Jiajun Shen,Dongqin Feng

DOI: https://doi.org/10.1080/00207721.2017.1406555

IF: 2.648

2018-01-01

International Journal of Systems Science

Abstract:In this paper, the cross-layer security problem of cyber-physical system (CPS) is investigated from the game-theoretic perspective. Physical dynamics of plant is captured by stochastic differential game with cyber-physical influence being considered. The sufficient and necessary condition for the existence of state-feedback equilibrium strategies is given. The attack-defence cyber interactions are formulated by a Stackelberg game intertwined with stochastic differential game in physical layer. The condition such that the Stackelberg equilibrium being unique and the corresponding analytical solutions are both provided. An algorithm is proposed for obtaining hierarchical security strategy by solving coupled games, which ensures the operational normalcy and cyber security of CPS subject to uncertain disturbance and unexpected cyberattacks. Simulation results are given to show the effectiveness and performance of the proposed algorithm.

Dezhang Kong,Yi Shen,Xiang Chen,Qiumei Cheng,Hongyan Liu,Dong Zhang,Xuan Liu,Shuangxi Chen,Chunming Wu

DOI: https://doi.org/10.1109/tnet.2022.3203561

2023-01-01

IEEE/ACM Transactions on Networking

Abstract:The topology discovery service in Software-Defined Networking (SDN) provides the controller with a global view of the substrate network topology, allowing for central management of the entire network. Unfortunately, emerging topology attacks can poison the network topology and result in unforeseeable disasters. Although researchers have made great efforts to mitigate this problem, security hazards still exist. In this paper, we propose Invisible Assailant Attack (IAA), the first combination topology attack capable of injecting and maintaining fake links even when 12 existing defense strategies are deployed simultaneously. IAA consists of 14 attack phases that apply multiple attack strategies. Attackers skillfully disguise the attack traffic in each phase so that it looks like normal network traffic, and perform these phases in a well-planned sequence, thereby bypassing existing defenses step by step. To mitigate this attack, we propose a Route Path Verification (RPV) mechanism that orchestrates multiple defense strategies to identify fake links. According to the experiments, RPV can successfully detect IAA with low overhead: its detection completes within 1 ms while its per-flow storage consumption is only a few KB.

Gao Wen,Zhou Boyang,Wu Chunming,Zhou Haifeng,Jiang Ming,Hong Xiaoyan

DOI: https://doi.org/10.1049/cje.2015.07.035

IF: 1.019

2015-01-01

Chinese Journal of Electronics

Abstract:In the Software-defined networking（SDN）,when multiple control domains are used in control services,the transient state problem can occur causing the service flow interruption when border switches are updated asynchronously. We analyze the uniqueness of this problem for SDN, and propose a light-weight protocol for safe reconfiguration of the border switches in order to improve the availability of the services running in SDN. Our solution is designed as a generic supervision layer added in the control plane to support different types of services. To demonstrate the benefits, we implement a prototype of Informationcentric networks（ICN） with the protocol, and conduct experiments using Planet Lab. The results show the ICN service can continuously serve high volume requests for contents despite the congestions built by the heavy background traffic. The performance gains in terms of the mean and standard deviation of the content retrieve delay are40.5% and 21.56%.

Han Qin,Jiaming Weng,Dong Liu,Donglian Qi,Yufei Wang

DOI: https://doi.org/10.17775/cseejpes.2020.04550

IF: 6.014

2024-01-01

CSEE Journal of Power and Energy Systems

Abstract:With the help of advanced information technology, real-time monitoring and control levels of cyber-physical distribution systems (CPDS) have been significantly improved. However due to the deep integration of cyber and physical systems, attackers could still threaten the stable operation of CPDS by launching cyber-attacks, such as denial-of-service (DoS) attacks. Thus, it is necessary to study the CPDS risk assessment and defense resource allocation methods under DoS attacks. This paper analyzes the impact of DoS attacks on the physical system based on the CPDS fault self-healing control. Then, considering attacker and defender strategies and attack damage, a CPDS risk assessment framework is established. Furthermore, risk assessment and defense resource allocation methods, based on the Stackelberg dynamic game model, are proposed under conditions in which the cyber and physical systems are launched simultaneously. Finally, a simulation based on an actual CPDS is performed, and the calculation results verify the effectiveness of the algorithm.

