Browsing by Author "Rosa, Luis"
Now showing 1 - 2 of 2
Results Per Page
Sort Options
- Evolving the Security Paradigm for Industrial IoT EnvironmentsPublication . Rosa, Luis; Freitas, Miguel Borges de; Henriques, João; Quitério, Pedro; Caldeira, Filipe; Cruz, Tiago; Simões, PauloIn recent years, IACS (Industrial Automation and Control Systems) have become more complex, due to the increasing number of interconnected devices. This IoT (internet of things)-centric IACS paradigm, which is at the core of the Industry 4.0 concept, expands the infrastructure boundaries beyond the aggregated-plant, mono-operator vision, being dispersed over a large geographic area. From a cybersecurity-centric perspective, the distributed nature of modern IACS makes it difficult not only to understand the nature of incidents but also to assess their progression and threat profile. Defending against those threats is becoming increasingly difficult, requiring orchestrated and collaborative distributed detection, evaluation, and reaction capabilities beyond the scope of a single entity. This chapter presents the Intrusion and Anomaly Detection System platform architecture that was designed and developed within the scope of the ATENA H2020 project, to address the specific needs of distributed IACS while providing (near) real-time cybersecurity awareness.
- Intrusion and anomaly detection for the next-generation of industrial automation and control systemsPublication . Rosa, Luis; Cruz, Tiago; Freitas, Miguel Borges de; Quitério, Pedro; Henriques, João; Caldeira, Filipe; Monteiro, Edmundo; Simões, PauloThe next-generation of Industrial Automation and Control Systems (IACS) and Supervisory Control and Data Acquisition (SCADA) systems pose numerous challenges in terms of cybersecurity monitoring. We have been witnessing the convergence of OT/IT networks, combined with massively distributed metering and control scenarios such as smart grids. Larger and geographically widespread attack surfaces, and inherently more data to analyse, will become the norm. Despite several advances in recent years, domain-specific security tools have been facing the challenges of trying to catch up with all the existing security flaws from the past, while also accounting for the specific needs of the next-generation of IACS. Moreover, the aggregation of multiple techniques and sources of information into a comprehensive approach has not been explored in depth. Such a holistic perspective is paramount since it enables a global and enhanced analysis enabled by the usage, combination and aggregation of the outputs from multiple sources and techniques. This paper starts by providing a review of the more recent anomaly detection techniques for SCADA systems, focused on both theoretical machine learning approaches and complete frameworks. Afterwards, it proposes a complete framework for an Intrusion and Anomaly Detection System (IADS) composed of specific detection probes, an event processing layer and a core anomaly detection component, amongst others. Finally, the paper presents an evaluation of the framework within a large-scale hybrid testbed, and a comparison of different anomaly detection scenarios based on various machine learning techniques.