Ming Wan,Minglei Hao,Yang Li,Jianming Zhao,Ying Li

DOI: https://doi.org/10.1145/3586102.3586127

2022-01-01

Abstract:Due to the rapid development of industrial automation, ICSs (Industrial Control Systems) gradually expose their potential security vulnerabilities, and are facing more and more serious security risks. Although different industrial security technologies have been developed to strengthen industrial security protection, they always struggle for their own because of their standalone and non-related functions, and their actual defense effects are not encouraging. This paper first summarizes some intrinsic security vulnerabilities in ICSs, and analyzes the main causes to generate each class of vulnerabilities. Furthermore, five popular security technologies which have been successfully applied in today's ICSs are introduced, and their advantages and shortages are also compared by explaining each working mechanism. In order to take full advantage of various industrial security technologies, this paper proposes one novel cooperative defense model based P2DR (Policy, Protection, Detection and Response), which establishes the dynamical defense process to integrate five different industrial security technologies. Under the guidance of security policies, this model can comprehensively utilize the resources of various industrial security technologies to learn and judge current security status of the whole system, and effectively adjust the optimum deployment to provide the strongest protection with the lowest risk. Finally, one applicable case based on the proposed model is designed to verify the feasibility of cooperative defense in ICSs.

Yufeng Chen,Zhengtao Xiang,Yabo Dong,Dongming Lu

DOI: https://doi.org/10.1109/ical.2008.4636301

2008-01-01

Abstract:Worms not only infect vulnerable hosts, but also occupy a large amount of network bandwidth, which affects the normal operation of the network seriously. To achieve the worm detection and automatic quarantine in real time, a cooperation system of worm detection and quarantine is designed and implemented. The worm detection subsystem is implemented based on Bro and can detect worms in real time with our algorithm, which based on the failure probability of FCC and of heavy-tailed property. The worm quarantine subsystem can quarantine worm hosts automatically with ARP-spoofing. The cooperation between detection subsystem, quarantine subsystem and manager is achieved based on SNMP protocol. The system can be deployed easily with little effect on LAN. Experimental results show that the system can detect and quarantine worm hosts effectively.

Yinan Wang,Wei Li,Gangfeng Yan,Sumian Song

DOI: https://doi.org/10.1109/icit.2017.7915433

2017-01-01

Abstract:This paper proposes an unified framework for electrical cyber physical systems (ECPSs) and studies the mechanism of cyber attacks and cyber security. Communication networks are designed by characteristics of power grids. This model is universal to both transmission and distribution grids. The fragility of ECPSs under cyber attacks (DoS attacks and false data injection attacks) is analyzed in three scenarios based on different types and attackers' acknowledgments of the ECPSs. It has been proved that attacks happen at information uploading routers or control strategy downloading routers will influence the system differently. The effectiveness of relay protection policies and cyber security policies are verified by experimental results.

Sheng Xu,Yongxiang Xia,Hui-Liang Shen

DOI: https://doi.org/10.1109/jsyst.2022.3150576

IF: 4.802

2022-01-01

IEEE Systems Journal

Abstract:In this article, we study how to resist malware attacks in cyber-physical power systems (CPPSs) through cyber protection. A model that incorporates the power flow analysis, the cyber monitoring and control, and the factor of cyber protection is proposed to simulate malware attacks in CPPSs. Meanwhile, an evaluation method is also developed to estimate the effectiveness of different cyber protection strategies. Through simulations, we conduct case studies in a test CPPS generated by coupling the IEEE 118 Bus System with a scale-free communication network. The protection effects of three heuristic cyber protection strategies, namely, target protection, random protection, and acquaintance protection are compared and analyzed. Simulation results reveal that compared with the other two strategies, target protection can suppress malware propagation and resist malware attacks more effectively. Moreover, we also investigate the optimal cyber protection problem in CPPSs and formulate it as a zero-one integer programming problem. We solve the problem by genetic algorithm and find that some low-degree cyber nodes also play a significant role in resisting malware attacks in CPPSs, especially when the protection budget is tight.

