As the world moves towards being increasingly dependent on computers and automation, building secure applications, systems and networks are some of the main challenges faced in the current decade. The number of threats that individuals and businesses face is rising exponentially due to the increasing complexity of networks and services of modern networks. To alleviate the impact of these threats, researchers have proposed numerous solutions for anomaly detection; however, current tools often fail to adapt to ever-changing architectures, associated threats and zero-day attacks. This manuscript aims to pinpoint research gaps and shortcomings of current datasets, their impact on building Network Intrusion Detection Systems (NIDS) and the growing number of sophisticated threats. To this end, this manuscript provides researchers with two key pieces of information; a survey of prominent datasets, analyzing their use and impact on the development of the past decade's Intrusion Detection Systems (IDS) and a taxonomy of network threats and associated tools to carry out these attacks. The manuscript highlights that current IDS research covers only 33.3% of our threat taxonomy. Current datasets demonstrate a clear lack of realnetwork threats, attack representation and include a large number of deprecated threats, which together limit the detection accuracy of current machine learning IDS approaches. The unique combination of the taxonomy and the analysis of the datasets provided in this manuscript aims to improve the creation of datasets and the collection of real-world data. As a result, this will improve the efficiency of the next generation IDS and reflect network threats more accurately within new datasets.
Local and global spatio-temporal entropy indices based on distance-ratios and co-occurrences distributions
When it comes to characterize the distribution of 'things' observed spatially and identified by their geometries and attributes, the Shannon entropy has been widely used in different domains such as ecology, regional sciences, epidemiology and image analysis. In particular, recent research has taken into account the spatial patterns derived from topological and metric properties in order to propose extensions to the measure of entropy. Based on two different approaches using either distance-ratios or co-occurrences of observed classes, the research developed in this paper introduces several new indices and explores their extensions to the spatio-temporal domains which are derived whilst investigating further their application as global and local indices. Using a multiplicative space-time integration approach either at a macro or micro-level, the approach leads to a series of spatio-temporal entropy indices including from combining co-occurrence and distances-ratios approaches. The framework developed is complementary to the spatio-temporal clustering problem, introducing a more spatial and spatio-temporal structuring perspective using several indices characterizing the distribution of several class instances in space and time. The whole approach is first illustrated on simulated data evolutions of three classes over seven time stamps. Preliminary results are discussed for a study of conflicting maritime activities in the Bay of Brest where the objective is to explore the spatio-temporal patterns exhibited by a categorical variable with six classes, each representing a conflict between two maritime activities.
This article presents a dataset produced to investigate how data and information quality estimations enable to detect aNomalies and malicious acts in cyber-physical systems. Data were acquired making use of a cyber-physical subsystem consisting of liquid containers for fuel or water, along with its automated control and data acquisition infrastructure. Described data consist of temporal series representing five operational scenarios – Normal, aNomalies, breakdown, sabotages, and cyber-attacks – corresponding to 15 different real situations. The dataset is publicly available in the .zip file published with the article, to investigate and compare faulty operation detection and characterization methods for cyber-physical systems.
Cyber situational awareness has been proven to be of value in forming a comprehensive understanding of threats and vulnerabilities within organisations, as the degree of exposure is governed by the prevailing levels of cyber-hygiene and established processes. A more accurate assessment of the security provision informs on the most vulnerable environments that necessitate more diligent management. The rapid proliferation in the automation of cyber-attacks is reducing the gap between information and operational technologies and the need to review the current levels of robustness against new sophisticated cyber-attacks, trends, technologies and mitigation countermeasures has become pressing. A deeper characterisation is also the basis with which to predict future vulnerabilities in turn guiding the most appropriate deployment technologies. Thus, refreshing established practices and the scope of the training to support the decision making of users and operators. The foundation of the training provision is the use of Cyber-Ranges (CRs) and Test-Beds (TBs), platforms/tools that help inculcate a deeper understanding of the evolution of an attack and the methodology to deploy the most impactful countermeasures to arrest breaches. In this paper, an evaluation of documented CRs and TBs platforms is evaluated. CRs and TBs are segmented by type, technology, threat scenarios, applications and the scope of attainable training. To enrich the analysis of documented CRs and TBs research and cap the study, a taxonomy is developed to provide a broader comprehension of the future of CRs and TBs. The taxonomy elaborates on the CRs/TBs dimensions, as well as, highlighting a diminishing differentiation between application areas.
