Analysis of a SCADA System Anomaly Detection Model Based on Information Entropy

SCADA (supervisory control and data acquisition) systems monitor and control many different types of critical infrastructure such as power, water, transportation, and pipelines. These once isolated systems are increasingly being connected to the internet to improve operations, which creates vulnerabilities to attacks. A SCADA operator receives automated alarms concerning system components operating out of normal thresholds. These alarms are susceptible to manipulation by an attacker. This research uses information theory to build an anomaly detection model that quantifies the uncertainty of the system based on alarm message frequency. Several attack scenarios are statistically analyzed for their significance including someone injecting false alarms or hiding alarms. This research evaluates the use of information theory for anomaly detection and the impact of different attack scenarios

Contribution to the evaluation and optimization of passengers' screening at airports

Security threats have emerged in the past decades as a more and more critical issue for Air Transportation which has been one of the main ressource for globalization of economy. Reinforced control measures based on pluridisciplinary research and new technologies have been implemented at airports as a reaction to different terrorist attacks. From the scientific perspective, the efficient screening of passengers at airports remain a challenge and the main objective of this thesis is to open new lines of research in this field by developing advanced approaches using the resources of Computer Science. First this thesis introduces the main concepts and definitions of airport security and gives an overview of the passenger terminal control systems and more specifically the screening inspection positions are identified and described. A logical model of the departure control system for passengers at an airport is proposed. This model is transcribed into a graphical view (Controlled Satisfiability Graph-CSG) which allows to test the screening system with different attack scenarios. Then a probabilistic approach for the evaluation of the control system of passenger flows at departure is developped leading to the introduction of Bayesian Colored Petri nets (BCPN). Finally an optimization approach is adopted to organize the flow of passengers at departure as best as possible given the probabilistic performance of the elements composing the control system. After the establishment of a global evaluation model based on an undifferentiated serial processing of passengers, is analyzed a two-stage control structure which highlights the interest of pre-filtering and organizing the passengers into separate groups. The conclusion of this study points out for the continuation of this theme

A framework based on Gaussian mixture models and Kalman filters for the segmentation and tracking of anomalous events in shipboard video

Anomalous indications in monitoring equipment on board U.S. Navy vessels must be handled in a timely manner to prevent catastrophic system failure. The development of sensor data analysis techniques to assist a ship\u27s crew in monitoring machinery and summon required ship-to-shore assistance is of considerable benefit to the Navy. In addition, the Navy has a large interest in the development of distance support technology in its ongoing efforts to reduce manning on ships. In this thesis, algorithms have been developed for the detection of anomalous events that can be identified from the analysis of monochromatic stationary ship surveillance video streams. The specific anomalies that we have focused on are the presence and growth of smoke and fire events inside the frames of the video stream. The algorithm consists of the following steps. First, a foreground segmentation algorithm based on adaptive Gaussian mixture models is employed to detect the presence of motion in a scene. The algorithm is adapted to emphasize gray-level characteristics related to smoke and fire events in the frame. Next, shape discriminant features in the foreground are enhanced using morphological operations. Following this step, the anomalous indication is tracked between frames using Kalman filtering. Finally, gray level shape and motion features corresponding to the anomaly are subjected to principal component analysis and classified using a multilayer perceptron neural network. The algorithm is exercised on 68 video streams that include the presence of anomalous events (such as fire and smoke) and benign/nuisance events (such as humans walking the field of view). Initial results show that the algorithm is successful in detecting anomalies in video streams, and is suitable for application in shipboard environments

