Behavioural Observation for Critical Infrastructure Security Support

Critical infrastructures include sectors such as energy resources, finance, food and water distribution, health, manufacturing and government services. In recent years, critical infrastructures have become increasingly dependent on ICT; more interconnected and are often, as a result, linked to the Internet. Consequently, this makes these systems more vulnerable and increases the threat of cyber-attack. In addition, the growing use of wireless networks means that infrastructures can be more susceptible to a direct digital attack than ever before. Traditionally, protecting against environmental threats was the main focus of critical infrastructure preservation. Now, however, with the emergence of cyber-attacks, the focus has changed and infrastructures are facing a different danger with potentially debilitating consequences. Current security techniques are struggling to keep up to date with the sheer volume of innovative and emerging attacks; therefore, considering fresh and adaptive solutions to existing computer security approaches is crucial. The research presented in this thesis, details the use of behavioural observation for critical infrastructure security support. Our observer system monitors an infrastructure’s behaviour and detects abnormalities, which are the result of a cyber-attack taking place. By observing subtle changes in system behaviours, an additional level of support for critical infrastructure security is provided through a plug-in device, which operates autonomously and has no negative impact on data flow. Behaviour is evaluated using mathematical classifications to assess the data and detect changes. The subsequent results achieved during the data classification process were high and successful. Our observer approach was able to accurately classify 98.138 % of the normal and abnormal system behaviours produced by a simulation of a critical infrastructure, using nine data classifiers

An elastic scaling method for cloud security

Cloud computing is being adopted in critical sectors such as transport, energy and finance. This makes cloud computing services critical in themselves. When cyber attacks and cyber disruptions happen, millions of users are affected. A cyber disruption in this context means a temporary or permanent loss of service, with impact on users of the cloud service who rely on its continuity. Intrusion detection and prevention methods are being developed to protect this sensitive information being stored, and the services being deployed. There needs to be an assurance that the confidentiality, integrity and availability of the data and resources are maintained. This paper presents a background to the critical infrastructure and cloud computing progression, and an overview to the cloud security conundrum. Analysis of existing intrusion detection methods is provided, in addition to our observation and proposed elastic scaling method for cloud security

Predicting and Visualising City Noise Levels to Support Tinnitus Sufferers

On a daily basis, urban residents are unconsciously exposed to hazardous noise levels. This has a detrimental effect on the ear-drum, with symptoms often not apparent till later in life. The impact of harmful noises levels has a damaging impact on wellbeing. It is estimated that 10 million people suffer from damaged hearing in the UK alone, with 6.4million of retirement age or above. With this number expected to increase significantly by 2031, the demand and cost for healthcare providers is expected to intensify. Tinnitus affects about 10 percent of the UK population, with the condition ranging from mild to severe. The effects can have psychological impact on the patient. Often communication becomes difficult, and the sufferer may also be unable to use a hearing aid due to buzzing, ringing or monotonous sounds in the ear. Action on Hearing Loss states that sufferers of hearing related illnesses are more likely to withdraw from social activities. Tinnitus sufferers are known to avoid noisy environments and busy urban areas, as exposure to excessive noise levels exacerbates the symptoms. In this paper, an approach for evaluating and predicting urban noise levels is put forward. The system performs a data classification process to identify and predict harmful noise areas at diverse periods. The goal is to provide Tinnitus sufferers with a real-time tool, which can be used as a guide to find quieter routes to work; identify harmful areas to avoid or predict when noise levels on certain roads will be dangerous to the ear-drum. Our system also performs a visualisation function, which overlays real-time noise levels onto an interactive 3D map. Keywords: Hazardous Noise Levels, Data Classification, Tinnitus, Visualisation, Hearing Loss, Prediction, Real-Tim

Behaviour analysis techniques for supporting critical infrastructure security

Protecting critical infrastructures from cyber-threats in an increasingly digital age is a matter of growing urgency for governments and private industries across the globe. In a climate where cyber-security is an uncertainty, fresh and adaptive solutions to existing computer security approaches are a must. In this paper, we present our approach to supporting critical infrastructure security. The use of our critical infrastructure simulation, developed using Siemens Tecnomatix Plant Simulator and the programming language SimTalk, is used to construct realistic data from a simulated nuclear power plant. The data collected from the simulation, when both functioning as normal and during a cyber-attack scenario, is done through the use of an observer pattern. By extracting features from the data collected, threats to the system are identified by modelling system behaviour and identifying changes in patterns of activity by using three data classification techniques

A Machine Learning Framework for Securing Patient Records

This research concerns the detection of abnormal data usage and unauthorised access in large-scale critical networks, specifically healthcare infrastructures. The focus of this research is safeguarding Electronic Patient Record (EPR)systems in particular. Privacy is a primary concern amongst patients due to the rising adoption of EPR systems. There is growing evidence to suggest that patients may withhold information from healthcare providers due to lack of Trust in the security of EPRs. Yet, patient record data must be available to healthcare providers at the point of care. Roles within healthcare organisations are dynamic and relying on access control is not sufficient. Access to EPR is often heavily audited within healthcare infrastructures. However, this data is regularly left untouched in a data silo and only ever accessed on an ad hoc basis. In addition, external threats need to be identified, such as phishing or social engineering techniques to acquire a clinician’s logon credentials. Without proactive monitoring of audit records, data breaches may go undetected. This thesis proposes a novel machine learning framework using a density-based local outlier detection model, in addition to employing a Human-in-the-Loop Machine Learning (HILML) approach. The density-based outlier detection model enables patterns in EPR data to be extracted to profile user behaviour and device interactions in order to detect and visualise anomalous activities. Employing a HILML model ensures that inappropriate activity is investigated and the data analytics is continuously improving. The novel framework is able to detect 156 anomalous behaviours in an unlabelled dataset of 1,007,727 audit logs

Behavioural Observation for Critical Infrastructure Security Support

The research presented in this paper offers a way of supporting the security currently in place in critical infrastructures by using behavioural observation to add to the Defence in Depth (DiD). Our approach is proactive and continually looks to identify patterns or behaviour, which is out of place in the ordinary operations of the infrastructure. As this work demonstrates, applying behavioural observation to critical infrastructure protection has effective results. In this paper, our design for Behavioural Observation for Critical Infrastructure Security Support (BOCISS) is presented. This entails an outline of the system architecture, an explanation of the system modes of operation, the development of a simulation for data construction purposes and the evaluation of our system using our simulated data

Big Data Analysis Techniques for Cyber-threat Detection in Critical Infrastructures

The research presented in this paper offers a way of supporting the security currently in place in critical infrastructures by using behavioural observation and big data analysis techniques to add to the Defence in Depth (DiD). As this work demonstrates, applying behavioural observation to critical infrastructure protection has effective results. Our design for Behavioural Observation for Critical Infrastructure Security Support (BOCISS) processes simulated critical infrastructure data to detect anomalies which constitute threats to the system. This is achieved using feature extraction and data classification. The data is provided by the development of a nuclear power plant simulation using Siemens Tecnomatix Plant Simulator and the programming language SimTalk. Using this simulation, extensive realistic data sets are constructed and collected, when the system is functioning as normal and during a cyber-attack scenario. The big data analysis techniques, classification results and an assessment of the outcomes is presented