1
|
Evaluating deep learning variants for cyber-attacks detection and multi-class classification in IoT networks. PeerJ Comput Sci 2024; 10:e1793. [PMID: 38259893 PMCID: PMC10803060 DOI: 10.7717/peerj-cs.1793] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 09/20/2023] [Accepted: 12/13/2023] [Indexed: 01/24/2024]
Abstract
The Internet of Things (IoT), considered an intriguing technology with substantial potential for tackling many societal concerns, has been developing into a significant component of the future. The foundation of IoT is the capacity to manipulate and track material objects over the Internet. The IoT network infrastructure is more vulnerable to attackers/hackers as additional features are accessible online. The complexity of cyberattacks has grown to pose a bigger threat to public and private sector organizations. They undermine Internet businesses, tarnish company branding, and restrict access to data and amenities. Enterprises and academics are contemplating using machine learning (ML) and deep learning (DL) for cyberattack avoidance because ML and DL show immense potential in several domains. Several DL teachings are implemented to extract various patterns from many annotated datasets. DL can be a helpful tool for detecting cyberattacks. Early network data segregation and detection thus become more essential than ever for mitigating cyberattacks. Numerous deep-learning model variants, including deep neural networks (DNNs), convolutional neural networks (CNNs), and recurrent neural networks (RNNs), are implemented in the study to detect cyberattacks on an assortment of network traffic streams. The Canadian Institute for Cybersecurity's CICDIoT2023 dataset is utilized to test the efficacy of the proposed approach. The proposed method includes data preprocessing, robust scalar and label encoding techniques for categorical variables, and model prediction using deep learning models. The experimental results demonstrate that the RNN model achieved the highest accuracy of 96.56%. The test results indicate that the proposed approach is efficient compared to other methods for identifying cyberattacks in a realistic IoT environment.
Collapse
|
2
|
Cyber hygiene concepts for nursing education. NURSE EDUCATION TODAY 2023; 130:105940. [PMID: 37595324 DOI: 10.1016/j.nedt.2023.105940] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Subscribe] [Scholar Register] [Received: 02/21/2023] [Revised: 07/24/2023] [Accepted: 08/10/2023] [Indexed: 08/20/2023]
Abstract
BACKGROUND The healthcare industry has increasingly been targeted by cybercrime putting patients, organizations, and employees at risk for financial loss and breach of privacy. Malware events compromise system integrity and patient privacy which could lead to delays in treatment, loss of patient data, inability to provide care, and increase in patient harm. In addition, these attacks may also compromise private and personal information for those targeted. OBJECTIVE Nurses represent a large portion of frontline healthcare workers and are uniquely positioned to help prevent cyber-attacks. Nursing curriculum should include education about the risks to patient safety from cybercrime and the nurse's role in preventing cybercrime. Nursing education has focused on hygiene for patient safety. Adding cyber hygiene to the essential practices of pre-licensure and advanced practice nurses is a first step to protecting patients, organizations, and employees from the repercussions of a healthcare cyber-attack.
Collapse
|
3
|
Data-driven load frequency cooperative control for multi-area power system integrated with VSCs and EV aggregators under cyber-attacks. ISA TRANSACTIONS 2023:S0019-0578(23)00423-8. [PMID: 37867022 DOI: 10.1016/j.isatra.2023.09.018] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Subscribe] [Scholar Register] [Received: 02/09/2023] [Revised: 07/28/2023] [Accepted: 09/15/2023] [Indexed: 10/24/2023]
Abstract
This paper proposes a cooperative load frequency control (LFC) strategy based on a multi-agent deep reinforcement learning (MADRL) framework for the multi-area power system in the presence of voltage source converters (VSCs) and electric vehicle (EV) aggregators under cyber-attacks. Different from the existing LFC model, a novel transfer function of VSCs is first improved by the space-vector technique and integrated with EV aggregators to develop a multi-area training environment. By installing the agent in different control areas and interacting state transition information between agents and the new environment, the MADRL-based control strategy is achieved for centralized training and decentralized execution. Thus, the proposed MADRL method can coordinate thermal turbines, VSCs, as well as EV aggregators in the different control areas. Furthermore, a suitable cyber-attack model that can circumvent bad data detection (BDD) is reconstructed according to the perspective of adversaries for the LFC system. Then the double critic networks and parameter updating policy are designed to eliminate and mitigate the fluctuations caused by cyber-attacks. The comparative simulation with other control strategies on a three-area test power system demonstrates the superior performance of the proposed MADRL-based approach.
