152 results found
Buczkowski P, Malacaria P, Hankin C, et al., 2022, Optimal Security Hardening over a Probabilistic Attack Graph, SaT-CPS 2022 - Proceedings of the 2022 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems, Pages: 21-30
CySecTool is a tool that finds a cost-optimal security controls portfolio in a given budget for a probabilistic attack graph. A portfolio is a set of counter-measures, or controls, against vulnerabilities adopted for a computer system, while an attack graph is a type of a threat scenario model. In an attack graph, nodes are privilege states of the attacker, edges are vulnerabilities escalating privileges, and controls reduce the probabilities of some vulnerabilities being exploited. The tool builds on an optimisation algorithm published by Khouzani et al., enabling a user to quickly create, edit, and incrementally improve models, analyse results for given portfolios and display the best solutions for all possible budgets in the form of a Pareto frontier. A case study was performed utilising a system graph and suspected attack paths prepared by industrial security engineers based on an industrial source with which they work. The goal of the case study is to model a supervisory control and data acquisition (SCADA) industrial system which, due to having a potential to harm people, necessitates strong protection while not allowing to use of typical penetration tools like vulnerability scanners. Results are analysed to show how a cyber-security analyst would use CySecTool to store cyber-security intelligence and draw further conclusions.
Barrere Cambrun M, Hankin C, 2021, Analysing mission-critical cyber-physical systems with AND/OR graphs and MaxSAT, ACM Transactions on Cyber-Physical Systems, Vol: 5, Pages: 1-29, ISSN: 2378-962X
Cyber-Physical Systems (CPS) often involve complex networks of interconnected software and hardware components that are logically combined to achieve a common goal or mission, for example, keeping a plane in the air or providing energy to a city. Failures in these components may jeopardise the mission of the system. Therefore, identifying the minimal set of critical CPS components that is most likely to fail, and prevent the global system from accomplishing its mission, becomes essential to ensure reliability. In this paper, we present a novel approach to identifying the Most Likely Mission-critical Component Set (MLMCS) using AND/OR dependency graphs enriched with independent failure probabilities. We address the MLMCS problem as a Maximum Satisfiability (MaxSAT) problem. We translate probabilities into a negative logarithmic space in order to linearise the problem within MaxSAT. The experimental results conducted with our open source tool LDA4CPS indicate that the approach is both effective and efficient. We also present a case study on complex aircraft systems that shows the feasibility of our approach and its applicability to mission-critical cyber-physical systems. Finally, we present two MLMCS-based security applications focused on system hardening and forensic investigations.
Zizzo G, Hankin C, Maffeis S, et al., 2020, Adversarial attacks on time-series intrusion detection for industrial control systems, The 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Publisher: Institute of Electrical and Electronics Engineers
Neural networks are increasingly used for intrusiondetection on industrial control systems (ICS). With neuralnetworks being vulnerable to adversarial examples, attackerswho wish to cause damage to an ICS can attempt to hidetheir attacks from detection by using adversarial exampletechniques. In this work we address the domain specificchallenges of constructing such attacks against autoregressivebased intrusion detection systems (IDS) in a ICS setting.We model an attacker that can compromise a subset ofsensors in a ICS which has a LSTM based IDS. The attackermanipulates the data sent to the IDS, and seeks to hide thepresence of real cyber-physical attacks occurring in the ICS.We evaluate our adversarial attack methodology on theSecure Water Treatment system when examining solely continuous data, and on data containing a mixture of discrete andcontinuous variables. In the continuous data domain our attacksuccessfully hides the cyber-physical attacks requiring 2.87 outof 12 monitored sensors to be compromised on average. Withboth discrete and continuous data our attack required, onaverage, 3.74 out of 26 monitored sensors to be compromised.
Barrere Cambrun M, Hankin C, 2020, MaxSAT Evaluation 2020 - Benchmark: Identifying maximum probability minimal cut sets in fault trees, MaxSAT Evaluation 2020 (affiliated with SAT 2020), Publisher: University of Helsinki, Department of Computer Science
This paper presents a MaxSAT benchmark focused on the identification of Maximum Probability Minimal Cut Sets (MPMCSs) in fault trees. We address the MPMCS problem by transforming the input fault tree into a weighted logical formula that is then used to build and solve a Weighted Partial MaxSAT problem. The benchmark includes 80 cases with fault trees of different size and composition as well as the optimal cost and solution for each case.
