Visible to the public False Data Injection Attacks 2015Conflict Detection Enabled

SoS Newsletter- Advanced Book Block


SoS Logo

False Data Injection Attacks



False data injection attacks against electric power grids potentially have major consequences. For the Science of Security community, false data injection attacks are relevant to resiliency, composability, cyber physical systems, and human behavior. The research cited here was presented in 2015.

Ying Sun, Wen-Tai Li, Wentu Song and Chau Yuen, “False Data Injection Attacks with Local Topology Information Against Linear State Estimation,” Smart Grid Technologies - Asia (ISGT ASIA), 2015 IEEE Innovative, Bangkok, 2015, pp. 1-5. doi:10.1109/ISGT-Asia.2015.7387159
Abstract: False data injection attacks (FDIAs) have been introduced as a critical class of cyber attacks against smart grid’s monitoring system. These attacks aim to compromise the reading of grid sensors and phasor measurement units. It was shown that FDIAs can pass the traditional bad data detection. Furthermore, to perform an FDIA, the attacker need to acknowledge the power grid topology and transmission-line admittance value, which is not easy to obtain. In this paper, we propose a novel false data injection attack approach, called false data proportional attacks (FDPAs), which could avoid the traditional bad data detection method and do not need the transmission-line admittance value, but only local grid topology. When the measurement of a bus and transmission-line data is changed, simultaneously inject the same false data proportionally for all the buses and transmission-line that are connected to it. We demonstrate the success of these attacks with simulation by IEEE 30-bus test systems.
Keywords: computer network security; power engineering computing; power system measurement; false data injection attack; false data proportional attack; grid sensor; linear state estimation; local grid topology; local topology information; phasor measurement unit; smart grid monitoring system; Smart grids; State estimation; Topology; Transmission line measurements; Transmission lines; False Data Injection Attack; Network Observability; Smart Grid Security; State Estimation; Topological Vulnerability (ID#: 16-10433)


Pang Zhonghua, Hou Fangyuan, Zhou Yuguo and Sun Dehui, “False Data Injection Attacks for Output Tracking Control Systems,” Control Conference (CCC), 2015 34th Chinese, Hangzhou, 2015, pp. 6747-6752. doi:10.1109/ChiCC.2015.7260704
Abstract: Cyber-physical systems (CPSs) have been gaining popularity with their high potential in widespread applications, and the security of CPSs becomes a rigorous problem. In this paper, an output track control (OTC) method is designed for discrete-time linear time-invariant Gaussian systems. The output tracking error is regarded as an additional state, Kalman filter-based incremental state observer and LQG-based augmented state feedback control strategy are designed, and Euclidean-based detector is used for detecting the false data injection attacks. Stealthy false data attacks which can completely disrupt the normal operation of the OTC systems without being detected are injected into the sensor measurements and control commands, respectively. Three kinds of numerical examples are employed to illustrate the effectiveness of the designed false data injection attacks.
Keywords: Gaussian processes; Kalman filters; discrete time systems; linear systems; observers; security of data; sensors; state feedback; CPS security; Euclidean-based detector; Kalman filter-based incremental state observer; LQG-based augmented state feedback control strategy; OTC method; OTC systems; cyber-physical systems; discrete-time linear time-invariant Gaussian systems; false data injection attacks; output track control method; output tracking control systems; output tracking error; sensor measurements; Detectors; Kalman filters; Robot sensing systems; Security; State estimation; State feedback; Cyber-physical systems; Kalman filter; false data injection attacks; output tracking control (ID#: 16-10434)


Lei Zou, Zidong Wang, Hongli Dong and Derui Ding, “State Estimation for a Class of Nonlinear Discrete-Time Complex Networks Subject to False Data Injection Attacks,” Control Conference (CCC), 2015 34th Chinese, Hangzhou, 2015, pp. 1740-1745. doi:10.1109/ChiCC.2015.7259899
Abstract: This paper is concerned with the state estimation problem for a class of nonlinear discrete-time complex networks subject to false data injection attacks. By utilizing Bernoulli random binary distributed white sequences, the false data injection attack model is established to describe the characteristics of false data injection attacks applying to the complex networks under consideration. An estimator is designed to guarantee the ultimate boundedness of the estimation error in mean square. By employing stochastic analysis approach, sufficient conditions are derived for the existence of the desired estimators whose gains are parameterized by minimizing an upper bound of the output variance of the estimation errors. Finally, a numerical example is given to illustrate the effectiveness of the results.
Keywords: complex networks; discrete time systems; nonlinear control systems; random sequences; state estimation; stochastic processes; Bernoulli random binary distributed white sequences; false data injection attack model; mean square estimation error; nonlinear discrete-time complex networks; state estimation problem; stochastic analysis approach; sufficient conditions; upper bound minimization; Complex networks; Estimation error; Linear matrix inequalities; State estimation; Symmetric matrices; Upper bound; State estimation; complex networks; false data injection attacks; ultimate boundedness (ID#: 16-10435)


