Feature trade-off analysis for reconnaissance detection.

An effective cyber early warning system (CEWS) should pick up threat activity at an early stage, with an emphasis on establishing hypotheses and predictions as well as generating alerts on (unclassified) situations based on preliminary indications. The design and implementation of such early warning systems involve numerous challenges such as generic set of indicators, intelligence gathering, uncertainty reasoning and information fusion. This chapter begins with an understanding of the behaviours of intruders and then related literature is followed by the proposed methodology using a Bayesian inference-based system. It also includes a carefully deployed empirical analysis on a data set labelled for reconnaissance activity. Finally, the chapter concludes with a discussion on results, research challenges and necessary suggestions to move forward in this research line

Active fuzzing for testing and securing cyber-physical systems

National Research Foundation (NRF) Singapore under its National Satellite of Excellence Programm

Model Predictive Control for Mitigating Sensor Attacks on Multilevel Inverters

Nowadays, multilevel power inverters have become a hot research topic which are being widely used in smart grids. They are also driving devices for conveyors, compressors, motors, and can enable uninterruptible power supply for critical loads such as database centers or telecommunications base stations. In the future, smart grids will play an important role to achieve higher efficiency, smarter control and better performance. Such an ambitious goal can only be achieved by inverters with higher voltage and power levels. The smart grids are the typical cyber-physical systems that is composed of physical processes and computation units combined by sensors, actuators, and communication devices. The smart grids are apt to errors and vicious attacks on their physical construction leading to considerable damage, such as false data injection (FDI), denial of service (DOS). The vicious data injection can effectively bypass the detection of system and cause serious effects on the grid. In recent years, some advanced control approaches have been proposed to perform inverter current control. Among them, model predictive control (MPC) is a promising one that makes use of explicit system models to predict its future response and optimize system performance. It has unique advantages that can accurately forecast the future response of the system and have fast response. However, the effectiveness and the accuracy of the conventional MPC rely on whether the system model is accurate. Uncertainty and false data injection in the system model sometimes lead to unresponsive or even unstable control systems. Conventional MPC is hard to keep the system stable when the uncertainty and malicious attack happen. In existing studies, although various attacks have been investigated, the undetectable false data injection aiming at the inverter system was rarely studied. In the thesis, the model of the cascaded H-bridge inverter is established and conventional MPC to achieve load current control is applied. It shows great performance to achieve load current control and has fast dynamic control. Then considering various attack signals such as step attack signals, pulse attack signals to the sensors in the system, the conventional MPC loses the ability to achieve a stable and effective current control. According to simulation results, Kalman Filter model is built which can filter some Gaussian noises from the sensors in the system. Then from the perspective of attacker, a special FDI attack is designed that can effectively bypass the Kalman Filter. For the system that targeted by the FDI and DOS attack, a new controller is designed based on the K-Nearest Neighbor (KNN) algorithm and MPC strategy which can achieve the load current control with high output quality. Finally, the new control method based on KNN and MPC is compared with conventional MPC. The simulation results are analyzed and conclusion have been made. A modified MPC combined with KNN algorithm proposed in this thesis can detect bad data that can enter the system without triggering alarms. The case studies show the modified MPC based on KNN algorithm can achieve current control accurately when the system is injected by various attack signals showing better performance of current control with low total harmonic distortion (THD)

Model Predictive Control for Mitigating Sensor Attacks on Multilevel Inverters

Nowadays, multilevel power inverters have become a hot research topic which are being widely used in smart grids. They are also driving devices for conveyors, compressors, motors, and can enable uninterruptible power supply for critical loads such as database centers or telecommunications base stations. In the future, smart grids will play an important role to achieve higher efficiency, smarter control and better performance. Such an ambitious goal can only be achieved by inverters with higher voltage and power levels. The smart grids are the typical cyber-physical systems that is composed of physical processes and computation units combined by sensors, actuators, and communication devices. The smart grids are apt to errors and vicious attacks on their physical construction leading to considerable damage, such as false data injection (FDI), denial of service (DOS). The vicious data injection can effectively bypass the detection of system and cause serious effects on the grid. In recent years, some advanced control approaches have been proposed to perform inverter current control. Among them, model predictive control (MPC) is a promising one that makes use of explicit system models to predict its future response and optimize system performance. It has unique advantages that can accurately forecast the future response of the system and have fast response. However, the effectiveness and the accuracy of the conventional MPC rely on whether the system model is accurate. Uncertainty and false data injection in the system model sometimes lead to unresponsive or even unstable control systems. Conventional MPC is hard to keep the system stable when the uncertainty and malicious attack happen. In existing studies, although various attacks have been investigated, the undetectable false data injection aiming at the inverter system was rarely studied. In the thesis, the model of the cascaded H-bridge inverter is established and conventional MPC to achieve load current control is applied. It shows great performance to achieve load current control and has fast dynamic control. Then considering various attack signals such as step attack signals, pulse attack signals to the sensors in the system, the conventional MPC loses the ability to achieve a stable and effective current control. According to simulation results, Kalman Filter model is built which can filter some Gaussian noises from the sensors in the system. Then from the perspective of attacker, a special FDI attack is designed that can effectively bypass the Kalman Filter. For the system that targeted by the FDI and DOS attack, a new controller is designed based on the K-Nearest Neighbor (KNN) algorithm and MPC strategy which can achieve the load current control with high output quality. Finally, the new control method based on KNN and MPC is compared with conventional MPC. The simulation results are analyzed and conclusion have been made. A modified MPC combined with KNN algorithm proposed in this thesis can detect bad data that can enter the system without triggering alarms. The case studies show the modified MPC based on KNN algorithm can achieve current control accurately when the system is injected by various attack signals showing better performance of current control with low total harmonic distortion (THD)

What Ukraine Taught NATO about Hybrid Warfare

Russia’s invasion of Ukraine in 2022 forced the United States and its NATO partners to be confronted with the impact of hybrid warfare far beyond the battlefield. Targeting Europe’s energy security, Russia’s malign influence campaigns and malicious cyber intrusions are affecting global gas prices, driving up food costs, disrupting supply chains and grids, and testing US and Allied military mobility. This study examines how hybrid warfare is being used by NATO’s adversaries, what vulnerabilities in energy security exist across the Alliance, and what mitigation strategies are available to the member states. Cyberattacks targeting the renewable energy landscape during Europe’s green transition are increasing, making it urgent that new tools are developed to protect these emerging technologies. No less significant are the cyber and information operations targeting energy security in Eastern Europe as it seeks to become independent from Russia. Economic coercion is being used against Western and Central Europe to stop gas from flowing. China’s malign investments in Southern and Mediterranean Europe are enabling Beijing to control several NATO member states’ critical energy infrastructure at a critical moment in the global balance of power. What Ukraine Taught NATO about Hybrid Warfare will be an important reference for NATO officials and US installations operating in the European theater.https://press.armywarcollege.edu/monographs/1952/thumbnail.jp