Emerging Cyber Tech for Evolving Cyber Threats Chris Hankin

Slides:



Advertisements
Similar presentations
Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
Advertisements

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Copyright © 2012, SAS Institute Inc. All rights reserved. Cyber Security threats to Open Government Data Vishal Marria April 2014.
Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.
Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.
NIS Directive and NIS Platform
Big Data Analytics and Challenge Presented by Saurabh Rastogi Asst. Prof. in Maharaja Agrasen Institute of Technology B.Tech(IT), M.Tech(IT)
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Department Of Computer Engineering
Intrusion and Anomaly Detection in Network Traffic Streams: Checking and Machine Learning Approaches ONR MURI area: High Confidence Real-Time Misuse and.
Cyber Security of Smart Grid Systems
Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.
“Assuring Reliable and Secure IT Services”. IT Redundancy: Its Value How much reliability to buy? Customer Service impacted as a result of 15 minutes.
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.
Project co-funded by the European Commission within the 7th Framework Program (Grant Agreement No ) Business Convergence WS#2 Smart Grid Technologies.
The Real Deal With SIM/SEM The Promise of Security Information / Event Management Scott Sidel Sr. Security Manager Computer Sciences Corp.
Automatic Detection of Emerging Threats to Computer Networks Andre McDonald.
CIP 2015 Smart Grid Vulnerability Assessment Using National Testbed Networks IHAB DARWISHOBINNA IGBETAREQ SAADAWI.
1 Intrusion Detection “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking resources.”
I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.
NATIONAL CYBER SECURITY GOVERNANCE & EMERGING CYBER SECURITY THREATS
Security and Resilience Pat Looney Brookhaven National Laboratory April 2016.
Cyber Security – Client View Peter Gibbons | Head of Cyber Security, Group Business Services Suppliers’ Summer Conference 15/07/2015.
Koustav Sadhukhan, Rao Arvind Mallari and Tarun Yadav DRDO, Ministry of Defense, INDIA Cyber Attack Thread: A Control-flow Based Approach to Deconstruct.
DOWeR Detecting Outliers in Web Service Requests Master’s Presentation of Christian Blass.
Proactive Incident Response
University of Arkansas
TriggerScope: Towards Detecting Logic Bombs in Android Applications
Data Minimization Framework
4th SG13 Regional Workshop for Africa on “Future Networks for a better Africa: IMT-2020, Trust, Cloud Computing and Big Data” (Accra, Ghana, March.
Center of Excellence in Cyber Security
A lustrum of malware network communication: Evolution & insights
MadeCR: Correlation-based Malware Detection for Cognitive Radio
and Security Management: ISO 28000
Intelligence Driven Defense, The Next Generation SOC
ASSET - Automotive Software cyber SEcuriTy
Detection and Analysis of Threats to the Energy Sector (DATES)
Report by: Katiuscia Zedda
Standards for success in city IT and construction projects
Closing the Breach Detection Gap
C4I, Internet of Things and Critical Infrastructure Protection
Cyber Security in Ports Business as Usual?
Advanced Services Cyber Security 101 © ABB February, | Slide 1.
America’s First National Critical Infrastructure Exercise
Secure Control Systems - A Quantitative Risk Management Approach
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Detecting Targeted Attacks Using Shadow Honeypots
A survey of network anomaly detection techniques
Four Generations of Security Devices Putting IDS in Context
PGE Chris Nolke, Director of Cybersecurity
CRITICAL INFRASTRUCTURE CYBERSECURITY
Panda Adaptive Defense Platform and Services
Opportunities in Horizon2020 in Cybersecurity call for proposals
How to Mitigate the Consequences What are the Countermeasures?
How to Detect Attacks and Supervise Rail Systems?
Remah Alshinina and Khaled Elleithy DISCRIMINATOR NETWORK
Enhanced alerting and collaborative incident management
Intrusion Detection system
Identifying Slow HTTP DoS/DDoS Attacks against Web Servers DEPARTMENT ANDDepartment of Computer Science & Information SPECIALIZATIONTechnology, University.
Matteo Merialdo RHEA Group Innovative aspects in cyber range solutions.
Wenyu Ren, Timothy Yardley, Klara Nahrstedt
Data Mining & Machine Learning Lab
Final Conference 18 Set 2018.
Cyber Security of SCADA Systems Remote Terminal Units (RTU)
Autonomous Network Alerting Systems and Programmable Networks
Security in SDR & cognitive radio
Detecting Attacks Against Robotic Vehicles:
Adding security to your ICS environment? Fine! But how?!
Presentation transcript:

Emerging Cyber Tech for Evolving Cyber Threats Chris Hankin Imperial College London and Director of RITICS November 2017

Verizon 2017 Data Breach Investigations Report Data based on 1935 breaches in 2016 dataset.

