205 research outputs found
AIDPS:Adaptive Intrusion Detection and Prevention System for Underwater Acoustic Sensor Networks
Underwater Acoustic Sensor Networks (UW-ASNs) are predominantly used for
underwater environments and find applications in many areas. However, a lack of
security considerations, the unstable and challenging nature of the underwater
environment, and the resource-constrained nature of the sensor nodes used for
UW-ASNs (which makes them incapable of adopting security primitives) make the
UW-ASN prone to vulnerabilities. This paper proposes an Adaptive decentralised
Intrusion Detection and Prevention System called AIDPS for UW-ASNs. The
proposed AIDPS can improve the security of the UW-ASNs so that they can
efficiently detect underwater-related attacks (e.g., blackhole, grayhole and
flooding attacks). To determine the most effective configuration of the
proposed construction, we conduct a number of experiments using several
state-of-the-art machine learning algorithms (e.g., Adaptive Random Forest
(ARF), light gradient-boosting machine, and K-nearest neighbours) and concept
drift detection algorithms (e.g., ADWIN, kdqTree, and Page-Hinkley). Our
experimental results show that incremental ARF using ADWIN provides optimal
performance when implemented with One-class support vector machine (SVM)
anomaly-based detectors. Furthermore, our extensive evaluation results also
show that the proposed scheme outperforms state-of-the-art bench-marking
methods while providing a wider range of desirable features such as scalability
and complexity
Online Self-Supervised Learning in Machine Learning Intrusion Detection for the Internet of Things
This paper proposes a novel Self-Supervised Intrusion Detection (SSID)
framework, which enables a fully online Machine Learning (ML) based Intrusion
Detection System (IDS) that requires no human intervention or prior off-line
learning. The proposed framework analyzes and labels incoming traffic packets
based only on the decisions of the IDS itself using an Auto-Associative Deep
Random Neural Network, and on an online estimate of its statistically measured
trustworthiness. The SSID framework enables IDS to adapt rapidly to
time-varying characteristics of the network traffic, and eliminates the need
for offline data collection. This approach avoids human errors in data
labeling, and human labor and computational costs of model training and data
collection. The approach is experimentally evaluated on public datasets and
compared with well-known ML models, showing that this SSID framework is very
useful and advantageous as an accurate and online learning ML-based IDS for IoT
systems
Security Analysis of Interdependent Critical Infrastructures: Power, Cyber and Gas
abstract: Our daily life is becoming more and more reliant on services provided by the infrastructures
power, gas , communication networks. Ensuring the security of these
infrastructures is of utmost importance. This task becomes ever more challenging as
the inter-dependence among these infrastructures grows and a security breach in one
infrastructure can spill over to the others. The implication is that the security practices/
analysis recommended for these infrastructures should be done in coordination.
This thesis, focusing on the power grid, explores strategies to secure the system that
look into the coupling of the power grid to the cyber infrastructure, used to manage
and control it, and to the gas grid, that supplies an increasing amount of reserves to
overcome contingencies.
The first part (Part I) of the thesis, including chapters 2 through 4, focuses on
the coupling of the power and the cyber infrastructure that is used for its control and
operations. The goal is to detect malicious attacks gaining information about the
operation of the power grid to later attack the system. In chapter 2, we propose a
hierarchical architecture that correlates the analysis of high resolution Micro-Phasor
Measurement Unit (microPMU) data and traffic analysis on the Supervisory Control
and Data Acquisition (SCADA) packets, to infer the security status of the grid and
detect the presence of possible intruders. An essential part of this architecture is
tied to the analysis on the microPMU data. In chapter 3 we establish a set of anomaly
detection rules on microPMU data that
flag "abnormal behavior". A placement strategy
of microPMU sensors is also proposed to maximize the sensitivity in detecting anomalies.
In chapter 4, we focus on developing rules that can localize the source of an events
using microPMU to further check whether a cyber attack is causing the anomaly, by
correlating SCADA traffic with the microPMU data analysis results. The thread that
unies the data analysis in this chapter is the fact that decision are made without fully estimating the state of the system; on the contrary, decisions are made using
a set of physical measurements that falls short by orders of magnitude to meet the
needs for observability. More specifically, in the first part of this chapter (sections 4.1-
4.2), using microPMU data in the substation, methodologies for online identification of
the source Thevenin parameters are presented. This methodology is used to identify
reconnaissance activity on the normally-open switches in the substation, initiated
by attackers to gauge its controllability over the cyber network. The applications
of this methodology in monitoring the voltage stability of the grid is also discussed.
In the second part of this chapter (sections 4.3-4.5), we investigate the localization
of faults. Since the number of PMU sensors available to carry out the inference
is insufficient to ensure observability, the problem can be viewed as that of under-sampling
a "graph signal"; the analysis leads to a PMU placement strategy that can
achieve the highest resolution in localizing the fault, for a given number of sensors.
In both cases, the results of the analysis are leveraged in the detection of cyber-physical
attacks, where microPMU data and relevant SCADA network traffic information
are compared to determine if a network breach has affected the integrity of the system
information and/or operations.
