23 research outputs found

    Role of Support Vector Machine, Fuzzy K-Means and Naive Bayes Classification in Intrusion Detection System

    Get PDF
    An Intrusion can be defined as the access to unauthorised user, a breach in a security, misuse of the information or the system which can be done both internally and externally of the organization. So, Intrusion Detection is basically providing the security or managing the flow of data, information, managing the access of the system to only authorised user. In a network which is widely distributed requires high end security, only authorised user can access the system in a network. So, it requires more than authentication, providing passwords or certificates. An Intrusion Detection system is used to detect and monitor the number of happenings and episode in a network or a system. It will gather the information and analyse that information. If, it finds any unauthorized access or misuse it will detect it as Intrusion and will follow provided instructions. So, If Intrusion is the violation of security, then Detection is the management and taking necessary action against that Intrusion. For detecting any Intrusion in a network or system there are number of techniques which are used and can be developed to prevent. DOI: 10.17762/ijritcc2321-8169.15034

    Implementation of Multilayer cybersecurity based on Intrusion Detection System

    Get PDF
    Cyber security has become a high priority in Industrial Sector/Automation. Here the dependable operation is to ensure the stable, secure and reliable in power system delivery. By using the Intrusion Detection System framework Obscurity progress can be easily removed. Access control mechanism mainly used to launching the anomalous attacks. This framework provides a hierarchical approach for; integrated security system and comprising distributed IDSs. In a novel SCADA-IDS with whitelists and behavior-based protocol analysis is proposed and it is exemplified in order to detect known and unknown cyber-attacks from inside or outside SCADA systems. Finally, our proposed SCADA-IDS is implemented and it is successfully validated through a series of scenarios performed in a SCADA-specific test bed developed to replicate cyber-attacks against a substation LAN. From the perspective of SCADA system operators, the lack of openly available test dataset is a bottleneck, to compare the performance and accuracy of proposed solutions. However, for the research in the community to progress, such a large dataset would be valuable. The propose system will to creating a new dataset to mitigate vulnerable attack from cyber-crime to save the higher level records and system. DOI: 10.17762/ijritcc2321-8169.150520

    Feature Selection in UNSW-NB15 and KDDCUP’99 datasets

    Get PDF
    Machine learning and data mining techniques have been widely used in order to improve network intrusion detection in recent years. These techniques make it possible to automate anomaly detection in network traffics. One of the major problems that researchers are facing is the lack of published data available for research purposes. The KDD’99 dataset was used by researchers for over a decade even though this dataset was suffering from some reported shortcomings and it was criticized by few researchers. In 2009, Tavallaee M. et al. proposed a new dataset (NSL-KDD) extracted from the KDD’99 dataset in order to improve the dataset where it can be used for carrying out research in anomaly detection. The UNSW-NB15 dataset is the latest published dataset which was created in 2015 for research purposes in intrusion detection. This research is analysing the features included in the UNSW-NB15 dataset by employing machine learning techniques and exploring significant features (curse of high dimensionality) by which intrusion detection can be improved in network systems. Therefore, the existing irrelevant and redundant features are omitted from the dataset resulting not only faster training and testing process but also less resource consumption while maintaining high detection rates. A subset of features is proposed in this study and the findings are compared with the previous work in relation to features selection in the KDD’99 dataset

    PENGEMBANGAN DETEKSI PENYUSUPAN MENGGUNAKAN MULTIAGENT

    Get PDF
    Sistem deteksi penyusupan telah berkembang seiring dengan berkembangnya tantangan dan permasalahan yang perlu diakomodasi oleh sistem tersebut. Pendekatan teknologi agen dalam sistem deteksi penyusupan telah berkembang dari agen tunggal ke multiagen, dan kemudian berkembang lagi ke mobile agen untuk meningkatkan sistem tersebut dalam menghadapi tantangan dan perubahan yang lebih kompleks. Beberapa studi telah mengidentifikasikan bahwa mobile agen mampu mereduksi trafik jaringan, namun studi berkaitan arsitektur sistem deteksi yang memanfaatkan agen statik dan mobile dalam dalam hal performance belum sepenuhnya tercapai. Penelitian doktoral ini mengusulkan penggunaan mobile agent, metode deteksi rule matching dilanjutkan dengan string matching dan arsitektur dengan komponen multiage

