This article studies the observer-based output feedback control problem for a class of cyber-physical systems with periodic denial-of-service (DoS) attacks, where the attacks coexist both in the ...measurement and control channels in the network scenario. The periodic DoS attacks are characterized by a cyclic dwell-time switching strategy, such that the resulting augmented system can be converted into a class of discrete-time cyclic dwell-time switched systems including a stable subsystem and an unstable subsystem. By means of a cyclic piecewise linear Lyapunov function approach, the exponential stability and <inline-formula><tex-math notation="LaTeX">l_2</tex-math></inline-formula>-gain analysis, and observer-based controller design are carried out for the augmented discrete-time cyclic switched system. Then, the desired observer and controller gains in piecewise linear form are determined simultaneously so as to ensure that the resulting closed-loop system is exponentially stable with a prescribed <inline-formula><tex-math notation="LaTeX">\mathcal {H}_{\infty }</tex-math></inline-formula> performance index. Finally, a practical application of unmanned ground vehicles under periodic DoS attacks is provided to verify the effectiveness of the developed control approach.
This article investigates the adaptive event-triggered secure control design problem for a class of stochastic nonlinear high-order multiagent systems (MASs) subject to denial-of-service (DoS) ...attacks and actuator faults. The considered systems contain not only unknown random interference terms but also general nonlinear functions that are not required to be globally Lipschitz, in contrast to most of the existing results in the area. To solve the problem of wasted communication resources, the control signal with the relative threshold strategy is designed via the event-triggered control technique. As a class of cyber-physical systems, the securities of MASs are vulnerable to actuator faults and DoS attacks. When the system suffers from coupled DoS attacks and actuator failures, its performance will deteriorate rapidly and even the controlled system will collapse. To overcome this difficulty, a novel fault-tolerant and antiattack control method is proposed, which enables the system to achieve the security control objective even in an insecure network and physical environment. The stability analysis of the system is given by combining the adaptive backstepping recursive design process with stochastic Lyapunov stability theory. It is demonstrated that all the signals of the closed-loop systems are semiglobally uniformly ultimately bounded in probability. Finally, a simulation example is given to illustrate the effectiveness and advantages of the presented scheme.
This paper investigates the leader-following consensus issue with event/self-triggered schemes under an unreliable network environment. First, we characterize network communication and control ...protocol update in the presence of denial-of-service (DoS) attacks. In this situation, an event-triggered communication scheme is first proposed to effectively schedule information transmission over the network possibly subject to malicious attacks. In this communication framework, synchronous and asynchronous updated strategies of control protocols are constructed to achieve leader-following consensus in the presence of DoS attacks. Moreover, to further reduce the cost induced by event detection, a self-triggered communication scheme is proposed in which the next triggering instant can be determined by computing with the most updated information. Finally, a numerical example is provided to verify the effectiveness of the proposed communication schemes and updated strategies in the unreliable network environment.
The Internet-of-Things (IoT) network is growing big owing to its utility in smart applications. An IoT network is susceptible to security breaches, in majority due to the resource-constrained nature ...of IoT. Of the various breaches, the Distributed Denial-of-Service (DDoS) attack can snip off the network service to the users in various ways, such as consumption of server's resources, saturating link bandwidth, etc. These types of DDoS breaches can turn out to be a catastrophe in critical IoT use cases. This article delves into tackling the DDoS attack triggered by malicious wireless IoT on IoT servers. Our security scheme leverages the cloud and software-defined network (SDN) paradigm to mitigate the DDoS attack on IoT servers. We have proposed a novel mechanism named learning-driven detection mitigation (LEDEM) that detects DDoS using a semisupervised machine-learning algorithm and mitigates DDoS. We tested LEDEM in the testbed and emulated topology, and compared the results with state-of-the-art solutions. We achieved an improved accuracy rate of 96.28% in detecting DDoS attack.
Distributed Denial of Service (DDoS) attacks in cloud computing environments are growing due to the essential characteristics of cloud computing. With recent advances in software-defined networking ...(SDN), SDN-based cloud brings us new chances to defeat DDoS attacks in cloud computing environments. Nevertheless, there is a contradictory relationship between SDN and DDoS attacks. On one hand, the capabilities of SDN, including software-based traffic analysis, centralized control, global view of the network, dynamic updating of forwarding rules, make it easier to detect and react to DDoS attacks. On the other hand, the security of SDN itself remains to be addressed, and potential DDoS vulnerabilities exist across SDN platforms. In this paper, we discuss the new trends and characteristics of DDoS attacks in cloud computing, and provide a comprehensive survey of defense mechanisms against DDoS attacks using SDN. In addition, we review the studies about launching DDoS attacks on SDN, as well as the methods against DDoS attacks in SDN. To the best of our knowledge, the contradictory relationship between SDN and DDoS attacks has not been well addressed in previous works. This work can help to understand how to make full use of SDN's advantages to defeat DDoS attacks in cloud computing environments and how to prevent SDN itself from becoming a victim of DDoS attacks, which are important for the smooth evolution of SDN-based cloud without the distraction of DDoS attacks.
