| 1. |
-
- 2019
-
Tidskriftsartikel (refereegranskat)
|
|
| 2. |
- Mink, Janos, et al.
(författare)
-
Vibrational properties of -KSiH3 and -RbSiH3 : a combined Raman and inelastic neutron scattering study
- 2017
-
Ingår i: Journal of Raman Spectroscopy. - : Wiley. - 0377-0486 .- 1097-4555. ; 48:2, s. 284-291
-
Tidskriftsartikel (refereegranskat)abstract
- The hydrogen storage materials ASiH(3) (A=K and Rb) represent complex metal hydrides built from metal cations and pyramidal SiH3- ions. At room temperature, SiH3- moieties are randomly oriented because of dynamical disorder (-modifications). At temperatures below 200K, ASiH(3) exist as ordered low-temperature () modifications. The vibrational properties of -ASiH(3) were characterized by a combination of Raman spectroscopy and inelastic neutron scattering. Internal modes of SiH3- are observed in the spectral range 1800-1900cm(-1) (stretching modes) and 890-1000cm(-1) (bending modes). External modes are observed below 500cm(-1). Specifically, SiH3- librations are between 300-450cm(-1) and 270-400cm(-1) for A=K and Rb, respectively, SiH3- translations are between 95 and 160cm(-1), K+ translations are in the range 60-100cm(-1) and Rb+ translations in the range 50-70cm(-1). The red-shift of libration modes for A=Rb is associated with a 15-30% reduction of the libration force constants of SiH3- ions in -RbSiH3. This correlates with a lower temperature for the - order-disorder phase transition (278 vs 298K). Libration modes become significantly anharmonic with increasing temperature but are maintained up to at least 200K. The vibrational properties of ASiH(3) compare well to those of alkali metal borohydrides ABH(4) (A=Na-Cs).
|
|
| 3. |
- Nedumkandathil, Reji, et al.
(författare)
-
Investigation of the Order–Disorder Rotator Phase Transition in KSiH3 and RbSiH3
- 2017
-
Ingår i: The Journal of Physical Chemistry C. - : American Chemical Society (ACS). - 1932-7447 .- 1932-7455. ; 121:9, s. 5241-5252
-
Tidskriftsartikel (refereegranskat)abstract
- The β–α (order–disorder) transition in the silanides ASiH3 (A = K, Rb) was investigated by multiple techniques, including neutron powder diffraction (NPD, on the corresponding deuterides), Raman spectroscopy, heat capacity (Cp), solid-state 2H NMR spectroscopy, and quasi-elastic neutron scattering (QENS). The crystal structure of α-ASiH3 corresponds to a NaCl-type arrangement of alkali metal ions and randomly oriented, pyramidal, SiH3– moieties. At temperatures below 200 K ASiH3 exist as hydrogen-ordered (β) forms. Upon heating the transition occurs at 279(3) and 300(3) K for RbSiH3 and KSiH3, respectively. The transition is accompanied by a large molar volume increase of about 14%. The Cp(T) behavior is characteristic of a rotator phase transition by increasing anomalously above 120 K and displaying a discontinuous drop at the transition temperature. Pronounced anharmonicity above 200 K, mirroring the breakdown of constraints on SiH3– rotation, is also seen in the evolution of atomic displacement parameters and the broadening and eventual disappearance of libration modes in the Raman spectra. In α-ASiH3, the SiH3– anions undergo rotational diffusion with average relaxation times of 0.2–0.3 ps between successive H jumps. The first-order reconstructive phase transition is characterized by a large hysteresis (20–40 K). 2H NMR revealed that the α-form can coexist, presumably as 2–4 nm (sub-Bragg) sized domains, with the β-phase below the phase transition temperatures established from Cp measurements. The reorientational mobility of H atoms in undercooled α-phase is reduced, with relaxation times on the order of picoseconds. The occurrence of rotator phases α-ASiH3 near room temperature and the presence of dynamical disorder even in the low-temperature β-phases imply that SiH3– ions are only weakly coordinated in an environment of A+ cations. The orientational flexibility of SiH3– can be attributed to the simultaneous presence of a lone pair and (weakly) hydridic hydrogen ligands, leading to an ambidentate coordination behavior toward metal cations.
|
|
| 4. |
- Kranak, Verina F., et al.
