Biblio

With the increasing complexity of the driving environment, more and more attention has been paid to the research on improving the intelligentization of traffic control. Among them, the digital twin-based internet of vehicle can establish a mirror system on the cloud to improve the efficiency of communication between vehicles, provide warning and safety instructions for drivers, avoid driving potential dangers. To ensure the security and effectiveness of data sharing in traffic control, this paper proposes a secure and privacy-preserving scheme for digital twin-based traffic control. Specifically, in the data uploading phase, we employ a group signature with a time-bound keys technique to realize data source authentication with efficient members revocation and privacy protection, which can ensure that data can be securely stored on cloud service providers after it synchronizes to its twin. In the data sharing stage, we employ the secure and efficient attribute-based access control technique to provide flexible and efficient data sharing, in which the parameters of a specific sub-policy can be stored during the first decryption and reused in subsequent data access containing the same sub-policy, thus reducing the computing complexity. Finally, we analyze the security and efficiency of the scheme theoretically.

In the context of big data era, in order to prevent malicious access and information leakage during data services, researchers put forward a location big data encryption method based on privacy protection in practical exploration. According to the problems arising from the development of information network in recent years, users often encounter the situation of randomly obtaining location information in the network environment, which not only threatens their privacy security, but also affects the effective transmission of information. Therefore, this study proposed the privacy protection as the core position of big data encryption method, must first clear position with large data representation and positioning information, distinguish between processing position information and the unknown information, the fuzzy encryption theory, dynamic location data regrouping, eventually build privacy protection as the core of the encryption algorithm. The empirical results show that this method can not only effectively block the intrusion of attack data, but also effectively control the error of position data encryption.

Public transportation is an important system of urban passenger transport. The purpose of this article is to explore the impact of network resilience when each station of urban rail transit network was attacked by large passenger flow. Based on the capacity load model, we propose a load redistribution mechanism to simulate the passenger flow propagation after being attacked by large passenger flow. Then, taking Xi'an's rail network as an example, we study the resilience variety of the network after a node is attacked by large passenger flow. Through some attack experiments, the feasibility of the model for studying the resilience of the rail transit system is finally verified.

In order to solve the problem that the traditional “centralized” access control technology can no longer guarantee the security of access control in the current Internet of Things (IoT)environment, a dynamic access control game mechanism based on trust is proposed. According to the reliability parameters of the recommended information obtained by the two elements of interaction time and the number of interactions, the user's trust value is dynamically calculated, and the user is activated and authorized to the role through the trust level corresponding to the trust value. The trust value and dynamic adjustment factor are introduced into the income function to carry out game analysis to avoid malicious access behavior of users. The hybrid Nash equilibrium strategy of both sides of the transaction realizes the access decision-making work in the IoT environment. Experimental results show that the game mechanism proposed in this paper has a certain restraining effect on malicious nodes and can play a certain incentive role in the legitimate access behavior of IoT users.

National cultural security has existed since ancient times, but it has become a focal proposition in the context of the times and real needs. From the perspective of national security, national cultural security is an important part of national security, and it has become a strategic task that cannot be ignored in defending national security. Cultural diversity and imbalance are the fundamental prerequisites for the existence of national cultural security. Finally, the artificial intelligence algorithm is used as the theoretical basis for this article, the connotation and characteristics of China's national cultural security theory; Xi Jinping's "network view"; network ideological security view. The fourth part is the analysis of the current cultural security problems, hazards and their root causes in our country.

Access control is a widely used technology to protect information security. The implementation of access control depends on the response generated by access control policies to users’ access requests. Therefore, ensuring the correctness of access control policies is an important step to ensure the smooth implementation of access control mechanisms. To solve this problem, this paper proposes a constraint based access control policy security analysis framework (CACPSAF) to perform security analysis on access control policies. The framework transforms the problem of security analysis of access control policy into the satisfiability of security principle constraints. The analysis and calculation of access control policy can be divided into formal transformation of access control policy, SMT coding of policy model, generation of security principle constraints, policy detection and evaluation. The security analysis of policies is divided into mandatory security principle constraints, optional security principle constraints and user-defined security principle constraints. The multi-dimensional security analysis of access control policies is realized and the semantic expression of policy analysis is stronger. Finally, the effectiveness of this framework is analyzed by performance evaluation, which proves that this framework can provide strong support for fine-grained security analysis of policies, and help to correctly model and conFigure policies during policy modeling, implementation and verification.

This paper presents a study on the "Dynamic Load Altering Attacks" (D-LAAs), their effects on the dynamics of a transmission network, and provides a robust control protection scheme, based on polytopic uncertainties, invariance theory, Lyapunov arguments and graph theory. The proposed algorithm returns an optimal Energy Storage Systems (ESSs) placement, that minimizes the number of ESSs placed in the network, together with the associated control law that can robustly stabilize against D-LAAs. The paper provides a contextualization of the problem and a modelling approach for power networks subject to D-LAAs, suitable for the designed robust control protection scheme. The paper also proposes a reference scenario for the study of the dynamics of the control actions and their effects in different cases. The approach is evaluated by numerical simulations on large networks.

