Biblio

Cyber-physical systems (CPS) maintain operation, reliability, and safety performance using state estimation and control methods. Internet connectivity and Internet of Things (IoT) devices are integrated with CPS, such as in smart grids. This integration of Operational Technology (OT) and Information Technology (IT) brings with it challenges for state estimation and exposure to cyber-threats. This research establishes a state estimation baseline, details the integration of IT, evaluates the vulnerabilities, and develops an approach for detecting and responding to cyber-attack data injections. Where other approaches focus on integration of IT cyber-controls, this research focuses on development of classification tools using data currently available in state estimation methods to quantitatively determine the presence of cyber-attack data. The tools may increase computational requirements but provide methods which can be integrated with existing state estimation methods and provide for future research in state estimation based cyber-attack incident response. A robust cyber-resilient CPS includes the ability to detect and classify a cyber-attack, determine the true system state, and respond to the cyber-attack. The purpose of this paper is to establish a means for a cyber aware state estimator given the existence of sub-erroneous outlier detection, cyber-attack data weighting, cyber-attack data classification, and state estimation cyber detection.

One of the effective ways of detecting malicious traffic in computer networks is intrusion detection systems (IDS). Though IDS identify malicious activities in a network, it might be difficult to detect distributed or coordinated attacks because they only have single vantage point. To combat this problem, cooperative intrusion detection system was proposed. In this detection system, nodes exchange attack features or signatures with a view of detecting an attack that has previously been detected by one of the other nodes in the system. Exchanging of attack features is necessary because a zero-day attacks (attacks without known signature) experienced in different locations are not the same. Although this solution enhanced the ability of a single IDS to respond to attacks that have been previously identified by cooperating nodes, malicious activities such as fake data injection, data manipulation or deletion and data consistency are problems threatening this approach. In this paper, we propose a solution that leverages blockchain's distributive technology, tamper-proof ability and data immutability to detect and prevent malicious activities and solve data consistency problems facing cooperative intrusion detection. Focusing on extraction, storage and distribution stages of cooperative intrusion detection, we develop a blockchain-based solution that securely extracts features or signatures, adds extra verification step, makes storage of these signatures and features distributive and data sharing secured. Performance evaluation of the system with respect to its response time and resistance to the features/signatures injection is presented. The result shows that the proposed solution prevents stored attack features or signature against malicious data injection, manipulation or deletion and has low latency.