Attack Signature - Explore the Science & Experts | ideXlab

Scan Science and Technology

Contact Leading Edge Experts & Companies

Attack Signature

The Experts below are selected from a list of 1497 Experts worldwide ranked by ideXlab platform

Xinping Guan – 1st expert on this subject based on the ideXlab platform

  • distributed detection and isolation of bias injection Attack in smart energy grid via interval observer
    Applied Energy, 2019
    Co-Authors: Xinyu Wang, Mingyue Zhang, Xinping Guan

    Abstract:

    Abstract With the integration in information and communication technologies, and advanced metering infrastructure, smart energy grid, as one of typical sustainable energy systems, addresses the energy and environment problems. However, the emergency of bias injection Attack aiming at destroying the energy management center, brings great security threat to the security of smart energy grid. To address risks in energy-cyber-physical systems, this paper proposes a distributed detection and isolation scheme against the bias injection Attack in smart energy grid. Considering the transmitted information of energy management centers in adjacent grid subareas, the proposed distributed detection and isolation scheme includes local and global steps. In the local-step, each local energy management center detects and isolates the possible sensor Attack set, based on the constructed local Attack Signature judgment logic matrix. In the global-step, the subarea Attack set is detected and isolated via the established global Attack Signature judgment logic matrix. Combining the above local and global detection and isolation framework, we can ensure the security of energy management center in smart energy system. This proposed distributed detection and isolation scheme examines some important practical aspects of deploying bias injection Attack detection including: the limitation of the precomputed threshold; the detection delay; the accuracy in detecting bias injection Attack. Finally, the effectiveness of the developed distributed detection and isolation scheme is demonstrated by using detailed studies on the IEEE 8-bus and IEEE 118-bus smart energy grid system.

  • Distributed detection and isolation of false data injection Attacks in smart grids via nonlinear unknown input observers
    International Journal of Electrical Power & Energy Systems, 2019
    Co-Authors: Xinyu Wang, Mingyue Zhang, Xinping Guan

    Abstract:

    Abstract In this paper, a distributed detection and isolation scheme against False Data Injection Attacks FDIAs in smart grids is studied. Taking the stealthy characteristics of FDIAs into account, we propose a nonlinear unknown input observer UIO -based distributed detection method. Through the capabilities of designed UIO to deal with the effects of the interconnected relations among the grid subareas and external disturbance, we can obtain the accurate estimation of internally physical state. To detect the FDIAs more quickly and avoid missed detection, an adaptive threshold is computed to replace the traditional precomputed threshold. A distributed isolation scheme against the FDIAs is proposed with two steps, by considering the exchanged information of adjacent grid subareas. In the first-step, each local control center of subareas is to isolate the possible actuator Attack set via the proposed local Attack Signature judgment logic matrix. In the second-step, the possible subarea Attack set is isolated by the established global Attack Signature judgment logic matrix. The distributed isolation logic decision against the FDIAs relays on the combination of isolation results in the first-step and second-step. Finally, the performance of the proposed distributed detection method on the IEEE 28-bus smart grid system is evaluated. And the effectiveness of the proposed distributed detection and isolation scheme on large-scale IEEE 128-bus smart grid system is illustrated.

  • Detection and Isolation of False Data Injection Attacks in Smart Grids via Nonlinear Interval Observer
    IEEE Internet of Things Journal, 2019
    Co-Authors: Xinyu Wang, Yuyan Zhang, Xinping Guan

    Abstract:

    The detection and isolation problem of false data injection (FDI) Attacks in large-scale smart grid systems, is investigated in this paper. The FDI Attacks can bypass the traditional bad data detection techniques, by falsifying the process of state estimation. For this reason, the emergency of FDI Attacks brings great risk to the security of smart grids. To address this crucial problem, a novel detection and isolation scheme against the FDI Attacks for the large-scale smart grid system is proposed. We first design an interval observer to estimate the interval state of internally physical system accurately, based on the constructed physical dynamics of grid systems. Taking the bounds of internal state and external disturbance into account, the detection criterion that an alarm is generated when the interval residuals does not include the zero value is proposed. To address the limitation of precomputed threshold, we use the interval residuals regarded as a nature detection threshold to replace the evaluation function and detection threshold used in traditional Attack detection methods. Furthermore, an Attack Signature logical judgment matrix-based isolation algorithm is further proposed to isolate the sensors, in which the FDI Attacks may be injected into the Attacked subarea. Finally, the effectiveness of the developed detection and isolation scheme is demonstrated by using detailed case studies on the IEEE 128-bus smart grid system.

