Prevention based mechanism for attacks in Network SecurityEditor IJMTER
Network Security has become vital in today’s information technology era, as a result
of that numerous techniques are a unit adopted to bypass it. Network administrator has to be
compelled to manage with the recent advancements in each the hardware and software system fields
for their betterment of the user’s knowledge. This paper outlines the varied attack strategies in the
field of Networking and numerous prevention mechanisms against them.
READING HEAD GROUP 2 BLACK ENERGYGroup 2 Black Energy.docxsodhi3
READING HEAD: GROUP 2: BLACK ENERGY
Group 2: Black Energy
Group 2: BlackEnergy
ISOL 632 – Business Continuity Planning and Disaster Recovery Planning
University of the Cumberlands - Summer 2018
Professor: Dr. Mary R. Lind, Ph.D.
Group 2 Members:
Mirza Mohammed Omer Baig
Jaipal Reddy Goli
Swetha Kancharla
Pradeep Kumar Kasibhotla
Viran Kumar Kepa
Yousaf Khalid
Vijender Reddy Surukanti
Dheeraj Reddy Thatipally
Sasi Dhar Reddy Tippireddygari
Attack Summary:
BlackEnergy was used in sabotaging the power industry of Ukraine right around the Christmas time. BlackEnergy is a type of Trojan Virus which infects the computer systems and disrupts the functionality in different ways. This incident resulted in the outage of electricity in the Southern part of Ukraine, by disrupting the country’s power grid (Robert & Anton, 2016). Hackers used this black energy tool to spread the malware named KillDisk as well.
The understanding we had about Black Energy before starting the paper is, it is some kind of malware which spreads around the computer systems and causes DDoS attacks. Jeopardizes the security features of the machine and opens up a back channel for malicious connections to gain control of the device.
Like any other attack, first, the attacker chooses a target system and tries to infect it with the malware. Any infrastructure is as strong as its weakest component. This is well illustrated in the cyber-attacks, as attackers always identify and target the weakest component of the computer farm. Upon successful intrusion, the installation of malware will be executed (Thomas, 2016). To do this, the attackers may choose the documents or applications to disguise the malware as a harmless product. BlackEnergy used Microsoft documents as a carrier of malware and Spear phishing technique was used in the Ukraine Power plant attacks, where employees received attachments containing malware (Khan, Maynard, McLaughlin, Laverty, & Sezer, 2016). Once the documents are accessed by the employees, malware asks for enabling the macros. Enabling the macros sabotages the security controls of the computer which will later be used to gain unauthorized access by the attacker. After this, the attacker will make the necessary changes needed for the attack and prepares the system for the attack. The malicious software at this point, tries to impersonate as a genuine software and attempts to conceal itself from the anti-virus software and tries to spread around (Kurt & Maria, 2014). Once after the necessary groundwork is done, the attacker chooses a time to destroy the system’s functionality, resulting in the disruption of its services. In the Ukraine Power grid attack, the attacker chose to disrupt the services just two days before Christmas, thereby making it the most significant attack using Black energy as the tool (Richard, 2015).
Industrial Control Systems (ICS) functionality was compromised by the attack, and the attacker was able to override them and cause an ...
PROTOCOL ANALYSIS TO PREVENT STORM ATTACKS IN 3G MOBILE NETWORKSIJSRD
The advent of mobile smart phones has led to a surge in numerous applications with a lot of network traffic. This in turn leads to signal storm attacks from malicious users, who disrupt the system by creating signaling storms. Malware attacks are quickly becoming a major security concern due to the advent of smart mobile devices and the increasing capacity and use of mobile networks for Internet access. The increasing number of host mobile malware adds to the problem. The infected devices cause a cascading effect creating signaling and network disruptions both deliberately and also due to malicious attacks. A signaling storm is one where the users are denied service by making huge attacks on the resources of the system either directly or indirectly taking control of other nodes in the network and sending huge amounts of request signals. This causes flooding, identity problems, injection attacks etc. The purpose is to detect such signaling storms in the first place. Next using the proposed hybrid Radio Resource protocol such attacks should be blocked and the malicious node should be removed from the network. The revocation will show sufficient congestion relief in the network traffic.
CYBER ATTACKS ON INTRUSION DETECTION SYSTEMijistjournal
Soft Computing techniques are fast growing technology used for problem solving, Information security is of essence factor in the age of computer world. Protecting information, systems and resources from unauthorized use, duplication, modification ,adjustment or any kind of cause which damage the resources such that it cannot be repaired or no longer exist to the real user is one of the part of soft computing. Researcher proposed several mechanism to fight against cyber attacks. Several existing techniques available intrusion detection systems are responsible to face upcoming cyber attacks. Soft computing is one of the best presently using techniques which is applied in Intrusion Detection System to manage network traffic and use to detect cyber attacks with increased efficiency and accuracy.
Prevention based mechanism for attacks in Network SecurityEditor IJMTER
Network Security has become vital in today’s information technology era, as a result
of that numerous techniques are a unit adopted to bypass it. Network administrator has to be
compelled to manage with the recent advancements in each the hardware and software system fields
for their betterment of the user’s knowledge. This paper outlines the varied attack strategies in the
field of Networking and numerous prevention mechanisms against them.
