Detection of SSH host spoofing in control systems through network telemetry analysis

Ponomarev, Stanislav; Wallace, Nathan; Atkison, Travis

doi:10.1145/2602087.2602109

Cited by 10 publications

(4 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, Carcano et al [30] proposed an IDS that monitors the network traffic based on state anomalies. Furthermore, Ponomarev et al [31] proposed hardware fingerprinting to detect SSH host spoofing, and the National Institute of Standards and Technology has proposed attack mitigation techniques based on firewalls to defend against man-in-the-middle attacks.…”

Section: Related Work and Possible Attacks On Scada Networkmentioning

confidence: 99%

A Quantum-Based Signcryption for Supervisory Control and Data Acquisition (SCADA) Networks

Ghosh

Zaman

Plourde³

et al. 2022

Symmetry

View full text Add to dashboard Cite

Supervisory Control and Data Acquisition (SCADA) systems are ubiquitous in industrial control processes, such as power grids, water supply systems, traffic control, oil and natural gas mining, space stations and nuclear plants. However, their security faces the threat of being compromised due to the increasing use of open-access networks. Furthermore, one of the research gaps involves the emergence of quantum computing, which has exposed a new type of risk to SCADA systems. Failure to secure SCADA systems can lead to catastrophic consequences. For example, a malicious attack can take control of the power supply to a city, shut down the water supply system, or cause malfunction of a nuclear reactor. The primary purpose of this paper is to identify the new type of attack based on quantum computing and design a novel security scheme to defend against traditional attacks as well as the quantum attack. The methodology of the proposed signcryption is built on the foundation of the classical Bennett and Brassard 1984 (BB84) cryptographic scheme and does not involve computationally expensive third-party validation. The proposed signcryption scheme provides both encryption and intrusion detection. In particular, it detects the man-in-the-middle attack that can lead to other types of attacks. We have simulated the proposed algorithm using the Quantum Information Toolkit in Python. Furthermore, we have validated and analyzed the proposed design through security verification tools, namely, Scyther and PRISM.

show abstract

Section: Related Work and Possible Attacks On Scada Networkmentioning

confidence: 99%

A Quantum-Based Signcryption for Supervisory Control and Data Acquisition (SCADA) Networks

Ghosh

Zaman

Plourde³

et al. 2022

Symmetry

View full text Add to dashboard Cite

show abstract

“…Louisiana Tech University,Rail Road Ave,Wyly Tower 1620,Ruston,,LA, 71272 8. PERFORMING ORGANIZATION REPORT NUMBER CRL consists of several unique facilities that include virtualization, visualization, networking, micro-aerial vehicle and sensor networks (MAVSeN), and FPGA laboratories.…”

Section: Performing Organization Name(s) and Address(es)mentioning

confidence: 99%

Cybersecurity Laboratory & Cybersecurity Research Program at the CRL

Guice¹

2014

View full text Add to dashboard Cite

“…Lack of such information reduces the ability to establish authenticity of the host transmitting the data [3]. Additionally, an attacker can perform data manipulations on the network to achieve penetration of target machines and spoof the authenticity of the transmitted packets [4].…”

Section: Introductionmentioning

confidence: 99%

“…In [8] a hardware fingerprinting method is proposed to establish data authenticity. Unlike business and residential networks, ICS networks maintain a steady packet flow, which allows the system to fingerprint different network nodes, based on the patterns of their communication.…”

Section: Introductionmentioning

confidence: 99%

Industrial Control System Network Intrusion Detection by Telemetry Analysis

Ponomarev

Atkison

2016

IEEE Trans. Dependable and Secure Comput.

Self Cite

128

View full text Add to dashboard Cite

Until recently, Industrial Control Systems (ICSs) used "air-gap" security measures, where every node of the ICS network was isolated from other networks, including the Internet, by a physical disconnect. Attaching ICS networks to the Internet benefits companies and engineers who use them. However, as these systems were designed for use in the air-gapped security environment, protocols used by ICSs contain little to no security features and are vulnerable to various attacks. This paper proposes an approach to detect the intrusions into network attached ICSs by measuring and verifying data that is transmitted through the network but is not inherently the data used by the transmission protocol -network telemetry. Using simulated PLC units, the developed IDS was able to achieve 94.3% accuracy when differentiating between machines of an attacker and engineer on the same network, and 99.5% accuracy when differentiating between attacker and engineer on the Internet. Stanislav Ponomarev is a Ph.D. candidate of engineering at Louisiana Tech University with concentration in cyber security. His research topics of interest include image enhancement, hard drive forensics, malicious application detection, network intrusion detection, and windows executable memory attacks.Travis Atkison received the B.

show abstract

Detection of SSH host spoofing in control systems through network telemetry analysis

Cited by 10 publications

References 12 publications

A Quantum-Based Signcryption for Supervisory Control and Data Acquisition (SCADA) Networks

A Quantum-Based Signcryption for Supervisory Control and Data Acquisition (SCADA) Networks

Cybersecurity Laboratory & Cybersecurity Research Program at the CRL

Industrial Control System Network Intrusion Detection by Telemetry Analysis

Contact Info

Product

Resources

About