Cybersecurity in the Next-Generation Industrial Internet of Things Era: Modelling, Detecting and Mitigating Threats

A special issue of Electronics (ISSN 2079-9292). This special issue belongs to the section "Computer Science & Engineering".

Deadline for manuscript submissions: closed (30 September 2022) | Viewed by 28826

Special Issue Editors


E-Mail Website
Guest Editor
Faculty of Engineering, University of Western Macedonia (UOWM), 50100 Kozani, Greece
Interests: information security; cryptography; machine learning; Internet of Things

E-Mail Website
Guest Editor
Department of Electrical and Computer Engineering, University of Western Macedonia, 50100 Kozani, Greece
Interests: IoT; 5G mobile communication; UAV; quality of service; radio access networks; computer network security; radio networks; artificial intelligence
Special Issues, Collections and Topics in MDPI journals

E-Mail Website
Guest Editor
Department of Networks and Digital Media, School of Computer Science and Mathematics, SEC, Kingston University, London KT1 2EE, UK
Interests: machine learning; artificial intelligence; intelligent and immersive environments; computer vision
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

Dear Colleagues,

The rise of the Industrial Internet of Things (IIoT) has provided various benefits, such as self-monitoring, pervasive control and self-healing. However, this progression also raises critical cybersecurity and privacy concerns due to the vulnerable nature of legacy and smart IIoT systems. On one hand, legacy IIoT systems, such as industrial control systems (ICS)/supervisory control and data acquisition (SCADA), utilise insecure communication protocols such as Modbus, distributed network protocol (DNP3) and IEC 60870-5-104. Such industrial protocols were designed without considering essential authentication and authorisation mechanisms. On the other hand, smart IIoT entities are subject to a plethora of vulnerabilities and security issues arising from the typical Internet model and the various IIoT technologies. Moreover, IIoT devices handle a vast amount of sensitive data that constitutes an attractive goal for potential cyber attackers. Increasingly, a growing number of advanced persistent threat (APT) groups threaten critical infrastructures (CIs). Both academia and industry have provided valuable countermeasures, such as IEC 62351 recommendations, Artificial Intelligence (AI)-based intrusion detection and prevention systems (IDPS) and security information and event management (SIEM) systems. However, cybersecurity issues against CIs remain a crucial problem. Characteristic examples are the advanced persistent threats (APTs) Dragonfly, Dragonfly 2.0, BlackEnergy 3, TRITON and Operation Wocao. State-of-the-art technologies such as AI, software-defined networking (SDN), network function virtualization (NFV), federated learning (FL) and blockchain have demonstrated their efficiency against IIoT cybersecurity and privacy issues.

This Special Issue will cover a wide range of IIoT cybersecurity and privacy solutions, combining a plethora of emerging technologies. Researchers are invited to submit novel contributions in, but not limited to, the following topics:

  • Cybersecurity analysis of IIoT communication protocols;
  • Privacy issues and solutions in IIoT communication protocols;
  • Threat modelling and vulnerability assessment in IIoT ecosystems;
  • Collaborative risk assessment for IIoT ecosystems;
  • SDN/NFV-based cybersecurity architectures for IIoT ecosystems;
  • FL cybersecurity and privacy-preserving architectures for IIoT ecosystems;
  • AI-based intrusion detection for IIoT ecosystems;
  • AI-based intrusion mitigation and prevention solutions for IIoT ecosystems;
  • SDN-based intrusion mitigation and prevention solutions for IIoT ecosystems;
  • Security information and event management systems for IIoT ecosystems;
  • Trust management in IIoT ecosystems;
  • FL-based privacy-preserving architectures for detecting intrusions in IIoT ecosystems;
  • Blockchain-based authentication and access control systems for IIoT ecosystems;
  • Self-healing cybersecurity mechanisms in IIoT ecosystems;
  • Orchestration and automatic configuration of security functions;
  • Privacy-preserving tools, frameworks and schemes in IIoT ecosystems;
  • Cybersecurity deception mechanisms in IIoT ecosystems;
  • Cyber threat intelligence management and sharing in IIoT ecosystems;
  • Digital forensics in IIoT ecosystems;
  • Surveys and technical reports related to cybersecurity and privacy incidents in IIoT ecosystems.