Barrere M, Hankin C, Nicolau N, et al., 2020, Measuring cyber-physical security in industrial control systems via minimum-effort attack strategies, Journal of Information Security and Applications, Vol: 52, Pages: 1-17, ISSN: 2214-2126
In recent years, Industrial Control Systems (ICS) have become increasingly exposed to a wide range of cyber-physical attacks, having massive destructive consequences. Security metrics are therefore essential to assess and improve their security posture. In this paper, we present a novel ICS security metric based on AND/OR graphs and hypergraphs which is able to efficiently identify the set of critical ICS components and security measures that should be compromised, with minimum cost (effort) for an attacker, in order to disrupt the operation of vital ICS assets. Our tool, META4ICS (pronounced as metaphorics), leverages state-of-the-art methods from the field of logical satisfiability optimisation and MAX-SAT techniques in order to achieve efficient computation times. In addition, we present a case study where we have used our system to analyse the security posture of a realistic Water Transport Network (WTN).
Barrere Cambrun M, Hankin C, 2020, Fault Tree Analysis: Identifying Maximum Probability Minimal Cut Sets with MaxSAT, 50th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2020), Publisher: IEEE
In this paper, we present a novel MaxSAT-based technique to compute Maximum Probability Minimal Cut Sets (MPMCSs) in fault trees. We model the MPMCS problem as a Weighted Partial MaxSAT problem and solve it using a parallel SAT-solving architecture. The results obtained with our open source tool indicate that the approach is effective and efficient.
Li T, Feng C, Hankin C, 2020, Scalable Approach to Enhancing ICS Resilience by Network Diversity, 50th IEEE/IFIP Annual International Conference on Dependable Systems and Networks (DSN), Publisher: IEEE COMPUTER SOC, Pages: 398-410, ISSN: 1530-0889
Barrère M, Hankin C, 2020, Fault Tree Analysis: Identifying Maximum Probability Minimal Cut Sets with MaxSAT., Publisher: IEEE, Pages: 53-54
Hankin C, Barrère M, 2020, Trustworthy Inter-connected Cyber-Physical Systems, Critical Information Infrastructures Security, Publisher: Springer International Publishing, Pages: 3-13, ISBN: 9783030582944
In this paper we identify some of the particular challenges that are encountered when trying to secure cyber-physical systems. We describe three of our current activities: the architecture of a system for monitoring cyber-physical systems; a new approach to modelling dependencies in such systems which leads to a measurement of the security of the system – interpreted as the least effort that an attacker has to expend to compromise the operation; and an approach to optimising the diversity of products used in a system with a view to slowing the propagation of malware. We conclude by discussing how these different threads of work contribute to meeting the challenges and identify possible avenues for future development, as well as providing some pointers to other work.
Maple C, Davies P, Eder K, et al., 2020, CyRes - Avoiding Catastrophic Failure in Connected and Autonomous Vehicles (Extended Abstract)., CoRR, Vol: abs/2006.14890
Barrere Cambrun M, Hankin C, Nicolaou N, et al., 2019, MaxSAT Evaluation 2019 - Benchmark: Identifying Security-Critical Cyber-Physical Components in Weighted AND/OR Graphs, MaxSAT Evaluation 2019 (affiliated with SAT 2019), Pages: 32-33
This paper presents a MaxSAT benchmark focused on identifying critical nodes in AND/OR graphs. We use AND/OR graphs to model Industrial Control Systems (ICS) as they are able to semantically grasp intricate logical interdependencies among ICS components. However, identifying critical nodes in AND/OR graphs is an NP-complete problem. We address this problem by efficiently transforming the input AND/OR graph-based model into a weighted logical formula that is then used to build and solve a Weighted Partial MaxSAT problem. The benchmark includes 80 cases with AND/OR graphs of different size and composition as well as the optimal cost and solution for each case.
Barrère M, Hankin C, Eliades DG, et al., 2019, Assessing cyber-physical security in industrial control systems, 6th International Symposium for ICS & SCADA Cyber Security Research 2019, Publisher: BCS Learning & Development, Pages: 49-58
Over the last years, Industrial Control Systems (ICS) have become increasingly exposed to a wide range of cyber-physical threats. Efficient models and techniques able to capture their complex structure and identify critical cyber-physical components are therefore essential. AND/OR graphs have proven very useful in this context as they are able to semantically grasp intricate logical interdependencies among ICS components. However, identifying critical nodes in AND/OR graphs is an NP-complete problem. In addition, ICS settings normally involve various cyber and physical security measures that simultaneously protect multiple ICS components in overlapping manners, which makes this problem even harder. In this paper, we present an extended security metric based on AND/OR hypergraphs which efficiently identifies the set of critical ICS components and security measures that should be compromised, with minimum cost (effort) for an attacker, in order to disrupt the operation of vital ICS assets. Our approach relies on MAX-SAT techniques, which we have incorporated in META4ICS, a Java-based security metric analyser for ICS. We also provide a thorough performance evaluation that shows the feasibility of our method. Finally, we illustrate our methodology through a case study in which we analyse the security posture of a realistic Water Transport Network (WTN).
