This page has only limited features, please log in for full access.
Carefully-crafted attackers usually collect sufficient information regarding cyber-physical system (CPS) resources from accessible network communications before performing destructive activities. If these sophisticated cyberattacks like false data injection attack (FDIA) are developed, they are typically stealthy and barely detectable through general passive defense approaches. In this paper, we propose a network-based multidimensional moving target defense (NMMTD) mechanism for power system, which focuses on disrupting the development of FDIA in the preparation stage. We extend the attack space into multiple dimensions by randomizing data acquisitions in multiple rounds. In each round, we increase apparent complexity and uncertainty in network communications with different controlled changes. To reduce the traffic burden, we include the packet dropping policy in NMMTD for transparent network transmission. We demonstrate the effectiveness of NMMTD in preventing the attacker from intercepting data packets and securing power system against FDIA with little impact on both network and system performances.
Yifan Hu; Peng Xun; Peidong Zhu; Yinqiao Xiong; Yufei Zhu; Weiheng Shi; Chenxi Hu. Network-based multidimensional moving target defense against false data injection attack in power system. Computers & Security 2021, 107, 102283 .
AMA StyleYifan Hu, Peng Xun, Peidong Zhu, Yinqiao Xiong, Yufei Zhu, Weiheng Shi, Chenxi Hu. Network-based multidimensional moving target defense against false data injection attack in power system. Computers & Security. 2021; 107 ():102283.
Chicago/Turabian StyleYifan Hu; Peng Xun; Peidong Zhu; Yinqiao Xiong; Yufei Zhu; Weiheng Shi; Chenxi Hu. 2021. "Network-based multidimensional moving target defense against false data injection attack in power system." Computers & Security 107, no. : 102283.
A large-scale Cyber-Physical System (CPS) such as a smart grid usually provides service to a vast number of users as a public utility. Security is one of the most vital aspects in such critical infrastructures. The existing CPS security usually considers the attack from the information domain to the physical domain, such as injecting false data to damage sensing. Social Collective Attack on CPS (SCAC) is proposed as a new kind of attack that intrudes into the social domain and manipulates the collective behavior of social users to disrupt the physical subsystem. To provide a systematic description framework for such threats, we extend MITRE ATT&CK, the most used cyber adversary behavior modeling framework, to cover social, cyber, and physical domains. We discuss how the disinformation may be constructed and eventually leads to physical system malfunction through the social-cyber-physical interfaces, and we analyze how the adversaries launch disinformation attacks to better manipulate collective behavior. Finally, simulation analysis of SCAC in a smart grid is provided to demonstrate the possibility of such an attack.
Peidong Zhu; Peng Xun; Yifan Hu; Yinqiao Xiong. Social Collective Attack Model and Procedures for Large-Scale Cyber-Physical Systems. Sensors 2021, 21, 991 .
AMA StylePeidong Zhu, Peng Xun, Yifan Hu, Yinqiao Xiong. Social Collective Attack Model and Procedures for Large-Scale Cyber-Physical Systems. Sensors. 2021; 21 (3):991.
Chicago/Turabian StylePeidong Zhu; Peng Xun; Yifan Hu; Yinqiao Xiong. 2021. "Social Collective Attack Model and Procedures for Large-Scale Cyber-Physical Systems." Sensors 21, no. 3: 991.
False data injection (FDI) attack is a hot topic in cyber-physical systems (CPSs). Attackers inject bad data into sensors or return false data to the controller to cause the inaccurate state estimation. Although there exists many detection approaches, such as bad data detector (BDD), sequence pattern mining, and machine learning methods, a smart attacker still can inject perfectly false data to go undetected. In this paper, we focus on the advanced false data injection (AFDI) attack and its detection method. An AFDI attack refers to the attack where a malicious entity accurately and successively changes sensory data, making the normal system state continuously evaluated as other legal system states, causing wrong outflow of controllers. The attack can lead to an automatic and long-term system failure/performance degradation. We first depict the AFDI attack model and analyze limitations of existing detectors for detecting AFDI. Second, we develop an approach based on machine learning, which utilizes the k-Nearest Neighbor (KNN) technique and heterogeneous data including sensory data and system commands to implement a classifier for detecting AFDI attacks. Finally, simulation experiments are given to demonstrate AFDI attack impact and the effectiveness of the proposed method for detecting AFDI attacks.
