To warn the cascading failures caused by cyberattacks(CFCAs)in real time and reduce their damage on cyber-physical power systems(CPPSs),a novel early warning method based on attack gains and cost principle(AGCP)is pro...To warn the cascading failures caused by cyberattacks(CFCAs)in real time and reduce their damage on cyber-physical power systems(CPPSs),a novel early warning method based on attack gains and cost principle(AGCP)is proposed.Firstly,according to the CFCA characteristics,the leading role of attackers in the whole evolutionary process is discussed.The breaking out of a CFCA is deduced based on the AGCP from the view of attackers,and the priority order of all CFCAs is then provided.Then,the method to calculate the probability of CFCAs is proposed,and an early warning model for CFCA is designed.Finally,to verify the effectiveness of this method,a variety of CFCAs are simulated in a local CPPS model based on the IEEE 39-bus system.The experimental results demonstrate that this method can be used as a reliable assistant analysis technology to facilitate early warning of CFCAs.展开更多
As Egyptian oil and gas downstream information technology has grown digitally over the past decade, security breaches against these digitally connected systems have also increased. These cyber security threats could h...As Egyptian oil and gas downstream information technology has grown digitally over the past decade, security breaches against these digitally connected systems have also increased. These cyber security threats could have devastating effects on the operations and reputation of these companies. Preventing such cyberattacks is crucial. Especially, with the significance of the Egyptian oil and gas downstream sector to the local economy and the fact that many of these connected systems are sometimes managed remotely. This paper examines the value of the ISO 27001 standard in mitigating the effect of cyber threat and seeks to inspire decision-makers to the importance of the proactive measures to strengthen their organization’s cybersecurity posture and protect information critical assets. The study stresses the importance of improving the local educational system to bridge the gap between supply and demand for cybersecurity specialists by implementing a structured approach that emphasizes behavior modification to get a high return on investment in cybersecurity awareness.展开更多
The rapid expansion of Internet of Things (IoT) devices across various sectors is driven by steadily increasingdemands for interconnected and smart technologies. Nevertheless, the surge in the number of IoT device has...The rapid expansion of Internet of Things (IoT) devices across various sectors is driven by steadily increasingdemands for interconnected and smart technologies. Nevertheless, the surge in the number of IoT device hascaught the attention of cyber hackers, as it provides them with expanded avenues to access valuable data. Thishas resulted in a myriad of security challenges, including information leakage, malware propagation, and financialloss, among others. Consequently, developing an intrusion detection system to identify both active and potentialintrusion traffic in IoT networks is of paramount importance. In this paper, we propose ResNeSt-biGRU, a practicalintrusion detection model that combines the strengths of ResNeSt, a variant of Residual Neural Network, andbidirectionalGated RecurrentUnitNetwork (biGRU).Our ResNeSt-biGRUframework diverges fromconventionalintrusion detection systems (IDS) by employing this dual-layeredmechanism that exploits the temporal continuityand spatial feature within network data streams, a methodological innovation that enhances detection accuracy.In conjunction with this, we introduce the PreIoT dataset, a compilation of prevalent IoT network behaviors, totrain and evaluate IDSmodels with a focus on identifying potential intrusion traffics. The effectiveness of proposedscheme is demonstrated through testing, wherein it achieved an average accuracy of 99.90% on theN-BaIoT datasetas well as on the PreIoT dataset and 94.45% on UNSW-NB15 dataset. The outcomes of this research reveal thepotential of ResNeSt-biGRU to bolster security measures, diminish intrusion-related vulnerabilities, and preservethe overall security of IoT ecosystems.展开更多
信息网络安全对于互联网办公来说具有十分重要的意义。实时网络安全风险评估作为信息安全的一个关键组成要素,能够对网络资源的安全状态进行有效检测。因此,为了提高互联网环境中办公资源的安全性,提出了一种基于预测模型的网络安全风...信息网络安全对于互联网办公来说具有十分重要的意义。实时网络安全风险评估作为信息安全的一个关键组成要素,能够对网络资源的安全状态进行有效检测。因此,为了提高互联网环境中办公资源的安全性,提出了一种基于预测模型的网络安全风险在线评估方法。该方法使用期望最大化(expectation and maximization,EM)算法对传统连续时间隐Markov模型进行了改进,以便完成基于预测模型的风险评估。仿真实验结果显示:提出方法能够有效地完成网络安全在线预测。相比其它方法提出方法能够实现较高的准确率和实时性,能够满足互联网环境下的各种信息安全需求。展开更多
Advanced Metering Infrastructure(AMI)is the metering network of the smart grid that enables bidirectional communications between each consumer’s premises and the provider’s control center.The massive amount of data ...Advanced Metering Infrastructure(AMI)is the metering network of the smart grid that enables bidirectional communications between each consumer’s premises and the provider’s control center.The massive amount of data collected supports the real-time decision-making required for diverse applications.The communication infrastructure relies on different network types,including the Internet.This makes the infrastructure vulnerable to various attacks,which could compromise security or have devastating effects.However,traditional machine learning solutions cannot adapt to the increasing complexity and diversity of attacks.The objective of this paper is to develop an Anomaly Detection System(ADS)based on deep