楼润瑜,王备战,王伟

2010-01-01

Abstract:In order to defend the attacks caused by DDOS and worms(or vicious codes) in large scale network,a general,solid,in-depth and distributed active cooperation defense model is presented.A set of achievable methods ranging from systemic architecture,function mechanisms and algorithm descriptions are given.The model,which is demonstrated by the system architecture,function modules and active cooperation defense to stop the attacks,is the integrated and systemic model.It integrates several role security technologies,such as IDS,firework and honeynet,and achieves a complete set of functional mechanisms for active cooperation defense.By the cooperation from the security components within inside and outside the autonomous system(AS),we realize the active cooperation defense which involves the multi-level defense range from network boundary level,kernel level,sub-network level to host level.As a result,the presented model not only can achieve effectively security defense in the large scale network,but also can have the good generality and scalability.

Xianjun Sun,Chuang Lin,Yixin Jiang,Weidong Liu,Xiaowen Chu

DOI: https://doi.org/10.1109/ICC.2010.5501978

2010-01-01

Abstract:Intricate malware can result in the failure of on-line Comprehensive Protection (CP) in distributed systems, and place the system in an unsafe state which is difficult to recover from. There lacks an effective scheme to defend against this extreme attack. In this paper, based on the Two-layer Protection and Co-operative Recovery (TPCRS) mechanism, we propose an efficient survivable scheme against malware attacks in distributed systems. The basic strategy is to deploy an Emergency Response/Recovery (ER) agent at each node to recognize the state of the system whenever the CP fails, and to carry out cooperative security among multiple nodes so that the infected nodes can be rapidly recovered. Furthermore, a Preventive Maintenance (PM) model is adopted to enhance the reliability of the distributed system. Si-mulation results demonstrate the practicality and efficiency of the proposed schemes.

Ziming Zhao,Zhaoxuan Li,Jiongchi Yu,Fan Zhang,Xiaofei Xie,Haitao Xu,Binbin Chen

DOI: https://doi.org/10.1109/tmc.2023.3311012

IF: 6.075

2024-01-01

IEEE Transactions on Mobile Computing

Abstract:With the widespread use of Internet of Things (IoT) devices, malware detection has become a hot spot for both academic and industrial communities. Existing approaches can be roughly categorized into network-side and host-side. However, existing network-side methods are difficult to capture contextual semantics from cross-source traffic, and previous host-side methods could be adversary-perceived and expose risks for tampering. More importantly, a single perspective cannot comprehensively track the multi-stage lifecycle of IoT malware. In this paper, we present ${\sf CMD}$ , a co-analyzed IoT malware detection and forensics system by combining hardware and network domains. For the network part, ${\sf CMD}$ proposes a tailored capsule neural network to capture the contextual semantics from cross-source traffic. For the hardware part, ${\sf CMD}$ designs an entire file operation recovery process in a side-channel manner by leveraging the Serial Peripheral Interface (SPI) signals from on-chip traces. These traffic provenance and operating logs information could benefit the anti-virus countermeasures for security practitioners. By practical evaluation, we demonstrate that ${\sf CMD}$ realizes outstanding detection effects ( e.g., $\sim$ 99.88% F1-score) compared with seven state-of-the-art methods, and recovers 96.88% $\sim$ 99.75% operation commands even if against adaptive adversaries (that could kill processes or tamper with operation log files). A by-product benefit of such an external monitor is ${\sf CMD}$ introduces zero latency on the IoT device, and incurs negligible IoT CPU utilization. Also, since SPI focuses on file operations, the proposed hardware trace forensics does not have the data explosion problem like previous work, e.g., recovered logs of ${\sf CMD}$ only take up limited extra space overhead ( e.g., $\sim$ 0.2 MB per malware). Furthermore, we provide the model interpretability for the capsule network and develop a case study (Hajime) of the operation logs recovery.