Zizzo G, Hankin C, Maffeis S, et al., 2019, Adversarial machine learning beyond the image domain, the 56th Annual Design Automation Conference 2019, Publisher: ACM Press
Machine learning systems have had enormous success in a wide range of fields from computer vision, natural language processing, and anomaly detection. However, such systems are vulnerable to attackers who can cause deliberate misclassification by introducing small perturbations. With machine learning systems being proposed for cyber attack detection such attackers are cause for serious concern. Despite this the vast majority of adversarial machine learning security research is focused on the image domain. This work gives a brief overview of adversarial machine learning and machine learning used in cyber attack detection and suggests key differences between the traditional image domain of adversarial machine learning and the cyber domain. Finally we show an adversarial machine learning attack on an industrial control system.
Barrère M, Hankin C, Nicolau N, et al., 2019, Identifying security-critical cyber-physical components in industrial control systems, Publisher: arxiv
In recent years, Industrial Control Systems (ICS) have become an appealingtarget for cyber attacks, having massive destructive consequences. Securitymetrics are therefore essential to assess their security posture. In thispaper, we present a novel ICS security metric based on AND/OR graphs thatrepresent cyber-physical dependencies among network components. Our metric isable to efficiently identify sets of critical cyber-physical components, withminimal cost for an attacker, such that if compromised, the system would enterinto a non-operational state. We address this problem by efficientlytransforming the input AND/OR graph-based model into a weighted logical formulathat is then used to build and solve a Weighted Partial MAX-SAT problem. Ourtool, META4ICS, leverages state-of-the-art techniques from the field of logicalsatisfiability optimisation in order to achieve efficient computation times.Our experimental results indicate that the proposed security metric canefficiently scale to networks with thousands of nodes and be computed inseconds. In addition, we present a case study where we have used our system toanalyse the security posture of a realistic water transport network. We discussour findings on the plant as well as further security applications of ourmetric.
Hankin CL, Serban O, Thapen N, et al., 2019, Real-time processing of social media with SENTINEL: a syndromic surveillance system incorporating deep learning for health classification, Information Processing and Management, Vol: 56, Pages: 1166-1184, ISSN: 0306-4573
Interest in real-time syndromic surveillance based on social media data has greatly increased in recent years.The ability to detect disease outbreaks earlier than traditional methods would be highly useful for publichealth officials. This paper describes a software system which is built upon recent developments in machinelearning and data processing to achieve this goal. The system is built from reusable modules integrated intodata processing pipelines that are easily deployable and configurable. It applies deep learning to the problemof classifying health-related tweets and is able to do so with high accuracy. It has the capability to detectillness outbreaks from Twitter data and then to build up and display information about these outbreaks,including relevant news articles, to provide situational awareness. It also provides nowcasting functionalityof current disease levels from previous clinical data combined with Twitter data.The preliminary results are promising, with the system being able to detect outbreaks of influenza-likeillness symptoms which could then be confirmed by existing official sources. The Nowcasting module showsthat using social media data can improve prediction for multiple diseases over simply using traditional datasources.
Fatourou P, Hankin C, 2019, Welcome to the Europe Region Special Section, COMMUNICATIONS OF THE ACM, Vol: 62, Pages: 30-30, ISSN: 0001-0782
Barrere Cambrun M, Hankin C, Barboni A, et al., 2019, CPS-MT: a real-time cyber-physical system monitoring tool for security Research, 24th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications (RTCSA2018), Publisher: IEEE
Monitoring systems are essential to understand and control the behaviour of systems and networks. Cyber-physical systems (CPS) are particularly delicate under that perspective since they involve real-time constraints and physical phenomena that are not usually considered in common IT solutions. Therefore, there is a need for publicly available monitoring tools able to contemplate these aspects. In this poster/demo, we present our initiative, called CPS-MT, towards a versatile, real-time CPS monitoring tool, with a particular focus on security research. We first present its architecture and main components, followed by a MiniCPS-based case study. We also describe a performance analysis and preliminary results. During the demo, we will discuss CPS-MT’s capabilities and limitations for security applications.
Craggs B, Rashid A, Hankin C, et al., 2019, A reference architecture for IIoT and industrial control systems testbeds
Conducting cyber security research within live operational technology and industrial Internet of Things environments is, understandably, not practical and as such research needs to be undertaken within non-live mimics or testbeds. However, testbeds and especially those which are built using real-world infrastructure are expensive to develop and maintain. Moreover, such testbeds tend to be representative of a single industry vertical (often based upon the skill set or research focus) and built in isolation. In this paper we present a reference architecture, developed whilst designing and building the Bristol Cyber Security Group ICS/IIoT testbed for critical national infrastructure security research.
