Visible to the public Biblio

Filters: Keyword is security monitoring  [Clear All Filters]
2023-08-24
Sun, Jun, Li, Yang, Zhang, Ge, Dong, Liangyu, Yang, Zitao, Wang, Mufeng, Cai, Jiahe.  2022.  Data traceability scheme of industrial control system based on digital watermark. 2022 7th IEEE International Conference on Data Science in Cyberspace (DSC). :322–325.
The fourth industrial revolution has led to the rapid development of industrial control systems. While the large number of industrial system devices connected to the Internet provides convenience for production management, it also exposes industrial control systems to more attack surfaces. Under the influence of multiple attack surfaces, sensitive data leakage has a more serious and time-spanning negative impact on industrial production systems. How to quickly locate the source of information leakage plays a crucial role in reducing the loss from the attack, so there are new requirements for tracing sensitive data in industrial control information systems. In this paper, we propose a digital watermarking traceability scheme for sensitive data in industrial control systems to address the above problems. In this scheme, we enhance the granularity of traceability by classifying sensitive data types of industrial control systems into text, image and video data with differentiated processing, and achieve accurate positioning of data sources by combining technologies such as national secret asymmetric encryption and hash message authentication codes, and mitigate the impact of mainstream watermarking technologies such as obfuscation attacks and copy attacks on sensitive data. It also mitigates the attacks against the watermarking traceability such as obfuscation attacks and copy attacks. At the same time, this scheme designs a data flow watermark monitoring module on the post-node of the data source to monitor the unauthorized sensitive data access behavior caused by other attacks.
2023-07-13
Hao, Qiang, Xu, Dongdong, Zhang, Zhun, Wang, Jiqing, Le, Tong, Wang, Jiawei, Zhang, Jinlei, Liu, Jiakang, Ma, Jinhui, Wang, Xiang.  2022.  A Hardware-Assisted Security Monitoring Method for Jump Instruction and Jump Address in Embedded Systems. 2022 8th Annual International Conference on Network and Information Systems for Computers (ICNISC). :197–202.
With the development of embedded systems towards networking and intelligence, the security threats they face are becoming more difficult to prevent. Existing protection methods make it difficult to monitor jump instructions and their target addresses for tampering by attackers at the low hardware implementation overhead and performance overhead. In this paper, a hardware-assisted security monitoring module is designed to monitor the integrity of jump instructions and jump addresses when executing programs. The proposed method has been implemented on the Xilinx Kintex-7 FPGA platform. Experiments show that this method is able to effectively monitor tampering attacks on jump instructions as well as target addresses while the embedded system is executing programs.
2022-07-29
Shu, ZhiMeng, Liu, YongGuang, Wang, HuiNan, Sun, ChaoLiang, He, ShanShan.  2021.  Research on the feasibility technology of Internet of things terminal security monitoring. 2021 6th International Symposium on Computer and Information Processing Technology (ISCIPT). :831—836.
As an important part of the intelligent measurement system, IOT terminal is in the “edge” layer of the intelligent measurement system architecture. It is the key node of power grid management and cloud fog integration. Its information security is the key to the construction of the security system of intelligent measurement, and the security link between the cloud and sensor measurement. With the in-depth integration of energy flow, information flow and business flow, and the in-depth application of digital technologies such as cloud computing, big data, internet of things, mobile Internet and artificial intelligence, the transformation and development of power system to digital and high-quality digital power grid has been accelerated. As a typical multi-dimensional complex system combining physical space and information space, the security threats and risks faced by the digital grid are more complex. The security risks in the information space will transfer the hazards to the power system and physical space. The Internet of things terminal is facing a more complex situation in the security field than before. This paper studies the feasibility of the security monitoring technology of the Internet of things terminal, in order to reduce the potential risks, improve the safe operation environment of the Internet of things terminal and improve the level of the security protection of the Internet of things terminal. One is to study the potential security problems of Internet of things terminal, and put forward the technical specification of security protection of Internet of things terminal. The second is to study the Internet of things terminal security detection technology, research and develop terminal security detection platform, and realize the unified detection of terminal security protection. The third is to study the security monitoring technology of the Internet of things terminal, develop the security monitoring system of the Internet of things terminal, realize the terminal security situation awareness and threat identification, timely discover the terminal security vulnerabilities, and ensure the stable and safe operation of the terminal and related business master station.
2022-04-25
Mahendra, Lagineni, Kumar, R.K. Senthil, Hareesh, Reddi, Bindhumadhava, B.S., Kalluri, Rajesh.  2021.  Deep Security Scanner for Industrial Control Systems. TENCON 2021 - 2021 IEEE Region 10 Conference (TENCON). :447–452.

