Implementation of Multilayer cybersecurity based on Intrusion Detection System

Cyber security has become a high priority in Industrial Sector/Automation. Here the dependable operation is to ensure the stable, secure and reliable in power system delivery. By using the Intrusion Detection System framework Obscurity progress can be easily removed. Access control mechanism mainly used to launching the anomalous attacks. This framework provides a hierarchical approach for; integrated security system and comprising distributed IDSs. In a novel SCADA-IDS with whitelists and behavior-based protocol analysis is proposed and it is exemplified in order to detect known and unknown cyber-attacks from inside or outside SCADA systems. Finally, our proposed SCADA-IDS is implemented and it is successfully validated through a series of scenarios performed in a SCADA-specific test bed developed to replicate cyber-attacks against a substation LAN. From the perspective of SCADA system operators, the lack of openly available test dataset is a bottleneck, to compare the performance and accuracy of proposed solutions. However, for the research in the community to progress, such a large dataset would be valuable. The propose system will to creating a new dataset to mitigate vulnerable attack from cyber-crime to save the higher level records and system. DOI: 10.17762/ijritcc2321-8169.150520

Cyber Attack Challenges and Resilience for Smart Grids

Date of Acceptance: 31/08/2015Peer reviewedPostprin

Few-shot Multi-domain Knowledge Rearming for Context-aware Defence against Advanced Persistent Threats

Advanced persistent threats (APTs) have novel features such as multi-stage penetration, highly-tailored intention, and evasive tactics. APTs defense requires fusing multi-dimensional Cyber threat intelligence data to identify attack intentions and conducts efficient knowledge discovery strategies by data-driven machine learning to recognize entity relationships. However, data-driven machine learning lacks generalization ability on fresh or unknown samples, reducing the accuracy and practicality of the defense model. Besides, the private deployment of these APT defense models on heterogeneous environments and various network devices requires significant investment in context awareness (such as known attack entities, continuous network states, and current security strategies). In this paper, we propose a few-shot multi-domain knowledge rearming (FMKR) scheme for context-aware defense against APTs. By completing multiple small tasks that are generated from different network domains with meta-learning, the FMKR firstly trains a model with good discrimination and generalization ability for fresh and unknown APT attacks. In each FMKR task, both threat intelligence and local entities are fused into the support/query sets in meta-learning to identify possible attack stages. Secondly, to rearm current security strategies, an finetuning-based deployment mechanism is proposed to transfer learned knowledge into the student model, while minimizing the defense cost. Compared to multiple model replacement strategies, the FMKR provides a faster response to attack behaviors while consuming less scheduling cost. Based on the feedback from multiple real users of the Industrial Internet of Things (IIoT) over 2 months, we demonstrate that the proposed scheme can improve the defense satisfaction rate.Comment: It has been accepted by IEEE SmartNet

Assessing and augmenting SCADA cyber security: a survey of techniques

SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability

Many or Few Samples? Comparing Transfer, Contrastive and Meta-Learning in Encrypted Traffic Classification

The popularity of Deep Learning (DL), coupled with network traffic visibility reduction due to the increased adoption of HTTPS, QUIC and DNS-SEC, re-ignited interest towards Traffic Classification (TC). However, to tame the dependency from task-specific large labeled datasets we need to find better ways to learn representations that are valid across tasks. In this work we investigate this problem comparing transfer learning, meta-learning and contrastive learning against reference Machine Learning (ML) tree-based and monolithic DL models (16 methods total). Using two publicly available datasets, namely MIRAGE19 (40 classes) and AppClassNet (500 classes), we show that (i) using large datasets we can obtain more general representations, (ii) contrastive learning is the best methodology and (iii) meta-learning the worst one, and (iv) while ML tree-based cannot handle large tasks but fits well small tasks, by means of reusing learned representations, DL methods are reaching tree-based models performance also for small tasks.Comment: to appear in Traffic Measurements and Analysis (TMA) 202

Multi-aspect rule-based AI: Methods, taxonomy, challenges and directions towards automation, intelligence and transparent cybersecurity modeling for critical infrastructures

Critical infrastructure (CI) typically refers to the essential physical and virtual systems, assets, and services that are vital for the functioning and well-being of a society, economy, or nation. However, the rapid proliferation and dynamism of today\u27s cyber threats in digital environments may disrupt CI functionalities, which would have a debilitating impact on public safety, economic stability, and national security. This has led to much interest in effective cybersecurity solutions regarding automation and intelligent decision-making, where AI-based modeling is potentially significant. In this paper, we take into account “Rule-based AI” rather than other black-box solutions since model transparency, i.e., human interpretation, explainability, and trustworthiness in decision-making, is an essential factor, particularly in cybersecurity application areas. This article provides an in-depth study on multi-aspect rule based AI modeling considering human interpretable decisions as well as security automation and intelligence for CI. We also provide a taxonomy of rule generation methods by taking into account not only knowledge-driven approaches based on human expertise but also data-driven approaches, i.e., extracting insights or useful knowledge from data, and their hybridization. This understanding can help security analysts and professionals comprehend how systems work, identify potential threats and anomalies, and make better decisions in various real-world application areas. We also cover how these techniques can address diverse cybersecurity concerns such as threat detection, mitigation, prediction, diagnosis for root cause findings, and so on in different CI sectors, such as energy, defence, transport, health, water, agriculture, etc. We conclude this paper with a list of identified issues and opportunities for future research, as well as their potential solution directions for how researchers and professionals might tackle future generation cybersecurity modeling in this emerging area of study

Sistema para la detección de intrusos en plataformas SCADA

RESUMEN: Los sistemas SCADA, acrónimo de Supervisory Control And Data Acquisition (Supervisión, Control y Adquisición de Datos), son redes de control que permiten el monitoreo y gestión de procesos industriales de forma remota. En sus inicios, su prioridad más importante era la disponibilidad de la información de forma bidireccional entre la estación de control y las unidades remotas; no obstante, el creciente escalamiento de los sistemas industriales, así como la conectividad a internet ha llevado a reconsiderar el antiguo paradigma para darle más importancia al tema de la seguridad, con el fin de evitar que un posible ciberataque ponga en peligro el funcionamiento del sistema SCADA. Estos ataques pueden llegar a afectar incluso la industria y poner en juego toda la seguridad de un país. El presente trabajo de incentivación propuso la creación de un sistema adaptable para la detección de intrusos o IDS (por sus siglas en inglés) en redes SCADA, mediante el uso de técnicas de aprendizaje de máquinas de tipo supervisado, orientadas al análisis de variables de los dispositivos de control. Una máquina de soporte vectorial del tipo “One Class” y un laboratorio de pruebas, permitió la validación del modelo propuesto