11,006 research outputs found
Uncovering Vulnerable Industrial Control Systems from the Internet Core
Industrial control systems (ICS) are managed remotely with the help of
dedicated protocols that were originally designed to work in walled gardens.
Many of these protocols have been adapted to Internet transport and support
wide-area communication. ICS now exchange insecure traffic on an inter-domain
level, putting at risk not only common critical infrastructure but also the
Internet ecosystem (e.g., DRDoS~attacks).
In this paper, we uncover unprotected inter-domain ICS traffic at two central
Internet vantage points, an IXP and an ISP. This traffic analysis is correlated
with data from honeypots and Internet-wide scans to separate industrial from
non-industrial ICS traffic. We provide an in-depth view on Internet-wide ICS
communication. Our results can be used i) to create precise filters for
potentially harmful non-industrial ICS traffic, and ii) to detect ICS sending
unprotected inter-domain ICS traffic, being vulnerable to eavesdropping and
traffic manipulation attacks
Masquerade attack detection through observation planning for multi-robot systems
The increasing adoption of autonomous mobile robots comes with
a rising concern over the security of these systems. In this work, we
examine the dangers that an adversary could pose in a multi-agent
robot system. We show that conventional multi-agent plans are
vulnerable to strong attackers masquerading as a properly functioning
agent. We propose a novel technique to incorporate attack
detection into the multi-agent path-finding problem through the
simultaneous synthesis of observation plans. We show that by
specially crafting the multi-agent plan, the induced inter-agent
observations can provide introspective monitoring guarantees; we
achieve guarantees that any adversarial agent that plans to break
the system-wide security specification must necessarily violate the
induced observation plan.Accepted manuscrip
Assessing and augmenting SCADA cyber security: a survey of techniques
SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability
A Signature-based Intrusion Detection System for the Internet of Things
Internet of Things (IoT) is envisioned as a transformative approach with a wide range of applications in various sectors such as home automation, industrial control, and agriculture. It promises innovative business models and improved user experience. However, as evidenced by recent attacks such as the Mirai botnet, IoT networks and systems remain very vulnerable and require stronger protection mechanisms. Furthermore, due to processing, memory, and power constraints of typical IoT devices, traditional Internet security mechanisms are not always feasible or appropriate. In this work, we are concerned with designing an Intrusion Detection System (IDS) for protecting IoT networks from external threats as well as internal compromised devices. Our proposed design adopts a signature-based intrusion detection approach and involves both certralised and distributed IDS modules. Using the Cooja simulator, we have implemented a Denial of Service (DoS) attack scenario on IoT devices. This scenario exploits the RPL protocol, which is widely used for routing in low-power networks, including IoT networks. In particular, we have implemented two variants of DoS attacks, namely “Hello” flooding and version number modification. As shown by simulation results, these attacks may impact the reachability of certain IoT devices and their power consumption
- …