Multi-Attribute SCADA-Specific Intrusion Detection System for Power Networks

The increased interconnectivity and complexity of supervisory control and data acquisition (SCADA) systems in power system networks has exposed the systems to a multitude of potential vulnerabilities. In this paper, we present a novel approach for a next-generation SCADA-specific intrusion detection system (IDS). The proposed system analyzes multiple attributes in order to provide a comprehensive solution that is able to mitigate varied cyber-attack threats. The multiattribute IDS comprises a heterogeneous white list and behavior-based concept in order to make SCADA cybersystems more secure. This paper also proposes a multilayer cyber-security framework based on IDS for protecting SCADA cybersecurity in smart grids without compromising the availability of normal data. In addition, this paper presents a SCADA-specific cybersecurity testbed to investigate simulated attacks, which has been used in this paper to validate the proposed approach.

Layered RF Phantom Characterization for Wireless Medical Vital Sign Monitors

Wearable antenna performance measurements were used to characterize a synthetic variable layered phantom testbed, representative of human tissue for operation in the 868/915 MHz, and 2400 MHz industrial, scientific and medical frequency bands. Antenna radiation efficiency measurements on the phantom were compared with measurements on the thorax region of a human test subject. The results show that the phantom is representative of the human body for the application of wireless vital sign monitors, where conductive connections are made to the tissue.

Stochastic Analysis of Saltwater Intrusion in Heterogeneous Aquifers using Local Average Subdivision

This study investigates the effects of ground heterogeneity, considering permeability as a random variable, on an intruding SW wedge using Monte Carlo simulations. Random permeability fields were generated, using the method of Local Average Subdivision (LAS), based on a lognormal probability density function. The LAS method allows the creation of spatially correlated random fields, generated using coefficients of variation (COV) and horizontal and vertical scales of fluctuation (SOF). The numerical modelling code SUTRA was employed to solve the coupled flow and transport problem. The well-defined 2D dispersive Henry problem was used as the test case for the method. The intruding SW wedge is defined by two key parameters, the toe penetration length (TL) and the width of mixing zone (WMZ). These parameters were compared to the results of a homogeneous case simulated using effective permeability values. The simulation results revealed: (1) an increase in COV resulted in a seaward movement of TL; (2) the WMZ extended with increasing COV; (3) a general increase in horizontal and vertical SOF produced a seaward movement of TL, with the WMZ increasing slightly; (4) as the anisotropic ratio increased the TL intruded further inland and the WMZ reduced in size. The results show that for large values of COV, effective permeability parameters are inadequate at reproducing the effects of heterogeneity on SW intrusion.

Experimental Investigation of Transient Saltwater Intrusion in Heterogeneous Porous Media

A 2D sandbox style experiment was developed to compare the results of numerical modelling to physical testing for saltwater intrusion in homogeneous and heterogeneous aquifers. The sandbox consisted of a thin central viewing chamber filled with glass beads of varying diameters (780μm, 1090μm and 1325μm) under fully saturated conditions. Dyed saltwater (SW) was introduced at the side boundary and a head difference imposed across the porous media. Images of the SW wedge were recorded at intervals in order to assess the suitability of the numerical models predictions of transient SW intrusion. Numerical modelling of the experimental cases were simulated using SUTRA. Two main parameters were chosen to express the condition of the intruding SW wedge at each recorded time step; the toe penetration length (TL) and the width of the mixing zone (WMZ). The WMZ was larger under transient conditions in the heterogeneous case, while the TL was longer for the homogeneous case. The increased variability in the flow field fo the heterogeneous case resulted in increased dispersion, and thus, increased WMZ.

Stateful Intrusion Detection for IEC 60870-5-104 SCADA Security

Cyber threats in Supervisory Control and Data Acquisition (SCADA) systems have the potential to render physical damage and jeopardize power system operation, safety and stability. SCADA systems were originally designed with little consideration of escalating cyber threats and hence the problem of how to develop robust intrusion detection technologies to tailor the requirements of SCADA is an emerging topic and a big challenge. This paper proposes a stateful Intrusion Detection System (IDS) using a Deep Packet Inspection (DPI) method to improve the cyber-security of SCADA systems using the IEC 60870-5-104 protocol which is tailored for basic telecontrol communications. The proposed stateful protocol analysis approach is presented that is designed specifically for the IEC 60870-5-104 protocol. Finally, the novel intrusion detection approach are implemented and validated.

Ferroelectricity in epitaxial pulsed laser deposited bismuth-layered perovskite thin films of different crystallographic orientations

Epitaxial thin films Of various bismuth-layered perovskites SrBi(2)Ta(2)O(9), Bi(4)Ti(3)O(12), BaBi(4)Ti(4)O(15), and Ba(2)Bi(4)Ti(5)O(18) were deposited by pulsed laser deposition onto epitaxial conducting LaNiO(3) or SrRuO(3) electrodes on single crystalline SrTiO(3) substrates with different crystallographic orientations or on top of epitaxial buffer layers on (100) silicon. The conductive perovskite electrodes and the epitaxial ferroelectric films are strongly influenced by the nature of the substrate, and bismuth-layered perovskite ferroelectric films with mixed (100), (110)- and (001)-orientations as well as with uniform (001)-, (116)- and (103)- orientations have been obtained. Structure and morphology investigations performed by X-ray diffraction analysis, scanning probe microscopy, and transmission electron microscopy reveal the different epitaxial relationships between films and substrates. A clear correlation of the crystallographic orientation of the epitaxial films with their ferroelectric properties is illustrated by macroscopic and microscopic measurements of epitaxial bismuth-layered perovskite thin films of different crystallographic orientations.

