97 resultados para Speculative attacks
Resumo:
Increased complexity and interconnectivity of Supervisory Control and Data Acquisition (SCADA) systems in Smart Grids potentially means greater susceptibility to malicious attackers. SCADA systems with legacy communication infrastructure have inherent cyber-security vulnerabilities as these systems were originally designed with little consideration of cyber threats. In order to improve cyber-security of SCADA networks, this paper presents a rule-based Intrusion Detection System (IDS) using a Deep Packet Inspection (DPI) method, which includes signature-based and model-based approaches tailored for SCADA systems. The proposed signature-based rules can accurately detect several known suspicious or malicious attacks. In addition, model-based detection is proposed as a complementary method to detect unknown attacks. Finally, proposed intrusion detection approaches for SCADA networks are implemented and verified using a ruled based method.
Resumo:
Synchrophasor systems will play a crucial role in next generation Smart Grid monitoring, protection and control. However these systems also introduce a multitude of potential vulnerabilities from malicious and inadvertent attacks, which may render erroneous operation or severe damage. This paper proposes a Synchrophasor Specific Intrusion Detection System (SSIDS) for malicious cyber attack and unintended misuse. The SSIDS comprises a heterogeneous whitelist and behavior-based approach to detect known attack types and unknown and so-called ‘zero-day’ vulnerabilities and attacks. The paper describes reconnaissance, Man-in-the-Middle (MITM) and Denial-of-Service (DoS) attack types executed against a practical synchrophasor system which are used to validate the real-time effectiveness of the proposed SSIDS cyber detection method.
Resumo:
Increased complexity and interconnectivity of Supervisory Control and Data Acquisition (SCADA) systems in Smart Grids potentially means greater susceptibility to malicious attackers. SCADA systems with legacy communication infrastructure have inherent cyber-security vulnerabilities as these systems were originally designed with little consideration of cyber threats. In order to improve cyber-security of SCADA networks, this paper presents a rule-based Intrusion Detection System (IDS) using a Deep Packet Inspection (DPI) method, which includes signature-based and model-based approaches tailored for SCADA systems. The proposed signature-based rules can accurately detect several known suspicious or malicious attacks. In addition, model-based detection is proposed as a complementary method to detect unknown attacks. Finally, proposed intrusion detection approaches for SCADA networks are implemented and verified via Snort rules.
Resumo:
The increased interconnectivity and complexity of supervisory control and data acquisition (SCADA) systems in power system networks has exposed the systems to a multitude of potential vulnerabilities. In this paper, we present a novel approach for a next-generation SCADA-specific intrusion detection system (IDS). The proposed system analyzes multiple attributes in order to provide a comprehensive solution that is able to mitigate varied cyber-attack threats. The multiattribute IDS comprises a heterogeneous white list and behavior-based concept in order to make SCADA cybersystems more secure. This paper also proposes a multilayer cyber-security framework based on IDS for protecting SCADA cybersecurity in smart grids without compromising the availability of normal data. In addition, this paper presents a SCADA-specific cybersecurity testbed to investigate simulated attacks, which has been used in this paper to validate the proposed approach.
Resumo:
We consider the problem of self-healing in networks that are reconfigurable in the sense that they can change their topology during an attack. Our goal is to maintain connectivity in these networks, even in the presence of repeated adversarial node deletion, by carefully adding edges after each attack. We present a new algorithm, DASH, that provably ensures that: 1) the network stays connected even if an adversary deletes up to all nodes in the network; and 2) no node ever increases its degree by more than 2 log n, where n is the number of nodes initially in the network. DASH is fully distributed; adds new edges only among neighbors of deleted nodes; and has average latency and bandwidth costs that are at most logarithmic in n. DASH has these properties irrespective of the topology of the initial network, and is thus orthogonal and complementary to traditional topology- based approaches to defending against attack. We also prove lower-bounds showing that DASH is asymptotically optimal in terms of minimizing maximum degree increase over multiple attacks. Finally, we present empirical results on power-law graphs that show that DASH performs well in practice, and that it significantly outperforms naive algorithms in reducing maximum degree increase.
