179 research outputs found
Quickest Detection of False Data Injection Attack in Distributed Process Tracking
This paper addresses the problem of detecting false data injection (FDI)
attacks in a distributed network without a fusion center, represented by a
connected graph among multiple agent nodes. Each agent node is equipped with a
sensor, and uses a Kalman consensus information filter (KCIF) to track a
discrete time global process with linear dynamics and additive Gaussian noise.
The state estimate of the global process at any sensor is computed from the
local observation history and the information received by that agent node from
its neighbors. At an unknown time, an attacker starts altering the local
observation of one agent node. In the Bayesian setting where there is a known
prior distribution of the attack beginning instant, we formulate a Bayesian
quickest change detection (QCD) problem for FDI detection in order to minimize
the mean detection delay subject to a false alarm probability constraint. While
it is well-known that the optimal Bayesian QCD rule involves checking the
Shriyaev's statistic against a threshold, we demonstrate how to compute the
Shriyaev's statistic at each node in a recursive fashion given our non-i.i.d.
observations. Next, we consider non-Bayesian QCD where the attack begins at an
arbitrary and unknown time, and the detector seeks to minimize the worst case
detection delay subject to a constraint on the mean time to false alarm and
probability of misidentification. We use the multiple hypothesis sequential
probability ratio test for attack detection and identification at each sensor.
For unknown attack strategy, we use the window-limited generalized likelihood
ratio (WL-GLR) algorithm to solve the QCD problem. Numerical results
demonstrate the performances and trade-offs of the proposed algorithms
An Effective Approach to Nonparametric Quickest Detection and Its Decentralized Realization
This dissertation focuses on the study of nonparametric quickest detection and its decentralized implementation in a distributed environment. Quickest detection schemes are geared toward detecting a change in the state of a data stream or a real-time process. Classical quickest detection schemes invariably assume knowledge of the pre-change and post-change distributions that may not be available in many applications. A distribution free nonparametric quickest detection procedure is presented based on a novel distance measure, referred to as the Q-Q distance calculated from the Quantile-Quantile plot. Theoretical analysis of the distance measure and detection procedure is presented to justify the proposed algorithm and provide performance guarantees. The Q-Q distance based detection procedure presents comparable performance compared to classical parametric detection procedure and better performance than other nonparametric procedures. The proposed procedure is most effective when detecting small changes. As the technology advances, distributed sensing and detection become feasible. Existing decentralized detection approaches are largely parametric. The decentralized realization of Q-Q distance based nonparametric quickest detection scheme is further studied, where data streams are simultaneously collected from multiple channels located distributively to jointly reach a detection decision. Two implementation schemes, binary quickest detection and local decision fusion, are described. Experimental results show that the proposed method has a comparable performance to the benchmark parametric cumulative sum (CUSUM) test in binary detection. Finally the dissertation concludes with a summary of the contributions to the state of the art
Remote State Estimation with Privacy Against Active Eavesdroppers
This paper considers a cyber-physical system under an active eavesdropping
attack. A remote legitimate user estimates the state of a linear plant from the
state information received from a sensor. Transmissions from the sensor occur
via an insecure and unreliable network. An active eavesdropper may perform an
attack during system operation. The eavesdropper intercepts transmissions from
the sensor, whilst simultaneously sabotaging the data transfer from the sensor
to the remote legitimate user to harm its estimation performance. To maintain
state confidentiality, we propose an encoding scheme that is activated on the
detection of an eavesdropper. Our scheme transmits noise based on a
pseudo-random indicator, pre-arranged at the legitimate user and sensor. The
transmission of noise harms the eavesdropper's performance, more than that of
the legitimate user. Using the proposed encoding scheme, we impair the
eavesdropper's expected estimation performance, whilst minimising expected
performance degradation at the legitimate user. We explore the trade-off
between state confidentiality and legitimate user performance degradation
through selecting the probability that the sensor transmits noise. Under
certain design choices, the trace of the expected estimation error covariance
of the eavesdropper is greater than that of the legitimate user. Numerical
examples are provided to illustrate the proposed encoding scheme.Comment: 13 pages, 7 figures. arXiv admin note: text overlap with
arXiv:2211.1341
Quickest Detection of Denial-of-Service Attacks in Cognitive Wireless Networks
Abstract Many denial-of-service (DOS) attacks in wireless networks, such as jamming, will cause significant performance degradation to the network and thus need to be detected quickly. This becomes more important in a cognitive wireless network employing dynamic spectrum access (DSA), where it is easier for the attackers to launch DOS attacks. For instance, the attackers may pretend to be a licensed primary user, and carry out the primary user emulation (PUE) attacks. The attackers may also explore the spectrum themselves, and conduct smart jamming. These attacks usually happen at unknown time and are unpredictable due to the lack of prior knowledge of the attackers. It is also observed that the statistical property of the resulted paths from multipath routing will have abrupt change when the attack happens. Hence, in this paper, we formulate the detection of DOS attacks as a quickest detection problem, i.e., detect the abrupt changes in distributions of certain observables at the network layer with minimum detection delay, while maintaining a given low false alarm probability. Specifically, we propose a non-parametric version of the Pages cumulative sum (CUSUM) algorithm to minimize the detection delay so that a network manager may react to the event as soon as possible to mitigate the effect of the attacks. Simulation results using a Spectrum-Aware Split Multipath Routing with dynamic channel assignment as a baseline routing protocol demonstrate the effectiveness of the proposed approach
Novel Approach for Intrusion Detection Using Simulated Annealing Algorithm Combined with Hopfield Neural Network
With the continued increase in Internet usage, the risk of encountering online threats remains high. This study proposes a new approach for intrusion detection to produce better outcomes than similar approaches with high accuracy rates. The proposed approach uses Simulated Annealing algorithms [1] combined with Hopfield Neural network [2] for supervised learning to improve performance by increasing the correctness of true detection and reducing the error rates as a result of false detection. The proposed approach is evaluated on an intrusion detection data set called KDD99[3]. Experimental tests demonstrate the potential of the proposed approach to rapidly detect high precision and efficiency intrusion behaviors. The proposed approach offers a 99.16% accuracy rate and a 0.3% false-positive rate.Department of Information Technology
Bayesian Models Applied to Cyber Security Anomaly Detection Problems
Cyber security is an important concern for all individuals, organisations and
governments globally. Cyber attacks have become more sophisticated, frequent
and dangerous than ever, and traditional anomaly detection methods have been
proved to be less effective when dealing with these new classes of cyber
threats. In order to address this, both classical and Bayesian models offer a
valid and innovative alternative to the traditional signature-based methods,
motivating the increasing interest in statistical research that it has been
observed in recent years. In this review we provide a description of some
typical cyber security challenges, typical types of data and statistical
methods, paying special attention to Bayesian approaches for these problems
- …