The rapid growth of distributed generator(DG)capacities has introduced additional controllable assets to improve the performance of distribution systems in terms of service restoration.Renewable DGs are of particular ...The rapid growth of distributed generator(DG)capacities has introduced additional controllable assets to improve the performance of distribution systems in terms of service restoration.Renewable DGs are of particular interest to utility companies,but the stochastic nature of intermittent renewable DGs could have a negative impact on the electric grid if they are not properly handled.In this study,we investigate distribution system service restoration using DGs as the primary power source,and we develop an effective approach to handle the uncertainty of renewable DGs under extreme conditions.The distribution system service restoration problem can be described as a mixed-integer second-order cone programming model by modifying the radial topology constraints and power flow equations.The uncertainty of renewable DGs will be modeled using a chance-constrained approach.Furthermore,the forecast errors and noises in real-time operation are solved using a novel model-free control algorithm that can automatically track the trajectory of real-time DG output.The proposed service restoration strategy and model-free control algorithm are validated using an IEEE 123-bus test system.展开更多
The distributed denial of service (DDoS) attack is one of the dangers in intrusion modes. It's difficult to defense and can cause serious damage to the system. Based on a careful study of the attack principles and...The distributed denial of service (DDoS) attack is one of the dangers in intrusion modes. It's difficult to defense and can cause serious damage to the system. Based on a careful study of the attack principles and characteristics, an object-oriented formalized description is presented, which contains a three-level framework and offers full specifications of all kinds of DDoS modes and their features and the relations between one another. Its greatest merit lies in that it contributes to analyzing, checking and judging DDoS. Now this formalized description has been used in a special IDS and it works very effectively.(展开更多
Link flooding attack(LFA)is a type of covert distributed denial of service(DDoS)attack.The attack mechanism of LFAs is to flood critical links within the network to cut off the target area from the Internet.Recently,t...Link flooding attack(LFA)is a type of covert distributed denial of service(DDoS)attack.The attack mechanism of LFAs is to flood critical links within the network to cut off the target area from the Internet.Recently,the proliferation of Internet of Things(IoT)has increased the quantity of vulnerable devices connected to the network and has intensified the threat of LFAs.In LFAs,attackers typically utilize low-speed flows that do not reach the victims,making the attack difficult to detect.Traditional LFA defense methods mainly reroute the attack traffic around the congested link,which encounters high complexity and high computational overhead due to the aggregation of massive attack traffic.To address these challenges,we present an LFA defense framework which can mitigate the attack flows at the border switches when they are small in scale.This framework is lightweight and can be deployed at border switches of the network in a distributed manner,which ensures the scalability of our defense system.The performance of our framework is assessed in an experimental environment.The simulation results indicate that our method is effective in detecting and mitigating LFAs with low time complexity.展开更多
Various application domains require the integration of distributed real-time or near-real-time systems with non-real-time systems.Smart cities,smart homes,ambient intelligent systems,or network-centric defense systems...Various application domains require the integration of distributed real-time or near-real-time systems with non-real-time systems.Smart cities,smart homes,ambient intelligent systems,or network-centric defense systems are among these application domains.Data Distribution Service(DDS)is a communication mechanism based on Data-Centric Publish-Subscribe(DCPS)model.It is used for distributed systems with real-time operational constraints.Java Message Service(JMS)is a messaging standard for enterprise systems using Service Oriented Architecture(SOA)for non-real-time operations.JMS allows Java programs to exchange messages in a loosely coupled fashion.JMS also supports sending and receiving messages using a messaging queue and a publish-subscribe interface.In this article,we propose an architecture enabling the automated integration of distributed real-time and non-real-time systems.We test our proposed architecture using a distributed Command,Control,Communications,Computers,and Intelligence(C4I)system.The system has DDS-based real-time Combat Management System components deployed to naval warships,and SOA-based non-real-time Command and Control components used at headquarters.The proposed solution enables the exchange of data between these two systems efficiently.We compare the proposed solution with a similar study.Our solution is superior in terms of automation support,ease of implementation,scalability,and performance.展开更多
With the rapid development of the sixth generation(6G)network and Internet of Things(IoT),it has become extremely challenging to efficiently detect and prevent the distributed denial of service(DDoS)attacks originatin...With the rapid development of the sixth generation(6G)network and Internet of Things(IoT),it has become extremely challenging to efficiently detect and prevent the distributed denial of service(DDoS)attacks originating from IoT devices.In this paper we propose an innovative trust model for IoT devices to prevent potential DDoS attacks by evaluating their trustworthiness,which can be deployed in the access network of 6G IoT.Based on historical communication behaviors,this model combines spatial trust and temporal trust values to comprehensively characterize the normal behavior patterns of IoT devices,thereby effectively distinguishing attack traffic.Experimental results show that the proposed method can efficiently distinguish normal traffic from DDoS traffic.Compared with the benchmark methods,our method has advantages in terms of both accuracy and efficiency in identifying attack flows.展开更多
