LiS: Lightweight Signature Schemes for continuous message authentication in cyber-physical systems

Agency for Science, Technology and Research (A*STAR) RIE 202

A Dynamic Strategy for Cyber-Attack Detection in Large-scale Power Systems via Output Clustering

In this paper we are concerned with reliable operation of the electric power grid in presence of malicious cyber-attacks on measurement signals. We use the continuously changing operating conditions of the power systems to introduce an active defense method based on dynamic clustering. Our detection strategy uses a moving-target approach where information about the system's varying operating point is first used to form dynamic clusters of measurements based on their dynamic response to disturbances. Then, similarity checks can be performed within each cluster to detect stealthy cyber-attacks. The proposed method is effective even when the attacker has extensive knowledge of the system parameters, model and detection policy at some point in time

The Role of Malware in Reported Cyber Espionage: A Review of the Impact and Mechanism

The recent emergence of the targeted use of malware in cyber espionage versus industry requires a systematic review for better understanding of its impact and mechanism. This paper proposes a basic taxonomy to document major cyber espionage incidents, describing and comparing their impacts (geographic or political targets, origins and motivations) and their mechanisms (dropper, propagation, types of operating systems and infection rates). This taxonomy provides information on recent cyber espionage attacks that can aid in defense against cyber espionage by providing both scholars and experts a solid foundation of knowledge about the topic. The classification also provides a systematic way to document known and future attacks to facilitate research activities. Geopolitical and international relations researchers can focus on the impacts, and malware and security experts can focus on the mechanisms. We identify several dominant patterns (e.g., the prevalent use of remote access Trojan and social engineering). This article concludes that the research and professional community should collaborate to build an open data set to facilitate the geopolitical and/or technical analysis and synthesis of the role of malware in cyber espionage