A Survey on Enterprise Network Security: Asset Behavioral Monitoring and Distributed Attack Detection

Enterprise networks that host valuable assets and services are popular and frequent targets of distributed network attacks. In order to cope with the ever-increasing threats, industrial and research communities develop systems and methods to monitor the behaviors of their assets and protect them from critical attacks. In this paper, we systematically survey related research articles and industrial systems to highlight the current status of this arms race in enterprise network security. First, we discuss the taxonomy of distributed network attacks on enterprise assets, including distributed denial-of-service (DDoS) and reconnaissance attacks. Second, we review existing methods in monitoring and classifying network behavior of enterprise hosts to verify their benign activities and isolate potential anomalies. Third, state-of-the-art detection methods for distributed network attacks sourced from external attackers are elaborated, highlighting their merits and bottlenecks. Fourth, as programmable networks and machine learning (ML) techniques are increasingly becoming adopted by the community, their current applications in network security are discussed. Finally, we highlight several research gaps on enterprise network security to inspire future research.Comment: Journal paper submitted to Elseive

SMEs, electronically-mediated working and data security: cause for concern?

Security of data is critical to the operations of firms. Without the ability to store, process and transmit data securely, operations may be compromised, with the potential for serious consequences to trading integrity. Thus the role that electronically-mediated working plays in business today and its dependency on data security is of critical interest, especially in light of the fact that much of this communication is based on the use of open networks (i.e. the Internet). This paper discusses findings from a 'WestFocus' survey on electronically-mediated working and telework amongst a sample of SMEs located in West London and adjacent counties in South-Eastern England in order to highlight the problems that such practice raises in terms of data security. Data collection involved a telephone survey undertaken in early 2006 of 378 firms classified into four industrial sectors ('Media', 'Logistics', 'Internet Services' and 'Food Processing'). After establishing how ICTs and the Internet are being exploited as business applications for small firms, data security practice is explored on the basis of sector and size with a focus on telework. The paper goes on to highlight areas of concern in terms of data security policy and training practice. Findings show some sector and size influences.WestFocus* under the Higher Education Innovation Fund (HEIF 2

SCADA Security - Slowly Circling a Disaster Area

SCADA (Supervisory Control And Data Acquisition) networks control much of the industrialised nations production and supply complexes. Various government reports and investigations have highlighted the vulnerability of these systems. Many of these systems are on private networks which are increasingly being connected to systems that are accessible from other networks such as the Internet. SCADA systems have unique security and operational requirements. However, many of the most basic security measures are missing in these networks. This examines some of these issues and proposes some technologies that could help secure these networks from attack

Cyber Attack Challenges and Resilience for Smart Grids

Date of Acceptance: 31/08/2015Peer reviewedPostprin

SCADA Honeynets: The attractiveness of honeypots as critical infrastructure security tools for the detection and analysis of advanced threats

Since the Stuxnet worm was discovered by a Belarusian security company, there has been a growing awareness of and a renewed interest in control system security. There is concern from some security researchers that the attention Stuxnet has received will have a proliferating effect. Will control systems now attract more attention from hackers, organized crime, terrorists, and foreign intelligence services? Will these attacks evolve beyond the typical virus or malware driven attacks commonly seen? Using a honeynet designed for control systems, insight into these questions will be sought by comparing the number and types of attacks received by a simulated control system with the number and types of attacks received by an IT network. Also, the usefulness of using honeynets on control systems to track adversary\u27s means and methods as well as serve as an early warning system will be explored

Machine Learning based Anomaly Detection for Cybersecurity Monitoring of Critical Infrastructures

openManaging critical infrastructures requires to increasingly rely on Information and Communi- cation Technologies. The last past years showed an incredible increase in the sophistication of attacks. For this reason, it is necessary to develop new algorithms for monitoring these infrastructures. In this scenario, Machine Learning can represent a very useful ally. After a brief introduction on the issue of cybersecurity in Industrial Control Systems and an overview of the state of the art regarding Machine Learning based cybersecurity monitoring, the present work proposes three approaches that target different layers of the control network architecture. The first one focuses on covert channels based on the DNS protocol, which can be used to establish a command and control channel, allowing attackers to send malicious commands. The second one focuses on the field layer of electrical power systems, proposing a physics-based anomaly detection algorithm for Distributed Energy Resources. The third one proposed a first attempt to integrate physical and cyber security systems, in order to face complex threats. All these three approaches are supported by promising results, which gives hope to practical applications in the next future.openXXXIV CICLO - SCIENZE E TECNOLOGIE PER L'INGEGNERIA ELETTRONICA E DELLE TELECOMUNICAZIONI - Elettromagnetismo, elettronica, telecomunicazioniGaggero, GIOVANNI BATTIST

Airborne Wireless Sensor Networks for Airplane Monitoring System

In traditional airplane monitoring system (AMS), data sensed from strain, vibration, ultrasound of structures or temperature, and humidity in cabin environment are transmitted to central data repository via wires. However, drawbacks still exist in wired AMS such as expensive installation and maintenance, and complicated wired connections. In recent years, accumulating interest has been drawn to performing AMS via airborne wireless sensor network (AWSN) system with the advantages of flexibility, low cost, and easy deployment. In this review, we present an overview of AMS and AWSN and demonstrate the requirements of AWSN for AMS particularly. Furthermore, existing wireless hardware prototypes and network communication schemes of AWSN are investigated according to these requirements. This paper will improve the understanding of how the AWSN design under AMS acquires sensor data accurately and carries out network communication efficiently, providing insights into prognostics and health management (PHM) for AMS in future

{SoK}: {An} Analysis of Protocol Design: Avoiding Traps for Implementation and Deployment

Today's Internet utilizes a multitude of different protocols. While some of these protocols were first implemented and used and later documented, other were first specified and then implemented. Regardless of how protocols came to be, their definitions can contain traps that lead to insecure implementations or deployments. A classical example is insufficiently strict authentication requirements in a protocol specification. The resulting Misconfigurations, i.e., not enabling strong authentication, are common root causes for Internet security incidents. Indeed, Internet protocols have been commonly designed without security in mind which leads to a multitude of misconfiguration traps. While this is slowly changing, to strict security considerations can have a similarly bad effect. Due to complex implementations and insufficient documentation, security features may remain unused, leaving deployments vulnerable. In this paper we provide a systematization of the security traps found in common Internet protocols. By separating protocols in four classes we identify major factors that lead to common security traps. These insights together with observations about end-user centric usability and security by default are then used to derive recommendations for improving existing and designing new protocols---without such security sensitive traps for operators, implementors and users