Jie Lin,Xinyu Yang,Wei Yu,Xinwen Fu

DOI: https://doi.org/10.1109/GLOCOM.2011.6134278

2011-01-01

Abstract:In wireless sensor networks (WSNs), attackers could inject false data into the networks by compromising the sensor nodes. False data injected by the compromised nodes, if undetected, could not only cause false alarms but also consume the limited energy of the sensor nodes, posing serious threats to the lifetime of networks. To mitigate this type of attacks, a number of en-route filtering schemes to filter false data inside the networks have been developed in the past. However, there is lack of a systematical strategy to evaluate those schemes and establishing a foundation for designing en-route filtering techniques. To address these issues, we compare the pros and cons of the existing enroute filtering schemes. To fairly compare the performance of those schemes, we conduct theoretical analysis and derive a set of closed formulae for them. Our extensive simulations validate our findings. Our research summarizes the state-of-art research development and lay out future directions in this area.

Feng Yang,Xuehai Zhou,Shuguang Zhang

DOI: https://doi.org/10.1109/wicom.2008.922

2008-01-01

Abstract:False data injection (FDI) is great threat to wireless sensor networks. Public key cryptography (PKC) is desirable to locate source nodes that are launching false data injection attacks. Because PKC is expensive to sensor nodes, they could only afford a small number of these operations. In this paper, a hierarchical traceback mechanism is proposed. A sensor field is divided into some levels, and in every step of traceback process the source node is located in a smaller level. The performance of the mechanism is thoroughly evaluated, and only O(logn) packets would be verified in order to locate a source node.

Feng Yang,Xuehai Zhou,Qjyuan Zhang,Jing Xie

DOI: https://doi.org/10.1109/ccnc08.2007.157

2008-01-01

Abstract:False data injection is a big threat to sensor networks. A traceback mechanism based on probabilistic packet marking is proposed in this paper. The performance of the basic marking method is thoroughly studied. There is a defect in the basic marking method that upstream nodes' marks are collected by the sink with low probability. To solve the problem, two different improved marking methods-EPPM&EPNM-are proposed. Every node's marking is collected by the sink with approximately equal probability in EPPM. The sink can locate every node by collecting packets of approximately equal number in EPNM.

Jun Xu,Xuehai Zhou,Feng Yang

DOI: https://doi.org/10.1109/WICOM.2010.5600866

2010-01-01

Abstract:Sensor nodes are likely to be deployed in hostile locations which are accessible to an attacker. Thus these nodes are prone to be captured and compromised by adversities. An attacker can use these compromised nodes to launch various attacks, a serious one of which is false data injection. These compromised nodes inject large of bogus packets to flood the network, which can lead to exhaust the network resources. We propose an edge-based traceback scheme to locate the source nodes. When one packet is forwarding to the sink, each edge on the forwarding path is marked by certain probability and this mark is written into the marking field of the packet. Thus each packet will contain partial path information. Finally the sink can construct the whole attach path by collecting enough packets. Our scheme can trace down the source efficiently with low marking overhead.

Qiaomu Jiang,Huifang Chen,Lei Xie,Kuang Wang

DOI: https://doi.org/10.1109/smartgridcomm.2017.8340659

2017-01-01

Abstract:State estimation plays a critical role in the smart grid systems. However, according to recent researches, it is evident that a well-designed false data injection attack (FDIA) can bypass the security system and mislead the state estimator. Therefore, detecting such kind of attack efficiently is critical to ensuring the reliability of the smart grid systems. In this paper, we study the real-time FDIA detection mechanism. In the proposed mechanism, we use a residual prewhitening procedure to resolve the problem in the existing real-time FDIA detection mechanism, which is the covariance matrix of the residual is not full rank. Then, we construct a two-sided vector parameter test statistic, and propose a real-time FDIA detection method based on the cumulative sum (CUSUM) of the one-shot statistic. Moreover, the asymptotic closed-form expressions of the detection performance of the proposed method, in terms of the false-alarm period and the average detection delay, are theoretically derived. Numerical results validate that the proposed real-time detection method can detecte the FDIA efficiently.

ZHANG Shu-guang,ZHOU Xue-hai,YANG Feng,XU Jun

DOI: https://doi.org/10.13190/j.jbupt.2016.01.012

2016-01-01

Abstract:Aiming at the problem of current false data filtering strategies that cannot prevent legitimate packets from discarded by the malicious nodes selectively, an en-route filtering strategy was put forward against selectively discarding packets. In this strategy, each node keeps its one-hop and two-hop neighbor nodes' identifications as well as one-way chain keys. Moreover, what the forwarded packets attached is the latest one-way chain keys of L nodes, not the message authentication codes in traditional en-route fil-tering strategies. Additionally, this strategy uses the stepwise certification to submit data packets by mo-nitoring the communications between common neighbor nodes. Experiment shows that the strategy not on-ly can efficiently filter false data, but also can prevent malicious nodes from selectively discarding pack-ets.

