Malware in the Future? Forecasting of Analyst Detection of Cyber Events

There have been extensive efforts in government, academia, and industry to anticipate, forecast, and mitigate cyber attacks. A common approach is time-series forecasting of cyber attacks based on data from network telescopes, honeypots, and automated intrusion detection/prevention systems. This research has uncovered key insights such as systematicity in cyber attacks. Here, we propose an alternate perspective of this problem by performing forecasting of attacks that are analyst-detected and -verified occurrences of malware. We call these instances of malware cyber event data. Specifically, our dataset was analyst-detected incidents from a large operational Computer Security Service Provider (CSSP) for the U.S. Department of Defense, which rarely relies only on automated systems. Our data set consists of weekly counts of cyber events over approximately seven years. Since all cyber events were validated by analysts, our dataset is unlikely to have false positives which are often endemic in other sources of data. Further, the higher-quality data could be used for a number for resource allocation, estimation of security resources, and the development of effective risk-management strategies. We used a Bayesian State Space Model for forecasting and found that events one week ahead could be predicted. To quantify bursts, we used a Markov model. Our findings of systematicity in analyst-detected cyber attacks are consistent with previous work using other sources. The advanced information provided by a forecast may help with threat awareness by providing a probable value and range for future cyber events one week ahead. Other potential applications for cyber event forecasting include proactive allocation of resources and capabilities for cyber defense (e.g., analyst staffing and sensor configuration) in CSSPs. Enhanced threat awareness may improve cybersecurity.Comment: Revised version resubmitted to journa

Internet of Things-aided Smart Grid: Technologies, Architectures, Applications, Prototypes, and Future Research Directions

Traditional power grids are being transformed into Smart Grids (SGs) to address the issues in existing power system due to uni-directional information flow, energy wastage, growing energy demand, reliability and security. SGs offer bi-directional energy flow between service providers and consumers, involving power generation, transmission, distribution and utilization systems. SGs employ various devices for the monitoring, analysis and control of the grid, deployed at power plants, distribution centers and in consumers' premises in a very large number. Hence, an SG requires connectivity, automation and the tracking of such devices. This is achieved with the help of Internet of Things (IoT). IoT helps SG systems to support various network functions throughout the generation, transmission, distribution and consumption of energy by incorporating IoT devices (such as sensors, actuators and smart meters), as well as by providing the connectivity, automation and tracking for such devices. In this paper, we provide a comprehensive survey on IoT-aided SG systems, which includes the existing architectures, applications and prototypes of IoT-aided SG systems. This survey also highlights the open issues, challenges and future research directions for IoT-aided SG systems

Securing the Participation of Safety-Critical SCADA Systems in the Industrial Internet of Things

In the past, industrial control systems were ‘air gapped’ and isolated from more conventional networks. They used specialist protocols, such as Modbus, that are very different from TCP/IP. Individual devices used proprietary operating systems rather than the more familiar Linux or Windows. However, things are changing. There is a move for greater connectivity – for instance so that higher-level enterprise management systems can exchange information that helps optimise production processes. At the same time, industrial systems have been influenced by concepts from the Internet of Things; where the information derived from sensors and actuators in domestic and industrial components can be addressed through network interfaces. This paper identifies a range of cyber security and safety concerns that arise from these developments. The closing sections introduce potential solutions and identify areas for future research

Internet of Things for Sustainability: Perspectives in Privacy, Cybersecurity, and Future Trends

In the sustainability IoT, the cybersecurity risks to things, sensors, and monitoring systems are distinct from the conventional networking systems in many aspects. The interaction of sustainability IoT with the physical world phenomena (e.g., weather, climate, water, and oceans) is mostly not found in the modern information technology systems. Accordingly, actuation, the ability of these devices to make changes in real world based on sensing and monitoring, requires special consideration in terms of privacy and security. Moreover, the energy efficiency, safety, power, performance requirements of these device distinguish them from conventional computers systems. In this chapter, the cybersecurity approaches towards sustainability IoT are discussed in detail. The sustainability IoT risk categorization, risk mitigation goals, and implementation aspects are analyzed. The openness paradox and data dichotomy between privacy and sharing is analyzed. Accordingly, the IoT technology and security standard developments activities are highlighted. The perspectives on opportunities and challenges in IoT for sustainability are given. Finally, the chapter concludes with a discussion of sustainability IoT cybersecurity case studies