    АвтоматизированноС ΠΎΠΏΡ€Π΅Π΄Π΅Π»Π΅Π½ΠΈΠ΅ Π°ΠΊΡ‚ΠΈΠ²ΠΎΠ² ΠΈ ΠΎΡ†Π΅Π½ΠΊΠ° ΠΈΡ… критичности для Π°Π½Π°Π»ΠΈΠ·Π° защищСнности ΠΈΠ½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΠΎΠ½Π½Ρ‹Ρ… систСм

    Get PDF
    ЦСль исслСдования Π·Π°ΠΊΠ»ΡŽΡ‡Π°Π΅Ρ‚ΡΡ Π² Ρ€Π°Π·Ρ€Π°Π±ΠΎΡ‚ΠΊΠ΅ ΠΌΠ΅Ρ‚ΠΎΠ΄ΠΈΠΊΠΈ Π°Π²Ρ‚ΠΎΠΌΠ°Ρ‚ΠΈΠ·ΠΈΡ€ΠΎΠ²Π°Π½Π½ΠΎΠ³ΠΎ выдСлСния Π°ΠΊΡ‚ΠΈΠ²ΠΎΠ² ΠΈΠ½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΠΎΠ½Π½ΠΎΠΉ систСмы ΠΈ ΡΡ€Π°Π²Π½ΠΈΡ‚Π΅Π»ΡŒΠ½ΠΎΠΉ ΠΎΡ†Π΅Π½ΠΊΠΈ уровня ΠΈΡ… критичности для ΠΏΠΎΡΠ»Π΅Π΄ΡƒΡŽΡ‰Π΅ΠΉ ΠΎΡ†Π΅Π½ΠΊΠΈ защищСнности Π°Π½Π°Π»ΠΈΠ·ΠΈΡ€ΡƒΠ΅ΠΌΠΎΠΉ Ρ†Π΅Π»Π΅Π²ΠΎΠΉ инфраструктуры. Под Π°ΠΊΡ‚ΠΈΠ²Π°ΠΌΠΈ Π² Π΄Π°Π½Π½ΠΎΠΌ случаС ΠΏΠΎΠ½ΠΈΠΌΠ°ΡŽΡ‚ΡΡ всС ΠΈΠ½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΠΎΠ½Π½ΠΎ-тСхнологичСскиС ΠΎΠ±ΡŠΠ΅ΠΊΡ‚Ρ‹ Ρ†Π΅Π»Π΅Π²ΠΎΠΉ инфраструктуры. Π Π°Π·ΠΌΠ΅Ρ€Ρ‹, Ρ€Π°Π·Π½ΠΎΡ€ΠΎΠ΄Π½ΠΎΡΡ‚ΡŒ, ΡΠ»ΠΎΠΆΠ½ΠΎΡΡ‚ΡŒ взаимосвязСй, Ρ€Π°ΡΠΏΡ€Π΅Π΄Π΅Π»Π΅Π½Π½ΠΎΡΡ‚ΡŒ ΠΈ Π΄ΠΈΠ½Π°ΠΌΠΈΡ‡Π½ΠΎΡΡ‚ΡŒ соврСмСнных ΠΈΠ½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΠΎΠ½Π½Ρ‹Ρ… систСм Π·Π°Ρ‚Ρ€ΡƒΠ΄Π½ΡΡŽΡ‚ ΠΎΠΏΡ€Π΅Π΄Π΅Π»Π΅Π½ΠΈΠ΅ Ρ†Π΅Π»Π΅Π²ΠΎΠΉ инфраструктуры ΠΈ критичности