No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Intelligent Automation Using Machine and Deep Learning in Cybersecurity of Industrial IoT: CCTV Security and DDoS Attack Detection
Abstract
Artificial intelligence is making significant changes in industrial internet of things (IIoT). Particularly, machine and deep learning architectures are now used for cybersecurity in smart factories, smart homes, and smart cities. Using advanced mathematical models and algorithms more intelligent protection strategies should be developed. Hacking of IP surveillance camera systems and Closed-Circuit TV (CCTV) vulnerabilities represent typical example where cyber attacks can make severe damage to physical and other Industrial Control Systems (ICS). This chapter analyzes the possibilities to provide better protection of video surveillance systems and communication networks. The authors review solutions related to migrating machine learning based inference towards edge and smart client devices, as well as methods for DDoS (Distributed Denial of Service) intelligent detection, where DDoS attack is recognized as one of the primary concerns in cybersecurity.
... The analysis of cybersecurity policies of individual countries was conducted in: A comparative analysis of the structure, methodologies, and applications of the most well-known international cybersecurity indices was conducted in Koong and Yunis (2015), Voronenko (2018) and Kravets (2019). The application of machine learning and artificial intelligence (AI) methods to assess, model, and provide cybersecurity is discussed in Solozhentsev and Karasev (2015), Kolini and Janczewski (2017), Babenko and Perevosova (2019), Roopak et al. (2019), Moustafa (2019), Ullah et al. (2019), Choo et al. (2020), Boukerche and Coutinho (2020), Chesney et al. (2020), Gavrovska and Samčović (2020), Gupta and Quamara (2020), Liu et al. (2020), Kaminskyi et al. (2020), Kiv et al. (2020), Mahdavifar and Ghorbani (2020), Miranda-Calle et al. (2021), Barbulescu (2021) and Voronenko et al. (2021). ...
2020 witnessed significant changes in the policies, activities and the plans on the level of governments and companies as well as individuals. While the COVID-19 pandemic exposed the increasing threats and weaknesses, it allowed for new opportunities. New proper measures must be taken to increase cybersecurity, especially that impact of the pandemic is going to have long-term ripples and effects. In this article, the structure of indicators included in the calculation of the National Cyber Security Index is studied and the distribution of the National Cyber Security Index across income groups analysed. In addition to that, the assessment of the efficiency of using resources to ensure national cybersecurity and studies of the impact of COVID-19 on the level of national cybersecurity displayed. Finally, recommendations are giving to improve cybersecurity during and after a pandemic.
Recently, deep learning has been successfully applied to network security assessments and intrusion detection systems (IDSs) with various breakthroughs such as using Convolutional Neural Networks (CNN) and Long Short-Term Memory (LSTM) to classify malicious traffic. However, these state-of-the-art systems also face tremendous challenges to satisfy real-time analysis requirements due to the major delay of the flow-based data preprocessing, i.e., requiring time for accumulating the packets into particular flows and then extracting features. If detecting malicious traffic can be done at the packet level, detecting time will be significantly reduced, which makes the online real-time malicious traffic detection based on deep learning technologies become very promising. With the goal of accelerating the whole detection process by considering a packet level classification, which has not been studied in the literature, in this research, we propose a novel approach in building the malicious classification system with the primary support of word embedding and the LSTM model. Specifically, we propose a novel word embedding mechanism to extract packet semantic meanings and adopt LSTM to learn the temporal relation among fields in the packet header and for further classifying whether an incoming packet is normal or a part of malicious traffic. The evaluation results on ISCX2012, USTC-TFC2016, IoT dataset from Robert Gordon University and IoT dataset collected on our Mirai Botnet show that our approach is competitive to the prior literature which detects malicious traffic at the flow level. While the network traffic is booming year by year, our first attempt can inspire the research community to exploit the advantages of deep learning to build effective IDSs without suffering significant detection delay.
Bidirectional communication infrastructure of smart systems, such as smart grids, are vulnerable to network attacks like distributed denial of services (DDoS) and can be a major concern in the present competitive market. In DDoS attack, multiple compromised nodes in a communication network flood connection requests, bogus data packets or incoming messages to targets like database servers, resulting in denial of services for legitimate users. Recently, machine learning based techniques have been explored by researchers to secure the network from DDoS attacks. Under different attack scenarios on a system, measurements can be observed either in an online manner or batch mode and can be used to build predictive learning systems. In this work, we propose an efficient DDoS attack detection technique based on multilevel auto-encoder based feature learning. We learn multiple levels of shallow and deep auto-encoders in an unsupervised manner which are then used to encode the training and test data for feature generation. A final unified detection model is then learned by combining the multilevel features using and efficient Multiple Kernel Learning (MKL) algorithm. We perform experiments on two benchmark DDoS attack databases and their subsets and compare the results with six recent methods. Results show that the proposed method outperforms the compared methods in terms of prediction accuracy.
