Search for: All records

This study outlines a novel intrusion detection system (IDS) to detect compromised sensor data anomalies in interdependent industrial processes. The IDS used a peer-to-peer communication framework which allowed multiple programmable logic controllers (PLCs) to communicate and share sensor data. Utilizing the shared sensor data, state estimators used a long short-term memory (LSTM) machine learning algorithm to identify anomalous sensor readings connected to neighboring PLCs controlling an interdependent physical process. This study evaluated the performance of the IDS on three industrial operations aligning to a midstream oil terminal. The framework successfully detected several multi-sensor compromises during mid-stream oil terminal operations. A set of performance evaluations also showed no impact on the real-time operations of the PLC and outlined the prediction latencies of the framework. 

Machine learning assisted binary analysis is an area of great interest in cybersecurity research. Training accurate machine learning models requires methods of binary lifting, which require binaries to be translated through an intermediate language representation. This study postulates that different intermediate language representations change the performance characteristics of these machine learning models. Taking a published machine learning framework as a control and modifying the input methodology to include different intermediate language representation transforms, this study compared the performance of models in the realm of malware classification. The contributions of this study are: verification and replication of a published machine learning framework, novel transforms and usage of a public malware dataset, a comparative study on the impact of performance of different intermediate language representations for opcode based malware classification, and a set of heatmaps that can be utilized as a reference lookup table to inform binary lifting choice.