The Experts below are selected from a list of 1506 Experts worldwide ranked by ideXlab platform
Jiming Chen - One of the best experts on this subject based on the ideXlab platform.
-
analysis of moving target defense against false data injection Attacks on power grid
IEEE Transactions on Information Forensics and Security, 2020Co-Authors: Zhenyong Zhang, Ruilong Deng, David K Y Yau, Peng Cheng, Jiming ChenAbstract:Recent studies have considered thwarting false data injection (FDI) Attacks against state estimation in power grids by proactively perturbing branch susceptances. This approach is known as moving target defense (MTD). However, despite of the deployment of MTD, it is still possible for the Attacker to launch Stealthy FDI Attacks generated with former branch susceptances. In this paper, we prove that, an MTD has the capability to thwart all FDI Attacks constructed with former branch susceptances only if (i) the number of branches $l$ in the power system is not less than twice that of the system states $n$ (i.e., $l \geq 2n$ , where $n + 1$ is the number of buses); (ii) the susceptances of more than $n$ branches, which cover all buses, are perturbed. Moreover, we prove that the state variable of a bus that is only connected by a single branch (no matter it is perturbed or not) can always be modified by the Attacker. Nevertheless, in order to reduce the Attack opportunities of potential Attackers, we first exploit the impact of the susceptance perturbation magnitude on the dimension of the Stealthy Attack space , in which the Attack vector is constructed with former branch susceptances. Then, we propose that, by perturbing an appropriate set of branches, we can minimize the dimension of the Stealthy Attack space and maximize the number of covered buses. Besides, we consider the increasing operation cost caused by the activation of MTD. Finally, we conduct extensive simulations to illustrate our findings with IEEE standard test power systems.
-
An Event-Based Stealthy Attack on Remote State Estimation
IEEE Transactions on Automatic Control, 2020Co-Authors: Peng Cheng, Jiming Chen, Zeyu Yang, Ling ShiAbstract:Security issues in cyber-physical systems (CPSs) have gained increasing attention in recent years due to the importance and unavoidable vulnerability of CPSs. This article focuses on designing an intelligent online Attack, which can compromise a sensor, eavesdrop measurements, and inject false feedback information, against remote state estimation. From the viewpoint of the Attacker, we design an event-based Attack strategy to degrade the estimation quality with an arbitrary communication rate Stealthy constraint. The approximate minimum mean-squared error estimation algorithm from the viewpoint of the Attacker is derived under a Gaussian assumption. Furthermore, the relation between the Attack threshold and the scheduling threshold is obtained in a closed form. We show that the mean-squared stability condition of the estimation is weakened under the Attack. Two examples are provided to demonstrate the main results.
-
nonzero dynamics Stealthy Attack and its impacts analysis in dc microgrids
Advances in Computing and Communications, 2019Co-Authors: Mengxiang Liu, Ruilong Deng, Peng Cheng, Chengcheng Zhao, Wenhai Wang, Jiming ChenAbstract:In this paper, we explore the potential Stealthy Attacks in the DC microgrid (DCmG) equipped with unknown input observer (UIO) based detectors, which are widely adopted for the detection and identification of cyber-Attacks. We first prove that once the Attacker knows the bounds of the initial state estimation error and the measurement noise, he/she can launch the nonzero-dynamics Stealthy (NDS) Attack in the DCmG, which can affect the detection residual while keep Stealthy. Considering the complexity of the multi-layer control framework in the DCmG, we simplify the primary control loops as static unit gains and obtain the systematic dynamic model of the DCmG under the NDS Attack. Then, we obtain the analytical expressions of the Point of Common Coupling (PCC) voltages, which are utilized to analyze the effects of the NDS Attack on voltage balancing and current sharing, respectively. Moreover, we prove that under the NDS Attack, the voltage and current convergence can still be achieved exponentially in the DCmG. Finally, extensive simulations are conducted in Simulink/PLECS to validate our theoretical results.