Security, trust and cooperation in wireless sensor networks

Wireless sensor networks are a promising technology for many real-world applications such as critical infrastructure monitoring, scientific data gathering, smart buildings, etc.. However, given the typically unattended and potentially unsecured operation environment, there has been an increased number of security threats to sensor networks. In addition, sensor networks have very constrained resources, such as limited energy, memory, computational power, and communication bandwidth. These unique challenges call for new security mechanisms and algorithms. In this dissertation, we propose novel algorithms and models to address some important and challenging security problems in wireless sensor networks. The first part of the dissertation focuses on data trust in sensor networks. Since sensor networks are mainly deployed to monitor events and report data, the quality of received data must be ensured in order to make meaningful inferences from sensor data. We first study a false data injection attack in the distributed state estimation problem and propose a distributed Bayesian detection algorithm, which could maintain correct estimation results when less than one half of the sensors are compromised. To deal with the situation where more than one half of the sensors may be compromised, we introduce a special class of sensor nodes called \textit{trusted cores}. We then design a secure distributed trust aggregation algorithm that can utilize the trusted cores to improve network robustness. We show that as long as there exist some paths that can connect each regular node to one of these trusted cores, the network can not be subverted by attackers. The second part of the dissertation focuses on sensor network monitoring and anomaly detection. A sensor network may suffer from system failures due to loss of links and nodes, or malicious intrusions. Therefore, it is critical to continuously monitor the overall state of the network and locate performance anomalies. The network monitoring and probe selection problem is formulated as a budgeted coverage problem and a Markov decision process. Efficient probing strategies are designed to achieve a flexible tradeoff between inference accuracy and probing overhead. Based on the probing results on traffic measurements, anomaly detection can be conducted. To capture the highly dynamic network traffic, we develop a detection scheme based on multi-scale analysis of the traffic using wavelet transforms and hidden Markov models. The performance of the probing strategy and of the detection scheme are extensively evaluated in malicious scenarios using the NS-2 network simulator. Lastly, to better understand the role of trust in sensor networks, a game theoretic model is formulated to mathematically analyze the relation between trust and cooperation. Given the trust relations, the interactions among nodes are modeled as a network game on a trust-weighted graph. We then propose an efficient heuristic method that explores network heterogeneity to improve Nash equilibrium efficiency

Reasoning about the Reliability of Diverse Two-Channel Systems in which One Channel is "Possibly Perfect"

This paper considers the problem of reasoning about the reliability of fault-tolerant systems with two "channels" (i.e., components) of which one, A, supports only a claim of reliability, while the other, B, by virtue of extreme simplicity and extensive analysis, supports a plausible claim of "perfection." We begin with the case where either channel can bring the system to a safe state. We show that, conditional upon knowing pA (the probability that A fails on a randomly selected demand) and pB (the probability that channel B is imperfect), a conservative bound on the probability that the system fails on a randomly selected demand is simply pA.pB. That is, there is conditional independence between the events "A fails" and "B is imperfect." The second step of the reasoning involves epistemic uncertainty about (pA, pB) and we show that under quite plausible assumptions, a conservative bound on system pfd can be constructed from point estimates for just three parameters. We discuss the feasibility of establishing credible estimates for these parameters. We extend our analysis from faults of omission to those of commission, and then combine these to yield an analysis for monitored architectures of a kind proposed for aircraft

Conflict Probe Concepts Analysis in Support of Free Flight

This study develops an operational concept and requirements for en route Free Flight using a simulation of the Cleveland Air Route Traffic Control Center, and develops requirements for an automated conflict probe for use in the Air Traffic Control (ATC) Centers. In this paper, we present the results of simulation studies and summarize implementation concepts and infrastructure requirements to transition from the current air traffic control system to mature Free Right. The transition path to Free Flight envisioned in this paper assumes an orderly development of communications, navigation, and surveillance (CNS) technologies based on results from our simulation studies. The main purpose of this study is to provide an overall context and methodology for evaluating airborne and ground-based requirements for cooperative development of the future ATC system

The applications of satellites to communications, navigation and surveillance for aircraft operating over the contiguous United States. Volume 1 - Technical report

Satellite applications to aircraft communications, navigation, and surveillance over US including synthesized satellite network and aircraft equipment for air traffic contro

Quantitative Precipitation Nowcasting: A Lagrangian Pixel-Based Approach

Short-term high-resolution precipitation forecasting has important implications for navigation, flood forecasting, and other hydrological and meteorological concerns. This article introduces a pixel-based algorithm for Short-term Quantitative Precipitation Forecasting (SQPF) using radar-based rainfall data. The proposed algorithm called Pixel- Based Nowcasting (PBN) tracks severe storms with a hierarchical mesh-tracking algorithm to capture storm advection in space and time at high resolution from radar imagers. The extracted advection field is then extended to nowcast the rainfall field in the next 3. hr based on a pixel-based Lagrangian dynamic model. The proposed algorithm is compared with two other nowcasting algorithms (WCN: Watershed-Clustering Nowcasting and PER: PERsistency) for ten thunderstorm events over the conterminous United States. Object-based verification metric and traditional statistics have been used to evaluate the performance of the proposed algorithm. It is shown that the proposed algorithm is superior over comparison algorithms and is effective in tracking and predicting severe storm events for the next few hours. © 2012 Elsevier B.V