Pub Date : 2018-08-01DOI: 10.1109/RWEEK.2018.8473542
H. Neema, Bradley Potteiger, X. Koutsoukos, Cheeyee Tang, K. Stouffer
In the past couple of years, railway infrastructure has been growing more connected, resembling more of a traditional Cyber-Physical System [1] model. Due to the tightly coupled nature between the cyber and physical domains, new attack vectors are emerging that create an avenue for remote hijacking of system components not designed to withstand such attacks. As such, best practice cybersecurity techniques need to be put in place to ensure the safety and resiliency of future railway designs, as well as infrastructure already in the field. However, traditional large-scale experimental evaluation that involves evaluating a large set of variables by running a design of experiments (DOE) may not always be practical and might not provide conclusive results [2]. In addition, to achieve scalable experimentation, the modeling abstractions, simulation configurations, and experiment scenarios must be designed according to the analysis goals of the evaluations. Thus, it is useful to target a set of key operational metrics for evaluation and configure and extend the traditional DOE methods using these metrics. In this work, we present a metricsdriven evaluation approach for evaluating the security and resilience of railway critical infrastructure using a distributed simulation framework. A case study with experiment results is provided that demonstrates the capabilities of our testbed.
{"title":"Metrics-Driven Evaluation of Cybersecurity for Critical Railway Infrastructure","authors":"H. Neema, Bradley Potteiger, X. Koutsoukos, Cheeyee Tang, K. Stouffer","doi":"10.1109/RWEEK.2018.8473542","DOIUrl":"https://doi.org/10.1109/RWEEK.2018.8473542","url":null,"abstract":"In the past couple of years, railway infrastructure has been growing more connected, resembling more of a traditional Cyber-Physical System [1] model. Due to the tightly coupled nature between the cyber and physical domains, new attack vectors are emerging that create an avenue for remote hijacking of system components not designed to withstand such attacks. As such, best practice cybersecurity techniques need to be put in place to ensure the safety and resiliency of future railway designs, as well as infrastructure already in the field. However, traditional large-scale experimental evaluation that involves evaluating a large set of variables by running a design of experiments (DOE) may not always be practical and might not provide conclusive results [2]. In addition, to achieve scalable experimentation, the modeling abstractions, simulation configurations, and experiment scenarios must be designed according to the analysis goals of the evaluations. Thus, it is useful to target a set of key operational metrics for evaluation and configure and extend the traditional DOE methods using these metrics. In this work, we present a metricsdriven evaluation approach for evaluating the security and resilience of railway critical infrastructure using a distributed simulation framework. A case study with experiment results is provided that demonstrates the capabilities of our testbed.","PeriodicalId":206638,"journal":{"name":"2018 Resilience Week (RWS)","volume":"34 2","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134093835","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-08-01DOI: 10.1109/RWEEK.2018.8473500
B. Vaagensmith, T. McJunkin, Kurt Vedros, J. S. Reeves, Jason Wayment, Liam Boire, C. Rieger, J. Case
The resilience of a system is often disconnected from its reliability. For many types of systems the sacrifice of nonessential processes may be acceptable for maintaining a resilient set of core operations. For the electric grid, however, this often translates to load shedding. Combining Idaho National Laboratory’s probabilistic risk assessment tool SAPHIRE and adaptive capacity measurement software PowDDER can provide insights for improving the electric grids ability to absorb disturbances. A quick survey of major power outages revealed that high wind related storms causing toppled power lines and failed transformers were most commonly associated with major power outages. These findings validated SAPHIRE’s output of most critical components for the IEEE 14 bus model during a windstorm scenario. SAPHIRE provided the probabilities of critical equipment being unavailable, providing insight into the likelihood a particular threat scenario would play out. An analysis of PowDDER revealed sensitivities within the system’s overall resilience could be improved by reducing the reliability of Load 10 (via load shedding). Combining information from both PowDDER and SAPHIRE enables one to consider preemptive strategies that would improve system resilience and system wide reliability simultaneously.
