Autonomic computing architecture for SCADA cyber security

Cognitive computing relates to intelligent computing platforms that are based on the disciplines of artificial intelligence, machine learning, and other innovative technologies. These technologies can be used to design systems that mimic the human brain to learn about their environment and can autonomously predict an impending anomalous situation. IBM first used the term ‘Autonomic Computing’ in 2001 to combat the looming complexity crisis (Ganek and Corbi, 2003). The concept has been inspired by the human biological autonomic system. An autonomic system is self-healing, self-regulating, self-optimising and self-protecting (Ganek and Corbi, 2003). Therefore, the system should be able to protect itself against both malicious attacks and unintended mistakes by the operator

Recommendations for Applying Security-Centric Technology Utilizing a Layered Approach in the Era of Ubiquitous Computing: (A Guide for the Small Business Enterprise).

The purpose of this work is to advise and assist Small Business in applying security centric technology to better manage and secure their information assets. Computer Crimes and Incursions are growing exponentially, in complexity, and in their sinister application. In the face of this onslaught small businesses, indeed organizations everywhere, need to accept this as a business constant or reality, identify the threats, acknowledge the vulnerabilities, and make plans to meet these challenges

Cyber Security and Security Frameworks for Cloud and IoT Architectures

Das Cloud Computing hat die Art und Weise unserer Kommunikation in den letzten Jahren rapide verändert. Es ermöglicht die Bereitstellung unterschiedlicher Dienste über das Internet. Inzwischen wurden sowohl für Unternehmen, als auch für den privaten Sektor verschiedene Anwendungen des Cloud Computing entwickelt. Dabei bringt jede Anwendung zahlreiche Vorteile mit sich, allerdings werden auch neue Herausforderungen an die IT-Sicherheit gestellt. In dieser Dissertation werden besonders wichtige Anwendungen des Cloud Computing auf die aktuellen Herausforderungen für die IT-Sicherheit untersucht. 1. Die Container Virtualisierung ermöglicht die Trennung der eigentlichen Anwendung von der IT-Infrastruktur. Dadurch kann ein vorkonfiguriertes Betriebssystem-Image zusammen mit einer Anwendung in einem Container kombiniert und in einer Testumgebung evaluiert werden. Dieses Prinzip hat vor allem die Software-Entwicklung in Unternehmen grundlegend verändert. Container können verwendet werden, um software in einer isolierten Umgebung zu testen, ohne den operativen Betrieb zu stören. Weiterhin ist es möglich, verschiedene Container-Instanzen über mehrere Hosts hinweg zu verwalten. In dem Fall spricht man von einer Orchestrierung. Da Container sensible unternehmensinterne Daten beinhalten, müssen Unternehmen ihr IT-Sicherheitskonzept für den Einsatz von Container Virtualisierungen überarbeiten. Dies stellt eine große Herausforderung dar, da es derzeit wenig Erfahrung mit der Absicherung von (orchestrierten) Container Virtualisierungen gibt. 2. Da Container Dienste über das Internet bereitstellen, sind Mitarbeiterinnen und Mitarbeiter, die diese Dienste für ihre Arbeit benötigen, an keinen festen Arbeitsplatz gebunden. Dadurch werden wiederum Konzepte wie das home

Are Machine Learning Based Intrusion Detection System Always Secure?:An insight into tampered learning

Machine learning is successful in many applications including securing a network from unseen attack. The application of learning algorithm for detecting anomaly in a Network has been fundamental since few years. With increasing use of machine learning techniques it has become important to study to what extent it is good to be dependent on them. Altogether a different discipline called ‘Adversarial Learning’ have come up as a separate dimension of study. The work in this paper is to test the robustness of online machine learning based IDS to carefully crafted packets by attacker called poison packets. The objective is to observe how a remote attacker can deviate the normal behavior of machine learning based classifier in the IDS by injecting the network with carefully crafted packets externally, that may seem normal by the classification algorithm and the instance made part of its future training set. This behavior eventually can lead to a poison learning by the classification algorithm in the long run, resulting in misclassification of true attack instances. This work explores one such approach with SOM and SVM as the online learning based classification algorithms

Advanced threat hunting over software-defined networks in smart cities

The emergence of Software-Defined Networking (SDN) has brought along a wave of new technologies and developments in the field of networking with hopes of dealing with network resources more efficiently and providing a foundation of programmability. SDN allows for both flexibility and adaptability by separating the control and data planes in a network environment by virtualizing network hardware. Threat hunting is a technique that allows for the detection of advanced network threats through forensic analysis. We present an advanced threat hunting model by combining the SDN infrastructure with threat hunting techniques and machine learning models aiming to intelligently handle advanced network threats such as lateral movement. We found that our approach outperforms current threat hunting models in vital areas such as the detection to mitigation time. Our results show that we are able to detect advanced threats with 93.4% accuracy and begin mitigation within 10 seconds of detection