Jie Xiao,Hong Wen,Bin Wu,Xiaohong Jiang,Pin-Han Ho,Lei Zhang

DOI: https://doi.org/10.1109/tcomm.2013.121313.130240

IF: 6.166

2014-01-01

IEEE Transactions on Communications

Abstract:Cloud services based on data center networks (DCNs) require a transmission infrastructure with high-capacity, low-latency, low-cost and high-availability, which can be offered by survivable optical networks. DCN placement is a fundamental issue in supporting cloud services in optical networks. It concerns not only the cost of providing cloud services, but also the service availability against failures via proper service replicas. In this paper, we jointly optimize DCN placement with service routing and protection to minimize the network cost, while ensuring fast protection of all services against any single link failure or service failure at a particular DCN. An ILP (Integer Linear Program) is first formulated to achieve optimal joint design. It integrates p-cycle (preconfigured protection cycle) for fast protection against a single link failure, and DCN replicas and fast service rerouting against a service failure. To make the design more scalable, a two-step heuristic is then proposed for large-size network scenarios. The first step separately solves the DCN placement and service routing problem in the failure-free scenario, and the second step takes fast service protection into account. The proposed design is validated by extensive numerical experiments.

Jing Zhu,Carlos Natalino,Lena Wosinska,Marija Furdek,Zuqing Zhu

DOI: https://doi.org/10.23919/ondm.2018.8396117

2018-01-01

Abstract:The Software-Defined Optical Networking (SDON) paradigm enables programmable, adaptive and application-aware backbone networks. However, aside from the manifold advantages, the centralized Network Control and Management in SDONs also gives rise to a number of security concerns at different network layers. As communication between the control and the data plane devices in an SDON utilizes the common optical fiber infrastructure, it can be subject to various targeted attacks aimed at disabling the underlying optical network infrastructure and disrupting the services running in the network. In this work, we focus on the threats from targeted fiber cuts to the control plane (CP) robustness in an SDON under different link cut attack scenarios with diverse damaging potential, modeled through a newly defined link criticality measure based on the routing of control paths. To quantify the robustness of a particular CP realization, we propose a metric called Average Control Plane Connectivity (ACPC) and analyze the CP robustness for a varying number of controller instances in master/slave configuration. Simulation results indicate that CP enhancements in terms of controller addition do not necessarily yield linear improvements in CP robustness but require tailored CP design strategies.

S. Sedef Savas,Massimo Tornatore,M. Farhan Habib,Pulak Chowdhury,Biswanath Mukherjee

DOI: https://doi.org/10.48550/arXiv.1509.00509

2015-09-01

Networking and Internet Architecture

Abstract:Communication networks, such as core optical networks, heavily depend on their physical infrastructure, and hence they are vulnerable to man-made disasters, such as Electromagnetic Pulse (EMP) or Weapons of Mass Destruction (WMD) attacks, as well as to natural disasters. Large-scale disasters may cause huge data loss and connectivity disruption in these networks. As our dependence on network services increases, the need for novel survivability methods to mitigate the effects of disasters on communication networks becomes a major concern. Software-Defined Networking (SDN), by centralizing control logic and separating it from physical equipment, facilitates network programmability and opens up new ways to design disaster-resilient networks. On the other hand, to fully exploit the potential of SDN, along with data-plane survivability, we also need to design the control plane to be resilient enough to survive network failures caused by disasters. Several distributed SDN controller architectures have been proposed to mitigate the risks of overload and failure, but they are optimized for limited faults without addressing the extent of large-scale disaster failures. For disaster resiliency of the control plane, we propose to design it as a virtual network, which can be solved using Virtual Network Mapping techniques. We select appropriate mapping of the controllers over the physical network such that the connectivity among the controllers (controller-to-controller) and between the switches to the controllers (switch-to-controllers) is not compromised by physical infrastructure failures caused by disasters. We formally model this disaster-aware control-plane design and mapping problem, and demonstrate a significant reduction in the disruption of controller-to-controller and switch-to-controller communication channels using our approach.

Juntao Chen,Corinne Touati,Quanyan Zhu

DOI: https://doi.org/10.48550/arXiv.1906.07185

2019-06-18

Abstract:Infrastructure networks are vulnerable to both cyber and physical attacks. Building a secure and resilient networked system is essential for providing reliable and dependable services. To this end, we establish a two-player three-stage game framework to capture the dynamics in the infrastructure protection and recovery phases. Specifically, the goal of the infrastructure network designer is to keep the network connected before and after the attack, while the adversary aims to disconnect the network by compromising a set of links. With costs for creating and removing links, the two players aim to maximize their utilities while minimizing the costs. In this paper, we use the concept of subgame perfect equilibrium (SPE) to characterize the optimal strategies of the network defender and attacker. We derive the SPE explicitly in terms of system parameters. We further investigate the resilience planning of the defender and the strategic timing of attack of the adversary. Finally, we use case studies of UAV-enabled communication networks for disaster recovery to corroborate the obtained analytical results.