Z. Hu, Y. Wang, X. Tian, X. Yang, D. Meng and R. Fan, “False Data Injection Attacks Identification for Smart Grids,” Technological Advances in Electrical, Electronics and Computer Engineering (TAEECE), 2015 Third International Conference on, Beirut, 2015, pp. 139-143. doi:10.1109/TAEECE.2015.7113615
Abstract: False Data Injection Attacks (FDIA) in Smart Grid is considered to be the most threatening cyber-physics attack. According to the variety of measurement categories in power system, a new method for false data detection and identification is presented. The main emphasis of our research is that we have equivalent measurement transformation instead of traditional weighted least squares state estimation in the process of SE and identify false data by the residual researching method. In this paper, one FDIA attack case in IEEE 14 bus system is designed by exploiting the MATLAB to test the effectiveness of the algorithm. Using this method the false data can be effectively dealt with.
Keywords: IEEE standards; power system security; security of data; smart power grids; FDIA; IEEE 14 bus system; SE; cyberphysical attack threatening; equivalent measurement transformation; false data injection attack identification; power system; residual researching method; smart grid; Current measurement; Pollution measurement; Power measurement; Power systems; State estimation; Transmission line measurements; Weight measurement; equivalent measurement transformation; false data detection and identification; false data injection attacks; residual researching method; smart grid (ID#: 16-10436)


Zhonghua Pang, Fangyuan Hou, Yuguo Zhou and Dehui Sun, “Design of False Data Injection Attacks for Output Tracking Control of CARMA Systems,” Information and Automation, 2015 IEEE International Conference on, Lijiang, 2015, pp. 1273-1277. doi:10.1109/ICInfA.2015.7279482
Abstract: Considerable attention has focused on the problem of cyber-attacks on cyber-physical systems in recent years. In this paper, we consider a class of single-input single-output systems which are described by a controlled auto-regressive moving average (CARMA) model. A PID controller is designed to make the system output track the reference signal. Then the state-space model of the controlled plant and the corresponding Kalman filter are employed to generate stealthy false data injection attacks for the sensor measurements, which can destroy the control system performance without being detected by an online parameter identification algorithm. Finally, two numerical simulation results are given to demonstrate the effectiveness of the proposed false data injection attacks.
Keywords: Kalman filters; autoregressive moving average processes; control system synthesis; security of data; state-space methods; three-term control; CARMA systems; Kalman filter; PID controller design; controlled auto-regressive moving average; false data injection attacks; online parameter identification algorithm; output tracking control; single-input single-output systems; state-space model; Conferences; Control systems; Detectors; Kalman filters; Mathematical model; Parameter estimation; Smart grids; CARMA model; Cyber-physical systems (CPSs); false data injection attacks; output feedback control (ID#: 16-10437)


Xialei Zhang, Xinyu Yang, Jie Lin and Wei Yu, “On False Data Injection Attacks Against the Dynamic Microgrid Partition in the Smart Grid,” Communications (ICC), 2015 IEEE International Conference on, London, 2015, pp. 7222-7227. doi:10.1109/ICC.2015.7249479
Abstract: To enhance the reliability and efficiency of energy service in the smart grid, the concept of the microgrid has been proposed. Nonetheless, how to secure the dynamic microgrid partition process is essential in the smart grid. In this paper, we address the security issue of the dynamic microgrid partition process and systematically investigate three false data injection attacks against the dynamic microgrid partition process. Particularly, we first discussed the dynamic microgrid partition problem based on a Connected Graph Constrained Knapsack Problem (CGKP) algorithm. We then developed a theoretical model and carried out simulations to investigate the impacts of these false data injection attacks on the effectiveness of the dynamic microgrid partition process. Our theoretical and simulation results show that the investigated false data injection attacks can disrupt the dynamic microgrid partition process and pose negative impacts on the balance of energy demand and supply within microgrids such as an increased number of lack-nodes and increased energy loss in microgrids.
Keywords: computer network security; distributed power generation; graph theory; knapsack problems; power engineering computing; power system management; power system measurement; power system reliability; smart power grids; algorithm; connected graph constrained knapsack problem; dynamic microgrid partition process security; energy service efficiency; false data injection attacks; smart power grid reliability; Energy loss; Heuristic algorithms; Microgrids; Partitioning algorithms; Smart grids; Smart meters (ID#: 16-10438)


