Alexandre Vernotte,Aymeric Cretin,Bruno Legeard,Fabien Peureux

DOI: https://doi.org/10.1007/s10009-021-00604-4

2021-02-22

International Journal on Software Tools for Technology Transfer

Abstract:The ADS-B—automatic dependent surveillance-broadcast—technology requires aircraft to broadcast their position and velocity periodically. As compared to legacy radar technologies, coupled with alarming cyber security issues (the ADS-B protocol provides no encryption nor identification), the reliance on aircraft to communicate this surveillance information exposes air transport to new cyber security threats, and especially to FDIAs—false data injection attacks—where an attacker modifies, blocks, or emits fake ADS-B messages to dupe controllers and surveillance systems. This paper is part of an ongoing research initiative toward the generation of FDIA test scenarios and focuses on supporting the test design activity, i.e., supporting ATC experts to meticulously craft test cases in order to assess the resilience of surveillance systems against FDIAs. To achieve this goal, we propose a complete and powerful domain-specific language (DSL), close to natural language, that provides a large expressiveness to support ATC business experts in creating FDIA's test scenarios. We demonstrate the design capabilities of this approach and its productivity gain with respect to manually creating the FDIAs test scenarios.

Luca Arnaboldi,Charles Morisset

DOI: https://doi.org/10.1007/978-3-030-04771-9_11

2019-01-24

Abstract:Denial of service attacks are especially pertinent to the internet of things as devices have less computing power, memory and security mechanisms to defend against them. The task of mitigating these attacks must therefore be redirected from the device onto a network monitor. Network intrusion detection systems can be used as an effective and efficient technique in internet of things systems to offload computation from the devices and detect denial of service attacks before they can cause harm. However the solution of implementing a network intrusion detection system for internet of things networks is not without challenges due to the variability of these systems and specifically the difficulty in collecting data. We propose a model-hybrid approach to model the scale of the internet of things system and effectively train network intrusion detection systems. Through bespoke datasets generated by the model, the IDS is able to predict a wide spectrum of real-world attacks, and as demonstrated by an experiment construct more predictive datasets at a fraction of the time of other more standard techniques.

Cryptography and Security

Ziyu Wang,Jingyu Wang,Dongyuan Shi

DOI: https://doi.org/10.1109/PandaFPE57779.2023.10140382

2023-01-01

Abstract:State Estimation (SE) is used to derive accurate operating states from redundant field measurements, wherein Bad Data Detection (BDD) is used to eliminate measurement outliers. In the past decade, False Data Injection (FDI) attacks have attracted extensive attention, as they provide a strategy to introduce bias to SE results by maliciously modifying measurements in a way that can bypass BDD. Regrettably, although FDI attacks are plausible in math, whether they are feasible in practice has not been paid enough attention. This paper tries to give an answer by formulating three FDI attack vectors, each exploiting the vulnerability of a different communication protocol to achieve background reconnaissance and data tampering. Based on the proposed attack vectors, the path of launching FDI attacks in a concrete cyber environment and the corresponding defense countermeasures are analyzed through cyber-physical co-simulation. Case studies demonstrate that applying classical countermeasures, such as cryptographic techniques and access control policies, can effectively frustrate FDI attacks in the real world. Futhermore, it can be summarized from the experiments that attackers may leverage side-effects of defense countermeasures to mount more subtle attacks. It is essential to consider defending against cyber-physical attacks from an overall perspective in the future.

Jianchao Song,Cheng Qian,Yifan Guo,Kun Hua,Wei Yu

DOI: https://doi.org/10.1109/INFOCOMWKSHPS57453.2023.10226121

2023-01-01

Abstract:Recently, the market has witnessed fabulous growths of WiFi sensing technologies to advance the deployment of Internet of Things (IoT) systems. Besides being an essential IoT enabler, WiFi devices with smart sensing techniques carry more helpful information to improve the performance of IoT systems. However, there is a lack of research efforts on systematically investigating the potential security threats of smart WiFi Sensing assisted IoT systems. In this paper, we systematically investigate the vulnerability of existing deep learning empowered WiFi sensing systems under False Data Injection (FDI) attacks. First, we analyze the attack vendors in three different IoT layers and consider violating the data integrity in three dimensions (i.e., time, space, and value). Second, we design three attack schemes to realize FDI attacks on smart WiFi sensing models. By measuring the performance of activity recognition on seven datasets under diverse WiFi sensing, experimental results demonstrate that the accuracy of activity recognition drastically decreases under our attacks.

