The emergence of CPSs leads to modernization of critical infrastructures and improving flexibility and efficiency from one point of view. However, from another point of view, this modernization has subjected them to cyber threats. This paper provides a modeling approach for evaluating the security of CPSs. The main idea behind the presented model is to study the attacker and the system behaviors in the penetration and attack phases with exploiting some defensive countermeasures such as redundant components and attack detection strategies. By using the proposed approach, we can investigate how redundancy factor of sensors, controllers and actuators and intrusion detection systems can improve the system security and delay the system security failure.

This demonstration presents an internet of things device (thermostat), whose security is enforced by a secure element (smartcard) running TLS server, and using Virtual Input/Ouput technology. The board comprises a Wi-Fi system on chip (SoC), a micro-controller managing sensor (temperature probe) and actuator (relay), and a javacard. All device messages are sent/received over TLS, and processed by the secure element. Some of them are exported to micro-controller in clear form, which returns a response, sent over TLS by the smartcard.

Machine learning (ML) has been applied in prognostics and health management (PHM) to monitor and predict the health of industrial machinery. The use of PHM in production systems creates a cyber-physical, omni-layer system. While ML offers statistical improvements over previous methods, and brings statistical models to bear on new systems and PHM tasks, it is susceptible to performance degradation when the behavior of the systems that ML is receiving its inputs from changes. Natural changes such as physical wear and engineered changes such as maintenance and rebuild procedures are catalysts for performance degradation, and are both inherent to production systems. Drawing from data on the impact of maintenance procedures on ML performance in hydraulic actuators, this paper presents a simulation study that investigates how long it takes for ML performance degradation to create a difference in the throughput of serial production system. In particular, this investigation considers the performance of an ML model learned on data collected before a rebuild procedure is conducted on a hydraulic actuator and an ML model transfer learned on data collected after the rebuild procedure. Transfer learning is able to mitigate performance degradation, but there is still a significant impact on throughput. The conclusion is drawn that ML faults can have drastic, non-linear effects on the throughput of production systems.

In control systems, the operation of the system after an incident occurs is important. This paper proposes to design a whitelist model that can detect anomalies and identify locations of anomalous actuators using finite automata during multiple actuators attack. By applying this model and comparing the whitelist model with the operation data, the monitoring system detects anomalies and identifies anomaly locations of actuator that deviate from normal operation. We propose to construct a whitelist model focusing on the order of the control system operation using binary search trees, which can grasp the state of the system when anomalies occur. We also apply combinatorial compression based on BDD (Binary Decision Diagram) to the model to speed up querying and identification of abnormalities. Based on the model designed in this study, we aim to construct a secured control system that selects and executes an appropriate fallback operation based on the state of the system when anomaly is detected.

Cyber Physical Systems (CPS), which contain devices to aid with physical infrastructure activities, comprise sensors, actuators, control units, and physical objects. CPS sends messages to physical devices to carry out computational operations. CPS mainly deals with the interplay among cyber and physical environments. The real-time network data acquired and collected in physical space is stored there, and the connection becomes sophisticated. CPS incorporates cyber and physical technologies at all phases. Cyber Physical Systems are a crucial component of Internet of Things (IoT) technology. The CPS is a traditional concept that brings together the physical and digital worlds inhabit. Nevertheless, CPS has several difficulties that are likely to jeopardise our lives immediately, while the CPS's numerous levels are all tied to an immediate threat, therefore necessitating a look at CPS security. Due to the inclusion of IoT devices in a wide variety of applications, the security and privacy of users are key considerations. The rising level of cyber threats has left current security and privacy procedures insufficient. As a result, hackers can treat every person on the Internet as a product. Deep Learning (DL) methods are therefore utilised to provide accurate outputs from big complex databases where the outputs generated can be used to forecast and discover vulnerabilities in IoT systems that handles medical data. Cyber-physical systems need anomaly detection to be secure. However, the rising sophistication of CPSs and more complex attacks means that typical anomaly detection approaches are unsuitable for addressing these difficulties since they are simply overwhelmed by the volume of data and the necessity for domain-specific knowledge. The various attacks like DoS, DDoS need to be avoided that impact the network performance. In this paper, an effective Network Cluster Reliability Model with enhanced security and privacy levels for the data in IoT for Anomaly Detection (NSRM-AD) using deep learning model is proposed. The security levels of the proposed model are contrasted with the proposed model and the results represent that the proposed model performance is accurate

