Graph-Theoretic Approach for Manufacturing Cybersecurity Risk Modeling and Assessment

Identifying, analyzing, and evaluating cybersecurity risks are essential to assess the vulnerabilities of modern manufacturing infrastructures and to devise effective decision-making strategies to secure critical manufacturing against potential cyberattacks. In response, this work proposes a graph-theoretic approach for risk modeling and assessment to address the lack of quantitative cybersecurity risk assessment frameworks for smart manufacturing systems. In doing so, first, threat attributes are represented using an attack graphical model derived from manufacturing cyberattack taxonomies. Attack taxonomies offer consistent structures to categorize threat attributes, and the graphical approach helps model their interdependence. Second, the graphs are analyzed to explore how threat events can propagate through the manufacturing value chain and identify the manufacturing assets that threat actors can access and compromise during a threat event. Third, the proposed method identifies the attack path that maximizes the likelihood of success and minimizes the attack detection probability, and then computes the associated cybersecurity risk. Finally, the proposed risk modeling and assessment framework is demonstrated via an interconnected smart manufacturing system illustrative example. Using the proposed approach, practitioners can identify critical connections and manufacturing assets requiring prioritized security controls and develop and deploy appropriate defense measures accordingly.Comment: 25 pages, 10 figure

Mitigating Insider Threat Risks in Cyber-physical Manufacturing Systems

Cyber-Physical Manufacturing System (CPMS)—a next generation manufacturing system—seamlessly integrates digital and physical domains via the internet or computer networks. It will enable drastic improvements in production flexibility, capacity, and cost-efficiency. However, enlarged connectivity and accessibility from the integration can yield unintended security concerns. The major concern arises from cyber-physical attacks, which can cause damages to the physical domain while attacks originate in the digital domain. Especially, such attacks can be performed by insiders easily but in a more critical manner: Insider Threats. Insiders can be defined as anyone who is or has been affiliated with a system. Insiders have knowledge and access authentications of the system\u27s properties, therefore, can perform more serious attacks than outsiders. Furthermore, it is hard to detect or prevent insider threats in CPMS in a timely manner, since they can easily bypass or incapacitate general defensive mechanisms of the system by exploiting their physical access, security clearance, and knowledge of the system vulnerabilities. This thesis seeks to address the above issues by developing an insider threat tolerant CPMS, enhanced by a service-oriented blockchain augmentation and conducting experiments & analysis. The aim of the research is to identify insider threat vulnerabilities and improve the security of CPMS. Blockchain\u27s unique distributed system approach is adopted to mitigate the insider threat risks in CPMS. However, the blockchain limits the system performance due to the arbitrary block generation time and block occurrence frequency. The service-oriented blockchain augmentation is providing physical and digital entities with the blockchain communication protocol through a service layer. In this way, multiple entities are integrated by the service layer, which enables the services with less arbitrary delays while retaining their strong security from the blockchain. Also, multiple independent service applications in the service layer can ensure the flexibility and productivity of the CPMS. To study the effectiveness of the blockchain augmentation against insider threats, two example models of the proposed system have been developed: Layer Image Auditing System (LIAS) and Secure Programmable Logic Controller (SPLC). Also, four case studies are designed and presented based on the two models and evaluated by an Insider Attack Scenario Assessment Framework. The framework investigates the system\u27s security vulnerabilities and practically evaluates the insider attack scenarios. The research contributes to the understanding of insider threats and blockchain implementations in CPMS by addressing key issues that have been identified in the literature. The issues are addressed by EBIS (Establish, Build, Identify, Simulation) validation process with numerical experiments and the results, which are in turn used towards mitigating insider threat risks in CPMS

Deep Learning -Powered Computational Intelligence for Cyber-Attacks Detection and Mitigation in 5G-Enabled Electric Vehicle Charging Station

