News Release 

Resilience against replay attacks in computer systems

Chinese Association of Automation

Research News

From power grids and telecommunications to water supply and financial systems, digital data controls the infrastructure systems on which society relies. These complex, multi-tier systems depend on layered communications to accomplish their tasks - yet every point of contact becomes a potential target, every path of information a potential weak spot for malicious actors to attack.

A team of researchers from the University of Calabria in Italy has developed the first predictive control scheme that can help distributed networks with multiple agents not only identify these attacks but also protect against them. Their approach was published in IEEE/CAA Journal of Automatica Sinica (Volume 8, Issue 3, March 2021).

"Modern systems have an increasing complex structure due to the large number of interacting agents aligned to accomplish specific tasks in a distributed fashion," said paper author Giuseppe Franzè, associate professor of control engineering in the Department of Informatics, Modeling, Electronics and System Engineering, University of Calabria. "The key result of the paper is that model predictive control strategies, properly adapted to multi-agent configurations, can address difficult scenarios such as the presence of intrusions such as replay attacks."

Replay attacks are difficult to identify because the malicious actor uses information already in the system. By stealing an account number or a permission string stolen from one transmission and using it on another agent - or even the agent who originally received the transmission - the actor can gain access or incite a specific action.

Franzè and his team applied a "receding horizon" model, that allows the researchers to predict what the system will look like in the future. By understanding what the system should look like, the model can identify when something unexpected occurs, like the resending of information.

"The receding horizon property allows us to consider the same structure of the optimization at each next time instant," Franzè said. "This means that if a problem is solvable at the initial time instant the same occurs in the future."

Importantly, according to Franzè, the strategy also offers protection by allowing the system to encapsulate in the moment before the attack, preserving communications until the attack can be successfully blocked.

"This low-demand model predictive control scheme is an efficient way to address unknown scenarios where external malicious agents affect normal system operations," Franzè said.

###

Reference

G. Franzè, F. Tedesco, and D. Famularo, "Resilience against replay attacks: A distributed model predictive control scheme for networked multi-agent systems," IEEE/CAA J. Autom. Sinica, vol. 8, no. 3, pp. 628-640, Mar. 2021.

http://www.ieee-jas.net/en/article/doi/10.1109/JAS.2020.1003542

IEEE/CAA Journal of Automatica Sinica aims to publish high-quality, high-interest, far-reaching research achievements globally, and provide an international forum for the presentation of original ideas and recent results related to all aspects of automation.

The first Impact Factor of IEEE/CAA Journal of Automatica Sinica is 5.129, ranking among Top 17% (11/63, SCI Q1) in the category of Automation & Control Systems, according to the latest Journal Citation Reports released by Clarivate Analytics in 2020. In addition, its latest CiteScore is 8.3, and has entered Q1 in all three categories it belongs to (Information System, Control and Systems Engineering, Artificial Intelligence) since 2018.

Why publish with us: Fast and high quality peer review; Simple and effective online submission system; Widest possible global dissemination of your research; Indexed in SCIE, EI, IEEE, Scopus, Inspec. JAS papers can be found at http://ieeexplore.ieee.org/xpl/mostRecentIssue.jsp?punumber=6570654 or http://www.ieee-jas.net

Disclaimer: AAAS and EurekAlert! are not responsible for the accuracy of news releases posted to EurekAlert! by contributing institutions or for the use of any information through the EurekAlert system.