CYBER ATTACKS ON SCADA BASED TRAFFIC LIGHT CONTROL SYSTEMS IN THE SMART CITIES

Abstract. There are regular developments and changes in cities. Developments in cities have affected transportation, and traffic control tools have changed. Traffic signs and traffic lights have been used to direct pedestrians and vehicles correctly. Traffic light control systems are used to ensure the safety of vehicles and pedestrians, increase the fluency in traffic, guide them in transportation, warn pedestrians and drivers, and regulate and control transportation disruptions. In order to facilitate people's lives, it is desired to control the traffic components autonomously with the developments in autonomous systems. Cyber threats arise due to the active use of the internet and signals or frequencies in the use of modules that will provide communication with traffic lights, traffic signs, and vehicles, which are traffic components at the inter-sections of many roads in the control of central systems. The study is limited to smart traffic lights, which are traffic components. If we examine the cyber-attacks, we can see that Malware Attacks, Buffer Overflow Attacks, DoS attacks, and Jamming Attacks can be made. Network-Based Intrusion Detection Systems and Host-Based Intrusion Detection Systems can be used to detect and stop Malware Attacks, Buffer Overflow Attacks, DoS attacks, and Jamming Attacks. Intrusion detection systems tell us whether the data poses a threat or does not pose after the data passing through the system is examined. In this way, system protection is ensured by controlling the data traffic in the system.

Download Full-text

A three-tiered intrusion detection system for industrial control systems

Journal of Cybersecurity ◽

10.1093/cybsec/tyab006 ◽

2021 ◽

Vol 7 (1) ◽

Author(s):

Eirini Anthi ◽

Lowri Williams ◽

Pete Burnap ◽

Kevin Jones

Keyword(s):

Intrusion Detection ◽

Control Systems ◽

Denial Of Service ◽

Cyber Attacks ◽

Network Activity ◽

Intrusion Detection Systems ◽

Industrial Control ◽

Industrial Control Systems ◽

Detection Systems ◽

Attack Type

Abstract This article presents three-tiered intrusion detection systems, which uses a supervised approach to detect cyber-attacks in industrial control systems networks. The proposed approach does not only aim to identify malicious packets on the network but also attempts to identify the general and finer grain attack type occurring on the network. This is key in the industrial control systems environment as the ability to identify exact attack types will lead to an increased response rate to the incident and the defence of the infrastructure. More specifically, the proposed system consists of three stages that aim to classify: (i) whether packets are malicious; (ii) the general attack type of malicious packets (e.g. Denial of Service); and (iii) finer-grained cyber-attacks (e.g. bad cyclic redundancy check, attack). The effectiveness of the proposed intrusion detection systems is evaluated on network data collected from a real industrial gas pipeline system. In addition, an insight is provided as to which features are most relevant in detecting such malicious behaviour. The performance of the system results in an F-measure of: (i) 87.4%, (ii) 74.5% and (iii) 41.2%, for each of the layers, respectively. This demonstrates that the proposed architecture can successfully distinguish whether network activity is malicious and detect which general attack was deployed.

Download Full-text

Intrusion Detection of Cyber-Physical Attacks in Manufacturing Systems: A Review

Volume 2B: Advanced Manufacturing ◽

10.1115/imece2019-10135 ◽

2019 ◽

Author(s):

Mingtao Wu ◽

Young B. Moon

Keyword(s):

Intrusion Detection ◽

Manufacturing Systems ◽

High Volume ◽

Cyber Attacks ◽

Intrusion Detection Systems ◽

Detection Methods ◽

False Alarms ◽

Alert Correlation ◽

Acoustic Image ◽

Detection Systems

Abstract Cyber-physical manufacturing system is the vision of future manufacturing systems where physical components are fully integrated through various networks and the Internet. The integration enables the access to computation resources that can improve efficiency, sustainability and cost-effectiveness. However, its openness and connectivity also enlarge the attack surface for cyber-attacks and cyber-physical attacks. A critical challenge in defending those attacks is that current intrusion detection methods cannot timely detect cyber-physical attacks. Studies showed that the physical detection provides a higher accuracy and a shorter respond time compared to network-based or host-based intrusion detection systems. Moreover, alert correlation and management methods help reducing the number of alerts and identifying the root cause of the attack. In this paper, the intrusion detection research relevant to cyber-physical manufacturing security is reviewed. The physical detection methods — using side-channel data, including acoustic, image, acceleration, and power consumption data to disclose attacks during the manufacturing process — are analyzed. Finally, the alert correlation methods — that manage the high volume of alerts generated from intrusion detection systems via logical relationships to reduce the data redundancy and false alarms — are reviewed. The study show that the cyber-physical attacks are existing and rising concerns in industry. Also, the increasing efforts in cyber-physical intrusion detection and correlation research can be utilized to secure the future manufacturing systems.