Systems and Control,Computer Science and Game Theory

An Xie,Xiaoliang Wang,Guido Maier,Sanglu Lu

DOI: https://doi.org/10.48550/arXiv.1602.06686

2016-02-23

Abstract:With the wide deployment of network facilities and the increasing requirement of network reliability, the disruptive event like natural disaster, power outage or malicious attack has become a non-negligible threat to the current communication network. Such disruptive event can simultaneously destroy all devices in a specific geographical area and affect many network based applications for a long time. Hence, it is essential to build disaster-resilient network for future highly survivable communication services. In this paper, we consider the problem of designing a highly resilient network through the technique of SDN (Software Defined Networking). In contrast to the conventional idea of handling all the failures on the control plane (the controller), we focus on an integrated design to mitigate disaster risks by adding some redundant functions on the data plane. Our design consists of a sub-graph based proactive protection approach on the data plane and a splicing approach at the controller for effective restoration on the control plane. Such a systematic design is implemented in the OpenFlow framework through the Mininet emulator and Nox controller. Numerical results show that our approach can achieve high robustness with low control overhead.

Networking and Internet Architecture,Distributed, Parallel, and Cluster Computing

Qian Lv,Jing Zhu,Fen Zhou,Zuqing Zhu

DOI: https://doi.org/10.1109/icc40277.2020.9149042

2020-01-01

Abstract:It is known that the design of the control plane (CP) is vital in the network planning for software-defined networking (SDN), while to improve throughput and enlarge geographical coverage, optical networks are commonly used as the physical infrastructure of SDN. However, physical-layer attacks can disrupt the operation of an optical network and thus complicate the CP design. In this work, we consider planned physical-layer attacks when designing the CP of an SDN that uses an optical network as its physical infrastructure. We first show that the CP design problem should be modeled as a bilevel optimization, where the network planner designs the CP with the minimum vulnerability to physical-layer attacks (i.e., the upper-level optimization), while the attacker plans and launches attacks to disrupt the designed CP (i.e., the lower-level optimization). Then, the bilevel mode is transformed into a mixed integer linear programming (MILP) model, which can solve the CP design problem exactly. We also propose a heuristic to tackle the problem time-efficiently.

Pratishtha Shukla,Aranya Chakrabortty,Alexandra Duel-Hallen

DOI: https://doi.org/10.23919/acc.2019.8815018

2019-07-01

Abstract:We formulate a resource-planning game between an attacker and a defender of a Network Control System (NCS). We consider the network to be operating in closed-loop with a linear quadratic regulator (LQR). We construct a general-sum, two-player, mixed strategy (MS) game, where the attacker attempts to destroy communication equipment of some nodes, and thereby render the LQR feedback gain matrix to be sparse, leading to degradation of closed-loop performance. The defender, on the other hand, aims to prevent this loss. Both players trade their control performance objectives for the cost of their actions. A Mixed Strategy Nash Equilibrium (MSNE) of the game represents the allocation of the players' respective resources for attacking or protecting the important network nodes. Numerical results for the New England power system model demonstrate that reliable defense is feasible unless the cost of attack is much smaller than the cost of protection per generator.

Guo Sheng,Yang Shu,Li Qi,Jiang Yong

DOI: https://doi.org/10.1109/PCCC.2015.7410301

2015-01-01

Abstract:The core concept of software-defined network (SDN) is the separation between control plane and date plane. SDN provides a programmatic interface to network control, significantly simplifies network management and improves the efficiency of network utilization. To further improve network performance, scalability and reliability, it is recommended to deploy multiple controllers in SDN. However, network performance would degrade if operators randomly deploy the controllers, especially in the case of failure, e.g., router crashes, fiber cuts, etc. In this paper, we try to optimally place controllers while taking network failures into account. First, we formally define two problems, 1) Controller Placement under Comprehensive Network States (CPCNS) problem; and 2) Controller Placement under Single Link Failure (CPSLF) problem. Secondly, We propose a network states traversal based algorithm, which optimally solve the problem; and further propose another greedy-based algorithm, which can solve the problem in polynomial time. Finally, we evaluate the algorithms using real topologies and empirical data. The results indicate that the new controller placement strategies can significantly improve the performance when link failures happen.

