scholarly journals Blockchain and Random Subspace Learning-Based IDS for SDN-Enabled Industrial IoT Security

Sensors ◽  
2019 ◽  
Vol 19 (14) ◽  
pp. 3119 ◽  
Author(s):  
Abdelouahid Derhab ◽  
Mohamed Guerroumi ◽  
Abdu Gumaei ◽  
Leandros Maglaras ◽  
Mohamed Amine Ferrag ◽  
...  
Keyword(s):  
Detection System ◽  
Subspace Learning ◽  
Cyber Attacks ◽  
Security Architecture ◽  
Random Subspace ◽  
Cyber Attack ◽  
K Nearest Neighbor ◽  
Industrial Control ◽  
Novel Technologies ◽  
Industrial Iot

The industrial control systems are facing an increasing number of sophisticated cyber attacks that can have very dangerous consequences on humans and their environments. In order to deal with these issues, novel technologies and approaches should be adopted. In this paper, we focus on the security of commands in industrial IoT against forged commands and misrouting of commands. To this end, we propose a security architecture that integrates the Blockchain and the Software-defined network (SDN) technologies. The proposed security architecture is composed of: (a) an intrusion detection system, namely RSL-KNN, which combines the Random Subspace Learning (RSL) and K-Nearest Neighbor (KNN) to defend against the forged commands, which target the industrial control process, and (b) a Blockchain-based Integrity Checking System (BICS), which can prevent the misrouting attack, which tampers with the OpenFlow rules of the SDN-enabled industrial IoT systems. We test the proposed security solution on an Industrial Control System Cyber attack Dataset and on an experimental platform combining software-defined networking and blockchain technologies. The evaluation results demonstrate the effectiveness and efficiency of the proposed security solution.

Building a Cybersecurity Culture in the Industrial Control System Environment

2019 ◽  
Vol 8 (1) ◽  
pp. 39-44
Author(s):  
Claudia ARAUJO MACEDO ◽  
Jos MENTING
Keyword(s):  
Control System ◽  
Control Systems ◽  
Cyber Attacks ◽  
Cyber Attack ◽  
Industrial Control System ◽  
Security Measures ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
System A ◽  
Educational Processes

Cybersecurity in industrial control system environments has become a significant concern and is even more relevant in the context of critical infrastructures where control system disruption could have a profound impact on health, safety and the environment. This makes this type of system a major target for malicious activities. Notwithstanding an organization’s interest in protecting its industrial control systems against cyber-attacks, the implementation of security measures, whether technical, organizational or human, still faces resistance and is often seen as a constraint. Using the best technology to protect industrial control systems makes no sense if persons with access do not act attentively and protectively. Technical and human cybersecurity measures are intrinsically linked, and it is essential that all persons with access to these systems are fully aware of the inherent cyber risks. Organizations must also act so that staff receive appropriate training on how to keep systems continuously protected against cyber-attack when carrying out their daily tasks. These educational processes can contribute to building an effective cybersecurity culture fully reflective of management and staff attitudes, so that the availability, integrity and confidentiality of information in industrial control systems can be assured.

scholarly journals A review: towards practical attack taxonomy for industrial control systems

2018 ◽  
Vol 7 (2.14) ◽  
pp. 145 ◽  
Author(s):  
Qais Saif Qassim ◽  
Norziana Jamil ◽  
Razali Jidin ◽  
Mohd Ezanee Rusli ◽  
Md Nabil Ahmad Zawawi ◽  
...  
Keyword(s):  
Control Systems ◽  
Supervisory Control ◽  
Cyber Attacks ◽  
Critical Infrastructures ◽  
Cyber Attack ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Scada System ◽  
Water Transportation ◽  
Different Types

Supervisory Control and Data Acquisition (SCADA) system is the underlying control system of most national critical infrastructures such as power, energy, water, transportation and telecommunication. In order to understand the potential threats to these infrastructures and the mechanisms to protect them, different types of cyber-attacks applicable to these infrastructures need to be identified. Therefore, there is a significant need to have a comprehensive understanding of various types of cyber-attacks and its classification associated with both Opera-tion Technology (OT) and Information Technology (IT). This paper presents a comprehensive review of existing cyber-attack taxonomies available in the literature and evaluates these taxonomies based on defined criteria.  

scholarly journals Scrutinizing Attacks and Evaluating Performance Appraisal Parameters via Feature Selection in Intrusion Detection System