F. Hou, Z. Pang, Y. Zhou and D. Sun, “False Data Injection Attacks for a Class of Output Tracking Control Systems,” Control and Decision Conference (CCDC), 2015 27th Chinese, Qingdao, 2015, pp. 3319-3323. doi:10.1109/CCDC.2015.7162493
Abstract: With the development of cyber-physical systems (CPSs), the security becomes an important and challenging problem. Attackers can launch various attacks to destroy the control system performance. In this paper, a class of linear discrete-time time-invariant control systems is considered, which is open-loop critically stable and only has one critical eigenvalue. By including the output tracking error as an additional state, a Kalman filter-based augmented state feedback control strategy is designed to solve its output tracking problem. Then a stealthy false data attack is injected into the measurement output, which can completely destroy the output tracking control systems without being detected. Simulation results on a numerical example show that the proposed false data injection attack is effective.
Keywords: discrete time systems; linear systems; open loop systems; stability; state feedback; CPS development; Kalman filter-based augmented state feedback control strategy; control system performance; cyber-physical systems; eigenvalue; false data injection attacks; linear discrete-time time-invariant control system; open-loop stability; output tracking control systems; Computer security; Detectors; Kalman filters; Simulation; State feedback; Wireless sensor networks; Critically Stable; False Data Injection Attacks; Output Tracking Control (ID#: 16-10439)


S. Mangalwedekar and S. K. Surve, “Measurement Sets In Power System State Estimator in Presence of False Data Injection Attack,” Advance Computing Conference (IACC), 2015 IEEE International, Bangalore, 2015, pp. 855-860. doi:10.1109/IADCC.2015.7154827
Abstract: False data injection attacks (FDIA) on smart grid is a popular subject of current research. The presence of FDIA and other such attacks in smart grid is partly due to the combination of Information and Communication Technology with Power Systems. The FDIA on linear model of power system has been extensively analyzed in literature. However the non linear system model has not received the same amount of attention. This paper proposes the concept of balanced and unbalanced measurement set for the purpose of corrupting the state variables in linear and non-linear power system state estimators. The effect of balanced and unbalanced measurement sets for targeted constrained and unconstrained attacks are analyzed for linear and non-linear state estimators.
Keywords: power engineering computing; power system security; power system state estimation; security of data; smart power grids; FDIA; false data injection attack; information and communication technology; nonlinear state estimators; power system state estimator; smart grid; unconstrained attacks; Fluid flow measurement; Linear systems; Measurement uncertainty; Power measurement; Power systems; Transmission line measurements; Voltage measurement; Cyber security; cyber physical; false data injection attacks; linear state estimation; non-linear state estimation; smart grid (ID#: 16-10440)


S. Mangalwedekar, S. K. Surve and H. A. Mangalvedekar, “Error Propagation in Linear and Non-Linear Systems for False Data Injection Attack,” Advances in Computing, Communications and Informatics (ICACCI), 2015 International Conference on, Kochi, 2015, pp. 662-667. doi:10.1109/ICACCI.2015.7275686
Abstract: Due to technological advancement, the integration of cyber systems with the physical power system has increased security concerns. The cyber security issues and the impact of various attacks on the smart grid have become an integral part of the smart grid. False Data Injection Attack (FDIA) is one of the many ways to compromise a system. In this, measurements are biased by deliberate addition of errors, which in turn, affect the state variables of the system. This paper discusses the impact of FDIA on the smart grid. The paper analyses the effect of FDIA on the non-linear state estimator. It further compares the impact of FDIA on the non-linear state estimator with that of the linear state estimator. This comparison is explained using propagation of error.
Keywords: nonlinear estimation; power system security; security of data; smart power grids; state estimation; FDIA; cyber security system; error propagation; false data injection attack; linear system; nonlinear state estimator; nonlinear system; physical power system security; smart grid; Fluid flow measurement; Linear systems; Power measurement; Smart grids; Transmission line measurements; Voltage measurement; Cyber security; cyber physical; error propagation; false data injection attacks; linear state estimation; non-linear state estimation; smart grid (ID#: 16-10441)


Y. Xiang, Z. Ding and L. Wang, “Power System Adequacy Assessment with Load Redistribution Attacks,” Innovative Smart Grid Technologies Conference (ISGT), 2015 IEEE Power & Energy Society, Washington, DC, 2015, pp. 1-5. doi:10.1109/ISGT.2015.7131808
Abstract: The wider deployment of advanced information and control technologies in the smart grid makes the power grid more vulnerable to cyber attacks such as false data injection attacks. However, the work on the long-term statistical impact of these attacks on the power grid adequacy is rather limited. In this study a novel adequacy evaluation procedure incorporating the load redistribution (LR) attack is proposed. The procedure takes into consideration the physical failures and the bilevel model representing the LR attack. The simulation is conducted based on Monte Carlo simulation (MCS) using Matlab and CPLEX. The influences of the time of attacks, the attack level, the defense level and the line transmission capacity are investigated. It is concluded that the cyber defense level is critical to the power system adequacy, and cyber issues need to be considered in the planning of the power grid.
Keywords: Monte Carlo methods; failure analysis; load distribution; power engineering computing; power system planning; power system reliability; security of data; smart power grids; LR attack; MCS; Monte Carlo simulation; bilevel model; cyber attacks;cyber defense level; cyber issues; load redistribution attack; long-term statistical impact; physical failures; power grid planning; power system adequacy assessment; smart power grid adequacy evaluation; Load modeling; Power system reliability; Reliability; Smart grids; Transmission line measurements; Cybersecurity; adequacy assessment; bilevel optimization; cyber-physical systems; false data injection attack; smart grid (ID#: 16-10442)


