Supervisory Control and Data Acquisition (SCADA) systems play an important role in monitoring industrial processes such as electric power distribution, transport systems, water distribution, and wastewater collection systems. Such systems require a particular attention with regards to security aspects, as they deal with critical infrastructures that are crucial to organizations and countries. Protecting SCADA systems from intrusion is a very challenging task because they do not only inherit traditional IT security threats but they also include additional vulnerabilities related to field components (e.g., cyber-physical attacks). Many of the existing intrusion detection techniques rely on supervised learning that consists of algorithms that are first trained with reference inputs to learn specific information, and then tested on unseen inputs for classification purposes. This article surveys supervised learning from a specific security angle, namely SCADA-based intrusion detection. Based on a systematic review process, existing literature is categorized and evaluated according to SCADA-specific requirements. Additionally, this survey reports on well-known SCADA datasets and testbeds used with machine learning methods. Finally, we present key challenges and our recommendations for using specific supervised methods for SCADA systems.
Decentralized finance (DeFi) has exploded in popularity with a billion-dollar market cap. While uncollateralized lending, known as a flash loan, emerged from DeFi, it has become a primary tool used by attackers to drain investment tokens from DeFi networks. The existing countermeasures seem practical, but no comprehensive quantitative analysis framework was available to test them. This paper proposes the Flash loan Attack Analysis (FAA) framework, which aids security practitioners in understanding the DeFi system’s effects on preventative methods when various factors change. The quantitative predictions can help security professionals in identifying hidden dangers and more efficiently adopting countermeasure strategies. The simulation predicts that the existing strategy, fair reserves, can fully protect the platform in a typical market environment; however, in a highly volatile market where the token price drops by 60% in a single hour, it will be broken, causing more than $8 million in damage.
Smart contracts refer to small programs that run in a decentralized blockchain infrastructure. The blockchain system is trustless, and the determination of common variables is done by consensus between peers. Developing applications that require generating random variables becomes significantly challenging—for instance, lotteries, games, and random assignments. Many random number generators (RNGs) for smart contracts have been developed for the decentralized environment. The methods can be classified into three categories: on-chain RNG, Verifiable Random Function (VRF), and the Commit–reveal scheme. Although the existing methods offer different strengths and weaknesses, none achieves the three important requirements for an ideal RNG solution: security, applicability, and cost efficiency. This paper proposes a novel RNG approach called Native VRF, which offers application development simplicity and cost efficiency while maintaining strong RNG security properties. Experimental results show that Native VRF has the same security properties as the widely used RNG methods, i.e., Randao and Chainlink VRF. On top of that, our work offers a much simpler setup process and lower hardware resources and developer expertise requirements. Most importantly, the proposed Native VRF is compatible with all Ethereum virtual machine (EVM) blockchains, contributing to the overall growth of the blockchain ecosystem.
Recent advances in deep neural networks (DNNs) have significantly enhanced the capabilities of optical character recognition (OCR) technology, enabling its adoption to a wide range of real-world applications. Despite this success, DNNbased OCR is shown to be vulnerable to adversarial attacks, in which the adversary can influence the DNN model's prediction by carefully manipulating input to the model. Prior work has demonstrated the security impacts of adversarial attacks on various OCR languages. However, to date, no studies have been conducted and evaluated on an OCR system tailored specifically for the Thai language. To bridge this gap, this work presents a feasibility study of performing adversarial attacks on a specific Thai OCR application -Thai License Plate Recognition (LPR). Moreover, we propose a new type of adversarial attack based on the semi-targeted scenario and show that this scenario is highly realistic in LPR applications. Our experimental results show the feasibility of our attacks as they can be performed on a commodity computer desktop with over 90% attack success rate.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.