Jakapan Suaboot

Bio: Jakapan Suaboot is an academic researcher from RMIT University. The author has contributed to research in topics: Computer science & SCADA. The author has an hindex of 2, co-authored 2 publications receiving 22 citations.

A Taxonomy of Supervised Learning for IDSs in SCADA Environments

Abstract: Supervisory Control and Data Acquisition (SCADA) systems play an important role in monitoring industrial processes such as electric power distribution, transport systems, water distribution, and wastewater collection systems. Such systems require a particular attention with regards to security aspects, as they deal with critical infrastructures that are crucial to organizations and countries. Protecting SCADA systems from intrusion is a very challenging task because they do not only inherit traditional IT security threats but they also include additional vulnerabilities related to field components (e.g., cyber-physical attacks). Many of the existing intrusion detection techniques rely on supervised learning that consists of algorithms that are first trained with reference inputs to learn specific information, and then tested on unseen inputs for classification purposes. This article surveys supervised learning from a specific security angle, namely SCADA-based intrusion detection. Based on a systematic review process, existing literature is categorized and evaluated according to SCADA-specific requirements. Additionally, this survey reports on well-known SCADA datasets and testbeds used with machine learning methods. Finally, we present key challenges and our recommendations for using specific supervised methods for SCADA systems.

The Flash Loan Attack Analysis (FAA) Framework - A Case Study of the Warp Finance Exploitation

Abstract: Decentralized finance (DeFi) has exploded in popularity with a billion-dollar market cap. While uncollateralized lending, known as a flash loan, emerged from DeFi, it has become a primary tool used by attackers to drain investment tokens from DeFi networks. The existing countermeasures seem practical, but no comprehensive quantitative analysis framework was available to test them. This paper proposes the Flash loan Attack Analysis (FAA) framework, which aids security practitioners in understanding the DeFi system’s effects on preventative methods when various factors change. The quantitative predictions can help security professionals in identifying hidden dangers and more efficiently adopting countermeasure strategies. The simulation predicts that the existing strategy, fair reserves, can fully protect the platform in a typical market environment; however, in a highly volatile market where the token price drops by 60% in a single hour, it will be broken, causing more than $8 million in damage.

NativeVRF: A Simplified Decentralized Random Number Generator on EVM Blockchains

Abstract: Smart contracts refer to small programs that run in a decentralized blockchain infrastructure. The blockchain system is trustless, and the determination of common variables is done by consensus between peers. Developing applications that require generating random variables becomes significantly challenging—for instance, lotteries, games, and random assignments. Many random number generators (RNGs) for smart contracts have been developed for the decentralized environment. The methods can be classified into three categories: on-chain RNG, Verifiable Random Function (VRF), and the Commit–reveal scheme. Although the existing methods offer different strengths and weaknesses, none achieves the three important requirements for an ideal RNG solution: security, applicability, and cost efficiency. This paper proposes a novel RNG approach called Native VRF, which offers application development simplicity and cost efficiency while maintaining strong RNG security properties. Experimental results show that Native VRF has the same security properties as the widely used RNG methods, i.e., Randao and Chainlink VRF. On top of that, our work offers a much simpler setup process and lower hardware resources and developer expertise requirements. Most importantly, the proposed Native VRF is compatible with all Ethereum virtual machine (EVM) blockchains, contributing to the overall growth of the blockchain ecosystem.

From Characters to Chaos: On the Feasibility of Attacking Thai OCR with Adversarial Examples

Abstract: Recent advances in deep neural networks (DNNs) have significantly enhanced the capabilities of optical character recognition (OCR) technology, enabling its adoption to a wide range of real-world applications. Despite this success, DNN-based OCR is shown to be vulnerable to adversarial attacks, in which the adversary can influence the DNN model’s prediction by carefully manipulating input to the model. Prior work has demonstrated the security impacts of adversarial attacks on various OCR languages. However, to date, no studies have been conducted and evaluated on an OCR system tailored to the Thai language. To bridge this gap, this work presents a feasibility study of performing adversarial attacks on a specific Thai OCR application – Thai License Plate Recognition (LPR). Moreover, we propose a new type of adversarial attacks based on the semi-targeted scenario and show that this scenario is highly realistic in LPR applications. Our experimental results show the feasibility of our attacks as they can be performed on a commodity computer desktop with over 90% attack success rate.

