A multilevel sampled‐data approach for resilient navigation and control of autonomous systems

Autonomous systems are rapidly becoming an integrated part of the modern life. Safe and secure navigation and control of these systems present significant challenges in the presence of uncertainties, physical failures, and cyber attacks. In this paper, we formulate a navigation and control problem for autonomous systems using a multilevel control structure, in which the high‐level reference commands are limited by a saturation function, whereas the low‐level controller tracks the reference by compensating for disturbances and uncertainties. For this purpose, we consider a class of nested, uncertain, multiple‐input–multiple‐output systems subject to reference command saturation, possibly with nonminimum phase zeros. A multirate output‐feedback adaptive controller is developed as the low‐level controller. The sampled‐data (SD) design of this controller facilitates the direct implementation on digital computers, where the input/output signals are available at discrete time instances with different sampling rates. In addition, stealthy zero‐dynamics attacks become detectable by considering a multirate SD formulation. Robust stability and performance of the overall closed‐loop system with command saturation and multirate adaptive control are analyzed. Simulation scenarios for navigation and control of a fixed‐wing drone under failures/attacks are provided to validate the theoretical findings.     

Quantitative Analysis of Crime Incidents in Chicago Using Data Analytics Techniques

In this paper we aim to identify certain social factors that influence, and thus can be used to predict, the occurrence of crimes. The factors under consideration for this analytic are social demographics such as age, sex, poverty, etc., train ridership, traffic density and the number of business licenses per community area in Chicago, IL. A factor will be considered pertinent if there is high correlation between it and the number of crimes of a particular type in that community area.     

Comprehensive Analysis of Secure Data Aggregation Scheme for Industrial Wireless Sensor Network

As an Industrial Wireless Sensor Network (IWSN) is usually deployed in a harsh or unattended environment, the privacy security of data aggregation is facing more and more challenges. Currently, the data aggregation protocols mainly focus on improving the efficiency of data transmitting and aggregating, alternately, the aim at enhancing the security of data. The performances of the secure data aggregation protocols are the trade-off of several metrics, which involves the transmission/fusion, the energy efficiency and the security in Wireless Sensor Network (WSN). Unfortunately, there is no paper in systematic analysis about the performance of the secure data aggregation protocols whether in IWSN or in WSN. In consideration of IWSN, we firstly review the security requirements and techniques in WSN data aggregation in this paper. Then, we give a holistic overview of the classical secure data aggregation protocols, which are divided into three categories: hop-by-hop encrypted data aggregation, end-to-end encrypted data aggregation and unencrypted secure data aggregation. Along this way, combining with the characteristics of industrial applications, we analyze the pros and cons of the existing security schemes in each category qualitatively, and realize that the security and the energy efficiency are suitable for IWSN. Finally, we make the conclusion about the techniques and approach in these categories, and highlight the future research directions of privacy preserving data aggregation in IWSN.     

电力信息物理系统网络攻击与防御研究综述(一)建模与评估

在电网转变为电力信息物理系统(电力CPS)的过程中,信息侧和物理侧体现出明显的相互依赖性,信息侧作为通信、计算、控制的支撑性组成部分,在电力CPS安全可靠运行中具有重要的地位。而针对电力CPS的恶意网络攻击行为在近年来不断发生,引发关注,大量针对电力CPS的网络攻击研究取得了一些成果。针对当前的电力CPS网络攻击研究,从攻击建模和电力CPS安全性评估方面进行了归纳和整理,对已有方法进行分析,明确了研究课题的问题本质。随后结合电力CPS的特点和发展趋势,指出当前研究的不足,提出需要关注的问题和可能的解决方法,以完善电力CPS恶意网络攻击研究。     

Industrial wireless sensor and actuator networks in industry 4.0: Exploring requirements,protocols, and challenges—A MAC survey

The vision to connect everyday physical objects to the Internet promises to create the Internet of Things (IoT), which is expected to integrate the diverse technologies such as sensors, actuators, radio frequency identification, communication technologies, and Internet protocols. Thus, IoT promises to transfer traditional industry to advance digital industry known as the Industry 4.0. At the core of the Industry 4.0 are the wireless sensor networks (WSNs) and wireless sensor and actuator networks (WSANs) that led to the development of industrial wireless sensor networks (IWSNs) and industrial wireless sensor and actuator networks (IWSANs). These networks play a central role of connecting machines, parts, products, and humans and create a diverse set of new applications to support intelligent and autonomous decision making. The IWSAN is a promising technology for numerous industrial applications because of their several potential benefits such as simple deployment, low cost, less complexity, and mobility support. However, despite such benefits, they impose several unique challenges at different layers of the protocol stack when deploying them for various monitoring and control applications in the Industry 4.0. In this article, we explore IWSAN, its applications, requirements, challenges, and solutions in the context of industrial control applications. Our main focus is on the medium access control (MAC) layer that can be exploited to satisfy such requirements. Our discussion presents extensive background study of the MAC schemes and it reviews the MAC protocols of the existing wireless standards and technologies. A number of application‐specific MAC protocols developed to support industrial applications, which are not part of these standards, are also elaborated. We rationalize to what extent the existing standards and protocols help in solving such requirements as laid down by the Industry 4.0. In the end, we emphasize on existing challenges and present important future directions.     