Jiamin Hu,Xiaofan Yang,Lu-Xing Yang

DOI: https://doi.org/10.3390/s24051643

IF: 3.9

2024-03-03

Sensors

Abstract:False data injection attacks (FDIAs) on sensor networks involve injecting deceptive or malicious data into the sensor readings that cause decision-makers to make incorrect decisions, leading to serious consequences. With the ever-increasing volume of data in large-scale sensor networks, detecting FDIAs in large-scale sensor networks becomes more challenging. In this paper, we propose a framework for the distributed detection of FDIAs in large-scale sensor networks. By extracting the spatiotemporal correlation information from sensor data, the large-scale sensors are categorized into multiple correlation groups. Within each correlation group, an autoregressive integrated moving average (ARIMA) is built to learn the temporal correlation of cross-correlation, and a consistency criterion is established to identify abnormal sensor nodes. The effectiveness of the proposed detection framework is validated based on a real dataset from the U.S. smart grid and simulated under both the simple FDIA and the stealthy FDIA strategies.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Yichi Zhang,Wenfeng Deng,Keke Huang,Chunhua Yang

DOI: https://doi.org/10.1109/RASSE53195.2021.9686839

2021-01-01

Abstract:False data injection (FDI) attack is a common and destructive attack method in Industrial Cyber-Physical Systems (ICPSs), which is mounted in the cyber layer, compromises the measurement data and interferes the physical system at last, especially in the process industry and smart grid. In response, researchers developed many detection method rely on simulation, but the real situations are not idea...

Haitham Ameen Noman,Osama M F Abu-Sharkh

DOI: https://doi.org/10.3390/s23136067

2023-06-30

Abstract:The Internet of Things (IoT) has transformed various domains in our lives by enabling seamless communication and data exchange between interconnected devices, necessitating robust networking infrastructure. This paper presents a comprehensive analysis of code injection attacks in IoT, focusing on the wireless domain. Code injection attacks exploit security weaknesses in applications or software and can have severe consequences, such as data breaches, financial losses, and denial of service. This paper discusses vulnerabilities in IoT systems and examines how wireless frames in state-of-the-art wireless technologies, which serve IoT applications, are exposed to such attacks. To demonstrate the severity of these threats, we introduce a comprehensive framework illustrating code injection attacks in the wireless domain. Several code injection attacks are performed on Wireless Fidelity (Wi-Fi) devices operating on an embedded system commonly used in IoT applications. Our proof of concept reveals that the victims' devices become further exposed to a full range of cyber-attacks following a successful severe code injection attack. We also demonstrate three scenarios where malicious codes had been detected inside the firmware of wireless devices used in IoT applications by performing reverse engineering techniques. Criticality analysis is conducted for the implemented and demonstrated attacks using Intrusion Modes and Criticality Analysis (IMECA). By understanding the vulnerabilities and potential consequences of code injection attacks on IoT networks and devices, researchers and practitioners can develop more secure IoT systems and better protect against these emerging threats.

Xinchen Zhang,Zhihan Jiang,Yulong Ding,Edith C.H. Ngai,Shuang-Hua Yang

DOI: https://doi.org/10.1016/j.jfranklin.2024.107000

IF: 4.246

2024-09-01

Journal of the Franklin Institute

Abstract:As the Industrial Internet-of-Things (IIoT) evolves, a growing number of industrial control systems (ICSs) are connecting to the Internet, making them more vulnerable to malicious attacks. This paper addresses the detection of false data injection (FDI) attacks, a prevalent threat to open ICSs. We introduce an innovative anomaly detection technique using isomorphic analysis to safeguard ICSs against FDI attacks. Isomorphic analysis involves comparing transmitted signals with their expected values, which are derived from mathematical models or isomorphic components. For a comprehensive defense mechanism, we incorporate three specific detectors: the control signal detector, the actuating signal detector, and the sensor reading detector. Designed to detect FDI attacks across various parts of the ICS, these detectors ensure the integrity of all transmitted signals throughout the physical control system. While the control signal detector adopts a threshold method, the other two rely on statistical approaches. If an attack is detected, the detectors can correct tampered signals before they reach downstream components, enhancing the system’s overall resilience and fault tolerance. The effectiveness of these detectors is supported by rigorous mathematical proofs. Moreover, our experimental findings further reveal the superiority of the isomorphic strategy over prior work in terms of detection rate, detection time delay, and system resilience.