-
analysis of moving target defense against false data injection Attacks on power grid
IEEE Transactions on Information Forensics and Security, 2019Co-Authors: Zhenyong Zhang, Ruilong Deng, David K Y Yau, Peng Cheng, Jiming ChenAbstract:Recent studies have considered thwarting false data injection (FDI) Attacks against state estimation in power grids by proactively perturbing branch susceptances. This approach is known as moving target defense (MTD). However, despite of the deployment of MTD, it is still possible for the Attacker to launch Stealthy FDI Attacks generated with former branch susceptances. In this paper, we prove that, an MTD has the capability to thwart all FDI Attacks constructed with former branch susceptances only if (i) the number of branches l in the power system is not less than twice that of the system states n (i.e., l ⩾ 2n, where n + 1 is the number of buses); (ii) the susceptances of more than n branches, which cover all buses, are perturbed. Moreover, we prove that the state variable of a bus that is only connected by a single branch (no matter it is perturbed or not) can always be modified by the Attacker. Nevertheless, in order to reduce the Attack opportunities of potential Attackers, we first exploit the impact of the susceptance perturbation magnitude on the dimension of the Stealthy Attack space, in which the Attack vector is constructed with former branch susceptances. Then, we propose that, by perturbing an appropriate set of branches, we can minimize the dimension of the Stealthy Attack space and maximize the number of covered buses. Besides, we consider the increasing operation cost caused by the activation of MTD. Finally, we conduct extensive simulations to illustrate our findings with IEEE standard test power systems.
-
ACC - Nonzero-Dynamics Stealthy Attack and Its Impacts Analysis in DC Microgrids
2019 American Control Conference (ACC), 2019Co-Authors: Mengxiang Liu, Ruilong Deng, Peng Cheng, Chengcheng Zhao, Wang Wenhai, Jiming ChenAbstract:In this paper, we explore the potential Stealthy Attacks in the DC microgrid (DCmG) equipped with unknown input observer (UIO) based detectors, which are widely adopted for the detection and identification of cyber-Attacks. We first prove that once the Attacker knows the bounds of the initial state estimation error and the measurement noise, he/she can launch the nonzero-dynamics Stealthy (NDS) Attack in the DCmG, which can affect the detection residual while keep Stealthy. Considering the complexity of the multi-layer control framework in the DCmG, we simplify the primary control loops as static unit gains and obtain the systematic dynamic model of the DCmG under the NDS Attack. Then, we obtain the analytical expressions of the Point of Common Coupling (PCC) voltages, which are utilized to analyze the effects of the NDS Attack on voltage balancing and current sharing, respectively. Moreover, we prove that under the NDS Attack, the voltage and current convergence can still be achieved exponentially in the DCmG. Finally, extensive simulations are conducted in Simulink/PLECS to validate our theoretical results.
Elisa Bertino - One of the best experts on this subject based on the ideXlab platform.
-
mavr code reuse Stealthy Attacks and mitigation on unmanned aerial vehicles
International Conference on Distributed Computing Systems, 2015Co-Authors: Javid Habibi, Aditi Gupta, Stephen Carlsony, Ajay Panicker, Elisa BertinoAbstract:As embedded systems have increased in performance and reliability, their applications have expanded into new domains such as automated drone-based delivery mechanisms. Security of these drones, also referred to as unmanned aerial vehicles (UAVs), is crucial due to their use in many different domains. In this paper, we present a Stealthy Attack strategy that allows the Attacker to change sensor values and modify the UAV navigation path. As the Attack is Stealthy, the system will continue to execute normally and thus the ground station or other monitoring entities and systems will not be able to detect that an Attack is undergoing. With respect to defense, we propose a strategy that combines software and hardware techniques. At software level, we propose a fine grained randomization based approach that modifies the layout of the executable code and hinders code-reuse Attack. To strengthen the security of our defense, we leverage a custom hardware platform designed and built by us. The platform isolates the code binary and randomized binary in such a way that the actual code being executed is never exposed for an Attacker to analyze. We have implemented a prototype of this defense technique and present results to demonstrate the effectiveness and efficiency of this defense strategy.
