Gap analysis of intrusion detection in smart grids

Given the recent emergence of the smart grid and smart grid related technologies, their security is a prime concern. Intrusion detection provides a second line of defense. However, conventional intrusion detection systems (IDSs) are unable to adequately address the unique requirements of the smart grid. This paper presents a gap analysis of contemporary IDSs from a smart grid perspective. This paper highlights the lack of adequate intrusion detection within the smart grid and discusses the limitations of current IDSs approaches. The gap analysis identifies current IDSs as being unsuited to smart grid application without significant changes to address smart grid specific requirements.

Data preprocessing for anomaly based network intrusion detection : a review

Data preprocessing is widely recognized as an important stage in anomaly detection. This paper reviews the data preprocessing techniques used by anomaly-based network intrusion detection systems (NIDS), concentrating on which aspects of the network traffic are analyzed, and what feature construction and selection methods have been used. Motivation for the paper comes from the large impact data preprocessing has on the accuracy and capability of anomaly-based NIDS. The review finds that many NIDS limit their view of network traffic to the TCP/IP packet headers. Time-based statistics can be derived from these headers to detect network scans, network worm behavior, and denial of service attacks. A number of other NIDS perform deeper inspection of request packets to detect attacks against network services and network applications. More recent approaches analyze full service responses to detect attacks targeting clients. The review covers a wide range of NIDS, highlighting which classes of attack are detectable by each of these approaches. Data preprocessing is found to predominantly rely on expert domain knowledge for identifying the most relevant parts of network traffic and for constructing the initial candidate set of traffic features. On the other hand, automated methods have been widely used for feature extraction to reduce data dimensionality, and feature selection to find the most relevant subset of features from this candidate set. The review shows a trend toward deeper packet inspection to construct more relevant features through targeted content parsing. These context sensitive features are required to detect current attacks.

Elaborated intrusion theory : a cognitive-emotional theory of food craving

A clear understanding of the cognitive-emotional processes underpinning desires to overconsume foods and adopt sedentary lifestyles can inform the development of more effective interventions to promote healthy eating and physical activity. The Elaborated Intrusion Theory of Desires offers a framework that can help in this endeavor through its emphases on the roles of intrusive thoughts and elaboration of multisensory imagery. There is now substantial evidence that tasks that compete for limited working memory resources with food-related imagery can reduce desires to eat that food, and that positive imagery can promote functional behavior. Meditation mindfulness can also short-circuit elaboration of dysfunctional cognition. Functional Decision Making is an approach that applies laboratory-based research on desire, to provide a motivational intervention to establish and entrench behavior changes, so healthy eating and physical activity become everyday habits.

Collaborative intrusion detection framework : characteristics, adversarial opportunities and countermeasures

Complex Internet attacks may come from multiple sources, and target multiple networks and technologies. Nevertheless, Collaborative Intrusion Detection Systems (CIDS) emerges as a promising solution by using information from multiple sources to gain a better understanding of objective and impact of complex Internet attacks. CIDS also help to cope with classical problems of Intrusion Detection Systems (IDS) such as zero-day attacks, high false alarm rates and architectural challenges, e. g., centralized designs exposing the Single-Point-of-Failure. Improved complexity on the other hand gives raise to new exploitation opportunities for adversaries. The contribution of this paper is twofold. We first investigate related research on CIDS to identify the common building blocks and to understand vulnerabilities of the Collaborative Intrusion Detection Framework (CIDF). Second, we focus on the problem of anonymity preservation in a decentralized intrusion detection related message exchange scheme. We use techniques from design theory to provide multi-path peer-to-peer communication scheme where the adversary can not perform better than guessing randomly the originator of an alert message.

Framework for evaluating collaborative intrusion detection systems

Securing IT infrastructures of our modern lives is a challenging task because of their increasing complexity, scale and agile nature. Monolithic approaches such as using stand-alone firewalls and IDS devices for protecting the perimeter cannot cope with complex malwares and multistep attacks. Collaborative security emerges as a promising approach. But, research results in collaborative security are not mature, yet, and they require continuous evaluation and testing. In this work, we present CIDE, a Collaborative Intrusion Detection Extension for the network security simulation platform ( NeSSi 2 ). Built-in functionalities include dynamic group formation based on node preferences, group-internal communication, group management and an approach for handling the infection process for malware-based attacks. The CIDE simulation environment provides functionalities for easy implementation of collaborating nodes in large-scale setups. We evaluate the group communication mechanism on the one hand and provide a case study and evaluate our collaborative security evaluation platform in a signature exchange scenario on the other.