Collapse
|
4
|
Modelling cybersecurity regulations for automated vehicles. ACCIDENT; ANALYSIS AND PREVENTION 2023; 186:107054. [PMID: 37023653 DOI: 10.1016/j.aap.2023.107054] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Subscribe] [Scholar Register] [Received: 08/12/2022] [Revised: 02/01/2023] [Accepted: 03/28/2023] [Indexed: 06/19/2023]
Abstract
Technological advancements in Connected and Automated Vehicles (CAVs), particularly the integration of diverse stakeholder groups (communication service providers, road operators, automakers, repairers, CAV consumers, and the general public) and the pursuit of new economic opportunities, have resulted in the emergence of new technical, legal, and social challenges. The most pressing challenge is deterring criminal behaviour in both the physical and cyber realms through the adoption of CAV cybersecurity protocols and regulations. However, the literature lacks a systematic decision tool to analyze the impact of the potential cybersecurity regulations for dynamically interacting stakeholders, and to identify the leverage points to minimise the cyber-risks. To address this knowledge gap, this study uses systems theory to develop a dynamic modelling tool to analyze the indirect consequences of potential CAVs cybersecurity regulations in the medium to long term. It is hypothesized that CAVs Cybersecurity Regulatory Framework (CRF) is the property of the entire ITS stakeholders. The CRF is modelled using the System Dynamic based Stock-and-Flow-Model (SFM) technique. The SFM is founded on five critical pillars: the Cybersecurity Policy Stack, the Hacker's Capability, Logfiles, CAV Adopters, and intelligence-assisted traffic police. It is found that decision-makers should focus on three major leverage points: establishing a CRF grounded on automakers' innovation; sharing risks in eliminating negative externalities associated with underinvestment and knowledge asymmetries in cybersecurity; and capitalising on massive CAV-generated data in CAV operations. The formal integration of intelligence analysts and computer crime investigators to strengthen traffic police capabilities is pivotal. Recommendations for automakers include data-profiteering in CAV design, production, sales, marketing, safety enhancements and enabling consumer data transparency.Furthermore, CAVs-CRF necessitate a balanced approach to the trade-off between: i) data accessibility constraints on CAV automakers and ITS service providers; ii) regulator command and control thresholds; iii) automakers' business investment protection; and iv) consumers' data privacy guard.
Collapse
|
5
|
Event-based model predictive damping control for power systems with cyber-attacks. ISA TRANSACTIONS 2023; 136:687-700. [PMID: 36543736 DOI: 10.1016/j.isatra.2022.11.028] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Subscribe] [Scholar Register] [Received: 02/15/2022] [Revised: 11/07/2022] [Accepted: 11/26/2022] [Indexed: 05/16/2023]
Abstract
This paper presents a secure model predictive damping control strategy for the wide-area power system (WAPS) under the DoS/deception attacks. Firstly, the model of WAPS under denial of service (DoS) attacks and deception attacks with the event-triggered mechanism (ETM) is established. Then, a wide-area model predictive damping controller is designed to damp out the interarea oscillations in the WAPS induced by cyber-attacks. Wide-area event-based model predictive damping control (WEMPDC) is proposed, by employing the wide-area information, the ETM is utilized to determine WEMPDC to defend against the cyber-attacks, in the meantime input-to-state stable in probability (ISSiP) of the closed-loop system is guaranteed. Furthermore, the validity of the WEMPDC is investigated by two-area four-machine and 16-machine 68-bus system.
Collapse
|
6
|
Dynamic event-based sliding mode security control for singular Semi-Markov jump LPV systems against deception attacks. ISA TRANSACTIONS 2023; 133:116-133. [PMID: 35840412 DOI: 10.1016/j.isatra.2022.06.042] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Subscribe] [Scholar Register] [Received: 06/10/2021] [Revised: 05/25/2022] [Accepted: 06/28/2022] [Indexed: 06/15/2023]
Abstract
In this paper, we preliminarily propose the dissipative sliding mode control (SMC) scheme for polyhedral singular semi-Markov jump linear parameter varying (SS-MJLPV) systems considering deception attacks between the sensor and controller. The main feature of this scheme is that a novel developed parameter dependent integral-type SMC law follows the changes of the system. Note that the mode of the sliding mode controller is not synchronized with the system mode, and the transition rates (TRs) of the system are assumed to be unknown. Moreover, we extend the previous work concerning the static event-triggered transmission protocol (ETP) to the dynamic one, in which the triggering threshold is dynamically updated via the internal-dynamic-variable. Finally, a DC-motor model is presented to illustrate the correctness of the developed results.
