A Study into Detecting Anomalous Behaviours within HealthCare Infrastructures

The theft of medical data, which is intrinsically valuable, can lead to loss of patient privacy and trust. With increasing requirements for valuable and accurate information, patients need to be confident that their data is being stored safely and securely. However, medical devices are vulnerable to attacks from the digital domain, with many devices transmitting data unencrypted wirelessly to electronic patient record systems. As such, it is now becoming more necessary to visualise data patterns and trends in order identify erratic and anomalous data behaviours. In this paper, a system design for modelling data flow within healthcare infrastructures is presented. The system assists information security officers within healthcare organisations to improve the situational awareness of cyber security risks. In addition, a visualisation of TCP Socket Connections using real-world network data is put forward, in order to demonstrate the framework and present an analysis of potential risks

A study into data analysis and visualisation to increase the cyber-resilience of healthcare infrastructures

© 2017 Association for Computing Machinery. In May 2017, a global ransomware campaign adversely affected approximately 48 UK hospitals. Response to the WannaCry cyber-attack resulted in many hospital networks being taken offline, and non-emergency patients being refused care. This is a clear example that data behaviour within healthcare infrastructures needs to be monitored for malicious, erratic or unusual activity. There is a perceived lack of threat within healthcare organisations with regards to cyber-security. Hospital infrastructures present a unique threat vector, with a dependence on legacy software, medical devices and bespoke software. Additionally, many PCs are shared by a number of users, all of whom use a variety of disparate IT systems. Every healthcare infrastructure configuration is unique and a one size fits all security solution cannot be applied to healthcare. Existing cyber-security technology within hospital infrastructures is typically perimeter-focused. Once a malicious user has compromised the boundary through a backdoor, there is a lack of security architecture monitoring active potential threats inside the network. Therefore, this paper presents research towards a system, which can detect unusual data behaviour through the use of advanced data analytics and visualisation techniques. Machine learning algorithms have the capability to learn patterns of data and profile users' behaviour, which can be represented visually. The proposed system is tailored to healthcare infrastructures by learning typical data behaviours and profiling users. The system adds to the defence-in-depth of the healthcare infrastructure by understanding the unique configuration of the network and autonomously analysing

Intrusion prevention within a SDN environment

Recent investigations have highlighted the complexity and interrelationship between components of the infrastructure of the internet. In an attempt to simplify the management of the infrastructure a great deal of research has taken place in the area of Software Defined Networks (SDN). This paper investigates the perceived developments in the network infrastructure and how they can be accommodated with a SDN environment. In particular the deployment of Intrusion prevention, a well-known function found in most computer networks, is investigated. A hardware design is offered as a solution and it is shown how this can be integrated into a SDN.У статті звертається особлива увага на комплексність та взаємозв'язки між компонентами інфраструктури Інтернету. Для оптимізації управління даною інфраструктурою були проведені дослідження в області Software Defined мереж (SDN). У даній статті досліджуються значущі розробки для мережевої інфраструктури і способи їх розміщення в середовищі SDN. Зокрема, досліджується розгортання системи запобігання вторгнень, що є властивою більшості комп'ютерних мереж. Також запропоновано вирішення поставленого завдання за допомогою використання конструктивних особливостей апаратних засобів і методів їх інтеграції в SDN.В статье обращается особое внимание на комплексность и взаимосвязи между компонентами инфраструктуры Интернета. Для оптимизации управления данной инфраструктурой были проведены исследования в области Software Defined сетей (SDN). В данной статье исследуются значимые разработки для сетевой инфраструктуры и способы их размещения в среде SDN. В частности, исследуется развертывание системы предотвращения вторжений, присущей большинству компьютерных сетей. Также предложено решение поставленной задачи с помощью использования конструктивных особенностей аппаратных средств и методов их интеграции в SDN

Will SDN be part of 5G?

