21 research outputs found
A Multi-Observer Based Estimation Framework for Nonlinear Systems under Sensor Attacks
We address the problem of state estimation and attack isolation for general
discrete-time nonlinear systems when sensors are corrupted by (potentially
unbounded) attack signals. For a large class of nonlinear plants and observers,
we provide a general estimation scheme, built around the idea of sensor
redundancy and multi-observer, capable of reconstructing the system state in
spite of sensor attacks and noise. This scheme has been proposed by others for
linear systems/observers and here we propose a unifying framework for a much
larger class of nonlinear systems/observers. Using the proposed estimator, we
provide an isolation algorithm to pinpoint attacks on sensors during sliding
time windows. Simulation results are presented to illustrate the performance of
our tools.Comment: arXiv admin note: text overlap with arXiv:1806.0648
An Unknown Input Multi-Observer Approach for Estimation and Control under Adversarial Attacks
We address the problem of state estimation, attack isolation, and control of
discrete-time linear time-invariant systems under (potentially unbounded)
actuator and sensor false data injection attacks. Using a bank of unknown input
observers, each observer leading to an exponentially stable estimation error
(in the attack-free case), we propose an observer-based estimator that provides
exponential estimates of the system state in spite of actuator and sensor
attacks. Exploiting sensor and actuator redundancy, the estimation scheme is
guaranteed to work if a sufficiently small subset of sensors and actuators are
under attack. Using the proposed estimator, we provide tools for reconstructing
and isolating actuator and sensor attacks; and a control scheme capable of
stabilizing the closed-loop dynamics by switching off isolated actuators.
Simulation results are presented to illustrate the performance of our tools.Comment: arXiv admin note: substantial text overlap with arXiv:1811.1015
Detecting Unknown Attacks in IoT Environments: An Open Set Classifier for Enhanced Network Intrusion Detection
The widespread integration of Internet of Things (IoT) devices across all
facets of life has ushered in an era of interconnectedness, creating new
avenues for cybersecurity challenges and underscoring the need for robust
intrusion detection systems. However, traditional security systems are designed
with a closed-world perspective and often face challenges in dealing with the
ever-evolving threat landscape, where new and unfamiliar attacks are constantly
emerging. In this paper, we introduce a framework aimed at mitigating the open
set recognition (OSR) problem in the realm of Network Intrusion Detection
Systems (NIDS) tailored for IoT environments. Our framework capitalizes on
image-based representations of packet-level data, extracting spatial and
temporal patterns from network traffic. Additionally, we integrate stacking and
sub-clustering techniques, enabling the identification of unknown attacks by
effectively modeling the complex and diverse nature of benign behavior. The
empirical results prominently underscore the framework's efficacy, boasting an
impressive 88\% detection rate for previously unseen attacks when compared
against existing approaches and recent advancements. Future work will perform
extensive experimentation across various openness levels and attack scenarios,
further strengthening the adaptability and performance of our proposed solution
in safeguarding IoT environments.Comment: 6 Pages, 5 figure
ByteStack-ID: Integrated Stacked Model Leveraging Payload Byte Frequency for Grayscale Image-based Network Intrusion Detection
In the ever-evolving realm of network security, the swift and accurate
identification of diverse attack classes within network traffic is of paramount
importance. This paper introduces "ByteStack-ID," a pioneering approach
tailored for packet-level intrusion detection. At its core, ByteStack-ID
leverages grayscale images generated from the frequency distributions of
payload data, a groundbreaking technique that greatly enhances the model's
ability to discern intricate data patterns. Notably, our approach is
exclusively grounded in packet-level information, a departure from conventional
Network Intrusion Detection Systems (NIDS) that predominantly rely on
flow-based data. While building upon the fundamental concept of stacking
methodology, ByteStack-ID diverges from traditional stacking approaches. It
seamlessly integrates additional meta learner layers into the concatenated base
learners, creating a highly optimized, unified model. Empirical results
unequivocally confirm the outstanding effectiveness of the ByteStack-ID
framework, consistently outperforming baseline models and state-of-the-art
approaches across pivotal performance metrics, including precision, recall, and
F1-score. Impressively, our proposed approach achieves an exceptional 81\%
macro F1-score in multiclass classification tasks. In a landscape marked by the
continuous evolution of network threats, ByteStack-ID emerges as a robust and
versatile security solution, relying solely on packet-level information
extracted from network traffic data.Comment: 6 pages, 6 figure
Towards Adversarial Malware Detection: Lessons Learned from PDF-based Attacks
Malware still constitutes a major threat in the cybersecurity landscape, also
due to the widespread use of infection vectors such as documents. These
infection vectors hide embedded malicious code to the victim users,
facilitating the use of social engineering techniques to infect their machines.
