Visible to the public Vulnerability Detection 2015Conflict Detection Enabled

SoS Newsletter- Advanced Book Block

SoS Logo

Vulnerability Detection 2015

Vulnerability detection is a topic for which a great deal of research is being done. For the Science of Security community, vulnerability detection research is relevant to human behavior, resiliency, compositionality, and metrics. The work cited here was presented during 2015.

Antunes, N.; Vieira, M., "On the Metrics for Benchmarking Vulnerability Detection Tools," in Dependable Systems and Networks (DSN), 2015 45th Annual IEEE/IFIP International Conference on, pp. 505-516, 22-25 June 2015. doi: 10.1109/DSN.2015.30

Abstract: Research and practice show that the effectiveness of vulnerability detection tools depends on the concrete use scenario. Benchmarking can be used for selecting the most appropriate tool, helping assessing and comparing alternative solutions, but its effectiveness largely depends on the adequacy of the metrics. This paper studies the problem of selecting the metrics to be used in a benchmark for software vulnerability detection tools. First, a large set of metrics is gathered and analyzed according to the characteristics of a good metric for the vulnerability detection domain. Afterwards, the metrics are analyzed in the context of specific vulnerability detection scenarios to understand their effectiveness and to select the most adequate one for each scenario. Finally, an MCDA algorithm together with experts' judgment is applied to validate the conclusions. Results show that although some of the metrics traditionally used like precision and recall are adequate in some scenarios, others require alternative metrics that are seldom used in the benchmarking area.

Keywords: invasive software; software metrics; MCDA algorithm; alternative metrics; benchmarking vulnerability detection tool; software metrics; software vulnerability detection tool; Benchmark testing; Concrete; Context; Measurement; Security; Standards; Automated Tools; Benchmarking; Security Metrics; Software Vulnerabilities; Vulnerability Detection (ID#: 15-8084)


Casola, V.; De Benedictis, A.; Rak, M., "Security Monitoring in the Cloud: An SLA-Based Approach," in Availability, Reliability and Security (ARES), 2015 10th International Conference on, pp. 749-755, 24-27 Aug. 2015. doi: 10.1109/ARES.2015.74

Abstract: In this paper we present a monitoring architecture that is automatically configured and activated based on a signed Security SLA. Such monitoring architecture integrates different security-related monitoring tools (either developed ad-hoc or already available as open-source or commercial products) to collect measurements related to specific metrics associated with the set of security Service Level Objectives (SLOs) that have been specified in the Security SLA. To demonstrate our approach, we discuss a case study related to detection and management of vulnerabilities and illustrate the integration of the popular open source monitoring system Open VAS into our monitoring architecture. We show how the system is configured and activated by means of available Cloud automation technologies and provide a concrete example of related SLOs and metrics.

Keywords: cloud computing; contracts; public domain software; security of data; system monitoring; OpenVAS; SLA-based approach; SLO; cloud automation technologies; monitoring architecture; open source monitoring system; open-source products; security monitoring; security service level objectives; security-related monitoring tools; signed security SLA; vulnerability management; Automation; Computer architecture; Measurement; Monitoring; Protocols; Security; Servers; Cloud security monitoring; Open VAS; Security Service Level Agreements; vulnerability monitoring (ID#: 15-8085)


Combita, Luis F.; Giraldo, Jairo; Cardenas, Alvaro A.; Quijano, Nicanor, "Response and Reconfiguration of Cyber-Physical Control Systems: A Survey," in Automatic Control (CCAC), 2015 IEEE 2nd Colombian Conference on, pp. 1-6, 14-16 Oct. 2015. doi: 10.1109/CCAC.2015.7345181

Abstract: The integration of physical systems with distributed embedded computing and communication devices offers advantages on reliability, efficiency, and maintenance. At the same time, these embedded computers are susceptible to cyber-attacks that can harm the performance of the physical system, or even drive the system to an unsafe state; therefore, it is necessary to deploy security mechanisms that are able to automatically detect, isolate, and respond to potential attacks. Detection and isolation mechanisms have been widely studied for different types of attacks; however, automatic response to attacks has attracted considerably less attention. Our goal in this paper is to identify trends and recent results on how to respond and reconfigure a system under attack, and to identify limitations and open problems. We have found two main types of attack protection: i) preventive, which identifies the vulnerabilities in a control system and then increases its resiliency by modifying either control parameters or the redundancy of devices; ii) reactive, which responds as soon as the attack is detected (e.g., modifying the non-compromised controller actions).