Internet-of-things has emerged out as an important invention towards employing the tremendous power of wireless media in the real world. We can control our surroundings by interacting with numerous smart applications running independently on different platforms, almost everywhere in the world. IoT, with such a ubiquitous popularity often serve itself as a potential platform for escalating malicious entities. These entities get an access to the legitimate devices by exploiting IoT vulnerabilities which results from several constraints like limited resources, weaker security, etc. and can further take form of various attacks. Distributed Denial-of-service (DDoS) in IoT network is an attack which targets the availability of the servers by flooding the communication channel with impersonated requests coming from distributed IoT devices. Defending DDoS in IoT has now become an exigent area of research due to the recent incidents of demolishment of some renowned servers, reported in previous few years. In this paper, we discuss the concept of malware and botnets working behind ‘Distributed’ DoS in IoT. The various DDoS defence techniques are broadly described and compared in order to identify the security gaps present in them. Moreover, we list out the open research issues and challenges that need to be addressed for a stronger as well as smarter DDoS defence.
A distributed denial of service (DDoS) attack is an attempt to partially or completely shut down the targeted server with a flood of internet traffic. The primary aim of this attack is to disrupt regular traffic flow to the victim’s server or network. DDoS attacks are volumetric attacks, and non-legacy IoT devices with low security such as webcams, baby monitoring devices and printers are compromised to form a botnet. High traffic from compromised IoT devices is rerouted to servers to disrupt their regular services. DDoS attacks are to an extent covered in the research literature. However, existing research do not discuss all DDoS attacks on general servers and botnet attacks on IoT devices and suggest few detection and mitigation solutions which are limited to addressing attacks on the cloud environment. Existing survey focuses either on the cloud layer or the IoT layer. A complete survey of DDoS attacks for both IoT and the cloud environment is not present in the current literature. Our survey is a comprehensive approach which includes general DDoS attack motivations and specific reasons why attackers prefer IoT devices to launch DDoS attacks. Various attack methods to compromise IoT devices and tools used to deploy botnet-infected IoT devices for DDoS attacks on the cloud layer are presented. A detailed attack classification on IoT devices and the cloud environment is presented considering that IoT devices are first compromised and then used by attackers against their primary targets on the cloud layer. Various state-of-the-art defense measures in the current literature for defense against DDoS attacks are present. Suggestions to implement an essential first line of defense for IoT devices are suggested. Our paper, to the best of our knowledge, is first to provide a holistic study of DDoS attacks from IoT devices to the cloud environment.
In order to effectively detect wireless network intrusion behavior, a combined wireless network intrusion detection model based on deep learning was proposed. First, a feature database was generated by feature mapping, one-hot encoding, and normalization processing. Then, we built a deep belief network (DBN) with the multi-restricted Boltzmann machine (RBM) and the back propagation (BP) network. The BP network layer was connected as an auxiliary layer to the end of the RBM. The back-propagation algorithm was used to fine-tune the weight of the multi-restricted Boltzmann machine. Finally, the support vector machine (SVM) was used to train the detection method. After training, the intrusion detection model, which had the DBN-SVM detection method, was determined. The experimental results show that the detection model has good intrusion detection performance.
Phishing scams and attacks attempt to trick people into providing sensitive personal information such as account login credentials, credit card numbers, banking details and other identifying data. This is done for malicious reasons, by disguising as a trustworthy entity in an electronic communication. It is an example of social engineering techniques used to deceive users and to exploit weaknesses in current web security. It is very popular with cybercriminals, as it is far easier to trick someone into clicking a malicious link in a seemingly legitimate URL than trying to break through a computer's defenses. Nowadays, phishing scammers continually target many critical infrastructures and major financial institutions, companies, government departments, and online service providers around the world. For those infrastructures specifically, skilled phishers use advanced techniques to target both vigilant and naive employees, with destructive often zero-day attacks, including ransomware, malware, bots, spam, spoofing and Cognitive Web Application Firewall to Critical Infrastructures… pharming. This paper proposes an innovative, ultra-fast and low requirements' Intelligence Web Application Firewall (ΙWAF) for Critical Infrastructure Protection (CIP). It discusses the design and development of an intelligent tool which employs an evolving Izhikevich spiking neurons' approach, for the automated identification of phishing web sites. Additionally, it builds Group Policy Objects (GPO) under Windows Domain for automated prevention of phishing attacks. The reasoning of its core is based on advanced computational intelligence approaches.