Real-time early warning system design for pluvial flash floods - A review

[EN] Pluvial flash floods in urban areas are becoming increasingly frequent due to climate change and human actions, negatively impacting the life, work, production and infrastructure of a population. Pluvial flooding occurs when intense rainfall overflows the limits of urban drainage and water accumulation causes hazardous flash floods. Although flash floods are hard to predict given their rapid formation, Early Warning Systems (EWS) are used to minimize casualties. We performed a systematic review to define the basic structure of an EWS for rain flash floods. The structure of the review is as follows: first, Section 2 describes the most important factors that affect the intensity of pluvial flash floods during rainfall events. Section 3 defines the key elements and actors involved in an effective EWS. Section 4 reviews different EWS architectures for pluvial flash floods implemented worldwide. It was identified that the reviewed projects did not follow guidelines to design early warning systems, neglecting important aspects that must be taken into account in their implementation. Therefore, this manuscript proposes a basic structure for an effective EWS for pluvial flash floods that guarantees the forecasting process and alerts dissemination during rainfall events.Administrative Department of Science, Technology and Innovation of the presidency of the Republic of Colombia (COLCIENCIAS) #728.Acosta-Coll, M.; Ballester Merelo, FJ.; Martínez Peiró, MA.; De La Hoz-Franco, E. (2018). Real-time early warning system design for pluvial flash floods - A review. Sensors. 18(7). https://doi.org/10.3390/s18072255S187Kundzewicz, Z. W. (2002). Non-structural Flood Protection and Sustainability. Water International, 27(1), 3-13. doi:10.1080/02508060208686972Singh, P., Sinha, V. S. P., Vijhani, A., & Pahuja, N. (2018). Vulnerability assessment of urban road network from urban flood. International Journal of Disaster Risk Reduction, 28, 237-250. doi:10.1016/j.ijdrr.2018.03.017Birkmann, J., & von Teichman, K. (2010). Integrating disaster risk reduction and climate change adaptation: key challenges—scales, knowledge, and norms. Sustainability Science, 5(2), 171-184. doi:10.1007/s11625-010-0108-yEmerging Challenges for Early Warning Systems in context of Climate Change and Urbanizationhttp://www.preventionweb.net/ files/15689_ewsincontextofccandurbanization.pdfChaumillon, E., Bertin, X., Fortunato, A. B., Bajo, M., Schneider, J.-L., Dezileau, L., … Pedreros, R. (2017). Storm-induced marine flooding: Lessons from a multidisciplinary approach. Earth-Science Reviews, 165, 151-184. doi:10.1016/j.earscirev.2016.12.005Alfieri, L., Cohen, S., Galantowicz, J., Schumann, G. J.-P., Trigg, M. A., Zsoter, E., … Salamon, P. (2018). A global network for operational flood risk reduction. Environmental Science & Policy, 84, 149-158. doi:10.1016/j.envsci.2018.03.014Maggioni, V., & Massari, C. (2018). On the performance of satellite precipitation products in riverine flood modeling: A review. Journal of Hydrology, 558, 214-224. doi:10.1016/j.jhydrol.2018.01.039Jiang, Y., Zevenbergen, C., & Ma, Y. (2018). Urban pluvial flooding and stormwater management: A contemporary review of China’s challenges and «sponge cities» strategy. Environmental Science & Policy, 80, 132-143. doi:10.1016/j.envsci.2017.11.016Veldhuis, J. A. E. (2011). How the choice of flood