Keywords: Actuators; Game theory; Games; Security; Sensor systems (ID#: 15-8086)


Muntean, P.; Rabbi, A.; Ibing, A.; Eckert, C., "Automated Detection of Information Flow Vulnerabilities in UML State Charts and C Code," in Software Quality, Reliability and Security - Companion (QRS-C), 2015 IEEE International Conference on, pp. 128-137, 3-5 Aug. 2015. doi: 10.1109/QRS-C.2015.30

Abstract: Information flow vulnerabilities in UML state charts and C code are detrimental as they can cause data leakages or unexpected program behavior. Detecting such vulnerabilities with static code analysis techniques is challenging because code is usually not available during the software design phase and previous knowledge about what should be annotated and tracked is needed. In this paper we propose textual annotations used to introduce information flow constraints in UML state charts and code which are afterwards automatically loaded by information flow checkers that check if imposed constraints hold or not. We evaluated our approach on 6 open source test cases available in the National Institute of Standards and Technology (NIST) Juliet test suite for C/C++. Our results show that our approach is effective and can be further applied to other types of UML models and programming languages as well, in order to detect different types of vulnerabilities.

Keywords: Unified Modeling Language; program diagnostics; software engineering; source code (software); C code; Juliet test; NIST; National Institute of Standards and Technology; UML state charts; automated detection; information flow vulnerabilities; software design; static code analysis techniques; Computer bugs; Cryptography; Grammar; Software; Software algorithms; Unified modeling language; information flow vulnerability ;model-based verification; static code analysis (ID#: 15-8087)


Yaohui Wang; Dan Wang; Wenbing Zhao; Yuan Liu; "Detecting SQL Vulnerability Attack Based on the Dynamic and Static Analysis Technology," in Computer Software and Applications Conference (COMPSAC), 2015 IEEE 39th Annual, vol. 3, pp. 604-607, 1-5 July 2015. doi: 10.1109/COMPSAC.2015.277

Abstract: Targeting at PHP program, this paper proposes an SQL vulnerability detection method based on the injection analysis technology. This method makes a detailed analysis on the one-time injection in the aspects of data flow and program behavior, on the basis of the combination of dynamic and static analysis technique. Then it implements the SQL vulnerability determination algorithm which is based on lexical feature comparison. At last, this paper combines alias analysis technology, behavior model and SQL which is based on lexical feature comparison to design and establish a prototype system for SQL vulnerability detection. The experiment shows that our system has a good strong ability of SQL vulnerability detection and very low time cost.

Keywords: SQL; data flow analysis; security of data; PHP program; SQL vulnerability attack detection; SQL vulnerability determination algorithm; alias analysis technology; behavior model; data flow; dynamic analysis technology; injection analysis technology; lexical feature comparison; program behavior; static analysis technology; Algorithm design and analysis; Analytical models; Arrays; Computer bugs; Feature extraction; Prototypes; Testing; SQL vulnerabilities; combination of static and dynamic technique; alias analysis; behavior model (ID#: 15-8088)


Hao Li; Guangjie Liu; Weiwei Jiang; Yuewei Dai, "Designing Snort Rules to Detect Abnormal DNP3 Network Data," in Control, Automation and Information Sciences (ICCAIS), 2015 International Conference on, pp. 343-348, 29-31 Oct. 2015. doi: 10.1109/ICCAIS.2015.7338690

Abstract: Vulnerability of industrial control network communication protocol is the most important reason leading to industrial control network attacks. In this paper, the vulnerability of DNP3, the typical industrial control network communication protocol, is analyzed. The abnormal behaviors of DNP3 are categorized according to the Snort detection mechanisms. The Snort detection rule template for anomaly DNP3 data is constructed and the rules are designed according the template. The rule designing method can be generally extended to other network-based industrial control protocols.

Keywords: Arrays; Computer crime; Industrial control; Intrusion detection; Protocols; Servers;DNP3;industrial control network security; protocol vulnerability analysis; snort rule template (ID#: 15-8089)


Marve, T.K.; Sambhe, N.U., "A Review on Cross Layer Intrusion Detection System in Wireless Ad Hoc Network," in Electrical, Computer and Communication Technologies (ICECCT), 2015 IEEE International Conference on, pp.1-4, 5-7 March 2015. doi: 10.1109/ICECCT.2015.7226109

Abstract: Wireless ad-hoc networks is a collection of small randomly dispersed device deployed in large number that provide essential function like monitor physical and environmental condition also provide efficient, reliable communication via wireless Network, ad-hoc network are vulnerable to various type of security threat and attack, various way are possible to overcome vulnerabilities in wireless ad-hoc network from attack and threat, mostly used solution is an Intrusion detection system (IDS) that suites the security needs and characteristics of ad-hoc networks for efficient and effective performance against intrusion. In this paper we propose a cross layer intrusion detection system (CIDS) which overcome demerits such as false positive present in traditional IDS, a cross layer design framework that will exploit the information available across different layer of the protocol stack by triggering two level of detection that utilizes the knowledge of network and node condition in determining the node behavior, and enhance the accuracy of detection.

