Evolving attackers against wireless sensor networks using genetic programming

Recent hardware developments have made it possible for the Internet of Things (IoT) to be built. A wide variety of industry sectors, including manufacturing, utilities, agriculture, transportation, and healthcare are actively seeking to incorporate IoT technologies in their operations. The increased connectivity and data sharing that give IoT systems their advantages also increase their vulnerability to attack. In this study, the authors explore the automated generation of attacks using genetic programming (GP), so that defences can be tested objectively in advance of deployment. In the authors' system, the GP-generated attackers targeted publish-subscribe communications within a wireless sensor networks that was protected by an artificial immune intrusion detection system (IDS) taken from the literature. The GP attackers successfully suppressed more legitimate messages than the hand-coded attack used originally to test the IDS, whilst reducing the likelihood of detection. Based on the results, it was possible to reconfigure the IDS to improve its performance. Whilst the experiments were focussed on establishing a proof-of-principle rather than a turnkey solution, they indicate that GP-generated attackers have the potential to improve the protection of systems with large attack surfaces, in a way that is complementary to traditional testing and certification

09201 Abstracts Collection -- Self-Healing and Self-Adaptive Systems

From May 10th 2009 to May 15th 2009 the Dagstuhl Seminar 09201 ``Self-Healing and Self-Adaptive Systems\u27\u27 was held in Schloss Dagstuhl~--~Leibniz Center for Informatics. During the seminar, several participants presented their current research, and ongoing work and open problems were discussed. Abstracts of the presentations given during the seminar are put together in this paper. Links to extended abstracts or full papers are provided, if available. A description of the seminar topics, goals and results in general can be found in a separate document ``Executive Summary\u27\u27

The machine abnormal degree detection method based on SVDD and negative selection mechanism

As is well-known, fault samples are essential for the fault diagnosis and anomaly detection, but in most cases, it is difficult to obtain them. The negative selection mechanism of immune system, which can distinguish almost all nonself cells or molecules with only the self cells, gives us an inspiration to solve the problem of anomaly detection with only the normal samples. In this paper, we introduced the Support Vector Data Description (SVDD) and negative selection mechanism to separate the state space of machines into self, non-self and fault space. To estimate the abnormal level of machines, a function that could calculate the abnormal degree was constructed and its sensitivity change according to the change of abnormal degree was also discussed. At last, Iris-Fisher and ball bearing fault data set were used to verify the effectiveness of this method

Intrusion Detection Systems Based on Artificial Intelligence Techniques in Wireless Sensor Networks

[EN] Intrusion detection system (IDS) is regarded as the second line of defense against network anomalies and threats. IDS plays an important role in network security. There are many techniques which are used to design IDSs for specific scenario and applications. Artificial intelligence techniques are widely used for threats detection. This paper presents a critical study on genetic algorithm, artificial immune, and artificial neural network (ANN) based IDSs techniques used in wireless sensor network (WSN)The authors extend their appreciation to the Distinguished Scientist Fellowship Program(DSFP) at King Saud University for funding this research.Alrajeh, NA.; Lloret, J. (2013). Intrusion Detection Systems Based on Artificial Intelligence Techniques in Wireless Sensor Networks. International Journal of Distributed Sensor Networks. 2013(351047):1-6. https://doi.org/10.1155/2013/351047S16201335104

Leverage AI to Learn, Optimize, and Wargame (LAILOW) for Strategic Laydown and Dispersal (SLD) of the USN Operating Forces

NPS NRP Technical ReportThe SECNAV disperses Navy forces in a deliberate manner to support DoD guidance, policy and budget. The current SLD process is labor intensive, takes too long, and needs AI. The research questions are: - How does the Navy weight competing demands for naval forces between the CCMDs to determine an optimal dispersal of operating forces? - How does the Navy optimize force laydown to maximize force development (Fd) and force generation (Fg) efficiency? We propose LAILOW to address the questions. LAILOW was derived from the ONR funded project and focuses on deep analytics of machine learning, optimization, and wargame. Learn: When there are data, data mining, machine learning, and predictive algorithms are used to analyze data. Historical Phased Force Deployment Data (TPFDDs) and SLD Report Cards data among others, one can learn patterns of what decisions were made and how they are executed with in the past. Optimize: Patterns from learn are used to optimize future SLD plans. A SLD plan may include how many homeports, home bases, hubs, and shore posture locations (Fd) and staffs (Fg). The optimization can be overwhelming. LAILOW uses integrated Soar reinforcement learning (Soar-RL) and coevolutionary algorithms. Soar-RL maps a total SLD plan to individual ones used in excursion modeling and what if analysis. Wargame: There might be no or rare data for new warfighting requirements and capabilities. This motivates wargame simulations. A SLD plan can include state variables or problems (e.g., future global and theater posture, threat characteristics), which is only observed, sensed, and cannot be changed. Control variables are solutions (e.g., a SLD plan). LAILOW sets up a wargame between state and control variables. Problems and solutions coevolve based on evolutionary principles of selection, mutation, and crossover.N3/N5 - Plans & StrategyThis research is supported by funding from the Naval Postgraduate School, Naval Research Program (PE 0605853N/2098). https://nps.edu/nrpChief of Naval Operations (CNO)Approved for public release. Distribution is unlimited.

