Anomaly Detection Approach Using Adaptive Cumulative Sum Algorithm for Controller Area Network

The modern vehicle has transformed from a purely mechanical system to a system that embeds several electronic devices. These devices communicate through the in-vehicle network for enhanced safety and comfort but are vulnerable to cyber-physical risks and attacks. A well-known technique of detecting these attacks and unusual events is by using intrusion detection systems. Anomalies in the network occur at unknown points and produce abrupt changes in the statistical features of the message stream. In this paper, we propose an anomaly-based intrusion detection approach using the cumulative sum (CUSUM) change-point detection algorithm to detect data injection attacks on the controller area network (CAN) bus. We leverage the parameters required for the change-point algorithm to reduce false alarm rate and detection delay. Using real dataset generated from a car in normal operation, we evaluate our detection approach on three different kinds of attack scenarios

Online Recursive Detection and Adaptive Fuzzy Mitigation of Cyber-Physical Attacks Targeting Topology of IMG: An LFC Case Study

Due to the low inertia of inverter-based islanded microgrids (IMGs), these systems require a delicate and accurate load frequency control (LFC) scheme. The deployment of such a control scheme, which preserves the balance between the load and generation, needs a cyber layer on top of the physical system that makes IMGs an appealing target for a variety of cyber-physical attacks (CPAs). Among these CPAs, there is a family of malicious CPAs whose aim is to compromise the LFC scheme by changing the topology of IMG and its parameters. On this basis, an online system identification method is developed to estimate the parameters of IMG using the recursive least square forgetting factor (RLS-FF) approach. Then, based on the estimated parameters, an anomaly-based intrusion detection system (IDS) is developed to identify CPAs and distinguish them from the uncertainties in the normal operation of IMG. Following anomaly detection, a mitigation scheme is proposed to regulate the IMG’s frequency using an adaptive interval type-2 fuzzy logic controller (IT2FLC). The proposed IT2FLC uses different types of distributed energy resources (DERs)—i.e., tidal power plants and solar panels which are, respectively, equipped with inertia emulation and droop-based controllers—to improve the frequency excursion resulting from CPAs. The simulation results verify the performance of the developed detection and mitigation schemes, particularly when the RLS-FF parameters, i.e., forgetting factor, covariance matrix, and reset parameter, are obtained through the grey wolf optimization (GWO) algorithm. Furthermore, the designed mitigation scheme is corroborated by comparing its performance with several well-known attack-resilient control frameworks in LFC studies, e.g., linear quadratic regulator (LQR) and H∞, using real-time simulations.©2023 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.fi=vertaisarvioitu|en=peerReviewed

Dynamic fuzzy rule interpolation and its application to intrusion detection

Fuzzy rule interpolation (FRI) offers an effective approach for making inference possible in sparse rule-based systems (and also for reducing the complexity of fuzzy models). However, requirements of fuzzy systems may change over time and hence, the use of a static rule base may affect the accuracy of FRI applications. Fortunately, an FRI system in action will produce interpolated rules in abundance during the interpolative reasoning process. While such interpolated results are discarded in existing FRI systems, they can be utilized to facilitate the development of a dynamic rule base in supporting subsequent inference. This is because the otherwise relinquished interpolated rules may contain possibly valuable information, covering regions that were uncovered by the original sparse rule base. This paper presents a dynamic fuzzy rule interpolation (D-FRI) approach by exploiting such interpolated rules in order to improve the overall system's coverage and efficacy. The resulting D-FRI system is able to select, combine, and generalize informative, frequently used interpolated rules for merging with the existing rule base while performing interpolative reasoning. Systematic experimental investigations demonstrate that D-FRI outperforms conventional FRI techniques, with increased accuracy and robustness. Furthermore, D-FRI is herein applied for network security analysis, in devising a dynamic intrusion detection system (IDS) through integration with the Snort software, one of the most popular open source IDSs. This integration, denoted as D-FRI-Snort hereafter, delivers an extra amount of intelligence to predict the level of potential threats. Experimental results show that with the inclusion of a dynamic rule base, by generalising newly interpolated rules based on the current network traffic conditions, D-FRI-Snort helps reduce both false positives and false negatives in intrusion detection

Machine Learning in Wireless Sensor Networks: Algorithms, Strategies, and Applications

Wireless sensor networks monitor dynamic environments that change rapidly over time. This dynamic behavior is either caused by external factors or initiated by the system designers themselves. To adapt to such conditions, sensor networks often adopt machine learning techniques to eliminate the need for unnecessary redesign. Machine learning also inspires many practical solutions that maximize resource utilization and prolong the lifespan of the network. In this paper, we present an extensive literature review over the period 2002-2013 of machine learning methods that were used to address common issues in wireless sensor networks (WSNs). The advantages and disadvantages of each proposed algorithm are evaluated against the corresponding problem. We also provide a comparative guide to aid WSN designers in developing suitable machine learning solutions for their specific application challenges.Comment: Accepted for publication in IEEE Communications Surveys and Tutorial