An adaptive unscented Kalman filter approach to secure state estimation for wireless sensor networks

Wireless sensor networks are vulnerable to false data injection attacks, which may mislead the state estimation. To solve this problem, this paper presents a chi-square test-based adaptive secure state estimation (CTASSE) algorithm for state estimation and attack detection. Taking advantage of Kalman filters, attack signal together with process noise or measurement noise are described as total white Gaussian noise with uncertain covariance matrix. The chi-square test method is used in the adaptation of the total noise covariance and attack detection. Then, a standard adaptive unscented Kalman filter (UKF) is used for the state estimation. Finally, simulation results show that the proposed CTASSE algorithm performs better than other UKFs in state estimation and is also effective in real-time attack detection.     

一种支持分级用户访问的文件分层CP-ABE方案

文件分层的密文策略基于属性的加密（FH-CP-ABE）方案实现了同一访问策略的多层次文件加密,节省了加解密的计算开销和密文的存储开销.然而,目前的文件分层CP-ABE方案不支持分级用户访问,且存在越权访问的问题.为此,提出一种支持分级用户访问的文件分层CP-ABE方案.在所提方案中,通过构造分级用户访问树,并重新构造密文子项以支持分级用户的访问需求,同时消除用户进行越权访问的可能性.安全性分析表明,所提方案能够抵御选择明文攻击.理论分析和实验分析均表明,与相关方案相比,所提方案在计算和存储方面具有更高的效率.     

基于高维纠缠态的量子密钥分发协议

为了提高量子密钥分发的效率和安全性,利用高维Hilbert空间中的Bell态和Hadamard门设计了一种量子密钥分发协议。首先通过量子态的动态演变验证了三维Bell纠缠态在Z基和X基下具有不同的表示特性,然后以此为基础进行协议设计,其中利用Z基测量来检测窃听,利用X基测量来产生密钥。安全性分析表明,该协议可以抵抗截获重发、纠缠附加粒子和特洛伊木马三种常见的攻击。最后将协议与其他方案进行了比较,该协议在保证量子比特效率50%的基础上,安全性也有所提升。     

区块链资产窃取攻击与防御技术综述

自中本聪提出比特币以来,区块链技术得到了跨越式发展,特别是在数字资产转移及电子货币支付方面。以太坊引入智能合约代码,使其具备了同步及保存智能合约程序执行状态,自动执行交易条件并消除对中介机构需求,Web3.0 开发者可利用以太坊提供的通用可编程区块链平台构建更加强大的去中心化应用。公链系统具备的特点,如无须中央节点控制、通过智能合约保障交互数据公开透明、用户数据由用户个人控制等,使得它在区块链技术发展的过程中吸引了更多的用户关注。然而,随着区块链技术的普及和应用,越来越多的用户将自己的数字资产存储在区块链上。由于缺少权威机构的监管及治理,以太坊等公链系统正逐步成为黑客窃取数字资产的媒介。黑客利用区块链实施诈骗及钓鱼攻击,盗取用户所持有的数字资产来获取利益。帮助读者建立区块链资产安全的概念,从源头防范利用区块链实施的资产窃取攻击。通过整理总结黑客利用区块链环境实施的资产窃取攻击方案,抽象并归纳威胁模型的研究方法,有效研究了各类攻击的特征及实施场景。通过深入分析典型攻击方法,比较不同攻击的优缺点,回答了攻击能够成功实施的根本原因。在防御技术方面,针对性结合攻击案例及攻击实施场景介绍了钓鱼检测、代币授权检测、代币锁定、去中心化代币所属权仲裁、智能合约漏洞检测、资产隔离、供应链攻击检测、签名数据合法性检测等防御方案。对于每一类防御方案,给出其实施的基本流程及方案,明确了各防护方案能够在哪类攻击场景下为用户资产安全提供防护。     

物理域中针对人脸识别系统的对抗样本攻击方法

对抗样本攻击揭示了人脸识别系统可能存在不安全性和被攻击的方式。现有针对人脸识别系统的对抗样本攻击大多在数字域进行,然而从最近文献检索的结果来看,越来越多的研究开始关注如何能把带有对抗扰动的实物添加到人脸及其周边区域上,如眼镜、贴纸、帽子等,以实现物理域的对抗攻击。这类新型的对抗样本攻击能够轻易突破市面上现有绝大部分人脸活体检测方法的拦截,直接影响人脸识别系统的结果。尽管已有不少文献提出数字域的对抗攻击方法,但在物理域中复现对抗样本的生成并不容易且成本高昂。本文提出一种可从数字域方便地推广到物理域的对抗样本生成方法,通过在原始人脸样本中添加特定形状的对抗扰动来攻击人脸识别系统,达到误导或扮演攻击的目的。主要贡献包括:利用人脸关键点根据脸型构建特定形状掩膜来生成对抗扰动;设计对抗损失函数,通过训练生成器实现在数字域的对抗样本生成;设计打印分数损失函数,减小打印色差,在物理域复现对抗样本的生成,并通过模拟眼镜佩戴、真实场景光照变化等方式增强样本,改善质量。实验结果表明,所生成的对抗样本不仅能在数字域以高成功率攻破典型人脸识别系统VGGFace10,且可方便、大量地在物理域复现。本文方法揭示了人脸识别系统的潜在安全风险,为设计人脸识别系统的防御体系提供了很好的帮助。     