Security aspects of SCADA environments and the systems within are increasingly a center of interest to researchers and security professionals. As the rise of sophisticated and nation-state malware targeting such systems flourishes, traditional digital forensics tools struggle to transfer the same capabilities to systems lacking typical volatile memory primitives, monitoring software, and the compatible operating-system primitives necessary for conducting forensic investigations. Even worse, SCADA systems are typically not designed and implemented with security in mind, nor were they purpose-built to monitor and record system data at the granularity associated with traditional IT systems. Rather, these systems are often built to control field devices and drive industrial processes. More succinctly, SCADA systems were not designed with a primary goal of interacting with the digital world. Consequently, forensics investigators well-versed in the world of digital forensics and incident response face an array of challenges that prevent them from conducting effective forensic investigation in environments with vast amounts of critical infrastructure. In order to bring SCADA systems within the reach of the armies of digital forensics professionals and tooling already available, both researchers and practitioners need a guide to the current state-of-the-art techniques, a road-map to the challenges lying on the path forward, and insight into the future directions R&D must move towards. To that end, this paper presents a survey into the literature on digital forensics applied to SCADA systems. We cover not only the challenges to applying digital forensics to SCADA like most other reviews, but also the range of proposed frameworks, methodologies, and actual implementations in literature.
Historically, Industrial Automation and Control Systems (IACS) were largely isolated from conventional digital networks such as enterprise ICT environments. Where connectivity was required, a zoned architecture was adopted, with firewalls and/or demilitarized zones used to protect the core control system components. The adoption and deployment of ‘Internet of Things’ (IoT) technologies is leading to architectural changes to IACS, including greater connectivity to industrial systems. This paper reviews what is meant by Industrial IoT (IIoT) and relationships to concepts such as cyber-physical systems and Industry 4.0. The paper develops a definition of IIoT and analyses related partial IoT taxonomies. It develops an analysis framework for IIoT that can be used to enumerate and characterise IIoT devices when studying system architectures and analysing security threats and vulnerabilities. The paper concludes by identifying some gaps in the literature.
The biggest growth rate of network traffic in the coming years will be for smartphones and Internet-connected devices, which relentless tend to perform increasingly demanding tasks on continuously increasing amounts of data. Machine Learning and Edge Computing are emerging as effective paradigms for processing huge amounts of data supplied by the Internet of Things and Smart Cities. An osmotic computing architecture for an IoT smart classroom is used for testing a deep learning model for person recognition. A comparative performance study and analysis was made by means of selecting a single deep learning model, that it was tried to be adapted to run over the cloud, a fog microserver and a mobile edge computing device. The results obtained shown some promising results and also limitations for the edge and fog computing side that will need to be addressed in order to minimize latencies and achieve real-time responses for the present IoT application.
The recent growth of the Internet of Things (IoT) has resulted in a rise in IoT based DDoS attacks. This paper presents a solution to the detection of botnet activity within consumer IoT devices and networks. A novel application of Deep Learning is used to develop a detection model based on a Bidirectional Long Short Term Memory based Recurrent Neural Network (BLSTM-RNN). Word Embedding is used for text recognition and conversion of attack packets into tokenised integer format. The developed BLSTM-RNN detection model is compared to a LSTM-RNN for detecting four attack vectors used by the mirai botnet, and evaluated for accuracy and loss. The paper demonstrates that although the bidirectional approach adds overhead to each epoch and increases processing time, it proves to be a better progressive model over time. A labelled dataset was generated as part of this research, and is available upon request.
This paper presents the development of a Supervisory Control and Data Acquisition (SCADA) system testbed used for cybersecurity research. The testbed consists of a water storage tank’s control system, which is a stage in the process of water treatment and distribution. Sophisticated cyber-attacks were conducted against the testbed. During the attacks, the network traffic was captured, and features were extracted from the traffic to build a dataset for training and testing different machine learning algorithms. Five traditional machine learning algorithms were trained to detect the attacks: Random Forest, Decision Tree, Logistic Regression, Naïve Bayes and KNN. Then, the trained machine learning models were built and deployed in the network, where new tests were made using online network traffic. The performance obtained during the training and testing of the machine learning models was compared to the performance obtained during the online deployment of these models in the network. The results show the efficiency of the machine learning models in detecting the attacks in real time. The testbed provides a good understanding of the effects and consequences of attacks on real SCADA environments.