ΠΈΠ½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΠΎΠ½Π½ΠΎ-тСхнологичСских Π°ΠΊΡ‚ΠΈΠ²ΠΎΠ² для Π΅Π΅ ΠΊΠΎΡ€Ρ€Π΅ΠΊΡ‚Π½ΠΎΠ³ΠΎ функционирования. АвтоматизированноС ΠΈ Π°Π΄Π°ΠΏΡ‚ΠΈΠ²Π½ΠΎΠ΅ ΠΎΠΏΡ€Π΅Π΄Π΅Π»Π΅Π½ΠΈΠ΅ состава ΠΈΠ½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΠΎΠ½Π½ΠΎ-тСхнологичСских Π°ΠΊΡ‚ΠΈΠ²ΠΎΠ² ΠΈ связСй ΠΌΠ΅ΠΆΠ΄Ρƒ Π½ΠΈΠΌΠΈ Π½Π° основС выдСлСния статичных ΠΈ Π΄ΠΈΠ½Π°ΠΌΠΈΡ‡Π½Ρ‹Ρ… ΠΎΠ±ΡŠΠ΅ΠΊΡ‚ΠΎΠ² ΠΈΠ·Π½Π°Ρ‡Π°Π»ΡŒΠ½ΠΎ Π½Π΅ΠΎΠΏΡ€Π΅Π΄Π΅Π»Π΅Π½Π½ΠΎΠΉ инфраструктуры являСтся достаточно слоТной Π·Π°Π΄Π°Ρ‡Π΅ΠΉ. Π•Π΅ прСдлагаСтся Ρ€Π΅ΡˆΠΈΡ‚ΡŒ Π·Π° счСт построСния Π°ΠΊΡ‚ΡƒΠ°Π»ΡŒΠ½ΠΎΠΉ динамичСской ΠΌΠΎΠ΄Π΅Π»ΠΈ ΠΎΡ‚Π½ΠΎΡˆΠ΅Π½ΠΈΠΉ ΠΎΠ±ΡŠΠ΅ΠΊΡ‚ΠΎΠ² Ρ†Π΅Π»Π΅Π²ΠΎΠΉ инфраструктуры с использованиСм Ρ€Π°Π·Ρ€Π°Π±ΠΎΡ‚Π°Π½Π½ΠΎΠΉ ΠΌΠ΅Ρ‚ΠΎΠ΄ΠΈΠΊΠΈ, которая Ρ€Π΅Π°Π»ΠΈΠ·ΡƒΠ΅Ρ‚ ΠΏΠΎΠ΄Ρ…ΠΎΠ΄ Π½Π° основС коррСляции событий, происходящих Π² систСмС. Разработанная ΠΌΠ΅Ρ‚ΠΎΠ΄ΠΈΠΊΠ° основана Π½Π° статистичСском Π°Π½Π°Π»ΠΈΠ·Π΅ эмпиричСских Π΄Π°Π½Π½Ρ‹Ρ… ΠΎ событиях Π² систСмС. ΠœΠ΅Ρ‚ΠΎΠ΄ΠΈΠΊΠ° позволяСт Π²Ρ‹Π΄Π΅Π»ΠΈΡ‚ΡŒ основныС Ρ‚ΠΈΠΏΡ‹ ΠΎΠ±ΡŠΠ΅ΠΊΡ‚ΠΎΠ² инфраструктуры, ΠΈΡ… характСристики ΠΈ ΠΈΠ΅Ρ€Π°Ρ€Ρ…ΠΈΡŽ, ΠΎΡΠ½ΠΎΠ²Π°Π½Π½ΡƒΡŽ Π½Π° частотС использования ΠΎΠ±ΡŠΠ΅ΠΊΡ‚ΠΎΠ², ΠΈ, ΠΊΠ°ΠΊ слСдствиС, ΠΎΡ‚Ρ€Π°ΠΆΠ°ΡŽΡ‰ΡƒΡŽ ΠΈΡ… ΠΎΡ‚Π½ΠΎΡΠΈΡ‚Π΅Π»ΡŒΠ½ΡƒΡŽ ΠΊΡ€ΠΈΡ‚ΠΈΡ‡Π½ΠΎΡΡ‚ΡŒ для функционирования систСмы. Для этого Π² Ρ€Π°Π±ΠΎΡ‚Π΅ вводятся ΠΏΠΎΠΊΠ°Π·Π°Ρ‚Π΅Π»ΠΈ, Ρ…Π°Ρ€Π°ΠΊΡ‚Π΅Ρ€ΠΈΠ·ΡƒΡŽΡ‰ΠΈΠ΅ ΠΏΡ€ΠΈΠ½Π°Π΄Π»Π΅ΠΆΠ½ΠΎΡΡ‚ΡŒ свойств ΠΎΠ΄Π½ΠΎΠΌΡƒ Ρ‚ΠΈΠΏΡƒ, совмСстноС использованиС свойств, Π° Ρ‚Π°ΠΊΠΆΠ΅ ΠΏΠΎΠΊΠ°Π·Π°Ρ‚Π΅Π»ΠΈ динамичности, Ρ…Π°Ρ€Π°ΠΊΡ‚Π΅Ρ€ΠΈΠ·ΡƒΡŽΡ‰ΠΈΠ΅ Π²Π°Ρ€ΠΈΠ°Ρ‚ΠΈΠ²Π½ΠΎΡΡ‚ΡŒ свойств ΠΎΡ‚Π½ΠΎΡΠΈΡ‚Π΅Π»ΡŒΠ½ΠΎ Π΄Ρ€ΡƒΠ³ Π΄Ρ€ΡƒΠ³Π°. Π Π΅Π·ΡƒΠ»ΡŒΡ‚ΠΈΡ€ΡƒΡŽΡ‰Π°Ρ модСль ΠΈΡΠΏΠΎΠ»ΡŒΠ·ΡƒΠ΅Ρ‚ΡΡ для ΡΡ€Π°Π²Π½ΠΈΡ‚Π΅Π»ΡŒΠ½ΠΎΠΉ ΠΎΡ†Π΅Π½ΠΊΠΈ уровня критичности Ρ‚ΠΈΠΏΠΎΠ² ΠΎΠ±ΡŠΠ΅ΠΊΡ‚ΠΎΠ² систСмы. Π’ Ρ€Π°Π±ΠΎΡ‚Π΅ ΠΎΠΏΠΈΡΡ‹Π²Π°ΡŽΡ‚ΡΡ ΠΈΡΠΏΠΎΠ»ΡŒΠ·ΡƒΠ΅ΠΌΡ‹Π΅ Π²Ρ…ΠΎΠ΄Π½Ρ‹Π΅ Π΄Π°Π½Π½Ρ‹Π΅ ΠΈ ΠΌΠΎΠ΄Π΅Π»ΠΈ, Π° Ρ‚Π°ΠΊΠΆΠ΅ ΠΌΠ΅Ρ‚ΠΎΠ΄ΠΈΠΊΠ° опрСдСлСния Ρ‚ΠΈΠΏΠΎΠ² ΠΈ сравнСния критичности Π°ΠΊΡ‚ΠΈΠ²ΠΎΠ² систСмы. ΠŸΡ€ΠΈΠ²Π΅Π΄Π΅Π½Ρ‹ экспСримСнты, ΠΏΠΎΠΊΠ°Π·Ρ‹Π²Π°ΡŽΡ‰ΠΈΠ΅ Ρ€Π°Π±ΠΎΡ‚ΠΎΡΠΏΠΎΡΠΎΠ±Π½ΠΎΡΡ‚ΡŒ ΠΌΠ΅Ρ‚ΠΎΠ΄ΠΈΠΊΠΈ Π½Π° ΠΏΡ€ΠΈΠΌΠ΅Ρ€Π΅ Π°Π½Π°Π»ΠΈΠ·Π° ΠΆΡƒΡ€Π½Π°Π»ΠΎΠ² бСзопасности ΠΎΠΏΠ΅Ρ€Π°Ρ†ΠΈΠΎΠ½Π½ΠΎΠΉ систСмы Windows

