Open-Source Testbed to Evaluate the Cybersecurity of Phasor Measurement Units

Zimmermann, Markus Kenneth

22 June 2022

The Phasor Measurement Unit provides clear data for ease of grid visibility. A major component of the device is the Global Positioning System (GPS) for time synchronization across the board. However, this device has become more susceptible to cyber-attacks such as spoofing. This paper constructs an opensource testbed for the playback of PMU data and testing of cyberattacks on PMUs. Using a local GPS device to simulate what is done in the PMU, MATLAB for data conversion, and Linux operating system running on Ubuntu, the simulator can be constructed. The spoofing attack is done by adding a phase shift of the incoming data to simulate that the data is coming from a different time stamp and shifts between the original. Finally, it is all brought together by viewing the output in an open source Phasor Data Concentrator (PDC) to validate the process. / Master of Science / To monitor the bulk electrical grid, devices used to calculate at what level the grid is at and what point in time as well. These devices that are called Phasor Measurement Units and send this data to the control center for engineers to process and make decisions. Within each device is a Global Positioning System (GPS) to tell which device is sending data and at what time. The GPS device is what is susceptible to be entered by malicious individuals. To better prepare and prevent this, a testbed would be a good solution to test if the preventative measure works. However, the best of the best costs too much money, so the next best solution is an open source test bed that could be implemented anyway. The work in this paper constructs an opensource testbed and simulates a full GPS spoofing attack.

Phasor Measurement Unit (PMU)

Cyber-security

GPS Spoofing

Energy And Power Systems Simulated Attack Algorithm For Defense Testbed And Analysis

Ruttle, Zachary Andrew

31 May 2023

The power grid has evolved over the course of many decades with the usage of cyber systems and communications such as Supervisory Control And Data Acquisition (SCADA); however, due to their connectivity to the internet, the cyber-power system can be infiltrated by malicious attackers. Encryption is not a singular solution. Currently, there are several cyber security measures in development, including those based on artificial intelligence. However, there is a need for a varying but consistent attack algorithm to serve as a testbed for these AI or other practices to be trained and tested. This is important because in the event of a real attacker, it is not possible to know exactly where they will attack and in what order. Therefore, the proposed method in this thesis is to use criminology concepts and fuzzy logic inference to create this algorithm and determine its effectiveness in making decisions on a cyber-physical system model. The method takes various characteristics of the attacker as an input, builds their ideal target node, and then compares the nodes to the high-impact target and chooses one as the goal. Based on that target and their knowledge, the attackers will attack nodes if they have resources. The results show that the proposed method can be used to create a variety of attacks with varying damaging effects, and one other set of tests shows the possibility for multiple attacks, such as denial of service and false data injection. The proposed method has been validated using an extended cyber-physical IEEE 13-node distribution system and sensitivity tests to ensure that the ruleset created would take each of the inputs well. / Master of Science / For the last decades, information and communications technology has become more commonplace for electric power and energy systems around the world. As a result, it has attracted hackers to take advantage of the cyber vulnerabilities to attack critical systems and cause damage, e.g., the critical infrastructure for electric energy. The power grid is a wide-area, distributed infrastructure with numerous power plants, substations, transmission and distribution lines as well as customer facilities. For operation and control, the power grid needs to acquire measurements from substations and send control commands from the control center to substations. The cyber-physical system has its vulnerabilities that can be deployed by hackers to launch falsified measurements or commands. Much research is concerned with how to detect and mitigate cyber threats. These methods are used to determine if an attack is occurring, and, if so, what to do about it. However, for these techniques to work properly, there must be a way to test how the defense will understand the purpose and target of an actual attack, which is where the proposed modeling and simulation method for an attacker comes in. Using a set of values for their resources, motivation and other characteristics, the defense algorithm determines what the attacker's best target would be, and then finds the closest point on the power grid that they can attack. While there are still resources remaining based on the initial value, the attacker will keep choosing places and then execute the attack. From the results, these input characteristic values for the attacker can affect the decisions the attacker makes, and the damage to the system is reflected by the values too. This is tested by looking at the results for the high-impact nodes for each input value, and seeing what came out of it. This shows that it is possible to model an attacker for testing purposes on a simulation.