Network Control Systems (NAC) have been used in many industrial processes. They aim to reduce the human factor burden and efficiently handle the complex process and communication of those systems. Supervisory control and data acquisition (SCADA) systems are used in industrial, infrastructure and facility processes (e.g. manufacturing, fabrication, oil and water pipelines, building ventilation, etc.) Like other Internet of Things (IoT) implementations, SCADA systems are vulnerable to cyber-attacks, therefore, a robust anomaly detection is a major requirement. However, having an accurate anomaly detection system is not an easy task, due to the difficulty to differentiate between cyber-attacks and system internal failures (e.g. hardware failures). In this paper, we present a model that detects anomaly events in a water system controlled by SCADA. Six Machine Learning techniques have been used in building and evaluating the model. The model classifies different anomaly events including hardware failures (e.g. sensor failures), sabotage and cyber-attacks (e.g. DoS and Spoofing). Unlike other detection systems, our proposed work focuses on notifying the operator when an anomaly occurs with a probability of the event occurring. This additional information helps in accelerating the mitigation process. The model is trained and tested using a real-world dataset.
Wayfinding in a natural setting is one of the many complex processes human beings face when acting in the environment. Despite recent developments and applications of wayfinding in urban environments, little research has been oriented and applied to natural environments. The research presented in this article introduces an ontological and language-based modelling of human navigation in a natural setting. The experimental approach was applied to a foot orienteering race that has the advantage of being semantically rich and combined with cartographic support, enabling the study of the importance of landmarks, actions, and the role of the underlying nature of the land and topography. Experimental results are compared to those of studies conducted in urban environments and permit the identification of similarities and differences between wayfinding descriptions made in urban contexts and those made in natural contexts. RésuméLes déplacements en milieu naturel sont des processus complexes auxquels les humains doivent faire face quand ils interagissent dans un environnement. Malgré les nouveaux développements et les nouvelles applications de navigation en milieu urbain, peu de recherches ont été menées en environnement naturel. Cet article introduit un modèle ontologique combiné à un langage de description d'itinéraires en milieu naturel. Cette démarche a été expérimentée dans un contexte de course d'orientation. Ce type d'activité a l'avantage d'être sémantiquement riche, et associé à un support cartographique. Une telle approche permet d'étudier l'importance des points de repère, des actions et des rôles respectifs de la nature du terrain et de la topographie. Les résultats expérimentaux sont comparés à des études menées en environnement urbain. Cette analyse permet de distinguer les similarités et les différences entre les descriptions d'itinéraire réalisées en milieu urbain et naturel.Mots clés : processus de navigation, environnement naturel, description d'itinéraire
The paper presents a classification of cyber attacks within the context of the state of the art in the maritime industry. A systematic categorization of vessel components has been conducted, complemented by an analysis of key services delivered within ports. The vulnerabilities of the Global Navigation Satellite System (GNSS) have been given particular consideration since it is a critical subcategory of many maritime infrastructures and, consequently, a target for cyber attacks. Recent research confirms that the dramatic proliferation of cyber crimes is fueled by increased levels of integration of new enabling technologies, such as IoT and Big Data. The trend to greater systems integration is, however, compelling, yielding significant business value by facilitating the operation of autonomous vessels, greater exploitation of smart ports, a reduction in the level of manpower and a marked improvement in fuel consumption and efficiency of services. Finally, practical challenges and future research trends have been highlighted.
The vast majority of worldwide goods exchanges are made by sea. In some parts of the world, the concurrence for dominance at sea is very high and definitely seen as a main military goal. Meanwhile, new generation ships highly rely on information systems for communication, navigation and platform management. This ever-spreading attack surface and permanent satellite links have grown a concern about the potential impact of cyberattacks on a ship at sea or on naval shore infrastructures. Therefore, on top of the usual cyberprotection measures taken for safety reasons, it is essential to implement an ongoing cyber monitoring of ships in order to detect, react accordingly, and stop any incoming threat.In this paper, we explain the specific constraints when trying to assess the cyber situation awareness of maritime information systems. As we will demonstrate, those systems combine physical and logical constraints which complexify their cyber monitoring process and architecture. Gathering valuable data while having a limited and controlled impact on the satellite bandwidth, maintaining a high level of integrity on remote systems in production are, for instance, thriving challenges for both civilian and military ships. We have designed and set up a research platform which fulfils those specifications to streamline the cyber monitoring process. We will then describe the architecture used to detect cyber-threats and collect potential Indices of Compromise from naval systems, as well as the results we have currently achieved.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
Contact Info
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Product
Resources
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.
