Cyber Physical System Security by Splunk

Kundankumar Rameshwar Saraf*, P. Malathi **
* Capgemini Technology Services India Ltd, Pune, Maharashtra, India.
** Department of Electronics and Telecommunication Engineering, D.Y. Patil College of Engineering, Pune, Maharashtra, India.
Periodicity:July - December'2020
DOI : https://doi.org/10.26634/jcs.9.2.18115

Abstract

Cyber Physical System (CPS) is an integration of sensing, monitoring and analyzing devices connected with each other and establishes communication through internet. This system is prone to many cyber-attacks such as Man-In-The-Middle Attack, Denial of Service Attack, Cross-Site Scripting Attack, SQL Injection Attack, Password Cracking Attack, etc. Present security measures to protect CPS against cyber-attacks includes use of Intrusion Detection System (IDS), Firewalls, Anti-Malware, Anti-Virus, Anti-Spyware, HTTPS/SSH Encryption, Faradays Cage, Password Policy with periodic password change, Least Privileges, Strong Code, Intrusion Prevention System (IPS), etc. All these security measures have one or more challenges in their implementation such as reduced performance, higher power consumption, high transmission delays, huge cost, etc. Also, firewall, IPS, antivirus can only prevent the known threats. Today, many threats have no fixed pattern and their pattern are adaptable. Hence, all these intrusion prevention and protection systems becomes ineffective to protect the CPS against cyber-attacks. This paper reviews how Splunk Enterprise Security (Splunk ES) can be used to secure the CPS against all known, unknown and adaptable cyber threats with minimum user efforts and cost. Operation Technology Option in Splunk ES provides real time predictive analysis of cyber-attacks. By using artificial intelligence, machine learning and behavioral analysis, Splunk can predict any cyber-threat to CPS, 30 to 45 minutes in advance. Splunk can trigger the alert to CPS administrator who can implement the precautionary measures and protect the CPS before the actual occurrence of cyber-attack. This research performs the demonstration of cyber-attack on CPS and shows the result generated by Splunk ES.

Keywords

Cyber-Attack, Cyber Physical System, Operation Technology, Splunk Enterprise Security.

How to Cite this Article?

Saraf, K. R., and Malath, P. (2020). Cyber Physical System Security by Splunk. i-manager's Journal on Communication Engineering and Systems, 9(2), 41-48. https://doi.org/10.26634/jcs.9.2.18115