learning using the CIC-IDS2017 dataset.However,this dataset is highly imbalanced;thus,a two-step sampling technique:random under-sampling and the Synthetic Minority Oversampling Technique(SMOTE),is proposed to balance the dataset.The proposed system utilizes a multiple hidden layer Auto-encoder(AE)for feature extraction and dimensional reduction.In addition,an ensemble voting based on both Random Forest(RF)and Convolu-tional Neural Network(CNN)is developed to classify the multiclass attack cate-gories.The proposed system is evaluated and compared with six different state-of-the-art machine learning and deep learning algorithms:Random Forest(RF),Light Gradient Boosting Machine(LightGBM),eXtreme Gradient Boosting(XGboost),Convolutional Neural Network(CNN),Long Short-Term Memory(LSTM),and bidirectional LSTM(biLSTM).Experimental results show that the proposed model enhances the detection for each attack class compared with the other machine learning and deep learning models with overall accuracy(98.29%),precision(99%),recall(98%),F_(1) score(98%),and the UNDetection rate(UND)(8%).展开更多
With the progress of advanced technology in the industrial revolution encompassing the Internet of Things(IoT)and cloud computing,cyberattacks have been increasing rapidly on a large scale.The rapid expansion of IoT a...With the progress of advanced technology in the industrial revolution encompassing the Internet of Things(IoT)and cloud computing,cyberattacks have been increasing rapidly on a large scale.The rapid expansion of IoT and networks in many forms generates massive volumes of data,which are vulnerable to security risks.As a result,cyberattacks have become a prevalent and danger to society,including its infrastructures,economy,and citizens’privacy,and pose a national security risk worldwide.Therefore,cyber security has become an increasingly important issue across all levels and sectors.Continuous progress is being made in developing more sophisticated and efficient intrusion detection and defensive methods.As the scale of complexity of the cyber-universe is increasing,advanced machine learning methods are the most appropriate solutions for predicting cyber threats.In this study,a fused machine learning-based intelligent model is proposed to detect intrusion in the early stage and thus secure networks from harmful attacks.Simulation results confirm the effectiveness of the proposed intrusion detection model,with 0.909 accuracy and a miss rate of 0.091.展开更多
Considering a variety of sampled value(SV)attacks on busbar differential protection(BDP)which poses challenges to conventional learning algorithms,an algorithm to detect SV attacks based on the immune system of negati...Considering a variety of sampled value(SV)attacks on busbar differential protection(BDP)which poses challenges to conventional learning algorithms,an algorithm to detect SV attacks based on the immune system of negative selection is developed in this paper.The healthy SV data of BDP are defined as self-data composed of spheres of the same size,whereas the SV attack data,i.e.,the nonself data,are preserved in the nonself space covered by spherical detectors of different sizes.To avoid the confusion between busbar faults and SV attacks,a self-shape optimization algorithm is introduced,and the improved self-data are verified through a power-frequency fault-component-based differential protection criterion to avoid false negatives.Based on the difficulty of boundary coverage in traditional negative selection algorithms,a self-data-driven detector generation algorithm is proposed to enhance the detector coverage.A testbed of differential protection for a 110 kV double busbar system is then established.Typical SV attacks of BDP such as amplitude and current phase tampering,fault replays,and the disconnection of the secondary circuits of current transformers are considered,and the delays of differential relay operation caused by detection algorithms are investigated.展开更多
In order to ensure the safety of connected and automated vehicles(CAVs)threatened by cyberattack in the confluence area and mitigate the adverse impact of cyberattack propagation,a framework is built to depict the imp...In order to ensure the safety of connected and automated vehicles(CAVs)threatened by cyberattack in the confluence area and mitigate the adverse impact of cyberattack propagation,a framework is built to depict the impact of cyberattacks on traffic operation.Based on this framework,corresponding propagation suppression strategies are proposed for different types of cyberattacks in different periods.Under centralized control,game theory is used to solve the confluence sequence corresponding to the strategies.The results show that the proposed method can effectively inhibit the spread of cyberattacks on the premise of security.The initial control effect is the best.Compared with uncontrolled condition,in the 100 timesteps,11 susceptible vehicles are finally added,and the second is the immunity period,in which 10 susceptible vehicles were protected from cyberattack.Outbreak and latency control strategies also protect some vehicles.Under the control strategy of each stage,the peak value of infected vehicles and the duration of cyberattack are improved compared with the uncontrolled strategy.In addition,the traffic efficiency in the confluence area is also improved.This method can also be extended to such road types as diverging section,weaving section and intersection,so as to reduce the impact of cyberattacks on road network scale.展开更多