Zizzo G, Hankin C, Maffeis S, et al., 2019, Intrusion Detection for Industrial Control Systems: Evaluation Analysis and Adversarial Attacks., CoRR, Vol: abs/1911.04278
Zizzo G, Hankin C, Maffeis S, et al., 2019, Deep Latent Defence., CoRR, Vol: abs/1910.03916
Fatourou P, Hankin C, 2019, Welcome to the Europe region special section., Commun. ACM, Vol: 62, Pages: 28-28
Larus J, Hankin C, 2018, Regulating Automated Decision Making, COMMUNICATIONS OF THE ACM, Vol: 61, Pages: 5-5, ISSN: 0001-0782
Li T, Feng C, Hankin C, 2018, Improving ICS Cyber Resilience through Optimal Diversification of Network Resources
Network diversity has been widely recognized as an effective defense strategyto mitigate the spread of malware. Optimally diversifying network resources canimprove the resilience of a network against malware propagation. This workproposes an efficient method to compute such an optimal deployment, in thecontext of upgrading a legacy Industrial Control System with modern ITinfrastructure. Our approach can tolerate various constraints when searchingfor an optimal diversification, such as outdated products and strictconfiguration policies. We explicitly measure the vulnerability similarity ofproducts based on the CVE/NVD, to estimate the infection rate of malwarebetween products. A Stuxnet-inspired case demonstrates our optimaldiversification in practice, particularly when constrained by variousrequirements. We then measure the improved resilience of the diversifiednetwork in terms of a well-defined diversity metric and Mean-time-to-compromise(MTTC), to verify the effectiveness of our approach. We further evaluate threefactors affecting the performance of the optimization, such as the networkstructure, the variety of products and constraints. Finally, we show thecompetitive scalability of our approach in finding optimal solutions within acouple of seconds to minutes for networks of large scales (up to 10,000 hosts)and high densities (up to 240,000 edges).
Li T, Hankin C, 2017, Effective Defence Against Zero-Day Exploits Using Bayesian Networks, The 11th International Conference on Critical Information Infrastructures Security
Martin G, Kinross J, Hankin C, 2017, Effective cybersecurity is fundamental to patient safety, British Medical Journal, Vol: 357, ISSN: 1468-5833
Kodagoda N, Pontis S, Simmie D, et al., 2016, Using Machine Learning to Infer Reasoning Provenance From User Interaction Log Data: Based on the Data/Frame Theory of Sensemaking, JOURNAL OF COGNITIVE ENGINEERING AND DECISION MAKING, Vol: 11, Pages: 23-41, ISSN: 1555-3434
Thapen N, Simmie D, Hankin CL, 2016, The early bird catches the term: combining twitter and news data for event detection and situational awareness, Journal of Biomedical Semantics, Vol: 7, ISSN: 2041-1480
Background: Twitter updates now represent an enormous stream of information originating from a wide variety offormal and informal sources, much of which is relevant to real-world events. They can therefore be highly useful forevent detection and situational awareness applications.Results: In this paper we apply customised filtering techniques to existing bio-surveillance algorithms to detectlocalised spikes in Twitter activity, showing that these correspond to real events with a high level of confidence. Wethen develop a methodology to automatically summarise these events, both by providing the tweets which bestdescribe the event and by linking to highly relevant news articles. This news linkage is accomplished by identifyingterms occurring more frequently in the event tweets than in a baseline of activity for the area concerned, and usingthese to search for news. We apply our methods to outbreaks of illness and events strongly affecting sentiment andare able to detect events verifiable by third party sources and produce high quality summaries.Conclusions: This study demonstrates linking event detection from Twitter with relevant online news to providesituational awareness. This builds on the existing studies that focus on Twitter alone, showing that integratinginformation from multiple online sources can produce useful analysis.
Fielder A, Li T, Hankin C, 2016, Defense-in-depth vs. Critical Component Defense for Industrial Control Systems, International Symposium for ICS & SCADA Cyber Security, Publisher: BCS Learning & Development Ltd.
Originally designed as self-contained and isolated networks, Industrial Control Systems (ICS) have evolved tobecome increasingly interconnected with IT systems and other wider networks and services, which enablescyber attacks to sabotage the normal operation of ICS. This paper proposes a simulation of attackers anddefenders, who have limited resources that must be applied to either advancing the technology they haveavailable to them or attempting to attack (defend) the system. The objective is to identify the appropriatedeployment of specific defensive strategy, such as Defense-in-depth and Critical Component Defense.The problem is represented as a strategic competitive optimisation problem, which is solved using a coevolutionaryParticle Swarm Optimisation problem. Through the development of optimal defense strategies,it is possible to identify when each specific defensive strategies is most appropriate; where the optimaldefensive strategy depends on the kind of attacker the system is expecting and the structure of the network.
This data is extracted from the Web of Science and reproduced under a licence from Thomson Reuters. You may not copy or re-distribute this data in whole or in part without the written consent of the Science business of Thomson Reuters.