READING HEAD GROUP 2 BLACK ENERGYGroup 2 Black Energy.docxsodhi3
READING HEAD: GROUP 2: BLACK ENERGY
Group 2: Black Energy
Group 2: BlackEnergy
ISOL 632 – Business Continuity Planning and Disaster Recovery Planning
University of the Cumberlands - Summer 2018
Professor: Dr. Mary R. Lind, Ph.D.
Group 2 Members:
Mirza Mohammed Omer Baig
Jaipal Reddy Goli
Swetha Kancharla
Pradeep Kumar Kasibhotla
Viran Kumar Kepa
Yousaf Khalid
Vijender Reddy Surukanti
Dheeraj Reddy Thatipally
Sasi Dhar Reddy Tippireddygari
Attack Summary:
BlackEnergy was used in sabotaging the power industry of Ukraine right around the Christmas time. BlackEnergy is a type of Trojan Virus which infects the computer systems and disrupts the functionality in different ways. This incident resulted in the outage of electricity in the Southern part of Ukraine, by disrupting the country’s power grid (Robert & Anton, 2016). Hackers used this black energy tool to spread the malware named KillDisk as well.
The understanding we had about Black Energy before starting the paper is, it is some kind of malware which spreads around the computer systems and causes DDoS attacks. Jeopardizes the security features of the machine and opens up a back channel for malicious connections to gain control of the device.
Like any other attack, first, the attacker chooses a target system and tries to infect it with the malware. Any infrastructure is as strong as its weakest component. This is well illustrated in the cyber-attacks, as attackers always identify and target the weakest component of the computer farm. Upon successful intrusion, the installation of malware will be executed (Thomas, 2016). To do this, the attackers may choose the documents or applications to disguise the malware as a harmless product. BlackEnergy used Microsoft documents as a carrier of malware and Spear phishing technique was used in the Ukraine Power plant attacks, where employees received attachments containing malware (Khan, Maynard, McLaughlin, Laverty, & Sezer, 2016). Once the documents are accessed by the employees, malware asks for enabling the macros. Enabling the macros sabotages the security controls of the computer which will later be used to gain unauthorized access by the attacker. After this, the attacker will make the necessary changes needed for the attack and prepares the system for the attack. The malicious software at this point, tries to impersonate as a genuine software and attempts to conceal itself from the anti-virus software and tries to spread around (Kurt & Maria, 2014). Once after the necessary groundwork is done, the attacker chooses a time to destroy the system’s functionality, resulting in the disruption of its services. In the Ukraine Power grid attack, the attacker chose to disrupt the services just two days before Christmas, thereby making it the most significant attack using Black energy as the tool (Richard, 2015).
Industrial Control Systems (ICS) functionality was compromised by the attack, and the attacker was able to override them and cause an ...
PROTOCOL ANALYSIS TO PREVENT STORM ATTACKS IN 3G MOBILE NETWORKSIJSRD
The advent of mobile smart phones has led to a surge in numerous applications with a lot of network traffic. This in turn leads to signal storm attacks from malicious users, who disrupt the system by creating signaling storms. Malware attacks are quickly becoming a major security concern due to the advent of smart mobile devices and the increasing capacity and use of mobile networks for Internet access. The increasing number of host mobile malware adds to the problem. The infected devices cause a cascading effect creating signaling and network disruptions both deliberately and also due to malicious attacks. A signaling storm is one where the users are denied service by making huge attacks on the resources of the system either directly or indirectly taking control of other nodes in the network and sending huge amounts of request signals. This causes flooding, identity problems, injection attacks etc. The purpose is to detect such signaling storms in the first place. Next using the proposed hybrid Radio Resource protocol such attacks should be blocked and the malicious node should be removed from the network. The revocation will show sufficient congestion relief in the network traffic.
CYBER ATTACKS ON INTRUSION DETECTION SYSTEMijistjournal
Soft Computing techniques are fast growing technology used for problem solving, Information security is of essence factor in the age of computer world. Protecting information, systems and resources from unauthorized use, duplication, modification ,adjustment or any kind of cause which damage the resources such that it cannot be repaired or no longer exist to the real user is one of the part of soft computing. Researcher proposed several mechanism to fight against cyber attacks. Several existing techniques available intrusion detection systems are responsible to face upcoming cyber attacks. Soft computing is one of the best presently using techniques which is applied in Intrusion Detection System to manage network traffic and use to detect cyber attacks with increased efficiency and accuracy.
Stuxnet is a malicious computer worm, first uncovered in 2010. Thought to have been in development since at least 2005, Stuxnet targets SCADA systems and is believed to be responsible for causing substantial damage to Iran's nuclear program. Wikipedia
Detecting and Preventing Attacks Using Network Intrusion Detection SystemsCSCJournals
Intrusion detection is an important technology in business sector as well as an active area of research. It is an important tool for information security. A Network Intrusion Detection System is used to monitor networks for attacks or intrusions and report these intrusions to the administrator in order to take evasive action. Today computers are part of networked; distributed systems that may span multiple buildings sometimes located thousands of miles apart. The network of such a system is a pathway for communication between the computers in the distributed system. The network is also a pathway for intrusion. This system is designed to detect and combat some common attacks on network systems. It follows the signature based IDs methodology for ascertaining attacks. A signature based IDS will monitor packets on the network and compare them against a database of signatures or attributes from known malicious threats. It has been implemented in VC++. In this system the attack log displays the list of attacks to the administrator for evasive action. This system works as an alert device in the event of attacks directed towards an entire network.
