applied to detect cyber-attacks as an unknown constant on vehicle tracking information with noise rejections. To handle the coupling effects between tracking errors and cyber-attacks, the proposed DEKF consists of a tracking error filter and a cyber-attack filter, which are utilized to conduct the prediction and correction of tracking errors alternatively. Whenever an abnormal tracking error is detected, an observer-based resilient flocking control is enabled. Demonstrated by simulation results, the proposed cyber-attack detection method and resilient flocking control design can successfully achieve and maintain the flocking control of multi-CAV systems by rejecting certain cyber-attack threats.

Download Full-text

Optimization of network traffic anomaly detection using machine learning

International Journal of Electrical and Computer Engineering (IJECE) ◽

10.11591/ijece.v11i3.pp2360-2370 ◽

2021 ◽

Vol 11 (3) ◽

pp. 2360

Author(s):

ChoXuan Do ◽

Nguyen Quang Dam ◽

Nguyen Tung Lam

Keyword(s):

Random Forest ◽

Detection Method ◽

Information Gain ◽

Principal Component ◽

Attack Detection ◽

Cyber Attacks ◽

Abnormal Behavior ◽

Cyber Attack ◽

Detection Algorithms ◽

Abnormal Behavior Detection

In this paper, to optimize the process of detecting cyber-attacks, we choose to propose 2 main optimization solutions: Optimizing the detection method and optimizing features. Both of these two optimization solutions are to ensure the aim is to increase accuracy and reduce the time for analysis and detection. Accordingly, for the detection method, we recommend using the Random Forest supervised classification algorithm. The experimental results in section 4.1 have proven that our proposal that use the Random Forest algorithm for abnormal behavior detection is completely correct because the results of this algorithm are much better than some other detection algorithms on all measures. For the feature optimization solution, we propose to use some data dimensional reduction techniques such as information gain, principal component analysis, and correlation coefficient method. The results of the research proposed in our paper have proven that to optimize the cyber-attack detection process, it is not necessary to use advanced algorithms with complex and cumbersome computational requirements, it must depend on the monitoring data for selecting the reasonable feature extraction and optimization algorithm as well as the appropriate attack classification and detection algorithms.

Download Full-text

OUTLIER DETECTION METHOD USE FOR THE NETWORK FLOW ANOMALY DETECTION / IŠSKIRČIŲ RADIMO METODŲ TAIKYMAS ANOMALIJOMS KOMPIUTERIŲ TINKLO PAKETŲ SRAUTUOSE APTIKTI

Mokslas - Lietuvos ateitis ◽

10.3846/mla.2016.928 ◽

2016 ◽

Vol 8 (3) ◽

pp. 327-333 ◽

Cited By ~ 3

Author(s):

Rimas Ciplinskas ◽

Nerijus Paulauskas

Keyword(s):

Anomaly Detection ◽

Network Flow ◽

Detection Method ◽

Attack Detection ◽

Detection Methods ◽

Cyber Attack ◽

Normal Network ◽

New Type ◽

Flow Detection ◽

F Measure

New and existing methods of cyber-attack detection are constantly being developed and improved because there is a great number of attacks and the demand to protect from them. In prac-tice, current methods of attack detection operates like antivirus programs, i. e. known attacks signatures are created and attacks are detected by using them. These methods have a drawback – they cannot detect new attacks. As a solution, anomaly detection methods are used. They allow to detect deviations from normal network behaviour that may show a new type of attack. This article introduces a new method that allows to detect network flow anomalies by using local outlier factor algorithm. Accom-plished research allowed to identify groups of features which showed the best results of anomaly flow detection according the highest values of precision, recall and F-measure. Kibernetinių atakų gausa ir įvairovė bei siekis nuo jų apsisaugoti verčia nuolat kurti naujus ir tobulinti jau esamus atakų aptikimo metodus. Kaip rodo praktika, dabartiniai atakų atpažinimo metodai iš esmės veikia pagal antivirusinių programų principą, t.y. sudaromi žinomų atakų šablonai, kuriais remiantis yra aptinkamos atakos, tačiau pagrindinis tokių metodų trūkumas – negalėjimas aptikti naujų, dar nežinomų atakų. Šiai problemai spręsti yra pasitelkiami anomalijų aptikimo metodai, kurie leidžia aptikti nukrypimus nuo normalios tinklo būsenos. Straipsnyje yra pateiktas naujas metodas, leidžiantis aptikti kompiuterių tinklo paketų srauto anomalijas taikant lokalių išskirčių faktorių algoritmą. Atliktas tyrimas leido surasti požymių grupes, kurias taikant anomalūs tinklo srautai yra atpažįstami geriausiai, t. y. pasiekiamos didžiausios tikslumo, atkuriamumo ir F-mato reikšmės.