Cyber-Physical System Security

Power Systems

Fuzzy Inference System

Criminology

Mining Security Risks from Massive Datasets

Liu, Fang

09 August 2017

Cyber security risk has been a problem ever since the appearance of telecommunication and electronic computers. In the recent 30 years, researchers have developed various tools to protect the confidentiality, integrity, and availability of data and programs. However, new challenges are emerging as the amount of data grows rapidly in the big data era. On one hand, attacks are becoming stealthier by concealing their behaviors in massive datasets. One the other hand, it is becoming more and more difficult for existing tools to handle massive datasets with various data types. This thesis presents the attempts to address the challenges and solve different security problems by mining security risks from massive datasets. The attempts are in three aspects: detecting security risks in the enterprise environment, prioritizing security risks of mobile apps and measuring the impact of security risks between websites and mobile apps. First, the thesis presents a framework to detect data leakage in very large content. The framework can be deployed on cloud for enterprise and preserve the privacy of sensitive data. Second, the thesis prioritizes the inter-app communication risks in large-scale Android apps by designing new distributed inter-app communication linking algorithm and performing nearest-neighbor risk analysis. Third, the thesis measures the impact of deep link hijacking risk, which is one type of inter-app communication risks, on 1 million websites and 160 thousand mobile apps. The measurement reveals the failure of Google's attempts to improve the security of deep links. / Ph. D. / Cyber security risk has been a problem ever since the appearance of telecommunication and electronic computers. In the recent 30 years, researchers have developed various tools to prevent sensitive data from being accessed by unauthorized users, protect program and data from being changed by attackers, and make sure program and data to be available whenever needed. However, new challenges are emerging as the amount of data grows rapidly in the big data era. On one hand, attacks are becoming stealthier by concealing their attack behaviors in massive datasets. On the other hand, it is becoming more and more difficult for existing tools to handle massive datasets with various data types. This thesis presents the attempts to address the challenges and solve different security problems by mining security risks from massive datasets. The attempts are in three aspects: detecting security risks in the enterprise environment where massive datasets are involved, prioritizing security risks of mobile apps to make sure the high-risk apps being analyzed first and measuring the impact of security risks within the communication between websites and mobile apps. First, the thesis presents a framework to detect sensitive data leakage in enterprise environment from very large content. The framework can be deployed on cloud for enterprise and avoid the sensitive data being accessed by the semi-honest cloud at the same time. Second, the thesis prioritizes the inter-app communication risks in large-scale Android apps by designing new distributed inter-app communication linking algorithm and performing nearest-neighbor risk analysis. The algorithm runs on a cluster to speed up the computation. The analysis leverages each app’s communication context with all the other apps to prioritize the inter-app communication risks. Third, the thesis measures the impact of mobile deep link hijacking risk on 1 million websites and 160 thousand mobile apps. Mobile deep link hijacking happens when a user clicks a link, which is supposed to be opened by one app but being hijacked by another malicious app. Mobile deep link hijacking is one type of inter-app communication risks between mobile browser and apps. The measurement reveals the failure of Google’s attempts to improve the security of mobile deep links.

Cyber Security

Big Data Security

Mobile Security

Data Leakage Detection

The legal protection of e-consumers against e-commerce fraud in Malaysia

Razali, N.A.H., Wan Rosli, Wan R., Othman, M.B.

25 September 2023

Yes / In the past decade, E-commerce has developed and plays a vital role in our daily lives. However, fraud in E-commerce has increasingly become more prevalent and causes huge monetary loss, especially to E-consumers which usually results in them being unable to get what they have paid for. Fraudsters use various modus operandi to trick E-consumers such as displaying cheap goods via online platforms to induce them to pay for the goods. Despite considerable concerns about E-commerce fraud in Malaysia, the legislative sanction is still inadequate due to the deficiency of the existing legal framework. This paper examines the nature of E-commerce fraud, understand the modus operandi, and look into the legal protection afforded to E-consumers in Malaysia. It employs doctrinal content analysis and secondary data from the Malaysian Penal Code and the Communication and Multimedia Act 1998, academic journals, books, news articles and online databases. The authors contend that the lack of legal protection for E-consumers is due to the insufficiency of the law and the lack of awareness of the gravity of the such crime. Effective governance of fraud in E-commerce is imperative to facilitate prosecution and investigation and holistic protection for the victims of cyber fraud.