Download Full-text

CNN-Based Network Intrusion Detection against Denial-of-Service Attacks

Electronics ◽

10.3390/electronics9060916 ◽

2020 ◽

Vol 9 (6) ◽

pp. 916 ◽

Cited By ~ 7

Author(s):

Jiyeon Kim ◽

Jiwon Kim ◽

Hyunjung Kim ◽

Minsun Shim ◽

Eunjung Choi

Keyword(s):

Neural Network ◽

Deep Learning ◽

Intrusion Detection ◽

Denial Of Service ◽

Intrusion Detection Systems ◽

Network Intrusion Detection ◽

National Defense ◽

Dos Attacks ◽

Detection Systems ◽

Network Intrusion

As cyberattacks become more intelligent, it is challenging to detect advanced attacks in a variety of fields including industry, national defense, and healthcare. Traditional intrusion detection systems are no longer enough to detect these advanced attacks with unexpected patterns. Attackers bypass known signatures and pretend to be normal users. Deep learning is an alternative to solving these issues. Deep Learning (DL)-based intrusion detection does not require a lot of attack signatures or the list of normal behaviors to generate detection rules. DL defines intrusion features by itself through training empirical data. We develop a DL-based intrusion model especially focusing on denial of service (DoS) attacks. For the intrusion dataset, we use KDD CUP 1999 dataset (KDD), the most widely used dataset for the evaluation of intrusion detection systems (IDS). KDD consists of four types of attack categories, such as DoS, user to root (U2R), remote to local (R2L), and probing. Numerous KDD studies have been employing machine learning and classifying the dataset into the four categories or into two categories such as attack and benign. Rather than focusing on the broad categories, we focus on various attacks belonging to same category. Unlike other categories of KDD, the DoS category has enough samples for training each attack. In addition to KDD, we use CSE-CIC-IDS2018 which is the most up-to-date IDS dataset. CSE-CIC-IDS2018 consists of more advanced DoS attacks than that of KDD. In this work, we focus on the DoS category of both datasets and develop a DL model for DoS detection. We develop our model based on a Convolutional Neural Network (CNN) and evaluate its performance through comparison with an Recurrent Neural Network (RNN). Furthermore, we suggest the optimal CNN design for the better performance through numerous experiments.

Download Full-text

Rough Set-hypergraph-based Feature Selection Approach for Intrusion Detection Systems

Defence Science Journal ◽

10.14429/dsj.66.10802 ◽

2016 ◽

Vol 66 (6) ◽

pp. 612 ◽

Cited By ~ 14

Author(s):

M.R. Gauthama Raman ◽

K. Kannan ◽

S.K. Pal ◽

V. S. Shankar Sriram

Keyword(s):

Feature Selection ◽

Intrusion Detection ◽

Rough Set ◽

Network Architecture ◽

Cyber Attacks ◽

Intrusion Detection Systems ◽

Selection Algorithm ◽

Feature Selection Algorithm ◽

Detection Systems ◽

Helly Property

Immense growth in network-based services had resulted in the upsurge of internet users, security threats and cyber-attacks. Intrusion detection systems (IDSs) have become an essential component of any network architecture, in order to secure an IT infrastructure from the malicious activities of the intruders. An efficient IDS should be able to detect, identify and track the malicious attempts made by the intruders. With many IDSs available in the literature, the most common challenge due to voluminous network traffic patterns is the curse of dimensionality. This scenario emphasizes the importance of feature selection algorithm, which can identify the relevant features and ignore the rest without any information loss. In this paper, a novel rough set κ-Helly property technique (RSKHT) feature selection algorithm had been proposed to identify the key features for network IDSs. Experiments carried using benchmark KDD cup 1999 dataset were found to be promising, when compared with the existing feature selection algorithms with respect to reduct size, classifier’s performance and time complexity. RSKHT was found to be computationally attractive and flexible for massive datasets.

