Visible to the public Biblio

Filters: Keyword is Cyber Attacks  [Clear All Filters]
2020-07-06
Sheela, A., Revathi, S., Iqbal, Atif.  2019.  Cyber Risks Assessment For Intelligent And Non-Intelligent Attacks In Power System. 2019 2nd International Conference on Power and Embedded Drive Control (ICPEDC). :40–45.
Smart power grid is a perfect model of Cyber Physical System (CPS) which is an important component for a comfortable life. The major concern of the electrical network is safety and reliable operation. A cyber attacker in the operation of power system would create a major damage to the entire power system structure and affect the continuity of the power supply by adversely changing its parameters. A risk assessment method is presented for evaluating the cyber security assessment of power systems taking into consideration the need for protection systems. The paper considers the impact of bus and transmission line protection systems located in substations on the cyber physical performance of power systems. The proposed method is to simulate the response of power systems to sudden attacks on various power system preset value and parameters. This paper focuses on the cyber attacks which occur in a co-ordinated way so that many power system components will be in risk. The risk can be modelled as the combined probability of power system impact due to attacks and of successful interruption into the system. Stochastic Petri Nets is employed for assessing the risks. The effectiveness of the proposed cyber security risk assessment method is simulated for a IEEE39 bus system.
2020-06-19
Chen, Yanping, Ma, Long, Xia, Hong, Gao, Cong, Wang, Zhongmin, Yu, Zhong.  2019.  Trust-Based Distributed Kalman Filter Estimation Fusion under Malicious Cyber Attacks. 2019 IEEE 21st International Conference on High Performance Computing and Communications; IEEE 17th International Conference on Smart City; IEEE 5th International Conference on Data Science and Systems (HPCC/SmartCity/DSS). :2255—2260.

We consider distributed Kalman filter for dynamic state estimation over wireless sensor networks. It is promising but challenging when network is under cyber attacks. Since the information exchange between nodes, the malicious attacks quickly spread across the entire network, which causing large measurement errors and even to the collapse of sensor networks. Aiming at the malicious network attack, a trust-based distributed processing frame is proposed. Which allows neighbor nodes to exchange information, and a series of trusted nodes are found using truth discovery. As a demonstration, distributed Cooperative Localization is considered, and numerical results are provided to evaluate the performance of the proposed approach by considering random, false data injection and replay attacks.

2020-06-01
Zhang, Tianchen, Zhang, Taimin, Ji, Xiaoyu, Xu, Wenyuan.  2019.  Cuckoo-RPL: Cuckoo Filter based RPL for Defending AMI Network from Blackhole Attacks. 2019 Chinese Control Conference (CCC). :8920—8925.

Advanced metering infrastructure (AMI) is a key component in the smart grid. Transmitting data robustly and reliably between the tremendous smart meters in the AMI is one of the most crucial tasks for providing various services in smart grid. Among the many efforts for designing practical routing protocols for the AMI, the Routing Protocol for Low-Power and Lossy Networks (RPL) proposed by the IETF ROLL working group is considered the most consolidated candidate. Resent research has shown cyber attacks such as blackhole attack and version number attack can seriously damage the performance of the network implementing RPL. The main reason that RPL is vulnerable to these kinds of attacks is the lack an authentication mechanism. In this paper, we study the impact of blackhole attacks on the performance of the AMI network and proposed a new blackhole attack that can bypass the existing defense mechanism. Then, we propose a cuckoo filter based RPL to defend the AMI network from blackhole attacks. We also give the security analysis of the proposed method.