Collapse
|
7
|
Secure control design for nonlinear cyber-physical systems under DoS, replay, and deception cyber-attacks with multiple transmission channels. ISA TRANSACTIONS 2022; 128:294-308. [PMID: 34953583 DOI: 10.1016/j.isatra.2021.11.033] [Citation(s) in RCA: 2] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Subscribe] [Scholar Register] [Received: 03/29/2021] [Revised: 11/28/2021] [Accepted: 11/28/2021] [Indexed: 06/14/2023]
Abstract
This paper introduces the state-/output-feedback control for multi-channel nonlinear cyber-physical systems (CPSs). Many cyber-attacks are considered such as Denial-of-Service (DoS), replay and deception attacks. The deception cyber-attacks can be treated as measurement additive and multiplicative uncertainties. Both time-varying state-dependent and state-independent sensor additive attacks are considered. As DoS attack makes the CPS states unavailable, the standard modeling and control methods cannot be applied directly. Alternatively, as attackers in the replay attack re-transmit previous data and prevent the transmission of the more recent data, a delayed model is generated. To deal with these problems, a new observer at the controller side is proposed. It is used to perform two main tasks. The first is to estimate all system states at every time instant. The second is to exclude some unsecured transmitting channels from affecting the system response. Therefore, all attacks in these channels will have no effect on the system response. Using the estimated states, an anti-cyber-attacks state-feedback controller is investigated. Meanwhile, it is verified that the suggested approach certifies the convergence of all the CPSs states under different cyber-attacks. The effectiveness of the proposed secure control approach against different kinds of cyber-attacks is confirmed through two examples with simulation results.
Collapse
|
8
|
A stacked deep learning approach to cyber-attacks detection in industrial systems: application to power system and gas pipeline systems. CLUSTER COMPUTING 2021; 25:561-578. [PMID: 34629940 PMCID: PMC8490144 DOI: 10.1007/s10586-021-03426-w] [Citation(s) in RCA: 4] [Impact Index Per Article: 1.3] [Reference Citation Analysis] [Abstract] [Key Words] [Grants] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 03/05/2021] [Revised: 09/09/2021] [Accepted: 09/17/2021] [Indexed: 06/13/2023]
Abstract
Presently, Supervisory Control and Data Acquisition (SCADA) systems are broadly adopted in remote monitoring large-scale production systems and modern power grids. However, SCADA systems are continuously exposed to various heterogeneous cyberattacks, making the detection task using the conventional intrusion detection systems (IDSs) very challenging. Furthermore, conventional security solutions, such as firewalls, and antivirus software, are not appropriate for fully protecting SCADA systems because they have distinct specifications. Thus, accurately detecting cyber-attacks in critical SCADA systems is undoubtedly indispensable to enhance their resilience, ensure safe operations, and avoid costly maintenance. The overarching goal of this paper is to detect malicious intrusions that already detoured traditional IDS and firewalls. In this paper, a stacked deep learning method is introduced to identify malicious attacks targeting SCADA systems. Specifically, we investigate the feasibility of a deep learning approach for intrusion detection in SCADA systems. Real data sets from two laboratory-scale SCADA systems, a two-line three-bus power transmission system and a gas pipeline are used to evaluate the proposed method's performance. The results of this investigation show the satisfying detection performance of the proposed stacked deep learning approach. This study also showed that the proposed approach outperformed the standalone deep learning models and the state-of-the-art algorithms, including Nearest neighbor, Random forests, Naive Bayes, Adaboost, Support Vector Machine, and oneR. Besides detecting the malicious attacks, we also investigate the feature importance of the cyber-attacks detection process using the Random Forest procedure, which helps design more parsimonious models.
