applsci-logo

Journal Browser

Journal Browser

Advances in Attack Detection and Secure State Estimation for Cyber–Physical Systems (CPS)

A special issue of Applied Sciences (ISSN 2076-3417). This special issue belongs to the section "Computing and Artificial Intelligence".

Deadline for manuscript submissions: 31 March 2025 | Viewed by 8985

Special Issue Editor

College of Information Science and Engineering, Northeastern University, Shenyang 110819, China
Interests: cyber-physical systems; CPS; secure state estimation; attack detection; artificial intelligent
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

Dear Colleagues,

Cyber–physical systems (CPS) are sophisticated networks that integrate computational and physical elements, enabling a seamless interaction between digital and real-world environments. Due to their growing role in vital infrastructures, from healthcare to transportation, researchers in various sectors have become increasingly interested in them. Attack detection is crucial as it enables the early identification of any cyber threats or malicious activities aimed at disrupting the normal operation of CPS. On the other hand, secure state estimation is the process of accurately assessing the current state of the system while ensuring its confidentiality and integrity. They are both essential in CPS. The aim of this Special Issue is to create a focused platform for discourse and progress surrounding the enhancement of attack detection and secure state estimation in cyber–physical systems (CPS). We seek to propel the development and application of innovative methodologies, ensuring the security and safety of CPS against evolving cyber threats.

The scope of this Special Issue includes (but is not limited to) the following topics:

  • Security in CPS;
  • Attack detection for CPS;
  • Attack identification for CPS;
  • Secure state estimation techniques in CPS;
  • Vulnerability analysis for CPS;
  • Data integrity and security in CPS state estimation;
  • Model-based and data-based security techniques for CPS;
  • Remote state estimation under cyber attacks;
  • Resilience enhancement of CPS against cyber attacks;
  • Data integrity and security in CPS state estimation.

Dr. Anyang Lu
Guest Editor

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Applied Sciences is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • cyber-physical systems
  • attack detection
  • attack identification
  • secure state estimation
  • cyber attacks
  • data integrity
  • data security

Benefits of Publishing in a Special Issue

  • Ease of navigation: Grouping papers by topic helps scholars navigate broad scope journals more efficiently.
  • Greater discoverability: Special Issues support the reach and impact of scientific research. Articles in Special Issues are more discoverable and cited more frequently.
  • Expansion of research network: Special Issues facilitate connections among authors, fostering scientific collaborations.
  • External promotion: Articles in Special Issues are often promoted through the journal's social media, increasing their visibility.
  • e-Book format: Special Issues with more than 10 articles can be published as dedicated e-books, ensuring wide and rapid dissemination.

Further information on MDPI's Special Issue polices can be found here.

Published Papers (6 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

20 pages, 28798 KiB  
Article
Analysis of Cryptographic Algorithms to Improve Cybersecurity in the Industrial Electrical Sector
by Francisco Alonso, Benjamín Samaniego, Gonzalo Farias and Sebastián Dormido-Canto
Appl. Sci. 2024, 14(7), 2964; https://doi.org/10.3390/app14072964 - 31 Mar 2024
Viewed by 1371
Abstract
This article provides a general overview of the communication protocols used in the IEC61850 standard for the automation of electrical substations. Specifically, it examines the GOOSE and R-GOOSE protocols, which are used for exchanging various types of information. The article then presents real [...] Read more.
This article provides a general overview of the communication protocols used in the IEC61850 standard for the automation of electrical substations. Specifically, it examines the GOOSE and R-GOOSE protocols, which are used for exchanging various types of information. The article then presents real cases of cyber attacks on the industrial sector, highlighting the importance of addressing cybersecurity in the IEC61850 standard. The text presents security drawbacks of the communication protocols mentioned earlier and briefly explains two algorithms defined in the IEC61850 standard to address them. However, the authors suggest that having only a couple of algorithms may not be sufficient to ensure digital security in substations. This article presents a study on the cryptographic algorithms ChaCha20 and Poly1305. The purpose of the study is to experimentally verify their adaptation to the strict time requirements that GOOSE must meet for their operation. These algorithms can operate independently or in combination, creating an Authenticated Encryption with Associated Data (AEAD) algorithm. Both algorithms were thoroughly reviewed and tested using GOOSE and R-GOOSE frames generated by the S-GoSV software. The computational time required was also observed. The frames were analysed using the Wireshark software. It was concluded that the algorithms are suitable for the communication requirements of electrical substations and can be used as an alternative to the cryptographic algorithms proposed under the IEC61850 standard. Full article
Show Figures

