From Intrusion Detection to an Intrusion Response System: Fundamentals, Requirements, and Future Directions

In the past few decades, the rise in attacks on communication devices in networks has resulted in a reduction of network functionality, throughput, and performance. To detect and mitigate these network attacks, researchers, academicians, and practitioners developed Intrusion Detection Systems (IDSs) with automatic response systems. The response system is considered an important component of IDS, since without a timely response IDSs may not function properly in countering various attacks, especially on a real-time basis. To respond appropriately, IDSs should select the optimal response option according to the type of network attack. This research study provides a complete survey of IDSs and Intrusion Response Systems (IRSs) on the basis of our in-depth understanding of the response option for different types of network attacks. Knowledge of the path from IDS to IRS can assist network administrators and network staffs in understanding how to tackle different attacks with state-of-the-art technologies

Industrial control systems cybersecurity analysis and countermeasures

Industrial Control Systems (ICS) are frequently used in the manufacturing industry and critical infrastructures, such as water, oil and transportation. Disruption of these industries could have disastrous consequences, leading to financial loss or even human lives. Over time, technological development has improved ICS components; however, little research has been done to improve its security posture. In this research, a novel attack vector addressed to the Input and Output memory of the latest SIMATIC S7-1500 PLC is presented. The results obtained during the experimentation process show that attacks on the PLC memory can have a significantly detrimental effect on the operations of the control system. Furthermore, this research describes implements and evaluates the physical, hybrid and virtual model of a Clean Water Supply System developed for the cybersecurity analysis of the Industrial Control System. The physical testbed is implemented on the Festo MPA platform, while the virtual representation of this platform is implemented in MATLAB. The results obtained during the evaluation of the three testbeds show the strengths and weaknesses of each implementation. Likewise, this research proposes two approaches for Industrial Control Systems cyber-security analysis. The first approach involves an attack detection and mitigation mechanism that focuses on the input memory of PLC and is implemented as part of its code. The response mechanism involves three different techniques: optimized data blocks, switching between control strategies, and obtaining sensor readings directly from the analogue channel. The Clean Water Supply System described above is employed for the practical evaluation of this approach. The second approach corresponds to a supervised energy-based system to anomaly detection using a novel energy-based dataset. The results obtained during the experimentation process show that machine learning algorithms can classify the variations of energy produced by the execution of cyber-attacks as anomalous. The results show the feasibility of the approach presented in this research by achieving an F1-Score of 95.5%, and 6.8% FNR with the Multilayer Perceptron Classifier