一种受危险理论启发的网络攻击态势评估方法

基于危险理论,提出了一种新的网络攻击态势评估方法。负责网络攻击检测的传感器部署在网络主机上,传感器中的人工免疫细胞受损或非正常死亡时发出危险信号;具有疫苗分发功能的评估中心通过接收、处理来自各传感器的危险信号并依据算法动态评估网络攻击态势。理论分析和实验结果表明该方法可行,能弥补基于自体/非自体识别机理的传统人工免疫网络态势感知技术自体集庞大、免疫耐受时间长等不足,为计算机网络与信息系统的安全测评提供了一种新途径。     

Joint attack detection and secure state estimation of cyber‐physical systems

This paper deals with secure state estimation of cyber‐physical systems subject to switching (on/off) attack signals and injection of fake packets (via either packet substitution or insertion of extra packets). The random set paradigm is adopted in order to model, via random finite sets (RFSs), the switching nature of both system attacks and the injection of fake measurements. The problem of detecting an attack on the system and jointly estimating its state, possibly in the presence of fake measurements, is then formulated and solved in the Bayesian framework for systems with and without direct feedthrough of the attack input to the output. This leads to the analytical derivation of a hybrid Bernoulli filter (HBF) that updates in real time the joint posterior density of a Bernoulli attack RFS and of the state vector. A closed‐form Gaussian mixture implementation of the proposed HBF is fully derived in the case of invertible direct feedthrough. Finally, the effectiveness of the developed tools for joint attack detection and secure state estimation is tested on two case studies concerning a benchmark system for unknown input estimation and a standard IEEE power network application.     

Adaptive state observation of linear time-varying systems with delayed measurements and unknown parameters

In this article, we address the problem of adaptive state observation of linear time-varying systems with delayed measurements and unknown parameters. Our new developments extend the results reported in our recently works. The case with known parameters has been studied by many researchers. However in this article we show that the generalized parameter estimation-based observer design provides a very simple solution for the unknown parameter case. Moreover, when this observer design technique is combined with the dynamic regressor extension and mixing estimation procedure the estimated state and parameters converge in fixed-time imposing extremely weak excitation assumptions.     

A survey on cyber attacks against nonlinear state estimation in power systems of ubiquitous cities

It is well-known that critical infrastructures would be targets for cyber attacks. In this paper, we focus on the power systems (i.e. smart grids) in ubiquitous cities, where every meter is linked to an information network through wireless networking. In a smart grid system, information from smart meters would be used to perform a state estimation in real time to maintain the stability of the system. A wrong estimation may lead to disastrous consequences (e.g. suspension of electricity supply or a big financial loss). Unfortunately, quite a number of recent results showed that attacks on this estimation process are feasible by manipulating readings of only a few meters. In this paper, we focus on nonlinear state estimation which is a more realistic model and widely employed in a real power grid environment. We category cyber attacks against nonlinear state estimation, and review the mechanisms behind. State-of-the-art security measures to detect these attacks are discussed via sensor protection. Hope that the community would be able to come up with a secure system architecture for ubiquitous cities.     

Reconstruction of measurements in state estimation strategy against deception attacks for cyber physical systems

Without the known state equation, a new state estimation strategy is designed to be against malicious attacks for cyber physical systems. Inspired by the idea of data reconstruction, the compressive sensing (CS) is applied to reconstruction of residual measurements after the detection and identification scheme based on the Markov graph of the system state, which increases the resilience of state estimation strategy against deception attacks. First, the observability analysis is introduced to decide the triggering time of the measurement reconstruction and the damage level from attacks. In particular, the dictionary learning is proposed to form the over completed dictionary by K singular value decomposition (K SVD), which is produced adaptively according to the characteristics of the measurement data. In addition, due to the irregularity of residual measurements, a sampling matrix is designed as the measurement matrix. Finally, the simulation experiments are performed on 6 bus power system. Results show that the reconstruction of measurements is completed well by the proposed reconstruction method, and the corresponding effects are better than reconstruction scheme based on the joint dictionary and the traditional Gauss or Bernoulli random matrix respectively. Especially, when only 29% available clean measurements are left, performance of the proposed strategy is still extraordinary, which reflects generality for five kinds of recovery algorithms.     