E-commerce

Cyber fraud

Consumer protection

E-commerce fraud

Cybercrime

Bipartite Network Model for Inferring Hidden Ties in Crime Data

Isah, Haruna, Neagu, Daniel, Trundle, Paul R.

08 1900

No / Certain crimes are difficult to be committed by individuals but carefully organised by group of associates and affiliates loosely connected to each other with a single or small group of individuals coordinating the overall actions. A common starting point in understanding the structural organisation of criminal groups is to identify the criminals and their associates. Situations arise in many criminal datasets where there is no direct connection among the criminals. In this paper, we investigate ties and community structure in crime data in order to understand the operations of both traditional and cyber criminals, as well as to predict the existence of organised criminal networks. Our contributions are twofold: we propose a bipartite network model for inferring hidden ties between actors who initiated an illegal interaction and objects affected by the interaction, we then validate the method in two case studies on pharmaceutical crime and underground forum data using standard network algorithms for structural and community analysis. The vertex level metrics and community analysis results obtained indicate the significance of our work in understanding the operations and structure of organised criminal networks which were not immediately obvious in the data. Identifying these groups and mapping their relationship to one another is essential in making more effective disruption strategies in the future.

Criminal groups

Datasets

Identification

Crime data

Cyber criminals

Machine Learning for Botnet Detection: An Optimized Feature Selection Approach

Lefoane, Moemedi, Ghafir, Ibrahim, Kabir, Sohag, Awan, Irfan U.

05 April 2022

Yes / Technological advancements have been evolving for so long, particularly Internet of Things (IoT) technology that has seen an increase in the number of connected devices surpass non IoT connections. It has unlocked a lot of potential across different organisational settings from healthcare, transportation, smart cities etc. Unfortunately, these advancements also mean that cybercriminals are constantly seeking new ways of exploiting vulnerabilities for malicious and illegal activities. IoT is a technology that presents a golden opportunity for botnet attacks that take advantage of a large number of IoT devices and use them to launch more powerful and sophisticated attacks such as Distributed Denial of Service (DDoS) attacks. This calls for more research geared towards the detection and mitigation of botnet attacks in IoT systems. This paper proposes a feature selection approach that identifies and removes less influential features as part of botnet attack detection method. The feature selection is based on the frequency of occurrence of the value counts in each of the features with respect to total instances. The effectiveness of the proposed approach is tested and evaluated on a standard IoT dataset. The results reveal that the proposed feature selection approach has improved the performance of the botnet attack detection method, in terms of True Positive Rate (TPR) and False Positive Rate (FPR). The proposed methodology provides 100% TPR, 0% FPR and 99.9976% F-score.

