Biblio

Cloud computing solutions enable Cyber-Physical Systems (CPSs) to utilize significant computational resources and implement sophisticated control algorithms even if limited computation capabilities are locally available for these systems. However, such a control architecture suffers from an important concern related to the privacy of sensor measurements and the computed control inputs within the cloud. This paper proposes a solution that allows implementing a set-theoretic model predictive controller on the cloud while preserving this privacy. This is achieved by exploiting the offline computations of the robust one-step controllable sets used by the controller and two affine transformations of the sensor measurements and control optimization problem. It is shown that the transformed and original control problems are equivalent (i.e., the optimal control input can be recovered from the transformed one) and that privacy is preserved if the control algorithm is executed on the cloud. Moreover, we show how the actuator can take advantage of the set-theoretic nature of the controller to verify, through simple set-membership tests, if the control input received from the cloud is admissible. The correctness of the proposed solution is verified by means of a simulation experiment involving a dual-tank water system.

Differential privacy is a widely-used metric, which provides rigorous privacy definitions and strong privacy guarantees. Much of the existing studies on differential privacy are based on datasets where the tuples are independent, and thus are not suitable for correlated data protection. In this paper, we focus on correlated differential privacy, by taking the data correlations and the prior knowledge of the initial data into account. The data correlations are modeled by Bayesian conditional probabilities, and the prior knowledge refers to the exact values of the data. We propose general correlated differential privacy conditions for the discrete and continuous random noise-adding mechanisms, respectively. In case that the conditions are inaccurate due to the insufficient prior knowledge, we introduce the tuple dependence based on rough set theory to improve the correlated differential privacy conditions. The obtained theoretical results reveal the relationship between the correlations and the privacy parameters. Moreover, the improved privacy condition helps strengthen the mechanism utility. Finally, evaluations are conducted over a micro-grid system to verify the privacy protection levels and utility guaranteed by correlated differential private mechanisms.

This paper investigates the problem of synthesizing sensor deception attackers against privacy in the context of supervisory control of discrete-event systems (DES). We consider a plant controlled by a supervisor, which is subject to sensor deception attacks. Specifically, we consider an active attacker that can tamper with the observations received by the supervisor. The privacy requirement of the supervisory control system is to maintain initial-state opacity, i.e., it does not want to reveal the fact that it was initiated from a secret state during its operation. On the other hand, the attacker aims to deceive the supervisor, by tampering with its observations, such that initial-state opacity is violated due to incorrect control actions. We investigate from the attacker’s point of view by presenting an effective approach for synthesizing sensor attack strategies threatening the privacy of the system. To this end, we propose the All Attack Structure (AAS) that records state estimates for both the supervisor and the attacker. This structure serves as a basis for synthesizing a sensor attack strategy. We also discuss how to simplify the synthesis complexity by leveraging the structural properties. A running academic example is provided to illustrate the synthesis procedure.

In today’s world, digital data are enormous due to technologies that advance data collection, storage, and analyses. As more data are shared or publicly available, privacy is of great concern. Having privacy means having control over your data. The first step towards privacy protection is to understand various aspects of privacy and have the ability to quantify them. Much work in structured data, however, has focused on approaches to transforming the original data into a more anonymous form (via generalization and suppression) while preserving the data integrity. Such anonymization techniques count data instances of each set of distinct attribute values of interest to signify the required anonymity to protect an individual’s identity or confidential data. While this serves the purpose, our research takes an alternative approach to provide quick privacy measures by way of anonymity especially when dealing with large-scale data. This paper presents a study of anonymity measures based on their relevant properties that impact privacy. Specifically, we identify three properties: uniformity, variety, and diversity, and formulate their measures. The paper provides illustrated examples to evaluate their validity and discusses the use of multi-aspects of anonymity and privacy measures.

