Time is of the Essence: Machine Learning-based Intrusion Detection in Industrial Time Series Data

The Industrial Internet of Things drastically increases connectivity of devices in industrial applications. In addition to the benefits in efficiency, scalability and ease of use, this creates novel attack surfaces. Historically, industrial networks and protocols do not contain means of security, such as authentication and encryption, that are made necessary by this development. Thus, industrial IT-security is needed. In this work, emulated industrial network data is transformed into a time series and analysed with three different algorithms. The data contains labeled attacks, so the performance can be evaluated. Matrix Profiles perform well with almost no parameterisation needed. Seasonal Autoregressive Integrated Moving Average performs well in the presence of noise, requiring parameterisation effort. Long Short Term Memory-based neural networks perform mediocre while requiring a high training- and parameterisation effort.Comment: Extended version of a publication in the 2018 IEEE International Conference on Data Mining Workshops (ICDMW

Autonomic computing architecture for SCADA cyber security

Cognitive computing relates to intelligent computing platforms that are based on the disciplines of artificial intelligence, machine learning, and other innovative technologies. These technologies can be used to design systems that mimic the human brain to learn about their environment and can autonomously predict an impending anomalous situation. IBM first used the term ‘Autonomic Computing’ in 2001 to combat the looming complexity crisis (Ganek and Corbi, 2003). The concept has been inspired by the human biological autonomic system. An autonomic system is self-healing, self-regulating, self-optimising and self-protecting (Ganek and Corbi, 2003). Therefore, the system should be able to protect itself against both malicious attacks and unintended mistakes by the operator

Game Theory for Secure Critical Interdependent Gas-Power-Water Infrastructure

A city's critical infrastructure such as gas, water, and power systems, are largely interdependent since they share energy, computing, and communication resources. This, in turn, makes it challenging to endow them with fool-proof security solutions. In this paper, a unified model for interdependent gas-power-water infrastructure is presented and the security of this model is studied using a novel game-theoretic framework. In particular, a zero-sum noncooperative game is formulated between a malicious attacker who seeks to simultaneously alter the states of the gas-power-water critical infrastructure to increase the power generation cost and a defender who allocates communication resources over its attack detection filters in local areas to monitor the infrastructure. At the mixed strategy Nash equilibrium of this game, numerical results show that the expected power generation cost deviation is 35\% lower than the one resulting from an equal allocation of resources over the local filters. The results also show that, at equilibrium, the interdependence of the power system on the natural gas and water systems can motivate the attacker to target the states of the water and natural gas systems to change the operational states of the power grid. Conversely, the defender allocates a portion of its resources to the water and natural gas states of the interdependent system to protect the grid from state deviations.Comment: 7 pages, in proceedings of Resilience Week 201