    АвтоматизированноС ΠΎΠΏΡ€Π΅Π΄Π΅Π»Π΅Π½ΠΈΠ΅ Π°ΠΊΡ‚ΠΈΠ²ΠΎΠ² ΠΈ ΠΎΡ†Π΅Π½ΠΊΠ° ΠΈΡ… критичности для Π°Π½Π°Π»ΠΈΠ·Π° защищСнности ΠΈΠ½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΠΎΠ½Π½Ρ‹Ρ… систСм

    Get PDF
    The research aims to develop the technique for an automated detection of information system assets and comparative assessment of their criticality for farther security analysis of the target infrastructure. The assets are all information and technology objects of the target infrastructure. The size, heterogeneity, complexity of interconnections, distribution and constant modification of the modern information systems complicate this task. An automated and adaptive determination of information and technology assets and connections between them based on the determination of the static and dynamic objects of the initially uncertain infrastructure is rather challenging problem. The paper proposes dynamic model of connections between objects of the target infrastructure and the technique for its building based on the event correlation approach. The developed technique is based on the statistical analysis of the empirical data on the system events. The technique allows determining main types of analysed infrastructure, their characteristics and hierarchy. The hierarchy is constructed considering the frequency of objects use, and as the result represents their relative criticality for the system operation. For the listed goals the indexes are introduced that determine belonging of properties to the same type, joint use of the properties, as well as dynamic indexes that characterize the variability of properties relative to each other. The resulting model is used for the initial comparative assessment