Visualization-Driven Approach to Anomaly Detection in the Movement of Critical Infrastructure

2017 ◽  
pp. 50-61 ◽  
Author(s):  
Evgenia Novikova ◽  
Ivan Murenin
Keyword(s):  
Anomaly Detection ◽  
Critical Infrastructure

scholarly journals Anomaly Detection Trusted Hardware Sensors for Critical Infrastructure Legacy Devices

Sensors ◽  
2020 ◽  
Vol 20 (11) ◽  
pp. 3092 ◽  
Author(s):  
Apostolos P. Fournaris ◽  
Charis Dimopoulos ◽  
Konstantinos Lampropoulos ◽  
Odysseas Koufopavlou
Keyword(s):  
Anomaly Detection ◽  
Case Studies ◽  
Power Plants ◽  
Critical Infrastructure ◽  
Test Site ◽  
Information Collection ◽  
Critical Infrastructures ◽  
Security Level ◽  
Protection Mechanisms ◽  
Evaluation Board

Critical infrastructures and associated real time Informational systems need some security protection mechanisms that will be able to detect and respond to possible attacks. For this reason, Anomaly Detection Systems (ADS), as part of a Security Information and Event Management (SIEM) system, are needed for constantly monitoring and identifying potential threats inside an Information Technology (IT) system. Typically, ADS collect information from various sources within a CI system using security sensors or agents and correlate that information so as to identify anomaly events. Such sensors though in a CI setting (factories, power plants, remote locations) may be placed in open areas and left unattended, thus becoming targets themselves of security attacks. They can be tampering and malicious manipulated so that they provide false data that may lead an ADS or SIEM system to falsely comprehend the CI current security status. In this paper, we describe existing approaches on security monitoring in critical infrastructures and focus on how to collect security sensor–agent information in a secure and trusted way. We then introduce the concept of hardware assisted security sensor information collection that improves the level of trust (by hardware means) and also increases the responsiveness of the sensor. Thus, we propose a Hardware Security Token (HST) that when connected to a CI host, it acts as a secure anchor for security agent information collection. We describe the HST functionality, its association with a host device, its expected role and its log monitoring mechanism. We also provide information on how security can be established between the host device and the HST. Then, we introduce and describe the necessary host components that need to be established in order to guarantee a high security level and correct HST functionality. We also provide a realization–implementation of the HST overall concept in a FPGA SoC evaluation board and describe how the HST implementation can be controlled. In addition, in the paper, two case studies where the HST has been used in practice and its functionality have been validated (one case study on a real critical infrastructure test site and another where a critical industrial infrastructure was emulated in our lab) are described. Finally, results taken from these two case studies are presented, showing actual measurements for the in-field HST usage.

scholarly journals A Survey of Anomaly Detection in Industrial Wireless Sensor Networks with Critical Water System Infrastructure as a Case Study

Sensors ◽  
2018 ◽  
Vol 18 (8) ◽  
pp. 2491 ◽  
Author(s):  
Daniel Ramotsoela ◽  
Adnan Abu-Mahfouz ◽  
Gerhard Hancke
Keyword(s):  
Wireless Sensor Networks ◽  
Sensor Networks ◽  
Intrusion Detection ◽  
Anomaly Detection ◽  
Critical Infrastructure ◽  
Water System ◽  
Machine Learning Techniques ◽  
Wireless Sensor ◽  
Monitoring And Control ◽  
Industrial Wireless Sensor Networks

The increased use of Industrial Wireless Sensor Networks (IWSN) in a variety of different applications, including those that involve critical infrastructure, has meant that adequately protecting these systems has become a necessity. These cyber-physical systems improve the monitoring and control features of these systems but also introduce several security challenges. Intrusion detection is a convenient second line of defence in case of the failure of normal network security protocols. Anomaly detection is a branch of intrusion detection that is resource friendly and provides broader detection generality making it ideal for IWSN applications. These schemes can be used to detect abnormal changes in the environment where IWSNs are deployed. This paper presents a literature survey of the work done in the field in recent years focusing primarily on machine learning techniques. Major research gaps regarding the practical feasibility of these schemes are also identified from surveyed work and critical water infrastructure is discussed as a use case.

scholarly journals FALCON: Framework for Anomaly Detection in Industrial Control Systems

Electronics ◽  
2020 ◽  
Vol 9 (8) ◽  
pp. 1192 ◽  
Author(s):  
Subin Sapkota ◽  
A K M Nuhil Mehdy ◽  
Stephen Reese ◽  
Hoda Mehrpouyan
Keyword(s):  
Water Treatment ◽  
Anomaly Detection ◽  
Control Systems ◽  
Short Term Memory ◽  
Critical Infrastructure ◽  
Attack Detection ◽  
Support Vector ◽  
Physical Processes ◽  
Industrial Control ◽  
Industrial Control Systems