Download Full-text

Cyber Security Aspects of Virtualization in Cloud Computing Environments

Research Anthology on Privatizing and Securing Data ◽

10.4018/978-1-7998-8954-0.ch080 ◽

2021 ◽

pp. 1658-1671

Author(s):

Darshan Mansukhbhai Tank ◽

Akshai Aggarwal ◽

Nirbhay Kumar Chaubey

Keyword(s):

Cloud Computing ◽

Cyber Security ◽

Attack Detection ◽

Cyber Attacks ◽

Point Of View ◽

Cyber Attack ◽

Computing Environment ◽

Cloud Computing Environment ◽

Detection Approach ◽

Detection Response

Cybercrime continues to emerge, with new threats surfacing every year. Every business, regardless of its size, is a potential target of cyber-attack. Cybersecurity in today's connected world is a key component of any establishment. Amidst known security threats in a virtualization environment, side-channel attacks (SCA) target most impressionable data and computations. SCA is flattering major security interests that need to be inspected from a new point of view. As a part of cybersecurity aspects, secured implementation of virtualization infrastructure is very much essential to ensure the overall security of the cloud computing environment. We require the most effective tools for threat detection, response, and reporting to safeguard business and customers from cyber-attacks. The objective of this chapter is to explore virtualization aspects of cybersecurity threats and solutions in the cloud computing environment. The authors also discuss the design of their novel ‘Flush+Flush' cache attack detection approach in a virtualized environment.

Download Full-text

Cyber Security Aspects of Virtualization in Cloud Computing Environments

Quantum Cryptography and the Future of Cyber Security - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-7998-2253-0.ch013 ◽

2020 ◽

pp. 283-299 ◽

Cited By ~ 1

Author(s):

Darshan Mansukhbhai Tank ◽

Akshai Aggarwal ◽

Nirbhay Kumar Chaubey

Keyword(s):

Cloud Computing ◽

Cyber Security ◽

Attack Detection ◽

Cyber Attacks ◽

Point Of View ◽

Cyber Attack ◽

Computing Environment ◽

Cloud Computing Environment ◽

Detection Approach ◽

Detection Response

Download Full-text

Cognitive Dynamic System for AC State Estimation and Cyber-Attack Detection in Smart Grid

10.5772/intechopen.94093 ◽

2020 ◽

Author(s):

Mohammad Irshaad Oozeer ◽

Simon Haykin

Keyword(s):

Smart Grid ◽

Dynamic System ◽

State Estimation ◽

Attack Detection ◽

Cyber Attacks ◽

Data Detection ◽

Cyber Attack ◽

Bad Data Detection ◽

Cycle Basis ◽

Iterative Procedures

The work presented in this chapter is an extension of our previous research of bringing together the Cognitive Dynamic System (CDS) and the Smart Grid (SG) by focusing on AC state estimation and Cyber-Attack detection. Under the AC power flow model, state estimation is complex and computationally expensive as it relies on iterative procedures. On the other hand, the False Data Injection (FDI) attacks are a new category of cyber-attacks targeting the SG that can bypass the current bad data detection techniques in the SG. Due to the complexity of the nonlinear system involved, the amount of published works on AC based FDI attacks have been fewer compared to their DC counterpart. Here, we will demonstrate how the entropic state, which is the objective function of the CDS, can be used as a metric to monitor the grid’s health and detect FDI attacks. The CDS, acting as the supervisor of the system, improves the entropic state on a cycle to cycle basis by dynamically optimizing the state estimation process through the reconfiguration of the weights of the sensors in the network. In order to showcase performance of this new structure, computer simulations are carried out on the IEEE 14-bus system for optimal state estimation and FDI attack detection.

