Asuka Terai, T. Chiba, Hideyuki Shintani, Shoya Kojima, Shingo Abe, I. Koshijima
Because of their automated processing capabilities, industrial control systems (ICSs) currently play a crucial role in plant operations. It was not long before ICS had been completely insulated from the Internet. However, because of the improved reliability of ICS devices and systems, we could find only a few plants that did not use ICS in conjunction with the Internet. As a result, the extended accessibility of almost every ICS component makes such systems vulnerable to cyber-attacks. Because of this, intrusion detection systems, which monitor ICS network traffic and detect suspicious activities within the components themselves, are extremely important. Previous studies argued that packet intervals could ideally be regarded as indicators of the hazardous status of ICSs against hacking activities, and proposed intrusion detection methodologies relying solely on packet intervals. However, these methodologies with supervised machine-learning have inevitably been compromised by cyber-attacks whose characteristics are different than those of the training dataset. We hypothesize that packet intervals in an ICS network used for automated industrial processes, which are forced to produce a certain type of periodicity, reflect a particular type of packet interval patterns. In other words, certain anomalous behaviors never fail to interfere with this pattern. This paper proposes an intrusion detection method using a singular spectrum analysis to monitor time series packets. We evaluated our proposed method on our cybersecurity testbed using penetration tests. The results verified the validity of our system realized in the packet interval periodicity. Furthermore, we examined the optimum parameter set for the singular spectrum analysis in the proposed method. From this experiment, we successfully designated criteria for the parameter-set based on the period of the packet intervals during normal operations. The proposed method successfully detected all three types of attacks within 4 sec, without producing a false alert during normal operations.
{"title":"INTRUSION DETECTION METHOD FOR INDUSTRIAL CONTROL SYSTEMS USING SINGULAR SPECTRUM ANALYSIS","authors":"Asuka Terai, T. Chiba, Hideyuki Shintani, Shoya Kojima, Shingo Abe, I. Koshijima","doi":"10.2495/RISK180171","DOIUrl":"https://doi.org/10.2495/RISK180171","url":null,"abstract":"Because of their automated processing capabilities, industrial control systems (ICSs) currently play a crucial role in plant operations. It was not long before ICS had been completely insulated from the Internet. However, because of the improved reliability of ICS devices and systems, we could find only a few plants that did not use ICS in conjunction with the Internet. As a result, the extended accessibility of almost every ICS component makes such systems vulnerable to cyber-attacks. Because of this, intrusion detection systems, which monitor ICS network traffic and detect suspicious activities within the components themselves, are extremely important. Previous studies argued that packet intervals could ideally be regarded as indicators of the hazardous status of ICSs against hacking activities, and proposed intrusion detection methodologies relying solely on packet intervals. However, these methodologies with supervised machine-learning have inevitably been compromised by cyber-attacks whose characteristics are different than those of the training dataset. We hypothesize that packet intervals in an ICS network used for automated industrial processes, which are forced to produce a certain type of periodicity, reflect a particular type of packet interval patterns. In other words, certain anomalous behaviors never fail to interfere with this pattern. This paper proposes an intrusion detection method using a singular spectrum analysis to monitor time series packets. We evaluated our proposed method on our cybersecurity testbed using penetration tests. The results verified the validity of our system realized in the packet interval periodicity. Furthermore, we examined the optimum parameter set for the singular spectrum analysis in the proposed method. From this experiment, we successfully designated criteria for the parameter-set based on the period of the packet intervals during normal operations. The proposed method successfully detected all three types of attacks within 4 sec, without producing a false alert during normal operations.","PeriodicalId":21504,"journal":{"name":"Risk Analysis XI","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84965544","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Antonella Nucera, G. Foti, Caterina Canale, P. Puntorieri, F. Minniti
Coastal flooding is a topic of particular interest both in scientific research and for public administration. In fact, effective management of both coastal erosion and coastal flood risk requires a mapping of flooding areas by current European legislation (Directive 2007/60/EC). Regarding Italy, coastal erosion is widely studied and mapped, but coastal flooding has not been uniformly examined across all regions. This paper analyses the main factors that influence coastal flooding, being mainly tidal excursion and run-up, and a new methodology is proposed for the classification of storm damage based on the effects produced by the coastal wave action. In fact, six classes of damage have been defined, sorted by increasing severity, namely: traffic interruption, infrastructure damage, maritime works damage, erosion of beaches and dunes, flooding to homes, and a combination of these various factors. The new classification was applied to two case studies, both in Calabria (Italy): Scilla on the Tyrrhenian coast, and Monasterace on the Ionian coast. The two locations were chosen because in Scilla the coastal morphology makes it particularly subject to storms that overreach the beach and reach local houses, even those located upstream of the seafront. In Monasterace, on the other hand, there is an important archaeological site on a coastal dune that, over the years, has often been damaged by sea storms. The analysis of the events was conducted starting with data present in the A.Si.Cal. (Historically flooded areas in Calabria) of the CNR-IRPI of Cosenza, which containing data relating to events of hydrogeological instability, including sea storms which have occurred in Calabria over the last few centuries, and from the MeteoCean group of the University of Genoa, which contains wave data for the period 1979–2017, which is reconstructed from the Climate Forecast System Reanalysis (CFSR) data.
