Your search keyword '"Philipp Kreimel"' showing total 6 results

1. Anomaly Detection in Communication Networks of Cyber-physical Systems using Cross-over Data Compression

Author

Paul Tavolato, Hubert Schölnast, and Philipp Kreimel

Subjects

Cross over, Computer science, Real-time computing, Cyber-physical system, Anomaly detection, Telecommunications network, Data compression

Published

2020

2. Anomaly detection in substation networks

Author

Paul Tavolato, Philipp Kreimel, Antonella Santone, Francesco Mercaldo, and Oliver Eigner

Subjects

Model checking, Computer Networks and Communications, Computer science, 020209 energy, 02 engineering and technology, Anomaly detection, computer.software_genre, Domain (software engineering), Distribution system, Intrusion, SCADA, 0202 electrical engineering, electronic engineering, information engineering, Formal methods, Neural networks, Substation, Safety, Risk, Reliability and Quality, Artificial neural network, business.industry, Information technology, 020207 software engineering, Data mining, business, computer, Software

Abstract

Fundamental components of the distribution systems of electric energy are primary and secondary substation networks. Considering the incorporation of legacy communication infrastructure in these systems, they often have in- herent cybersecurity vulnerabilities. Moreover, traditional intrusion defence strategies for IT systems are often not applicable. With the aim to improve cybersecurity in substation networks, in this paper we present two methods for monitoring SCADA system: the first one exploiting neural networks, while the second one is based on formal methods. To evaluate the effective- ness of the proposed methods, we conducted experiments on a real test bed representing the substation domain as close to real-world as possible. From this test bed we collect data during normal operation and during situations where the system is under attack. To this end several different types of attack are conducted. The data collected is used to test two versions of the mon- itoring system: one based on machine learning with a neural network and one using a model-checking approach. Moreover, the two proposed models are tested with new data to evaluate their performance. The experiments demonstrate that both methods obtain an accuracy greater than 90%. In particular, the methodology based on formal methods achieves better per- formance if compared to the one based on neural networks.

Published

2020

3. Neural Net-Based Anomaly Detection System in Substation Networks

Author

Paul Tavolato and Philipp Kreimel

Subjects

Artificial neural network, Computer science, Network packet, business.industry, Information technology, computer.software_genre, Domain (software engineering), Distribution system, Electric power system, IEC 61850, Anomaly detection, Data mining, business, computer

Abstract

Important components of the electric energy distribution systems are primary and secondary substations. Due to the incorporation of legacy communication infrastructure in these systems, they often have inherent cyber-security vulnerabilities. Further, traditional intrusion defence strategies for IT systems are often not applicable. In order to improve cyber-security in substation networks, this paper presents a neural net-based monitoring system. Further, to evaluate the applicability of the system, all experiments were conducted on a real test bed, which represents the substation domain as close as possible to reality. The proposed monitoring system covers several tasks. First, relevant network packets are acquired from network traffic and analysed. Based on these packets statistical features are extracted. Then, classes are defined, and a normal behaviour model of the network is trained by the neural net. New network traffic is compared to the model, in order to determine the nature of the traffic and identify potential anomalies. Finally, the monitoring system is evaluated by conducting several supervised and unsupervised network attacks against the test bed.

Published

2019

4. Attacks on Industrial Control Systems - Modeling and Anomaly Detection

Author

Oliver Eigner, Paul Tavolato, and Philipp Kreimel

Subjects

Computer science, Real-time computing, 0202 electrical engineering, electronic engineering, information engineering, 020206 networking & telecommunications, 020201 artificial intelligence & image processing, Anomaly detection, 02 engineering and technology, Industrial control system

Published

2018

5. Anomaly-Based Detection and Classification of Attacks in Cyber-Physical Systems

Author

Philipp Kreimel, Oliver Eigner, and Paul Tavolato

Subjects

Anomaly-based intrusion detection system, Computer science, business.industry, Anomaly (natural sciences), Cyber-physical system, 02 engineering and technology, Machine learning, computer.software_genre, Attack model, Naive Bayes classifier, 020204 information systems, Outlier, 0202 electrical engineering, electronic engineering, information engineering, One-class classification, 020201 artificial intelligence & image processing, Anomaly detection, Data mining, Artificial intelligence, business, computer

Abstract

Cyber-physical systems are found in industrial and production systems, as well as critical infrastructures. Due to the increasing integration of IP-based technology and standard computing devices, the threat of cyber-attacks on cyber-physical systems has vastly increased. Furthermore, traditional intrusion defense strategies for IT systems are often not applicable in operational environments. In this paper we present an anomaly-based approach for detection and classification of attacks in cyber-physical systems. To test our approach, we set up a test environment with sensors, actuators and controllers widely used in industry, thus, providing system data as close as possible to reality. First, anomaly detection is used to define a model of normal system behavior by calculating outlier scores from normal system operations. This valid behavior model is then compared with new data in order to detect anomalies. Further, we trained an attack model, based on supervised attacks against the test setup, using the naive Bayes classifier. If an anomaly is detected, the classification process tries to classify the anomaly by applying the attack model and calculating prediction confidences for trained classes. To evaluate the statistical performance of our approach, we tested the model by applying an unlabeled dataset, which contains valid and anomalous data. The results show that this approach was able to detect and classify such attacks with satisfactory accuracy.

Published

2017

6. Detection of Man-in-the-Middle Attacks on Industrial Control Networks

Author

Paul Tavolato, Oliver Eigner, and Philipp Kreimel

Subjects

Engineering, business.industry, Feature extraction, Real-time computing, Process control, Conveyor belt, Control engineering, Anomaly detection, Intrusion detection system, Industrial control system, Bregman divergence, Man-in-the-middle attack, business

Abstract

In this paper we present a method to detect Man-in-the-Middle attacks on industrial control systems. The approach uses anomaly detection by developing a model of normal behaviour of the industrial control system network. To come as close as possible to reality a simple industrial system, a conveyor belt with sensors and actuators, was set up with controllers widely used in industry. A machine learning approach based on the k-Nearest Neighbors algorithm with Bregman divergence was used to define a model of normal (valid) behaviour. Afterwards Man-in-the-Middle attacks were launched against the system and its behaviour during the attack was compared to the valid behaviour model. The results show that the approach taken was able to detect such attacks with satisfactory accuracy.

Published

2016