Resumo:
Electron–positron pair plasmas represent a unique state of matter, whereby there exists an intrinsic and complete symmetry between negatively charged (matter) and positively charged (antimatter) particles. These plasmas play a fundamental role in the dynamics of ultra-massive astrophysical objects and are believed to be associated with the emission of ultra-bright gamma-ray bursts. Despite extensive theoretical modelling, our knowledge of this state of matter is still speculative, owing to the extreme difficulty in recreating neutral matter–antimatter plasmas in the laboratory. Here we show that, by using a compact laser-driven setup, ion-free electron–positron plasmas with unique characteristics can be produced. Their charge neutrality (same amount of matter and antimatter), high-density and small divergence finally open up the possibility of studying electron–positron plasmas in controlled laboratory experiments.
Resumo:
Just before the onset of the Younger Dryas (YD) cold event, several stomatal proxy-based pCO2 records have shown a sharp increase in atmospheric CO2 concentration (pCO2) of between ca 50 and 100 ppm, followed by a rapid decrease of similar or even larger magnitude. Here we compare one of these records, a high-resolution pCO2 record from southern Sweden, with the IntCal13 record of radiocarbon (Δ14C). The two records show broadly synchronous fluctuations at the YD onset. Specifically, the IntCal13 record documents decreasing Δ14C just before the YD onset when pCO2 peaks, consistent with a source of “old” CO2 from the deep ocean. We propose that this fluctuation occurred due to a major ocean flushing event. The cause of the flushing event remains speculative but could be related to the hypothesis of the glacial ocean as a thermobaric capacitor. We confirm that the earth system can produce such large multi-decadal timescale fluctuations in pCO2 through simulating an artificial ocean flushing event with the GENIE Earth System Model. We suggest that sharp transitions of pCO2 may have remained undetected so far in ice cores due to inter-firn gas exchange and time-averaging. The stomatal proxy record is a powerful complement to the ice core records for the study of rapid climate change.
Resumo:
In this short paper, we present an integrated approach to detecting and mitigating cyber-attacks to modern interconnected industrial control systems. One of the primary goals of this approach is that it is cost effective, and thus whenever possible it builds on open-source security technologies and open standards, which are complemented with novel security solutions that address the specific challenges of securing critical infrastructures.
Resumo:
This paper argues that biometric verification evaluations can obscure vulnerabilities that increase the chances that an attacker could be falsely accepted. This can occur because existing evaluations implicitly assume that an imposter claiming a false identity would claim a random identity rather than consciously selecting a target to impersonate. This paper shows how an attacker can select a target with a similar biometric signature in order to increase their chances of false acceptance. It demonstrates this effect using a publicly available iris recognition algorithm. The evaluation shows that the system can be vulnerable to attackers targeting subjects who are enrolled with a smaller section of iris due to occlusion. The evaluation shows how the traditional DET curve analysis conceals this vulnerability. As a result, traditional analysis underestimates the importance of an existing score normalisation method for addressing occlusion. The paper concludes by evaluating how the targeted false acceptance rate increases with the number of available targets. Consistent with a previous investigation of targeted face verification performance, the experiment shows that the false acceptance rate can be modelled using the traditional FAR measure with an additional term that is proportional to the logarithm of the number of available targets.
Resumo:
When applying biometric algorithms to forensic verification, false acceptance and false rejection can mean a failure to identify a criminal, or worse, lead to the prosecution of individuals for crimes they did not commit. It is therefore critical that biometric evaluations be performed as accurately as possible to determine their legitimacy as a forensic tool. This paper argues that, for forensic verification scenarios, traditional performance measures are insufficiently accurate. This inaccuracy occurs because existing verification evaluations implicitly assume that an imposter claiming a false identity would claim a random identity rather than consciously selecting a target to impersonate. In addition to describing this new vulnerability, the paper describes a novel Targeted.. FAR metric that combines the traditional False Acceptance Rate (FAR) measure with a term that indicates how performance degrades with the number of potential targets. The paper includes an evaluation of the effects of targeted impersonation on an existing academic face verification system. This evaluation reveals that even with a relatively small number of targets false acceptance rates can increase significantly, making the analysed biometric systems unreliable.
