Analysis and characterisation of botnet scan traffic

Botnets compose a major source of malicious activity over a network and their early identification and detection is considered as a top priority by security experts. The majority of botmasters rely heavily on a scan procedure in order to detect vulnerable hosts and establish their botnets via a command and control (C&C) server. In this paper we examine the statistical characteristics of the scan process invoked by the Mariposa and Zeus botnets and demonstrate the applicability of conditional entropy as a robust metric for profiling it using real pre-captured operational data. Our analysis conducted on real datasets demonstrates that the distributional behaviour of conditional entropy for Mariposa and Zeus-related scan flows differs significantly from flows manifested by the commonly used NMAP scans. In contrast with the typically used by attackers Stealth and Connect NMAP scans, we show that consecutive scanning flows initiated by the C&C servers of the examined botnets exhibit a high dependency between themselves in regards of their conditional entropy. Thus, we argue that the observation of such scan flows under our proposed scheme can sufficiently aid network security experts towards the adequate profiling and early identification of botnet activity

Short term power load forecasting using Deep Neural Networks

Accurate load forecasting greatly influences the planning processes undertaken in operation centres of energy providers that relate to the actual electricity generation, distribution, system maintenance as well as electricity pricing. This paper exploits the applicability of and compares the performance of the Feed-forward Deep Neural Network (FF-DNN) and Recurrent Deep Neural Network (R-DNN) models on the basis of accuracy and computational performance in the context of time-wise short term forecast of electricity load. The herein proposed method is evaluated over real datasets gathered in a period of 4 years and provides forecasts on the basis of days and weeks ahead. The contribution behind this work lies with the utilisation of a time-frequency (TF) feature selection procedure from the actual “raw” dataset that aids the regression procedure initiated by the aforementioned DNNs. We show that the introduced scheme may adequately learn hidden patterns and accurately determine the short-term load consumption forecast by utilising a range of heterogeneous sources of input that relate not necessarily with the measurement of load itself but also with other parameters such as the effects of weather, time, holidays, lagged electricity load and its distribution over the period. Overall, our generated outcomes reveal that the synergistic use of TF feature analysis with DNNs enables to obtain higher accuracy by capturing dominant factors that affect electricity consumption patterns and can surely contribute significantly in next generation power systems and the recently introduced SmartGrid

Distributed, multi-level network anomaly detection for datacentre networks

Over the past decade, numerous systems have been proposed to detect and subsequently prevent or mitigate security vulnerabilities. However, many existing intrusion or anomaly detection solutions are limited to a subset of the traffic due to scalability issues, hence failing to operate at line-rate on large, high-speed datacentre networks. In this paper, we present a two-level solution for anomaly detection leveraging independent execution and message passing semantics. We employ these constructs within a network-wide distributed anomaly detection framework that allows for greater detection accuracy and bandwidth cost saving through attack path reconstruction. Experimental results using real operational traffic traces and known network attacks generated through the Pytbull IDS evaluation framework, show that our approach is capable of detecting anomalies in a timely manner while allowing reconstruction of the attack path, hence further enabling the composition of advanced mitigation strategies. The resulting system shows high detection accuracy when compared to similar techniques, at least 20% better at detecting anomalies, and enables full path reconstruction even at small-to-moderate attack traffic intensities (as a fraction of the total traffic), saving up to 75% of bandwidth due to early attack detection

Multi-level resilience in networked environments:concepts and principles

Resilience is an essential property for critical networked environments such as utility networks (e.g. gas, water and electricity grids), industrial control systems, and communication networks. Due to the complexity of such networked environments achieving resilience is multi-dimensional since it involves a range of factors such as redundancy and connectivity of different system components as well as availability, security, dependability and fault tolerance. Hence, it is of importance to address resilience within a unified framework that considers such factors and further enables the practical composition of resilience mechanisms. In this paper we firstly introduce the concepts and principles of Multi-Level Resilience (MLR) and then demonstrate its applicability in a particular cloud-based scenario

A multi-level resilience framework for unified networked environments

Networked infrastructures underpin most social and economical interactions nowadays and have become an integral part of the critical infrastructure. Thus, it is crucial that heterogeneous networked environments provide adequate resilience in order to satisfy the quality requirements of the user. In order to achieve this, a coordinated approach to confront potential challenges is required. These challenges can manifest themselves under different circumstances in the various infrastructure components. The objective of this paper is to present a multi-level resilience approach that goes beyond the traditional monolithic resilience schemes that focus mainly on one infrastructure component. The proposed framework considers four main aspects, i.e. users, application, network and system. The latter three are part of the technical infrastructure while the former profiles the service user. Under two selected scenarios this paper illustrates how an integrated approach coordinating knowledge from the different infrastructure elements allows a more effective detection of challenges and facilitates the use of autonomic principles employed during the remediation against challenges

