Intrusion Detection in Industrial Networks via Data Streaming

Given the increasing threat surface of industrial networks due to distributed, Internet-of-Things (IoT) based system architectures, detecting intrusions in\ua0 Industrial IoT (IIoT) systems is all the more important, due to the safety implications of potential threats. The continuously generated data in such systems form both a challenge but also a possibility: data volumes/rates are high and require processing and communication capacity but they contain information useful for system operation and for detection of unwanted situations.In this chapter we explain that\ua0 stream processing (a.k.a. data streaming) is an emerging useful approach both for general applications and for intrusion detection in particular, especially since it can enable data analysis to be carried out in the continuum of edge-fog-cloud distributed architectures of industrial networks, thus reducing communication latency and gradually filtering and aggregating data volumes. We argue that usefulness stems also due to\ua0 facilitating provisioning of agile responses, i.e. due to potentially smaller latency for intrusion detection and hence also improved possibilities for intrusion mitigation. In the chapter we outline architectural features of IIoT networks, potential threats and examples of state-of-the art intrusion detection methodologies. Moreover, we give an overview of how leveraging distributed and parallel execution of streaming applications in industrial setups can influence the possibilities of protecting these systems. In these contexts, we give examples using electricity networks (a.k.a. Smart Grid systems).We conclude that future industrial networks, especially their Intrusion Detection Systems (IDSs), should take advantage of data streaming concept by decoupling semantics from the deployment

A Clustering System for Dynamic Data Streams Based on Metaheuristic Optimisation

open access articleThis article presents the Optimised Stream clustering algorithm (OpStream), a novel approach to cluster dynamic data streams. The proposed system displays desirable features, such as a low number of parameters and good scalability capabilities to both high-dimensional data and numbers of clusters in the dataset, and it is based on a hybrid structure using deterministic clustering methods and stochastic optimisation approaches to optimally centre the clusters. Similar to other state-of-the-art methods available in the literature, it uses “microclusters” and other established techniques, such as density based clustering. Unlike other methods, it makes use of metaheuristic optimisation to maximise performances during the initialisation phase, which precedes the classic online phase. Experimental results show that OpStream outperforms the state-of-the-art methods in several cases, and it is always competitive against other comparison algorithms regardless of the chosen optimisation method. Three variants of OpStream, each coming with a different optimisation algorithm, are presented in this study. A thorough sensitive analysis is performed by using the best variant to point out OpStream’s robustness to noise and resiliency to parameter changes

CyberGuarder: a virtualization security assurance architecture for green cloud computing

Cloud Computing, Green Computing, Virtualization, Virtual Security Appliance, Security Isolation

Industrial networks and IIoT: Now and future trends

Connectivity is the one word summary for Industry 4.0 revolution. The importance of Internet of Things (IoT) and Industrial IoT (IIoT) have been increased dramatically with the rise of industrialization and industry 4.0. As new opportunities bring their own challenges, with the massive interconnected devices of the IIoT, cyber security of those networks and privacy of their users have become an important aspect. Specifically, intrusion detection for industrial networks (IIoT) has great importance. For instance, it is a key factor in improving the safe operation of the smart grid systems yet protecting the privacy of the consumers at the same time. In the same manner, data streaming is a valid option when the analysis is to be pushed from the cloud to the fog for industrial networks to provide agile response, since it brings the advantage of fast action on intrusion detection and also can buy time for intrusion mitigation. In order to dive deep in industrial networks, basic ground needs to be settled. Hence, this chapter serves in this manner, by presenting basic and emerging technologies along with ideas and discussions: First, an introduction of semiconductor evolution is provided along with the up-to-date hi-tech wired/wireless communication solutions for industrial networks. This is followed by a thorough representation of future trends in industrial environments. More importantly, enabling technologies for industrial networks is also presented. Finally, the chapter is concluded with a summary of the presentations along with future projections of IIoT networks

Security Implications of Fog Computing on the Internet of Things

Recently, the use of IoT devices and sensors has been rapidly increased which also caused data generation (information and logs), bandwidth usage, and related phenomena to be increased. To our best knowledge, a standard definition for the integration of fog computing with IoT is emerging now. This integration will bring many opportunities for the researchers, especially while building cyber-security related solutions. In this study, we surveyed about the integration of fog computing with IoT and its implications. Our goal was to find out and emphasize problems, specifically security related problems that arise with the employment of fog computing by IoT. According to our findings, although this integration seems to be non-trivial and complicated, it has more benefits than the implications.Comment: 5 pages, conference paper, to appear in Proceedings of the ICCE 2019, IEEE 37th International Conference on Consumer Electronics (ICCE), Jan 11- 13, 2019, Las Vegas, NV, US

Real-time big data processing for anomaly detection : a survey

The advent of connected devices and omnipresence of Internet have paved way for intruders to attack networks, which leads to cyber-attack, financial loss, information theft in healthcare, and cyber war. Hence, network security analytics has become an important area of concern and has gained intensive attention among researchers, off late, specifically in the domain of anomaly detection in network, which is considered crucial for network security. However, preliminary investigations have revealed that the existing approaches to detect anomalies in network are not effective enough, particularly to detect them in real time. The reason for the inefficacy of current approaches is mainly due the amassment of massive volumes of data though the connected devices. Therefore, it is crucial to propose a framework that effectively handles real time big data processing and detect anomalies in networks. In this regard, this paper attempts to address the issue of detecting anomalies in real time. Respectively, this paper has surveyed the state-of-the-art real-time big data processing technologies related to anomaly detection and the vital characteristics of associated machine learning algorithms. This paper begins with the explanation of essential contexts and taxonomy of real-time big data processing, anomalous detection, and machine learning algorithms, followed by the review of big data processing technologies. Finally, the identified research challenges of real-time big data processing in anomaly detection are discussed. © 2018 Elsevier Lt