Operator Suspicion and Decision Responses to Cyber-Attacks on Unmanned Ground Vehicle Systems

Cyber-attacks against cyber-physical systems (CPS), such as unmanned vehicles, are emergent threats with potentially catastrophic impacts, and this issue has drawn considerable interest by military agencies. Abundant body of research has attempted to address the physical security aspects of CPS; however, research addressing the human dimensions of cyber-attack detection and responses from an operator and operational perspective is sparse. This research has provided a novel probe into the human factors affecting operator resilience in responding to cyber-attacks, which are situations characterized by uncertainty and malicious intent. The variability of individual operators makes it improbable to grasp the full range of factors contributing to operator performance; however, the application of Suspicion Theory as proposed by Bobko et al. (2013), provides a starting point to aid in understanding operator performance in situations involving malicious intent (e.g. a cyber-attack). According to the theory, malicious intent is a critical component of operator suspicion, which is a key factor in operator response to cyber-attacks. The current research explored this human dimension through scenario-based, human-in-the-loop simulation experiments with Air Force personnel. It included both abstract and empirical assessments of the application of Suspicion Theory to operator detection and responses to cyber-attacks against an unmanned vehicle system, and it took a systems-oriented approach to the problem by considering the interaction of a Human-Machine Team (HMT) in the response. The HMT here refers to an operator and a Sentinel, which is an automated cyber-attack detection aid. The study evaluated the effects of suspicion, as well as the effects of perceived consequence, on the operator, and the resulting HMT quality of performance in responding to alerts, including both false alarms and properly detected cyber-attack scenarios. The findings show that Sentinel alerts alone do not create operator suspicion. Instead, alerts can serve as a catalyst for a wider information search by the operator, which, on a situational basis can lead to formation of increased operator suspicion. The analysis of experimental results pointed to a negative correlation between operator suspicion and performance score that measured the quality of a response to the given scenario. In addition, a strong correlation between HMT performance score and task response time was noted.

Download Full-text

RESILIENT FLOCKING CONTROL FOR CONNECTED AND AUTOMATED VEHICLES WITH CYBER-ATTACK THREATS

ASME Letters in Dynamic Systems and Control ◽

10.1115/1.4050123 ◽

2021 ◽

pp. 1-7

Author(s):

Fengchen Wang ◽

Yan Chen

Keyword(s):

Detection Method ◽

Tracking Error ◽

Attack Detection ◽

Cyber Attacks ◽

Vehicle Tracking ◽

Cyber Attack ◽

Dynamics Model ◽

Automated Vehicles ◽

Tracking Errors ◽

Error Dynamics

Abstract To improve the cybersecurity of flocking control for connected and automated vehicles (CAVs), this paper proposes a novel resilient flocking control by specifically considering cyber-attack threats on vehicle tracking errors. Using the vehicle tracking error dynamics model, a dual extended Kalman filter (DEKF) is applied to detect cyber-attacks as an unknown constant on vehicle tracking information with noise rejections. To handle the coupling effects between tracking errors and cyber-attacks, the proposed DEKF consists of a tracking error filter and a cyber-attack filter, which are utilized to conduct the prediction and correction of tracking errors alternatively. Whenever an abnormal tracking error is detected, an observer-based resilient flocking control is enabled. Demonstrated by simulation results, the proposed cyber-attack detection method and resilient flocking control design can successfully achieve and maintain the flocking control of multi-CAV systems by rejecting certain cyber-attack threats.

Download Full-text

Cyber Security Aspects of Virtualization in Cloud Computing Environments

Research Anthology on Privatizing and Securing Data ◽

10.4018/978-1-7998-8954-0.ch080 ◽

2021 ◽

pp. 1658-1671

Author(s):

Darshan Mansukhbhai Tank ◽

Akshai Aggarwal ◽

Nirbhay Kumar Chaubey

Keyword(s):

Cloud Computing ◽

Cyber Security ◽

Attack Detection ◽

Cyber Attacks ◽

Point Of View ◽

Cyber Attack ◽

Computing Environment ◽

Cloud Computing Environment ◽

Detection Approach ◽

Detection Response

Cybercrime continues to emerge, with new threats surfacing every year. Every business, regardless of its size, is a potential target of cyber-attack. Cybersecurity in today's connected world is a key component of any establishment. Amidst known security threats in a virtualization environment, side-channel attacks (SCA) target most impressionable data and computations. SCA is flattering major security interests that need to be inspected from a new point of view. As a part of cybersecurity aspects, secured implementation of virtualization infrastructure is very much essential to ensure the overall security of the cloud computing environment. We require the most effective tools for threat detection, response, and reporting to safeguard business and customers from cyber-attacks. The objective of this chapter is to explore virtualization aspects of cybersecurity threats and solutions in the cloud computing environment. The authors also discuss the design of their novel ‘Flush+Flush' cache attack detection approach in a virtualized environment.