An electric vehicle charging station (EVCS) infrastructure is the backbone of transportation electrification. However, the EVCS has various cyber-attack vulnerabilities in software, hardware, supply chain, and incumbent legacy technologies such as network, communication, and control. Therefore, proactively monitoring, detecting, and defending against these attacks is very important. The state-of-the-art approaches are not agile and intelligent enough to detect, mitigate, and defend against various cyber-physical attacks in the EVCS system. To overcome these limitations, this dissertation primarily designs, develops, implements, and tests the data-driven deep learning-powered computational intelligence to detect and mitigate cyber-physical attacks at the network and physical layers of 5G-enabled EVCS infrastructure. Also, the 5G slicing application to ensure the security and service level agreement (SLA) in the EVCS ecosystem has been studied. Various cyber-attacks such as distributed denial of services (DDoS), False data injection (FDI), advanced persistent threats (APT), and ransomware attacks on the network in a standalone 5G-enabled EVCS environment have been considered. Mathematical models for the mentioned cyber-attacks have been developed. The impact of cyber-attacks on the EVCS operation has been analyzed. Various deep learning-powered intrusion detection systems have been proposed to detect attacks using local electrical and network fingerprints. Furthermore, a novel detection framework has been designed and developed to deal with ransomware threats in high-speed, high-dimensional, multimodal data and assets from eccentric stakeholders of the connected automated vehicle (CAV) ecosystem. To mitigate the adverse effects of cyber-attacks on EVCS controllers, novel data-driven digital clones based on Twin Delayed Deep Deterministic Policy Gradient (TD3) Deep Reinforcement Learning (DRL) has been developed. Also, various Bruteforce, Controller clones-based methods have been devised and tested to aid the defense and mitigation of the impact of the attacks of the EVCS operation. The performance of the proposed mitigation method has been compared with that of a benchmark Deep Deterministic Policy Gradient (DDPG)-based digital clones approach. Simulation results obtained from the Python, Matlab/Simulink, and NetSim software demonstrate that the cyber-attacks are disruptive and detrimental to the operation of EVCS. The proposed detection and mitigation methods are effective and perform better than the conventional and benchmark techniques for the 5G-enabled EVCS

Hand-based multimodal identification system with secure biometric template storage

WOS:000304107200001This study proposes a biometric system for personal identification based on three biometric characteristics from the hand, namely: the palmprint, finger surfaces and hand geometry. A protection scheme is applied to the biometric template data to guarantee its revocability, security and diversity among different biometric systems. An error-correcting code (ECC), a cryptographic hash function (CHF) and a binarisation module are the core of the template protection scheme. Since the ECC and CHF operate on binary data, an additional feature binarisation step is required. This study proposes: (i) a novel identification architecture that uses hand geometry as a soft biometric to accelerate the identification process and ensure the system's scalability; and (ii) a new feature binarisation technique that guarantees that the Hamming distance between transformed binary features is proportional to the difference between their real values. The proposed system achieves promising recognition and speed performances on two publicly available hand image databases.info:eu-repo/semantics/acceptedVersio

Tie-line modelling in interconnected synchrophasor network for monitoring grid observability, cyber intrusion and reliability

The incorporation of a tie-line between two areas may be beneficial in two ways. First, the reserve capacity of the assisting area support to the assisted area, and second, the number of Phasor Measurement Unit (PMU) requirements will become smaller for complete observability of the interconnected grid. The objective function is formulated to integrate the observability and reliability analysis for the two interconnected synchrophasor networks. The effect of Zero Injection Bus (ZIB) is included in the observability constraints to reduce the number of PMUs deployed in the system. The number of optimal PMU deployments will be greater for two interconnected systems in comparison with a single area. Therefore, interconnected systems become more vulnerable to cyber risk. The paper discusses the cumulative analysis of system observability and reliability during an anomaly situation that occurs with a PMU device due to a cyber-attack. The reliability indices Interconnected System Load Interruption Probability (ISLIP) and Interconnected System Demand Not Supplied (ISDNS) are evaluated when an anomaly occurs with optimally deployed PMU in the network by including and excluding the effect of ZIB. By doing so, the most reliable location for PMU deployment can be obtained for both the area. Reliability Test System (RTS)-24 bus is used for each area to modify the test system by incorporating tie-lines between them