S. Geedhabhanu and P. Latha, “Excluding Compromised Node by Tracing False Data Injected Messages in Wireless Sensor Network,” International Conference on Innovation Information in Computing Technologies, Chennai, 2015, pp. 1-5. doi:10.1109/ICIICT.2015.7396096
Abstract: Wireless Sensor Network (WSN) is a collection of sensor nodes that involve in gathering of happenings from a nodes’ surrounding. They help in supervising all the mission critical applications instead of depending on humans in monitoring cynical areas. Sensor nodes play a important role in alerting us any distinct changes that occur in the sited area and is prone to innumerous attacks. These attacks damage trust with the received data from a sensor node. One such type of attack is the false data injection attack. The message is forged by the adversary, not detected by the forwarding nodes as false information. Compromised node is the origin of false data to be injected in to the WSN. The proposed work discards the false data injected message from the network. This issue of compromised node is handled by the detection and elimination of it from causing further damage to the network by incorporating Elliptical Curve Cryptography (ECC) technique for data authentication to any message received. A node involved in sensing requires a high range of sensing power. But sensor nodes have limited energy and this is a battle for all technicians in creating any inventions that suits this constraint. The proposed scheme provides safety and reliability over the received data and offers less power consumption and memory utilization of the sensor node.
Keywords: authorisation; public key cryptography; telecommunication power management; telecommunication security; wireless sensor networks; ECC; cynical areas; data authentication; elliptical curve cryptography; false data injected messages; false data injection attack; forwarding nodes; innumerous attacks; mission critical applications; nodes surrounding; power consumption; received message; wireless sensor network; Authentication; Digital signatures; Elliptic curve cryptography; Filtering; Robot sensing systems; Wireless sensor networks; Digital Signature; Elliptical Curve Cryptography (ECC); False Data Injection attack; Wireless Sensor Networks (WSN); security (ID#: 16-10443)


Yingmeng Xiang and Lingfeng Wang, “A Game-Theoretic Approach to Optimal Defense Strategy against Load Redistribution Attack,” Power & Energy Society General Meeting, 2015 IEEE, Denver, CO, 2015, pp. 1-5. doi:10.1109/PESGM.2015.7286529
Abstract: The wider deployment of advanced computer and communication technologies in the cyber monitoring and control layer of power system will inevitably make the power grid more vulnerable to various cyber attacks, such as false data injection attack and load redistribution (LR) attack. It is critical to develop methods to study the interaction between the attacker and defender for finding the optimal allocation of the limited defense resources. In this study, the LR attack considering the attack and defense is modeled by bilevel optimization. Game-theoretic approaches are developed to model the interaction of the attacker and defender for two scenarios for defending critical measurements and for defending critical substations. The attack and defense interaction is modeled by a zero-sum game if only the load curtailment is considered in the utility functions. And it can be modeled by a non-zero-sum game if both the load curtailment and the associated attack cost and defense cost are considered. The proposed approach is tested based on a representative IEEE 14-bus system, and optimal defense strategies are derived in different scenarios. This study can offer some meaningful insight on effectively preventing and mitigating the LR attack.
Keywords: IEEE standards; game theory; load distribution; optimisation; power grids; power system control; power system protection; IEEE 14-bus system; LR attack; bilevel optimization; cyber monitoring; game theoretic approach; limited defense resource optimal allocation; load curtailment; load redistribution attack; optimal defense strategy; power grid; power system control layer; utility function; Game theory; Load modeling; MATLAB; Mathematical model; Cybersecurity; bilevel optimization; false data injection attack; game theory; non-zero-sum game (ID#: 16-10444)