Honeypot game‐theoretical model for defending against APT attacks with limited resources in cyber‐physical systems

A cyber‐physical system (CPS) is a new mechanism controlled or monitored by computer algorithms that intertwine physical and software components. Advanced persistent threats (APTs) represent stealthy, powerful, and well‐funded attacks against CPSs; they integrate physical processes and have recently become an active research area. Existing offensive and defensive processes for APTs in CPSs are usually modeled by incomplete information game theory. However, honeypots, which are effective security vulnerability defense mechanisms, have not been widely adopted or modeled for defense against APT attacks in CPSs. In this study, a honeypot game‐theoretical model considering both low‐ and high‐interaction modes is used to investigate the offensive and defensive interactions, so that defensive strategies against APTs can be optimized. In this model, human analysis and honeypot allocation costs are introduced as limited resources. We prove the existence of Bayesian Nash equilibrium strategies and obtain the optimal defensive strategy under limited resources. Finally, numerical simulations demonstrate that the proposed method is effective in obtaining the optimal defensive effect.     

Learning automata–based multilevel medium access control in cyber physical system–based smart wireless networks

The performance of cyber physical system–based smart wireless networks depends on effective channel access by reducing the blocking, the dropping probability, and collisions. The aim of this proposed algorithm is to reduce the collisions in cyber physical system–based smart wireless networks. In this paper, multilevel medium access control in cyber physical system–based smart wireless networks is proposed. The optimal number of levels of gateways is determined using the concept of learning automata. Priority and time limit are assigned to every packet that is being transmitted. The proposed algorithm is evaluated and compared with two‐level medium access control in cyber physical system–based smart wireless networks, which is referred as priority with counter modified backoff (PCMB). The parameters used for evaluating the performance are throughput, delay, % of collisions, and number of packets dropped. The results project that the proposed algorithm accomplishes improved performance than PCMB.     

基于软件定义网络的实验室防火墙架构设计

针对高校网络实验室安全性较弱的问题,提出了一种基于软件定义网络的防火墙系统建设方案。该防火墙系统采用高性能软硬件系统和相结合的设计思路,以信息处理过程与数据交互过程中的安全防护为研究对象,在高校教师团队与专业技术公司的协同合作下,打造提升校园网络安全性,同时具备教学与科研功能的防火墙系统创新实验平台。在该平台上进行了实验,实验结果表明,开发的防火墙不仅可以抑制因控制器系统的引入而导致的网络攻击,而且能够成功地监控所有网络连接。     

网络空间安全人才培养探讨

网络空间的竞争,归根结底是人才的竞争。当前,世界各国高度重视网络空间安全人才的培养。基于此,首先介绍了网络空间安全人才培养的现状;然后分析了网络空间安全人才的需求特点,并提出了网络空间安全人才培养的若干建议措施;最后给出了暨南大学在网络空间安全人才培养方面的一些探索。     

Multilayer Self-Defense System to Protect Enterprise Cloud

A data breach can seriously impact organizational intellectual property, resources, time, and product value. The risk of system intrusion is augmented by the intrinsic openness of commonly utilized technologies like TCP/IP protocols. As TCP relies on IP addresses, an attacker may easily trace the IP address of the organization. Given that many organizations run the risk of data breach and cyber-attacks at a certain point, a repeatable and well-developed incident response framework is critical to shield them. Enterprise cloud possesses the challenges of security, lack of transparency, trust and loss of controls. Technology eases quickens the processing of information but holds numerous risks including hacking and confidentiality problems. The risk increases when the organization outsources the cloud storage services through the vendor and suffers from security breaches and need to create security systems to prevent data networks from being compromised. The business model also leads to insecurity issues which derail its popularity. An attack mitigation system is the best solution to protect online services from emerging cyber-attacks. This research focuses on cloud computing security, cyber threats, machine learning-based attack detection, and mitigation system. The proposed SDN-based multilayer machine learning-based self-defense system effectively detects and mitigates the cyber-attack and protects cloud-based enterprise solutions. The results show the accuracy of the proposed machine learning techniques and the effectiveness of attack detection and the mitigation system.