Industrial Control Systems (ICS) are used to control physical processes in critical infrastructure. These systems are used in a wide variety of operations such as water treatment, power generation and distribution, and manufacturing. While the safety and security of these systems are of serious concern, recent reports have shown an increase in targeted attacks aimed at manipulating physical processes to cause catastrophic consequences. This trend emphasizes the need for algorithms and tools that provide resilient and smart attack detection mechanisms to protect ICS. In this paper, we propose an anomaly detection framework for ICS based on a deep neural network. The proposed methodology uses dilated convolution and long short-term memory (LSTM) layers to learn temporal as well as long term dependencies within sensor and actuator data in an ICS. The sensor/actuator data are passed through a unique feature engineering pipeline where wavelet transformation is applied to the sensor signals to extract features that are fed into the model. Additionally, this paper explores four variations of supervised deep learning models, as well as an unsupervised support vector machine (SVM) model for this problem. The proposed framework is validated on Secure Water Treatment testbed results. This framework detects more attacks in a shorter period of time than previously published methods.

Detecting Cyber Attacks on SCADA and Other Critical Infrastructures

2013 ◽  
pp. 17-53 ◽  
Author(s):  
Maurilio Pereira Coutinho ◽  
Germano Lambert-Torres ◽  
Luiz Eduardo Borges da Silva ◽  
Horst Lazarek ◽  
Elke Franz
Keyword(s):  
Anomaly Detection ◽  
Electric Power ◽  
Financial Services ◽  
Secure Communication ◽  
Rough Set Theory ◽  
Critical Infrastructure ◽  
Modern Society ◽  
Cyber Attacks ◽  
Transportation Services ◽  
Scada Systems

Nowadays, critical infrastructure plays a fundamental role in our modern society. Telecommunication and transportation services, water and electricity supply, and banking and financial services are examples of such infrastructures. They expose society to security threats. To safeguard against these threats, providers of critical infrastructure services also need to maintain the security objectives of their interdependent data networks. As an important part of the electric power system critical infrastructure, Supervisory Control and Data Acquisition (SCADA) systems require protection from a variety of threats, and their network infrastructures are potentially vulnerable to cyber attacks because security has not been part of their design. The diversity and lack of interoperability in the communication protocols also create obstacles for anyone attempting to establish secure communication. In order to improve the security of SCADA systems, anomaly detection can be used to identify corrupted values caused by malicious attacks and injection faults. The aim of this chapter is to present an alternative technique for implementing anomaly detection to monitor electric power electric systems. The problem is addressed here by the use of rough set theory.

scholarly journals Anomaly Detection Trusted Hardware Sensors for Critical Infrastructure Legacy Devices

2020 ◽  
Author(s):  
Apostolos P. Fournaris ◽  
Charalambos Dimopoulos ◽  
Konstantinos Lampropoulos ◽  
Odysseas Koufopavlou
Keyword(s):  
Anomaly Detection ◽  
Power Plants ◽  
Critical Infrastructure ◽  
Information Collection ◽  
Critical Infrastructures ◽  
Security Level ◽  
Trusted Hardware ◽  
Protection Mechanisms ◽  
Evaluation Board ◽  
Security Agent

Critical Infrastructures and associated real time Informational systems need some security protection mechanisms that will be able to detect and respond to possible attacks. For this reason, Anomaly Detection Systems (ADS), as part of a Security Information and Event Management (SIEM) system, are needed for constantly monitoring and identifying potential threats inside an Information Technology (IT) System. Typically, ADS collect information from various sources within a CI system using security sensors or agents and correlate those information so as to identify anomaly events. Such sensors though in a CI setting (factories, power plants, remote locations) may be placed in open areas and left unattended thus becoming targets themselves of security attacks. They can be tampering and malicious manipulated so that they provide false data that may lead an ADS or SIEM system to falsely comprehend the CI current security status. In this paper, we describe existing approaches on security monitoring in critical infrastructures and focus on how to collect security sensor - agent information in a secure and trusted way. We then introduce the concept of hardware assisted security sensor information collection that improve the level if trust (by hardware means) and also increase the responsiveness of the sensor. Thus, we propose a Hardware Security Token (HST) that when connected to a CI Host, it acts as a secure anchor for security agent information collection. We describe the HST functionality, its association with a host device, its expected role and its log monitoring mechanism. We also provide information on how security can be established between the Host device and the HST.Then, we introduce and describe the necessary Host components that need to be established in order to guarantee a high security level and correct HST functionality. We, also provide a realization-implementation of the HST overall concept in a FPGA SoC evaluation board and describe how the HST implementation can controlled. Finally, we provide indicative use case scenarios of how the HST can be used in practice to provide a variety of different security services beyond acting as a secure ADS sensor.

Sign in / Sign up

Export Citation Format

Share Document