Knowledge-based operation and management of communications systems

Expert systems techniques are being applied in operation and control of the Defense Communications System (DCS), which has the mission of providing reliable worldwide voice, data and message services for U.S. forces and commands. Thousands of personnel operate DCS facilities, and many of their functions match the classical expert system scenario: complex, skill-intensive environments with a full spectrum of problems in training and retention, cost containment, modernization, and so on. Two of these functions are: (1) fault isolation and restoral of dedicated circuits at Tech Control Centers, and (2) network management for the Defense Switched Network (the modernized dial-up voice system currently replacing AUTOVON). An expert system for the first of these is deployed for evaluation purposes at Andrews Air Force Base, and plans are being made for procurement of operational systems. In the second area, knowledge obtained with a sophisticated simulator is being embedded in an expert system. The background, design and status of both projects are described

A Defense-in-depth Cybersecurity for Smart Substations

The increase of cyber-attacks on industrial and power systems in the recent years make the cybersecurity of supervisory control and data acquisition and substation automation systemsa high important engineering issue. This paper proposes a defense in depth cybersecurity solution for smart substations in different layers of the substation automation system. In fact, it presents possible vulnerabilities in the substation automation system and propose a multiple layer solution based on best practice in cyber security such as the hardening ofdevices, whitelisting, network configuration, network segmentation, role-based account management and cyber security management and deployement

Hierarchical Collective Agent Network (HCAN) for efficient 3 fusion and management of multiple networked sensors

Agent-based software systems and applications are constructed by integrating diverse sets of components that are intelligent, heterogeneous, distributed, and concurrent. This paper describes a multi-agent system to assure the operation efficiency and reliability in data fusion and management of a set of networked distributive sensors (NDS). We discuss the general concept and architecture of a Hierarchical Collective Agent Network (HCAN) and its functional components for learning and adaptive control of the NDS. Sophistication of a HCAN control environment and an anatomy of the agent modules for enabling intelligent data fusion and management are presented. An exemplar HCAN is configured to support dynamic data fusion and automated sensor management in a simulated distributive and collaborative military sensor network for Global Missile Defense (GMD) application

NetworkMonitoring System (NMS)

Due to rapid changes and consequent new threats to computer networks there is a need for the design of systems that enhance network security. These systems make network administrators fully aware of the potential vulnerability of their networks. This paperdesigns a Network Monitoring System (NMS) which is an active defense and complex network surveillance platform designed for ISPs to meet their most rigorous security requirements. This system is motivated by the great needof government agencies, ecommerce companies and Web development organizations to secure their computer networks. The proposed system is also used by network administrators to enable them understand the vulnerabilities affecting computer networks. This enables these administrators to improve network security. The proposed system is a lawful network traffic (Internet Service Provider IP trffic) interception system with the main task of obtaining network communications, giving access to intercepted traffic to lawful authorities for the purpose of data analysis and/or evidence. Such data generally consist of signaling, network management information, or the content of network communications. The intercepted IP traffic is gathered and analyzed for network vulnerability in real time. Then, the corresponding TCP/UDP traffic (Web page, email message, VOIP calls, DHCP traffic, files transferred over the LAN such as HTML files, images, and video files, etc.) is rebuilt and displayed. Based on the results of the analysis of the rebuilt TCP/UDP an alarm could be generatedif amalicious behavior is detected. Experimental results show that the proposed system has many

Threats and Defenses in SDN Control Plane

abstract: Network Management is a critical process for an enterprise to configure and monitor the network devices using cost effective methods. It is imperative for it to be robust and free from adversarial or accidental security flaws. With the advent of cloud computing and increasing demands for centralized network control, conventional management protocols like Simple Network Management Protocol (SNMP) appear inadequate and newer techniques like Network Management Datastore Architecture (NMDA) design and Network Configuration (NETCONF) have been invented. However, unlike SNMP which underwent improvements concentrating on security, the new data management and storage techniques have not been scrutinized for the inherent security flaws. In this thesis, I identify several vulnerabilities in the widely used critical infrastructures which leverage the NMDA design. Software Defined Networking (SDN), a proponent of NMDA, heavily relies on its datastores to program and manage the network. I base my research on the security challenges put forth by the existing datastore’s design as implemented by the SDN controllers. The vulnerabilities identified in this work have a direct impact on the controllers like OpenDayLight, Open Network Operating System and their proprietary implementations (by CISCO, Ericsson, RedHat, Brocade, Juniper, etc). Using the threat detection methodology, I demonstrate how the NMDA-based implementations are vulnerable to attacks which compromise availability, integrity, and confidentiality of the network. I finally propose defense measures to address the security threats in the existing design and discuss the challenges faced while employing these countermeasures.Dissertation/ThesisMasters Thesis Computer Science 201