References

[1]. Abera, T., Asokan, N., Davi, L., Ekberg, J. E., Nyman, T., Paverd, A., ... & Tsudik, G. (2016, October). C-FLAT: Control flow attestation for embedded systems software. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (pp. 743-754). https://doi.org/10.1145/2976749.2978358
[2]. Alguliyev, R., Imamverdiyev, Y., & Sukhostat, L. (2018). Cyber-physical systems and their security issues. Computers in Industry, 100, 212-223. https://doi.org/10.10 16/j.compind.2018.04.017
[3]. Al-Shurman, M., Yoo, S. M., & Park, S. (2004, April). Black hole attack in mobile ad hoc networks. In Proceedings of the 42nd Annual Southeast Regional Conference (pp. 96- 97). https://doi.org/10.1145/986537.986560
[4]. Bou-Harb, E. (2016, November). A brief survey of security approaches for cyber-physical systems. In 2016, 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS) (pp. 1-5). IEEE. https://doi.org/ 10.1109/NTMS.2016.7792424
[5]. Chen, D. D., Woo, M., Brumley, D., & Egele, M. (2016, February). Towards automated dynamic analysis for Linuxbased embedded firmware. In The Network and Distributed System Security Symposium. https://doi.org/ 10.14722/ndss.2016.23415
[6]. Chen, T. M. (2010, April). Survey of cyber security issues in smart grids. In Cyber Security, Situation Management, and Impact Assessment II; and Visual Analytics for Homeland Defense and Security II (Vol. 7709). International Society for Optics and Photonics. https://doi.org/10.1117/ 12.862698
[7]. Chun, I., Park, J., Kim, W., Kang, W., Lee, H., & Park, S. (2010, February). Autonomic computing technologies for cyber-physical systems. In 2010, The 12th International Conference on Advanced Communication Technology (ICACT) (Vol. 2, pp. 1009-1014). IEEE.
[8]. Davi, L., Dmitrienko, A., Sadeghi, A. R., & Winandy, M. (2010). Privilege escalation attacks on android. In International Conference on Information Security (pp. 346–360). Springer.
[9]. Francillon, A., & Castelluccia, C. (2008, October). Code injection attacks on harvard-architecture devices. In Proceedings of the 15th ACM conference on Computer and Communications Security (pp. 15-26). https://doi.org/ 10.1145/1455770.1455775
[10]. Gudivada, V. N., Ramaswamy, S., & Srinivasan, S. (2018). Data management issues in cyber-physical systems. In Transportation Cyber-Physical Systems (pp. 173- 200). Elsevier. https://doi.org/10.1016/B978-0-12-814295- 0.00007-1
[11]. Haidegger, T., Virk, G. S., Herman, C., Bostelman, R., Galambos, P., Györök, G., & Rudas, I. J. (2020). Industrial and medical cyber-physical systems: Tackling user requirements and challenges in robotics. In Recent Advances in Intelligent Engineering (pp. 253-277). Cham: Springer. https://doi.org/10.1007/978-3-030-143 50-3_13
[12]. Hu, H., Shinde, S., Adrian, S., Chua, Z. L., Saxena, P., & Liang, Z. (2016, May). Data-oriented programming: On the expressiveness of non-control data attacks. In 2016, IEEE Symposium on Security and Privacy (SP) (pp. 969-986). IEEE. https://doi.org/10.1109/SP.2016.62
[13]. Humayed, A., Lin, J., Li, F., & Luo, B. (2017). Cyberphysical systems security—A survey. IEEE Internet of Things Journal, 4(6), 1802-1831. https://doi.org/10.1109/JIOT.201 7.2703172
[14]. Johnson, R. E. (2010, November). Survey of SCADA security challenges and potential attack vectors. In 2010, International Conference for Internet Technology and Secured Transactions (pp. 1-5). IEEE.
[15]. Kocabas, O., Soyata, T., & Aktas, M. K. (2016). Emerging security mechanisms for medical cyber physical systems. IEEE/ACM Transactions on Computational Biology and Bioinformatics, 13(3), 401-416. https://doi.org/10.11 09/TCBB.2016.2520933
[16]. Kumar, J. S., & Patel, D. R. (2014). A survey on internet of things: Security and privacy issues. International Journal of Computer Applications, 90(11), 20-26.
[17]. Kumar, S. (2007, July). Smurf-based distributed denial of service (DDoS) attack amplification in internet. In Second International Conference on Internet Monitoring and Protection (ICIMP 2007) (pp. 25-25). IEEE. https://doi.org/ 10.1109/ICIMP.2007.42
[18]. Lai, C., Cordeiro, P., Hasandka, A., Jacobs, N., Hossain-McKenzie, S., Jose, D., ... & Martin, M. (2019). Cryptography considerations for distributed energy resource systems. In 2019, IEEE Power and Energy Conference at Illinois (PECI) (pp. 1-7). IEEE. https://doi.org/ 10.1109/PECI.2019.8698907
