Pub Date : 2025-07-01Epub Date: 2025-03-24DOI: 10.1016/j.ijcip.2025.100758
N. Simon Kwong , Kishor S. Jaiswal
The security and economic stability of the United States rely heavily on robust lifeline infrastructure systems and yet the risks to such systems are seldom quantified at the national scale. For example, while earthquake risks to buildings in the United States have been investigated at the national scale regularly, such risks to gas pipelines have rarely been investigated nationally. In this paper, we use examples from two critical infrastructure sectors to demonstrate (1) the nature of earthquake risks to lifeline infrastructure systems, (2) complexities involved in regional seismic risk assessments, and (3) how such risks change with time. We found that bridge risks can be underestimated by at least 64 % when viewed from repair costs instead of traffic demands and that regional risks can be underestimated by 19 % when spatial correlations of ground motion are ignored. Further, exceedance of traffic demand can be 50 times more likely to occur when viewed at the regional scale than when viewed at an individual bridge. Similarly, exceedance of repairs can be 180 times more likely to occur when viewed at the pipeline network level than at a segment-specific level. Finally, sensitivity analyses with the 2018 and 2023 USGS National Seismic Hazard Models indicate an increase in bridge risk of at least 24 % and an increase in exposed gas pipeline mileage of 43 %. The evolution of risks, complexities involved in assessments, and limited resources jointly underscore the need for more routine updates to nationwide seismic risk assessments of lifeline systems in the United States.
{"title":"Assessing earthquake risks to lifeline infrastructure systems in the United States","authors":"N. Simon Kwong , Kishor S. Jaiswal","doi":"10.1016/j.ijcip.2025.100758","DOIUrl":"10.1016/j.ijcip.2025.100758","url":null,"abstract":"<div><div>The security and economic stability of the United States rely heavily on robust lifeline infrastructure systems and yet the risks to such systems are seldom quantified at the national scale. For example, while earthquake risks to buildings in the United States have been investigated at the national scale regularly, such risks to gas pipelines have rarely been investigated nationally. In this paper, we use examples from two critical infrastructure sectors to demonstrate (1) the nature of earthquake risks to lifeline infrastructure systems, (2) complexities involved in regional seismic risk assessments, and (3) how such risks change with time. We found that bridge risks can be underestimated by at least 64 % when viewed from repair costs instead of traffic demands and that regional risks can be underestimated by 19 % when spatial correlations of ground motion are ignored. Further, exceedance of traffic demand can be 50 times more likely to occur when viewed at the regional scale than when viewed at an individual bridge. Similarly, exceedance of repairs can be 180 times more likely to occur when viewed at the pipeline network level than at a segment-specific level. Finally, sensitivity analyses with the 2018 and 2023 USGS National Seismic Hazard Models indicate an increase in bridge risk of at least 24 % and an increase in exposed gas pipeline mileage of 43 %. The evolution of risks, complexities involved in assessments, and limited resources jointly underscore the need for more routine updates to nationwide seismic risk assessments of lifeline systems in the United States.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"49 ","pages":"Article 100758"},"PeriodicalIF":4.1,"publicationDate":"2025-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143738890","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-03-01Epub Date: 2024-12-05DOI: 10.1016/j.ijcip.2024.100727
Ömer Sen , Bozhidar Ivanov , Christian Kloos , Christoph Zöll , Philipp Lutat , Martin Henze , Andreas Ulbig , Michael Andres
The power grid is a vital infrastructure in modern society, essential for ensuring public safety and welfare. As it increasingly relies on digital technologies for its operation, it becomes more vulnerable to sophisticated cyber threats. These threats, if successful, could disrupt the grid’s functionality, leading to severe consequences. To mitigate these risks, it is crucial to develop effective protective measures, such as intrusion detection systems and decision support systems, that can detect and respond to cyber attacks. Machine learning methods have shown great promise in this area, but their effectiveness is often limited by the scarcity of high-quality data, primarily due to confidentiality and access issues.
In response to this challenge, our work introduces an advanced simulation environment that replicates the power grid’s infrastructure and communication behavior. This environment enables the simulation of complex, multi-stage cyber attacks and defensive mechanisms, using attack trees to map the attacker’s steps and a game-theoretic approach to model the defender’s response strategies. The primary goal of this simulation framework is to generate a diverse range of realistic attack data that can be used to train machine learning algorithms for detecting and mitigating cyber attacks. Additionally, the environment supports the evaluation of new security technologies, including advanced decision support systems, by providing a controlled and flexible testing platform.
