2022
Guilherme Rotth Zibetti, Juliano Araujo Wickboldt, Edison Pignaton de Freitas
Context-Aware Environment Monitoring to Support LPWAN-based Battlefield Applications Journal Article
In: Computer Communications, 189 , pp. 18–27, 2022, ISSN: 0140-3664.
Abstract Links BibTeX Tags: Context-Awareness Internet of Things (IoT) Low-Power Wide-Area Networks (LPWAN) Military & Tactical Networks Network Resilience
@article{journal/comcom/Zibetti22,
title = {Context-Aware Environment Monitoring to Support LPWAN-based Battlefield Applications},
author = {Guilherme Rotth Zibetti and Juliano Araujo Wickboldt and Edison Pignaton de Freitas},
url = {https://www.sciencedirect.com/science/article/pii/S0140366422000639},
doi = {10.1016/j.comcom.2022.02.020},
issn = {0140-3664},
year = {2022},
date = {2022-05-01},
urldate = {2021-08-06},
journal = {Computer Communications},
volume = {189},
pages = {18--27},
abstract = {The use of IoT-related technologies is growing in several areas. Applications of environmental monitoring, logistics, smart cities are examples of applications that benefit from advances in IoT. In the military context, IoT applications can support the decision-making process by delivering information collected directly from the battlefield to Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance (C4ISR) systems. Taking the benefit of the installed IoT network in the battlefield, the use of the data collected by the IoT nodes is a way to improve resiliency and increase the survivability of networks, as well as to optimize the use of available resources. Towards improving the communication network present on the battlefield, this work presents a context-aware environmental monitoring system that uses real-time battlefield information to increase military networks’ resilience and survivability. The proposed approach is validated by a proof-of-concept experiment. The obtained results show that the implementation of this system can improve the communication process even when the network is exposed to unfavorable climatic factors.},
keywords = {Context-Awareness, Internet of Things (IoT), Low-Power Wide-Area Networks (LPWAN), Military & Tactical Networks, Network Resilience},
pubstate = {published},
tppubtype = {article}
}
2016
Eduardo Germano da Silva, Anderson Santos da Silva, Juliano Araujo Wickboldt, Paul Smith, Lisandro Zambenedetti Granville, Alberto Egon Schaeffer-Filho
A One-Class NIDS for SDN-Based SCADA Systems Inproceedings
In: 40th IEEE Annual Computer Software and Applications Conference, COMPSAC 2016, Atlanta, GA, USA, June 10-14, 2016, pp. 303–312, IEEE Computer Society, 2016, ISSN: 0730-3157.
Abstract Links BibTeX Tags: Anomaly Detection Network Resilience SCADA Smart Grids Software-Defined Networking (SDN)
@inproceedings{DBLP:conf/compsac/SilvaSWSGS16,
title = {A One-Class NIDS for SDN-Based SCADA Systems},
author = {Eduardo Germano da Silva and Anderson Santos da Silva and Juliano Araujo Wickboldt and Paul Smith and Lisandro Zambenedetti Granville and Alberto Egon Schaeffer-Filho},
url = {https://doi.org/10.1109/COMPSAC.2016.32},
doi = {10.1109/COMPSAC.2016.32},
issn = {0730-3157},
year = {2016},
date = {2016-01-01},
booktitle = {40th IEEE Annual Computer Software and Applications Conference, COMPSAC 2016, Atlanta, GA, USA, June 10-14, 2016},
pages = {303--312},
publisher = {IEEE Computer Society},
abstract = {Power systems are undergoing an intense process of modernization, and becoming highly dependent on networked systems used to monitor and manage system components. These so-called Smart Grids comprise energy generation, transmission, and distribution subsystems, which are monitored and managed by Supervisory Control and Data Acquisition (SCADA) systems. In this paper, we discuss the benefits of using Software-Defined Networking (SDN) to assist in the deployment of next generation SCADA systems. We also present a specific Network-Based Intrusion Detection System (NIDS) for SDN-based SCADA systems, which uses SDN to capture network information and is responsible for monitoring the communication between power grid components. Our approach relies on SDN to periodically gather statistics from network devices, which are then processed by One-Class Classification (OCC) algorithms. Given that attack traces in SCADA networks are scarce and not publicly disclosed by utility companies, the main advantage of using OCC algorithms is that they do not depend on known attack signatures to detect possible malicious traffic. Our results indicate that OCC algorithms achieve an approximate accuracy of 98% and can be effectively used to detect cyber-attacks targeted against SCADA systems.},
keywords = {Anomaly Detection, Network Resilience, SCADA, Smart Grids, Software-Defined Networking (SDN)},
pubstate = {published},
tppubtype = {inproceedings}
}
Anderson Santos da Silva, Juliano Araujo Wickboldt, Lisandro Zambenedetti Granville, Alberto Egon Schaeffer-Filho
ATLANTIC: A framework for anomaly traffic detection, classification, and mitigation in SDN Inproceedings
In: 15th IEEE/IFIP Network Operations and Management Symposium, NOMS 2016, Istanbul, Turkey, April 25-29, 2016, pp. 27–35, IEEE, 2016, ISSN: 2374-9709.
Abstract Links BibTeX Tags: Anomaly Detection Network Resilience Software-Defined Networking (SDN)
@inproceedings{DBLP:conf/noms/SilvaWGF16,
title = {ATLANTIC: A framework for anomaly traffic detection, classification, and mitigation in SDN},
author = {Anderson Santos da Silva and Juliano Araujo Wickboldt and Lisandro Zambenedetti Granville and Alberto Egon Schaeffer-Filho},
url = {https://doi.org/10.1109/NOMS.2016.7502793},
doi = {10.1109/NOMS.2016.7502793},
issn = {2374-9709},
year = {2016},
date = {2016-01-01},
booktitle = {15th IEEE/IFIP Network Operations and Management Symposium, NOMS 2016, Istanbul, Turkey, April 25-29, 2016},
pages = {27--35},
publisher = {IEEE},
abstract = {Anomaly traffic detection and classification mechanisms need to be flexible and easy to manage in order to detect the ever growing spectrum of anomalies. Detection and classification are difficult tasks because of several reasons, including the need to obtain an accurate and comprehensive view of the network, the ability to detect the occurrence of new attack types, and the need to deal with misclassification. In this paper, we argue that Software-Defined Networking (SDN) form propitious environments for the design and implementation of more robust and extensible anomaly classification schemes. Different than other approaches from the literature, which individually tackle either anomaly detection or classification or mitigation, we present a management framework to perform these tasks jointly. Our proposed framework is called ATLANTIC and it combines the use of information theory to calculate deviations in the entropy of flow tables and a range of machine learning algorithms to classify traffic flows. As a result, ATLANTIC is a flexible framework capable of categorizing traffic anomalies and using the information collected to handle each traffic profile in a specific manner, e.g., blocking malicious flows.},
keywords = {Anomaly Detection, Network Resilience, Software-Defined Networking (SDN)},
pubstate = {published},
tppubtype = {inproceedings}
}
2015
Eduardo Germano da Silva, Luis Augusto Dias Knob, Juliano Araujo Wickboldt, Luciano Paschoal Gaspary, Lisandro Zambenedetti Granville, Alberto Egon Schaeffer-Filho
Capitalizing on SDN-based SCADA systems: An anti-eavesdropping case-study Inproceedings
In: 14th IFIP/IEEE International Symposium on Integrated Network Management, IM 2015, Ottawa, ON, Canada, 11-15 May, 2015, pp. 165–173, IEEE, 2015, ISSN: 1573-0077.
Abstract Links BibTeX Tags: Anomaly Detection Network Resilience SCADA Smart Grids Software-Defined Networking (SDN)
@inproceedings{DBLP:conf/im/SilvaKWGGF15,
title = {Capitalizing on SDN-based SCADA systems: An anti-eavesdropping case-study},
author = {Eduardo Germano da Silva and Luis Augusto Dias Knob and Juliano Araujo Wickboldt and Luciano Paschoal Gaspary and Lisandro Zambenedetti Granville and Alberto Egon Schaeffer-Filho},
url = {https://doi.org/10.1109/INM.2015.7140289},
doi = {10.1109/INM.2015.7140289},
issn = {1573-0077},
year = {2015},
date = {2015-01-01},
booktitle = {14th IFIP/IEEE International Symposium on Integrated Network Management, IM 2015, Ottawa, ON, Canada, 11-15 May, 2015},
pages = {165--173},
publisher = {IEEE},
abstract = {Power grids are responsible for the transmission and distribution of electricity to end-users. These systems are undergoing a modernization process through the use of Information and Communication Technology (ICT), transforming the electric system into Smart Grids. In this context, Supervisory Control and Data Acquisition (SCADA) systems are responsible for the management and monitoring of substations and field devices. In this paper, we investigate the use of SDN as an approach to assist in the modernization of SCADA systems. We discuss its possible benefits, such as simplified management of power system resources. Moreover, SDN can facilitate the creation of new network applications that previously, with traditional networks, were more complex to be implemented. To illustrate the benefits of the use of SDN in SCADA, we designed a mechanism that aims to prevent a possible eavesdropper from fully capturing communication flows between SCADA components. The mechanism was implemented as an SDN-based application for SCADA systems that uses multipath routing, which relies on SDN features to frequently modify communication routes between SCADA devices. Further, we performed an experimental evaluation to verify the impact and performance of the mechanism in the SCADA network.},
keywords = {Anomaly Detection, Network Resilience, SCADA, Smart Grids, Software-Defined Networking (SDN)},
pubstate = {published},
tppubtype = {inproceedings}
}
Anderson Santos da Silva, Juliano Araujo Wickboldt, Alberto Egon Schaeffer-Filho, Angelos K. Marnerides, Andreas Mauthe
Tool support for the evaluation of anomaly traffic classification for network resilience Inproceedings
In: 20th IEEE Symposium on Computers and Communication, ISCC 2015, Larnaca, Cyprus, July 6-9, 2015, pp. 514–519, IEEE Computer Society, 2015, ISBN: 978-1-4673-7194-0.
Abstract Links BibTeX Tags: Anomaly Detection Network Resilience
@inproceedings{DBLP:conf/iscc/SilvaWSMM15,
title = {Tool support for the evaluation of anomaly traffic classification for network resilience},
author = {Anderson Santos da Silva and Juliano Araujo Wickboldt and Alberto Egon Schaeffer-Filho and Angelos K. Marnerides and Andreas Mauthe},
url = {https://doi.org/10.1109/ISCC.2015.7405566},
doi = {10.1109/ISCC.2015.7405566},
isbn = {978-1-4673-7194-0},
year = {2015},
date = {2015-01-01},
booktitle = {20th IEEE Symposium on Computers and Communication, ISCC 2015, Larnaca, Cyprus, July 6-9, 2015},
pages = {514--519},
publisher = {IEEE Computer Society},
abstract = {Resilience is the ability of the network to maintain an acceptable level of operation in the face of anomalies, such as malicious attacks, operational overload or misconfigurations. Techniques for anomaly traffic classification are often used to characterize suspicious network traffic, thus supporting anomaly detection schemes in network resilience strategies. In this paper, we extend the PReSET toolset to allow the investigation, comparison and analysis of algorithms for anomaly traffic classification based on machine learning. PReSET was designed to allow the simulation-based evaluation of resilience strategies, thus enabling the comparison of optimal configurations and policies for combating different types of attacks (e.g., DDoS attacks, worms) and other anomalies. In such resilience strategies, policies written in the Ponder2 language can be used to activate/reconfigure traffic classification modules and other mechanisms (e.g., traffic shaping), depending on monitored results in the simulation environment. Our results show that PReSET can be a valuable tool for network operators to evaluate anomaly traffic classification techniques in terms of standard performance metrics.},
keywords = {Anomaly Detection, Network Resilience},
pubstate = {published},
tppubtype = {inproceedings}
}