Motivated by the recent security issues in cyber-physical systems, this article studies the stabilization problem of networked control systems under denial-of-service (DoS) attacks. In particular, we ...consider to stabilize a nonlinear system with limited data rate via linearization. We employ a deterministic DoS attack model constrained in terms of attacks' frequency and duration, allowing us to cover a large class of potential attacks. To achieve asymptotic stabilization, we propose a resilient dynamic quantizer capable of not saturating even in the presence of packet losses caused by DoS attacks. A sufficient condition for stability is derived by restricting the average DoS frequency and duration. In addition, because of the locality of linearization, we explicitly investigate an estimate of the region of attraction, which may be reduced depending on the strength of DoS attacks. A simulation example is presented for the demonstration of our results.
In this paper, the resilient controller design and synthesis issues of networked control systems under denial-of-service (DoS) attacks are investigated via an adaptive event-triggered strategy. In a ...networked control system, DoS attacks have serious impacts on the security of communication, possibly causing degraded stability performance of the system. To remove threats from DoS attacks, an adaptive event-triggered communication mechanism is proposed, which also provides benefits in reducing the consumption of communication resources and relieving the pressure on network bandwidth. Since the system state information is usually not fully known, an observer-based controller is developed to stabilize the system and maintain a desired performance index despite the occurrence of stochastic attacks. Furthermore, a joint design method is proposed to obtain the controller gain, observer gain and event-triggered weight matrix. Finally, practical examples based on a four-tank system, an Internet-based three-tank system and an Internet-based test rig system are presented to illustrate the effectiveness of the proposed techniques to respond and eliminate the impact of DoS attacks.
Launched from numerous end-hosts throughout the Internet, a distributed denial-of-service (DDoS) attack can exhaust the network bandwidth or other resources of a victim, cripple its service, and make ...it unavailable to legitimate clients. Recently many learning-based approaches attempt to detect DDoS attacks, but their results are often hardly explainable to users and their models are seldom adaptable to new environments. In this paper, we propose a new learning-based DDoS detection approach. It detects DDoS attacks via an enhanced k-nearest neighbors (KNN) algorithm, which utilizes a k-dimensional (KD) tree to speed up the detection process, and classifies DDoS sources at a fine granularity according to each IP's risk level. Compared to previous DDoS detection approaches, this approach outputs explanatory information that enables network administrators to easily inspect detection results and make necessary interventions. Moreover, this approach is adaptable in that users do not need to retrain the detection model to have it fit with a new network environment. We evaluated this approach in both simulated environments and the real world, achieving more than 95.6% accuracy in detecting DDoS attacks at line speed. In addition, we carried out a human subject study on its explainability, demonstrating that the outputs can help people better understand the attack and make interventions precisely and promptly.
Network-on-chip (NoC) is widely employed by multicore system-on-chip (SoC) architectures to cater to their communication requirements. Increasing NoC complexity coupled with its widespread usage has ...made it a focal point of potential security attacks. Distributed denial-of-service (DDoS) is one such attack that is caused by malicious intellectual property (IP) cores flooding the network with unnecessary packets causing significant performance degradation through NoC congestion. In this article, we propose an efficient framework for real-time detection and localization of DDoS attacks. This article makes three important contributions. We propose a real-time and lightweight DDoS attack detection technique for NoC-based SoCs by monitoring packets to detect any violations. Once a potential attack has been flagged, our approach is also capable of localizing the malicious IPs using the latency data in the NoC routers. The applications are statically profiled during design time to determine communication patterns. These patterns are then used for real-time detection and localization of DDoS attacks. We have evaluated the effectiveness of our approach against different NoC topologies and architecture models using both real benchmarks and synthetic traffic patterns. Our experimental results demonstrate that our proposed approach is capable of real-time detection and localization of DDoS attacks originating from multiple malicious IPs in NoC-based SoCs.
Under the framework of cyber-physical systems (CPSs), this paper is concentrated on the secure synchronization control problem for complex dynamical networks subject to denial-of-service (DoS) ...attacks. The so-called pinning-nodes-based observer, which only utilizes the measurement outputs of pinning nodes, is designed to estimate all system states. Different from the existing studies where the network environment is secure, intermittent DoS attacks are considered here in the measurement (sensor-to-controller) and control (controller-to-actuator) channels. These two channels will be blocked by DoS attacks when the attacker being active. By the theories of Lyapunov and comparison, the secure synchronization scheme for the considered system under intermittent DoS attacks is given. Finally, a numerical example is exhibited to confirm the availability of the developed theoretical outcomes.