2020-05-04
Augusto-Gonzalez, J., Collen, A., Evangelatos, S., Anagnostopoulos, M., Spathoulas, G., Giannoutakis, K. M., Votis, K., Tzovaras, D., Genge, B., Gelenbe, E. et al..  2019.  From Internet of Threats to Internet of Things: A Cyber Security Architecture for Smart Homes. 2019 IEEE 24th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD). :1–6.
The H2020 European research project GHOST - Safe-Guarding Home IoT Environments with Personalised Real-time Risk Control - aims to deploy a highly effective security framework for IoT smart home residents through a novel reference architecture for user-centric cyber security in smart homes providing an unobtrusive and user-comprehensible solution. The aforementioned security framework leads to a transparent cyber security environment by increasing the effectiveness of the existing cyber security services and enhancing system's self-defence through disruptive software-enabled network security solutions. In this paper, GHOST security framework for IoT-based smart homes is presented. It is aiming to address the security challenges posed by several types of attacks, such as network, device and software. The effective design of the overall multi-layered architecture is analysed, with particular emphasis given to the integration aspects through dynamic and re-configurable solutions and the features provided by each one of the architectural layers. Additionally, real-life trials and the associated use cases are described showcasing the competences and potential of the proposed framework.
2020-04-17
Mohsen, Fadi, Jafaarian, Haadi.  2019.  Raising the Bar Really High: An MTD Approach to Protect Data in Embedded Browsers. 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC). 1:786—794.
The safety of web browsers is essential to the privacy of Internet users and the security of their computing systems. In the last few years, there have been several cyber attacks geared towards compromising surfers' data and systems via exploiting browser-based vulnerabilities. Android and a number of mobile operating systems have been supporting a UI component called WebView, which can be embedded in any mobile application to render the web contents. Yet, this mini-browser component has been found to be vulnerable to various kinds of attacks. For instance, an attacker in her WebView-Embedded app can inject malicious JavaScripts into the WebView to modify the web contents or to steal user's input values. This kind of attack is particularly challenging due to the full control of attackers over the content of the loaded pages. In this paper, we are proposing and testing a server-side moving target defense technique to counter the risk of JavaScript injection attacks on mobile WebViews. The solution entails creating redundant HTML forms, randomizing their attributes and values, and asserting stealthy prompts for the user data. The solution does not dictate any changes to the browser or applications codes, neither it requires key sharing with benign clients. The results of our performance and security analysis suggest that our proposed approach protects the confidentiality and integrity of user input values with minimum overhead.
2020-03-27
Romagnoli, Raffaele, Krogh, Bruce H., Sinopoli, Bruno.  2019.  Design of Software Rejuvenation for CPS Security Using Invariant Sets. 2019 American Control Conference (ACC). :3740–3745.

Software rejuvenation has been proposed as a strategy to protect cyber-physical systems (CSPs) against unanticipated and undetectable cyber attacks. The basic idea is to refresh the system periodically with a secure and trusted copy of the online software so as to eliminate all effects of malicious modifications to the run-time code and data. This paper considers software rejuvenation design from a control-theoretic perspective. Invariant sets for the Lyapunov function for the safety controller are used to derive bounds on the time that the CPS can operate in mission control mode before the software must be refreshed. With these results it can be guaranteed that the CPS will remain safe under cyber attacks against the run-time system. The approach is illustrated using simulation of the nonlinear dynamics of a quadrotor system. The concluding section discusses directions for further research.

2020-03-16
Sharma, Neha, Ramachandran, Ramkumar Ketti.  2019.  Security challenges for Water Distribution System Using Supervisory Control and Data Acquisition (SCADA). 2019 Fifth International Conference on Image Information Processing (ICIIP). :234–239.
In the distributed Supervisory Control and Data Acquisitions (SCADA) system there is a need of doing the acquisition of very large amount of data on the network to visualize the same process in realtime or in the future. Water is distributed automatically to large area through autonomous SCADA systems. This makes the systems prone to various attacks at different instances and levels. The SCADA systems are also used for distributing common resources that range from Gas, Electricity, and Water distribution. It is the need of the hour to work on the security issues of such distribution systems to provide hassle-free services. This paper reviews the major problems on the water distribution system and possible attacks that are harmful during data acquisition and transfer. This paper also gives the insight on the latest technologies like elastic search and data modelling to increase the security of the water distribution system.
Radoglou-Grammatikis, Panagiotis, Sarigiannidis, Panagiotis, Giannoulakis, Ioannis, Kafetzakis, Emmanouil, Panaousis, Emmanouil.  2019.  Attacking IEC-60870-5-104 SCADA Systems. 2019 IEEE World Congress on Services (SERVICES). 2642-939X:41–46.
The rapid evolution of the Information and Communications Technology (ICT) services transforms the conventional electrical grid into a new paradigm called Smart Grid (SG). Even though SG brings significant improvements, such as increased reliability and better energy management, it also introduces multiple security challenges. One of the main reasons for this is that SG combines a wide range of heterogeneous technologies, including Internet of Things (IoT) devices as well as Supervisory Control and Data Acquisition (SCADA) systems. The latter are responsible for monitoring and controlling the automatic procedures of energy transmission and distribution. Nevertheless, the presence of these systems introduces multiple vulnerabilities because their protocols do not implement essential security mechanisms such as authentication and access control. In this paper, we focus our attention on the security issues of the IEC 60870-5-104 (IEC-104) protocol, which is widely utilized in the European energy sector. In particular, we provide a SCADA threat model based on a Coloured Petri Net (CPN) and emulate four different types of cyber attacks against IEC-104. Last, we used AlienVault's risk assessment model to evaluate the risk level that each of these cyber attacks introduces to our system to confirm our intuition about their severity.
2020-03-02
Zhang, Yihan, Wu, Jiajing, Chen, Zhenhao, Huang, Yuxuan, Zheng, Zibin.  2019.  Sequential Node/Link Recovery Strategy of Power Grids Based on Q-Learning Approach. 2019 IEEE International Symposium on Circuits and Systems (ISCAS). :1–5.