For many, this is no longer a valid question and the case is considered settled with SDN/NFV (Software Defined Networking/Network Function Virtualization) providing the inevitable innovation enablers solving many outstanding management issues regarding 5G. However, given the monumental task of softwarization of radio access network (RAN) while 5G is just around the corner and some companies have started unveiling their 5G equipment already, the concern is very realistic that we may only see some point solutions involving SDN technology instead of a fully SDN-enabled RAN. This survey paper identifies all important obstacles in the way and looks at the state of the art of the relevant solutions. This survey is different from the previous surveys on SDN-based RAN as it focuses on the salient problems and discusses solutions proposed within and outside SDN literature. Our main focus is on fronthaul, backward compatibility, supposedly disruptive nature of SDN deployment, business cases and monetization of SDN related upgrades, latency of general purpose processors (GPP), and additional security vulnerabilities, softwarization brings along to the RAN. We have also provided a summary of the architectural developments in SDN-based RAN landscape as not all work can be covered under the focused issues. This paper provides a comprehensive survey on the state of the art of SDN-based RAN and clearly points out the gaps in the technology.Comment: 33 pages, 10 figure

Спосіб організації топології для системи «розумного будинку» на основі SDN-мереж

В бакалаврській дипломній роботі реалізовано алгоритм побудови топології та маршрутизації пакетів OpenFlow для інтеграції SDN-мереж у концепцію сфери IoT. Побудоване архітектурне рішення дозволяє обмін даними згідно з протоколом OpenFlow, що дозволяє централізоване управління, моніторинг і зручний збір статистики і спрощення обслуговування мережі. Продукт був створений у середовищі емуляції комп’ютерних мереж Mininet, логіка програми реалізована за допомогою алгоритму передачі пакетів, розробленого на мові Python.In this work for a Bachelor's Degree the algorithm of construction of topology and routing of OpenFlow packages for integration of SDN-networks into the concept of IoT sphere is realized. The built architectural solution allows data exchange according to the OpenFlow protocol, which allows centralized management, monitoring and convenient collection of statistics and simplification of network maintenance. The product was created in the Mininet computer network emulation environment, the logic of the program is implemented using a packet transmission algorithm developed in Python

An Investigation into Healthcare-Data Patterns

Visualising complex data facilitates a more comprehensive stage for conveying knowledge. Within the medical data domain, there is an increasing requirement for valuable and accurate information. Patients need to be confident that their data is being stored safely and securely. As such, it is now becoming necessary to visualise data patterns and trends in real-time to identify erratic and anomalous network access behaviours. In this paper, an investigation into modelling data flow within healthcare infrastructures is presented; where a dataset from a Liverpool-based (UK) hospital is employed for the case study. Specifically, a visualisation of transmission control protocol (TCP) socket connections is put forward, as an investigation into the data complexity and user interaction events within healthcare networks. In addition, a filtering algorithm is proposed for noise reduction in the TCP dataset. Positive results from using this algorithm are apparent on visual inspection, where noise is reduced by up to 89.84%

1 Software-Defined IDS for Securing Embedded Mobile Devices

Abstract—The increasing deployment of networked mobile embedded devices leads to unique challenges communications security. This is especially true for embedded biomedical devices and robotic materials handling, in which subversion or denial of service could result in loss of human life and other catastrophic outcomes. In this paper we present the Learning Intrusion Detection System (L-IDS), a network security service for protecting embedded mobile devices within institutional boundaries, which can be deployed alongside existing security systems with no modifications to the embedded devices. L-IDS utilizes the OpenFlow Software-Defined Networking architecture, which allows it to both detect and respond to attacks as they happen. I

A Machine Learning Framework for Securing Patient Records

This research concerns the detection of abnormal data usage and unauthorised access in large-scale critical networks, specifically healthcare infrastructures. The focus of this research is safeguarding Electronic Patient Record (EPR)systems in particular. Privacy is a primary concern amongst patients due to the rising adoption of EPR systems. There is growing evidence to suggest that patients may withhold information from healthcare providers due to lack of Trust in the security of EPRs. Yet, patient record data must be available to healthcare providers at the point of care. Roles within healthcare organisations are dynamic and relying on access control is not sufficient. Access to EPR is often heavily audited within healthcare infrastructures. However, this data is regularly left untouched in a data silo and only ever accessed on an ad hoc basis. In addition, external threats need to be identified, such as phishing or social engineering techniques to acquire a clinician’s logon credentials. Without proactive monitoring of audit records, data breaches may go undetected. This thesis proposes a novel machine learning framework using a density-based local outlier detection model, in addition to employing a Human-in-the-Loop Machine Learning (HILML) approach. The density-based outlier detection model enables patterns in EPR data to be extracted to profile user behaviour and device interactions in order to detect and visualise anomalous activities. Employing a HILML model ensures that inappropriate activity is investigated and the data analytics is continuously improving. The novel framework is able to detect 156 anomalous behaviours in an unlabelled dataset of 1,007,727 audit logs