Resumo:
Sport Mega-event hosting faces opposition that is manifested with different intensity during the different phases of the event, from its inception as an idea to its delivery and legacy. Some Social Movements Organisations (SMOs) have acted as indefatigable monitors of the Sustainable Development (SD) dimension of sporting events in general and, in some of the most recent sport mega-events, in particular the Olympics, they have served as important advisors and facilitators. Nevertheless, in many cases we see enthusiastic supporters turning to vehemently challenging whatever positives have been associated with hosting the event. In addition, there is opposition to sport Mega-events in their entirety. That type of opposition tends to employ a holistic prism that manages to identify multiple interconnected negative aspects of hosting a sport mega-event and incorporate them into an anti-systemic discourse. It is important to bear in mind that irrespective of many proclamations to the opposite as far as megas are concerned (projects and/or events), a number of studies have demonstrated that citizen participation and democratic accountability in decision-making have been notoriously absent. After all, the idea of citizen participation in the planning of sport mega-event is essentially the public response to a plan conceived by others. There were, of course, some notable cases of democratic consultation at the early stages of bidding to host a sport mega-event but these more democratic approaches resulted in the failure of the bid (for e.g. Toronto 1996). The knowledge of this by the groups that initiated the hosting idea and the bidding process has led to discouraging in depth public consultation that may fit perfectly to the democratic process but not to the tight schedules of associated projects completion. That produces ‘autocracy against which opposition may arise’ (Hiller, 2000, p. 198). It is this democratic deficit that has led to important instances of social contestation and protest mobilizations by citizen groups as well as the more regular corps of social activists. From a perspective borrowed from the sociology of protest and social movements, sport mega-events hosting can operate as an issue that stimulates protest activities by an existing protest milieu and new actors as well as an important mobilizing resource. In fact, some scholars have also argued that the Olympic Games were an important frame for the transnational activism that was marked by anti-globalization protest in Seattle in 1999 (Cottrell & Nelson, 201; Lenskyj, 2008). In addition, it’s important not to lose sight of other acts dissent that take place in relatively close proximity, about a year before the event when most infrastructural and societal changes brought by hosting the event and impact start to become apparent by the host communities, like the rioting of August 2011 in the London Olympic Boroughs and the 2012 riots of June 2013 in Sao Paulo and other Brazilian cities. This paper starts by outlining the SD claims made in the bidding to host the summer Olympic Games by five prospective hosts (Sydney; Athens; Beijing; London and Rio) proceeds towards examining the opposition and challenges that was manifested in relation to these claims. In Particular it provides an assessment of protest-events over the aforementioned different phases of sport mega-events hosting. A different picture emerges for each of the host nation that is partly explained by local, national and global configuration of protest politics. Whereas the post-event legacy of the first two hosts of the Games can be assessed and that way see the validity of claims made by challengers in the other phases, in the other three cases, the implementation of Olympic Games Impact (OGI) studies offers the tool for discussing the post-event phase for Beijing and London and engage in a speculative exercise for the case of Rio. Judging by available findings, the paper concludes that the SD aspiration made in the bid documents are unlikely to be met and social contestation based on the same issues is likely to increase due to the current global economic crisis and BRICS, like China and Brazil, having entered the process of becoming global economic hegemons.
Resumo:
In 1974, pursuing his interest in the infra-ordinary – ‘the banal, the quotidian, the obvious, the common, the ordinary, the back-ground noise, the habitual’ – Georges Perec wrote about an idea for a novel:
‘I imagine a Parisian apartment building whose façade has been removed … so that all the rooms in the front, from the ground floor up to the attics, are instantly and simultaneously visible’.
