This page has only limited features, please log in for full access.
Carefully-crafted attackers usually collect sufficient information regarding cyber-physical system (CPS) resources from accessible network communications before performing destructive activities. If these sophisticated cyberattacks like false data injection attack (FDIA) are developed, they are typically stealthy and barely detectable through general passive defense approaches. In this paper, we propose a network-based multidimensional moving target defense (NMMTD) mechanism for power system, which focuses on disrupting the development of FDIA in the preparation stage. We extend the attack space into multiple dimensions by randomizing data acquisitions in multiple rounds. In each round, we increase apparent complexity and uncertainty in network communications with different controlled changes. To reduce the traffic burden, we include the packet dropping policy in NMMTD for transparent network transmission. We demonstrate the effectiveness of NMMTD in preventing the attacker from intercepting data packets and securing power system against FDIA with little impact on both network and system performances.
Yifan Hu; Peng Xun; Peidong Zhu; Yinqiao Xiong; Yufei Zhu; Weiheng Shi; Chenxi Hu. Network-based multidimensional moving target defense against false data injection attack in power system. Computers & Security 2021, 107, 102283 .
AMA StyleYifan Hu, Peng Xun, Peidong Zhu, Yinqiao Xiong, Yufei Zhu, Weiheng Shi, Chenxi Hu. Network-based multidimensional moving target defense against false data injection attack in power system. Computers & Security. 2021; 107 ():102283.
Chicago/Turabian StyleYifan Hu; Peng Xun; Peidong Zhu; Yinqiao Xiong; Yufei Zhu; Weiheng Shi; Chenxi Hu. 2021. "Network-based multidimensional moving target defense against false data injection attack in power system." Computers & Security 107, no. : 102283.
Machine learning algorithms have been increasingly adopted in Intrusion Detection Systems (IDSs) and achieved demonstrable results, but few studies have considered intrinsic vulnerabilities of these algorithms in adversarial environment. In our work, we adopt poisoning attack to influence the accuracy of wireless IDSs that adopt feature selection algorithms. Specifically, we adopt the gradient poisoning method to generate adversarial examples which induce classifier to select a feature subset to make the classification error rate biggest. We consider the box-constrained problem and use Lagrange multiplier and backtracking line search to find the feasible gradient. To evaluate our method, we experimentally demonstrate that our attack method can influence machine learning, including filter and embedded feature selection algorithms using three benchmark network public datasets and a wireless sensor network dataset, i.e., KDD99, NSL-KDD, Kyoto 2006+ and WSN-DS. Our results manifest that gradient poisoning method causes a significant drop in the classification accuracy of IDSs about 20%.
Yifan Dong; Peidong Zhu; Qiang Liu; Yingwen Chen; Peng Xun. Degrading Detection Performance of Wireless IDSs Through Poisoning Feature Selection. Privacy Enhancing Technologies 2018, 90 -102.
AMA StyleYifan Dong, Peidong Zhu, Qiang Liu, Yingwen Chen, Peng Xun. Degrading Detection Performance of Wireless IDSs Through Poisoning Feature Selection. Privacy Enhancing Technologies. 2018; ():90-102.
Chicago/Turabian StyleYifan Dong; Peidong Zhu; Qiang Liu; Yingwen Chen; Peng Xun. 2018. "Degrading Detection Performance of Wireless IDSs Through Poisoning Feature Selection." Privacy Enhancing Technologies , no. : 90-102.
False data injection (FDI) attack is a hot topic in large-scale Cyber-Physical Systems (CPSs), which can cause bad state estimation of controllers. In this paper, we focus on FDI detection on transmission lines of the smart grid. We propose a novel and effective detection framework to identify FDI attacks. Different from the previous methods, there are multi-tier detectors which utilize edge nodes such as the programmable logic controllers (PLCs) instead of the central controller to detect attacks. The proposed framework can decrease the transmission time of data to reduce the latency of decisions because many sensory data need not be transmitted to the central controller for detection. We also develop a detection algorithm which utilizes classifiers based on machine learning to identify FDI. The training process is split from every edge node and is placed on the central node. The detectors are lightweight and are properly adopted in our detection framework. Our simulation experiments show that the proposed detection framework can provide better detection results than the existing detection approaches.
