Leandros A. Maglaras

Intrusion detection in SCADA systems using machine learning techniques

In this paper we present a intrusion detection module capable of detecting malicious network traffic in a SCADA (Supervisory Control and Data Acquisition) system. Malicious data in a SCADA system disrupt its correct functioning and tamper with its normal operation. OCSVM (One-Class Support Vector Machine) is an intrusion detection mechanism that does not need any labeled data for training or any information about the kind of anomaly is expecting for the detection process. This feature makes it ideal for processing SCADA environment data and automate SCADA performance monitoring. The OCSVM module developed is trained by network traces off line and detect anomalies in the system real time. The module is part of an IDS (Intrusion Detection System) system developed under CockpitCI project and communicates with the other parts of the system by the exchange of IDMEF (Intrusion Detection Message Exchange Format) messages that carry information about the source of the incident, the time and a classification of the alarm.

Distributed clustering in vehicular networks

Clustering in vanets is of crucial importance in order to cope with the dynamic features of the vehicular topologies. Algorithms that give good results in Manets fail to create stable clusters since vehicular nodes are characterized by their high mobility and the different mobility patterns that even nodes in proximity may follow. In this paper, we propose a distributed clustering algorithm which forms stable clusters based on force directed algorithms. The simulation results show that our Spring-Clustering (Sp-Cl) scheme has stable performance in randomly generated scenarios on a highway. It forms lesser clusters than Lowest-ID and it is better in terms of Cluster stability compared to Lowest-ID and LPG algorithms in the same scenarios.

Security and Privacy in Fog Computing: Challenges

Fog computing paradigm extends the storage, networking, and computing facilities of the cloud computing toward the edge of the networks while offloading the cloud data centers and reducing service latency to the end users. However, the characteristics of fog computing arise new security and privacy challenges. The existing security and privacy measurements for cloud computing cannot be directly applied to the fog computing due to its features, such as mobility, heterogeneity, and large-scale geo-distribution. This paper provides an overview of existing security and privacy concerns, particularly for the fog computing. Afterward, this survey highlights ongoing research effort, open challenges, and research trends in privacy and security issues for fog computing.

Combining ensemble methods and social network metrics for improving accuracy of OCSVM on intrusion detection in SCADA systems

Abstract Modern Supervisory Control and Data Acquisition (SCADA) systems used by the electric utility industry to monitor and control electric power generation, transmission and distribution are recognized today as critical components of the electric power delivery infrastructure. SCADA systems are large, complex and incorporate increasing numbers of widely distributed components. The presence of a real time intrusion detection mechanism, which can cope with different types of attacks, is of great importance in order to defend a system against cyber attacks. This defense mechanism must be distributed, cheap and above all accurate, since false positive alarms or mistakes regarding the origin of the intrusion mean severe costs for the system. Recently an integrated detection mechanism, namely IT-OCSVM, was proposed, which is distributed in a SCADA network as a part of a distributed intrusion detection system (DIDS), providing accurate data about the origin and the time of an intrusion. In this paper we also analyze the architecture of the integrated detection mechanism and we perform extensive simulations based on real cyber attacks in a small SCADA testbed in order to evaluate the performance of the proposed mechanism.

A Cybersecurity Detection Framework for Supervisory Control and Data Acquisition Systems

This paper presents a distributed intrusion detection system (DIDS) for supervisory control and data acquisition (SCADA) industrial control systems, which was developed for the CockpitCI project. Its architecture was designed to address the specific characteristics and requirements for SCADA cybersecurity that cannot be adequately fulfilled by techniques from the information technology world, thus requiring a domain-specific approach. DIDS components are described in terms of their functionality, operation, integration, and management. Moreover, system evaluation and validation are undertaken within an especially designed hybrid testbed emulating the SCADA system for an electrical distribution grid.

Social internet of vehicles for smart cities

Digital devices are becoming increasingly ubiquitous and interconnected. Their evolution to intelligent parts of a digital ecosystem creates novel applications with so far unresolved security issues. A particular example is a vehicle. As vehicles evolve from simple means of transportation to smart entities with new sensing and communication capabilities, they become active members of a smart city. The Internet of Vehicles (IoV) consists of vehicles that communicate with each other and with public networks through V2V (vehicle-to-vehicle), V2I (vehicle-to-infrastructure) and V2P (vehicle-to-pedestrian) interactions, which enables both the collection and the real-time sharing of critical information about the condition on the road network. The Social Internet of Things (SIoT) introduces social relationships among objects, creating a social network where the participants are not humans, but intelligent objects. In this article, we explore the concept of the Social Internet of Vehicles (SIoV), a network that enables social interactions both among vehicles and among drivers. We discuss technologies and components of the SIoV, possible applications and issues of security, privacy and trust that are likely to arise.