Recently, it has been proposed to deal with fusion of multi-object densities exploiting the minimum information loss (MIL) rule, which has shown its superiority over generalized covariance intersection (GCI) fusion whenever sensor nodes have low detection probability. On the contrary, GCI shows better performance than MIL when dense clutter is involved in the measurements. In this paper, we are going to study the behavior of multi-object fusion with MIL and, respectively, GCI rules in the situation wherein the sensor network is exposed to cyber-attacks. Both theoretical and numerical analyses demonstrate that MIL is more robust than GCI fusion when the multi-sensor system is subject to a packet substitution attack.

We study how information flows through a multi-robot network in order to better understand how to provide resilience to malicious information. While the notion of global resilience is well studied, one way existing methods provide global resilience is by bringing robots closer together to improve the connectivity of the network. However, large changes in network structure can impede the team from performing other functions such as coverage, where the robots need to spread apart. Our goal is to mitigate the trade-off between resilience and network structure preservation by applying resilience locally in areas of the network where it is needed most. We introduce a metric, Influence, to identify vulnerable regions in the network requiring resilience. We design a control law targeting local resilience to the vulnerable areas by improving the connectivity of robots within these areas so that each robot has at least 2F+1 vertex-disjoint communication paths between itself and the high influence robot in the vulnerable area. We demonstrate the performance of our local resilience controller in simulation and in hardware by applying it to a coverage problem and comparing our results with an existing global resilience strategy. For the specific hardware experiments, we show that our control provides local resilience to vulnerable areas in the network while only requiring 9.90% and 15.14% deviations from the desired team formation compared to the global strategy.

Resilience of urban infrastructure to sudden, system-wide, potentially catastrophic events is a critical need across domains. The growing connectivity of infrastructure, including its cyber-physical components which can be controlled in real time, offers an attractive path towards rapid adaptation to adverse events and adjustment of system objectives. However, existing work in the field often offers disjoint approaches that respond to particular scenarios. On the other hand, abstract work on control of complex systems focuses on attempting to adapt to the changes in the system dynamics or environment, but without understanding that the system may simply not be able to perform its original task after an adverse event. To address this challenge, this programmatic paper proposes a vision for a new paradigm of infrastructure resilience. Such a framework treats infrastructure across domains through a unified theory of controlled dynamical systems, but remains cognizant of the lack of knowledge about the system following a widespread adverse event and aims to identify the system's fundamental limits. As a result, it will enable the infrastructure operator to assess and assure system performance following an adverse event, even if the exact nature of the event is not yet known. Building off ongoing work on assured resilience of control systems, in this paper we identify promising early results, challenges that motivate the development of resilience theory for infrastructure system, and possible paths forward for the proposed effort.

Actuator malfunctions may have disastrous con-sequences for systems not designed to mitigate them. We focus on the loss of control authority over actuators, where some actuators are uncontrolled but remain fully capable. To counter-act the undesirable outputs of these malfunctioning actuators, we use real-time measurements and redundant actuators. In this setting, a system that can still reach its target is deemed resilient. To quantify the resilience of a system, we compare the shortest time for the undamaged system to reach the target with the worst-case shortest time for the malfunctioning system to reach the same target, i.e., when the malfunction makes that time the longest. Contrary to prior work on driftless linear systems, the absence of analytical expression for time-optimal controls of general linear systems prevents an exact calculation of quantitative resilience. Instead, relying on Lyapunov theory we derive analytical bounds on the nominal and malfunctioning reach times in order to bound quantitative resilience. We illustrate our work on a temperature control system.

Public transportation is an important system of urban passenger transport. The purpose of this article is to explore the impact of network resilience when each station of urban rail transit network was attacked by large passenger flow. Based on the capacity load model, we propose a load redistribution mechanism to simulate the passenger flow propagation after being attacked by large passenger flow. Then, taking Xi'an's rail network as an example, we study the resilience variety of the network after a node is attacked by large passenger flow. Through some attack experiments, the feasibility of the model for studying the resilience of the rail transit system is finally verified.

