Critical Information Infrastructures Security: 15th International Conference, CRITIS 2020, Bristol, UK, September 2–3, 2020, Proceedings

In this paper we identify some of the particular challenges that are encountered when trying to secure cyber-physical systems. We describe three of our current activities: the architecture of a system for monitoring cyber-physical systems; a new approach to modelling dependencies in such systems which leads to a measurement of the security of the system – interpreted as the least effort that an attacker has to expend to compromise the operation; and an approach to optimising the diversity of products used in a system with a view to slowing the propagation of malware. We conclude by discussing how these different threads of work contribute to meeting the challenges and identify possible avenues for future development, as well as providing some pointers to other work.

[1]  Yang Xiao,et al.  Non-Technical Loss Fraud in Advanced Metering Infrastructure in Smart Grid , 2016, ICCCS.

[2]  Shijie Zhou,et al.  Information Security Journal : A Global Perspective , 2015 .

[3]  Mathias Ekstedt,et al.  Can the Common Vulnerability Scoring System be Trusted? A Bayesian Analysis , 2018, IEEE Transactions on Dependable and Secure Computing.

[4]  Chris Hankin,et al.  Intrusion Detection for Industrial Control Systems: Evaluation Analysis and Adversarial Attacks , 2019, ArXiv.

[5]  Michael Franz,et al.  Making Multivariant Programming Practical and Inexpensive , 2018, IEEE Security & Privacy.

[6]  Wes McKinney,et al.  pandas: a Foundational Python Library for Data Analysis and Statistics , 2011 .

[7]  Sridhar Adepu,et al.  Access Control in Water Distribution Networks: A Case Study , 2017, 2017 IEEE International Conference on Software Quality, Reliability and Security (QRS).

[8]  Fu-Hau Hsu,et al.  Detect Fast-Flux Domains Through Response Time Differences , 2014, IEEE Journal on Selected Areas in Communications.

[9]  Emmanouil Panaousis,et al.  Attacking IEC-60870-5-104 SCADA Systems , 2019, 2019 IEEE World Congress on Services (SERVICES).

[10]  Nils Ole Tippenhauer,et al.  MiniCPS: A Toolkit for Security Research on CPS Networks , 2015, CPS-SPC@CCS.

[11]  Wenke Lee,et al.  Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces , 2009, 2009 Annual Computer Security Applications Conference.

[12]  Barry Charles Ezell,et al.  Infrastructure Vulnerability Assessment Model (I‐VAM) , 2007, Risk analysis : an official publication of the Society for Risk Analysis.

[13]  J. Hale,et al.  Using hybrid attack graphs to model cyber-physical attacks in the Smart Grid , 2012, 2012 5th International Symposium on Resilient Control Systems.

[14]  Sandip C. Patel,et al.  A Risk-Assessment Model for Cyber Attacks on Information Systems , 2010, J. Comput..

[15]  Bart De Decker,et al.  Privacy-Preserving Telemonitoring for eHealth , 2009, DBSec.

[16]  Gianluca Stringhini,et al.  You are your Metadata: Identification and Obfuscation of Social Media Users using Metadata Information , 2018, ICWSM.

[17]  Dustin Burke,et al.  Behavioral Patterns of Fast Flux Service Networks , 2010, 2010 43rd Hawaii International Conference on System Sciences.

[18]  C. Karlof,et al.  Secure routing in wireless sensor networks: attacks and countermeasures , 2003, Proceedings of the First IEEE International Workshop on Sensor Network Protocols and Applications, 2003..

[19]  Saman A. Zonouz,et al.  TMQ: Threat model quantification in Smart Grid critical infrastructures , 2014, 2014 IEEE International Conference on Smart Grid Communications (SmartGridComm).

[20]  Jun Luo,et al.  Energy-theft detection issues for advanced metering infrastructure in smart grid , 2014, Tsinghua Science and Technology.

