| 1. |
- Akbarian, Fatemeh, et al.
(författare)
-
A Security Framework in Digital Twins for Cloud-based Industrial Control Systems: Intrusion Detection and Mitigation
- 2021
-
Ingår i: 2021 26th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA ). - 9781728129891 - 9781728129907
-
Konferensbidrag (refereegranskat)abstract
- With the help of modern technologies and advances in communication systems, the functionality of Industrial control systems (ICS) has been enhanced leading toward to have more efficient and smarter ICS. However, this makes these systems more and more connected and part of a networked system. This can provide an entry point for attackers to infiltrate the system and cause damage with potentially catastrophic consequences. Therefore, in this paper, we propose a digital twin-based security framework for ICS that consists of two parts: attack detection and attack mitigation. In this framework we deploy an intrusion detection system in digital domain that can detect attacks in a timely manner. Then, using our mitigation method, we keep the system stable with acceptable performance during the attack. Additionally, we implement our framework on a real testbed and evaluate its capability by subjecting it to a set of attacks.
|
|
| 2. |
- Akbarian, Fatemeh, et al.
(författare)
-
Advanced algorithm to detect stealthy cyber attacks on automatic generation control in smart grid
- 2020
-
Ingår i: IET Cyber-Physical Systems: Theory and Applications. - : Institution of Engineering and Technology (IET). - 2398-3396. ; 5:4, s. 351-358
-
Tidskriftsartikel (refereegranskat)abstract
- One of the basic requirements of today's sophisticated world is the availability of electrical energy, and neglect of this matter may have irreparable damages such as an extensive blackout. The problems which were introduced about the traditional power grid, and also, the growing advances in smart technologies make the traditional power grid go towards smart power grid. Although widespread utilisation of telecommunication networks in smart power grid enhances the efficiency of the system, it will create a critical platform for cyber attacks and penetration into the system. Automatic generation control (AGC) is a fundamental control system in the power grid, and it is responsible for controlling the frequency of the grid. An attack on the data transmitted through the telecommunications link from the sensors to the AGC will cause frequency deviation, resulting in disconnection of the load, generators and ultimately global blackout. In this study, by using a Kalman filter and a proposed detector, a solution has been presented to detect the attack before it can affect the system. Contrary to existing methods, this method is able to detect attacks that are stealthy from the area control error signal and X2-detector. Simulations confirm the effectiveness of this method.
|
|
| 3. |
- Akbarian, Fatemeh, et al.
(författare)
-
Attack Resilient Cloud-Based Control Systems for Industry 4.0
- 2023
-
Ingår i: IEEE Access. - 2169-3536. ; 11, s. 27865-27882
-
Tidskriftsartikel (refereegranskat)abstract
- In recent years, since the cloud can provide tremendous advantages regarding storage and computing resources, the industry has been motivated to move industrial control systems to the cloud. However, the cloud also introduces significant security challenges since moving control systems to the cloud can enable attackers to infiltrate the system and establish an attack that can lead to damages and disruptions with potentially catastrophic consequences. Therefore, some security measures are necessary to detect these attacks in a timely manner and mitigate their impact. In this paper, we propose a security framework for cloud control systems that makes them resilient against attacks. This framework includes three steps: attack detection, attack isolation, and attack mitigation. We validate our proposed framework on a real testbed and evaluate its capability by subjecting it to a set of attacks. We show that our proposed solution can detect an attack in a timely manner and keep the plant stable, with high performance during the attack.