Security attacks on sensor data can deceive a control system and force the physical plant to reach an unwanted and potentially dangerous state. Therefore, attack detection mechanisms are employed in cyber-physical control systems to detect ongoing attacks, the most prominent one being a threshold-based anomaly detection method called CUSUM. Literature defines the maximum impact of stealth attacks as the maximum deviation in the plant’s state that an undetectable attack can introduce, and formulates it as an optimization problem. This paper proposes an optimization-based attack with different saturation models, and it investigates how the attack duration significantly affects the impact of the attack on the state of the plant. We show that more dangerous attacks can be discovered when allowing saturation of the control system actuators. The proposed approach is compared with the geometric attack, showing how longer attack durations can lead to a greater impact of the attack while keeping the attack stealthy.

Container security has received much research attention recently. Previous work has proposed to apply various machine learning techniques to detect security attacks in containerized applications. On one hand, supervised machine learning schemes require sufficient labelled training data to achieve good attack detection accuracy. On the other hand, unsupervised machine learning methods are more practical by avoiding training data labelling requirements, but they often suffer from high false alarm rates. In this paper, we present SHIL, a self-supervised hybrid learning solution, which combines unsupervised and supervised learning methods to achieve high accuracy without requiring any manual data labelling. We have implemented a prototype of SHIL and conducted experiments over 41 real world security attacks in 28 commonly used server applications. Our experimental results show that SHIL can reduce false alarms by 39-91% compared to existing supervised or unsupervised machine learning schemes while achieving a higher or similar detection rate.

In the world of information technology and the Internet, which has become a part of human life today and is constantly expanding, Attention to the users' requirements such as information security, fast processing, dynamic and instant access, and costs savings has become essential. The solution that is proposed for such problems today is a technology that is called cloud computing. Today, cloud computing is considered one of the most essential distributed tools for processing and storing data on the Internet. With the increasing using this tool, the need to schedule tasks to make the best use of resources and respond appropriately to requests has received much attention, and in this regard, many efforts have been made and are being made. To this purpose, various algorithms have been proposed to calculate resource allocation, each of which has tried to solve equitable distribution challenges while using maximum resources. One of these calculation methods is the DRF algorithm. Although it offers a better approach than previous algorithms, it faces challenges, especially with time-consuming resource allocation computing. These challenges make the use of DRF more complex than ever in the low number of requests with high resource capacity as well as the high number of simultaneous requests. This study tried to reduce the computations costs associated with the DRF algorithm for resource allocation by introducing a new approach to using this DRF algorithm to automate calculations by machine learning and artificial intelligence algorithms (Autonomic Dominant Resource Fairness or A-DRF).

Unmanned autonomous vehicles (UAVs) have been receiving high interest lately due to their wide range of potential deployment options that can touch all aspects of our life and economy, such as transportation, delivery, healthcare, surveillance. However, UAVs have also introduced many new vulnerabilities and attack surfaces that can be exploited by cyberattacks. Due to their complexity, autonomous operations, and being relatively new technologies, cyberattacks can be persistent, complex, and can propagate rapidly to severely impact the main UAV functions such as mission management, support, processing operations, maneuver operations, situation awareness. Furthermore, such cyberattacks can also propagate among other UAVs or even their control stations and may even endanger human life. Hence, we need self-protection techniques with an autonomic management approach. In this paper we present our approach to implement self-protection of UAVs (SP-UAV) such that they can continue their critical functions despite cyberattacks targeting UAV operations or services. We present our design approach and implementation using a unified management interface based on three ports: Configuration, observer, and control ports. We have implemented the SP-UAV using C and demonstrated using different attack scenarios how we can apply autonomic responses without human involvement to tolerate cyberattacks against the UAV operations.