-
ICDCS - MAVR: Code Reuse Stealthy Attacks and Mitigation on Unmanned Aerial Vehicles
2015 IEEE 35th International Conference on Distributed Computing Systems, 2015Co-Authors: Javid Habibi, Aditi Gupta, Stephen Carlsony, Ajay Panicker, Elisa BertinoAbstract:As embedded systems have increased in performance and reliability, their applications have expanded into new domains such as automated drone-based delivery mechanisms. Security of these drones, also referred to as unmanned aerial vehicles (UAVs), is crucial due to their use in many different domains. In this paper, we present a Stealthy Attack strategy that allows the Attacker to change sensor values and modify the UAV navigation path. As the Attack is Stealthy, the system will continue to execute normally and thus the ground station or other monitoring entities and systems will not be able to detect that an Attack is undergoing. With respect to defense, we propose a strategy that combines software and hardware techniques. At software level, we propose a fine grained randomization based approach that modifies the layout of the executable code and hinders code-reuse Attack. To strengthen the security of our defense, we leverage a custom hardware platform designed and built by us. The platform isolates the code binary and randomized binary in such a way that the actual code being executed is never exposed for an Attacker to analyze. We have implemented a prototype of this defense technique and present results to demonstrate the effectiveness and efficiency of this defense strategy.
Zhu Han - One of the best experts on this subject based on the ideXlab platform.
-
detecting Stealthy false data injection using machine learning in smart grid
IEEE Systems Journal, 2017Co-Authors: Mohammad Esmalifalak, Nam Tuan Nguyen, Lanchao Liu, Rong Zheng, Zhu HanAbstract:Aging power industries, together with the increase in demand from industrial and residential customers, are the main incentive for policy makers to define a road map to the next-generation power system called the smart grid. In the smart grid, the overall monitoring costs will be decreased, but at the same time, the risk of cyber Attacks might be increased. Recently, a new type of Attacks (called the stealth Attack) has been introduced, which cannot be detected by the traditional bad data detection using state estimation. In this paper, we show how normal operations of power networks can be statistically distinguished from the case under Stealthy Attacks. We propose two machine-learning-based techniques for Stealthy Attack detection. The first method utilizes supervised learning over labeled data and trains a distributed support vector machine (SVM). The design of the distributed SVM is based on the alternating direction method of multipliers, which offers provable optimality and convergence rate. The second method requires no training data and detects the deviation in measurements. In both methods, principal component analysis is used to reduce the dimensionality of the data to be processed, which leads to lower computation complexities. The results of the proposed detection methods on IEEE standard test systems demonstrate the effectiveness of both schemes.
-
detecting Stealthy false data injection using machine learning in smart grid
IEEE Systems Journal, 2017Co-Authors: Mohammad Esmalifalak, Nam Tuan Nguyen, Lanchao Liu, Rong Zheng, Zhu HanAbstract:Aging power industries, together with the increase in demand from industrial and residential customers, are the main incentive for policy makers to define a road map to the next-generation power system called the smart grid. In the smart grid, the overall monitoring costs will be decreased, but at the same time, the risk of cyber Attacks might be increased. Recently, a new type of Attacks (called the stealth Attack) has been introduced, which cannot be detected by the traditional bad data detection using state estimation. In this paper, we show how normal operations of power networks can be statistically distinguished from the case under Stealthy Attacks. We propose two machine-learning-based techniques for Stealthy Attack detection. The first method utilizes supervised learning over labeled data and trains a distributed support vector machine (SVM). The design of the distributed SVM is based on the alternating direction method of multipliers, which offers provable optimality and convergence rate. The second method requires no training data and detects the deviation in measurements. In both methods, principal component analysis is used to reduce the dimensionality of the data to be processed, which leads to lower computation complexities. The results of the proposed detection methods on IEEE standard test systems demonstrate the effectiveness of both schemes.
Peng Cheng - One of the best experts on this subject based on the ideXlab platform.