Cyber Warfare is the current single greatest emerging threat to National Security. Network security has become an essential component of any computer network. As computer networks and systems become ever more fundamental to modern society, concerns about security has become increasingly important. There are a multitude of different applications open source and proprietary available for the protection +-system administrator, to decide on the most suitable format for their purpose requires knowledge of the available safety measures, their features and how they affect the quality of service, as well as the kind of data they will be allowing through un flagged. A majority of methods currently used to ensure the quality of a networks service are signature based. From this information, and details on the specifics of popular applications and their implementation methods, we have carried through the ideas, incorporating our own opinions, to formulate suggestions on how this could be done on a general level. The main objective was to design and develop an Intrusion Detection System. While the minor objectives were to; Design a port scanner to determine potential threats and mitigation techniques to withstand these attacks. Implement the system on a host and Run and test the designed IDS. In this project we set out to develop a Honey Pot IDS System. It would make it easy to listen on a range of ports and emulate a network protocol to track and identify any individuals trying to connect to your system. This IDS will use the following design approaches: Event correlation, Log analysis, Alerting, and policy enforcement. Intrusion Detection Systems (IDSs) attempt to identify unauthorized use, misuse, and abuse of computer systems. In response to the growth in the use and development of IDSs, we have developed a methodology for testing IDSs. The methodology consists of techniques from the field of software testing which we have adapted for the specific purpose of testing IDSs. In this paper, we identify a set of general IDS performance objectives which is the basis for the methodology. We present the details of the methodology, including strategies for test-case selection and specific testing procedures. We include quantitative results from testing experiments on the Network Security Monitor (NSM), an IDS developed at UC Davis. We present an overview of the software platform that we have used to create user-simulation scripts for testing experiments. The platform consists of the UNIX tool expect and enhancements that we have developed, including mechanisms for concurrent scripts and a record-and-replay feature. We also provide background information on intrusions and IDSs to motivate our work.
Supervisory control and data acquisition (SCADA) are applications that collect data from a system in order to automate the monitoring and controlling of its activities. Several industrial fields such as, electric utilities, water supplies and buildings' facilities have already adopted SCADA systems to increase the efficiency and reduce cost. However, the IT community is concerned about the level of security that any applied SCADA system provides. This paper concentrates on the major security threats encountered in SCADA systems. In addition, it discusses a new proposed methodology in order to increase the system security with minimal impact on efficiency. The proposed scheme provides several security services which are mutual authentication, confidentiality, data integrity and accountability.
1- Mobile ad hoc networks are formed dynamically by an
autonomous system of mobile nodes that are connected
via wireless links.
2- Multihop communication- node communicate with the
help of two or more node from source to destination.
3- No existing fixed infrastructure or centralized administration –No base station.
4- Mobile nodes are free to move randomly-Network topology changes frequently
5- May Operate as standalone fashion or also can be connected to the larger internet.
6- Each node work as router
Primary Goals of Security in MANET
To assure a reliable data transfer over the communication networks and to protect the system resources a number of security services are classified in five categories:-
1-Authentication:- The process of identifying an individual , usually based on a username and password.
2- Confidentially:- Confidentiality aims at protecting the data from disclosure to unauthorized person.
Network attacks against confidentiality
* Packet capturing
Password attack
Port scanning
Dumpster Diving
Wiretapping
Phishing and Pharming
2-Non repudiation:- Integrity guarantees that a message being transferred is never corrupted.
3- Integrity:- Integrity guarantees that a message being transferred is never corrupted.
network attack against integrity
Salami attack
trust relationship attacks
Man in the middle attack
Session hijacking attacks
4- Availability:- Its ensure that data ,network resources or network services are available to legitimate user when required.
network attack against availability
Denial of services attacks
Distributed denial of services attack
SYN flood attacks and ICMP flood attacks
Electrical power attacks
Server Room environment attacks
Key management
The security in networking is in many cases dependent on proper key management.
Key management consists of various services, of which each is vital for the security
of the networking systems
* Trust model:-Its must determine how much different element in the network can trust each other.
* Cryptosystem:- Public and symmetric key mechanism can be applied .
* Key creation:- It must determine which parties are allowed to generate key to themselves.
* Key storage :- In adhoc network any network element may have to store its own key and possibly key of other element as well.
* Key distribution:- The key management service must ensure that the generated keys are securely distributed to their owners.
Supervisory control and data acquisition (SCADA) are applications that collect data from a system in order to automate the monitoring and controlling of its activities. Several industrial fields such as, electric utilities, water supplies and buildings’ facilities have already adopted SCADA systems to increase the efficiency and reduce cost. However, the IT community is concerned about the level of security that any applied SCADA system provides. This paper concentrates on the major security threats encountered in SCADA systems. In addition, it discusses a new proposed methodology in order to increase the system security with minimal impact on efficiency. The proposed scheme provides several security services which are mutual authentication, confidentiality, data integrity and accountability.