Decentralized detector generation in cooperative intrusion detection system

We consider Cooperative Intrusion Detection System (CIDS) which is a distributed AIS-based (Artificial Immune System) IDS where nodes collaborate over a peer-to-peer overlay network. The AIS uses the negative selection algorithm for the selection of detectors (e.g., vectors of features such as CPU utilization, memory usage and network activity). For better detection performance, selection of all possible detectors for a node is desirable but it may not be feasible due to storage and computational overheads. Limiting the number of detectors on the other hand comes with the danger of missing attacks. We present a scheme for the controlled and decentralized division of detector sets where each IDS is assigned to a region of the feature space. We investigate the trade-off between scalability and robustness of detector sets. We address the problem of self-organization in CIDS so that each node generates a distinct set of the detectors to maximize the coverage of the feature space while pairs of nodes exchange their detector sets to provide a controlled level of redundancy. Our contribution is twofold. First, we use Symmetric Balanced Incomplete Block Design, Generalized Quadrangles and Ramanujan Expander Graph based deterministic techniques from combinatorial design theory and graph theory to decide how many and which detectors are exchanged between which pair of IDS nodes. Second, we use a classical epidemic model (SIR model) to show how properties from deterministic techniques can help us to reduce the attack spread rate.

Teams rather than individuals : collaborative intrusion detection

We propose CIMD (Collaborative Intrusion and Malware Detection), a scheme for the realization of collaborative intrusion detection approaches. We argue that teams, respectively detection groups with a common purpose for intrusion detection and response, improve the measures against malware. CIMD provides a collaboration model, a decentralized group formation and an anonymous communication scheme. Participating agents can convey intrusion detection related objectives and associated interests for collaboration partners. These interests are based on intrusion objectives and associated interests for collaboration partners. These interests are based on intrusion detection related ontology, incorporating network and hardware configurations and detection capabilities. Anonymous Communication provided by CIMD allows communication beyond suspicion, i.e. the adversary can not perform better than guessing an IDS to be the source of a message at random. The evaluation takes place with the help of NeSSi² (www.nessi2.de), the Network Security Simulator, a dedicated environment for analysis of attacks and countermeasures in mid-scale and large-scale networks. A CIMD prototype is being built based on the JIAC agent framework(www.jiac.de).

Modelling sea water intrusion in coastal aquifers using heterogeneous computing

The objective of this PhD research program is to investigate numerical methods for simulating variably-saturated flow and sea water intrusion in coastal aquifers in a high-performance computing environment. The work is divided into three overlapping tasks: to develop an accurate and stable finite volume discretisation and numerical solution strategy for the variably-saturated flow and salt transport equations; to implement the chosen approach in a high performance computing environment that may have multiple GPUs or CPU cores; and to verify and test the implementation. The geological description of aquifers is often complex, with porous materials possessing highly variable properties, that are best described using unstructured meshes. The finite volume method is a popular method for the solution of the conservation laws that describe sea water intrusion, and is well-suited to unstructured meshes. In this work we apply a control volume-finite element (CV-FE) method to an extension of a recently proposed formulation (Kees and Miller, 2002) for variably saturated groundwater flow. The CV-FE method evaluates fluxes at points where material properties and gradients in pressure and concentration are consistently defined, making it both suitable for heterogeneous media and mass conservative. Using the method of lines, the CV-FE discretisation gives a set of differential algebraic equations (DAEs) amenable to solution using higher-order implicit solvers. Heterogeneous computer systems that use a combination of computational hardware such as CPUs and GPUs, are attractive for scientific computing due to the potential advantages offered by GPUs for accelerating data-parallel operations. We present a C++ library that implements data-parallel methods on both CPU and GPUs. The finite volume discretisation is expressed in terms of these data-parallel operations, which gives an efficient implementation of the nonlinear residual function. This makes the implicit solution of the DAE system possible on the GPU, because the inexact Newton-Krylov method used by the implicit time stepping scheme can approximate the action of a matrix on a vector using residual evaluations. We also propose preconditioning strategies that are amenable to GPU implementation, so that all computationally-intensive aspects of the implicit time stepping scheme are implemented on the GPU. Results are presented that demonstrate the efficiency and accuracy of the proposed numeric methods and formulation. The formulation offers excellent conservation of mass, and higher-order temporal integration increases both numeric efficiency and accuracy of the solutions. Flux limiting produces accurate, oscillation-free solutions on coarse meshes, where much finer meshes are required to obtain solutions with equivalent accuracy using upstream weighting. The computational efficiency of the software is investigated using CPUs and GPUs on a high-performance workstation. The GPU version offers considerable speedup over the CPU version, with one GPU giving speedup factor of 3 over the eight-core CPU implementation.