(författare)
-
Structural and Vibrational Properties of Silyl (SiH3-) Anions in KSiH3 and RbSiH3 : New Insight into Si-H Interactions
- 2015
-
Ingår i: Inorganic Chemistry. - : American Chemical Society (ACS). - 0020-1669 .- 1520-510X. ; 54:5, s. 2300-2309
-
Tidskriftsartikel (refereegranskat)abstract
- The alkali metal silyl hydrides ASiH(3) (A = K, Rb) and their deuteride analogues were prepared from the Zintl phases ASi. The crystal structures of ASiH(3) consist of metal cations and pyramidal SiH3 ions. At room temperature SiH3 moieties are randomly oriented (alpha modifications). At temperatures below 200 K ASiH(3) exist as ordered low-temperature (beta) modifications. Structural and vibrational properties of SiH3- in ASiH(3) were characterized by a combination of neutron total scattering experiments, infrared and Raman spectroscopy, as well as density functional theory calculations. In disordered alpha-ASiH(3) SiH3 ions relate closely to freely rotating moieties with C(3)v symmetry (Si-H bond length = 1.52 angstrom; HSiH angle 92.2 degrees). Observed stretches and bends are at 1909/1903 cm(-1) (nu(1), A(1)), 1883/1872 cm(-1) (nu(3), E), 988/986 cm(-1) (nu(4), E), and 897/894 cm(-1) (nu(2), A(1)) for A = K/Rb. In ordered beta-ASiH(3) silyl anions are slightly distorted with respect to their ideal C-3v symmetry. Compared to a-ASiH(3) the molar volume is by about 15% smaller and the SiH stretching force constant is reduced by 4%. These peculiarities are attributed to reorientational dynamics of SiH3 anions in a-ASiH(3). SiH stretching force constants for SiH3 moieties in various environments fall in a range from 1.9 to 2.05 N cm(-1). These values are considerably smaller compared to silane, SiH4 (2.77 N cm(-1)). The reason for the drastic reduction of bond strength in SiH3- remains to be explored.
|
|
| 5. |
- Lin, Chih-Yuan, 1987-, et al.
(författare)
-
A Comparative Analysis of Emulated and Real IEC-104 Spontaneous Traffic in Power System Networks
- 2021
-
Ingår i: Cyber-Physical Security for Critical Infrastructures Protection. - Cham : Springer International Publishing. - 9783030697808 - 9783030697815 ; , s. 207-223
-
Konferensbidrag (refereegranskat)abstract
- Supervisory and Data Acquisition (SCADA) systems control and monitor modern power networks. As attacks targeting SCADA systems are increasing, significant research is conducted to defend SCADA networks including variations of anomaly detection. Due to the sensitivity of real data, many defence mechanisms have been tested only in small testbeds or emulated traffic that were designed with assumptions on how SCADA systems behave. This work provides a timing characterization of IEC-104 spontaneous traffic and compares the results from emulated traffic and real traffic to verify if the network characteristics appearing in testbeds and emulated traffic coincide with real traffic. Among three verified characteristics, two of them appear in the real dataset but in a less regular way, and one does not appear in the collected real data. The insights from these observations are discussed in terms of presumed differences between emulated and real traffic and how those differences are generated.
