Biblio

This paper showcases multiclass classification baselines using different machine learning algorithms and neural networks for distinguishing legitimate network traffic from direct and obfuscated network intrusions. This research derives its baselines from Advanced Security Network Metrics & Tunneling Obfuscations dataset. The dataset captured legitimate and obfuscated malicious TCP communications on selected vulnerable network services. The multiclass classification NIDS is able to distinguish obfuscated and direct network intrusion with up to 95% accuracy.

Intentional attacks1 that cause country wide blackouts, gas and water systems malfunction are actions that can be carried out by a nation to impact on another nation in a mean of war. Supervisory control and data acquisition (SCADA) networks that allow for communication for the utilities companies were designed with no security in mind causing the systems that a nation relies on to fall vulnerable to exploitation. Since SCADA networks are static in nature with pre-defined signatures of network traffic, we propose to design an anomaly-based intrusion detection system to detect abnormality in SCADA network traffic and protocols. We gather normal SCADA network traffic via tapping on the network for 30 days and then attack the network using Denial of Service (DoS) attack, message spoofing attack and man-in-the middle attack. We then train a classifier with two classes, normal and abnormal and report the classifier accuracy in detecting abnormal SCADA network traffic.

A distributed cyber control system comprises various types of assets, including sensors, intrusion detection systems, scanners, controllers, and actuators. The modeling and analysis of these components usually require multi-disciplinary approaches. This paper presents a modeling and dynamic analysis of a distributed cyber control system for situational awareness by taking advantage of control theory and time Petri net. Linear time-invariant systems are used to model the target system, attacks, assets influences, and an anomaly-based intrusion detection system. Time Petri nets are used to model the impact and timing relationships of attacks, vulnerability, and recovery at every node. To characterize those distributed control systems that are perfectly attackable, algebraic and topological attackability conditions are derived. Numerical evaluation is performed to determine the impact of attacks on distributed control system.

A distributed cyber control system comprises various types of assets, including sensors, intrusion detection systems, scanners, controllers, and actuators. The modeling and analysis of these components usually require multi-disciplinary approaches. This paper presents a modeling and dynamic analysis of a distributed cyber control system for situational awareness by taking advantage of control theory and time Petri net. Linear time-invariant systems are used to model the target system, attacks, assets influences, and an anomaly-based intrusion detection system. Time Petri nets are used to model the impact and timing relationships of attacks, vulnerability, and recovery at every node. To characterize those distributed control systems that are perfectly attackable, algebraic and topological attackability conditions are derived. Numerical evaluation is performed to determine the impact of attacks on distributed control system.