|
|
| 4. |
- Akbarian, Fatemeh
(författare)
-
Attack Resilient Cloud-based Industrial Control Systems
- 2022
-
Licentiatavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Industrial control systems (ICSs) are a significant part of industry and they play an important role in monitoring and controlling industrial processes. Traditionally, ICSs have been isolated from the Internet, and thereby secured from various Internet-based security threats. In recent years, since the cloud can provide huge advantages regarding storage and computing resources, industry has been motivated to move industrial control systems to the cloud. However, when ICSs are moved to the cloud, they are inevitably exposed to increasing security threats, which can lead to severe degradation of the system performance or system failures. Moving control systems to the cloud can enable attackers to infiltrate the system and establish an attack that can lead to damages and disruptions with potentially catastrophic consequences. Therefore, some security measures are necessary to detect these attacks in a timely manner and mitigate the impact of them. In the work presented in this thesis, we mainly explore the security challenges of cloud-based industrial control systems and we propose a security framework for these systems that can make them resilient against attacks. Our proposed framework includes attack detection methods that can detect attacks in a timely manner. Also, the framework includes mitigation methods that can mitigate the impact of the attack on the system when an attack has been detected. So, by using this framework, an industrial plant can be maintained operational with an acceptable performance during an attack. Our solutions are validated on a real testbed, where the capabilities are evaluated by subjecting the system to a set of attacks.
|
|
| 5. |
- Akbarian, Fatemeh, et al.
(författare)
-
Demonstration: A cloud-control system equipped with intrusion detection and mitigation
- 2021
-
Ingår i: The Conference on Networked Systems (NetSys 2021).
-
Konferensbidrag (refereegranskat)abstract
- The cloud control systems (CCs) are inseparable parts of industry 4.0. The cloud, by providing storage and computing resources, allows the controllers to evaluate complex problems that are too computationally demanding to perform locally. However, connecting physical systems to the cloud through the network can provide an entry point for attackers to infiltrate the system and cause damage with potentially catastrophic consequences. Hence, in this paper, we present a demo of our proposed security framework for CCs and demonstrate how it can detect attacks on this system quickly and mitigate them.
|
|
| 6. |
- Akbarian, Fatemeh, et al.
(författare)
-
Detecting and Mitigating Actuator Attacks on Cloud Control Systems through Digital Twins
- 2023
-
Ingår i: The 31st International Conference on Software, Telecommunications and Computer Networks (SoftCOM 2023). - 9798350301076
-
Konferensbidrag (refereegranskat)abstract
- Recently, the industry has been driven to move industrial control systems to the cloud due to the significant advantages it offers in terms of storage and computing resources. However, this shift also brings forth significant security challenges. By moving control systems to the cloud, the potential for attackers to infiltrate the system and launch damaging attacks increases. These attacks can result in severe disruptions and potentially catastrophic consequences. Hence, attack detection and mitigation mechanisms are crucial for cloud control systems. In this paper, we present an approach that leverages the digital twins concept and virtual actuator method to detect and mitigate deception attacks on control signals within cloud control systems. By conducting experiments on a real testbed and subjecting it to a set of attacks, we validate the effectiveness of our solution. Our proposed method successfully detects attacks in a timely manner and keeps the plant stable, with a good performance during the attack.
|
|
| 7. |
- Akbarian, Fatemeh, et al.
(författare)
-
Detection and mitigation of deception attacks on cloud-based industrial control systems
- 2022
-
Ingår i: 25th Conference on Innovation in Clouds, Internet and Networks (ICIN). - 9781728186887
-
Konferensbidrag (refereegranskat)abstract
- In recent years, because the cloud can provide huge advantages regarding storage and computing resources, industry has been motivated to move industrial control systems to the cloud. However, the cloud also introduces major security challenges, since moving control systems to the cloud can enable attackers to infiltrate the system and establish an attack that can lead to damages and disruptions with potentially catastrophic consequences. Therefore, intrusion detection and mitigation mechanisms are crucial for cloud-based industrial control systems. In this paper, we propose a method for detection and mitigation of deception attacks on actuator signals in cloud-based industrial control systems. We validate our solution on a real testbed and evaluate its capability by subjecting it to a set of attacks. Our proposed solution can detect the attack in a timely manner and keep the plant stable, with an acceptable performance during the attack.
|
|
| 8. |
- Akbarian, Fatemeh, et al.
