WUChunming

DOI: https://doi.org/10.3969/j.issn.1009-6868.2016.01.009

2016-01-01

Abstract:Dynamic network proactive security defence is an effective method for solving the unknown vulnerabilities and back door attacks in the information system. In this paper, the evolution defense mechanism (EDM) is proposed. According to the security status, network system security needs, EDM can select the best network configuration change elements to deal with potential attacks and ensure the safety requirements of a specific level. Dynamic reconfiguration and changes of the network need to be considered in accordance with the security situation of the system and the possible network attacks. The key is how to detect and the security situation and network attacks. It proposes that study on dynamic network proactive security defense in China is in the initial stage, and there is stil much work to do.

Haifeng Zhou,Chunming Wu,Ming Jiang,Boyang Zhou,Wen Gao,Tingting Pan,Min Huang

DOI: https://doi.org/10.1109/mcom.2015.7081074

IF: 9.03

2015-01-01

IEEE Communications Magazine

Abstract:The past few years have witnessed revolutionary advances in network technology. Along with new techniques such as SDN come lots of new network security challenges. Conventional network security mechanisms are incompetent to overcome these challenges, since they are built on a static network configuration that facilitates attackers in finding the weaknesses of a network. In this article, we conceive a novel conceptual network security mechanism, the evolving defense mechanism (EDM), to resolve current and future security problems. EDM is based on a bio-inspired idea of network configuration variations. According to the security requirements of the system, the user, and the network security state, EDM selects an efficient network configuration variation strategy to prevent corresponding security threats. Combined with SDN implementation, EDM resolves security problems from a new angle and is capable of evolving with new network security technology. We sketch a way to implement EDM and present its reference framework, which serves as an ecosystem and coexisting environment for various kinds of network configuration variations. The proposed mechanism avoids the deficiency of conventional mechanisms and has potential to cope with emerging security threats.

LIN Junhao,FENG Dongqin

DOI: https://doi.org/10.11959/j.issn.2096−6652.202006

2020-01-01

Abstract:Compared with traditional network security defense methods,industrial system security protection research based on process flow has become an important research direction in the field of industrial security.An improved backward cloud algorithm based on first order absolute central moment (BC-1stM) non-deterministic reverse cloud method was proposed,which was modeled by the time series and the normal state of the process flow.The security protection detection and alarm based on the process attack mode in the industrial system was realized,and Tennessee Eastman chemical process platform was adopted to validate the algorithm.The results show that the model had a high precision in the detection of attack behavior and detection of attack points,and improved the security protection capability of industrial systems.

Sheng Xu,Yongxiang Xia,Hui-Liang Shen

DOI: https://doi.org/10.1109/jsyst.2022.3150576

IF: 4.802

2022-01-01

IEEE Systems Journal

Abstract:In this article, we study how to resist malware attacks in cyber-physical power systems (CPPSs) through cyber protection. A model that incorporates the power flow analysis, the cyber monitoring and control, and the factor of cyber protection is proposed to simulate malware attacks in CPPSs. Meanwhile, an evaluation method is also developed to estimate the effectiveness of different cyber protection strategies. Through simulations, we conduct case studies in a test CPPS generated by coupling the IEEE 118 Bus System with a scale-free communication network. The protection effects of three heuristic cyber protection strategies, namely, target protection, random protection, and acquaintance protection are compared and analyzed. Simulation results reveal that compared with the other two strategies, target protection can suppress malware propagation and resist malware attacks more effectively. Moreover, we also investigate the optimal cyber protection problem in CPPSs and formulate it as a zero-one integer programming problem. We solve the problem by genetic algorithm and find that some low-degree cyber nodes also play a significant role in resisting malware attacks in CPPSs, especially when the protection budget is tight.

Meng-zhou Gao,Dong-qin Feng

DOI: https://doi.org/10.1631/fitee.1700334

IF: 2.526

2018-01-01

Frontiers of Information Technology & Electronic Engineering

Abstract:Security issues in networked control systems (NCSs) have received increasing attention in recent years. However, security protection often requires extra energy consumption, computational overhead, and time delays, which could adversely affect the real-time and energy-limited system. In this paper, random cryptographic protection is implemented. It is less expensive with respect to computational overhead, time, and energy consumption, compared with persistent cryptographic protection. Under the consideration of weak attackers who have little system knowledge, ungenerous attacking capability and the desire for stealthiness and random zero-measurement attacks are introduced as the malicious modification of measurements into zero signals. NCS is modeled as a stochastic system with two correlated Bernoulli distributed stochastic variables for implementation of random cryptographic protection and occurrence of random zero-measurement attacks; the stochastic stability can be analyzed using a linear matrix inequality (LMI) approach. The proposed stochastic stability analysis can help determine the proper probability of running random cryptographic protection against random zero-measurement attacks with a certain probability. Finally, a simulation example is presented based on a vertical take-off and landing (VTOL) system. The results show the effectiveness, robustness, and application of the proposed method, and are helpful in choosing the proper protection mechanism taking into account the time delay and in determining the system sampling period to increase the resistance against such attacks.