A Critical Analysis Of The State-Of-The-Art On Automated Detection Of Deceptive Behavior In Social Media

Recently, a large body of research has been devoted to examine the user behavioral patterns and the business implications of social media. However, relatively little research has been conducted regarding users’ deceptive activities in social media; these deceptive activities may hinder the effective application of the data collected from social media to perform e-marketing and initiate business transformation in general. One of the main contributions of this paper is the critical analysis of the possible forms of deceptive behavior in social media and the state-of-the-art technologies for automated deception detection in social media. Based on the proposed taxonomy of major deception types, the assumptions, advantages, and disadvantages of the popular deception detection methods are analyzed. Our critical analysis shows that deceptive behavior may evolve over time, and so making it difficult for the existing methods to effectively detect social media spam. Accordingly, another main contribution of this paper is the design and development of a generic framework to combat dynamic deceptive activities in social media. The managerial implication of our research is that business managers or marketers will develop better insights about the possible deceptive behavior in social media before they tap into social media to collect and generate market intelligence. Moreover, they can apply the proposed adaptive deception detection framework to more effectively combat the ever increasing and evolving deceptive activities in social medi

Identifying and Detecting Attacks in Industrial Control Systems

The integrity of industrial control systems (ICS) found in utilities, oil and natural gas pipelines, manufacturing plants and transportation is critical to national wellbeing and security. Such systems depend on hundreds of field devices to manage and monitor a physical process. Previously, these devices were specific to ICS but they are now being replaced by general purpose computing technologies and, increasingly, these are being augmented with Internet of Things (IoT) nodes. Whilst there are benefits to this approach in terms of cost and flexibility, it has attracted a wider community of adversaries. These include those with significant domain knowledge, such as those responsible for attacks on Iran’s Nuclear Facilities, a Steel Mill in Germany, and Ukraine’s power grid; however, non specialist attackers are becoming increasingly interested in the physical damage it is possible to cause. At the same time, the approach increases the number and range of vulnerabilities to which ICS are subject; regrettably, conventional techniques for analysing such a large attack space are inadequate, a cause of major national concern. In this thesis we introduce a generalisable approach based on evolutionary multiobjective algorithms to assist in identifying vulnerabilities in complex heterogeneous ICS systems. This is both challenging and an area that is currently lacking research. Our approach has been to review the security of currently deployed ICS systems, and then to make use of an internationally recognised ICS simulation testbed for experiments, assuming that the attacking community largely lack specific ICS knowledge. Using the simulator, we identified vulnerabilities in individual components and then made use of these to generate attacks. A defence against these attacks in the form of novel intrusion detection systems were developed, based on a range of machine learning models. Finally, this was further subject to attacks created using the evolutionary multiobjective algorithms, demonstrating, for the first time, the feasibility of creating sophisticated attacks against a well-protected adversary using automated mechanisms

Identifying vulnerabilities of industrial control systems using evolutionary multiobjective optimisation

In this paper, we propose a novel methodology to assist in identifying vulnerabilities in real-world complex heterogeneous industrial control systems (ICS) using two Evolutionary Multiobjective Optimisation (EMO) algorithms, NSGA-II and SPEA2. Our approach is evaluated on a well-known benchmark chemical plant simulator, the Tennessee Eastman (TE) process model. We identified vulnerabilities in individual components of the TE model and then made use of these vulnerabilities to generate combinatorial attacks. The generated attacks were aimed at compromising the safety of the system and inflicting economic loss. Results were compared against random attacks, and the performance of the EMO algorithms was evaluated using hypervolume, spread, and inverted generational distance (IGD) metrics. A defence against these attacks in the form of a novel intrusion detection system was developed, using machine learning algorithms. The designed approach was further tested against the developed detection methods. The obtained results demonstrate that the developed EMO approach is a promising tool in the identification of the vulnerable components of ICS, and weaknesses of any existing detection systems in place to protect the system. The proposed approach can serve as a proactive defense tool for control and security engineers to identify and prioritise vulnerabilities in the system. The approach can be employed to design resilient control strategies and test the effectiveness of security mechanisms, both in the design stage and during the operational phase of the system