Keeping up with the burgeoning Internet of Things (IoT) requires staying up to date on the latest network attack trends in dynamic and complicated cyberspace, and take them into account while developing holistic information security (IS) approaches for the IoT. Due to multiple vulnerabilities in the IoT foundations, many targeted attacks are continuing to evolve. This survey of related work in the very specialized field of IS assurance for the IoT develops a taxonomy of typical attacks against IoT assets (with special attention to IoT device protection). Based on this taxonomy, the key directions for countering these attacks are defined. According to the modern demand for the IoT and big IS-related data processing, we propose applying the Security Intelligence approach. The results obtained, when compared with the related work and numerous analogues, are based on the following research methodology: view the IoT as a security object to be protected, leading to understanding its vulnerabilities and possible attacks against the IoT exploiting these vulnerabilities, and from
there approaches to protecting the IoT. A few areas of the future research, among which the IoT operational resilience and usage of the blockchain technology seem to us the most interesting, are indicated.
Efficient management of video sequences is based on adequate video content description. This description can be used for various purposes in different applications, telecommunication services, video and multimedia systems. Video hard cut detection represents the foundation of temporal video segmentation. In this paper, a new video hard cut detection methodology is proposed using multifractal features. Transition between two shots can be described as color and texture differences within a decoded video sequence. In the proposed methodology we formed specific structures by measuring color differences between frames. The formed structures are used for hard cut candidate detection. This is followed by multifractal representation of texture changes by Hölder exponents. The proposed methodology achieves high performance using more than 750,000 frames, extracted from forty different video sequences, classified by four well known genre groups. Moreover, the proposed hard cut detection achieves high performance regardless of high level video production or complex non-linear editing for different genre groups. This is confirmed by comparison between the proposed methodology and other recent work on hard cut detection. © 2018, Springer Science+Business Media, LLC, part of Springer Nature.
With the arrival of Industry 4.0, more and more industrial control systems are connected with the outside world, which brings tremendous convenience to industrial production and control, and also introduces many potential security hazards. After a large number of attack cases analysis, we found that attacks in SCADA systems can be divided into internal attacks and external attacks. Both types of attacks are inevitable. Traditional firewalls, IDSs and IPSs are no longer suitable for industrial control systems. Therefore, we propose behavior-based anomaly detection and build three baselines of normal behaviors. Experiments show that using our proposed detection model, we can quickly detect a variety of attacks on SCADA (Supervisory Control And Data Acquisition) systems.
Closed Circuit Tele-Vision surveillance systems are frequently the subject of
debate. Some parties seek to promote their benefits such as their use in
criminal investigations and providing a feeling of safety to the public. They
have also been on the receiving end of bad press when some consider
intrusiveness has outweighed the benefits. The correct design and use of such
systems is paramount to ensure a CCTV surveillance system meets the needs
of the user, provides a tangible benefit and provides safety and security for
the wider law-abiding public. In focusing on the normative aspects of CCTV,
the paper raises questions concerning the efficiency of understanding
contemporary forms of „social ordering practices‟ primarily in terms of
technical rationalities while neglecting other, more material and ideological
processes involved in the construction of social order. In this paper, a
360-degree view presented on the assessment of the diverse CCTV video
surveillance systems (VSS) of recent past and present in accordance with
technology. Further, an attempt been made to compare different VSS with
their operational strengths and their attacks. Finally, the paper concludes with
a number of future research directions in the design and implementation of
VSS.
A revolution in manufacturing systems is underway: substantial recent investment has been directed towards the development of smart manufacturing systems that are able to respond in real time to changes in customer demands, as well as the conditions in the supply chain and in the factory itself. Smart manufacturing is a key component of the broader thrust towards Industry 4.0, and relies on the creation of a bridge between digital and physical environments through Internet of Things (IoT) technologies, coupled with enhancements to those digital environments through greater use of cloud systems, data analytics and machine learning. Whilst these individual technologies have been in development for some time, their integration with industrial systems leads to new challenges as well as potential benefits. In this paper, we explore the challenges faced by those wishing to secure smart manufacturing systems. Lessons from history suggest that where an attempt has been made to retrofit security on systems for which the primary driver was the development of functionality, there are inevitable and costly breaches. Indeed, today's manufacturing systems have started to experience this over the past few years; however, the integration of complex smart manufacturing technologies massively increases the scope for attack from adversaries aiming at industrial espionage and sabotage. The potential outcome of these attacks ranges from economic damage and lost production, through injury and loss of life, to catastrophic nation-wide effects. In this paper, we discuss the security of existing industrial and manufacturing systems, existing vulnerabilities, potential future cyber-attacks, the weaknesses of existing measures, the levels of awareness and preparedness for future security challenges, and why security must play a key role underpinning the development of future smart manufacturing systems.
