Detection of False Command and Response Injection Attacks for Cyber Physical Systems Security and Resilience

Eke, Hope Nkiruka; Petrovski, Andrei; Ahriz, Hatem

doi:10.1145/3433174.3433615

Cited by 6 publications

(3 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Natural language processing and speech recognition frequently employ RNNs [74]. [75] uses deep ensemble RNNs-CNN to identify response injection and command injection threats in SCADA systems. A DL-based hybrid technique was presented by the authors in [76] to identify command injection attacks that cause remote tripping on relay systems inside a smart grid.…”

Section: A Artificial Intelligence-based Techniquesmentioning

confidence: 99%

Command Injection Attacks in Smart Grids: A Survey

Usama,

Aman

2024

IEEE Open J. Ind. Applicat.

View full text Add to dashboard Cite

Cybersecurity is important in the realization of various smart grid technologies. Several studies have been conducted to discuss different types of cyberattacks and provide their countermeasures. The False Command Injection Attack (FCIA) is considered one of the most critical attacks that have been studied. Various techniques have been proposed in the literature to detect FCIAs on different components of smart grids. The predominant focus of current surveys lies on FCIAs and detection techniques for such attacks. This paper presents a survey of existing works on FCIAs and classifies FCIAs in smart grids according to the targeted component. The impacts of FCIAs on smart grids are also discussed. Subsequently, this paper provides an extensive review of detection studies, categorizing them based on the type of detection technique employed.

show abstract

Section: A Artificial Intelligence-based Techniquesmentioning

confidence: 99%

Command Injection Attacks in Smart Grids: A Survey

Usama,

Aman

2024

IEEE Open J. Ind. Applicat.

View full text Add to dashboard Cite

show abstract

“…The architectural design of the proposed model for APT intrusion detection system (IDS) is built to run through three stages. This involves implementing a multi-step security detection approach based on DL, that takes into consideration the distributed and multi-level nature of the ICS architecture and reflect on the APT lifecycle for the four main SCADA cyber-attacks as suggested in [35]. Thus, APT detection system…”

Section: B Apt Dasac Architectural Designmentioning

confidence: 99%

“…This data contains network transaction captured over serial line that contains network information, payload information and label. In [35], the focus was on command injection (CI) attack (alters the system behaviour through injection of false control and configuration commands into a control system) and response injection (RI) attacks (attack that modifies the response from server to client, thereby providing false information about system state). A multi-stage approach based on DL techniques was implemented, where this approach is validated with two case scenarios; a network transactions between a RTU & MTU in-house SCADA gas pipeline control system and a case study of CI and RI attacks detection.…”

Section: Application Domainsmentioning

confidence: 99%

Advanced Persistent Threats Detection based on Deep Learning Approach

Eke

Petrovski²

2023

2023 IEEE 6th International Conference on Industrial Cyber-Physical Systems (ICPS)

Self Cite

View full text Add to dashboard Cite

Advanced Persistent Threats (APTs) have been a major challenge in securing both Information Technology (IT) and Operational Technology (OT) systems. APT is a sophisticated attack that masquerade their actions to navigates around defenses, breach networks, often, over multiple network hosts and evades detection. It also uses "low-and-slow" approach over a long period of time. Resource availability, integrity, and confidentiality of the operational cyber-physical systems (CPS) state and control is highly impacted by the safety and security measures in place. A framework multi-stage detection approach termed "APTDASAC" to detect different tactics, techniques, and procedures (TTPs) used during various APT steps is proposed. Implementation was carried out in three stages: (i) Data input and probing layer -this involves data gathering and preprocessing, (ii) Data analysis layer; applies the core process of "APTDASAC" to learn the behaviour of attack steps from the sequence data, correlate and link the related output and, (iii) Decision layer; the ensemble probability approach is utilized to integrate the output and make attack prediction. The framework was validated with three different datasets and three case studies. The proposed approach achieved a significant attacks detection capability of 86.36% with loss as 0.32%, demonstrating that attack detection techniques applied that performed well in one domain may not yield the same good result in another domain. This suggests that robustness and resilience of operational systems state to withstand attack and maintain system performance are regulated by the safety and security measures in place, which is specific to the system in question.

show abstract