The service mesh is a dedicated infrastructure layer in a microservice architecture. It manages service-to-service communication within an application between decoupled or loosely coupled microservices (called services) without modifying their implementations. The service mesh includes APIs for security, traffic and policy management, and observability features. These features are enabled using a pre-defined configuration, which can be changed at runtime with human intervention. However, it has no autonomy to self-manage changes to the microservice application’s operational environment. A better configuration is one that can be customized according to environmental conditions during execution to protect the application from potential threats. This customization requires enabling self-protection mechanisms within the service mesh that evaluate the risk of environmental condition changes and enable appropriate configurations to defend the application from impending threats. In this paper, we design an assessment component into a service mesh that includes a security assurance case to define the threat model and dynamically assess the application given environment changes. We experiment with a demo application, Bookinfo, using an open-source service mesh platform, Istio, to enable self-protection. We consider certain parameters extracted from the service request as environmental conditions. We evaluate those parameters against the threat model and determine the risk of violating a security requirement for controlled and authorized information flow.

Resilience and antifragility under duress present significant challenges for autonomic and self-adaptive systems operating in contested environments. In such settings, the system has to continually plan ahead, accounting for either an adversary or an environment that may negate its actions or degrade its capabilities. This will involve projecting future states, as well as assessing recovery options, counter-measures, and progress towards system goals. For antifragile systems to be effective, we envision three self-* properties to be of key importance: self-exploration, self-learning and self-training. Systems should be able to efficiently self-explore – using adversarial search – the potential impact of the adversary’s attacks and compute the most resilient responses. The exploration can be assisted by prior knowledge of the adversary’s capabilities and attack strategies, which can be self-learned – using opponent modelling – from previous attacks and interactions. The system can self-train – using reinforcement learning – such that it evolves and improves itself as a result of being attacked. This paper discusses those visions and outlines their realisation in AWaRE, a cyber-resilient and self-adaptive multi-agent system.

OHODIN is an online extension for data streams of the kNN-based ODIN anomaly detection approach. It provides a detection-threshold heuristic that is based on extreme value theory. In contrast to sophisticated anomaly and novelty detection approaches the decision-making process of ODIN is interpretable by humans, making it interesting for certain applications. However, it is limited in terms of the underlying detection method. In this article, we present an extension of the OHODIN to further detection techniques to reinforce OHODIN capability of online data streams anomaly detection. We introduce the algorithm modifications and an experimental evaluation with competing state-of-the-art anomaly detection approaches.

Distributed computation and AI processing at the edge has been identified as an efficient solution to deliver real-time IoT services and applications compared to cloud-based paradigms. These solutions are expected to support the delay-sensitive IoT applications, autonomic decision making, and smart service creation at the edge in comparison to traditional IoT solutions. However, existing solutions have limitations concerning distributed and simultaneous resource management for AI computation and data processing at the edge; concurrent and real-time application execution; and platform-independent deployment. Hence, first, we propose a novel three-layer architecture that facilitates the above service requirements. Then we have developed a novel platform and relevant modules with integrated AI processing and edge computer paradigms considering issues related to scalability, heterogeneity, security, and interoperability of IoT services. Further, each component is designed to handle the control signals, data flows, microservice orchestration, and resource composition to match with the IoT application requirements. Finally, the effectiveness of the proposed platform is tested and have been verified.

Machine Learning (ML) models are now commonly used as components in systems. As any other component, ML components can produce erroneous outputs that may penalize system utility. In this context, self-adaptive systems emerge as a natural approach to cope with ML mispredictions, through the execution of adaptation tactics such as model retraining. To synthesize an adaptation strategy, the self-adaptation manager needs to reason about the cost-benefit tradeoffs of the applicable tactics, which is a non-trivial task for tactics such as model retraining, whose benefits are both context- and data-dependent.To address this challenge, this paper proposes a probabilistic modeling framework that supports automated reasoning about the cost/benefit tradeoffs associated with improving ML components of ML-based systems. The key idea of the proposed approach is to decouple the problems of (i) estimating the expected performance improvement after retrain and (ii) estimating the impact of ML improved predictions on overall system utility.We demonstrate the application of the proposed framework by using it to self-adapt a state-of-the-art ML-based fraud-detection system, which we evaluate using a publicly-available, real fraud detection dataset. We show that by predicting system utility stemming from retraining a ML component, the probabilistic model checker can generate adaptation strategies that are significantly closer to the optimal, as compared against baselines such as periodic retraining, or reactive retraining.