2021 ◽  
Author(s):  
Navroop Kaur ◽  
Meenakshi Bansal ◽  
Sukhwinder Singh S
Keyword(s):  
Feature Selection ◽  
Performance Evaluation ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Denial Of Service ◽  
Cyber Attacks ◽  
Support Vector ◽  
K Nearest Neighbor ◽  
Evaluation Parameters

Abstract In modern times the firewall and antivirus packages are not good enough to protect the organization from numerous cyber attacks. Computer IDS (Intrusion Detection System) is a crucial aspect that contributes to the success of an organization. IDS is a software application responsible for scanning organization networks for suspicious activities and policy rupturing. IDS ensures the secure and reliable functioning of the network within an organization. IDS underwent huge transformations since its origin to cope up with the advancing computer crimes. The primary motive of IDS has been to augment the competence of detecting the attacks without endangering the performance of the network. The research paper elaborates on different types and different functions performed by the IDS. The NSL KDD dataset has been considered for training and testing. The seven prominent classifiers LR (Logistic Regression), NB (Naïve Bayes), DT (Decision Tree), AB (AdaBoost), RF (Random Forest), kNN (k Nearest Neighbor), and SVM (Support Vector Machine) have been studied along with their pros and cons and the feature selection have been imposed to enhance the reading of performance evaluation parameters (Accuracy, Precision, Recall, and F1Score). The paper elaborates a detailed flowchart and algorithm depicting the procedure to perform feature selection using XGB (Extreme Gradient Booster) for four categories of attacks: DoS (Denial of Service), Probe, R2L (Remote to Local Attack), and U2R (User to Root Attack). The selected features have been ranked as per their occurrence. The implementation have been conducted at five different ratios of 60-40%, 70-30%, 90-10%, 50-50%, and 80-20%. Different classifiers scored best for different performance evaluation parameters at different ratios. NB scored with the best Accuracy and Recall values. DT and RF consistently performed with high accuracy. NB, SVM, and kNN achieved good F1Score.

scholarly journals Digital Forensic Analysis of Industrial Control Systems Using Sandboxing: A Case of WAMPAC Applications in the Power Systems

Energies ◽  
2019 ◽  
Vol 12 (13) ◽  
pp. 2598
Author(s):  
Asif Iqbal ◽  
Farhan Mahmood ◽  
Mathias Ekstedt
Keyword(s):  
Power Systems ◽  
Control Systems ◽  
Forensic Analysis ◽  
Cyber Attacks ◽  
Power Grids ◽  
Cyber Attack ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Daubert Standard ◽  
And Control

In today’s connected world, there is a tendency of connectivity even in the sectors which conventionally have been not so connected in the past, such as power systems substations. Substations have seen considerable digitalization of the grid hence, providing much more available insights than before. This has all been possible due to connectivity, digitalization and automation of the power grids. Interestingly, this also means that anybody can access such critical infrastructures from a remote location and gone are the days of physical barriers. The power of connectivity and control makes it a much more challenging task to protect critical industrial control systems. This capability comes at a price, in this case, increasing the risk of potential cyber threats to substations. With all such potential risks, it is important that they can be traced back and attributed to any potential threats to their roots. It is extremely important for a forensic investigation to get credible evidence of any cyber-attack as required by the Daubert standard. Hence, to be able to identify and capture digital artifacts as a result of different attacks, in this paper, the authors have implemented and improvised a forensic testbed by implementing a sandboxing technique in the context of real time-hardware-in-the-loop setup. Newer experiments have been added by emulating the cyber-attacks on WAMPAC applications, and collecting and analyzing captured artifacts. Further, using sandboxing for the first time in such a setup has proven helpful.

scholarly journals Ubiquitous Control of a CNC Machine: Proof of Concept for Industrial IoT Applications

Information ◽  
2021 ◽  
Vol 12 (12) ◽  
pp. 529
Author(s):  
Stefan A. Aebersold ◽  
Mobayode O. Akinsolu ◽  
Shafiul Monir ◽  
Martyn L. Jones
Keyword(s):  
Information Exchange ◽  
Cyber Attacks ◽  
Integrated System ◽  
Numerical Control ◽  
Raspberry Pi ◽  
Proof Of Concept ◽  
Cnc Machine ◽  
Industrial Control ◽  
Single Board Computer ◽  
Industrial Iot

