-
Recent Advances in the Internet of Medical Things (IoMT) Systems Security
Authors:
Ali Ghubaish,
Tara Salman,
Maede Zolanvari,
Devrim Unal,
Abdulla Al-Ali,
Raj Jain
Abstract:
The rapid evolutions in micro-computing, mini-hardware manufacturing, and machine to machine (M2M) communications have enabled novel Internet of Things (IoT) solutions to reshape many networking applications. Healthcare systems are among these applications that have been revolutionized with IoT, introducing an IoT branch known as the Internet of Medical Things (IoMT) systems. IoMT systems allow re…
▽ More
The rapid evolutions in micro-computing, mini-hardware manufacturing, and machine to machine (M2M) communications have enabled novel Internet of Things (IoT) solutions to reshape many networking applications. Healthcare systems are among these applications that have been revolutionized with IoT, introducing an IoT branch known as the Internet of Medical Things (IoMT) systems. IoMT systems allow remote monitoring of patients with chronic diseases. Thus, it can provide timely patients' diagnostic that can save their life in case of emergencies. However, security in these critical systems is a major challenge facing their wide utilization. In this paper, we present state-of-the-art techniques to secure IoMT systems' data during collection, transmission, and storage. We comprehensively overview IoMT systems' potential attacks, including physical and network attacks. Our findings reveal that most security techniques do not consider various types of attacks. Hence, we propose a security framework that combines several security techniques. The framework covers IoMT security requirements and can mitigate most of its known attacks.
△ Less
Submitted 8 February, 2023;
originally announced February 2023.
-
TRUST XAI: Model-Agnostic Explanations for AI With a Case Study on IIoT Security
Authors:
Maede Zolanvari,
Zebo Yang,
Khaled Khan,
Raj Jain,
Nader Meskin
Abstract:
Despite AI's significant growth, its "black box" nature creates challenges in generating adequate trust. Thus, it is seldom utilized as a standalone unit in IoT high-risk applications, such as critical industrial infrastructures, medical systems, and financial applications, etc. Explainable AI (XAI) has emerged to help with this problem. However, designing appropriately fast and accurate XAI is st…
▽ More
Despite AI's significant growth, its "black box" nature creates challenges in generating adequate trust. Thus, it is seldom utilized as a standalone unit in IoT high-risk applications, such as critical industrial infrastructures, medical systems, and financial applications, etc. Explainable AI (XAI) has emerged to help with this problem. However, designing appropriately fast and accurate XAI is still challenging, especially in numerical applications. Here, we propose a universal XAI model named Transparency Relying Upon Statistical Theory (TRUST), which is model-agnostic, high-performing, and suitable for numerical applications. Simply put, TRUST XAI models the statistical behavior of the AI's outputs in an AI-based system. Factor analysis is used to transform the input features into a new set of latent variables. We use mutual information to rank these variables and pick only the most influential ones on the AI's outputs and call them "representatives" of the classes. Then we use multi-modal Gaussian distributions to determine the likelihood of any new sample belonging to each class. We demonstrate the effectiveness of TRUST in a case study on cybersecurity of the industrial Internet of things (IIoT) using three different cybersecurity datasets. As IIoT is a prominent application that deals with numerical data. The results show that TRUST XAI provides explanations for new random samples with an average success rate of 98%. Compared with LIME, a popular XAI model, TRUST is shown to be superior in the context of performance, speed, and the method of explainability. In the end, we also show how TRUST is explained to the user.
△ Less
Submitted 2 May, 2022;
originally announced May 2022.
-
ADDAI: Anomaly Detection using Distributed AI
Authors:
Maede Zolanvari,
Ali Ghubaish,
Raj Jain
Abstract:
When dealing with the Internet of Things (IoT), especially industrial IoT (IIoT), two manifest challenges leap to mind. First is the massive amount of data streaming to and from IoT devices, and second is the fast pace at which these systems must operate. Distributed computing in the form of edge/cloud structure is a popular technique to overcome these two challenges. In this paper, we propose ADD…
▽ More
When dealing with the Internet of Things (IoT), especially industrial IoT (IIoT), two manifest challenges leap to mind. First is the massive amount of data streaming to and from IoT devices, and second is the fast pace at which these systems must operate. Distributed computing in the form of edge/cloud structure is a popular technique to overcome these two challenges. In this paper, we propose ADDAI (Anomaly Detection using Distributed AI) that can easily span out geographically to cover a large number of IoT sources. Due to its distributed nature, it guarantees critical IIoT requirements such as high speed, robustness against a single point of failure, low communication overhead, privacy, and scalability. Through empirical proof, we show the communication cost is minimized, and the performance improves significantly while maintaining the privacy of raw data at the local layer. ADDAI provides predictions for new random samples with an average success rate of 98.4% while reducing the communication overhead by half compared with the traditional technique of offloading all the raw sensor data to the cloud.
