| 1. |
|
|
| 2. |
- Almgren, Magnus, 1972, et al.
(författare)
-
RICS-el : Building a national testbed for research and training on SCADA security (short paper)
- 2019
-
Ingår i: Lect. Notes Comput. Sci.. - Cham : Springer Nature. ; 11260 LNCS, s. 219-225, s. 219-225
-
Konferensbidrag (refereegranskat)abstract
- Trends show that cyber attacks targeting critical infrastructures are increasing, but security research for protecting such systems are challenging. There is a gap between the somewhat simplified models researchers at universities can sustain contra the complex systems at infrastructure owners that seldom can be used for direct research. There is also a lack of common datasets for research benchmarking. This paper presents a national experimental testbed for security research within supervisory control and data acquisition systems (SCADA), accessible for both research training and experiments. The virtualized testbed has been designed and implemented with both vendor experts and security researchers to balance the goals of realism with specific research needs. It includes a real SCADA product for energy management, a number of network zones, substation nodes, and a simulated power system. This environment enables creation of scenarios similar to real world utility scenarios, attack generation, development of defence mechanisms, and perhaps just as important: generating open datasets for comparative research evaluation.
|
|
| 3. |
- Mages, Tobias, et al.
(författare)
-
Towards an information-theoretic framework of intrusion detection for composed systems and robustness analyses
- 2022
-
Ingår i: Computers and Security. - : Elsevier BV. - 0167-4048 .- 1872-6208. ; 116
-
Tidskriftsartikel (refereegranskat)abstract
- Network-based Intrusion Detection Systems (NIDSs) are an important mechanism to identify malicious behaviour or policy violations within a network. Such detection systems typically face several challenges, among which are the base-rate fallacy and the resilience against adaptive adversaries. These challenges are often countered in modern NIDSs by combining multiple detection systems to diversify the used feature levels or utilize the advantages of multiple detection methods. However, currently there exists no suitable framework for a detailed analysis of such composed systems. Therefore, the contribution of this work is an evaluation framework for composed systems, which builds on previous information-theoretic approaches and highlights the utility of information-theoretic redundancies for robustness evaluations. This framework enables an attribution of the overall system performance to its individual components, to fine-tune parameters and to study the dynamics between classifiers. The versatility of the framework is demonstrated by designing and evaluating a composed NIDS example based on systems described in the literature and using an open data set. Studying the impact of an evasion attempt with adversarial examples on this system highlighted the importance of robustness against false-alarms as well as detection evasion. Moreover, the framework enables general insights on how to improve the design of composed NIDSs: based on the dynamics between classifiers, it can be shown that optimizing the operation point of each component individually does not necessarily maximize the overall system performance from an information-theoretic perspective. Additionally, it can be shown that existing classification redundancies might not be fully utilized during an attack on the NIDS components, due to a static system design.
|
|
| 4. |
- Rosenstatter, Thomas, 1992, et al.
(författare)
-
V2C: A Trust-Based Vehicle to Cloud Anomaly Detection Framework for Automotive Systems
- 2021
-
Ingår i: ACM International Conference Proceeding Series. - New York, NY, USA : ACM. ; , s. 1-10
-
Konferensbidrag (refereegranskat)abstract
- Vehicles have become connected in many ways. They communicate with the cloud and will use Vehicle-to-Everything (V2X) communication to exchange warning messages and perform cooperative actions such as platooning. Vehicles have already been attacked and will become even more attractive targets due to their increasing connectivity, the amount of data they produce and their importance to our society. It is therefore crucial to provide cyber security measures to prevent and limit the impact of attacks. As it is problematic for a vehicle to reliably assess its own state when it is compromised, we investigate how vehicle trust can be used to identify compromised vehicles and how fleet-wide attacks can be detected at an early stage using cloud data. In our proposed V2C Anomaly Detection framework, peer vehicles assess each other based on their perceived behavior in traffic and V2X-enabled interactions, and upload these assessments to the cloud for analysis. This framework consists of four modules. For each module we define functional demands, interfaces and evaluate solutions proposed in literature allowing manufacturers and fleet owners to choose appropriate techniques. We detail attack scenarios where this type of framework is particularly useful in detecting and identifying potential attacks and failing software and hardware. Furthermore, we describe what basic vehicle data the cloud analysis can be based upon.
|
|
| 5. |
- Almgren, Magnus, 1972, et al.
(författare)
-
Cybersecurity in the Smart Grid
- 2013
-
Ingår i: Chalmers Energy Conference 2013.
-
Konferensbidrag (övrigt vetenskapligt/konstnärligt)
|
|
| 6. |
- Almgren, Magnus, 1972, et al.
(författare)
-
CPSIoTSec'23: Fifth Workshop on CPS & IoT Security and Privacy
- 2023
-
Ingår i: CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. ; , s. 3648-3650
-
Konferensbidrag (refereegranskat)abstract
- The fifth Workshop on CPS & IoT Security and Privacy is set to take place in Copenhagen, Denmark, on November 26, 2023, in conjunction with the ACM Conference on Computer and Communications Security (CCS'23). This workshop marks the amalgamation of two workshops held in 2019: one focused on the security and privacy of cyber-physical systems, while the other one centered on the security and privacy of IoT. The primary objective of this workshop is to create a collaborative forum that brings together academia, industry experts, and governmental entities, encouraging them to contribute cutting-edge research, share demonstrations or hands-on experiences, and engage in discussions. This year, our call for contributions encompassed a broad spectrum, including mature research papers, work in progress submissions, and Systematization of Knowledge papers. The workshop program includes five full-length papers on the security and privacy of CPS/IoT, alongside five shorter papers that present original work-in-progress. Furthermore, the workshop will feature two distinguished keynote presentation, offering insights into the field, and a demonstration to provide a practical dimension to the discussions. The complete CPSIoTSec'23 workshop proceedings are available at: https://dl.acm.org/doi/proceedings/10.1145/3605758.
|
|
| 7. |
- Gulisano, Vincenzo Massimiliano, 1984, et al.