damage metrics influences urban flood risk assessment. Journal of Flood Risk Management, 4(4), 281-287. doi:10.1111/j.1753-318x.2011.01112.xGlobal Approach to Address Flash Floodshttp://www.hrc-lab.org/publicbenefit/downloads/wmo-flashflood.pdfChen, Y., Zhou, H., Zhang, H., Du, G., & Zhou, J. (2015). Urban flood risk warning under rapid urbanization. Environmental Research, 139, 3-10. doi:10.1016/j.envres.2015.02.028Guerreiro, S., Glenis, V., Dawson, R., & Kilsby, C. (2017). Pluvial Flooding in European Cities—A Continental Approach to Urban Flood Modelling. Water, 9(4), 296. doi:10.3390/w9040296Bhattarai, R., Yoshimura, K., Seto, S., Nakamura, S., & Oki, T. (2016). Statistical model for economic damage from pluvial floods in Japan using rainfall data and socioeconomic parameters. Natural Hazards and Earth System Sciences, 16(5), 1063-1077. doi:10.5194/nhess-16-1063-2016Acosta-Coll, M., Ballester-Merelo, F., & Martínez-Peiró, M. (2018). Early warning system for detection of urban pluvial flooding hazard levels in an ungauged basin. Natural Hazards, 92(2), 1237-1265. doi:10.1007/s11069-018-3249-4Yin, J., Ye, M., Yin, Z., & Xu, S. (2014). A review of advances in urban flood risk analysis over China. Stochastic Environmental Research and Risk Assessment, 29(3), 1063-1070. doi:10.1007/s00477-014-0939-7Azam, M., Kim, H. S., & Maeng, S. J. (2017). Development of flood alert application in Mushim stream watershed Korea. International Journal of Disaster Risk Reduction, 21, 11-26. doi:10.1016/j.ijdrr.2016.11.008Creutin, J. D., Borga, M., Gruntfest, E., Lutoff, C., Zoccatelli, D., & Ruin, I. (2013). A space and time framework for analyzing human anticipation of flash floods. Journal of Hydrology, 482, 14-24. doi:10.1016/j.jhydrol.2012.11.009Yin, J., Yu, D., Yin, Z., Liu, M., & He, Q. (2016). Evaluating the impact and risk of pluvial flash flood on intra-urban road network: A case study in the city center of Shanghai, China. Journal of Hydrology, 537, 138-145. doi:10.1016/j.jhydrol.2016.03.037UNISDR Terminology on Disaster Risk Reductionhttps://www.unisdr.org/we/inform/publications/657Einfalt, T., Hatzfeld, F., Wagner, A., Seltmann, J., Castro, D., & Frerichs, S. (2009). URBAS: forecasting and management of flash floods in urban areas. Urban Water Journal, 6(5), 369-374. doi:10.1080/15730620902934819Lam, R. P. K., Leung, L. P., Balsari, S., Hsiao, K., Newnham, E., Patrick, K., … Leaning, J. (2017). Urban disaster preparedness of Hong Kong residents: A territory-wide survey. International Journal of Disaster Risk Reduction, 23, 62-69. doi:10.1016/j.ijdrr.2017.04.008Bouwer, L. M., Papyrakis, E., Poussin, J., Pfurtscheller, C., & Thieken, A. H. (2014). The Costing of Measures for Natural Hazard Mitigation in Europe. Natural Hazards Review, 15(4), 04014010. doi:10.1061/(asce)nh.1527-6996.0000133Praskievicz, S., & Chang, H. (2009). A review of hydrological modelling of basin-scale climate change and urban development impacts. Progress in Physical Geography: Earth and Environment, 33(5), 650-671. doi:10.1177/0309133309348098Hunt, A., & Watkiss, P. (2010). Climate change impacts and adaptation in cities: a review of the literature. Climatic Change, 104(1), 13-49. doi:10.1007/s10584-010-9975-6Kundzewicz, Z. W., Kanae, S., Seneviratne, S. I., Handmer, J., Nicholls, N., Peduzzi, P., … Sherstyukov, B. (2013). Flood risk and climate change: global and regional perspectives. Hydrological Sciences Journal, 59(1), 1-28. doi:10.1080/02626667.2013.857411You, Q., Kang, S., Aguilar, E., Pepin, N., Flügel, W.