Figure 1

16 pages, 231 KiB  
Article
Analysing the Performance of a Trust-Based AODV in the Presence of a Flooding Attack
by Ali Alzahrani and Nigel Thomas
Appl. Sci. 2024, 14(7), 2874; https://doi.org/10.3390/app14072874 - 29 Mar 2024
Viewed by 850
Abstract
Mobile ad hoc networks (MANETs) are wireless multi-hop networks that do not rely on any fixed infrastructure, unlike traditional networks. Nodes in MANETs are formed dynamically and are free to move in any direction at variable speeds. The special characteristics of MANETs make [...] Read more.
Mobile ad hoc networks (MANETs) are wireless multi-hop networks that do not rely on any fixed infrastructure, unlike traditional networks. Nodes in MANETs are formed dynamically and are free to move in any direction at variable speeds. The special characteristics of MANETs make them vulnerable to flooding attacks, which can have a negative impact on their performance. Moreover, due to their nature, employing solutions designed for traditional networks is not feasible. One potential solution to enhance the performance of MANETs in the face of network attacks is to implement trust management. This paper evaluates the performance of Ad hoc On-Demand Distance Vector (AODV) Routing in the presence of a flooding attack. We propose a direct trust management scheme to detect and isolate malicious nodes and implement this scheme on AODV. We name the modified protocol Trusted AODV (TAODV) and, finally, compare the performance of AODV and TAODV when both are under a flooding attack to measure the improvement achieved by our suggested scheme. Full article
Show Figures

Figure 1

24 pages, 5419 KiB  
Article
GENICS: A Framework for Generating Attack Scenarios for Cybersecurity Exercises on Industrial Control Systems
by InSung Song, Seungho Jeon, Donghyun Kim, Min Gyu Lee and Jung Taek Seo
Appl. Sci. 2024, 14(2), 768; https://doi.org/10.3390/app14020768 - 16 Jan 2024
Cited by 3 | Viewed by 2073
Abstract
Due to the nature of the industrial control systems (ICS) environment, where process continuity is essential, intentionally initiating a cyberattack to check security controls can cause severe financial and human damage to the organization. Therefore, most organizations operating ICS environments check their level [...] Read more.
Due to the nature of the industrial control systems (ICS) environment, where process continuity is essential, intentionally initiating a cyberattack to check security controls can cause severe financial and human damage to the organization. Therefore, most organizations operating ICS environments check their level of security through simulated cybersecurity exercises. For these exercises to be effective, high-quality cyberattack scenarios that are likely to occur in the ICS environment must be assumed. Unfortunately, many organizations use limited attack scenarios targeting essential digital assets, leading to ineffective response preparedness. To derive high-quality scenarios, there is a need for relevant attack and vulnerability information, and standardized methods for creating and evaluating attack scenarios in the ICS context. To meet these challenges, we propose GENICS, an attack scenario generation framework for cybersecurity training in ICS. GENICS consists of five phases: threat analysis, attack information identification, modeling cyberattack scenarios, quantifying cyberattacks, and generating scenarios. The validity of GENICS was verified through a qualitative study and case studies on current attack scenario-generating methods. GENICS ensures a systematic approach to generate quantified, realistic attack scenarios, thereby significantly enhancing cybersecurity training in ICS environments. Full article
Show Figures