In this paper, an integrated system to control and manage a state-of-the-art industrial computer numerical control (CNC) machine (Studer S33) using a commercially available tablet (Samsung Galaxy Tablet S2) is presented as a proof of concept (PoC) for the ubiquitous control of industrial machines. As a PoC, the proposed system provides useful insights to support the further development of full-fledged systems for Industrial Internet of Things (IIoT) applications. The proposed system allows for the quasi-decentralisation of the control architecture of conventional programmable logic controller (PLC)-based industrial control systems (ICSs) through data and information exchange over the transmission control protocol and the internet protocol (TCP/IP) suite using multiple agents. Based on the TCP/IP suite, a network device (Samsung Galaxy Tablet S2) and a process field net (PROFINET) device (Siemens Simatic S7-1200) are interfaced using a single-board computer (Raspberry Pi 4). An override system mainly comprising emergency stop and acknowledge buttons is also configured using the single-board computer. The input signals from the override system are transmitted to the PROFINET device (i.e., the industrial control unit (ICU)) over TCP/IP. A fully functional working prototype is realised as a PoC for an integrated system designated for the wireless and ubiquitous control of the CNC machine. The working prototype as an entity mainly comprises a mobile (handheld) touch-sensitive human-machine interface (HMI), a shielded single-board computer, and an override system, all fitted into a compact case with physical dimensions of 300 mm by 180 mm by 175 mm. To avert potential cyber attacks or threats to a reasonable extent and to guarantee the security of the PoC, a multi-factor authentication (MFA) including an administrative password and an IP address is implemented to control the access to the web-based ubiquitous HMI proffered by the PoC.

scholarly journals Cybersecurity in Automotive: An Intrusion Detection System in Connected Vehicles

Electronics ◽  
2021 ◽  
Vol 10 (15) ◽  
pp. 1765
Author(s):  
Francesco Pascale ◽  
Ennio Andrea Adinolfi ◽  
Simone Coppola ◽  
Emanuele Santonicola
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Cyber Attacks ◽  
Connected Vehicles ◽  
Area Network ◽  
Automotive Sector ◽  
Cyber Attack ◽  
Data Set ◽  
Evaluation Parameters

Today’s modern vehicles are connected to a network and are considered smart objects of IoT, thanks to the capability to send and receive data from the network. One of the greatest challenges in the automotive sector is to make the vehicle secure and reliable. In fact, there are more connected instruments on a vehicle, such as the infotainment system and/or data interchange systems. Indeed, with the advent of new paradigms, such as Smart City and Smart Road, the vision of Internet of Things has evolved substantially. Today, we talk about the V2X systems in which the vehicle is strongly connected with the rest of the world. In this scenario, the main aim of all connected vehicles vendors is to provide a secure system to guarantee the safety of the drive and persons against a possible cyber-attack. So, in this paper, an embedded Intrusion Detection System (IDS) for the automotive sector is introduced. It works by adopting a two-step algorithm that provides detection of a possible cyber-attack. In the first step, the methodology provides a filter of all the messages on the Controller Area Network (CAN-Bus) thanks to the use of a spatial and temporal analysis; if a set of messages are possibly malicious, these are analyzed by a Bayesian network, which gives the probability that a given event can be classified as an attack. To evaluate the efficiency and effectiveness of our method, an experimental campaign was conducted to evaluate them, according to the classic evaluation parameters for a test’s accuracy. These results were compared with a common data set on cyber-attacks present in the literature. The first experimental results, obtained in a test scenario, seem to be interesting. The results show that our method has good correspondence in the presence of the most common cyber-attacks (DDoS, Fuzzy, Impersonating), obtaining a good score relative to the classic evaluation parameters for a test’s accuracy. These results have decreased performance when we test the system on a Free State Attack.

scholarly journals A Hybrid Framework for Intrusion Detection in Healthcare Systems Using Deep Learning

2022 ◽  
Vol 9 ◽  
Author(s):  
M. Akshay Kumaar ◽  
Duraimurugan Samiayya ◽  
P. M. Durai Raj Vincent ◽  
Kathiravan Srinivasan ◽  
Chuan-Yu Chang ◽  
...  
Keyword(s):  
Deep Learning ◽  
Intrusion Detection ◽  
Detection System ◽  
Healthcare Systems ◽  
Cyber Attacks ◽  
Optimization Techniques ◽  
Machine Learning Algorithms ◽  
Cyber Attack ◽  
Network Intrusion ◽  
Hybrid Framework

