Diderot

Radoglou-Grammatikis, Panagiotis; Sarigiannidis, Panagiotis; Efstathopoulos, George; Karypidis, Paris-Alexandros; Sarigiannidis, Antonios

doi:10.1145/3407023.3409314

Cited by 34 publications

(14 citation statements)

References 35 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Furthermore, two DNNs were also adopted and evaluated. The first one is called DIDEROT Autoencoder and originates from our previous work in [41]. The second one was developed during this work.…”

Section: Bdac Comparative Methodsmentioning

confidence: 99%

“…The aforementioned cyberattacks are implemented by Smod, a widely known pen-testing tool related to Modbus [39,40]. The Modbus Network Flow-Based Anomaly Detection Model adopts the DIDEROT Autoencoder [41], identifying anomalous Modbus/TCP network flows. The DIDEROT autoencoder is analysed in our previous work in [41].…”

Section: Big Data Analysis Enginementioning

confidence: 99%

“…The Modbus Network Flow-Based Anomaly Detection Model adopts the DIDEROT Autoencoder [41], identifying anomalous Modbus/TCP network flows. The DIDEROT autoencoder is analysed in our previous work in [41]. Finally, the last model focuses on the payload of the Modbus/TCP packets, recognising Modbus/TCP anomalous packets based on the Isolation Forest method [42].…”

Section: Big Data Analysis Enginementioning

confidence: 99%

“…Both models were trained, utilising normal DNP3 network flow statistics coming from a real substation environment as well as from the DNP3 intrusion detection dataset of N.Rodofile et al [46]. The evaluation analysis of these DNP3 intrusion/anomaly detection models is presented in our previous work in [41]. The IEC 60870-5-104 Network Flow-Based Anomaly Detection Model adopts the Isolation Forest method [42], detecting anomalous IEC 60870-5-104 network flows.…”

Section: Dnp3 Intrusionmentioning

confidence: 99%

See 3 more Smart Citations

SPEAR SIEM: A Security Information and Event Management system for the Smart Grid

et al. 2021

Self Cite

View full text Add to dashboard Cite

The technological leap of smart technologies has brought the conventional electrical grid in a new digital era called Smart Grid (SG), providing multiple benefits, such as two-way communication, pervasive control and self-healing. However, this new reality generates significant cybersecurity risks due to the heterogeneous and insecure nature of SG. In particular, SG relies on legacy communication protocols that have not been implemented having cybersecurity in mind. Moreover, the advent of the Internet of Things (IoT) creates severe cybersecurity challenges. The Security Information and Event Management (SIEM) systems constitute an emerging technology in the cybersecurity area, having the capability to detect, normalise and correlate a vast amount of security events. They can orchestrate the entire security of a smart ecosystem, such as SG. Nevertheless, the current SIEM systems do not take into account the unique SG peculiarities and characteristics like the legacy communication protocols. In this paper, we present the Secure and PrivatE smArt gRid (SPEAR) SIEM, which focuses on SG. The main contribution of our work is the design and implementation of a SIEM system capable of detecting, normalising and correlating cyberattacks and anomalies against a plethora of SG application-layer protocols. It is noteworthy that the detection performance of the SPEAR SIEM is demonstrated with real data originating from four real SG use case (a) hydropower plant, (b) substation, (c) power plant and (d) smart home.

show abstract

Section: Bdac Comparative Methodsmentioning

confidence: 99%

Section: Big Data Analysis Enginementioning

confidence: 99%

Section: Big Data Analysis Enginementioning

confidence: 99%

Section: Dnp3 Intrusionmentioning

confidence: 99%

See 2 more Smart Citations

SPEAR SIEM: A Security Information and Event Management system for the Smart Grid

et al. 2021

Self Cite

View full text Add to dashboard Cite

show abstract

“…Attacks against the industrial sector, as indicated from past incidents, can have severe consequences. Such incidents include the December 2015 cyberattack against Ukraine's power grid, which resulted in complete electricity disruption for 225,000 people [12,13]. In addition, as Stuxnet, the first known cyber warfare weapon [14,15], indicated, nuclear power plants have also been targeted by cyberattacks, thus emphasizing the urgent need for adequate security measures in such critical domains.…”

Section: Introductionmentioning

confidence: 99%

IDS for Industrial Applications: A Federated Learning Approach with Active Personalization

Kelli

Argyriou

Λάγκας

et al. 2021

Sensors

Self Cite

View full text Add to dashboard Cite

Internet of Things (IoT) is a concept adopted in nearly every aspect of human life, leading to an explosive utilization of intelligent devices. Notably, such solutions are especially integrated in the industrial sector, to allow the remote monitoring and control of critical infrastructure. Such global integration of IoT solutions has led to an expanded attack surface against IoT-enabled infrastructures. Artificial intelligence and machine learning have demonstrated their ability to resolve issues that would have been impossible or difficult to address otherwise; thus, such solutions are closely associated with securing IoT. Classical collaborative and distributed machine learning approaches are known to compromise sensitive information. In our paper, we demonstrate the creation of a network flow-based Intrusion Detection System (IDS) aiming to protecting critical infrastructures, stemming from the pairing of two machine learning techniques, namely, federated learning and active learning. The former is utilized for privately training models in federation, while the latter is a semi-supervised approach applied for global model adaptation to each of the participant’s traffic. Experimental results indicate that global models perform significantly better for each participant, when locally personalized with just a few active learning queries. Specifically, we demonstrate how the accuracy increase can reach 7.07% in only 10 queries.

show abstract