19 research outputs found
Implementation of Multilayer cybersecurity based on Intrusion Detection System
Cyber security has become a high priority in Industrial Sector/Automation. Here the dependable operation is to ensure the stable, secure and reliable in power system delivery. By using the Intrusion Detection System framework Obscurity progress can be easily removed. Access control mechanism mainly used to launching the anomalous attacks. This framework provides a hierarchical approach for; integrated security system and comprising distributed IDSs. In a novel SCADA-IDS with whitelists and behavior-based protocol analysis is proposed and it is exemplified in order to detect known and unknown cyber-attacks from inside or outside SCADA systems. Finally, our proposed SCADA-IDS is implemented and it is successfully validated through a series of scenarios performed in a SCADA-specific test bed developed to replicate cyber-attacks against a substation LAN. From the perspective of SCADA system operators, the lack of openly available test dataset is a bottleneck, to compare the performance and accuracy of proposed solutions. However, for the research in the community to progress, such a large dataset would be valuable. The propose system will to creating a new dataset to mitigate vulnerable attack from cyber-crime to save the higher level records and system.
DOI: 10.17762/ijritcc2321-8169.150520
Cyber Attack Challenges and Resilience for Smart Grids
Date of Acceptance: 31/08/2015Peer reviewedPostprin
Few-shot Multi-domain Knowledge Rearming for Context-aware Defence against Advanced Persistent Threats
Advanced persistent threats (APTs) have novel features such as multi-stage
penetration, highly-tailored intention, and evasive tactics. APTs defense
requires fusing multi-dimensional Cyber threat intelligence data to identify
attack intentions and conducts efficient knowledge discovery strategies by
data-driven machine learning to recognize entity relationships. However,
data-driven machine learning lacks generalization ability on fresh or unknown
samples, reducing the accuracy and practicality of the defense model. Besides,
the private deployment of these APT defense models on heterogeneous
environments and various network devices requires significant investment in
context awareness (such as known attack entities, continuous network states,
and current security strategies). In this paper, we propose a few-shot
multi-domain knowledge rearming (FMKR) scheme for context-aware defense against
APTs. By completing multiple small tasks that are generated from different
network domains with meta-learning, the FMKR firstly trains a model with good
discrimination and generalization ability for fresh and unknown APT attacks. In
each FMKR task, both threat intelligence and local entities are fused into the
support/query sets in meta-learning to identify possible attack stages.
Secondly, to rearm current security strategies, an finetuning-based deployment
mechanism is proposed to transfer learned knowledge into the student model,
while minimizing the defense cost. Compared to multiple model replacement
strategies, the FMKR provides a faster response to attack behaviors while
consuming less scheduling cost. Based on the feedback from multiple real users
of the Industrial Internet of Things (IIoT) over 2 months, we demonstrate that
the proposed scheme can improve the defense satisfaction rate.Comment: It has been accepted by IEEE SmartNet
Assessing and augmenting SCADA cyber security: a survey of techniques
SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability
Many or Few Samples? Comparing Transfer, Contrastive and Meta-Learning in Encrypted Traffic Classification
The popularity of Deep Learning (DL), coupled with network traffic visibility
reduction due to the increased adoption of HTTPS, QUIC and DNS-SEC, re-ignited
interest towards Traffic Classification (TC). However, to tame the dependency
from task-specific large labeled datasets we need to find better ways to learn
representations that are valid across tasks. In this work we investigate this
problem comparing transfer learning, meta-learning and contrastive learning
against reference Machine Learning (ML) tree-based and monolithic DL models (16
methods total). Using two publicly available datasets, namely MIRAGE19 (40
classes) and AppClassNet (500 classes), we show that (i) using large datasets
we can obtain more general representations, (ii) contrastive learning is the
best methodology and (iii) meta-learning the worst one, and (iv) while ML
tree-based cannot handle large tasks but fits well small tasks, by means of
reusing learned representations, DL methods are reaching tree-based models
performance also for small tasks.Comment: to appear in Traffic Measurements and Analysis (TMA) 202
Multi-aspect rule-based AI: Methods, taxonomy, challenges and directions towards automation, intelligence and transparent cybersecurity modeling for critical infrastructures
Critical infrastructure (CI) typically refers to the essential physical and virtual systems, assets, and services that are vital for the functioning and well-being of a society, economy, or nation. However, the rapid proliferation and dynamism of today\u27s cyber threats in digital environments may disrupt CI functionalities, which would have a debilitating impact on public safety, economic stability, and national security. This has led to much interest in effective cybersecurity solutions regarding automation and intelligent decision-making, where AI-based modeling is potentially significant. In this paper, we take into account “Rule-based AI” rather than other black-box solutions since model transparency, i.e., human interpretation, explainability, and trustworthiness in decision-making, is an essential factor, particularly in cybersecurity application areas. This article provides an in-depth study on multi-aspect rule based AI modeling considering human interpretable decisions as well as security automation and intelligence for CI. We also provide a taxonomy of rule generation methods by taking into account not only knowledge-driven approaches based on human expertise but also data-driven approaches, i.e., extracting insights or useful knowledge from data, and their hybridization. This understanding can help security analysts and professionals comprehend how systems work, identify potential threats and anomalies, and make better decisions in various real-world application areas. We also cover how these techniques can address diverse cybersecurity concerns such as threat detection, mitigation, prediction, diagnosis for root cause findings, and so on in different CI sectors, such as energy, defence, transport, health, water, agriculture, etc. We conclude this paper with a list of identified issues and opportunities for future research, as well as their potential solution directions for how researchers and professionals might tackle future generation cybersecurity modeling in this emerging area of study
Sistema para la detección de intrusos en plataformas SCADA
RESUMEN: Los sistemas SCADA, acrónimo de Supervisory Control And Data Acquisition (Supervisión, Control y Adquisición de Datos), son redes de control que permiten el monitoreo y gestión de procesos industriales de forma remota. En sus inicios, su prioridad más importante era la disponibilidad de la información de forma bidireccional entre la estación de control y las unidades remotas; no obstante, el creciente escalamiento de los sistemas industriales, así como la conectividad a internet ha llevado a reconsiderar el antiguo paradigma para darle más importancia al tema de la seguridad, con el fin de evitar que un posible ciberataque ponga en peligro el funcionamiento del sistema SCADA. Estos ataques pueden llegar a afectar incluso la industria y poner en juego toda la seguridad de un país.
El presente trabajo de incentivación propuso la creación de un sistema adaptable para la detección de intrusos o IDS (por sus siglas en inglés) en redes SCADA, mediante el uso de técnicas de aprendizaje de máquinas de tipo supervisado, orientadas al análisis de variables de los dispositivos de control. Una máquina de soporte vectorial del tipo “One Class” y un laboratorio de pruebas, permitió la validación del modelo propuesto