Biblio

Cyber-Physical Systems (CPS) have a physical part that can interact with sensors and actuators. The data that is read from sensors and the one generated to drive actuators is crucial for the correct operation of this class of devices. Most implementations trust the data being read from sensors and the outputted data to actuators. Real-time validation of the input and output of data for any system is crucial for the safety of its operation. This paper proposes an architecture for handling this issue through smart data guards detached from sensors and controllers and acting solely on the data. This mitigates potential issues of malfunctioning sensors and intentional sensor and controller attacks. The data guards understand the expected data, can detect anomalies and can correct them in real-time. This approach adds more guarantees for fault-tolerant behavior in the presence of attacks and sensor failures.

In recent years, with the occurrence of climate change and various extreme events, the research on the resistance of physical information systems to large-scale complex faults is of great significance. Propose a power information system to deal with complex faults in extreme weather, establish an anti-interference framework, construct a regional anti-interference strategy based on regional load output matching and topological connectivity, and propose branch active power adjustment methods to reduce disasters. In order to resist the risk of system instability caused by overrun of branch power and phase disconnection, the improved IEEE33 node test system simulation shows that this strategy can effectively reduce the harm of large-scale and complex faults.

Cyber-Physical System (CPS) is becoming increasingly complicated and integrated into our daily lives, laying the foundation for advanced infrastructures, commodities, and services. In this regard, operational continuity of the system is the most critical objective, and cyber resilience quantification to evaluate and enhance it has garnered attention. However, understanding of the increasingly critical cyber risks is weak, with the focus being solely on the damage that occurs in the physical domain. To address this gap, this work takes aim at shedding some light on the cyber resilience quantification of CPS. We review the numerous resilience quantification techniques presented to date through several metrics to provide systematization of knowledge (SoK). In addition, we discuss the challenges of current quantification methods and give ideas for future research that will lead to more precise cyber resilience measurements.

Cyber-Physical System (CPS) represents systems that join both hardware and software components to perform real-time services. Maintaining the system's reliability is critical to the continuous delivery of these services. However, the CPS running environment is full of uncertainties and can easily lead to performance degradation. As a result, the need for a recovery technique is highly needed to achieve resilience in the system, with keeping in mind that this technique should be as green as possible. This early doctorate proposal, suggests a game theory solution to achieve resilience and green in CPS. Game theory has been known for its fast performance in decision-making, helping the system to choose what maximizes its payoffs. The proposed game model is described over a real-life collaborative artificial intelligence system (CAIS), that involves robots with humans to achieve a common goal. It shows how the expected results of the system will achieve the resilience of CAIS with minimized CO2 footprint.

A simulation-based optimization framework is developed to con-currently design the system and control parameters to meet de-sired performance and operational resiliency objectives. Leveraging system information from both data and models of varying fideli-ties, a rigorous probabilistic approach is employed for co-design experimentation. Significant economic benefits and resilience im-provements are demonstrated using co-design compared to existing sequential designs for cyber-physical systems.

In this era, with a great extent of automation and connection, modern production processes are highly prone to cyber-attacks. The sensor-controller chain becomes an obvious target for attacks because sensors are commonly used to regulate production facilities. In this research, we introduce a new control configuration for the system, which is sensitive to time delay attacks (TDA), in which data transfer from the sensor to the controller is intentionally delayed. The attackers want to disrupt and damage the system by forcing controllers to use obsolete data about the system status. In order to improve the accuracy of delay identification and prediction, as well as erroneous limit and estimation for control, a new control structure is developed by an Internal Model Control (IMC) based Proportional-Integral-Derivative (PID) scheme with a fractional filter. An additional concept is included to mitigate the effect of time delay attack, i.e., the smith predictor. Simulation studies of the established control framework have been implemented with two numerical examples. The performance assessment of the proposed method has been done based on integral square error (ISE), integral absolute error (IAE) and total variation (TV).