Yingmeng Xiang, Lingfeng Wang, D. Yu and Nian Liu, “Coordinated Attacks Against Power Grids: Load Redistribution Attack Coordinating with Generator and Line Attacks,” Power & Energy Society General Meeting, 2015 IEEE, Denver, CO, 2015, pp. 1-5. doi:10.1109/PESGM.2015.7286402
Abstract: With the increasing terrorism and sabotage activities, the power grid is becoming more vulnerable to various kinds of cyber and physical attacks. The coordination between the attacks could bring disastrous impacts. In this paper, two typical attack coordination scenarios are studied: the coordination between load redistribution (LR) attack and generator attack; and the coordination between LR attack and line attack. They are formulated as bilevel optimization problems, where the attacker in the upper level aims to maximize the load curtailment while the defender in the lower level makes effort to reduce the load curtailment. The case studies conducted based on an IEEE 14-bus system indicate that when attacking the measurements and essential generation/transmission elements in a coordinated manner, the attacker could maximize the damage with the limited attack resource by disrupting the physical system and misleading the power dispatch simultaneously. This study can provide meaningful insights on how to prevent and mitigate such high-impact, low-frequency (HILF) coordinated attacks.
Keywords: electric generators; load distribution; optimisation; power generation protection; power grids; power system security; power transmission faults; power transmission protection; IEEE 14-bus system; disastrous impacts; generation elements; high-impact low-frequency coordinated attacks; limited attack resource; line attacks; load curtailment; load redistribution attack; optimization problems; physical attacks; power dispatch; power grids; sabotage activities; transmission elements; Area measurement; Computer architecture; Coordinate measuring machines; Noise measurement; Reliability; Smart grids; Cybersecurity; bilevel optimization; coordinated attacks; false data injection attack; physical attack (ID#: 16-10445)


Junjie Yang, Rong Yu, Yi Liu, Shengli Xie and Yan Zhang, “A Two-Stage Attacking Scheme for Low-Sparsity Unobservable Attacks in Smart Grid,” Communications (ICC), 2015 IEEE International Conference on, London, 2015, pp. 7210-7215. doi:10.1109/ICC.2015.7249477
Abstract: False data injection attacks have serious threat to the smart grid, e.g., may incur power outage or blackout. Normally, an intruder should have priori knowledge of the linear structure matrix and then control all smart meters to perform attacks. State-of-the-art studies have proven in theory that false data injection attacks can be unobservable when an intruder coordinately controls a small number of smart meters. However, there are no practical or implementable unobservable false data injection attacks with low-sparsity yet in the literature. In this paper, we propose a two-stage attacking scheme to demonstrate the practical feasibility of unobservable false data injection attacks in the smart grid. In the first stage, we explore the parallel factor analysis to derive the linear structure matrix of the smart grid using the intercepted data. In the second stage, we construct the sparse attack vector via a linear-based relaxation approach, which is used as the false data. Results indicate that we can realize highly successful attacking performance with a low detection probability.
Keywords: matrix algebra; power system analysis computing; security of data; smart meters; smart power grids; vectors; blackout; linear structure matrix; linear-based relaxation approach; low-sparsity unobservable attacks; parallel factor analysis; power outage; smart grid; smart meters; sparse attack vector; two-stage attacking scheme; unobservable false data injection attacks; Artificial intelligence; Boolean functions; Data structures; Topology; Smart grid; cyber security; parallel factor analysis; state estimation; unobservable false data injection (ID#: 16-10446)


Wang Jianqiao, Chen Cailian and Guan Xinping, “An Overlapping Distributed State Estimation and Detection Method in Smart Grids,” Wireless Communications & Signal Processing (WCSP), 2015 International Conference on, Nanjing, 2015, pp. 1-5. doi:10.1109/WCSP.2015.7341180
Abstract: This paper proposes a novel distributed state estimation and detection algorithm in smart grids. By decomposing a whole power system into several overlapping interconnected areas, the centralized state estimation algorithm turns into a distributed state estimation algorithm. And by iteratively exchanging information with neighboring areas, the result of distributed state estimation can reach convergence and each subsystem can derive the states of the entire power system. When an attacker injects false data into measurements in any area, the neighboring honest areas can quickly detect this abnormality and decrease the mutual weights of their exchanging information between the suspicious area. When all the estimated state vectors converge, each control area can determine whether its neighboring area is intruded or not by using information from shared buses. The proposed approach not only proposes a distributed state estimation structure but also a detection method which has the capacity to detects false data injection (FDI) attacks. The performance of proposed algorithm is demonstrated on the IEEE 14-bus system.
Keywords: power system interconnection; power system state estimation; smart power grids; vectors; FDI attacks; IEEE 14-bus system; centralized state estimation algorithm; detection method; distributed state estimation; false data injection attacks; interconnected areas; smart grids; state vectors; Convergence; Pollution measurement; Power grids; State estimation; Transmission line measurements (ID#: 16-10447)