The resilient cooperative output regulation problem for a class of uncertain nonlinear multiagent systems (MASs) under denial-of-service (DoS) attacks is addressed in this article. This is the first ...attempt to investigate the cooperative output regulation problem for nonlinear MASs under DoS attacks, and a novel distributed control scheme consisting of a resilient distributed observer and a distributed adaptive controller is proposed. Specifically, a novel resilient distributed observer in the form of an upper triangular chain of first-order low pass filters is designed to estimate the exosystem state based on a composite output observability condition. Then, a distributed adaptive controller is designed. It is shown that the resilient cooperative output regulation problem for the concerned class of uncertain nonlinear MASs can be solved by the proposed control scheme. A simulation example is finally provided to show the effectiveness of the proposed control scheme.
This paper is concerned with the observer-based event-triggered control for a continuous networked linear system subject to denial-of-service (DoS) attacks, where the attacks are launched ...periodically to block the data transmission in control channels. First, a new observer state-based resilient event-triggering scheme is developed in the presence of DoS attacks. Second, a novel event-based switched system model is established by considering the effect of the event-triggering scheme and DoS attacks simultaneously. By virtue of this new model combined with a piecewise Lyapunov-Krasovskii functional method, the sufficient conditions are derived to guarantee exponential stability of the resulting switched system. It is shown that the proposed results can establish a quantitative relationship among the launching/sleeping periods of the attacks, the event-triggering parameters, the sampling period, and the exponential decay rate. Third, criteria for designing a desired observer-based event-triggered controller are provided and expressed in terms of a set of linear matrix inequalities. Finally, an offshore structure model is presented to illustrate the efficiency of the developed control method.
In this article, we investigate the stability analysis and controller synthesis problems for a class of stochastic networked control systems under aperiodic denial-of-service (DoS) jamming attacks. ...First, an observer is constructed to estimate the unmeasurable states, and then a new adaptive event-triggered mechanism on the basis of the observer is proposed to eliminate the adverse effects of DoS attacks and schedule the transmission instants so as to realize a reduction of transmission burden in the network. Under the proposed event-driven communication scheme, an observer-based controller is designed, and a new switched system with time-varying delays is introduced. Conditions for the underlying systems to be mean-square exponentially stable with a weighted <inline-formula><tex-math notation="LaTeX">L_2</tex-math></inline-formula>-gain are established. Also, conditions to co-design the observer, the controller, and the event-triggered scheme are developed. A mass-spring-damper mechanical system is used to demonstrate the effectiveness and advantages of the new design techniques.
To handle the global output feedback sampled-data (OFSD) control problem for cyber-physical systems (CPSs) described by nonstrict-feedback large-scale nonlinear systems with denial-of-service ...attacks, a decentralized OFSD control strategy is proposed. As only the system output is measurable at sampling instants when the investigated CPS works well and all states are unmeasurable when attacks occur, a novel mode-dependent state observer and a decentralized OFSD controller are designed according to the idea of the average dwell time method. It is proven that the resulting closed-loop system is globally asymptotically stable. The developed strategy is applied to practical systems to demonstrate its effectiveness.
As the Software Define Network (SDN) adopts centralized control logic, it is vulnerable to various types of Distributed Denial of Service (DDoS) attacks. At present, almost all the research work ...focuses on high-rate DDoS attack against the SDN control layer. Moreover, most of the existing detection methods are effective for high-rate DDoS attack detection of the control layer, while a low-rate DDoS attack against the SDN data layer is highly concealed, and the detection accuracy against this kind of attack is low. In order to improve the detection accuracy of the low-rate DDoS attack against the SDN data layer, this paper studies the mechanism of such attacks, and then proposes a multi-feature DDoS attack detection method based on Factorization Machine (FM). The features extracted from the flow rules are used to detect low-rate DDoS attacks, and the detection of low-rate DDoS attacks based on FM machine learning algorithms is implemented. The experimental results show that the method can effectively detect the low-rate DDoS attack against the SDN data layer, and the detection accuracy reaches 95.80 percent. Because FM algorithm can achieve fine-grained detection for low-rate DDoS attack, which provides a reliable condition for defending against such attacks. Finally, this paper proposes a defense method based on dynamic deletion of flow rules, and carries out experimental simulation and analysis to prove the effectiveness of the defense method, and the success rate of forwarding normal packets reached 97.85 percent.
PDF