Machine Learning Based Network Vulnerability Analysis of Industrial Internet of Things

It is critical to secure the Industrial Internet of Things (IIoT) devices because of potentially devastating consequences in case of an attack. Machine learning and big data analytics are the two powerful leverages for analyzing and securing the Internet of Things (IoT) technology. By extension, these techniques can help improve the security of the IIoT systems as well. In this paper, we first present common IIoT protocols and their associated vulnerabilities. Then, we run a cyber-vulnerability assessment and discuss the utilization of machine learning in countering these susceptibilities. Following that, a literature review of the available intrusion detection solutions using machine learning models is presented. Finally, we discuss our case study, which includes details of a real-world testbed that we have built to conduct cyber-attacks and to design an intrusion detection system (IDS). We deploy backdoor, command injection, and Structured Query Language (SQL) injection attacks against the system and demonstrate how a machine learning based anomaly detection system can perform well in detecting these attacks. We have evaluated the performance through representative metrics to have a fair point of view on the effectiveness of the methods

A Feasibility Study on the Application of the ScriptGenE Framework as an Anomaly Detection System in Industrial Control Systems

Recent events such as Stuxnet and the Shamoon Aramco have brought to light how vulnerable industrial control systems (ICSs) are to cyber attacks. Modern society relies heavily on critical infrastructure, including the electric power grid, water treatment facilities, and nuclear energy plants. Malicious attempts to disrupt, destroy and disable such systems can have devastating effects on a populations way of life, possibly leading to loss of life. The need to implement security controls in the ICS environment is more vital than ever. ICSs were not originally designed with network security in mind. Today, intrusion detection systems are employed to detect attacks that penetrate the ICS network. This research proposes the use of a novel algorithm known as the ScriptGenE framework as an anomaly-based intrusion detection system. The anomaly detection system (ADS) is implemented between an engineering workstation and programmable logic controller to monitor traffic and alert the operator to anomalous behavior. The ADS achieves true positive rates of 0.9011 and 1.00 with false positive rates of 0 and 0.054. This research demonstrates the viability of using the ScriptGenE framework as an anomaly detection system in a simulated ICS environment

SCADA Intrusion Detection System Test Framework

Master's thesis Information- and communication technology IKT590 - University of Agder 2017Supervisory control and data acquisition (SCADA) systems play an important role in our critical infrastructure (CI). Several of the protocols used in SCADA communication are old and lack of security mechanisms. This master thesis presents a SCADA Intrusion Detection System Test Framework that can be used to simulate SCADA traffic and detect malicious network activity. The framework uses a signature-based approach and utilize two different IDS engines, Suricata and Snort. The IDS engines include rule-sets for the IEC 60870-5-104, DNP3 and Modbus protocols. The IDS engines ships detected events to a distributed cluster and visualize them using a web interface. The experiments carried out in this project show that there generally is little difference between Suricata and Snort's ability to detect malicious traffic. Suricata is compatible with signatures written in snort lightweight rules description language. I did however, discover some compatibility issues. The purposed framework applies additional latency to the analysis of IDS events. The perceived latency was generally higher for Snort events than for Suricata events. The reason for this is probably the additional processing time applied by the implemented log conversion tool. Keywords: SCADA, IDS, SIE

Intelligenza artificiale e sicurezza: opportunità, rischi e raccomandazioni

L'IA (o intelligenza artificiale) è una disciplina in forte espansione negli ultimi anni e lo sarà sempre più nel prossimo futuro: tuttavia è dal 1956 che l’IA studia l’emulazione dell’intelligenza da parte delle macchine, intese come software e in certi casi hardware. L’IA è nata dall’idea di costruire macchine che - ispirandosi ai processi legati all’intelligenza umana - siano in grado di risolvere problemi complessi, per i quali solitamente si ritiene che sia necessario un qualche tipo di ragionamento intelligente. La principale area di ricerca e applicazione attuale dell’IA è il machine learning (algoritmi che imparano e si adattano in base ai dati che ricevono), che negli ultimi anni ha trovato ampie applicazioni grazie alle reti neurali (modelli matematici composti da neuroni artificiali) che a loro volta hanno consentito la nascita del deep learning (reti neurali di maggiore complessità). Appartengono al mondo dell’IA anche i sistemi esperti, la visione artificiale, il riconoscimento vocale, l’elaborazione del linguaggio naturale, la robotica avanzata e alcune soluzioni di cybersecurity. Quando si parla di IA c'è chi ne è entusiasta pensando alle opportunità, altri sono preoccupati poiché temono tecnologie futuristiche di un mondo in cui i robot sostituiranno l'uomo, gli toglieranno il lavoro e decideranno al suo posto. In realtà l'IA è ampiamente utilizzata già oggi in molti campi, ad esempio nei cellulari, negli oggetti smart (IoT), nelle industry 4.0, per le smart city, nei sistemi di sicurezza informatica, nei sistemi di guida autonoma (drive o parking assistant), nei chat bot di vari siti web; questi sono solo alcuni esempi basati tutti su algoritmi tipici dell’intelligenza artificiale. Grazie all'IA le aziende possono avere svariati vantaggi nel fornire servizi avanzati, personalizzati, prevedere trend, anticipare le scelte degli utenti, ecc. Ma non è tutto oro quel che luccica: ci sono talvolta problemi tecnici, interrogativi etici, rischi di sicurezza, norme e legislazioni non del tutto chiare. Le organizzazioni che già adottano soluzioni basate sull’IA, o quelle che intendono farlo, potrebbero beneficiare di questa pubblicazione per approfondirne le opportunità, i rischi e le relative contromisure. La Community for Security del Clusit si augura che questa pubblicazione possa fornire ai lettori un utile quadro d’insieme di una realtà, come l’intelligenza artificiale, che ci accompagnerà sempre più nella vita personale, sociale e lavorativa.AI (or artificial intelligence) is a booming discipline in recent years and will be increasingly so in the near future.However, it is since 1956 that AI has been studying the emulation of intelligence by machines, understood as software and in some cases hardware. AI arose from the idea of building machines that-inspired by processes related to human intelligence-are able to solve complex problems, for which it is usually believed that some kind of intelligent reasoning is required. The main current area of AI research and application is machine learning (algorithms that learn and adapt based on the data they receive), which has found wide applications in recent years thanks to neural networks (mathematical models composed of artificial neurons), which in turn have enabled the emergence of deep learning (neural networks of greater complexity). Also belonging to the AI world are expert systems, computer vision, speech recognition, natural language processing, advanced robotics and some cybersecurity solutions. When it comes to AI there are those who are enthusiastic about it thinking of the opportunities, others are concerned as they fear futuristic technologies of a world where robots will replace humans, take away their jobs and make decisions for them. In reality, AI is already widely used in many fields, for example, in cell phones, smart objects (IoT), industries 4.0, for smart cities, cybersecurity systems, autonomous driving systems (drive or parking assistant), chat bots on various websites; these are just a few examples all based on typical artificial intelligence algorithms. Thanks to AI, companies can have a variety of advantages in providing advanced, personalized services, predicting trends, anticipating user choices, etc. But not all that glitters is gold: there are sometimes technical problems, ethical questions, security risks, and standards and legislation that are not entirely clear. Organizations already adopting AI-based solutions, or those planning to do so, could benefit from this publication to learn more about the opportunities, risks, and related countermeasures. Clusit's Community for Security hopes that this publication will provide readers with a useful overview of a reality, such as artificial intelligence, that will increasingly accompany us in our personal, social and working lives