Han Qin,Jiaming Weng,Dong Liu,Donglian Qi,Yufei Wang

DOI: https://doi.org/10.17775/cseejpes.2020.04550

IF: 6.014

2024-01-01

CSEE Journal of Power and Energy Systems

Abstract:With the help of advanced information technology, real-time monitoring and control levels of cyber-physical distribution systems (CPDS) have been significantly improved. However due to the deep integration of cyber and physical systems, attackers could still threaten the stable operation of CPDS by launching cyber-attacks, such as denial-of-service (DoS) attacks. Thus, it is necessary to study the CPDS risk assessment and defense resource allocation methods under DoS attacks. This paper analyzes the impact of DoS attacks on the physical system based on the CPDS fault self-healing control. Then, considering attacker and defender strategies and attack damage, a CPDS risk assessment framework is established. Furthermore, risk assessment and defense resource allocation methods, based on the Stackelberg dynamic game model, are proposed under conditions in which the cyber and physical systems are launched simultaneously. Finally, a simulation based on an actual CPDS is performed, and the calculation results verify the effectiveness of the algorithm.

Tingting Yang,Hailong Feng,Chengming Yang,Zhonghua Sun,Ruilong Deng

DOI: https://doi.org/10.1155/2016/3906549

IF: 1.938

2016-01-01

International Journal of Distributed Sensor Networks

Abstract:An innovative paradigm named Cooperative Cognitive Maritime Cyber Physical Systems (CCMCPSs) is developed to achieve high-speed and low-cost communication services. The analysis of the available white space at sea, as well as the framework, is presented. Specifically, a bilevel game with two stages of PUs-to-SUs (primary users to secondary users) and SUs-to-SUs is proposed, to address the resource allocation issue of Decode-and-Forward (DF) relay mode with maximal-ratio combining (MRC) receiving mode in destination. Stackelberg game with priority is employed between PU and SUs, while a symmetrical system model is considered among SUs-to-SUs. The game theoretic procedure that converges to Nash equilibrium based on the utility and payoff function is illustrated. Simulation results demonstrate that our proposed strategy could effectively increase the throughput as well as the payoffs of the system.

Dong-Hoon Shin,Shibo He,Junshan Zhang

DOI: https://doi.org/10.1109/tnet.2015.2403862

2016-01-01

IEEE/ACM Transactions on Networking

Abstract:Cyber-Physical Systems (CPS) are emerging as the underpinning technology for major industries in this century. Wide-area monitoring and control is an essential ingredient of CPS to ensure reliability and security. Traditionally, a hierarchical system has been used to monitor and control remote devices deployed in a large geographical region. However, a general consensus is that such a hierarchical system can be highly vulnerable to component (i.e., nodes and links) failures, calling for a robust and cost-effective communication system for CPS. To this end, we consider a middleware approach to leverage the existing commercial communication infrastructure (e.g., Internet and cellular networks) with abundant connectivity. In this approach, a natural question is how to use the middleware to cohesively "glue" the physical system and the commercial communication infrastructure together, in order to enhance robustness and cost-effectiveness. We tackle this problem while taking into consideration two different cases of middleware deployment: single-stage and multi-stage deployments. We design offline and online algorithms for these two cases, respectively. We show that the offline algorithm achieves the best possible approximation ratio while the online algorithm attains the order-optimal competitive ratio. We also demonstrate the performance of our proposed algorithms through simulations.

Beipeng Mu,Xinming Chen,Zhen Chen

DOI: https://doi.org/10.1109/cmc.2011.130

2011-01-01

Abstract:Network Security Appliances are deployed at the vantage point of the Internet to detect security events and prevent attacks. However, these appliances are not so effective when it comes to distributed attacks such as DDoS. This paper presents a design and implementation of collaborative network security management system (CNSMS), which organize the NetSecu nodes into a hybrid P2P and hierarchy architecture to share the security knowledge. NetSecu nodes are organized into a hierarchy architecture so they could realize different management or security functions. In each level, nodes formed a P2P networks for higher efficiency. To guarantee identity trustworthy and information exchange secure, PKI infrastructure is deployed in CNSMS. Finally experiments are conducted to test the computing and communication cost.