Wenping Deng; Ziyu Yang; Peng Xun; Peidong Zhu; Baosheng Wang. Advanced Bad Data Injection Attack and Its Migration in Cyber-Physical Systems. Electronics 2019, 8, 941 .
AMA StyleWenping Deng, Ziyu Yang, Peng Xun, Peidong Zhu, Baosheng Wang. Advanced Bad Data Injection Attack and Its Migration in Cyber-Physical Systems. Electronics. 2019; 8 (9):941.
Chicago/Turabian StyleWenping Deng; Ziyu Yang; Peng Xun; Peidong Zhu; Baosheng Wang. 2019. "Advanced Bad Data Injection Attack and Its Migration in Cyber-Physical Systems." Electronics 8, no. 9: 941.
Previous studies have demonstrated that false commands can cause severe damage to large-scale cyber-physical systems (CPSs). We focus on a kind of threat called false sequential command attack, with which attackers can generate false sequential commands, resulting in the illegal control of the physical process. We present a feasible attack model. Attackers delay the disaggregation of former commands by manipulating maliciously sub-controllers. Simultaneously, bad feedback data is injected to defeat the controller to issue latter commands. Thus, false command sequence is executed and the disruption of physical process can be obtained. It is also difficult for the detector to identify such attacks as injecting bad data. We also discuss other possible attack paths and analyze the corresponding disadvantages. Compared with other paths, the proposed model is more feasible and has more difficulties to be detected. A case study is given to validate the feasibility and effectiveness of proposed false sequential command attack model. Finally, we discuss the possible countermeasure.
Yinqiao Xiong; Ziyu Yang; Baoyao Wang; Peng Xun; Tiantian Deng. False Sequential Command Attack of Large-Scale Cyber-Physical Systems. Electronics 2018, 7, 176 .
AMA StyleYinqiao Xiong, Ziyu Yang, Baoyao Wang, Peng Xun, Tiantian Deng. False Sequential Command Attack of Large-Scale Cyber-Physical Systems. Electronics. 2018; 7 (9):176.
Chicago/Turabian StyleYinqiao Xiong; Ziyu Yang; Baoyao Wang; Peng Xun; Tiantian Deng. 2018. "False Sequential Command Attack of Large-Scale Cyber-Physical Systems." Electronics 7, no. 9: 176.
Machine learning algorithms have been increasingly adopted in Intrusion Detection Systems (IDSs) and achieved demonstrable results, but few studies have considered intrinsic vulnerabilities of these algorithms in adversarial environment. In our work, we adopt poisoning attack to influence the accuracy of wireless IDSs that adopt feature selection algorithms. Specifically, we adopt the gradient poisoning method to generate adversarial examples which induce classifier to select a feature subset to make the classification error rate biggest. We consider the box-constrained problem and use Lagrange multiplier and backtracking line search to find the feasible gradient. To evaluate our method, we experimentally demonstrate that our attack method can influence machine learning, including filter and embedded feature selection algorithms using three benchmark network public datasets and a wireless sensor network dataset, i.e., KDD99, NSL-KDD, Kyoto 2006+ and WSN-DS. Our results manifest that gradient poisoning method causes a significant drop in the classification accuracy of IDSs about 20%.
Yifan Dong; Peidong Zhu; Qiang Liu; Yingwen Chen; Peng Xun. Degrading Detection Performance of Wireless IDSs Through Poisoning Feature Selection. Privacy Enhancing Technologies 2018, 90 -102.
AMA StyleYifan Dong, Peidong Zhu, Qiang Liu, Yingwen Chen, Peng Xun. Degrading Detection Performance of Wireless IDSs Through Poisoning Feature Selection. Privacy Enhancing Technologies. 2018; ():90-102.