Cascading failure, which can be triggered by both physical and cyber attacks, is among the most critical threats to the security and resilience of power grids. In current literature, researchers investigate the issue of cascading failure on smart grids mainly from the attacker's perspective. From the perspective of a grid defender or operator, however, it is also an important issue to restore the smart grid suffering from cascading failure back to normal operation as soon as possible. In this paper, we consider cascading failure in conjunction with the restoration process involving repairing of the failed nodes/links in a sequential fashion. Based on a realistic power flow cascading failure model, we exploit a Q-learning approach to develop a practical and effective policy to identify the optimal way of sequential restorations for large-scale smart grids. Simulation results on three power grid test benchmarks demonstrate the learning ability and the effectiveness of the proposed strategy.

2020-02-17
Rodriguez, Ariel, Okamura, Koji.  2019.  Generating Real Time Cyber Situational Awareness Information Through Social Media Data Mining. 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC). 2:502–507.
With the rise of the internet many new data sources have emerged that can be used to help us gain insights into the cyber threat landscape and can allow us to better prepare for cyber attacks before they happen. With this in mind, we present an end to end real time cyber situational awareness system which aims to efficiently retrieve security relevant information from the social networking site Twitter.com. This system classifies and aggregates the data retrieved and provides real time cyber situational awareness information based on sentiment analysis and data analytics techniques. This research will assist security analysts to evaluate the level of cyber risk in their organization and proactively take actions to plan and prepare for potential attacks before they happen as well as contribute to the field through a cybersecurity tweet dataset.
Eckhart, Matthias, Ekelhart, Andreas, Weippl, Edgar.  2019.  Enhancing Cyber Situational Awareness for Cyber-Physical Systems through Digital Twins. 2019 24th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA). :1222–1225.
Operators of cyber-physical systems (CPSs) need to maintain awareness of the cyber situation in order to be able to adequately address potential issues in a timely manner. For instance, detecting early symptoms of cyber attacks may speed up the incident response process and mitigate consequences of attacks (e.g., business interruption, safety hazards). However, attaining a full understanding of the cyber situation may be challenging, given the complexity of CPSs and the ever-changing threat landscape. In particular, CPSs typically need to be continuously operational, may be sensitive to active scanning, and often provide only limited in-depth analysis capabilities. To address these challenges, we propose to utilize the concept of digital twins for enhancing cyber situational awareness. Digital twins, i.e., virtual replicas of systems, can run in parallel to their physical counterparts and allow deep inspection of their behavior without the risk of disrupting operational technology services. This paper reports our work in progress to develop a cyber situational awareness framework based on digital twins that provides a profound, holistic, and current view on the cyber situation that CPSs are in. More specifically, we present a prototype that provides real-time visualization features (i.e., system topology, program variables of devices) and enables a thorough, repeatable investigation process on a logic and network level. A brief explanation of technological use cases and outlook on future development efforts completes this work.
Kim, Joonsoo, Kim, Kyeongho, Jang, Moonsu.  2019.  Cyber-Physical Battlefield Platform for Large-Scale Cybersecurity Exercises. 2019 11th International Conference on Cyber Conflict (CyCon). 900:1–19.