Jia Xu,Jia Yan,Liang He,Purui Su,Dengguo Feng

DOI: https://doi.org/10.1109/CloudCom.2010.16

2010-01-01

Abstract:Massive Internet invasions implemented through the distributed platform fabricated by rapid diffusion of malwares, has become a significant issue in network security. We argue that the notion of “Collaborative Security” is an emerging trend in resisting distributed attacks originated from malware. Therefore, this paper proposes a new architecture: CloudSEC, for composing collaborative security-related services in clouds, such as correlated intrusion analysis, anti-spam, anti-DDOS, automated malware detection and containment. CloudSEC is modeled as a dynamic peer-to-peer overlay hierarchy with three types of top-down architectural components. Based on, this architecture, both data distribution and task scheduling overlays can be simultaneously implemented in a loosely coupled fashion, which can efficiently retrieve data resources from heterogeneous network security facilities, and harness distributed collection of computational resources to process data-intensive tasks. Hence, CloudSEC endues the network security infrastructure with the capability of dynamic adaptation and collaboration on an inter-organizational scale. The results of preliminary evaluation demonstrate that, CloudSEC not only delivers a sample service of distributed intrusion correlation with high scalability and robustness, but also achieves remarkable effectiveness in data sharing and task scheduling.

HAN Fu-ye,CHEN Zhen,LIANG Yong,LI Jun

DOI: https://doi.org/10.3969/j.issn.1671-1122.2012.04.003

2012-01-01

Abstract:Internet security problem is still not well addressed as there are many network security event occurs,such as sending huge volumes of spam or launching Distributed Denial-of-Service(DDoS) attacks to victim targets.These attacks are launched by attackers who controlled a well-organized distributed network consists of a larger volume of hosts called bots.It is difficult to suppress such a distributed,widely,and automotive organized botnet without collaborative effort among the well deployed network security appliances(e.g.Unified Threat Management,i.e.UTM) in Internet.In this paper,we propose a practical Collaborative Internet Security System based on Overlay Network.We design a Peer-to-Peer communication protocol,a collaborative module,and retrofit security functions for UTM to virtually interconnect these UTMs to build a Security Overlay Network.In this Security Overlay Network,each UTM can communicate with each other to exchange security rules,events and signatures,and the huge size of signatures and security rules file can be disseminated easily,also ensure the security rules version in UTM will be consistency.Our design leverages existing technology to fully construct a comprehensive Collaborative Internet Security System for practical use.In the real deployment of our Security Overlay Network,several concrete applications,experiments and demos are also conducted and the results are also presented.

Sibin Mohan,Stanley Bak,Emiliano Betti,Heechul Yun,Lui Sha,Marco Caccamo

DOI: https://doi.org/10.48550/arXiv.1202.5722

2012-02-26

Cryptography and Security

Abstract:Until recently, cyber-physical systems, especially those with safety-critical properties that manage critical infrastructure (e.g. power generation plants, water treatment facilities, etc.) were considered to be invulnerable against software security breaches. The recently discovered 'W32.Stuxnet' worm has drastically changed this perception by demonstrating that such systems are susceptible to external attacks. Here we present an architecture that enhances the security of safety-critical cyber-physical systems despite the presence of such malware. Our architecture uses the property that control systems have deterministic execution behavior, to detect an intrusion within 0.6 {\mu}s while still guaranteeing the safety of the plant. We also show that even if an attack is successful, the overall state of the physical system will still remain safe. Even if the operating system's administrative privileges have been compromised, our architecture will still be able to protect the physical system from coming to harm.