Content :
Introduction
Network Security Management
Introduction of agent
Intelligent Network Security Management Architecture
Recent work
The benefit from Intelligent Agent and Mobile Agent
A simple example diagram for IA
Conclusion
Reference
A technical review and comparative analysis of machine learning techniques fo...IJECEIAES
Machine learning techniques are being widely used to develop an intrusion detection system (IDS) for detecting and classifying cyber attacks at the network-level and the host-level in a timely and automatic manner. However, Traditional Intrusion Detection Systems (IDS), based on traditional machine learning methods, lacks reliability and accuracy. Instead of the traditional machine learning used in previous researches, we think deep learning has the potential to perform better in extracting features of massive data considering the massive cyber traffic in real life. Generally Mobile Ad Hoc Networks have given the low physical security for mobile devices, because of the properties such as node mobility, lack of centralized management and limited bandwidth. To tackle these security issues, traditional cryptography schemes can-not completely safeguard MANETs in terms of novel threats and vulnerabilities, thus by applying Deep learning methods techniques in IDS are capable of adapting the dynamic environments of MANETs and enables the system to make decisions on intrusion while continuing to learn about their mobile environment. An IDS in MANET is a sensoring mechanism that monitors nodes and network activities in order to detect malicious actions and malicious attempt performed by Intruders. Recently, multiple deep learning approaches have been proposed to enhance the performance of intrusion detection system. In this paper, we made a systematic comparison of three models, Inceprtion architecture convolutional neural network (Inception-CNN), Bidirectional long short-term memory (BLSTM) and deep belief network (DBN) on the deep learning-based intrusion detection systems, using the NSL-KDD dataset containing information about intrusion and regular network connections, the goal is to provide basic guidance on the choice of deep learning models in MANET.
As the Supervisory Control and Data Acquisition (SCADA) system are deployed in infrastructures which are critical to the survival of a nation, they have emerged as a potential terrain for cyber-war, thus attracting the considered attention of ‘nation-states’. The analysis of worms like ‘stuxnet’ ‘flame’ and ‘duqu’ reveals the hand of a ‘nation-state’ in their design and deployment. Hence, the necessity to understand various issues in the defence of SCADA systems arises. The forensics of the SCADA system provide deep insight into the design and deployment of the worm (the malware) once the system is attacked. This is precisely the scope of this essay.
Detection of Rogue Access Point in WLAN using Hopfield Neural Network IJECEIAES
The serious issue in the field of wireless communication is the security and how an organization implements the steps against security breach. The major attack on any organization is Man in the Middle attack which is difficult to manage. This attack leads to number of unauthorized access points, called rogue access points which are not detected easily. In this paper, we proposed a Hopfield Neural Network approach for an automatic detection of these rogue access points in wireless networking. Here, we store the passwords of the authentic devices in the weight matrix format and match the patterns at the time of login. Simulation experiment shows that this method is more secure than the traditional one in WLAN.
Stuxnet is a malicious computer worm, first uncovered in 2010. Thought to have been in development since at least 2005, Stuxnet targets SCADA systems and is believed to be responsible for causing substantial damage to Iran's nuclear program. Wikipedia
Detecting and Preventing Attacks Using Network Intrusion Detection SystemsCSCJournals
Intrusion detection is an important technology in business sector as well as an active area of research. It is an important tool for information security. A Network Intrusion Detection System is used to monitor networks for attacks or intrusions and report these intrusions to the administrator in order to take evasive action. Today computers are part of networked; distributed systems that may span multiple buildings sometimes located thousands of miles apart. The network of such a system is a pathway for communication between the computers in the distributed system. The network is also a pathway for intrusion. This system is designed to detect and combat some common attacks on network systems. It follows the signature based IDs methodology for ascertaining attacks. A signature based IDS will monitor packets on the network and compare them against a database of signatures or attributes from known malicious threats. It has been implemented in VC++. In this system the attack log displays the list of attacks to the administrator for evasive action. This system works as an alert device in the event of attacks directed towards an entire network.
Cyber Warfare is the current single greatest emerging threat to National Security. Network security has become an essential component of any computer network. As computer networks and systems become ever more fundamental to modern society, concerns about security has become increasingly important. There are a multitude of different applications open source and proprietary available for the protection +-system administrator, to decide on the most suitable format for their purpose requires knowledge of the available safety measures, their features and how they affect the quality of service, as well as the kind of data they will be allowing through un flagged. A majority of methods currently used to ensure the quality of a networks service are signature based. From this information, and details on the specifics of popular applications and their implementation methods, we have carried through the ideas, incorporating our own opinions, to formulate suggestions on how this could be done on a general level. The main objective was to design and develop an Intrusion Detection System. While the minor objectives were to; Design a port scanner to determine potential threats and mitigation techniques to withstand these attacks. Implement the system on a host and Run and test the designed IDS. In this project we set out to develop a Honey Pot IDS System. It would make it easy to listen on a range of ports and emulate a network protocol to track and identify any individuals trying to connect to your system. This IDS will use the following design approaches: Event correlation, Log analysis, Alerting, and policy enforcement. Intrusion Detection Systems (IDSs) attempt to identify unauthorized use, misuse, and abuse of computer systems. In response to the growth in the use and development of IDSs, we have developed a methodology for testing IDSs. The methodology consists of techniques from the field of software testing which we have adapted for the specific purpose of testing IDSs. In this paper, we identify a set of general IDS performance objectives which is the basis for the methodology. We present the details of the methodology, including strategies for test-case selection and specific testing procedures. We include quantitative results from testing experiments on the Network Security Monitor (NSM), an IDS developed at UC Davis. We present an overview of the software platform that we have used to create user-simulation scripts for testing experiments. The platform consists of the UNIX tool expect and enhancements that we have developed, including mechanisms for concurrent scripts and a record-and-replay feature. We also provide background information on intrusions and IDSs to motivate our work.