Botnet detection

Machine learning

Cyber attacks

Internet of Things

Network security

Cyber Risk Perception and Risk Prioritization Among Cyber Security Professionals

Naenfeldt, Christine

January 2024

Cyber security is a fast-paced field, and it is important to understand what factors might drive the cyber professionals’ perception of risk when prioritizing risks. While gender differences have been previously observed in risk perception of cyber risks among non-professionals, this thesis will also look at years of experience as another aspect. The purpose of this thesis is to explore the subjective risk perception and risk prioritization among cyber security professionals. It seeks to study their risk perception and prioritization when they are assessing two specific risks on a risk assessment scale (risk matrix) even if the risks are assigned the same risk score. In this thesis, two specific types of risks (Social Engineering and System Intrusion) have been chosen for the risk descriptions, due to their common nature of cyber-attacks. To answer the thesis’ formulated questions, a quantitative study in the form of a questionnaire has been distributed to cyber security professionals (n=70) through professional networking channels. The results in this thesis revealed no significant relationship between risk prioritization and gender, nor between risk prioritization and years of experience. Risk perception was measured by the method of Walpole and Wilson (2021). For three of the four subscales (Affect, Exposure, Susceptibility) the cyber professionals perceived Risk A (Social Engineering) as statistically significantly higher than Risk B (System Intrusion). The results also showed that for both women and men, Risk A was perceived statistically significantly higher/larger than Risk B. There are some results in this thesis that align with previous research, however some are also indicating opposing findings. Traditionally, risk perception studies have focused on non-experts, and it is important to further explore the risk perception among professionals within a field since risk perception in general and in cyber security could be influenced by knowledge, expertise, and experience.

cyber security

risk perception

Other Engineering and Technologies

Annan teknik

Collaboration platform for penetration tests enhanced with machine learning

Henareh, Roni, Höglund, Hjalmar

January 2024

Penetration tests are designed to assess the security of systems, requiring testers to efficiently share information and document findings. A collaboration platform that utilizes machine learning is hypothesized to enhance this process by automating data collection and reporting. We evaluate computer vision for data collection and analysis of penetration testing tools, aiming to alleviate manual reporting burdens and improve the effectiveness in penetration testing teams. The proposed solution integrates computer vision, neural networks and large language models to understand and analyze outputs from various penetration testing tools without manual log parsing. By comparing different tools and methods, this study aims to streamline collaboration during penetration tests and automate the collection of actionable data for penetration testers.

Cyber security

Machine learning

Computer vision

Penetration testing

Mathematics

Matematik

Cyber bullying : an evaluation of Florida's recent enactment

Williams, Alyssa

01 January 2010

The goal of this paper is to examine the efficiency of the cyber bullying provisions of Florida's Jeffrey Johnston Stand Up For All Students Act in deterring cyber bullying behavior. The study includes several subordinate goals to answer this question. The first is measuring the awareness of students about this law (whose behavior is the focus of the law), measuring the awareness of teachers and school officials of this law (who are to enforce this law), and measuring the awareness of legal professionals about the law (who will pursue the law in court). The study also seeks to determine the perceptions of cyber bullying and the laws governing the behavior in each of these groups. The research includes a study of neutralization of cyber bullying behavior and deterrence of the law. To do this, the study uses a mixed method approach to collect quantitative, qualitative, and legal data to answer these questions. Current research studies, survey data, and interviews are utilized in conjunction with an investigation of legislation and case law. Florida's statute is compared to three other anti-bullying state statutes (Arizona, Missouri, and Vermont) created to combat bullying and cyber bullying within their states. Case law is examined on a national basis to determine trends in cyber bullying litigation. Following analysis of the data, conclusions are drawn on the efficiency of the law and suggestions are made to improve the law's performance. Suggestions for future research are also made.

English Language and Literature

Immunology Inspired Detection of Data Theft from Autonomous Network Activity

Cochran, Theodore O.

01 April 2015

The threat of data theft posed by self-propagating, remotely controlled bot malware is increasing. Cyber criminals are motivated to steal sensitive data, such as user names, passwords, account numbers, and credit card numbers, because these items can be parlayed into cash. For anonymity and economy of scale, bot networks have become the cyber criminal’s weapon of choice. In 2010 a single botnet included over one million compromised host computers, and one of the largest botnets in 2011 was specifically designed to harvest financial data from its victims. Unfortunately, current intrusion detection methods are unable to effectively detect data extraction techniques employed by bot malware. The research described in this Dissertation Report addresses that problem. This work builds on a foundation of research regarding artificial immune systems (AIS) and botnet activity detection. This work is the first to isolate and assess features derived from human computer interaction in the detection of data theft by bot malware and is the first to report on a novel use of the HTTP protocol by a contemporary variant of the Zeus bot.

Information science

Computer science

botnet

classification

detection

exfiltration

immunology

malware

cyber crime

cyber criminals

Computer Sciences

Computer Security

Criminology