Robustness and Vulnerability Measures of Deep Learning Methods for Cyber Defense

NPS NRP Technical ReportNavy networks and infrastructures are under frequent cyberattack. One developing area of application of Artificial Intelligence (AI) and Machine Learning (ML) is cybersecurity. However, some weakness of machine learning, such as the lack of interpretability and the susceptibility to adversarial data, are important issues that must be studied for reliable and safe applications of AI tools. The robustness of deep learning (DL) techniques used in computer vision and language processing have been extensively studied. However, less is currently known about the vulnerabilities and robustness of DL methods suitable in cybersecurity applications. The goal of this research is to investigate mathematical concepts and quantitative measures of robustness and vulnerability to adversarial data for cybersecurity DL and to create computational algorithms capable of quantitatively evaluating the robustness and vulnerability of DL tools. The tasks of the project include literature review, an innovative study of mathematical concepts, the development of computational algorithms, the validation of the concepts and algorithms through examples. The deliverables of the project include technical reports, student thesis, and technical papers for publication. This work will enhance understanding of vulnerabilities of deep learning systems that could be incorporated in future DoN networks, and provide the US Navy with computational tools capable of measuring the robustness of the AI enabled systems.Navy Cyber Defense Operations CommandN2/N6 - Information WarfareThis research is supported by funding from the Naval Postgraduate School, Naval Research Program (PE 0605853N/2098). https://nps.edu/nrpChief of Naval Operations (CNO)Approved for public release. Distribution is unlimited.

False data injection attack detection in smart grid

Smart grid is a distributed and autonomous energy delivery infrastructure that constantly monitors the operational state of its overall network using smart techniques and state estimation. State estimation is a powerful technique that is used to determine the overall operational state of the system based on a limited set of measurements collected through metering systems. Cyber-attacks pose serious risks to a smart grid state estimation that can cause disruptions and power outages resulting in huge economical losses and are therefore a big concern to a reliable national grid operation. False data injection attacks (FDIAs), engineered on the basis of the knowledge of the network configuration, are difficult to detect using the traditional data detection mechanisms. These detection schemes have been found vulnerable and failed to detect these FDIAs. FDIAs specifically target the state data and can manipulate the state measurements in such a way that these false measurements appear real to the main control systems. This research work explores the possibility of FDIA detection using state estimation in a distributed and partitioned smart grid. In order to detect FDIAs we use measurements for residual-based testing which creates an objective function; and the probability of erroneous data is determined from this residual test. In this test, a preset threshold is determined based on the prior history of the state data. FDIA cases are simulated within a smart grid considering that the Chi-square detection state estimator fails in identifying such attacks. We compute the objective function using the standard weighted least problem and then test the objective function against the value in the Chi-square table. The gain matrix and the Jacobian matrix are computed. The state variables are computed in the form of a voltage magnitude. The state variables are computed after the inception of an attack to assess these state magnitude results. Different sizes of partitioning are used to improve the overall sensitivity of the Chi-square results. Our additional estimator is based on a Kalman estimation that consists of the state prediction and state correction steps. In the first step, it obtains the state and matrix covariance prediction, and in the second step, it calculates the Kalman gain and the state and matrix covariance update steps. The set of points is created for the state vector x at a time instant t. The initial vector and covariance matrix are based on a priori knowledge of the historical estimates. A set of sigma points is estimated by the state update function. Sigma points refer to the minimal set of sampling points that are selected and transformed using nonlinear function, and the new mean and the covariance are formed out of these transformed points. The idea behind this is that it is easier to compute a Gaussian distribution than an arbitrary nonlinear function. The filter gain, the mean and the covariance are used to estimate the next state. Our simulation results show that the combination of Kalman estimation and distributed state estimation improves the overall stability index and vulnerability assessment score of the smart grid. We built a stability index table for a smart grid based on the state estimates value after the inception of an FDIA. The vulnerability assessment score of the smart grid is based on common vulnerability scoring system (CVSS) and state estimates under the influence of an FDIA. The simulations are conducted in the MATPOWER program and different electrical bus systems such as IEEE 14, 30, 39, 118 and 300 are tested. All the contributions have been published in reputable journals and conferences.Doctor of Philosoph