22 research outputs found
A Two-stage Flow-based Intrusion Detection Model ForNext-generation Networks
The next-generation network provides state-of-the-art access-independent services over converged mobile and fixed networks. Security in the converged network environment is a major challenge. Traditional packet and protocol-based intrusion detection techniques cannot be used in next-generation networks due to slow throughput, low accuracy and their inability to inspect encrypted payload. An alternative solution for protection of next-generation networks is to use network flow records for detection of malicious activity in the network traffic. The network flow records are independent of access networks and user applications. In this paper, we propose a two-stage flow-based intrusion detection system for next-generation networks. The first stage uses an enhanced unsupervised one-class support vector machine which separates malicious flows from normal network traffic. The second stage uses a self-organizing map which automatically groups malicious flows into different alert clusters. We validated the proposed approach on two flow-based datasets and obtained promising results
Anterior ischemic stroke: Comparison of two clinical outcome prediction scores through the investigation of cerebral collaterals using multiphase CT angiography
International audienc
Zvýšenà viditelnosti komunikace IEC ve smart gridu
Energy systems like smart grids are part of critical infrastructure and their interruption or blackout may have fatal consequences on energy production, distribution, and eventually the life of individual people. In order to secure communication in Industrial Control Systems (ICS) and detect cyber attacks on smart grids, we need to increase visibility of ICS communication so that an operator can see what commands are sent between ICS devices. Security monitoring of ICS transmission requires (i) retrieving monitoring data from ICS packets, (ii) processing and analyzing extracted data, (iii) visualizing the passing communication to the operator. The proposed work presents a concept of ICS flow monitoring system that extracts meta data from ICS packet headers and creates ICS flow records similarly to Netflow/IPFIX system. ICS flows represent communication in the smart grid network that is further visualized using dashboard and communication charts. Unlike traditional monitoring approach that works with network and transport layer data only, we extend flow monitoring to application layer with focus on ICS protocols. The proposed approach is demonstrated on monitoring IEC 60870-5-104 communication.EnergetickĂ© systĂ©my, jako jsou napĹ™Ăklad chytrĂ© energetickĂ© sĂtÄ› Smart Grid, tvořà kritickou infrastrukturu a jejich pĹ™erušenĂ ÄŤi vĂ˝padek mohou mĂt fatálnĂ dĹŻsledky na produkci a pĹ™enos energie, pĹ™ĂpadnÄ› i životy lidĂ. K zabezpeÄŤenĂ komunikace prĹŻmyslovĂ˝ch Ĺ™ĂdĂcĂch systĂ©mĹŻ ICS a k detekci kybernetickĂ˝ch ĂştokĹŻ na tyto systĂ©my potĹ™ebujeme zvýšit viditelnost komunikace ICS tak, aby operátor mohl sledovat pĹ™edávanĂ© zprávy. BezpeÄŤnostnĂ monitorovánĂ ICS pĹ™enosĹŻ zahrnuje extrakci informacĂ z ICS paketĹŻ, zpracovánĂ a analĂ˝zu extrahovanĂ˝ch dat a vizualizaci probĂhajĂcĂ komunikace operátorovi. Tento ÄŤlánek ukazuje koncept monitorovánĂ tokĹŻ ICS rozšĂĹ™enĂm Netflow/IPFIX systĂ©mu. ICS toky pak reprezentujĂ komunikaci v ICS systĂ©mu, která mĹŻĹľe bĂ˝t znázornÄ›na na Ĺ™ĂdĂcĂm panelu operátora. NarozdĂl od tradiÄŤnĂho monitorovánĂ, kterĂ© sleduje pouze sĂĹĄovou a transportnĂ vrstvu, jsme rozšĂĹ™ili sbÄ›r dat i na protokoly ICS. NavrhovanĂ˝ postup je demonstrován na komunikaci IEC 60870-5-104