In second part of this thesis (Part II), the security analysis considers the adequacy
and reliability of schedules for the gas and power network. The motivation for
scheduling jointly supply in gas and power networks is motivated by the increasing
reliance of power grids on natural gas generators (and, indirectly, on gas pipelines)
as providing critical reserves. Chapter 5 focuses on unveiling the challenges and
providing solution to this problem.Dissertation/ThesisDoctoral Dissertation Electrical Engineering 201
Anomaly detection and dynamic decision making for stochastic systems
Thesis (Ph.D.)--Boston UniversityThis dissertation focuses on two types of problems, both of which are related to systems with uncertainties.
The first problem concerns network system anomaly detection. We present several stochastic and deterministic methods for anomaly detection of networks whose normal behavior is not time-varying. Our methods cover most of the common techniques in the anomaly detection field. We evaluate all methods in a simulated network that consists of nominal data, three flow-level anomalies and one packet-level attack. Through analyzing the results, we summarize the advantages and the disadvantages of each method. As a next step, we propose two robust stochastic anomaly detection methods for networks whose normal behavior is time-varying. We develop a procedure for learning the underlying family of patterns that characterize a time-varying network.
This procedure first estimates a large class of patterns from network data and then refines it to select a representative subset. The latter part formulates the refinement problem using ideas from set covering via integer programming. Then we propose two robust methods, one model-free and one model-based, to evaluate whether a sequence of observations is drawn from the learned patterns. Simulation results show that the robust methods have significant advantages over the alternative stationary methods in time-varying networks. The final anomaly detection setting we consider targets the detection of botnets before they launch an attack. Our method analyzes the social graph of the nodes in a network and consists of two stages: (i) network anomaly detection based on large deviations theory and (ii) community detection based on a refined modularity measure. We apply our method on real-world botnet traffic and compare its performance with other methods.
The second problem considered by this dissertation concerns sequential decision mak- ings under uncertainty, which can be modeled by a Markov Decision Processes (MDPs). We focus on methods with an actor-critic structure, where the critic part estimates the gradient of the overall objective with respect to tunable policy parameters and the actor part optimizes a policy with respect to these parameters. Most existing actor- critic methods use Temporal Difference (TD) learning to estimate the gradient and steepest gradient ascent to update the policies. Our first contribution is to propose an actor-critic method that uses a Least Squares Temporal Difference (LSTD) method, which is known to converge faster than the TD methods. Our second contribution is to develop a new Newton-like actor-critic method that performs better especially for ill-conditioned problems. We evaluate our methods in problems motivated from robot motion control
The Resilience Of Smart Energy Systems Against Adversarial Attacks, Operational Degradation And Variabilities
The presented research investigates selected topics concerning resilience of critical energy infrastructures against certain types of operational disturbances and/or failures whether natural or man-made. A system is made resilient through the deployment of physical devices enabling real-time monitoring, strong feedback control system, advanced system security and protection strategies or through prompt and accurate man-made actions or both. Our work seeks to develop well-planned strategies that act as a foundation for such resiliency enabling techniques.The research conducted thus far addresses three attributes of a resilient system, namely security, efficiency, and robustness, for three types of systems associated with current or future energy infrastructures. First (chapter 1), we study the security aspect of cyber-physical systems which integrate physical system dynamics with digital cyberinfrastructure. The smart electricity grid is a common example of this system type. In this work, an abstract theoretical framework is proposed to study data injection/modification attacks on Markov modeled dynamical systems from the perspective of an adversary. The adversary is capable of modifying a temporal sequence of data and the physical controller is equipped with prior statistical knowledge about the data arrival process to detect the presence of an adversary. The goal of the adversary is to modify the arrivals to minimize a utility function of the controller while minimizing the detectability of his presence as measured by the K-L divergence between the prior and posterior distribution of the arriving data. The trade-off between these two metrics– controller utility and the detectability cost is studied analytically for different underlying dynamics.Our second study (chapter 2) reviews the state of the art ocean wave generation technologies along with system level modeling while providing an initial study of the impacts of integration on a typical electrical grid network as compared to the closest related technology, wind energy extraction. In particular, wave power is computed from high resolution measured raw wave data to evaluate the effects of integrating wave generation into a small power network model. The system with no renewable energy sources and the system with comparable wind generation have been used as a reference for evaluation. Simulations show that wave power integration has good prospects in reducing the requirements of capacity and ramp reserves, thus bringing the overall cost of generation down.Our third study(chapter 3) addresses the robustness of resilient ocean wave generation systems. As an early-stage but rapidly developing technology, wave power extraction systems must have strong resilience requirements in harsh, corrosive ocean environments while enabling economic operation throughput their lifetime. Such systems are comprised of Wave Energy Converters (WECs) that are deployed offshore and that derive power from rolling ocean waves. The Levelized Cost of Electricity (LCOE) for WECs is high and one important way to reduce this cost is to employ strategies that minimize the cost of maintenance of WECs in a wave