|
|
| 6. |
- Lin, Chih-Yuan, 1987-
(författare)
-
A timing approach to network-based anomaly detection for SCADA systems
- 2020
-
Licentiatavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Supervisory Control and Data Acquisition (SCADA) systems control and monitor critical infrastructure in society, such as electricity transmission and distribution systems. Modern SCADA systems are increasingly adopting open architectures, protocols, and standards and being connected to the Internet to enable remote control. A boost in sophisticated attacks against SCADA systems makes SCADA security a pressing issue. An Intrusion Detection System (IDS) is a security countermeasure that monitors a network and tracks unauthenticated activities inside the network. Most commercial IDSs used in general IT systems are signature-based, by which an IDS compares the system behaviors with known attack patterns. Unfortunately, recent attacks against SCADA systems exploit zero-day vulnerabilities in SCADA devices which are undetectable by signature-based IDSs.This thesis aims to enhance SCADA system monitoring by anomaly detection that models normal behaviors and finds deviations from the model. With anomaly detection, zero-day attacks are possible to detect. We focus on modeling the timing attributes of SCADA traffic for two reasons: (1) the timing regularity fits the automation nature of SCADA systems, and (2) the timing information (i.e., arrival time) of a packet is captured and sent by a network driver where an IDS is located. Hence, it’s less prone to intentional manipulation by an attacker, compared to the payload of a packet.This thesis first categorises SCADA traffic into two groups, request-response and spontaneous traffic, and studies data collected in three different protocol formats (Modbus, Siemens S7, and IEC-60870-5-104). The request-response traffic is generated by a polling mechanism. For this type of traffic, we model the inter-arrival times for each command and response pair with a statistical approach. Results presented in this thesis show that request-response traffic exists in several SCADA traffic sets collected from systems with different sizes and settings. The proposed statistical approach for request-response traffic can detect attacks having subtle changes in timing, such as a single packet insertion and TCP prediction for two of the three SCADA protocols studied.The spontaneous traffic is generated by remote terminal units when they see significant changes in measurement values. For this type of traffic, we first use a pattern mining approach to find the timing characteristics of the data. Then, we model the suggested attributes with machine learning approaches and run it on traffic collected in a real power facility. We test our anomaly detection model with two types of attacks. One causes persistent anomalies and another only causes intermittent ones. Our anomaly detector exhibits a 100% detection rate with at most 0.5% false positive rate for the attacks with persistent anomalies. For the attacks with intermittent anomalies, we find our approach effective when (1) the anomalies last for a longer period (over 1 hour), or (2) the original traffic has relatively low volume.
|
|
| 7. |
- Lin, Chih-Yuan, 1987-
(författare)
-
Network-based Anomaly Detection for SCADA Systems : Traffic Generation and Modeling
- 2022
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Supervisory Control and Data Acquisition (SCADA) systems control and monitor critical infrastructure in society, such as electricity transmission and distribution systems. Modern SCADA systems are increasingly adopting open standards and being connected to the Internet to enable remote control. A boost in sophisticated attacks against SCADA systems makes SCADA security a pressing issue. An Intrusion Detection System (IDS) is a security countermeasure that monitors a network and tracks unauthenticated activities inside the network. Most commercial IDSs used in general IT systems are signature-based, by which an IDS compares the system behaviors with known attack patterns. Unfortunately, recent attacks against SCADA systems exploit zero-day vulnerabilities which are undetectable by signature-based IDSs. This thesis aims to enhance SCADA system monitoring by network-based anomaly detection that models normal behaviors and finds deviations from the model. With network-based anomaly detection, zero-day attacks are possible to detect. There are two main challenges for network-based anomaly detection. The first challenge is the potentially large number of false positives coming from benign traffic that just deviates from the trained model due to the noises. To address this challenge, this thesis proposes several traffic modeling approaches based on statistics and machine learning techniques for the regular communication patterns in SCADA traffic. The second challenge is the lack of open datasets to evaluate the proposed approaches. Consequently, this thesis proposes a traffic generation framework. For traffic modeling, this thesis first categorises SCADA traffic into two groups, request-response and non-requested traffic, and studies data collected in a diverse set of protocol for-mats (Modbus, Siemens S7, S7+, MMS, IEC-60870-5-104). The request-response traffic is generated by a polling mechanism. For this type of traffic, we model the inter-arrival times for each request and response pair with a statistical approach. Results presented in this thesis show that request-response traffic exists in several SCADA traffic sets collected from systems with different sizes and settings. The proposed statistical approach for request-response traffic can detect attacks having subtle changes in timing. The non-requested traffic is generated by remote terminal units at predefined times or when they see significant changes in measurement values. For this type of traffic, we first use a pattern mining approach to find the timing characteristics of the data. Then, we model the suggested attributes with machine learning approaches. We test our anomaly detection model with two types of attacks. One causes persistent anomalies and another only causes intermittent ones. Our anomaly detector exhibits a 100% detection rate with at most 0.5% false positive rate for the attacks with persistent anomalies. For the attacks with intermittent anomalies, we find our approach effective when anomalous patterns last for a longer period (over 30 minutes). For traffic generation, this thesis conducts a comparative analysis between network traces collected from testbeds and a real power utility. The analysis shows that the testbed traffic may be prone to overly regular patterns. This is considered to be the result of lack of plausible human interactions within the testbed. Therefore, this thesis proposes a traffic generation framework built upon a virtual testbed. The framework provides programmable BOTs to mimic human activities such as commands from the operators and attacks.
|
|
| 8. |
- Lin, Chih-Yuan, 1987-, et al.