Jinshu Su,Xiaofeng Wang,Wei Shi,Indrakshi Ray

DOI: https://doi.org/10.1002/sec.1276

IF: 1.968

2015-01-01

Security and Communication Networks

Abstract:The rapid growth of distributed and networking technologies has made our information system more vulnerable to attack threats, malicious behaviors, and unpredictable failures. As the emergence of botnets and advanced persistent threat attacks, the traditional defense technology cannot cope well with the new large-scale and obfuscated malwares. In distributed and virtualized environments, the trust risk of applications has been increased considerably, which made it vital to propose new trust access control technologies. In addition, the complicated system usually comprises a large number of components that are susceptible to unpredictable failures. We need new designs of resilient infrastructure and dependable services. The papers in this special issue focus on the security, trust, and resilience management for distributed and networking computing paradigms, such as wireless sensor network, P2P network, ad hoc networks, virtualized network, and software-defined network. The contributions of these papers are outlined next. To locate the real source of the Internet attacks, existing work is easy to be evaded by attackers and difficult to justify the stepping stones. Sheng Wen et al. introduce the consistent causality probability to detect the stepping stones. They formulate the ranges of abnormal causality probabilities according to the different network conditions and further implement self-adaptive methods to capture stepping stones. To extract signatures for malwares, most existing string-based signatures extracting methods have the problem of inaccuracy and time consuming. Sun Hao et al. present a system for automatically extracting signatures from large-scale malwares, named AutoMal. The system can extract both byte signatures and hashed signatures from the malware network flows with high accuracy. Multi-interface multi-channel can reduce the channel interference and improve the network capacity for multi-hop wireless ad hoc networks. Tong Zhao et al. design a dynamic channel assignment algorithm that can dynamically switch the channels to the less busy ones by monitoring the channel usages. Moreover, the algorithm is designed in a fully distributed way with low overhead For the task allocation in wireless sensor networks (WSNs), traditional solutions for high-performance computing cannot be directly used in WSNs because of limitations of resource availability and shared communication medium. Wenzhong Guo et al. design a discrete particle swarm optimization to generate a structure of the parallel coalitions, and then introduce the game theory and

Fei Song,Zhengyang Ai,Haowei Zhang,Ilsun You,Shiyong Li

DOI: https://doi.org/10.1109/tii.2020.3029766

IF: 12.3

2021-10-01

IEEE Transactions on Industrial Informatics

Abstract:The evolution of cyber–physical system (CPS) benefits from substantial supports of many cutting-edge technologies. However, as a significant medium to bridge virtual and reality parts, the dependability of various network components is facing unprecedented challenges and threats. In this article, we propose a smart collaborative balancing (SCB) scheme to dynamically adjust the orchestration of network functions and efficiently optimize the workflow patterns. First, mathematical models of bandwidth allocation for multiuser with appropriate probability distribution are established. Matrix operations are utilized to solve the relevant issues based on individual congestion windows. Invasion defense mechanisms are also provided and discussed. Second, specific procedures of collaboration among different network components are presented. The capabilities of CPS, in terms of bandwidth allocation and invasion defense, are guaranteed via novel queueing policies and access control mechanisms. Third, we build a comprehensive prototype including multiple domains and users for validations. Experimental results in two scenarios illustrate that SCB not only supports service reliability of end hosts with different priorities, but also resists malicious attacks which are targeting the corresponding terminals inside domains. Compared to the benchmarks in software defined networks and traditional Internet, our scheme performs better in both available resource management and abnormal flow recognition aspects.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Zhang Baowen,Chang Xiao,Li Jianhua

