Search Results (6)

In recent years, the evolution of cyber-attacks has exposed critical vulnerabilities in conventional defense mechanisms, particularly across national infrastructure systems such as power, transportation, and finance. Attackers are increasingly deploying persistent and sophisticated techniques to exfiltrate or manipulate sensitive data, surpassing static defense methods that depend on known vulnerabilities. This growing threat landscape underscores the urgent need for more advanced and adaptive defensive strategies to counter continuously evolving attack vectors. To address this challenge, this paper proposes a novel reinforcement learning-based optimization framework integrated with a Dynamic Heterogeneous Redundancy (DHR) architecture. Our approach uniquely utilizes reinforcement learning for the dynamic scheduling of encryption-layer configurations within the DHR framework, enabling adaptive adjustment of defense policies based on system status and threat progression. We evaluate the proposed system in a simulated adversarial environment, where reinforcement learning continuously adjusts encryption strategies and defense behaviors in response to evolving attack patterns and operational dynamics. Experimental results demonstrate that our method achieves a higher defense success rate while maintaining lower defense costs, thereby enhancing system resilience against cyber threats and improving the efficiency of defensive resource allocation. Full article

Cloud–edge collaboration industrial control systems (ICSs) face critical security and privacy challenges that existing dynamic heterogeneous redundancy (DHR) architectures inadequately address due to two fundamental limitations: event-triggered scheduling approaches that amplify common-mode escape impacts in resource-constrained environments, and insufficient privacy-preserving arbitration mechanisms for sensitive industrial data processing. In contrast to existing work that treats scheduling and privacy as separate concerns, this paper proposes a unified polymorphic heterogeneous security architecture that integrates hybrid event–time triggered scheduling with adaptive privacy-preserving arbitration, specifically designed to address the unique challenges of cloud–edge collaboration ICSs where both security resilience and privacy preservation are paramount requirements. The architecture introduces three key innovations: (1) a hybrid event–time triggered scheduling algorithm with credibility assessment and heterogeneity metrics to mitigate common-mode escape scenarios, (2) an adaptive privacy budget allocation mechanism that balances privacy protection effectiveness with system availability based on attack activity levels, and (3) a unified framework that organically integrates privacy-preserving arbitration with heterogeneous redundancy management. Comprehensive evaluations using natural gas pipeline pressure control and smart grid voltage control systems demonstrate superior performance: the proposed method achieves 100% system availability compared to 62.57% for static redundancy and 86.53% for moving target defense, maintains 99.98% availability even under common-mode attacks (${10}^{-2}$ probability), and consistently outperforms moving target defense methods integrated with state-of-the-art detection mechanisms (99.7790% and 99.6735% average availability when false data deviations from true values are 5% and 3%, respectively) across different attack detection scenarios, validating its effectiveness in defending against availability attacks and privacy leakage threats in cloud–edge collaboration environments. Full article

With more China railway business information systems migrating to the China Railway Cloud Center (CRCC), the attack surface is expanding and there are increasing security threats for the CRCC to deal with. Cyber Mimic Defense (CMD) technology, as an active defense strategy, can counter these threats by constructing a Dynamic Heterogeneous Redundancy (DHR) architecture. However, there are at least two challenges posed to the DHR deployment, namely, the limited number of available schedulable heterogeneous resources and memorization-based attacks. This paper aims to address these two challenges to improve the CRCC-DHR reliability and then facilitate the DHR deployment. By reliability, we mean that the CRCC-DHR with the limited number of available heterogeneous resources can effectively resist memorization-based attacks. We first propose three metrics for assessing the reliability of the CRCC-DHR architecture. Then, we propose an incomplete-information-based game model to capture the relationships between attackers and defenders. Finally, based on the proposed metrics and the captured relationship, we propose a redundant-heterogeneous-resources scheduling algorithm, called the Entropy Weight Scheduling Algorithm (REWS). We evaluate the capability of REWS with the three existing algorithms through simulations. The results show that REWS can achieve a better reliability than the other algorithms. In addition, REWS demonstrates a lower time complexity compared with the existing algorithms. Full article