Supervisory control and data acquisition (SCADA) are applications that collect data from a system in order to automate the monitoring and controlling of its activities. Several industrial fields such as, electric utilities, water supplies and buildings' facilities have already adopted SCADA systems to increase the efficiency and reduce cost. However, the IT community is concerned about the level of security that any applied SCADA system provides. This paper concentrates on the major security threats encountered in SCADA systems. In addition, it discusses a new proposed methodology in order to increase the system security with minimal impact on efficiency. The proposed scheme provides several security services which are mutual authentication, confidentiality, data integrity and accountability.
1- Mobile ad hoc networks are formed dynamically by an
autonomous system of mobile nodes that are connected
via wireless links.
2- Multihop communication- node communicate with the
help of two or more node from source to destination.
3- No existing fixed infrastructure or centralized administration –No base station.
4- Mobile nodes are free to move randomly-Network topology changes frequently
5- May Operate as standalone fashion or also can be connected to the larger internet.
6- Each node work as router
Primary Goals of Security in MANET
To assure a reliable data transfer over the communication networks and to protect the system resources a number of security services are classified in five categories:-
1-Authentication:- The process of identifying an individual , usually based on a username and password.
2- Confidentially:- Confidentiality aims at protecting the data from disclosure to unauthorized person.
Network attacks against confidentiality
* Packet capturing
Password attack
Port scanning
Dumpster Diving
Wiretapping
Phishing and Pharming
2-Non repudiation:- Integrity guarantees that a message being transferred is never corrupted.
3- Integrity:- Integrity guarantees that a message being transferred is never corrupted.
network attack against integrity
Salami attack
trust relationship attacks
Man in the middle attack
Session hijacking attacks
4- Availability:- Its ensure that data ,network resources or network services are available to legitimate user when required.
network attack against availability
Denial of services attacks
Distributed denial of services attack
SYN flood attacks and ICMP flood attacks
Electrical power attacks
Server Room environment attacks
Key management
The security in networking is in many cases dependent on proper key management.
Key management consists of various services, of which each is vital for the security
of the networking systems
* Trust model:-Its must determine how much different element in the network can trust each other.
* Cryptosystem:- Public and symmetric key mechanism can be applied .
* Key creation:- It must determine which parties are allowed to generate key to themselves.
* Key storage :- In adhoc network any network element may have to store its own key and possibly key of other element as well.
* Key distribution:- The key management service must ensure that the generated keys are securely distributed to their owners.
Supervisory control and data acquisition (SCADA) are applications that collect data from a system in order to automate the monitoring and controlling of its activities. Several industrial fields such as, electric utilities, water supplies and buildings’ facilities have already adopted SCADA systems to increase the efficiency and reduce cost. However, the IT community is concerned about the level of security that any applied SCADA system provides. This paper concentrates on the major security threats encountered in SCADA systems. In addition, it discusses a new proposed methodology in order to increase the system security with minimal impact on efficiency. The proposed scheme provides several security services which are mutual authentication, confidentiality, data integrity and accountability.
Content :
Introduction
Network Security Management
Introduction of agent
Intelligent Network Security Management Architecture
Recent work
The benefit from Intelligent Agent and Mobile Agent
A simple example diagram for IA
Conclusion
Reference
A technical review and comparative analysis of machine learning techniques fo...IJECEIAES
Machine learning techniques are being widely used to develop an intrusion detection system (IDS) for detecting and classifying cyber attacks at the network-level and the host-level in a timely and automatic manner. However, Traditional Intrusion Detection Systems (IDS), based on traditional machine learning methods, lacks reliability and accuracy. Instead of the traditional machine learning used in previous researches, we think deep learning has the potential to perform better in extracting features of massive data considering the massive cyber traffic in real life. Generally Mobile Ad Hoc Networks have given the low physical security for mobile devices, because of the properties such as node mobility, lack of centralized management and limited bandwidth. To tackle these security issues, traditional cryptography schemes can-not completely safeguard MANETs in terms of novel threats and vulnerabilities, thus by applying Deep learning methods techniques in IDS are capable of adapting the dynamic environments of MANETs and enables the system to make decisions on intrusion while continuing to learn about their mobile environment. An IDS in MANET is a sensoring mechanism that monitors nodes and network activities in order to detect malicious actions and malicious attempt performed by Intruders. Recently, multiple deep learning approaches have been proposed to enhance the performance of intrusion detection system. In this paper, we made a systematic comparison of three models, Inceprtion architecture convolutional neural network (Inception-CNN), Bidirectional long short-term memory (BLSTM) and deep belief network (DBN) on the deep learning-based intrusion detection systems, using the NSL-KDD dataset containing information about intrusion and regular network connections, the goal is to provide basic guidance on the choice of deep learning models in MANET.