Our simulation environment is designed to be modular and scalable, supporting the integration of new use cases and attack scenarios without relying heavily on external components. It enables the entire process of scenario generation, data modeling, data point mapping, and power flow simulation, along with the depiction of communication traffic, in a coherent process chain. This ensures that all relevant data needed for cyber security investigations, including the interactions between attacker and defender, are captured under consistent conditions and constraints.
The simulation environment also includes a detailed modeling of communication protocols and grid operation management, providing insights into how attacks propagate through the network. The generated data are validated through laboratory tests, ensuring that the simulation reflects real-world conditions. These datasets are used to train machine learning models for intrusion detection and evaluate their performance, specifically focusing on how well they can detect complex attack patterns in power grid operations.
{"title":"Simulation of multi-stage attack and defense mechanisms in smart grids","authors":"Ömer Sen , Bozhidar Ivanov , Christian Kloos , Christoph Zöll , Philipp Lutat , Martin Henze , Andreas Ulbig , Michael Andres","doi":"10.1016/j.ijcip.2024.100727","DOIUrl":"10.1016/j.ijcip.2024.100727","url":null,"abstract":"<div><div>The power grid is a vital infrastructure in modern society, essential for ensuring public safety and welfare. As it increasingly relies on digital technologies for its operation, it becomes more vulnerable to sophisticated cyber threats. These threats, if successful, could disrupt the grid’s functionality, leading to severe consequences. To mitigate these risks, it is crucial to develop effective protective measures, such as intrusion detection systems and decision support systems, that can detect and respond to cyber attacks. Machine learning methods have shown great promise in this area, but their effectiveness is often limited by the scarcity of high-quality data, primarily due to confidentiality and access issues.</div><div>In response to this challenge, our work introduces an advanced simulation environment that replicates the power grid’s infrastructure and communication behavior. This environment enables the simulation of complex, multi-stage cyber attacks and defensive mechanisms, using attack trees to map the attacker’s steps and a game-theoretic approach to model the defender’s response strategies. The primary goal of this simulation framework is to generate a diverse range of realistic attack data that can be used to train machine learning algorithms for detecting and mitigating cyber attacks. Additionally, the environment supports the evaluation of new security technologies, including advanced decision support systems, by providing a controlled and flexible testing platform.</div><div>Our simulation environment is designed to be modular and scalable, supporting the integration of new use cases and attack scenarios without relying heavily on external components. It enables the entire process of scenario generation, data modeling, data point mapping, and power flow simulation, along with the depiction of communication traffic, in a coherent process chain. This ensures that all relevant data needed for cyber security investigations, including the interactions between attacker and defender, are captured under consistent conditions and constraints.</div><div>The simulation environment also includes a detailed modeling of communication protocols and grid operation management, providing insights into how attacks propagate through the network. The generated data are validated through laboratory tests, ensuring that the simulation reflects real-world conditions. These datasets are used to train machine learning models for intrusion detection and evaluate their performance, specifically focusing on how well they can detect complex attack patterns in power grid operations.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"48 ","pages":"Article 100727"},"PeriodicalIF":4.1,"publicationDate":"2025-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143168301","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-03-01Epub Date: 2025-02-27DOI: 10.1016/S1874-5482(25)00011-3
Roberto Setola
{"title":"Interdependencies and third parties","authors":"Roberto Setola","doi":"10.1016/S1874-5482(25)00011-3","DOIUrl":"10.1016/S1874-5482(25)00011-3","url":null,"abstract":"","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"48 ","pages":"Article 100750"},"PeriodicalIF":4.1,"publicationDate":"2025-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143508441","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-03-01Epub Date: 2025-01-13DOI: 10.1016/j.ijcip.2025.100740
Mustafa Sinasi Ayas , Enis Kara , Selen Ayas , Ali Kivanc Sahin
This research presents the optimized adversarial machine learning framework, OptAML, which is developed for use in water distribution and treatment systems. In consideration of the physical invariants of these systems, the OptAML generates adversarial samples capable of deceiving a hybrid convolutional neural network-long short-term memory network model. The efficacy of the framework is assessed using the Secure Water Treatment (SWaT) and Water Distribution (WADI) datasets. The findings demonstrate that OptAML is capable of effectively evading rule checkers and significantly reducing the accuracy of anomaly detection frameworks in both systems. Additionally, the study investigates a defense mechanism that demonstrates enhanced robustness against these adversarial attacks and is based on adversarial training. Our results underscore the necessity for robust and flexible protection tactics and highlight the shortcomings of the machine learning-based anomaly detection systems for critical infrastructure that are currently in place.