Xiaofei He, X. Yang, J. Lin, Linqiang Ge, W. Yu and Q. Yang, “Defending Against Energy Dispatching Data Integrity Attacks in Smart Grid,” Computing and Communications Conference (IPCCC), 2015 IEEE 34th International Performance, Nanjing, China, 2015, pp. 1-8. doi:10.1109/PCCC.2015.7410291
Abstract: The smart grid is a new type of energy-based cyber-physical system (CPS), which enables interactions between the utility provider and customers through smart meters and advanced metering infrastructures (AMI). Nonetheless, an adversary can inject misleading energy usage information to the utility provider through compromised smart meters and disrupt the grid and electricity market operations. To address this issue, in this paper, we propose an Energy Dispatching False Data Defense (EDF2D) approach, which can effectively detect the forged interactive information between customers and the utility provider with a great accuracy and mitigate the damage raised by attacks on grid operations. Particularly, EDF2D uses the historical interactive information of normal users to determine the conditional probabilities of data anomalies. Based on these conditional probabilities, a Bayesian network designed for detecting false data can be established by EDF2D, and this network is then used to confirm the authenticity of interactive information received by the utility provider originally transmitted from customers. Through a combination of theoretical analysis and performance evaluation, our experimental data shows that EDF2D can effectively detect harmful false interactive data forged by the adversary and mitigate false data injection attacks on smart grid operations.
Keywords: Bayes methods; Dispatching; Energy measurement; Generators; Smart grids; Smart meters; Wireless communication; Data integrity attacks; Smart grid; Smart measurement devices (ID#: 16-10448)


S. Gao, L. Xie, A. Solar-Lezama, D. Serpanos and H. Shrobe, “Automated Vulnerability Analysis of AC State Estimation Under Constrained False Data Injection in Electric Power Systems,” Decision and Control (CDC), 2015 IEEE 54th Annual Conference on, Osaka, Japan, 2015, pp. 2613-2620. doi:10.1109/CDC.2015.7402610
Abstract: We introduce new methods for the automatic vulnerability analysis of power grids under false data injection attacks against nonlinear (AC) state estimation. We encode the analysis problems as logical decision problems that can be solved automatically by SMT solvers. To do so, we propose an analysis technique named “symbolic propagation,” which is inspired by symbolic execution methods for finding bugs and exploits in software programs. We show that the proposed methods can successfully analyze vulnerability of AC state estimation in realistic power grid models. Our approach is generalizable towards many other applications such as power flow analysis and state estimation.
Keywords: Mathematical model; Monitoring; Power grids; Power measurement; Power transmission lines; State estimation; Transmission line measurements (ID#: 16-10449)


A. Teixeira, H. Sandberg and K. H. Johansson, “Strategic Stealthy Attacks: The Output-To-Output L2-Gain,” Decision and Control (CDC), 2015 IEEE 54th Annual Conference on, Osaka, Japan, 2015, pp. 2582-2587. doi:10.1109/CDC.2015.7402605
Abstract: In this paper, we characterize and analyze the set of strategic stealthy false-data injection attacks on discrete-time linear systems. In particular, the threat scenarios tackled in the paper consider adversaries that aim at deteriorating the system’s performance by maximizing the corresponding quadratic cost function, while remaining stealthy with respect to anomaly detectors. As opposed to other work in the literature, the effect of the adversary’s actions on the anomaly detector’s output is not constrained to be zero at all times. Moreover, scenarios where the adversary has uncertain model knowledge are also addressed. The set of strategic attack policies is formulated as a non-convex constrained optimization problem, leading to a sensitivity metric denoted as the output-to-output L2-gain. Using the framework of dissipative systems, the output-to-output gain is computed through an equivalent convex optimization problem. Additionally, we derive necessary and sufficient conditions for the output-to-output gain to be unbounded, with and without model uncertainties, which are tightly related to the invariant zeros of the system.
Keywords: Computational modeling; Computer security; Control systems; Detectors; Optimization; Uncertainty (ID#: 16-10450)


S. Weerakkody and B. Sinopoli, “Detecting Integrity Attacks on Control Systems using a Moving Target Approach,” Decision and Control (CDC), 2015 IEEE 54th Annual Conference on, Osaka, Japan, 2015, pp. 5820-5826. doi:10.1109/CDC.2015.7403134
Abstract: Maintaining the security of control systems in the presence of integrity attacks is a significant challenge. In literature, several possible attacks against control systems have been formulated including replay, false data injection, and zero dynamics attacks. The detection and prevention of these attacks require the defender to possess a particular subset of trusted communication channels. Alternatively, these attacks can be prevented by keeping the system model secret from the adversary. In this paper, we consider an adversary who has the ability to modify and read all sensor and actuator channels. To thwart this adversary, we introduce external states dependent on the state of the control system, with linear time-varying dynamics unknown to the adversary. We also include sensors to measure these states. The presence of unknown time-varying dynamics is leveraged to detect an adversary who simultaneously aims to identify the system and inject stealthy outputs. Potential attack strategies and bounds on the attacker’s performance are provided.
Keywords: Actuators; Communication channels; Detectors; Kalman filters; Security; Time-varying systems (ID#: 16-10451)