Download Full-text

Adaptive Nonlinear Control for Spacecraft With Coupled Translational and Attitude Dynamics

10.1115/imece2001/dsc-24580 ◽

2001 ◽

Author(s):

Haizhou Pan ◽

Vikram Kapila

Keyword(s):

Nonlinear Control ◽

Tracking Error ◽

Attitude Motion ◽

Control Law ◽

Attitude Dynamics ◽

Tracking Errors ◽

Motion Error ◽

Attitude Tracking ◽

Inertia Parameters ◽

Error Dynamics

Abstract In this paper, we address a tracking control problem for the coupled translational and attitude motion of a spacecraft. Specifically, a nonlinear adaptive control law is developed to ensure global asymptotic tracking of the desired translational and attitude trajectories in the presence of unknown mass and inertia parameters of spacecraft. Using the vectrix formalism the translational and attitude dynamics of spacecraft is modeled, where the mutual coupling in the translational and attitude motion induced by their gravitational interaction is duly accounted. The four-parameter quaternion representation is employed to describe the attitude kinematics of spacecraft in order to enable large orientation maneuvers. Based on the structure of the resulting system dynamics, the filtered translational and attitude tracking error dynamics are developed, which facilitate the transformation of second-order translational and attitude motion error dynamics as first-order equations, thus providing a considerable simplification in control law synthesis/analysis. With the aid of two linear operators, the open-loop filtered tracking error dynamics is parameterized such that the unknown mass and inertia parameters of spacecraft are isolated and can be estimated on-line. Using a Lyapunov framework, nonlinear control and adaptation laws are designed that ensure the global asymptotic convergence of the translational and attitude position tracking errors, despite the presence of unknown mass and inertia parameters of spacecraft. In addition, the form of the filtered tracking error reveals the convergence of translational and attitude velocity tracking errors of spacecraft. An illustrative numerical simulation is presented to demonstrate the effectiveness of the proposed control design methodology for the coupled translational and attitude motion control of spacecraft.

Download Full-text

Optimized cyber-attack detection method of power systems using sliding mode observer

Electric Power Systems Research ◽

10.1016/j.epsr.2021.107745 ◽

2022 ◽

Vol 205 ◽

pp. 107745

Author(s):

Mahdieh Adeli ◽

Majid Hajatipour ◽

Mohammad Javad Yazdanpanah ◽

Hamed Hashemi-Dezaki ◽

Mohsen Shafieirad

Keyword(s):

Power Systems ◽

Detection Method ◽

Sliding Mode ◽

Attack Detection ◽

Sliding Mode Observer ◽

Cyber Attack

Download Full-text

A Novel Cyber Attack Detection Method in Networked Control Systems

IEEE Transactions on Cybernetics ◽

10.1109/tcyb.2018.2843358 ◽

2018 ◽

Vol 48 (11) ◽

pp. 3254-3264 ◽

Cited By ~ 21

Author(s):

Eman Mousavinejad ◽

Fuwen Yang ◽

Qing-Long Han ◽

Ljubo Vlacic

Keyword(s):

Control Systems ◽

Detection Method ◽

Networked Control Systems ◽

Attack Detection ◽

Networked Control ◽

Cyber Attack

Download Full-text

Operator Suspicion and Decision Responses to Cyber-Attacks on Unmanned Ground Vehicle Systems

Proceedings of the Human Factors and Ergonomics Society Annual Meeting ◽

10.1177/1541931213601540 ◽

2017 ◽

Vol 61 (1) ◽

pp. 226-230 ◽

Cited By ~ 2

Author(s):

Chris Gay ◽

Barry Horowitz ◽

John Elshaw ◽

Philip Bobko ◽

Inki Kim

Keyword(s):