In unstructured peer-to-peer (P2P) systems such as Gnutella, a general routing search algorithm is used to blindly flood a query through network among peers. But unfortunately, malicious nodes could easily make use ...In unstructured peer-to-peer (P2P) systems such as Gnutella, a general routing search algorithm is used to blindly flood a query through network among peers. But unfortunately, malicious nodes could easily make use of the search approach launching distributed denial of service (DDoS) attack which aims at the whole network. In order to alleviate or minimize the bad effect due to behavior of malicious nodes using the flooding search mechanism, the paper proposes a Markov-based evaluation model which exerts the trust and reputation mechanism to computing the level of trustworthy of nodes having the information requested by evaluation of the nodes' history behavior. Moreover, it can differentiate malicious nodes as early as possible for isolating and controlling the ones' message transmitted. The simulation results of the algorithm proposed show that it could effectively isolate malicious nodes, and hold back the transmission of vicious messages so that it could enhance tolerance of DDoS based on flooding in Guutella-like P2P network.展开更多
In this paper,we focus on providing data provenance auditing schemes for distributed denial of service(DDoS)defense in intelligent internet of things(IoT).To achieve effective DDoS defense,we introduce a two-layer col...In this paper,we focus on providing data provenance auditing schemes for distributed denial of service(DDoS)defense in intelligent internet of things(IoT).To achieve effective DDoS defense,we introduce a two-layer collaborative blockchain framework to support data auditing.Specifically,using data scattered among intelligent IoT devices,switch gateways self-assemble a layer of blockchain in the local autonomous system(AS),and the main chain with controller participation can be aggregated by its associated layer of blocks once a cycle,to obtain a global security model.To optimize the processing delay of the security model,we propose a process of data pre-validation with the goal of ensuring data consistency while satisfying overhead requirements.Since the flood of identity spoofing packets,it is difficult to solve the identity consistency of data with traditional detection methods,and accountability cannot be pursued afterwards.Thus,we proposed a Packet Traceback Telemetry(PTT)scheme,based on in-band telemetry,to solve the problem.Specifically,the PTT scheme is executed on the distributed switch side,the controller to schedule and select routing policies.Moreover,a tracing probabilistic optimization is embedded into the PTT scheme to accelerate path reconstruction and save device resources.Simulation results show that the PTT scheme can reconstruct address spoofing packet forward path,reduce the resource consumption compared with existing tracing scheme.Data tracing audit method has fine-grained detection and feasible performance.展开更多
基金the National Renewable Energy Laboratory(NREL)operated by Alliance for Sustainable Energy,LLC,for the U.S.Department of Energy(DOE)under Contract No.DE-AC36-08GO28308the U.S.Department of Energy Office of Electricity AOP Distribution Grid Resilience Project.The views expressed in the article do not necessarily represent the views of the DOE or the U.S.Government.The U.S.Government retains and the publisher,by accepting the article for publication,acknowledges that the U.S.Government retains a nonexclusive,paid-up,irrevocable,worldwide license to publish or reproduce the published form of this work,or allow others to do so,for U.S.Government purposes.
文摘The rapid growth of distributed generator(DG)capacities has introduced additional controllable assets to improve the performance of distribution systems in terms of service restoration.Renewable DGs are of particular interest to utility companies,but the stochastic nature of intermittent renewable DGs could have a negative impact on the electric grid if they are not properly handled.In this study,we investigate distribution system service restoration using DGs as the primary power source,and we develop an effective approach to handle the uncertainty of renewable DGs under extreme conditions.The distribution system service restoration problem can be described as a mixed-integer second-order cone programming model by modifying the radial topology constraints and power flow equations.The uncertainty of renewable DGs will be modeled using a chance-constrained approach.Furthermore,the forecast errors and noises in real-time operation are solved using a novel model-free control algorithm that can automatically track the trajectory of real-time DG output.The proposed service restoration strategy and model-free control algorithm are validated using an IEEE 123-bus test system.
文摘The distributed denial of service (DDoS) attack is one of the dangers in intrusion modes. It's difficult to defense and can cause serious damage to the system. Based on a careful study of the attack principles and characteristics, an object-oriented formalized description is presented, which contains a three-level framework and offers full specifications of all kinds of DDoS modes and their features and the relations between one another. Its greatest merit lies in that it contributes to analyzing, checking and judging DDoS. Now this formalized description has been used in a special IDS and it works very effectively.(
基金supported in part by the National Key R&D Program of China under Grant 2018YFA0701601in part by the National Natural Science Foundation of China(Grant No.62201605,62341110,U22A2002)in part by Tsinghua University-China Mobile Communications Group Co.,Ltd.Joint Institute。
文摘Link flooding attack(LFA)is a type of covert distributed denial of service(DDoS)attack.The attack mechanism of LFAs is to flood critical links within the network to cut off the target area from the Internet.Recently,the proliferation of Internet of Things(IoT)has increased the quantity of vulnerable devices connected to the network and has intensified the threat of LFAs.In LFAs,attackers typically utilize low-speed flows that do not reach the victims,making the attack difficult to detect.Traditional LFA defense methods mainly reroute the attack traffic around the congested link,which encounters high complexity and high computational overhead due to the aggregation of massive attack traffic.To address these challenges,we present an LFA defense framework which can mitigate the attack flows at the border switches when they are small in scale.This framework is lightweight and can be deployed at border switches of the network in a distributed manner,which ensures the scalability of our defense system.The performance of our framework is assessed in an experimental environment.The simulation results indicate that our method is effective in detecting and mitigating LFAs with low time complexity.