Cyberattack detection has become an important research domain owing to increasing number of cybercrimes in recent years.Both Machine Learning(ML)and Deep Learning(DL)classification models are useful in effective ident...Cyberattack detection has become an important research domain owing to increasing number of cybercrimes in recent years.Both Machine Learning(ML)and Deep Learning(DL)classification models are useful in effective identification and classification of cyberattacks.In addition,the involvement of hyper parameters in DL models has a significantly influence upon the overall performance of the classification models.In this background,the current study develops Intelligent Cybersecurity Classification using Chaos Game Optimization with Deep Learning(ICC-CGODL)Model.The goal of the proposed ICC-CGODL model is to recognize and categorize different kinds of attacks made upon data.Besides,ICC-CGODL model primarily performs min-max normalization process to normalize the data into uniform format.In addition,Bidirectional Gated Recurrent Unit(BiGRU)model is utilized for detection and classification of cyberattacks.Moreover,CGO algorithm is also exploited to adjust the hyper parameters involved in BiGRU model which is the novelty of current work.A wide-range of simulation analysis was conducted on benchmark dataset and the results obtained confirmed the significant performance of ICC-CGODL technique than the recent approaches.展开更多
With recent advancements in information and communication technology,a huge volume of corporate and sensitive user data was shared consistently across the network,making it vulnerable to an attack that may be brought ...With recent advancements in information and communication technology,a huge volume of corporate and sensitive user data was shared consistently across the network,making it vulnerable to an attack that may be brought some factors under risk:data availability,confidentiality,and integrity.Intrusion Detection Systems(IDS)were mostly exploited in various networks to help promptly recognize intrusions.Nowadays,blockchain(BC)technology has received much more interest as a means to share data without needing a trusted third person.Therefore,this study designs a new Blockchain Assisted Optimal Machine Learning based Cyberattack Detection and Classification(BAOML-CADC)technique.In the BAOML-CADC technique,the major focus lies in identifying cyberattacks.To do so,the presented BAOML-CADC technique applies a thermal equilibrium algorithm-based feature selection(TEA-FS)method for the optimal choice of features.The BAOML-CADC technique uses an extreme learning machine(ELM)model for cyberattack recognition.In addition,a BC-based integrity verification technique is developed to defend against the misrouting attack,showing the innovation of the work.The experimental validation of BAOML-CADC algorithm is tested on a benchmark cyberattack dataset.The obtained values implied the improved performance of the BAOML-CADC algorithm over other techniques.展开更多
The Internet of Things(IoT)is considered the next-gen connection network and is ubiquitous since it is based on the Internet.Intrusion Detection System(IDS)determines the intrusion performance of terminal equipment an...The Internet of Things(IoT)is considered the next-gen connection network and is ubiquitous since it is based on the Internet.Intrusion Detection System(IDS)determines the intrusion performance of terminal equipment and IoT communication procedures from IoT environments after taking equivalent defence measures based on the identified behaviour.In this back-ground,the current study develops an Enhanced Metaheuristics with Machine Learning enabled Cyberattack Detection and Classification(EMML-CADC)model in an IoT environment.The aim of the presented EMML-CADC model is to detect cyberattacks in IoT environments with enhanced efficiency.To attain this,the EMML-CADC model primarily employs a data preprocessing stage to normalize the data into a uniform format.In addition,Enhanced Cat Swarm Optimization based Feature Selection(ECSO-FS)approach is followed to choose the optimal feature subsets.Besides,Mayfly Optimization(MFO)with Twin Support Vector Machine(TSVM),called the MFO-TSVM model,is utilized for the detection and classification of cyberattacks.Here,the MFO model has been exploited to fine-tune the TSVM variables for enhanced results.The performance of the proposed EMML-CADC model was validated using a benchmark dataset,and the results were inspected under several measures.The comparative study concluded that the EMML-CADC model is superior to other models under different measures.展开更多
Battery energy storage system(BESS)is an important component of a modern power system since it allows seamless integration of renewable energy sources(RES)into the grid.A BESS is vulnerable to various cyber threats th...Battery energy storage system(BESS)is an important component of a modern power system since it allows seamless integration of renewable energy sources(RES)into the grid.A BESS is vulnerable to various cyber threats that may influence its proper operation,which in turn impacts negatively the BESS and the electric grid.The potential failure of a BESS can cause economic issues and physical damage to its components.To ensure cyber-secure and reliable BESS operation in grid-connected or islanded modes of the BESS operation,a cyber-defense strategy is needed.However,a comprehensive review on the requirements for the BESS design as well as the attack detection and mitigation methods is lacking.In this paper,we review state-of-the-art attack detection and mitigation methods for various BESS applications focusing on machine learning(ML)and artificial intelligence(AI)-based methods.In addition,the state-of-the-art methods for designing and operating a cyber-secure BESS are investigated.Based on the literature review,we identified gaps in the current research,defined the possible cyberattacks against the BESS that have not been considered before,and suggested the potential approaches to detect them.展开更多