{"title":"OptAML: Optimized adversarial machine learning on water treatment and distribution systems","authors":"Mustafa Sinasi Ayas , Enis Kara , Selen Ayas , Ali Kivanc Sahin","doi":"10.1016/j.ijcip.2025.100740","DOIUrl":"10.1016/j.ijcip.2025.100740","url":null,"abstract":"<div><div>This research presents the optimized adversarial machine learning framework, OptAML, which is developed for use in water distribution and treatment systems. In consideration of the physical invariants of these systems, the OptAML generates adversarial samples capable of deceiving a hybrid convolutional neural network-long short-term memory network model. The efficacy of the framework is assessed using the Secure Water Treatment (SWaT) and Water Distribution (WADI) datasets. The findings demonstrate that OptAML is capable of effectively evading rule checkers and significantly reducing the accuracy of anomaly detection frameworks in both systems. Additionally, the study investigates a defense mechanism that demonstrates enhanced robustness against these adversarial attacks and is based on adversarial training. Our results underscore the necessity for robust and flexible protection tactics and highlight the shortcomings of the machine learning-based anomaly detection systems for critical infrastructure that are currently in place.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"48 ","pages":"Article 100740"},"PeriodicalIF":4.1,"publicationDate":"2025-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143167952","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-03-01Epub Date: 2024-12-07DOI: 10.1016/j.ijcip.2024.100728
Mikaëla Ngamboé , Xiao Niu , Benoit Joly , Steven P. Biegler , Paul Berthier , Rémi Benito , Greg Rice , José M. Fernandez , Gabriela Nicolescu
The Automatic Dependent Surveillance-Broadcast (ADS-B) is a surveillance technology mandated in many airspaces. It improves safety, increases efficiency and reduces air traffic congestion by broadcasting aircraft navigation data. Yet, ADS-B is vulnerable to spoofing attacks as it lacks mechanisms to ensure the integrity and authenticity of the data being supplied. None of the existing cryptographic solutions fully meet the backward compatibility and bandwidth preservation requirements of the standard. Hence, we propose the Compatible Authenticated Bandwidth-efficient Broadcast protocol for ADS-B (CABBA), an improved approach that integrates TESLA, phase-overlay modulation techniques and certificate-based PKI. As a result, entity authentication, data origin authentication, and data integrity are the security services that CABBA offers. To assess compliance with the standard, we designed an SDR-based implementation of CABBA and performed backward compatibility tests on commercial and general aviation (GA) ADS-B in receivers. Besides, we calculated the 1090ES band’s activity factor and analyzed the channel occupancy rate according to ITU-R SM.2256-1 recommendation. Also, we performed a bit error rate analysis of CABBA messages. The results suggest that CABBA is backward compatible, does not incur significant communication overhead, and has an error rate that is acceptable for Eb/No values above 14 dB.
