Multidimensional Intrusion Detection System for IEC 61850 based SCADA Networks

Emerging cybersecurity vulnerabilities in supervisory control and data acquisition (SCADA) systems are becoming urgent engineering issues for modern substations. This paper proposes a novel intrusion detection system (IDS) tailored for cybersecurity of IEC 61850 based substations. The proposed IDS integrates physical knowledge, protocol specifications and logical behaviours to provide a comprehensive and effective solution that is able to mitigate various cyberattacks. The proposed approach comprises access control detection, protocol whitelisting, model-based detection, and multi-parameter based detection. This SCADA-specific IDS is implemented and validated using a comprehensive and realistic cyber-physical test-bed and data from a real 500kV smart substation.

Feature Selection for Anomaly Detection Using Optical Emission Spectroscopy

To maintain the pace of development set by Moore's law, production processes in semiconductor manufacturing are becoming more and more complex. The development of efficient and interpretable anomaly detection systems is fundamental to keeping production costs low. As the dimension of process monitoring data can become extremely high anomaly detection systems are impacted by the curse of dimensionality, hence dimensionality reduction plays an important role. Classical dimensionality reduction approaches, such as Principal Component Analysis, generally involve transformations that seek to maximize the explained variance. In datasets with several clusters of correlated variables the contributions of isolated variables to explained variance may be insignificant, with the result that they may not be included in the reduced data representation. It is then not possible to detect an anomaly if it is only reflected in such isolated variables. In this paper we present a new dimensionality reduction technique that takes account of such isolated variables and demonstrate how it can be used to build an interpretable and robust anomaly detection system for Optical Emission Spectroscopy data.

Experimental evaluation of the response of micro-channel plate detector to ions with 10s of MeV energies

The absolute calibration of a microchannel plate (MCP) assembly using a Thomson spectrometer for laser-driven ion beams is described. In order to obtain the response of the whole detection system to the particles’ impact, a slotted solid state nuclear track detector (CR-39) was installed in front of the MCP to record the ions simultaneously on both detectors. The response of the MCP (counts/particles) was measured for 5–58 MeV carbon ions and for protons in the energy range2–17.3 MeV. The response of the MCP detector is non-trivial when the stopping range of particles becomes larger than the thickness of the detector. Protons with energiesE>~ 10 MeV are energetic enough that they can pass through the MCP detector. Quantitative analysis of the pits formed in CR-39 and the signal generated in the MCP allowed to determine the MCP response to particles in this energy range. Moreover, a theoretical model allows to predict the response of MCP at even higher proton energies. This suggests that in this regime the MCP response is a slowly decreasing function of energy, consistently with the decrease of the deposited energy. These calibration data will enable particle spectra to be obtained in absolute terms over a broad energy range.

Early warning systems for cyber defence

Cybercriminals ramp up their efforts with sophisticated techniques while defenders gradually update their typical security measures. Attackers often have a long-term interest in their targets. Due to a number of factors such as scale, architecture and nonproductive traffic however it makes difficult to detect them using typical intrusion detection techniques. Cyber early warning systems (CEWS) aim at alerting such attempts in their nascent stages using preliminary indicators. Design and implementation of such systems involves numerous research challenges such as generic set of indicators, intelligence gathering, uncertainty reasoning and information fusion. This paper discusses such challenges and presents the reader with compelling motivation. A carefully deployed empirical analysis using a real world attack scenario and a real network traffic capture is also presented.