Chicago/Turabian StyleYifan Dong; Peidong Zhu; Qiang Liu; Yingwen Chen; Peng Xun. 2018. "Degrading Detection Performance of Wireless IDSs Through Poisoning Feature Selection." Privacy Enhancing Technologies , no. : 90-102.
False data injection (FDI) attack is a hot topic in large-scale Cyber-Physical Systems (CPSs), which can cause bad state estimation of controllers. In this paper, we focus on FDI detection on transmission lines of the smart grid. We propose a novel and effective detection framework to identify FDI attacks. Different from the previous methods, there are multi-tier detectors which utilize edge nodes such as the programmable logic controllers (PLCs) instead of the central controller to detect attacks. The proposed framework can decrease the transmission time of data to reduce the latency of decisions because many sensory data need not be transmitted to the central controller for detection. We also develop a detection algorithm which utilizes classifiers based on machine learning to identify FDI. The training process is split from every edge node and is placed on the central node. The detectors are lightweight and are properly adopted in our detection framework. Our simulation experiments show that the proposed detection framework can provide better detection results than the existing detection approaches.
Peng Xun; Peidong Zhu; Zhenyu Zhang; Pengshuai Cui; Yinqiao Xiong. Detectors on Edge Nodes against False Data Injection on Transmission Lines of Smart Grid. Electronics 2018, 7, 89 .
AMA StylePeng Xun, Peidong Zhu, Zhenyu Zhang, Pengshuai Cui, Yinqiao Xiong. Detectors on Edge Nodes against False Data Injection on Transmission Lines of Smart Grid. Electronics. 2018; 7 (6):89.
Chicago/Turabian StylePeng Xun; Peidong Zhu; Zhenyu Zhang; Pengshuai Cui; Yinqiao Xiong. 2018. "Detectors on Edge Nodes against False Data Injection on Transmission Lines of Smart Grid." Electronics 7, no. 6: 89.
In smart grid, a malicious entity can launch a direct load altering attack by injecting false commands into aggregators responsible for direct load control. It may remotely manipulate load, causing deviation in the operating frequency, and consequently lead to disruption in the system. In this paper, we mainly focus on the successive direct load altering attack, with which the attacker can continuously manipulate aggregators to achieve the larger impact. In addition to resulting in a larger impact, it is difficult for the controllers to detect such attacks as the attackers can inject false data to contaminate feedback data from aggregators to controllers. We present an attack model, and our analysis in this paper is from an attacker’s perspective. Our model and analysis can serve as an important component also in the future for designing the counter strategies to such attacks. We propose a new frequency response model, which shows changes of the frequency undergoing a successive direct load altering attack. Attackers can utilize this model to analyze the impact of an attack sequence. Considering that attack sequences with different false commands can result in different levels of impact, we develop a three-step optimization method to analyze and find the optimal attack sequence. Our simulation results validate the feasibility and effectiveness of the successive direct load altering attacks.
Peng Xun; Pei-Dong Zhu; Sabita Maharjan; Peng-Shuai Cui. Successive direct load altering attack in smart grid. Computers & Security 2018, 77, 79 -93.
AMA StylePeng Xun, Pei-Dong Zhu, Sabita Maharjan, Peng-Shuai Cui. Successive direct load altering attack in smart grid. Computers & Security. 2018; 77 ():79-93.
Chicago/Turabian StylePeng Xun; Pei-Dong Zhu; Sabita Maharjan; Peng-Shuai Cui. 2018. "Successive direct load altering attack in smart grid." Computers & Security 77, no. : 79-93.
The security of power grid is of great importance for the development of modern society, and the balance of supply and demand is critical to ensure the reliability and security. Smart appliances, which are important parts of smart grid and can help balance the supply and demand. The load scheduling can decide whether the appliances should be running or resting at some point, and the load scheduling of thermostatical house-hold appliances can help securing the smart grid when abrupt changes occur. However, the load scheduling should be user-friendly, which have been ignored in many researches. In this paper, user-friendliness indicators of a load scheduling are given. We propose a load scheduling of thermostatical house-hold appliances against abrupt changes in smart grid, and each appliance is treated as an agent. Each agent chooses to run or rest based on the state of the smart grid and its own state. The simulation results show that the load scheduling we propose is user-friendly and can keep the smart grid in a safe state.