Figure 1

15 pages, 336 KiB  
Article
AICrit: A Design-Enhanced Anomaly Detector and Its Performance Assessment in a Water Treatment Plant
by Gauthama Raman and Aditya Mathur
Appl. Sci. 2023, 13(24), 13124; https://doi.org/10.3390/app132413124 - 9 Dec 2023
Cited by 1 | Viewed by 1130
Abstract
Critical Infrastructure Security Showdown 2021—Online (CISS2021-OL) represented the fifth run of iTrust’s international technology assessment exercise. During this event, researchers and experts from the industry evaluated the performance of technologies designed to detect and mitigate real-time cyber-physical attacks launched against the operational iTrust [...] Read more.
Critical Infrastructure Security Showdown 2021—Online (CISS2021-OL) represented the fifth run of iTrust’s international technology assessment exercise. During this event, researchers and experts from the industry evaluated the performance of technologies designed to detect and mitigate real-time cyber-physical attacks launched against the operational iTrust testbeds and digital twins. Here, we summarize the performance of an anomaly detection mechanism, named AICrit, that was used during the exercise. AICrit utilizes the plant’s design to determine the models to be created using machine learning, and hence is referred to as a “design-enhanced” anomaly detector. The results of the validation in this large-scale exercise reveal that AICrit successfully detected 95.83% of the 27 launched attacks. Our analysis offers valuable insights into AICrit’s efficiency in detecting process anomalies in a water treatment plant under a continuous barrage of cyber-physical attacks. Full article
Show Figures

Figure 1

15 pages, 1855 KiB  
Article
ResADM: A Transfer-Learning-Based Attack Detection Method for Cyber–Physical Systems
by Huan Wang, Haifeng Zhang, Lei Zhu, Yan Wang and Junyi Deng
Appl. Sci. 2023, 13(24), 13019; https://doi.org/10.3390/app132413019 - 6 Dec 2023
Cited by 2 | Viewed by 1442
Abstract
Deep learning has proven to be effective for enhancing the accuracy and efficiency of attack detection through training with large sample sizes. However, when applied to cyber–physical systems (CPSs), it still encounters challenges such as scarcity of attack samples, the difficulty of selecting [...] Read more.
Deep learning has proven to be effective for enhancing the accuracy and efficiency of attack detection through training with large sample sizes. However, when applied to cyber–physical systems (CPSs), it still encounters challenges such as scarcity of attack samples, the difficulty of selecting features for high-dimensional data, and weak model-generalization ability. In response, this paper proposes ResADM, a transfer-learning-based attack detection method for CPSs. Firstly, an intentional sampling method was employed to construct different sets of samples for each class, effectively balancing the distribution of CPS-attack samples. Secondly, a feature-selection method based on importance was designed to extract the meaningful features from attack behaviors. Finally, a transfer-learning network structure based on ResNet was constructed, and the training parameters of the source model were optimized to form the network-attack detection method. The experimental results demonstrated that ResADM effectively balanced the data classes and extracted 32-dimensional attack-behavior features. After pre-training on the UNSW-NB15 dataset, ResADM achieved a detection accuracy of up to 99.95% for attack behavior on the CICIDS2017 dataset, showcasing its strong practicality and feasibility. Full article
Show Figures

Figure 1

26 pages, 1157 KiB  
Article
Event-Based Security Control for Markov Jump Cyber–Physical Systems under Denial-of-Service Attacks: A Dual-Mode Switching Strategy
by Mingke Gao, Zhiqiang Li, Tao Pang, Hong Xu and Siji Chen
Appl. Sci. 2023, 13(21), 11815; https://doi.org/10.3390/app132111815 - 29 Oct 2023
Cited by 1 | Viewed by 1054
Abstract
This paper studies the design of dual-mode resilient event-triggered control strategy for Markov jump cyber–physical systems (MJCPSs) under denial-of-service (DoS) attacks. Firstly, a novel resilient event-triggering scheme dependent on the DoS signal is developed to select the corresponding control protocol based on the [...] Read more.
This paper studies the design of dual-mode resilient event-triggered control strategy for Markov jump cyber–physical systems (MJCPSs) under denial-of-service (DoS) attacks. Firstly, a novel resilient event-triggering scheme dependent on the DoS signal is developed to select the corresponding control protocol based on the current network quality of services. Particularly, the potential relationship between the triggering signal and system mode under DoS attacks is discussed, aiming to eliminate both Zeno behavior and singular triggering behavior by calculating the minimum and maximum data update rates. Then, we design an event-based dual-mode security controller to ensure that the closed-loop system has stochastic stability and good robust H performance under DoS attacks. By constructing a Lyapunov–Krasovskii functional which depends on the lower and upper bounds of time delay, sufficient conditions for the existence of dual-mode security controller gains and resilient triggering parameters are presented with the LMI form. Finally, simulation results show that the proposed security control strategy has good robustness against DoS attacks. Full article
Show Figures

Figure 1

Back to TopTop