Cyber-Physical Systems (CPSs), a class of complex intelligent systems, are considered the backbone of Industry 4.0. They aim to achieve large-scale, networked control of dynamical systems and processes such as electricity and gas distribution networks and deliver pervasive information services by combining state-of-the-art computing, communication, and control technologies. However, CPSs are often highly nonlinear and uncertain, and their intrinsic reliance on open communication platforms increases their vulnerability to security threats, which entails additional challenges to conventional control design approaches. Indeed, sensor measurements and control command signals, whose integrity plays a critical role in correct controller design, may be interrupted or falsely modified when broadcasted on wireless communication channels due to cyber attacks. This can have a catastrophic impact on CPS performance. In this paper, we first conduct a thorough analysis of recently developed secure and resilient control approaches leveraging the solid foundations of adaptive control theory to achieve security and resilience in networked CPSs against sensor and actuator attacks. Then, we discuss the limitations of current adaptive control strategies and present several future research directions in this field.

With the high-speed development of UHV power grid, the characteristics of power grid changed significantly, which puts forward new requirements for the safe operation of power grid and depend on Security and Stability Control System (SSCS) greatly. Based on the practical cases, this paper analyzes the principle of the abnormal criteria of the SSCS and its influence on the strategy of the SSCS, points out the necessity of the research on the locking strategy of the SSCS under the abnormal state. Taking the large-scale SSCS for an example, this paper analysis different control strategies of the stations in the different layered, and puts forward effective solutions to adapt different system functions. It greatly improved the effectiveness and reliability of the strategy of SSCS, and ensure the integrity of the system function. Comparing the different schemes, the principles of making the lock-strategy are proposed. It has reference significance for the design, development and implementation of large-scale SSCS.

The paper aims to discover vulnerabilities by application of supervisory control theory and to design a defensive supervisor against vulnerability attacks. Supervisory control restricts the system behavior to satisfy the control specifications. The existence condition of the supervisor, sometimes results in undesirable plant behavior, which can be regarded as a vulnerability of the control specifications. We aim to design a more robust supervisor against this vulnerability.

We investigate the fuzzy adaptive compensation control problem for nonlinear cyber-physical system with false data injection attack over digital communication links. The fuzzy logic system is first introduced to approximate uncertain nonlinear functions. And the time-varying sliding mode surface is designed. Secondly, for the actual require-ment of data transmission, three uniform quantizers are designed to quantify system state and sliding mode surface and control input signal, respectively. Then, the adaptive fuzzy laws are designed, which can effectively compensate for FDI attack and the quantization errors. Furthermore, the system stability and the reachability of sliding surface are strictly guaranteed by using adaptive fuzzy laws. Finally, we use an example to verify the effectiveness of the method.

In this work, the security sliding mode control issue is studied for interval type-2 (IT2) fuzzy systems under the unreliable network. The deception attacks and the denial-of-service (DoS) attacks may occur in the sensor-controller channels to affect the transmission of the system state, and these attacks are described via two independent Bernoulli stochastic variables. By adopting the compensation strategy and utilizing the available state, the new membership functions are constructed to design the fuzzy controller with the different fuzzy rules from the fuzzy model. Then, under the mismatched membership function, the designed security controller can render the closed-loop IT2 fuzzy system to be stochastically stable and the sliding surface to be reachable. Finally, the simulation results verify the security control scheme.

{With the rapid development of cyberspace, cyber security incidents are increasing, and the means and types of network attacks are becoming more and more complex and refined, which brings greater challenges to security risk control. First, the knowledge graph technology is used to construct a cyber security knowledge graph based on ontology to realize multi-source heterogeneous security big data fusion calculation, and accurately express the complex correlation between different security entities. Furthermore, for cyber security risk control, a key node assessment method for security risk diffusion is proposed. From the perspectives of node communication correlation and topological level, the calculation method of node communication importance based on improved PageRank Algorithm and based on the improved K-shell Algorithm calculates the importance of node topology are studied, and then organically combine the two calculation methods to calculate the importance of different nodes in security risk defense. Experiments show that this method can evaluate the importance of nodes more accurately than the PageRank algorithm and the K-shell algorithm.