Chia-tien Dan Lo – 2nd expert on this subject based on the ideXlab platform

  • ARC – Highly Space Efficient Counters for Perl Compatible Regular Expressions in FPGAs
    Lecture Notes in Computer Science, 2008
    Co-Authors: Chia-tien Dan Lo

    Abstract:

    Signature based network intrusion detection systems (NIDS) rely on an underlying string matching engine that inspects each network packet against a known malicious pattern database. Traditional static pattern descriptions may not efficiently represent sophisticated Attack Signatures. Recently, most NIDSs have adopted regular expressions such as Perl compatible regular expressions (PCREs) to describe an Attack Signature, especially for polymorphic worms. PCRE is a superset of traditional regular expression, in which no counters are involved. However, this overloads the performance of software-based NIDSs, causing a big portion of their execution time to be dedicated to pattern matching. Over the past decade, hardware acceleration for the pattern matching has been studied extensively and a marginal performance has been achieved. Among hardware approaches, FPGA-based acceleration engines provide great flexibility because new Signatures can be compiled and programmed into their reconfigurable architecture. As more and more malicious Signatures are discovered, it becomes harder to map a complete set of malicious Signatures specified in PCREs to an FPGA chip. Even worse is that the counters used in PCREs typically take a great deal of hardware resources. Therefore, we propose a space efficient SelectRAM counter for PCREs that involve counting. The design takes advantage of components that consist of a configurable logic block, and thus optimizes space usage. A set of PCRE blocks has been built in hardware to implement PCREs used in Snort/Bro. Experimental results show that the proposed sheme outperforms existing designs by at least 5-fold. Performance results are reported in this paper.

  • Highly space efficient counters for perl compatible regular expressions in FPGAs
    Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2008
    Co-Authors: Chia-tien Dan Lo, Yi Gang Tai

    Abstract:

    Signature based network intrusion detection systems (NIDS) rely on an underlying string matching engine that inspects each network packet against a known malicious pattern database. Traditional static pattern descriptions may not efficiently represent sophisticated Attack Signatures. Recently, most NIDSs have adopted regular expressions such as Perl compatible regular expressions (PCREs) to describe an Attack Signature, especially for polymorphic worms. PCRE is a superset of traditional regular expression, in which no counters are involved. However, this overloads the performance of software-based NIDSs, causing a big portion of their execution time to be dedicated to pattern matching. Over the past decade, hardware acceleration for the pattern matching has been studied extensively and a marginal performance has been achieved. Among hardware approaches, FPGA-based acceleration engines provide great flexibility because new Signatures can be compiled and programmed into their reconfigurable architecture. As more and more malicious Signatures are discovered, it becomes harder to map a complete set of malicious Signatures specified in PCREs to an FPGA chip. Even worse is that the counters used in PCREs typically take a great deal of hardware resources. Therefore, we propose a space efficient SelectRAM counter for PCREs that involve counting. The design takes advantage of components that consist of a configurable logic block, and thus optimizes space usage. A set of PCRE blocks has been built in hardware to implement PCREs used in Snort/Bro. Experimental results show that the proposed sheme outperforms existing designs by at least 5-fold. Performance results are reported in this paper.

