CRITICAL INFRASTRUCTURE TESTBED FOR CYBER-SECURITY TRAINING AND RESEARCH (4)

Critical infrastructures encompass various sectors such as energy resources, manufacturing and governmental services, which tend to be dispersed over large geographic areas. With recent technological advancements over the last decade, they have developed to be increasingly dependent on Information and Communication Technology (ICT); where control systems and the use of sensor equipment help facilitate operation. In order to sustain the ever-increasing demands, it is essential that these systems can adapt by integrating various new and existing digital technologies. However, this results in an increased vulnerability to cyber-threats. In addition, the persistently evolving global state of ICT has resulted in the emergence of sophisticated cyber-threats. As dependence upon critical infrastructure systems continues to increase, so too does the urgency with which these systems need to be adequately protected. Unfortunately, the consequences of a successful cyber-attack can be dire, potentially resulting in the loss of life or a devastating effect on the operation of government services and the economy. Despite the seriousness of this problem, the development of new and innovative cyber-security methods are being hampered by the lack of access to real-world data for training, research and testing new design methodologies. As such, the project presented in this paper highlights an in-progress project, funded by UKAIS, for the development of an easily-replicable and affordable critical infrastructure testbed for cyber-security training and research

Predicting the Effects of DDoS Attacks on a Network of Critical Infrastructures

International audienceOver the last decade, the level of critical infrastructure technology has been steadily transforming in order to keep pace with the growing demand for the services offered. The implementation of the smart grid, which relies on a complex and intelligent level of interconnectivity, is one example of how vital amenity provision is being refined. However, with this change, the risk of threats from the digital domain must be calculated. Superior interconnectivity between infrastructures means that the future cascading impacts of successful cyber-attacks are unknown. One such threat being faced in the digital domain is the Distributed Denial of Service (DDoS) attack. A DDoS has the goal of incapacitating a server, network or service, by barraging a target with external data traffic in the form of communication requests. DDoS have the potential to cause a critical infrastructure outage, and the subsequent impact on a network of such infrastructures is yet unknown. In this paper, an approach for assessing the future impacts of a cyber-attack in a network of critical infrastructures is presented; with a focus on DDoS attacks. A simulation of a critical infrastructure network provides data to represent both normal run-time and an attack scenario. Using this dataset, a technique for assessing the future impact of disruptions on integrated critical infrastructure network, is demonstrated

Investigations into the Development of a Knowledge Transfer Platform for Business Productivity

There is a lack of access to training tools., best practice guides and knowledge repositories to help with the digital switch to Industry 4.0. Consequently., in this paper., the ProAccel (Productivity Accelerator) platform design is outlined. The system is a modular cloud-based multimedia platform that employs advanced data analytics and gamification techniques., such as Virtual Reality (VR)., to revolutionise the way productivity information is shared to support businesses in their uptake of digital technologies in the Industry 4.0 environment. We present our findings from a 4 month case study., involving over 100 UK-based companies. The resulting research was used to construct a prototype of the ProAccel platform. As an evaluation., a simulated user evaluation of the platform using a guestimate model derived from a KLM analysis is conducted as an analysis of the platform's functionality

Intrusion Detection Using Extremely Limited Data Based on SDN

In Western Europe, the number of Internet connected devices is expected to increase from the 2.3 billion devices in 2017, to 4 billion in 2022. Dealing with this growth is an increasing problem for administrators attempting to ensure that Quality of Service levels are maintained. Software Defined Networking (SDN) has been proposed as one of the solutions to some of the problems caused by this increasing volume of data, such as the time it takes to manually reconfigure switches in response to changing network conditions. SDN moves the distributed networking paradigm to a centralised solution, which is easier to manage, but comes with other issues for security focused administrators. SDN can lead to a reduction in the amount of information available for Intrusion Detection Systems (IDSs). This is because IDSs still rely on direct packet sampling techniques, which can provide more information than the aggregated view of networks SDN flow tables provide. As deep learning and other artificial intelligence techniques look likely to become more commonplace in IDSs, this reduction in information becomes an increasing problem. Many of these methods require large training sets with many features. In this paper, we propose a method to correct this imbalance through the creation of a novel framework, which will allow upwards of 90% precision on the state of the art UNSW-NB15 dataset while only using a small fraction of the features available, matching those available within a SDN environment