Secure and privacy-aware proxy mobile IPv6 protocol for vehicle-to-grid networks

Vehicle-to-Grid (V2G) networks have emerged as a new communication paradigm between Electric Vehicles (EVs) and the Smart Grid (SG). In order to ensure seamless communications between mobile EVs and the electric vehicle supply equipment, the support of ubiquitous and transparent mobile IP communications is essential in V2G networks. However, enabling mobile IP communications raises real concerns about the possibility of tracking the locations of connected EVs through their mobile IP addresses. In this paper, we employ certificate-less public key cryptography in synergy with the restrictive partially blind signature technique to construct a secure and privacy-aware proxy mobile IPv6 (SP-PMIPv6) protocol for V2G networks. SP-PMIPv6 achieves low authentication latency while protecting the identity and location privacy of the mobile EV. We evaluate the SP-PMIPv6 protocol in terms of its authentication overhead and the information-theoretic uncertainty derived by the mutual information metric to show the high level of achieved anonymity

Identifying infected energy systems in the wild

The 2016 Mirai outbreak established an entirely new mindset in the history of large-scale Internet attacks. A plethora of Mirai-like variants have emerged in the last two years that are capable to infiltrate any type of device. In this paper we provide a 7-month retrospective analysis of Internet-connected energy systems that are infected by Mirai-like malware variants. By utilizing network measurements from several Internet vantage points, we demonstrate that a number of energy systems on a global scale were infected during the period of our observation. While past works have studied vulnerabilities and patching practises of ICS and energy systems, little information has been available on actual exploits of such vulnerabilities. Hence, we provide evidence that energy systems relying on ICS networks are often compromised by vulnerabilities in non-ICS devices (routers, servers and IoT devices) which provide foothold for lateral network attacks. Our work offers a first look in compromised energy systems by malware infections, and offers insights on the lack of proper security practices for systems that are increasingly dependent on internet services and more recently the IoT. In addition, we indicate that such systems were infected for relatively large periods, thus potentially remaining undetected by their corresponding organizational units

A programmable SDN+NFV-based architecture for UAV telemetry monitoring

The explosive growth in the worldwide use of Unmanned Aerial Vehicles (UAVs) has raised a critical concern with respect to the adequate management of their ad hoc network configuration as required by their mobility management process. As UAVs migrate among ground control stations, associated network services, routing and operational control must also rapidly migrate to ensure a seamless transition. In this paper, we present a novel, lightweight and modular architecture which supports high mobility and situational-awareness through the application of Software Defined Networking (SDN) and Network Function Virtualization (NFV) principles on top of the UAV infrastructure. By combining SDN+NFV programmability we can achieve a robust migration of UAV-related network services, such as network monitoring and anomaly detection as well as smooth UAV migration that confronts high mobility requirements. The proposed container-based monitoring and anomaly detection Network Functions (NFs) as employed within our architecture can be tuned to specific UAV types providing operators better insight during live, high-mobility deployments. We evaluate our architecture against telemetry from over 80 flights from a scientific research UAV infrastructure showing our ability to tune and detect emerging challenges

Adaptive Energy Theft Detection in Smart Grids Using Self-Learning With Dual Neural Network

Energy theft is an extremely prominent challenge causing significant energy and revenue losses for utility providers worldwide. The introduction of advanced metering infrastructures consisting of smart meter deployments has undeniably extended the attack surface, enabling individual consumers or prosumers to trigger composite energy theft attack vectors. In this work, we introduce an energy theft detection system capable of distinguishing properties of power consumption and generation theft with possible misconfigurations caused by nonmalicious intent. The proposed approach is adaptive through a self-learning operation that is updated continuously as new measurements become available. With the synergistic use of measurements collected by real PV installations and openly available weather information, the system achieves high accuracy and precision result in theft identification over streamed data measurements. Thus, it promotes low computational costs and its architecture can be easily integrated within smart grid infrastructures to realize next-generation cross-batch energy theft detection

Uncertainty-driven Ensemble Forecasting of QoS in Software Defined Networks

Software Defined Networking (SDN) is the key technology for combining networking and Cloud solutions to provide novel applications. SDN offers a number of advantages as the existing resources can be virtualized and orchestrated to provide new services to the end users. Such a technology should be accompanied by powerful mechanisms that ensure the end-to-end quality of service at high levels, thus, enabling support for complex applications that satisfy end users needs. In this paper, we propose an intelligent mechanism that agglomerates the benefits of SDNs with real-time “Big Data” forecasting analytics. The proposed mechanism, as part of the SDN controller, supports predictive intelligence by monitoring a set of network performance parameters, forecasting their future values, and deriving indications on potential service quality violations. By treating the performance measurements as time-series, our mechanism employs a novel ensemble forecasting methodology to estimate their future values. Such predictions are fed to a Type-2 Fuzzy Logic system to deliver, in real-time, decisions related to service quality violations. Such decisions proactively assist the SDN controller for providing the best possible orchestration of the virtualized resources. We evaluate the proposed mechanism w.r.t. precision and recall metrics over synthetic data