Weiqing Sun

Distributed Intrusion Detection System in a Multi-Layer Network Architecture of Smart Grids

The advent of the smart grid promises to usher in an era that will bring intelligence, efficiency, and optimality to the power grid. Most of these changes will occur as an Internet-like communications network is superimposed on top of the current power grid using wireless mesh network technologies with the 802.15.4, 802.11, and WiMAX standards. Each of these will expose the power grid to cybersecurity threats. In order to address this issue, this work proposes a distributed intrusion detection system for smart grids (SGDIDS) by developing and deploying an intelligent module, the analyzing module (AM), in multiple layers of the smart grid. Multiple AMs will be embedded at each level of the smart grid-the home area networks (HANs), neighborhood area networks (NANs), and wide area networks (WANs)-where they will use the support vector machine (SVM) and artificial immune system (AIS) to detect and classify malicious data and possible cyberattacks. AMs at each level are trained using data that is relevant to their level and will also be able to communicate in order to improve detection. Simulation results demonstrate that this is a promising methodology for supporting the optimal communication routing and improving system security through the identification of malicious network traffic.

Cyber security threat analysis and modeling of an unmanned aerial vehicle system

Advances in technology for miniature electronic military equipment and systems have led to the emergence of unmanned aerial vehicles (UAVs) as the new weapons of war and tools used in various other areas. UAVs can easily be controlled from a remote location. They are being used for critical operations, including offensive, reconnaissance, surveillance and other civilian missions. The need to secure these channels in a UAV system is one of the most important aspects of the security of this system because all information critical to the mission is sent through wireless communication channels. It is well understood that loss of control over these systems to adversaries due to lack of security is a potential threat to national security. In this paper various security threats to a UAV system is analyzed and a cyber-security threat model showing possible attack paths has been proposed. This model will help designers and users of the UAV systems to understand the threat profile of the system so as to allow them to address various system vulnerabilities, identify high priority threats, and select mitigation techniques for these threats.

Collabra: A Xen Hypervisor Based Collaborative Intrusion Detection System

In this paper, we introduce Collabra, a distributed intrusion detection platform based on Xen hyper visors to maintain the security of the cloud based on virtualized network. While the concept of virtual machine monitor (VMM) signifies implementing an abstraction layer between the underlying host and the guest operating system (OS) to enforce security, its kernel is required to be free of vulnerabilities that intruders can use to compromise the host. In Xen, guest applications make resource requests through the hyper-call API to transfer the privilege to the VMM kernel for executing privileged operations. On a cloud scale, there exist hundreds of VM networks and thousands of guest operating systems (OSes) running on virtual domains. There is every possibility of intruders trying to misuse the hyper-call interface to compromise guest OS kernels and finally the host OS kernel itself. Sophisticated attacks can be launched in the distributed and collaborative style thereby bypassing most current intrusion detection systems. Collabra acts as a filtering layer which is completely integrated with every VMM. It scans through each call by incorporating integrity checking and collaborative detection mechanisms. It exists in multiple instances, and acts concurrently over a VMM network interacting with other instances to detect (possibly collaborative) attacks and prevent illicit access to the VMM and the host. An admin version of Collabra exists on a privileged domain in the VM network to perform filtering of malicious add-ons to hyper-calls at the guest OS level itself before routing the call to the VMM.

A multi-level communication architecture of smart grid based on congestion aware wireless mesh network

The advent of the smart grid promises to usher in an era that will bring intelligence, efficiency, and optimality to the power grid. Most of these changes will occur as an Internet-like communications network is superimposed on top of the current power grid. The communication environment of the smart grid should be more robust, reliable, and efficient. In order to address this issue, this work proposes a Smart Grid Communication Network (SGCN) by deploying wireless mesh network technologies consisting of 802.15.4 Zigbee, 802.11, and the WiMAX standards. These are applied in different levels of the home area network (HAN), neighborhood area network (NAN), and the Wide Area Network (WAN). Simulation results demonstrate that this is a promising methodology for a more efficient communication environment.

Alcatraz: An Isolated Environment for Experimenting with Untrusted Software

In this article, we present an approach for realizing a safe execution environment (SEE) that enables users to “try out” new software (or configuration changes to existing software) without the fear of damaging the system in any manner. A key property of our SEE is that it faithfully reproduces the behavior of applications, as if they were running natively on the underlying (host) operating system. This is accomplished via one-way isolation: processes running within the SEE are given read-access to the environment provided by the host OS, but their write operations are prevented from escaping outside the SEE. As a result, SEE processes cannot impact the behavior of host OS processes, or the integrity of data on the host OS. SEEs support a wide range of tasks, including: study of malicious code, controlled execution of untrusted software, experimentation with software configuration changes, testing of software patches, and so on. It provides a convenient way for users to inspect system changes made within the SEE. If these changes are not accepted, they can be rolled back at the click of a button. Otherwise, the changes can be committed so as to become visible outside the SEE. We provide consistency criteria that ensure semantic consistency of the committed results. We develop two different implementation approaches, one in user-land and the other in the OS kernel, for realizing a safe-execution environment. Our implementation results show that most software, including fairly complex server and client applications, can run successfully within our SEEs. It introduces low performance overheads, typically below 10 percent.

