Designing unsupervised intrusion detection for SCADA systems

Supervisory Control and Data Acquisition (SCADA) systems have been introduced to control and monitor industrial processes and our daily critical infrastructures such as electric power generation, water distribution and waste water collection systems. In recent years, the incorporation of Commercial-Off-The-Shelf (COTS) products such as standard hardware and software platforms have begun to be used in SCADA systems. This incorporation has allowed various products from different vendors to be integrated with each other to build a SCADA system at low cost. In addition, the integration of standard protocols (e.g. TCP/IP) into COTS products has increased their connectivity, thereby increasing productivity and profitability. However, this shift from proprietary and customized products to standard ones exposes these systems to cyber threats. An awareness of the potential threats to SCADA systems and the need to reduce risk and mitigate vulnerabilities has recently become an interesting research topic in the security area. A number of security measures have been extensively used in traditional IT such as management, filtering, encryption and intrusion detection. However, such measures cannot be applied directly to SCADA systems without considering their different nature and characteristics. Moreover, none of these security measures can completely protect a system from the potential threats. However, the full complement of these measures can create a robust security system. An Intrusion Detection System (IDS) is one of the security measures that has demonstrated promising results in detecting malicious activities in traditional IT systems, and therefore it has been adapted in SCADA systems. This thesis aims to develop an efficient and accurate unsupervised SCADA data-driven IDS. Four research tasks are being addressed in this thesis. The first task is related to the development of a framework for a SCADA security testbed that is intended to be an evaluation and testing environment for SCADA security in general, and for our proposed IDS in particular. While, the last three tasks are focused on developing a set of solutions that can, together, achieve the aim of this study

Assessing and augmenting SCADA cyber security: a survey of techniques

SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability

Deep Kalman neuro fuzzy-based adaptive broadcasting scheme for Vehicular Ad Hoc Network: A context-aware approach

Vehicular Ad Hoc Networks (VANETs) are among the main enablers for future Intelligent Transportation Systems (ITSs) as they facilitate information sharing, which improves road safety, traffic efficiency, and provides passengers' comfort. Due to the dynamic nature of VANETs, vehicles need to exchange the Cooperative Awareness Messages (CAMs) more frequently to maintain network agility and preserve applications' performance. However, in many situations, broadcasting at a high rate leads to congest the communication channel, rendering VANET unreliable. Existing broadcasting schemes designed for VANET use partial context variables to control the broadcasting rate. Additionally, CAMs uncertainty, which is context-dependent has been neglected and a predefined fixed certainty threshold has been used instead, which is not suitable for the highly dynamic context. Consequently, vehicles disseminate a high rate of unnecessary CAMs which degrades VANET performance. A good broadcasting scheme should accurately determine which and when CAMs are broadcasted. To this end, this study proposes a Context-Aware Adaptive Cooperative Awareness Messages Broadcasting Scheme (CA-ABS) using combinations of Adaptive Kalman Filter, Autoregression, and Sequential Deep Learning and Fuzzy inference system. Four context variables have been used to represent the vehicular context, namely, individual driving behaviors, CAMs uncertainty, vehicle density, and traffic flow. Kalman Filter and Autoregression are used to estimate and predict the CAMs messages respectively. The deep learning model has been constructed to estimate the CAMs' uncertainties which is an important context variable that has been neglected in the previous research. Fuzzy Inference System takes context variables as input and determines an accurate broadcasting threshold and broadcasting interval. Extensive simulations have been conducted to evaluate the proposed scheme. Results show that the proposed scheme improves the CAMs delivery ratio and decreases the CAMs prediction errors

GaN/AlGaN multiple quantum wells grown on transparent and conductive (-201)-oriented β-Ga2O3 substrate for UV vertical light emitting devices

GaN/AlGaN multiple quantum wells (MQWs) are grown on a 2 ¯ 01-oriented β-Ga2O3 substrate. The optical and structural characteristics of the MQW structure are compared with those of a similar structure grown on sapphire. Scanning transmission electron microscopy and atomic force microscopy images show that the MQW structure exhibits higher crystalline quality of well-defined quantum wells when compared to a similar structure grown on sapphire. X-ray diffraction rocking curve and photoluminescence excitation analyses confirm the lower density of dislocation defects in the sample grown on a β-Ga2O3 substrate. A detailed analysis of time-integrated and time-resolved photoluminescence measurements shows that the MQWs grown on a β-Ga2O3 substrate are of higher optical quality. Our work indicates that the 2 ¯ 01-oriented β-Ga2O3 substrate can be a potential candidate for UV vertical emitting devices