{"title":"An Integrated Approach to Improving Power Grid Reliability: Merging of Probabilistic Risk Assessment with Resilience Metrics","authors":"B. Vaagensmith, T. McJunkin, Kurt Vedros, J. S. Reeves, Jason Wayment, Liam Boire, C. Rieger, J. Case","doi":"10.1109/RWEEK.2018.8473500","DOIUrl":"https://doi.org/10.1109/RWEEK.2018.8473500","url":null,"abstract":"The resilience of a system is often disconnected from its reliability. For many types of systems the sacrifice of nonessential processes may be acceptable for maintaining a resilient set of core operations. For the electric grid, however, this often translates to load shedding. Combining Idaho National Laboratory’s probabilistic risk assessment tool SAPHIRE and adaptive capacity measurement software PowDDER can provide insights for improving the electric grids ability to absorb disturbances. A quick survey of major power outages revealed that high wind related storms causing toppled power lines and failed transformers were most commonly associated with major power outages. These findings validated SAPHIRE’s output of most critical components for the IEEE 14 bus model during a windstorm scenario. SAPHIRE provided the probabilities of critical equipment being unavailable, providing insight into the likelihood a particular threat scenario would play out. An analysis of PowDDER revealed sensitivities within the system’s overall resilience could be improved by reducing the reliability of Load 10 (via load shedding). Combining information from both PowDDER and SAPHIRE enables one to consider preemptive strategies that would improve system resilience and system wide reliability simultaneously.","PeriodicalId":206638,"journal":{"name":"2018 Resilience Week (RWS)","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123821308","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-08-01DOI: 10.1109/RWEEK.2018.8473556
L. D. L. Rosa, Sean Kilgallon, T. Vanderbruggen, John Cavazos
Bad actors have embraced automation to construct malware, and current analysis systems cannot keep up with the ever-increasing load of malware being created daily. Additionally, some static analysis of malware can be computationally expensive, and not all static analysis should be considered for every sample that is part of a large malware dataset. As a result, highly expressive and inexpensive characterizations of malicious code, coupled with low resource machine learning classification platforms are required. In this paper, we use deep learning to build a meta-model that finds the simplest classifiers to characterize and assign malware into their corresponding families. Using static analysis of malware, we generate descriptive features to be used in conjunction with deep learning, in order to predict malware families. Our meta-model can determine when simple and less expensive malware characterization will suffice to accurately classify malicious executables, or when more computationally expensive descriptions are required. Finally, our meta-model is able to predict the simplest features and models to classify malware with an accuracy of up to 90%.
{"title":"Efficient Characterization and Classification of Malware Using Deep Learning","authors":"L. D. L. Rosa, Sean Kilgallon, T. Vanderbruggen, John Cavazos","doi":"10.1109/RWEEK.2018.8473556","DOIUrl":"https://doi.org/10.1109/RWEEK.2018.8473556","url":null,"abstract":"Bad actors have embraced automation to construct malware, and current analysis systems cannot keep up with the ever-increasing load of malware being created daily. Additionally, some static analysis of malware can be computationally expensive, and not all static analysis should be considered for every sample that is part of a large malware dataset. As a result, highly expressive and inexpensive characterizations of malicious code, coupled with low resource machine learning classification platforms are required. In this paper, we use deep learning to build a meta-model that finds the simplest classifiers to characterize and assign malware into their corresponding families. Using static analysis of malware, we generate descriptive features to be used in conjunction with deep learning, in order to predict malware families. Our meta-model can determine when simple and less expensive malware characterization will suffice to accurately classify malicious executables, or when more computationally expensive descriptions are required. Finally, our meta-model is able to predict the simplest features and models to classify malware with an accuracy of up to 90%.","PeriodicalId":206638,"journal":{"name":"2018 Resilience Week (RWS)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114300517","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-08-01DOI: 10.1109/RWEEK.2018.8473506
S. Gourisetti, Jacob Hansen, William Hofer, David O. Manz, K. Kalsi, J. Fuller, S. Niddodi, Holger Kley, C. Clarke, Keunmo Kang, Hayden Reeve, M. Chiodo, Jesse Bishopric
Existing approaches coordinating distributed energy resources (DERs) for grid services do not adequately evaluate the performance of such DER integration. Most studies are based on a single type of DER used for a single type of service, rather than the real-world requirements of coordinating a heterogeneous mix of DERs to provide multiple different grid services at different time-scales. Facilities also often face cybersecurity and interoperability challenges to experimenting and testing methodologies in this area. To overcome all of these challenges, Pacific Northwest National Laboratory, United Technologies Research Center, Southern California Edison, and Spirae coordinated to develop a federation between their organizations. This federation implements a cybersecure connection that facilitates near real-time communication between the four different physical sites. This not only enables control of DERs at different physical locations but also lets the software and hardware objects perform control experiments in a cybersecure environment at different time-scales. The hardware systems can consist of microgrids, building management systems, and emulated power systems objects. This paper provides a detailed overview of the federation setup and describes what this federation can be used for.