of criticality for the system objects. The paper describes the input data, the developed models and proposed technique for the assets detection and comparison of their criticality. The experiments that demonstrate an application of the developed technique on the example of analyzing security logs of Windows operating system are provided.ЦСль исслСдования Π·Π°ΠΊΠ»ΡŽΡ‡Π°Π΅Ρ‚ΡΡ Π² Ρ€Π°Π·Ρ€Π°Π±ΠΎΡ‚ΠΊΠ΅ ΠΌΠ΅Ρ‚ΠΎΠ΄ΠΈΠΊΠΈ Π°Π²Ρ‚ΠΎΠΌΠ°Ρ‚ΠΈΠ·ΠΈΡ€ΠΎΠ²Π°Π½Π½ΠΎΠ³ΠΎ выдСлСния Π°ΠΊΡ‚ΠΈΠ²ΠΎΠ² ΠΈΠ½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΠΎΠ½Π½ΠΎΠΉ систСмы ΠΈ ΡΡ€Π°Π²Π½ΠΈΡ‚Π΅Π»ΡŒΠ½ΠΎΠΉ ΠΎΡ†Π΅Π½ΠΊΠΈ уровня ΠΈΡ… критичности для ΠΏΠΎΡΠ»Π΅Π΄ΡƒΡŽΡ‰Π΅ΠΉ ΠΎΡ†Π΅Π½ΠΊΠΈ защищСнности Π°Π½Π°Π»ΠΈΠ·ΠΈΡ€ΡƒΠ΅ΠΌΠΎΠΉ Ρ†Π΅Π»Π΅Π²ΠΎΠΉ инфраструктуры. Под Π°ΠΊΡ‚ΠΈΠ²Π°ΠΌΠΈ Π² Π΄Π°Π½Π½ΠΎΠΌ случаС ΠΏΠΎΠ½ΠΈΠΌΠ°ΡŽΡ‚ΡΡ всС ΠΈΠ½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΠΎΠ½Π½ΠΎ-тСхнологичСскиС ΠΎΠ±ΡŠΠ΅ΠΊΡ‚Ρ‹ Ρ†Π΅Π»Π΅Π²ΠΎΠΉ инфраструктуры. Π Π°Π·ΠΌΠ΅Ρ€Ρ‹, Ρ€Π°Π·Π½ΠΎΡ€ΠΎΠ΄Π½ΠΎΡΡ‚ΡŒ, ΡΠ»ΠΎΠΆΠ½ΠΎΡΡ‚ΡŒ взаимосвязСй, Ρ€Π°ΡΠΏΡ€Π΅Π΄Π΅Π»Π΅Π½Π½ΠΎΡΡ‚ΡŒ ΠΈ Π΄ΠΈΠ½Π°ΠΌΠΈΡ‡Π½ΠΎΡΡ‚ΡŒ соврСмСнных ΠΈΠ½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΠΎΠ½Π½Ρ‹Ρ… систСм Π·Π°Ρ‚Ρ€ΡƒΠ΄Π½ΡΡŽΡ‚ ΠΎΠΏΡ€Π΅Π΄Π΅Π»Π΅Π½ΠΈΠ΅ Ρ†Π΅Π»Π΅Π²ΠΎΠΉ инфраструктуры ΠΈ критичности ΠΈΠ½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΠΎΠ½Π½ΠΎ-тСхнологичСских Π°ΠΊΡ‚ΠΈΠ²ΠΎΠ² для Π΅Π΅ ΠΊΠΎΡ€Ρ€Π΅ΠΊΡ‚Π½ΠΎΠ³ΠΎ функционирования. АвтоматизированноС ΠΈ Π°Π΄Π°ΠΏΡ‚ΠΈΠ²Π½ΠΎΠ΅ ΠΎΠΏΡ€Π΅Π΄Π΅Π»Π΅Π½ΠΈΠ΅ состава ΠΈΠ½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΠΎΠ½Π½ΠΎ-тСхнологичСских Π°ΠΊΡ‚ΠΈΠ²ΠΎΠ² ΠΈ связСй ΠΌΠ΅ΠΆΠ΄Ρƒ Π½ΠΈΠΌΠΈ Π½Π° основС выдСлСния статичных ΠΈ Π΄ΠΈΠ½Π°ΠΌΠΈΡ‡Π½Ρ‹Ρ… ΠΎΠ±ΡŠΠ΅ΠΊΡ‚ΠΎΠ² ΠΈΠ·Π½Π°Ρ‡Π°Π»ΡŒΠ½ΠΎ Π½Π΅ΠΎΠΏΡ€Π΅Π΄Π΅Π»Π΅Π½Π½ΠΎΠΉ инфраструктуры являСтся