The damage or destruction of Critical Infrastructures (CIs) affect societies’ sustainable functioning. Therefore, it is crucial to have effective methods to assess the risk and resilience of CIs. Failure Mode and Effects Analysis (FMEA) and Failure Mode Effects and Criticality Analysis (FMECA) are two approaches to risk assessment and criticality analysis. However, these approaches are complex to apply to intricate CIs and associated Cyber-Physical Systems (CPS). We provide a top-down strategy, starting from a high abstraction level of the system and progressing to cover the functional elements of the infrastructures. This approach develops from FMECA but estimates risks and focuses on assessing resilience. We applied the proposed technique to a real-world CI, predicting how possible improvement scenarios may influence the overall system resilience. The results show the effectiveness of our approach in benchmarking the CI resilience, providing a cost-effective way to evaluate plausible alternatives concerning the improvement of preventive measures.

Supply chain cyberattacks that exploit insecure third-party software are a growing concern for the security of the electric power grid. These attacks seek to deploy malicious software in grid control devices during the fabrication, shipment, installation, and maintenance stages, or as part of routine software updates. Malicious software on grid control devices may inject bad data or execute bad commands, which can cause blackouts and damage power equipment. This paper describes an experimental setup to simulate the software update process of a commercial power relay as part of a hardware-in-the-loop simulation for grid supply chain cyber-security assessment. The laboratory setup was successfully utilized to study three supply chain cyber-security use cases.

Cyber threats can cause severe damage to computing infrastructure and systems as well as data breaches that make sensitive data vulnerable to attackers and adversaries. It is therefore imperative to discover those threats and stop them before bad actors penetrating into the information systems.Threats hunting algorithms based on machine learning have shown great advantage over classical methods. Reinforcement learning models are getting more accurate for identifying not only signature-based but also behavior-based threats. Quantum mechanics brings a new dimension in improving classification speed with exponential advantage. The accuracy of the AI/ML algorithms could be affected by many factors, from algorithm, data, to prejudicial, or even intentional. As a result, AI/ML applications need to be non-biased and trustworthy.In this research, we developed a machine learning-based cyber threat detection and assessment tool. It uses two-stage (both unsupervised and supervised learning) analyzing method on 822,226 log data recorded from a web server on AWS cloud. The results show the algorithm has the ability to identify the threats with high confidence.

In the prevailing situation, the sports like economic, industrial, cultural, social, and governmental activities are carried out in the online world. Today's international is particularly dependent on the wireless era and protective these statistics from cyber-assaults is a hard hassle. The reason for cyber-assaults is to damage thieve the credentials. In a few other cases, cyber-attacks ought to have a navy or political functions. The damages are PC viruses, facts break, DDS, and exceptional attack vectors. To this surrender, various companies use diverse answers to prevent harm because of cyberattacks. Cyber safety follows actual-time data at the modern-day-day IT data. So, far, numerous techniques have proposed with the resource of researchers around the area to prevent cyber-attacks or lessen the harm due to them. The cause of this has a look at is to survey and comprehensively evaluate the usual advances supplied around cyber safety and to analyse the traumatic situations, weaknesses, and strengths of the proposed techniques. Different sorts of attacks are taken into consideration in element. In addition, evaluation of various cyber-attacks had been finished through the platform called Kali Linux. It is predicted that the complete assessment has a have a study furnished for college students, teachers, IT, and cyber safety researchers might be beneficial.

As cyber threats become highly damaging and complex, a new cybersecurity compliance certification model has been developed by the Department of Defense (DoD) to secure its Defense Industrial Base (DIB), and communication with its private partners. These partners or contractors are obligated by the Defense Federal Acquisition Regulations (DFARS) to be compliant with the latest standards in computer and data security. The Cybersecurity Maturity Model Certification (CMMC), and it is built upon existing DFARS 252.204-7012 and the NIST SP 800–171 controls. As of 2020, the DoD has incorporated DFARS and the National Institute of Standards and Technology (NIST) recommended security practices into what is now the CMMC. This paper presents the most commonly identified Security-Control-Deficiencies (SCD) faced, the attacks mitigated by addressing these SCD, and remediations applied to 127 DoD contractors in order to bring them into compliance with the CMMC guidelines. An analysis is done on what vulnerabilities are most prominent in the companies, and remediations applied to ensure these vulnerabilities are better avoided and the DoD supply-chain is more secure from attacks.