-A., Yan, Y., … Huang, J. (2010). Changes in daily climate extremes in China and their connection to the large scale atmospheric circulation during 1961–2003. Climate Dynamics, 36(11-12), 2399-2417. doi:10.1007/s00382-009-0735-0Miller, J. D., & Hutchins, M. (2017). The impacts of urbanisation and climate change on urban flooding and urban water quality: A review of the evidence concerning the United Kingdom. Journal of Hydrology: Regional Studies, 12, 345-362. doi:10.1016/j.ejrh.2017.06.006Borga, M., Anagnostou, E. N., Blöschl, G., & Creutin, J.-D. (2011). Flash flood forecasting, warning and risk management: the HYDRATE project. Environmental Science & Policy, 14(7), 834-844. doi:10.1016/j.envsci.2011.05.017Grillakis, M. G., Koutroulis, A. G., Komma, J., Tsanis, I. K., Wagner, W., & Blöschl, G. (2016). Initial soil moisture effects on flash flood generation – A comparison between basins of contrasting hydro-climatic conditions. Journal of Hydrology, 541, 206-217. doi:10.1016/j.jhydrol.2016.03.007Zhang, J., Yu, Z., Yu, T., Si, J., Feng, Q., & Cao, S. (2018). Transforming flash floods into resources in arid China. Land Use Policy, 76, 746-753. doi:10.1016/j.landusepol.2018.03.002Spiekermann, R., Kienberger, S., Norton, J., Briones, F., & Weichselgartner, J. (2015). The Disaster-Knowledge Matrix – Reframing and evaluating the knowledge challenges in disaster risk reduction. International Journal of Disaster Risk Reduction, 13, 96-108. doi:10.1016/j.ijdrr.2015.05.002Weichselgartner, J., & Pigeon, P. (2015). The Role of Knowledge in Disaster Risk Reduction. International Journal of Disaster Risk Science, 6(2), 107-116. doi:10.1007/s13753-015-0052-7Hunt, D. P. (2003). The concept of knowledge and how to measure it. Journal of Intellectual Capital, 4(1), 100-113. doi:10.1108/14691930310455414Strengthening Capacities for Disaster Risk Reduction, A Primerhttps://www.preventionweb.net/files/globalplatform/entry_bg_paper~strengtheningcapacityfordrraprimerfullreport.pdfSurjan, A., Sharma, A., & Shaw, R. (2011). Chapter 2 Understanding Urban Resilience. Community, Environment and Disaster Risk Management, 17-45. doi:10.1108/s2040-7262(2011)0000006008Fakhruddin, S. H. M., Kawasaki, A., & Babel, M. S. (2015). Community responses to flood early warning system: Case study in Kaijuri Union, Bangladesh. International Journal of Disaster Risk Reduction, 14, 323-331. doi:10.1016/j.ijdrr.2015.08.004Balis, B., Kasztelnik, M., Bubak, M., Bartynski, T., Gubała, T., Nowakowski, P., & Broekhuijsen, J. (2011). The UrbanFlood Common Information Space for Early Warning Systems. Procedia Computer Science, 4, 96-105. doi:10.1016/j.procs.2011.04.011Krzhizhanovskaya, V. V., Shirshov, G. S., Melnikova, N. B., Belleman, R. G., Rusadi, F. I., Broekhuijsen, B. J., … Meijer, R. J. (2011). Flood early warning system: design, implementation and computational modules. Procedia Computer Science, 4, 106-115. doi:10.1016/j.procs.2011.04.012Chang, C. L., & Lin, T.