The damage caused by malicious software is increasing owing to the COVID-19 pandemic,such as ransomware attacks on information technology and operational technology systems based on corporate networks and social infra...The damage caused by malicious software is increasing owing to the COVID-19 pandemic,such as ransomware attacks on information technology and operational technology systems based on corporate networks and social infrastructures and spear-phishing attacks on business or research institutes.Recently,several studies have been conducted to prevent further phishing emails in the workplace because malware attacks employ emails as the primary means of penetration.However,according to the latest research,there appears to be a limitation in blocking email spoofing through advanced blocking systems such as spam email filtering solutions and advanced persistent threat systems.Therefore,experts believe that it is more critical to restore services immediately through resilience than the advanced prevention program in the event of damage caused by malicious software.In accordance with this trend,we conducted a survey among 100 employees engaging in information security regarding the effective factors for countering malware attacks through email.Furthermore,we confirmed that resilience,backup,and restoration were effective factors in responding to phishing emails.In contrast,practical exercise and attack visualization were recognized as having little effect on malware attacks.In conclusion,our study reminds business and supervisory institutions to carefully examine their regular voluntary exercises or mandatory training programs and assists private corporations and public institutions to establish counter-strategies for dealing with malware attacks.展开更多
With the wide integration of various distributed communication and control techniques,the cyber-physical microgrids face critical challenges raised by the emerging cyberattacks.This paper proposes a three-stage defens...With the wide integration of various distributed communication and control techniques,the cyber-physical microgrids face critical challenges raised by the emerging cyberattacks.This paper proposes a three-stage defensive framework for distributed microgrids against denial of service(DoS)and false data injection(FDI)attacks,including resilient control,communication network reconfiguration,and switching of local control.The resilient control in the first stage is capable of tackling simultaneous DoS and FDI attacks when the connectivity of communication network could be maintained under cyberattacks.The communication network reconfiguration method in the second stage and the subsequent switching of local control in the third stage based on the software-defined network(SDN)layer aim to cope with the network partitions caused by cyberattacks.The proposed defensive framework could effectively mitigate the impacts of a wide range of simultaneous DoS and FDI attacks in microgrids without requiring the specific assumptions of attacks and prompt detections,which would not incorporate additional cyberattack risks.Extensive case studies using a 13-bus microgrid system are conducted to validate the effectiveness of the proposed three-stage defensive framework against the simultaneous DoS and FDI attacks.展开更多
The“Bitcoin Generator Scam”(BGS)is a cyberattack in which scammers promise to provide victims with free cryptocurrencies in exchange for a small mining fee.In this paper,we present a data-driven system to detect,tra...The“Bitcoin Generator Scam”(BGS)is a cyberattack in which scammers promise to provide victims with free cryptocurrencies in exchange for a small mining fee.In this paper,we present a data-driven system to detect,track,and analyze the BGS.It works as follows:we first formulate search queries related to BGS and use search engines to find potential instances of the scam.We then use a crawler to access these pages and a classifier to differentiate actual scam instances from benign pages.Last,we automatically monitor the BGS instances to extract the cryptocurrency addresses used in the scam.A unique feature of our system is that it proactively searches for and detects the scam pages.Thus,we can find addresses that have not yet received any transactions.Our data collection project spanned 16 months,from November 2019 to February 2021.We uncovered more than 8,000 cryptocurrency addresses directly associated with the scam,hosted on over 1,000 domains.Overall,these addresses have received around 8.7 million USD,with an average of 49.24 USD per transaction.Over 70%of the active addresses that we are capturing are detected before they receive any transactions,that is,before anyone is victimized.We also present some post-processing analysis of the dataset that we have captured to aggregate attacks that can be reasonably confidently linked to the same attacker or group.Our system is one of the first academic feeds to the APWG eCrime Exchange database.It has been actively and automatically feeding the database since November 2020.展开更多
基金supported by the National Key Research and Development Program of China(No.2017YFB0903000)National Natural Science Foundation of China(No.61471328)Natural Science Foundation of Tianjin City(No.15JCQNJC07000).