A. Naderi-Afooshteh, Anh Nguyen-Tuong, M. Bagheri-Marzijarani, J. D. Hiser and J. W. Davidson, “Joza: Hybrid Taint Inference for Defeating Web Application SQL Injection Attacks,” Dependable Systems and Networks (DSN), 2015 45th Annual IEEE/IFIP International Conference on, Rio de Janeiro, 2015, pp. 172-183. doi:10.1109/DSN.2015.13
Abstract: Despite years of research on taint-tracking techniques to detect SQL injection attacks, taint tracking is rarely used in practice because it suffers from high performance overhead, intrusive instrumentation, and other deployment issues. Taint inference techniques address these shortcomings by obviating the need to track the flow of data during program execution by inferring markings based on either the program’s input (negative taint inference), or the program itself (positive taint inference). We show that existing taint inference techniques are insecure by developing new attacks that exploit inherent weaknesses of the inferencing process. To address these exposed weaknesses, we developed Joza, a novel hybrid taint inference approach that exploits the complementary nature of negative and positive taint inference to mitigate their respective weaknesses. Our evaluation shows that Joza prevents real-world SQL injection attacks, exhibits no false positives, incurs low performance overhead (4%), and is easy to deploy.
Keywords: SQL; Web services; inference mechanisms; security of data; Joza; SQL injection attack detection; Web application SQL injection attacks; data flow tracking; hybrid taint inference approach; intrusive instrumentation; negative-taint inference; positive-taint inference; program execution; taint-tracking techniques; Approximation algorithms; Databases; Encoding; Inference algorithms; Optimization; Payloads; Security; SQL injection; Taint inference; Taint tracking; Web application security (ID#: 16-10452)


Tuan Phan Vuong, G. Loukas, D. Gan and A. Bezemskij, “Decision Tree-Based Detection of Denial of Service and Command Injection Attacks on Robotic Vehicles,” Information Forensics and Security (WIFS), 2015 IEEE International Workshop on, Rome, 2015, pp. 1-6. doi:10.1109/WIFS.2015.7368559
Abstract: Mobile cyber-physical systems, such as automobiles, drones and robotic vehicles, are gradually becoming attractive targets for cyber attacks. This is a challenge because intrusion detection systems built for conventional computer systems tend to be unsuitable. They can be too demanding for resource-restricted cyber-physical systems or too inaccurate due to the lack of real-world data on actual attack behaviours. Here, we focus on the security of a small remote-controlled robotic vehicle. Having observed that certain types of cyber attacks against it exhibit physical impact, we have developed an intrusion detection system that takes into account not only cyber input features, such as network traffic and disk data, but also physical input features, such as speed, physical jittering and power consumption. As the system is resource-restricted, we have opted for a decision tree-based approach for generating simple detection rules, which we evaluate against denial of service and command injection attacks. We observe that the addition of physical input features can markedly reduce the false positive rate and increase the overall accuracy of the detection.
Keywords: control engineering computing; cyber-physical systems; decision trees; mobile robots; security of data; telerobotics; vehicles; attack behaviours; automobiles; command injection attacks; computer systems; cyber attacks; decision tree-based detection; denial of service attacks; detection rules; disk data; drones; false positive rate; intrusion detection systems; mobile cyber-physical systems; network traffic; physical input features; physical jittering; power consumption; security ;small remote-controlled robotic vehicle; Computer crime; Decision trees; Feature extraction; Intrusion detection; Robot kinematics; Vehicles; Command injection; Cyber-physical attack; Cyber-physical systems; Decision tree; Denial of service (DoS); Intrusion detection; Mobile robots; Network security (ID#: 16-10453) 


Yang Zhong, H. Asakura, H. Takakura and Y. Oshima, “Detecting Malicious Inputs of Web Application Parameters Using Character Class Sequences,” Computer Software and Applications Conference (COMPSAC), 2015 IEEE 39th Annual, Taichung, 2015, pp. 525-532. doi:10.1109/COMPSAC.2015.73
Abstract: Web attacks that exploit vulnerabilities of web applications are still major problems. The number of attacks that maliciously manipulate parameters of web applications such as SQL injections and command injections is increasing nowadays. Anomaly detection is effective for detecting these attacks, particularly in the case of unknown attacks. However, existing anomaly detection methods often raise false alarms with normal requests whose parameters differ slightly from those of learning data because they perform strict feature matching between characters appeared as parameter values and those of normal profiles. We propose a novel anomaly detection method using the abstract structure of parameter values as features of normal profiles in this paper. The results of experiments show that our approach reduced the false positive rate more than existing methods with a comparable detection rate.
Keywords: Internet; security of data; SQL injections; Web application parameters; Web attacks; anomaly detection; character class sequences; command injections; malicious input detection; Accuracy; Electronic mail; Feature extraction; Payloads; Servers; Training; Training data; Anomaly detection; Attack detection; HTTP; Web application (ID#: 16-10454)


