DETECTION AND IDENTIFICATION OF CYBERATTACKS IN CPS BY ‎APPLYING MACHINE LEARNING ALGORITHMS

بشكل عام ، تتكون الأنظمة السيبرانية الفيزيائية (المعروفة أيضًا باسم CPS) من مكونات متصلة بالشبكة تتيح الوصول عن بُعد والمراقبة والفحص. ونظرًا لأنه تم دمج هذه الانظمة في شبكة غير آمنة، قد تتعرض لهجمات إلكترونية متعددة. وفي حالة حدوث خرق لأمن الإنترنت، سيتمكن المخترق من إتلاف النظام ، مما قد يكون له آثار مدمرة. وبالتالي، من المهم للغاية الحفاظ على مصداقية الأنظمة السيبرانية الفيزيائية CPS. لقد أصبح من الصعب بشكل متزايد تحديد الاعتداءات على أنظمة (CPSs) حيث أصبحت هذه الأنظمة أكثر هدفًا للمتسللين والتهديدات الإلكترونية. من الممكن أن يجعل التعلم الآلي (ML) والذكاء الاصطناعي (AI) أيضًا الوضع أكثر أماناً,ويمكن أن تلعب التكنولوجيا القائمة على الذكاء الاصطناعي (AI) دورًا في نمو ونجاح مجموعة واسعة من أنواع المؤسسات المختلفة وبعدة طرق مختلفة. الهدف من هذا البحث وهذا النوع من تحليل البيانات هو تجنب اعتداءات CPS باستخدام تقنيات التعلم الآلي والذكاء الاصطناعي. تم تقديم إطارًا جديدًا لاكتشاف الهجمات الإلكترونية، والذي يستفيد من التعلم الآلي والذكاء الاصطناعي (ML). تبدأعملية تنظيف البيانات في قاعدة بيانات CPS بإجراء التطبيع للتخلص من الأخطاء والتكرارات ويتم ذلك بحيث تكون البيانات متسقة طوال الوقت. التحليل التمييزي الخطي هو الطريقة المستخدمة للحصول على الميزات ، وتعرف باسم (LDA). كآلية لتحديد الهجمات الإلكترونية، كانت العملية المستخدمة المقترحة هي عملية SFL-HMM بالتزامن مع إجراء HMS-ACO. تم تقييم الإستراتيجية الجديدة باستخدام محاكاة MATLAB، ومقارنة المقاييس التي تم الحصول عليها من تلك المحاكاة بالمقاييس الواردة من الطرق السابقة. لقد ثبت أن إطار عمل البحث أكثر فعالية بشكل كبير من التقنيات التقليدية في الحفاظ على درجات عالية من الخصوصية، كما قد اتضح من نتائج عدد من التحقيقات المنفصلة. بالإضافة إلى ذلك، من حيث معدل الاكتشاف، والمعدل الإيجابي الخاطئ، ووقت الحساب، على التوالي ، تتفوق الطريقة المقترحة في البحث على طرق الكشف التقليدية.In general, cyber-physical systems (also known as CPS) consist of networked components that allow for remote access, monitoring, and examination. Because they were integrated into an unsecured network, they have been the target of multiple cyberattacks. In the event that there was a breach in internet security, an adversary would be able to damage the system, which may have devastating effects. Thus, it is extremely important to maintain the credibility of the CPS. It is becoming increasingly difficult to identify assaults on computerised policing systems (CPSs) as these systems become more of a target for hackers and cyberthreats. It is feasible that Machine Learning (ML) as well as Artificial Intelligence (AI), may also make it the finest of times. Both of these outcomes are plausible. Technology based on artificial intelligence (AI) can play a role in the growth and success of a wide range of different types of enterprises in a variety of different ways. The goal of this type of data analysis is to avoid CPS assaults using machine learning and artificial intelligence techniques.   A new framework was offered for the detection of cyberattacks, which makes use of machine learning and artificial intelligence (ML). the process of cleaning up the data in the CPS database is starting by performing normalisation in order to get rid of errors and duplicates. This is done so that the data is consistent throughout. Linear Discriminant Analysis is the method that is used to get the features, and it is known as that (LDA). As a mechanism for the identification of cyberattacks, The suggested used process was the SFL-HMM process in conjunction with the HMS-ACO procedure. The new strategy is evaluated using a MATLAB simulation, and the metrics obtained from that simulation are compared to the metrics received from the earlier methods. The framework is shown to be substantially more effective than traditional techniques in the upkeep of high degrees of privacy, as demonstrated by the outcomes of a number of separate investigations. In addition, in terms of detection rate, false positive rate, and computation time, respectively, the framework beats traditional detection methods

