Biblio
Nowadays, the industrial control systems (ICS) face many challenges, where security is becoming one of the most crucial. This fact is caused by new connected environment, which brings among new possibilities also new vulnerabilities, threats, or possible attacks. The criminal acts in the ICS area increased over the past years exponentially, which caused the loss of billions of dollars. This also caused classical Intrusion Detection Systems and Intrusion Prevention Systems to evolve in order to protect among IT also ICS networks. However, these systems need sufficient data such as traffic logs, protocol information, attack patterns, anomaly behavior marks and many others. To provide such data, the requirements for the test environment are summarized in this paper. Moreover, we also introduce more than twenty common vulnerabilities across the ICS together with information about possible risk, attack vector (point), possible detection methods and communication layer occurrence. Therefore, the paper might be used as a base-ground for building sufficient data generator for machine learning and artificial intelligence algorithms often used in ICS/IDS systems.
With the latest development of hydroelectric power generation system, the industrial control network system of hydroelectric power generation has undergone the transformation from the dedicated network, using proprietary protocols to an increasingly open network, adopting standard protocols, and increasing integration with hydroelectric power generation system. It generally believed that with the improvement of the smart grid, the future hydroelectric power generation system will rely more on the powerful network system. The general application of standardized communication protocol and intelligent electronic equipment in industrial control network provides a technical guarantee for realizing the intellectualization of hydroelectric power generation system but also brings about the network security problems that cannot be ignored. In order to solve the vulnerability of the system, we analyze and quantitatively evaluate the industrial control network of hydropower generation as a whole, and propose a set of attack and defense strategies. The method of vulnerability assessment with high diversity score proposed by us avoids the indifference of different vulnerability score to the greatest extent. At the same time, we propose an optimal attack and defense decision algorithm, which generates the optimal attack and defense strategy. The work of this paper can distinguish the actual hazards of vulnerable points more effectively.
Network attacks have become a growing threat to the current Internet. For the enhancement of network security and accountability, it is urgent to find the origin and identity of the adversary who misbehaves in the network. Some studies focus on embedding users' identities into IPv6 addresses, but such design cannot support the Stateless Address Autoconfiguration (SLAAC) protocol which is widely deployed nowadays. In this paper, we propose SDN-Ti, a general solution to traceback and identification for attackers in IPv6 networks based on Software Defined Network (SDN). In our proposal, the SDN switch performs a translation between the source IPv6 address of the packet and its trusted ID-encoded address generated by the SDN controller. The network administrator can effectively identify the attacker by parsing the malicious packets when the attack incident happens. Our solution not only avoids the heavy storage overhead and time synchronism problems, but also supports multiple IPv6 address assignment scenarios. What's more, SDN-Ti does not require any modification on the end device, hence can be easily deployed. We implement SDN-Ti prototype and evaluate it in a real IPv6 testbed. Experiment results show that our solution only brings very little extra performance cost, and it shows considerable performance in terms of latency, CPU consumption and packet loss compared to the normal forwarding method. The results indicate that SDN-Ti is feasible to be deployed in practice with a large number of users.
Edge and Fog Computing will be increasingly pervasive in the years to come due to the benefits they bring in many specific use-case scenarios over traditional Cloud Computing. Nevertheless, the security concerns Fog and Edge Computing bring in have not been fully considered and addressed so far, especially when considering the underlying technologies (e.g. virtualization) instrumental to reap the benefits of the adoption of the Edge paradigm. In particular, these virtualization technologies (i.e. Containers, Real Time Operating Systems, and Unikernels), are far from being adequately resilient and secure. Aiming at shedding some light on current technology limitations, and providing hints on future research security issues and technology development, in this paper we introduce the main technologies supporting the Edge paradigm, survey existing issues, introduce relevant scenarios, and discusses benefits and caveats of the different existing solutions in the above introduced scenarios. Finally, we provide a discussion on the current security issues in the introduced context, and strive to outline future research directions in both security and technology development in a number of Edge/Fog scenarios.
The greatest threat towards securing the organization and its assets are no longer the attackers attacking beyond the network walls of the organization but the insiders present within the organization with malicious intent. Existing approaches helps to monitor, detect and prevent any malicious activities within an organization's network while ignoring the human behavior impact on security. In this paper we have focused on user behavior profiling approach to monitor and analyze user behavior action sequence to detect insider threats. We present an ensemble hybrid machine learning approach using Multi State Long Short Term Memory (MSLSTM) and Convolution Neural Networks (CNN) based time series anomaly detection to detect the additive outliers in the behavior patterns based on their spatial-temporal behavior features. We find that using Multistate LSTM is better than basic single state LSTM. The proposed method with Multistate LSTM can successfully detect the insider threats providing the AUC of 0.9042 on train data and AUC of 0.9047 on test data when trained with publically available dataset for insider threats.