Collapse
|
9
|
A robust intelligent zero-day cyber-attack detection technique. COMPLEX INTELL SYST 2021; 7:2211-2234. [PMID: 34777966 PMCID: PMC8160422 DOI: 10.1007/s40747-021-00396-9] [Citation(s) in RCA: 7] [Impact Index Per Article: 2.3] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 01/21/2021] [Accepted: 05/10/2021] [Indexed: 11/28/2022]
Abstract
With the introduction of the Internet to the mainstream like e-commerce, online banking, health system and other day-to-day essentials, risk of being exposed to various are increasing exponentially. Zero-day attack(s) targeting unknown vulnerabilities of a software or system opens up further research direction in the field of cyber-attacks. Existing approaches either uses ML/DNN or anomaly-based approach to protect against these attacks. Detecting zero-day attacks through these techniques miss several parameters like frequency of particular byte streams in network traffic and their correlation. Covering attacks that produce lower traffic is difficult through neural network models because it requires higher traffic for correct prediction. This paper proposes a novel robust and intelligent cyber-attack detection model to cover the issues mentioned above using the concept of heavy-hitter and graph technique to detect zero-day attacks. The proposed work consists of two phases (a) Signature generation and (b) Evaluation phase. This model evaluates the performance using generated signatures at the training phase. The result analysis of the proposed zero-day attack detection shows higher performance for accuracy of 91.33% for the binary classification and accuracy of 90.35% for multi-class classification on real-time attack data. The performance against benchmark data set CICIDS18 shows a promising result of 91.62% for binary-class classification on this model. Thus, the proposed approach shows an encouraging result to detect zero-day attacks.
Collapse
|
10
|
Analysis of security and privacy challenges for DNA-genomics applications and databases. J Biomed Inform 2021; 119:103815. [PMID: 34022422 DOI: 10.1016/j.jbi.2021.103815] [Citation(s) in RCA: 4] [Impact Index Per Article: 1.3] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Received: 01/28/2021] [Revised: 05/07/2021] [Accepted: 05/08/2021] [Indexed: 02/06/2023]
Abstract
DNA technology is rapidly moving towards digitization. Scientists use software tools and applications for sequencing, synthesizing, analyzing and sharing of DNA and genomic data, operate lab equipment and store genetic information in shared datastores. Using cutting-edge computing methods and techniques, researchers have decoded human genome, created organisms with new capabilities, automated drug development and transformed food safety. Such software applications are typically developed to progress scientific understanding and as such cyber security is never a concern for these applications. However, with the increasing commercialisation of DNA technologies, coupled with the sensitivity of DNA data, there is a need to adopt a security-by-design approach. In this paper we investigate bio-cyber security threats to genomic-DNA data and software applications making use of such data to advance scientific research. Specifically, we adopt an empirical approach to analyse and identify vulnerabilities within genomic-DNA databases and bioinformatics software applications that can lead to cyber-attacks affecting the confidentiality, integrity and availability of such sensitive data. We present a detailed analysis of these threats and highlight potential protection mechanisms to help researchers pursue these research directions.
Collapse
|
11
|
Cooperative control for cyber-physical multi-agent networked control systems with unknown false data-injection and replay cyber-attacks. ISA TRANSACTIONS 2021; 110:1-14. [PMID: 33039167 DOI: 10.1016/j.isatra.2020.10.002] [Citation(s) in RCA: 10] [Impact Index Per Article: 3.3] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Subscribe] [Scholar Register] [Received: 04/30/2020] [Revised: 08/04/2020] [Accepted: 10/03/2020] [Indexed: 06/11/2023]
Abstract
The paper discusses the cooperative tracking problem of partially known cyber-physical multi-agent networked systems. In this system, there exist two cascaded chances for cyber-attacks. The local agent is of networked system type that is subjected to unknown false data-injection and replay cyber-attacks that are dissimilar in the sensor-controller and the controller-actuator network parts. The communication between any two agents, if they are connected, is accomplished via a communication network that is subjected to false data-injection cyber-attacks. The problem of the existing two cascaded chances for cyber-attacks is solved in three steps. First, with partially known system parameters and unknown false data-injection and replay cyber-attacks, the state estimates of all the local followers are evaluated by designing local adaptive observers. Second, a new technique is designed to compensate for the unmatched terms that result from the use of local adaptive observers. After that, distributed adaptive leader-follower security controllers are proposed based on the local estimated information in addition to the infected arrived information from the neighbors. Meanwhile, it is verified that the suggested security control method guarantees that all states of the followers under the considered cyber-attacks follow the given leader asymptotically. The efficacy of the developed adaptive leader-follower security controllers is verified via an illustrative example.
