Nowadays, several threats endanger cyber-physical systems. Among these systems, industrial control systems (ICS) operating on critical infrastructures have been proven to be an attractive target for attackers. The case of Stuxnet has not only showed that ICSs are vulnerable to cyber-attacks, but also that some of these attacks rely on understanding the processes beyond the employed systems and using such knowledge to maximize the damage. This concept is commonly known as "semantic attack". Our paper discusses a specific type of semantic attack involving "sequences of events". Common network intrusion detection systems (NIDS) generally search for single, unusual or "not permitted" operations. In our case, rather than a malicious event, we show how a specific series of "permitted" operations can elude standard intrusion detection systems and still damage an infrastructure. Moreover, we present a possible approach to the development of a sequence-aware intrusion detection system (S-IDS). We propose a S-IDS reference architecture and we discuss all the steps through its implementations. Finally, we test the S-IDS on real ICS traffic samples captured from a water treatment and purification facility.
Background Genome-wide DNA methylation profiling has recently been developed into a tool that allows tumor classification in central nervous system tumors. Extracellular vesicles (EVs) are released by tumor cells and contain high molecular weight DNA, rendering EVs a potential biomarker source to identify tumor subgroups, stratify patients and monitor therapy by liquid biopsy. We investigated whether the DNA in glioblastoma cell-derived EVs reflects genome-wide tumor methylation and mutational profiles and allows non-invasive tumor subtype classification. Methods DNA was isolated from EVs secreted by glioblastoma cells as well as from matching cultured cells and tumors. EV-DNA was localized and quantified by direct stochastic optical reconstruction microscopy. Methylation and copy number profiling was performed using 850k arrays. Mutations were identified by targeted gene panel sequencing. Proteins were differentially quantified by mass spectrometric proteomics. Results Genome-wide methylation profiling of glioblastoma-derived EVs correctly identified the methylation class of the parental cells and original tumors, including the MGMT promoter methylation status. Tumor-specific mutations and copy number variations (CNV) were detected in EV-DNA with high accuracy. Different EV isolation techniques did not affect the methylation profiling and CNV results. DNA was present inside EVs and on the EV surface. Proteome analysis did not allow specific tumor identification or classification but identified tumor-associated proteins that could potentially be useful for enriching tumor-derived circulating EVs from biofluids. Conclusions This study provides proof of principle that EV-DNA reflects the genome-wide methylation, CNV and mutational status of glioblastoma cells and enables their molecular classification.
This paper discusses the measurement of globalization with a view to advancing the construction of globalization indices. It critically analyzes the types of indices that can contribute to knowledge and policy on globalization. Three issues are particularly highlighted: (a) the focus of measurement (i.e. on activities or policies); (b) the dimensions of measurement (i.e. cultural, ecological, economic, political, and/or social); and (c) the units of measurement (i.e. local, national, regional, and/or global). This paper argues that a workable forward strategy should not seek to identify the single best composite globalization index, but rather should work in an interdisciplinary mode towards a set of complementary globalization indices. These quantitative analyses can then be productively blended with qualitative approaches in a fuller assessment of globalization's extent and impact.
Compared with standard information technology systems, industrial control systems show more consistent and regular communications patterns. This characteristic contributes to the stability of controlled processes in critical infrastructures such as power plants, electric grids and water treatment facilities. However, Stuxnet has demonstrated that skilled attackers can strike critical infrastructures by leveraging knowledge about these processes. Sequence attacks subvert infrastructure operations by sending misplaced industrial control system messages. This chapter discusses four main sequence attack scenarios against industrial control systems. Real Modbus, Manufacturing Message Specification and IEC 60870-5-104 traffic samples were used to test sequencing and modeling techniques for describing industrial control system communications. The models were then evaluated to verify the feasibility of identifying sequence attacks. The results create the foundation for developing "sequence-aware" intrusion detection systems.Keywords: Industrial control systems, sequence attacks, intrusion detection IntroductionCritical infrastructure assets such as power plants, electric grids and water treatment facilities have used control systems for many decades; however, until the turn of the century, they were primarily standalone systems. The Internet and network convergence have brought about many changes to critical infrastructure assets, the most important being their transformation from standalone systems to highly interconnected systems. This transformation has introduced advantages and disadvantages. On one hand, it facilitates the remote monitoring and management of industrial processes. On the other hand, traditional information technology attacks can be launched from afar, includ-50 CRITICAL INFRASTRUCTURE PROTECTION IX ing over the Internet, to compromise industrial control systems and the critical infrastructure assets they manage. This is the case of denial-of-service and distributed denial-of-service attacks. These attacks can target a specific device in an industrial control network and flood it with a massive number of packets until it is no longer able to operate normally. This can reduce or eliminate operator situational awareness and eventually impact the coordination and control of infrastructure assets, potentially affecting the larger infrastructure and connected infrastructures, leading to serious consequences to industry, government and society.Another example involves semantic attacks. Unlike standard cyber attacks, semantic attacks exploit knowledge of specific control systems and physical processes to maximize damage. Stuxnet [4,16] is probably the most wellknown attack of this type. Meanwhile, numerous reports from the U.S. ICS-CERT have described exploits on industrial devices, such as programmable logic controllers and SCADA servers, that are triggered by carefully-crafted messages (see, e.g., [9]). Sequence attacks are a type of semantic attack. Instead of using modified message headers or pa...