Shuguang Zhang,Xuehai Zhou,Feng Yang,Jun Xu

DOI: https://doi.org/10.6180/jase.2015.18.4.11

2015-01-01

Abstract:The false data injection attack has been regarded as a significant challenge in wireless sensor networks. Malicious nodes could launch false data injection attacks by sending a lot of forged packets, in order to exhaust network resources and influence the user decision. In order to efficiently locate the malicious nodes, this paper proposes an edge marking strategy based on two-hop neighbor information. Sensor nodes are divided into two types-marking nodes and non-marking nodes in this method, and only marking nodes need to mark packets with certain probability. The Sink nodes will trace the malicious nodes by using the received traceback information of packet marking. Theoretical analysis and experimental results demonstrate that the strategy only needs the marking nodes to reconstruct the attack path. Furthermore, due to the reason that the path between adjacent marking nodes can be obtained by two-hop neighbor information, the reconstruction attack path length is reduced to 50% of traditional methods, and the number of packets needed is greatly reduced.

Jianzhong Li,Lei Yu,Hong Gao,Shuguang Xiong

DOI: https://doi.org/10.1109/tpds.2011.217

IF: 5.3

2012-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:In wireless sensor networks, the adversary may inject false reports to exhaust network energy or trigger false alarms with compromised sensor nodes. In response to the problems of existing schemes on the security resiliency, applicability and filtering effectiveness, this paper proposes a scheme, referred to as Grouping-enhanced Resilient Probabilistic En-route Filtering (GRPEF). In GRPEF, an efficient distributed algorithm is proposed to group nodes without incurring extra groups, and a multiaxis division based approach for deriving location-aware keys is used to overcome the threshold problem and remove the dependence on the sink immobility and routing protocols. Compared to the existing schemes, GRPEF significantly improves the effectiveness of the en-route filtering and can be applied to the sensor networks with mobile sinks while reserving the resiliency.

杨峰,周学海,张起元,谢婧,章曙光

DOI: https://doi.org/10.3321/j.issn:0372-2112.2009.01.037

2009-01-01

Tien Tzu Hsueh Pao/Acta Electronica Sinica

Abstract:Sensor nodes can be compromised by attackers and inject large amounts of bogus data to exhaust network resources. A practical traceback mechanism is proposed, in which each forwarding node marks packets with a certain probability. By collecting enough packets, sink node will construct a path back to the source node. It is proved that the mechanism is secure against all forms of attacks and other two marking methods are proposed to improve the performance of the mechanism. Simulation results show that the mechanism is efficient and practical.

YANG Feng,ZHOU Xue-hai,ZHANG Qi-yuan

DOI: https://doi.org/10.3969/j.issn.1007-130x.2010.11.005

2010-01-01

Abstract:Sensor nodes can be compromised by attackers and inject large amounts of bogus data to exhaust network resources.En-route filtering is an effective way to defeat false data injection attacks.We consider two factors that often are overlooked before:coverage and real-timeness.A stepwise refinement distributed group joining method is proposed to improve the coverage performance.En-route nodes dynamically determine whether first to verify a message or first to forward the message.If the network is attacked,the forwarding nodes will verify messages first;otherwise,forwarding nodes will forward message first.We compare the proposed scheme with the traditional ones,and show that the scheme can improve coverage and reduce delay efficiently.

Qiyuan Zhang,Xuehai Zhou,Feng Yang,Xi Li

DOI: https://doi.org/10.1109/WICOM.2007.619

2007-01-01

Abstract:Sensor nodes can be compromised by attackers to launch various attacks, one of which is false data injection attack. The attacker injects large amount of bogus data through the compromised node. This will lead to network resources exhaustion. We propose a novel contact-based approach (CTrace) to traceback to the attack origins. In CTrace, each node maintains information of its neighbors in proximity of radius R hops. The node at R hops away is called contact. With certain probability, each node marks its identification information into an arriving packet. By collecting a few packets, each node is able to construct a partial attack path back to one of its contact. CTrace build the whole attack path using a series of REQ and PATH_SEG message exchanges between a sensor node and its contact. CTrace requires only a small number of packets to track down the source node injecting false data.