Creating gold nanoprisms directly on quartz crystal microbalance electrodes for mercury vapor sensing

A novel electrochemical route is used to form highly {111}-oriented and size-controlled Au nanoprisms directly onto the electrodes of quartz crystal microbalances (QCMs) which are subsequently used as mercury vapor sensors. The Au nanoprism loaded QCM sensors exhibited excellent response–concentration linearity with a response enhancement of up to ~ 800% over a non-modified sensor at an operating temperature of 28 °C. The increased surface area and atomic-scale features (step/defect sites) introduced during the growth of nanoprisms are thought to play a significant role in enhancing the sensing properties of the Au nanoprisms toward Hg vapor. The sensors are shown to have excellent Hg sensing capabilities in the concentration range of 0.123–1.27 ppmv (1.02–10.55 mg m − 3), with a detection limit of 2.4 ppbv (0.02 mg m − 3) toward Hg vapor when operating at 28 °C, and 17 ppbv (0.15 mg m − 3) at 89 °C, making them potentially useful for air monitoring applications or for monitoring the efficiency of Hg emission control systems in industries such as mining and waste incineration. The developed sensors exhibited excellent reversible behavior (sensor recovery) within 1 h periods, and crucially were also observed to have high selectivity toward Hg vapor in the presence of ethanol, ammonia and humidity, and excellent long-term stability over a 33 day operating period.

Intrusion detection in distributed systems, an approach based on taint marking

This paper presents a new framework for distributed intrusion detection based on taint marking. Our system tracks information flows between applications of multiple hosts gathered in groups (i.e., sets of hosts sharing the same distributed information flow policy) by attaching taint labels to system objects such as files, sockets, Inter Process Communication (IPC) abstractions, and memory mappings. Labels are carried over the network by tainting network packets. A distributed information flow policy is defined for each group at the host level by labeling information and defining how users and applications can legally access, alter or transfer information towards other trusted or untrusted hosts. As opposed to existing approaches, where information is most often represented by two security levels (low/high, public/private, etc.), our model identifies each piece of information within a distributed system, and defines their legal interaction in a fine-grained manner. Hosts store and exchange security labels in a peer to peer fashion, and there is no central monitor. Our IDS is implemented in the Linux kernel as a Linux Security Module (LSM) and runs standard software on commodity hardware with no required modification. The only trusted code is our modified operating system kernel. We finally present a scenario of intrusion in a web service running on multiple hosts, and show how our distributed IDS is able to report security violations at each host level.

