Introduction and background
Related work, concept, and impact of FDIA
Survey data | Rahman and Venayagamoorthy (2018) | Liang et al. (2017) | Wang et al. (2019) | Wang 2 et al. (2013) | Deng et al. (2017) | Our work |
---|---|---|---|---|---|---|
Structured | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
Unstructured | ✘ | ✘ | ✘ | ✘ | ✘ | ✔ |
Survey application | Rahman and Venayagamoorthy (2018) | Liang et al. (2017) | Wang et al. (2019) | Wang 2 et al. (2013) | Deng et al. (2017) | Our Work |
Healthcare | ✘ | ✘ | ✘ | ✘ | ✘ | ✔ |
Finance | ✘ | ✘ | ✘ | ✘ | ✘ | ✔ |
Governance | ✘ | ✘ | ✘ | ✘ | ✘ | ✔ |
Defense | ✘ | ✘ | ✘ | ✘ | ✘ | ✔ |
Smart grid | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
Survey evaluation | Rahman and Venayagamoorthy (2018) | Liang et al. (2017) | Wang et al. (2019) | Wang 2 et al. (2013) | Deng et al. (2017) | Our work |
Metrics | ✘ | ✘ | ✘ | ✘ | ✘ | ✔ |
Datasets | ✘ | ✘ | ✘ | ✘ | ✘ | ✔ |
- Deletion of data from original dataset, \( D_{i,j} \).
- Change of the data in the original dataset, \( D_{i,j} \).
- Addition of fake data to the original dataset, \( D_{i,j} \).
- Incorrect healthcare diagnosis: Many smart medical devices today contain sensors. Twisting sensor readings and thus injecting false data could lead to wrong diagnosis. Incorrect blood pressure reading or heart rate due to FDIA would lead to unwanted treatment and thus, the patient’s health could be seriously jeopardized.
- Illegal insurance claim: If a malicious entity falsely injects surgery data for which the associated expenditure would be covered by the insurance provider/company, then even without undergoing surgery, a patient can get paid or can claim payment. Hence, injection of such falsified healthcare records can force the insurance company to unnecessarily pay bills for illegitimate or incorrect data. Since most of the insurance providers are now using online portals to process these claims (in Fig. 5, a generic framework is shown for health insurance claims), it is much easier for the hackers to launch FDIA for quick monetary benefit.×
- Mission critical factors: During a complicated surgery, the surgeons heavily depend on the data such as blood pressure, pulse, heart rate, body temperature, etc. shown on the devices attached to the patient. Any minuscule variation of these data by the hackers may cause loss of life. High value targets like national leaders, influencers, politicians, activists, scholars, and so on can be victims of assassination by such injection of false data. When we talk about Internet-based or e-Healthcare or remote surgery or such CAS (using cyberspace) with some futuristic vision, FDIA cannot be ruled out anyway.
- Wrong credit analysis: A loan application can be mistreated if the credit score of the applicant is manipulated by the hackers. Bank will be misled, and the applicant will be the victim of FDIA.
- Medical imaging: Huge amount of medical imaging data can be generated in modern healthcare facilities. As an example, the dental scan helps the dentists understand the position of any anomalous wisdom tooth. If the hacker changes the image, both the dentist and patient will face unexpected outcome (Ahmed 2019). Likewise, for detection of cancerous lumps and accurate medical surgery, false image or distorted image could really threaten the patient’s life.
- Defense operations: In military operations, drones or unmanned aerial vehicles (UAVs) are frequently used for reconnaissance and taking out targets. However, if these drones are hacked by FDIA, the drone user party will get bogus intelligence and it might cause serious irreparable damage. In fact, sensors are heavily involved in the data collection process in many applications that use drones. False sensor values can lead to false intelligence leading to catastrophic military decisions.
- Misleading academic portfolio: A hacker can manipulate the grades or academic history of students and the forged academic portfolio could create chaos in both academic institutions and in the employers’ organizations. An example of such case was shown in a famous television serial, ‘Suits’.
- Governance manipulation: Recent cyber(s) attack on Australian parliament (Packham 2019) is an eye opener to renew the interests in cybersecurity, especially focusing on FDIA. A successful FDIA may have serious consequence both on national and international scale. Especially, in terms of foreign affairs, things might get worse.
Methods and countermeasures to defend against FDIA
Key methods for various countermeasures
- Deep learning (Ahmed and Islam 2020) is utilized to learn the FDIA characteristics from the historical data and the learned features are used to identify FDIA. The proposed convolutional deep belief network can detect unobserved FDIA in real-time by exploring the temporal behaviors (Ahmed and Ullah 2018; He et al. 2017).
- Kullback-leibler distance (KLD) is exploited to distinguish between normal measurements and false data injected measurements. Larger KLD reflects variation in probability distributions of the measurements from historical data (Chaojun et al. 2015).
- Sparse optimization is considered to be a solution for FDIA detection. To identify such an attack, the combination of a nuclear norm minimization and low rank matrix factorization can be used (Liu et al. 2014). The nuclear norm minimization is usually used for approximation of the matrix rank by shrinking all singular values equally. The computation operations for singular value decomposition would become quite expensive when matrix size and rank increase. Low rank matrix factorization approach can help improve the scalability and solve large-scale problems of malicious attacks detection.
- Colored gaussian noise is used to create a model with autoregressive process for fighting FDIA (Tang et al. 2016). This model estimates the state of power transmission networks and develops a Generalized Likelihood Ratio Test (GLRT) to identify any such attack.