As the Supervisory Control and Data Acquisition (SCADA) system are deployed in infrastructures which are critical to the survival of a nation, they have emerged as a potential terrain for cyber-war, thus attracting the considered attention of ‘nation-states’. The analysis of worms like ‘stuxnet’ ‘flame’ and ‘duqu’ reveals the hand of a ‘nation-state’ in their design and deployment. Hence, the necessity to understand various issues in the defence of SCADA systems arises. The forensics of the SCADA system provide deep insight into the design and deployment of the worm (the malware) once the system is attacked. This is precisely the scope of this essay.
Detection of Rogue Access Point in WLAN using Hopfield Neural Network IJECEIAES
The serious issue in the field of wireless communication is the security and how an organization implements the steps against security breach. The major attack on any organization is Man in the Middle attack which is difficult to manage. This attack leads to number of unauthorized access points, called rogue access points which are not detected easily. In this paper, we proposed a Hopfield Neural Network approach for an automatic detection of these rogue access points in wireless networking. Here, we store the passwords of the authentic devices in the weight matrix format and match the patterns at the time of login. Simulation experiment shows that this method is more secure than the traditional one in WLAN.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Free Complete Python - A step towards Data Science
CPS - Week 1.pptx
1. Week 1 Assignment:
Ukraine Power Grid Cyber
Attack
Andres Brito (1007641) | Li Xinyue (1007389) | Mayukh Borana (1007395) |
Suhasini (1007497)
Singapore University of Technology and Design
51.503 Secure Software Engineering
1
2. Contents
1. Introduction
a. Facts, dates, characters
b. The story of the attack: how and who
c. Consequences of the attack
2. Kinematics of Attack
a. Thread model
3. Analysis
a. Would traditional perimeter defenses mitigate such a threat?
b. Missing Defense Approaches
4. Conclusions
a. How to detect or prevent another similar attacks
b. Takeaways
2
4. Facts, Dates, Characters
Date 23 December 2015.
Suspected Actor The Sandworm Group. The Ukrainian state security service (SBU)
blamed Russia for the attack.
Target Ukrainian Energy Company substations. In the case of the
Prykarpattyaoblenergo substation, hackers successfully brought
the network offline.
Target System Microsoft Windows-based systems.
Purpose The hackers intended to test a remote cyber operation directed
against Ukraine’s critical energy infrastructure. 4
5. Facts, Dates, Characters cont.
Method - The first part of the attack is believed to harness an updated version of the
BlackEnergy malware.
- The malicious code was sent through emails with malicious attachments, targeting
specific individuals within the different energy companies in order to retrieve
administrator credentials and gain access to the energy substation networks.
- During the second part of the attack, the actors activated a KillDisk destructive
malware, which was able to wipe parts of computers’ hard drives and prevent the
systems from rebooting, ultimately leading to the power outages.
- Eventually, the hackers launched a TDoS attack (telephony denial of service)
directed against the customers call center, preventing the callers from reporting
the outage.
5
6. The story of the attack - How
Stage 1: Spear Phishing
● In March 2015, malicious actors used spear phishing to compromise hosts that would allow them access to target
networks.
● Emails sent contained a Microsoft Excel spreadsheet or Microsoft Word document. Opening and enabling them led to
the installation of the BlackEnergy3 malware on that computer.
● Multiple users were compromised.
Stage 2: Malware Used to Explore and Move in Network
● With the malware, reconnaissance and enumeration of the compromised network occurred for months.
● In April 2015, malicious actors installed additional backdoor malware on the compromised machines.
Stage 3: Credentials Obtained
● The Active Directory server was one of the compromised computers, possibly leading to a brute force attacks on the
passwords stored there.
6
7. The story of the attack - How (cont.)
Stage 5: Compromise and Reconnaissance of HMI Computers
● Access to one of the computers provided credentials for remote access to the HMI application, which in turn
allowed the hackers to interact remotely with the control system.
Stage 6: Manipulate Circuit Breakers
● The hackers opened the breakers, took control of the computers at a control center and remotely shutdown
the substation.
● An employee at the center tried to take control of the computer but he was unsuccessful as he was logged
out of his account by the hackers who changed his password.
Stage 4: Virtual Private Network Tunnel Created
● With the credentials obtained (username/password), the hackers used an encryption tunnel (VPN) to establish a
presence on the networks.
● Standard remote access tools were used to gain access to the control system network HMIs.
7
8. The story of the attack - How (cont.)
Stage 7: Additional Attack Actions
● Telephony Denial-of-service: A TDoS attack was launched against customers to prevent them from calling to report the
outage.
● UPS Remote Access and Shutdown: Shortly before the attack began, the hackers used UPS remote management
interfaces to schedule a shutdown of the UPSs for the computer servers. This was done to interfere with incident
response and restoration efforts.
Stage 8: Execute KillDisk on Target Computers
● The KillDisk malware was used to erases selected files on target systems and corrupts the master boot record, which
renders the systems inoperable.
Social
Engineering
Gained
entry to
the
network
+
Spear
Phishing
Key factors that caused the attack to happen 8
9. The story of the attack - Who
Alleged Russian
Cybermilitary unit with the
purpose of cyberespionage
and cyberwarfare
Attributed with using
BlackEnergy targeted attacks.
BlackEnergy3 is a tool used by
Sandworm for cyber espionage
in the Ukraine power grid attack
Responsible for the
December 2015 Ukraine
power grid attack.