Yu Zheng,Zheng Li,Xiaolong Xu,Qingzhan Zhao

DOI: https://doi.org/10.1016/j.dcan.2021.07.006

IF: 6.348

2021-07-01

Digital Communications and Networks

Abstract:Driven by the rapid development of the Internet of Things, cloud computing and other emerging technologies, the connotation of cyber space is constantly expanding and becoming the fifth dimension of human activities. However, security problems in cyber space are becoming serious, and traditional defense measures (e.g., firewall, intrusion detection systems and security audit) often fall into a passive situation of being prone to attacks and difficult to take effect when responding to new types of network attacks with higher and higher degree of coordination and intelligence. By constructing and implementing the diverse strategy of dynamic transformation, the configuration characteristics of systems are constantly changing and the probability of vulnerability exposure is increasing. Therefore, the difficulty and cost of attack are increasing, which provides new ideas for reversing the asymmetric situation of defense and attack in cyber space. Nonetheless, there are few related works that systematically introduce dynamic defense mechanisms for cyber security. The related concepts and development strategies of dynamic defense are rarely analyzed and summarized. To bridge this gap, we conduct a comprehensive and concrete survey of recent research efforts on dynamic defense in cyber security. Specifically, we firstly introduce basic concepts and define dynamic defense in cyber security. Next, we review the architectures, enabling techniques and methods for moving target defense and mimic defense. This is followed with taxonomically summarizing the implementation and evaluation of dynamic defense. Finally, we discuss some open challenges and opportunities on dynamic defense in cyber security.

Han Qin,Jiaming Weng,Dong Liu,Donglian Qi,Yufei Wang

DOI: https://doi.org/10.17775/cseejpes.2020.04550

IF: 6.014

2024-01-01

CSEE Journal of Power and Energy Systems

Abstract:With the help of advanced information technology, real-time monitoring and control levels of cyber-physical distribution systems (CPDS) have been significantly improved. However due to the deep integration of cyber and physical systems, attackers could still threaten the stable operation of CPDS by launching cyber-attacks, such as denial-of-service (DoS) attacks. Thus, it is necessary to study the CPDS risk assessment and defense resource allocation methods under DoS attacks. This paper analyzes the impact of DoS attacks on the physical system based on the CPDS fault self-healing control. Then, considering attacker and defender strategies and attack damage, a CPDS risk assessment framework is established. Furthermore, risk assessment and defense resource allocation methods, based on the Stackelberg dynamic game model, are proposed under conditions in which the cyber and physical systems are launched simultaneously. Finally, a simulation based on an actual CPDS is performed, and the calculation results verify the effectiveness of the algorithm.

LI Peikai,LIU Yun,XIN Huanhai,QI Donglian

DOI: https://doi.org/10.7500/AEPS20170705002

2018-01-01

Abstract:Distributed cooperative control mode is an effective approach to overcome the problem of integrating multiple and strongly random distributed generators (DGs) into cyber physical system in distribution network.However,due to the integration between cyber and physical layers,cyber attacks could threat the safe and stable operation of power system through invading the cyber system.A dynamic attack-defense game model based vulnerability assessment of cyber-physical system (CPS)in distribution network is proposed.Firstly,a cooperative control strategy of DGs is described,and its convergence property is analyzed and summarized.Then,a risk assessment of CPS in distribution network is developed,which integrates the risk assessment method,the cooperative control strategy of DGs and strategies of attacker and defender.After that,the dynamic attack-defense game function and its solving steps are designed,which achieves the vulnerability assessment of CPS in distribution network with distributed cooperative control mode.Finally,the effectiveness of the proposed method is verified through simulations involving the IEEE 34-bus distribution network.