DOI: https://doi.org/10.1049/cje.2020.02.017

IF: 1.019

2020-01-01

Chinese Journal of Electronics

Abstract:As a new security defense theory, Cyberspace mimic defense（CMD） provides an architecture named Dynamic heterogeneous redundancy（DHR） to enhance the defense level of system security. Due to the new dynamic defense mechanism DHR introduced in CMD systems, traditional security modelling and analysis methods can hardly be used for them. In this paper, we propose a Security ontology-based modelling method for CMD systems（SOCMD）, which uses ontology to represent DHR components and to define their inner relationships. SOCMD also connects information components including DHRs with security vulnerabilities,threats and attackers in cyberspace. Next, attacking rules,multi-mode arbitration mechanism and combination rules are designed with SOCMD for CMD systems and a new logical-checking method is proposed to make judgement about the security state of SOCMD. Finally, different use cases and performance tests are developed to demonstrate the application process for the model and to verify the validity of our method.

Zhiyong Zhang,Tao Huang,Qingtao Wu,Jiexin Pu

DOI: https://doi.org/10.4028/www.scientific.net/kem.460-461.96

2010-01-01

Advanced Materials Research

Abstract:Nowadays open and distributed Computer Supported Cooperative Work (CSCW) systems are faced with security challenges due to large numbers of cooperative users, and a mass of valued data resources need to be protected against unauthorized usage, disseminations and share. To this end, role-based collaboration framework and access control approaches have been a focus in recent years, but there lack of a holistic and comprehensive model and visual modeling. We proposed and formalized a CSCW-enabling access control model integrating generic centralized authorization and distributed authority delegation, called IACM (Integrated Access Control Model) for CSCW, based on the cooperative roles and their owned activities. And then, the visual modeling was represented with static and dynamic characteristics, with a goal to narrow the gap of the formalized model and application level. Finally, an application in the collaboration system for equipments manufacture designing was implemented to improve security of the role-based centralized authorization management by using the authorization constraint rules, and to enhance the collaborative capability based on the user-side delegation mechanism, effectively guaranteeing CSCW system security and authorization management efficiency.

Ke Chen,Gang Chen,Tianlei Hu,Jinxiang Dong

DOI: https://doi.org/10.1109/CSCWD.2005.194295

2005-01-01

Abstract:With the rapid development of CSCW techniques, CSCW system security has been of much attention. Its major challenge comes from malicious attacks, which cannot be handled by traditional security mechanisms, such as authorization, access control, encryption, etc. Although there existed some intrusion detection systems, current researches on intrusion detection are still insufficient in accuracy and efficiency for two reasons: firstly, most of them implement malicious transaction detection only by matching samples with predefined patterns; secondly, most current researches mainly resort to semantic analyzing or even only manual interventions to judge the malicious attacks. Inspired by the replication technique, we propose and implement a novel logical replication-based intrusion detection solution for CSCW system in this paper. It provides an additional layer of defense against application attacks, especially program attacks. The approach entitles the system to detect malicious intrusions efficiently at low false positive rate.

Garegin Grigoryan,Yaoqing Liu,Laurent Njilla,Charles Kamhoua,Kevin Kwiat

DOI: https://doi.org/10.1109/ICC.2018.8423017

2018-06-06

Abstract:Internet of Things (IoT) is becoming an increasingly attractive target for cybercriminals. We observe that many attacks to IoTs are launched in a collusive way, such as brute-force hacking usernames and passwords, to target at a particular victim. However, most of the time our defending mechanisms to such kind of attacks are carried out individually and independently, which leads to ineffective and weak defense. To this end, we propose to leverage Software Defined Networks (SDN) to enable cooperative security for legacy IP-based IoT devices. SDN decouples control plane and data plane, and can help bridge the knowledge divided between the application and network layers. In this paper, we discuss the IoT security problems and challenges, and present an SDN-based architecture to enable IoT security in a cooperative manner. Furthermore, we implemented a platform that can quickly share the attacking information with peer controllers and block the attacks. We carried out our experiments in both virtual and physical SDN environments with OpenFlow switches. Our evaluation results show that both environments can scale well to handle attacks, but hardware implementation is much more efficient than a virtual one.

Networking and Internet Architecture