In the context of IoT (Internet of Things), Device Management (DM), i.e., remote administration of IoT devices, becomes essential to keep them connected, updated and secure, thus increasing their lifespan through firmware and configuration updates and security patches. Legacy DM solutions are adequate when dealing with home devices (such as Television set-top boxes) but need to be extended to adapt to new IoT requirements. Indeed, their manual operation by system administrators requires advanced knowledge and skills. Further, the static DM platform — a component above IoT platforms that offers advanced features such as campaign updates / massive operation management — is unable to scale and adapt to IoT dynamicity. To cope with this, this work, performed in an industrial context at Orange, proposes a self-adaptive architecture with runtime horizontal scaling of DM servers, with an autonomic Auto-Scaling Manager, integrating in the loop constraint programming for decision-making, validated with a meaningful industrial use-case.

Internet of Things (IoT) networks consist of small devices that use a wireless communication to monitor and possibly control the physical world. A common threat to such networks are jamming attacks, a particular type of denial of service attack. Current research highlights the need for the design of more effective and efficient anti-jamming techniques that can handle different types of attacks in IoT networks. In this paper, we propose DeMiJA, short for Detection and Mitigation of Jamming Attacks in IoT, a novel approach to deal with different jamming attacks in IoT networks. DeMiJA leverages architecture-based adaptation and the MAPE-K reference model (Monitor-Analyze-Plan-Execute that share Knowledge). We present the general architecture of DeMiJA and instantiate the architecture to deal with jamming attacks in the DeltaIoT exemplar. The evaluation shows that DeMiJA can handle different types of jamming attacks effectively and efficiently, with neglectable overhead.

Anomalous behaviour in subsystems of complex machines often affect overall performance even without failures. We devise unsupervised methods to detect times with degraded performance, and localize correlated signals, evaluated on a system with over 4000 monitored signals. From incidents comprising both downtimes and degraded performance, our approach localizes relevant signals within 1.2% of the parameter space.

Security and privacy are one of crucial factor in the area of information technology and iys applications. Ad-hoc network is a type of non-infrastructure wireless network that is more prone to be attacked and abused due to its properties. Deploying the ad-hoc network in vehicular environment needs the additional security consideration to prevent the attacks that can cause the serious harms like accidents, crashes and fatality of living being lives. In this paper we have explored analysis and requirements of the security solution for the ad hoc network under the vehicular environment. Different categories of threats, their risks are evaluated and then various issues related to deploying the security solutions are addressed by mentioning the proper security technologies and tools.

Key management for self-organized wireless ad-hoc networks using peer-to-peer (P2P) keys is the primary goal of this article (SOWANs). Currently, wireless networks have centralized security architectures, making them difficult to secure. In most cases, ad-hoc wireless networks are not connected to trusted authorities or central servers. They are more prone to fragmentation and disintegration as a result of node and link failures. Traditional security solutions that rely on online trusted authorities do not work together to protect networks that are not planned. With open wireless networks, anyone can join or leave at any time with the right equipment, and no third party is required to verify their identity. These networks are best suited for this proposed method. Each node can make, distribute, and revoke its keying material in this paper. A minimal amount of communication and computation is required to accomplish this task. So that they can authenticate one another and create shared keys, nodes in the self-organized version of the system must communicate via a secure side channel between the users' devices.

