Improving SIEM for critical SCADA water infrastructures using machine learning

Network Control Systems (NAC) have been used in many industrial processes. They aim to reduce the human factor burden and efficiently handle the complex process and communication of those systems. Supervisory control and data acquisition (SCADA) systems are used in industrial, infrastructure and facility processes (e.g. manufacturing, fabrication, oil and water pipelines, building ventilation, etc.) Like other Internet of Things (IoT) implementations, SCADA systems are vulnerable to cyber-attacks, therefore, a robust anomaly detection is a major requirement. However, having an accurate anomaly detection system is not an easy task, due to the difficulty to differentiate between cyber-attacks and system internal failures (e.g. hardware failures). In this paper, we present a model that detects anomaly events in a water system controlled by SCADA. Six Machine Learning techniques have been used in building and evaluating the model. The model classifies different anomaly events including hardware failures (e.g. sensor failures), sabotage and cyber-attacks (e.g. DoS and Spoofing). Unlike other detection systems, our proposed work helps in accelerating the mitigation process by notifying the operator with additional information when an anomaly occurs. This additional information includes the probability and confidence level of event(s) occurring. The model is trained and tested using a real-world dataset

Social network analysis

Social networks can be considered as a promising perspective to provide key information about the functioning of criminal networks and key players.ARTIKELEN: R.C. van der Hulst - Sociale netwerkanalyse en de bestrijding van criminaliteit en terrorisme P. van Calster - Netwerkonderzoek als perspectief op georganiseerde criminaliteit M. Spreen en Th. Vermeulen - Netwerkprofilerling in 'cold cases' L. Pomp en S. Bogaerts - Sociale netwerkanalyse in het tbs-systeem R. Veenstra, G. Huitsing, J.K. Dijkstra en S. Lindenberg - Wie pest wie? Een netwerkbenadering van pesten J. Broekhuizen, F.M.H.M. Driessen en B. Völker - Sociale netwerken en jeugdcriminaliteit B. Völker - Wie is bevriend met wie? Over het ontstaan van vriendschappen Internetsites SAMENVATTING: Sociale netwerken worden in de laatste dertig jaar opgevat als sociaal kapitaal: de hulpbronnen die in een leefgemeenschap aanwezig zijn om de persoonlijke gezins- en sociale organisatie vorm te geven en die hun ontstaan en uiting vinden in sociale steun en participatie. Belangrijke elementen van sociaal kapitaal zijn de kwaliteit van sociale relaties, groepslidmaatschap, formele en informele netwerken, gedeelde normen en waarden, vertrouwen, wederkerigheid en inzet voor de leefgemeenschap. Sinds medio jaren negentig worden sociale netwerken ook toegepast op forensische doelgroepen en bij opsporingsonderzoeken. Enerzijds om bij te dragen aan de opheldering van 'cold cases' (onopgeloste opsporingszaken), het maken van risicotaxatie en het invullen van risicomanagement en anderzijds om de sociale diagnostiek in relatie te brengen met persoonlijke en persoonlijkheidsdiagnostiek. In dit themanummer komen voorbeelden van dergelijke toepassingen uitgebreid aan de orde

Gonzaga journal of international law : GJIL

Three relations between elementary school children were investigated: networks of general dislike and bullying were related to networks of general like. These were modeled using multivariate cross-sectional (statistical) network models. Exponential random graph models for a sample of 18 classrooms, numbering 393 students, were summarized using meta-analyses. Results showed (balanced) network structures with positive ties between those who were structurally equivalent in the negative network. Moreover, essential structural parameters for the univariate network structure of positive (general like) and negative (general dislike and bullying) tie networks were identified. Different structures emerged in positive and negative networks. The results provide a starting point for further theoretical and (multiplex) empirical research about negative ties and their interplay with positive ties

Security Issue of WirelessHART Based SCADA Systems

International audienceThe security of Supervisory Control and Data Acquistition systems (SCADA) has become these last years, a major worldwide concern. Indeed, several incidents and cyber-attacks stressed the emergency to make more efforts to secure these systems which manage important economical infrastructures. The increasing use of wireless sensors also brings their security vulnerabilities. Therefore, several communication protocols were developed to meet real time and security requirements needed by this kind of systems. WirelessHART is the first approved international standard for industrial wireless devices. It implements several mechanisms to ensure hop-by-hop and end-to-end security. However, despite these mechanisms, it remains possible for an attacker to conduct an attack against such wireless networks. In this paper, we give the first description of a Sybil attack specially tailored to target WirelessHART based SCADA systems. This attack can lead to harmful consequences such as disturbing the infrastructure functioning, interrupting it or more again causing its destruction (overheating of a nuclear reactor)