263 research outputs found
Assessing and augmenting SCADA cyber security: a survey of techniques
SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability
Machine Learning-Enabled IoT Security: Open Issues and Challenges Under Advanced Persistent Threats
Despite its technological benefits, Internet of Things (IoT) has cyber
weaknesses due to the vulnerabilities in the wireless medium. Machine learning
(ML)-based methods are widely used against cyber threats in IoT networks with
promising performance. Advanced persistent threat (APT) is prominent for
cybercriminals to compromise networks, and it is crucial to long-term and
harmful characteristics. However, it is difficult to apply ML-based approaches
to identify APT attacks to obtain a promising detection performance due to an
extremely small percentage among normal traffic. There are limited surveys to
fully investigate APT attacks in IoT networks due to the lack of public
datasets with all types of APT attacks. It is worth to bridge the
state-of-the-art in network attack detection with APT attack detection in a
comprehensive review article. This survey article reviews the security
challenges in IoT networks and presents the well-known attacks, APT attacks,
and threat models in IoT systems. Meanwhile, signature-based, anomaly-based,
and hybrid intrusion detection systems are summarized for IoT networks. The
article highlights statistical insights regarding frequently applied ML-based
methods against network intrusion alongside the number of attacks types
detected. Finally, open issues and challenges for common network intrusion and
APT attacks are presented for future research.Comment: ACM Computing Surveys, 2022, 35 pages, 10 Figures, 8 Table
Privacy Preservation Intrusion Detection Technique for SCADA Systems
Supervisory Control and Data Acquisition (SCADA) systems face the absence of
a protection technique that can beat different types of intrusions and protect
the data from disclosure while handling this data using other applications,
specifically Intrusion Detection System (IDS). The SCADA system can manage the
critical infrastructure of industrial control environments. Protecting
sensitive information is a difficult task to achieve in reality with the
connection of physical and digital systems. Hence, privacy preservation
techniques have become effective in order to protect sensitive/private
information and to detect malicious activities, but they are not accurate in
terms of error detection, sensitivity percentage of data disclosure. In this
paper, we propose a new Privacy Preservation Intrusion Detection (PPID)
technique based on the correlation coefficient and Expectation Maximisation
(EM) clustering mechanisms for selecting important portions of data and
recognizing intrusive events. This technique is evaluated on the power system
datasets for multiclass attacks to measure its reliability for detecting
suspicious activities. The experimental results outperform three techniques in
the above terms, showing the efficiency and effectiveness of the proposed
technique to be utilized for current SCADA systems
A Systematic Review of the State of Cyber-Security in Water Systems
Critical infrastructure systems are evolving from isolated bespoke systems to those that use general-purpose computing hosts, IoT sensors, edge computing, wireless networks and artificial intelligence. Although this move improves sensing and control capacity and gives better integration with business requirements, it also increases the scope for attack from malicious entities that intend to conduct industrial espionage and sabotage against these systems. In this paper, we review the state of the cyber-security research that is focused on improving the security of the water supply and wastewater collection and treatment systems that form part of the critical national infrastructure. We cover the publication statistics of the research in this area, the aspects of security being addressed, and future work required to achieve better cyber-security for water systems
A Survey on Industrial Control System Testbeds and Datasets for Security Research
The increasing digitization and interconnection of legacy Industrial Control
Systems (ICSs) open new vulnerability surfaces, exposing such systems to
malicious attackers. Furthermore, since ICSs are often employed in critical
infrastructures (e.g., nuclear plants) and manufacturing companies (e.g.,
chemical industries), attacks can lead to devastating physical damages. In
dealing with this security requirement, the research community focuses on
developing new security mechanisms such as Intrusion Detection Systems (IDSs),
facilitated by leveraging modern machine learning techniques. However, these
algorithms require a testing platform and a considerable amount of data to be
trained and tested accurately. To satisfy this prerequisite, Academia,
Industry, and Government are increasingly proposing testbed (i.e., scaled-down
versions of ICSs or simulations) to test the performances of the IDSs.
Furthermore, to enable researchers to cross-validate security systems (e.g.,
security-by-design concepts or anomaly detectors), several datasets have been
collected from testbeds and shared with the community. In this paper, we
provide a deep and comprehensive overview of ICSs, presenting the architecture
design, the employed devices, and the security protocols implemented. We then
collect, compare, and describe testbeds and datasets in the literature,
highlighting key challenges and design guidelines to keep in mind in the design
phases. Furthermore, we enrich our work by reporting the best performing IDS
algorithms tested on every dataset to create a baseline in state of the art for
this field. Finally, driven by knowledge accumulated during this survey's
development, we report advice and good practices on the development, the
choice, and the utilization of testbeds, datasets, and IDSs
A Deep Learning based Detection Method for Combined Integrity-Availability Cyber Attacks in Power System
As one of the largest and most complex systems on earth, power grid (PG)
operation and control have stepped forward as a compound analysis on both
physical and cyber layers which makes it vulnerable to assaults from economic
and security considerations. A new type of attack, namely as combined data
Integrity-Availability attack, has been recently proposed, where the attackers
can simultaneously manipulate and blind some measurements on SCADA system to
mislead the control operation and keep stealthy. Compared with traditional
FDIAs, this combined attack can further complicate and vitiate the model-based
detection mechanism. To detect such attack, this paper proposes a novel random
denoising LSTM-AE (LSTMRDAE) framework, where the spatial-temporal correlations
of measurements can be explicitly captured and the unavailable data is
countered by the random dropout layer. The proposed algorithm is evaluated and
the performance is verified on a standard IEEE 118-bus system under various
unseen attack attempts
- …