Pengshuai Cui; Lu Feng; Peng Xun; Peidong Zhu; Pengshaui Cui. Load Scheduling of Thermostatical House-Hold Appliances Against Abrupt Changes in Smart Grid. 2017 10th International Symposium on Computational Intelligence and Design (ISCID) 2017, 1, 470 -475.
AMA StylePengshuai Cui, Lu Feng, Peng Xun, Peidong Zhu, Pengshaui Cui. Load Scheduling of Thermostatical House-Hold Appliances Against Abrupt Changes in Smart Grid. 2017 10th International Symposium on Computational Intelligence and Design (ISCID). 2017; 1 ():470-475.
Chicago/Turabian StylePengshuai Cui; Lu Feng; Peng Xun; Peidong Zhu; Pengshaui Cui. 2017. "Load Scheduling of Thermostatical House-Hold Appliances Against Abrupt Changes in Smart Grid." 2017 10th International Symposium on Computational Intelligence and Design (ISCID) 1, no. : 470-475.
A cyber-physical attack in the industrial Internet of Things can cause severe damage to physical system. In this paper, we focus on the command disaggregation attack, wherein attackers modify disaggregated commands by intruding command aggregators like programmable logic controllers, and then maliciously manipulate the physical process. It is necessary to investigate these attacks, analyze their impact on the physical process, and seek effective detection mechanisms. We depict two different types of command disaggregation attack modes: (1) the command sequence is disordered and (2) disaggregated sub-commands are allocated to wrong actuators. We describe three attack models to implement these modes with going undetected by existing detection methods. A novel and effective framework is provided to detect command disaggregation attacks. The framework utilizes the correlations among two-tier command sequences, including commands from the output of central controller and sub-commands from the input of actuators, to detect attacks before disruptions occur. We have designed components of the framework and explain how to mine and use these correlations to detect attacks. We present two case studies to validate different levels of impact from various attack models and the effectiveness of the detection framework. Finally, we discuss how to enhance the detection framework.
Peng Xun; Pei-Dong Zhu; Yi-Fan Hu; Peng-Shuai Cui; Yan Zhang. Command Disaggregation Attack and Mitigation in Industrial Internet of Things. Sensors 2017, 17, 2408 .
AMA StylePeng Xun, Pei-Dong Zhu, Yi-Fan Hu, Peng-Shuai Cui, Yan Zhang. Command Disaggregation Attack and Mitigation in Industrial Internet of Things. Sensors. 2017; 17 (10):2408.
Chicago/Turabian StylePeng Xun; Pei-Dong Zhu; Yi-Fan Hu; Peng-Shuai Cui; Yan Zhang. 2017. "Command Disaggregation Attack and Mitigation in Industrial Internet of Things." Sensors 17, no. 10: 2408.
In this paper, we propose two dependence link addition strategies to enhance the robustness of interdependent Cyber-Physical Systems. One is based on intra-degree and receiving capability difference and the other is based on intra-degree and receiving capability ratio. Numerical simulations demonstrate that the two strategies are better than adding dependence links randomly.
Pengshuai Cui; Peidong Zhu; Peng Xun; Zhuoqun Xia. Enhance the robustness of cyber-physical systems by adding interdependency. 2017 IEEE International Conference on Intelligence and Security Informatics (ISI) 2017, 203 -203.
AMA StylePengshuai Cui, Peidong Zhu, Peng Xun, Zhuoqun Xia. Enhance the robustness of cyber-physical systems by adding interdependency. 2017 IEEE International Conference on Intelligence and Security Informatics (ISI). 2017; ():203-203.
Chicago/Turabian StylePengshuai Cui; Peidong Zhu; Peng Xun; Zhuoqun Xia. 2017. "Enhance the robustness of cyber-physical systems by adding interdependency." 2017 IEEE International Conference on Intelligence and Security Informatics (ISI) , no. : 203-203.