Download Full-text

Cyber Security Aspects of Virtualization in Cloud Computing Environments

Quantum Cryptography and the Future of Cyber Security - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-7998-2253-0.ch013 ◽

2020 ◽

pp. 283-299 ◽

Cited By ~ 1

Author(s):

Darshan Mansukhbhai Tank ◽

Akshai Aggarwal ◽

Nirbhay Kumar Chaubey

Keyword(s):

Cloud Computing ◽

Cyber Security ◽

Attack Detection ◽

Cyber Attacks ◽

Point Of View ◽

Cyber Attack ◽

Computing Environment ◽

Cloud Computing Environment ◽

Detection Approach ◽

Detection Response

Download Full-text

Cognitive Dynamic System for AC State Estimation and Cyber-Attack Detection in Smart Grid

10.5772/intechopen.94093 ◽

2020 ◽

Author(s):

Mohammad Irshaad Oozeer ◽

Simon Haykin

Keyword(s):

Smart Grid ◽

Dynamic System ◽

State Estimation ◽

Attack Detection ◽

Cyber Attacks ◽

Data Detection ◽

Cyber Attack ◽

Bad Data Detection ◽

Cycle Basis ◽

Iterative Procedures

The work presented in this chapter is an extension of our previous research of bringing together the Cognitive Dynamic System (CDS) and the Smart Grid (SG) by focusing on AC state estimation and Cyber-Attack detection. Under the AC power flow model, state estimation is complex and computationally expensive as it relies on iterative procedures. On the other hand, the False Data Injection (FDI) attacks are a new category of cyber-attacks targeting the SG that can bypass the current bad data detection techniques in the SG. Due to the complexity of the nonlinear system involved, the amount of published works on AC based FDI attacks have been fewer compared to their DC counterpart. Here, we will demonstrate how the entropic state, which is the objective function of the CDS, can be used as a metric to monitor the grid’s health and detect FDI attacks. The CDS, acting as the supervisor of the system, improves the entropic state on a cycle to cycle basis by dynamically optimizing the state estimation process through the reconfiguration of the weights of the sensors in the network. In order to showcase performance of this new structure, computer simulations are carried out on the IEEE 14-bus system for optimal state estimation and FDI attack detection.

Download Full-text

The usage of power system multi-model forecasting aided state estimation for cyber attack detection

Proceedings of the higher educational institutions ENERGY SECTOR PROBLEMS ◽

10.30724/1998-9903-2021-23-5-13-23 ◽

2022 ◽

Vol 23 (5) ◽

pp. 13-23

Author(s):

I. A. Lukicheva ◽

A. L. Kulikov

Keyword(s):