Wireless ad hoc networks are characterized by dynamic topology and high node mobility. Network attacks on wireless ad hoc networks can significantly reduce performance metrics, such as the packet delivery ratio from the source to the destination node, overhead, throughput, etc. The article presents an experimental study of an intrusion detection system prototype in mobile ad hoc networks based on machine learning. The experiment is carried out in a MANET segment of 50 nodes, the detection and prevention of DDoS and cooperative blackhole attacks are investigated. The dependencies of features on the type of network traffic and the dependence of performance metrics on the speed of mobile nodes in the network are investigated. The conducted experimental studies show the effectiveness of an intrusion detection system prototype on simulated data.

Vehicle Ad-Hoc Networks (VANETs) are a special type of Mobile Ad-Hoc Network (MANETs). In VANETs, a group of vehicles communicates with each other to transfer data without a need for a fixed infrastructure. In this paper, we compare the performance of two routing protocols: Ad-hoc on Demand Distance Vector protocol (AODV) and Destination-Sequenced Distance Vector protocol (DSDV) in VANETs. We measure the reliability of each protocol in the packet delivery.

This paper addresses the issues in managing group key among clusters in Mobile Ad hoc Networks (MANETs). With the dynamic movement of the nodes, providing secure communication and managing secret keys in MANET is difficult to achieve. In this paper, we propose a distributed secure broadcast stateless groupkey management framework (DSBS-GKM) for efficient group key management. This scheme combines the benefits of hash function and Lagrange interpolation polynomial in managing MANET nodes. To provide a strong security mechanism, a revocation system that detects and revokes misbehaviour nodes is presented. The simulation results show that the proposed DSBS-GKM scheme attains betterments in terms of rekeying and revocation performance while comparing with other existing key management schemes.

Vehicular Ad-hoc Networks (VANET) are capable of offering inter and intra-vehicle wireless communication among mobility aware computing systems. Nodes are linked by applying concepts of mobile ad hoc networks. VANET uses cases empower vehicles to link to the network to aggregate and process messages in real-time. The proposed paper addresses a security vulnerability known as Sybil attack, in which numerous fake nodes broadcast false data to the neighboring nodes. In VANET, mobile nodes continuously change their network topology and exchange location sensor-generated data in real time. The basis of the presented technique is source testing that permits the scalable identification of Sybil nodes, without necessitating any pre-configuration, which was conceptualized from a comparative analysis of preceding research in the literature.

Mobile Ad-hoc Networks (MANETs) have attracted lots of concerns with its widespread use. In MANETs, wireless nodes usually self-organize into groups to complete collaborative tasks and communicate with one another via public channels which are vulnerable to attacks. Group key management is generally employed to guarantee secure group communication in MANETs. However, most existing group key management schemes for MANETs still suffer from some issues, e.g., receiver restriction, relying on a trusted dealer and heavy certificates overheads. To address these issues, we propose a group key management scheme for MANETs based on an identity-based authenticated dynamic contributory broadcast encryption (IBADConBE) protocol which builds on an earlier work. Our scheme abandons the certificate management and does not need a trusted dealer to distribute a secret key to each node. A set of wireless nodes are allowed to negotiate the secret keys in one round while forming a group. Besides, our scheme is receiver-unrestricted which means any sender can flexibly opt for any favorable nodes of a group as the receivers. Further, our scheme satisfies the authentication, confidentiality of messages, known-security, forward security and backward security concurrently. Performance evaluation shows our scheme is efficient.

Vehicular Ad hoc Network (VANET) is an emerging technology that is used to provide communication between vehicle users. VANET provides communication between one vehicle node to another vehicle node, vehicle to the roadside unit, vehicle to pedestrian, and even vehicle to rail users. Communication between nodes should be very secure and confidential, Since VANET communicates through wireless mode, a malicious node may enter inside the communication zone to hack, inject false messages, and interrupt the communication. A strong protocol is necessary to detect malicious nodes and authenticate the VANET user to protect them from malicious attacks. In this paper, a fuzzy-based trust authentication scheme is used to detect malicious nodes with the Mamdani fuzzy Inference system. The parameter estimation, rules have been framed using MATLAB Mamdani Fuzzy Inference system to select a genuine node for data transmission.