This paper deals with the implementation of robust control, based on the finite time Lyapunov stability theory, to solve the trajectory tracking problem of an unconventional quadrotor with rotating arms (also known as foldable drone). First, the model of this Unmanned Aerial Vehicle (UAV) taking into consideration the variation of the inertia, the Center of Gravity (CoG) and the control matrix is presented. The theoretical foundations of backstepping control enhanced by a Super-Twisting (ST) algorithm are then discussed. Numerical simulations are performed to demonstrate the effectiveness of the proposed control strategy. Finally, a qualitative and quantitative comparative study is made between the proposed controller and the classical backstepping controller. Overall, the results obtained show that the proposed control approach provides better performance in terms of accuracy and resilience.

Network attacks are becoming more intense and characterized by complexity and persistence. Mechanisms that ensure network resilience to faults and threats should be well provided. Different approaches have been proposed to network resilience; however, most of them rely on static policies, which is unsuitable for current complex network environments and real-time requirements. To address these issues, we present a Belief-Desire-Intention (BDI) based multi-agent resilience network controller coupled with blockchain. We first clarify the theory and platform of the BDI, then discuss how the BDI evaluates the network resilience. In addition, we present the architecture, workflow, and applications of the resilience network controller. Simulation results show that the resilience network controller can effectively detect and mitigate distributed denial of service attacks.

In this paper, we deal with the resilient consensus problem in networked control systems in which a group of agents are interacting with each other. A min-max-based resilient consensus algorithm has been proposed to help normal agents reach an agreement upon their state values in the presence of misbehaving ones. It is shown that the use of the developed algorithm will result in less computational load and fast convergence. Both synchronous and asynchronous update schemes for the network have been studied. Finally, the effectiveness of the proposed algorithm has been evaluated through numerical examples.

The resilience assessment of electric and gas networks gains importance due to increasing interdependencies caused by the coupling of gas-fired units. However, the gradually increasing scale of the integrated electricity and gas system (IEGS) poses a significant challenge to current assessment methods. The numerical analysis method is accurate but time-consuming, which may incur a significant computational cost in large-scale IEGS. Therefore, this paper proposes a resilience assessment method based on hetero-functional graph theory for IEGS to balance the accuracy with the computational complexity. In contrast to traditional graph theory, HFGT can effectively depict the coupled systems with inherent heterogeneity and can represent the structure of heterogeneous functional systems in a clear and unambiguous way. In addition, due to the advantages of modelling the system functionality, the effect of line-pack in the gas network on the system resilience is depicted more precisely in this paper. Simulation results on an IEGS with the IEEE 9-bus system and a 7-node gas system verify the effectiveness of the proposed method.

In order to solve the problem that the traditional “centralized” access control technology can no longer guarantee the security of access control in the current Internet of Things (IoT)environment, a dynamic access control game mechanism based on trust is proposed. According to the reliability parameters of the recommended information obtained by the two elements of interaction time and the number of interactions, the user's trust value is dynamically calculated, and the user is activated and authorized to the role through the trust level corresponding to the trust value. The trust value and dynamic adjustment factor are introduced into the income function to carry out game analysis to avoid malicious access behavior of users. The hybrid Nash equilibrium strategy of both sides of the transaction realizes the access decision-making work in the IoT environment. Experimental results show that the game mechanism proposed in this paper has a certain restraining effect on malicious nodes and can play a certain incentive role in the legitimate access behavior of IoT users.

National cultural security has existed since ancient times, but it has become a focal proposition in the context of the times and real needs. From the perspective of national security, national cultural security is an important part of national security, and it has become a strategic task that cannot be ignored in defending national security. Cultural diversity and imbalance are the fundamental prerequisites for the existence of national cultural security. Finally, the artificial intelligence algorithm is used as the theoretical basis for this article, the connotation and characteristics of China's national cultural security theory; Xi Jinping's "network view"; network ideological security view. The fourth part is the analysis of the current cultural security problems, hazards and their root causes in our country.