△ Less
Submitted 2 May, 2022;
originally announced May 2022.
-
Cybersecurity for Industrial Control Systems: A Survey
Authors:
Deval Bhamare,
Maede Zolanvari,
Aiman Erbad,
Raj Jain,
Khaled Khan,
Nader Meskin
Abstract:
Industrial Control System (ICS) is a general term that includes supervisory control & data acquisition (SCADA) systems, distributed control systems (DCS), and other control system configurations such as programmable logic controllers (PLC). ICSs are often found in the industrial sectors and critical infrastructures, such as nuclear and thermal plants, water treatment facilities, power generation,…
▽ More
Industrial Control System (ICS) is a general term that includes supervisory control & data acquisition (SCADA) systems, distributed control systems (DCS), and other control system configurations such as programmable logic controllers (PLC). ICSs are often found in the industrial sectors and critical infrastructures, such as nuclear and thermal plants, water treatment facilities, power generation, heavy industries, and distribution systems. Though ICSs were kept isolated from the Internet for so long, significant achievable business benefits are driving a convergence between ICSs and the Internet as well as information technology (IT) environments, such as cloud computing. As a result, ICSs have been exposed to the attack vectors used in the majority of cyber-attacks. However, ICS devices are inherently much less secure against such advanced attack scenarios. A compromise to ICS can lead to enormous physical damage and danger to human lives. In this work, we have a close look at the shift of the ICS from stand-alone systems to cloud-based environments. Then we discuss the major works, from industry and academia towards the development of the secure ICSs, especially applicability of the machine learning techniques for the ICS cyber-security. The work may help to address the challenges of securing industrial processes, particularly while migrating them to the cloud environments.
△ Less
Submitted 10 February, 2020;
originally announced February 2020.
-
Potential Data Link Candidates for Civilian Unmanned Aircraft Systems: A Survey
Authors:
Maede Zolanvari,
Raj Jain,
Tara Salman
Abstract:
This survey studies the potential data link candidates for unmanned aircraft vehicles (UAVs). There has been tremendous growth in different applications of UAVs such as lifesaving and rescue missions, commercial use, recreations, etc. Unlike the traditional wireless communications, the data links for these systems do not have any general standardized framework yet to ensure safe co-existence of UA…
▽ More
This survey studies the potential data link candidates for unmanned aircraft vehicles (UAVs). There has been tremendous growth in different applications of UAVs such as lifesaving and rescue missions, commercial use, recreations, etc. Unlike the traditional wireless communications, the data links for these systems do not have any general standardized framework yet to ensure safe co-existence of UAVs with other flying vehicles. This motivated us to provide a comprehensive survey of potential data link technologies available for UAVs. Our goal is to study the current trends and available candidates and carry out a comprehensive comparison among them. The contribution of this survey is to highlight the strength and weakness of the current data link options and their suitability to satisfy the UAVs communication requirements. Satellite links, cellular technologies, Wi-Fi and several similar wireless technologies are studied thoroughly in this paper. We also focus on several available promising standards that can be modified for these data links. Then, we discuss standard-related organizations that are working actively in the area of civilian unmanned systems. Finally, we bring up some future challenges in this area with several potential solutions to motivate further research work.
△ Less
Submitted 18 April, 2020; v1 submitted 31 December, 2019;
originally announced December 2019.
-
Analysis of AeroMACS Data Link for Unmanned Aircraft Vehicles
Authors:
Maede Zolanvari,
Marcio A. Teixeira,
Raj Jain
Abstract:
Aeronautical Mobile Airport Communications System (AeroMACS) is based on the IEEE 802.16e mobile wireless standard commonly known as WiMAX. It is expected to be the main part of the next-generation aviation communication system to support fixed and mobile services for manned and unmanned applications. AeroMACS will be an essential technology helping pave the way toward full integration of Unmanned…
▽ More
Aeronautical Mobile Airport Communications System (AeroMACS) is based on the IEEE 802.16e mobile wireless standard commonly known as WiMAX. It is expected to be the main part of the next-generation aviation communication system to support fixed and mobile services for manned and unmanned applications. AeroMACS will be an essential technology helping pave the way toward full integration of Unmanned Aircraft Vehicle (UAV) into the national airspace. A number of practical tests and analyses have been done so far for AeroMACS. The main contribution of this paper is to consider the theoretical concepts behind its features and discuss their suitability for UAV applications. Mathematical analyses of the AeroMACS physical layer framework are provided to show the theoretical trade-offs. We mainly focus on the analysis of the AeroMACS OFDMA structure, which affects the speed limits, coverage cell, channel estimation requirements, and inter-carrier interference.
△ Less
Submitted 6 December, 2019;
originally announced December 2019.