-C. (2015). The role of organizational culture in the knowledge management process. Journal of Knowledge Management, 19(3), 433-455. doi:10.1108/jkm-08-2014-0353MARK, O., WEESAKUL, S., APIRUMANEKUL, C., AROONNET, S., & DJORDJEVIC, S. (2004). Potential and limitations of 1D modelling of urban flooding. Journal of Hydrology, 299(3-4), 284-299. doi:10.1016/s0022-1694(04)00373-7Henonin, J., Russo, B., Mark, O., & Gourbesville, P. (2013). Real-time urban flood forecasting and modelling – a state of the art. Journal of Hydroinformatics, 15(3), 717-736. doi:10.2166/hydro.2013.132Mayhorn, C. B., & McLaughlin, A. C. (2014). Warning the world of extreme events: A global perspective on risk communication for natural and technological disaster. Safety Science, 61, 43-50. doi:10.1016/j.ssci.2012.04.014Cools, J., Innocenti, D., & O’Brien, S. (2016). Lessons from flood early warning systems. Environmental Science & Policy, 58, 117-122. doi:10.1016/j.envsci.2016.01.006Plate, E. J. (2007). Early warning and flood forecasting for large rivers with the lower Mekong as example. Journal of Hydro-environment Research, 1(2), 80-94. doi:10.1016/j.jher.2007.10.002Altay, N., & Green, W. G. (2006). OR/MS research in disaster operations management. European Journal of Operational Research, 175(1), 475-493. doi:10.1016/j.ejor.2005.05.016Alfieri, L., Burek, P., Dutra, E., Krzeminski, B., Muraro, D., Thielen, J., & Pappenberger, F. (2013). GloFAS – global ensemble streamflow forecasting and flood early warning. Hydrology and Earth System Sciences, 17(3), 1161-1175. doi:10.5194/hess-17-1161-2013Morss, R. E., Mulder, K. J., Lazo, J. K., & Demuth, J. L. (2016). How do people perceive, understand, and anticipate responding to flash flood risks and warnings? Results from a public survey in Boulder, Colorado, USA. Journal of Hydrology, 541, 649-664. doi:10.1016/j.jhydrol.2015.11.047Cama-Pinto, A., Acosta-Coll, M., Piñeres-Espitia, G., Caicedo-Ortiz, J., Zamora-Musa, R., & Sepulveda-Ojeda, J. (2016). Diseño de una red de sensores inalámbricos para la monitorización de inundaciones repentinas en la ciudad de Barranquilla, Colombia. Ingeniare. Revista chilena de ingeniería, 24(4), 581-599. doi:10.4067/s0718-33052016000400005Espitia, G. P. (2014). Plataformas tecnológicas aplicadas al monitoreo climático. Prospectiva, 11(2), 78. doi:10.15665/rp.v11i2.42Caicedo Ortiz, J. G. (2015). Modelo de despliegue de una WSN para la medición de las variables climáticas que causan fuertes precipitaciones. Prospectiva, 13(1), 106. doi:10.15665/rp.v13i1.365Marshall, J. S., & Palmer, W. M. K. (1948). THE DISTRIBUTION OF RAINDROPS WITH SIZE. Journal of Meteorology, 5(4), 165-166. doi:10.1175/1520-0469(1948)0052.0.co;2Liquid-Level Monitoring Using a Pressure Sensorhttp://www.ti.com/lit/an/snaa127/snaa127.pdfUltrasonic Transmitters vshttps://www.flo-corp.com/wp-content/uploads/2017/01/LTT1_UltrasonicTransmitters_GuidedWaveRadar_LevelMeasurement_whitepaper.pdfPanda, K. G., Agrawal, D., Nshimiyimana, A., & Hossain, A. (2016). Effects of environment on accuracy of ultrasonic sensor operates in millimetre range. Perspectives in Science, 8, 574-576. doi:10.1016/j.pisc.2016.06.024Saad, C., Mostafa, B., Ahmadi, E., & Abderrahmane, H. (2014). Comparative Performance Analysis of Wireless Communication Protocols for Intelligent Sensors and Their Applications. International Journal of Advanced Computer Science and Applications, 5(4). doi:10.14569/ijacsa.2014.050413FloodCitiSense: Early Warning Service for Urban Pluvial Floods for and by Citizens and City Authoritieshttp://www.iiasa.ac.at/web/home/research/researchPrograms/EcosystemsServicesandManagement/FloodCitiSense.htmlParker, D. J. (2017). Flood Warning Systems and Their Performance. Oxford Research Encyclopedia of Natural Hazard Science. doi:10.1093/acrefore/9780199389407.013.8

