2,108 research outputs found
Meeting Real-Time Constraint of Spectrum Management in TV Black-Space Access
The TV set feedback feature standardized in the next generation TV system,
ATSC 3.0, would enable opportunistic access of active TV channels in future
Cognitive Radio Networks. This new dynamic spectrum access approach is named as
black-space access, as it is complementary of current TV white space, which
stands for inactive TV channels. TV black-space access can significantly
increase the available spectrum of Cognitive Radio Networks in populated urban
markets, where spectrum shortage is most severe while TV whitespace is very
limited. However, to enable TV black-space access, secondary user has to
evacuate a TV channel in a timely manner when TV user comes in. Such strict
real-time constraint is an unique challenge of spectrum management
infrastructure of Cognitive Radio Networks. In this paper, the real-time
performance of spectrum management with regard to the degree of centralization
of infrastructure is modeled and tested. Based on collected empirical network
latency and database response time, we analyze the average evacuation time
under four structures of spectrum management infrastructure: fully
distribution, city-wide centralization, national-wide centralization, and
semi-national centralization. The results show that national wide
centralization may not meet the real-time requirement, while semi-national
centralization that use multiple co-located independent spectrum manager can
achieve real-time performance while keep most of the operational advantage of
fully centralized structure.Comment: 9 pages, 7 figures, Technical Repor
Smart Intrusion Detection System for DMZ
Prediction of network attacks and machine understandable security vulnerabilities are complex tasks for current available Intrusion Detection System [IDS]. IDS software is important for an enterprise network. It logs security information occurred in the network. In addition, IDSs are useful in recognizing malicious hack attempts, and protecting it without the need for change to
client‟s software. Several researches in the field of machine learning have been applied to make these IDSs better a d smarter. In our work, we propose approach for making IDSs more analytical, using semantic technology. We made a useful semantic connection between IDSs and National Vulnerability Databases [NVDs], to make the system semantically analyzed each attack logged, so it can perform prediction about incoming attacks or services that might be in danger. We built our ontology skeleton based on standard network security. Furthermore, we added useful classes and relations that are specific for DMZ network services. In addition, we made an option to mallow the user to update the ontology skeleton automatically according to the network needs. Our work is evaluated and validated using four different methods: we presented a prototype that works over the web. Also, we applied KDDCup99 dataset to the prototype. Furthermore,we modeled our system using queuing model, and simulated it using Anylogic simulator. Validating the system using KDDCup99 benchmark shows good results law false positive attacks prediction. Modeling the system in a queuing model allows us to predict the behavior of the system in a multi-users system for heavy network traffic
Applying Lessons from Cyber Attacks on Ukrainian Infrastructures to Secure Gateways onto the Industrial Internet of Things
Previous generations of safety-related industrial control systems were ‘air gapped’. In other words, process control
components including Programmable Logic Controllers (PLCs) and smart sensor/actuators were disconnected and
isolated from local or wide area networks. This provided a degree of protection; attackers needed physical access to
compromise control systems components. Over time this ‘air gap’ has gradually been eroded. Switches and
gateways have subsequently interfaced industrial protocols, including Profibus and Modbus, so that data can be
drawn from safety-related Operational Technology into enterprise information systems using TCP/IP. Senior
management uses these links to monitor production processes and inform strategic planning. The Industrial Internet
of Things represents another step in this evolution – enabling the coordination of physically distributed resources
from a centralized location. The growing range and sophistication of these interconnections create additional
security concerns for the operation and management of safety-critical systems. This paper uses lessons learned
from recent attacks on Ukrainian critical infrastructures to guide a forensic analysis of an IIoT switch. The intention
is to identify and mitigate vulnerabilities that would enable similar attacks to be replicated across Europe and North
America
A vision of cyber-physical internet
When the Internet was born, the purpose was to
interconnect computers to share digital data at large-scale. On
the other hand, when embedded systems were born, the objective
was to control system components under real-time constraints
through sensing devices, typically at small to medium scales.
With the great evolution of the Information and Communication
Technology (ICT), the tendency is to enable ubiquitous and
pervasive computing to control everything (physical processes
and physical objects) anytime and at a large-scale. This new
vision gave recently rise to the paradigm of Cyber-Physical
Systems (CPS). In this position paper, we provide a realistic
vision to the concept of the Cyber-Physical Internet (CPI),
discuss its design requirements and present the limitations of
the current networking abstractions to fulfill these requirements.
We also debate whether it is more productive to adopt a
system integration approach or a radical design approach for
building large-scale CPS. Finally, we present a sample of realtime
challenges that must be considered in the design of the
Cyber-Physical Internet
Analyzing audit trails in a distributed and hybrid intrusion detection platform
Efforts have been made over the last decades in order to design and perfect Intrusion
Detection Systems (IDS). In addition to the widespread use of Intrusion Prevention
Systems (IPS) as perimeter defense devices in systems and networks, various IDS solutions are used together as elements of holistic approaches to cyber security incident detection and prevention, including Network-Intrusion Detection Systems
(NIDS) and Host-Intrusion Detection Systems (HIDS). Nevertheless, specific IDS and
IPS technology face several effectiveness challenges to respond to the increasing scale and complexity of information systems and sophistication of attacks. The use of isolated IDS components, focused on one-dimensional approaches, strongly limits a common analysis based on evidence correlation. Today, most organizations’ cyber-security operations centers still rely on conventional SIEM (Security Information and Event Management) technology. However, SIEM platforms also have significant drawbacks in dealing with heterogeneous and specialized security event-sources, lacking the support for flexible and uniform multi-level analysis of security audit-trails involving distributed and heterogeneous systems.