[21]  Bart Preneel,et al.  A Privacy-Preserving Remote Healthcare System Offering End-to-End Security , 2016, ADHOC-NOW.

[22]  Kang G. Shin,et al.  Measurement and analysis of global IP-usage patterns of fast-flux botnets , 2011, 2011 Proceedings IEEE INFOCOM.

[23]  Davor Cafuta,et al.  Fast-flux Botnet Detection Based on Traffic Response and Search Engines Creditworthiness , 2017 .

[24]  Harish Sethu,et al.  On achieving software diversity for improved network security using distributed coloring algorithms , 2004, CCS '04.

[25]  Paul Smith,et al.  Attack Models for Advanced Persistent Threats in Smart Grid Wide Area Monitoring , 2017, SPSR-SG@CPSWeek.

[26]  Florian Weimer,et al.  Passive DNS Replication , 2005 .

[27]  Yu-Tso Chen,et al.  Determining Information Security Threats for an IoT-Based Energy Internet by Adopting Software Engineering and Risk Management Approaches , 2019 .

[28]  William H. Sanders,et al.  AMI threats, intrusion detection requirements and deployment recommendations , 2012, 2012 IEEE Third International Conference on Smart Grid Communications (SmartGridComm).

[29]  MalacariaPasquale,et al.  Decision support approaches for cyber security investment , 2016 .

[30]  Kang B. Lee,et al.  Smart Sensors and Standard-Based Interoperability in Smart Grids , 2017, IEEE Sensors Journal.

[31]  M. Rajesh,et al.  False Data Injection Prevention in Wireless Sensor Networks using Node-level Trust Value Computation , 2018, 2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI).

[32]  Panida Jirutitijaroen,et al.  A simulation model of cyber threats for energy metering devices in a secondary distribution network , 2010, 2010 5th International Conference on Critical Infrastructure (CRIS).

[33]  Dharma P. Agrawal,et al.  Fighting against phishing attacks: state of the art and future challenges , 2016, Neural Computing and Applications.

[34]  Mathias Ekstedt,et al.  Indicators of expert judgement and their significance: an empirical investigation in the area of cyber security , 2014, Expert Syst. J. Knowl. Eng..

[35]  Ashutosh,et al.  An Insight in to Network Traffic Analysis using Packet Sniffer , 2014 .

[36]  Martín Barrère,et al.  CPS-MT: A Real-Time Cyber-Physical System Monitoring Tool for Security Research , 2018, 2018 IEEE 24th International Conference on Embedded and Real-Time Computing Systems and Applications (RTCSA).

[37]  Dheeraj Sharma,et al.  Empirical Study on Malicious URL Detection Using Machine Learning , 2018, ICDCIT.

[38]  Jian Liu,et al.  Risk assessment of cyber attacks in ECPS based on attack tree and AHP , 2016, 2016 12th International Conference on Natural Computation, Fuzzy Systems and Knowledge Discovery (ICNC-FSKD).

[39]  Fred Spiring,et al.  Introduction to Statistical Quality Control , 2007, Technometrics.

[40]  Yun Gu,et al.  A novel method to detect bad data injection attack in smart grid , 2013, 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[41]  Yang Yude,et al.  Optimal Prevention and Control Strategy Against Preconceive Faults in Electric Cyber-Physical System , 2018, 2018 2nd IEEE Conference on Energy Internet and Energy System Integration (EI2).

[42]  Aditya P. Mathur,et al.  WADI: a water distribution testbed for research in the design of secure cyber physical systems , 2017, CySWATER@CPSWeek.

[43]  Kristian Beckers,et al.  Determining the Probability of Smart Grid Attacks by Combining Attack Tree and Attack Graph Analysis , 2014, SmartGridSec.

[44]  Pierangelo Lombardo,et al.  Fast Flux Service Network Detection via Data Mining on Passive DNS Traffic , 2018, ISC.