Mengliang Li,Xiaoxue Ren,Han Fu,Zhuo Li,Jianling Sun

DOI: https://doi.org/10.1109/issre59848.2023.00025

2023-01-01

Abstract:Smart contracts are essential for executing computing logic on blockchain networks. However, they are also susceptible to various vulnerabilities. In recent years, the detection of smart contract vulnerabilities has become a significant concern due to the substantial losses caused by hacker attacks. Traditional vulnerability detection approaches rely on expert rules, which often suffer from limitations in accuracy and completeness. Deep learning-based methods offer better coverage of vulnerabilities but may overlook certain vulnerability characteristics and suffer from overfitting during training. In this paper, we propose a novel approach called ConvMHSA-SCVD, which combines knowledge-driven and data-driven algorithms together to detect smart contract vulnerabilities. By incorporating feature selection, data balancing, and a combination of multi-channel convolution and multi-head self-attention neural networks, our ConvMHSA-SCVD achieves effective vulnerability detection in smart contracts. Extensive experiments demonstrate that our approach outperforms the state-of-the-art method in accuracy and F1 score, with improvements ranging from 0.4% to 3.84% and 1.28% to 1.90%, respectively.

Zhengwei Jiang,Chenyang Lv,Bo Zhang,Chao Zhang,Wei Lu,Shouling Ji

DOI: https://doi.org/10.1007/978-3-030-16946-6_31

2020-01-01

Abstract:To earning unfair profits, adversaries can attack the legitimate nodes in the Bitcoin network with selfish mining, the eclipse attack and the information delaying attack. In this paper, we study the patterns of the above attacks and then present a scheme to enhance the security of the Bitcoin network. First, we propose a new structure for the Bitcoin network called double-layer dynamic network, which improves the defense capability of Bitcoin against several attacks. Second, we design a new structure for the blocks in the Bitcoin network, which provides a way to store the IP addresses in the blocks. Third, we present a novel network protocol named dynamic network configuration for public blockchain. Our protocol pushes the updating of IP addresses in the blocks and changes the construction of the network periodically. From theoretical analysis and simulated evaluation, we find that under our protocol, the Bitcoin network can defend against the selfish mining, the eclipse attack and the information delaying attack effectively.

Chen Wanfa,Zheng Qing'an,Chen Shuzhen,Fu Hongyi,Chen Liang

DOI: https://doi.org/10.23919/jcc.fa.2023-0715.202406

2024-06-21

China Communications

Abstract:In recent years, blockchain technology integration and application has gradually become an important driving force for new technological innovation and industrial transformation. While blockchain technology and applications are developing rapidly, the emerging security risks and obstacles have gradually become prominent. Attackers can still find security issues in blockchain systems and conduct attacks, causing increasing losses from network attacks every year. In response to the current demand for blockchain application security detection and assessment in all industries, and the insufficient coverage of existing detection technologies such as smart contract detectiontechnology, this paper proposes a blockchain core technology security assessment system model, and studies the relevant detection and assessment key technologies and systems. A security assessment scheme based on a smart contract and consensus mechanism detection scheme is designed. And the underlying blockchain architecture supports the traceability of detection results using super blockchains. Finally, the functionality and performance of the system were tested, and the test results show that the model and solutions proposed in this paper have good feasibility.

telecommunications

Yinghui Wang,Bin Yu,Haiyang Yu,Lingyun Xiao,Haojie Ji,Yanan Zhao

DOI: https://doi.org/10.1109/jsyst.2022.3230097

IF: 4.802

2022-01-01

IEEE Systems Journal

Abstract:As a promising technology, connected and autonomous vehicle (CAV) can reduce energy consumption and improve transportation safety. Nevertheless, as more enabling technologies are embedded in vehicles, the CAV is becoming more vulnerable to cybersecurity threats. Priority must be given to highly sensitive, life-threatening vulnerabilities. Therefore, an improved vulnerability assessment method for CAVs is proposed in this article, in which the common vulnerability scoring system (CVSS) and Bayes theory are adopted. Compared to the classical CVSS method, our scheme considers the impact of exploited vulnerabilities on the real world. In the meantime, a Bayesian network vulnerability classification model based on the $\text{CVSS}_{\text{CAV}}$ method is designed to resolve the problem that the CAVs' vulnerability dataset is small and incomplete. The case study as well as simulation results with different datasets or algorithms indicate that our proposal is effective for vehicle vulnerability evaluation.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Khush Shah,Nilesh Kumar Jadav,Sudeep Tanwar,Anupam Singh,Costel Pleșcan,Fayez Alqahtani,Amr Tolba,Fayez AlqahtaniÂ,Amr TolbaÂ