This paper introduces a new method of applying both an Intrusion Detection System (IDS) and an Intrusion Response System (IRS) to communications protected using Ciphertext-Policy Attribute-based Encryption (CP-ABE) in the context of the Internet of Things. This method leverages features specific to CP-ABE in order to improve the detection capabilities of the IDS and the response ability of the network. It also enables improved privacy towards the users through group encryption rather than one-to-one shared key encryption as the policies used in the CP-ABE can easily include the IDS as an authorized reader. More importantly, it enables different levels of detection and response to intrusions, which can be crucial when using anomaly-based detection engines.
While the introduction of the softwarelization technologies such as SDN and NFV transfers main focus of network management from hardware to software, the network operators still have to care for a lot of network and computing equipment located in the network center. Toward fully automated network management, we believe that robotic approach will be significant, meaning that robot will care for the physical equipment on behalf of human. This paper explains our experience and insight gained throughout development of a network management robot. We utilize ROS(Robot Operating System) which is a powerful platform for robot development and secures the ease of development and expandability. Our roadmap of the network management robot is also shown as well as three use cases such as environmental monitoring, operator assistance and autonomous maintenance of the equipment. Finally, the paper briefly explains experimental results conducted in a commercial network center.
Searchable Encryption (SE) schemes provide security and privacy to the cloud data. The existing SE approaches enable multiple users to perform search operation by using various schemes like Broadcast Encryption (BE), Attribute-Based Encryption (ABE), etc. However, these schemes do not allow multiple users to perform the search operation over the encrypted data of multiple owners. Some SE schemes involve a Proxy Server (PS) that allow multiple users to perform the search operation. However, these approaches incur huge computational burden on PS due to the repeated encryption of the user queries for transformation purpose so as to ensure that users' query is searchable over the encrypted data of multiple owners. Hence, to eliminate this computational burden on PS, this paper proposes a secure proxy server approach that performs the search operation without transforming the user queries. This approach also returns the top-k relevant documents to the user queries by using Euclidean distance similarity approach. Based on the experimental study, this approach is efficient with respect to search time and accuracy.
Researchers and industry experts are looking at how to improve a shopper's experience and a store's revenue by leveraging and integrating technologies at the edges of the network, such as Internet-of-Things (IoT) devices, cloud-based systems, and mobile applications. The integration of IoT technology can now be used to improve purchasing incentives through the use of electronic coupons. Research has shown that targeted electronic coupons are the most effective and coupons presented to the shopper when they are near the products capture the most shoppers' dollars. Although it is easy to imagine coupons being broadcast to a shopper's mobile device over a low-power wireless channel, such a solution must be able to advertise many products, target many individual shoppers, and at the same time, provide shoppers with their desired level of privacy. To support this type of IoT-enabled shopping experience, we have designed Aggio, an electronic coupon distribution system that enables the distribution of localized, targeted coupons while supporting user privacy and security. Aggio uses cryptographic mechanisms to not only provide security but also to manage shopper groups e.g., bronze, silver, and gold reward programs) and minimize resource usage, including bandwidth and energy. The novel use of cryptographic management of coupons and groups allows Aggio to reduce bandwidth use, as well as reduce the computing and energy resources needed to process incoming coupons. Through the use of local coupon storage on the shopper's mobile device, the shopper does not need to query the cloud and so does not need to expose all of the details of their shopping decisions. Finally, the use of privacy preserving communication between the shopper's mobile device and the CouponHubs that are distributed throughout the retail environment allows the shopper to expose their location to the store without divulging their location to all other shoppers present in the store.
The server is an important for storing data, collected during the diagnostics of Smart Business Center (SBC) as a subsystem of Industrial Internet of Things including sensors, network equipment, components for start and storage of monitoring programs and technical diagnostics. The server is exposed most often to various kind of attacks, in particular, aimed at processor, interface system, random access memory. The goal of the paper is analyzing the methods of the SBC server protection from malicious actions, as well as the development and investigation of the Markov model of the server's functioning in the SBC network, taking into account the impact of DDoS-attacks.