In this study, we propose a platform upon which a cyber security exercise environment can be built efficiently for national critical infrastructure protection, i.e. a cyber-physical battlefield (CPB), to simulate actual ICS/SCADA systems in operation. Among various design considerations, this paper mainly discusses scalability, mobility, reality, extensibility, consideration of the domain or vendor specificities, and the visualization of physical facilities and their damage as caused by cyber attacks. The main purpose of the study was to develop a platform that can maximize the coverage that encompasses such design considerations. We discuss the construction of the platform through the final design choices. The features of the platform that we attempt to achieve are closely related to the target cyber exercise format. Design choices were made considering the construction of a realistic ICS/SCADA exercise environment that meets the goals and matches the characteristics of the Cyber Conflict Exercise (CCE), an annual national exercise organized by the National Security Research Institute (NSR) of South Korea. CCE is a real-time attack-defense battlefield drill between 10 red teams who try to penetrate a multi-level organization network and 16 blue teams who try to defend the network. The exercise platform provides scalability and a significant degree of freedom in the design of a very large-scale CCE environment. It also allowed us to fuse techniques such as 3D-printing and augmented reality (AR) to achieve the exercise goals. This CPB platform can also be utilized in various ways for different types of cybersecurity exercise. The successful application of this platform in Locked Shields 2018 (LS18) is strong evidence of this; it showed the great potential of this platform to integrate high-level strategic or operational exercises effectively with low-level technical exercises. This paper also discusses several possible improvements of the platform which could be made for better integration, as well as various exercise environments that can be constructed given the scalability and extensibility of the platform.
2020-02-10
Sani, Abubakar Sadiq, Yuan, Dong, Bao, Wei, Yeoh, Phee Lep, Dong, Zhao Yang, Vucetic, Branka, Bertino, Elisa.  2019.  Xyreum: A High-Performance and Scalable Blockchain for IIoT Security and Privacy. 2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS). :1920–1930.
As cyber attacks to Industrial Internet of Things (IIoT) remain a major challenge, blockchain has emerged as a promising technology for IIoT security due to its decentralization and immutability characteristics. Existing blockchain designs, however, introduce high computational complexity and latency challenges which are unsuitable for IIoT. This paper proposes Xyreum, a new high-performance and scalable blockchain for enhanced IIoT security and privacy. Xyreum uses a Time-based Zero-Knowledge Proof of Knowledge (T-ZKPK) with authenticated encryption to perform Mutual Multi-Factor Authentication (MMFA). T-ZKPK properties are also used to support Key Establishment (KE) for securing transactions. Our approach for reaching consensus, which is a blockchain group decision-making process, is based on lightweight cryptographic algorithms. We evaluate our scheme with respect to security, privacy, and performance, and the results show that, compared with existing relevant blockchain solutions, our scheme is secure, privacy-preserving, and achieves a significant decrease in computation complexity and latency performance with high scalability. Furthermore, we explain how to use our scheme to strengthen the security of the REMME protocol, a blockchain-based security protocol deployed in several application domains.
2020-01-28
KADOGUCHI, Masashi, HAYASHI, Shota, HASHIMOTO, Masaki, OTSUKA, Akira.  2019.  Exploring the Dark Web for Cyber Threat Intelligence Using Machine Leaning. 2019 IEEE International Conference on Intelligence and Security Informatics (ISI). :200–202.

In recent years, cyber attack techniques are increasingly sophisticated, and blocking the attack is more and more difficult, even if a kind of counter measure or another is taken. In order for a successful handling of this situation, it is crucial to have a prediction of cyber attacks, appropriate precautions, and effective utilization of cyber intelligence that enables these actions. Malicious hackers share various kinds of information through particular communities such as the dark web, indicating that a great deal of intelligence exists in cyberspace. This paper focuses on forums on the dark web and proposes an approach to extract forums which include important information or intelligence from huge amounts of forums and identify traits of each forum using methodologies such as machine learning, natural language processing and so on. This approach will allow us to grasp the emerging threats in cyberspace and take appropriate measures against malicious activities.

Patel, Yogesh, Ouazzane, Karim, Vassilev, Vassil T., Faruqi, Ibrahim, Walker, George L..  2019.  Keystroke Dynamics Using Auto Encoders. 2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security). :1–8.