- Spatio-temporal correlations among the smart grid components are counted as a metric to identify FDIA in real time (Chaojun et al. 2015). To evaluate the integrity of state estimations, the spatio-temporal correlations for cyber state and trust-based voting are given priority.
- Hop-by-Hop authentication schemes are developed as part of the FDIA countermeasure (Zhu et al. 2007). When the number of compromised nodes exceeds a pre-defined threshold, the base station should be able to identify the presence of FDIA. These schemes facilitate an optimized approach to identify and neutralize FDIA.
- Time-invariant gaussian control system is a linear FDIA identification method. Since the FDIA can create instability in the smart grid environment by bypassing the detection mechanism, the time-invariant Gaussian method is quite helpful in terms of identifying such stealthy cyber attacks (Mo and Sinopoli 2010).
- Incomplete information is considered to be an identifying characteristic of FDIA (Rahman and Mohsenian-Rad 2012). The mathematical model can reflect the characteristics of FDIA with incomplete information and a metric for vulnerability measurement can rank different power grid topologies. Thus, the FDIA with incomplete information can be identified using the combination of mathematical model and vulnerability metric.
- Kalman filter can also be an effective method to detect FDIA (Manandharet al. 2014). The experimental study shows that the usage of Euclidean distance metric with Kalman filter helps identify FDIA better than many other metrics.
- Public key cryptography is another useful solution to identify FDIA (Shen 2016; Azad and Pathan2014). Among different public key cryptography algorithms, McEliece public key system can guard the integrity of the smart grid data measurements and nullify the impact of FDIA. However, the usage of such cryptographic algorithm comes with some computational complexity.
- Blockchain (Ahmed 2019; Ahmed and Pathan 2020) has been recently used to create a shield and protect the data authenticity. It is shown that the use of blockchain based security framework can safeguard the healthcare images from false image injection attacks. Due to the decentralized nature, cryptographic authentication and consensus mechanisms, in many cases, blockchain based security frameworks can fight back the FDIAs better than any other techniques.
Lack of benchmark datasets
- Rare (“when a particular data instance deviates from the normal pattern of the dataset”,
- Collective (“when a collection of similar data instances behaves anomalously with respect to the entire dataset”), and.
- Contextual (“when a data instance behaves anomalously in a particular context”).
Dataset | Rare | Collective | Contextual |
---|---|---|---|
KDD Cup 1999 | ✔ | ✔ | ✔ |
UNSW-NB15 | ✔ | ✔ | ✖ |
TCP | ✔ | ✖ | ✖ |
BNT | ✔ | ✖ | ✖ |
ISCX | ✔ | ✖ | ✖ |
Kyoto | ✔ | ✖ | ✖ |
Moore | ✔ | ✖ | ✖ |
WTP | ✔ | ✖ | ✖ |
MI | ✔ | ✖ | ✖ |
MO | ✔ | ✖ | ✖ |
SI | ✔ | ✖ | ✖ |
SO | ✔ | ✖ | ✖ |
Sim1 | ✔ | ✖ | ✖ |
Sim2 | ✔ | ✖ | ✖ |
Proposed new evaluation metrics for FDIA countermeasures
- Metric 1—Vulnerability Identification (VI): This metric refers to vulnerabilities by which the attacker gains access to the system or network to inject false data. For example, there might be multiple vulnerabilities, by exploiting which, the attacker gains illegal access as a case shown in Fig. 3. A robust countermeasure for FDIA should be able to identify these vulnerabilities. Therefore, this metric will judge the credibility of such approaches. It can be mathematically represented as Eq. (2), where VI stands for Vulnerability Identification, DV stands for Detected Vulnerability, and TV reflects the Total number of Vulnerabilities to compromise the system or network to gain access. Therefore, the higher the value of VI, the better the FDIA countermeasure; e.g., if there are three vulnerabilities exploited to gain illegal access and the FDIA countermeasure detected only 1, then it should be reflected on the metric (\( VI = 1/3 \)) and thus, can be compared with other countermeasures.
- Metric 2—impact identification (II): This metric refers to the ability of FDIA countermeasure to identify/estimate (as accurately as possible) the impacts caused by cyber criminals. For example, if the hacker injects false data into a database, the amount of false data needs to be identified. If the hacker injects three false records into a patient’s record database or manipulates the data for three patients, the metric should be able to reflect the impact of FDIA. This metric can be expressed as in Eq. (3), where II refers to Impact Identification, DI stands for Detected Impact, and TI stands for Total Impact. Here, in the example of patient record(s), if the FDIA countermeasure approach identifies 2 out of 3 records being impacted, then (\( II = 2/3 \)). Again, the higher the value of II, the better the approach.
- Metric 3—data imputation (DIm): One of the expected characteristics of FDIA countermeasures is data imputation. Statistically, imputation is the process of replacing missing data with substituted value. In the context of FDIA, data imputation metric will reflect the ability of the countermeasures to replace the false data with the original data. This metric can be expressed as in Eq. (4), where RD stands for Restored Data, and TI is Total Impact. For instance, considering Figs. 6 and 7, if all the injected data, i.e., age, blood group and HIV are replaced by the original data, then the FDIA would be considered to have a perfect score of 1. The DIm of the FDIA countermeasure would be also 1 (\( DIm = 3/3 \)), which is the highest score and it reflects how effective the approach is. Therefore, the metric reflects the essential functionality needed by the FDIA countermeasures.
- Identify the vulnerabilities by exploiting which hackers launched FDIA.
- Identify the injected false data.
- Replace the false data with the authentic data.