Access control is a widely used technology to protect information security. The implementation of access control depends on the response generated by access control policies to users’ access requests. Therefore, ensuring the correctness of access control policies is an important step to ensure the smooth implementation of access control mechanisms. To solve this problem, this paper proposes a constraint based access control policy security analysis framework (CACPSAF) to perform security analysis on access control policies. The framework transforms the problem of security analysis of access control policy into the satisfiability of security principle constraints. The analysis and calculation of access control policy can be divided into formal transformation of access control policy, SMT coding of policy model, generation of security principle constraints, policy detection and evaluation. The security analysis of policies is divided into mandatory security principle constraints, optional security principle constraints and user-defined security principle constraints. The multi-dimensional security analysis of access control policies is realized and the semantic expression of policy analysis is stronger. Finally, the effectiveness of this framework is analyzed by performance evaluation, which proves that this framework can provide strong support for fine-grained security analysis of policies, and help to correctly model and conFigure policies during policy modeling, implementation and verification.

This paper presents a study on the "Dynamic Load Altering Attacks" (D-LAAs), their effects on the dynamics of a transmission network, and provides a robust control protection scheme, based on polytopic uncertainties, invariance theory, Lyapunov arguments and graph theory. The proposed algorithm returns an optimal Energy Storage Systems (ESSs) placement, that minimizes the number of ESSs placed in the network, together with the associated control law that can robustly stabilize against D-LAAs. The paper provides a contextualization of the problem and a modelling approach for power networks subject to D-LAAs, suitable for the designed robust control protection scheme. The paper also proposes a reference scenario for the study of the dynamics of the control actions and their effects in different cases. The approach is evaluated by numerical simulations on large networks.

Cyber-Physical Systems (CPSs), a class of complex intelligent systems, are considered the backbone of Industry 4.0. They aim to achieve large-scale, networked control of dynamical systems and processes such as electricity and gas distribution networks and deliver pervasive information services by combining state-of-the-art computing, communication, and control technologies. However, CPSs are often highly nonlinear and uncertain, and their intrinsic reliance on open communication platforms increases their vulnerability to security threats, which entails additional challenges to conventional control design approaches. Indeed, sensor measurements and control command signals, whose integrity plays a critical role in correct controller design, may be interrupted or falsely modified when broadcasted on wireless communication channels due to cyber attacks. This can have a catastrophic impact on CPS performance. In this paper, we first conduct a thorough analysis of recently developed secure and resilient control approaches leveraging the solid foundations of adaptive control theory to achieve security and resilience in networked CPSs against sensor and actuator attacks. Then, we discuss the limitations of current adaptive control strategies and present several future research directions in this field.

With the high-speed development of UHV power grid, the characteristics of power grid changed significantly, which puts forward new requirements for the safe operation of power grid and depend on Security and Stability Control System (SSCS) greatly. Based on the practical cases, this paper analyzes the principle of the abnormal criteria of the SSCS and its influence on the strategy of the SSCS, points out the necessity of the research on the locking strategy of the SSCS under the abnormal state. Taking the large-scale SSCS for an example, this paper analysis different control strategies of the stations in the different layered, and puts forward effective solutions to adapt different system functions. It greatly improved the effectiveness and reliability of the strategy of SSCS, and ensure the integrity of the system function. Comparing the different schemes, the principles of making the lock-strategy are proposed. It has reference significance for the design, development and implementation of large-scale SSCS.

The paper aims to discover vulnerabilities by application of supervisory control theory and to design a defensive supervisor against vulnerability attacks. Supervisory control restricts the system behavior to satisfy the control specifications. The existence condition of the supervisor, sometimes results in undesirable plant behavior, which can be regarded as a vulnerability of the control specifications. We aim to design a more robust supervisor against this vulnerability.