Keywords: ad hoc networks; routing protocols; security of data; telecommunication security; wireless channels; cross layer intrusion detection system; environmental condition; physical condition; protocol stack; reliable communication; security attack; security threat; small randomly dispersed device; wireless ad hoc network; Jamming; Monitoring; Threat model; cross layer intrusion detection system (CIDS); intrusion detection system (ID#: 15-8090)


Nen-Fu Huang; Chuang Wang; I-Ju Liao; Che-Wei Lin; Chia-Nan Kao, "An OpenFlow-Based Collaborative Intrusion Prevention System for Cloud Networking," in Communication Software and Networks (ICCSN), 2015 IEEE International Conference on, pp. 85-92, 6-7 June 2015. doi: 10.1109/ICCSN.2015.7296133

Abstract: Software-Defined Networking (SDN) is an emerging architecture that is ideal for today's high-bandwidth, dynamic network environments. In this architecture, the control and data planes are decoupled from each other. Although much research has been performed into how SDN can resolve some of the most-glaring security issues of traditional networking, less research has addressed cloud security threats, and, in particular, botnet/malware detection and in-cloud attacks. This work proposes an intrusion prevention system for cloud networking with SDN solutions. To realize collaborative defense, mechanisms of botnet/malware blocking, scan filtering and honeypot are implemented. Malicious traffic is isolated because bot-infected VMs are removed effectively and efficiently from the private cloud. The scanning behavior can be filtered at a very early stage of prevention, making the VMs less exploitable. A honeypot mechanism is also deployed to trap attackers. Experimental results show the high detection rate, high prevention accuracy and low vulnerability of the proposed system.

Keywords: cloud computing; computer network security; invasive software; software defined networking; botnet blocking; cloud networking; collaborative defense; honeypot mechanism; intrusion prevention system; malicious traffic isolation; malware blocking; openflow based collaborative intrusion prevention; scan filtering; software defined networking; Cloud computing; Computer architecture; Filtering; Malware; Ports (Computers);Servers; Botnet Detection; Cloud Computing; Intrusion Prevention System; OpenFlow; Software-Defined Networking (SDN) (ID#: 15-8091)


Bajwa, G.; Fazeen, M.; Dantu, R.; Tanpure, S., "Unintentional Bugs to Vulnerability Mapping in Android Applications," in Intelligence and Security Informatics (ISI), 2015 IEEE International Conference on, pp. 176-178, 27-29 May 2015. doi: 10.1109/ISI.2015.7165966

Abstract: The intention of an Android application, determined by the source code analysis is used to identify potential maliciousness in that application (app). Similarly, it is possible to analyze the unintentional behaviors of an app to identify and reduce the window of vulnerabilities. Unintentional behaviors of an app can be any developmental loopholes such as software bugs overlooked by a developer or introduced by an adversary intentionally. FindBugsTM and Android Lint are a couple of tools that can detect such bugs easily. A software bug can cause many security vulnerabilities (known or unknown) and vice-versa, thus, creating a many-to-many mapping. In our approach, we construct a matrix of mapping between the bugs and the potential vulnerabilities. A software bug detection tool is used to identify a list of bugs and create an empirical list of the vulnerabilities in an app. The many-to-many mapping matrix is obtained by two approaches - severity mapping and probability mapping. These mappings can be used as tools to measure the unknown vulnerabilities and their strength. We believe our study is the first of its kind and it can enhance the security of Android apps in their development phase itself. Also, the reverse mapping matrix (vulnerabilities to bugs) could be used to improve the accuracy of malware detection in Android apps.

Keywords: Android (operating system); invasive software; matrix algebra; probability; program debugging; software tools; source code (software); Android Lint; Android applications; FindBugsTM; development phase; developmental loopholes; malware detection; many-to-many mapping matrix; probability mapping; reverse mapping matrix; security vulnerabilities; severity mapping; software bug detection tool; software bugs; source code analysis; unintentional behavior analysis; unintentional bugs; vulnerability mapping; Androids; Computer bugs; Conferences; Humanoid robots; Indexes; Security; Software; android applications; bugs; mapping; security; vulnerability (ID#: 15-8092)


Alheeti, K.M.A.; Gruebler, A.; McDonald-Maier, K.D., "An Intrusion Detection System Against Malicious Attacks on the Communication Network of Driverless Cars," in Consumer Communications and Networking Conference (CCNC), 2015 12th Annual IEEE, pp. 916-921, 9-12 Jan. 2015. doi: 10.1109/CCNC.2015.7158098