The unbounded increase in network traffic and user data has made it difficult for network intrusion detection systems to be abreast and perform well. Intrusion Systems are crucial in e-healthcare since the patients' medical records should be kept highly secure, confidential, and accurate. Any change in the actual patient data can lead to errors in the diagnosis and treatment. Most of the existing artificial intelligence-based systems are trained on outdated intrusion detection repositories, which can produce more false positives and require retraining the algorithm from scratch to support new attacks. These processes also make it challenging to secure patient records in medical systems as the intrusion detection mechanisms can become frequently obsolete. This paper proposes a hybrid framework using Deep Learning named “ImmuneNet” to recognize the latest intrusion attacks and defend healthcare data. The proposed framework uses multiple feature engineering processes, oversampling methods to improve class balance, and hyper-parameter optimization techniques to achieve high accuracy and performance. The architecture contains <1 million parameters, making it lightweight, fast, and IoT-friendly, suitable for deploying the IDS on medical devices and healthcare systems. The performance of ImmuneNet was benchmarked against several other machine learning algorithms on the Canadian Institute for Cybersecurity's Intrusion Detection System 2017, 2018, and Bell DNS 2021 datasets which contain extensive real-time and latest cyber attack data. Out of all the experiments, ImmuneNet performed the best on the CIC Bell DNS 2021 dataset with about 99.19% accuracy, 99.22% precision, 99.19% recall, and 99.2% ROC-AUC scores, which are comparatively better and up-to-date than other existing approaches in classifying between requests that are normal, intrusion, and other cyber attacks.

scholarly journals A Review of Cloud-Based Malware Detection System: Opportunities, Advances and Challenges

2021 ◽  
Vol 6 (3) ◽  
pp. 1-8
Author(s):  
Ömer Aslan ◽  
Merve Ozkan-Okay ◽  
Deepti Gupta
Keyword(s):  
Detection System ◽  
Hybrid Approach ◽  
Malware Detection ◽  
Cyber Attacks ◽  
Easy Access ◽  
Cyber Attack ◽  
Daily Lives ◽  
Advantages And Disadvantages ◽  
Detection Approach ◽  
Cloud Environments

Cloud computing has an important role in all aspects of storing information and providing services online. It brings several advantages over traditional storing and sharing schema such as an easy access, on-request storage, scalability and decreasing cost. Using its rapidly developing technologies can bring many advantages to the protection of Internet of Things (IoT), Cyber-Physical Systems (CPS) from a variety of cyber-attacks, where IoT, CPS provides facilities to humans in their daily lives. Since malicious software (malware) is increasing exponentially and there is no well-known approach to detecting malware, the usage of cloud environments to detect malware can be a promising method. A new generation of malware is using advanced obfuscation and packing techniques to escape from detection systems. This situation makes almost impossible to detect complex malware by using a traditional detection approach. The paper presents an extensive review of cloud-based malware detection approach and provides a vision to understand the benefit of cloud for protection of IoT, CPS from cyber-attack. This research explains advantages and disadvantages of cloud environments in detecting malware and also proposes a cloud-based malware detection framework, which uses a hybrid approach to detect malware.

scholarly journals Detection of cyber-attacks in systems with distributed control based on support vector regression

2020 ◽  
Vol 12 (2) ◽  
pp. 104-109
Author(s):  
Dušan Nedeljković ◽  
Živana Jakovljević ◽  
Zoran Miljković ◽  
Miroslav Pajić
Keyword(s):  
Support Vector Regression ◽  
Cyber Attacks ◽  
Support Vector ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Industrial Plants ◽  
Physical Systems ◽  
Industrial Iot ◽  
Sensor Signals ◽  
Opening Up

Concept of Industry 4.0 and implementation of Cyber Physical Systems (CPS) and Internet of Things (IoT) in industrial plants are changing the way we manufacture. Introduction of industrial IoT leads to ubiquitous communication (usually wireless) between devices in industrial control systems, thus introducing numerous security concerns and opening up wide space for potential malicious threats and attacks. As a consequence of various cyber-attacks, fatal failures can occur on system parts or the system as a whole. Therefore, security mechanisms must be developed to provide sufficient resilience to cyber-attacks and keep the system safe and protected. In this paper we present a method for detection of attacks on sensor signals, based on e insensitive support vector regression (e-SVR). The method is implemented on publicly available data obtained from Secure Water Treatment (SWaT) testbed as well as on a real-world continuous time controlled electro-pneumatic positioning system. In both cases, the method successfully detected all considered attacks (without false positives).

Sign in / Sign up

Export Citation Format

Share Document