{"title":"COASTAL FLOODING: DAMAGE CLASSIFICATION AND CASE STUDIES IN CALABRIA, ITALY","authors":"Antonella Nucera, G. Foti, Caterina Canale, P. Puntorieri, F. Minniti","doi":"10.2495/RISK180081","DOIUrl":"https://doi.org/10.2495/RISK180081","url":null,"abstract":"Coastal flooding is a topic of particular interest both in scientific research and for public administration. In fact, effective management of both coastal erosion and coastal flood risk requires a mapping of flooding areas by current European legislation (Directive 2007/60/EC). Regarding Italy, coastal erosion is widely studied and mapped, but coastal flooding has not been uniformly examined across all regions. This paper analyses the main factors that influence coastal flooding, being mainly tidal excursion and run-up, and a new methodology is proposed for the classification of storm damage based on the effects produced by the coastal wave action. In fact, six classes of damage have been defined, sorted by increasing severity, namely: traffic interruption, infrastructure damage, maritime works damage, erosion of beaches and dunes, flooding to homes, and a combination of these various factors. The new classification was applied to two case studies, both in Calabria (Italy): Scilla on the Tyrrhenian coast, and Monasterace on the Ionian coast. The two locations were chosen because in Scilla the coastal morphology makes it particularly subject to storms that overreach the beach and reach local houses, even those located upstream of the seafront. In Monasterace, on the other hand, there is an important archaeological site on a coastal dune that, over the years, has often been damaged by sea storms. The analysis of the events was conducted starting with data present in the A.Si.Cal. (Historically flooded areas in Calabria) of the CNR-IRPI of Cosenza, which containing data relating to events of hydrogeological instability, including sea storms which have occurred in Calabria over the last few centuries, and from the MeteoCean group of the University of Genoa, which contains wave data for the period 1979–2017, which is reconstructed from the Climate Forecast System Reanalysis (CFSR) data.","PeriodicalId":21504,"journal":{"name":"Risk Analysis XI","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88129955","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Two subsidence events twenty years apart resulted in damage and destruction of residential housing near Ipswich in the state of Queensland, Australia. Led by the Australian governments, Commonwealth Scientific and Industrial Research Organisation, a research program was undertaken to determine the cause of subsidence, identify areas at risk, propose a stabilising technology and monitor the site. Site investigation including surface to void drilling, three-dimensional seismic survey, evaluation of historical mining data and interviews with ex-mine site personnel identified the most likely cause of subsidence as the over-stressing and failure of inadequately sized remanent coal pillars. It was concluded that water from the ongoing flooding of workings may have impacted pillar stability. A factor-of-safety evaluation of over 1,100 remanent coal pillars together with risk analysis of future surface subsidence was undertaken and identified another panel of the abandoned colliery that placed housing at unacceptable risk of future damage. An evaluation of bulk backfill identified a mitigation technology to ameliorate that risk. Continuous monitoring for over seven years by an instrument array of geophones, extensometers and piezometers has evaluated and reported the stability of strata overlying the colliery. This paper describes (1) the novel technique developed for evaluation of risk of surface subsidence for many hundreds of coal pillars accounting for the unique spatial and geometric attributes of every individual pillar. Included in the risk analysis study is water and time impacts on each pillars Factor of Safety (FoS); (2) mitigation technology developed for the stabilisation of pillars; and (3) the results of over seven years of strata monitoring.