Power System ◽

State Estimation ◽

Estimation Algorithm ◽

Attack Detection ◽

Cyber Attacks ◽

Protective Measure ◽

Cyber Attack ◽

False Data Injection ◽

Forecasting Models ◽

Autoregression Model

THE PURPOSE. Smart electrical grids involve extensive use of information infrastructure. Such an aggregate cyber-physical system can be subject to cyber attacks. One of the ways to counter cyberattacks is state estimation. State Estimation is used to identify the present power system operating state and eliminating metering errors and corrupted data. In particular, when a real measurement is replaced by a false one by a malefactor or a failure in the functioning of communication channels occurs, it is possible to detect false data and restore them. However, there is a class of cyberattacks, so-called False Data Injection Attack, aimed at distorting the results of the state estimation. The aim of the research was to develop a state estimation algorithm, which is able to work in the presence of cyber-attack with high accuracy.METHODS. The authors propose a Multi-Model Forecasting-Aided State Estimation method based on multi-model discrete tracking parameter estimation by the Kalman filter. The multimodal state estimator consisted of three single state estimators, which produced single estimates using different forecasting models. In this paper only linear forecasting models were considered, such as autoregression model, vector autoregression model and Holt’s exponen tial smoothing. When we obtained the multi-model estimate as the weighted sum of the single-model estimates. Cyberattack detection was implemented through innovative and residual analysis. The analysis of the proposed algorithm performance was carried out by simulation modeling using the example of a IEEE 30-bus system in Matlab.RESULTS. The paper describes an false data injection cyber attack and its specific impact on power system state estimation. A Multi - Model Forecasting-Aided State Estimation algorithm has been developed, which allows detecting cyber attacks and recovering corrupted data. Simulation of the algorithm has been carried out and its efficiency has been proved.CONCLUSION. The results showed the cyber attack detection rate of 100%. The Multi-Model Forecasting-Aided State Estimation is an protective measure against the impact of cyber attacks on power system.

Download Full-text

Techniques to Model and Derive a Cyber-Attacker’s Intelligence

Efficiency and Scalability Methods for Computational Intellect ◽

10.4018/978-1-4666-3942-3.ch008 ◽

2013 ◽

pp. 162-180 ◽

Cited By ~ 3

Author(s):

Peter J. Hawrylak ◽

Chris Hartney ◽

Michael Haney ◽

Jonathan Hamm ◽

John Hale

Keyword(s):

Intrusion Detection ◽

Attack Detection ◽

Cyber Attacks ◽

Intrusion Detection Systems ◽

Cyber Attack ◽

Computationally Efficient ◽

Attack Graph ◽

Detection Systems ◽

Specialized Hardware ◽

Time Required

Identifying the level of intelligence of a cyber-attacker is critical to detecting cyber-attacks and determining the next targets or steps of the adversary. This chapter explores intrusion detection systems (IDSs) which are the traditional tool for cyber-attack detection, and attack graphs which are a formalism used to model cyber-attacks. The time required to detect an attack can be reduced by classifying the attacker’s knowledge about the system to determine the traces or signatures for the IDS to look for in the audit logs. The adversary’s knowledge of the system can then be used to identify their most likely next steps from the attack graph. A computationally efficient technique to compute the likelihood and impact of each step of an attack is presented. The chapter concludes with a discussion describing the next steps for implementation of these processes in specialized hardware to achieve real-time attack detection.

Download Full-text

Method of Early Detection of Cyber-Attacks on Telecommunication Networks Based on Traffic Analysis by Extreme Filtering

Energies ◽

10.3390/en12244768 ◽

2019 ◽

Vol 12 (24) ◽

pp. 4768 ◽

Cited By ~ 2

Author(s):

Andrey Privalov ◽

Vera Lukicheva ◽

Igor Kotenko ◽

Igor Saenko

Keyword(s):

Quality Of Service ◽

Early Detection ◽

Recovery Time ◽

Telecommunication Network ◽

Cyber Attacks ◽

Telecommunication Networks ◽

Stochastic Network ◽

Cyber Attack ◽

Acceptable Range

The paper suggests a method of early detection of cyber-attacks by using DDoS attacks as an example) using the method of extreme filtering in a mode close real time. The process of decomposition of the total signal (additive superposition of attacking and legitimate effects) and its decomposition using the method of extreme filtering is simulated. A profile model of a stochastic network is proposed. This allows to specify the influence of the intruder on the network using probabilistic-time characteristics. Experimental evaluation of metrics characterizing the cyber-attack is given. It is demonstrated how obtained values of metrics confirm the process of attack preparation, for instance the large-scaled telecommunication network, which includes the proposed method for early detection of attacks, has a recovery time of no more than 9 s, and the parameters of quality of service remain in an acceptable range.

Download Full-text

Cyber-Attack Detection in Water Distribution Systems Based on Blind Sources Separation Technique

Water ◽

10.3390/w13060795 ◽

2021 ◽

Vol 13 (6) ◽

pp. 795

Author(s):

Bruno Brentan ◽

Pedro Rezende ◽

Daniel Barros ◽

Gustavo Meirelles ◽

Edevar Luvizotto ◽

...