Phishing attacks attempt to gain sensitive, confidential information such as usernames, passwords, credit card information, network credentials, and more. By posing as a legitimate individual or institution via phone or email, cyber attackers use social engineering to manipulate victims into performing specific actions—like clicking on a malicious link or attachment—or willfully divulging confidential information.
Heterogeneous Internet of Things (HetIoT) is an emerging research field that has strong potential to transform both our understanding of fundamental computer science principles and our future living. HetIoT is being employed in increasing number of areas, such as smart home, smart city, intelligent transportation, environmental monitoring, security systems, and advanced manufacturing. Therefore, relaying on strong application fields, HetIoT will be filled in our life and provide a variety of convenient services for our future. The network architectures of IoT are intrinsically heterogeneous, including Wireless Sensor Network (WSN), Wireless Fidelity network (Wi-Fi), Wireless Mesh Network (WMN), Mobile Communication Network (MCN), and Vehicular Network. In each network unit, smart devices utilize appropriate communication methods to integrate digital information and physical objects, which provide users with new exciting applications and services. However, the complexity of application requirements, the heterogeneity of network architectures and communication technologies impose many challenges in developing robust HetIoT applications. This paper proposes a four-layer HetIoT architecture consisting of sensing, networking, cloud computing and applications. Then, the state of the art in HetIoT research and applications have been discussed. This paper also suggests several potential solutions to address the challenges facing future HetIoT, including self-organizing, big data transmission, privacy protection, data integration and processing in large-scale HetIoT.
Distributed denial-of-service (DDoS) attacks have become a weapon of choice for hackers, cyber extortionists, and cyber terrorists. These attacks can swiftly incapacitate a victim, causing huge revenue losses. Despite the large number of traditional mitigation solutions that exists today, DDoS attacks continue to grow in frequency, volume, and severity. This calls for a new network paradigm to address the requirements of today’s challenging security threats. Software-defined networking (SDN) is an emerging network paradigm which has gained significant traction by many researchers to address the requirement of today’s data centers. Inspired by the capabilities of SDN, we present a comprehensive survey of existing SDN-based DDoS attack detection and mitigation solutions. We classify solutions based on DDoS attack detection techniques and identify requirements of an effective solution. Based on our findings, we propose a novel framework for detection and mitigation of DDoS attacks in a large-scale network which comprises a smart city built on SDN infrastructure. Our proposed framework is capable of meeting application-specific DDoS attack detection and mitigation requirements. The primary contribution of this paper is twofold. First, we provide an in-depth survey and discussion of SDN-based DDoS attack detection and mitigation mechanisms, and we classify them with respect to the detection techniques. Second, leveraging the characteristics of SDN for network security, we propose and present an SDN-based proactive DDoS Defense Framework (ProDefense). We show how this framework can be utilized to secure applications built for smart cities. Moreover, the paper highlights open research challenges, future research directions, and recommendations related to SDN-based DDoS detection and mitigation.
Video surveillance, closed-circuit TV and IP-camera systems became virtually omnipresent and indispensable for many organizations, businesses, and users. Their main purpose is to provide physical security, increase safety, and prevent crime. They also became increasingly complex, comprising many communication means, embedded hardware and non-trivial firmware. However, most research to date focused mainly on the privacy aspects of such systems, and did not fully address their issues related to cyber-security in general, and visual layer (i.e., imagery semantics) attacks in particular.
In this paper, we conduct a systematic review of existing and novel threats in video surveillance, closed-circuit TV and IP-camera systems based on publicly available data. The insights can then be used to better understand and identify the security and the privacy risks associated with the development, deployment and use of these systems. We study existing and novel threats, along with their existing or possible countermeasures, and summarize this knowledge into a comprehensive table that can be used in a practical way as a security checklist when assessing cyber-security level of existing or new CCTV designs and deployments. We also provide a set of recommendations and mitigations that can help improve the security and privacy levels provided by the hardware, the firmware, the network communications and the operation of video surveillance systems. We hope the findings in this paper will provide a valuable knowledge of the threat landscape that such systems are exposed to, as well as promote further research and widen the scope of this field beyond its current boundaries.