{"title":"CABBA: Compatible Authenticated Bandwidth-efficient Broadcast protocol for ADS-B","authors":"Mikaëla Ngamboé , Xiao Niu , Benoit Joly , Steven P. Biegler , Paul Berthier , Rémi Benito , Greg Rice , José M. Fernandez , Gabriela Nicolescu","doi":"10.1016/j.ijcip.2024.100728","DOIUrl":"10.1016/j.ijcip.2024.100728","url":null,"abstract":"<div><div>The Automatic Dependent Surveillance-Broadcast (ADS-B) is a surveillance technology mandated in many airspaces. It improves safety, increases efficiency and reduces air traffic congestion by broadcasting aircraft navigation data. Yet, ADS-B is vulnerable to spoofing attacks as it lacks mechanisms to ensure the integrity and authenticity of the data being supplied. None of the existing cryptographic solutions fully meet the backward compatibility and bandwidth preservation requirements of the standard. Hence, we propose the Compatible Authenticated Bandwidth-efficient Broadcast protocol for ADS-B (CABBA), an improved approach that integrates TESLA, phase-overlay modulation techniques and certificate-based PKI. As a result, entity authentication, data origin authentication, and data integrity are the security services that CABBA offers. To assess compliance with the standard, we designed an SDR-based implementation of CABBA and performed backward compatibility tests on commercial and general aviation (GA) ADS-B in receivers. Besides, we calculated the 1090ES band’s activity factor and analyzed the channel occupancy rate according to ITU-R SM.2256-1 recommendation. Also, we performed a bit error rate analysis of CABBA messages. The results suggest that CABBA is backward compatible, does not incur significant communication overhead, and has an error rate that is acceptable for Eb/No values above 14 dB.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"48 ","pages":"Article 100728"},"PeriodicalIF":4.1,"publicationDate":"2025-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143167953","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-03-01Epub Date: 2024-12-07DOI: 10.1016/j.ijcip.2024.100729
Seyed Ali Alavi, Hamed Pourvali Moghadam, Amir Hossein Jahangir
This paper introduces a novel cyberattack vector called the ”Autonomous Firmware Zombie Attack.” Unlike traditional zombie attacks that rely on botnets and direct network control, this method enables attackers to covertly modify the firmware of substation Intelligent Electronic Devices (IEDs) and other firmware-based appliances, including critical industrial equipment, without requiring an active network connection, leaving minimal trace and making an offensive attack with only one infected device instead of a set of multiple devices in botnets. Unlike conventional cyber threats, this method allows attackers to manipulate devices to cause substantial damage while leaving minimal trace, thus evading traditional detection techniques. This study demonstrates the potential of the Autonomous Firmware Zombie Attack (AFZA), which causes substantial damage while evading conventional detection techniques. We first run such an attack on a series of IEDs as proof of concept for this issue. Then, we compare this approach to traditional remote control attacks, highlighting its unique advantages and implications for industrial control system security. This research underscores the critical need for a robust cybersecurity framework tailored to industrial control systems and advances our understanding of the complex risk landscape threatening critical infrastructures.
{"title":"Beyond botnets: Autonomous Firmware Zombie Attack in industrial control systems","authors":"Seyed Ali Alavi, Hamed Pourvali Moghadam, Amir Hossein Jahangir","doi":"10.1016/j.ijcip.2024.100729","DOIUrl":"10.1016/j.ijcip.2024.100729","url":null,"abstract":"<div><div>This paper introduces a novel cyberattack vector called the ”Autonomous Firmware Zombie Attack.” Unlike traditional zombie attacks that rely on botnets and direct network control, this method enables attackers to covertly modify the firmware of substation Intelligent Electronic Devices (IEDs) and other firmware-based appliances, including critical industrial equipment, without requiring an active network connection, leaving minimal trace and making an offensive attack with only one infected device instead of a set of multiple devices in botnets. Unlike conventional cyber threats, this method allows attackers to manipulate devices to cause substantial damage while leaving minimal trace, thus evading traditional detection techniques. This study demonstrates the potential of the Autonomous Firmware Zombie Attack (AFZA), which causes substantial damage while evading conventional detection techniques. We first run such an attack on a series of IEDs as proof of concept for this issue. Then, we compare this approach to traditional remote control attacks, highlighting its unique advantages and implications for industrial control system security. This research underscores the critical need for a robust cybersecurity framework tailored to industrial control systems and advances our understanding of the complex risk landscape threatening critical infrastructures.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"48 ","pages":"Article 100729"},"PeriodicalIF":4.1,"publicationDate":"2025-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143167813","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-03-01Epub Date: 2025-01-16DOI: 10.1016/j.ijcip.2025.100741
H M Imran Kays, Arif Mohaimin Sadri, K.K. "Muralee" Muraleetharan, P. Scott Harvey, Gerald A. Miller
This study addresses the challenge of modeling flood propagation and cascading failures in geographically interdependent transportation and stormwater systems, filling a critical gap in the literature by effectively capturing the temporal progression and spatial distribution of failures in interdependent systems. We developed a contagion-based Susceptible-Exposed-Flooded-Recovered (SEFR) model to monitor flood propagation dynamics within these interconnected systems. We established a spatial interdependency threshold for transportation and stormwater systems using a multilayer network representation and incorporated the state-of-the-art Hydrologic Engineering Center's River Analysis System (HEC-RAS) to generate reliable flood data. The SEFR model combines the topological characteristics of the multilayer network with simulated flood data to accurately model the propagation of flood damage and cascading failures. Focusing on Norman, Oklahoma, we calibrated the SEFR model using the HEC-RAS 2D flood simulation data for a major precipitation event on July 27, 2021. Results demonstrate the SEFR model's ability to identify the spatiotemporal variations in flood propagation, highlighting critical infrastructure components at risk, including specific road segments and stormwater system elements vulnerable to cascading failures during flooding events. The findings provide new insights into interdependent system resilience and inform intervention strategies to mitigate adverse flooding impacts, enhancing the robustness of critical infrastructure against natural disasters.