文摘To warn the cascading failures caused by cyberattacks(CFCAs)in real time and reduce their damage on cyber-physical power systems(CPPSs),a novel early warning method based on attack gains and cost principle(AGCP)is proposed.Firstly,according to the CFCA characteristics,the leading role of attackers in the whole evolutionary process is discussed.The breaking out of a CFCA is deduced based on the AGCP from the view of attackers,and the priority order of all CFCAs is then provided.Then,the method to calculate the probability of CFCAs is proposed,and an early warning model for CFCA is designed.Finally,to verify the effectiveness of this method,a variety of CFCAs are simulated in a local CPPS model based on the IEEE 39-bus system.The experimental results demonstrate that this method can be used as a reliable assistant analysis technology to facilitate early warning of CFCAs.
文摘As Egyptian oil and gas downstream information technology has grown digitally over the past decade, security breaches against these digitally connected systems have also increased. These cyber security threats could have devastating effects on the operations and reputation of these companies. Preventing such cyberattacks is crucial. Especially, with the significance of the Egyptian oil and gas downstream sector to the local economy and the fact that many of these connected systems are sometimes managed remotely. This paper examines the value of the ISO 27001 standard in mitigating the effect of cyber threat and seeks to inspire decision-makers to the importance of the proactive measures to strengthen their organization’s cybersecurity posture and protect information critical assets. The study stresses the importance of improving the local educational system to bridge the gap between supply and demand for cybersecurity specialists by implementing a structured approach that emphasizes behavior modification to get a high return on investment in cybersecurity awareness.
基金the National Natural Science Foundation of China(No.61662004).
文摘The rapid expansion of Internet of Things (IoT) devices across various sectors is driven by steadily increasingdemands for interconnected and smart technologies. Nevertheless, the surge in the number of IoT device hascaught the attention of cyber hackers, as it provides them with expanded avenues to access valuable data. Thishas resulted in a myriad of security challenges, including information leakage, malware propagation, and financialloss, among others. Consequently, developing an intrusion detection system to identify both active and potentialintrusion traffic in IoT networks is of paramount importance. In this paper, we propose ResNeSt-biGRU, a practicalintrusion detection model that combines the strengths of ResNeSt, a variant of Residual Neural Network, andbidirectionalGated RecurrentUnitNetwork (biGRU).Our ResNeSt-biGRUframework diverges fromconventionalintrusion detection systems (IDS) by employing this dual-layeredmechanism that exploits the temporal continuityand spatial feature within network data streams, a methodological innovation that enhances detection accuracy.In conjunction with this, we introduce the PreIoT dataset, a compilation of prevalent IoT network behaviors, totrain and evaluate IDSmodels with a focus on identifying potential intrusion traffics. The effectiveness of proposedscheme is demonstrated through testing, wherein it achieved an average accuracy of 99.90% on theN-BaIoT datasetas well as on the PreIoT dataset and 94.45% on UNSW-NB15 dataset. The outcomes of this research reveal thepotential of ResNeSt-biGRU to bolster security measures, diminish intrusion-related vulnerabilities, and preservethe overall security of IoT ecosystems.