This paper investigates an asymptotically stable fault tolerant control (FTC) method for nonlinear continuous-time systems (NCTS) with actuator failures via differential game theory (DGT). Based on DGT, the FTC problem can be regarded as a two-player differential game problem with control player and fault player, which is solved by utilizing adaptive dynamic programming technique. Using a critic-only neural network, the cost function is approximated to obtain the solution of the Hamilton-Jacobi-Isaacs equation (HJIE). Then, the FTC strategy can be obtained based on the saddle point of HJIE, and ensures the satisfactory control performance for NCTS. Furthermore, the closed-loop NCTS can be guaranteed to be asymptotically stable, rather than ultimately uniformly bounded in corresponding existing methods. Finally, a simulation example is provided to verify the safe and reliable fault tolerance performance of the designed control method.

An effective response against information security violations in the technical systems remains relevant challenge nowadays, when their number, complexity, and the level of possible losses are growing. The violation can be caused by the set of the intruder's consistent actions. In the area of countermeasure selection for a proactive and reactive response against security violations, there are a large number of techniques. The techniques based on graph models seem to be promising. These models allow representing the set of actions caused the violation. Their advantages include the ability to forecast violations for timely decision-making on the countermeasures, as well as the ability to analyze and consider the coverage of countermeasures in terms of steps caused the violation. The paper proposes and describes a decision support method for responding against information security violations in the technical systems based on the graph models, as well as the developed models, including the countermeasure model and the graph representing the set of actions caused the information security violation.

This paper mainly studies an attack effectiveness evaluation method for AD hoc networks based on rough set theory. Firstly, we use OPNET to build AD hoc network simulation scenario, design and develop attack module, and obtain network performance parameters before and after the attack. Then the rough set theory is used to evaluate the attack effectiveness. The results show that this method can effectively evaluate the performance of AD hoc networks before and after attacks.

Cyber security risk assessment is very important to quantify the security level of communication-based train control (CBTC) systems. In this paper, a methodology is proposed to assess the cyber security risk of CBTC systems that integrates complex network theory and attack graph method. On one hand, in order to determine the impact of malicious attacks on train control, we analyze the connectivity of movement authority (MA) paths based on the working state of nodes, the connectivity of edges. On the other hand, attack graph is introduced to quantify the probabilities of potential attacks that combine multiple vulnerabilities in the cyber world of CBTC. Experiments show that our methodology can assess the security risks of CBTC systems and improve the security level after implementing reinforcement schemes.

We consider a graph property known as r-robustness of the random K-out graphs. Random K-out graphs, denoted as \$\textbackslashtextbackslashmathbbH(n;K)\$, are constructed as follows. Each of the n nodes select K distinct nodes uniformly at random, and then an edge is formed between these nodes. The orientation of the edges is ignored, resulting in an undirected graph. Random K-out graphs have been used in many applications including random (pairwise) key predistribution in wireless sensor networks, anonymous message routing in crypto-currency networks, and differentially-private federated averaging. r-robustness is an important metric in many applications where robustness of networks to disruptions is of practical interest, and r-robustness is especially useful in analyzing consensus dynamics. It was previously shown that consensus can be reached in an r-robust network for sufficiently large r even in the presence of some adversarial nodes. r-robustness is also useful for resilience against adversarial attacks or node failures since it is a stronger property than r-connectivity and thus can provide guarantees on the connectivity of the graph when up to r – 1 nodes in the graph are removed. In this paper, we provide a set of conditions for Kn and n that ensure, with high probability (whp), the r-robustness of the random K-out graph.

This paper argues that the security management of the robot supply chain would preferably focus on Sino-US relations and technical bottlenecks based on a comprehensive security analysis through open-source intelligence and data mining of associated discourses. Through the lens of the newsboy model and game theory, this study reconstructs the risk appraisal model of the robot supply chain and rebalances the process of the Sino-US competition game, leading to the prediction of China's strategic movements under the supply risks. Ultimately, this paper offers a threefold suggestion: increasing the overall revenue through cost control and scaled expansion, resilience enhancement and risk prevention, and outreach of a third party's cooperation for confrontation capabilities reinforcement.

In Cloud Computing, a wide range of virtual platforms are integrated and offer users a flexible pay-as-you-need service. Compared to conventional computing systems, the provision of an acceptable degree of resilience to cloud services is a daunting challenge due to the complexities of the cloud environment and the need for efficient technology that could sustain cloud advantages over other technologies. For a cloud guest resilience service solution, we provide architectural design, installation specifics, and performance outcomes throughout this article. Virtual Machine Manager (VMM) enables execution statistical test of the virtual machine states to be monitored and avoids to reach faulty states.

This paper is about the estimation of the cyber-resilience of CPS. We define two new resilience estimation metrics: k-steerability and l-monitorability. They aim at assisting designers to evaluate and increase the cyber-resilience of CPS when facing stealthy attacks. The k-steerability metric reflects the ability of a controller to act on individual plant state variables when, at least, k different groups of functionally diverse input signals may be processed. The l-monitorability metric indicates the ability of a controller to monitor individual plant state variables with l different groups of functionally diverse outputs. Paired together, the metrics lead to CPS reaching (k,l)-resilience. When k and l are both greater than one, a CPS can absorb and adapt to control-theoretic attacks manipulating input and output signals. We also relate the parameters k and l to the recoverability of a system. We define recoverability strategies to mitigate the impact of perpetrated attacks. We show that the values of k and l can be augmented by combining redundancy and diversity in hardware and software, in order to apply the moving target paradigm. We validate the approach via simulation and numeric results.