Automated image analysis for experimental investigations of salt water intrusion in coastal aquifers

A novel methodology has been developed to quantify important saltwater intrusion parameters in a sandbox style experiment using image analysis. Existing methods found in the literature are based mainly on visual observations, which are subjective, labour intensive and limits the temporal and spatial resolutions that can be analysed. A robust error analysis was undertaken to determine the optimum methodology to convert image light intensity to concentration. Results showed that defining a relationship on a pixel-wise basis provided the most accurate image to concentration conversion and allowed quantification of the width of mixing zone between the saltwater and freshwater. A large image sample rate was used to investigate the transient dynamics of saltwater intrusion, which rendered analysis by visual observation unsuitable. This paper presents the methodologies developed to minimise human input and promote autonomy, provide high resolution image to concentration conversion and allow the quantification of intrusion parameters under transient conditions.

The effect of probe interval estimation on attack detection performance of a WLAN independent intrusion detection system

A new niche of densely populated, unprotected networks is becoming more prevalent in public areas such as Shopping Malls, defined here as independent open-access networks, which have attributes that make attack detection more challenging than in typical enterprise networks. To address these challenges, new detection systems which do not rely on knowledge of internal device state are investigated here. This paper shows that this lack of state information requires an additional metric (The exchange timeout window) for detection of WLAN Denial of Service Probe Flood attacks. Variability in this metric has a significant influence on the ability of a detection system to reliably detect the presence of attacks. A parameter selection method is proposed which is shown to provide reliability and repeatability in attack detection in WLANs. Results obtained from ongoing live trials are presented that demonstrate the importance of accurately estimating probe request and probe response timeouts in future Independent Intrusion Detection Systems.

A design strategy of large grain lithium-rich layered oxides for lithium-ion batteries cathode

Li-rich materials are considered the most promising for Li-ion battery cathodes, as high capacity can be achieved. However, poor cycling stability is a critical drawback that leads to poor capacity retention. Here a strategy is used to synthesize a large-grain lithium-rich layered oxides to overcome this difficulty without sacrificing rate capability. This material is designed with micron scale grain with a width of about 300 nm and length of 1-3 μm. This unique structure has a better ability to overcome stress-induced structural collapse caused by Li-ion insertion/extraction and reduce the dissolution of Mn ions, which enable a reversible and stable capacity. As a result, this cathode material delivered a highest discharge capacity of around 308 mAh g^-1 at a current density of 30 mA g^-1 with retention of 88.3% (according to the highest discharge capacity) after 100 cycles, 190 mAh g^-1 at a current density of 300 mA g^-1 and almost no capacity fading after 100 cycles. Therefore, Lithium-rich material of large-grain structure is a promising cathode candidate in Lithium-ion batteries with high capacity and high cycle stability for application. This strategy of large grain may furthermore open the door to synthesize the other complex architectures for various applications.

Experimental Saltwater Intrusion in Coastal aquifers Using Automated Image Analysis: Applications to Homogeneous Aquifers.

This paper presents the applications of a novel methodology to quantify saltwater intrusion parameters in laboratory-scale experiments. The methodology uses an automated image analysis procedure, minimizing manual inputs and the subsequent systematic errors that can be introduced. This allowed the quantification of the width of the mixing zone which is difficult to measure in experimental methods that are based on visual observations. Glass beads of different grain sizes were tested for both steady-state and transient conditions. The transient results showed good correlation between experimental and numerical intrusion rates. The experimental intrusion rates revealed that the saltwater wedge reached a steady state condition sooner while receding than advancing. The hydrodynamics of the experimental mixing zone exhibited similar
traits; a greater increase in the width of the mixing zone was observed in the receding saltwater wedge, which indicates faster fluid velocities and higher dispersion. The angle of intrusion analysis revealed the formation of a volume of diluted saltwater at the toe position when the saltwater wedge is prompted to recede. In addition, results of different physical repeats of the experiment produced an average coefficient of variation less than 0.18 of the measured toe length and width of the mixing zone.

Contextual Intrusion Alerts for SCADA Networks

The complexity of modern SCADA networks and their associated cyber-attacks requires an expressive but flexible manner for representing both domain knowledge and collected intrusion alerts with the ability to integrate them for enhanced analytical capabilities and better understanding of attacks. This paper proposes an ontology-based approach for contextualized intrusion alerts in SCADA networks. In this approach, three security ontologies were developed to represent and store information on intrusion alerts, Modbus communications, and Modbus attack descriptions. This information is correlated into enriched intrusion alerts using simple ontology logic rules written in Semantic Query-Enhanced Web Rules (SQWRL). The contextualized alerts give analysts the means to better understand evolving attacks and to uncover the semantic relationships between sequences of individual attack events. The proposed system is illustrated by two use case scenarios.