-
Effect of Imbalanced Datasets on Security of Industrial IoT Using Machine Learning
Authors:
Maede Zolanvari,
Marcio A. Teixeira,
Raj Jain
Abstract:
Machine learning algorithms have been shown to be suitable for securing platforms for IT systems. However, due to the fundamental differences between the industrial internet of things (IIoT) and regular IT networks, a special performance review needs to be considered. The vulnerabilities and security requirements of IIoT systems demand different considerations. In this paper, we study the reasons…
▽ More
Machine learning algorithms have been shown to be suitable for securing platforms for IT systems. However, due to the fundamental differences between the industrial internet of things (IIoT) and regular IT networks, a special performance review needs to be considered. The vulnerabilities and security requirements of IIoT systems demand different considerations. In this paper, we study the reasons why machine learning must be integrated into the security mechanisms of the IIoT, and where it currently falls short in having a satisfactory performance. The challenges and real-world considerations associated with this matter are studied in our experimental design. We use an IIoT testbed resembling a real industrial plant to show our proof of concept.
△ Less
Submitted 2 December, 2019;
originally announced December 2019.
-
Machine Learning Based Network Vulnerability Analysis of Industrial Internet of Things
Authors:
Maede Zolanvari,
Marcio A. Teixeira,
Lav Gupta,
Khaled M. Khan,
Raj Jain
Abstract:
It is critical to secure the Industrial Internet of Things (IIoT) devices because of potentially devastating consequences in case of an attack. Machine learning and big data analytics are the two powerful leverages for analyzing and securing the Internet of Things (IoT) technology. By extension, these techniques can help improve the security of the IIoT systems as well. In this paper, we first pre…
▽ More
It is critical to secure the Industrial Internet of Things (IIoT) devices because of potentially devastating consequences in case of an attack. Machine learning and big data analytics are the two powerful leverages for analyzing and securing the Internet of Things (IoT) technology. By extension, these techniques can help improve the security of the IIoT systems as well. In this paper, we first present common IIoT protocols and their associated vulnerabilities. Then, we run a cyber-vulnerability assessment and discuss the utilization of machine learning in countering these susceptibilities. Following that, a literature review of the available intrusion detection solutions using machine learning models is presented. Finally, we discuss our case study, which includes details of a real-world testbed that we have built to conduct cyber-attacks and to design an intrusion detection system (IDS). We deploy backdoor, command injection, and Structured Query Language (SQL) injection attacks against the system and demonstrate how a machine learning based anomaly detection system can perform well in detecting these attacks. We have evaluated the performance through representative metrics to have a fair point of view on the effectiveness of the methods.
△ Less
Submitted 13 November, 2019;
originally announced November 2019.
-
DublinCity: Annotated LiDAR Point Cloud and its Applications
Authors:
S. M. Iman Zolanvari,
Susana Ruano,
Aakanksha Rana,
Alan Cummins,
Rogerio Eduardo da Silva,
Morteza Rahbar,
Aljosa Smolic
Abstract:
Scene understanding of full-scale 3D models of an urban area remains a challenging task. While advanced computer vision techniques offer cost-effective approaches to analyse 3D urban elements, a precise and densely labelled dataset is quintessential. The paper presents the first-ever labelled dataset for a highly dense Aerial Laser Scanning (ALS) point cloud at city-scale. This work introduces a n…
▽ More
Scene understanding of full-scale 3D models of an urban area remains a challenging task. While advanced computer vision techniques offer cost-effective approaches to analyse 3D urban elements, a precise and densely labelled dataset is quintessential. The paper presents the first-ever labelled dataset for a highly dense Aerial Laser Scanning (ALS) point cloud at city-scale. This work introduces a novel benchmark dataset that includes a manually annotated point cloud for over 260 million laser scanning points into 100'000 (approx.) assets from Dublin LiDAR point cloud [12] in 2015. Objects are labelled into 13 classes using hierarchical levels of detail from large (i.e., building, vegetation and ground) to refined (i.e., window, door and tree) elements. To validate the performance of our dataset, two different applications are showcased. Firstly, the labelled point cloud is employed for training Convolutional Neural Networks (CNNs) to classify urban elements. The dataset is tested on the well-known state-of-the-art CNNs (i.e., PointNet, PointNet++ and So-Net). Secondly, the complete ALS dataset is applied as detailed ground truth for city-scale image-based 3D reconstruction.
△ Less
Submitted 6 September, 2019;
originally announced September 2019.
