Contextual Intrusion Alerts for SCADA Networks

The complexity of modern SCADA networks and their associated cyber-attacks requires an expressive but flexible manner for representing both domain knowledge and collected intrusion alerts with the ability to integrate them for enhanced analytical capabilities and better understanding of attacks. This paper proposes an ontology-based approach for contextualized intrusion alerts in SCADA networks. In this approach, three security ontologies were developed to represent and store information on intrusion alerts, Modbus communications, and Modbus attack descriptions. This information is correlated into enriched intrusion alerts using simple ontology logic rules written in Semantic Query-Enhanced Web Rules (SQWRL). The contextualized alerts give analysts the means to better understand evolving attacks and to uncover the semantic relationships between sequences of individual attack events. The proposed system is illustrated by two use case scenarios.

Analysis of information leakage from encrypted Skype conversations

Voice over IP (VoIP) has experienced a tremendous growth over the last few years and is now widely used among the population and for business purposes. The security of such VoIP systems is often assumed, creating a false sense of privacy. This paper investigates in detail the leakage of information from Skype, a widely used and protected VoIP application. Experiments have shown that isolated phonemes can be classified and given sentences identified. By using the dynamic time warping (DTW) algorithm, frequently used in speech processing, an accuracy of 60% can be reached. The results can be further improved by choosing specific training data and reach an accuracy of 83% under specific conditions. The initial results being speaker dependent, an approach involving the Kalman filter is proposed to extract the kernel of all training signals.

Swarm scheduling approaches for work-flow applications with security constraints in distributed data-intensive computing environments

The scheduling problem in distributed data-intensive computing environments has become an active research topic due to the tremendous growth in grid and cloud computing environments. As an innovative distributed intelligent paradigm, swarm intelligence provides a novel approach to solving these potentially intractable problems. In this paper, we formulate the scheduling problem for work-flow applications with security constraints in distributed data-intensive computing environments and present a novel security constraint model. Several meta-heuristic adaptations to the particle swarm optimization algorithm are introduced to deal with the formulation of efficient schedules. A variable neighborhood particle swarm optimization algorithm is compared with a multi-start particle swarm optimization and multi-start genetic algorithm. Experimental results illustrate that population based meta-heuristics approaches usually provide a good balance between global exploration and local exploitation and their feasibility and effectiveness for scheduling work-flow applications. © 2010 Elsevier Inc. All rights reserved.