Ethercat tabanlı bir scada sisteminde kural ve makine öğrenmesine dayalı saldırı ve anomali tespiti

06.03.2018 tarihli ve 30352 sayılı Resmi Gazetede yayımlanan “Yükseköğretim Kanunu İle Bazı Kanun Ve Kanun Hükmünde Kararnamelerde Değişiklik Yapılması Hakkında Kanun” ile 18.06.2018 tarihli “Lisansüstü Tezlerin Elektronik Ortamda Toplanması, Düzenlenmesi ve Erişime Açılmasına İlişkin Yönerge” gereğince tam metin erişime açılmıştır.Endüstriyel kontrol sistemleri (EKS) bulundukları konum ve bileşenleri bakımından kritik altyapıya sahip sistemler olup, bilişim teknolojilerinden (BT) bağımsız olarak uygulama alanına göre kendilerine ait kabul ve işleyişleri bulunmaktadır. Bu sistemler, günümüzde otomasyon hiyerarşisinde yer alan seviyeler arası yatay ve dikey entegrasyonun tek bir protokolle sağlanması fikrinden yola çıkılarak Ethernet ile de adapte edilmiş durumdadır. Dolayısıyla EKS'ler hem doğalarından hem de Ethernet üzerinden bilişim teknolojilerinin sunduğu hizmetlerin içerisine dahil edildiklerinden dolayı siber saldırılara karşı tehdit altındadır. Bu durum, çoğunlukla iletişim altyapısı üzerinden gelen saldırıların tespiti için özelinde EKS çözümlerini gerektirir. Bu çalışmada, otomasyon uygulamalarında yaygın bir kullanıma sahip olan, Ethernet tabanlı gerçek zamanlı EtherCAT protokolü için Snort saldırı tespit sistemi üzerinde bilinen ve bilinmeyen saldırıları tespit eden bütüncül bir yapı ve makine öğrenmesi teknikleriyle anomali tespiti olmak üzere ikisi kural biri anomali tespitine dayanan 3 farklı yaklaşım sunulmaktadır. Sistem, geliştirilen önişlemci yardımıyla, bilinen saldırılar için güvenli düğüm yaklaşımı, bilinmeyen saldırılar için ise saha veri yolu tekrar periyodunu tespit ederek istatistiksel tekniklerle ve özgün çözümlerle kural tabanlı olarak saldırı tespitini kapsamaktadır. Tespitler bir günlükleme ve izleme yapısı olan ELK yığını üzerinde kullanıcıya sunulmaktadır. Ayrıca, yine bilinmeyen saldırılar için oluşturulan su seviye kontrol otomasyonu test ortamı üzerinde olaylar gerçeklenerek bir veri seti hazırlanması ve çeşitli öğrenme tekniklerinin veri seti üzerinde anomali tespitini kapsamaktadır. Bilinmeyen saldırıların tespiti kapsamında uygulanan periyot tespitinin %95-%99 doğrulukla yapılabildiği görülmüştür. Önerilen sistem üzerinde ise MAC aldatma, veri enjeksiyonu, DoS, köle saldırıları gibi ataklar gerçeklenmiş, alarm ve günlüklemeler incelendiğinde saldırıların başarıyla tespit edildiği görülmüştür. Ayrıca, k-NN ve SVM GA tekniklerinin olay tespitinde başarılı sonuç verdikleri belirlenmiştir.Industrial control systems (ICS) are critical infrastructures in terms of their location and components. These systems have their own features and operation related to the application field independent from the information technologies (IT). They are also adapted with the Ethernet technologies based on the idea of providing horizontal and vertical integration between the levels in the automation hierarchy with a single protocol. Therefore, ICSs are threatened by cyber attacks, due to both their nature and support of IT services through Ethernet. This risk requires ICS specific solutions to detect and prevent attacks which use communication infrastructure. In this study, two rule based which detect known and unknown attacks on the Snort system and one anomaly based which uses machine learning techniques, in total of three different approaches were presented as a holistic structure for Ethernet based real-time EtherCAT protocol, which is widely used in automation applications. In the case of rule based intrusion detection, the EtherCAT preprocessor was proposed, which applies the trust node approach for known attacks, and identifies the field bus repetition period for unknown attacks, with statistical techniques and novel solutions. The findings were presented to the user on the ELK stack, which is a logging and monitoring structure. For anomaly based intrusion detection, the water level control automation testbed was developed, a dataset was prepared by generating events and various machine learning techniques were applied on the dataset. According to the findings obtained in this research, it was concluded that the period determination which was applied within the scope of unknown attack detection can be made with 95% - 99% accuracy. When the logs and alerts of the realized MAC spoofing, data injection, DoS, slave attacks were investigated, it was seen that the attacks were able to be detected successfully. For anomaly detection part of the study, k-NN and SVM GA techniques were found to be successful in detecting events