Keyword(s):

Remote Control ◽

Distribution Systems ◽

Water Distribution ◽

Water Distribution Systems ◽

Attack Detection ◽

Cyber Attacks ◽

Urban Systems ◽

Cyber Attack ◽

Statistical Control ◽

Fast Independent Component Analysis

Service quality and efficiency of urban systems have been dramatically boosted by various high technologies for real-time monitoring and remote control, and have also gained privileged space in water distribution. Monitored hydraulic and quality parameters are crucial data for developing planning, operation and security analyses in water networks, which makes them increasingly reliable. However, devices for monitoring and remote control also increase the possibilities for failure and cyber-attacks in the systems, which can severely impair the system operation and, in extreme cases, collapse the service. This paper proposes an automatic two-step methodology for cyber-attack detection in water distribution systems. The first step is based on signal-processing theory, and applies a fast Independent Component Analysis (fastICA) algorithm to hydraulic time series (e.g., pressure, flow, and tank level), which separates them into independent components. These components are then processed by a statistical control algorithm for automatic detection of abrupt changes, from which attacks may be disclosed. The methodology is applied to the case study provided by the Battle of Attack Detection Algorithms (BATADAL) and the results are compared with seven other approaches, showing excellent results, which makes this methodology a reliable early-warning cyber-attack detection approach.

Download Full-text

A robust intelligent zero-day cyber-attack detection technique

Complex & Intelligent Systems ◽

10.1007/s40747-021-00396-9 ◽

2021 ◽

Author(s):

Vikash Kumar ◽

Ditipriya Sinha

Keyword(s):

Promising Result ◽

Binary Classification ◽

Research Direction ◽

Attack Detection ◽

Cyber Attacks ◽

Correct Prediction ◽

Cyber Attack ◽

Neural Network Models ◽

Data Set ◽

Evaluation Phase

AbstractWith the introduction of the Internet to the mainstream like e-commerce, online banking, health system and other day-to-day essentials, risk of being exposed to various are increasing exponentially. Zero-day attack(s) targeting unknown vulnerabilities of a software or system opens up further research direction in the field of cyber-attacks. Existing approaches either uses ML/DNN or anomaly-based approach to protect against these attacks. Detecting zero-day attacks through these techniques miss several parameters like frequency of particular byte streams in network traffic and their correlation. Covering attacks that produce lower traffic is difficult through neural network models because it requires higher traffic for correct prediction. This paper proposes a novel robust and intelligent cyber-attack detection model to cover the issues mentioned above using the concept of heavy-hitter and graph technique to detect zero-day attacks. The proposed work consists of two phases (a) Signature generation and (b) Evaluation phase. This model evaluates the performance using generated signatures at the training phase. The result analysis of the proposed zero-day attack detection shows higher performance for accuracy of 91.33% for the binary classification and accuracy of 90.35% for multi-class classification on real-time attack data. The performance against benchmark data set CICIDS18 shows a promising result of 91.62% for binary-class classification on this model. Thus, the proposed approach shows an encouraging result to detect zero-day attacks.

Download Full-text

Cyber Attack Detection Scheme for a Load Frequency Control System Based on Dual-Source Data of Compromised Variables

Applied Sciences ◽

10.3390/app11041584 ◽

2021 ◽

Vol 11 (4) ◽

pp. 1584

Author(s):

Wenjun Bi ◽

Kaifeng Zhang ◽

Chunyu Chen

Keyword(s):

Frequency Control ◽

Measured Data ◽

Attack Detection ◽

Cyber Attacks ◽

Load Frequency Control ◽

Cyber Attack ◽

Detection Scheme ◽

Load Frequency ◽

Source Data ◽

Dual Source

Cyber attacks bring key challenges to the system reliability of load frequency control (LFC) systems. Attackers can compromise the measured data of critical variables of the LFC system, making the data received by the defender unreliable and resulting in system frequency fluctuation or even collapse. In this paper, to detect potential attacks on measured data, we propose a novel attack detection scheme using the dual-source data (DSD) of compromised variables. First, we study the characteristics of the compromised LFC system considering potentially vulnerable variables and different types of attack templates. Second, by designing a variable observer, the relationship between the known security variables and the variables which are at risk of being compromised in the LFC system is established. The features of the data obtained by the observer can reflect those of the true data. Third, a Siamese network (SN) is designed to quantify the distance between the characteristics of measured data and that of observed data. Finally, an attack detection scheme is designed by analyzing the similarity of the DSD. Simulation results verify the feasibility of the detection scheme studied in this paper.

Download Full-text