automation & control systems,engineering, electrical & electronic, multidisciplinary,mathematics, interdisciplinary applications

Mariam Elnour,Mohammad Noorizadeh,Mohammad Shakerpour,Nader Meskin,Khaled Khan,Raj Jain

DOI: https://doi.org/10.1109/access.2023.3303015

IF: 3.9

2023-08-22

IEEE Access

Abstract:In light of the advancement of the technologies used in industrial control systems, securing their operation has become crucial, primarily since their activity is consistently associated with integral elements related to the environment, the safety and health of people, the economy, and many others. This work presents a distributed, machine learning based attack detection and mitigation framework for sensor false data injection cyber-physical attacks in industrial control systems. It is developed using the system's standard operational data and validated using a hybrid testbed of a reverse osmosis plant. A MATLAB/Simulink-based simulation model of the process validated with actual data from a local plant is used. The control system is implemented using Siemens S7-1200 programmable logic controllers with 200SP Distributed Input/Output modules. The proposed solution can be adopted in the existing industrial control systems and demonstrated effective performance in real-time detection and mitigation of actual cyber-physical attacks launched by compromising the communication links between the process and the programmable logic controllers.

computer science, information systems,telecommunications,engineering, electrical & electronic

Soumyajit Dey,Sunandan Adhikary,Ipsita Koley,R. Rohit

DOI: https://doi.org/10.1109/DSD57027.2022.00128

2022-05-02

Abstract:Recent developments in the smart mobility domain have transformed automobiles into networked transportation agents helping realize new age, large-scale intelligent transportation systems (ITS). The motivation behind such networked transportation is to improve road safety as well as traffic efficiency. In this setup, vehicles can share information about their speed and/or acceleration values among themselves and infrastructures can share traffic signal data with them. This enables the connected vehicles (CVs) to stay informed about their surroundings while moving. However, the inter-vehicle communication channels significantly broaden the attack surface. The inter-vehicle network enables an attacker to remotely launch attacks. An attacker can create collision as well as hamper performance by reducing the traffic efficiency. Thus, security vulnerabilities must be taken into consideration in the early phase of CVs' development cycle. To the best of our knowledge, there exists no such automated simulation tool using which engineers can verify the performance of CV prototypes in the presence of an attacker. In this work, we present an automated tool flow that facilitates false data injection attack synthesis and simulation on customizable platoon structure and vehicle dynamics. This tool can be used to simulate as well as design and verify control- theoretic light-weight attack detection and mitigation algorithms for CVs.

Computer Science,Engineering

Christian Wolschke,Stefan Marksteiner,Tobias Braun,Markus Wolf

DOI: https://doi.org/10.1145/3465481.3470070

2021-08-17

Abstract:This paper presents a Domain Specific Language (DSL) for generically describing cyber attacks, agnostic to specific system-under-test (SUT). The creation of the presented DSL is motivated by an automotive use case. The concepts of the DSL are generic such that attacks on arbitrary systems can be addressed. The ongoing trend to improve the user experience of vehicles with connected services implies an enhanced connectivity as well as remote accessible interface opens potential attack vectors. This might also impact safety and the proprietary nature of potential SUTs. Reusing tests of attack vectors to industrialize testing them on multiple SUTs mandates an abstraction mechanism to port an attack from one system to another. The DSL therefore generically describes attacks for the usage with a test case generator (and execution environment) also described in this paper. The latter use this description and a database with SUT-specific information to generate attack implementations for a multitude of different (automotive) SUTs.

David Weissman,Anura P. Jayasumana

DOI: https://doi.org/10.5121/csit.2024.141410

2024-07-29

Abstract:In this paper, the authors introduce a lightweight dataset to interpret IoT (Internet of Things) activity in preparation to create decoys by replicating known data traffic patterns. The dataset comprises different scenarios in a real network setting. This paper also surveys information related to other IoT datasets along with the characteristics that make our data valuable. Many of the datasets available are synthesized (simulated) or often address industrial applications, while the IoT dataset we present is based on likely smart home scenarios. Further, there are only a limited number of IoT datasets that contain both normal operation and attack scenarios. A discussion of the network configuration and the steps taken to prepare this dataset are presented as we prepare to create replicative patterns for decoy purposes. The dataset, which we refer to as IoT Flex Data, consists of four categories, namely, IoT benign idle, IoT benign active, IoT setup, and malicious (attack) traffic associating the IoT devices with the scenarios under consideration.