with the continuous growing threat of cyber terrorism, the vulnerability of the industrial control systems (ICS) is the most common subject for security researchers now. Attacks on ICS systems keep increasing and their impact leads to human safety issues, equipment damage, system down, unusual output, loss of visibility and control, and various other catastrophic failures. Many of the industrial control systems are relatively insecure with chronic and pervasive vulnerabilities. Modbus-Tcpis one of the widely used communication protocols in the ICS/ Supervisory control and data acquisition (SCADA) system to transmit signals from instrumentation and control devices to the main controller of the control center. Modbus is a plain text protocol without any built-in security mechanisms, and Modbus is a standard communication protocol, widely used in critical infrastructure applications such as power systems, water, oil & gas, etc.. This paper proposes a passive security solution called Deep-security-scanner (DSS) tailored to Modbus-Tcpcommunication based Industrial control system (ICS). DSS solution detects attacks on Modbus-TcpIcs networks in a passive manner without disturbing the availability requirements of the system.

2021-09-16
Asci, Cihan, Wang, Wei, Sonkusale, Sameer.  2020.  Security Monitoring System Using Magnetically-Activated RFID Tags. 2020 IEEE SENSORS. :1–4.
Existing methods for home security monitoring depend on expensive custom battery-powered solutions. In this article, we present a battery-free solution that leverages any off-the-shelf passive radio frequency identification (RFID) tag for real-time entry detection. Sensor consists of a printed RFID antenna on paper, coupled to a magnetic reed switch and is affixed on the door. Opening of the door triggers the reed switch causing RFID signal transmission detected by any off-the-shelf passive RFID reader. This paper shows simulation and experimental results for such magnetically-actuated RFID (or magRFID) opening sensor.
2021-04-27
Putz, B., Pernul, G..  2020.  Detecting Blockchain Security Threats. 2020 IEEE International Conference on Blockchain (Blockchain). :313—320.
In many organizations, permissioned blockchain networks are currently transitioning from a proof-of-concept stage to production use. A crucial part of this transition is ensuring awareness of potential threats to network operations. Due to the plethora of software components involved in distributed ledgers, threats may be difficult or impossible to detect without a structured monitoring approach. To this end, we conduct a survey of attacks on permissioned blockchains and develop a set of threat indicators. To gather these indicators, a data processing pipeline is proposed to aggregate log information from relevant blockchain components, enriched with data from external sources. To evaluate the feasibility of monitoring current blockchain frameworks, we determine relevant data sources in Hyperledger Fabric. Our results show that the required data is mostly available, but also highlight significant improvement potential with regard to threat intelligence, chaincode scanners and built-in metrics.
2021-03-29
Tang, C., Fu, X., Tang, P..  2020.  Policy-Based Network Access and Behavior Control Management. 2020 IEEE 20th International Conference on Communication Technology (ICCT). :1102—1106.

Aiming at the requirements of network access control, illegal outreach control, identity authentication, security monitoring and application system access control of information network, an integrated network access and behavior control model based on security policy is established. In this model, the network access and behavior management control process is implemented through abstract policy configuration, network device and application server, so that management has device-independent abstraction, and management simplification, flexibility and automation are improved. On this basis, a general framework of policy-based access and behavior management control is established. Finally, an example is given to illustrate the method of device connection, data drive and fusion based on policy-based network access and behavior management control.

2021-02-23
Liu, W., Park, E. K., Krieger, U., Zhu, S. S..  2020.  Smart e-Health Security and Safety Monitoring with Machine Learning Services. 2020 29th International Conference on Computer Communications and Networks (ICCCN). :1—6.

