Specifications of a Simulation Framework for Virtualized Intelligent Electronic Devices in Smart Grids Covering Networking and Security Requirements

As power system's operational technology converges with innovative information and communication technologies, the need for extensive resilience testing for scenarios covering the electrical grid, networking bottlenecks, as well as cyber security threats, become a necessity. This paper proposes a comprehensive, multi-disciplinary simulation...

A Cost-Sensitive Machine Learning Model With Multitask Learning for Intrusion Detection in IoT

A problem with machine learning (ML) techniques for detecting intrusions in the Internet of Things (IoT) is that they are ineffective in the detection of low-frequency intrusions. In addition, as ML models are trained using specific attack categories, they cannot recognize unknown attacks. This article integrates strategies of cost-sensitive...

Ruling the Rules: Quantifying the Evolution of Rulesets, Alerts and Incidents in Network Intrusion Detection

Notwithstanding the predicted demise of signature-based network monitoring, it is still part of the bedrock of security operations. Rulesets are fundamental to the efficacy of Network Intrusion Detection Systems (NIDS). Yet, they have rarely been studied in production environments. We partner with a Managed Security Service Provider (MSSP) to...

Efficient Learning of Communication Profiles from IP Flow Records

The task of network traffic monitoring has evolved drastically with the ever-increasing amount of data flowing in large scale networks. The automated analysis of this tremendous source of information often comes with using simpler models on aggregated data (e.g. IP flow records) due to time and space constraints. A step towards utilizing IP flow...

Designs and algorithms for packet and content inspection

This dissertation deals with essential issues pertaining to high performance processing for network security and deep packet inspection. The proposed solutions keep pace with the increasing number and complexity of known attack descriptions providing multi-Gbps processing rates. We advocate the use of reconfigurable hardware to provide...