Analysis and design of security mechanisms in the context of Advanced Persistent Threats against critical infrastructures

Industry 4.0 can be defined as the digitization of all components within the industry, by combining productive processes with leading information and communication technologies. Whereas this integration has several benefits, it has also facilitated the emergence of several attack vectors. These can be leveraged to perpetrate sophisticated attacks such as an Advanced Persistent Threat (APT), that ultimately disrupts and damages critical infrastructural operations with a severe impact. This doctoral thesis aims to study and design security mechanisms capable of detecting and tracing APTs to ensure the continuity of the production line. Although the basic tools to detect individual attack vectors of an APT have already been developed, it is important to integrate holistic defense solutions in existing critical infrastructures that are capable of addressing all potential threats. Additionally, it is necessary to prospectively analyze the requirements that these systems have to satisfy after the integration of novel services in the upcoming years. To fulfill these goals, we define a framework for the detection and traceability of APTs in Industry 4.0, which is aimed to fill the gap between classic security mechanisms and APTs. The premise is to retrieve data about the production chain at all levels to correlate events in a distributed way, enabling the traceability of an APT throughout its entire life cycle. Ultimately, these mechanisms make it possible to holistically detect and anticipate attacks in a timely and autonomous way, to deter the propagation and minimize their impact. As a means to validate this framework, we propose some correlation algorithms that implement it (such as the Opinion Dynamics solution) and carry out different experiments that compare the accuracy of response techniques that take advantage of these traceability features. Similarly, we conduct a study on the feasibility of these detection systems in various Industry 4.0 scenarios

DDOS ATTACK DETECTION USING HYBRID (CCN AND LSTM) ML MODEL

LSTM (Long Short-Term Memory) and CNN (Convolutional Neural Networks) are two types of deep learning algorithms; by combining the strengths of LSTM and CNN, researchers have developed deep learning models that can effectively detect SDN (Software-Defined Network) attacks including Distributed Denial of Service. These models effectively analyze network traffic, encompassing temporal and spatial characteristics, resulting in precise identification of malicious traffic.In this research, a hybrid model composed of CNN and LSTM is used to detect the DDoS attack in SDN network. Where the CNN component of the model can identify spatial patterns in network traffic, such as the characteristics of individual packets, while the LSTM component can capture temporal patterns in traffic over time, such as the timing and frequency of traffic bursts. The proposed model has been trained on a labeled network traffic dataset, with one class representing normal traffic and another class representing DDoS attack traffic. During the training process, the model adjusts its weights and biases to minimize the difference between its predicted output and the actual output for each input sample. Once trained, the hybrid model classifies incoming network traffic in the dataset as either normal or malicious with an initial accuracy of (78.18%) and losses of (39.77%) at the 1st epoch till it reaches an accuracy of (99.99%) with losses of (9.29×10-5) at the epoch number 500. It should be mentioned that the hybrid model of CNN and LSTM for DDoS detection is implemented using Python Anaconda platform with an ETA 28ms/step

Software-defined zero-trust network architecture : Evolution from Purdue model -based networking

Digitalization has brought many technological developments which improve the business operations on many industries. In recent years, the drive towards service based solutions has superseded the locally managed solutions towards vendor managed solutions that are managed through the Internet. Unfortunately, the architecture, and the infrastructure which it is based on, have not developed at the same pace. This has led to organizations undermining the architecture and policies designed for it. Therefore, a modern architecture is needed with the capability of supporting these uprising technologies. The objective of this thesis was to find out if Purdue model works as a valid reference architecture for building networks in today’s standards, and if it needs to be replaced, what would be the alternatives. To answer the research question, it was first investigated whether Purdue model can be used for modern network architecture. After that, a literacy review was performed to see what some of the current and modern recommendations are. The literacy review also included research on what some of the current threats to digital platforms are, and how cybersecurity is engineered. It was discovered that zero trust architecture and software defined solutions enhance the overall security and management of the operating environments. The thesis concludes with a logical reference architecture for networks as a suggested solution. The suggested solution is a new network architecture that implements the elements of zero trust and uses software defined networking to manage the underlying infrastructure