Many of the world's leading industrial nations have invested in national initiatives to foster advanced manufacturing, innovation, and design for the globalized world. Much of this investment has been driven by visions such as Industry 4.0, striving to achieve a future where intelligent factories and smart manufacturing are the norm. Within this realm, innovations such as the Industrial Internet of Things, Cloud-based Design and Manufacturing (CBDM), and Social Product Development (SPD) have emerged with a focus on capitalizing on the benefits and economies of scale provided by Internet Protocol (IP) communication technologies. Another emerging idea is the notion of software-defined systems such as software-defined networks, which exploit abstraction and inexpensive hardware advancements in an effort to build more flexible systems. Recently, the authors have begun considering how the notion of software-defined systems might be harnessed to achieve flexible cloud manufacturing systems. As a result, this paper introduces the notion of Software-Defined Cloud Manufacturing (SDCM). We describe a basic SDCM architecture based on leveraging abstraction between manufacturing hardware and cloud-based applications, services, and platforms. The goal of SDCM is to advance Cloud-Based Manufacturing and other Industry 4.0 pillars by providing agility, flexibility, and adaptability while also reducing various complexity challenges.
Phonocardiography has shown a great potential for developing low-cost computer-aided diagnosis systems for cardiovascular monitoring. So far, most of the work reported regarding cardiosignal analysis using multifractals is oriented towards heartbeat dynamics. This paper represents a step towards automatic detection of one of the most common pathological syndromes, so-called mitral valve prolapse (MVP), using phonocardiograms and multifractal analysis. Subtle features characteristic for MVP in phonocardiograms may be difficult to detect. The approach for revealing such features should be locally based rather than globally based. Nevertheless, if their appearances are specific and frequent, they can affect a multifractal spectrum. This has been the case in our experiment with the click syndrome. Totally, 117 pediatric phonocardiographic recordings (PCGs), 8 seconds long each, obtained from 117 patients were used for PMV automatic detection. We propose a two-step algorithm to distinguish PCGs that belong to children with healthy hearts and children with prolapsed mitral valves (PMVs). Obtained results show high accuracy of the method. We achieved 96.91% accuracy on the dataset (97 recordings). Additionally, 90% accuracy is achieved for the evaluation dataset (20 recordings). Content of the datasets is confirmed by the echocardiographic screening.
The integration of new technologies into the power grid leads to a growing, complex, interconnected system that is exposed to various cyber vulnerabilities. A power grid operating state can be altered due to the dynamic cyber-attacks which target different system objectives. This article brings forward the approach of power grid behavior analysis to identify two operating states: normal versus attacked. Once established the features for such states, we focus on Deep Neural Networks as security methods to mitigate the impact of cyber-attacks on the power grid by providing a case study simulation in MATLAB to sustain the proposed method.
Distributed denial of service (DDoS)cyber-attack poses a severe threat to the industrial Internet of Things (IIoT)operation due to the security vulnerabilities resulted from increased connectivity and openness, and the large number of deployed low computation power devices. This paper applies Fog computing concept in DDoS mitigation by allocating traffic monitoring and analysis work close to local devices, and, on the other hand, coordinating and consolidating work to cloud central servers so as to achieve fast response while at low false alarm rate. The mitigation scheme consists of real-time traffic filtering via field firewall devices, which are able to reversely filter the signature botnet attack packets; offline specification based traffic analysis via virtualized network functions (VNFs)in the local servers; and centralized coordination via cloud server, which consolidates and correlates the information from the distributed local servers to make a more accurate decision. The proposed scheme is tested in an industrial control system testbed and the experiments evaluate the detection time and rate for two types of DDoS attacks and demonstrate the effectiveness of the scheme.
Lots of analysis and development work goes on within the field of internet of Things. Gartner, Inc. has conjointly foretold that 6.4 billion connected things are in use worldwide in 2016 and can reach 20.8 billion by 2020. Internet of Things has such a large amount of applications in today’s day to day life like Home automation, Healthcare, Smart grid, sensible automobile etc., and its generating large quantity of data which these devices are sharing. It results in several security issues like the way to secure these devices, knowledge and communication from unauthorized access. IoT uses minimal capability “things” (devices) and wireless technology for communication that makes it a lot of vulnerable. While without providing enough security, the promising benefits of Internet of Things will be misused and worthless. In this paper we are going to discuss in short regarding internet of Things, its applications, security necessities, security problems and major security threats.