достаточно слоТной Π·Π°Π΄Π°Ρ‡Π΅ΠΉ. Π•Π΅ прСдлагаСтся Ρ€Π΅ΡˆΠΈΡ‚ΡŒ Π·Π° счСт построСния Π°ΠΊΡ‚ΡƒΠ°Π»ΡŒΠ½ΠΎΠΉ динамичСской ΠΌΠΎΠ΄Π΅Π»ΠΈ ΠΎΡ‚Π½ΠΎΡˆΠ΅Π½ΠΈΠΉ ΠΎΠ±ΡŠΠ΅ΠΊΡ‚ΠΎΠ² Ρ†Π΅Π»Π΅Π²ΠΎΠΉ инфраструктуры с использованиСм Ρ€Π°Π·Ρ€Π°Π±ΠΎΡ‚Π°Π½Π½ΠΎΠΉ ΠΌΠ΅Ρ‚ΠΎΠ΄ΠΈΠΊΠΈ, которая Ρ€Π΅Π°Π»ΠΈΠ·ΡƒΠ΅Ρ‚ ΠΏΠΎΠ΄Ρ…ΠΎΠ΄ Π½Π° основС коррСляции событий, происходящих Π² систСмС. Разработанная ΠΌΠ΅Ρ‚ΠΎΠ΄ΠΈΠΊΠ° основана Π½Π° статистичСском Π°Π½Π°Π»ΠΈΠ·Π΅ эмпиричСских Π΄Π°Π½Π½Ρ‹Ρ… ΠΎ событиях Π² систСмС. ΠœΠ΅Ρ‚ΠΎΠ΄ΠΈΠΊΠ° позволяСт Π²Ρ‹Π΄Π΅Π»ΠΈΡ‚ΡŒ основныС Ρ‚ΠΈΠΏΡ‹ ΠΎΠ±ΡŠΠ΅ΠΊΡ‚ΠΎΠ² инфраструктуры, ΠΈΡ… характСристики ΠΈ ΠΈΠ΅Ρ€Π°Ρ€Ρ…ΠΈΡŽ, ΠΎΡΠ½ΠΎΠ²Π°Π½Π½ΡƒΡŽ Π½Π° частотС использования ΠΎΠ±ΡŠΠ΅ΠΊΡ‚ΠΎΠ², ΠΈ, ΠΊΠ°ΠΊ слСдствиС, ΠΎΡ‚Ρ€Π°ΠΆΠ°ΡŽΡ‰ΡƒΡŽ ΠΈΡ… ΠΎΡ‚Π½ΠΎΡΠΈΡ‚Π΅Π»ΡŒΠ½ΡƒΡŽ ΠΊΡ€ΠΈΡ‚ΠΈΡ‡Π½ΠΎΡΡ‚ΡŒ для функционирования систСмы. Для этого Π² Ρ€Π°Π±ΠΎΡ‚Π΅ вводятся ΠΏΠΎΠΊΠ°Π·Π°Ρ‚Π΅Π»ΠΈ, Ρ…Π°Ρ€Π°ΠΊΡ‚Π΅Ρ€ΠΈΠ·ΡƒΡŽΡ‰ΠΈΠ΅ ΠΏΡ€ΠΈΠ½Π°Π΄Π»Π΅ΠΆΠ½ΠΎΡΡ‚ΡŒ свойств ΠΎΠ΄Π½ΠΎΠΌΡƒ Ρ‚ΠΈΠΏΡƒ, совмСстноС использованиС свойств, Π° Ρ‚Π°ΠΊΠΆΠ΅ ΠΏΠΎΠΊΠ°Π·Π°Ρ‚Π΅Π»ΠΈ динамичности, Ρ…Π°Ρ€Π°ΠΊΡ‚Π΅Ρ€ΠΈΠ·ΡƒΡŽΡ‰ΠΈΠ΅ Π²Π°Ρ€ΠΈΠ°Ρ‚ΠΈΠ²Π½ΠΎΡΡ‚ΡŒ свойств ΠΎΡ‚Π½ΠΎΡΠΈΡ‚Π΅Π»ΡŒΠ½ΠΎ Π΄Ρ€ΡƒΠ³ Π΄Ρ€ΡƒΠ³Π°. Π Π΅Π·ΡƒΠ»ΡŒΡ‚ΠΈΡ€ΡƒΡŽΡ‰Π°Ρ модСль ΠΈΡΠΏΠΎΠ»ΡŒΠ·ΡƒΠ΅Ρ‚ΡΡ для ΡΡ€Π°Π²Π½ΠΈΡ‚Π΅Π»ΡŒΠ½ΠΎΠΉ ΠΎΡ†Π΅Π½ΠΊΠΈ уровня критичности Ρ‚ΠΈΠΏΠΎΠ² ΠΎΠ±ΡŠΠ΅ΠΊΡ‚ΠΎΠ² систСмы. Π’ Ρ€Π°Π±ΠΎΡ‚Π΅ ΠΎΠΏΠΈΡΡ‹Π²Π°ΡŽΡ‚ΡΡ ΠΈΡΠΏΠΎΠ»ΡŒΠ·ΡƒΠ΅ΠΌΡ‹Π΅ Π²Ρ…ΠΎΠ΄Π½Ρ‹Π΅ Π΄Π°Π½Π½Ρ‹Π΅ ΠΈ ΠΌΠΎΠ΄Π΅Π»ΠΈ, Π° Ρ‚Π°ΠΊΠΆΠ΅ ΠΌΠ΅Ρ‚ΠΎΠ΄ΠΈΠΊΠ° опрСдСлСния Ρ‚ΠΈΠΏΠΎΠ² ΠΈ сравнСния критичности Π°ΠΊΡ‚ΠΈΠ²ΠΎΠ² систСмы. ΠŸΡ€ΠΈΠ²Π΅Π΄Π΅Π½Ρ‹ экспСримСнты, ΠΏΠΎΠΊΠ°Π·Ρ‹Π²Π°ΡŽΡ‰ΠΈΠ΅ Ρ€Π°Π±ΠΎΡ‚ΠΎΡΠΏΠΎΡΠΎΠ±Π½ΠΎΡΡ‚ΡŒ ΠΌΠ΅Ρ‚ΠΎΠ΄ΠΈΠΊΠΈ Π½Π° ΠΏΡ€ΠΈΠΌΠ΅Ρ€Π΅ Π°Π½Π°Π»ΠΈΠ·Π° ΠΆΡƒΡ€Π½Π°Π»ΠΎΠ² бСзопасности ΠΎΠΏΠ΅Ρ€Π°Ρ†ΠΈΠΎΠ½Π½ΠΎΠΉ систСмы Windows