文摘信息网络安全对于互联网办公来说具有十分重要的意义。实时网络安全风险评估作为信息安全的一个关键组成要素,能够对网络资源的安全状态进行有效检测。因此,为了提高互联网环境中办公资源的安全性,提出了一种基于预测模型的网络安全风险在线评估方法。该方法使用期望最大化(expectation and maximization,EM)算法对传统连续时间隐Markov模型进行了改进,以便完成基于预测模型的风险评估。仿真实验结果显示:提出方法能够有效地完成网络安全在线预测。相比其它方法提出方法能够实现较高的准确率和实时性,能够满足互联网环境下的各种信息安全需求。
文摘Advanced Metering Infrastructure(AMI)is the metering network of the smart grid that enables bidirectional communications between each consumer’s premises and the provider’s control center.The massive amount of data collected supports the real-time decision-making required for diverse applications.The communication infrastructure relies on different network types,including the Internet.This makes the infrastructure vulnerable to various attacks,which could compromise security or have devastating effects.However,traditional machine learning solutions cannot adapt to the increasing complexity and diversity of attacks.The objective of this paper is to develop an Anomaly Detection System(ADS)based on deep learning using the CIC-IDS2017 dataset.However,this dataset is highly imbalanced;thus,a two-step sampling technique:random under-sampling and the Synthetic Minority Oversampling Technique(SMOTE),is proposed to balance the dataset.The proposed system utilizes a multiple hidden layer Auto-encoder(AE)for feature extraction and dimensional reduction.In addition,an ensemble voting based on both Random Forest(RF)and Convolu-tional Neural Network(CNN)is developed to classify the multiclass attack cate-gories.The proposed system is evaluated and compared with six different state-of-the-art machine learning and deep learning algorithms:Random Forest(RF),Light Gradient Boosting Machine(LightGBM),eXtreme Gradient Boosting(XGboost),Convolutional Neural Network(CNN),Long Short-Term Memory(LSTM),and bidirectional LSTM(biLSTM).Experimental results show that the proposed model enhances the detection for each attack class compared with the other machine learning and deep learning models with overall accuracy(98.29%),precision(99%),recall(98%),F_(1) score(98%),and the UNDetection rate(UND)(8%).
基金This project was funded(grant no.G:432-611-1443)by the Deanship of Scientific Research(DSR)at King Abdulaziz University(KAU),Jeddah,Saudi Arabia.
文摘With the progress of advanced technology in the industrial revolution encompassing the Internet of Things(IoT)and cloud computing,cyberattacks have been increasing rapidly on a large scale.The rapid expansion of IoT and networks in many forms generates massive volumes of data,which are vulnerable to security risks.As a result,cyberattacks have become a prevalent and danger to society,including its infrastructures,economy,and citizens’privacy,and pose a national security risk worldwide.Therefore,cyber security has become an increasingly important issue across all levels and sectors.Continuous progress is being made in developing more sophisticated and efficient intrusion detection and defensive methods.As the scale of complexity of the cyber-universe is increasing,advanced machine learning methods are the most appropriate solutions for predicting cyber threats.In this study,a fused machine learning-based intelligent model is proposed to detect intrusion in the early stage and thus secure networks from harmful attacks.Simulation results confirm the effectiveness of the proposed intrusion detection model,with 0.909 accuracy and a miss rate of 0.091.
基金supported by National Natural Science Foundation of China (No.51967003)Guangxi Natural Science Foundation (No.2016GXNSFBA380105)。
文摘Considering a variety of sampled value(SV)attacks on busbar differential protection(BDP)which poses challenges to conventional learning algorithms,an algorithm to detect SV attacks based on the immune system of negative selection is developed in this paper.The healthy SV data of BDP are defined as self-data composed of spheres of the same size,whereas the SV attack data,i.e.,the nonself data,are preserved in the nonself space covered by spherical detectors of different sizes.To avoid the confusion between busbar faults and SV attacks,a self-shape optimization algorithm is introduced,and the improved self-data are verified through a power-frequency fault-component-based differential protection criterion to avoid false negatives.Based on the difficulty of boundary coverage in traditional negative selection algorithms,a self-data-driven detector generation algorithm is proposed to enhance the detector coverage.A testbed of differential protection for a 110 kV double busbar system is then established.Typical SV attacks of BDP such as amplitude and current phase tampering,fault replays,and the disconnection of the secondary circuits of current transformers are considered,and the delays of differential relay operation caused by detection algorithms are investigated.
基金supported by Key Research and Development Program of Shaanxi (Grant No.2023-YBGY-118)Scientific Research Project of Department of Transport of Shaanxi Province (Grant No.22-13X)。
文摘In order to ensure the safety of connected and automated vehicles(CAVs)threatened by cyberattack in the confluence area and mitigate the adverse impact of cyberattack propagation,a framework is built to depict the impact of cyberattacks on traffic operation.Based on this framework,corresponding propagation suppression strategies are proposed for different types of cyberattacks in different periods.Under centralized control,game theory is used to solve the confluence sequence corresponding to the strategies.The results show that the proposed method can effectively inhibit the spread of cyberattacks on the premise of security.The initial control effect is the best.Compared with uncontrolled condition,in the 100 timesteps,11 susceptible vehicles are finally added,and the second is the immunity period,in which 10 susceptible vehicles were protected from cyberattack.Outbreak and latency control strategies also protect some vehicles.Under the control strategy of each stage,the peak value of infected vehicles and the duration of cyberattack are improved compared with the uncontrolled strategy.In addition,the traffic efficiency in the confluence area is also improved.This method can also be extended to such road types as diverging section,weaving section and intersection,so as to reduce the impact of cyberattacks on road network scale.