This research provides security and safety extensions to a blockchain based solution whose target is e-health. The Advanced Blockchain platform is extended with intelligent monitoring for security and machine learning for detecting patient treatment medication safety issues. For the reasons of stringent HIPAA, HITECH, EU-GDPR and other regional regulations dictating security, safety and privacy requirements, the e-Health blockchains have to cover mandatory disclosure of violations or enforcements of policies during transaction flows involving healthcare. Our service solution further provides the benefits of resolving the abnormal flows of a medical treatment process, providing accountability of the service providers, enabling a trust health information environment for institutions to handle medication safely, giving patients a better safety guarantee, and enabling the authorities to supervise the security and safety of e-Health blockchains. The capabilities can be generalized to support a uniform smart solution across industry in a variety of blockchain applications.

2021-01-11
Khandait, P., Hubballi, N., Mazumdar, B..  2020.  Efficient Keyword Matching for Deep Packet Inspection based Network Traffic Classification. 2020 International Conference on COMmunication Systems NETworkS (COMSNETS). :567–570.
Network traffic classification has a range of applications in network management including QoS and security monitoring. Deep Packet Inspection (DPI) is one of the effective method used for traffic classification. DPI is computationally expensive operation involving string matching between payload and application signatures. Existing traffic classification techniques perform multiple scans of payload to classify the application flows - first scan to extract the words and the second scan to match the words with application signatures. In this paper we propose an approach which can classify network flows with single scan of flow payloads using a heuristic method to achieve a sub-linear search complexity. The idea is to scan few initial bytes of payload and determine potential application signature(s) for subsequent signature matching. We perform experiments with a large dataset containing 171873 network flows and show that it has a good classification accuracy of 98%.
2020-04-06
Wang, Zhi-Hao, Kung, Yu-Fan, Hendrick, Cheng, Po-Jen, Wang, Chih-Min, Jong, Gwo-Jia.  2018.  Enhance Wireless Security System Using Butterfly Network Coding Algorithm. 2018 International Conference on Applied Information Technology and Innovation (ICAITI). :135–138.
The traditional security system requires a lot of manpower, and the wireless security system has been developed to reduce costs. However, for wireless systems, stability and reliability are important system indicators. In order to effectively improve these two indicators, we have imported butterfly network coding algorithm into the wireless sensing network. Because this algorithm enables each node to play multiple roles, such as routing, encoding, decoding, sending and receiving, it can also improve the throughput of network transmission, and effectively improve the stability and reliability of the wireless security system. This paper used the Wi-Fi module to implement the butterfly network coding algorithm, and is actually installed in the building. The basis for transmission and reception of all nodes in the network is received signal strength indication (RSSI). On the other hand, this is an IoT system for security monitoring.
2020-03-02
Zheng, Zhengfan, Zheng, Bo, Wu, Yuechao, Chen, Shangui.  2019.  An Integrated Safety Management System Based on Ubiquitous Internet of Things in Electricity for Smart Pumped-storage Power Stations. 2019 4th International Conference on Intelligent Green Building and Smart Grid (IGBSG). :548–551.
The safety management is an important and fundamental task in the construction and operation of pumped-storage power stations. However, because of the traditional technical framework, the relevant systems are separated from each other, leading to a lot of disadvantages in application and performance. In order to meet the requirements of smart pumped-storage power stations, an integrated safety management system (ISMS) based on ubiquitous internet of things in electricity is proposed in this paper. The ISMS is divided into five layers including data display layer, data manipulation layer, data processing layer, data transmission layer and data acquisition layer. It consists of six modules, i.e., central control module, cave access control and personnel location module, video and security monitoring module, emergency broadcasting and communication module, geological warning module, and fall protection module. All modules are integrated into a unified information platform.
2020-01-21
Gao, Peng, Yang, Ruxia, Shi, Congcong, Zhang, Xiaojian.  2019.  Research on Security Protection Technology System of Power Internet of Things. 2019 IEEE 8th Joint International Information Technology and Artificial Intelligence Conference (ITAIC). :1772–1776.