farm. In this work, an optimal maintenance strategy is proposed for a group of WECs, resulting in an adaptive scheduling of the time of repair, based on the state of the entire farm. The state-based maintenance strategy seeks to find an optimal trade-off between the moderate revenue generated from a farm with some devices being in a deteriorated or failed state and the high repair cost that typifies ocean wave farm maintenance practices. The formulation uses a Markov Decision Process (MDP) approach to devise an optimal policy which is based on the count of WECs in different operational states.Our fourth study (chapter 4) focuses on enabling resilient electricity grids with Grid Scale Storage (GSS). GSS offers resilient operations to power grids where the generation, transmission, distribution and consumption of electricity has traditionally been ``just in time . GSS offers the ability to buffer generated energy and dispatch it for consumption later, e.g., during generation outage and shortages. Our research addresses how to operate GSS to generate revenue efficiency in frequency regulation markets. Operation of GSS in frequency regulation markets is desirable due to its fast response capabilities and the corresponding revenues. However, GSS health is strongly dependent on its operation and understanding the trade-offs between revenues and degradation factors is essential. This study answers whether or not operating GSS at high efficiency regularly reduces its long-term performance (and thereby its offered resilience to the power grid).Our fifth study (chapter 5) focuses on the resilience of Wide Area Measurement Systems (WAMS) which is an integral part of modern electrical grid infrastructure. The problem of the global positioning system (GPS) spoofing attacks on smart grid endowed with phasor measurement units (PMUs) is addressed, taking into account the dynamical behavior of the states of the system. It is shown how GPS spoofing introduces a timing synchronization error in the phasor readings recorded by the PMU and alters the measurement matrix of the dynamical model. A generalized likelihood ratio-based hypotheses testing procedure is devised to detect changes in the measurement matrix when the system is subjected to a spoofing attack. Monte Carlo simulations are performed on the 9-bus, 3-machine test grid to demonstrate the implication of the spoofing attack on dynamic state estimation and to analyze the performance of the proposed hypotheses test. Asymptotic performance analysis of the proposed test, which can be used for large-scale smart grid networks, is also presented
The Role of Deep Learning in Advancing Proactive Cybersecurity Measures for Smart Grid Networks: A Survey
As smart grids (SG) increasingly rely on advanced technologies like sensors
and communication systems for efficient energy generation, distribution, and
consumption, they become enticing targets for sophisticated cyberattacks. These
evolving threats demand robust security measures to maintain the stability and
resilience of modern energy systems. While extensive research has been
conducted, a comprehensive exploration of proactive cyber defense strategies
utilizing Deep Learning (DL) in {SG} remains scarce in the literature. This
survey bridges this gap, studying the latest DL techniques for proactive cyber
defense. The survey begins with an overview of related works and our distinct
contributions, followed by an examination of SG infrastructure. Next, we
classify various cyber defense techniques into reactive and proactive
categories. A significant focus is placed on DL-enabled proactive defenses,
where we provide a comprehensive taxonomy of DL approaches, highlighting their
roles and relevance in the proactive security of SG. Subsequently, we analyze
the most significant DL-based methods currently in use. Further, we explore
Moving Target Defense, a proactive defense strategy, and its interactions with
DL methodologies. We then provide an overview of benchmark datasets used in
this domain to substantiate the discourse.{ This is followed by a critical
discussion on their practical implications and broader impact on cybersecurity
in Smart Grids.} The survey finally lists the challenges associated with
deploying DL-based security systems within SG, followed by an outlook on future
developments in this key field.Comment: To appear in the IEEE internet of Things journa
Intrusion detection by machine learning = Behatolás detektálás gépi tanulás által
Since the early days of information technology, there have been many stakeholders who used the technological capabilities for their own benefit, be it legal operations, or illegal access to computational assets and sensitive information. Every year, businesses invest large amounts of effort into upgrading their IT infrastructure, yet, even today, they are unprepared to protect their most valuable assets: data and knowledge. This lack of protection was the main reason for the creation of this dissertation. During this study, intrusion detection, a field of information security, is evaluated through the use of several machine learning models performing signature and hybrid detection. This is a challenging field, mainly due to the high velocity and imbalanced nature of network traffic. To construct machine learning models capable of intrusion detection, the applied methodologies were the CRISP-DM process model designed to help data scientists with the planning, creation and integration of machine learning models into a business information infrastructure, and design science research interested in answering research questions with information technology artefacts. The two methodologies have a lot in common, which is further elaborated in the study. The goals of this dissertation were two-fold: first, to create an intrusion detector that could provide a high level of intrusion detection performance measured using accuracy and recall and second, to identify potential techniques that can increase intrusion detection performance. Out of the designed models, a hybrid autoencoder + stacking neural network model managed to achieve detection performance comparable to the best models that appeared in the related literature, with good detections on minority classes. To achieve this result, the techniques identified were synthetic sampling, advanced hyperparameter optimization, model ensembles and autoencoder networks. In addition, the dissertation set up a soft hierarchy among the different detection techniques in terms of performance and provides a brief outlook on potential future practical applications of network intrusion detection models as well
- …