Collapse
|
12
|
Event-triggered filter design for nonlinear cyber-physical systems subject to deception attacks. ISA TRANSACTIONS 2020; 104:130-137. [PMID: 30902498 DOI: 10.1016/j.isatra.2019.02.036] [Citation(s) in RCA: 5] [Impact Index Per Article: 1.3] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Subscribe] [Scholar Register] [Received: 10/28/2018] [Revised: 02/06/2019] [Accepted: 02/28/2019] [Indexed: 06/09/2023]
Abstract
This paper is concerned with an event-triggered filter design for fuzzy-model-based cyber-physical systems with cyber-attacks. Spurious events may be triggered under the conventional event-triggered mechanism (ETM) when the sampling data has a rapid change arising from unpredicted external disturbance. To avoid spurious decisions on data releasing a new ETM is proposed. Furthermore, the communication network is vulnerable to attacks by malicious attackers. Under this scenario, a new resilient filter is designed to ensure the security. Sufficient conditions are established to make the filtering error system asymptotically stable. A numerical example is provided to show the effectiveness of the proposed results.
Collapse
|
13
|
Guaranteed cost control of hybrid-triggered networked systems with stochastic cyber-attacks. ISA TRANSACTIONS 2020; 104:84-92. [PMID: 31097192 DOI: 10.1016/j.isatra.2019.04.017] [Citation(s) in RCA: 2] [Impact Index Per Article: 0.5] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Subscribe] [Scholar Register] [Received: 10/30/2018] [Revised: 04/15/2019] [Accepted: 04/19/2019] [Indexed: 06/09/2023]
Abstract
This paper is concerned with guaranteed cost control for a hybrid-triggered networked system subject to stochastic cyber-attacks. First, a hybrid-triggered mechanism including time-triggered mechanism and event-triggered mechanism is proposed to mitigate the pressure of network transmission, in which the switching between two mechanisms satisfies Bernoulli distribution. Second, the closed-loop system subject to the hybrid communication scheme and stochastic cyber-attacks is modelled as a stochastic system with an interval time-varying delay. Then, based on the Lyapunov-Krasovskii functional approach, two theorems are presented for guaranteeing the mean-square stability of the studied system. Finally, the effectiveness of the proposed method is demonstrated through a numerical example.
Collapse
|
14
|
Distributed event-triggered H ∞ filtering over sensor networks with sensor saturations and cyber-attacks. ISA TRANSACTIONS 2018; 81:63-75. [PMID: 30078519 DOI: 10.1016/j.isatra.2018.07.018] [Citation(s) in RCA: 3] [Impact Index Per Article: 0.5] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Subscribe] [Scholar Register] [Received: 02/09/2018] [Revised: 05/25/2018] [Accepted: 07/16/2018] [Indexed: 06/08/2023]
Abstract
This paper investigates the problem of distributed event-triggered H∞ filtering over sensor networks with sensor saturations and cyber-attacks. By taking the effects of sensor saturations existing in spatially distributed sensors and randomly occurring cyber-attacks into consideration, a distributed event-triggered filtering error system is firstly established. Then, sufficient conditions guaranteeing the system asymptotically stable with H∞ performance are obtained by means of Lyapunov stability theory. Moreover, the explicit expressions of distributed H∞ filters and the weighting matrices of distributed event-triggered scheme are achieved by solving a set of linear matrix inequalities (LMIs). Finally, two examples are given to illustrate the usefulness of the designed distributed event-triggered H∞ filters.
Collapse
|
15
|
Model-based approach for cyber-physical attack detection in water distribution systems. WATER RESEARCH 2018; 139:132-143. [PMID: 29635150 DOI: 10.1016/j.watres.2018.03.039] [Citation(s) in RCA: 9] [Impact Index Per Article: 1.5] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Subscribe] [Scholar Register] [Received: 10/16/2017] [Revised: 03/13/2018] [Accepted: 03/14/2018] [Indexed: 06/08/2023]
Abstract
Modern Water Distribution Systems (WDSs) are often controlled by Supervisory Control and Data Acquisition (SCADA) systems and Programmable Logic Controllers (PLCs) which manage their operation and maintain a reliable water supply. As such, and with the cyber layer becoming a central component of WDS operations, these systems are at a greater risk of being subjected to cyberattacks. This paper offers a model-based methodology based on a detailed hydraulic understanding of WDSs combined with an anomaly detection algorithm for the identification of complex cyberattacks that cannot be fully identified by hydraulically based rules alone. The results show that the proposed algorithm is capable of achieving the best-known performance when tested on the data published in the BATtle of the Attack Detection ALgorithms (BATADAL) competition (http://www.batadal.net).
Collapse
|