Linqiang Ge

An integrated detection system against false data injection attacks in the Smart Grid

The Smart Grid is a new type of power grid that will use advanced communication network technologies to support more efficient energy transmission and distribution. The grid infrastructure was designed for reliability; but security, especially against cyber threats, is also a critical need. In particular, an adversary can inject false data to disrupt system operation. In this paper, we develop a false data detection system that integrates two techniques that are tailored to the different attack types that we consider. We adopt anomaly-based detection to detect strong attacks that feature the injection of large amounts of spurious measurement data in a very short time. We integrate the anomaly detection mechanism with a watermarking-based detection scheme that prevents more stealthy attacks that involve subtle manipulation of the measurement data. We conduct a theoretical analysis to derive the closed-form formulae for the performance metrics that allow us to investigate the effectiveness of our proposed detection techniques. Our experimental data show that our integrated detection system can accurately detect both strong and stealthy attacks. Copyright

A Cloud Computing Based Network Monitoring and Threat Detection System for Critical Infrastructures

Critical infrastructure systems perform functions and missions that are essential for our national economy, health, and security. These functions are vital to commerce, government, and society and are closely interrelated with peoples lives. To provide highly secured critical infrastructure systems, a scalable, reliable and robust threat monitoring and detection system should be developed to efficiently mitigate cyber threats. In addition, big data from threat monitoring systems pose serious challenges for cyber operations because an ever growing number of devices in the system and the amount of complex monitoring data collected from critical infrastructure systems require scalable methods to capture, store, manage, and process the big data. To address these challenges, in this paper, we propose a cloud computing based network monitoring and threat detection system to make critical infrastructure systems secure. Our proposed system consists of three main components: monitoring agents, cloud infrastructure, and an operation center. To build our proposed system, we use both Hadoop MapReduce and Spark to speed up data processing by separating and processing data streams concurrently. With a real-world data set, we conducted real-world experiments to evaluate the effectiveness of our developed network monitoring and threat detection system in terms of network monitoring, threat detection, and system performance. Our empirical data indicates that the proposed system can efficiently monitor network activities, find abnormal behaviors, and detect network threats to protect critical infrastructure systems.

On behavior-based detection of malware on Android platform

Because of exponential growth in smart mobile devices, malware attacks on smart mobile devices have been growing and pose serious threats to mobile device users. To address this issue, we develop a malware detection system, which uses a behavior-based detection approach to deal with the detection of a large number of unknown malware. To accurately detect malware, we examine system calls to capture the runtime behavior of software, which interacts with an operating system and adopt machine learning approaches such as Support Vector Machine (SVM) and Naive Bayes learning schemes to learn the dynamic behavior of software execution. Using real-world malware and benign samples, we conduct experiments on Android devices and evaluate the effectiveness of our developed system in terms of learning algorithms, the size of training set, the length of n-grams, and the overhead in training and detection processes. Our experimental data demonstrates the effectiveness of our proposed detection system to detect malware.

A novel architecture against false data injection attacks in smart grid

Smart Grid is a new type of power grid that will provide reliable, secure, and efficient energy transmission and distribution. Cyber attacks against data readmission system threaten the security of smart grid. Hence, identifying and preventing the false data injection as early as possible becomes a critical issue. However, there is no existing solution that considers all aspects such as deployment cost and system efficiency. In this paper, we apply a light-weight watermarking technique to defend against false data injection attacks. To be specific, we add a secure watermark to real-time meter readings and transmit the watermarked data through high speed unsecured network. The utility can then correlate the watermarked data with the original watermark to detect the presence of false data injected by adversary. Our simulation results show that watermarking technique can effectively detect any false manipulation to the watermarked data at low cost.

Simulation Study of Unmanned Aerial Vehicle Communication Networks Addressing Bandwidth Disruptions

To date, Unmanned Aerial Vehicles (UAVs) have been widely used for numerous applications. UAVs can directly connect to ground stations or satellites to transfer data. Multiple UAVs can communicate and cooperate with each other and then construct an ad-hoc network. Multi-UAV systems have the potential to provide reliable and timely services for end users in addition to satellite networks. In this paper, we conduct a simulation study for evaluating the network performance of multi-UAV systems and satellite networks using the ns-2 networking simulation tool. Our simulation results show that UAV communication networks can achieve better network performance than satellite networks and with a lower cost and increased timeliness. We also investigate security resiliency of UAV networks. As a case study, we simulate false data injection attacks against UAV communication networks in ns-2 and demonstrate the impact of false data injection attacks on network performance.