DOI: https://doi.org/10.3390/math11194062

IF: 2.4

2023-09-25

Mathematics

Abstract:The rapid expansion of the Internet of Things (IoT) on a global scale has facilitated the convergence of revolutionary technologies such as artificial intelligence (AI), blockchain, and cloud computing. The integration of these technologies has paved the way for the development of intricate infrastructures, such as smart homes, smart cities, and smart industries, that are capable of delivering advanced solutions and enhancing human living standards. Nevertheless, IoT devices, while providing effective connectivity and convenience, often rely on traditional network interfaces that can be vulnerable to exploitation by adversaries. If not properly secured and updated, these legacy communication protocols and interfaces can expose potential vulnerabilities that attackers may exploit to gain unauthorized access, disrupt operations, or compromise sensitive data. To overcome the security challenges associated with smart home systems, we have devised a robust framework that leverages the capabilities of both AI and blockchain technology. The proposed framework employs a standard dataset for smart home systems, from which we first eliminated the anomalies using an isolation forest (IF) algorithm using random partitioning, path length, anomaly score calculation, and thresholding stages. Next, the dataset is utilized for training classification algorithms, such as K-nearest neighbors (KNN), support vector machine (SVM), linear discriminate analysis (LDA), and quadratic discriminant analysis (QDA) to classify the attack and non-attack data of the smart home system. Further, an interplanetary file system (IPFS) is utilized to store classified data (non-attack data) from classification algorithms to confront data-manipulation attacks. The IPFS acts as an onsite storage system, securely storing non-attack data, and its computed hash is forwarded to the blockchain's immutable ledger. We evaluated the proposed framework with different performance parameters. These include training accuracy (99.53%) by the KNN classification algorithm and 99.27% by IF for anomaly detection. Further, we used the validation curve, lift curve, execution cost of blockchain transactions, and scalability (86.23%) to showcase the effectiveness of the proposed framework.

mathematics

Libao SHI,Zhou JIAN

DOI: https://doi.org/10.7500/AEPS20160510002

2016-01-01

Abstract:This article aims to explore and exploit the vulnerability assessment method of modern power grid facing deliberate attack by applying relevant knowledge of the game theory in the scenario of cyber physical power system under the threat of deliberate attack. The vulnerability assessment framework of cyber physical power system pertinent to the attack-defense scenario is built based on Rand Corporation's risk assessment model, and a power system attack-defence dynamic game tri-level programming model in which cyber and physical attacks are launched simultaneously is proposed according to the multi-level programming model generally applied in the game theory. The corresponding solving method of the tri-level programming model is discussed and, in the process of solution, a kind of optimal defense resource allocation strategy is used to effectively obtain the resource required on the components of the power grid. The effectiveness and validity of the proposed framework and method are demonstrated by application examples. © 2016 Automation of Electric Power Systems Press.

Zhetong Ding,Chunyu Chen,Mingjian Cui,Wenjun Bi,Yang Chen,Fangxing Li

DOI: https://doi.org/10.1016/j.ress.2021.107966

2021-12-01

Abstract:Due to cyber security vulnerabilities of electrical cyber physical systems, cyber attacks against frequency-active power controllers become an emerging problem. Cyber attack-tolerant frequency control strategies are thus presented to reduce abnormal frequency excursions. These strategies mainly treat attackers as 'dumb' agents. However, attackers in some situations are more like 'intelligent' agents with initiative, who can actively and purposefully respond by considering actions of defenders. In this paper, this actively confrontational interaction is modeled by a dynamic game. We propose two types of game scenarios in the primary frequency control system. Improved Nash equilibrium-based defending strategies are studied using reinforcement learning algorithms. By testing the proposed dynamic game-based strategies on the benchmark system, the validity is verified. The proposed analytical procedure concerning dynamic games can also be extended to the study of other industrial control applications.

engineering, industrial,operations research & management science

Hongcheng Huang,Peixin Ye,Min Hu,Jun Wu

DOI: https://doi.org/10.1016/j.dcan.2022.04.008

IF: 6.348

2022-04-01

Digital Communications and Networks

Abstract:Nowadays, a large number of intelligent devices involved in the Industrial Internet of Things (IIoT) environment are posing unprecedented cybersecurity challenges. Due to the limited budget for security protection, the IIoT devices are vulnerable and easily compromised to launch Distributed Denial-of-Service (DDoS) attacks, resulting in disastrous results. Unfortunately, considering the particularity of the IIoT environment, most of the defense solutions in traditional networks cannot be directly applied to IIoT with acceptable security performance. Therefore, in this work, we propose a multi-point collaborative defense mechanism against DDoS attacks for IIoT. Specifically, for the single point DDoS defense, we design an edge-centric mechanism termed EdgeDefense for the detection, identification, classification, and mitigation of DDoS attacks and the generation of defense information. For the practical multi-point scenario, we propose a collaborative defense model against DDoS attacks to securely share the defense information across the network through the blockchain. Besides, a fast defense information sharing mechanism is designed to reduce the delay of defense information sharing and provide a responsive cybersecurity guarantee. The simulation results indicate that the identification and classification performance of the two machine learning models designed for EdgeDefense are better than those of the state-of-the-art baseline models, and therefore EdgeDefense can defend against DDoS attacks effectively. The results also verify that the proposed fast sharing mechanism can reduce the propagation delay of the defense information blocks effectively, thereby improving the responsiveness of the multi-point collaborative DDoS defense.

