Biblio
The cluster-featured conurbation cyber-physical power system (CPPS) interconnected with tie-lines facing the hazards from catastrophic cascading failures. To achieve better real-time performance, enhance the autonomous ability and improve resilience for the clustered conurbation CPPS, the decentralized cyber structure and the corresponding distributed security control strategy is proposed. Facing failures, the real-time security control is incorporated to mitigate cascading failures. The distributed security control problem is solved reliably based on alternating direction method of multipliers (ADMM). The system overall resilience degradation index(SORDI) adopted reflects the influence of cascading failures on both the topological integrity and operational security. The case study illustrates the decentralized cyber layer and distributed control will decrease the data congestion and enhance the autonomous ability for clusters, thus perform better effectiveness in mitigating the cascading failures, especially in topological perspective. With the proposed distributed security control strategy, curves of SORDI show more characteristics of second-order percolation transition and the cascading failure threshold increase, which is more efficient when the initial failure size is near the threshold values or step-type inflection point. Because of the feature of geological aggregation under cluster-based attack, the efficiency of the cluster-focused distributed security control strategy is more obvious than other nodes attack circumstances.
Many IoT devices are part of fixed critical infrastructure, where the mere act of moving an IoT device may constitute an attack. Moving pressure, chemical and radiation sensors in a factory can have devastating consequences. Relocating roadside speed sensors, or smart meters without knowledge of command and control center can similarly wreck havoc. Consequently, authenticating geolocation of IoT devices is an important problem. Unfortunately, an IoT device itself may be compromised by an adversary. Hence, location information from the IoT device cannot be trusted. Thus, we have to rely on infrastructure to obtain a proximal location. Infrastructure routers may similarly be compromised. Therefore, there must be a way to authenticate trusted routers remotely. Unfortunately, IP packets may be blocked, hijacked or forged by an adversary. Therefore IP packets are not trustworthy either. Thus, we resort to covert channels for authenticating Internet packet routers as an intermediate step towards proximal geolocation of IoT devices. Several techniques have been proposed in the literature to obtain the geolocation of an edge device, but it has been shown that a knowledgeable adversary can circumvent these techniques. In this paper, we survey the state-of-the-art geolocation techniques and corresponding adversarial countermeasures to evade geolocation to justify the use of covert channels on networks. We propose a technique for determining proximal geolocation using covert channel. Challenges and directions for future work are also explored.
Botnets are the most common vehicle of cyber-criminal activity. They are used for spamming, phishing, denial-of-service attacks, brute-force cracking, stealing private information, and cyber warfare. Botnets carry out network scans for several reasons, including searching for vulnerable machines to infect and recruit into the botnet, probing networks for enumeration or penetration, etc. We present the measurement and analysis of a horizontal scan of the entire IPv4 address space conducted by the Sality botnet in February 2011. This 12-day scan originated from approximately 3 million distinct IP addresses and used a heavily coordinated and unusually covert scanning strategy to try to discover and compromise VoIP-related (SIP server) infrastructure. We observed this event through the UCSD Network Telescope, a /8 darknet continuously receiving large amounts of unsolicited traffic, and we correlate this traffic data with other public sources of data to validate our inferences. Sality is one of the largest botnets ever identified by researchers. Its behavior represents ominous advances in the evolution of modern malware: the use of more sophisticated stealth scanning strategies by millions of coordinated bots, targeting critical voice communications infrastructure. This paper offers a detailed dissection of the botnet's scanning behavior, including general methods to correlate, visualize, and extrapolate botnet behavior across the global Internet.