9
10. Consequences of the attack
● It is considered to be the first known successful cyberattack on a power grid.
● Hackers were able to successfully compromise information systems of three energy
distribution companies in Ukraine and temporarily disrupt electricity supply to the end
consumers.
● Most affected were consumers of Prykarpattyaoblenergo: The attack resulted in power
outages for 30 substations were switched off, and about 230 thousand people were left
without electricity for a period from 1 to 6 hours.
10
11. Consequences of the attack cont.
● The malware disconnected electrical substations, causing the blackout.
● To restore the normal activity of the substations manual intervention by on-site operators was
necessary, including switching the dispatch control center from “automatic to manual mode”, as
the hackers had infected the SCADA’s manufacturer firmware.
● However, once restored, the impacted infrastructures kept on functioning under constrained
operations.
● According to the CISO at security company SentinelOne, this group had very good intelligence as
they knew how to engineer the highest probability that someone will click a malicious link and
activate the BlackEnergy malware - in most attacks, it is the human factor that leads to the
infiltration.
11
12. Kinematics of the cyberattack
Step 1: Malware in the mail! (BlackEnergy)
● The malware used in the Ukraine power grid attack in 2015 was called "BlackEnergy." It was a malicious software that
was specifically designed to target industrial control systems (ICS) and was used to disrupt the power grid in Ukraine.
● BlackEnergy was delivered through a spear-phishing email that contained a malicious attachment, which when
opened, installed the malware on the target's computer. The malware was capable of compromising and controlling
the systems that were responsible for controlling the power grid, causing widespread power outages in Ukraine.
● BlackEnergy was a sophisticated malware that was well-designed to hide its presence and avoid detection. It used a
variety of techniques, such as code obfuscation, rootkit functionality, and encrypted communication, to evade security
systems and hide its presence on the infected system.
● The attack on the Ukraine power grid was a significant event in the world of cyber security, as it was one of the first
instances of a successful attack on a critical infrastructure that resulted in widespread power outages. The incident
highlighted the importance of securing industrial control systems and the need for better security measures to
protect against similar attacks in the future.
12
13. ● The diagram is a simplified
view of the network
architectures (i.e., Internet,
IT, OT) and will help depict
each step of the
cyberattack.
● The hacker is shown as the
"black hat guy" at the top
right side.
● The hacker used the utility's
IT connection to the Internet
as the channel to prepare
and eventually trigger the
cyberattack.
13
14. Step 2: Attack preparation, network scans, and advanced persistent threat (APT)
● The BlackEnergy malware was remotely controlled to collect data, hop from one host to
another, detect vulnerabilities, and even make its way onto the OT network and perform
similar "reconnaissance" activities.
● Forensic data analysis about this phase is incomplete, because the hacker did some
cleaning up and wiped out several disks during the actual attack. Nevertheless, prior
analysis of BlackEnergy, as well as reasonable considerations about the standard process
used for cyberattacks, makes the following reconstitution probable with reasonable
confidence.
14
15. Step 3: Triggering the cyberattack
● In the afternoon two days before Christmas, as stated by an operator, the mouse moved on the human-machine interface (HMI)
and started switching off breakers remotely.
● When the local operator attempted to regain control of the supervision interface, he was logged off and could not log in again,
because the password had been changed.
● The whole attack only lasted for a couple of minutes. The hacker used the preinstalled malware to remotely take control of the
HMI and switch off most of the switchgears of the grids. Additional malware, in particular the custom-developed exploit, was used
to prevent the operator from regaining control of the network by wiping out many disks (using KillDisk) and overwriting the
Ethernet-to-serial gateway firmware with random code, thus turning the devices into unrecoverable pieces of scrap.
● Additional "bonus" activities included performing a distributed denial-of-service attack on the call center, preventing customers
from contacting the distributor, and switching off the uninterruptible power supply to shut down the power on the control center
itself.
● This step was obviously aimed at switching off the power for hundreds of thousands of western Ukrainian subscribers connected
to the grid. However, most of the effort was spent making sure that the power would not be switched on again: all specific
malwares were developed with that objective. Once triggered, the only way for the operator to prevent that issue was to stop the
attack as it was performed.
15
16. Would traditional perimeter defenses mitigate
such a threat?
Even though the network in Ukraine’s distribution centers were segregated with a firewall, the
attackers were still able to steal employees’ credentials and gain access to systems controlling
the breakers. This shows us that having a firewall as the only security system would not be able
to mitigate threats from cyber attacks.
Other traditional perimeter defenses such as the Intrusion Detection System (IDS) and Intrusion
Prevention System (IPS) may be able to mitigate this issue. Even if attackers get past the firewall,
they can be detected and stopped by the IPS. If they are able to reach an end-user computer and
try to install malware, IPS can detect and remove it with an antivirus. If the firewall had a 2 factor
authentication security system, the threat of such an attack could have been mitigated.
16
17. IDS and IPS Perimeter Defense Systems
Intrusion Detection System (IDS)
● A reactive measure.
● It can weed out malware (such as
BlackEnergy3 and KillDisk) and detect
social engineering (such as spear
phishing) assaults that manipulate
users into revealing sensitive
information (employees’ credentials).
Intrusion Prevention System (IPS)
● A proactive approach.
