Presentation is loading. Please wait.

Presentation is loading. Please wait.

Emerging Cyber Tech for Evolving Cyber Threats Chris Hankin

Published byRose Stevenson Modified over 6 years ago

Similar presentations

Presentation on theme: "Emerging Cyber Tech for Evolving Cyber Threats Chris Hankin"— Presentation transcript:

1 Emerging Cyber Tech for Evolving Cyber Threats Chris Hankin
Imperial College London and Director of RITICS November 2017

2 Verizon 2017 Data Breach Investigations Report
Data based on 1935 breaches in 2016 dataset.

3 Recent attacks - Hackmaggeddon

4 Vermont Electric Company

5 Research Institute in Trustworthy Industrial Control Systems
MUMBA: Multifaceted metrics for ICS business risk analysis CAPRICA: Converged approach towards resilient industrial control systems and cyber assurance CEDRICS: Communicating and evaluating cyber risk and dependencies in ICS SCEPTICS: A systematic evaluation process for threats to ICS (incl. national grid and rail networks) RITICS: Novel, effective and efficient interventions

6 ICS-CERT 2015: Incidents by sector
295 total (2015) 2016 update 290 incidents Critical Manufacturing 62 Communications 62 Energy 59

7 Essential Services and Digital Services Competent Authorities
NIS Directive Essential Services and Digital Services Competent Authorities Principles Appropriate organisational structures, … Proportionate Security measures, … Appropriate capabilities to remain effective and detect, … Capabilities to minimise impact, … Incident Reporting Fines

8 A second kill chain Develop Test Deliver Install/Modify ICS Attack
Execute ICS Attack ICS Attack

9 From: Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains, by Hutchins et al, Lockheed Martin Corporation

10 ICS-CERT Advice (based on 2014/2015)

11 Key Questions / Challenges
Do we understand the harm threats pose to our ICS systems and business? Can we confidently articulate these threats as business risk? What could be novel effective and efficient interventions?

12 Optimising portfolios of cyber controls
Optimising portfolios of cyber controls Achieving resilience through diversity Anomaly detection Stealthy attackers Malware classification

13 NIDS – Anomaly Detection
Package Level Detection by Bloom Filter Construct a signature database by observing regular communication patterns. Incorporate the signature database into the bloom filter detector. Detect anomalous data packages at package-content level. Time-series Level Detection by Long Short Term Memory (LSTM) Address temporal dependence between consecutive packages Learn the most likely package signatures from seen packages by LSTM. Further classification of packages at time-series level. Evaluation by Public ICS Database and Comparison Apply to a public ICS dataset created from a SCADA system for a gas pipeline. Significantly outperform other existing approach and produce state-of-the-art results.

14 Experiments – Comparison
Comparison with Other Anomaly Detection Methods Evaluation metrics – Precision, Recall, Accuracy and F-score. Compare with other anomaly detection methods. Detected ratio (recall) for seven types of attacks. Type of Attacks Abbreviation Normal Normal(0) Naïve Malicious Response Injection NMRI(1) Complex Malicious Response Injection CMRI(2) Malicious State Command Injection MSCI(3) Malicious Parameter Command Injection MPCI(4) Malicious Function Code Injection MFCI(5) Denial of Service DOS(6) Reconnaissance Recon(7) PCA-SVD is already applied on the same dataset K is set to 4.

15 Stealthy Attacks Objectives Main Contributions
A framework for conducting stealthy attacks with minimal knowledge of the target ICS Better understanding of the limitations of current detection mechanisms, and the real threat posed by stealthy attacks to ICS. Main Contributions Demonstrated attacks can be automatically achieved by intercepting the sensor/control signals for a period of time using a particularly designed real-time learning method. Used adversarial training technique – Wasserstein GAN to generate false data that can successfully bypass the IDS and still deliver specific attack goals. Two real-world datasets are used to validate the effectiveness of our framework. A gas pipeline SCADA system. Secure Water treatment testbed from

16 Stealthy Attacks against ICS
Monitoring signals Main control loops of a typical ICS To date such stealthy attacks are considered to be extremely challenging to achieve, and as a result, they have received limited attention. Attackers that want to remain undetected can attempt to hide their manipulation of the system by following closely the expected behavior of the system, while injecting just enough false information at each time step to achieve their goals. Intercept the expected behaviours of the system via compromised channels. Injected malicious sensor reading at each time step to achieve certain attack goals. Attackers attempt to hide their manipulation; remain undetected by ADS.

17 A Changing Landscape Quantum-safe Crypto
Blockchain and Distributed Ledger Technology The Internet of Things and Cyber-Physical systems

18 Thank you

Download ppt "Emerging Cyber Tech for Evolving Cyber Threats Chris Hankin"

Similar presentations

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Copyright © 2012, SAS Institute Inc. All rights reserved. Cyber Security threats to Open Government Data Vishal Marria April 2014.

Copyright © 2012, SAS Institute Inc. All rights reserved. Cyber Security threats to Open Government Data Vishal Marria April 2014.
Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.

Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.
Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.

Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.
NIS Directive and NIS Platform

NIS Directive and NIS Platform
Big Data Analytics and Challenge Presented by Saurabh Rastogi Asst. Prof. in Maharaja Agrasen Institute of Technology B.Tech(IT), M.Tech(IT)

Big Data Analytics and Challenge Presented by Saurabh Rastogi Asst. Prof. in Maharaja Agrasen Institute of Technology B.Tech(IT), M.Tech(IT)
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Department Of Computer Engineering

Department Of Computer Engineering
Intrusion and Anomaly Detection in Network Traffic Streams: Checking and Machine Learning Approaches ONR MURI area: High Confidence Real-Time Misuse and.

Intrusion and Anomaly Detection in Network Traffic Streams: Checking and Machine Learning Approaches ONR MURI area: High Confidence Real-Time Misuse and.
Cyber Security of Smart Grid Systems

Cyber Security of Smart Grid Systems
Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.

Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.
“Assuring Reliable and Secure IT Services”. IT Redundancy: Its Value How much reliability to buy? Customer Service impacted as a result of 15 minutes.

“Assuring Reliable and Secure IT Services”. IT Redundancy: Its Value How much reliability to buy? Customer Service impacted as a result of 15 minutes.
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.

Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.
Project co-funded by the European Commission within the 7th Framework Program (Grant Agreement No. 619682 ) Business Convergence WS#2 Smart Grid Technologies.

Project co-funded by the European Commission within the 7th Framework Program (Grant Agreement No ) Business Convergence WS#2 Smart Grid Technologies.
The Real Deal With SIM/SEM The Promise of Security Information / Event Management Scott Sidel Sr. Security Manager Computer Sciences Corp.

The Real Deal With SIM/SEM The Promise of Security Information / Event Management Scott Sidel Sr. Security Manager Computer Sciences Corp.
Automatic Detection of Emerging Threats to Computer Networks Andre McDonald.

Automatic Detection of Emerging Threats to Computer Networks Andre McDonald.
CIP 2015 Smart Grid Vulnerability Assessment Using National Testbed Networks IHAB DARWISHOBINNA IGBETAREQ SAADAWI.

CIP 2015 Smart Grid Vulnerability Assessment Using National Testbed Networks IHAB DARWISHOBINNA IGBETAREQ SAADAWI.

Similar presentations

Ads by Google