Peng Xun; Peidong Zhu; Zhenyu Zhang; Pengshuai Cui; Yinqiao Xiong. Detectors on Edge Nodes against False Data Injection on Transmission Lines of Smart Grid. Electronics 2018, 7, 89 .
AMA StylePeng Xun, Peidong Zhu, Zhenyu Zhang, Pengshuai Cui, Yinqiao Xiong. Detectors on Edge Nodes against False Data Injection on Transmission Lines of Smart Grid. Electronics. 2018; 7 (6):89.
Chicago/Turabian StylePeng Xun; Peidong Zhu; Zhenyu Zhang; Pengshuai Cui; Yinqiao Xiong. 2018. "Detectors on Edge Nodes against False Data Injection on Transmission Lines of Smart Grid." Electronics 7, no. 6: 89.
The near-repeat effect is a well-known phenomenon in crime analysis. The classic research methods focus on two aspects. One is the geographical factor, which indicates the influence of a certain crime risk on other similar crime incidents in nearby places. The other is the social network, which demonstrates the contacts of the offenders and explain ”near” as degrees instead of geographic distances. In our work, these coarse-grained patterns discovering methods are summarized as bundled-clues techniques. In this paper, we propose a knotted-clues method. Adopting a data science perspective, we make use of a data interpretative technology and discover that the near-repeat effect is not always so near in geographic or network structure. With this approach, we analyze the near-repeat patterns in all districts of the dataset, as well as in different crime types. Using open source data from Crimes in Chicago provided by Chicago Police Department, we find interesting relationships and patterns with our mining method, which have a positive effect on police deployment and decision making.
Ke Wang; Zhiping Cai; Peidong Zhu; Pengshuai Cui; Haoyang Zhu; Yangyang Li. Adopting data interpretation on mining fine-grained near-repeat patterns in crimes. Journal of Forensic and Legal Medicine 2018, 55, 76 -86.
AMA StyleKe Wang, Zhiping Cai, Peidong Zhu, Pengshuai Cui, Haoyang Zhu, Yangyang Li. Adopting data interpretation on mining fine-grained near-repeat patterns in crimes. Journal of Forensic and Legal Medicine. 2018; 55 ():76-86.
Chicago/Turabian StyleKe Wang; Zhiping Cai; Peidong Zhu; Pengshuai Cui; Haoyang Zhu; Yangyang Li. 2018. "Adopting data interpretation on mining fine-grained near-repeat patterns in crimes." Journal of Forensic and Legal Medicine 55, no. : 76-86.
A cyber-physical attack in the industrial Internet of Things can cause severe damage to physical system. In this paper, we focus on the command disaggregation attack, wherein attackers modify disaggregated commands by intruding command aggregators like programmable logic controllers, and then maliciously manipulate the physical process. It is necessary to investigate these attacks, analyze their impact on the physical process, and seek effective detection mechanisms. We depict two different types of command disaggregation attack modes: (1) the command sequence is disordered and (2) disaggregated sub-commands are allocated to wrong actuators. We describe three attack models to implement these modes with going undetected by existing detection methods. A novel and effective framework is provided to detect command disaggregation attacks. The framework utilizes the correlations among two-tier command sequences, including commands from the output of central controller and sub-commands from the input of actuators, to detect attacks before disruptions occur. We have designed components of the framework and explain how to mine and use these correlations to detect attacks. We present two case studies to validate different levels of impact from various attack models and the effectiveness of the detection framework. Finally, we discuss how to enhance the detection framework.
Peng Xun; Pei-Dong Zhu; Yi-Fan Hu; Peng-Shuai Cui; Yan Zhang. Command Disaggregation Attack and Mitigation in Industrial Internet of Things. Sensors 2017, 17, 2408 .
AMA StylePeng Xun, Pei-Dong Zhu, Yi-Fan Hu, Peng-Shuai Cui, Yan Zhang. Command Disaggregation Attack and Mitigation in Industrial Internet of Things. Sensors. 2017; 17 (10):2408.
Chicago/Turabian StylePeng Xun; Pei-Dong Zhu; Yi-Fan Hu; Peng-Shuai Cui; Yan Zhang. 2017. "Command Disaggregation Attack and Mitigation in Industrial Internet of Things." Sensors 17, no. 10: 2408.