Bibliographical review on cyber attacks from a control oriented perspective

This paper presents a bibliographical review of definitions, classifications and applications concerning cyber attacks in networked control systems (NCSs) and cyber-physical systems (CPSs). This review tackles the topic from a control-oriented perspective, which is complementary to information or communication ones. After motivating the importance of developing new methods for attack detection and secure control, this review presents security objectives, attack modeling, and a characterization of considered attacks and threats presenting the detection mechanisms and remedial actions. In order to show the properties of each attack, as well as to provide some deeper insight into possible defense mechanisms, examples available in the literature are discussed. Finally, open research issues and paths are presented.Peer ReviewedPostprint (author's final draft

DETECTION AND IDENTIFICATION OF CYBERATTACKS IN CPS BY ‎APPLYING MACHINE LEARNING ALGORITHMS

بشكل عام ، تتكون الأنظمة السيبرانية الفيزيائية (المعروفة أيضًا باسم CPS) من مكونات متصلة بالشبكة تتيح الوصول عن بُعد والمراقبة والفحص. ونظرًا لأنه تم دمج هذه الانظمة في شبكة غير آمنة، قد تتعرض لهجمات إلكترونية متعددة. وفي حالة حدوث خرق لأمن الإنترنت، سيتمكن المخترق من إتلاف النظام ، مما قد يكون له آثار مدمرة. وبالتالي، من المهم للغاية الحفاظ على مصداقية الأنظمة السيبرانية الفيزيائية CPS. لقد أصبح من الصعب بشكل متزايد تحديد الاعتداءات على أنظمة (CPSs) حيث أصبحت هذه الأنظمة أكثر هدفًا للمتسللين والتهديدات الإلكترونية. من الممكن أن يجعل التعلم الآلي (ML) والذكاء الاصطناعي (AI) أيضًا الوضع أكثر أماناً,ويمكن أن تلعب التكنولوجيا القائمة على الذكاء الاصطناعي (AI) دورًا في نمو ونجاح مجموعة واسعة من أنواع المؤسسات المختلفة وبعدة طرق مختلفة. الهدف من هذا البحث وهذا النوع من تحليل البيانات هو تجنب اعتداءات CPS باستخدام تقنيات التعلم الآلي والذكاء الاصطناعي. تم تقديم إطارًا جديدًا لاكتشاف الهجمات الإلكترونية، والذي يستفيد من التعلم الآلي والذكاء الاصطناعي (ML). تبدأعملية تنظيف البيانات في قاعدة بيانات CPS بإجراء التطبيع للتخلص من الأخطاء والتكرارات ويتم ذلك بحيث تكون البيانات متسقة طوال الوقت. التحليل التمييزي الخطي هو الطريقة المستخدمة للحصول على الميزات ، وتعرف باسم (LDA). كآلية لتحديد الهجمات الإلكترونية، كانت العملية المستخدمة المقترحة هي عملية SFL-HMM بالتزامن مع إجراء HMS-ACO. تم تقييم الإستراتيجية الجديدة باستخدام محاكاة MATLAB، ومقارنة المقاييس التي تم الحصول عليها من تلك المحاكاة بالمقاييس الواردة من الطرق السابقة. لقد ثبت أن إطار عمل البحث أكثر فعالية بشكل كبير من التقنيات التقليدية في الحفاظ على درجات عالية من الخصوصية، كما قد اتضح من نتائج عدد من التحقيقات المنفصلة. بالإضافة إلى ذلك، من حيث معدل الاكتشاف، والمعدل الإيجابي الخاطئ، ووقت الحساب، على التوالي ، تتفوق الطريقة المقترحة في البحث على طرق الكشف التقليدية.In general, cyber-physical systems (also known as CPS) consist of networked components that allow for remote access, monitoring, and examination. Because they were integrated into an unsecured network, they have been the target of multiple cyberattacks. In the event that there was a breach in internet security, an adversary would be able to damage the system, which may have devastating effects. Thus, it is extremely important to maintain the credibility of the CPS. It is becoming increasingly difficult to identify assaults on computerised policing systems (CPSs) as these systems become more of a target for hackers and cyberthreats. It is feasible that Machine Learning (ML) as well as Artificial Intelligence (AI), may also make it the finest of times. Both of these outcomes are plausible. Technology based on artificial intelligence (AI) can play a role in the growth and success of a wide range of different types of enterprises in a variety of different ways. The goal of this type of data analysis is to avoid CPS assaults using machine learning and artificial intelligence techniques.   A new framework was offered for the detection of cyberattacks, which makes use of machine learning and artificial intelligence (ML). the process of cleaning up the data in the CPS database is starting by performing normalisation in order to get rid of errors and duplicates. This is done so that the data is consistent throughout. Linear Discriminant Analysis is the method that is used to get the features, and it is known as that (LDA). As a mechanism for the identification of cyberattacks, The suggested used process was the SFL-HMM process in conjunction with the HMS-ACO procedure. The new strategy is evaluated using a MATLAB simulation, and the metrics obtained from that simulation are compared to the metrics received from the earlier methods. The framework is shown to be substantially more effective than traditional techniques in the upkeep of high degrees of privacy, as demonstrated by the outcomes of a number of separate investigations. In addition, in terms of detection rate, false positive rate, and computation time, respectively, the framework beats traditional detection methods

Cyber Security in Power Systems Using Meta-Heuristic and Deep Learning Algorithms