The ever rising attacks on IT infrastructure, especially on networks has become the cause of anxiety for the IT professionals and the people venturing in the cyber-world. There are numerous instances wherein the vulnerabilities in the network has been exploited by the attackers leading to huge financial loss. Distributed denial of service (DDoS) is one of the most indirect security attack on computer networks. Many active computer bots or zombies start flooding the servers with requests, but due to its distributed nature throughout the Internet, it cannot simply be terminated at server side. Once the DDoS attack initiates, it causes huge overhead to the servers in terms of its processing capability and service delivery. Though, the study and analysis of request packets may help in distinguishing the legitimate users from among the malicious attackers but such detection becomes non-viable due to continuous flooding of packets on servers and eventually leads to denial of service to the authorized users. In the present research, we propose traffic flow and flow count variable based prevention mechanism with the difference in homogeneity. Its simplicity and practical approach facilitates the detection of DDoS attack at the early stage which helps in prevention of the attack and the subsequent damage. Further, simulation result based on different instances of time has been shown on T-value including generation of simple and harmonic homogeneity for observing the real time request difference and gaps.
Distributed Denial of Service (DDoS) strike is a malevolent undertaking to irritate regular action of a concentrated on server, organization or framework by overwhelming the goal or its incorporating establishment with a flood of Internet development. DDoS ambushes achieve feasibility by utilizing different exchanged off PC structures as wellsprings of strike action. Mishandled machines can join PCs and other masterminded resources, for instance, IoT contraptions. From an anomalous express, a DDoS attack looks like a vehicle convergence ceasing up with the road, shielding standard action from meeting up at its pined for objective.
Protection from DDoS-attacks is one of the most urgent problems in the world of network technologies. And while protect systems has algorithms for detection and preventing DDoS attacks, there are still some unresolved problems. This article is devoted to the DDoS-attack called Pulse Wave. Providing a brief introduction to the world of network technologies and DDoS-attacks, in particular, aims at the algorithm for protecting against DDoS-attack Pulse Wave. The main goal of this article is the implementation of traffic classifier that adds rules for infected computers to put them into a separate queue with limited bandwidth. This approach reduces their load on the service and, thus, firewall neutralises the attack.
In recent years, the attacks on systems have increased and among such attack is Distributed Denial of Service (DDoS) attack. The path identifiers (PIDs) used for inter-domain routing are static, which makes it easier the attack easier. To address this vulnerability, this paper addresses the usage of Dynamic Path Identifiers (D-PIDs) for routing. The PID of inter-domain path connector is kept oblivious and changes dynamically, thus making it difficult to attack the system. The prototype designed with major components like client, server and router analyses the outcome of D-PID usage instead of PIDs. The results show that, DDoS attacks can be effectively prevented if Dynamic Path Identifiers (D-PIDs) are used instead of Static Path Identifiers (PIDs).
Denial-of-Service attack (DoS attack) is an attack on network in which an attacker tries to disrupt the availability of network resources by overwhelming the target network with attack packets. In DoS attack it is typically done using a single source, and in a Distributed Denial-of-Service attack (DDoS attack), like the name suggests, multiple sources are used to flood the incoming traffic of victim. Typically, such attacks use vulnerabilities of Domain Name System (DNS) protocol and IP spoofing to disrupt the normal functioning of service provider or Internet user. The attacks involving DNS, or attacks exploiting vulnerabilities of DNS are known as DNS based DDOS attacks. Many of the proposed DNS based DDoS solutions try to prevent/mitigate such attacks using some intelligent non-``network layer'' (typically application layer) protocols. Utilizing the flexibility and programmability aspects of Software Defined Networks (SDN), via this proposed doctoral research it is intended to make underlying network intelligent enough so as to prevent DNS based DDoS attacks.
Distributed denial of service (DDoS) attacks is a serious cyberattack that exhausts target machine's processing capacity by sending a huge number of packets from hijacked machines. To minimize resource consumption caused by DDoS attacks, filtering attack packets at source machines is the best approach. Although many studies have explored the detection of DDoS attacks, few studies have proposed DDoS attack prevention schemes that work at source machines. We propose a reliable, lightweight, transparent, and flexible DDoS attack prevention scheme that works at source machines. In this scheme, we employ a hypervisor with a packet filtering mechanism on each managed machine to allow the administrator to easily and reliably suppress packet transmissions. To make the proposed scheme lightweight and transparent, we exploit a thin hypervisor that allows pass-through access to hardware (except for network devices) from the operating system, thereby reducing virtualization overhead and avoiding compromising user experience. To make the proposed scheme flexible, we exploit a configurable packet filtering mechanism with a guaranteed safe code execution mechanism that allows the administrator to provide a filtering policy as executable code. In this study, we implemented the proposed scheme using BitVisor and the Berkeley Packet Filter. Experimental results show that the proposed scheme can suppress arbitrary packet transmissions with negligible latency and throughput overhead compared to a bare metal system without filtering mechanisms.