An Access Control Middleware Application

Information in any modern organization is a very important topic. A company\u27s information is arguably the single most important asset a company owns. Loss or compromise of the corporate information assets can lead to serious financial impact on a company\u27s bottom line. Currently most corporate information is stored on network storage devices. These storage devices provide quick and easy access to the information from anywhere in the world. These same storage devices can also expose the information to its greatest vulnerability, attack by a hostile entity. The current network security best practice calls for a strategy named \u27Defense in Depth\u27 This strategy uses a series of defensive layers to secure the network and the data it contains. There is a realization that no single defensive technology is one hundred percent effective. Samples of external looking defenses include firewalls, anti-virus gateways, proxy servers, virtual private networks (VPN), and complex passwords. The design of these protective measures serves to protect the network from attack by parties outside of the local area network. In additional to the external defenses, there are also internal defense mechanisms as well. These include locking the server room door, complex passwords, file encryption, network access restrictions, and keeping the user database up to date. One often overlooked technology when designing the network security system is physical access to the company\u27s facilities. The goal of physical access control is to manage who goes where within an organization and when they go there. In addition, a defensive technology can provide physical intrusion detection and notification to the appropriate security personnel. If a specific individual is not within the facility, he/she should not be attempting to log in to the network. This project developed and demonstrated a non-typical approach to the management architecture for a physical Access Control System (ACS). It examines the minimum set of requirements necessary to manage an access control system as well as focuses on using a user interface (UI) that a network administrator is familiar with. It is felt that removing the unknown and complex interface normally associated with physical access control software, companies will be more willing to add this additional layer of defense to their network security design. The project utilizes Microsoft© Active Directory (AD) as the primary user interface. It also utilizes the Windows© event logging service to provide the user with event and alarm messages in a human readable format. A data store consisting of Microsoft SQL Server database dedicated to the management of the hardware sub-system

A control theoretic approach for security of cyber-physical systems

In this dissertation, several novel defense methodologies for cyber-physical systems have been proposed. First, a special type of cyber-physical system, the RFID system, is considered for which a lightweight mutual authentication and ownership management protocol is proposed in order to protect the data confidentiality and integrity. Then considering the fact that the protection of the data confidentiality and integrity is insufficient to guarantee the security in cyber-physical systems, we turn to the development of a general framework for developing security schemes for cyber-physical systems wherein the cyber system states affect the physical system and vice versa. After that, we apply this general framework by selecting the traffic flow as the cyber system state and a novel attack detection scheme that is capable of capturing the abnormality in the traffic flow in those communication links due to a class of attacks has been proposed. On the other hand, an attack detection scheme that is capable of detecting both sensor and actuator attacks is proposed for the physical system in the presence of network induced delays and packet losses. Next, an attack detection scheme is proposed when the network parameters are unknown by using an optimal Q-learning approach. Finally, this attack detection and accommodation scheme has been further extended to the case where the network is modeled as a nonlinear system with unknown system dynamics --Abstract, page iv

Testing the global capabilities of the Antelope software suite: fast location and Mb determination of teleseismic events using the ASAIN and GSN seismic networks

The Italian National Institute for Oceanography and Experimental Geophysics (Istituto Nazionale di Oceanografia e di Geofisica Sperimentale, OGS) is running the Antarctic Seismographic Argentinean Italian Network (ASAIN), made of 5 seismic stations located in the Scotia Sea region in Antarctica and in Argentina: data from these stations are transferred in real time to the OGS headquarters in Trieste (Italy) via satellite links. OGS is also running, in close cooperation with the Friuli-Venezia Giulia Civil Defense, the North East (NI) Italy seismic network, making use of the Antelope commercial software suite from BRTT as the main acquisition system. As a test to check the global capabilities of Antelope, we set up an instance of Antelope acquiring data in real time from both the regional ASAIN seismic network in Antarctica and a subset of the Global Seismic Network (GSN) funded by the Incorporated Research Institution for Seismology (IRIS). The facilities of the IRIS Data Management System, and specifically the IRIS Data Management Center, were used for real time access to waveform required in this study. Preliminary results over 1 month period indicated that about 82% of the earthquakes with magnitude M>5.0 listed in the PDE catalogue of the National Earthquake Information Center (NEIC) of the United States Geological Survey (USGS) were also correctly detected by Antelope, with an average location error of 0.05 degrees and average body wave magnitude Mb estimation error below 0.1. The average time difference between event origin time and the actual time of event determination by Antelope was of about 45’: the comparison with 20’, the IASPEI91 P-wave travel time for 180 degrees distance, and 25’, the estimate of our test system data latency, indicate that Antelope is a serious candidate for regional and global early warning systems. Updated figures calculated over a longer period of time will be presented and discussed

An analysis of the competitive strategy in the industry providing a defense systems of systems

The change from platform to network centric warfare requires new perspectives of the Defense Industrial Base. Both the 1996 Defense Science Board Report on Vertical Integration and DoD's 1999 report on Price Based Acquisition recommend that DoD take steps to further understanding of competitive conditions in the defense industry. This thesis explores one method for gaining this insight The industry is producing the system of systems for DoD, not just platforms. This thesis studies prime contractors for 78 programs which have been determined as the foundation for the future system of systems. By applying the Value-Net business model, it reviews the influences the Department of Defense, International Governments and industries, commercial firms, and suppliers have upon the prime contractors. This analysis identifies growth markers in interoperability development and open system component development. It also identifies competition-induced constraints on weapon system production markets. Through a survey of Defense Contract Management Agency Prime Integrators, it determines the concentration of prime contractor performance in the 78 programs. Based on data from 61 of the 92 prime contracts, it also reveals performance trends , indicating that key players in the industry have established strategies for network centric development This thesis also shows that using the Value-Net business model is a valid method for understanding competitive influences in the industry for network centric warfarehttp://www.archive.org/details/analysisofcompet00meloOutstanding ThesisU.S. Navy (U.S.N.) author.Approved for public release; distribution is unlimited