On simulation studies of cyber attacks against LTE networks

Because of ever-increasing performance and capacity gains, the popularity of LTE as a 4G technology has skyrocketed. Unfortunately, cyber adversaries may launch attacks against the LTE network. In this paper, we develop a theoretical framework to systematically explore the attack space which consists of three dimensions: communication services attacked, planes of attack, and network components under attack. Based on the developed framework, we carried out extensive simulations to evaluate the impact of some representative attacks on LTE network performance. Our developed framework and simulation models enables a foundation for advancing the understanding of threats on the LTE network and assists in developing counter-measures to secure LTE networks.

Toward Effectiveness and Agility of Network Security Situational Awareness Using Moving Target Defense (MTD)

Most enterprise networks are built to operate in a static configuration (e.g., static software stacks, network configurations, and application deployments). Nonetheless, static systems make it easy for a cyber adversary to plan and launch successful attacks. To address static vulnerability, moving target defense (MTD) has been proposed to increase the difficulty for the adversary to launch successful attacks. In this paper, we first present a literature review of existing MTD techniques. We then propose a generic defense framework, which can provision an incentive-compatible MTD mechanism through dynamically migrating server locations. We also present a user-server mapping mechanism, which not only improves system resiliency, but also ensures network performance. We demonstrate a MTD with a multi-user network communication and our data shows that the proposed framework can effectively improve the resiliency and agility of the system while achieving good network timeliness and throughput performance.

ScanMe mobile: a local and cloud hybrid service for analyzing APKs

As mobile malware increases in numbers and sophistication, it becomes pertinent for users to have access to tools that can inform them of potentially malicious applications. In this paper, we developed a cloud based Android malware analysis service called ScanMe Mobile. The objective of this service is to allow users to learn information about Android application package (APK) files before installing them on their Android devices. With ScanMe Mobile, users can locally scan APK files on their phones SD (Secure Digital) memory card, compile a comprehensive report, and share the report by publishing it through a web interface. ScanMe Mobile allows users to perform both static and dynamic analysis on APK files. In addition to integrating some existing analysis tools into the system, we performed Android malware detection based on machine learning techniques. Our experimental data shows that our proposed system can effectively detect malware on the Android platform.

Towards Neural Network Based Malware Detection on Android Mobile Devices

Due to the exponential increase in the use of smart mobile devices, malware threats on those devices have been growing and posing security risks. To address this critical issue, we developed an Artificial Neural Network (ANN)-based malware detection system to detect unknown malware. In our system, we consider both permissions requested by applications and system calls associated with the execution of applications to distinguish between benign applications and malware. We used ANN, a representative machine learning technique, to understand the anomaly behavior of malware by learning the characteristic permissions and system calls used by applications. We then used the trained ANN to detect malware. Using real-world malware and benign applications, we conducted experiments on Android devices and evaluated the effectiveness of our developed system.

On effective data aggregation techniques in host-based intrusion detection in MANET

Mobile Ad Hoc Networks (MANETs) have been widely used in commercial and tactical domains. MANETs commonly demand a robust, diverse, energy-efficient, and resilient communication and computing infrastructure, enabling network-centric operation with minimal downtime. MANETs face security risks and energy consumption. However, conducting cyber attack monitoring and detection in a MANET becomes a challenging issue because of limited resources and its infrastructureless network environment. To address this issue, we develop both lossless and lossy aggregation techniques to reduce the energy cost in information transition and bandwidth consumption while preserving the desired detection accuracy. In particular, we develop two lossless aggregation techniques: compression-based and event-based aggregation and develop a lossy aggregation technique: feature-based aggregation. We conduct real-world experiments and simulation study to evaluate the effectiveness of our proposed data aggregation techniques in terms of the energy consumption and detection accuracy.