论文信息 - Network Randomization and Dynamic Defense for Critical Infrastructure Systems

Network Randomization and Dynamic Defense for Critical Infrastructure Systems

Critical Infrastructure control systems continue to foster predictable communication paths, static configurations, and unpatched systems that allow easy access to our nation’s most critical assets. This makes them attractive targets for cyber intrusion. We seek to address these attack vectors by automatically randomizing network settings, randomizing applications on the end devices themselves, and dynamically defending these systems against active attacks. Applying these protective measures will convert control systems into moving targets that proactively defend themselves against attack. Sandia National Laboratories has led this effort by gathering operational and technical requirements from Tennessee Valley Authority (TVA) and performing research and development to create a proof-of-concept solution. Our proof-of-concept has been tested in a laboratory environment with over 300 nodes. The vision of this project is to enhance control system security by converting existing control systems into moving targets and building these security measures into future systems while meeting the unique constraints that control systems face.

Erik Lee | Adrian R. Chavez | Jason Hamlet | William M.S. Stout | Mitchell Tyler Martin

[1] Ali Borji,et al. Combining Heterogeneous Classifiers for Network Intrusion Detection , 2007, ASIAN.

[2] Justin M. Beaver,et al. Nonparametric semi-supervised learning for network intrusion detection: combining performance improvements with realistic in-situ training , 2012, AISec.

[3] Dorian Pyle,et al. Data Preparation for Data Mining , 1999 .

[4] Jason R. Hamlet,et al. Machine-oriented biometrics and cocooning for dynamic network defense , 2013, CSIIRW '13.

[5] R. Schapire. The Strength of Weak Learnability , 1990, Machine Learning.

[6] Corinna Cortes,et al. Support-Vector Networks , 1995, Machine Learning.

[7] Burton H. Bloom,et al. Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[8] Hiroki Takakura,et al. Statistical analysis of honeypot data and building of Kyoto 2006+ dataset for NIDS evaluation , 2011, BADGERS '11.

[9] B. Matthews. Comparison of the predicted and observed secondary structure of T4 phage lysozyme. , 1975, Biochimica et biophysica acta.

[10] Martin Mozina,et al. Orange: data mining toolbox in python , 2013, J. Mach. Learn. Res..

[11] Yoshua Bengio,et al. Random Search for Hyper-Parameter Optimization , 2012, J. Mach. Learn. Res..

[12] Hirofumi Yamaki,et al. Improving Performance of Anomaly-Based IDS by Combining Multiple Classifiers , 2011, 2011 IEEE/IPSJ International Symposium on Applications and the Internet.