3,591 research outputs found
Building an Emulation Environment for Cyber Security Analyses of Complex Networked Systems
Computer networks are undergoing a phenomenal growth, driven by the rapidly
increasing number of nodes constituting the networks. At the same time, the
number of security threats on Internet and intranet networks is constantly
growing, and the testing and experimentation of cyber defense solutions
requires the availability of separate, test environments that best emulate the
complexity of a real system. Such environments support the deployment and
monitoring of complex mission-driven network scenarios, thus enabling the study
of cyber defense strategies under real and controllable traffic and attack
scenarios. In this paper, we propose a methodology that makes use of a
combination of techniques of network and security assessment, and the use of
cloud technologies to build an emulation environment with adjustable degree of
affinity with respect to actual reference networks or planned systems. As a
byproduct, starting from a specific study case, we collected a dataset
consisting of complete network traces comprising benign and malicious traffic,
which is feature-rich and publicly available
Assessing and augmenting SCADA cyber security: a survey of techniques
SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability
Recommended from our members
The THREAT-ARREST Cyber-Security Training Platform
Cyber security is always a main concern for critical infrastructures and nation-wide safety and sustainability. Thus, advanced cyber ranges and security training is becoming imperative for the involved organizations. This paper presets a cyber security training platform, called THREAT-ARREST. The various platform modules can analyze an organization’s system, identify the most critical threats, and tailor a training program to its personnel needs. Then, different training programmes are created based on the trainee types (i.e. administrator, simple operator, etc.), providing several teaching procedures and accomplishing diverse learning goals. One of the main novelties of THREAT-ARREST is the modelling of these programmes along with the runtime monitoring, management, and evaluation operations. The platform is generic. Nevertheless, its applicability in a smart energy case study is detailed
Stochastic Tools for Network Intrusion Detection
With the rapid development of Internet and the sharp increase of network
crime, network security has become very important and received a lot of
attention. We model security issues as stochastic systems. This allows us to
find weaknesses in existing security systems and propose new solutions.
Exploring the vulnerabilities of existing security tools can prevent
cyber-attacks from taking advantages of the system weaknesses. We propose a
hybrid network security scheme including intrusion detection systems (IDSs) and
honeypots scattered throughout the network. This combines the advantages of two
security technologies. A honeypot is an activity-based network security system,
which could be the logical supplement of the passive detection policies used by
IDSs. This integration forces us to balance security performance versus cost by
scheduling device activities for the proposed system. By formulating the
scheduling problem as a decentralized partially observable Markov decision
process (DEC-POMDP), decisions are made in a distributed manner at each device
without requiring centralized control. The partially observable Markov decision
process (POMDP) is a useful choice for controlling stochastic systems. As a
combination of two Markov models, POMDPs combine the strength of hidden Markov
Model (HMM) (capturing dynamics that depend on unobserved states) and that of
Markov decision process (MDP) (taking the decision aspect into account).
Decision making under uncertainty is used in many parts of business and
science.We use here for security tools.We adopt a high-quality approximation
solution for finite-space POMDPs with the average cost criterion, and their
extension to DEC-POMDPs. We show how this tool could be used to design a
network security framework.Comment: Accepted by International Symposium on Sensor Networks, Systems and
Security (2017
Enabling Adaptive Grid Scheduling and Resource Management
Wider adoption of the Grid concept has led to an increasing amount of federated
computational, storage and visualisation resources being available to scientists and
researchers. Distributed and heterogeneous nature of these resources renders most of the
legacy cluster monitoring and management approaches inappropriate, and poses new
challenges in workflow scheduling on such systems. Effective resource utilisation monitoring
and highly granular yet adaptive measurements are prerequisites for a more efficient Grid
scheduler. We present a suite of measurement applications able to monitor per-process
resource utilisation, and a customisable tool for emulating observed utilisation models. We
also outline our future work on a predictive and probabilistic Grid scheduler. The research is
undertaken as part of UK e-Science EPSRC sponsored project SO-GRM (Self-Organising
Grid Resource Management) in cooperation with BT
Network attack detection at flow level
In this paper, we propose a new method for detecting unauthorized network
intrusions, based on a traffic flow model and Cisco NetFlow protocol
application. The method developed allows us not only to detect the most common
types of network attack (DDoS and port scanning), but also to make a list of
trespassers' IP-addresses. Therefore, this method can be applied in intrusion
detection systems, and in those systems which lock these IP-addresses
- …