Dr. Panagiotis Radoglou-Grammatikis
Dr. Panagiotis Sarigiannidis
Dr. Thomas Lagkas
Prof. Dr. Vasileios Argyriou
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Electronics is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • Artificial Intelligence
  • Blockchain
  • Cybersecurity
  • Cyber threat intelligence
  • Digital forensics
  • Federated learning
  • Industrial Internet of Things
  • Intrusion detection and prevention
  • Network function virtualization
  • Privacy
  • Risk assessment
  • Security information and event management
  • Software-defined networking
  • Threat modelling
  • Trust management

Benefits of Publishing in a Special Issue

  • Ease of navigation: Grouping papers by topic helps scholars navigate broad scope journals more efficiently.
  • Greater discoverability: Special Issues support the reach and impact of scientific research. Articles in Special Issues are more discoverable and cited more frequently.
  • Expansion of research network: Special Issues facilitate connections among authors, fostering scientific collaborations.
  • External promotion: Articles in Special Issues are often promoted through the journal's social media, increasing their visibility.
  • e-Book format: Special Issues with more than 10 articles can be published as dedicated e-books, ensuring wide and rapid dissemination.

Further information on MDPI's Special Issue polices can be found here.

Published Papers (8 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

27 pages, 561 KiB  
Article
An Intrusion Detection System for RPL-Based IoT Networks
by Eric Garcia Ribera, Brian Martinez Alvarez, Charisma Samuel, Philokypros P. Ioulianou and Vassilios G. Vassilakis
Electronics 2022, 11(23), 4041; https://doi.org/10.3390/electronics11234041 - 5 Dec 2022
Cited by 10 | Viewed by 1988
Abstract
The Internet of Things (IoT) has become very popular during the last decade by providing new solutions to modern industry and to entire societies. At the same time, the rise of the industrial Internet of Things (IIoT) has provided various benefits by linking [...] Read more.
The Internet of Things (IoT) has become very popular during the last decade by providing new solutions to modern industry and to entire societies. At the same time, the rise of the industrial Internet of Things (IIoT) has provided various benefits by linking infrastructure around the world via sensors, machine learning, and data analytics. However, the security of IoT devices has been proven to be a major concern. Almost a decade ago, the IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL) was designed to handle routing in IoT and IIoT. Since then, numerous types of attacks on RPL have been published. In this paper, a novel intrusion detection system (IDS) is designed and implemented for RPL-based IoT. The objective is to perform an accurate and efficient detection of various types of routing and denial-of-service (DoS) attacks such as version number attack, blackhole attack, and grayhole attack, and different variations of flooding attacks such as Hello flood attack, DIS attack, and DAO insider attack. To achieve this, different detection strategies are combined, taking advantage of the strengths of each individual strategy. In addition, the proposed IDS is experimentally evaluated by performing a deep analysis of the aforementioned attacks in order to study the impact caused. This evaluation also estimates the accuracy and effectiveness of the IDS performance when confronted with the considered attacks. The obtained results show high detection accuracy. Furthermore, the overhead introduced in terms of CPU usage and power consumption is negligible. In particular, the CPU usage overhead is less than 2% in all cases, whereas the average power consumption increase is no more than 0.5%, which can be considered an insignificant impact on the overall resource utilisation. Full article
Show Figures

Figure 1

19 pages, 2350 KiB  
Article
Automation of Asset Inventory for Cyber Security: Investigation of Event Correlation-Based Technique
by Igor Kotenko, Elena Doynikova, Andrey Fedorchenko and Vasily Desnitsky
Electronics 2022, 11(15), 2368; https://doi.org/10.3390/electronics11152368 - 28 Jul 2022
Cited by 1 | Viewed by 3027
Abstract
Asset inventory is one of the essential steps in cyber security analysis and management. It is required for security risk identification. Current information systems are large-scale, heterogeneous, and dynamic. This complicates manual inventory of the assets as it requires a lot of time [...] Read more.
Asset inventory is one of the essential steps in cyber security analysis and management. It is required for security risk identification. Current information systems are large-scale, heterogeneous, and dynamic. This complicates manual inventory of the assets as it requires a lot of time and human resources. At the same time, an asset inventory should be continuously repeated because continuous modifications of system objects and topology lead to changes in the cyber security situation. Thus, a technique for automated identification of system assets and connections between them is required. The paper proposes a technique for automated inventory of assets and connections between them in different organizations. The developed technique is constructed based on event correlation methods, namely linking the system events to each other. The essence of the technique consists of the investigation of event characteristics and identifying the characteristics that arise solely together. This allows determining system assets via assigning event characteristics to specific asset types. The security risks depend on the criticality of the assets; thus, a discussion of automated calculation of the outlined assets’ criticality is provided. Outlined system objects and topology can be further used for restoring possible attack paths and security assessment. The applicability of the developed technique to reveal object properties and types is demonstrated in the experiments. Full article
Show Figures