Researchers have proposed the dynamic heterogeneous redundancy (DHR) architecture, which integrates dynamic, heterogeneous, redundant, and closed-loop feedback elements into the system, to fortify the reliability of the railway passenger service system (RPSS). However, there are at least two weaknesses with the common DHR architectures: (1) they need system nodes with enough computing and storage resources; (2) they have hardly considered the reliability of DHR architecture. To this end, this paper proposes a double-layer DHR (DDHR) architecture to ensure the reliability of RPSS. This architecture introduces a set of algorithms, which are optimized co-computation and ruling weight optimization algorithms for the data processing flow of the DDHR architecture. This set improves the reliability of the DDHR architecture. For the evaluation of the reliability of DDHR architecture, this paper also proposes two metrics: (1) Dynamic available similarity metric. This metric does not rely on the overall similarity of the double-layer redundant executor sets but evaluates the similarity of their performance under the specified interaction paths within a single scheduling cycle. The smaller its similarity, the higher its reliability. (2) Scheduling cycle under dual-layer similarity threshold. This metric evaluates the reliability of the RPSS under actual conditions by setting the schedulable similarity thresholds between the same and different layers of the dual-layer redundant executives in the scheduling process. Finally, analog simulation experiments and prototype system building experiments are carried out, whose numerical experimental results show that the DDHR architecture outperforms the traditional DHR architecture in terms of reliability and performance under different redundancy and dynamically available similarity thresholds, while the algorithmic complexity and multi-tasking concurrency performance are slightly weaker than that of the DHR architecture, but can be applied to the main operations of the RPSS in general. Full article

With the development of information technology, tremendous vulnerabilities and backdoors have evolved, causing inevitable and severe security problems in cyberspace. To fix them, the endogenous safety and security (ESS) theory and one of its practices, the Dynamic Heterogeneous Redundant (DHR) architecture, are proposed. In the DHR architecture, as an instance of the multi-heterogeneous system, a decision module is designed to obtain intermediate results from heterogeneous equivalent functional executors. However, privacy-preserving is not paid attention to in the architecture, which may cause privacy breaches without compromising the ESS theory. In this paper, based on differential privacy (DP), a theoretically rigorous privacy tool, we propose a privacy-preserving DHR framework called DP-DHR. Gaussian random noise is injected into each (online) executor output in DP-DHR to guarantee DP, but it also makes the decision module unable to choose the final result because each executor output is potentially correct even if it is compromised by adversaries. To weaken this disadvantage, we propose the advanced decision strategy and the hypersphere clustering algorithm to classify the perturbed intermediate results into two categories, candidates and outliers, where the former is closer to the correct value than the latter. Finally, the DP-DHR is proven to guarantee DP, and the experimental results also show that the utility is not sacrificed for the enhancement of privacy by much (a ratio of 4–7% on average), even in the condition of some executors (less than one-half) being controlled by adversaries. Full article

A seafloor observation network (SON) consists of a large number of heterogeneous devices that monitor the deep sea and communicate with onshore data centers. Due to the long-distance information transmission and the risk of malicious attacks, ensuring the integrity of data in transit is essential. A cryptographically secure frame check sequence (FCS) has shown great advantages in protecting data integrity. However, the commonly used FCS has a collision possibility, which poses a security risk; furthermore, reducing the encryption calculation cost is a challenge. In this paper, we propose a secure, lightweight encryption scheme for transmitted data inspired by mimic defense from dynamic heterogeneous redundancy theory. Specifically, we use dynamic keys to encrypt a data block and generate multiple encrypted heterogeneous blocks for transmission. These continuously changing encrypted data blocks increase the confusion regarding the original encoded data, making it challenging for attackers to interpret and modify the data blocks. Additionally, the redundant information from the multiple blocks can identify and recover tampered data. Our proposed scheme is suitable for resource-constrained environments where lightweight encryption is crucial. Through experimental demonstrations and analysis methods, we determine the effectiveness of our encryption scheme in reducing computational costs and improving security performance to protect data integrity. Full article