Trust System Design Optimization in Smart Grid Network Infrastructure

The imposed communication network brings more vulnerabilities to the evolving smart grid. Therefore, defensive techniques such as intrusion detection will need to be deployed in this already complicated system. Deployment and runtime cost due to the defensive trust systems will affect the original function of smart grid system without careful planning and design. This paper is an effort to address this important issue. In particular, the set packing algorithm is used to optimize the placement of the trust nodes of the defensive system in the multiple layer architecture of the smart grid. After the trust nodes are placed, a trust node aware optimal routing algorithm is used to find the least cost routing in the communications of the nodes. Also, an algorithm to identify new trust node(s) is presented to address the fault tolerance requirement of the smart grid system. Simulation results demonstrate that our approach is promising by providing secure, efficient, and reliable communications in the smart grid network.

Artificial immune system based intrusion detection in a distributed hierarchical network architecture of smart grid

The advent of the smart grid promises to usher in an era that will bring intelligence, efficiency, and optimality to the power grid. Most of these changes will occur as an Internet-like communications network is superimposed on top of the current power grid using wireless technologies including 802.15.4, 802.11, and the Zigbee protocol. Each of these will expose the power grid to cyber security threats. In order to address this issue, this work proposes a Distributed Intrusion Detection System for Smart Grids (SGDIDS) by developing and deploying an intelligent module, the Analyzing Module (AM) in the multiple layers of smart grids. Multiple AMs will be embedded at each level of the smart grid — the home area network (HAN), neighborhood area network (NAN), and the Wide Area Network (WAN) — where they will use Artificial Immune System (AIS) to detect and classify malicious data and possible cyber attacks. AMs at each level will be trained using data that is relevant to their level and will also be able to communicate in order to improve detection. Simulation results demonstrate that this is a promising methodology for identifying malicious network traffic and improving system security.

UAVSim: A simulation testbed for unmanned aerial vehicle network cyber security analysis

Increased use of unmanned systems in various tasks enables users to complete important missions without risking human lives. Nonetheless, these systems pose a huge threat if the operational cyber security is not handled properly, especially for the unmanned aerial vehicle systems (UAVS), which can cause catastrophic damages. Therefore, it is important to check the impact of various attack attempts on the UAV system. The most economical and insightful way to do this is to simulate operational scenarios of UAVs in advance. In this paper, we introduce UAVSim, a simulation testbed for Unmanned Aerial Vehicle Networks cyber security analysis. The testbed allows users to easily experiment by adjusting different parameters for the networks, hosts and attacks. In addition, each UAV host works on well-defined mobility framework and radio propagation models, which resembles real-world scenarios. Based on the experiments performed in UAVSim, we evaluate the impact of Jamming attacks against UAV networks and report the results to demonstrate the necessity and usefulness of the testbed.

A neural network based distributed intrusion detection system on cloud platform

Intrusion detection system (IDS) is an important component to maintain network security. Also, as the cloud platform is quickly evolving and becoming more popular in our everyday life, it is useful and necessary to build an effective IDS for the cloud. However, existing intrusion detection techniques will be likely to face challenges when deployed on the cloud platform. The pre-determined IDS architecture may lead to overloading of a part of the cloud due to the extra detection overhead. This paper proposes a neural network based IDS which is a distributed system with an adaptive architecture so as to make full use of the available resources without overloading any single machine in the cloud. Moreover, with the machine learning ability from the neural network, the proposed IDS can detect new types of attacks with fairly accurate results. Evaluation of the proposed IDS with the KDD dataset on a physical cloud testbed shows that it is a promising approach to detecting attacks in the cloud infrastructure.

Efficient spam detection across Online Social Networks

Online Social Networks (OSNs) have become more and more popular in the whole world. People share their personal activities, views and opinions among different OSNs. At the same time, social spam appears more frequently and in various formats throughout popular OSNs. Therefore, efficient detection of spam has become an important and popular problem. This paper focuses on spam detection across multiple online social networks by leveraging the knowledge of detecting similar spam within a social network and using it in different networks. We chose Facebook and Twitter for our study targets, considering that they share the most similar features in posts, topics, and user activities, etc. We collected two datasets from them and performed analysis based on our proposed methodology. The results show that detection combined with spam in Facebook show a more than 50% decrease of spam tweets in Twitter, and detection combined with spam of Twitter shows a nearly 71.2% decrease of spam posts in Facebook. This means similar spam of one social network can greatly facilitate spam detection in other social networks. We proposed a new perspective of spam detection in OSNs.