ANOMALY INFERENCE BASED ON HETEROGENEOUS DATA SOURCES IN AN ELECTRICAL DISTRIBUTION SYSTEM

Harnessing the heterogeneous data sets would improve system observability. While the current metering infrastructure in distribution network has been utilized for the operational purpose to tackle abnormal events, such as weather-related disturbance, the new normal we face today can be at a greater magnitude. Strengthening the inter-dependencies as well as incorporating new crowd-sourced information can enhance operational aspects such as system reconfigurability under extreme conditions. Such resilience is crucial to the recovery of any catastrophic events. In this dissertation, it is focused on the anomaly of potential foul play within an electrical distribution system, both primary and secondary networks as well as its potential to relate to other feeders from other utilities. The distributed generation has been part of the smart grid mission, the addition can be prone to electronic manipulation. This dissertation provides a comprehensive establishment in the emerging platform where the computing resources have been ubiquitous in the electrical distribution network. The topics covered in this thesis is wide-ranging where the anomaly inference includes load modeling and profile enhancement from other sources to infer of topological changes in the primary distribution network. While metering infrastructure has been the technological deployment to enable remote-controlled capability on the dis-connectors, this scholarly contribution represents the critical knowledge of new paradigm to address security-related issues, such as, irregularity (tampering by individuals) as well as potential malware (a large-scale form) that can massively manipulate the existing network control variables, resulting into large impact to the power grid

A Cloud-based Intrusion Detection and Prevention System for Mobile Voting in South Africa

Publishe ThesisInformation and Communication Technology (ICT) has given rise to new technologies and solutions that were not possible a few years ago. One of these new technologies is electronic voting, also known as e-voting, which is the use of computerised equipment to cast a vote. One of the subsets of e-voting is mobile voting (m-voting). M-voting is the use of mobile phones to cast a vote outside the restricted electoral boundaries. Mobile phones are pervasive; they offer connection anywhere, at any time. However, utilising a fast-growing medium such as the mobile phone to cast a vote, poses various new security threats and challenges. Mobile phones utilise equivalent software design used by personal computers which makes them vulnerable or exposed to parallel security challenges like viruses, Trojans and worms. In the past, security solutions for mobile phones encountered several restrictions in practice. Several methods were used; however, these methods were developed to allow lightweight intrusion detection software to operate directly on the mobile phone. Nevertheless, such security solutions are bound to fail securing a device from intrusions as they are constrained by the restricted memory, storage, computational resources, and battery power of mobile phones. This study compared and evaluated two intrusion detection systems (IDSs), namely Snort and Suricata, in order to propose a cloud-based intrusion detection and prevention system (CIDPS) for m-voting in South Africa. It employed simulation as the primary research strategy to evaluate the IDSs. A quantitative research method was used to collect and analyse data. The researcher established that as much as Snort has been the preferred intrusion detection and prevention system (IDPS) in the past, Suricata presented more effective and accurate results close to what the researcher anticipated. The results also revealed that, though Suricata was proven effective enough to protect m-voting while saving the computational resources of mobile phones, more work needs to be done to alleviate the false-negative alerts caused by the anomaly detection method. This study adopted Suricata as a suitable cloud-based analysis engine to protect a mobile voting application like XaP

Real-time big data processing for anomaly detection : a survey

The advent of connected devices and omnipresence of Internet have paved way for intruders to attack networks, which leads to cyber-attack, financial loss, information theft in healthcare, and cyber war. Hence, network security analytics has become an important area of concern and has gained intensive attention among researchers, off late, specifically in the domain of anomaly detection in network, which is considered crucial for network security. However, preliminary investigations have revealed that the existing approaches to detect anomalies in network are not effective enough, particularly to detect them in real time. The reason for the inefficacy of current approaches is mainly due the amassment of massive volumes of data though the connected devices. Therefore, it is crucial to propose a framework that effectively handles real time big data processing and detect anomalies in networks. In this regard, this paper attempts to address the issue of detecting anomalies in real time. Respectively, this paper has surveyed the state-of-the-art real-time big data processing technologies related to anomaly detection and the vital characteristics of associated machine learning algorithms. This paper begins with the explanation of essential contexts and taxonomy of real-time big data processing, anomalous detection, and machine learning algorithms, followed by the review of big data processing technologies. Finally, the identified research challenges of real-time big data processing in anomaly detection are discussed. © 2018 Elsevier Lt