In the modern day and age, credential based authentication systems no longer provide the level of security that many organisations and their services require. The level of trust in passwords has plummeted in recent years, with waves of cyber attacks predicated on compromised and stolen credentials. This method of authentication is also heavily reliant on the individual user's choice of password. There is the potential to build levels of security on top of credential based authentication systems, using a risk based approach, which preserves the seamless authentication experience for the end user. One method of adding this security to a risk based authentication framework, is keystroke dynamics. Monitoring the behaviour of the users and how they type, produces a type of digital signature which is unique to that individual. Learning this behaviour allows dynamic flags to be applied to anomalous typing patterns that are produced by attackers using stolen credentials, as a potential risk of fraud. Methods from statistics and machine learning have been explored to try and implement such solutions. This paper will look at an Autoencoder model for learning the keystroke dynamics of specific users. The results from this paper show an improvement over the traditional tried and tested statistical approaches with an Equal Error Rate of 6.51%, with the additional benefits of relatively low training times and less reliance on feature engineering.

2020-01-27
Qureshi, Ayyaz-Ul-Haq, Larijani, Hadi, Javed, Abbas, Mtetwa, Nhamoinesu, Ahmad, Jawad.  2019.  Intrusion Detection Using Swarm Intelligence. 2019 UK/ China Emerging Technologies (UCET). :1–5.
Recent advances in networking and communication technologies have enabled Internet-of-Things (IoT) devices to communicate more frequently and faster. An IoT device typically transmits data over the Internet which is an insecure channel. Cyber attacks such as denial-of-service (DoS), man-in-middle, and SQL injection are considered as big threats to IoT devices. In this paper, an anomaly-based intrusion detection scheme is proposed that can protect sensitive information and detect novel cyber-attacks. The Artificial Bee Colony (ABC) algorithm is used to train the Random Neural Network (RNN) based system (RNN-ABC). The proposed scheme is trained on NSL-KDD Train+ and tested for unseen data. The experimental results suggest that swarm intelligence and RNN successfully classify novel attacks with an accuracy of 91.65%. Additionally, the performance of the proposed scheme is also compared with a hybrid multilayer perceptron (MLP) based intrusion detection system using sensitivity, mean of mean squared error (MMSE), the standard deviation of MSE (SDMSE), best mean squared error (BMSE) and worst mean squared error (WMSE) parameters. All experimental tests confirm the robustness and high accuracy of the proposed scheme.
2020-01-21
Appana, Pranavi, Sun, Xiaoyan, Cheng, Yuan.  2019.  What To Do First: Ranking The Mission Impact Graph for Effective Mission Assurance. 2019 International Conference on Computing, Networking and Communications (ICNC). :567–571.

Network attacks continue to pose threats to missions in cyber space. To prevent critical missions from getting impacted or minimize the possibility of mission impact, active cyber defense is very important. Mission impact graph is a graphical model that enables mission impact assessment and shows how missions can be possibly impacted by cyber attacks. Although the mission impact graph provides valuable information, it is still very difficult for human analysts to comprehend due to its size and complexity. Especially when given limited resources, human analysts cannot easily decide which security measures to take first with respect to mission assurance. Therefore, this paper proposes to apply a ranking algorithm towards the mission impact graph so that the huge amount of information can be prioritized. The actionable conditions that can be managed by security admins are ranked with numeric values. The rank enables efficient utilization of limited resources and provides guidance for taking security countermeasures.

Aljamal, Ibraheem, Tekeo\u glu, Ali, Bekiroglu, Korkut, Sengupta, Saumendra.  2019.  Hybrid Intrusion Detection System Using Machine Learning Techniques in Cloud Computing Environments. 2019 IEEE 17th International Conference on Software Engineering Research, Management and Applications (SERA). :84–89.

Intrusion detection is one essential tool towards building secure and trustworthy Cloud computing environment, given the ubiquitous presence of cyber attacks that proliferate rapidly and morph dynamically. In our current working paradigm of resource, platform and service consolidations, Cloud Computing provides a significant improvement in the cost metrics via dynamic provisioning of IT services. Since almost all cloud computing networks lean on providing their services through Internet, they are prone to experience variety of security issues. Therefore, in cloud environments, it is necessary to deploy an Intrusion Detection System (IDS) to detect new and unknown attacks in addition to signature based known attacks, with high accuracy. In our deliberation we assume that a system or a network ``anomalous'' event is synonymous to an ``intrusion'' event when there is a significant departure in one or more underlying system or network activities. There are couple of recently proposed ideas that aim to develop a hybrid detection mechanism, combining advantages of signature-based detection schemes with the ability to detect unknown attacks based on anomalies. In this work, we propose a network based anomaly detection system at the Cloud Hypervisor level that utilizes a hybrid algorithm: a combination of K-means clustering algorithm and SVM classification algorithm, to improve the accuracy of the anomaly detection system. Dataset from UNSW-NB15 study is used to evaluate the proposed approach and results are compared with previous studies. The accuracy for our proposed K-means clustering model is slightly higher than others. However, the accuracy we obtained from the SVM model is still low for supervised techniques.