Ke Wang; Peidong Zhu; Peng Xun; Bowen Shang. An experimental study: An interpretative division method on principal component analysis. Journal of Intelligent & Fuzzy Systems 2017, 33, 445 -455.
AMA StyleKe Wang, Peidong Zhu, Peng Xun, Bowen Shang. An experimental study: An interpretative division method on principal component analysis. Journal of Intelligent & Fuzzy Systems. 2017; 33 (1):445-455.
Chicago/Turabian StyleKe Wang; Peidong Zhu; Peng Xun; Bowen Shang. 2017. "An experimental study: An interpretative division method on principal component analysis." Journal of Intelligent & Fuzzy Systems 33, no. 1: 445-455.
Skyline computation is particularly useful in multi‐criteria decision‐making applications. However, it is inadequate to answer queries that need to analyze not only individual points but also groups of points. Compared to the traditional skyline computation, computing group‐based skyline is much more complicated and expensive. This computational challenge promotes us to use modern computing platforms to accelerate the computation. In this paper, we introduce a novel multi‐core algorithm to compute group‐based skyline. We first compute the skyline layers of a data set in parallel, which are a critical intermediate result. In the algorithm, we maintain an efficiently updatable data structure for the shared global skyline layers, which is used to minimize dominance tests and maintain high throughput. Then we design an efficient parallel algorithm to find group‐based skyline based on the skyline layers. Extensive experimental results on real and synthetic data sets show that our algorithms achieve 10‐fold speedup with 16 parallel threads over state‐of‐the‐art sequential algorithms on challenging workloads.
Haoyang Zhu; Peidong Zhu; Xiaoyong Li; Qiang Liu; Peng Xun. Parallelization of group-based skyline computation for multi-core processors. Concurrency and Computation: Practice and Experience 2017, 29, e4195 .
AMA StyleHaoyang Zhu, Peidong Zhu, Xiaoyong Li, Qiang Liu, Peng Xun. Parallelization of group-based skyline computation for multi-core processors. Concurrency and Computation: Practice and Experience. 2017; 29 (18):e4195.
Chicago/Turabian StyleHaoyang Zhu; Peidong Zhu; Xiaoyong Li; Qiang Liu; Peng Xun. 2017. "Parallelization of group-based skyline computation for multi-core processors." Concurrency and Computation: Practice and Experience 29, no. 18: e4195.
With the increase of systems' complexity, exception detection becomes more important and difficult. For most complex systems, like cloud platform, exception detection is mainly conducted by analyzing a large amount of telemetry data collected from systems at runtime. Time series data and events data are two major types of telemetry data. Techniques of correlation analysis are important tools that are widely used by engineers for data-driven exception detection. Despite their importance, there has been little previous work addressing the correlations between two types of heterogeneous data for exception detection: continuous time series data and temporal events data. In this paper, we propose an approach to discovery the correlation between multi-type time series data and multi-type events data. Correlations between multi-type events data and multi-type time series data are used to detect systems' exceptions. Our experimental results on real data sets demonstrate the effectiveness of our method for exception detection.
Peng Xun; Pei-Dong Zhu; Cun-Lu Li; Hao-Yang Zhu. Discovering Multi-type Correlated Events with Time Series for Exception Detection of Complex Systems. 2016 IEEE 16th International Conference on Data Mining Workshops (ICDMW) 2016, 21 -28.
AMA StylePeng Xun, Pei-Dong Zhu, Cun-Lu Li, Hao-Yang Zhu. Discovering Multi-type Correlated Events with Time Series for Exception Detection of Complex Systems. 2016 IEEE 16th International Conference on Data Mining Workshops (ICDMW). 2016; ():21-28.
Chicago/Turabian StylePeng Xun; Pei-Dong Zhu; Cun-Lu Li; Hao-Yang Zhu. 2016. "Discovering Multi-type Correlated Events with Time Series for Exception Detection of Complex Systems." 2016 IEEE 16th International Conference on Data Mining Workshops (ICDMW) , no. : 21-28.