A log mining approach for process monitoring in SCADA

SCADA (Supervisory Control and Data Acquisition) systems are used for controlling and monitoring industrial processes. We propose a methodology to systematically identify potential process-related threats in SCADA. Process-related threats take place when an attacker gains user access rights and performs actions, which look legitimate, but which are intended to disrupt the SCADA process. To detect such threats, we propose a semi-automated approach of log processing. We conduct experiments on a real-life water treatment facility. A preliminary case study suggests that our approach is effective in detecting anomalous events that might alter the regular process workflow

A Log Mining Approach for Process Monitoring in SCADA

SCADA (Supervisory Control and Data Acquisition) systems are used for controlling and monitoring industrial processes. We propose a methodology to systematically identify potential process-related threats in SCADA. Process-related threats take place when an attacker gains user access rights and performs actions, which look legitimate, but which areintended to disrupt the SCADA process. To detect such threats, we propose a semi-automated approach of log processing. We conduct experiments on a real-life water treatment facility. A preliminary case study suggests that our approach is effective indetecting anomalous events that might alter the regular process workflow

Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces

Embedded devices are becoming more widespread, interconnected, and web-enabled than ever. However, recent studies showed that these devices are far from being secure. Moreover, many embedded systems rely on web interfaces for user interaction or administration. Unfortunately, web security is known to be difficult, and therefore the web interfaces of embedded systems represent a considerable attack surface. In this paper, we present the first fully automated framework that applies dynamic firmware analysis techniques to achieve, in a scalable manner, automated vulnerability discovery within embedded firmware images. We apply our framework to study the security of embedded web interfaces running in Commercial Off-The-Shelf (COTS) embedded devices, such as routers, DSL/cable modems, VoIP phones, IP/CCTV cameras. We introduce a methodology and implement a scalable framework for discovery of vulnerabilities in embedded web interfaces regardless of the vendor, device, or architecture. To achieve this goal, our framework performs full system emulation to achieve the execution of firmware images in a software-only environment, i.e., without involving any physical embedded devices. Then, we analyze the web interfaces within the firmware using both static and dynamic tools. We also present some interesting case-studies, and discuss the main challenges associated with the dynamic analysis of firmware images and their web interfaces and network services. The observations we make in this paper shed light on an important aspect of embedded devices which was not previously studied at a large scale. We validate our framework by testing it on 1925 firmware images from 54 different vendors. We discover important vulnerabilities in 185 firmware images, affecting nearly a quarter of vendors in our dataset. These experimental results demonstrate the effectiveness of our approach

Network problems detection and classification by analyzing syslog data

Network troubleshooting is an important process which has a wide research field. The first step in troubleshooting procedures is to collect information in order to diagnose the problems. Syslog messages which are sent by almost all network devices contain a massive amount of data related to the network problems. It is found that in many studies conducted previously, analyzing syslog data which can be a guideline for network problems and their causes was used. Detecting network problems could be more efficient if the detected problems have been classified in terms of network layers. Classifying syslog data needs to identify the syslog messages that describe the network problems for each layer, taking into account the different formats of various syslog for vendors’ devices. This study provides a method to classify syslog messages that indicates the network problem in terms of network layers. The method used data mining tool to classify the syslog messages while the description part of the syslog message was used for classification process. Related syslog messages were identified; features were then selected to train the classifiers. Six classification algorithms were learned; LibSVM, SMO, KNN, Naïve Bayes, J48, and Random Forest. A real data set which was obtained from the Universiti Utara Malaysia’s (UUM) network devices is used for the prediction stage. Results indicate that SVM shows the best performance during the training and prediction stages. This study contributes to the field of network troubleshooting, and the field of text data classification

Product Market Regulation and Competition in China

The extent of competition in product markets is an important determinant of economic growth in both developed and developing countries. This paper uses the 2008 vintage of the OECD indicators of product market regulation to assess the extent to which China’s regulatory environment is supportive of competition in markets for goods and services. The results indicate that, although competition is increasingly robust across most markets, the overall level of product market regulation is still restrictive in international comparison. These impediments to competition are likely to constrain economic growth as the Chinese economy continues to develop and becomes more sophisticated. The paper goes on to review various aspects of China’s regulatory framework and suggests a number of policy initiatives that would improve the extent to which competitive market forces are able to operate. Breaking the traditional links between state-owned enterprises and government agencies is an ongoing challenge. Reducing administrative burdens, increasing private sector involvement in network sectors and lowering barriers to foreign direct investment in services would also increase competition and enhance productivity growth going forward. Some of the reforms introduced by the Chinese government over the past two years go in this direction and should therefore help foster growth.

Designing appliances for mobile commerce and retailtainment

In the emerging world of the new consumer and the `anytime, anywhere' mobile commerce, appliances are located at the collision point of the retailer and consumer agendas. The consequence of this is twofold: on the one hand appliances that were previously considered plain and utilitarian become entertainment devices and on the other, for the effective design of consumer appliances it becomes paramount to employ multidisciplinary expertise. In this paper, we discuss consumer perceptions of a retailtainment commerce system developed in collaboration between interactivity designers, information systems engineers, hardware and application developers, marketing strategists, product development teams, social scientists and retail professionals. We discuss the approached employed for the design of the consumer experience and its implications for appliance design

An Inquiry Regarding the Development of an Effectual Architecture Framework Supporting Next Generation 9-1-1

The emergency 9-1-1 service is a vital part of our nation â„¢s emergency response and disaster preparedness systems. At last count there were 6100 Public Safety Answering Points across the United States, 97 of those reside in the State of Colorado, and the citizens of the United States cannot email, text, or instant message these types of non-traditional communication to those Public Safety Answering Points due to technological limitations. The trends in personal communication technologies are accelerating the obsolescence of the current 9-1-1 systems. The Public Safety Answering Point of today is designed to accept and process voice media only; and proved successful in delivering emergency services in times of personal, regional, and national need. The current circuit-switched infrastructure of the 9-1-1 Public Safety Answering Point network cannot receive digital data (e.g., text messages, email, photographs, and video) from the communication devices commonly used by the public today. A national movement known as Next Generation 9-1-1 is underway that will support non-traditional communication digital data processing in the Public Safety Answering Point. This case study will attempt to determine if practical service oriented architecture methodology can be used in the development of an effectual architecture framework supporting the Next Generation 9-1-1framework and the nontraditional communication technology within the Public Safety Answering Points of Colorado

System log pre-processing to improve failure prediction

Log preprocessing, a process applied on the raw log be-fore applying a predictive method, is of paramount impor-tance to failure prediction and diagnosis. While existing fil-tering methods have demonstrated good compression rate, they fail to preserve important failure patterns that are cru-cial for failure analysis. To address the problem, in this paper we present a log preprocessing method. It consists of three integrated steps: (1) event categorization to uni-formly classify system events and identify fatal events; (2) event filtering to remove temporal and spatial redundant records, while also preserving necessary failure patterns for failure analysis; (3) causality-related filtering to com-bine correlated events for filtering through apriori associ-ation rule mining. We demonstrate the effectiveness of our preprocessing method by using real failure logs collected from the Cray XT4 at ORNL and the Blue Gene/L system at SDSC. Experiments show that our method can preserve more failure patterns for failure analysis, thereby improv-ing failure prediction by up to 174%