Abstract: Vehicular ad hoc networks (VANET) have become a significant technology in the current years because of the emerging generation of self-driving cars such as Google driverless cars. VANET have more vulnerabilities compared to other networks such as wired networks, because these networks are an autonomous collection of mobile vehicles and there is no fixed security infrastructure, no high dynamic topology and the open wireless medium makes them more vulnerable to attacks. It is important to design new approaches and mechanisms to raise the security these networks and protect them from attacks. In this paper, we design an intrusion detection mechanism for the VANETs using Artificial Neural Networks (ANNs) to detect Denial of Service (DoS) attacks. The main role of IDS is to detect the attack using a data generated from the network behavior such as a trace file. The IDSs use the features extracted from the trace file as auditable data. In this paper, we propose anomaly and misuse detection to detect the malicious attack.

Keywords: computer network security; feature extraction; neural nets; vehicular ad hoc networks; Denial of Service attack detection; DoS attack detection; IDS; VANET; artificial neural network; driverless car communication network; feature extraction; intrusion detection system; malicious attack; misuse detection; mobile vehicle autonomous collection; open wireless medium; self-driving car; vehicular ad hoc networking; Accuracy; Ad hoc networks; Artificial neural networks; Feature extraction; Security; Training; Vehicles; driverless car; intrusion detection system; security; vehicular ad hoc networks (ID#: 15-8093)


Vamsi, P.R.; Kant, K., "Secure Data Aggregation and Intrusion Detection in Wireless Sensor Networks," in Signal Processing and Communication (ICSC), 2015 International Conference on, pp. 127-131, 16-18 March 2015. doi: 10.1109/ICSPCom.2015.7150633

Abstract: Data Aggregation (DA) is a technique of data gathering in Wireless Sensor Networks (WSNs). It provide advantages such as reporting consolidated data, reducing data redundancy, improving network lifetime etc. However, deploying WSNs in hostile and remote environments presents security vulnerabilities that can lead to various security attacks such as energy based attacks, attacks on data aggregation etc. Numerous secure DA techniques have been proposed in the literature. However, lightweight models using Trust Monitoring System (TMS) and Intrusion Detection Systems (IDS) are limited. This paper presents a secure data aggregation framework for Wireless Sensor Networks (WSNs) using TMS at node level and IDS at Base Station (BS) side. Each node in the network assesses the behavior of its neighbors using trust ratings and performs the network activities such as cluster head selection, data aggregation, and reporting to the BS. Then, BS analyzes the received information using IDS and reports the information about the malicious activities back to nodes in the network. In this way, the proposed model identifies and isolates the malicious nodes from the data aggregation process. Simulation results show the effectiveness of this model.

Keywords: security of data; wireless sensor networks; head selection; intrusion detection systems; secure data aggregation; trust monitoring system; wireless sensor networks; Computational modeling; Data models; Intrusion detection; Nickel; Protocols; Wireless sensor networks; Data aggregation; energy efficiency; intrusion detection system; malicious activity; security; trust monitoring system (ID#: 15-8094)


Alruhaily, Nada; Bordbar, Behzad; Chothia, Tom, "Analysis of Mobility Algorithms for Forensic Virtual Machine Based Malware Detection," in Trustcom/BigDataSE/IEEESPA, 2015 IEEE, vol. 1, pp. 766-773, 20-22 Aug. 2015. doi: 10.1109/Trustcom.2015.445

Abstract: Forensic Virtual Machines are a new technology that replaces signature-based malware detection for the cloud. Forensic Virtual Machines are mini-VMs which are used to identify symptoms of malicious behaviour on customer VMs. Scanning using these mini-VMs consumes less resources than a full scan would and their small size reduces the possibility of the FVMs themselves containing vulnerabilities. A mobility algorithm embedded in every FVM specifies how it chooses which customer VM to scan. Although multiple scanning strategies have been introduced, there is no work which provides a comparison of these strategies. In this paper, we develop a probabilistic approach which tells us which strategy is best for a given cloud environment and particular family of malware. Our framework uses Bayesian probability in addition to a malware knowledge base in order to simulate the scanning process of a number of FVMs.

Keywords: Algorithm design and analysis; Cloud computing; Forensics; Heuristic algorithms; Malware; Virtual machining; Behavioural Analysis; Forensic Virtual Machine; Malware; Mobility Algorithms (ID#: 15-8095)


Badea, A.; Croitoru, V.; Gheorghica, D., "Computer Network Vulnerabilities and Monitoring," in Advanced Topics in Electrical Engineering (ATEE), 2015 9th International Symposium on, pp. 49-54, 7-9 May 2015. doi: 10.1109/ATEE.2015.7133678

Abstract: This paper presents an overview of the current computer network vulnerabilities and exploits, possibilities of monitoring the network traffic, by intercepting and duplicating it, ways of analyzing the monitored traffic in order to better understand and explain the detection of user's behavior.

