Phase-Space Detection of Cyber Events

Hernandez Jimenez, Jarilyn M.; Ferber, Aaron E.; Prowell, Stacy J.; Hively, Lee

Title: Phase-Space Detection of Cyber Events

Conference · Wed Apr 01 00:00:00 EDT 2015

OSTI ID:1265792

Hernandez Jimenez, Jarilyn M. ^[1];

^[1];

^[1]; Hively, Lee ^[1]

ORNL

Energy Delivery Systems (EDS) are a network of processes that produce, transfer and distribute energy. EDS are increasingly dependent on networked computing assets, as are many Industrial Control Systems. Consequently, cyber-attacks pose a real and pertinent threat, as evidenced by Stuxnet, Shamoon and Dragonfly. Hence, there is a critical need for novel methods to detect, prevent, and mitigate effects of such attacks. To detect cyber-attacks in EDS, we developed a framework for gathering and analyzing timing data that involves establishing a baseline execution profile and then capturing the effect of perturbations in the state from injecting various malware. The data analysis was based on nonlinear dynamics and graph theory to improve detection of anomalous events in cyber applications. The goal was the extraction of changing dynamics or anomalous activity in the underlying computer system. Takens' theorem in nonlinear dynamics allows reconstruction of topologically invariant, time-delay-embedding states from the computer data in a sufficiently high-dimensional space. The resultant dynamical states were nodes, and the state-to-state transitions were links in a mathematical graph. Alternatively, sequential tabulation of executing instructions provides the nodes with corresponding instruction-to-instruction links. Graph theorems guarantee graph-invariant measures to quantify the dynamical changes in the running applications. Results showed a successful detection of cyber events.

OSTI does not have a digital full text copy available. For more information, please see document availability, search WorldCat, or search Google Scholar.

Cite

Export

Save

Research Organization:: Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)

Sponsoring Organization:: USDOE

DOE Contract Number:: AC05-00OR22725

OSTI ID:: 1265792

Resource Relation:: Conference: Cyber and Information Security Research Conference - Oak Ridge, Tennessee, United States of America - 4/7/2015 12:00:00 AM-4/9/2015 12:00:00 AM

Country of Publication:: United States

Language:: English

Similar Records

An Approach for Assessing Consequences of Potential Supply Chain and Insider Contributed Cyber Attacks on Nuclear Power Plants

Journal Article · Fri Jul 01 00:00:00 EDT 2016 · Transactions of the American Nuclear Society · OSTI ID:1265792

Chu, Tsong-Lun; Varuttamaseni, Athi; Baek, Joo-Seok; +1 more

Electrical Fault Detection, Power Quality, Distributed Energy Resource Use Cases, and Cyber Event Applications with the Cyber Grid Guard System Using Distributed Ledger Technology

Technical Report · Thu Jun 01 00:00:00 EDT 2023 · OSTI ID:1265792

Piesciorovsky, Emilio; Hahn, Gary; Borges Hink, Raymond; +2 more

Situ: Identifying and Explaining Suspicious Behavior in Networks

Journal Article · Mon Aug 20 00:00:00 EDT 2018 · IEEE Transactions on Visualization and Computer Graphics · OSTI ID:1265792

Goodall, John R.; Ragan, Eric D.; Steed, Chad A.; +5 more

Related Subjects

Energy Delivery Systems
cyber anomaly detection
phase-space analysis
graph theory
malware
rootkits
cyber-attacks

Title: Phase-Space Detection of Cyber Events

Citation Formats

Similar Records

Related Subjects