We investigate the fuzzy adaptive compensation control problem for nonlinear cyber-physical system with false data injection attack over digital communication links. The fuzzy logic system is first introduced to approximate uncertain nonlinear functions. And the time-varying sliding mode surface is designed. Secondly, for the actual require-ment of data transmission, three uniform quantizers are designed to quantify system state and sliding mode surface and control input signal, respectively. Then, the adaptive fuzzy laws are designed, which can effectively compensate for FDI attack and the quantization errors. Furthermore, the system stability and the reachability of sliding surface are strictly guaranteed by using adaptive fuzzy laws. Finally, we use an example to verify the effectiveness of the method.

In this work, the security sliding mode control issue is studied for interval type-2 (IT2) fuzzy systems under the unreliable network. The deception attacks and the denial-of-service (DoS) attacks may occur in the sensor-controller channels to affect the transmission of the system state, and these attacks are described via two independent Bernoulli stochastic variables. By adopting the compensation strategy and utilizing the available state, the new membership functions are constructed to design the fuzzy controller with the different fuzzy rules from the fuzzy model. Then, under the mismatched membership function, the designed security controller can render the closed-loop IT2 fuzzy system to be stochastically stable and the sliding surface to be reachable. Finally, the simulation results verify the security control scheme.

The Controller area network (CAN) is the most extensively used in-vehicle network. It is set to enable communication between a number of electronic control units (ECU) that are widely found in most modern vehicles. CAN is the de facto in-vehicle network standard due to its error avoidance techniques and similar features, but it is vulnerable to various attacks. In this research, we propose a CAN bus intrusion detection system (IDS) based on convolutional neural networks (CNN). U-CAN is a segmentation model that is trained by monitoring CAN traffic data that are preprocessed using hamming distance and saliency detection algorithm. The model is trained and tested using publicly available datasets of raw and reverse-engineered CAN frames. With an F\_1 Score of 0.997, U-CAN can detect DoS, Fuzzy, spoofing gear, and spoofing RPM attacks of the publicly available raw CAN frames. The model trained on reverse-engineered CAN signals that contain plateau attacks also results in a true positive rate and false-positive rate of 0.971 and 0.998, respectively.

Controller Area Network with Flexible Data-rate(CAN FD) has the advantages of high bandwidth and data field length to meet the higher communication requirements of parallel in-vehicle applications. If the CAN FD lacking the authentication security mechanism is used, it is easy to make it suffer from masquerade attack. Therefore, a two-stage method based on message authentication is proposed to enhance the security of it. In the first stage, an anti-exhaustive message exchange and comparison algorithm is proposed. After exchanging the message comparison sequence, the lower bound of the vehicle application and redundant message space is obtained. In the second stage, an enhanced round accumulation algorithm is proposed to enhance security, which adds Message Authentication Codes(MACs) to the redundant message space in a way of fewer accumulation rounds. Experimental examples show that the proposed two-stage approach enables both small-scale and large-scale parallel in-vehicle applications security to be enhanced. Among them, in the Adaptive Cruise Control Application(ACCA), when the laxity interval is 1300μs, the total increased MACs is as high as 388Bit, and the accumulation rounds is as low as 40 rounds.

In construction machinery, connectivity delivers higher advantages in terms of higher productivity, lower costs, and most importantly safer work environment. As the machinery grows more dependent on internet-connected technologies, data security and product cybersecurity become more critical than ever. These machines have more cyber risks compared to other automotive segments since there are more complexities in software, larger after-market options, use more standardized SAE J1939 protocol, and connectivity through long-distance wireless communication channels (LTE interfaces for fleet management systems). Construction machinery also operates throughout the day, which means connected and monitored endlessly. Till today, construction machinery manufacturers are investigating the product cybersecurity challenges in threat monitoring, security testing, and establishing security governance and policies. There are limited security testing methodologies on SAE J1939 CAN protocols. There are several testing frameworks proposed for fuzz testing CAN networks according to [1]. This paper proposes security testing methods (Fuzzing, Pen testing) for in-vehicle communication protocols in construction machinery.