虚假数据注入攻击信号的融合估计

研究了信息物理系统中假数据注入(False data injection, FDI)攻击信号的检测问题. 在分布式融合框架下, 首先将FDI攻击信号建模为信息物理系统模型中的未知输入, 从而使得攻击信号的检测问题转化为对FDI攻击信号的实时估计问题. 其次, 在每个传感器端设计基于自适应卡尔曼滤波的FDI攻击信号的局部估计器; 在融合中心端引入补偿因子, 设计分布式信息融合准则以导出攻击信号的融合估计器. 特别地, 当FDI攻击信号是时变情况时, 融合过程中补偿因子的引入可以大大提高对攻击信号的估计精度. 最后, 通过两个仿真算例验证所提算法的有效性.     

Adaptive Memory Event-Triggered Observer-Based Control for Nonlinear Multi-Agent Systems Under DoS Attacks

This paper investigates the event-triggered security consensus problem for nonlinear multi-agent systems (MASs) under denial-of-service (DoS) attacks over an undirected graph. A novel adaptive memory observer-based anti-disturbance control scheme is presented to improve the observer accuracy by adding a buffer for the system output measurements. Meanwhile, this control scheme can also provide more reasonable control signals when DoS attacks occur. To save network resources, an adaptive memory event-triggered mechanism (AMETM) is also proposed and Zeno behavior is excluded. It is worth mentioning that the AMETM’s updates do not require global information. Then, the observer and controller gains are obtained by using the linear matrix inequality (LMI) technique. Finally, simulation examples show the effectiveness of the proposed control scheme.      

一种融合行为与结构特征推理的造假群组检测算法

在线评论对用户的购物决策有重要的影响作用,这导致一些不良商家雇佣大量水军有组织、有策略地给自己刷好评,以提高销量赚取更大利润,给竞争对手刷差评来抹黑对手,以降低其销量.为了检测这种有组织的水军群组,提出一种融合行为与结构特征推理的造假群组检测算法.该算法包含2部分:第1部分用频繁项挖掘方法产生候选群组,然后使用行为指标...     

Passive Attack Detection for a Class of Stealthy Intermittent Integrity Attacks

This paper proposes a passive methodology for detecting a class of stealthy intermittent integrity attacks in cyber-physical systems subject to process disturbances and measurement noise. A stealthy intermittent integrity attack strategy is first proposed by modifying a zero-dynamics attack model. The stealthiness of the generated attacks is rigorously investigated under the condition that the adversary does not know precisely the system state values. In order to help detect such attacks, a backward-in-time detection residual is proposed based on an equivalent quantity of the system state change, due to the attack, at a time prior to the attack occurrence time. A key characteristic of this residual is that its magnitude increases every time a new attack occurs. To estimate this unknown residual, an optimal fixed-point smoother is proposed by minimizing a piece-wise linear quadratic cost function with a set of specifically designed weighting matrices. The smoother design guarantees robustness with respect to process disturbances and measurement noise, and is also able to maintain sensitivity as time progresses to intermittent integrity attack by resetting the covariance matrix based on the weighting matrices. The adaptive threshold is designed based on the estimated backward-in-time residual, and the attack detectability analysis is rigorously investigated to characterize quantitatively the class of attacks that can be detected by the proposed methodology. Finally, a simulation example is used to demonstrate the effectiveness of the developed methodology.      

