8,741 research outputs found
Closing the loop of SIEM analysis to Secure Critical Infrastructures
Critical Infrastructure Protection is one of the main challenges of last
years. Security Information and Event Management (SIEM) systems are widely used
for coping with this challenge. However, they currently present several
limitations that have to be overcome. In this paper we propose an enhanced SIEM
system in which we have introduced novel components to i) enable multiple layer
data analysis; ii) resolve conflicts among security policies, and discover
unauthorized data paths in such a way to be able to reconfigure network
devices. Furthermore, the system is enriched by a Resilient Event Storage that
ensures integrity and unforgeability of events stored.Comment: EDCC-2014, BIG4CIP-2014, Security Information and Event Management,
Decision Support System, Hydroelectric Da
Deep Predictive Coding Neural Network for RF Anomaly Detection in Wireless Networks
Intrusion detection has become one of the most critical tasks in a wireless
network to prevent service outages that can take long to fix. The sheer variety
of anomalous events necessitates adopting cognitive anomaly detection methods
instead of the traditional signature-based detection techniques. This paper
proposes an anomaly detection methodology for wireless systems that is based on
monitoring and analyzing radio frequency (RF) spectrum activities. Our
detection technique leverages an existing solution for the video prediction
problem, and uses it on image sequences generated from monitoring the wireless
spectrum. The deep predictive coding network is trained with images
corresponding to the normal behavior of the system, and whenever there is an
anomaly, its detection is triggered by the deviation between the actual and
predicted behavior. For our analysis, we use the images generated from the
time-frequency spectrograms and spectral correlation functions of the received
RF signal. We test our technique on a dataset which contains anomalies such as
jamming, chirping of transmitters, spectrum hijacking, and node failure, and
evaluate its performance using standard classifier metrics: detection ratio,
and false alarm rate. Simulation results demonstrate that the proposed
methodology effectively detects many unforeseen anomalous events in real time.
We discuss the applications, which encompass industrial IoT, autonomous vehicle
control and mission-critical communications services.Comment: 7 pages, 7 figures, Communications Workshop ICC'1
Malware in the Future? Forecasting of Analyst Detection of Cyber Events
There have been extensive efforts in government, academia, and industry to
anticipate, forecast, and mitigate cyber attacks. A common approach is
time-series forecasting of cyber attacks based on data from network telescopes,
honeypots, and automated intrusion detection/prevention systems. This research
has uncovered key insights such as systematicity in cyber attacks. Here, we
propose an alternate perspective of this problem by performing forecasting of
attacks that are analyst-detected and -verified occurrences of malware. We call
these instances of malware cyber event data. Specifically, our dataset was
analyst-detected incidents from a large operational Computer Security Service
Provider (CSSP) for the U.S. Department of Defense, which rarely relies only on
automated systems. Our data set consists of weekly counts of cyber events over
approximately seven years. Since all cyber events were validated by analysts,
our dataset is unlikely to have false positives which are often endemic in
other sources of data. Further, the higher-quality data could be used for a
number for resource allocation, estimation of security resources, and the
development of effective risk-management strategies. We used a Bayesian State
Space Model for forecasting and found that events one week ahead could be
predicted. To quantify bursts, we used a Markov model. Our findings of
systematicity in analyst-detected cyber attacks are consistent with previous
work using other sources. The advanced information provided by a forecast may
help with threat awareness by providing a probable value and range for future
cyber events one week ahead. Other potential applications for cyber event
forecasting include proactive allocation of resources and capabilities for
cyber defense (e.g., analyst staffing and sensor configuration) in CSSPs.
Enhanced threat awareness may improve cybersecurity.Comment: Revised version resubmitted to journa
Cyber-Physical Threat Intelligence for Critical Infrastructures Security
Modern critical infrastructures can be considered as large scale Cyber Physical Systems (CPS). Therefore, when designing, implementing, and operating systems for Critical Infrastructure Protection (CIP), the boundaries between physical security and cybersecurity are blurred. Emerging systems for Critical Infrastructures Security and Protection must therefore consider integrated approaches that emphasize the interplay between cybersecurity and physical security techniques. Hence, there is a need for a new type of integrated security intelligence i.e., Cyber-Physical Threat Intelligence (CPTI). This book presents novel solutions for integrated Cyber-Physical Threat Intelligence for infrastructures in various sectors, such as Industrial Sites and Plants, Air Transport, Gas, Healthcare, and Finance. The solutions rely on novel methods and technologies, such as integrated modelling for cyber-physical systems, novel reliance indicators, and data driven approaches including BigData analytics and Artificial Intelligence (AI). Some of the presented approaches are sector agnostic i.e., applicable to different sectors with a fair customization effort. Nevertheless, the book presents also peculiar challenges of specific sectors and how they can be addressed. The presented solutions consider the European policy context for Security, Cyber security, and Critical Infrastructure protection, as laid out by the European Commission (EC) to support its Member States to protect and ensure the resilience of their critical infrastructures. Most of the co-authors and contributors are from European Research and Technology Organizations, as well as from European Critical Infrastructure Operators. Hence, the presented solutions respect the European approach to CIP, as reflected in the pillars of the European policy framework. The latter includes for example the Directive on security of network and information systems (NIS Directive), the Directive on protecting European Critical Infrastructures, the General Data Protection Regulation (GDPR), and the Cybersecurity Act Regulation. The sector specific solutions that are described in the book have been developed and validated in the scope of several European Commission (EC) co-funded projects on Critical Infrastructure Protection (CIP), which focus on the listed sectors. Overall, the book illustrates a rich set of systems, technologies, and applications that critical infrastructure operators could consult to shape their future strategies. It also provides a catalogue of CPTI case studies in different sectors, which could be useful for security consultants and practitioners as well
Smart Grid Technologies in Europe: An Overview
The old electricity network infrastructure has proven to be inadequate, with respect to modern challenges such as alternative energy sources, electricity demand and energy saving policies. Moreover, Information and Communication Technologies (ICT) seem to have reached an adequate level of reliability and flexibility in order to support a new concept of electricity networkāthe smart grid. In this work, we will analyse the state-of-the-art of smart grids, in their technical, management, security, and optimization aspects. We will also provide a brief overview of the regulatory aspects involved in the development of a smart grid, mainly from the viewpoint of the European Unio
Report on the Dagstuhl Seminar on Visualization and Monitoring of Network Traffic
The Dagstuhl Seminar on Visualization and Monitoring of Network Traffic took place May 17-20, 2009 in Dagstuhl, Germany. Dagstuhl seminars promote personal interaction and open discussion of results as well as new ideas. Unlike at most conferences, the focus is not solely on the presentation of established results but also, and in equal parts, to presentation of results, ideas, sketches, and open problems. The aim of this particular seminar was to bring together experts from the information visualization community and the networking community in order to discuss the state of the art of monitoring and visualization of network traffic. People from the different research communities involved jointly organized the seminar. The co-chairs of the seminar from the networking community were Aiko Pras (University of Twente) and JuĢrgen SchoĢnwaĢlder (Jacobs University Bremen). The co-chairs from the visualization community were Daniel A. Keim (University of Konstanz) and Pak Chung Wong (Pacific Northwest National Laboratory). Florian Mansmann (University of Konstanz) helped with producing this report. The seminar was organized and supported by Schloss Dagstuhl and the European Network of Excellence for the Management of Internet Technologies and Complex Systems (EMANICS)
- ā¦