9 resultados para attack detection
em QUB Research Portal - Research Directory and Institutional Repository for Queen's University Belfast
Resumo:
In this short paper, we present an integrated approach to detecting and mitigating cyber-attacks to modern interconnected industrial control systems. One of the primary goals of this approach is that it is cost effective, and thus whenever possible it builds on open-source security technologies and open standards, which are complemented with novel security solutions that address the specific challenges of securing critical infrastructures.
Resumo:
A new niche of densely populated, unprotected networks is becoming more prevalent in public areas such as Shopping Malls, defined here as independent open-access networks, which have attributes that make attack detection more challenging than in typical enterprise networks. To address these challenges, new detection systems which do not rely on knowledge of internal device state are investigated here. This paper shows that this lack of state information requires an additional metric (The exchange timeout window) for detection of WLAN Denial of Service Probe Flood attacks. Variability in this metric has a significant influence on the ability of a detection system to reliably detect the presence of attacks. A parameter selection method is proposed which is shown to provide reliability and repeatability in attack detection in WLANs. Results obtained from ongoing live trials are presented that demonstrate the importance of accurately estimating probe request and probe response timeouts in future Independent Intrusion Detection Systems.
Resumo:
The IDS (Intrusion Detection System) is a common means of protecting networked systems from attack or malicious misuse. The development and rollout of an IDS can take many different forms in terms of equipment, protocols, connectivity, cost and automation. This is particularly true of WIDS (Wireless Intrusion Detection Systems) which have many more opportunities and challenges associated with data transmission through an open, shared medium.
The operation of a WIDS is a multistep process from origination of an attack through to human readable evaluation. Attention to the performance of each of the processes in the chain from attack detection to evaluation is imperative if an optimum solution is to be sought. At present, research focuses very much on each discrete aspect of a WIDS with little consideration to the operation of the whole system. Taking a holistic view of the technology shows the interconnectivity and inter-dependence between stages, leading to improvements and novel research areas for investigation.
This chapter will outline the general structure of Wireless Intrusion Detection Systems and briefly describe the functions of each development stage, categorised into the following 6 areas:
• Threat Identification,
• Architecture,
• Data Collection,
• Intrusion Detection,
• Alert Correlation,
• Evaluation.
These topics will be considered in broad terms designed for those new to the area. Focus will be placed on ensuring the readers are aware of the impact of choices made at early stages in WIDS development on future stages.
Resumo:
The Intrusion Detection System (IDS) is a common means of protecting networked systems from attack or malicious misuse. The deployment of an IDS can take many different forms dependent on protocols, usage and cost. This is particularly true of Wireless Intrusion Detection Systems (WIDS) which have many detection challenges associated with data transmission through an open, shared medium, facilitated by fundamental changes at the Physical and MAC layers. WIDS need to be considered in more detail at these lower layers than their wired counterparts as they face unique challenges. The remainder of this chapter will investigate three of these challenges where WiFi deviates significantly from that of wired counterparts:
• Attacks Specific to WiFi Networks: Outlining the additional threats which WIDS must account for: Denial of Service, Encryption Bypass and AP Masquerading attacks.
• The Effect of Deployment Architecture on WIDS Performance: Demonstrating that the deployment environment of a network protected by a WIDS can influence the prioritisation of attacks.
• The Importance of Live Data in WiFi Research: Investigating the different choices for research data sources with an emphasis on encouraging live network data collection for future WiFi research.
Resumo:
DeAuthentication Denial of Service attacks in Public Access WiFi operate by exploiting the lack of authentication of management frames in the 802.11 protocol. Detection of these attacks rely almost exclusively on the selection of appropriate thresholds. In this work the authors demonstrate that there are additional, previously unconsidered, metrics which also influence DoS detection performance. A method of systematically tuning these metrics to optimal values is proposed which ensures that parameter choices are repeatable and verifiable.
Resumo:
The increased complexity and interconnectivity of Supervisory Control and Data Acquisition (SCADA) systems in the Smart Grid has exposed them to a wide range of cyber-security issues, and there are a multitude of potential access points for cyber attackers. This paper presents a SCADA-specific cyber-security test-bed which contains SCADA software and communication infrastructure. This test-bed is used to investigate an Address Resolution Protocol (ARP) spoofing based man-in-the-middle attack. Finally, the paper proposes a future work plan which focuses on applying intrusion detection and prevention technology to address cyber-security issues in SCADA systems.
Resumo:
Synchrophasor systems will play a crucial role in next generation Smart Grid monitoring, protection and control. However these systems also introduce a multitude of potential vulnerabilities from malicious and inadvertent attacks, which may render erroneous operation or severe damage. This paper proposes a Synchrophasor Specific Intrusion Detection System (SSIDS) for malicious cyber attack and unintended misuse. The SSIDS comprises a heterogeneous whitelist and behavior-based approach to detect known attack types and unknown and so-called ‘zero-day’ vulnerabilities and attacks. The paper describes reconnaissance, Man-in-the-Middle (MITM) and Denial-of-Service (DoS) attack types executed against a practical synchrophasor system which are used to validate the real-time effectiveness of the proposed SSIDS cyber detection method.
Resumo:
The increased interconnectivity and complexity of supervisory control and data acquisition (SCADA) systems in power system networks has exposed the systems to a multitude of potential vulnerabilities. In this paper, we present a novel approach for a next-generation SCADA-specific intrusion detection system (IDS). The proposed system analyzes multiple attributes in order to provide a comprehensive solution that is able to mitigate varied cyber-attack threats. The multiattribute IDS comprises a heterogeneous white list and behavior-based concept in order to make SCADA cybersystems more secure. This paper also proposes a multilayer cyber-security framework based on IDS for protecting SCADA cybersecurity in smart grids without compromising the availability of normal data. In addition, this paper presents a SCADA-specific cybersecurity testbed to investigate simulated attacks, which has been used in this paper to validate the proposed approach.
Resumo:
Threat prevention with limited security resources is a challenging problem. An optimal strategy is to eectively predict attackers' targets (or goals) based on current available information, and use such predictions to prevent (or disrupt) their planned attacks. In this paper, we propose a game-theoretic framework to address this challenge which encompasses the following three elements. First, we design a method to analyze an attacker's types in order to determine the most plausible type of an attacker. Second, we propose an approach to predict possible targets of an attack and the course of actions that the attackers may take even when the attackers' types are ambiguous. Third, a game-theoretic based strategy is developed to determine the best protection actions for defenders (security resources).
