89,827 research outputs found
Detecting cyberattacks in industrial control systems using online learning algorithms
Industrial control systems are critical to the operation of industrial
facilities, especially for critical infrastructures, such as refineries, power
grids, and transportation systems. Similar to other information systems, a
significant threat to industrial control systems is the attack from
cyberspace---the offensive maneuvers launched by "anonymous" in the digital
world that target computer-based assets with the goal of compromising a
system's functions or probing for information. Owing to the importance of
industrial control systems, and the possibly devastating consequences of being
attacked, significant endeavors have been attempted to secure industrial
control systems from cyberattacks. Among them are intrusion detection systems
that serve as the first line of defense by monitoring and reporting potentially
malicious activities. Classical machine-learning-based intrusion detection
methods usually generate prediction models by learning modest-sized training
samples all at once. Such approach is not always applicable to industrial
control systems, as industrial control systems must process continuous control
commands with limited computational resources in a nonstop way. To satisfy such
requirements, we propose using online learning to learn prediction models from
the controlling data stream. We introduce several state-of-the-art online
learning algorithms categorically, and illustrate their efficacies on two
typically used testbeds---power system and gas pipeline. Further, we explore a
new cost-sensitive online learning algorithm to solve the class-imbalance
problem that is pervasive in industrial intrusion detection systems. Our
experimental results indicate that the proposed algorithm can achieve an
overall improvement in the detection rate of cyberattacks in industrial control
systems
The Nuts and Bolts of Deploying Process-Level IDS in Industrial Control Systems
Much research effort has recently been devoted to securing Industrial Control Systems (ICS) in response to the increasing number of adverse incidents targeting nation-wide critical infrastructures. Leveraging the static and regular nature of the behavior of control systems, various data-driven methods that monitor the process-level network have been proposed as a defensive measure. Although these methods have been evaluated through offline analysis of ICS-related datasets, in absence of documented live experiments in real environments, a complete and global understanding of the applicability and efficiency of process-level monitoring is still lacking. In this work, we describe our experience of running a fully fledged intrusion detection system in an operational paper factory for 75 days. We discuss the nuts and bolts of running such systems in real environments and underline several practical challenges in meeting ICS-specific requirements. This work essentially aims at bridging the gap between ICS intrusion detection research and practice, and empirically validating the increasingly adopted data-driven approach to process-level monitoring
Assessing and augmenting SCADA cyber security: a survey of techniques
SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability
Comprehensive Security Framework for Global Threats Analysis
Cyber criminality activities are changing and becoming more and more professional. With the growth of financial flows through the Internet and the Information System (IS), new kinds of thread arise involving complex scenarios spread within multiple IS components. The IS information modeling and Behavioral Analysis are becoming new solutions to normalize the IS information and counter these new threads. This paper presents a framework which details the principal and necessary steps for monitoring an IS. We present the architecture of the framework, i.e. an ontology of activities carried out within an IS to model security information and User Behavioral analysis. The results of the performed experiments on real data show that the modeling is effective to reduce the amount of events by 91%. The User Behavioral Analysis on uniform modeled data is also effective, detecting more than 80% of legitimate actions of attack scenarios
Self-organising management of Grid environments
This paper presents basic concepts, architectural principles and algorithms for efficient resource and security management in cluster computing environments and the Grid. The work presented in this paper is funded by BTExacT and the EPSRC project SO-GRM (GR/S21939)
- …