22 research outputs found
SecureCyber: An SDN-Enabled SIEM for Enhanced Cybersecurity in the Industrial Internet of Things
The proliferation of smart technologies has undeniably brought forth numerous advantages. However, it has also introduced critical security issues and vulnerabilities that need to be addressed. In response, the development of appropriate and continuously adaptable countermeasures is essential to ensure the uninterrupted operation of critical environments. This paper presents an innovative approach through the introduction of an Software-Defined Networking (SDN)-enabled Security Information and Event Management (SIEM) system. The proposed SIEM solution effectively combines the power of Artificial Intelligence (AI) and SDN to protect Industrial Internet of Things (IIoT) applications. Leveraging AI capabilities, the SDN-enabled SIEM is capable of detecting a wide range of cyberattacks and anomalies that pose potential threats to IIoT environments. On the other hand, SDN plays a crucial role in mitigating identified risks and ensuring the security of IIoT applications. In particular, AI-driven insights and analysis guide the SDN-C in selecting appropriate mitigation actions to neutralize detected threats effectively. The experimental results demonstrate the efficiency of the proposed solution
Recommended from our members
ARIES: a novel multivariate intrusion detection system for smart grid
The advent of the Smart Grid (SG) raises severe cybersecurity risks that can lead to devastating consequences. In this paper, we present a novel anomaly-based Intrusion Detection System (IDS), called ARIES (smArt gRid Intrusion dEtection System), which is capable of protecting efficiently SG communications. ARIES combines three detection layers that are devoted to recognising possible cyberattacks and anomalies against (a) network flows, (b) Modbus/Transmission Control Protocol (TCP) packets and (c) operational data. Each detection layer relies on a Machine Learning (ML) model trained using data originating from a power plant. In particular, the first layer (network flow-based detection) performs a supervised multiclass classification, recognising Denial of Service (DoS), brute force attacks, port scanning attacks and bots. The second layer (packet-based detection) detects possible anomalies related to the Modbus packets, while the third layer (operational data based detection) monitors and identifies anomalies upon operational data (i.e., time series electricity measurements). By emphasising on the third layer, the ARIES Generative Adversarial Network (ARIES GAN) with novel error minimisation functions was developed, considering mainly the reconstruction difference. Moreover, a novel reformed conditional input was suggested, consisting of random noise and the signal features at any given time instance. Based on the evaluation analysis, the proposed GAN network overcomes the efficacy of conventional ML methods in terms of Accuracy and the F1 score
Multimodal Explainable Artificial Intelligence: A Comprehensive Review of Methodological Advances and Future Research Directions
The current study focuses on systematically analyzing the recent advances in
the field of Multimodal eXplainable Artificial Intelligence (MXAI). In
particular, the relevant primary prediction tasks and publicly available
datasets are initially described. Subsequently, a structured presentation of
the MXAI methods of the literature is provided, taking into account the
following criteria: a) The number of the involved modalities, b) The stage at
which explanations are produced, and c) The type of the adopted methodology
(i.e. mathematical formalism). Then, the metrics used for MXAI evaluation are
discussed. Finally, a comprehensive analysis of current challenges and future
research directions is provided.Comment: 26 pages, 11 figure
Data Protection and Cybersecurity Certification Activities and Schemes in the Energy Sector
Cybersecurity concerns have been at the forefront of regulatory reform in the European Union (EU) recently. One of the outcomes of these reforms is the introduction of certification schemes for information and communication technology (ICT) products, services and processes, as well as for data processing operations concerning personal data. These schemes aim to provide an avenue for consumers to assess the compliance posture of organisations concerning the privacy and security of ICT products, services and processes. They also present manufacturers, providers and data controllers with the opportunity to demonstrate compliance with regulatory requirements through a verifiable third-party assessment. As these certification schemes are being developed, various sectors, including the electrical power and energy sector, will need to access the impact on their operations and plan towards successful implementation. Relying on a doctrinal method, this paper identifies relevant EU legal instruments on data protection and cybersecurity certification and their interpretation in order to examine their potential impact when applying certification schemes within the Electrical Power and Energy System (EPES) domain. The result suggests that the EPES domain employs different technologies and services from diverse areas, which can result in the application of several certification schemes within its environment, including horizontal, technological and sector-specific schemes. This has the potential for creating a complex constellation of implementation models and would require careful design to avoid proliferation and disincentivising of stakeholders. © 2022 by the authors. Licensee MDPI, Basel, Switzerland
Explainable AI-based Intrusion Detection in the Internet of Things
The revolution of Artificial Intelligence (AI) has brought about a significant evolution in the landscape of cyberattacks. In particular, with the increasing power and capabilities of AI, cyberattackers can automate tasks, analyze vast amounts of data, and identify vulnerabilities with greater precision. On the other hand, despite the multiple benefits of the Internet of Things (IoT), it raises severe security issues. Therefore, it is evident that the presence of efficient intrusion detection mechanisms is critical. Although Machine Learning (ML) and Deep Learning (DL)-based IDS have already demonstrated their detection efficiency, they still suffer from false alarms and explainability issues that do not allow security administrators to trust them completely compared to conventional signature/specification-based IDS. In light of the aforementioned remarks, in this paper, we introduce an AI-powered IDS with explainability functions for the IoT. The proposed IDS relies on ML and DL methods, while the SHapley Additive exPlanations (SHAP) method is used to explain decision-making. The evaluation results demonstrate the efficiency of the proposed IDS in terms of detection performance and explainable AI (XAI)