Keywords: computer network management; computer network security; telecommunication traffic; computer network monitoring; computer network vulnerabilities; network traffic monitoring; user behavior; Computers; IP networks; Monitoring; Ports (Computers); Protocols; Telecommunication traffic; analyze network traffic; cyber security; detection of user's behavior; exploits; monitoring traffic; security; vulnerabilities (ID#: 15-8096)


Rani; Jaya Kumar, C.; Divya, "Trust aware systems in Wireless Sensor Networks," in Computing and Communications Technologies (ICCCT), 2015 International Conference on, pp. 174-179, 26-27 Feb. 2015. doi: 10.1109/ICCCT2.2015.7292741

Abstract: Sensor network is an adaptable technology for perceiving environmental criterions and hence finds its pivotal role in a wide range of applications. The applications range from mission critical like military or patient monitoring systems to home surveillance systems where the network may be prone to security attacks. The network is vulnerable to attack as it may be deployed in hostile environments. In addition it may be exposed to attacks due to the inherent feature of not incorporating security mechanisms into the nodes. Hence additional programs for security may be added in the network. One such scheme is making the network a trust ware system. The trust computation serves as a powerful tool in the detection of unexpected node behaviour. In this paper we propose a trust mechanism to determine the trustworthiness of the sensor node. Most of the existing trust aware systems are centralised and suffer from single head failure. In this paper we propose a dynamic and decentralized system.

Keywords: telecommunication security; trusted computing; wireless sensor networks; decentralized system; dynamic system; environmental criterion; hostile environment ;network security; network vulnerability; sensor node trustworthiness determination; trust aware system; unexpected node behaviour detection; wireless sensor network; Base stations; Energy efficiency; Monitoring; Reliability; Routing; Security; Wireless sensor networks; security; trust evaluation; wireless sensor network (ID#: 15-8097)


Bhebe, W.; Kogeda, O.P., "Shilling Attack Detection in Collaborative Recommender Systems using a Meta Learning Strategy," in Emerging Trends in Networks and Computer Communications (ETNCC), 2015 International Conference on, pp. 56-61, 17-20 May 2015. doi: 10.1109/ETNCC.2015.7184808

Abstract: Collaborative Recommender Systems suggest items to a user based on other users past behaviour (items they once bought, viewed or selected and/or ratings they gave to those items). They are very effective in generating meaningful recommendations to a group of users for products or items that might interest them. However, since Collaborative filtering techniques depend on outside sources of information they are susceptible to profile injection attacks popularly known as shilling attacks. Shilling is a process in which syndicating users can connive to promote or demote a certain item. These mischievous users can consciously inject shilling profiles in an effort to bias the recommender system to their advantage. In this paper we seek to understand the degree to which shilling attacks can harm recommender systems and how these attacks can be detected. Firstly, we evaluate the vulnerabilities of collaborative filtering techniques in providing reliable recommendations. We study various attack strategies that manipulators use to attack recommender systems. Secondly we investigate the most suitable features that can be used to adequately identify shilling attacks. We propose the combiner strategy that combines multiple classifiers in an effort to detect shilling attacks. The diversity measure is used to determine the most suitable combination of classifiers. In this paper, we made use k-Nearest Neighbour, Support Vector Machines and Bayesian Networks as the initial base classifiers. The Naive Bayes was used as a Meta Classifier. The proposed Meta-Learning classifier gave an overall performance of 99% and was found to be more superior to Neural Networks and k-Nearest Neighbor.

Keywords: belief networks; collaborative filtering; pattern classification; recommender systems; security of data; support vector machines; Bayesian network; collaborative filtering technique; collaborative recommender system; k-nearest neighbour; metalearning classifier; shilling attack detection; support vector machine; Classification algorithms; Collaboration; Motion pictures; Prediction algorithms; Recommender systems; Training; Collaborative filtering; Machine Learning; Meta Learning; Recommender Systems; Shilling attacks (ID#: 15-8098)


Alshamrani, H.; Ghita, B.; Lancaster, D., "Detecting IP Prefix Hijacking Using Data Reduction-Based and Binary Search Algorithm," in Internet Technologies and Applications (ITA), 2015, pp. 78-84, 8-11 Sept. 2015. doi: 10.1109/ITechA.2015.7317374