一种基于状态监测的防火墙

在OpenBSD系统上开发了一种基于状态检测的防火墙,并开发了内置的检测和防范几种常见网络攻击(syn flood、端口扫描、分片攻击、icmp flood、smurf)的功能。由于大多数这种攻击总是用假冒的源地址和随机的源端口来产生攻击包,因此这种防范模型比入侵检测系统的检测-修改防火墙策略模型更为有效。     

非实时连接分布式数据库一致性维护策略

针对非实时连接的分布式数据库系统,考虑其通讯代价和安全性以及实际的需求,提出了一种将数据进行分类,利用弱事务的增量复制来更新数据库,并利用事务优先图来检测冲突的数据库一致性维护策略,它可以有效地节约带宽,减小通信代价。     

网络攻击行为分类技术的研究

文章在研究国外网络攻击行为分类技术的基础上,从安全系统和安全产品评测的目标出发,提出了适合评测需要的网络攻击行为分类体系,阐述考虑分类问题着眼点以及确定的攻击分类原则和攻击分类标准。     

Retracted: State estimation of Takagi-Sugeno fuzzy system in networked control system with stochastic time delays under unknown attacks

This article concerns the event-triggered fuzzy filter design for Takagi-Sugeno (T-S) fuzzy systems subject to deception attacks under the stochastic multiple time-varying delays. A sequence of random variables, which are mutually independent but obey the Bernoulli distribution, is introduced to account for the randomly occurring communication delays. In order to efficiently utilize limited network communication bandwidth resources, the event-triggering scheme is adopted. A fuzzy filter with the attacked input signal is presented. Moreover, due to communication delays caused by event-triggering schemes and transmission, the filter adopts non-synchronous premise variables with the system. Then, by utilizing a model transformation technique, the fuzzy systems are developed. Furthermore, using the piecewise Lyapunov functional method technique, the resulting criterion provides sufficient conditions to ensure that fuzzy systems under deception attacks are stochastically stable with an H_∞ performance. Accordingly, the conditions for the co-design of the fuzzy filter and event-triggering schemes are given. Finally, numerical simulation with the industrial process provided to verify the proposed event-triggered design.     

Detecting attacks in high-speed networks: Issues and solutions

ABSTRACT

Intrusion detection systems are one of the necessities of networks to identify the problem of network attacks. Organizations striving to protect their data from intruders are often challenged by attackers, who find new ways to attack and compromise the security of the network. The detection process becomes quite difficult while dealing with high-speed and distributed attacks that are performed using botnets. These attacks threat both the confidentiality of legitimate users and the infrastructure of the network and to protect them, early discovery of network attacks is important. In this paper, an open source Intrusion Detection System (IDS), Snort is presented as a solution to detect DoS and Port Scan network attacks in a high-speed network. A set of custom rules has been proposed for Snort to detect DoS and Port Scan attacks in high-speed network. The rules are compared and tested using different attack generators like Scapy, Hping3, LOIC and Nmap. Snort’s efficiency in detecting the DoS and Port Scan attacks using the new rules is experimentally proved to be around 99% for all the attacks except for Ping of Death. The proposed system works well for different attack generators in a high-speed network.     

Towards Securing Machine Learning Models Against Membership Inference Attacks

From fraud detection to speech recognition, including price prediction, Machine Learning (ML) applications are manifold and can significantly improve different areas. Nevertheless, machine learning models are vulnerable and are exposed to different security and privacy attacks. Hence, these issues should be addressed while using ML models to preserve the security and privacy of the data used. There is a need to secure ML models, especially in the training phase to preserve the privacy of the training datasets and to minimise the information leakage. In this paper, we present an overview of ML threats and vulnerabilities, and we highlight current progress in the research works proposing defence techniques against ML security and privacy attacks. The relevant background for the different attacks occurring in both the training and testing/inferring phases is introduced before presenting a detailed overview of Membership Inference Attacks (MIA) and the related countermeasures. In this paper, we introduce a countermeasure against membership inference attacks (MIA) on Conventional Neural Networks (CNN) based on dropout and L2 regularization. Through experimental analysis, we demonstrate that this defence technique can mitigate the risks of MIA attacks while ensuring an acceptable accuracy of the model. Indeed, using CNN model training on two datasets CIFAR-10 and CIFAR-100, we empirically verify the ability of our defence strategy to decrease the impact of MIA on our model and we compare results of five different classifiers. Moreover, we present a solution to achieve a trade-off between the performance of the model and the mitigation of MIA attack.