Human behaviour as an aspect of cybersecurity assurance

There continue to be numerous breaches publicised pertaining to cybersecurity despite security practices being applied within industry for many years. This paper is intended to be the first in a number of papers as research into cybersecurity assurance processes. This paper is compiled based on current research related to cybersecurity assurance and the impact of the human element on it. The objective of this work is to identify elements of cybersecurity that would benefit from further research and development based on the literature review findings. The results outlined in this paper present a need for the cybersecurity field to look in to established industry areas to benefit from effective practices such as human reliability assessment, along with improved methods of validation such as statistical quality control in order to obtain true assurance. The paper proposes the development of a framework that will be based upon defined and repeatable quantification, specifically relating to the range of human aspect tasks that provide or are intended not to negatively affect cybersecurity assurance. Copyright

New measures for characterizing the significance of nodes in wireless ad hoc networks via localized path-based neighborhood analysis

The synergy between social network analysis and wireless ad hoc network protocol design has recently created increased interest for developing methods and measures that capture the topological characteristics of a wireless network. Such techniques are used for the design of routing and multicasting protocols, for cooperative caching purposes and so on. These techniques are mandatory to characterize the network topology using only limited, local connectivity information—one or two hop information. Even though it seems that such techniques can straightforwardly be derived from the respective network-wide techniques, their design presents significant challenges since they must capture rich information using limited knowledge. This article examines the issue of finding the most central nodes in neighborhoods of a given network with directed or undirected links taking into account only localized connectivity information. An algorithm that calculates the ranking, taking into account the N-hop neighborhood of each node is proposed. The method is compared to popular existing schemes for ranking, using Spearman’s rank correlation coefficient. An extended, faster algorithm which reduces the size of the examined network is also described.

Social Clustering of Vehicles Based on Semi-Markov Processes

Vehicle clustering is a crucial network management task for vehicular networks to address the broadcast storm problem and to cope with the rapidly changing network topology. Developing algorithms that create stable clusters is a very challenging procedure because of the highly dynamic moving patterns of vehicles and the dense topology. Previous approaches to vehicle clustering have been based on either topology-agnostic features, such as vehicle IDs or hard-to-set parameters, or have exploited very limited knowledge of vehicle trajectories. This paper develops a pair of algorithms, namely, sociological pattern clustering (SPC) and route stability clustering (RSC), the latter being a specialization of the former that exploits, for the first time in the relevant literature, the “social behavior” of vehicles, i.e., their tendency to share the same/similar routes. Both methods exploit the historic trajectories of vehicles gathered by roadside units located in each subnetwork of a city and use the recently introduced clustering primitive of virtual forces. The mobility, i.e., mobile patterns of each vehicle, is modeled as semi-Markov processes. To assess the performance of the proposed clustering algorithms, we performed a detailed experimentation by simulation to compare its behavior with that of high-performance state-of-the-art algorithms, namely, the Low-Id, DDVC, and MPBC protocols. The comparison involved the investigation of the impact of a range of parameters on the performance of the protocols, including vehicle speed and transmission range, as well as the existence and strength of social patterns, for both urban and highway-like environments. All of the received results attested to the superiority of the proposed algorithms for creating stable and meaningful clusters.

Privacy-Preserving Schemes for Ad Hoc Social Networks: A Survey

We review the state of the art of privacy-preserving schemes for ad hoc social networks including mobile social networks (MSNs) and vehicular social networks (VSNs). Specifically, we select and examine in-detail 33 privacy-preserving schemes developed for or applied in the context of ad hoc social networks. Based on novel schemes published between 2008 and 2016, we survey privacy preservation models including location privacy, identity privacy, anonymity, traceability, interest privacy, backward privacy, and content oriented privacy. Recent significant attacks of leaking privacy, countermeasures, and game theoretic approaches in VSNs and MSNs are summarized in the form of tables. In addition, an overview of recommendations for further research is provided. With this survey, readers can acquire a thorough understanding of research trends in privacy-preserving schemes for ad hoc social networks.