Modern day cyber-infrastructures are critically dependent on each other to provide essential services. Current frameworks typically focus on the risk analysis of an isolated infrastructure. Evaluation of potential disruptions taking the heterogeneous cyber-infrastructures is vital to note the cascading disruption vectors and determine the appropriate interventions to limit the damaging impact. This paper presents a cyber-security risk assessment framework for the interconnected cyber-infrastructures. Our methodology is designed to be comprehensive in terms of accommodating accidental incidents and malicious cyber threats. Technically, we model the functional dependencies between the different architectures using reliability block diagrams (RBDs). RBDs are convenient, yet powerful graphical diagrams, which succinctly describe the functional dependence between the system components. The analysis begins by selecting a service from the many services that are outputted by the synchronized operation of the architectures whose disruption is deemed critical. For this service, we design an attack fault tree (AFT). AFT is a recent graphical formalism that combines the two popular formalisms of attack trees and fault trees. We quantify the attack-fault tree and compute the risk metrics - the probability of a disruption and the damaging impact. For this purpose, we utilize the open source ADTool. We show the efficacy of our framework with an example outage incident.

This work-in-progress paper proposes a design methodology that addresses the complexity and heterogeneity of cyber-physical systems (CPS) while simultaneously proving resilient control logic and security properties. The design methodology involves a formal methods-based approach by translating the complex control logic and security properties of a water flow CPS into timed automata. Timed automata are a formal model that describes system behaviors and properties using mathematics-based logic languages with precision. Due to the semantics that are used in developing the formal models, verification techniques, such as theorem proving and model checking, are used to mathematically prove the specifications and security properties of the CPS. This work-in-progress paper aims to highlight the need for formalizing plant models by creating a timed automata of the physical portions of the water flow CPS. Extending the time automata with control logic, network security, and privacy control processes is investigated. The final model will be formally verified to prove the design specifications of the water flow CPS to ensure efficacy and security.

In recent years, research has focused on exploiting the inherent physical (PHY) characteristics of wireless channels to discriminate between different spatially separated network terminals, mitigating the significant costs of signature-based techniques. In this paper, the legitimacy of the corresponding terminal is firstly verified at the protocol stack’s upper layers, and then the re-authentication process is performed at the PHY-layer. In the latter, a unique PHY-layer signature is created for each transmission based on the spatially and temporally correlated channel attributes within the coherence time interval. As part of the verification process, the PHY-layer signature can be used as a message authentication code to prove the packet’s authenticity. Extensive simulation has shown the capability of the proposed scheme to support high detection probability at small signal-to-noise ratios. In addition, security evaluation is conducted against passive and active attacks. Computation and communication comparisons are performed to demonstrate that the proposed scheme provides superior performance compared to conventional cryptographic approaches.

In the Smart Grid paradigm, this critical infrastructure operation is increasingly exposed to cyber-threats due to the increased dependency on communication networks. An adversary can launch an attack on a power grid operation through False Data Injection into system measurements and/or through attacks on the communication network, such as flooding the communication channels with unnecessary data or intercepting messages. A cross-layered strategy that combines power grid data, communication grid monitoring and Machine Learning-based processing is a promising solution for detecting cyber-threats. In this paper, an implementation of an integrated solution of a cross-layer framework is presented. The advantage of such a framework is the augmentation of valuable data that enhances the detection of anomalies in the operation of power grid. IEEE 118-bus system is built in Simulink to provide a power grid testing environment and communication network data is emulated using SimComponents. The performance of the framework is investigated under various FDI and communication attacks.

In the deep nano-scale regime, reliability has emerged as one of the major design issues for high-density integrated systems. Among others, key reliability-related issues are soft errors, high temperature, and aging effects (e.g., NBTI-Negative Bias Temperature Instability), which jeopardize the correct applications' execution. Tremendous amount of research effort has been invested at individual system layers. Moreover, in the era of growing cyber-security threats, modern computing systems experience a wide range of security threats at different layers of the software and hardware stacks. However, considering the escalating reliability and security costs, designing a highly reliable and secure system would require engaging multiple system layers (i.e. both hardware and software) to achieve cost-effective robustness. This talk provides an overview of important reliability issues, prominent state-of-the-art techniques, and various hardwaresoftware collaborative reliability modeling and optimization techniques developed at our lab, with a focus on the recent works on ML-based reliability techniques. Afterwards, this talk will also discuss how advanced ML techniques can be leveraged to devise new types of hardware security attacks, for instance on logic locked circuits. Towards the end of the talk, I will also give a quick pitch on the reliability and security challenges for the embedded machine learning (ML) on resource/energy-constrained devices subjected to unpredictable and harsh scenarios.

Physical-layer key (PLK) generation scheme is a new key generation scheme based on wireless channel reciprocity. However, the security of physical layer keys still lacks sufficient theoretical support in the presence of eavesdropping attacks until now, which affects the promotion in practical applications. By analyzing the propagation mode of multipath signals under non-line-of-sight (nLoS), an improved spatial cross-correlation model is constructed, where the spatial cross-correlation is between eavesdropping channel and legitimate channel. Results show that compared with the multipath and obstacle distribution of the channel, the azimuth and distance between the eavesdropper and the eavesdropped user have a greater impact on the cross-correlation.

Multi-label image classification task aims to predict multiple object labels in a given image and faces the challenge of variable-sized objects. Limited by the size of CNN convolution kernels, existing CNN-based methods have difficulty capturing global dependencies and effectively fusing multiple layers features, which is critical for this task. Recently, transformers have utilized multi-head attention to extract feature with long range dependencies. Inspired by this, this paper proposes a Cross-layer Aggregation with Transformers (CAT) framework, which leverages transformers to capture the long range dependencies of CNN-based features with Long Range Dependencies module and aggregate the features layer by layer with Cross-Layer Fusion module. To make the framework efficient, a multi-head pre-max attention is designed to reduce the computation cost when fusing the high-resolution features of lower-layers. On two widely-used benchmarks (i.e., VOC2007 and MS-COCO), CAT provides a stable improvement over the baseline and produces a competitive performance.

As a mature and open mobile operating system, Android runs on many IoT devices, which has led to Android-based IoT devices have become a hotbed of malware. Existing static detection methods for malware using artificial intelligence algorithms focus only on the java code layer when extracting API features, however there is a lot of malicious behavior involving native layer code. Thus, to make up for the neglect of the native code layer, we propose a heterogeneous information network-based Android malware detection method with cross-layer features. We first translate the semantic information of apps and API calls into the form of meta-paths, and construct the adjacency of apps based on API calls, then combine information from different meta-paths using multi-core learning. We implemented our method on the dataset from VirusShare and AndroZoo, and the experimental results show that the accuracy of our method is 93.4%, which is at least 2% higher than other related methods using heterogeneous information networks for malware detection.

The Internet of Things is a developing technology that converts physical objects into virtual objects connected to the internet using wired and wireless network architecture. Use of cross-layer techniques in the internet of things is primarily driven by the high heterogeneity of hardware and software capabilities. Although traditional layered architecture has been effective for a while, cross-layer protocols have the potential to greatly improve a number of wireless network characteristics, including bandwidth and energy usage. Also, one of the main concerns with the internet of things is security, and machine learning (ML) techniques are thought to be the most cuttingedge and viable approach. This has led to a plethora of new research directions for tackling IoT's growing security issues. In the proposed study, a number of cross-layer approaches based on machine learning techniques that have been offered in the past to address issues and challenges brought on by the variety of IoT are in-depth examined. Additionally, the main issues are mentioned and analyzed, including those related to scalability, interoperability, security, privacy, mobility, and energy utilization.