Transpacific Testbed for Real-Time Experimentation

The transpacific testbed is a generic routing encapsulation (GRE) tunnel built between CUNY City College (CCNY), USA and Kyushu Institute of Technology (KYUTECH), Japan. The tunnel, built through internet2, originated from CCNY through the JGN network in Seattle and terminated at Kyutech in Japan. The testbed defines the future of the Internet by focusing on addressing research challenges associated with enabling trustworthy networks, supporting the Internet of Things (IoT), which encompasses everything connected to the Internet and cyber-physical systems (CPS) - a controlled mechanism monitored by computer-based algorithms. In this paper, we describe the setting up and testing of the testbed. Furthermore, we describe the real-time experiments conducted on the testbed and present the results. The experiments are classified into two: blockchain-based cooperative intrusion detection system (CoIDS) and Secure Virtual Machine introspection. In each of the experiments, we describe the method and present the results. Finally, we look into the ongoing works of extending the testbed to the COSMIC global testbed.2021 IEEE 4th 5G World Forum (5GWF 2021), 13-15, October, 2021, Virtual Conferenc

Using machine learning algorithm for detection of cyber-attacks in cyber physical systems

Network integration is common in cyber-physical systems (CPS) to allow for remote access, surveillance, and analysis. They have been exposed to cyberattacks because of their integration with an insecure network. In the event of a violation in internet security, an attacker was able to interfere with the system's functions, which might result in catastrophic consequences. As a result, detecting breaches into mission-critical CPS is a top priority. Detecting assaults on CPSs, which are increasingly being targeted by cyber criminals and cyber threats, is becoming increasingly difficult. Machine Learning (ML) and Artificial Intelligence (AI) have the potential to make these the worst of moments, but it may also be the finest of times. There are a variety of ways in which AI technology can aid in the growth and profitability of a variety of industries. Such data can be parsed using ML and AI approaches in designed to check attacks on CPSs. Hence, in this paper, we propose a novel cyberattack detection framework by integrating AI and ML (ML) methods. Here, initially we collect the dataset from the CPS database and preprocess the data using normalization for removal of errors and redundant data. The features are extracted using Linear Discriminant Analysis (LDA). We have proposed Self-tuned Fuzzy Logic-based Hidden Markov Model (SFL-HMM) with Heuristic Multi-Swarm Optimization (HMS-ACO) algorithm for detection of the cyberattacks. The proposed method is evaluated using the MATLAB simulation tool and the metrics are compared with existing approaches. The results of the experiments reveal that the framework is more successful than traditional strategies in achieving high degrees of privacy. Furthermore, in terms of detection rate, false positive rate, and computing time, the framework beats traditional detection algorithms

Blockchain-based Architecture for Secured Cyberattack Signatures and Features Distribution

One effective way of detecting malicious traffic in computer networks is intrusion detection systems (IDS). Despite the increased accuracy of IDSs, distributed or coordinated attacks can still go undetected because of the single vantage point of the IDSs. Due to this reason, there is a need for attack characteristics\u27 exchange among different IDS nodes. Another reason for IDS coordination is that a zero-day attack (an attack without a known signature) experienced in organizations located in different regions is not the same. Collaborative efforts of the participating IDS nodes can stop more attack threats if IDS nodes exchange these attack characteristics among each other. Researchers proposed a cooperative intrusion detection system (CoIDS) to share these attack characteristics effectively. Although this solution enhanced IDS node’s ability to respond to attacks previously identified by cooperating IDSs, malicious activities such as fake data injection, data manipulation or deletion, data integrity, and consistency are problems threatening this approach. In this dissertation, we develop a blockchain-based solution that ensures the integrity and consistency of attack characteristics shared in a cooperative intrusion detection system. The developed architecture achieves this result by continuously monitoring blockchain nodes\u27 behavior to detect and prevent malicious activities from both outsider and insider threats. Apart from this, the architecture facilitates scalable attack characteristics’ exchange among IDS nodes and ensures heterogeneous IDS participation. It is also robust to public IDS nodes joining and leaving the network. The security analysis result shows that the architecture can detect and prevent malicious activities from both outsider and insider attackers, while performance analysis shows scalability with low latency