Biblio

Cyber security is a topic of increasing relevance in relation to industrial networks. The higher intensity and intelligent use of data pushed by smart technology (Industry 4.0) together with an augmented integration between the operational technology (production) and the information technology (business) parts of the network have considerably raised the level of vulnerabilities. On the other hand, many industrial facilities still use serial networks as underlying communication system, and they are notoriously limited from a cyber security perspective since protection mechanisms available for ТСР/IР communication do not apply. Therefore, an attacker gaining access to a serial network can easily control the industrial components, potentially causing catastrophic incidents, jeopardizing assets and human lives. This study proposes a framework to act as an anomaly detection system (ADS) for industrial serial networks. It has three ingredients: an unsupervised К-means component to analyse message content, a knowledge-based Expert System component to analyse message metadata, and a voting process to generate alerts for security incidents, anomalous states, and faults. The framework was evaluated using the Proflbus-DP, a network simulator which implements a serial bus system. Results for the simulated traffic were promising: 99.90% for accuracy, 99,64% for precision, and 99.28% for F1-Score. They indicate feasibility of the framework applied to serial-based industrial networks.

In this paper we propose ROS-Defender, a holistic approach to secure robotics systems, which integrates a Security Event Management System (SIEM), an intrusion prevention system (IPS) and a firewall for a robotic system. ROS-Defender combines anomaly detection systems at application (ROS) level and network level, with dynamic policy enforcement points using software defined networking (SDN) to provide protection against a large class of attacks. Although SIEMs, IPS, and firewall have been previously used to secure computer networks, ROSDefender is applying them for the specific use case of robotic systems, where security is in many cases an afterthought.

Securing Internet of Things (IoT) systems is a challenge because of its multiple points of vulnerability. A spate of recent hacks and security breaches has unveiled glaring vulnerabilities in the IoT. Due to the computational and memory requirement constraints associated with anomaly detection algorithms in core networks, commercial in-line (part of the direct line of communication) Anomaly Detection Systems (ADSs) rely on sampling-based anomaly detection approaches to achieve line rates and truly-inline anomaly detection accuracy in real-time. However, packet sampling is inherently a lossy process which might provide an incomplete and biased approximation of the underlying traffic patterns. Moreover, commercial routers uses proprietary software making them closed to be manipulated from the outside. As a result, detecting malicious packets on the given network path is one of the most challenging problems in the field of network security. We argue that the advent of Software Defined Networking (SDN) provides a unique opportunity to effectively detect and mitigate DDoS attacks. Unlike sampling-based approaches for anomaly detection and limitation of proprietary software at routers, we use the SDN infrastructure to relax the sampling-based ADS constraints and collect traffic flow statistics which are maintained at each SDN-enabled switch to achieve high detection accuracy. In order to implement our idea, we discuss how to mitigate DDoS attacks using the features of SDN infrastructure.