-
SCADA System Testbed for Cybersecurity Research Using Machine Learning Approach
Authors:
Marcio Andrey Teixeira,
Tara Salman,
Maede Zolanvari,
Raj Jain,
Nader Meskin,
Mohammed Samaka
Abstract:
This paper presents the development of a Supervisory Control and Data Acquisition (SCADA) system testbed used for cybersecurity research. The testbed consists of a water storage tank's control system, which is a stage in the process of water treatment and distribution. Sophisticated cyber-attacks were conducted against the testbed. During the attacks, the network traffic was captured, and features…
▽ More
This paper presents the development of a Supervisory Control and Data Acquisition (SCADA) system testbed used for cybersecurity research. The testbed consists of a water storage tank's control system, which is a stage in the process of water treatment and distribution. Sophisticated cyber-attacks were conducted against the testbed. During the attacks, the network traffic was captured, and features were extracted from the traffic to build a dataset for training and testing different machine learning algorithms. Five traditional machine learning algorithms were trained to detect the attacks: Random Forest, Decision Tree, Logistic Regression, Naive Bayes and KNN. Then, the trained machine learning models were built and deployed in the network, where new tests were made using online network traffic. The performance obtained during the training and testing of the machine learning models was compared to the performance obtained during the online deployment of these models in the network. The results show the efficiency of the machine learning models in detecting the attacks in real time. The testbed provides a good understanding of the effects and consequences of attacks on real SCADA environments
△ Less
Submitted 10 February, 2019;
originally announced April 2019.
-
Efficient Virtual Network Function Placement Strategies for Cloud Radio Access Networks
Authors:
Deval Bhamare,
Aiman Erbad,
Raj Jain,
Maede Zolanvari,
Mohammed Samaka
Abstract:
The new generation of 5G mobile services places stringent requirements for cellular network operators in terms of latency and costs. The latest trend in radio access networks (RANs) is to pool the baseband units (BBUs) of multiple radio base stations and to install them in a centralized infrastructure, such as a cloud, for statistical multiplexing gains. The technology is known as Cloud Radio Acce…
▽ More
The new generation of 5G mobile services places stringent requirements for cellular network operators in terms of latency and costs. The latest trend in radio access networks (RANs) is to pool the baseband units (BBUs) of multiple radio base stations and to install them in a centralized infrastructure, such as a cloud, for statistical multiplexing gains. The technology is known as Cloud Radio Access Network (CRAN). Since cloud computing is gaining significant traction and virtualized data centers are becoming popular as a cost-effective infrastructure in the telecommunication industry, CRAN is being heralded as a candidate technology to meet the expectations of radio access networks for 5G. In CRANs, low energy base stations (BSs) are deployed over a small geographical location and are connected to a cloud via finite capacity backhaul links. Baseband processing unit (BBU) functions are implemented on the virtual machines (VMs) in the cloud over commodity hardware. Such functions, built-in software, are termed as virtual functions (VFs). The optimized placement of VFs is necessary to reduce the total delays and minimize the overall costs to operate CRANs. Our study considers the problem of optimal VF placement over distributed virtual resources spread across multiple clouds, creating a centralized BBU cloud. We propose a combinatorial optimization model and the use of two heuristic approaches, which are, branch-and-bound (BnB) and simulated annealing (SA) for the proposed optimal placement. In addition, we propose enhancements to the standard BnB heuristic and compare the results with standard BnB and SA approaches. The proposed enhancements improve the quality of the solution in terms of latency and cost as well as reduce the execution complexity significantly.
△ Less
Submitted 10 February, 2019;
originally announced March 2019.
-
Security Services Using Blockchains: A State of the Art Survey
Authors:
Tara Salman,
Maede Zolanvari,
Aiman Erbad,
Raj Jain,
Mohammed Samaka
Abstract:
This article surveys blockchain-based approaches for several security services. These services include authentication, confidentiality, privacy, and access control list (ACL), data and resource provenance, and integrity assurance. All these services are critical for the current distributed applications, especially due to the large amount of data being processed over the networks and the use of clo…
▽ More
This article surveys blockchain-based approaches for several security services. These services include authentication, confidentiality, privacy, and access control list (ACL), data and resource provenance, and integrity assurance. All these services are critical for the current distributed applications, especially due to the large amount of data being processed over the networks and the use of cloud computing. Authentication ensures that the user is who he/she claims to be. Confidentiality guarantees that data cannot be read by unauthorized users. Privacy provides the users the ability to control who can access their data. Provenance allows an efficient tracking of the data and resources along with their ownership and utilization over the network. Integrity helps in verifying that the data has not been modified or altered. These services are currently managed by centralized controllers, for example, a certificate authority. Therefore, the services are prone to attacks on the centralized controller. On the other hand, blockchain is a secured and distributed ledger that can help resolve many of the problems with centralization. The objectives of this paper are to give insights on the use of security services for current applications, to highlight the state of the art techniques that are currently used to provide these services, to describe their challenges, and to discuss how the blockchain technology can resolve these challenges. Further, several blockchain-based approaches providing such security services are compared thoroughly. Challenges associated with using blockchain-based security services are also discussed to spur further research in this area.
△ Less
Submitted 19 October, 2018;
originally announced October 2018.