计算机视觉对抗攻击与防御方法分析

大量的研究表明,由深度学习构成的计算机视觉模型容易遭受对抗样本的攻击。攻击者通过在样本中加入一些细微的扰动,可使深度学习模型出现判断错误,从而引发严重后果。本文主要总结了计算机视觉中对抗攻击手段与主动防御措施,分类与比较了一些典型方法。最后,结合对抗样本生成和防御技术发展的现状,提出了该领域的挑战和展望。     

Reliable control strategy based on sliding mode observer against FDI attacks in smart grid

This paper is concerned with the reliable operation of cyber-physical systems under false data injection attacks. First of all, a robust adaptive sliding mode observer is designed to estimate the state of the power system; different from the traditional sliding mode observer, the observer we designed is not only robust to state errors but also can automatically adjust the parameter of attack identification. Secondly, a method of attack reconstruction has been given to estimate the actual attack signal. Finally, a reliable sliding mode control strategy is proposed to eliminate the impact of false data injection attacks; compared with the existing results, the designed defense strategy utilizes the reconstructed attack signal in the attack identification scheme and state error signal at the same time. Moreover, a power system with 3 generator buses and 6 load buses is taken as an simulation example to verify the availability of the proposed control strategy.     

Kernel-based adversarial attacks and defenses on support vector classification

While malicious samples are widely found in many application fields of machine learning, suitable countermeasures have been investigated in the field of adversarial machine learning. Due to the importance and popularity of Support Vector Machines (SVMs), we first describe the evasion attack against SVM classification and then propose a defense strategy in this paper. The evasion attack utilizes the classification surface of SVM to iteratively find the minimal perturbations that mislead the nonlinear classifier. Specially, we propose what is called a vulnerability function to measure the vulnerability of the SVM classifiers. Utilizing this vulnerability function, we put forward an effective defense strategy based on the kernel optimization of SVMs with Gaussian kernel against the evasion attack. Our defense method is verified to be very effective on the benchmark datasets, and the SVM classifier becomes more robust after using our kernel optimization scheme.     

考虑虚假数据注入攻击的有源配电网分布式状态估计

状态估计作为保障电网监测数据质量的关键一环,为能量管理系统提供可靠的数据基础。考虑到有源配电网量测误差大、易遭受网络攻击等问题,本文研究计及虚假数据注入攻击的有源配电网分布式状态估计方法。首先,各子区域根据自身量测进行状态估计,并利用平均一致性算法获取全局信息对内部状态量进行修正,实现完全分布式状态估计;其次,在子区域状态估计中引入权函数动态修正目标极值函数的权重矩阵,增强状态估计的抗差性能;然后,在边界节点和易受到虚假数据注入攻击的节点配置同步相量测量单元,提高辨识虚假数据攻击的能力;最后,利用IEEE 118节点配电网系统进行算例仿真验证。试验结果表明,本文所提出的状态估计方法不仅可以有效减小估计误差,还能准确辨识虚假数据注入攻击,提高了状态估计的精度和虚假数据注入攻击的辨识能力。     

Central Aggregator Intrusion Detection System for Denial of Service Attacks

Vehicle-to-grid technology is an emerging field that allows unused power from Electric Vehicles (EVs) to be used by the smart grid through the central aggregator. Since the central aggregator is connected to the smart grid through a wireless network, it is prone to cyber-attacks that can be detected and mitigated using an intrusion detection system. However, existing intrusion detection systems cannot be used in the vehicle-to-grid network because of the special requirements and characteristics of the vehicle-to-grid network. In this paper, the effect of denial-of-service attacks of malicious electric vehicles on the central aggregator of the vehicle-to-grid network is investigated and an intrusion detection system for the vehicle-to-grid network is proposed. The proposed system, central aggregator–intrusion detection system (CA-IDS), works as a security gateway for EVs to analyze and monitor incoming traffic for possible DoS attacks. EVs are registered with a Central Aggregator (CAG) to exchange authenticated messages, and malicious EVs are added to a blacklist for violating a set of predefined policies to limit their interaction with the CAG. A denial of service (DoS) attack is simulated at CAG in a vehicle-to-grid (V2G) network manipulating various network parameters such as transmission overhead, receiving capacity of destination, average packet size, and channel availability. The proposed system is compared with existing intrusion detection systems using different parameters such as throughput, jitter, and accuracy. The analysis shows that the proposed system has a higher throughput, lower jitter, and higher accuracy as compared to the existing schemes.