12,851 research outputs found
Stealthy Deception Attacks Against SCADA Systems
SCADA protocols for Industrial Control Systems (ICS) are vulnerable to
network attacks such as session hijacking. Hence, research focuses on network
anomaly detection based on meta--data (message sizes, timing, command
sequence), or on the state values of the physical process. In this work we
present a class of semantic network-based attacks against SCADA systems that
are undetectable by the above mentioned anomaly detection. After hijacking the
communication channels between the Human Machine Interface (HMI) and
Programmable Logic Controllers (PLCs), our attacks cause the HMI to present a
fake view of the industrial process, deceiving the human operator into taking
manual actions. Our most advanced attack also manipulates the messages
generated by the operator's actions, reversing their semantic meaning while
causing the HMI to present a view that is consistent with the attempted human
actions. The attacks are totaly stealthy because the message sizes and timing,
the command sequences, and the data values of the ICS's state all remain
legitimate.
We implemented and tested several attack scenarios in the test lab of our
local electric company, against a real HMI and real PLCs, separated by a
commercial-grade firewall. We developed a real-time security assessment tool,
that can simultaneously manipulate the communication to multiple PLCs and cause
the HMI to display a coherent system--wide fake view. Our tool is configured
with message-manipulating rules written in an ICS Attack Markup Language (IAML)
we designed, which may be of independent interest. Our semantic attacks all
successfully fooled the operator and brought the system to states of blackout
and possible equipment damage
Distributed Anomaly Detection using Autoencoder Neural Networks in WSN for IoT
Wireless sensor networks (WSN) are fundamental to the Internet of Things
(IoT) by bridging the gap between the physical and the cyber worlds. Anomaly
detection is a critical task in this context as it is responsible for
identifying various events of interests such as equipment faults and
undiscovered phenomena. However, this task is challenging because of the
elusive nature of anomalies and the volatility of the ambient environments. In
a resource-scarce setting like WSN, this challenge is further elevated and
weakens the suitability of many existing solutions. In this paper, for the
first time, we introduce autoencoder neural networks into WSN to solve the
anomaly detection problem. We design a two-part algorithm that resides on
sensors and the IoT cloud respectively, such that (i) anomalies can be detected
at sensors in a fully distributed manner without the need for communicating
with any other sensors or the cloud, and (ii) the relatively more
computation-intensive learning task can be handled by the cloud with a much
lower (and configurable) frequency. In addition to the minimal communication
overhead, the computational load on sensors is also very low (of polynomial
complexity) and readily affordable by most COTS sensors. Using a real WSN
indoor testbed and sensor data collected over 4 consecutive months, we
demonstrate via experiments that our proposed autoencoder-based anomaly
detection mechanism achieves high detection accuracy and low false alarm rate.
It is also able to adapt to unforeseeable and new changes in a non-stationary
environment, thanks to the unsupervised learning feature of our chosen
autoencoder neural networks.Comment: 6 pages, 7 figures, IEEE ICC 201
Thirty Years of Machine Learning: The Road to Pareto-Optimal Wireless Networks
Future wireless networks have a substantial potential in terms of supporting
a broad range of complex compelling applications both in military and civilian
fields, where the users are able to enjoy high-rate, low-latency, low-cost and
reliable information services. Achieving this ambitious goal requires new radio
techniques for adaptive learning and intelligent decision making because of the
complex heterogeneous nature of the network structures and wireless services.
Machine learning (ML) algorithms have great success in supporting big data
analytics, efficient parameter estimation and interactive decision making.
Hence, in this article, we review the thirty-year history of ML by elaborating
on supervised learning, unsupervised learning, reinforcement learning and deep
learning. Furthermore, we investigate their employment in the compelling
applications of wireless networks, including heterogeneous networks (HetNets),
cognitive radios (CR), Internet of things (IoT), machine to machine networks
(M2M), and so on. This article aims for assisting the readers in clarifying the
motivation and methodology of the various ML algorithms, so as to invoke them
for hitherto unexplored services as well as scenarios of future wireless
networks.Comment: 46 pages, 22 fig
Time is of the Essence: Machine Learning-based Intrusion Detection in Industrial Time Series Data
The Industrial Internet of Things drastically increases connectivity of
devices in industrial applications. In addition to the benefits in efficiency,
scalability and ease of use, this creates novel attack surfaces. Historically,
industrial networks and protocols do not contain means of security, such as
authentication and encryption, that are made necessary by this development.
Thus, industrial IT-security is needed. In this work, emulated industrial
network data is transformed into a time series and analysed with three
different algorithms. The data contains labeled attacks, so the performance can
be evaluated. Matrix Profiles perform well with almost no parameterisation
needed. Seasonal Autoregressive Integrated Moving Average performs well in the
presence of noise, requiring parameterisation effort. Long Short Term
Memory-based neural networks perform mediocre while requiring a high training-
and parameterisation effort.Comment: Extended version of a publication in the 2018 IEEE International
Conference on Data Mining Workshops (ICDMW
Improving SIEM for critical SCADA water infrastructures using machine learning
Network Control Systems (NAC) have been used in many industrial processes. They aim to reduce the human factor burden and efficiently handle the complex process and communication of those systems. Supervisory control and data acquisition (SCADA) systems are used in industrial, infrastructure and facility processes (e.g. manufacturing, fabrication, oil and water pipelines, building ventilation, etc.) Like other Internet of Things (IoT) implementations, SCADA systems are vulnerable to cyber-attacks, therefore, a robust anomaly detection is a major requirement. However, having an accurate anomaly detection system is not an easy task, due to the difficulty to differentiate between cyber-attacks and system internal failures (e.g. hardware failures). In this paper, we present a model that detects anomaly events in a water system controlled by SCADA. Six Machine Learning techniques have been used in building and evaluating the model. The model classifies different anomaly events including hardware failures (e.g. sensor failures), sabotage and cyber-attacks (e.g. DoS and Spoofing). Unlike other detection systems, our proposed work helps in accelerating the mitigation process by notifying the operator with additional information when an anomaly occurs. This additional information includes the probability and confidence level of event(s) occurring. The model is trained and tested using a real-world dataset
- …