907 research outputs found
Uncovering Vulnerable Industrial Control Systems from the Internet Core
Industrial control systems (ICS) are managed remotely with the help of
dedicated protocols that were originally designed to work in walled gardens.
Many of these protocols have been adapted to Internet transport and support
wide-area communication. ICS now exchange insecure traffic on an inter-domain
level, putting at risk not only common critical infrastructure but also the
Internet ecosystem (e.g., DRDoS~attacks).
In this paper, we uncover unprotected inter-domain ICS traffic at two central
Internet vantage points, an IXP and an ISP. This traffic analysis is correlated
with data from honeypots and Internet-wide scans to separate industrial from
non-industrial ICS traffic. We provide an in-depth view on Internet-wide ICS
communication. Our results can be used i) to create precise filters for
potentially harmful non-industrial ICS traffic, and ii) to detect ICS sending
unprotected inter-domain ICS traffic, being vulnerable to eavesdropping and
traffic manipulation attacks
Intrusion Detection in Industrial Networks via Data Streaming
Given the increasing threat surface of industrial networks due to distributed, Internet-of-Things (IoT) based system architectures, detecting intrusions in\ua0 Industrial IoT (IIoT) systems is all the more important, due to the safety implications of potential threats. The continuously generated data in such systems form both a challenge but also a possibility: data volumes/rates are high and require processing and communication capacity but they contain information useful for system operation and for detection of unwanted situations.In this chapter we explain that\ua0 stream processing (a.k.a. data streaming) is an emerging useful approach both for general applications and for intrusion detection in particular, especially since it can enable data analysis to be carried out in the continuum of edge-fog-cloud distributed architectures of industrial networks, thus reducing communication latency and gradually filtering and aggregating data volumes. We argue that usefulness stems also due to\ua0 facilitating provisioning of agile responses, i.e. due to potentially smaller latency for intrusion detection and hence also improved possibilities for intrusion mitigation. In the chapter we outline architectural features of IIoT networks, potential threats and examples of state-of-the art intrusion detection methodologies. Moreover, we give an overview of how leveraging distributed and parallel execution of streaming applications in industrial setups can influence the possibilities of protecting these systems. In these contexts, we give examples using electricity networks (a.k.a. Smart Grid systems).We conclude that future industrial networks, especially their Intrusion Detection Systems (IDSs), should take advantage of data streaming concept by decoupling semantics from the deployment
A Performance Comparison of Data Mining Algorithms Based Intrusion Detection System for Smart Grid
Smart grid is an emerging and promising technology. It uses the power of
information technologies to deliver intelligently the electrical power to
customers, and it allows the integration of the green technology to meet the
environmental requirements. Unfortunately, information technologies have its
inherent vulnerabilities and weaknesses that expose the smart grid to a wide
variety of security risks. The Intrusion detection system (IDS) plays an
important role in securing smart grid networks and detecting malicious
activity, yet it suffers from several limitations. Many research papers have
been published to address these issues using several algorithms and techniques.
Therefore, a detailed comparison between these algorithms is needed. This paper
presents an overview of four data mining algorithms used by IDS in Smart Grid.
An evaluation of performance of these algorithms is conducted based on several
metrics including the probability of detection, probability of false alarm,
probability of miss detection, efficiency, and processing time. Results show
that Random Forest outperforms the other three algorithms in detecting attacks
with higher probability of detection, lower probability of false alarm, lower
probability of miss detection, and higher accuracy.Comment: 6 pages, 6 Figure
The role of communication systems in smart grids: Architectures, technical solutions and research challenges
The purpose of this survey is to present a critical overview of smart grid concepts, with a special focus on the role that communication, networking and middleware technologies will have in the transformation of existing electric power systems into smart grids. First of all we elaborate on the key technological, economical and societal drivers for the development of smart grids. By adopting a data-centric perspective we present a conceptual model of communication systems for smart grids, and we identify functional components, technologies, network topologies and communication services that are needed to support smart grid communications. Then, we introduce the fundamental research challenges in this field including communication reliability and timeliness, QoS support, data management services, and autonomic behaviors. Finally, we discuss the main solutions proposed in the literature for each of them, and we identify possible future research directions
Deep Learning-Based Intrusion Detection System for Advanced Metering Infrastructure
Smart grid is an alternative solution of the conventional power grid which
harnesses the power of the information technology to save the energy and meet
today's environment requirements. Due to the inherent vulnerabilities in the
information technology, the smart grid is exposed to a wide variety of threats
that could be translated into cyber-attacks. In this paper, we develop a deep
learning-based intrusion detection system to defend against cyber-attacks in
the advanced metering infrastructure network. The proposed machine learning
approach is trained and tested extensively on an empirical industrial dataset
which is composed of several attack categories including the scanning, buffer
overflow, and denial of service attacks. Then, an experimental comparison in
terms of detection accuracy is conducted to evaluate the performance of the
proposed approach with Naive Bayes, Support Vector Machine, and Random Forest.
The obtained results suggest that the proposed approaches produce optimal
results comparing to the other algorithms. Finally, we propose a network
architecture to deploy the proposed anomaly-based intrusion detection system
across the Advanced Metering Infrastructure network. In addition, we propose a
network security architecture composed of two types of Intrusion detection
system types, Host and Network-based, deployed across the Advanced Metering
Infrastructure network to inspect the traffic and detect the malicious one at
all the levels.Comment: 7 pages, 6 figures. 2019 NISS19: Proceedings of the 2nd International
Conference on Networking, Information Systems & Securit
Recommended from our members
Survey in Smart Grid and Smart Home Security: Issues, Challenges and Countermeasures
The electricity industry is now at the verge of a new era. An era that promises, through the evolution of the existing electrical grids to Smart Grids, more efficient and effective power management, better reliability, reduced production costs and more environmentally friendly energy generation. Numerous initiatives across the globe, led by both industry and academia, reflect the mounting interest around the enormous benefits but also the great risks introduced by this evolution. This paper focuses on issues related to the security of the Smart Grid and the Smart Home, which we present as an integral part of the Smart Grid. Based on several scenarios we aim to present some of the most representative threats to the Smart Home / Smart Grid environment. The threats detected are categorized according to specific security goals set for the Smart Home/Smart Grid environment and their impact on the overall system security is evaluated. A review of contemporary literature is then conducted with the aim of presenting promising security countermeasures with respect to the identified specific security goals for each presented scenario. An effort to shed light on open issues and future research directions concludes the paper
- …