Forget the Myth of the Air Gap: Machine Learningfor Reliable Intrusion Detection in SCADA Systems

in EAI Endorsed Transactions on Security and Safety (2019)

Since Critical Infrastructures (CIs) use systems and equipment that are separated by long distances,Supervisory Control And Data Acquisition (SCADA) systems are used to monitor their behaviour and to send ... [more ▼]

Since Critical Infrastructures (CIs) use systems and equipment that are separated by long distances,Supervisory Control And Data Acquisition (SCADA) systems are used to monitor their behaviour and to send commands remotely. For a long time, operator of CIs applied the air gap principle, a security strategy that physically isolates the control network from other communication channels. True isolation, however,is difficult nowadays due to the massive spread of connectivity: using open protocols and more connectivity opens new network attacks against CIs. To cope with this dilemma, sophisticated security measures are needed to address malicious intrusions, which are steadily increasing in number and variety. However, traditional Intrusion Detection Systems (IDSs) cannot detect attacks that are not already present in their databases. To this end, we assess in this paper Machine Learning (ML) techniques for anomaly detection in SCADA systems using a real data set collected from a gas pipeline system and provided by the Mississippi State University (MSU).The contribution of this paper is two-fold: 1) The evaluation of four techniques for missing data estimation and two techniques for data normalization, 2) The performances of Support Vector Machine (SVM), Random Forest (RF), Bidirectional Long Short Term Memory (BLSTM) are assessed in terms of accuracy, precision,recall and F1 score for intrusion detection. Two cases are differentiated: binary and categorical classifications.Our experiments reveal that RF and BLSTM detect intrusions effectively, with an F1 score of respectively>99% and>96% [less ▲]

Integrated Protection of Industrial Control Systems from Cyber-attacks: the ATENA Approach

in International Journal of Critical Infrastructure Protection (2018)

Poster: Performance Evaluation of an Open-Source Audio-Video Bridging/Time-Sensitive Networking Testbed for Automotive Ethernet

Poster (2018)

Automotive Ethernet (AE) is becoming more and more relevant to the automotive industry due to its support of emerging in-car applications, which have high bandwidth demands and stringent requirements in ... [more ▼]

Automotive Ethernet (AE) is becoming more and more relevant to the automotive industry due to its support of emerging in-car applications, which have high bandwidth demands and stringent requirements in terms of latency and time synchronization. One of the standards under consideration for AE is IEEE 802.1 Audio Video Bridging (AVB)/Time Sensitive Networking (TSN) that provides deterministic data link layer and bounded latency to real-time traffic classes. So far, this protocol stack has only been evaluated using either simulations or proprietary and expensive platforms. In this paper, we design a real testbed system for AE using general-purpose single-board computers and conduct experiments to assess the real-time performance of an open-source AVB/TSN implementation. Our preliminary results show that even under heavy load, AVB/TSN can fulfil the latency requirements of AE while keeping a constant latency variation. [less ▲]

Analysis of Bandwidth Attacks in a Bittorrent Swarm

Doctoral thesis (2016)

Stealing Bandwidth from BitTorrent Seeders

in Computers and Security (2014)

A Novel Concept for Hybrid Quality Improvements in Consumer Networks

in ICCE-Berlin 2011: 2011 IEEE International Conference on Consumer Electronics - Berlin (ICCE-Berlin) (2011)

Enhancements to Statistical Protocol IDentification (SPID) for Self-Organised QoS in LANs

in ICCCN 2010 Track on Network Algorithms, Performance Evaluation and Theory (NAPET) (ICCCN 2010 NAPET) (2010)

Since most real-time audio and video applications lack of QoS support, QoS demand of such IP data streams shall be detected and applied automatically. To support QoS in LANs, especially in home ... [more ▼]

Since most real-time audio and video applications lack of QoS support, QoS demand of such IP data streams shall be detected and applied automatically. To support QoS in LANs, especially in home environments, a system was developed, which enables self-organised QoS for unmanaged networks through host implementations - in contrast to traditional solutions without network support. It supports per-link reservation and prioritisation and works without a need for application support. One part of this system is an automated traffic identification and classification system, which is subject of this paper. An efficient set of attribute meters, based on the Statistical Protocol IDentification (SPID), was investigated, enhanced and evaluated. We improved the performance, added support for UDP protocols and real-time identification. It is shown that using our implementation efficient near real-time protocol identification on per-flow basis is possible to support self-organised resource reservation. [less ▲]