Abstract: In spite of significant ongoing research, the Border gateway protocol (BGP) still encompasses conceptual vulnerability issues regarding impersonating the ownership of IP prefixes for ASes (Autonomous Systems). In this context, a number of research studies focused on securing BGP through historical-based and statistical-based behavioural models. This paper proposes a novel algorithm aiming to track the behaviour of BGP edge routers and detect IP prefix hijacks based on a typical signature. The algorithm parses the BGP advertisements in order to detect the apparent relocation of specific IP prefixes, either in the same or in different regions. The algorithm aims to identify IP prefixes by multiple independent ASes. The method differs from routing consistency monitoring, which faces difficulties detecting events at the edge of the BGP infrastructure. Based on the RIRs' database, the algorithm can detect national and cross-border IP prefix hijacks very quick. However, 5 results out of 16 were not accurate therefore the algorithm has some false positives and needs further improvement to be done in future.

Keywords: IP networks; computer network security; data reduction; internetworking; protocols; search problems; ASe; BGP; BGP advertisement parsing BGP edge routers; RIR database; autonomous systems; binary search algorithm; border gateway protocol; cross-border IP prefix hijack detection; data reduction-based algorithm; false positives; historical-based behavioural model; national IP prefix hijack detection; routing consistency monitoring; statistical-based behavioural model; Communication cables; Feature extraction; IP networks; Image edge detection; Logic gates; MATLAB; Monitoring; BGP advertisements; Binary Search Algorithm; Data Reduction; IP prefix; origin AS (ID#: 15-8099)


Gilsu Choi; Jahns, T.M., "Post-Demagnetization Characteristics of Permanent Magnet Synchronous Machines," in Energy Conversion Congress and Exposition (ECCE), 2015 IEEE, pp. 1781-1788, 20-24 Sept. 2015. doi: 10.1109/ECCE.2015.7309911

Abstract: This work investigates post-demagnetization characteristics of permanent magnet synchronous machines (PMSMs). A combination of closed-form analysis using a magnetic equivalent circuit model and finite element (FE) analysis is used to provide physical insights into the flux paths associated with demagnetizing electromotive force (MMF). Post-demagnetization behavior in several types of PMSMs is studied to better understand post-fault PM machine performance and the key characteristics that can be used to monitor demagnetization faults. Topics include the key role of magnet flux leakage paths in interior PM machines for attenuating the negative impact of demagnetizing stator MMF, and the particular vulnerability of PM machines with fractional-slot concentrated windings to progressive accumulated degradation following exposure to multiple demagnetization events. FE analysis is used to build confidence in the demagnetization predictions of the developed model and to provide more insights that are difficult to obtain using the analytical model.

Keywords: demagnetisation; electric potential; equivalent circuits; finite element analysis; machine windings; magnetic flux; magnetic leakage; permanent magnet machines; reliability; synchronous machines; FE analysis; PMSM post-demagnetization characteristics; closed-form analysis; electromotive force demagnetization fault monitoring; finite element analysis; fractional-slot concentrated winding; interior PM machine; magnet flux leakage path; magnetic equivalent circuit model; multiple demagnetization event; permanent magnet synchronous machine post-demagnetization characteristics; Demagnetization; Magnetic circuits; Magnetic flux; Magnetomechanical effects; Rotors; Saturation magnetization; Stators; Permanent magnet machines; demagnetization; fault detection; interior PM machines; surface PM machines (ID#: 15-8100)


Sun Ding; Hee Beng Kuan Tan; Lwin Khin Shar, "Mining Patterns of Unsatisfiable Constraints to Detect Infeasible Paths," in Automation of Software Test (AST), 2015 IEEE/ACM 10th International Workshop on, pp. 65-69, 23-24 May 2015. doi: 10.1109/AST.2015.21

Abstract: Detection of infeasible paths is required in many areas including test coverage analysis, test case generation, security vulnerability analysis, etc. Existing approaches typically use static analysis coupled with symbolic evaluation, heuristics, or path-pattern analysis. This paper is related to these approaches but with a different objective. It is to analyze code of real systems to build patterns of unsatisfiable constraints in infeasible paths. The resulting patterns can be used to detect infeasible paths without the use of constraint solver and evaluation of function calls involved, thus improving scalability. The patterns can be built gradually. Evaluation of the proposed approach shows promising results.