文摘Various application domains require the integration of distributed real-time or near-real-time systems with non-real-time systems.Smart cities,smart homes,ambient intelligent systems,or network-centric defense systems are among these application domains.Data Distribution Service(DDS)is a communication mechanism based on Data-Centric Publish-Subscribe(DCPS)model.It is used for distributed systems with real-time operational constraints.Java Message Service(JMS)is a messaging standard for enterprise systems using Service Oriented Architecture(SOA)for non-real-time operations.JMS allows Java programs to exchange messages in a loosely coupled fashion.JMS also supports sending and receiving messages using a messaging queue and a publish-subscribe interface.In this article,we propose an architecture enabling the automated integration of distributed real-time and non-real-time systems.We test our proposed architecture using a distributed Command,Control,Communications,Computers,and Intelligence(C4I)system.The system has DDS-based real-time Combat Management System components deployed to naval warships,and SOA-based non-real-time Command and Control components used at headquarters.The proposed solution enables the exchange of data between these two systems efficiently.We compare the proposed solution with a similar study.Our solution is superior in terms of automation support,ease of implementation,scalability,and performance.
基金This work was supported in part by the National Key R&D Program of China under Grant 2020YFA0711301in part by the National Natural Science Foundation of China under Grant 61922049,and Grant 61941104in part by the Tsinghua University-China Mobile Communications Group Company Ltd.,Joint Institute.
文摘With the rapid development of the sixth generation(6G)network and Internet of Things(IoT),it has become extremely challenging to efficiently detect and prevent the distributed denial of service(DDoS)attacks originating from IoT devices.In this paper we propose an innovative trust model for IoT devices to prevent potential DDoS attacks by evaluating their trustworthiness,which can be deployed in the access network of 6G IoT.Based on historical communication behaviors,this model combines spatial trust and temporal trust values to comprehensively characterize the normal behavior patterns of IoT devices,thereby effectively distinguishing attack traffic.Experimental results show that the proposed method can efficiently distinguish normal traffic from DDoS traffic.Compared with the benchmark methods,our method has advantages in terms of both accuracy and efficiency in identifying attack flows.
基金Supported by the National Natural Science Foundation of China (No.6057312, 60473090)
文摘In unstructured peer-to-peer (P2P) systems such as Gnutella, a general routing search algorithm is used to blindly flood a query through network among peers. But unfortunately, malicious nodes could easily make use of the search approach launching distributed denial of service (DDoS) attack which aims at the whole network. In order to alleviate or minimize the bad effect due to behavior of malicious nodes using the flooding search mechanism, the paper proposes a Markov-based evaluation model which exerts the trust and reputation mechanism to computing the level of trustworthy of nodes having the information requested by evaluation of the nodes' history behavior. Moreover, it can differentiate malicious nodes as early as possible for isolating and controlling the ones' message transmitted. The simulation results of the algorithm proposed show that it could effectively isolate malicious nodes, and hold back the transmission of vicious messages so that it could enhance tolerance of DDoS based on flooding in Guutella-like P2P network.
基金supported by the Fundamental Research Funds under Grant 2021JBZD204 and 2022RC006in part by the National Natural Science Foundation of China under Grant 62201029in part by the China Postdoctoral Science Foundation under Grant Grant BX20220029 and 2022M710007.
文摘In this paper,we focus on providing data provenance auditing schemes for distributed denial of service(DDoS)defense in intelligent internet of things(IoT).To achieve effective DDoS defense,we introduce a two-layer collaborative blockchain framework to support data auditing.Specifically,using data scattered among intelligent IoT devices,switch gateways self-assemble a layer of blockchain in the local autonomous system(AS),and the main chain with controller participation can be aggregated by its associated layer of blocks once a cycle,to obtain a global security model.To optimize the processing delay of the security model,we propose a process of data pre-validation with the goal of ensuring data consistency while satisfying overhead requirements.Since the flood of identity spoofing packets,it is difficult to solve the identity consistency of data with traditional detection methods,and accountability cannot be pursued afterwards.Thus,we proposed a Packet Traceback Telemetry(PTT)scheme,based on in-band telemetry,to solve the problem.Specifically,the PTT scheme is executed on the distributed switch side,the controller to schedule and select routing policies.Moreover,a tracing probabilistic optimization is embedded into the PTT scheme to accelerate path reconstruction and save device resources.Simulation results show that the PTT scheme can reconstruct address spoofing packet forward path,reduce the resource consumption compared with existing tracing scheme.Data tracing audit method has fine-grained detection and feasible performance.