2019-12-18
Healey, Jason, Jenkins, Neil.  2019.  Rough-and-Ready: A Policy Framework to Determine if Cyber Deterrence is Working or Failing. 2019 11th International Conference on Cyber Conflict (CyCon). 900:1–20.
This paper addresses the recent shift in the United States' policy that emphasizes forward defense and deterrence and to “intercept and halt” adversary cyber operations. Supporters believe these actions should significantly reduce attacks against the United States, while critics worry that they may incite more adversary activity. As there is no standard methodology to measure which is the case, this paper introduces a transparent framework to better assess whether the new U.S. policy and actions are suppressing or encouraging attacks1. Determining correlation and causation will be difficult due to the hidden nature of cyber attacks, the veiled motivations of differing actors, and other factors. However even if causation may never be clear, changes in the direction and magnitude of cyber attacks can be suggestive of the success or failure of these new policies, especially as their proponents suggest they should be especially effective. Rough-and-ready metrics can be helpful to assess the impacts of policymaking, can lay the groundwork for more comprehensive measurements, and may also provide insight into academic theories of persistent engagement and deterrence.
Kania, Elsa B..  2016.  Cyber deterrence in times of cyber anarchy - evaluating the divergences in U.S. and Chinese strategic thinking. 2016 International Conference on Cyber Conflict (CyCon U.S.). :1–17.
The advent of the cyber domain has introduced a new dimension into warfare and complicated existing strategic concepts, provoking divergent responses within different national contexts and strategic cultures. Although current theories regarding cyber deterrence remain relatively nascent, a comparison of U.S. and Chinese strategic thinking highlights notable asymmetries between their respective approaches. While U.S. debates on cyber deterrence have primarily focused on the deterrence of cyber threats, Chinese theorists have also emphasized the potential importance of cyber capabilities to enhance strategic deterrence. Whereas the U.S. government has maintained a consistent declaratory policy for response, Beijing has yet to progress toward transparency regarding its cyber strategy or capabilities. However, certain PLA strategists, informed by a conceptualization of deterrence as integrated with warfighting, have advocated for the actualization of deterrence through engaging in cyber attacks. Regardless of whether these major cyber powers' evolving strategic thinking on cyber deterrence will prove logically consistent or feasibly operational, their respective perspectives will certainly shape their attempts to achieve cyber deterrence. Ultimately, cyber deterrence may continue to be "what states make of it," given conditions of "cyber anarchy" and prevailing uncertainties regarding cyber conflict. Looking forward, future strategic stability in Sino-U.S. cyber interactions will require mitigation of the misperceptions and heightened risks of escalation that could be exacerbated by these divergent strategic approaches.
2019-10-02
Zhang, Y., Eisele, S., Dubey, A., Laszka, A., Srivastava, A. K..  2019.  Cyber-Physical Simulation Platform for Security Assessment of Transactive Energy Systems. 2019 7th Workshop on Modeling and Simulation of Cyber-Physical Energy Systems (MSCPES). :1–6.
Transactive energy systems (TES) are emerging as a transformative solution for the problems that distribution system operators face due to an increase in the use of distributed energy resources and rapid growth in scalability of managing active distribution system (ADS). On the one hand, these changes pose a decentralized power system control problem, requiring strategic control to maintain reliability and resiliency for the community and for the utility. On the other hand, they require robust financial markets while allowing participation from diverse prosumers. To support the computing and flexibility requirements of TES while preserving privacy and security, distributed software platforms are required. In this paper, we enable the study and analysis of security concerns by developing Transactive Energy Security Simulation Testbed (TESST), a TES testbed for simulating various cyber attacks. In this work, the testbed is used for TES simulation with centralized clearing market, highlighting weaknesses in a centralized system. Additionally, we present a blockchain enabled decentralized market solution supported by distributed computing for TES, which on one hand can alleviate some of the problems that we identify, but on the other hand, may introduce newer issues. Future study of these differing paradigms is necessary and will continue as we develop our security simulation testbed.
2019-07-01
Akhtar, T., Gupta, B. B., Yamaguchi, S..  2018.  Malware propagation effects on SCADA system and smart power grid. 2018 IEEE International Conference on Consumer Electronics (ICCE). :1–6.