telecommunications

Chunyu Chen,Mingjian Cui,Xin Fang,Bixing Ren,Yang Chen

DOI: https://doi.org/10.1016/j.apenergy.2020.116015

IF: 11.2

2020-12-01

Applied Energy

Abstract:<p>Cyber attacks become emerging threats to every information-oriented energy management system. By violating the cyber systems, the hacker can disrupt the security and stability due to the strong coupling between the cyber and physical facilities. In this paper, one type of cyber attacks designated as the load altering attack is studied for the power system frequency control, and corresponding defense strategies are proposed to improve the frequency control performance. Considering the difficulty of the application of model-based controller into large-scale power systems, a novel model-free defense framework is for the first time presented. Under this framework, both active defense and passive defense strategies are designed. The former assumes that the defender has the initiative to learn different attack scenarios. Adaptive defense strategies are implemented using the online attack identification information and off-line trained strategy pool. The latter assumes that the defender passively tolerates various attack scenarios via the pre-trained off-line strategy. Both approaches prove to be effective through validation based on the IEEE benchmark systems. The proposed defense framework and defense strategies can be extended to other energy control systems to enhance their attack tolerance capability.</p>

energy & fuels,engineering, chemical

Minbin Yang

DOI: https://doi.org/10.54254/2755-2721/87/20241443

2024-07-31

Abstract:With the development of big data and artificial intelligence technologies, hacker attack techniques and capabilities have continuously improved, and the methods of network attacks have diversified. Without cybersecurity, there is no national security. Therefore, cybersecurity has become a focal point of attention. To comprehensively enhance the network security defense capabilities of computer operating systems, aligning with the rapid development trends of big data and artificial intelligence technologies, this study focuses on constructing an efficient, stable, and practical cybersecurity defense system. This system deeply integrates advanced technologies of big data analysis and artificial intelligence, thoroughly analyzing the current status of network information security in computer operating systems and closely aligning with the practical needs of design and production. The aim is to provide highly valuable reference solutions for the field of cybersecurity defense.

Qi Li,Jinxin Zuo,Ruohan Cao,Yibo Zhang,Jianrui Chen,Qiang Liu,Jingjing Wang

DOI: https://doi.org/10.1109/mnet.2023.3333545

IF: 10.294

2023-01-01

IEEE Network

Abstract:With the rapid development of intelligent connected vehicles (ICVs), their intelligent, remote, and high-speed mobility characteristics have led to an expansion of their attack surface, and thus an increase in security requirements. Consequently, security research for ICVs has become a current research focus. However, existing security risk monitoring measures lack linkage with attack behavior, and security defense strategies cannot fully and promptly respond to security risk levels and system vulnerabilities. Therefore, this paper proposes a security evaluation framework for ICVs based on attack chains. The framework focuses on the mechanism and steps of attack generation, evaluates the current risk level and degree of harm in a targeted manner, and maps appropriate security management measures according to the degree of harm. This security evaluation model integrates various defense mechanisms and resolves the mismatch between existing ICV security defense measures and security situations. The effectiveness of this model has been validated through experiments, and potential research directions in the future are discussed and analyzed.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Yanli Liu,Meng Cui

DOI: https://doi.org/10.1007/978-3-030-51431-0_39

2020-07-24

Abstract:Since the new century, with the gradual popularization of computer networks around the world, network security defense methods have become more sophisticated and comprehensive, but they are still unable to defend against increasingly sophisticated and increasingly globalized virus attacks. In the process of network use and promotion, the influence of viruses on the network and hackers’ attacks have become an important factor threatening network security. Especially when people use the Internet to pay funds, remittances and other online financial activities, network security has become a constant topic. Establishing an efficient network security incident response system is of great significance for the network to better play its role. Based on the research of network security monitoring, network attack defense, network data backup and recovery theory and technology, this paper studies the strategy model of network security incident response, and uses relevant theories and methods of software engineering, combined with programming languages, to achieve Related application modules of this model. This article implements a low-cost, high-performance multi-data backup and recovery system that works in conjunction with other security devices and systems in the network. The overall structure and workflow are analyzed and designed to achieve multi-point backup and Fast recovery, efficient synchronization strategy for remote data, etc. The experimental research found that the network security incident response system can effectively reduce the security risk of the internal network, with a security proportion of more than 92%.