With the rapid development of Internet of Things applications, the power Internet of Things technologies and applications covering the various production links of the power grid "transmission, transmission, transformation, distribution and use" are becoming more and more popular, and the terminal, network and application security risks brought by them are receiving more and more attention. Combined with the architecture and risk of power Internet of Things, this paper first proposes the overall security protection technology system and strategy for power Internet of Things; then analyzes terminal identity authentication and authority control, edge area autonomy and data transmission protection, and application layer cloud fog security management. And the whole process real-time security monitoring; Finally, through the analysis of security risks and protection, the technical difficulties and directions for the security protection of the Internet of Things are proposed.

2019-08-26
Doynikova, Elena, Fedorchenko, Andrey, Kotenko, Igor.  2018.  Determination of Security Threat Classes on the Basis of Vulnerability Analysis for Automated Countermeasure Selection. Proceedings of the 13th International Conference on Availability, Reliability and Security. :62:1–62:8.
Currently the task of automated security monitoring and responding to security incidents is highly relevant. The authors propose an approach to determine weaknesses of the analyzed system on the basis of its known vulnerabilities for further specification of security threats. It is relevant for the stage of determining the necessary and sufficient set of security countermeasures for specific information systems. The required set of security response tools and means depends on the determined threats. The possibility of practical implementation of the approach follows from the connectivity between open databases of vulnerabilities, weaknesses, and attacks. The authors applied various classification methods for vulnerabilities considering values of their properties. The paper describes source data used for classification, their preprocessing stage, and the classification results. The obtained results and the methods for their enhancement are discussed.
2019-05-09
Eckhart, Matthias, Ekelhart, Andreas.  2018.  Towards Security-Aware Virtual Environments for Digital Twins. Proceedings of the 4th ACM Workshop on Cyber-Physical System Security. :61-72.

Digital twins open up new possibilities in terms of monitoring, simulating, optimizing and predicting the state of cyber-physical systems (CPSs). Furthermore, we argue that a fully functional, virtual replica of a CPS can also play an important role in securing the system. In this work, we present a framework that allows users to create and execute digital twins, closely matching their physical counterparts. We focus on a novel approach to automatically generate the virtual environment from specification, taking advantage of engineering data exchange formats. From a security perspective, an identical (in terms of the system's specification), simulated environment can be freely explored and tested by security professionals, without risking negative impacts on live systems. Going a step further, security modules on top of the framework support security analysts in monitoring the current state of CPSs. We demonstrate the viability of the framework in a proof of concept, including the automated generation of digital twins and the monitoring of security and safety rules.

2018-09-05
Doynikova, E., Kotenko, I..  2017.  Enhancement of probabilistic attack graphs for accurate cyber security monitoring. 2017 IEEE SmartWorld, Ubiquitous Intelligence Computing, Advanced Trusted Computed, Scalable Computing Communications, Cloud Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI). :1–6.
Timely and adequate response on the computer security incidents depends on the accurate monitoring of the security situation. The paper investigates the task of refinement of the attack models in the form of attack graphs. It considers some challenges of attack graph generation and possible solutions, including: inaccuracies in specifying the pre- and postconditions of attack actions, processing of cycles in graphs to apply the Bayesian methods for attack graph analysis, mapping of incidents on attack graph nodes, and automatic countermeasure selection for the nodes under the risk. The software prototype that implements suggested solutions is briefly specified. The influence of the modifications on the security monitoring is shown on a case study, and the results of experiments are described.
2018-02-02
Rieke, R., Seidemann, M., Talla, E. K., Zelle, D., Seeger, B..  2017.  Behavior Analysis for Safety and Security in Automotive Systems. 2017 25th Euromicro International Conference on Parallel, Distributed and Network-based Processing (PDP). :381–385.

The connection of automotive systems with other systems such as road-side units, other vehicles, and various servers in the Internet opens up new ways for attackers to remotely access safety relevant subsystems within connected cars. The security of connected cars and the whole vehicular ecosystem is thus of utmost importance for consumer trust and acceptance of this emerging technology. This paper describes an approach for on-board detection of unanticipated sequences of events in order to identify suspicious activities. The results show that this approach is fast enough for in-vehicle application at runtime. Several behavior models and synchronization strategies are analyzed in order to narrow down suspicious sequences of events to be sent in a privacy respecting way to a global security operations center for further in-depth analysis.