In this thesis, we propose an auditing solution that leverages on different intrusion
detection components and synergistically combines them in a Distributed and Hybrid IDS (DHIDS) platform, taking advantage of their benefits while overcoming the effectiveness drawbacks of each one. In this approach, security events are detected
by multiple probes forming a pervasive, heterogeneous and distributed monitoring
environment spread over the network, integrating NIDS, HIDS and specialized Honeypot probing systems. Events from those heterogeneous sources are converted to a canonical representation format, and then conveyed through a Publish-Subscribe
middleware to a dedicated logging and auditing system, built on top of an elastic and
scalable document-oriented storage system. The aggregated events can then be queried and matched against suspicious attack signature patterns, by means of a proposed declarative query-language that provides event-correlation semantics
Information fusion architectures for security and resource management in cyber physical systems
Data acquisition through sensors is very crucial in determining the operability of the observed physical entity. Cyber Physical Systems (CPSs) are an example of distributed systems where sensors embedded into the physical system are used in sensing and data acquisition. CPSs are a collaboration between the physical and the computational cyber components. The control decisions sent back to the actuators on the physical components from the computational cyber components closes the feedback loop of the CPS. Since, this feedback is solely based on the data collected through the embedded sensors, information acquisition from the data plays an extremely vital role in determining the operational stability of the CPS. Data collection process may be hindered by disturbances such as system faults, noise and security attacks. Hence, simple data acquisition techniques will not suffice as accurate system representation cannot be obtained. Therefore, more powerful methods of inferring information from collected data such as Information Fusion have to be used.
Information fusion is analogous to the cognitive process used by humans to integrate data continuously from their senses to make inferences about their environment. Data from the sensors is combined using techniques drawn from several disciplines such as Adaptive Filtering, Machine Learning and Pattern Recognition. Decisions made from such combination of data form the crux of information fusion and differentiates it from a flat structured data aggregation. In this dissertation, multi-layered information fusion models are used to develop automated decision making architectures to service security and resource management requirements in Cyber Physical Systems --Abstract, page iv
Process-Driven and Flow-Based Processing of Industrial Sensor Data
For machine manufacturing companies, besides the production of high quality and reliable machines, requirements have emerged to maintain machine-related aspects through digital services. The development of such services in the field of the Industrial Internet of Things (IIoT) is dealing with solutions such as effective condition monitoring and predictive maintenance. However, appropriate data sources are needed on which digital services can be technically based. As many powerful and cheap sensors have been introduced over the last years, their integration into complex machines is promising for developing digital services for various scenarios. It is apparent that for components handling recorded data of these sensors they must usually deal with large amounts of data. In particular, the labeling of raw sensor data must be furthered by a technical solution. To deal with these data handling challenges in a generic way, a sensor processing pipeline (SPP) was developed, which provides effective methods to capture, process, store, and visualize raw sensor data based on a processing chain. Based on the example of a machine manufacturing company, the SPP approach is presented in this work. For the company involved, the approach has revealed promising results
Near real-time network analysis for the identification of malicious activity
The evolution of technology and the increasing connectivity between devices lead to an
increased risk of cyberattacks. Reliable protection systems, such as Intrusion Detection
System (IDS) and Intrusion Prevention System (IPS), are essential to try to prevent,
detect and counter most of the attacks. However, the increased creativity and type of
attacks raise the need for more resources and processing power for the protection systems
which, in turn, requires horizontal scalability to keep up with the massive companies’
network infrastructure and with the complexity of attacks. Technologies like machine
learning, show promising results and can be of added value in the detection and prevention
of attacks in near real-time. But good algorithms and tools are not enough. They require
reliable and solid datasets to be able to effectively train the protection systems. The
development of a good dataset requires horizontal-scalable, robust, modular and faulttolerant
systems so that the analysis may be done in near real-time. This work describes
an architecture design for horizontal-scaling capture, storage and analyses, able to collect
packets from multiple sources and analyse them in a parallel fashion. The system depends
on multiple modular nodes with specific roles to support different algorithms and tools.A evolução da tecnologia e o aumento da conectividade entre dispositivos, levam a um
aumento do risco de ciberataques. Os sistemas de deteção de intrusão são essenciais para
tentar prevenir, detetar e conter a maioria dos ataques. No entanto, o aumento da criatividade
e do tipo de ataques aumenta a necessidade dos sistemas de proteção possuírem
cada vez mais recursos e poder computacional. Por sua vez, requerem escalabilidade horizontal
para acompanhar a massiva infraestrutura de rede das empresas e a complexidade
dos ataques. Tecnologias como machine learning apresentam resultados promissores e
podem ser de grande valor na deteção e prevenção de ataques em tempo útil. No entanto,
a utilização dos algoritmos e ferramentas requer sempre um conjunto de dados sólidos e
confiáveis para treinar os sistemas de proteção de maneira eficaz. A implementação de um
bom conjunto de dados requer sistemas horizontalmente escaláveis, robustos, modulares
e tolerantes a falhas para que a análise seja rápida e rigorosa. Este trabalho descreve
a arquitetura de um sistema de captura, armazenamento e análise, capaz de capturar
pacotes de múltiplas fontes e analisá-los de forma paralela. O sistema depende de vários
nós modulares com funções específicas para oferecer suporte a diferentes algoritmos e
ferramentas
- …