In Life A User’s Manual (1978) the consummation of this precis, patterns of existence are measured within architectural space with an archaeological sensibility that sifts through narrative and décor, structure and history, services and emotion, the personal and the system, ascribing commensurate value to each. Borrowing methods from Perec, to move somewhere between conjecture, analysis and other documentation and tracing relationships between form, structure, materiality, technology, organisation, tenure and narrative use, this paper interrogates the late twentieth-century speculative apartment block in Britain and Ireland arguing that its speculative and commodified purpose often allows a series of lives that are less than ordinary to inhabit its spaces.
Resumo:
The next-generation smart grid will rely highly on telecommunications infrastructure for data transfer between various systems. Anywhere we have data transfer in a system is a potential security threat. When we consider the possibility of smart grid data being at the heart of our critical systems infrastructure it is imperative that we do all we can to ensure the confidentiality, availability and integrity of the data. A discussion on security itself is outside the scope of this paper, but if we assume the network to be as secure as possible we must consider what we can do to detect when that security fails, or when the attacks comes from the inside of the network. One way to do this is to setup a hacker-trap, or honeypot. A honeypot is a device or service on a network which appears legitimate, but is in-fact a trap setup to catch breech attempts. This paper identifies the different types of honeypot and describes where each may be used. The authors have setup a test honeypot system which has been live for some time. The test system has been setup to emulate a device on a utility network. The system has had many hits, which are described in detail by the authors. Finally, the authors discuss how larger-scale systems in utilities may benefit from honeypot placement.
Resumo:
While virtualisation can provide many benefits to a networks infrastructure, securing the virtualised environment is a big challenge. The security of a fully virtualised solution is dependent on the security of each of its underlying components, such as the hypervisor, guest operating systems and storage.
This paper presents a single security service running on the hypervisor that could potentially work to provide security service to all virtual machines running on the system. This paper presents a hypervisor hosted framework which performs specialised security tasks for all underlying virtual machines to protect against any malicious attacks by passively analysing the network traffic of VMs. This framework has been implemented using Xen Server and has been evaluated by detecting a Zeus Server setup and infected clients, distributed over a number of virtual machines. This framework is capable of detecting and identifying all infected VMs with no false positive or false negative detection.
Resumo:
Ischaemic strokes evoke blood-brain barrier (BBB) disruption and oedema formation through a series of mechanisms involving Rho-kinase activation. Using an animal model of human focal cerebral ischaemia, this study assessed and confirmed the therapeutic potential of Rho-kinase inhibition during the acute phase of stroke by displaying significantly improved functional outcome and reduced cerebral lesion and oedema volumes in fasudil- versus vehicle-treated animals. Analyses of ipsilateral and contralateral brain samples obtained from mice treated with vehicle or fasudil at the onset of reperfusion plus 4 h post-ischaemia or 4 h post-ischaemia alone revealed these benefits to be independent of changes in the activity and expressions of oxidative stress- and tight junction-related parameters. However, closer scrutiny of the same parameters in brain microvascular endothelial cells subjected to oxygen-glucose deprivation ± reperfusion revealed marked increases in prooxidant NADPH oxidase enzyme activity, superoxide anion release and in expressions of antioxidant enzyme catalase and tight junction protein claudin-5. Cotreatment of cells with Y-27632 prevented all of these changes and protected in vitro barrier integrity and function. These findings suggest that inhibition of Rho-kinase after acute ischaemic attacks improves cerebral integrity and function through regulation of endothelial cell oxidative stress and reorganization of intercellular junctions. Inhibition of Rho-kinase (ROCK) activity in a mouse model of human ischaemic stroke significantly improved functional outcome while reducing cerebral lesion and oedema volumes compared to vehicle-treated counterparts. Studies conducted with brain microvascular endothelial cells exposed to OGD ± R in the presence of Y-27632 revealed restoration of intercellular junctions and suppression of prooxidant NADPH oxidase activity as important factors in ROCK inhibition-mediated BBB protection.