Jiayu Zhou,Wen Yang,Heng Zhang,Wei Xing Zheng,Yong Xu,Yang Tang

DOI: https://doi.org/10.1016/j.automatica.2021.110151

IF: 6.4

2022-01-01

Automatica

Abstract:This paper investigates the distributed state estimation for multi-sensor networks under false data injection attacks. The well-known χ2 detector is first considered for detecting the authenticity of the transmitted data. A necessary and sufficient condition for the insecurity of the distributed estimation system is derived under which the hostile attacks can bypass the false data detector and degrade the estimation performance. Moreover, an algorithm for generating false data is provided to keep the attack stealthy. In order to overcome the detection vulnerability, a new protection strategy is proposed to ensure that the distributed estimator is secure under false data injection attacks. It is worth emphasizing that the strategy adopts a stochastic rule instead of a fixed threshold to detect suspicious data, which effectively avoids the occurrence of the truncated Gaussian distribution. A simulation example of moving vehicle is presented to demonstrate the effectiveness of the developed approaches.

Xinyu Yang,Jie Lin,Wei Yu,Xinwen Fu,Genshe Chen,Erik P. Blasch

DOI: https://doi.org/10.4018/978-1-4666-0104-8.ch015

2012-01-01

Abstract:Cyber-physical systems (CPS) are systems with a tight coupling of the cyber aspects of computing and communications with the physical aspects of dynamics and engineering that abide by the laws of physics. The real-time monitoring provided by wireless sensor networks (WSNs) is essential for CPS, as it provides rich and pertinent information on the condition of physical systems. In WSNs, the attackers could inject false measurements to the controller through compromised sensor nodes, which not only threaten the security of the system, but also consume significant network resources and pose serious threats to the lifetime of sensor networks. To mitigate false data injection (FDI) measurement attacks, a number of situation aware en-route filtering schemes to filter false data inside the networks have been developed. In this book chapter, the authors first review those existing situation aware en-route filter mechanisms such as: Statistical En-route Filtering (SEF), Location-Based Resilient Secrecy (LBRS), Location-ware End-to-end Data Security (LEDS), and Dynamic En-route Filtering Scheme (DEFS). The authors then compare the performance of those schemes via both the theoretical analysis and simulation study. These extensive simulations validate findings that most of the schemes can filter out false data within few hops, and the filtering efficiency increases as the number of hops increases and the filtering efficiency of most schemes decreases rapidly as the number of compromised nodes increases.

Jun Xu,Xuehai Zhou,Feng Yang

DOI: https://doi.org/10.1007/s11704-011-0361-y

2011-01-01

Frontiers of Computer Science in China

Abstract:In a hostile environment, sensor nodes may be compromised and then be used to launch various attacks. One severe attack is false data injection which is becoming a serious threat to wireless sensor networks. An attacker uses the compromised node to flood the network and exhaust network resources by injecting a large number of bogus packets. In this paper, we study how to locate the attack node using a framework of packet marking and packet logging. We propose a combined packet marking and logging scheme for traceback (CPMLT). In CPMLT, one packet can be marked by up to M nodes, each node marks a packet with certain probability. When one packet is marked by M nodes, the next marking node will log this packet. Through combining packet marking and logging, we can reconstruct the entire attack path to locate the attack node by collecting enough packets. In our simulation, CPMLT achieves fast traceback with little logging overhead.

Yuhan Suo,Senchun Chai,Runqi Chai,Zhong-Hua Pang,Yuanqing Xia,Guo-Ping Liu

DOI: https://doi.org/10.1109/TIFS.2023.3340098

2023-12-18

Abstract:In large-scale networks, communication links between nodes are easily injected with false data by adversaries. This paper proposes a novel security defense strategy from the perspective of attack detection scheduling to ensure the security of the network. Based on the proposed strategy, each sensor can directly exclude suspicious sensors from its neighboring set. First, the problem of selecting suspicious sensors is formulated as a combinatorial optimization problem, which is non-deterministic polynomial-time hard (NP-hard). To solve this problem, the original function is transformed into a submodular function. Then, we propose an attack detection scheduling algorithm based on the sequential submodular optimization theory, which incorporates \emph{expert problem} to better utilize historical information to guide the sensor selection task at the current moment. For different attack strategies, theoretical results show that the average optimization rate of the proposed algorithm has a lower bound, and the error expectation is bounded. In addition, under two kinds of insecurity conditions, the proposed algorithm can guarantee the security of the entire network from the perspective of the augmented estimation error. Finally, the effectiveness of the developed method is verified by the numerical simulation and practical experiment.