The proliferation of IoT devices that can be more easily compromised than desktop computers has led to an increase in IoT-based botnet attacks. To mitigate this threat, there is a need for new methods that detect attacks launched from compromised IoT devices and that differentiate between hours- and milliseconds-long IoT-based attacks. In this article, we propose a novel network-based anomaly detection method for the IoT called N-BaIoT that extracts behavior snapshots of the network and uses deep autoencoders to detect anomalous network traffic from compromised IoT devices. To evaluate our method, we infected nine commercial IoT devices in our lab with two widely known IoT-based botnets, Mirai and BASHLITE. The evaluation results demonstrated our proposed methods ability to accurately and instantly detect the attacks as they were being launched from the compromised IoT devices that were part of a botnet.
Industrial cyber-physical systems (ICPSs) are the backbones of Industry 4.0 and as such, have become a core transdisciplinary area of research, both in industry and academia. New challenges brought about by the growing scale and complexity of systems, insufficient information exchange and the exploitation of knowledge available have started threatening the overall system safety and stability. This work is motivated by these challenges and the strategic and practical demands of developing ICPSs for safety-critical systems such as the intelligent factory and the smart grid. It investigates the current status of research in ICPS monitoring and control, and reviews the recent advances in monitoring, fault diagnosis and control approaches based on data-driven realization, which can take full advantage of the abundant data available from past observations and those collected online in real time. The practical requirements in the typical ICPS applications are summarized as the major issues to be addressed for the monitoring and the safety control tasks. The key challenges and the research directions are proposed as references to the future work.
Internet of Things (IoT) devices are increasingly deployed in different industries and for different purposes (e.g. sensing/collecting of environmental data in both civilian and military settings). The increasing presence in a broad range of applications, and their increasing computing and processing capabilities make them a valuable attack target, such as malware designed to compromise specific IoT devices. In this paper, we explore the potential of using Recurrent Neural Network (RNN) deep learning in detecting IoT malware. Specifically, our approach uses RNN to analyze ARM-based IoT applications’ execution operation codes (OpCodes). To train our models, we use an IoT application dataset comprising 281 malware and 270 benign ware. Then, we evaluate the trained model using 100 new IoT malware samples (i.e. not previously exposed to the model) with three different Long Short Term Memory (LSTM) configurations. Findings of the 10-fold cross validation analysis show that the second configuration with 2-layer neurons has the highest accuracy (98.18%) in the detection of new malware samples. A comparative summary with other machine learning classifiers also demonstrate that the LSTM approach delivers the best possible outcome.
Network intrusion detection systems (NIDSs) play a crucial role in defending computer networks. However, there are concerns regarding the feasibility and sustainability of current approaches when faced with the demands of modern networks. More specifically, these concerns relate to the increasing levels of required human interaction and the decreasing levels of detection accuracy. This paper presents a novel deep learning technique for intrusion detection, which addresses these concerns. We detail our proposed nonsymmetric deep autoencoder (NDAE) for unsupervised feature learning. Furthermore, we also propose our novel deep learning classification model constructed using stacked NDAEs. Our proposed classifier has been implemented in graphics processing unit (GPU)-enabled TensorFlow and evaluated using the benchmark KDD Cup ’99 and NSL-KDD datasets. Promising results have been obtained from our model thus far, demonstrating improvements over existing approaches and the strong potential for use in modern NIDSs.
Deep learning is a promising approach for extracting accurate information from raw sensor data from IoT devices deployed in complex environments. Because of its multilayer structure, deep learning is also appropriate for the edge computing environment. Therefore, in this article, we first introduce deep learning for IoTs into the edge computing environment. Since existing edge nodes have limited processing capability, we also design a novel offloading strategy to optimize the performance of IoT deep learning applications with edge computing. In the performance evaluation, we test the performance of executing multiple deep learning tasks in an edge computing environment with our strategy. The evaluation results show that our method outperforms other optimization solutions on deep learning for IoT.
Intrusion detection plays an important role in ensuring information security, and the key technology is to accurately identify various attacks in the network. In our study, we explore how to model an intrusion detection system based on deep learning, and we propose a deep learning approach for intrusion detection using recurrent neural networks (RNN-IDS). Moreover, we study the performance of the model in binary classification and multiclass classification, and the number of neurons and different learning rate impacts on the performance of the proposed model. We compare it with those of J48, Artificial Neural Network, Random Forest, Support Vector Machine and other machine learning methods proposed by previous researchers on the benchmark dataset. The experimental results show that RNN-IDS is very suitable for modelling a classification model with high accuracy and that its performance is superior to that of traditional machine learning classification methods in both binary and multiclass classification. The RNN-IDS model improves the accuracy of the intrusion detection and provides a new research method for intrusion detection.
