Advanced Persistent Threats (APTs) have been a major challenge in securing both Information Technology (IT) and Operational Technology (OT) systems. Due to their capability to navigates around defenses and to evade detection for a prolonged period of time, targeted APT attacks present an increasing concern for both cyber security and business continuity personnel. This paper explores the application of Artificial Immune System (AIS) and Recurrent Neural Networks (RNNs) variants for APT detection. It has been shown that the variants of the suggested algorithms provide not only detection capability, but can also classify malicious data traffic with respect to the type of APT attacks. CCS CONCEPTS • Computing methodologies → Artificial intelligence; Machine learning; Neural networks.
Multiclass problems, such as detecting multi-steps behaviour of advanced persistent threats (APTs), have been a major global challenge due to their capability to navigates around defenses and to evade detection for a prolonged period. Targeted APT attacks present an increasing concern for both cyber security and business continuity. Detecting the rare attack is a classification problem with data imbalance. This paper explores the applications of data resampling techniques together with heterogeneous ensemble approach for dealing with data imbalance caused by unevenly distributed data elements among classes with the focus on capturing the rare attack. It has been shown that the suggested algorithms provide not only detection capability but can also classify malicious data traffic corresponding to rare APT attacks.
The operational cyber-physical system (CPS) state, safety and resource availability is impacted by the safety and security measures in place. This paper focused on i) command injection (CI) attack that alters the system behaviour through injection of false control and configuration commands into a control system and ii) response injection (RI) attacks that modifies the response from server to client, thereby providing false information about system state. In this project, we implemented deep learning (DL) multi-layered security model approach for securing industrial control system (ICS) against malicious CI and RI attacks. We validated this approach with two case studies: i) network transactions between a Remote Terminal Unit (RTU) and a Master Control Unit (MTU) in-house SCADA gas pipeline control system and ii) a case study of command and response injection attacks. Based on this project result, we show that the proposed approach achieved a significant attacks detection capability of 96.50%. Also, demonstrated that performance of attack detection techniques applied can be influences by the nature of network transactions with respect to the domain of application. Hence, robustness and resilience of operational CPS state and performance are influenced by the safety and security measures in place which is specific to the CPS device in question. CCS CONCEPTS • Security and privacy → Distributed systems security.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.