The paper presents some results from a multi-year research project on immigrant associations in the province of Milan, Italy. The analysis yields numerous issues for reflection and recurrent features of particular significance. The first is the fact that for all the associations surveyed, their main goal and the essential reason for their existence was the desire to integrate their community of membership into the host society. However, such integration did not consist in a desire to be assimilated into Italian society. Quite the opposite: the majority of the associations studied were wholly committed to maintaining -and sometimes rediscovering -the identity and culture of their reference community. The second main feature is that immigrant associations are crucial nodes in a dense network of relations involving numerous actors of very different kinds: the immigrants themselves, other immigrant associations, third-sector organizations, and the local authorities. The third and final important issue concerns the representativeness of immigrant associations: whether, that is, they can be considered the legitimate representatives of the community of membership.
Specification-based intrusion detection (SB-ID) is a suitable approach to monitor Building Automation Systems (BASs) because the correct and non-compromised functioning of the system is well understood. Its main drawback is that the creation of specifications often require human intervention. We present the first fully automated approach to deploy SB-ID at network level. We do so in the domain of BASs, specifically, the BACnet protocol (ISO 16484-5). In this protocol, properly certified devices are demanded to have technical documentation stating their capabilities. We leverage on those documents to create specifications that represent the expected behavior of each device in the network. Automated specification extraction is crucial to effectively apply SB-ID in volatile environments such as BACnet networks, where new devices are often added, removed, or replaced. In our experiments, the proposed algorithm creates specifications with both precision and recall above 99.5%. Finally, we evaluate the capabilities of our detection approach using two months (80GB) of BACnet traffic from a real BAS. Additionally, we use synthetic traffic to demonstrate attack detection in a controlled environment. We show that our approach not only contributes to the practical feasibility of SB-ID in BASs, but also detects stealthy and dangerous attacks.
As Industrial Control Systems (ICS) and standard IT networks are becoming one heterogeneous entity, there has been an increasing effort in adjusting common security tools and methodologies to fit the industrial environment. Fingerprinting of industrial devices is still an unexplored research field. In this paper we provide an overview of standard device fingerprinting techniques and an assessment on the application feasibility in ICS infrastructures. We identify challenges that fingerprinting has to face and mechanisms to be used to obtain reliable results. Finally, we provide guidelines for implementing reliable ICS fingerprinters.
The very raison d'être of cyber threat intelligence (CTI) is to provide meaningful knowledge about cyber security threats. The exchange and collaborative generation of CTI by the means of sharing platforms has proven to be an important aspect of practical application. It is evident to infer that inaccurate, incomplete, or outdated threat intelligence is a major problem as only high-quality CTI can be helpful to detect and defend against cyber attacks. Additionally, while the amount of available CTI is increasing it is not warranted that quality remains unaffected. In conjunction with the increasing number of available CTI, it is thus in the best interest of every stakeholder to be aware of the quality of a CTI artifact. This allows for informed decisions and permits detailed analyses. Our work makes a twofold contribution to the challenge of assessing threat intelligence quality. We first propose a series of relevant quality dimensions and configure metrics to assess the respective dimensions in the context of CTI. In a second step, we showcase the extension of an existing CTI analysis tool to make the quality assessment transparent to security analysts. Furthermore, analysts' subjective perceptions are, where necessary, included in the quality assessment concept.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.