Deep learning can enable Internet of Things (IoT) devices to interpret unstructured multimedia data and intelligently react to both user and environmental events but has demanding performance and power requirements. The authors explore two ways to successfully integrate deep learning with low-power IoT products.
The emergence of Internet of Things (IoT) has enabled the interconnection and intercommunication among massive ubiquitous things, which caused an unprecedented generation of huge and heterogeneous amount of data, known as data explosions. On the other hand, although that cloud computing has served as an efficient way to process and store these data, however, challenges, such as the increasing demands of real time or latency-sensitive applications and the limitation of network bandwidth, still cannot be solved by using only cloud computing. Therefore, a new computing paradigm, known as fog computing, has been proposed as a complement to the cloud solution. Fog computing extends the cloud services to the edge of network, and makes computation, communication and storage closer to edge devices and end-users, which aims to enhance low-latency, mobility, network bandwidth, security and privacy. In this paper, we will overview and summarize fog computing model architecture, key technologies, applications, challenges and open issues. Firstly, we will present the hierarchical architecture of fog computing and its characteristics, and compare it with cloud computing and edge computing to emphasize the similarities and differences. Then, the key technologies like computing, communication and storage technologies, naming, resource management, security and privacy protection are introduced to present how to support its deployment and application in a detailed manner. Several application cases like health care, augmented reality, brain machine interface and gaming, smart environments and vehicular fog computing are also presented to further explain fog computing application scenarios. Finally, based on the observation, we propose some challenges and open issues which are worth further in-depth study and research in fog computing development.
Originally initiated in Germany, Industry 4.0, the fourth industrial revolution, has attracted much attention in recent literatures. It is closely related with the Internet of Things (IoT), Cyber Physical System (CPS), information and communications technology (ICT), Enterprise Architecture (EA), and Enterprise Integration (EI). Despite of the dynamic nature of the research on Industry 4.0, however, a systematic and extensive review of recent research on it is has been unavailable. Accordingly, this paper conducts a comprehensive review on Industry 4.0 and presents an overview of the content, scope, and findings of Industry 4.0 by examining the existing literatures in all of the databases within the Web of Science. Altogether, 88 papers related to Industry 4.0 are grouped into five research categories and reviewed. In addition, this paper outlines the critical issue of the interoperability of Industry 4.0, and proposes a conceptual framework of interoperability regarding Industry 4.0. Challenges and trends for future research on Industry 4.0 are discussed.
High definition video streams increase their Internet presence year over year. Therefore, they are starting to challenge network resource allocation with their bandwidth requirements and statistical characteristics. In this paper, we apply a seasonal autoregressive model for modeling and prediction of 4K video traffic, encoded with H.265 (HEVC) encoding standard. The obtained experimental results are based on analyzing over 17.000 high definition video frames. We show that the proposed methodology provides good accuracy in high definition video traffic modeling and afterwards we gave an overview of pros and cons of 4K video traffic prediction.
In this paper we analyze video traffic variability taking into account H.265/HEVC video encoding. In particular, we examine the video trace variability considering high definition and ultra high definition (4k) formats. The preliminary results show the frame based differentiation between the new and common formats. The obtained results seem promising and can be considered useful for video traffic monitoring and next-generation network support.
Video surveillance systems are usually installed to increase the safety and security of people or property in the monitored areas. Typical threat scenarios are robbery, vandalism, shoplifting or terrorism. Other application scenarios are more intimate and private such as home monitoring or assisted living. For a long time, it was accepted that the potential benefits of video surveillance go hand in hand with a loss of personal privacy. However, with the on-board processing capabilities of modern embedded systems it becomes possible to compensate this privacy loss by making security and privacy protection inherent features of video surveillance cameras. In the first part of this chapter, we motivate the need for the integration of security and privacy features, we discuss fundamental requirements and provide a comprehensive review of the state of the art. The second part presents the TrustCAM prototype system where a dedicated hardware security module is integrated into a camera system to achieve a high level of security. The chapter is concluded by a summary of open research issues and an outlook to future trends. © 2013 Springer-Verlag Berlin Heidelberg. All rights are reserved.
Cybersecurity in SCADA engineering
- A Hurttila
Long short-term memory recurrent neural network for detecting DDoS flooding attacks within TensorFlow implementation framework. (Doctoral dissertation)
- P K Bediako
Evaluating IP surveillance camera vulnerabilities.
- B.Cusack