Cryptography and Security

Gautam Raj Mode,Prasad Calyam,Khaza Anuarul Hoque

DOI: https://doi.org/10.48550/arXiv.1910.01716

2019-12-13

Abstract:Industry 4.0 is the latest industrial revolution primarily merging automation with advanced manufacturing to reduce direct human effort and resources. Predictive maintenance (PdM) is an industry 4.0 solution, which facilitates predicting faults in a component or a system powered by state-of-the-art machine learning (ML) algorithms and the Internet-of-Things (IoT) sensors. However, IoT sensors and deep learning (DL) algorithms, both are known for their vulnerabilities to cyber-attacks. In the context of PdM systems, such attacks can have catastrophic consequences as they are hard to detect due to the nature of the attack. To date, the majority of the published literature focuses on the accuracy of DL enabled PdM systems and often ignores the effect of such attacks. In this paper, we demonstrate the effect of IoT sensor attacks on a PdM system. At first, we use three state-of-the-art DL algorithms, specifically, Long Short-Term Memory (LSTM), Gated Recurrent Unit (GRU), and Convolutional Neural Network (CNN) for predicting the Remaining Useful Life (RUL) of a turbofan engine using NASA's C-MAPSS dataset. The obtained results show that the GRU-based PdM model outperforms some of the recent literature on RUL prediction using the C-MAPSS dataset. Afterward, we model two different types of false data injection attacks (FDIA) on turbofan engine sensor data and evaluate their impact on CNN, LSTM, and GRU-based PdM systems. The obtained results demonstrate that FDI attacks on even a few IoT sensors can strongly defect the RUL prediction. However, the GRU-based PdM model performs better in terms of accuracy and resiliency. Lastly, we perform a study on the GRU-based PdM model using four different GRU networks with different sequence lengths. Our experiments reveal an interesting relationship between the accuracy, resiliency and sequence length for the GRU-based PdM models.

Machine Learning,Performance,Signal Processing

Guangdou Zhang,Jian Li,Olusola Bamisile,Zhenyuan Zhang,Dongsheng Cai,Qi Huang

DOI: https://doi.org/10.1109/ICPSAsia52756.2021.9621453

2021-01-01

Abstract:As a typical cyber-physical system, the power system utilizes advanced information and communication technologies to transmit crucial control signals in communication channels. However, many adversaries can construct false data injection attacks (FDIA) to circumvent traditional bad data detection and break the stability of the power grid. In this paper, we proposed a threat-maximizing FDIA model f...

Rong-Peng Liu,Xiaozhe Wang,Zuyi Li,Rawad Zgheib

2023-12-02

Abstract:This work studies the modeling of false data injection attacks (FDIAs) on IEGSs. First, we introduce a static state estimation model and bad data detection method for IEGSs. Then, we develop FDIAs on IEGSs with complete network topology and parameter information. Next, we develop FDIAs on IEGSs when intruders have only local network topology and parameter information of an IEGS. Lastly, we explore FDIAs on IEGSs when intruders have only local network topology information of an IEGS.

Systems and Control

Alekha Kumar Mishra,Asis Kumar Tripathy,Deepak Puthal,Laurence T. Yang

DOI: https://doi.org/10.1109/jiot.2018.2843769

IF: 10.6

2018-01-01

IEEE Internet of Things Journal

Abstract:The sybil attack in Internet of Things (IoT) commonly aims the sensing domain that may impose serious threat to the devices both in perception and communication layer. The singularity of the sybil attack is a sybil node that publish multiple identities of legitimate devices. It is highly essential to learn the behavior and predict possible actions of a sybil attacker while devising a defense mechanism for it. This paper provides a comprehensive characteristic analysis of sybil attack in IoT. Based on the nature of the task performed during this attack, it is classified into three phases as compromise, deployment, and launching phase. The compromise phase is modeled as an automaton with attacker state transition as a Markov chain model. A heuristic is also proposed for selection criteria of an attacker to compromise a node. In the deployment phase of the attack, an algorithm based on ${K}$ -mean clustering is proposed to group compromised identities and deploy the sybil node for corresponding identities without violating the set of adjacent nodes. In the launching phase, the process of replacing sybil identities either over time or on detection is modeled using age replacement policy. The results depict that the proposed model effectively visualize the behavior of a sybil attacker in challenging environments of IoT.