Genotoxicity of inorganic mercury salts based on disturbed microtubule function

This study investigated the hypothesis that the chromosomal genotoxicity of inorganic mercury results from interaction(s) with cytoskeletal proteins. Effects of Hg2+ salts on functional activities of tubulin and kinesin were investigated by determining tubulin assembly and kinesin-driven motility in cell-free systems. Hg2+ inhibits microtubule assembly at concentrations above 1 μM, and inhibition is complete at about 10 μM. In this range, the tubulin assembly is fully (up to 6 μM) or partially (∼6-10 μM) reversible. The inhibition of tubulin assembly by mercury is independent of the anion, chloride or nitrate. The no-observed-effect- concentration for inhibition of microtubule assembly in vitro was 1 μM Hg2+, the IC50 5.8 μM. Mercury(II) salts at the IC 50 concentrations partly inhibiting tubulin assembly did not cause the formation of aberrant microtubule structures. Effects of mercury salts on the functionality of the microtubule motility apparatus were studied with the motor protein kinesin. By using a "gliding assay" mimicking intracellular movement and transport processes in vitro, HgCl2 affected the gliding velocity of paclitaxel-stabilised microtubules in a clear dose-dependent manner. An apparent effect is detected at a concentration of 0.1 μM and a complete inhibition is reached at 1 μM. Cytotoxicity of mercury chloride was studied in V79 cells using neutral red uptake, showing an influence above 17 μM HgCl2. Between 15 and 20 μM HgCl2 there was a steep increase in cell toxicity. Both mercury chloride and mercury nitrate induced micronuclei concentration-dependently, starting at concentrations above 0.01 μM. CREST analyses on micronuclei formation in V79 cells demonstrated both clastogenic (CREST-negative) and aneugenic effects of Hg2+, with some preponderance of aneugenicity. A morphological effect of high Hg2+ concentrations (100 μM HgCl2) on the microtubule cytoskeleton was verified in V79 cells by immuno-fluorescence staining. The overall data are consistent with the concept that the chromosomal genotoxicity could be due to interaction of Hg2+ with the motor protein kinesin mediating cellular transport processes. Interactions of Hg 2+ with the tubulin shown by in vitro investigations could also partly influence intracellular microtubule functions leading, together with the effects on the kinesin, to an impaired chromosome distribution as shown by the micronucleus test.

Disturbed microtubule function and induction of micronuclei by chelate complexes of mercury(II)

Interactions of mercury(II) with the microtubule network of cells may lead to genotoxicity. Complexation of mercury(II) with EDTA is currently being discussed for its employment in detoxification processes of polluted sites. This prompted us to re-evaluate the effects of such complexing agents on certain aspects of mercury toxicity, by examining the influences of mercury(II) complexes on tubulin assembly and kinesin-driven motility of microtubules. The genotoxic effects were studied using the micronucleus assay in V79 Chinese hamster fibroblasts. Mercury(II) complexes with EDTA and related chelators interfered dose-dependently with tubulin assembly and microtubule motility in vitro. The no-effect-concentration for assembly inhibition was 1 μM of complexed Hg(II), and for inhibition of motility it was 0.05 μM, respectively. These findings are supported on the genotoxicity level by the results of the micronucleus assay, with micronuclei being induced dose-dependently starting at concentrations of about 0.05 μM of complexed Hg(II). Generally, the no-effect-concentrations for complexed mercury(II) found in the cell-free systems and in cellular assays (including the micronucleus test) were identical with or similar to results for mercury tested in the absence of chelators. This indicates that mercury(II) has a much higher affinity to sulfhydryls of cytoskeletal proteins than to this type of complexing agents. Therefore, the suitability of EDTA and related compounds for remediation of environmental mercury contamination or for other detoxification purposes involving mercury has to be questioned.

Gold nanospikes based microsensor as a highly accurate mercury emission monitoring system

Anthropogenic elemental mercury (Hg0) emission is a serious worldwide environmental problem due to the extreme toxicity of the heavy metal to humans, plants and wildlife. Development of an accurate and cheap microsensor based online monitoring system which can be integrated as part of Hg0 removal and control processes in industry is still a major challenge. Here, we demonstrate that forming Au nanospike structures directly onto the electrodes of a quartz crystal microbalance (QCM) using a novel electrochemical route results in a self-regenerating, highly robust, stable, sensitive and selective Hg0 vapor sensor. The data from a 127 day continuous test performed in the presence of volatile organic compounds and high humidity levels, showed that the sensor with an electrodeposted sensitive layer had 260% higher response magnitude, 3.4 times lower detection limit (,22 mg/m3 or ,2.46 ppbv) and higher accuracy (98% Vs 35%) over a Au control based QCM (unmodified) when exposed to a Hg0 vapor concentration of 10.55 mg/m3 at 1016C. Statistical analysis of the long term data showed that the nano-engineered Hg0 sorption sites on the developed Au nanospikes sensitive layer play a critical role in the enhanced sensitivity and selectivity of the developed sensor towards Hg0 vapor.