(författare)
-
Intrusion Detection in Digital Twins for Industrial Control Systems
- 2020
-
Ingår i: 2020 International Conference on Software, Telecommunications and Computer Networks (SoftCOM). - 9789532900996
-
Konferensbidrag (refereegranskat)abstract
- Nowadays, the growth of advanced technologies is paving the way for Industrial Control Systems (ICS) and making them more efficient and smarter. However, this makes ICS more connected to communication networks that provide a potential platform for attackers to intrude into the systems and cause damage and catastrophic consequences. In this paper, we propose implementing digital twins that have been equipped with an intrusion detection algorithm. Our novel algorithm is able to detect attacks in a timely manner and also diagnose the type of attack by classification of different types of attacks. With digital twins, which are a new concept in ICS, we have virtual replicas of physical systems so that they precisely mirror the internal behavior of the physical systems. So by placing the intrusion detection algorithm in digital twins, security tests can be done remotely without risking negative impacts on live systems.
|
|
| 9. |
- Akbarian, Fatemeh
(författare)
-
Resilient Cloud Control: Securing, Adapting, and Thriving
- 2024
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- This thesis delves into integrating control systems into cloud environments, leading to the emergence of what is commonly referred to as cloud control systems (CCSs). These systems represent a paradigm shift, leveraging the cloud’s expansive storage and computing capabilities to optimize industrial operations. However, while promising in terms of efficiency and scalability, this transition introduces significant security and performance challenges. As adopting CCSs becomes more widespread across industries, addressing these vulnerabilities is crucial to prevent performance degradation and potential system failures. This work proposes comprehensive methodologies to bolster the resilience and operational efficiency of CCSs against such challenges.In the security domain, we introduce a robust framework to bolster the systems’ defenses against potential cyber-attacks. This includes implementing advanced detection techniques and mitigation strategies, ensuring the continuous operation of CCS amidst security threats. Our approach prioritizes safeguarding operational integrity without compromising the inherent advantages of cloud integration.Performance issues, particularly those arising from the latency in control signal execution and the geographical separation between cloud controllers and physical operations, are addressed through a novel framework. This framework is designed to compensate for these delays, enabling CCS to maintain optimal functionality and adapt to time-sensitive conditions, thereby mitigating the impact of distance and fluctuating control signals execution time.Additionally, the dynamic nature of cloud environments, characterized by variable workloads from numerous applications, poses a challenge to traditional control methods. We propose an adaptive approach to system setup, allowing CCS to adjust operational frequencies in response to fluctuating cloud workloads. This adaptive strategy ensures that CCS remains efficient and resilient, optimizing performance in a constantly changing cloud environment.The contributions of this thesis aim to empower industries to leverage the full potential of cloud technologies by integrating traditional control systems into the cloud seamlessly. By addressing the security and performance challenges inherent in this transition, we facilitate a more robust, efficient, and secure adoption of cloud control systems, unlocking new opportunities for innovation and operational excellence in various sectors.
|
|
| 10. |
- Akbarian, Fatemeh, et al.
(författare)
-
Resilient Cloud Control System: Dynamic Frequency Adaptation via Q-learning
- 2024
-
Ingår i: 27th Conference on Innovation in Clouds, Internet and Networks (ICIN). - 9798350393774 - 9798350393767
-
Konferensbidrag (refereegranskat)abstract
- Traditional control systems face challenges in managing high data loads and computing power, prompting the evolution of Cloud Control Systems (CCS)-a fusion of Networked Control Systems (NCS) and cloud computing. Despite offering manifold advantages, CCS encounters hurdles in navigating the dynamic cloud environment characterized by fluctuating workloads, rendering static frequency settings inefficient. Moreover, the optimal utilization of cloud resources poses a pivotal challenge within CCS operations. To address these, the paper proposes a resilient CCS by adapting system frequency dynamically. Leveraging Q-learning, the approach measures Round Trip Time (RTT) and system output errors, dynamically adjusting the system's frequency to minimize control costs, optimize performance within the dynamic cloud environment, and achieve resource frugality, minimizing resource usage. Through real testbed experiments, this paper evaluates and analyzes the effectiveness of the proposed method, aiming to establish an adaptive and efficient control framework aligned with evolving cloud dynamics.
|
|
