1,678 research outputs found
Vulnerability Assessment and Privacy-preserving Computations in Smart Grid
Modern advances in sensor, computing, and communication technologies enable various smart grid applications which highlight the vulnerability that requires novel approaches to the field of cybersecurity. While substantial numbers of technologies have been adopted to protect cyber attacks in smart grid, there lacks a comprehensive review of the implementations, impacts, and solutions of cyber attacks specific to the smart grid.In this dissertation, we are motivated to evaluate the security requirements for the smart grid which include three main properties: confidentiality, integrity, and availability. First, we review the cyber-physical security of the synchrophasor network, which highlights all three aspects of security issues. Taking the synchrophasor network as an example, we give an overview of how to attack a smart grid network. We test three types of attacks and show the impact of each attack consisting of denial-of-service attack, sniffing attack, and false data injection attack.Next, we discuss how to protect against each attack. For protecting availability, we examine possible defense strategies for the associated vulnerabilities.For protecting data integrity, a small-scale prototype of secure synchrophasor network is presented with different cryptosystems. Besides, a deep learning based time-series anomaly detector is proposed to detect injected measurement. Our approach observes both data measurements and network traffic features to jointly learn system states and can detect attacks when state vector estimator fails.For protecting data confidentiality, we propose privacy-preserving algorithms for two important smart grid applications. 1) A distributed privacy-preserving quadratic optimization algorithm to solve Security Constrained Optimal Power Flow (SCOPF) problem. The SCOPF problem is decomposed into small subproblems using the Alternating Direction Method of Multipliers (ADMM) and gradient projection algorithms. 2) We use Paillier cryptosystem to secure the computation of the power system dynamic simulation. The IEEE 3-Machine 9-Bus System is used to implement and demonstrate the proposed scheme. The security and performance analysis of our implementations demonstrate that our algorithms can prevent chosen-ciphertext attacks at a reasonable cost
APHRODITE: an Anomaly-based Architecture for False Positive Reduction
We present APHRODITE, an architecture designed to reduce false positives in
network intrusion detection systems. APHRODITE works by detecting anomalies in
the output traffic, and by correlating them with the alerts raised by the NIDS
working on the input traffic. Benchmarks show a substantial reduction of false
positives and that APHRODITE is effective also after a "quick setup", i.e. in
the realistic case in which it has not been "trained" and set up optimall
Security Evaluation of Support Vector Machines in Adversarial Environments
Support Vector Machines (SVMs) are among the most popular classification
techniques adopted in security applications like malware detection, intrusion
detection, and spam filtering. However, if SVMs are to be incorporated in
real-world security systems, they must be able to cope with attack patterns
that can either mislead the learning algorithm (poisoning), evade detection
(evasion), or gain information about their internal parameters (privacy
breaches). The main contributions of this chapter are twofold. First, we
introduce a formal general framework for the empirical evaluation of the
security of machine-learning systems. Second, according to our framework, we
demonstrate the feasibility of evasion, poisoning and privacy attacks against
SVMs in real-world security problems. For each attack technique, we evaluate
its impact and discuss whether (and how) it can be countered through an
adversary-aware design of SVMs. Our experiments are easily reproducible thanks
to open-source code that we have made available, together with all the employed
datasets, on a public repository.Comment: 47 pages, 9 figures; chapter accepted into book 'Support Vector
Machine Applications
Anomaly detection with machine learning for automotive cyber-physical systems
2022 Spring.Includes bibliographical references.Today's automotive systems are evolving at a rapid pace and there has been a seismic shift in automotive technology in the past few years. Automakers are racing to redefine the automobile as a fully autonomous and connected system. As a result, new technologies such as advanced driver assistance systems (ADAS), vehicle-to-vehicle (V2V), 5G vehicle to infrastructure (V2I), and vehicle to everything (V2X), etc. have emerged in recent years. These advances have resulted in increased responsibilities for the electronic control units (ECUs) in the vehicles, requiring a more sophisticated in-vehicle network to address the growing communication needs of ECUs with each other and external subsystems. This in turn has transformed modern vehicles into a complex distributed cyber-physical system. The ever-growing connectivity to external systems in such vehicles is introducing new challenges, related to the increasing vulnerability of such vehicles to various cyber-attacks. A malicious actor can use various access points in a vehicle, e.g., Bluetooth and USB ports, telematic systems, and OBD-II ports, to gain unauthorized access to the in-vehicle network. These access points are used to gain access to the network from the vehicle's attack surface. After gaining access to the in-vehicle network through an attack surface, a malicious actor can inject or alter