2017-12-12
Stergiou, C., Psannis, K. E., Plageras, A. P., Kokkonis, G., Ishibashi, Y..  2017.  Architecture for security monitoring in IoT environments. 2017 IEEE 26th International Symposium on Industrial Electronics (ISIE). :1382–1385.

The focus of this paper is to propose an integration between Internet of Things (IoT) and Video Surveillance, with the aim to satisfy the requirements of the future needs of Video Surveillance, and to accomplish a better use. IoT is a new technology in the sector of telecommunications. It is a network that contains physical objects, items, and devices, which are embedded with sensors and software, thus enabling the objects, and allowing for their data exchange. Video Surveillance systems collect and exchange the data which has been recorded by sensors and cameras and send it through the network. This paper proposes an innovative topology paradigm which could offer a better use of IoT technology in Video Surveillance systems. Furthermore, the contribution of these technologies provided by Internet of Things features in dealing with the basic types of Video Surveillance technology with the aim to improve their use and to have a better transmission of video data through the network. Additionally, there is a comparison between our proposed topology and relevant proposed topologies focusing on the security issue.

2017-03-07
Onwubiko, C..  2015.  Cyber security operations centre: Security monitoring for protecting business and supporting cyber defense strategy. 2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA). :1–10.

Cyber security operations centre (CSOC) is an essential business control aimed to protect ICT systems and support an organisation's Cyber Defense Strategy. Its overarching purpose is to ensure that incidents are identified and managed to resolution swiftly, and to maintain safe & secure business operations and services for the organisation. A CSOC framework is proposed comprising Log Collection, Analysis, Incident Response, Reporting, Personnel and Continuous Monitoring. Further, a Cyber Defense Strategy, supported by the CSOC framework, is discussed. Overlaid atop the strategy is the well-known Her Majesty's Government (HMG) Protective Monitoring Controls (PMCs). Finally, the difficulty and benefits of operating a CSOC are explained.

2015-05-05
Kaci, A., Kamwa, I., Dessaint, L.A., Guillon, S..  2014.  Synchrophasor Data Baselining and Mining for Online Monitoring of Dynamic Security Limits. Power Systems, IEEE Transactions on. 29:2681-2695.

When the system is in normal state, actual SCADA measurements of power transfers across critical interfaces are continuously compared with limits determined offline and stored in look-up tables or nomograms in order to assess whether the network is secure or insecure and inform the dispatcher to take preventive action in the latter case. However, synchrophasors could change this paradigm by enabling new features, the phase-angle differences, which are well-known measures of system stress, with the added potential to increase system visibility. The paper develops a systematic approach to baseline the phase-angles versus actual transfer limits across system interfaces and enable synchrophasor-based situational awareness (SBSA). Statistical methods are first used to determine seasonal exceedance levels of angle shifts that can allow real-time scoring and detection of atypical conditions. Next, key buses suitable for SBSA are identified using correlation and partitioning around medoid (PAM) clustering. It is shown that angle shifts of this subset of 15% of the network backbone buses can be effectively used as features in ensemble decision tree-based forecasting of seasonal security margins across critical interfaces.
 

Rieke, R., Repp, J., Zhdanova, M., Eichler, J..  2014.  Monitoring Security Compliance of Critical Processes. Parallel, Distributed and Network-Based Processing (PDP), 2014 22nd Euromicro International Conference on. :552-560.

Enforcing security in process-aware information systems at runtime requires the monitoring of systems' operation using process information. Analysis of this information with respect to security and compliance aspects is growing in complexity with the increase in functionality, connectivity, and dynamics of process evolution. To tackle this complexity, the application of models is becoming standard practice. Considering today's frequent changes to processes, model-based support for security and compliance analysis is not only needed in pre-operational phases but also at runtime. This paper presents an approach to support evaluation of the security status of processes at runtime. The approach is based on operational formal models derived from process specifications and security policies comprising technical, organizational, regulatory and cross-layer aspects. A process behavior model is synchronized by events from the running process and utilizes prediction of expected close-future states to find possible security violations and allow early decisions on countermeasures. The applicability of the approach is exemplified by a misuse case scenario from a hydroelectric power plant.