Béla Genge scite author profile

Abstract-Internet is considered a Critical Infrastructure (CI) that is vital for both the economy and the society. Disruptions caused by natural disasters, malicious human actions and even hardware failure pose serious risks. Emulation testbeds are increasingly used to study the Internet in order to improve protection and response mechanisms. These are frequently considered more adequate than software simulators to realistically recreate the complex behavior of networks. In this paper we study how testbeds based on the Emulab software can be used to conduct scientifically rigorous experiments, specifically in terms of: a) experiment fidelity, b) repeatability, c) measurement accuracy, and d) interference.Our study, which is based on extensive experimentation on different testbeds, indicates that the current trend of using emulation testbeds is justified as both realistic and efficient. We show that Emulab-based experiments are representative of real systems in terms of emerging behavior (qualitative) and that repeatable experiments are possible. The main contribution of this tutorial article is that based on experimental results we identified caveats and provided insights to significant configuration parameters and limitations that are further elaborated into a set of guidelines that any Emulab user should be aware of. Then, he/she can decide about the importance of each guideline in the context of a specific study and experiment.

show abstract

Data clustering-based anomaly detection in industrial control systems

Kiss

Genge

Haller

et al. 2014

View full text Add to dashboard Cite

A system dynamics approach for assessing the impact of cyber attacks on critical infrastructures

Genge

Kiss

Haller

2015

International Journal of Critical Infrastructure Protection

View full text Add to dashboard Cite

A clustering-based approach to detect cyber attacks in process control systems

Kiss

Genge

Haller

2015

View full text Add to dashboard Cite

ShoVAT: Shodan‐based vulnerability assessment tool for Internet‐facing services

Genge

Enăchescu

2015

Security Comm Networks

View full text Add to dashboard Cite

Shodan has been acknowledged as one of the most popular search engines available today, designed to crawl the Internet and to index discovered services. This paper expands the features exposed by Shodan with advanced vulnerability assessment capabilities embedded into a novel tool called Shodan‐based vulnerability assessment tool (ShoVAT). ShoVAT takes the output of traditional Shodan queries and performs an in‐depth analysis of service‐specific data, that is, service banners. It embodies specially crafted algorithms which rely on novel in‐memory data structures to automatically reconstruct Common Platform Enumeration names and to proficiently extract vulnerabilities from National Vulnerability Database. Compared with the state of the art, ShoVAT brings several novel and significant contributions because it encompasses automated vulnerability identification techniques, it can return highly accurate results with customized and even purposefully modified service banners, and it supports historical service vulnerability analysis without the need to deploy additional monitoring infrastructures. The experiments performed on 1501 services in 12 different institutions across different sectors revealed high accuracy of results and a total of 3922 known vulnerabilities. Copyright © 2015 John Wiley & Sons, Ltd.

show abstract

EPIC: A Testbed for Scientifically Rigorous Cyber-Physical Security Experimentation

Siaterlis

Genge

Hohenadel

2013

IEEE Trans. Emerg. Topics Comput.

View full text Add to dashboard Cite

Recent malware, like Stuxnet and Flame, constitute a major threat to networked critical infrastructures (NCIs), e.g., power plants. They revealed several vulnerabilities in today's NCIs, but most importantly they highlighted the lack of an efficient scientific approach to conduct experiments that measure the impact of cyber threats on both the physical and the cyber parts of NCIs. In this paper, we present EPIC, a novel cyber-physical testbed, and a modern scientific instrument that can provide accurate assessments of the effects that cyber-attacks may have on the cyber and physical dimensions of NCIs. To meet the complexity of today's NCIs, EPIC employs an Emulab-based testbed to recreate the cyber part of NCIs and multiple software simulators for the physical part. Its main advantage is that it can support very accurate, real-time, repeatable, and realistic experiments with heterogeneous infrastructures. We show through several case studies how EPIC can be applied to explore the impact that cyber-attacks and Information and Communications Technology system disruptions have on critical infrastructures.

show abstract

A cyber-physical experimentation environment for the security analysis of networked industrial control systems

Genge

Siaterlis

Fovino

et al. 2012

Computers & Electrical Engineering

View full text Add to dashboard Cite

Cyber-Security-Aware Network Design of Industrial Control Systems

Genge

Haller

Kiss

2017

IEEE Systems Journal

View full text Add to dashboard Cite

The pervasive adoption of traditional information and communication technologies hardware and software in industrial control systems (ICS) has given birth to a unique technological ecosystem encapsulating a variety of objects ranging from sensors and actuators to video surveillance cameras and generic PCs. Despite their invaluable advantages, these advanced ICS create new design challenges, which expose them to significant cyber threats. To address these challenges, an innovative ICS network design technique is proposed in this paper to harmonize the traditional ICS design requirements pertaining to strong architectural determinism and real-time data transfer with security recommendations outlined in the ISA-62443.03.02 standard. The proposed technique accommodates security requirements by partitioning the network into security zones and by provisioning critical communication channels, known as security conduits, between two or more security zones. The ICS network design is formulated as an integer linear programming (ILP) problem that minimizes the cost of the installation. Real-time data transfer limitations and security requirements are included as constraints imposing the selection of specific traffic paths, the selection of routing nodes, and the provisioning of security zones and conduits. The security requirements of cyber assets denoted by traffic and communication endpoints are determined by a cyber attack impact assessment technique proposed in this paper. The sensitivity of the proposed techniques to different parameters is evaluated in a first scenario involving the IEEE 14-bus model and in a second scenario involving a large network topology based on generated data. Experimental results demonstrate the efficiency and scalability of the ILP model. Index Terms-Industrial control systems (ICS), ISA-62443, network design, security conduit, security zone.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Béla Genge

On the Use of Emulab Testbeds for Scientifically Rigorous Experiments

Data clustering-based anomaly detection in industrial control systems

A system dynamics approach for assessing the impact of cyber attacks on critical infrastructures

A clustering-based approach to detect cyber attacks in process control systems

ShoVAT: Shodan‐based vulnerability assessment tool for Internet‐facing services

EPIC: A Testbed for Scientifically Rigorous Cyber-Physical Security Experimentation

A cyber-physical experimentation environment for the security analysis of networked industrial control systems

Cyber-Security-Aware Network Design of Industrial Control Systems

Contact Info

Product

Resources

About