Security of Internet of Things (IoT) is one of the most prevalent crucial challenges ever since. The diversified devices and their specification along with resource constrained protocols made it more complex to address over all security need of IoT. Denial of Service attacks, being the most powerful and frequent attacks on IoT have been considered so forth. However, the attack happens on multiple layers and thus a single detection technique for each layer is not sufficient and effective to combat these attacks. Current study focuses on cross layer intrusion detection system (IDS) for detection of multiple Denial of Service (DoS) attacks. Presently, two attacks at Transmission Control Protocol (TCP) and Routing Protocol are considered for Low power and Lossy Networks (RPL) and a neural network-based IDS approach has been proposed for the detection of such attacks. The attacks are simulated on NetSim and detection and the performance shows up to 80% detection probabilities.

With the intelligent development of power system, due to the double-layer structure of smart grid and the characteristics of failure propagation across layers, the attack path also changes significantly: from single-layer to multi-layer and from static to dynamic. In response to the shortcomings of the single-layer attack path of traditional attack path identification methods, this paper proposes the idea of cross-layer attack, which integrates the threat propagation mechanism of the information layer and the failure propagation mechanism of the physical layer to establish a forward-backward bi-directional detection model. The model is mainly used to predict possible cross-layer attack paths and evaluate their path generation probabilities to provide theoretical guidance and technical support for defenders. The experimental results show that the method proposed in this paper can well identify the dynamic cross-layer attacks in the smart grid.

The security control problem of cyber-physical system (CPS) under actuator attacks is studied in the paper. Considering the strict-feedback cyber-physical systems with external disturbance, a security control scheme is proposed by combining backstepping method and super-twisting sliding mode technology when the transmission control input signal of network layer is under false data injection(FDI) attack. Firstly, the unknown nonlinear function of the CPS is identified by Radial Basis Function Neural Network. Secondly, the backstepping method and super-twisting sliding mode algorithm are combined to eliminate the influence of actuator attack and ensure the robustness of the control system. Then, by Lyapunov stability theory, it is proved that the proposed control scheme can ensure that all signals in the closed-loop system are semi-global and ultimately uniformly bounded. Finally, the effectiveness of the proposed control scheme is verified by the inverted pendulum simulation.

In this paper, a data-driven security detection approach is proposed in a simple manner. The detector is designed to deal with false data injection attacks suffered by industrial cyber-physical systems with unknown model information. First, the attacks are modeled from the perspective of the generalized plant mismatch, rather than the operating data being tampered. Second, some subsystems are selected to reduce the design complexity of the detector, and based on them, an output estimator with iterative form is presented in a theoretical way. Then, a security detector is constructed based on the proposed estimator and its cost function. Finally, the effectiveness of the proposed approach is verified by simulations of a Western States Coordinated Council 9-bus power system.

Since the cyber and physical layers in the distribution system are deeply integrated, the traditional distribution system has gradually developed into the cyber-physical distribution system (CPDS), and the failures of the cyber layer will affect the reliable and safe operation of the whole distribution system. Therefore, this paper proposes an CPDS planning method considering the reliability of the cyber-physical system. First, the reliability evaluation model of CPDS is proposed. Specifically, the functional reliability model of the cyber layer is introduced, based on which the physical equipment reliability model is further investigated. Second, an optimal planning model of CPDS considering cyber-physical random failures is developed, which is solved using the Monte Carlo Simulation technique. The proposed model is tested on the modified IEEE 33-node distribution system, and the results demonstrate the effectiveness of the proposed method.