  • Reconfigurable Computing: Architectures, Tools and Applications
    Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2008
    Co-Authors: Chia-tien Dan Lo, Yi Gang Tai

    Abstract:

    Signature based network intrusion detection systems (NIDS) rely on an underlying string matching engine that inspects each network packet against a known malicious pattern database. Traditional static pattern descriptions may not efficiently represent sophisticated Attack Signatures. Recently, most NIDSs have adopted regular expressions such as Perl compatible regular expressions (PCREs) to describe an Attack Signature, especially for polymorphic worms. PCRE is a superset of traditional regular expression, in which no counters are involved. However, this overloads the performance of software-based NIDSs, causing a big portion of their execution time to be dedicated to pattern matching. Over the past decade, hardware acceleration for the pattern matching has been studied extensively and a marginal performance has been achieved. Among hardware approaches, FPGA-based acceleration engines provide great flexibility because new Signatures can be compiled and programmed into their reconfigurable architecture. As more and more malicious Signatures are discovered, it becomes harder to map a complete set of malicious Signatures specified in PCREs to an FPGA chip. Even worse is that the counters used in PCREs typically take a great deal of hardware resources. Therefore, we propose a space efficient SelectRAM counter for PCREs that involve counting. The design takes advantage of components that consist of a configurable logic block, and thus optimizes space usage. A set of PCRE blocks has been built in hardware to implement PCREs used in Snort/Bro. Experimental results show that the proposed sheme outperforms existing designs by at least 5-fold. Performance results are reported in this paper. © 2008 Springer-Verlag Berlin Heidelberg.

Kaiqi Xiong – 3rd expert on this subject based on the ideXlab platform

  • MILCOM – An SDN-supported collaborative approach for DDoS flooding detection and containment
    MILCOM 2015 – 2015 IEEE Military Communications Conference, 2015
    Co-Authors: Tommy Chin, Xenia Mountrouidou, Xiangyang Li, Kaiqi Xiong

    Abstract:

    Software Defined Networking (SDN) has the potential to enable novel security applications that support flexible, on-demand deployment of system elements. It can offer targeted forensic evidence collection and investigation of computer network Attacks. Such unique capabilities are instrumental to network intrusion detection that is challenged by large volumes of data and complex network topologies. This paper presents an innovative approach that coordinates distributed network traffic Monitors and Attack Correlators supported by Open Virtual Switches (OVS). The Monitors conduct anomaly detection and the Correlators perform deep packet inspection for Attack Signature recognition. These elements take advantage of complementary views and information availability on both the data and control planes. Moreover, they collaboratively look for network flooding Attack Signature constituents that possess different characteristics in the level of information abstraction. Therefore, this approach is able to not only quickly raise an alert against potential threats, but also follow it up with careful verification to reduce false alarms. We experiment with this SDN-supported collaborative approach to detect TCP SYN flood Attacks on the Global Environment for Network Innovations (GENI), a realistic virtual testbed. The response times and detection accuracy, in the context of a small to medium corporate network, have demonstrated its effectiveness and scalability.

  • An SDN-supported collaborative approach for DDoS flooding detection and containment
    Proceedings – IEEE Military Communications Conference MILCOM, 2015
    Co-Authors: Tommy Chin, Xenia Mountrouidou, Xiangyang Li, Kaiqi Xiong

    Abstract:

    Software Defined Networking (SDN) has the potential to enable novel security applications that support flexible, on-demand deployment of system elements. It can offer targeted forensic evidence collection and investigation of computer network Attacks. Such unique capabilities are instrumental to network intrusion detection that is challenged by large volumes of data and complex network topologies. This paper presents an innovative approach that coordinates distributed network traffic Monitors and Attack Correlators supported by Open Virtual Switches (OVS). The Monitors conduct anomaly detection and the Correlators perform deep packet inspection for Attack Signature recognition. These elements take advantage of complementary views and information availability on both the data and control planes. Moreover, they collaboratively look for network flooding Attack Signature constituents that possess different characteristics in the level of information abstraction. Therefore, this approach is able to not only quickly raise an alert against potential threats, but also follow it up with careful verification to reduce false alarms. We experiment with this SDN-supported collaborative approach to detect TCP SYN flood Attacks on the Global Environment for Network Innovations (GENI), a realistic virtual testbed. The response times and detection accuracy, in the context of a small to medium corporate network, have demonstrated its effectiveness and scalability.