Anomaly Detection in BACnet/IP managed Building Automation Systems

Building Automation Systems (BAS) are a collection of devices and software which manage the operation of building services. The BAS market is expected to be a $19.25 billion USD industry by 2023, as a core feature of both the Internet of Things and Smart City technologies. However, securing these systems from cyber security threats is an emerging research area. Since initial deployment, BAS have evolved from isolated standalone networks to heterogeneous, interconnected networks allowing external connectivity through the Internet. The most prominent BAS protocol is BACnet/IP, which is estimated to hold 54.6% of world market share. BACnet/IP security features are often not implemented in BAS deployments, leaving systems unprotected against known network threats. This research investigated methods of detecting anomalous network traffic in BACnet/IP managed BAS in an effort to combat threats posed to these systems. This research explored the threats facing BACnet/IP devices, through analysis of Internet accessible BACnet devices, vendor-defined device specifications, investigation of the BACnet specification, and known network attacks identified in the surrounding literature. The collected data were used to construct a threat matrix, which was applied to models of BACnet devices to evaluate potential exposure. Further, two potential unknown vulnerabilities were identified and explored using state modelling and device simulation. A simulation environment and attack framework were constructed to generate both normal and malicious network traffic to explore the application of machine learning algorithms to identify both known and unknown network anomalies. To identify network patterns between the generated normal and malicious network traffic, unsupervised clustering, graph analysis with an unsupervised community detection algorithm, and time series analysis were used. The explored methods identified distinguishable network patterns for frequency-based known network attacks when compared to normal network traffic. However, as stand-alone methods for anomaly detection, these methods were found insufficient. Subsequently, Artificial Neural Networks and Hidden Markov Models were explored and found capable of detecting known network attacks. Further, Hidden Markov Models were also capable of detecting unknown network attacks in the generated datasets. The classification accuracy of the Hidden Markov Models was evaluated using the Matthews Correlation Coefficient which accounts for imbalanced class sizes and assess both positive and negative classification ability for deriving its metric. The Hidden Markov Models were found capable of repeatedly detecting both known and unknown BACnet/IP attacks with True Positive Rates greater than 0.99 and Matthews Correlation Coefficients greater than 0.8 for five of six evaluated hosts. This research identified and evaluated a range of methods capable of identifying anomalies in simulated BACnet/IP network traffic. Further, this research found that Hidden Markov Models were accurate at classifying both known and unknown attacks in the evaluated BACnet/IP managed BAS network

Secure Control and Operation of Energy Cyber-Physical Systems Through Intelligent Agents

The operation of the smart grid is expected to be heavily reliant on microprocessor-based control. Thus, there is a strong need for interoperability standards to address the heterogeneous nature of the data in the smart grid. In this research, we analyzed in detail the security threats of the Generic Object Oriented Substation Events (GOOSE) and Sampled Measured Values (SMV) protocol mappings of the IEC 61850 data modeling standard, which is the most widely industry-accepted standard for power system automation and control. We found that there is a strong need for security solutions that are capable of defending the grid against cyber-attacks, minimizing the damage in case a cyber-incident occurs, and restoring services within minimal time. To address these risks, we focused on correlating cyber security algorithms with physical characteristics of the power system by developing intelligent agents that use this knowledge as an important second line of defense in detecting malicious activity. This will complement the cyber security methods, including encryption and authentication. Firstly, we developed a physical-model-checking algorithm, which uses artificial neural networks to identify switching-related attacks on power systems based on load flow characteristics. Secondly, the feasibility of using neural network forecasters to detect spoofed sampled values was investigated. We showed that although such forecasters have high spoofed-data-detection accuracy, they are prone to the accumulation of forecasting error. In this research, we proposed an algorithm to detect the accumulation of the forecasting error based on lightweight statistical indicators. The effectiveness of the proposed algorithms was experimentally verified on the Smart Grid testbed at FIU. The test results showed that the proposed techniques have a minimal detection latency, in the range of microseconds. Also, in this research we developed a network-in-the-loop co-simulation platform that seamlessly integrates the components of the smart grid together, especially since they are governed by different regulations and owned by different entities. Power system simulation software, microcontrollers, and a real communication infrastructure were combined together to provide a cohesive smart grid platform. A data-centric communication scheme was selected to provide an interoperability layer between multi-vendor devices, software packages, and to bridge different protocols together