Humanoid state estimation using a moving horizon estimator

In this research, a new state estimator based on moving horizon estimation theory is suggested for the humanoid robot state estimation. So far, there are almost no studies on the moving horizon estimator (MHE)-based humanoid state estimator. Instead, a large number of humanoid state estimators based on the Kalman filter (KF) have been proposed. However, such estimators cannot guarantee optimality when the system model is nonlinear or when there is a non-Gaussian modeling error. In addition, with KF, it is difficult to incorporate inequality constraints. Since a humanoid is a complex system, its mathematical model is normally nonlinear, and is limited in its ability to characterize the system accurately. Therefore, KF-based humanoid state estimation has unavoidable limitations. To overcome these limitations, we propose a new approach to humanoid state estimation by using a MHE. It can accommodate not only nonlinear systems and constraints, but also it can partially cope with non-Gaussian modeling error. The proposed estimator framework facilitates the use of a simple model, even in the presence of a large modeling error. In addition, it can estimate the humanoid state more accurately than a KF-based estimator. The performance of the proposed approach was verified experimentally.     

网络攻击下一类非线性切换多智能体系统的安全自适应控制

针对一类控制方向未知的非线性切换多智能体系统, 本文研究了在不确定网络攻击下的安全控制问题. 网 络攻击破坏传感器真实数据, 导致系统真实信息无法获取且不能直接用于控制设计. 为此, 通过受攻击状态构建一 组新颖辅助变量来消除网络攻击造成的影响. 此外, 所研究的系统包含更一般的不确定性, 即未知控制方向, 未知常 值参数以及不确定攻击. 这些不确定性在设计过程中相互耦合. 利用Nussbaum型函数并设计自适应律补偿耦合后 的不确定性, 极大降低了系统复杂性. 通过系统性地迭代构造出共同Lyapunov函数, 提出了一套安全自适应控制方 法, 保证了受攻击系统在任意切换下达到渐近输出一致性. 最后, 数值仿真验证了该方法的有效性.     

Path selection with Nash Q‐learning for remote state estimation over multihop relay network

In this article, the security issue of remote state estimation is investigated for multihop relay networks interrupted by an attacker launching denial‐of‐service attacks. Since the presence of the relay enriches the communication topology, there might exist several paths connecting the sensor and the estimator, consisting of the corresponding channels. Thus, it is reasonable for the sensor to select the path with a lower dropout rate to enhance the system performance measured by the estimation error, due to the dropout rate changing with the channel. However, as an adversary, the objective of the jammer is to deteriorate the corresponding performance through launching attack on the communication path selectively. For addressing the problem on the behalf of both of the sensor and the jammer, we first formulate this problem as a two‐player zero‐sum stochastic game model, and then present a Nash Q‐learning algorithm to explore the equilibrium point for both players, under the assumption that both of them are rational players. Furthermore, the existence of equilibrium point for this problem is proved analytically. Moreover, a more general case of the channel attack, under which the jammer can attack any channels among this network, is considered. Finally, numerical results are presented to verify the effectiveness of the algorithm proposed and the theorem results.     

受控循环远程态制备

为了解决多方量子通信问题,首先提出一种构造十粒子纠缠态的方法,并籍此构造出一个3◢n◣+1粒子纠缠态。其次,以十粒子纠缠态为量子信道,提出一个三方受控循环远程制备协议。该协议在监察者David的控制下,Alice能为Bob远程制备一个任意单粒子态,Bob能够在Charlie处远程制备一个任意单粒子态,Charlie也能为Alice远程制备任意单粒子态。进一步,借助3◢n◣+1粒子纠缠态,将此循环协议推广到任意◢n◣方受控循环远程态制备情形。在远程态制备过程中,每个发送者充分利用各自掌握的信息和前馈策略来构造恰当的测量基,通过经典通信和局域操作,就能成功实现任意单粒子态的远程制备。     

Improved state estimator in the face of unreliable parameters

The improvement in state estimation based on independently estimated parameter values can be marginal when these parameter values are in error. A measure of uncertainty in the parameters is their error covariance, which most parameter estimation methods do not yield reliably. This work develops a new approach that obviates reliance on incorrect error covariance of the parameters. Uncertainty in the parameter values is assessed on the basis of errors in a priori predictions over a certain time horizon. This uncertainty measure is incorporated into the state estimator, modifying the state gains to account for errors in the parameter values used.     