基金The authors extend their appreciation to the Deanship of Scientific Research at King Khalid University for funding this work under Grant Number(RGP 2/180/43)Princess Nourah bint Abdulrahman University Researchers Supporting Project Number(PNURSP2022R161)+1 种基金Princess Nourah bint Abdulrahman University,Riyadh,Saudi ArabiaThe authors would like to thank the Deanship of Scientific Research at Umm Al-Qura University for supporting this work by Grant Code:(22UQU4210118DSR07).
文摘Cyberattack detection has become an important research domain owing to increasing number of cybercrimes in recent years.Both Machine Learning(ML)and Deep Learning(DL)classification models are useful in effective identification and classification of cyberattacks.In addition,the involvement of hyper parameters in DL models has a significantly influence upon the overall performance of the classification models.In this background,the current study develops Intelligent Cybersecurity Classification using Chaos Game Optimization with Deep Learning(ICC-CGODL)Model.The goal of the proposed ICC-CGODL model is to recognize and categorize different kinds of attacks made upon data.Besides,ICC-CGODL model primarily performs min-max normalization process to normalize the data into uniform format.In addition,Bidirectional Gated Recurrent Unit(BiGRU)model is utilized for detection and classification of cyberattacks.Moreover,CGO algorithm is also exploited to adjust the hyper parameters involved in BiGRU model which is the novelty of current work.A wide-range of simulation analysis was conducted on benchmark dataset and the results obtained confirmed the significant performance of ICC-CGODL technique than the recent approaches.
基金This work was funded by the Deanship of Scientific Research at Princess Nourah bint Abdulrahman University,through the Research Groups Program Grant No.(RGP-1443-0051)。
文摘With recent advancements in information and communication technology,a huge volume of corporate and sensitive user data was shared consistently across the network,making it vulnerable to an attack that may be brought some factors under risk:data availability,confidentiality,and integrity.Intrusion Detection Systems(IDS)were mostly exploited in various networks to help promptly recognize intrusions.Nowadays,blockchain(BC)technology has received much more interest as a means to share data without needing a trusted third person.Therefore,this study designs a new Blockchain Assisted Optimal Machine Learning based Cyberattack Detection and Classification(BAOML-CADC)technique.In the BAOML-CADC technique,the major focus lies in identifying cyberattacks.To do so,the presented BAOML-CADC technique applies a thermal equilibrium algorithm-based feature selection(TEA-FS)method for the optimal choice of features.The BAOML-CADC technique uses an extreme learning machine(ELM)model for cyberattack recognition.In addition,a BC-based integrity verification technique is developed to defend against the misrouting attack,showing the innovation of the work.The experimental validation of BAOML-CADC algorithm is tested on a benchmark cyberattack dataset.The obtained values implied the improved performance of the BAOML-CADC algorithm over other techniques.
文摘The Internet of Things(IoT)is considered the next-gen connection network and is ubiquitous since it is based on the Internet.Intrusion Detection System(IDS)determines the intrusion performance of terminal equipment and IoT communication procedures from IoT environments after taking equivalent defence measures based on the identified behaviour.In this back-ground,the current study develops an Enhanced Metaheuristics with Machine Learning enabled Cyberattack Detection and Classification(EMML-CADC)model in an IoT environment.The aim of the presented EMML-CADC model is to detect cyberattacks in IoT environments with enhanced efficiency.To attain this,the EMML-CADC model primarily employs a data preprocessing stage to normalize the data into a uniform format.In addition,Enhanced Cat Swarm Optimization based Feature Selection(ECSO-FS)approach is followed to choose the optimal feature subsets.Besides,Mayfly Optimization(MFO)with Twin Support Vector Machine(TSVM),called the MFO-TSVM model,is utilized for the detection and classification of cyberattacks.Here,the MFO model has been exploited to fine-tune the TSVM variables for enhanced results.The performance of the proposed EMML-CADC model was validated using a benchmark dataset,and the results were inspected under several measures.The comparative study concluded that the EMML-CADC model is superior to other models under different measures.
基金This work is supported by the Danish project“BOSS:Bornholm smartgrid secured by grid connected battery systems”co-founded by Danish Energy technology Development and Demonstration program(EUDP)contract no.64018-0618.
