Biblio

Carefully constructed cyber-attacks directly influence the data integrity and the operational functionality of the smart energy grid. In this paper, we have explored the data integrity attack behaviour in a wide-area sensor-enabled IIoT-SCADA system. We have demonstrated that an intelligent cyber-attacker can inject false information through the sensor devices that may remain stealthy in the traditional detection module and corrupt estimated system states at the utility control centres. Next, to protect the operation, we defined a set of critical measurements that need to be protected for the resilient operation of the grid. Finally, we placed the measurement units using an optimal allocation strategy by ensuring that a limited number of nodes are protected against the attack while the system observability is satisfied. Under such scenarios, a wide range of experiments has been conducted to evaluate the performance considering IEEE 14-bus, 24 bus-reliability test system, 85-bus, 141-bus and 145-bus test systems. Results show that by ensuring the protection of around 25% of the total nodes, the IIoT-SCADA enabled energy grid can be protected against injection attacks while observability of the network is well-maintained.

This SQL injection attack is one of the common means for hackers to attack database. With the development of B/S mode application development, more and more programmers use this mode to write applications. However, due to the uneven level and experience of programmers, a considerable number of programmers do not judge the legitimacy of user input data when writing code, which makes the application security risks. Users can submit a database query code and get some data they want to know according to the results of the program. SQL injection attack belongs to one of the means of database security attack. It can be effectively protected by database security protection technology. This paper introduces the principle of SQL injection, the main form of SQL injection attack, the types of injection attack, and how to prevent SQL injection. Discussed and illustrated with examples.

Industrial Internet of Things (IIoT) is a trend of the smart industry. By collecting field data from sensors, the industry can make decisions dynamically in time for better performance. In most cases, IIoT is built on private networks and cannot be reached from the Internet. Currently, data transmission in most of IIoT network protocols is in plaintext without encryption protection. Once an attacker breaks into the field, the attacker can intercept data and injects malicious commands to field agents. In this paper, we propose a compound approach for defending command injection attacks in IIOT. First, we leverage the power of Software Defined Networking (SDN) to detect the injection attack. When the injection attack event is detected, the system owner is alarmed that someone tries to pretend a controller or a field agent to deceive the other entity. Second, we develop a lightweight authentication scheme to ensure the identity of the command sender. Command receiver can verify commands first before processing commands.