2000 USCID international conference

Presented at the 2000 USCID international conference, Challenges facing irrigation and drainage in the new millennium on June 20-24 in Fort Collins, Colorado.Includes bibliographical references.Sponsored by U.S. Committee on Irrigation and Drainage.Multicriteria strategic planning for rehabilitation of the Wind River Irrigation Project, Wyoming -- Environmental management plan for the Irrigation Improvement Project (IIP) - Tajan Subproject -- Organizational requisites of successful irrigation system rehabilitation: cases from Nepal -- Verification-based planning for modernizing irrigation systems -- Policy reforms for sustainable irrigation management in Indonesia -- Bench terracing - a cost effective alternative to traditional irrigation in the Philippines -- GIS-based management system for irrigation districts -- Capacity building for the practice of irrigated agriculture -- Planning of modern irrigation systems integrated with human settlement for enhanced reuse of water -- Drainage in the Aral Sea Basin: past and future -- Impacts and solutions to urbanization on agricultural water resources -- Improving subsurface drainage design and management to reduce salt loads from irrigation areas in southeastern Australia -- Evaluation and update of drainage water management options on the westside San Joaquin Valley, California -- Simulation studies on use of saline water for irrigation in a semi-arid environment -- Hydrodynamic modeling to optimize irrigation efficiency -- Planning to meet future water needs -- Tracing the history of the development and management of two irrigations systems in the Terai of Nepal -- Secondary water supply management for irrigation districts and canal companies -- Role of canal automation and farmer's participation in managing water scarcity: a case study from Orissa, India -- PIM: a reality in Asia? -- Private group irrigation projects in Manitoba: Central Manitoba Resource Management Ltd. - a case study -- Evaluation of dielectric soil moisture sensors for irrigation scheduling on farms -- Sensitivity of micro irrigation emitters to plugging using treated municipal wastewaters -- NCWCD irrigation scheduling program - converting to a web-based accessible program -- On-farm activities to promote irrigation scheduling - the South Kansas Irrigation Management Project

Irrigation and drainage in the new millennium

Presented at the 2000 USCID international conference, Challenges facing irrigation and drainage in the new millennium on June 20-24 in Fort Collins, Colorado.Irrigation scheduling has been promoted as management tool to minimize irrigation water application, however, few irrigators regularly followed any rigorous scheduling methodology. Kansas State University Research and Extension in conjunction with an irrigation association, Water PACK, began a long-term project to promote ET based irrigation scheduling and other management technology. Area irrigators serve as the focal point of the project and over time have been asked to assume responsibility of scheduling the project fields. A long-term commitment and on-farm activities such as variable water application tests and center pivot uniformity tests seems to have generated confidence and acceptance of ET-based irrigation scheduling

Irrigation and drainage in the new millennium

Presented at the 2000 USCID international conference, Challenges facing irrigation and drainage in the new millennium on June 20-24 in Fort Collins, Colorado.Includes bibliographical references.In 1998, eight irrigation districts in the Lower Rio Grande Valley of Texas initiated efforts to develop GIS-based District Management Systems (DMS). This paper provides a description of GIS (geographical information system) as applied to irrigation districts, its potential for improving the day-to-day management of districts, and the progress and difficulties encountered by the 8 districts in GIS mapping and implementation. Examples of how districts are using GIS are given, along with the value and use of the DMS in a regional water planning project

LWA 2013. Lernen, Wissen & Adaptivität ; Workshop Proceedings Bamberg, 7.-9. October 2013

LWA Workshop Proceedings: LWA stands for "Lernen, Wissen, Adaption" (Learning, Knowledge, Adaptation). It is the joint forum of four special interest groups of the German Computer Science Society (GI). Following the tradition of the last years, LWA provides a joint forum for experienced and for young researchers, to bring insights to recent trends, technologies and applications, and to promote interaction among the SIGs

Development of the ECAT Preprocessor with the Trust Communication Approach

In the past several years, attacks over industrial control systems (ICS) have become increasingly frequent and sophisticated. The most common objectives of these types of attacks are controlling/monitoring the physical process, manipulating programmable controllers, or affecting the integrity of software and networking equipment. As one of the widely applied protocols in the ICS world, EtherCAT is an Ethernet-based protocol; thus, it is exposed to both TCP/IP and ICS-specific attacks. In this paper, we analyze EtherCAT field-level communication principles from the security viewpoint focusing on the protocol vulnerabilities, which have been rarely analyzed previously. Our research showed that it lacks the most common security parameters, such as authentication, encryption, and authorization, and is open to Media Access Control (MAC) spoofing, data injection, and other advanced attacks, which require superior skills. To prevent, detect, and reduce attacks over the EtherCAT-based critical systems, first, we improved the open-source Snort intrusion detection/prevention system (IDS/IPS) to support packets that are not processed over transport and network layers. Second, by incorporating a vulnerability analysis, we proposed the EtherCAT (ECAT) preprocessor. Third, we introduced a novel approach called trust-node identification and applied the approach as three rules into the preprocessor. In this sense, the ECAT preprocessor differs from other supported ICS preprocessors in the literature, such as DNP3 and Modbus/TCP. Besides supporting traditional rule expansion, it is also able to handle layer 2 packets and to apply deep packet inspection on EtherCAT packets using the trust-node approach. This method first identifies engineering-station approved nodes based on EtherCAT network information (ENI) configuration files and then deeply inspects incoming packets, considering protocol specifications. The improvements and approach have been tested on the physically developed testbed environment and we have proved that proposals can detect related attacks and provide a basic level of security over the EtherCAT-implemented systems

Studies related to the process of program development

The submitted work consists of a collection of publications arising from research carried out at Rhodes University (1970-1980) and at Heriot-Watt University (1980-1992). The theme of this research is the process of program development, i.e. the process of creating a computer program to solve some particular problem. The papers presented cover a number of different topics which relate to this process, viz. (a) Programming methodology programming. (b) Properties of programming languages. aspects of structured. (c) Formal specification of programming languages. (d) Compiler techniques. (e) Declarative programming languages. (f) Program development aids. (g) Automatic program generation. (h) Databases. (i) Algorithms and applications