Research showed that machine-learning algorithms provide effective detection
mechanisms against such threats, but the existence of an arms race in
adversarial settings has recently challenged such systems. In this work, we
focus on malware embedded in PDF files as a representative case of such an arms
race. We start by providing a comprehensive taxonomy of the different
approaches used to generate PDF malware, and of the corresponding
learning-based detection systems. We then categorize threats specifically
targeted against learning-based PDF malware detectors, using a well-established
framework in the field of adversarial machine learning. This framework allows
us to categorize known vulnerabilities of learning-based PDF malware detectors
and to identify novel attacks that may threaten such systems, along with the
potential defense mechanisms that can mitigate the impact of such threats. We
conclude the paper by discussing how such findings highlight promising research
directions towards tackling the more general challenge of designing robust
malware detectors in adversarial settings
A Hypergraph-Based Machine Learning Ensemble Network Intrusion Detection System
Network intrusion detection systems (NIDS) to detect malicious attacks
continues to meet challenges. NIDS are vulnerable to auto-generated port scan
infiltration attempts and NIDS are often developed offline, resulting in a time
lag to prevent the spread of infiltration to other parts of a network. To
address these challenges, we use hypergraphs to capture evolving patterns of
port scan attacks via the set of internet protocol addresses and destination
ports, thereby deriving a set of hypergraph-based metrics to train a robust and
resilient ensemble machine learning (ML) NIDS that effectively monitors and
detects port scanning activities and adversarial intrusions while evolving
intelligently in real-time. Through the combination of (1) intrusion examples,
(2) NIDS update rules, (3) attack threshold choices to trigger NIDS retraining
requests, and (4) production environment with no prior knowledge of the nature
of network traffic 40 scenarios were auto-generated to evaluate the ML ensemble
NIDS comprising three tree-based models. Results show that under the model
settings of an Update-ALL-NIDS rule (namely, retrain and update all the three
models upon the same NIDS retraining request) the proposed ML ensemble NIDS
produced the best results with nearly 100% detection performance throughout the
simulation, exhibiting robustness in the complex dynamics of the simulated
cyber-security scenario.Comment: 12 pages, 10 figure
On the Effects and Optimal Design of Redundant Sensors in Collaborative State Estimation
The existence of redundant sensors in collaborative state estimation is a
common occurrence, yet their true significance remains elusive. This paper
comprehensively investigates the effects and optimal design of redundant
sensors in sensor networks that use Kalman filtering to estimate the state of a
random process collaboratively. The paper presents two main results: a
theoretical analysis of the effects of redundant sensors and an
engineering-oriented optimal design of redundant sensors. In the theoretical
analysis, the paper leverages Riccati equations and Symplectic matrix theory to
unveil the explicit role of redundant sensors in cooperative state estimation.
The results unequivocally demonstrate that the addition of redundant sensors
enhances the estimation performance of the sensor network, aligning with the
principle of ``more is better". Moreover, the paper establishes a precise
sufficient and necessary condition to assess whether the inclusion of redundant
sensors improves the overall estimation performance. Moving towards
engineering-oriented design optimization, the paper proposes a novel algorithm
to tackle the optimal design problem of redundant sensors, and the convergence
of the proposed algorithm is guaranteed. Numerical simulations are provided to
demonstrate the results
Strategically Revealing Intentions in General Lotto Games
Strategic decision-making in uncertain and adversarial environments is crucial for the security of modern systems and infrastructures. A salient feature of many optimal decision-making policies is a level of unpredictability, or randomness, which helps to keep an adversary uncertain about the system’s behavior. This paper seeks to explore decision-making policies on the other end of the spectrum – namely, whether there are benefits in revealing one’s strategic intentions to an opponent before engaging in competition.We study these scenarios in a well-studied model of competitive resource allocation problem known as General Lotto games. In the classic formulation, two competing players simultaneously allocate their assets to a set of battlefields, and the resulting payoffs are derived in a zero-sum fashion. Here, we consider a multi-step extension where one of the players has the option to publicly pre-commit assets in a binding fashion to battlefields before play begins. In response, the opponent decides which of these battlefields to secure (or abandon) by matching the pre-commitment with its own assets. They then engage in a General Lotto game over the remaining set of battlefields. Interestingly, this paper highlights many scenarios where strategically revealing intentions can actually significantly improve one’s payoff. This runs contrary to the conventional wisdom that randomness should be a central component of decision-making in adversarial environments