Supervisory Control and Data Acquisition system linked to Intelligent Electronic Devices over a communication network keeps an eye on smart grids’ performance and safety. The lack of algorithms protecting the power system communication protocols makes them vulnerable to cyberattacks, which can result in a hacker introducing false data into the operational network. This can result in delayed attack detection, which might harm the infrastructure, cause financial loss, or even result in fatalities. Similarly, attackers may be able to feed the system with fake information to hoax the operator and the algorithm into making bad decisions at crucial moments. This paper attempts to identify and classify such cyber-attacks by using numerous deep learning algorithms and optimizing the data features with a metaheuristic algorithm. We proposed a Restricted Boltzmann Machine-based nature-inspired artificial root foraging optimization algorithm. Using a publicly available dataset produced in Mississippi State University’s Oak Ridge National Laboratory, simulations are run on the Jupiter Notebook. Traditional supervised machine learning algorithms like Artificial Neural Networks, Convolutional Neural Networks, and Support Vector Machines are measured with the proposed algorithm to demonstrate the effectiveness of the algorithms. Simulations show that the proposed algorithm produced superior results, with an accuracy of 97.8% for binary classification, 95.6% for three-class classification, and 94.3% for multi-class classification. Thereby outperforming its counterpart algorithms in terms of accuracy, precision, recall, and f1 score.©2023 Authors. Published by IEEE. This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 License. For more information, see https://creativecommons.org/licenses/by-nc-nd/4.0/fi=vertaisarvioitu|en=peerReviewed

Machine Learning-Enabled IoT Security: Open Issues and Challenges Under Advanced Persistent Threats

Despite its technological benefits, Internet of Things (IoT) has cyber weaknesses due to the vulnerabilities in the wireless medium. Machine learning (ML)-based methods are widely used against cyber threats in IoT networks with promising performance. Advanced persistent threat (APT) is prominent for cybercriminals to compromise networks, and it is crucial to long-term and harmful characteristics. However, it is difficult to apply ML-based approaches to identify APT attacks to obtain a promising detection performance due to an extremely small percentage among normal traffic. There are limited surveys to fully investigate APT attacks in IoT networks due to the lack of public datasets with all types of APT attacks. It is worth to bridge the state-of-the-art in network attack detection with APT attack detection in a comprehensive review article. This survey article reviews the security challenges in IoT networks and presents the well-known attacks, APT attacks, and threat models in IoT systems. Meanwhile, signature-based, anomaly-based, and hybrid intrusion detection systems are summarized for IoT networks. The article highlights statistical insights regarding frequently applied ML-based methods against network intrusion alongside the number of attacks types detected. Finally, open issues and challenges for common network intrusion and APT attacks are presented for future research.Comment: ACM Computing Surveys, 2022, 35 pages, 10 Figures, 8 Table

Cyberthreats, Attacks and Intrusion Detection in Supervisory Control and Data Acquisition Networks

Supervisory Control and Data Acquisition (SCADA) systems are computer-based process control systems that interconnect and monitor remote physical processes. There have been many real world documented incidents and cyber-attacks affecting SCADA systems, which clearly illustrate critical infrastructure vulnerabilities. These reported incidents demonstrate that cyber-attacks against SCADA systems might produce a variety of financial damage and harmful events to humans and their environment. This dissertation documents four contributions towards increased security for SCADA systems. First, a set of cyber-attacks was developed. Second, each attack was executed against two fully functional SCADA systems in a laboratory environment; a gas pipeline and a water storage tank. Third, signature based intrusion detection system rules were developed and tested which can be used to generate alerts when the aforementioned attacks are executed against a SCADA system. Fourth, a set of features was developed for a decision tree based anomaly based intrusion detection system. The features were tested using the datasets developed for this work. This dissertation documents cyber-attacks on both serial based and Ethernet based SCADA networks. Four categories of attacks against SCADA systems are discussed: reconnaissance, malicious response injection, malicious command injection and denial of service. In order to evaluate performance of data mining and machine learning algorithms for intrusion detection systems in SCADA systems, a network dataset to be used for benchmarking intrusion detection systemswas generated. This network dataset includes different classes of attacks that simulate different attack scenarios on process control systems. This dissertation describes four SCADA network intrusion detection datasets; a full and abbreviated dataset for both the gas pipeline and water storage tank systems. Each feature in the dataset is captured from network flow records. This dataset groups two different categories of features that can be used as input to an intrusion detection system. First, network traffic features describe the communication patterns in a SCADA system. This research developed both signature based IDS and anomaly based IDS for the gas pipeline and water storage tank serial based SCADA systems. The performance of both types of IDS were evaluates by measuring detection rate and the prevalence of false positives

A Comprehensive Survey on the Cyber-Security of Smart Grids: Cyber-Attacks, Detection, Countermeasure Techniques, and Future Directions

One of the significant challenges that smart grid networks face is cyber-security. Several studies have been conducted to highlight those security challenges. However, the majority of these surveys classify attacks based on the security requirements, confidentiality, integrity, and availability, without taking into consideration the accountability requirement. In addition, some of these surveys focused on the Transmission Control Protocol/Internet Protocol (TCP/IP) model, which does not differentiate between the application, session, and presentation and the data link and physical layers of the Open System Interconnection (OSI) model. In this survey paper, we provide a classification of attacks based on the OSI model and discuss in more detail the cyber-attacks that can target the different layers of smart grid networks communication. We also propose new classifications for the detection and countermeasure techniques and describe existing techniques under each category. Finally, we discuss challenges and future research directions