Performance assessment of a distributed intrusion detection system in a real network scenario

The heterogeneity and complexity of modern networks and services urge the requirement for flexible and scalable security systems, which can be dynamically configured to suit the everchanging nature of security threats and user behavior patterns. In this paper we present a distributed architecture for an Intrusion Detection System, allowing for traffic analysis at different granularity levels, performed by using the best available techniques. Such architecture leverages the principle of separation of concerns, and hence proposes to build up a system comprising entities specialized in performing different tasks, appropriately orchestrated by a broker entity playing the crucial role of the mediator. This paper stresses the point that a distributed system, besides being inherently more scalable than a centralized one, allows for better detection capabilities thanks to the effective exploitation of the inner heterogeneity of the involved detection engines. In order to support our findings, we will describe the design, implementation and deployment of the proposed solution in the framework of the INTERSECTION FP7 European Project

A Data Fusion Technique to Detect Wireless Network Virtual Jamming Attacks

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Wireless communications are potentially exposed to jamming due to the openness of the medium and, in particular, to virtual jamming, which allows more energy-efficient attacks. In this paper we tackle the problem of virtual jamming attacks on IEEE 802.11 networks and present a data fusion solution for the detection of a type of virtual jamming attack (namely, NAV attacks), based on the real-time monitoring of a set of metrics. The detection performance is evaluated in a number of real scenarios

Assessing and augmenting SCADA cyber security: a survey of techniques

SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability

SCADA System Testbed for Cybersecurity Research Using Machine Learning Approach

This paper presents the development of a Supervisory Control and Data Acquisition (SCADA) system testbed used for cybersecurity research. The testbed consists of a water storage tank's control system, which is a stage in the process of water treatment and distribution. Sophisticated cyber-attacks were conducted against the testbed. During the attacks, the network traffic was captured, and features were extracted from the traffic to build a dataset for training and testing different machine learning algorithms. Five traditional machine learning algorithms were trained to detect the attacks: Random Forest, Decision Tree, Logistic Regression, Naive Bayes and KNN. Then, the trained machine learning models were built and deployed in the network, where new tests were made using online network traffic. The performance obtained during the training and testing of the machine learning models was compared to the performance obtained during the online deployment of these models in the network. The results show the efficiency of the machine learning models in detecting the attacks in real time. The testbed provides a good understanding of the effects and consequences of attacks on real SCADA environmentsComment: E-Preprin