Critical infrastructures have suffered from different kind of cyber attacks over the years. Many of these attacks are performed using malwares by exploiting the vulnerabilities of these resources. Smart power grid is one of the major victim which suffered from these attacks and its SCADA system are frequently targeted. In this paper we describe our proposed framework to analyze smart power grid, while its SCADA system is under attack by malware. Malware propagation and its effects on SCADA system is the focal point of our analysis. OMNeT++ simulator and openDSS is used for developing and analyzing the simulated smart power grid environment.

Kumar, S., Gaur, N., Kumar, A..  2018.  Developing a Secure Cyber Ecosystem for SCADA Architecture. 2018 Second International Conference on Computing Methodologies and Communication (ICCMC). :559–562.

Advent of Cyber has converted the entire World into a Global village. But, due to vurneabilites in SCADA architecture [1] national assests are more prone to cyber attacks.. Cyber invasions have a catastrophic effect in the minds of the civilian population, in terms of states security system. A robust cyber security is need of the hour to protect the critical information infastructrue & critical infrastructure of a country. Here, in this paper we scrutinize cyber terrorism, vurneabilites in SCADA network systems [1], [2] and concept of cyber resilience to combat cyber attacks.

Amjad, N., Afzal, H., Amjad, M. F., Khan, F. A..  2018.  A Multi-Classifier Framework for Open Source Malware Forensics. 2018 IEEE 27th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE). :106-111.

Traditional anti-virus technologies have failed to keep pace with proliferation of malware due to slow process of their signatures and heuristics updates. Similarly, there are limitations of time and resources in order to perform manual analysis on each malware. There is a need to learn from this vast quantity of data, containing cyber attack pattern, in an automated manner to proactively adapt to ever-evolving threats. Machine learning offers unique advantages to learn from past cyber attacks to handle future cyber threats. The purpose of this research is to propose a framework for multi-classification of malware into well-known categories by applying different machine learning models over corpus of malware analysis reports. These reports are generated through an open source malware sandbox in an automated manner. We applied extensive pre-modeling techniques for data cleaning, features exploration and features engineering to prepare training and test datasets. Best possible hyper-parameters are selected to build machine learning models. These prepared datasets are then used to train the machine learning classifiers and to compare their prediction accuracy. Finally, these results are validated through a comprehensive 10-fold cross-validation methodology. The best results are achieved through Gaussian Naive Bayes classifier with random accuracy of 96% and 10-Fold Cross Validation accuracy of 91.2%. The said framework can be deployed in an operational environment to learn from malware attacks for proactively adapting matching counter measures.

2019-06-10
Sokolov, A. N., Pyatnitsky, I. A., Alabugin, S. K..  2018.  Research of Classical Machine Learning Methods and Deep Learning Models Effectiveness in Detecting Anomalies of Industrial Control System. 2018 Global Smart Industry Conference (GloSIC). :1-6.

Modern industrial control systems (ICS) act as victims of cyber attacks more often in last years. These attacks are hard to detect and their consequences can be catastrophic. Cyber attacks can cause anomalies in the work of the ICS and its technological equipment. The presence of mutual interference and noises in this equipment significantly complicates anomaly detection. Moreover, the traditional means of protection, which used in corporate solutions, require updating with each change in the structure of the industrial process. An approach based on the machine learning for anomaly detection was used to overcome these problems. It complements traditional methods and allows one to detect signal correlations and use them for anomaly detection. Additional Tennessee Eastman Process Simulation Data for Anomaly Detection Evaluation dataset was analyzed as example of industrial process. In the course of the research, correlations between the signals of the sensors were detected and preliminary data processing was carried out. Algorithms from the most common techniques of machine learning (decision trees, linear algorithms, support vector machines) and deep learning models (neural networks) were investigated for industrial process anomaly detection task. It's shown that linear algorithms are least demanding on computational resources, but they don't achieve an acceptable result and allow a significant number of errors. Decision tree-based algorithms provided an acceptable accuracy, but the amount of RAM, required for their operations, relates polynomially with the training sample volume. The deep neural networks provided the greatest accuracy, but they require considerable computing power for internal calculations.