Toward an Efficient Automatic Self-Augmentation Labeling Tool for Intrusion Detection Based on a Semi-Supervised Approach

Intrusion detection systems (IDSs) based on machine learning algorithms represent a key component for securing computer networks, where normal and abnormal behaviours of network traffic are automatically learned with no or limited domain experts’ interference. Most of existing IDS approaches rely on labeled predefined classes which require domain experts to efficiently and accurately identify anomalies and threats. However, it is very hard to acquire reliable, up-to-date, and sufficient labeled data for an efficient traffic intrusion detection model. To address such an issue, this paper aims to develop a novel self-automatic labeling intrusion detection approach (called SAL) which utilises only small labeled network traffic data to potentially detect most types of attacks including zero-day attacks. In particular, the proposed SAL approach has three phases including: (i) an ensemble-based decision-making phase to address the limitations of a single classifier by relying on the predictions of multi-classifiers, (ii) a function agreement phase to assign the class label based on an adaptive confidence threshold to unlabeled observations, and (iii) an augmentation labeling phase to maximise the accuracy and the efficiency of the intrusion detection systems in a classifier model and to detect new attacks and anomalies by utilising a hybrid voting-based ensemble learning approach. Experimental results on available network traffic data sets demonstrate that the proposed SAL approach achieves high performance in comparison to two well-known baseline IDSs based on machine learning algorithms

Toward an Efficient Automatic Self-Augmentation Labeling Tool for Intrusion Detection Based on a Semi-Supervised Approach

Intrusion detection systems (IDSs) based on machine learning algorithms represent a key component for securing computer networks, where normal and abnormal behaviours of network traffic are automatically learned with no or limited domain experts’ interference. Most of existing IDS approaches rely on labeled predefined classes which require domain experts to efficiently and accurately identify anomalies and threats. However, it is very hard to acquire reliable, up-to-date, and sufficient labeled data for an efficient traffic intrusion detection model. To address such an issue, this paper aims to develop a novel self-automatic labeling intrusion detection approach (called SAL) which utilises only small labeled network traffic data to potentially detect most types of attacks including zero-day attacks. In particular, the proposed SAL approach has three phases including: (i) an ensemble-based decision-making phase to address the limitations of a single classifier by relying on the predictions of multi-classifiers, (ii) a function agreement phase to assign the class label based on an adaptive confidence threshold to unlabeled observations, and (iii) an augmentation labeling phase to maximise the accuracy and the efficiency of the intrusion detection systems in a classifier model and to detect new attacks and anomalies by utilising a hybrid voting-based ensemble learning approach. Experimental results on available network traffic data sets demonstrate that the proposed SAL approach achieves high performance in comparison to two well-known baseline IDSs based on machine learning algorithms

Network classification for traffic management: anomaly detection, feature selection, clustering and classification

This authored book investigates network traffic classification solutions by proposing transport-layer methods to achieve better run and operated enterprise-scale networks

kNNVWC: An efficient k-nearest neighbours approach based on various-widths clustering

The k-Nearest Neighbour approach (k-NN) has been extensively used as a powerful non-parametric technique in many scientific and engineering applications. However, this approach incurs a large computational cost. Hence, this issue has become an active research field. In this work, a novel k-NN approach based on Various-Widths Clustering, named kNNVWC, to efficiently find k-NNs for a query object from a given data set, is presented. kNNVWC does clustering using various widths, where a data set is clustered with a global width first and each produced cluster that meets the predefined criteria is recursively clustered with its own local width that suits its distribution. This reduces the clustering time, in addition to balancing the number of produced clusters and their respective sizes. Maximum efficiency is achieved by using triangle inequality to prune unlikely clusters. Experimental results demonstrate that kNNVWC performs well in finding k-NNs for query objects compared to a number of k-NN search algorithms, especially for a data set with high dimensions, various distributions and large size

SCADAVT--A framework for SCADA security testbed based on virtualization technology

Abstract not availabl