(författare)
-
RICSel21 Data Collection : Attacks in a Virtual Power Network
- 2021
-
Ingår i: 2021 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm). - : Institute of Electrical and Electronics Engineers (IEEE). - 9781665430449 - 9781665415026 ; , s. 201-206
-
Konferensbidrag (refereegranskat)abstract
- Attacks against Supervisory Control and Data Acquisition (SCADA) systems operating critical infrastructures have increased since the appearance of Stuxnet. To defend critical infrastructures, security researchers need realistic datasets to evaluate and benchmark their defense mechanisms such as Anomaly Detection Systems (ADS). However, real-world data collected from critical infrastructures are too sensitive to share openly. Therefore, testbed datasets have become a viable option to balance the requirement of openness and realism. This study provides a data generation framework based on a virtual testbed with a commercial SCADA system and presents an openly available dataset called RICSel21, with packets in IEC-60870-5-104 protocol streams. The dataset is the result of performing 12 attacks, identifying the impact of attacks on a power management system and recording the logs of the seven successful attacks.
|
|
| 9. |
- Lin, Chih-Yuan, 1987-, et al.
(författare)
-
Timing-Based Anomaly Detection in SCADA Networks
- 2018
-
Ingår i: Critical Information Infrastructures Security. - Cham : Springer. - 9783319998428 - 9783319998435 ; , s. 48-59
-
Konferensbidrag (refereegranskat)abstract
- Supervisory Control and Data Acquisition (SCADA) systems that operate our critical infrastructures are subject to increased cyber attacks. Due to the use of request-response communication in polling, SCADA traffic exhibits stable and predictable communication patterns. This paper provides a timing-based anomaly detection system that uses the statistical attributes of the communication patterns. This system is validated with three datasets, one generated from real devices and two from emulated networks, and is shown to have a False Positive Rate (FPR) under 1.4%. The tests are performed in the context of three different attack scenarios, which involve valid messages so they cannot be detected by whitelisting mechanisms. The detection accuracy and timing performance are adequate for all the attack scenarios in request-response communications. With other interaction patterns (i.e. spontaneous communications), we found instead that 2 out of 3 attacks are detected.
|
|
| 10. |
- Lin, Chih-Yuan, 1987-, et al.
(författare)
-
Timing Patterns and Correlations in Spontaneous SCADA Traffic for Anomaly Detection
- 2019
-
Ingår i: PROCEEDINGS OF THE 22ND INTERNATIONAL SYMPOSIUM ON RESEARCH IN ATTACKS, INTRUSIONS AND DEFENSES. - : USENIX - The Advanced Computing Systems Association. - 9781939133076 ; , s. 73-88
-
Konferensbidrag (refereegranskat)abstract
- Supervisory Control and Data Acquisition (SCADA) systems operate critical infrastructures in our modern society despite their vulnerability to attacks and misuse. There are several anomaly detection systems based on the cycles of polling mechanisms used in SCADA systems, but the feasibility of anomaly detection systems based on non-polling traffic, so called spontaneous events, is not well-studied. This paper presents a novel approach to modeling the timing characteristics of spontaneous events in an IEC-60870-5-104 network and exploits the model for anomaly detection. The system is tested with a dataset from a real power utility with injected timing effects from two attack scenarios. One attack causes timing anomalies due to persistent malfunctioning in the field devices, and the other generates intermittent anomalies caused by malware on the field devices, which is considered as stealthy. The detection accuracy and timing performance are promising for all the experiments with persistent anomalies. With intermittent anomalies, we found that our approach is effective for anomalies in low-volume traffic or attacks lasting over 1 hour.
|
|