{"title":"Modeling flood propagation and cascading failures in interdependent transportation and stormwater networks","authors":"H M Imran Kays, Arif Mohaimin Sadri, K.K. \"Muralee\" Muraleetharan, P. Scott Harvey, Gerald A. Miller","doi":"10.1016/j.ijcip.2025.100741","DOIUrl":"10.1016/j.ijcip.2025.100741","url":null,"abstract":"<div><div>This study addresses the challenge of modeling flood propagation and cascading failures in geographically interdependent transportation and stormwater systems, filling a critical gap in the literature by effectively capturing the temporal progression and spatial distribution of failures in interdependent systems. We developed a contagion-based Susceptible-Exposed-Flooded-Recovered (SEFR) model to monitor flood propagation dynamics within these interconnected systems. We established a spatial interdependency threshold for transportation and stormwater systems using a multilayer network representation and incorporated the state-of-the-art Hydrologic Engineering Center's River Analysis System (HEC-RAS) to generate reliable flood data. The SEFR model combines the topological characteristics of the multilayer network with simulated flood data to accurately model the propagation of flood damage and cascading failures. Focusing on Norman, Oklahoma, we calibrated the SEFR model using the HEC-RAS 2D flood simulation data for a major precipitation event on July 27, 2021. Results demonstrate the SEFR model's ability to identify the spatiotemporal variations in flood propagation, highlighting critical infrastructure components at risk, including specific road segments and stormwater system elements vulnerable to cascading failures during flooding events. The findings provide new insights into interdependent system resilience and inform intervention strategies to mitigate adverse flooding impacts, enhancing the robustness of critical infrastructure against natural disasters.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"48 ","pages":"Article 100741"},"PeriodicalIF":4.1,"publicationDate":"2025-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143167946","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-03-01Epub Date: 2025-01-03DOI: 10.1016/j.ijcip.2024.100738
Sheeja Rani S , Mostafa F. Shaaban , Abdelfatah Ali
The deployment of 5G networks and IoT devices in smart grid applications provides electricity-generated, distributed, and managed bidirectional transmission of real-time information between utility providers and consumers. However, this increased transmission and confidence in IoT devices also present novel security challenges, since they are vulnerable to malicious attacks. Ensuring robust attack detection mechanisms in 5G-IoT smart grid systems for reliable and efficient power distribution, and early accurate identification of attacks addressed. To solve these concerns, a novel technique called Target Projection Regressed Gradient Convolutional Neural Network (TPRGCNN) is introduced to improve the accuracy of attack detection during data transmission in a 5G-IoT smart grid environment. The TPRGCNN method is combined with feature selection and classification for improving secure data transmission by detecting attacks in 5G-IoT smart grid networks. In the feature selection process, TPRGCNN utilizes the Ruzicka coefficient Dichotonic projection regression method and aims to enhance the accuracy of attack detection while minimizing time complexity. Then selected significant features are fed into Jaspen’s correlative stochastic gradient convolutional neural learning classifier for attack detection. Classification indicates whether transmission is normal or an attack in the 5G-IoT smart grid network. The implementation results demonstrate that the proposed TPRGCNN method achieve a 5% of improved attack detection accuracy and 2% improvement in precision, recall, F-score while reducing time complexity and space complexity by 13% and 23% compared to conventional methods.
