Decepti-SCADA: A cyber deception framework for active defense of networked critical infrastructures

Cifranic, Nicholas; Hallman, Roger A.; Romero-Mariona, Jose; Souza, Brian; Calton, Trevor; Coca, Giancarlo

doi:10.1016/j.iot.2020.100320

Cited by 18 publications

(13 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Perturbation is a technique for limiting the leakage of sensitive data by inserting noise [ 20 ]. A defender can use perturbations to initiate Defensive Deception via external noises [ 19 ].…”

Section: Defensive Deceptionmentioning

confidence: 99%

“…Both insider and outsider attacks can be prevented using Deception. These days machine learning has emerged as an effective technology that provides us with a wide range of applications ranging from recognition of patterns, image identification, image, and video processing, making predictions, virus or malware detection, autonomous driving, and other application scenarios [ 8 , 9 , 10 , 11 , 12 , 13 , 14 , 15 , 16 , 17 , 18 , 19 , 20 , 21 , 22 , 23 , 24 , 25 , 26 , 27 , 28 , 29 , 30 , 31 , 32 , 33 , 34 , 35 , 36 , 37 , 38 , 39 ]. The advantages of machine learning algorithms can be extended for deploying Defensive Deception frameworks [ 40 , 41 , 42 , 43 , 44 , 45 , 46 , 47 , 48 , 49 , 50 , 51 , 52 , 53 , 54 , 55 , 56 , 57 , 58 , …”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Leveraging Computational Intelligence Techniques for Defensive Deception: A Review, Recent Advances, Open Problems and Future Directions

Mohan

Dixit

Gyaneshwar

et al. 2022

Sensors

View full text Add to dashboard Cite

With information systems worldwide being attacked daily, analogies from traditional warfare are apt, and deception tactics have historically proven effective as both a strategy and a technique for Defense. Defensive Deception includes thinking like an attacker and determining the best strategy to counter common attack strategies. Defensive Deception tactics are beneficial at introducing uncertainty for adversaries, increasing their learning costs, and, as a result, lowering the likelihood of successful attacks. In cybersecurity, honeypots and honeytokens and camouflaging and moving target defense commonly employ Defensive Deception tactics. For a variety of purposes, deceptive and anti-deceptive technologies have been created. However, there is a critical need for a broad, comprehensive and quantitative framework that can help us deploy advanced deception technologies. Computational intelligence provides an appropriate set of tools for creating advanced deception frameworks. Computational intelligence comprises two significant families of artificial intelligence technologies: deep learning and machine learning. These strategies can be used in various situations in Defensive Deception technologies. This survey focuses on Defensive Deception tactics deployed using the help of deep learning and machine learning algorithms. Prior work has yielded insights, lessons, and limitations presented in this study. It culminates with a discussion about future directions, which helps address the important gaps in present Defensive Deception research.

show abstract

Section: Defensive Deceptionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Leveraging Computational Intelligence Techniques for Defensive Deception: A Review, Recent Advances, Open Problems and Future Directions

Mohan

Dixit

Gyaneshwar

et al. 2022

Sensors

View full text Add to dashboard Cite

show abstract

“…The overall control of the operation is conducted in the control centers, which consist of computers, databases, servers, HMIs, etc. The statuses of the monitored and controlled physical processes are presented on the HMI consoles [2]. Moreover, HMIs present a graphical display of various emergency notifications, such as alerts and warnings, which allow operators to interact with the systems [7,31].…”

Section: Brief Overview Of Modern Scada Architecturementioning

confidence: 99%

“…Supervisory Control and Data Acquisition (SCADA) systems play a significant role in providing remote access, monitoring and control of critical infrastructures (CIs), which includes power systems, water distribution systems, gas plants, wastewater collection systems, etc. [1][2][3][4]. The stringent real-time requirements, growing interconnectivity, standardization of communication protocols and remote accessibility of modern SCADA systems have contributed massively to the exposure of the infrastructures to various vulnerabilities and security challenges such as sabotage, terrorism and intrusions [5][6][7][8].…”