[45]  Kyung-Sup Kwak,et al.  The Internet of Things for Health Care: A Comprehensive Survey , 2015, IEEE Access.

[46]  Stefan Marksteiner,et al.  Cyber security requirements engineering for low-voltage distribution smart grid architectures using threat modeling , 2019, J. Inf. Secur. Appl..

[47]  Ral Garreta,et al.  Learning scikit-learn: Machine Learning in Python , 2013 .

[48]  Katherine R. Davis,et al.  A Cyber-Physical Modeling and Assessment Framework for Power Grid Infrastructures , 2015, IEEE Transactions on Smart Grid.

[49]  Alvaro A. Cárdenas,et al.  Attacks against process control systems: risk assessment, detection, and response , 2011, ASIACCS '11.

[50]  Yixin Ni,et al.  Risk Assessment for Cyberattack in Active Distribution Systems Considering the Role of Feeder Automation , 2019, IEEE Transactions on Power Systems.

[51]  Mohsen Guizani,et al.  Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications , 2015, IEEE Communications Surveys & Tutorials.

[52]  TungMing Koo,et al.  Detecting and Analyzing Fast-Flux Service Networks , 2012 .

[53]  Ammar Almomani,et al.  Fast-flux hunter: a system for filtering online fast-flux botnet , 2018, Neural Computing and Applications.

[54]  Jie YAN,et al.  Risk assessment framework for power control systems with PMU-based intrusion response system , 2015 .

[55]  Mathias Ekstedt,et al.  Empirical Analysis of System-Level Vulnerability Metrics through Actual Attacks , 2012, IEEE Transactions on Dependable and Secure Computing.

[56]  Lingfeng Wang,et al.  Reliability analysis of power grids with cyber vulnerability in SCADA system , 2014, 2014 IEEE PES General Meeting | Conference & Exposition.

[57]  Aziz Mohaisen,et al.  Kindred domains: detecting and clustering botnet domains using DNS traffic , 2014, WWW.

[58]  Elie Nasr,et al.  Evaluating wireless network vulnerabilities and attack paths in smart grid comprehensive analysis and implementation , 2017, 2017 Sensors Networks Smart and Emerging Technologies (SENSET).

[59]  Jin Huang,et al.  Attack modeling for Electric Power Information Networks , 2010, 2010 International Conference on Power System Technology.

[60]  Nick Feamster,et al.  Building a Dynamic Reputation System for DNS , 2010, USENIX Security Symposium.

[61]  Dustin Burke,et al.  Behavioral analysis of botnets for threat intelligence , 2011, Information Systems and e-Business Management.

[62]  Karen A. Scarfone,et al.  A Complete Guide to the Common Vulnerability Scoring System Version 2.0 | NIST , 2007 .

[63]  Yixin Ni,et al.  Risk Assessment for Cyber Attacks in Feeder Automation System , 2018, 2018 IEEE Power & Energy Society General Meeting (PESGM).

[64]  Béla Genge,et al.  ShoVAT: Shodan-based vulnerability assessment tool for Internet-facing services , 2016, Secur. Commun. Networks.

[65]  Farhad Nabhani,et al.  Power system DNP3 data object security using data sets , 2010, Comput. Secur..

[66]  Jianying Zhou,et al.  NoisePrint: Attack Detection Using Sensor and Process Noise Fingerprint in Cyber Physical Systems , 2018, AsiaCCS.

[67]  Shareeful Islam,et al.  Cyber Security Threat Modeling for Supply Chain Organizational Environments , 2019, Future Internet.

[68]  Yu-Tso Chen,et al.  Modeling Information Security Threats for Smart Grid Applications by Using Software Engineering and Risk Management , 2018, 2018 IEEE International Conference on Smart Energy Grid Engineering (SEGE).

[69]  Sakir Sezer,et al.  STRIDE-based threat modeling for cyber-physical systems , 2017, 2017 IEEE PES Innovative Smart Grid Technologies Conference Europe (ISGT-Europe).