● Drops malicious packets, blocks
offending IPs and alerts security
personnel to potential threats.
It is evident that traditional perimeter defence systems such as IDS, IPS, or firewalls
coupled with authentication security systems can mitigate the threat of such attacks
but not completely eliminate it.
17
18. Missing Defense Approaches
The absence of the following elements in the Ukraine’s networks allowed the attackers to succeed:
1. Employees’ cyber security awareness.
a. Identify suspicious emails and files.
1. An ICS Network securely configured.
a. Separate credentials for ICS and Business networks.
b. Network Security Monitoring (NSM) → identify new connections and encrypted
communications.
1. Better control over remote access functionality.
a. Only operator with logging, and automatic signed out.
b. Multi-factor authentication.
1. Credentials monitoring.
a. Network unusual activities, network traffic.
18
19. Detection and prevention of a similar attack
Detection and prevention of the Ukraine power grid attack in 2015 required a multi-layered approach, involving both technical and
non-technical measures. Some of the key measures that could have been used to detect and prevent the attack include:
1. Endpoint security: Installing anti-virus and anti-malware software on all endpoints and keeping them up to date would have
helped detect and prevent the delivery of BlackEnergy.
2. Email security: Implementing email filtering and anti-spam measures, as well as training employees on how to identify and
avoid phishing emails, would have helped prevent the delivery of the malicious email that carried the malware.
3. Network security: Deploying firewalls, intrusion detection systems, and other network security measures would have helped
detect and prevent the spread of the malware within the network.
4. Patch management: Keeping all software and systems up to date with the latest patches and security updates would have
helped prevent vulnerabilities from being exploited.
5. Backups and recovery: Regularly backing up critical data and having a robust disaster recovery plan in place would have
helped minimize the impact of the attack and enable a faster recovery.
6. Monitoring and logging: Implementing comprehensive monitoring and logging of all systems and network activity would have
provided visibility into the attack and helped with incident response and recovery.
7. Physical security: Implementing physical security measures, such as access control and video surveillance, would have
helped secure the physical systems and components of the power grid.
It's worth noting that cyber attacks are constantly evolving, and there is no single measure that can provide complete protection
against them. However, implementing a combination of technical and non-technical measures, and regularly reviewing and
updating them, can help reduce the risk of successful attacks and minimize the impact if an attack does occur. 19
20. Takeaways
● In 2015, Ukrainian Energy Company substations were targeted and successfully taken down
by the Sandworm Group.
● This attack was not the result of a single vulnerability, but a handful of small network and
design shortcomings.
● From this experience, we learned that effective cyber security must includes people,
hardware, software, policies, and procedures, regardless the purpose of the network.
● Events like this one have to be prevented to ensure the security and safety of the
population.
● The positive outcome of this attack is the reaction of the energy companies. After this
incident, they evaluated their security postures and consider implementing the suggested
approaches discussed in this presentation.
20
21. References
Don, J. (n.d.). Lessons learned from a forensic analysis of the Ukrainian Power Grid cyberattack. Lessons Learned From a Forensic Analysis of the
Ukrainian Power Grid Cyberattack. Retrieved February 2, 2023, from https://blog.isa.org/lessons-learned-forensic-analysis-ukrainian-power-grid-
cyberattack-malware
Intrusion Detection & Prevention: Systems to detect & prevent attacks: Imperva. Learning Center. (2019, December 29). Retrieved February 2, 2023,
from https://www.imperva.com/learn/application-security/intrusion-detection-prevention/
Kaspersky Lab, “Newly discovered BlackEnergy spear-phishing campaign targets Ukrainian entities”, (28 January 2016), Kaspersky.
Krigman, A. (2020, October 22). Cyber Autopsy Series: Ukrainian Power Grid Attack Makes History. https://www.globalsign.com/en/blog/cyber-
autopsy-series-ukranian-power-grid-attack-makes-
history#:~:text=The%20company's%20computer%20and%20SCADA,was%20malware%20known%20as%20BlackEnergy.
Mikova, T. (2018). Cyber Attack on Ukraine Power Grid. https://is.muni.cz/th/uok5b/BP_Mikova_final.pdf
Vijayan, J. (2022, April 13). Russian Group Sandworm Foiled in Attempt to Disrupt Ukraine Power Grid. https://www.darkreading.com/attacks-
breaches/-russian-group-sandworm-s-attempt-to-disrupt-ukraine-power-grid-foiled
Ukraine cyber-induced power outage: Analysis and practical mitigation ... (n.d.). Retrieved February 2, 2023, from
https://na.eventscloud.com/file_uploads/aed4bc20e84d2839b83c18bcba7e2876_Owens1.pdf
Zetter, Kim (3 March 2016). "Inside the cunning, unprecedented hack of Ukraine's power grid". Wired. San Francisco, California, USA. ISSN 1059-
1028. Archived from the original on 2021-02-08. Retrieved 2021-02-08.
Lee, Robert, Michael Assante, and Tim Conway. “Analysis of the Cyber Attack on the Ukrainian Power Grid.” Electricity Information Sharing and
Analysis Center & SANS Industrial Control Systems, March 18, 2016.
http://www.nerc.com/pa/CI/ESISAC/Documents/E‐ISAC_SANS_Ukraine_DUC_18Mar2016.pdf.
21