{"title":"SURFACE SUBSIDENCE FROM UNDERGROUND COAL MINING IMPACTING RESIDENTIAL HOUSING: A CASE STUDY OF RISK ANALYSIS, MITIGATION PROPOSAL AND ONGOING MONITORING","authors":"B. Poulsen, B. Shen","doi":"10.2495/RISK180181","DOIUrl":"https://doi.org/10.2495/RISK180181","url":null,"abstract":"Two subsidence events twenty years apart resulted in damage and destruction of residential housing near Ipswich in the state of Queensland, Australia. Led by the Australian governments, Commonwealth Scientific and Industrial Research Organisation, a research program was undertaken to determine the cause of subsidence, identify areas at risk, propose a stabilising technology and monitor the site. Site investigation including surface to void drilling, three-dimensional seismic survey, evaluation of historical mining data and interviews with ex-mine site personnel identified the most likely cause of subsidence as the over-stressing and failure of inadequately sized remanent coal pillars. It was concluded that water from the ongoing flooding of workings may have impacted pillar stability. A factor-of-safety evaluation of over 1,100 remanent coal pillars together with risk analysis of future surface subsidence was undertaken and identified another panel of the abandoned colliery that placed housing at unacceptable risk of future damage. An evaluation of bulk backfill identified a mitigation technology to ameliorate that risk. Continuous monitoring for over seven years by an instrument array of geophones, extensometers and piezometers has evaluated and reported the stability of strata overlying the colliery. This paper describes (1) the novel technique developed for evaluation of risk of surface subsidence for many hundreds of coal pillars accounting for the unique spatial and geometric attributes of every individual pillar. Included in the risk analysis study is water and time impacts on each pillars Factor of Safety (FoS); (2) mitigation technology developed for the stabilisation of pillars; and (3) the results of over seven years of strata monitoring.","PeriodicalId":21504,"journal":{"name":"Risk Analysis XI","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88654438","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The threat posed by insiders deliberately or inadvertently misusing their knowledge and access to sensitive information is a major security challenge. Finding effective, acceptable and affordable ways to manage the insider threat is non-trivial, involving the use of controls that range from technical to procedural. To make matters worse, insider activities range from inadvertent or accidental disclosure, through deliberate damage caused by disgruntled employees, to the pre-positioned mole who may undermine the organisation’s viability or purpose. The same controls will have different levels of effectiveness for each of these insider types. Based on these factors, attempting to find a single, optimised, universal solution to insider threats is illogical. However, the literature still contains statements such as ‘deterrence is the best approach for insiders’. There are dangers for security managers in drawing broad conclusions across the insider threat spectrum based on statements like these. Insider threats typically have a distribution of incidents where there are many of small consequence coexisting with a small number of incidents with very large consequences. This suggests that risk management techniques are a relevant, and arguably the most appropriate, framework for insider management. We have developed and applied a risk-based framework to model the spectrum of insider threat types, to enable the decision maker to determine the relative security effectiveness of alternative solutions. It allows decision makers to prioritise security investment to achieve the greatest benefit-cost using residual risk as the performance metric. Our framework provides a traceable and accountable method for organisations to balance their investments in controls, according to the complex spectrum of insider activity they are dealing with. They may also extend the approach, using robust analysis, to manage their uncertainties. Our framework supports security managers in customising security for their organisation based on its unique requirements.
{"title":"THERE IS NO SINGLE SOLUTION TO THE ‘INSIDER’ PROBLEM BUT THERE IS A VALUABLE WAY FORWARD","authors":"D. Bilusich, Leung Chim, Rick Nunes-Vaz, S. Lord","doi":"10.2495/RISK180121","DOIUrl":"https://doi.org/10.2495/RISK180121","url":null,"abstract":"The threat posed by insiders deliberately or inadvertently misusing their knowledge and access to sensitive information is a major security challenge. Finding effective, acceptable and affordable ways to manage the insider threat is non-trivial, involving the use of controls that range from technical to procedural. To make matters worse, insider activities range from inadvertent or accidental disclosure, through deliberate damage caused by disgruntled employees, to the pre-positioned mole who may undermine the organisation’s viability or purpose. The same controls will have different levels of effectiveness for each of these insider types. Based on these factors, attempting to find a single, optimised, universal solution to insider threats is illogical. However, the literature still contains statements such as ‘deterrence is the best approach for insiders’. There are dangers for security managers in drawing broad conclusions across the insider threat spectrum based on statements like these. Insider threats typically have a distribution of incidents where there are many of small consequence coexisting with a small number of incidents with very large consequences. This suggests that risk management techniques are a relevant, and arguably the most appropriate, framework for insider management. We have developed and applied a risk-based framework to model the spectrum of insider threat types, to enable the decision maker to determine the relative security effectiveness of alternative solutions. It allows decision makers to prioritise security investment to achieve the greatest benefit-cost using residual risk as the performance metric. Our framework provides a traceable and accountable method for organisations to balance their investments in controls, according to the complex spectrum of insider activity they are dealing with. They may also extend the approach, using robust analysis, to manage their uncertainties. Our framework supports security managers in customising security for their organisation based on its unique requirements.","PeriodicalId":21504,"journal":{"name":"Risk Analysis XI","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89481101","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: