Biblio

Anomalous behaviour in subsystems of complex machines often affect overall performance even without failures. We devise unsupervised methods to detect times with degraded performance, and localize correlated signals, evaluated on a system with over 4000 monitored signals. From incidents comprising both downtimes and degraded performance, our approach localizes relevant signals within 1.2% of the parameter space.

In this paper, we present a theoretical approach concerning the econometric modelling for the estimation of cyber-security risk, with the use of time-series analysis methods and alternatively with Machine Learning (ML) based, deep learning methodology. Also we present work performed in the framework of SAINT H2020 Project [1], concerning innovative data mining techniques, based on automated web scrapping, for the retrieving of the relevant time-series data. We conclude with a review of emerging challenges in cyber-risk assessment brought by the rapid development of adversarial AI.

Traditionally, Industrial Control Systems (ICS) have been operated as air-gapped networks, without a necessity to connect directly to the Internet. With the introduction of the Internet of Things (IoT) paradigm, along with the cloud computing shift in traditional IT environments, ICS systems went through an adaptation period in the recent years, as the Industrial Internet of Things (IIoT) became popular. ICS systems, also called Cyber-Physical-Systems (CPS), operate on physical devices (i.e., actuators, sensors) at the lowest layer. An anomaly that effect this layer, could potentially result in physical damage. Due to the new attack surfaces that came about with IIoT movement, precise, accurate, and prompt intrusion/anomaly detection is becoming even more crucial in ICS. This paper proposes a novel method for real-time intrusion/anomaly detection based on a cyber-physical system network traffic. To evaluate the proposed anomaly detection method's efficiency, we run our implementation against a network trace taken from a Secure Water Treatment Testbed (SWAT) of iTrust Laboratory at Singapore.

In the application scenarios of cloud computing, big data, and mobile Internet, covert and diverse network attacks have become a serious problem that threatens the security of enterprises and personal information assets. Abnormal network behaviour detection based on network behaviour characteristics has become an important means to protect network security. However, existing frameworks do not make full use of the characteristics of the correlation between continuous network behaviours, and do not use an algorithm that can process time-series data or process the original feature set into time-series data to match the algorithm. This paper proposes a time-series abnormal network behaviour detection framework. The framework consists of two parts: an algorithm model (DBN-BiGRU) that combines Deep Belief Network (DBN) and Bidirectional Gated Recurrent Unit (BiGRU), and a pre-processing scheme that processes the original feature analysis files of CICIDS2017 to good time-series data. This detection framework uses past and future behaviour information to determine current behaviours, which can improve accuracy, and can adapt to the large amount of existing network traffic and high-dimensional characteristics. Finally, this paper completes the training of the algorithm model and gets the test results. Experimental results show that the prediction accuracy of this framework is as high as 99.82%, which is better than the traditional frameworks that do not use time-series information.

Today the cloud plays a central role in storing, processing, and distributing data. Despite contributing to the rapid development of IoT applications, the current IoT cloud-centric architecture has led into a myriad of isolated data silos that hinders the full potential of holistic data-driven analytics within the IoT. In this paper, we present a blockchain-based design for the IoT that brings a distributed access control and data management. We depart from the current trust model that delegates access control of our data to a centralized trusted authority and instead empower the users with data ownership. Our design is tailored for IoT data streams and enables secure data sharing. We enable a secure and resilient access control management, by utilizing the blockchain as an auditable and distributed access control layer to the storage layer. We facilitate the storage of time-series IoT data at the edge of the network via a locality-aware decentralized storage system that is managed with the blockchain technology. Our system is agnostic of the physical storage nodes and supports as well utilization of cloud storage resources as storage nodes.