-
analysis of moving target defense against false data injection Attacks on power grid
IEEE Transactions on Information Forensics and Security, 2020Co-Authors: Zhenyong Zhang, Ruilong Deng, David K Y Yau, Peng Cheng, Jiming ChenAbstract:Recent studies have considered thwarting false data injection (FDI) Attacks against state estimation in power grids by proactively perturbing branch susceptances. This approach is known as moving target defense (MTD). However, despite of the deployment of MTD, it is still possible for the Attacker to launch Stealthy FDI Attacks generated with former branch susceptances. In this paper, we prove that, an MTD has the capability to thwart all FDI Attacks constructed with former branch susceptances only if (i) the number of branches $l$ in the power system is not less than twice that of the system states $n$ (i.e., $l \geq 2n$ , where $n + 1$ is the number of buses); (ii) the susceptances of more than $n$ branches, which cover all buses, are perturbed. Moreover, we prove that the state variable of a bus that is only connected by a single branch (no matter it is perturbed or not) can always be modified by the Attacker. Nevertheless, in order to reduce the Attack opportunities of potential Attackers, we first exploit the impact of the susceptance perturbation magnitude on the dimension of the Stealthy Attack space , in which the Attack vector is constructed with former branch susceptances. Then, we propose that, by perturbing an appropriate set of branches, we can minimize the dimension of the Stealthy Attack space and maximize the number of covered buses. Besides, we consider the increasing operation cost caused by the activation of MTD. Finally, we conduct extensive simulations to illustrate our findings with IEEE standard test power systems.
-
An Event-Based Stealthy Attack on Remote State Estimation
IEEE Transactions on Automatic Control, 2020Co-Authors: Peng Cheng, Jiming Chen, Zeyu Yang, Ling ShiAbstract:Security issues in cyber-physical systems (CPSs) have gained increasing attention in recent years due to the importance and unavoidable vulnerability of CPSs. This article focuses on designing an intelligent online Attack, which can compromise a sensor, eavesdrop measurements, and inject false feedback information, against remote state estimation. From the viewpoint of the Attacker, we design an event-based Attack strategy to degrade the estimation quality with an arbitrary communication rate Stealthy constraint. The approximate minimum mean-squared error estimation algorithm from the viewpoint of the Attacker is derived under a Gaussian assumption. Furthermore, the relation between the Attack threshold and the scheduling threshold is obtained in a closed form. We show that the mean-squared stability condition of the estimation is weakened under the Attack. Two examples are provided to demonstrate the main results.
-
nonzero dynamics Stealthy Attack and its impacts analysis in dc microgrids
Advances in Computing and Communications, 2019Co-Authors: Mengxiang Liu, Ruilong Deng, Peng Cheng, Chengcheng Zhao, Wenhai Wang, Jiming ChenAbstract:In this paper, we explore the potential Stealthy Attacks in the DC microgrid (DCmG) equipped with unknown input observer (UIO) based detectors, which are widely adopted for the detection and identification of cyber-Attacks. We first prove that once the Attacker knows the bounds of the initial state estimation error and the measurement noise, he/she can launch the nonzero-dynamics Stealthy (NDS) Attack in the DCmG, which can affect the detection residual while keep Stealthy. Considering the complexity of the multi-layer control framework in the DCmG, we simplify the primary control loops as static unit gains and obtain the systematic dynamic model of the DCmG under the NDS Attack. Then, we obtain the analytical expressions of the Point of Common Coupling (PCC) voltages, which are utilized to analyze the effects of the NDS Attack on voltage balancing and current sharing, respectively. Moreover, we prove that under the NDS Attack, the voltage and current convergence can still be achieved exponentially in the DCmG. Finally, extensive simulations are conducted in Simulink/PLECS to validate our theoretical results.
-
analysis of moving target defense against false data injection Attacks on power grid
IEEE Transactions on Information Forensics and Security, 2019Co-Authors: Zhenyong Zhang, Ruilong Deng, David K Y Yau, Peng Cheng, Jiming ChenAbstract:Recent studies have considered thwarting false data injection (FDI) Attacks against state estimation in power grids by proactively perturbing branch susceptances. This approach is known as moving target defense (MTD). However, despite of the deployment of MTD, it is still possible for the Attacker to launch Stealthy FDI Attacks generated with former branch susceptances. In this paper, we prove that, an MTD has the capability to thwart all FDI Attacks constructed with former branch susceptances only if (i) the number of branches l in the power system is not less than twice that of the system states n (i.e., l ⩾ 2n, where n + 1 is the number of buses); (ii) the susceptances of more than n branches, which cover all buses, are perturbed. Moreover, we prove that the state variable of a bus that is only connected by a single branch (no matter it is perturbed or not) can always be modified by the Attacker. Nevertheless, in order to reduce the Attack opportunities of potential Attackers, we first exploit the impact of the susceptance perturbation magnitude on the dimension of the Stealthy Attack space, in which the Attack vector is constructed with former branch susceptances. Then, we propose that, by perturbing an appropriate set of branches, we can minimize the dimension of the Stealthy Attack space and maximize the number of covered buses. Besides, we consider the increasing operation cost caused by the activation of MTD. Finally, we conduct extensive simulations to illustrate our findings with IEEE standard test power systems.
