Man-in-the-Middle Attack Test-bed Investigating Cyber-security Vulnerabilities in Smart Grid SCADA Systems

The increased complexity and interconnectivity of Supervisory Control and Data Acquisition (SCADA) systems in the Smart Grid has exposed them to a wide range of cyber-security issues, and there are a multitude of potential access points for cyber attackers. This paper presents a SCADA-specific cyber-security test-bed which contains SCADA software and communication infrastructure. This test-bed is used to investigate an Address Resolution Protocol (ARP) spoofing based man-in-the-middle attack. Finally, the paper proposes a future work plan which focuses on applying intrusion detection and prevention technology to address cyber-security issues in SCADA systems.

Whole Slide Image Cytometry: a Novel Method for the Detection and Quantification of Abnormal DNA Contents in Barrett’s Oesophagus

Background: Barrett's oesophagus (BO) is a well recognized precursor of the majority of cases of oesophageal adenocarcinoma (OAC). Endoscopic surveillance of BO patients is frequently undertaken in an attempt to detect early OAC, high grade dysplasia (HGD) or low grade dysplasia (LGD). However histological interpretation and grading of dysplasia is subjective and poorly reproducible. The alternative flow cytometry and cytology-preparation image cytometry techniques require large amounts of tissue and specialist expertise which are not widely available for frontline health care.
Methods: This study has combined whole slide imaging with DNA image cytometry, to provide a novel method for the detection and quantification of abnormal DNA contents. 20 cases were evaluated, including 8 Barrett's specialised intestinal metaplasia (SIM), 6 LGD and 6 HGD. Feulgen stained oesophageal sections (1µm thickness) were digitally scanned in their entirety and evaluated to select regions of interests and abnormalities. Barrett’s mucosa was then interactively chosen for automatic nuclei segmentation where irrelevant cell types are ignored. The combined DNA content histogram for all selected image regions was then obtained. In addition, histogram measurements, including 5c exceeding ratio (xER-5C), 2c deviation index (2cDI) and DNA grade of malignancy (DNA-MG), were computed.
Results: The histogram measurements, xER-5C, 2cDI and DNA-MG, were shown to be effective in differentiating SIM from HGD, SIM from LGD, and LGD from HGD. All three measurements discriminated SIM from HGD cases successfully with statistical significance (pxER-5C=0.0041, p2cDI=0.0151 and pDNA-MG=0.0057). Statistical significance is also achieved differentiating SIM from LGD samples with pxER-5C=0.0019, p2cDI=0.0023 and pDNA-MG=0.0030. Furthermore the differences between LGD and HGD cases are statistical significant (pxER-5C=0.0289, p2cDI=0.0486 and pDNA-MG=0.0384).
Conclusion: Whole slide image cytometry is a novel and effective method for the detection and quantification of abnormal DNA content in BO. Compared to manual histological review, this proposed method is more objective and reproducible. Compared to flow cytometry and cytology-preparation image cytometry, the current method is low cost, simple to use and only requires a single 1µm tissue section. Whole slide image cytometry could assist the routine clinical diagnosis of dysplasia in BO, which is relevant for future progression risk to OAC.

The Forgiving Graph:A distributed data structure for low stretch under adversarial attack

We consider the problem of self-healing in peer-to-peer networks that are under repeated attack by an omniscient adversary. We assume that, over a sequence of rounds, an adversary either inserts a node with arbitrary connections or deletes an arbitrary node from the network. The network responds to each such change by quick "repairs," which consist of adding or deleting a small number of edges. These repairs essentially preserve closeness of nodes after adversarial deletions,without increasing node degrees by too much, in the following sense. At any point in the algorithm, nodes v and w whose distance would have been - in the graph formed by considering only the adversarial insertions (not the adversarial deletions), will be at distance at most - log n in the actual graph, where n is the total number of vertices seen so far. Similarly, at any point, a node v whose degreewould have been d in the graph with adversarial insertions only, will have degree at most 3d in the actual graph. Our distributed data structure, which we call the Forgiving Graph, has low latency and bandwidth requirements. The Forgiving Graph improves on the Forgiving Tree distributed data structure from Hayes et al. (2008) in the following ways: 1) it ensures low stretch over all pairs of nodes, while the Forgiving Tree only ensures low diameter increase; 2) it handles both node insertions and deletions, while the Forgiving Tree only handles deletions; 3) it requires only a very simple and minimal initialization phase, while the Forgiving Tree initially requires construction of a spanning tree of the network. © Springer-Verlag 2012.

A pilot study of a family focused, psychosocial intervention with war-exposed youth at risk of attack and abduction in north-eastern Democratic Republic of Congo

Rural communities in the Haut-Uele Province of northern Democratic Republic of Congo live in constant danger of attack and/or abduction by units of the Lord's Resistance Army operating in the region. This pilot study sought to develop and evaluate a community-participative psychosocial intervention involving life skills and relaxation training and Mobile Cinema screenings with this war-affected population living under current threat. 159 war-affected children and young people (aged 7-18) from the villages of Kiliwa and Li-May in north-eastern DR Congo took part in this study. In total, 22% of participants had been abduction previously while 73% had a family member abducted. Symptoms of post-traumatic stress reactions, internalising problems, conduct problems and pro-social behaviour were assessed by blinded interviewers at pre- and post-intervention and at 3-month follow-up. Participants were randomised (with an accompanying caregiver) to 8 sessions of a group-based, community-participative, psychosocial intervention (n=79) carried out by supervised local, lay facilitators or a wait-list control group (n=80). Average seminar attendance rates were high: 88% for participants and 84% for caregivers. Drop-out was low: 97% of participants were assessed at post-intervention and 88% at 3 month follow-up. At post-test, participants reported significantly fewer symptoms of post-traumatic stress reactions compared to controls (Cohen's d=0.40). At 3 month follow up, large improvements in internalising symptoms and moderate improvements in pro-social scores were reported, with caregivers noting a moderate to large decline in conduct problems among the young people. Trial Registration clinicalTrials.gov, Identifier: NCT01542398.