MBotCS: A mobile botnet detection system based on machine learning

As the use of mobile devices spreads dramatically, hackers have started making use of mobile botnets to steal user information or perform other malicious attacks. To address this problem, in this paper we propose a mobile botnet detection system, called MBotCS. MBotCS can detect mobile device traffic indicative of the presence of a mobile botnet based on prior training using machine learning techniques. Our approach has been evaluated using real mobile device traffic captured from Android mobile devices, running normal apps and mobile botnets. In the evaluation, we investigated the use of 5 machine learning classifier algorithms and a group of machine learning box algorithms with different validation schemes. We have also evaluated the effect of our approach with respect to its effect on the overall performance and battery consumption of mobile devices

A Survey on Security for Mobile Devices

Nowadays, mobile devices are an important part of our everyday lives since they enable us to access a large variety of ubiquitous services. In recent years, the availability of these ubiquitous and mobile services has signicantly increased due to the dierent form of connectivity provided by mobile devices, such as GSM, GPRS, Bluetooth and Wi-Fi. In the same trend, the number and typologies of vulnerabilities exploiting these services and communication channels have increased as well. Therefore, smartphones may now represent an ideal target for malware writers. As the number of vulnerabilities and, hence, of attacks increase, there has been a corresponding rise of security solutions proposed by researchers. Due to the fact that this research eld is immature and still unexplored in depth, with this paper we aim to provide a structured and comprehensive overview of the research on security solutions for mobile devices. This paper surveys the state of the art on threats, vulnerabilities and security solutions over the period 2004-2011. We focus on high-level attacks, such those to user applications, through SMS/MMS, denial-of-service, overcharging and privacy. We group existing approaches aimed at protecting mobile devices against these classes of attacks into dierent categories, based upon the detection principles, architectures, collected data and operating systems, especially focusing on IDS-based models and tools. With this categorization we aim to provide an easy and concise view of the underlying model adopted by each approach

A Methodology for Reliable Detection of Anomalous Behavior in Smartphones

Smartphones have become the most preferred computing device for both personal and business use. Different applications in smartphones result in different power consumption patterns. The fact that every application has been coded to perform different tasks leads to the claim that every action onboard (whether software or hardware) will consequently have a trace in the power consumption of the smartphone. When the same sequence of steps is repeated on it, it is observed that the power consumption patterns hold some degree of similarity. A device infected with malware can exhibit increased CPU usage, lower speeds, strange behavior such as e-mails or messages being sent automatically and without the user's knowledge; and programs or malware running intermittently or in cycles in the background. This deviation from the expected behavior of the device is termed an anomalous behavior and results in a reduction in the similarity of the power consumption. The anomalous behavior could also be due to gradual degradation of the device or change in the execution environment in addition to the presence of malware. The change in similarity can be used to detect the presence of anomalous behavior on smartphones. This thesis focuses on the detection of anomalous behavior from the power signatures of the smartphone. We have conducted experiments to measure and analyze the power consumption pattern of various smartphone apps. The test bench used for the experiments has a Monsoon Power Meter, which supplies power to the smartphone, and an external laptop collects the power samples from the meter. To emulate the presence of anomalous behavior, we developed an app which runs in the background with varying activity windows. Based on our experiments and analysis, we have developed two separate models for reliable detection of anomalous behavior from power signatures of the smartphone. The first model is based on Independent Component Analysis (ICA) and the second model is based on a Similarity Matrix developed using an array of low pass filters. These models detect the presence of anomalies by comparing the current power consumption pattern of the device under test with that of its normal behavior

Security in Computer and Information Sciences

This open access book constitutes the thoroughly refereed proceedings of the Second International Symposium on Computer and Information Sciences, EuroCybersec 2021, held in Nice, France, in October 2021. The 9 papers presented together with 1 invited paper were carefully reviewed and selected from 21 submissions. The papers focus on topics of security of distributed interconnected systems, software systems, Internet of Things, health informatics systems, energy systems, digital cities, digital economy, mobile networks, and the underlying physical and network infrastructures. This is an open access book

Security of Internet of Things (IoT) Using Federated Learning and Deep Learning — Recent Advancements, Issues and Prospects

There is a great demand for an efficient security framework which can secure IoT systems from potential adversarial attacks. However, it is challenging to design a suitable security model for IoT considering the dynamic and distributed nature of IoT. This motivates the researchers to focus more on investigating the role of machine learning (ML) in the designing of security models. A brief analysis of different ML algorithms for IoT security is discussed along with the advantages and limitations of ML algorithms. Existing studies state that ML algorithms suffer from the problem of high computational overhead and risk of privacy leakage. In this context, this review focuses on the implementation of federated learning (FL) and deep learning (DL) algorithms for IoT security. Unlike conventional ML techniques, FL models can maintain the privacy of data while sharing information with other systems. The study suggests that FL can overcome the drawbacks of conventional ML techniques in terms of maintaining the privacy of data while sharing information with other systems. The study discusses different models, overview, comparisons, and summarization of FL and DL-based techniques for IoT security