- Iñaki Garitano
Research Item (6)
In the last years, cyber security of Industrial Control Systems (ICSs) has become an important issue due to the discovery of sophisticated malware that by attacking Critical Infrastructures, could cause catastrophic safety results. Researches have been developing countermeasures to enhance cyber security for pre-Internet era systems, which are extremely vulnerable to threats. This paper presents the potential opportunities that Software Defined Networking (SDN) provides for the security enhancement of Industrial Control Networks. SDN permits a high level of configuration of a network by the separation of control and data planes. In this work, we describe the affinities between SDN and ICSs and we discuss about implementation strategies.
- Jun 2018
- Hybrid Artificial Intelligent Systems
In the same manner that Online Social Networks (OSN) usage increases, non-legitimate campaigns over these types of web services are growing. This is the reason why significant number of users are affected by social spam every day and therefore, their privacy is threatened. To deal with this issue in this study we focus on mood analysis, among all content-based analysis techniques. We demonstrate that using this technique social spam filtering results are improved. First, the best spam filtering classifiers are identified using a labeled dataset consisting of Youtube comments, including spam. Then, a new dataset is created adding the mood feature to each comment, and the best classifiers are applied to it. A comparison between obtained results with and without mood information shows that this feature can help to improve social spam filtering results: the best accuracy is improved in two different datasets, and the number of false positives is reduced 13.76% and 11.41% on average. Moreover, the results are validated carrying out the same experiment but using a different dataset.
Industrial Networks (INs) are widespread environments where heterogeneous devices collaborate to control and monitor physical processes. Some of the controlled processes belong to Critical Infrastructures (CIs), and, as such, IN protection is an active research field. Among different types of security solutions, IN Anomaly Detection Systems (ADSs) have received wide attention from the scientific community. While INs have grown in size and in complexity, requiring the development of novel, Big Data solutions for data processing, IN ADSs have not evolved at the same pace. In parallel, the development of Big Data frameworks such as Hadoop or Spark has led the way for applying Big Data Analytics to the field of cyber-security, mainly focusing on the Information Technology (IT) domain. However, due to the particularities of INs, it is not feasible to directly apply IT security mechanisms in INs, as IN ADSs face unique characteristics. In this work we introduce three main contributions. First, we survey the area of Big Data ADSs that could be applicable to INs and compare the surveyed works. Second, we develop a novel taxonomy to classify existing IN-based ADSs. And, finally, we present a discussion of open problems in the field of Big Data ADSs for INs that can lead to further development.
Process Control Systems (PCSs) are the operating core of Critical Infrastructures (CIs). As such, anomaly detection has been an active research field to ensure CI normal operation. Previous approaches have leveraged network level data for anomaly detection, or have disregarded the existence of process disturbances, thus opening the possibility of mislabelling disturbances as attacks and vice versa. In this paper we present an anomaly detection and diagnostic system based on Multivariate Statistical Process Control (MSPC), that aims to distinguish between attacks and disturbances. For this end, we expand traditional MSPC to monitor process level and controller level data. We evaluate our approach using the Tennessee-Eastman process. Results show that our approach can be used to distinguish disturbances from intrusions to a certain extent and we conclude that the proposed approach can be extended with other sources of data for improving results.
- Jan 2012
- XII Spanish Meeting on Cryptology and Information Security (RECSI 2012)
- Spanish Meeting on Cryptology and Information Security
n this work a comparison of the SURF and MU-SURF feature descriptor vectors is made. First, the descriptors’ performance is evaluated using a standard data set of general transformed images. This evaluation consists in counting correspondences and correct matches between ten image pairs. Image pairs have different transformations (rotation, scale change, viewpoint change, blur, JPEG compression and illumination change) in order to evaluate the descriptors in different environments. The second test evaluates the descriptors’ suitability for tattoo matching. In this case, one hundred randomly chosen transformed tattoo images are matched against a database of ten thousand images. The transformations include rotation change, RGB noise and cropped images. Non-transformed images are also evaluated. In both tests, the descriptors represent the interest points previously detected and stored into a file by the same detector, to ensure the validity of the test. Results show that the newer and modified version of the SURF descriptor, MU-SURF, performs better than its counterpart and it is suitable for tattoo matching.