messages on the network to try to take control of the vehicle. Traditional security mechanisms such as firewalls only detect simple attacks as they do not have the ability to detect more complex attacks. With the increasing complexity of vehicles, the attack surface increases, paving the way for more complex and novel attacks in the future. Thus, there is a need for an advanced attack detection solution that can actively monitor the in-vehicle network and detect complex cyber-attacks. One of the many approaches to achieve this is by using an intrusion detection system (IDS). Many state-of-the-art IDS employ machine learning algorithms to detect cyber-attacks for its ability to detect both previously observed as well as novel attack patterns. Moreover, the large availability of in-vehicle network data and increasing computational power of the ECUs to handle emerging complex automotive tasks facilitates the use of machine learning models. Therefore, due to its large spectrum of attack coverage and ability to detect complex attack patterns, we adopt and propose two novel machine learning based IDS frameworks (LATTE and TENET) for in-vehicle network anomaly detection. Our proposed LATTE framework uses sequence models, such as LSTMs, in an unsupervised setting to learn the normal system behavior. LATTE leverages the learned information at runtime to detect anomalies by observing for any deviations from the learned normal behavior. Our proposed LATTE framework aims to maximize the anomaly detection accuracy, precision, and recall while minimizing the false-positive rate. The increased complexity of automotive systems has resulted in very long term dependencies between messages which cannot be effectively captured by LSTMs. Hence to overcome this problem, we proposed a novel IDS framework called TENET. TENET employs a novel convolutional neural attention (TCNA) based architecture to effectively learn very-long term dependencies between messages in an in-vehicle network during the training phase and leverage the learned information in combination with a decision tree classifier to detect anomalous messages. Our work aims to efficiently detect a multitude of attacks in the in-vehicle network with low memory and computational overhead on the ECU
Modeling and performance evaluation of stealthy false data injection attacks on smart grid in the presence of corrupted measurements
The false data injection (FDI) attack cannot be detected by the traditional
anomaly detection techniques used in the energy system state estimators. In
this paper, we demonstrate how FDI attacks can be constructed blindly, i.e.,
without system knowledge, including topological connectivity and line reactance
information. Our analysis reveals that existing FDI attacks become detectable
(consequently unsuccessful) by the state estimator if the data contains grossly
corrupted measurements such as device malfunction and communication errors. The
proposed sparse optimization based stealthy attacks construction strategy
overcomes this limitation by separating the gross errors from the measurement
matrix. Extensive theoretical modeling and experimental evaluation show that
the proposed technique performs more stealthily (has less relative error) and
efficiently (fast enough to maintain time requirement) compared to other
methods on IEEE benchmark test systems.Comment: Keywords: Smart grid, False data injection, Blind attack, Principal
component analysis (PCA), Journal of Computer and System Sciences, Elsevier,
201
Development of an adaptive learning network-attack detection system
The proliferation of Internet and the increase of the number of network computers cause a raise of network attacks that attempt to confidentiality, integrity and availability of the computer infrastructures. Therefore Intrusion Detection Systems (IDSs) have become an essential part of today’s security infrastructures. There exists different kind of IDS. The separation that interest us the most for this study is misuse and anomaly-based IDSs. The first of them detects and classifies attacks with predefined rules and the second checks how much traffic differs from “normal” traffic and adapts itself to know in each moment what is normal and what not. The goal of this study is to propose a new IDS for the Stuttgart’s University network since the current one called Peakflow is a misuse IDS and can’t detect novel attacks. Here it is proposed SPADE as new IDS. SPADE detects anomalies based in probabilities and decides through a threshold that adapts according with the last results. SPADE solves the problem of novel attacks but we will see that this isn’t always very efficient because it can considerer abnormal traffic to be normal when the attacks are continuous or when there isn’t enough traffic normal in order to calculate the probabilities correctly and introduce a high false alarm rate. _______________________________________La proliferación de Internet y el aumento del número de redes de ordenadores están
provocando un incremento de ataques a la red que atentan a diferentes aspectos de la
comunicación:
• Integridad: Fiabilidad de la información.
• Disponibilidad: los recursos tienen que estar disponibles cuando se necesitan.
• Confidencialidad: acceso limitado a la información a usuarios autorizados. En la universidad de Stuttgart, el sistema de monitorización de la red se llama
Peakflow y se basa en la detección de usos indebidos a través de patrones por lo que no
es eficiente para la detección de nuevos ataques. Por lo tanto, el objetivo de este proyecto
consistía en mejorar este sistema proponiendo una detección basada en anomalías.Ingeniería de Telecomunicació
- …