This article is concerned with the problem of stabilizing continuous-time linear time-invariant (LTI) systems subject to quantization and denial-of-service (DoS) attacks. In this context, two ...DoS-induced challenges emerge in the design of resilient encoding schemes, namely, the coupling between encoding strategies of different signals, and the synchronization between the encoder and decoder. These challenges are addressed by a novel proposed structure based on a deadbeat controller as well as a delicate transmission protocol for the input and output channels, and codesigned leveraging the controllability index. When both input and output channels are subject to DoS attacks and quantization, the proposed structure is shown able to decouple the encoding schemes for input, output, and estimated output signals. This property is further corroborated by designing encoding schemes as well as conditions ensuring exponential stability of the closed-loop system. On the other hand, when only the output channel is subject to network attack phenomena, the proposed structure can achieve exponential stabilization without acknowledgment (ACK) signals, in contrast to existing ACK-based results. Finally, a numerical example is given to demonstrate the practical merits of the proposed theoretical and practical approach.
Nowadays, the Industrial Internet of Things (IIoT) has remarkably transformed our personal lifestyles and society operations into a novel digital mode, which brings tremendous associations with all ...walks of life, such as intelligent logistics, smart grid, and smart city. Moreover, with the rapid increase of IIoT devices, a large amount of data is swapped between heterogeneous sensors and devices every moment. This trend increases the risk of eavesdropping and hijacking attacks in communication channels, so maintaining data privacy and security becomes two notable concerns at present. Recently, based on the mechanism of the Schnorr signature, a more secure and lightweight certificateless signature (CLS) protocol is popular for the resource-constrained IIoT protocol design. Nevertheless, we found most of the existing CLS schemes are susceptible to several common security weaknesses such as man-in-the-middle attacks, key generation center compromised attacks, and distributed denial of service attacks. To tackle the challenges mentioned previously, in this article, we propose a novel pairing-free certificateless scheme that utilizes the state-of-the-art blockchain technique and smart contract to construct a novel reliable and efficient CLS scheme. Then, we simulate the Type-I and Type-II adversaries to verify the trustworthiness of our scheme. Security analysis as well as performance evaluation outcomes prove that our design can hold more reliable security assurance with less computation cost (i.e., reduced by around 40.0% at most) and communication cost (i.e., reduced by around 94.7% at most) than other related schemes.
This brief is concerned with the robust stabilization issue of cyber-physical systems (CPSs) under periodic Denial-of-Service (DoS) attacks with quantized feedback sliding-mode control (SMC) based on ...event-triggered mechanism(ETM). The ETM is introduced for reducing the load of network communication, and states generated by the ETM are quantized to construct the available information of the design of sliding-mode controller. Sufficient conditions for robust stabilization of the system under periodic DoS attacks are proposed to ensure the reachability of sliding manifold. In addition, a lower bound of the quantized measurement saturation parameter is derived to guarantee the quantizer capture system states in only one step under periodic DoS attacks. After that, this brief proves that the execution time interval of the ETM has a positive lower bound and thus no Zeno behaviors occur. The effectiveness of this proposed method is finally verified by an example of a satellite control system.
This article investigates the adaptive event-triggered secure control design problem for a class of stochastic nonlinear high-order multiagent systems (MASs) subject to denial-of-service (DoS) ...attacks and actuator faults. The considered systems contain not only unknown random interference terms but also general nonlinear functions that are not required to be globally Lipschitz, in contrast to most of the existing results in the area. To solve the problem of wasted communication resources, the control signal with the relative threshold strategy is designed via the event-triggered control technique. As a class of cyber-physical systems, the securities of MASs are vulnerable to actuator faults and DoS attacks. When the system suffers from coupled DoS attacks and actuator failures, its performance will deteriorate rapidly and even the controlled system will collapse. To overcome this difficulty, a novel fault-tolerant and antiattack control method is proposed, which enables the system to achieve the security control objective even in an insecure network and physical environment. The stability analysis of the system is given by combining the adaptive backstepping recursive design process with stochastic Lyapunov stability theory. It is demonstrated that all the signals of the closed-loop systems are semiglobally uniformly ultimately bounded in probability. Finally, a simulation example is given to illustrate the effectiveness and advantages of the presented scheme.
This article is concerned with designing resilient state feedback controllers for a class of networked control systems under denial-of-service (DoS) attacks. The sensor samples system states ...periodically. The DoS attacks usually prevent those sampled signals from being transmitted through a communication network. A logic processor embedded in the controller is introduced to not only receive sampled signals but also capture information on the duration time of each DoS attack. Note that the duration time of DoS attacks is usually both lower and upper bounded. Then the closed-loop system is modeled as an aperiodic sampled-data system closely related to both lower and upper bounds of duration time of DoS attacks. By introducing a novel looped functional, which caters for the <inline-formula> <tex-math notation="LaTeX">N </tex-math></inline-formula>-order canonical Bessel-Legendre inequalities, some <inline-formula> <tex-math notation="LaTeX">N </tex-math></inline-formula>-dependent stability criteria are presented for the resultant closed-loop system. It is worth pointing out that a number of identity formulas are uncovered, which enable us to apply the notable free-weighting matrix approach to derive less conservative stability criteria. A linear-matrix-inequality-based criterion is provided to design stabilizing state-feedback controllers against DoS attacks. A satellite control system is given to demonstrate the effectiveness of the proposed method.