Due to the critical importance of Industrial Control Systems (ICS) to the operations of cities and countries, research into the security of critical infrastructure has become increasingly relevant and necessary. As a component of both the research and application sides of smart city development, accurate and precise modeling, simulation, and verification are key parts of a robust design and development tools that provide critical assistance in the prevention, detection, and recovery from abnormal behavior in the sensors, controllers, and actuators which make up a modern ICS system. However, while these tools have potential, there is currently a need for helper-tools to assist with their setup and configuration, if they are to be utilized widely. Existing state-of-the-art tools are often technically complex and difficult to customize for any given IoT/ICS processes. This is a serious barrier to entry for most technicians, engineers, researchers, and smart city planners, while slowing down the critical aspects of safety and security verification. To remedy this issue, we take a case study of existing simulation toolkits within the field of water management and expand on existing tools and algorithms with simplistic automated retrieval functionality using a much more in-depth and usable customization interface to accelerate simulation scenario design and implementation, allowing for customization of the cyber-physical network infrastructure and cyber attack scenarios. We additionally provide a novel in-tool-assessment of network’s resilience according to graph theory path diversity. Further, we lay out a roadmap for future development and application of the proposed tool, including expansions on resiliency and potential vulnerability model checking, and discuss applications of our work to other fields relevant to the design and operation of smart cities.

The cluster-featured conurbation cyber-physical power system (CPPS) interconnected with tie-lines facing the hazards from catastrophic cascading failures. To achieve better real-time performance, enhance the autonomous ability and improve resilience for the clustered conurbation CPPS, the decentralized cyber structure and the corresponding distributed security control strategy is proposed. Facing failures, the real-time security control is incorporated to mitigate cascading failures. The distributed security control problem is solved reliably based on alternating direction method of multipliers (ADMM). The system overall resilience degradation index(SORDI) adopted reflects the influence of cascading failures on both the topological integrity and operational security. The case study illustrates the decentralized cyber layer and distributed control will decrease the data congestion and enhance the autonomous ability for clusters, thus perform better effectiveness in mitigating the cascading failures, especially in topological perspective. With the proposed distributed security control strategy, curves of SORDI show more characteristics of second-order percolation transition and the cascading failure threshold increase, which is more efficient when the initial failure size is near the threshold values or step-type inflection point. Because of the feature of geological aggregation under cluster-based attack, the efficiency of the cluster-focused distributed security control strategy is more obvious than other nodes attack circumstances.

The utilization of "cloud storage services (CSS)", empowering people to store their data in cloud and avoid from maintenance cost and local data storage. Various data integrity auditing (DIA) frameworks are carried out to ensure the quality of data stored in cloud. Mostly, if not all, of current plans, a client requires to utilize his private key (PK) to generate information authenticators for knowing the DIA. Subsequently, the client needs to have hardware token to store his PK and retain a secret phrase to actuate this PK. In this hardware token is misplaced or password is forgotten, the greater part of existing DIA plans would be not able to work. To overcome this challenge, this research work suggests another DIA without "private key storage (PKS)"plan. This research work utilizes biometric information as client's fuzzy private key (FPK) to evade utilizing hardware token. In the meantime, the plan might in any case viably complete the DIA. This research work uses a direct sketch with coding and mistake correction procedures to affirm client identity. Also, this research work plan another mark conspire that helps block less. Verifiability, yet in addition is viable with linear sketch Keywords– Data integrity auditing (DIA), Cloud Computing, Block less Verifiability, fuzzy biometric data, secure cloud storage (SCS), key exposure resilience (KER), Third Party Auditor (TPA), cloud audit server (CAS), cloud storage server (CSS), Provable Data Possession (PDP)

In this paper, an adaptive fuzzy control scheme is proposed for one-quarter automotive active suspension system with full sate constraints and stochastic disturbance. In the considered active suspension system, to further improve the driving security and comfort, the problems of stochastic perturbation and full state constraints are considered simultaneously. In the framework of backstepping, the barrier Lyapunov function is proposed to constrain full state variables. Consequently, by combing the Itô differential formula and stochastic control theory, an adaptive controller is designed to adopt the uneven pavement surface. Ultimately, on the basis of Lyapunov stability theory, it proves that the designed controller not only can constrain the bodywork, the displacement of tires, the current of the electromagnetic actuator, the speeds of the car body and the tires within boundaries, but also can eliminate the stochastic disturbance.