基于以太坊状态数据库的攻击与防御方案

以太坊是第二代区块链平台的典型代表,其最大特点是能够通过智能合约来支持功能丰富的分布式应用。另外,为了提高交易验证效率,以太坊使用了本地数据库来存储账户状态,并基于区块头内的状态树根保证状态数据的完整性。但是研究工作表明,本地数据库存在被篡改的安全隐患,且攻击者可以基于被篡改的账户状态发出非法交易,从而牟取不正当利益。简要描述了这类针对本地状态数据库的安全漏洞,并分析了攻击成功的前提条件;在此基础上,与工作量证明共识机制下两种常见的安全威胁进行了对比,发现在攻击者控制相同挖矿算力的条件下,基于状态数据库的攻击带来的安全风险更高,攻击成功概率趋近于100%。为应对存在的安全威胁,提出了一套切实可行的攻击检测与防御方案,并在以太坊源码的基础上加入了二次验证与数据恢复过程。通过单机多线程的实验测试评估了所提方案的可行性与复杂度。实验结果表明：改进后的以太坊系统具备了针对状态数据库篡改的容错能力,且该方案同样适用于超级账本等其他基于本地数据库进行交易验证的区块链平台。此外,通过统计二次验证的时间和哈希计算次数,证明了所提方案带来的时间与计算开销并不显著,对现有系统的性能影响不大,具有良好的适用...     

Kinematic Control of Serial Manipulators Under False Data Injection Attack

With advanced communication technologies, cyber-physical systems such as networked industrial control systems can be monitored and controlled by a remote control center via communication networks. While lots of benefits can be achieved with such a configuration, it also brings the concern of cyber attacks to the industrial control systems, such as networked manipulators that are widely adopted in industrial automation. For such systems, a false data injection attack on a control-center-to-manipulator (CC-M) communication channel is undesirable, and has negative effects on the manufacture quality. In this paper, we propose a resilient remote kinematic control method for serial manipulators undergoing a false data injection attack by leveraging the kinematic model. Theoretical analysis shows that the proposed method can guarantee asymptotic convergence of the regulation error to zero in the presence of a type of false data injection attack. The efficacy of the proposed method is validated via simulations.      

基于网络防御知识图谱的0day攻击路径预测方法

针对0day漏洞未知性造成的攻击检测难问题,提出了一种基于知识图谱的0day攻击路径预测方法。通过从现有关于网络安全领域本体的研究成果及网络安全数据库中抽取“攻击”相关的概念及实体,构建网络防御知识图谱,将威胁、脆弱性、资产等离散的安全数据提炼为互相关联的安全知识。在此基础上,依托知识图谱整合的知识,假设并约束0day漏洞的存在性、可用性及危害性等未知属性,并将“攻击”这一概念建模为知识图谱中攻击者实体与设备实体间存在的一种关系,从而将攻击预测问题转化为知识图谱的链接预测问题。采用基于路径排序算法的知识图谱推理方法挖掘目标系统中可能发生的0day攻击,并生成0day攻击图。复用分类器输出的预测得分作为单步攻击发生概率,通过计算并比较不同攻击路径的发生概率,预测分析0day攻击路径。实验证明,所提方法能够依托知识图谱提供的知识体系,为攻击预测提供较全面的知识支持,降低预测分析对专家模型的依赖,并较好地克服0day漏洞未知性对预测分析造成的不利影响,提高了0day攻击预测的准确性,并且借助路径排序算法基于图结构这一显式特征进行推理的特点,能够对推理结果形成的原因进行有效反溯,从而一定限度上...     

一类基于状态估计的非线性系统的智能故障诊断

针对一类含有建模误差的非线性系统,研究了基于状态估计的智能故障诊断方法.首先提出一种状态估计器设计方法;然后在进行状态估计的同时用RBF神经网络来逼近系统所发生的故障.故障估计器的输入为系统的状态估计,所估计出的故障既可用作故障容错控制,也可用作报警.根据微分同胚,将含有建模误差的非线性系统变换为易于分析的规范形式,并在此基础上分析了故障诊断系统的稳定性和鲁棒性.仿真例子证明了该方法的有效性.     

以真六量子纠缠态为信道的双向受控远程态制备

研究了真六量子比特纠缠态在双向量子受控远程态制备中的一个新应用。在协议中,远程的两方在遥远的第三方控制下,能够同时地、确定地交换他们的量子态。如果没有控制者的允许,这种交换是不能成功的,而作为原始的非局域量子资源的一个真六量子比特纠缠态是预先被三方共享的。     

An adaptive unscented Kalman filter approach to secure state estimation for wireless sensor networks

Wireless sensor networks are vulnerable to false data injection attacks, which may mislead the state estimation. To solve this problem, this paper presents a chi-square test-based adaptive secure state estimation (CTASSE) algorithm for state estimation and attack detection. Taking advantage of Kalman filters, attack signal together with process noise or measurement noise are described as total white Gaussian noise with uncertain covariance matrix. The chi-square test method is used in the adaptation of the total noise covariance and attack detection. Then, a standard adaptive unscented Kalman filter (UKF) is used for the state estimation. Finally, simulation results show that the proposed CTASSE algorithm performs better than other UKFs in state estimation and is also effective in real-time attack detection.     

Adaptive variable structure state estimation for uncertain systems with persistently bounded disturbances

This paper develops an adaptive state estimator design methodology for nonlinear systems with unknown nonlinearities and persistently bounded disturbances. In the proposed estimation scheme, the boundary layer strategy in variable structure techniques is utilized to design a continuous state estimator such that the undesirable chattering phenomenon is avoided; and the adaptive bounding technique is used for online estimation of the unknown bounding parameter. The existence condition of the adaptive estimators is provided in terms of linear matrix inequality (LMI). Since the orthogonal projection of the state estimation error onto the null space of the linear measurement distribution matrix is used in the derivation process, the update law of bounding parameter estimate is represented in terms of the available measurement error. The proposed estimator can ensure that the state estimation error is uniformly ultimately bounded (UUB) with an ultimate bound. Furthermore, using the existing LMI optimization technique, a suboptimal adaptive state estimator can be obtained in the sense of minimizing an upper bound of the peak gains in the ultimate bound. Finally, a simulation example is given to illustrate the effectiveness of the proposed design method. Copyright © 2010 John Wiley & Sons, Ltd.     

数据注入攻击下ICPS的自适应事件触发弹性控制

为使工业信息物理系统(ICPS)抵御数据注入攻击, 本文研究了事件触发弹性控制策略, 采用自适应事件触发以减少通信资源, 构建攻击估计器以降低攻击对系统性能的影响. 通过H∞渐近稳定性准则推导估计器参数, 采用Lyapunov-Krasovskii函数推导事件触发、数据注入攻击、网络延迟和弹性控制器之间的定量关系. 以二自由度质量–弹簧–阻尼串联系统为被控对象, MATLAB仿真验证基于自适应事件触发的ICPS在数据注入攻击下的系统性能,结果表明所采取策略能保证系统的稳定性, 并有效减少通信资源.     

Resilient control of cyber-physical systems using adaptive super-twisting observer

In this work, the problem of online secure state estimation and attack reconstruction in the face of offensives that corrupt the sensor measurements and modify the actuator commands of cyber–physical systems is investigated for designing a resilient controller for the system. The states of cyber–physical system and its actuator attacks are estimated/reconstructed online using a novel adaptive line-by-line super-twisting observer, whereas sparse stealth attacks on unprotected sensors are reconstructed using a sparse recovery algorithm. The estimated attacks are used for attack compensation by a resilient controller. The efficacy of the proposed technique is illustrated via simulation on a real electric power system under deception actuator attack and stealth sensor attack.     

An adaptive freeway traffic state estimator

Real-data testing results of a real-time nonlinear freeway traffic state estimator are presented with a particular focus on its adaptive features. The pursued general approach to the real-time adaptive estimation of complete traffic state in freeway stretches or networks is based on stochastic nonlinear macroscopic traffic flow modeling and extended Kalman filtering. One major innovative aspect of the estimator is the real-time joint estimation of traffic flow variables (flows, mean speeds, and densities) and some important model parameters (free speed, critical density, and capacity), which leads to four significant features of the traffic state estimator: (i) avoidance of prior model calibration; (ii) automatic adaptation to changing external conditions (e.g. weather and lighting conditions, traffic composition, control measures); (iii) enabling of incident alarms; (iv) enabling of detector fault alarms. The purpose of the reported real-data testing is, first, to demonstrate feature (i) by investigating some basic properties of the estimator and, second, to explore some adaptive capabilities of the estimator that enable features (ii)-(iv). The achieved testing results are quite satisfactory and promising for further work and field applications.