[70]  Dirk van der Linden,et al.  Industry Responses to the European Directive on Security of Network and Information Systems (NIS): Understanding policy implementation practices across critical infrastructures , 2020, SOUPS @ USENIX Security Symposium.

[71]  Mani Srivastava,et al.  PyCRA: Physical Challenge-Response Authentication For Active Sensors Under Spoofing Attacks , 2015, CCS.

[72]  Martín Barrère,et al.  MaxSAT Evaluation 2019 - Benchmark: Identifying Security-Critical Cyber-Physical Components in Weighted AND/OR Graphs , 2019, ArXiv.

[73]  E. Byres,et al.  The Use of Attack Trees in Assessing Vulnerabilities in SCADA Systems , 2004 .

[74]  Lingyu Wang,et al.  Modeling Supply Chain Attacks in IEC 61850 Substations , 2019, 2019 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm).

[75]  Martin Gilje Jaatun,et al.  Threat Modeling of AMI , 2012, CRITIS.

[76]  Wentao Zhu,et al.  Cyber-physical system failure analysis based on Complex Network theory , 2017, IEEE EUROCON 2017 -17th International Conference on Smart Technologies.

[77]  Chen-Ching Liu,et al.  Vulnerability Assessment of Cybersecurity for SCADA Systems Using Attack Trees , 2007, 2007 IEEE Power Engineering Society General Meeting.

[78]  Xiaodong Lin,et al.  Sage: a strong privacy-preserving scheme against global eavesdropping for ehealth systems , 2009, IEEE Journal on Selected Areas in Communications.

[79]  Chuadhry Mujeeb Ahmed,et al.  Can Replay Attacks Designed to Steal Water from Water Distribution Systems Remain Undetected? , 2020, ACM Trans. Cyber Phys. Syst..

[80]  Rongxing Lu,et al.  Achieve Privacy-Preserving Priority Classification on Patient Health Data in Remote eHealthcare System , 2019, IEEE Access.

[81]  Dilip Patel,et al.  Assessing and augmenting SCADA cyber security: A survey of techniques , 2017, Comput. Secur..

[82]  Normaziah Abdul Aziz,et al.  Behavioral Analysis and Visualization of Fast-Flux DNS , 2012, 2012 European Intelligence and Security Informatics Conference.

[83]  Patrick D. McDaniel,et al.  Structured security testing in the smart grid , 2012, 2012 5th International Symposium on Communications, Control and Signal Processing.

[84]  Bart De Decker,et al.  Security Evaluation of Cyber-Physical Systems Using Automatically Generated Attack Trees , 2017, CRITIS.

[85]  Arunabha Sen,et al.  A New Model to Analyze Power and Communication System Intra-and-Inter Dependencies , 2020, 2020 IEEE Conference on Technologies for Sustainability (SusTech).

[86]  Heejo Lee,et al.  PsyBoG: A scalable botnet detection method for large-scale DNS traffic , 2016, Comput. Networks.

[87]  Zhengwei Jiang,et al.  A Multi-Step Attack Detection Model Based on Alerts of Smart Grid Monitoring System , 2020, IEEE Access.

[88]  Irfan Al-Anbagi,et al.  A Low Power WSNs Attack Detection and Isolation Mechanism for Critical Smart Grid Applications , 2019, IEEE Sensors Journal.

[89]  Leïla Azouz Saïdane,et al.  Privacy-preserving aware data transmission for IoT-based e-health , 2019, Comput. Networks.

[90]  Yuanyuan Ma,et al.  An attack intention recognition method based on evaluation index system of electric power information system , 2017, 2017 IEEE 2nd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC).

[91]  Marcos A. Simplício,et al.  SecourHealth: A Delay-Tolerant Security Framework for Mobile Health Data Collection , 2015, IEEE Journal of Biomedical and Health Informatics.