{"title":"A Cyber Secure Communication Architecture for Multi-Site Hardware_in_the_Loop Co_Simulation of DER Control","authors":"S. Gourisetti, Jacob Hansen, William Hofer, David O. Manz, K. Kalsi, J. Fuller, S. Niddodi, Holger Kley, C. Clarke, Keunmo Kang, Hayden Reeve, M. Chiodo, Jesse Bishopric","doi":"10.1109/RWEEK.2018.8473506","DOIUrl":"https://doi.org/10.1109/RWEEK.2018.8473506","url":null,"abstract":"Existing approaches coordinating distributed energy resources (DERs) for grid services do not adequately evaluate the performance of such DER integration. Most studies are based on a single type of DER used for a single type of service, rather than the real-world requirements of coordinating a heterogeneous mix of DERs to provide multiple different grid services at different time-scales. Facilities also often face cybersecurity and interoperability challenges to experimenting and testing methodologies in this area. To overcome all of these challenges, Pacific Northwest National Laboratory, United Technologies Research Center, Southern California Edison, and Spirae coordinated to develop a federation between their organizations. This federation implements a cybersecure connection that facilitates near real-time communication between the four different physical sites. This not only enables control of DERs at different physical locations but also lets the software and hardware objects perform control experiments in a cybersecure environment at different time-scales. The hardware systems can consist of microgrids, building management systems, and emulated power systems objects. This paper provides a detailed overview of the federation setup and describes what this federation can be used for.","PeriodicalId":206638,"journal":{"name":"2018 Resilience Week (RWS)","volume":"2014 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121363084","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-08-01DOI: 10.1109/RWEEK.2018.8473522
Daniel J Sullivan, E. Colbert, Jennifer Cowley
Cyber-physical systems are an integral component of weapons, sensors, and autonomous vehicles, as well as cyber assets directly supporting tactical forces. Mission resilience of tactical networks affects command and control, which is important for successful military operations. Traditional engineering methods for mission assurance will not scale during battlefield operations. Commanders need useful mission resilience metrics to help them evaluate the ability of cyber assets to recover from incidents to fulfill mission essential functions. We develop 6 cyber resilience metrics for tactical network architectures. We also illuminate how psychometric modeling is necessary for future research to identify resilience metrics that are both applicable to the dynamic mission state and meaningful to commanders and planners.
{"title":"Mission Resilience for Future Army Tactical Networks","authors":"Daniel J Sullivan, E. Colbert, Jennifer Cowley","doi":"10.1109/RWEEK.2018.8473522","DOIUrl":"https://doi.org/10.1109/RWEEK.2018.8473522","url":null,"abstract":"Cyber-physical systems are an integral component of weapons, sensors, and autonomous vehicles, as well as cyber assets directly supporting tactical forces. Mission resilience of tactical networks affects command and control, which is important for successful military operations. Traditional engineering methods for mission assurance will not scale during battlefield operations. Commanders need useful mission resilience metrics to help them evaluate the ability of cyber assets to recover from incidents to fulfill mission essential functions. We develop 6 cyber resilience metrics for tactical network architectures. We also illuminate how psychometric modeling is necessary for future research to identify resilience metrics that are both applicable to the dynamic mission state and meaningful to commanders and planners.","PeriodicalId":206638,"journal":{"name":"2018 Resilience Week (RWS)","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125471272","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: