• DocumentCode
    173467
  • Title

    Intrusion detection system using Honey Token based Encrypted Pointers to mitigate cyber threats for critical infrastructure networks

  • Author

    Asif, M.K. ; Al-Harthi, Y.S.

  • Author_Institution
    Dept. of Electr. Eng., King Saud Univ., Riyadh, Saudi Arabia
  • fYear
    2014
  • fDate
    5-8 Oct. 2014
  • Firstpage
    1266
  • Lastpage
    1270
  • Abstract
    Recent advancements in cyberspace impose a greater threat to the security of critical infrastructure than ever before. The scale of damage that could be done on these infrastructures by well-planned cyber-attacks is enormous. Most of the research work done for the security of these critical infrastructures focuses on conventional security measures. In this paper, we designed an Intrusion Detection System (IDS) that is based on the novel approach of Honey Token based Encrypted Pointers to prevent critical infrastructure networks from cyber-attacks particularly from zero day cyber threats. These honey tokens inside the frame will serve as a trap for the attacker. All nodes operating within the working domain of critical infrastructure network are divided into four different pools. This division is based according to their computational power and level of vulnerability. These pools are provided with different levels of security measures within the network. IDS use different number of Honey Tokens (HT) per frame for every different pool. Moreover every pool uses different types of encryption schemes (AES-128,192,256) etc. We use critical infrastructure network of 64 nodes for our simulations. We analyzed the performance of IDS in terms of True Positive and False Negative Alarms. Finally we test this IDS through Network Penetration Testing (NPT). This NPT is accomplished by putting the critical infrastructure network of 64 nodes directly under the zero day cyber-attacks and then we analyze the behavior of the IDS under such realistic conditions. The IDS is designed in such a way that it not only detects the intrusions but also recovers the entire zero day attack using reverse engineering approach.
  • Keywords
    computer network security; critical infrastructures; cryptography; reverse engineering; IDS; NPT; critical infrastructure networks; cyber-attacks; encryption schemes; false negative alarms; honey token based encrypted pointers; intrusion detection system; network penetration testing; reverse engineering approach; true positive alarms; zero day cyber threats; Databases; Encryption; Generators; Intrusion detection; Protocols; Critical Infrastructure Networks; Cyber Security; Cyber Space; Cyber Threats; Cyber Warfare; DNP3; Distributed Sensor Networks; Encrypted Pointers; Honey Token; Industrial Communication Protocol; Industrial Networks; Information Infrastructure; Information Security; Intelligence Infrastructure; Intrusion Detection System; SCADA Command and Control System; Zero Day Attacks;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Systems, Man and Cybernetics (SMC), 2014 IEEE International Conference on
  • Conference_Location
    San Diego, CA
  • Type

    conf

  • DOI
    10.1109/SMC.2014.6974088
  • Filename
    6974088