XXXVI, No. 2, Pp. 107-209
Back to Contents
Authors: Brandyn M. Campos and Miltiadis Alamaniotis
Deployment of digital technologies within a modern shift in cyber defense systems is essential for protecting the energy production units. One of the important components of defense is cyberforensics: once an attack has been detected to locate its origin. In this paper, a review of well-known cyberattacks in nuclear facilities is provided, with the lessons learned leading to the development of a machine learning approach implementing identification of internal attacks in the facility's data networks. Our approach may be seen as one of the layers in a defense-in-depth strategy that identifies if the attack comes from inside, which may result in identifying faster the attacker's origin. The presented model exploits network packet examination to cast accurate predictions on detailing the origin of malicious network connections. The approach fuses multiple mathematical functions within an artificial neural network to provide a response in the form of 0/1, i. e., whether the attack is identified as internal or not. The utilization of a variety of test cases is developed to explore the relevance and validity of the predictive approach. The proposed implementation is examined with network data packet variance, and the results obtained exhibit a highly accurate detection rate.
Key words: cyberforensics, digital forensics, nuclear power plant, internal attack, neural network
FULL PAPER IN PDF FORMAT (1 MB)