Quickest Detection of False Data Injection Attack in Distributed Process Tracking

This paper addresses the problem of detecting false data injection (FDI) attacks in a distributed network without a fusion center, represented by a connected graph among multiple agent nodes. Each agent node is equipped with a sensor, and uses a Kalman consensus information filter (KCIF) to track a discrete time global process with linear dynamics and additive Gaussian noise. The state estimate of the global process at any sensor is computed from the local observation history and the information received by that agent node from its neighbors. At an unknown time, an attacker starts altering the local observation of one agent node. In the Bayesian setting where there is a known prior distribution of the attack beginning instant, we formulate a Bayesian quickest change detection (QCD) problem for FDI detection in order to minimize the mean detection delay subject to a false alarm probability constraint. While it is well-known that the optimal Bayesian QCD rule involves checking the Shriyaev's statistic against a threshold, we demonstrate how to compute the Shriyaev's statistic at each node in a recursive fashion given our non-i.i.d. observations. Next, we consider non-Bayesian QCD where the attack begins at an arbitrary and unknown time, and the detector seeks to minimize the worst case detection delay subject to a constraint on the mean time to false alarm and probability of misidentification. We use the multiple hypothesis sequential probability ratio test for attack detection and identification at each sensor. For unknown attack strategy, we use the window-limited generalized likelihood ratio (WL-GLR) algorithm to solve the QCD problem. Numerical results demonstrate the performances and trade-offs of the proposed algorithms

An Effective Approach to Nonparametric Quickest Detection and Its Decentralized Realization

This dissertation focuses on the study of nonparametric quickest detection and its decentralized implementation in a distributed environment. Quickest detection schemes are geared toward detecting a change in the state of a data stream or a real-time process. Classical quickest detection schemes invariably assume knowledge of the pre-change and post-change distributions that may not be available in many applications. A distribution free nonparametric quickest detection procedure is presented based on a novel distance measure, referred to as the Q-Q distance calculated from the Quantile-Quantile plot. Theoretical analysis of the distance measure and detection procedure is presented to justify the proposed algorithm and provide performance guarantees. The Q-Q distance based detection procedure presents comparable performance compared to classical parametric detection procedure and better performance than other nonparametric procedures. The proposed procedure is most effective when detecting small changes. As the technology advances, distributed sensing and detection become feasible. Existing decentralized detection approaches are largely parametric. The decentralized realization of Q-Q distance based nonparametric quickest detection scheme is further studied, where data streams are simultaneously collected from multiple channels located distributively to jointly reach a detection decision. Two implementation schemes, binary quickest detection and local decision fusion, are described. Experimental results show that the proposed method has a comparable performance to the benchmark parametric cumulative sum (CUSUM) test in binary detection. Finally the dissertation concludes with a summary of the contributions to the state of the art

Remote State Estimation with Privacy Against Active Eavesdroppers

This paper considers a cyber-physical system under an active eavesdropping attack. A remote legitimate user estimates the state of a linear plant from the state information received from a sensor. Transmissions from the sensor occur via an insecure and unreliable network. An active eavesdropper may perform an attack during system operation. The eavesdropper intercepts transmissions from the sensor, whilst simultaneously sabotaging the data transfer from the sensor to the remote legitimate user to harm its estimation performance. To maintain state confidentiality, we propose an encoding scheme that is activated on the detection of an eavesdropper. Our scheme transmits noise based on a pseudo-random indicator, pre-arranged at the legitimate user and sensor. The transmission of noise harms the eavesdropper's performance, more than that of the legitimate user. Using the proposed encoding scheme, we impair the eavesdropper's expected estimation performance, whilst minimising expected performance degradation at the legitimate user. We explore the trade-off between state confidentiality and legitimate user performance degradation through selecting the probability that the sensor transmits noise. Under certain design choices, the trace of the expected estimation error covariance of the eavesdropper is greater than that of the legitimate user. Numerical examples are provided to illustrate the proposed encoding scheme.Comment: 13 pages, 7 figures. arXiv admin note: text overlap with arXiv:2211.1341

Quickest Detection of Denial-of-Service Attacks in Cognitive Wireless Networks

Abstract Many denial-of-service (DOS) attacks in wireless networks, such as jamming, will cause significant performance degradation to the network and thus need to be detected quickly. This becomes more important in a cognitive wireless network employing dynamic spectrum access (DSA), where it is easier for the attackers to launch DOS attacks. For instance, the attackers may pretend to be a licensed primary user, and carry out the primary user emulation (PUE) attacks. The attackers may also explore the spectrum themselves, and conduct smart jamming. These attacks usually happen at unknown time and are unpredictable due to the lack of prior knowledge of the attackers. It is also observed that the statistical property of the resulted paths from multipath routing will have abrupt change when the attack happens. Hence, in this paper, we formulate the detection of DOS attacks as a quickest detection problem, i.e., detect the abrupt changes in distributions of certain observables at the network layer with minimum detection delay, while maintaining a given low false alarm probability. Specifically, we propose a non-parametric version of the Pages cumulative sum (CUSUM) algorithm to minimize the detection delay so that a network manager may react to the event as soon as possible to mitigate the effect of the attacks. Simulation results using a Spectrum-Aware Split Multipath Routing with dynamic channel assignment as a baseline routing protocol demonstrate the effectiveness of the proposed approach

Novel Approach for Intrusion Detection Using Simulated Annealing Algorithm Combined with Hopfield Neural Network

With the continued increase in Internet usage, the risk of encountering online threats remains high. This study proposes a new approach for intrusion detection to produce better outcomes than similar approaches with high accuracy rates. The proposed approach uses Simulated Annealing algorithms [1] combined with Hopfield Neural network [2] for supervised learning to improve performance by increasing the correctness of true detection and reducing the error rates as a result of false detection. The proposed approach is evaluated on an intrusion detection data set called KDD99[3]. Experimental tests demonstrate the potential of the proposed approach to rapidly detect high precision and efficiency intrusion behaviors. The proposed approach offers a 99.16% accuracy rate and a 0.3% false-positive rate.Department of Information Technology

Bayesian Models Applied to Cyber Security Anomaly Detection Problems

Cyber security is an important concern for all individuals, organisations and governments globally. Cyber attacks have become more sophisticated, frequent and dangerous than ever, and traditional anomaly detection methods have been proved to be less effective when dealing with these new classes of cyber threats. In order to address this, both classical and Bayesian models offer a valid and innovative alternative to the traditional signature-based methods, motivating the increasing interest in statistical research that it has been observed in recent years. In this review we provide a description of some typical cyber security challenges, typical types of data and statistical methods, paying special attention to Bayesian approaches for these problems