Keywords: data mining; infeasible paths detection; pattern mining; unsatisfiable constraints; Accuracy; Pattern matching; Prototypes; Scalability; Software; Testing; Training; Infeasible paths; pattern mining; static analysis; structural testing; symbolic evaluation (ID#: 15-8101)


Mahmud, R.; Vallakati, R.; Mukherjee, A.; Ranganathan, P.; Nejadpak, A., "A Survey on Smart Grid Metering Infrastructures: Threats and Solutions," in Electro/Information Technology (EIT), 2015 IEEE International Conference on, pp. 386-391, 21-23 May 2015. doi: 10.1109/EIT.2015.7293374

Abstract: Without a reliable metering and communication infrastructure, the smart grid could become a catastrophe to national security and economy. A true smart grid infrastructure should detect all existing and predict future threats through intrusion detection methods. Smart grids are susceptible to various physical and cyber-attack as a result of communication, control and computation vulnerabilities employed in the grid. The paper provides a comprehensive study on types of threats and solutions on smart grid communication and metering infrastructures. As a part of this survey, the smart grid metering infrastructures susceptibilities and recommended remedial actions are identified. In addition, the paper details types of known attacks on existing metering infrastructure and defensive methodologies.

Keywords: national security; power engineering computing; power system measurement; power system security; smart meters; smart power grids; communication vulnerability; computation vulnerability; control vulnerability; cyber attack; intrusion detection method; national economy; national security; physical attack; smart grid communication; smart grid metering infrastructure; threat detection; Authentication; Encryption; Intrusion detection; Smart grids; Smart meters; Intrusion detection; advanced metering infrastructure (AMI); smart meter (ID#: 15-8102)


Darwish, I.; Igbe, O.; Saadawi, T., "Experimental and Theoretical Modeling of DNP3 Attacks in Smart Grids," in Sarnoff Symposium, 2015 36th IEEE, pp. 155-160, 20-22 Sept. 2015. doi: 10.1109/SARNOF.2015.7324661
Abstract: Security challenges have emerged in recent years facing smart-grids in the energy sector. Threats are arising every day that could cause great scale of damages in critical infrastructure. Our paper will address internal security threats associated with smart grid in a simulated virtual environment involving DNP3 protocol. We will analyze vulnerabilities and perform penetration testing involving Man-in-the-middle (MITM) type of attacks. Ultimately, by utilizing theoretical modeling of smart-grid attacks using game theory, we will optimize our detection and mitigation procedures to reduce cyber threats in DNP3 environment. The use of intrusion detection system will be necessary to identify attackers targeting different part of the smart grid infrastructure. Mitigation techniques will ensure a healthy check of the network. Performing DNP3 security attacks, detections, preventions and counter measures will be our goals to achieve in this research paper.
Keywords: game theory; power system security; safety systems; smart power grids; DNP3 attacks; game theory; internal security threats; intrusion detection system; man-in-the-middle; mitigation techniques; simulated virtual environment; smart grids; Delay effects; Game theory; Games; Payloads; Protocols; Security; Smart grids; DNP3; Game Theory; IED; MITM; Malicious Attacks; SCADA; Smart-Grid (ID#: 15-8103)

Taylor, C.; Johnson, T., "Strong Authentication Countermeasures Using Dynamic Keying for Sinkhole and Distance Spoofing Attacks in Smart Grid Networks," in Wireless Communications and Networking Conference (WCNC), 2015 IEEE, pp. 1835-1840, 9-12 March 2015. doi: 10.1109/WCNC.2015.7127747

Abstract: This paper presents a proposal to provide secure communications in smart grid / utility metering networks using RPL (Routing Protocol for Low Power and Lossy Networks). The RPL protocol provides optimal routing performance in some wireless sensor networks and may become a strong standard in utility metering networks. However, the protocol does have numerous security flaws which should be addressed prior to its use in critical infrastructure such as automated metering infrastructure (AMI). Among those flaws, this paper examines the sinkhole and distance spoofing attacks; in addition, it proposes modifications to RPL addressing routing vulnerabilities, including using node-to-node encrypted authentication with dynamically served encryption keys and key-compromising detection using data mining. Simulation results show that the proposed resolution provides good performance characteristics for use in utility grid networks.

Keywords: cryptographic protocols; routing protocols; smart power grids; telecommunication security; wireless sensor networks; RPL protocol modification; automated metering infrastructure; data mining; distance spoofing attacks; dynamic keying; key-compromising detection; node-to-node encrypted authentication; routing protocol for low power and lossy networks; secure communications; sinkhole; smart grid networks; strong authentication countermeasures; utility grid networks; utility metering networks; wireless sensor networks; Authentication; Encryption; Routing; Routing protocols; Wireless sensor networks (ID#: 15-8104)


Dehghani, M.; Khalafi, Z.; Khalili, A.; Sami, A., "Integrity Attack Detection in PMU Networks Using Static State Estimation Algorithm," in PowerTech, 2015 IEEE Eindhoven, pp. 1-6, June 29 2015-July 2 2015. doi: 10.1109/PTC.2015.7232265