Full Range ◽

Human Dimensions ◽

Attack Detection ◽

Cyber Attacks ◽

Cyber Attack ◽

Performance Score ◽

Operator Performance ◽

Starting Point ◽

Malicious Intent

Cyber-attacks against cyber-physical systems (CPS), such as unmanned vehicles, are emergent threats with potentially catastrophic impacts, and this issue has drawn considerable interest by military agencies. Abundant body of research has attempted to address the physical security aspects of CPS; however, research addressing the human dimensions of cyber-attack detection and responses from an operator and operational perspective is sparse. This research has provided a novel probe into the human factors affecting operator resilience in responding to cyber-attacks, which are situations characterized by uncertainty and malicious intent. The variability of individual operators makes it improbable to grasp the full range of factors contributing to operator performance; however, the application of Suspicion Theory as proposed by Bobko et al. (2013), provides a starting point to aid in understanding operator performance in situations involving malicious intent (e.g. a cyber-attack). According to the theory, malicious intent is a critical component of operator suspicion, which is a key factor in operator response to cyber-attacks. The current research explored this human dimension through scenario-based, human-in-the-loop simulation experiments with Air Force personnel. It included both abstract and empirical assessments of the application of Suspicion Theory to operator detection and responses to cyber-attacks against an unmanned vehicle system, and it took a systems-oriented approach to the problem by considering the interaction of a Human-Machine Team (HMT) in the response. The HMT here refers to an operator and a Sentinel, which is an automated cyber-attack detection aid. The study evaluated the effects of suspicion, as well as the effects of perceived consequence, on the operator, and the resulting HMT quality of performance in responding to alerts, including both false alarms and properly detected cyber-attack scenarios. The findings show that Sentinel alerts alone do not create operator suspicion. Instead, alerts can serve as a catalyst for a wider information search by the operator, which, on a situational basis can lead to formation of increased operator suspicion. The analysis of experimental results pointed to a negative correlation between operator suspicion and performance score that measured the quality of a response to the given scenario. In addition, a strong correlation between HMT performance score and task response time was noted.

Download Full-text

The usage of power system multi-model forecasting aided state estimation for cyber attack detection

Proceedings of the higher educational institutions ENERGY SECTOR PROBLEMS ◽

10.30724/1998-9903-2021-23-5-13-23 ◽

2022 ◽

Vol 23 (5) ◽

pp. 13-23

Author(s):

I. A. Lukicheva ◽

A. L. Kulikov

Keyword(s):

Power System ◽

State Estimation ◽

Estimation Algorithm ◽

Attack Detection ◽

Cyber Attacks ◽

Protective Measure ◽

Cyber Attack ◽

False Data Injection ◽

Forecasting Models ◽

Autoregression Model

THE PURPOSE. Smart electrical grids involve extensive use of information infrastructure. Such an aggregate cyber-physical system can be subject to cyber attacks. One of the ways to counter cyberattacks is state estimation. State Estimation is used to identify the present power system operating state and eliminating metering errors and corrupted data. In particular, when a real measurement is replaced by a false one by a malefactor or a failure in the functioning of communication channels occurs, it is possible to detect false data and restore them. However, there is a class of cyberattacks, so-called False Data Injection Attack, aimed at distorting the results of the state estimation. The aim of the research was to develop a state estimation algorithm, which is able to work in the presence of cyber-attack with high accuracy.METHODS. The authors propose a Multi-Model Forecasting-Aided State Estimation method based on multi-model discrete tracking parameter estimation by the Kalman filter. The multimodal state estimator consisted of three single state estimators, which produced single estimates using different forecasting models. In this paper only linear forecasting models were considered, such as autoregression model, vector autoregression model and Holt’s exponen tial smoothing. When we obtained the multi-model estimate as the weighted sum of the single-model estimates. Cyberattack detection was implemented through innovative and residual analysis. The analysis of the proposed algorithm performance was carried out by simulation modeling using the example of a IEEE 30-bus system in Matlab.RESULTS. The paper describes an false data injection cyber attack and its specific impact on power system state estimation. A Multi - Model Forecasting-Aided State Estimation algorithm has been developed, which allows detecting cyber attacks and recovering corrupted data. Simulation of the algorithm has been carried out and its efficiency has been proved.CONCLUSION. The results showed the cyber attack detection rate of 100%. The Multi-Model Forecasting-Aided State Estimation is an protective measure against the impact of cyber attacks on power system.

Download Full-text