Formação | Prof. Silvio Ereno Quincozes
Sites da Unipampa > Prof. Silvio Ereno Quincozes > Formação

Formação

DOUTOR EM CIÊNCIA DA COMPUTAÇÃO

UNIVERSIDADE FEDERAL FLUMINENSE (UFF)

[PDF da Tese] ERENO: an Extensible Tool for Generating Realistic IEC-61850 Instrusion Detection Datasets

  • Palavras Chaves: Intrusion Detection Systems, Digital Substations, Intelligent Electronic Devices, IEC–61850 Standard, GOOSE, SV.
  • Resumo: Digital electric grid substations are a key element to create reliable future smart grids. The IEC–61850 standards proposes a set of communication protocols to define how Intelligent Electronic Devices (IEDs) can communicate. Our studies show that there is a range of vulnerabilities that may compromise the IEC–61850 communication protocols and cause improper functioning of the physical power system. Therefore, detecting and preventing cyber intrusions play a vital role, and Intrusion Detection Systems (IDSs) have become an essential component of safeguarding substations from malicious activities. Even though intrusion detection techniques are commonly studied in conventional networks and systems, only a few studies address this issue considering the IEC–61850 substations requirements, limitations, and specific communication protocols. Furthermore, our studies reveal that the lack of realistic data for training, testing, and evaluating IDSs in realistic industrial scenarios is considered a major challenge. As consequence, the development of IDSs is currently limited by the datasets available. This thesis aims at building a framework to support a robust solution for detecting and preventing intrusions on IEC–61850 substations. Our main contribution is in the development of the Efficacious Reproducer Engine for Network Operations (ERENO). ERENO is an open-source framework for generating IEC–61850 datasets with representative features — extracted both from substation communication protocols and the electric domain — for detecting different types of intrusions. As an additional contribution and as a proof-of-concept, we present a suite of realistic IEC-61850 datasets that model 8 use cases, namely traffic for 7 common attacks and 1 for normal network traffic. Finally, we also present a novel taxonomy for the IEC–61850-based IDSs aspects. Our results show that our traffic generation solution with attack signatures is able to generate representative features to be processed by machine learning algorithms. With the combination of feature extraction and feature selection, significant gains were observed, including the detection of attacks that are not properly detected by the existing techniques in the literature. For more challenging attacks, we present F1-Score gains for the J48 classifier that took its performance from 52.24% to 99.46%.
Fevereiro, 2022

DOUTORADO SANDUÍCHE

UNIVERSITY OF PITTSBURGH (PITT)

[PDF da Principal Produção] A survey on intrusion detection and prevention systems in digital substations

  • Palavras Chaves: Smart grid, Cybersecurity, Intrusion Detection Systems, IDS, Survey, IEC–61850 standard.
  • Resumo: Smart Grids integrate the traditional power grid with information processing and communication technologies. In particular, substation intelligent devices can now communicate with each other digitally to enable remote information gathering, monitoring, and control. There have been many efforts to promote global communication standards. The IEC–61850 international standard addresses substation communication networks and systems. Despite the many benefits, this standardized communication poses new cyber-security challenges. Also, traditional Intrusion Detection Systems (IDSs) may not be suitable for digital substations, given their critical components and stringent time requirements. We present an in-depth analysis of attacks exploiting IEC–61850 substations and recent research efforts for detecting and preventing them. Our main contribution is an original taxonomy comprising design and evaluation aspects for substation-specific IDSs. This taxonomy includes IDS’s architectures, detection approaches, analysis, actions, data sources, detection range, validation strategies, and metrics. Additionally, we present a compilation of the detection rules deployed by the state-of-art IDSs and assess their resiliency to five types of attacks. Our assessment reveals that some attacks are covered by currently-deployed IDSs, but, particularly, further advancement is necessary to deal with masquerade attacks. Finally, we discuss trends, open issues, and future research topics.
Dezembro, 2020

MESTRE EM CIÊNCIA DA COMPUTAÇÃO

UNIVERSIDADE FEDERAL DE SANTA MARIA (UFSM)

[PDF da Dissertação] Detecção de Intrusões através da Seleção Dinâmica de Classificador baseada em Redes de Conselhos

  • Palavras Chaves: Intrusion Detection Systems, Heterogeneous Data Source, Data Classification, Dynamic Classifier Selection.
  • Resumo: Intrusion Detection Systems are common used for information analysis, that are collected from computer networks and computer systems. Through the use of techniques such as data classification, it is possible to identify malicious activities. However, the use of such technique presents a challenge that consists of choosing the ideal classifier against multiple possibilities of attacks. Existing efforts try to mitigate this problem with the use of multiple classifiers, however, this approach often introduces conflicts in decision making. In addition, there are cases where a source analyzed by a detector does not provide sufficient information for a precise decision. The objective of this work is the creation of an intrusion detection architecture through the dynamic selection of classifiers in council networks, where it is explored the consultation of counselors who analyzes multiple and heterogeneous data sources. Preliminary results show that the architecture is promising, resolving conflicts and increasing security in intrusion detection.
Fevereiro, 2018

BACHAREL EM ENGENHARIA DE SOFTWARE

UNIVERSIDADE FEDERAL DO PAMPA (UNIPAMPA)

[PDF da Monografia] Uma Arquitetura Segura Baseada na Computação Ubíqua para Recuperação de Registros Médicos

  • Palavras Chaves: Segurança, Recuperação de Prontuário Eletrônico, Computação Ubíqua, Near Field Communication (NFC).
  • Resumo: Sistemas de Registros Médicos são ferramentas importantes para facilitar o acesso e manutenção de dados de pacientes, como seu histórico de internações e exames médicos. Atualmente, médicos, enfermeiros e técnicos em enfermagem precisam de um acesso rápido e seguro aos registros médicos, evitando a burocracia e imprecisões no processo de recuperação dessas informações. A computação ubíqua e pervasiva pode contribuir na superação desses desafios, entretanto o problema da personificação de dispositivos deve ser tratado cuidadosamente para não haver comprometimento de informações particulares ou adulteração em qualquer tipo de registros. A fim de mitigar esse problema, este trabalho apresenta uma arquitetura segura, baseada na computação ubíqua e pervasiva para a recuperação e manutenção de registros médicos. Tal arquitetura depende da tecnologia de Comunicação por Campo de Proximidade, do inglês, Near Field Communication (NFC). Dessa forma, um mecanismo de autenticação foi desenvolvido para garantir a autenticidade dos dispositivos envolvidos. A arquitetura é avaliada no Hospital de Caridade de Jaguari (HCJ). Os resultados da análise e validação mostram que o mecanismo é eficiente e promissor, estabelecendo a autenticação mútua. Adicionalmente, outras importantes propriedades de segurança são alcançadas, como a proteção anti-repetição e anti-rastreio de dispositivos.