Download Full-text

A survey of intrusion detection on industrial control systems

International Journal of Distributed Sensor Networks ◽

10.1177/1550147718794615 ◽

2018 ◽

Vol 14 (8) ◽

pp. 155014771879461 ◽

Cited By ~ 16

Author(s):

Yan Hu ◽

An Yang ◽

Hong Li ◽

Yuyan Sun ◽

Limin Sun

Keyword(s):

Intrusion Detection ◽

Control Systems ◽

Internet Technology ◽

Security Requirements ◽

Intrusion Detection Systems ◽

Industrial Control ◽

Industrial Control Systems ◽

Detection Systems ◽

Advantages And Disadvantages ◽

Detection Technology

The modern industrial control systems now exhibit an increasing connectivity to the corporate Internet technology networks so as to make full use of the rich resource on the Internet. The increasing interaction between industrial control systems and the outside Internet world, however, has made them an attractive target for a variety of cyber attacks, raising a great need to secure industrial control systems. Intrusion detection technology is one of the most important security precautions for industrial control systems. It can effectively detect potential attacks against industrial control systems. In this survey, we elaborate on the characteristics and the new security requirements of industrial control systems. After that, we present a new taxonomy of intrusion detection systems for industrial control systems based on different techniques: protocol analysis based, traffic mining based, and control process analysis based. In addition, we analyze the advantages and disadvantages of different categories of intrusion detection systems and discuss some future developments of intrusion detection systems for industrial control systems, in order to promote further research on intrusion detection technology for industrial control systems.

Download Full-text

Use the ensemble methods when detecting DoS attacks in Network Intrusion Detection Systems

EAI Endorsed Transactions on Context-aware Systems and Applications ◽

10.4108/eai.29-11-2019.163484 ◽

2019 ◽

Vol 6 (19) ◽

pp. 163484

Author(s):

Hoang Thanh ◽

Tran Lang

Keyword(s):

Intrusion Detection ◽

Ensemble Methods ◽

Intrusion Detection Systems ◽

Network Intrusion Detection ◽

Dos Attacks ◽

Detection Systems ◽

Network Intrusion ◽

Network Intrusion Detection Systems

Download Full-text

A Host-Based Intrusion Detection System Using Architectural Features to Improve Sophisticated Denial-of-Service Attack Detections

International Journal of Information Security and Privacy ◽

10.4018/jisp.2010010102 ◽

2010 ◽

Vol 4 (1) ◽

pp. 18-31

Author(s):

Ran Tao ◽

Li Yang ◽

Lu Peng ◽

Bin Li

Keyword(s):

Operating System ◽

Intrusion Detection ◽

Detection System ◽

Denial Of Service ◽

Hardware Architecture ◽

Intrusion Detection Systems ◽

System Level ◽

Gradient Boosting ◽

Dos Attacks ◽

Detection Systems

Application features like port numbers are used by Network-based Intrusion Detection Systems (NIDSs) to detect attacks coming from networks. System calls and the operating system related information are used by Host-based Intrusion Detection Systems (HIDSs) to detect intrusions toward a host. However, the relationship between hardware architecture events and Denial-of-Service (DoS) attacks has not been well revealed. When increasingly sophisticated intrusions emerge, some attacks are able to bypass both the application and the operating system level feature monitors. Therefore, a more effective solution is required to enhance existing HIDSs. In this article, the authors identify the following hardware architecture features: Instruction Count, Cache Miss, Bus Traffic and integrate them into a HIDS framework based on a modern statistical Gradient Boosting Trees model. Through the integration of application, operating system and architecture level features, the proposed HIDS demonstrates a significant improvement of the detection rate in terms of sophisticated DoS intrusions.

Download Full-text

Techniques to Model and Derive a Cyber-Attacker’s Intelligence

Efficiency and Scalability Methods for Computational Intellect ◽

10.4018/978-1-4666-3942-3.ch008 ◽

2013 ◽

pp. 162-180 ◽

Cited By ~ 3

Author(s):

Peter J. Hawrylak ◽

Chris Hartney ◽

Michael Haney ◽

Jonathan Hamm ◽

John Hale

Keyword(s):

Intrusion Detection ◽

Attack Detection ◽

Cyber Attacks ◽

Intrusion Detection Systems ◽

Cyber Attack ◽

Computationally Efficient ◽

Attack Graph ◽

Detection Systems ◽

Specialized Hardware ◽

Time Required

Identifying the level of intelligence of a cyber-attacker is critical to detecting cyber-attacks and determining the next targets or steps of the adversary. This chapter explores intrusion detection systems (IDSs) which are the traditional tool for cyber-attack detection, and attack graphs which are a formalism used to model cyber-attacks. The time required to detect an attack can be reduced by classifying the attacker’s knowledge about the system to determine the traces or signatures for the IDS to look for in the audit logs. The adversary’s knowledge of the system can then be used to identify their most likely next steps from the attack graph. A computationally efficient technique to compute the likelihood and impact of each step of an attack is presented. The chapter concludes with a discussion describing the next steps for implementation of these processes in specialized hardware to achieve real-time attack detection.

Download Full-text