A Fresh Look at Combining Logs and Network Data to Detect Anomalous Activity

As data rates have increased, network administrators have increasingly turned to Software Defined Networking (SDN) to increase efficiency, as well as to react quicker to changing network states. However, as SDN flows become the norm to manage network traffic, Network Intrusion Detection Systems (NIDS) still rely on processing packet data directly using techniques such as Deep Packet Inspection (DPI). SDN flows provide only a high level representation of the packets traversing the network, reducing the amount of data available to NIDS. In particular Deep Learning based NIDS may be affected. Deep Learning has been proposed as a solution to 0-day attacks, but these models typically require large volumes of training data with many data points. This paper proposes a solution to this dilemma, by providing more data points for an IDS to monitor through the abstraction of log data generated by the flows. Past papers have shown that the quality of training data can have a marked effect on performance of Deep Learning models. This paper builds on these works by showing that high quality data points can be added in a computationally inexpensive manner, and through adding these data points, accuracy on a real world dataset can be increased by upwards of 1

Digital Memories Based Mobile User Authentication for IoT

The increasing number of devices within the IoT is raising concerns over the efficiency and exploitability of existing authentication methods. The weaknesses of such methods, in particular passwords, are well documented. Although alternative methods have been proposed, they often rely on users being able to accurately recall complex and often unmemorable information. With the profusion of separate online accounts, this can often be a difficult task. The emerging digital memories concept involves the creation of a repository of memories specific to individuals. We believe this abundance of personal data can be utilised as a form of authentication. In this paper, we propose our digital memories based two-factor authentication mechanism, and also present our promising evaluation results

Patient privacy violation detection in healthcare critical infrastructures: An investigation using density-based benchmarking

Hospital critical infrastructures have a distinct threat vector, due to (i) a dependence on legacy software; (ii) the vast levels of interconnected medical devices; (iii) the use of multiple bespoke software and that (iv) electronic devices (e.g., laptops and PCs) are often shared by multiple users. In the UK, hospitals are currently upgrading towards the use of electronic patient record (EPR) systems. EPR systems and their data are replacing traditional paper records, providing access to patients' test results and details of their overall care more efficiently. Paper records are no-longer stored at patients' bedsides, but instead are accessible via electronic devices for the direct insertion of data. With over 83% of hospitals in the UK moving towards EPRs, access to this healthcare data needs to be monitored proactively for malicious activity. It is paramount that hospitals maintain patient trust and ensure that the information security principles of integrity, availability and confidentiality are upheld when deploying EPR systems. In this paper, an investigation methodology is presented towards the identification of anomalous behaviours within EPR datasets. Many security solutions focus on a perimeter-based approach; however, this approach alone is not enough to guarantee security, as can be seen from the many examples of breaches. Our proposed system can be complementary to existing security perimeter solutions. The system outlined in this research employs an internal-focused methodology for anomaly detection by using the Local Outlier Factor (LOF) and Density-Based Spatial Clustering of Applications with Noise (DBSCAN) algorithms for benchmarking behaviour, for assisting healthcare data analysts. Out of 90,385 unique IDs, DBSCAN finds 102 anomalies, whereas 358 are detected using LOF

An ensemble detection model using multinomial classification of stochastic gas smart meter data to improve wellbeing monitoring in smart cities

Fuel poverty has a negative impact on the wellbeing of individuals within a household; affecting not only comfort levels but also increased levels of seasonal mortality. Wellbeing solutions within this sector are moving towards identifying how the needs of people in vulnerable situations can be improved or monitored by means of existing supply networks and public institutions. Therefore, the focus of this research is towards wellbeing monitoring solution, through the analysis of gas smart meter data. Gas smart meters replace the traditional analogue electro-mechanical and diaphragm-based meters that required regular reading. They have received widespread popularity over the last 10 years. This is primarily due to the fact that by using this technology, customers are able to adapt their consumption behaviours based on real-time information provided by In-Home Devices. Yet, the granular nature of the datasets generated has also meant that this technology is ideal for further scalable wellbeing monitoring applications. For example, the autonomous detection of households at risk of energy poverty is possible and of growing importance in order to face up to the impacts of fuel poverty, quality of life and wellbeing of low-income housing. However, despite their popularity (smart meters), the analysis of gas smart meter data has been neglected. In this paper, an ensemble model is proposed to achieve autonomous detection, supported by four key measures from gas usage patterns, consisting of i) a tariff detection, ii) a temporally-aware tariff detection, iii) a routine consumption detection and iv) an age-group detection. Using a cloud-based machine learning platform, the proposed approach yielded promising classification results of up to 84.1% Area Under Curve (AUC), when the Synthetic Minority Over-sampling Technique (SMOTE) was utilised