[92]  Sanmeet Kaur,et al.  Issues and challenges in DNS based botnet detection: A survey , 2019, Comput. Secur..

[93]  Lingfeng Wang,et al.  Power System Reliability Evaluation With SCADA Cybersecurity Considerations , 2015, IEEE Transactions on Smart Grid.

[94]  Martín Barrère,et al.  Measuring cyber-physical security in industrial control systems via minimum-effort attack strategies , 2020, J. Inf. Secur. Appl..

[95]  Zahid Anwar,et al.  Automatic security assessment of critical cyber-infrastructures , 2008, 2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN).

[96]  Gautam Sarkar,et al.  Wireless sensing of substation parameters for remote monitoring and analysis , 2015 .

[97]  Lingfeng Wang,et al.  Power System Reliability Assessment Incorporating Cyber Attacks Against Wind Farm Energy Management Systems , 2017, IEEE Transactions on Smart Grid.

[98]  Kevin Jones,et al.  A review of cyber security risk assessment methods for SCADA systems , 2016, Comput. Secur..

[99]  Hermie Hermens,et al.  A framework for the comparison of mobile patient monitoring systems , 2012, J. Biomed. Informatics.

[100]  Nils Ole Tippenhauer,et al.  On Attacker Models and Profiles for Cyber-Physical Systems , 2016, ESORICS.

[101]  Å. Holmgren A Framework for Vulnerability Assessment of Electric Power Systems , 2007 .

[102]  George A. Perdikaris Computer Controlled Systems , 1991 .

[103]  Robert Lagerström,et al.  Threat modeling - A systematic literature review , 2019, Comput. Secur..

[104]  Dieter Gollmann,et al.  Industrial control systems security: What is happening? , 2013, 2013 11th IEEE International Conference on Industrial Informatics (INDIN).

[105]  Ing-Ray Chen,et al.  A survey of intrusion detection techniques for cyber-physical systems , 2014, ACM Comput. Surv..

[106]  Yatin Wadhawan,et al.  RL-BAGS: A Tool for Smart Grid Risk Assessment , 2018, 2018 International Conference on Smart Grid and Clean Energy Technologies (ICSGCE).

[107]  Joaquín García,et al.  Real-time malicious fast-flux detection using DNS and bot related features , 2013, 2013 Eleventh Annual Conference on Privacy, Security and Trust.

[108]  Chris Hankin,et al.  Improving ICS Cyber Resilience through Optimal Diversification of Network Resources , 2018, ArXiv.

[109]  Jianying Zhou,et al.  Challenges and Opportunities in CPS Security: A Physics-based Perspective , 2020, ArXiv.

[110]  Gaurav Paliwal,et al.  A Comparison of Mobile Patient Monitoring Systems , 2013, HIS.

[111]  Carlos Murguia,et al.  Model-based Attack Detection Scheme for Smart Water Distribution Networks , 2017, AsiaCCS.

[112]  Benoit Baudry,et al.  The Multiple Facets of Software Diversity , 2014, ACM Comput. Surv..

[113]  Sohini Roy Secure Cluster Based Routing Scheme (SCBRS) for Wireless Sensor Networks , 2015, SSCC.

[114]  Sushil Jajodia,et al.  Network Diversity: A Security Metric for Evaluating the Resilience of Networks Against Zero-Day Attacks , 2016, IEEE Transactions on Information Forensics and Security.

[115]  Mathias Ekstedt,et al.  Load balancing of renewable energy: a cyber security analysis , 2018 .

[116]  Carlos Murguia,et al.  Multistage Downstream Attack Detection in a Cyber Physical System , 2017, CyberICPS/SECPRE@ESORICS.

[117]  G. Manimaran,et al.  Cybersecurity for Critical Infrastructures: Attack and Defense Modeling , 2010, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans.