{"title":"An efficient convolutional neural network based attack detection for smart grid in 5G-IOT","authors":"Sheeja Rani S , Mostafa F. Shaaban , Abdelfatah Ali","doi":"10.1016/j.ijcip.2024.100738","DOIUrl":"10.1016/j.ijcip.2024.100738","url":null,"abstract":"<div><div>The deployment of 5G networks and IoT devices in smart grid applications provides electricity-generated, distributed, and managed bidirectional transmission of real-time information between utility providers and consumers. However, this increased transmission and confidence in IoT devices also present novel security challenges, since they are vulnerable to malicious attacks. Ensuring robust attack detection mechanisms in 5G-IoT smart grid systems for reliable and efficient power distribution, and early accurate identification of attacks addressed. To solve these concerns, a novel technique called Target Projection Regressed Gradient Convolutional Neural Network (TPRGCNN) is introduced to improve the accuracy of attack detection during data transmission in a 5G-IoT smart grid environment. The TPRGCNN method is combined with feature selection and classification for improving secure data transmission by detecting attacks in 5G-IoT smart grid networks. In the feature selection process, TPRGCNN utilizes the Ruzicka coefficient Dichotonic projection regression method and aims to enhance the accuracy of attack detection while minimizing time complexity. Then selected significant features are fed into Jaspen’s correlative stochastic gradient convolutional neural learning classifier for attack detection. Classification indicates whether transmission is normal or an attack in the 5G-IoT smart grid network. The implementation results demonstrate that the proposed TPRGCNN method achieve a 5% of improved attack detection accuracy and 2% improvement in precision, recall, F-score while reducing time complexity and space complexity by 13% and 23% compared to conventional methods.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"48 ","pages":"Article 100738"},"PeriodicalIF":4.1,"publicationDate":"2025-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143167951","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-03-01Epub Date: 2025-01-09DOI: 10.1016/j.ijcip.2025.100739
Jie Fu , Chengxi Yang , Yuxuan Liu , Kunsan Zhang , Jiaqi Li , Beibei Li
Advanced Metering Infrastructure (AMI) is envisioned to enable smart energy management and consumption while ensuring the integrity of real energy consumption data. However, existing smart meters, gateways, and communication channels are usually weakly protected, often opening a huge door for data eavesdroppers who may be easily to further construct energy thefts. Although some energy theft detection schemes have already been reported in the literature, they often fail to take into account the dense data distribution characteristics of energy consumption data, resulting in compromised detection performance. To this end, we in this paper propose a novel arTificial IMmune based Energy theft Detection (TIMED) scheme, which can effectively identify five types of energy thefts. Specifically, we first develop an energy consumption data pre-processing method, which can effectively reduce the dimensionality of raw energy consumption data to facilitate the data analyzing efficiency. Second, we design a center-distance-based energy theft detector generation method to create high-quality detectors with low elimination rates. Last, we devise a nonself-based hole repair method for energy theft detectors, which can further reduce the false negative alarms. Extensive experiments on a real public AMI dataset demonstrate that the proposed TIMED scheme is highly effective in identifying pulse attacks, scaling attacks, ramping attacks, random attacks, and smooth-curve attacks. The results show that TIMED outperforms many existing machine learning and traditional artificial immunity-based energy theft detection methods.