Systems and Control

Jiamin Hu,Xiaofan Yang,Lu-Xing Yang

DOI: https://doi.org/10.3390/s24051643

IF: 3.9

2024-03-03

Sensors

Abstract:False data injection attacks (FDIAs) on sensor networks involve injecting deceptive or malicious data into the sensor readings that cause decision-makers to make incorrect decisions, leading to serious consequences. With the ever-increasing volume of data in large-scale sensor networks, detecting FDIAs in large-scale sensor networks becomes more challenging. In this paper, we propose a framework for the distributed detection of FDIAs in large-scale sensor networks. By extracting the spatiotemporal correlation information from sensor data, the large-scale sensors are categorized into multiple correlation groups. Within each correlation group, an autoregressive integrated moving average (ARIMA) is built to learn the temporal correlation of cross-correlation, and a consistency criterion is established to identify abnormal sensor nodes. The effectiveness of the proposed detection framework is validated based on a real dataset from the U.S. smart grid and simulated under both the simple FDIA and the stealthy FDIA strategies.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Yuhang Yang,Xiangzhou Gao,Shenmin Song,Zhiqiang Li

DOI: https://doi.org/10.1109/tnse.2024.3486451

IF: 6.6

2024-01-01

IEEE Transactions on Network Science and Engineering

Abstract:Existing distributed state estimation algorithms usually show satisfactory performance when dealing with data bias caused by network-induced phenomena. However, the security characteristics of these algorithms are often significantly affected by more complex and severe network attacks. Specifically, due to the lack of dynamic adaptability and abnormal data detection ability of the estimator, the estimator may deteriorate significantly or even diverge, which poses a serious threat to the stability and reliability of the system. To remedy this issue, we propose a distributed estimation algorithm based on the classical Kalman consensus filter framework. The accuracy of the estimator is significantly improved by utilizing the innovation of neighbor nodes. Furthermore, we construct an adaptive weight allocation mechanism based on the principle of minimizing the estimation error variance according to the possible accuracy differences between different estimators. This mechanism can evaluate the data accuracy of each node, and dynamically adjust its weight accordingly. Subsenquently, an event-triggered detector with random thresholds is designed to enhance the anti-attack ability of the estimator. The detector can monitor the data flow in the network in real time, and identify the potential abnormal or attack behavior by setting dynamic thresholds. Once abnormal data is detected, the detector can immediately trigger corresponding countermeasures to block the propagation path of erroneous data and protect the safe and stable operation of the system. Simulation results are employed to validate the effectiveness of the proposed method.

Yuanyuan Xia,Wen Yang,Zhiyun Zhao

DOI: https://doi.org/10.1016/j.ejcon.2018.11.004

IF: 2.649

2019-01-01

European Journal of Control

Abstract:In this paper, we consider the attack detection issues for consensus-based distributed filtering. Assume that a malicious attacker exists who can tamper the data transmitted on the communication channel. First, we design a residue-based detector for each sensor to decide whether the received data is malicious or not. Then, we design an optimal estimator for the networked system with the proposed detector. Further, we prove that the proposed detector based on a stochastic rule does not destroy the Gaussianity of the innovation, and provide a sufficient condition to guarantee the convergence of the estimation error covariance. Finally, we provide some examples to verify the effectiveness of the proposed detector under integrity attacks.

Feng Yang,Xuehai Zhou,Qiyuan Zhang

DOI: https://doi.org/10.1007/978-3-642-13067-0_17

2010-01-01

Abstract:En-route filtering is an effective way to defeat false data injection attacks Different from traditional one-dimensional en-route filtering mechanisms, we propose a multi-dimensional resilient statistical en-route filtering mechanism (MDSEF) In MDSEF, the overall key pool is divided into multiple sets and each set is composed of a number of groups where each group is composed of a number of keys Each node could join one group in each set and obtain some keys from these groups Since each node obtains keys from multiple groups, the covering performance and filtering effectiveness of the mechanism can be improved simultaneously An axis-rotation method is proposed to associate the terrain with multiple sets and implement location-based key derivation Moreover, a stepwise refinement distributed group joining method is proposed for nodes' group selection Analysis and simulation results show that MDSEF could significantly improve the covering performance and filtering effectiveness without losing the resiliency against node compromise.

Chaoqun Yang,Li Feng,Heng Zhang,Shibo He,Zhiguo Shi

DOI: https://doi.org/10.1109/tsipn.2018.2790361

2018-01-01

IEEE Transactions on Signal and Information Processing over Networks

Abstract:Networked radar systems are vulnerable to different types of attacks, including electronic countermeasure (ECM) jamming and false data injection (FDI) attack. Substantial research has concentrated on ECM jamming, which interferes with radar echoes between a radar and targets. However, FDI attack in which an attacker somehow replaces or modifies radars' measurements, has rarely been considered. FDI attack is much stealthier than ECM jamming, making detection more difficult. In this paper, we take the first attempt to investigate the FDI attack's effects on a networked radar system. Further, we propose a novel data fusion algorithm to combat this attack. The proposed algorithm can dramatically reduce the attack's adverse effects, since it creatively introduces data's confidence factors into data fusion and adaptively decreases the fusion weights of the injected data. Numerical results verify the effectiveness of the proposed algorithm.