Specifications of a Simulation Framework for Virtualized Intelligent Electronic Devices in Smart Grids Covering Networking and Security Requirements

As power system's operational technology converges with innovative information and communication technologies, the need for extensive resilience testing for scenarios covering the electrical grid, networking bottlenecks, as well as cyber security threats, become a necessity. This paper proposes a comprehensive, multi-disciplinary simulation...

A Cost-Sensitive Machine Learning Model With Multitask Learning for Intrusion Detection in IoT

A problem with machine learning (ML) techniques for detecting intrusions in the Internet of Things (IoT) is that they are ineffective in the detection of low-frequency intrusions. In addition, as ML models are trained using specific attack categories, they cannot recognize unknown attacks. This article integrates strategies of cost-sensitive...

Ruling the Rules: Quantifying the Evolution of Rulesets, Alerts and Incidents in Network Intrusion Detection

Notwithstanding the predicted demise of signature-based network monitoring, it is still part of the bedrock of security operations. Rulesets are fundamental to the efficacy of Network Intrusion Detection Systems (NIDS). Yet, they have rarely been studied in production environments. We partner with a Managed Security Service Provider (MSSP) to...

Efficient Learning of Communication Profiles from IP Flow Records

The task of network traffic monitoring has evolved drastically with the ever-increasing amount of data flowing in large scale networks. The automated analysis of this tremendous source of information often comes with using simpler models on aggregated data (e.g. IP flow records) due to time and space constraints. A step towards utilizing IP flow...

Anomaly Detection Beyond the Research Setting: An exploration of the use of statistics and machine learning to detect cyber attacks

In this work we approach the problem of deploying anomaly detection techniques for detecting cyber attacks in an organisational environment. Anomaly detection has been an active research area for almost three decades with promising results. However, few such systems have been successfully im- plemented in an operational environment for improving...

Event correlation for detecting advanced multi-stage cyber-attacks

Rapidly evolving IT infrastructures bring beneficial effects to society and promote information sharing and use. However, vulnerabilities create opportunities for hostile users to perform malicious activities and IT security has gradually turned into a critical research area for organizations and governments. Processes of decision making in...

Towards a roadmap for development of intelligent data analysis based cyber attack detection systems

Cyber-attacks against companies and governments are seeing an increase in complexity and persistence. These more complex attacks are aimed at penetrating corporate and government networks to obtain classified information. Common intrusion detection methods lack in their ability to detect such complex attacks. A framework is proposed to relate...

Designs and algorithms for packet and content inspection

This dissertation deals with essential issues pertaining to high performance processing for network security and deep packet inspection. The proposed solutions keep pace with the increasing number and complexity of known attack descriptions providing multi-Gbps processing rates. We advocate the use of reconfigurable hardware to provide...