PRECYSE: Cyber-attack Detection and Response for Industrial Control Systems

In this short paper, we present an integrated approach to detecting and mitigating cyber-attacks to modern interconnected industrial control systems. One of the primary goals of this approach is that it is cost effective, and thus whenever possible it builds on open-source security technologies and open standards, which are complemented with novel security solutions that address the specific challenges of securing critical infrastructures.

Digital slide viewing for primary reporting in gastrointestinal pathology: a validation study

Despite the increasing availability of digital slide viewing, and numerous advantages associated with its application, a lack of quality validation studies is amongst the reasons for poor uptake in routine practice. This study evaluated primary digital pathology reporting in the setting of routine subspecialist gastrointestinal pathology, commonplace in most tissue pathology laboratories and representing one of the highest volume specialties in most laboratories. Individual digital and glass slide diagnoses were compared amongst three pathologists reporting in a gastrointestinal subspecialty team, in a prospective series of 100 consecutive diagnostic cases from routine practice in a large teaching hospital laboratory. The study included a washout period of at least 6 months. Discordant diagnoses were classified, and the study evaluated against recent College of American Pathologists (CAP) recommendations for evaluating digital pathology systems for diagnostic use. The study design met all 12 of the CAP recommendations. The 100 study cases generated 300 pairs of diagnoses, comprising 100 glass slide diagnoses and 100 digital diagnoses from each of the three study pathologists. 286 of 300 pairs of diagnoses were concordant, representing intraobserver concordance of 95.3 %, broadly comparable to rates previously published in this field. In ten of the 14 discordant pairs, the glass slide diagnosis was favoured; in four cases, the digital diagnosis was favoured, but importantly, the 14 discordant intraobserver diagnoses were considered to be of minor clinical significance. Interobserver, or viewing modality independent, concordance was found in 94 of the total of 100 study cases, providing a comparable baseline discordance rate expected in any second viewing of pathology material. These overall results support the safe use of digital pathology in primary diagnostic reporting in this setting

The effect of probe interval estimation on attack detection performance of a WLAN independent intrusion detection system

A new niche of densely populated, unprotected networks is becoming more prevalent in public areas such as Shopping Malls, defined here as independent open-access networks, which have attributes that make attack detection more challenging than in typical enterprise networks. To address these challenges, new detection systems which do not rely on knowledge of internal device state are investigated here. This paper shows that this lack of state information requires an additional metric (The exchange timeout window) for detection of WLAN Denial of Service Probe Flood attacks. Variability in this metric has a significant influence on the ability of a detection system to reliably detect the presence of attacks. A parameter selection method is proposed which is shown to provide reliability and repeatability in attack detection in WLANs. Results obtained from ongoing live trials are presented that demonstrate the importance of accurately estimating probe request and probe response timeouts in future Independent Intrusion Detection Systems.

Mechanism of effluent attack on Portland cement and alkali activated mortars

The alkali activation of waste products has become a widespread topic of research, mainly due to environmental benefits. Portland cement and alkali-activated mortar samples were prepared to compare their resistance to silage effluent which contains lactic acid. The mechanism of attack on each sample has also been investigated.

Neural Network Based Attack on a Masked Implementation of AES

Masked implementations of cryptographic algorithms are often used in commercial embedded cryptographic devices to increase their resistance to side channel attacks. In this work we show how neural networks can be used to both identify the mask value, and to subsequently identify the secret key value with a single attack trace with high probability. We propose the use of a pre-processing step using principal component analysis (PCA) to significantly increase the success of the attack. We have developed a classifier that can correctly identify the mask for each trace, hence removing the security provided by that mask and reducing the attack to being equivalent to an attack against an unprotected implementation. The attack is performed on the freely available differential power analysis (DPA) contest data set to allow our work to be easily reproducible. We show that neural networks allow for a robust and efficient classification in the context of side-channel attacks.

Modelling Duqu 2.0 Malware using Attack Trees with Sequential Conjunction

In this paper we identify requirements for choosing a threat modelling formalisation for modelling sophisticated malware such as Duqu 2.0. We discuss the gaps in current formalisations and propose the use of Attack Trees with Sequential Conjunction when it comes to analysing complex attacks. The paper models Duqu 2.0 based on the latest information sourced from formal and informal sources. This paper provides a well structured model which can be used for future analysis of Duqu 2.0 and related attacks.

Power Spectral Density Side-Channel Attack Overlapping Window Method

Cryptographic algorithms have been designed to be computationally secure, however it has been shown that when they are implemented in hardware, that these devices leak side channel information that can be used to mount an attack that recovers the secret encryption key. In this paper an overlapping window power spectral density (PSD) side channel attack, targeting an FPGA device running the Advanced Encryption Standard is proposed. This improves upon previous research into PSD attacks by reducing the amount of pre-processing (effort) required. It is shown that the proposed overlapping window method requires less processing effort than that of using a sliding window approach, whilst overcoming the issues of sampling boundaries. The method is shown to be effective for both aligned and misaligned data sets and is therefore recommended as an improved approach in comparison with existing time domain based correlation attacks.