文摘Battery energy storage system(BESS)is an important component of a modern power system since it allows seamless integration of renewable energy sources(RES)into the grid.A BESS is vulnerable to various cyber threats that may influence its proper operation,which in turn impacts negatively the BESS and the electric grid.The potential failure of a BESS can cause economic issues and physical damage to its components.To ensure cyber-secure and reliable BESS operation in grid-connected or islanded modes of the BESS operation,a cyber-defense strategy is needed.However,a comprehensive review on the requirements for the BESS design as well as the attack detection and mitigation methods is lacking.In this paper,we review state-of-the-art attack detection and mitigation methods for various BESS applications focusing on machine learning(ML)and artificial intelligence(AI)-based methods.In addition,the state-of-the-art methods for designing and operating a cyber-secure BESS are investigated.Based on the literature review,we identified gaps in the current research,defined the possible cyberattacks against the BESS that have not been considered before,and suggested the potential approaches to detect them.
基金This study was supported by a grant from the Korean Health Technology RD Project,Ministry of Health and Welfare,Republic of Korea(HI19C0866).
文摘The damage caused by malicious software is increasing owing to the COVID-19 pandemic,such as ransomware attacks on information technology and operational technology systems based on corporate networks and social infrastructures and spear-phishing attacks on business or research institutes.Recently,several studies have been conducted to prevent further phishing emails in the workplace because malware attacks employ emails as the primary means of penetration.However,according to the latest research,there appears to be a limitation in blocking email spoofing through advanced blocking systems such as spam email filtering solutions and advanced persistent threat systems.Therefore,experts believe that it is more critical to restore services immediately through resilience than the advanced prevention program in the event of damage caused by malicious software.In accordance with this trend,we conducted a survey among 100 employees engaging in information security regarding the effective factors for countering malware attacks through email.Furthermore,we confirmed that resilience,backup,and restoration were effective factors in responding to phishing emails.In contrast,practical exercise and attack visualization were recognized as having little effect on malware attacks.In conclusion,our study reminds business and supervisory institutions to carefully examine their regular voluntary exercises or mandatory training programs and assists private corporations and public institutions to establish counter-strategies for dealing with malware attacks.
文摘With the wide integration of various distributed communication and control techniques,the cyber-physical microgrids face critical challenges raised by the emerging cyberattacks.This paper proposes a three-stage defensive framework for distributed microgrids against denial of service(DoS)and false data injection(FDI)attacks,including resilient control,communication network reconfiguration,and switching of local control.The resilient control in the first stage is capable of tackling simultaneous DoS and FDI attacks when the connectivity of communication network could be maintained under cyberattacks.The communication network reconfiguration method in the second stage and the subsequent switching of local control in the third stage based on the software-defined network(SDN)layer aim to cope with the network partitions caused by cyberattacks.The proposed defensive framework could effectively mitigate the impacts of a wide range of simultaneous DoS and FDI attacks in microgrids without requiring the specific assumptions of attacks and prompt detections,which would not incorporate additional cyberattack risks.Extensive case studies using a 13-bus microgrid system are conducted to validate the effectiveness of the proposed three-stage defensive framework against the simultaneous DoS and FDI attacks.
基金This work was supported in part by Canada's Natural Sciences and Engineering Research Council(grant number“CRDPJ 539938-19”)and IBM Centre for Advanced Studies(CAS)Canada(grant number“1059”).
文摘The“Bitcoin Generator Scam”(BGS)is a cyberattack in which scammers promise to provide victims with free cryptocurrencies in exchange for a small mining fee.In this paper,we present a data-driven system to detect,track,and analyze the BGS.It works as follows:we first formulate search queries related to BGS and use search engines to find potential instances of the scam.We then use a crawler to access these pages and a classifier to differentiate actual scam instances from benign pages.Last,we automatically monitor the BGS instances to extract the cryptocurrency addresses used in the scam.A unique feature of our system is that it proactively searches for and detects the scam pages.Thus,we can find addresses that have not yet received any transactions.Our data collection project spanned 16 months,from November 2019 to February 2021.We uncovered more than 8,000 cryptocurrency addresses directly associated with the scam,hosted on over 1,000 domains.Overall,these addresses have received around 8.7 million USD,with an average of 49.24 USD per transaction.Over 70%of the active addresses that we are capturing are detected before they receive any transactions,that is,before anyone is victimized.We also present some post-processing analysis of the dataset that we have captured to aggregate attacks that can be reasonably confidently linked to the same attacker or group.Our system is one of the first academic feeds to the APWG eCrime Exchange database.It has been actively and automatically feeding the database since November 2020.