Sang Wu Kim, “Detection and Mitigation of False Data Injection in Cooperative Communications,” Signal Processing Advances in Wireless Communications (SPAWC), 2015 IEEE 16th International Workshop on, Stockholm, 2015, pp. 321-325. doi:10.1109/SPAWC.2015.7227052
Abstract: We propose a likelihood ratio based physical-layer technique for detecting and mitigating the false data injection attack in cooperative communication systems. We present the optimum detection method that minimizes the end-to-end outage probability and the minmax detection method that minimizes the maximum possible outage probability under unknown attack probability. We show that the optimum detection technique can provide almost the same end-to-end outage probability that can be provided by the ideal cryptographic technique that perfectly detects the false injection at the expense of high computational cost and bandwidth overhead. The proposed solution can be used as an additional layer of protection or can complement to the conventional cryptographic techniques.
Keywords: cooperative communication; cryptography; minimax techniques; probability; telecommunication network reliability; telecommunication security; cooperative communication; cryptographic technique; end-to-end outage probability; end-to-end outage probability minimization; false data injection detection; false data injection mitigation; likelihood ratio based physical layer technique; minmax detection method; optimum detection method; Access control; Cryptography; Generators; Indexes; Relays; Reliability; Simulation; False data injection; cooperative communications; likelihood ratio detection; minmax detection; optimum detection (ID#: 16-10455)


R. Zhang and P. Venkitasubramaniam, “Stealthy Control Signal Attacks in Scalar LQG Systems,” 2015 IEEE Global Conference on Signal and Information Processing (GlobalSIP), Orlando, FL, USA, 2015, pp. 240-244. doi:10.1109/GlobalSIP.2015.7418193
Abstract: The problem of false data injection in a scalar LQG system is studied in this work. An attacker compromises the input stream and modifies the control signals transmitted with the objective of increasing the quadratic cost incurred by the controller. The optimal adversarial control signals are characterized for a finite horizon LQG problem under a stealthiness/detectability constraint. The tradeoff between the increase in quadratic cost, and the detectability of data injection, as measured by the K-L divergence between legitimate and falsified data dynamics, is derived analytically. The optimal adversarial control signals are shown to be Gaussian with the sequence of variances derived as a function of system parameters and the desired cost increase.
Keywords: Conferences; Cyber-physical systems; Information processing; Intrusion detection; Linear systems; Optimal control (ID#: 16-10456)


F. A. Saputra, I. Winarno and M. B. Muliawan, “Implementing Network Situational Awareness in Matagaruda,” Electronics Symposium (IES), 2015 International, Surabaya, 2015, pp. 268-273. doi:10.1109/ELECSYM.2015.7380853
Abstract: Matagaruda is an Intrusion Detection System Application Framework. It provides four capabilities: seeing not only attacking phase, learning the local traffic and generating local rules, adapting the framework programming and reducing false alarm by using intelligence. In this research we develop a new features called Network Situational Awareness which represent the seeing capabilities in Matagaruda. This research creates 4 features supports in web-based and interactive user interface. We use two attacking scenarios: SQL Injection and DOS for testing purpose. We found that our module meets the requirement of network situational awareness implementation.
Keywords: security of data; user interfaces; Matagaruda; intrusion detection system application framework; network situational awareness; seeing capability; user interface; Data collection; IP networks; Performance evaluation; Ports (Computers); Programming; Real-time systems; Servers; IDS; Matagaruda; NetSA; SiLK (ID#: 16-10457)


M. I. P. Salas, P. L. D. Geus and E. Martins, “Security Testing Methodology for Evaluation of Web Services Robustness - Case: XML Injection,” Services (SERVICES), 2015 IEEE World Congress on, New York City, NY, 2015, pp. 303-310. doi:10.1109/SERVICES.2015.53
Abstract: A Web Service is a software system designed to support interoperable machine-to-machine interaction over a network, it also provides a standard means of interoperating between different software applications. However, Web Services have raised new challenges on information security, this technology is susceptible to XML Injection attacks, which would allow an attacker to collect and manipulate information to insert malicious code in either server-side or client-side, being one of the most employed attack against web applications according to the OWASP Top 10. Different studies have shown that the current testing techniques -- penetration testing and fuzzy scanning -- generate several false positives and negatives. However, the fault injection technique improve the robustness of web applications, through the greater flexibility to modify the test cases and to find software bugs. This work describes a fault injection technique for the evaluation of Web Services robustness with WS-Security (Username Token) and the development of a set of rules for vulnerability analysis, resulting on the improvement of the vulnerability detector accuracy. Our results show that 82% of web Services tested were vulnerable to XML Injection attacks.
Keywords: Web services; XML; open systems; program testing; security of data; OWASP; Web services; XML injection attacks; client-side; fault injection technique; fuzzy scanning; machine-to-machine interaction; malicious code; penetration testing; security testing methodology; server-side; username token; Fault tolerant systems; Security; Servers; Simple object access protocol; Testing; XML; UsernameToken; WS-Security; Web Services; XML Injection; fault injection (ID#: 16-10458)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.