Recent attacks - Hackmaggeddon

Vermont Electric Company

Research Institute in Trustworthy Industrial Control Systems MUMBA: Multifaceted metrics for ICS business risk analysis CAPRICA: Converged approach towards resilient industrial control systems and cyber assurance CEDRICS: Communicating and evaluating cyber risk and dependencies in ICS SCEPTICS: A systematic evaluation process for threats to ICS (incl. national grid and rail networks) RITICS: Novel, effective and efficient interventions

ICS-CERT 2015: Incidents by sector 295 total (2015) 2016 update 290 incidents Critical Manufacturing 62 Communications 62 Energy 59

Essential Services and Digital Services Competent Authorities NIS Directive Essential Services and Digital Services Competent Authorities Principles Appropriate organisational structures, … Proportionate Security measures, … Appropriate capabilities to remain effective and detect, … Capabilities to minimise impact, … Incident Reporting Fines

A second kill chain Develop Test Deliver Install/Modify ICS Attack Execute ICS Attack ICS Attack

From: Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains, by Hutchins et al, Lockheed Martin Corporation

ICS-CERT Advice (based on 2014/2015)

Key Questions / Challenges Do we understand the harm threats pose to our ICS systems and business? Can we confidently articulate these threats as business risk? What could be novel effective and efficient interventions?

Optimising portfolios of cyber controls RITICS@Imperial Optimising portfolios of cyber controls Achieving resilience through diversity Anomaly detection Stealthy attackers Malware classification

NIDS – Anomaly Detection Package Level Detection by Bloom Filter Construct a signature database by observing regular communication patterns. Incorporate the signature database into the bloom filter detector. Detect anomalous data packages at package-content level. Time-series Level Detection by Long Short Term Memory (LSTM) Address temporal dependence between consecutive packages Learn the most likely package signatures from seen packages by LSTM. Further classification of packages at time-series level. Evaluation by Public ICS Database and Comparison Apply to a public ICS dataset created from a SCADA system for a gas pipeline. Significantly outperform other existing approach and produce state-of-the-art results.

Experiments – Comparison Comparison with Other Anomaly Detection Methods Evaluation metrics – Precision, Recall, Accuracy and F-score. Compare with other anomaly detection methods. Detected ratio (recall) for seven types of attacks. Type of Attacks Abbreviation Normal Normal(0) Naïve Malicious Response Injection NMRI(1) Complex Malicious Response Injection CMRI(2) Malicious State Command Injection MSCI(3) Malicious Parameter Command Injection MPCI(4) Malicious Function Code Injection MFCI(5) Denial of Service DOS(6) Reconnaissance Recon(7) PCA-SVD is already applied on the same dataset K is set to 4.

Stealthy Attacks Objectives Main Contributions A framework for conducting stealthy attacks with minimal knowledge of the target ICS Better understanding of the limitations of current detection mechanisms, and the real threat posed by stealthy attacks to ICS. Main Contributions Demonstrated attacks can be automatically achieved by intercepting the sensor/control signals for a period of time using a particularly designed real-time learning method. Used adversarial training technique – Wasserstein GAN to generate false data that can successfully bypass the IDS and still deliver specific attack goals. Two real-world datasets are used to validate the effectiveness of our framework. A gas pipeline SCADA system. Secure Water treatment testbed from iTrust@SUTD.

Stealthy Attacks against ICS Monitoring signals Main control loops of a typical ICS To date such stealthy attacks are considered to be extremely challenging to achieve, and as a result, they have received limited attention. Attackers that want to remain undetected can attempt to hide their manipulation of the system by following closely the expected behavior of the system, while injecting just enough false information at each time step to achieve their goals. Intercept the expected behaviours of the system via compromised channels. Injected malicious sensor reading at each time step to achieve certain attack goals. Attackers attempt to hide their manipulation; remain undetected by ADS.

A Changing Landscape Quantum-safe Crypto Blockchain and Distributed Ledger Technology The Internet of Things and Cyber-Physical systems

Thank you

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.