Intrusion Detection

Abstract: Marc Dacier's topic is: intrusion detection vs. detection of errors caused by intentionally malicious faults. Although research on intrusion detection has been carried out for more than two decades, it has recently received increased attention due to the success of the Internet. A recent survey conducted by the IBM Global Security Laboratory indicates that more than 20 intrusion-detection products are now available on the market, whereas two years ago there were only three. Despite this growth of product offerings, intrusion-detection solutions are still in their infancy. Not only is there a lack of understanding of what an intrusion really is, but also how it should be handled. Moreover, from a technical point of view, many critical issues remain unsolved.In this talk, Marc presents what has been done in the intrusion domain in the past, and highlights new research directions that need to be addressed. He will highlight the relationship between intrusion detection and fault tolerance, drawing on the body of knowledge that has been developed within the traditional dependability community, and noting the opportunities for these two communities to work together to solve this important problem.Sami Saydjari's topic is: the detection of novel, previously unseen attacks. Although intrusion detection is a field still in its infancy, two broad approaches have evolved: pattern-based detection and anomaly-based detection. Pattern-based detection, sometimes called misuse-based detection, relies on matching known patterns of attacks already suffered. Anomaly-based detection, on the other hand, relies on detecting behaviors that are abnormal with respect to some normal standard. An example is that of a masquerader trying to hide behind someone else's login; unless the masquerader is clever indeed, his activities will stand out as anomalous against a victim's profile of normal behavior. Anomaly-based detection techniques appear to hold the best hope of detecting new variants of attacks.Sami emphasizes that although there exist some low-level sensors that can detect known attacks, the research community must move quickly in learning how to detect novel attacks at much higher detection rates (state of the art is around 80%) while keeping the false positive rates very low (0.1% or better). Detecting novel attacks will require better anomaly detection algorithms. Achieving a 99.9% detection rate will require gaining a firm understanding of the "sweet spots" of various detection algorithms, as well as an understanding of how to fuse the results of the best of the best. There is also a need to better represent knowledge of attack patterns in a canonical form, to be able to share that knowledge across multiple detection tools, and to be able to judge tools on the basis of how effectively they use knowledge, as opposed to which tool can include the largest corpus of precompiled (pattern-based) knowledge into its on-line database.The session concludes with an open discussion of how research communities can work together to reduce undependability caused by intentionally malicious faults.

ARIES: A Novel Multivariate Intrusion Detection System for Smart Grid.

Abstract: The advent of the Smart Grid (SG) raises severe cybersecurity risks that can lead to devastating consequences. In this paper, we present a novel anomaly-based Intrusion Detection System (IDS), called ARIES (smArt gRid Intrusion dEtection System), which is capable of protecting efficiently SG communications. ARIES combines three detection layers that are devoted to recognising possible cyberattacks and anomalies against (a) network flows, (b) Modbus/Transmission Control Protocol (TCP) packets and (c) operational data. Each detection layer relies on a Machine Learning (ML) model trained using data originating from a power plant. In particular, the first layer (network flow-based detection) performs a supervised multiclass classification, recognising Denial of Service (DoS), brute force attacks, port scanning attacks and bots. The second layer (packet-based detection) detects possible anomalies related to the Modbus packets, while the third layer (operational data based detection) monitors and identifies anomalies upon operational data (i.e., time series electricity measurements). By emphasising on the third layer, the ARIES Generative Adversarial Network (ARIES GAN) with novel error minimisation functions was developed, considering mainly the reconstruction difference. Moreover, a novel reformed conditional input was suggested, consisting of random noise and the signal features at any given time instance. Based on the evaluation analysis, the proposed GAN network overcomes the efficacy of conventional ML methods in terms of Accuracy and the F1 score.

A Classy Multifacet Clustering and Fused Optimization Based Classification Methodologies for SCADA Security

Abstract: Detecting intrusions from the supervisory control and data acquisition (SCADA) systems is one of the most essential and challenging processes in recent times. Most of the conventional works aim to develop an efficient intrusion detection system (IDS) framework for increasing the security of SCADA against networking attacks. Nonetheless, it faces the problems of complexity in classification, requiring more time for training and testing, as well as increased misprediction results and error outputs. Hence, this research work intends to develop a novel IDS framework by implementing a combination of methodologies, such as clustering, optimization, and classification. The most popular and extensively utilized SCADA attacking datasets are taken for this system’s proposed IDS framework implementation and validation. The main contribution of this work is to accurately detect the intrusions from the given SCADA datasets with minimized computational operations and increased accuracy of classification. Additionally the proposed work aims to develop a simple and efficient classification technique for improving the security of SCADA systems. Initially, the dataset preprocessing and clustering processes were performed using the multifacet data clustering model (MDCM) in order to simplify the classification process. Then, the hybrid gradient descent spider monkey optimization (GDSMO) mechanism is implemented for selecting the optimal parameters from the clustered datasets, based on the global best solution. The main purpose of using the optimization methodology is to train the classifier with the optimized features to increase accuracy and reduce processing time. Moreover, the deep sequential long short term memory (DS-LSTM) is employed to identify the intrusions from the clustered datasets with efficient data model training. Finally, the proposed optimization-based classification methodology’s performance and results are validated and compared using various evaluation metrics.