Hunting IoT Cyberattacks With AI - Powered Intrusion Detection
The rapid progression of the Internet of Things allows the seamless integration of cyber and physical environments, thus creating an overall hyper-connected ecosystem. It is evident that this new reality provides several capabilities and benefits, such as real-time decision-making and increased efficiency and productivity. However, it also raises crucial cybersecurity issues that can lead to disastrous consequences due to the vulnerable nature of the Internet model and the new cyber risks originating from the multiple and heterogeneous technologies involved in the loT. Therefore, intrusion detection and prevention are valuable and necessary mechanisms in the arsenal of the loT security. In light of the aforementioned remarks, in this paper, we introduce an Artificial Intelligence (AI)-powered Intrusion Detection and Prevention System (IDPS) that can detect and mitigate potential loT cyberattacks. For the detection process, Deep Neural Networks (DNNs) are used, while Software Defined Networking (SDN) and Q-Learning are combined for the mitigation procedure. The evaluation analysis demonstrates the detection efficiency of the proposed IDPS, while Q- Learning converges successfully in terms of selecting the appropriate mitigation action
Evaluating the Energy Efficiency of Few-Shot Learning for Object Detection in Industrial Settings
In the ever-evolving era of Artificial Intelligence (AI), model performance
has constituted a key metric driving innovation, leading to an exponential
growth in model size and complexity. However, sustainability and energy
efficiency have been critical requirements during deployment in contemporary
industrial settings, necessitating the use of data-efficient approaches such as
few-shot learning. In this paper, to alleviate the burden of lengthy model
training and minimize energy consumption, a finetuning approach to adapt
standard object detection models to downstream tasks is examined. Subsequently,
a thorough case study and evaluation of the energy demands of the developed
models, applied in object detection benchmark datasets from volatile industrial
environments is presented. Specifically, different finetuning strategies as
well as utilization of ancillary evaluation data during training are examined,
and the trade-off between performance and efficiency is highlighted in this
low-data regime. Finally, this paper introduces a novel way to quantify this
trade-off through a customized Efficiency Factor metric.Comment: 7 pages, 6 figures, 4 table
Dynamic risk assessment and certification in the power grid : a collaborative approach
Publisher Copyright: © 2022 IEEE.The digitisation of the typical electrical grid introduces valuable services, such as pervasive control, remote monitoring and self-healing. However, despite the benefits, cybersecurity and privacy issues can result in devastating effects or even fatal accidents, given the interdependence between the energy sector and other critical infrastructures. Large-scale cyber attacks, such as Indostroyer and DragonFly have already demonstrated the weaknesses of the current electrical grid with disastrous consequences. Based on the aforementioned remarks, both academia and industry have already designed various cybersecurity standards, such as IEC 62351. However, dynamic risk assessment and certification remain crucial aspects, given the sensitive nature of the electrical grid. On the one hand, dynamic risk assessment intends to re-compute the risk value of the affected assets and their relationships in a dynamic manner based on the relevant security events and alarms. On the other hand, based on the certification process, new approach for the dynamic management of the security need to be defined in order to provide adaptive reaction to new threats. This paper presents a combined approach, showing how both aspects can be applied in a collaborative manner in the smart electrical grid.∗This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 101021936. †A. Liatifis, P. Radoglou-Grammatikis and P. Sarigiannidis are with the Department of Electrical and Computer Engineering, University of Western Macedonia, Kozani 50100, Greece - E-Mail: {aliatifis, pradoglou, psarigiannidis}@uowm.gr ‡P. Rufaza Alcazar and A. Skarmeta are with the Department of Information and Communications Engineering, University of Murcia, Murcia 30100, Spain -E-Mail: {perdro.ruzafaa, askarmeta}@um.es § D. Papamartzivanos, S. Menesidou, and T. Krousarlis are with UBITECH Limited, 26 Nikou & Despinas Pattchi, Limassol 3071, Cyprus - E-mail: {dpapamartz, smenesidou, tkrousarlis}@ubitech.com ¶M. Alberto and I. Angulo are with TECNALIA, Basque Research and Technology Alliance (BRTA), Parque Cientifico Y Tecnologico De Bizkaia, Astondo Bidea, Edificio 700, Derio Bizkaia 48160, Spain - E-mail: {Alberto.Molinuevo, inaki.angulo}@tecnalia.com ∥A. Sarigiannidis is with the Sidroco Holdings Ltd, Nicosia, Cyprus - E-Mail: [email protected] ∗∗T. Lagkas is with the Department of Computer Science, International Hellenic University, Kavala Campus, 65404, Greece - E-Mail: [email protected] ††V. Argyriou is with the Department of Networks and Digital Media, Kingston University London, Penrhyn Road, Kingston upon Thames, Surrey KT1 2EE, UK - E-Mail: [email protected] reviewe
ELECTRON: An Architectural Framework for Securing the Smart Electrical Grid with Federated Detection, Dynamic Risk Assessment and Self-Healing
The electrical grid has significantly evolved over the years, thus creating a smart paradigm, which is well known as the smart electrical grid. However, this evolution creates critical cybersecurity risks due to the vulnerable nature of the industrial systems and the involvement of new technologies. Therefore, in this paper, the ELECTRON architecture is presented as an integrated platform to detect, mitigate and prevent potential cyberthreats timely. ELECTRON combines both cybersecurity and energy defence mechanisms in a collaborative way. The key aspects of ELECTRON are (a) dynamic risk assessment, (b) asset certification, (c) federated intrusion detection and correlation, (d) Software Defined Networking (SDN) mitigation, (e) proactive islanding and (f) cybersecurity training and certification