Section: Introductionmentioning

confidence: 99%

A Review of Research Works on Supervised Learning Algorithms for SCADA Intrusion Detection and Classification

et al. 2021

View full text Add to dashboard Cite

Supervisory Control and Data Acquisition (SCADA) systems play a significant role in providing remote access, monitoring and control of critical infrastructures (CIs) which includes electrical power systems, water distribution systems, nuclear power plants, etc. The growing interconnectivity, standardization of communication protocols and remote accessibility of modern SCADA systems have contributed massively to the exposure of SCADA systems and CIs to various forms of security challenges. Any form of intrusive action on the SCADA modules and communication networks can create devastating consequences on nations due to their strategic importance to CIs’ operations. Therefore, the prompt and efficient detection and classification of SCADA systems intrusions hold great importance for national CIs operational stability. Due to their well-recognized and documented efficiencies, several literature works have proposed numerous supervised learning techniques for SCADA intrusion detection and classification (IDC). This paper presents a critical review of recent studies whereby supervised learning techniques were modelled for SCADA intrusion solutions. The paper aims to contribute to the state-of-the-art, recognize critical open issues and offer ideas for future studies. The intention is to provide a research-based resource for researchers working on industrial control systems security. The analysis and comparison of different supervised learning techniques for SCADA IDC systems were critically reviewed, in terms of the methodologies, datasets and testbeds used, feature engineering and optimization mechanisms and classification procedures. Finally, we briefly summarized some suggestions and recommendations for future research works.

show abstract

“…Although being effective in some settings, existing defense approaches against PLC-oriented attacks have the following key limitations. Firstly, defending approaches adopted by intrusion detection systems (IDSs) [9][10][11] , deception defense [12][13][14] and attestation [15][16][17][18][19] take effect after attacks happened, mainly detecting them but not blocking them, while blocking technologies such as industrial firewalls alone are not able to effectively block growing sophisticated attacks [20][21][22] . Secondly, most existing approaches are designed based on the characteristics of one or several specific kinds of known attacks, such as [9,13,15].…”

Section: Introductionmentioning

confidence: 99%

HRPDF: A Software-Based Heterogeneous Redundant Proactive Defense Framework for Programmable Logic Controller

Liu¹,

Wang

Wei³

et al. 2021

J. Comput. Sci. Technol.

View full text Add to dashboard Cite

Programmable logic controllers (PLCs) play a critical role in many industrial control systems, yet face increasingly serious cyber threats. In this paper, we propose a novel PLC-compatible software-based defense mechanism, called Heterogeneous Redundant Proactive Defense Framework (HRPDF). We propose a heterogeneous PLC architecture in HRPDF, including multiple heterogeneous, equivalent, and synchronous runtimes, which can thwart multiple types of attacks against PLC without the need of external devices. To ensure the availability of PLC, we also design an inter-process communication algorithm that minimizes the overhead of HRPDF. We implement a prototype system of HRPDF and test it in a real-world PLC and an OpenPLC-based device, respectively. The results show that HRPDF can defend against multiple types of attacks with 10.22% additional CPU and 5.56% additional memory overhead, and about 0.6 ms additional time overhead.

show abstract

Decepti-SCADA: A cyber deception framework for active defense of networked critical infrastructures

Cited by 18 publications

References 14 publications

Leveraging Computational Intelligence Techniques for Defensive Deception: A Review, Recent Advances, Open Problems and Future Directions

Leveraging Computational Intelligence Techniques for Defensive Deception: A Review, Recent Advances, Open Problems and Future Directions

A Review of Research Works on Supervised Learning Algorithms for SCADA Intrusion Detection and Classification

HRPDF: A Software-Based Heterogeneous Redundant Proactive Defense Framework for Programmable Logic Controller

Contact Info

Product

Resources

About