(författare)
-
METIS: a Two-Tier Intrusion Detection System for Advanced Metering Infrastructures
- 2015
-
Ingår i: Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering. - Cham : Springer International Publishing. - 1867-8211 .- 1867-822X. ; 153, s. 51-68
-
Konferensbidrag (refereegranskat)abstract
- In the shift from traditional to cyber-physical electric grids, motivated by the needs for improved energy efficiency, Advanced Metering Infrastructures have a key role. However, together with the enabled possibilities, they imply an increased threat surface on the systems. Challenging aspects such as scalable traffic analysis, timely detection of malicious activity and intuitive ways of specifying detection mechanisms for possible adversary goals are among the core problems in this domain. Aiming at addressing the above, we present METIS, a two-tier streaming-based intrusion detection framework. METIS relies on probabilistic models for detection and is designed to detect challenging attacks in which adversaries aim at being unnoticed. Thanks to its two-tier architecture, it eases the modeling of possible adversary goals and allows for a fully distributed and parallel traffic analysis through the data streaming processing paradigm. At the same time, it allows for complementary intrusion detection systems to be integrated in the framework. We demonstrate METIS’ use and functionality through an energy exfiltration use-case, in which an adversary aims at stealing energy information from AMI users. Based on a prototype implementation using the Storm Stream Processing Engine and a very large dataset from a real-world AMI, we show that METIS is not only able to detect such attacks, but that it can also handle large volumes of data even when run on commodity hardware.
|
|
| 8. |
- Gulisano, Vincenzo Massimiliano, 1984, et al.
(författare)
-
When Smart Cities meet Big Data
- 2014
-
Ingår i: ERCIM news. - 1564-0094. ; 98
-
Tidskriftsartikel (övrigt vetenskapligt/konstnärligt)
|
|
| 9. |
- Stylianopoulos, Charalampos, 1991, et al.
(författare)
-
CLort: High Throughput and Low Energy Network Intrusion Detection on IoT Devices with Embedded GPUs
- 2018
-
Ingår i: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). - Cham : Springer International Publishing. - 1611-3349 .- 0302-9743. ; 11252, s. 187-202
-
Konferensbidrag (refereegranskat)abstract
- While IoT is becoming widespread, cyber security of its devices is still a limiting factor where recent attacks (e.g., the Mirai bot-net) underline the need for countermeasures. One commonly-used security mechanism is a Network Intrusion Detection System (NIDS), but the processing need of NIDS has been a significant bottleneck for large dedicated machines, and a show-stopper for resource-constrained IoT devices. However, the topologies of IoT are evolving, adding intermediate nodes between the weak devices on the edges and the powerful cloud in the center. Also, the hardware of the devices is maturing, with new CPU instruction sets, caches as well as co-processors. As an example, modern single board computers, such as the Odroid XU4, come with integrated Graphics Processing Units (GPUs) that support general purpose computing. Even though using all available hardware efficiently is still an open issue, it has the promise to run NIDS more efficiently. In this work we introduce CLort, an extension to the well-known NIDS Snort that a) is designed for IoT devices b) alleviates the burden of pattern matching for intrusion detection by offloading it to the GPU. We thoroughly explain how our design is used as part of the latest release of Snort and suggest various optimizations to enable processing on the GPU. We evaluate CLort in regards to throughput, packet drops in Snort, and power consumption using publicly available traffic traces. CLort achieves up to 52% faster processing throughput than its CPU counterpart. CLort can also analyze up to 12% more packets than its CPU counterpart when sniffing a network. Finally, the experimental evaluation shows that CLort consumes up to 32% less energy than the CPU counterpart, an important consideration for IoT devices.
|
|
| 10. |
- Stylianopoulos, Charalampos, 1991, et al.
(författare)
-
Co-Evaluation of Pattern Matching Algorithms on IoT Devices with Embedded GPUs
- 2019
-
Ingår i: ACM International Conference Proceeding Series. - New York, NY, USA : ACM. ; 2019-January, s. 17-27
-
Konferensbidrag (refereegranskat)abstract
- Pattern matching is an important building block for many security applications, including Network Intrusion Detection Systems (NIDS). As NIDS grow in functionality and complexity, the time overhead and energy consumption of pattern matching become a significant consideration that limits the deployability of such systems, especially on resource-constrained devices. On the other hand, the emergence of new computing platforms, such as embedded devices with integrated, general-purpose Graphics Processing Units (GPUs), brings new, interesting challenges and opportunities for algorithm design in this setting: how to make use of new architectural features and how to evaluate their effect on algorithm performance. Up to now, work that focuses on pattern matching for such platforms has been limited to specific algorithms in isolation. In this work, we present a systematic and comprehensive benchmark that allows us to co-evaluate both existing and new pattern matching algorithms on heterogeneous devices equipped with embedded GPUs, suitable for medium- to high-level IoT deployments. We evaluate the algorithms on such a heterogeneous device, in close connection with the architectural features of the platform and provide insights on how these features affect the algorithms' behavior. We find that, in our target embedded platform, GPU-based pattern matching algorithms have competitive performance compared to the CPU and consume half as much energy as the CPU-based variants. Based on these insights, we also propose HYBRID, a new pattern matching approach that efficiently combines techniques from existing approaches and outperforms them by 1.4x, across a range of realistic and synthetic data sets. Our benchmark details the effect of various optimizations, thus providing a path forward to make existing security mechanisms such as NIDS deployable on IoT devices.
|
|