{"title":"Artificial immunity-based energy theft detection for advanced metering infrastructures","authors":"Jie Fu , Chengxi Yang , Yuxuan Liu , Kunsan Zhang , Jiaqi Li , Beibei Li","doi":"10.1016/j.ijcip.2025.100739","DOIUrl":"10.1016/j.ijcip.2025.100739","url":null,"abstract":"<div><div>Advanced Metering Infrastructure (AMI) is envisioned to enable smart energy management and consumption while ensuring the integrity of real energy consumption data. However, existing smart meters, gateways, and communication channels are usually weakly protected, often opening a huge door for data eavesdroppers who may be easily to further construct energy thefts. Although some energy theft detection schemes have already been reported in the literature, they often fail to take into account the dense data distribution characteristics of energy consumption data, resulting in compromised detection performance. To this end, we in this paper propose a novel ar<strong>T</strong>ificial <strong>IM</strong>mune based <strong>E</strong>nergy theft <strong>D</strong>etection (TIMED) scheme, which can effectively identify five types of energy thefts. Specifically, we first develop an energy consumption data pre-processing method, which can effectively reduce the dimensionality of raw energy consumption data to facilitate the data analyzing efficiency. Second, we design a center-distance-based energy theft detector generation method to create high-quality detectors with low elimination rates. Last, we devise a nonself-based hole repair method for energy theft detectors, which can further reduce the false negative alarms. Extensive experiments on a real public AMI dataset demonstrate that the proposed TIMED scheme is highly effective in identifying pulse attacks, scaling attacks, ramping attacks, random attacks, and smooth-curve attacks. The results show that TIMED outperforms many existing machine learning and traditional artificial immunity-based energy theft detection methods.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"48 ","pages":"Article 100739"},"PeriodicalIF":4.1,"publicationDate":"2025-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143167950","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper addresses the critical need for enhancing security in Supervisory Control and Data Acquisition (SCADA) networks within Industrial Control Systems (ICSs) to protect the industrial processes from cyber-attacks. The purpose of our work is to propose and evaluate lightweight security measures to safeguard critical infrastructure resources. The scope of our effort involves simulating a secure SCADA/IoT-based hardware test bench for ICSs, utilizing Modbus and MQTT communication protocols. Through case studies in remote servo motor control, water distribution systems, and power system voltage level indicators, vulnerabilities such as Denial of Service (DoS) and Man-in-The-Middle (MiTM) attacks are identified, and security recommendations are provided. To execute our work, we deploy lightweight ciphers such as Prime Counter & Hash Chaining (PCHC) and Ascon algorithm with Compression Rate (ACR) for secure information exchange between the plant floor and the control center. Evaluation of these ciphers on Raspberry Pi focuses on execution speed and memory utilization. Additionally, a comparison with the AGA-12 protocol standard for SCADA networks is conducted to underscore the efficacy of the proposed security measures. Our findings include the identification of SCADA network vulnerabilities and the proposal of lightweight security measures to mitigate risks. Performance evaluation of the proposed ciphers on Raspberry Pi demonstrates their effectiveness, emphasizing the importance of deploying such measures to ensure resilience against cyber threats in SCADA environments.
{"title":"Securing industrial control systems: Developing a SCADA/IoT test bench and evaluating lightweight cipher performance on hardware simulator","authors":"Darshana Upadhyay , Sagarika Ghosh , Hiroyuki Ohno , Marzia Zaman , Srinivas Sampalli","doi":"10.1016/j.ijcip.2024.100705","DOIUrl":"10.1016/j.ijcip.2024.100705","url":null,"abstract":"<div><p>This paper addresses the critical need for enhancing security in Supervisory Control and Data Acquisition (SCADA) networks within Industrial Control Systems (ICSs) to protect the industrial processes from cyber-attacks. The purpose of our work is to propose and evaluate lightweight security measures to safeguard critical infrastructure resources. The scope of our effort involves simulating a secure SCADA/IoT-based hardware test bench for ICSs, utilizing Modbus and MQTT communication protocols. Through case studies in remote servo motor control, water distribution systems, and power system voltage level indicators, vulnerabilities such as Denial of Service (DoS) and Man-in-The-Middle (MiTM) attacks are identified, and security recommendations are provided. To execute our work, we deploy lightweight ciphers such as Prime Counter & Hash Chaining (PCHC) and Ascon algorithm with Compression Rate (ACR) for secure information exchange between the plant floor and the control center. Evaluation of these ciphers on Raspberry Pi focuses on execution speed and memory utilization. Additionally, a comparison with the AGA-12 protocol standard for SCADA networks is conducted to underscore the efficacy of the proposed security measures. Our findings include the identification of SCADA network vulnerabilities and the proposal of lightweight security measures to mitigate risks. Performance evaluation of the proposed ciphers on Raspberry Pi demonstrates their effectiveness, emphasizing the importance of deploying such measures to ensure resilience against cyber threats in SCADA environments.</p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"47 ","pages":"Article 100705"},"PeriodicalIF":4.1,"publicationDate":"2024-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S1874548224000465/pdfft?md5=aab404315863014667e25aa2e54961de&pid=1-s2.0-S1874548224000465-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142088708","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
扫码关注我们
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号