[118]  Michel Verhaegen,et al.  Sensor fault detection and isolation for wind turbines based on subspace identification and Kalman filter techniques , 2009 .

[119]  Felix C. Freiling,et al.  Measuring and Detecting Fast-Flux Service Networks , 2008, NDSS.

[120]  Bo Zhang,et al.  Generation of Cyber-security Reinforcement Strategies for Smart Grid Based on the Attribute-based Attack Graph , 2016 .

[121]  Simon Hacks,et al.  Creating Meta Attack Language Instances using ArchiMate: Applied to Electric Power and Energy System Cases , 2019, 2019 IEEE 23rd International Enterprise Distributed Object Computing Conference (EDOC).

[122]  Carlos Murguia,et al.  Characterization of a CUSUM model-based sensor attack detector , 2016, 2016 IEEE 55th Conference on Decision and Control (CDC).

[123]  Christopher D. Manning,et al.  Introduction to Information Retrieval , 2010, J. Assoc. Inf. Sci. Technol..

[124]  Robert J. Ellison,et al.  Attack Trees , 2009, Encyclopedia of Biometrics.

[125]  Yacine Challal,et al.  Secure and Scalable Cloud-Based Architecture for e-Health Wireless Sensor Networks , 2012, 2012 21st International Conference on Computer Communications and Networks (ICCCN).

[126]  Anil Vullikanti,et al.  General optimal substation coverage algorithm for phasor measurement unit placement in practical systems , 2017 .

[127]  Felix C. Freiling,et al.  On Botnets That Use DNS for Command and Control , 2011, 2011 Seventh European Conference on Computer Network Defense.

[128]  Xiaohui Liang,et al.  PEC: A privacy-preserving emergency call scheme for mobile healthcare social networks , 2011, Journal of Communications and Networks.

[129]  Anas AlMajali,et al.  A Comprehensive Analysis of Smart Grid Systems against Cyber-Physical Attacks , 2018 .

[130]  Wenxia Liu,et al.  Security Assessment for Communication Networks of Power Control Systems Using Attack Graph and MCDM , 2010, IEEE Transactions on Power Delivery.

[131]  Richard Kemp Legal aspects of cloud security , 2018, Comput. Law Secur. Rev..

[132]  Kambombo Mtonga,et al.  Identity-Based Privacy Preservation Framework over u-Healthcare System , 2013, MUE.

[133]  Fernando Berzal Galiano,et al.  Evaluation Metrics for Unsupervised Learning Algorithms , 2019, ArXiv.

[134]  Libao Shi,et al.  A Sponsor Incentive Attack Scheme for Feeder Automation Systems , 2020, IEEE Transactions on Smart Grid.

[135]  Chris Hankin,et al.  Adversarial Machine Learning Beyond the Image Domain , 2019, DAC.

[136]  Henrik Sandberg,et al.  Limiting the Impact of Stealthy Attacks on Industrial Control Systems , 2016, CCS.

[137]  Jianying Zhou,et al.  Noise Matters: Using Sensor and Process Noise Fingerprint to Detect Stealthy Cyber Attacks and Authenticate sensors in CPS , 2018, ACSAC.

[138]  Tzonelih Hwang,et al.  BSN-Care: A Secure IoT-Based Modern Healthcare System Using Body Sensor Network , 2016, IEEE Sensors Journal.

[139]  Min Chen,et al.  Privacy Protection and Intrusion Avoidance for Cloudlet-Based Medical Data Sharing , 2020, IEEE Transactions on Cloud Computing.

[140]  Thomas M. Chen,et al.  Petri Net Modeling of Cyber-Physical Attacks on Smart Grid , 2011, IEEE Transactions on Smart Grid.

[141]  Stefanie Rinderle-Ma,et al.  Exploration of the Potential of Process Mining for Intrusion Detection in Smart Metering , 2017, ICISSP.

[142]  Soham Badheka,et al.  Comparison of Basic Clustering Algorithms , 2014 .