Fei He,Jun Zhuang,Nageswara S. V. Rao

2012-01-01

Abstract:Critical infrastructures rely on cyber and physical components that are both subject to natural, incidental or intentional degradations. Game theory has been used in studying the strategic interactions between attackers and defenders for critical infrastructure protection, but has not been extensively used in complex cyber-physical networks. This paper fills the gap by modeling the probabilities of successful attacks in both cyber and physical spaces as functions of the number of components that are attacked and defended. The results show that the attack effort would first increase then decrease in (a) defense effort, (b) the probability of successful attack on each component, (c) the number of minimum required functioning resources, and (d) the maximum number of available resources. Comparing simultaneous and sequential games, our results show that the defender performs better when she moves first. Our research provides some novel insights into the survival of such infrastructures and optimal resource allocation under various costs and target valuations that players may have.

Yingjun Wu,Jinfan Chen,Yingtao Ru,Hao Xu,Mbonyineza Roger,Ming Ni

DOI: https://doi.org/10.1109/jsyst.2020.3026997

IF: 4.802

2021-06-01

IEEE Systems Journal

Abstract:The deep integration of computing, communication, and information technologies not only improves the operation level of the power grid, but also brings the threat of cyber-attacks on the power grid. This article studies power communication network topology planning problem considering both the normal operation level and the ability to against cyber-attacks from the perspective of information transmission reachability. First, by analyzing the game relationship between ensuring the normal operation level and defending against cyber-attacks, a framework of power communication network topology planning based on game theory is proposed. In this framework, the traditional planner tries to maximize the information transmission reachability of normal operation, while the anti-cyber-attack planner wants to minimize the information transmission reachability of cyber-attacks. Second, considering whether there are uncertainties in the planning, a deterministic topology planning model is proposed for the traditional planner, and an uncertainty topology planning model is proposed for the anti-cyber-attack planner. Third, considering the competition between the two planners, an improved particle swarm algorithm is introduced to solve the models. Finally, a standard example and a practical power communication network are used to verify the correction and effectiveness of the method.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Juntao Chen,Corinne Touati,Quanyan Zhu

DOI: https://doi.org/10.1145/3152042.3152079

2017-07-22

Abstract:Infrastructure networks are vulnerable to both cyber and physical attacks. Building a secure and resilient networked system is essential for providing reliable and dependable services. To this end, we establish a two-player three-stage game framework to capture the dynamics in the infrastructure protection and recovery phases. Specifically, the goal of the infrastructure network designer is to keep the network connected before and after the attack, while the adversary aims to disconnect the network by compromising a set of links. With costs for creating and removing links, the two players aim to maximize their utilities while minimizing the costs. In this paper, we use the concept of subgame perfect equilibrium (SPE) to characterize the optimal strategies of the network defender and attacker. We derive the SPE explicitly in terms of system parameters. Finally, we use a case study of UAV-enabled communication networks for disaster recovery to corroborate the obtained analytical results.

Computer Science and Game Theory

Zhe Li,Jin Liu,Jiaqi Ren,Yibo Dong,Weili Li

DOI: https://doi.org/10.1016/j.chaos.2024.115662

2024-10-24

Abstract:Critical infrastructure networks serve as the backbone of modern society's operations, and the application of game theory to safeguard these networks against deliberate attacks under resource constraints is of paramount importance. Regrettably, the existing body of research on hybrid attack and defense strategies for nodes and edges is notably scarce, despite the ubiquity of such strategies in practical contexts. Current understanding regarding the establishment of a cost constraint model within the framework of hybrid attack and defense strategies, the strategic inclinations of both adversarial and defensive parties under varying cost constraint coefficients, and the influence of resource allocation ratios on equilibrium outcomes remains limited. Consequently, this study constructs a game-theoretic model for the engagement of critical infrastructure networks under non-uniform cost constraints, incorporating hybrid attack and defense strategies for nodes and edges, and conducts an equilibrium analysis across a range of cost constraint coefficients and resource allocation ratios. The findings reveal that when resource availability is limited, both attackers and defenders are inclined towards a strategy of concentrated resource allocation; in contrast, under most circumstances, defenders exhibit a preference for an equitable distribution of resources.

mathematics, interdisciplinary applications,physics, mathematical, multidisciplinary

Jiyang Gan,Jing Wu,Chengnian Long,Shaoyuan Li

DOI: https://doi.org/10.1109/ascc.2017.8287474

2017-01-01

Abstract:In this paper, we consider the security issues for networked control systems (NCSs) under Denial-of-Service (DoS) attacks, where the attacker can jam or compromise the control signal packets to disrupt systems' normal function. We propose a novel power grids DoS attack model based on Stackelberg game, where the controller and the attacker are the two players and choose their strategies sequentially. We study the defending-attacking process and characterize properties of DoS attacks detailedly. Moreover, optimal problems are built for both attacker and defender to maximize their own profits. Through the modified Pontryagin minimum principle and the Shelling point theory, we propose a game-theoretic control law and establish necessary conditions and sufficient conditions for the optimal solution to the problem. Finally, the control schemes are compared with tradition state-feedback controller in simulations and results show that our approach is effective.

Xin Li,Qimin Xu,Xuanzhao Lu,Meihan Lin,Cailian Chen,Xinping Guan

DOI: https://doi.org/10.1109/tsg.2024.3353214

IF: 10.275

2024-01-01

IEEE Transactions on Smart Grid

Abstract:Cyber-physical power system (CPPS) stability is severely affected by the communication network performance due to cyber-physical interdependence. Thus, uncertain cyber-physical coordinated attacks (CPCA) pose more significant threats to CPPS than physical attacks. However, the defense strategies in recent works assume real-time and reliable transmission under an ideal cyber-attack, leading to inaccurate cyber-physical interdependence modeling. Therefore, the strategies are ineffective against uncertain CPCA. This paper proposes a hierarchical CPPS network architecture that integrates time-sensitive networking (TSN) to improve resilience against uncertain CPCA. To model the uncertain CPCA, a coordinated N-K ambiguity set is proposed considering all possible link failures on both cyber and physical layers. For the cyber layer, we propose a joint routing-scheduling model of TSN-based network to support deterministic and reliable data transmission, which improves the accuracy of cyber-physical interdependence. A distributionally robust coordinated defense (DRCD) strategy integrated with cyber-physical interdependence is then proposed to mitigate the priority-based load shedding considering the uncertainties of CPCA. The formulated DRCD strategy is linearized and transformed into a tri-level optimization problem which is efficiently solved by C-CG algorithm. Case studies indicate that the DRCD strategy has superiorities in improving the resilience of CPPS compared with other conventional models.

Yuan,Fuchun Sun,Huaping Liu

DOI: https://doi.org/10.1080/00207721.2014.973467

IF: 2.648

2015-01-01

International Journal of Systems Science

Abstract:This paper is concerned with the resilient control under denial-of-service attack launched by the intelligent attacker. The resilient control system is modelled as a multi-stage hierarchical game with a corresponding hierarchy of decisions made at cyber and physical layer, respectively. Specifically, the interaction in the cyber layer between different security agents is modelled as a static infinite Stackelberg game, while in the underlying physical layer the full-information H∞ minimax control with package drops is modelled as a different Stackelberg game. Both games are solved sequentially, which is consistent with the actual situations. Finally, the proposed method is applied to the load frequency control of the power system, which demonstrates its effectiveness.

Jin Wang,Liping Wang,Ruiqing Wang

DOI: https://doi.org/10.3390/e25081210

IF: 2.738

2023-08-15

Entropy

Abstract:Software defined networking (SDN) improves the flexibility and programmability of the network by separating the control plane and the data plane and effectively realizes the global control of the network infrastructure. However, the centralized structure design of SDN exposes the controller to potential threats. Attackers have used the active flow table delivery mode to launch distributed denial of service (DDoS) attacks on the SDN controller, resulting in the controller failure and seriously affecting the network performance. To overcome this problem, this paper proposes a defense framework called CC-Guard. The framework consists of four modules: attack detection triggering, switch migration, anomaly detection, and mitigation. Among them, the attack detection trigger module improves the system's timely response to DDoS attacks. The switch migration module effectively unclogs the controller congestion problem and provides convenience for network flow transmission. The anomaly detection module uses a coarse-grained method for two-stage detection, which improves the detection accuracy. The mitigation module uses the idea of cross-domain cooperation of the controller to clear the abnormal flow in the blacklist. Experimental results show that our proposed CC-Guard has real-time DDoS attack defense capability and high detection accuracy, as well as efficient network resource utilization.

physics, multidisciplinary