Abstract: Information Technology (IT) infrastructure is used to send information from Phasor Measurement Unites (PMUs) to Phasor Data Concentrators (PDCs) and Control Centers (CCs) in modern smart grids. Unfortunately, vulnerabilities of IT infrastructure make modern smart grids prone to cyber-attacks. To detect such attacks, a number of Intrusion Detection Systems (IDSs) have been proposed in recent years. However, these IDSs can only detect attacks and are not capable of obtaining correct measurements and localizing the attack source. In this paper, these two capabilities are provided by proposing an approach based on static state estimation algorithm. The main focus of this approach is on attacks targeting smart grid integrity. Simulation results on the IEEE 14-bus test system indicate that in addition to detect integrity attacks, this method can extract the correct measurements and localize compromised devices or communication lines.

Keywords: estimation theory; phasor measurement; power system security; security of data; smart power grids; state estimation; IDS ;IEEE 14-bus test system; PDC; PMU networks; attack detection; control centers; cyber-attacks; information technology infrastructure; intrusion detection systems; phasor data concentrators; phasor measurement unit; smart grids; static state estimation algorithm; Encryption; Intrusion detection; Phasor measurement units; Smart grids; State estimation; Voltage measurement; Integrity Attack; Intrusion Detection; Phasor Measurement Unit (PMU);Smart grid; Static State Estimation (ID#: 15-8105)


Kaster, P.; Sen, P.K., "Cyber Security and Rural Electric Power Systems," in Rural Electric Power Conference (REPC), 2015 IEEE, pp. 49-54, 19-21 April 2015. doi: 10.1109/REPC.2015.23

Abstract: Cyber security is a topic of increasing importance and interest to small utility operators like REA's. The requirement for cyber security is based upon reasons ranging from national security to individual business operations to regulatory compliance. Several fundamental concepts can guide an operator when implementing a cyber security plan. Operators must consider the competing requirements of confidentiality, integrity, availability, and cost. They must consider the potential levels of impact for an incident. While implementing a cyber security plan, operators will constantly identify adversaries, threats, vulnerabilities, consequences, and risks. They will implement physical, technical, and administrative controls to protect networks and other assets, detect attacks, respond to those attacks, and recover from any damage. The process will be continuous, as operators respond to the changing environment.

Keywords: power system security; smart power grids; REA; attack detection; business operations; cyber security plan; national security; network protection; regulatory compliance; rural electric power systems; small utility operators; smart power grid; Availability ;Companies; Computer hacking; Standards; Terrorism; Communications Protocols; Cyber Security; NERC; Power Grid; Rural Electric Power; Smart Grid (ID#: 15-8106)


Bo Chen; Pattanaik, N.; Goulart, A.; Butler-Purry, K.L.; Kundur, D., "Implementing Attacks for Modbus/TCP Protocol in a Real-Time Cyber Physical System Test Bed," in Communications Quality and Reliability (CQR), 2015 IEEE International Workshop Technical Committee on, pp. 1-6, 11-14 May 2015. doi: 10.1109/CQR.2015.7129084

Abstract: To understand security vulnerabilities of communication protocols used in power systems, a real-time framework can be developed to conduct vulnerability studies. The framework should implement protection mechanisms against vulnerabilities and study their effectiveness. In this paper, a realtime cyber-physical framework or test bed is presented. It integrates a real-time power system simulator and a communication system simulator to study the cyber and physical system vulnerabilities in smart power grids. The power system simulation is implemented using the Real-Time Digital Simulator (RTDS(r)) power grid simulator, with LabVIEW and PXI modules that simulate the supervisory control and data acquisition (SCADA) system and intelligent electronic devices (IEDs). The communication system simulation is implemented using Opnet's System-in-the-Loop (SITL) simulator and open source Linux tools and servers. Results of two cyber-attacks on the Modbus/TCP protocol are discussed and improvements to the test bed for protocol attack detection and mitigation are proposed.

Keywords: Linux; SCADA systems; power system security; power system simulation; smart power grids; telecommunication security; transport protocols; virtual instrumentation; LabVIEW; Modbus/TCP protocol; Opnet; PXI modules; SCADA system; SITL; communication protocols; communication system simulator; cyber system vulnerabilities; cyber-attacks; intelligent electronic devices; physical system vulnerabilities; power grid simulator; power systems; protection mechanisms; real-time cyber physical system test bed; real-time digital simulator; real-time power system simulator; security vulnerabilities; supervisory control and data acquisition; system-in-the-loop simulator; Computer crime; Power system stability ;Protocols; Real-time systems; Servers; Smart grids; DoS; LabVIEW; MITM; Modbus/TCP; Opnet; RTDS; SCADA; cyber-attacks; test bed (ID#: 15-8107)



Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.