    Multi-Attribute SCADA-Specific Intrusion Detection System for Power Networks

    Get PDF
    The increased interconnectivity and complexity of supervisory control and data acquisition (SCADA) systems in power system networks has exposed the systems to a multitude of potential vulnerabilities. In this paper, we present a novel approach for a next-generation SCADA-specific intrusion detection system (IDS). The proposed system analyzes multiple attributes in order to provide a comprehensive solution that is able to mitigate varied cyber-attack threats. The multiattribute IDS comprises a heterogeneous white list and behavior-based concept in order to make SCADA cybersystems more secure. This paper also proposes a multilayer cyber-security framework based on IDS for protecting SCADA cybersecurity in smart grids without compromising the availability of normal data. In addition, this paper presents a SCADA-specific cybersecurity testbed to investigate simulated attacks, which has been used in this paper to validate the proposed approach

    Evaluation of DoS attacks on Commercial Wi-Fi-Based UAVs

    Get PDF
    One of the biggest challenges for the use of Unmanned Aerial Vehicles (UAVs) in large-scale real-world applications is security. Β However, most of research projects related to robotics does not discuss security issues, moving on directly to studying classical problems (i.e., perception, control, planning). This paper evaluates the effects of availability issues (Denial of Service attacks) in two commonly used commercially available UAVs (AR.Drone 2.0 and 3DR SOLO). Denial of Service (DoS) attacks are made while the vehicles are navigating, simulating common conditions found both by the general public and in a research scenario. Experiments show how effective such attacks are and demonstrate actual security breaches that create specific vulnerabilities. The results indicate that both studied UAVs are susceptible to several types of DoS attacks which can critically influence the performance of UAVs during navigation, including a decrease in camera functionality, drops in telemetry feedback and lack of response to remote control commands. We also present a tool that can be used as a failsafe mechanism to alert the user when a drone is reaching out a determined flight limit range, avoiding availability issues

    An enhancement of classification technique based on rough set theory for intrusion detection system application

    Get PDF
    An Intrusion Detection System (IDS) is capable to detect unauthorized intrusions into computer systems and networks by looking for signatures of known attacks or deviations of normal activity. However, accuracy performance is one of the issues in IDS application. Meanwhile, classification is one of techniques in data mining employed to increase IDS performance. In order to improve classification performance problem, feature selection and discretization algorithm are crucial in selecting relevant attributes that could improve classification performance. Discretization algorithms have been recently proposed; however, those algorithms of discretizer are only capable to handle categorical attributes and cannot deal with numerical attributes. In fact, it is difficult to determine the needed number of intervals and their width. Thus, to deal with huge dataset, data mining technique can be improved by introducing discretization algorithm to increase classification performance. The generation of rule is considered a crucial process in data mining and the generated rules are in a huge number. Therefore,it is dreadful to determine important and relevant rules for the next process . As a result, the aim of the study is to improve classification performance in terms of accuracy, detection rate and false positive alarm rate decreased for IDS application. Henceforth, to achieve the aim, current research work proposed an enhancement of discretization algorithm based on Binning Discretization in RST to improve classification performance and to enhance the strategy of generation rules in RST to improve classification performance. Both enhancements were evaluated in terms of accuracy, false positive alarm and detection rate against state-of-the-practice dataset (KDD Cup 99 dataset) in IDS application. Several discretization algorithms such Equal Frequency Binning, Entropy/MDL, NaΓ―ve and proposed discretization were analysed and compared in the study. Experimental results show the proposed technique increases accuracy classification percentage up to 99.95%; and the minimum number of bins determine good discretization algorithm. Consequently, attack detection rate increases and false positive alarm rate minimizes. In particular, the proposed algorithm obtains satisfactory compromise between the number of cuts and classification accuracy
    corecore