[19]. Lemon, J. (2002, February). Resisting SYN flood DoS attacks with a SYN cache. In BSD Conference (Vol. 2002, pp. 89-98).
[20]. Loukas, G. (2015). Cyber-physical attacks: A growing invisible threat. Butterworth-Heinemann.
[21]. Miller, C., & Valasek, C. (n.d.). A survey of remote automotive attack surfaces. Retrieved from https://dl. packetstormsecurity.net/papers/attack/remote-attacksurfaces. pdf
[22]. Narayanan, A., & Shmatikov, V. (2005, November). Fast dictionary attacks on passwords using time-space tradeoff. In Proceedings of the 12th ACM Conference on Computer and Communications Security (pp. 364-372). https://doi.org/10.1145/1102120.1102168
[23]. Owens, J., & Matthews, J. (2008, April). A study of passwords and methods used in brute-force SSH attacks. In First USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET).
[24]. Poon, P. M. S., Dillon, T. S., Chang, E., & Feng, L. (2006). XML descriptor based approach for real time data messaging. In S. Lee, U. Brinkschulte, B. Thuraisingham, R. G. Pettit (Eds.). 9th IEEE International Symposium on Object and Component-Oriented Real-Time Distributed Computing. https://doi.org/10.1109/ISORC.2006.77
[25]. Rad, C. R., Hancu, O., Takacs, I. A., & Olteanu, G. (2015). Smart monitoring of potato crop: A cyber-physical system architecture model in the field of precision agriculture. Agriculture and Agricultural Science Procedia, 6, 73-79. https://doi.org/10.1016/j.aaspro.2015.08.041
[26]. Roemer, R., Buchanan, E., Shacham, H., & Savage, S. (2012). Return-oriented programming: Systems, languages, and applications. ACM Transactions on Information and System Security (TISSEC), 15(1), 1-34. https://doi.org/10.11 45/2133375.2133377
[27]. Shrouf, F., Ordieres, J., & Miragliotta, G. (2014, December). Smart factories in Industry 4.0: A review of the concept and of energy management approached in production based on the Internet of Things paradigm. In 2014, IEEE International Conference on Industrial Engineering and Engineering Management (pp. 697- 701). IEEE. https://doi.org/10.1109/IEEM.2014.7058728
[28]. Siddappaji, B., & Akhilesh, K. B. (2020). Role of cyber security in drone technology. In Smart Technologies (pp. 169-178). Singapore: Springer. https://doi.org/10.1007/97 8-981-13-7139-4_13
[29]. Sklavos, N., & Zaharakis, I. D. (2016, November). Cryptography and security in internet of things (IoTs): Models, schemes, and implementations. In 2016, 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS) (pp. 1-2). IEEE. https://doi.org/10.1109/ NTMS.2016.7792443
[30]. Solankar, P., Pingale, S., & Parihar, R. (2015). Denial of service attack and classification techniques for attack detection. International Journal of Computer Science and Information Technologies, 6(2), 1096-1099.
[31]. Yaacoub, J. P. A., Noura, M., Noura, H. N., Salman, O., Yaacoub, E., Couturier, R., & Chehab, A. (2020). Securing internet of medical things systems: Limitations, issues and recommendations. Future Generation Computer Systems, 105, 581-606. https://doi.org/10.1016/j.future.2019.12.028
[32]. Ye, H., Cheng, X., Yuan, M., Xu, L., Gao, J., & Cheng, C. (2016, September). A survey of security and privacy in big data. In 2016, 16th International Symposium on Communications and Information Technologies (ISCIT) (pp. 268-272). IEEE. https://doi.org/10.1109/ISCIT.2016.775 1634
[33]. Yihunie, F., Abdelfattah, E., & Odeh, A. (2018, May). Analysis of ping of death DoS and DDoS attacks. In 2018, IEEE Long Island Systems, Applications and Technology Conference (LISAT) (pp. 1-4). IEEE. https://doi.org/10.1109/ LISAT.2018.8378010
[34]. Yoo, H., & Shon, T. (2016). Challenges and research directions for heterogeneous cyber–physical system based on IEC 61850: Vulnerabilities, security requirements, and security architecture. Future Generation Computer Systems, 61, 128-136. https://doi.org/10.1016/j.future. 2015.09.026
If you have access to this article please login to view the article or kindly login to purchase the article

Purchase Instant Access

Single Article

North Americas,UK,
Middle East,Europe
India Rest of world
USD EUR INR USD-ROW
Online 15 15

Options for accessing this content:
  • If you would like institutional access to this content, please recommend the title to your librarian.
    Library Recommendation Form
  • If you already have i-manager's user account: Login above and proceed to purchase the article.
  • New Users: Please register, then proceed to purchase the article.