Michael Cash,Christopher Morales-Gonzalez,Shan Wang,Xipeng Jin,Alex Parlato,Jason Zhu,Qun Zhou Sun,Xinwen Fu

DOI: https://doi.org/10.48550/arXiv.2208.02733

2022-09-25

Abstract:KNX is one popular communication protocol for a building automation system (BAS). However, its lack of security makes it subject to a variety of attacks. We are the first to study the false data injection attack against a KNX based BAS. We design a man-in-the-middle (MITM) attack to change the data from a temperature sensor and inject false data into the BAS. We model a BAS and analyze the impact of the false data injection attack on the system in terms of energy cost. Since the MITM attack may disturb the KNX traffic, we design a machine learning (ML) based detection strategy to detect the false data injection attack using a novel feature based on the Jensen Shannon Divergence (JSD), which measures the similarity of KNX telegram inter-arrival time distributions with attack and with no attack. We perform real-world experiments and validate the presented false data injection attack and the ML based detection strategy. We also simulate a BAS, and show that the false data injection attack has a huge impact on the BAS in terms of power consumption.

Cryptography and Security

Geethapriya Thamilarasu,Shiven Chawla

DOI: https://doi.org/10.3390/s19091977

2019-04-27

Abstract:Cyber-attacks on the Internet of Things (IoT) are growing at an alarming rate as devices, applications, and communication networks are becoming increasingly connected and integrated. When attacks on IoT networks go undetected for longer periods, it affects availability of critical systems for end users, increases the number of data breaches and identity theft, drives up the costs and impacts the revenue. It is imperative to detect attacks on IoT systems in near real time to provide effective security and defense. In this paper, we develop an intelligent intrusion-detection system tailored to the IoT environment. Specifically, we use a deep-learning algorithm to detect malicious traffic in IoT networks. The detection solution provides security as a service and facilitates interoperability between various network communication protocols used in IoT. We evaluate our proposed detection framework using both real-network traces for providing a proof of concept, and using simulation for providing evidence of its scalability. Our experimental results confirm that the proposed intrusion-detection system can detect real-world intrusions effectively.

Xinrui Liu,Shubo Sun,Yating Wang,Zhiyuan Duan,Xin Li,Qiuye Sun

DOI: https://doi.org/10.1016/j.segan.2024.101533

2024-10-08

Sustainable Energy, Grids and Networks

Abstract:With the increasing number of users and multi-type loads accessing the cyber–physical distribution system (CPDS), the bidirectional interaction between the system becomes more and more frequent. The Load aggregator (LA) also plays an increasingly important role in the interaction process. However, the LA's high dependence on information and lack of security measures make it vulnerable to attacks, so this paper analyzes the interactive security of the LAs from two points. Considering the game process between the LAs and users from the attacker's point of view, this paper puts forward an attack strategy aiming cost function of the LAs, establishes a bi-level multi-objective programming attack model of false data injection attacks(FDIAs), and proposes an attack detection method based on the multi-state matching method and improved similar daily data preprocessing generative adversarial network (P-GAN) from the defender's point of view to defend against the above attack strategy. Furthermore, a hybrid detection mechanism combining event triggering and periodic detection is proposed to ensure response speed and adaptability of detection. The effectiveness of the proposed attack model and the detection method is verified by simulation analysis.

energy & fuels,engineering, electrical & electronic

Xiaoyu Luo,Chongrong Fang,Chengcheng Zhao,Jianping He

DOI: https://doi.org/10.1109/cdc51059.2022.9992710

2022-01-01

Abstract:The data-driven attack strategies recently have received much attention when the full knowledge of the system model is unknown or difficult to be obtained for the adversary. Note that despite the critical parameters of the system model being unavailable for the adversary, the existing data-driven attack methods still depend on the linearity of the unknown system model. In this paper, we design a completely model-free attack strategy where the adversary with limited capability aims to compromise state variables such that the output value follows the expected trajectory. Specifically, we first construct a zeroth-order feedback optimization framework and uninterruptedly use probing signals for real-time measurements. Then, we iteratively update the attack signals along the composite direction of the gradient estimates of the objective function evaluations and the projected gradients. These objective function evaluations can be obtained only by real-time measurements. Furthermore, we characterize the optimality of these solutions via the optimality gap, which is affected by the dimensions of the attack signal, the iterations of solutions, and the convergence rate of the system. Extensive simulations are conducted to show the effectiveness of the proposed attack strategy.