-
Stealthy Attack Against Redundant Controller Architecture of Industrial Cyber-Physical System
IEEE Internet of Things Journal, 2019Co-Authors: Ma Rongkuan, Zhenyong Zhang, Peng Cheng, Wenwen Liu, Qingxian Wang, Qiang WeiAbstract:In an industrial cyber-physical system (iCPS), the controller plays a critical role in guaranteeing reliability and stability. Therefore, redundant controller architecture is a well-adopted approach by distributed control systems (DCS), supervisory control and data acquisition (SCADA), and other typical iCPSs. They monitor and control the critical industrial process, such as power generation, chemical industry, water treatment plant, etc. Redundant controller architecture has been designed and largely implemented in response to unpredictable mechanical failures. However, this structure initially proposed for guaranteeing reliability and safety may expand the cyber-Attack surface, posing the risk that an Attacker may take advantage of this architecture for Stealthy Attacks. In this article, we analyze the vulnerability arising from the redundant controller architecture and propose a combined Attack methodology against these redundant controller architecture systems in a Stealthy manner. We find several 0-day vulnerabilities of the real-world devices from three manufacturers and further implement the combined Attack over these devices. Our experimental results over various types of real-world devices show that the redundant controller architecture can be exploited to compromise all tested systems stealthily. We also present guidelines for mitigating this risk.
Guevara Noubir - One of the best experts on this subject based on the ideXlab platform.
-
A Practical, Targeted, and Stealthy Attack Against WPA Enterprise Authentication
Network and Distributed System Security Symposium, 2013Co-Authors: Aldo Cassola, Engin Kirda, William Van B. Robertson, Guevara NoubirAbstract:Wireless networking technologies have fundamentally changed the way we compute, allowing ubiquitous, any-time, any-where access to information. At the same time, wireless technologies come with the security cost that ad-versaries may receive signals and engage in unauthorized communication even when not physically close to a net-work. Because of the utmost importance of wireless secu-rity, many standards have been developed that are in wide use to secure sensitive wireless networks; one such popular standard is WPA Enterprise. In this paper, we present a novel, highly practical, and targeted variant of a wireless evil twin Attack against WPA Enterprise networks. We show significant design deficien-cies in wireless management user interfaces for commodity operating systems, and also highlight the practical impor-tance of the weak binding between wireless network SSIDs and authentication server certificates. We describe a proto-type implementation of the Attack, and discuss countermea-sures that should be adopted. Our user experiments with 17 technically-sophisticated users show that the Attack is Stealthy and effective in practice. None of the victims were able to detect the Attack.
-
NDSS - A Practical, Targeted, and Stealthy Attack Against WPA Enterprise Authentication.
2013Co-Authors: Aldo Cassola, Engin Kirda, William Van B. Robertson, Guevara NoubirAbstract:Wireless networking technologies have fundamentally changed the way we compute, allowing ubiquitous, anytime, any-where access to information. At the same time, wireless technologies come with the security cost that adversaries may receive signals and engage in unauthorized communication even when not physically close to a network. Because of the utmost importance of wireless security, many standards have been developed that are in wide use to secure sensitive wireless networks; one such popular standard is WPA Enterprise. In this paper, we present a novel, highly practical, and targeted variant of a wireless evil twin Attack against WPA Enterprise networks. We show significant design deficiencies in wireless management user interfaces for commodity operating systems, and also highlight the practical importance of the weak binding between wireless network SSIDs and authentication server certificates. We describe a prototype implementation of the Attack, and discuss countermeasures that should be adopted. Our user experiments with 17 technically-sophisticated users show that the Attack is Stealthy and effective in practice. None of the victims were able to detect the Attack.