Figure 1

19 pages, 1012 KiB  
Article
A Link Fabrication Attack Mitigation Approach (LiFAMA) for Software Defined Networks
by Katongole Joseph, Odongo Steven Eyobu, Philemon Kasyoka and Tonny J. Oyana
Electronics 2022, 11(10), 1581; https://doi.org/10.3390/electronics11101581 - 16 May 2022
Cited by 3 | Viewed by 2219
Abstract
In software defined networks (SDNs), the controller is a critical resource, yet it is a potential target for attacks as well. The conventional OpenFlow Discovery Protocol (OFPD) used in building the topological view for the controller has vulnerabilities that easily allow attackers to [...] Read more.
In software defined networks (SDNs), the controller is a critical resource, yet it is a potential target for attacks as well. The conventional OpenFlow Discovery Protocol (OFPD) used in building the topological view for the controller has vulnerabilities that easily allow attackers to poison the network topology by creating fabricated links with malicious effects. OFDP makes use of the link layer discovery protocol (LLDP) to discover existing links. However, the LLDP is not efficient at fabricated link detection. Existing approaches to mitigating this problem have mostly been passive approaches that depend on observing unexpected behaviour. Examples of such behaviour include link latency and packet patterns to trigger attack alerts. The problem with the existing solutions is that their implementations cause longer link discovery time. This implies that a dense SDN would suffer from huge delays in the link discovery process. In this study, we propose a link fabrication attack (LFA) mitigation approach (LiFAMA), which is an active mitigation approach and one that minimises the link discovery time. The approach uses LLDP packet authentication together with keyed-hash-based message authentication code (HMAC) and a link verification database (PostgreSQL) that stores records of all known and verified links in the network. This approach was implemented in an emulated SDN environment using Mininet and a Python-based open-source OpenFlow (POX) controller. The results show that the approach detects fabricated links in an SDN in real time and helps mitigate them. Additionally, the link discovery time of LiFAMA out-competes that of an existing LFA mitigation approach. Full article
Show Figures

Figure 1

23 pages, 999 KiB  
Article
A Reference Model for Cyber Threat Intelligence (CTI) Systems
by Georgios Sakellariou, Panagiotis Fouliras, Ioannis Mavridis and Panagiotis Sarigiannidis
Electronics 2022, 11(9), 1401; https://doi.org/10.3390/electronics11091401 - 27 Apr 2022
Cited by 15 | Viewed by 5036
Abstract
Cyber Threat Intelligence (CTI) is a new but promising field of information security, with many organizations investing in the development of proper tools and services and the integration of CTI related information. However, as a new field, there is a lack of a [...] Read more.
Cyber Threat Intelligence (CTI) is a new but promising field of information security, with many organizations investing in the development of proper tools and services and the integration of CTI related information. However, as a new field, there is a lack of a conceptual framework with corresponding definitions. This paper discusses CTI complexity factors, proposes a set of definitions of the CTI key concepts and an eight-layer CTI Reference Model as a base for CTI systems design. In addition, the proposed reference model is validated by applying it to three case studies, producing the respective CTI Reference Architectures. Full article
Show Figures

Figure 1

21 pages, 3245 KiB  
Article
A Study on Performance Metrics for Anomaly Detection Based on Industrial Control System Operation Data
by Ga-Yeong Kim, Su-Min Lim and Ieck-Chae Euom
Electronics 2022, 11(8), 1213; https://doi.org/10.3390/electronics11081213 - 12 Apr 2022
Cited by 8 | Viewed by 4128
Abstract
Recently, OT (operational technology) networks of industrial control systems have been combined with IT networks. Therefore, OT networks have inherited the vulnerabilities and attack paths existing in IT networks. Consequently, attacks on industrial control systems are increasing, and research on technologies combined with [...] Read more.
Recently, OT (operational technology) networks of industrial control systems have been combined with IT networks. Therefore, OT networks have inherited the vulnerabilities and attack paths existing in IT networks. Consequently, attacks on industrial control systems are increasing, and research on technologies combined with artificial intelligence for detecting attacks is active. Current research focuses on detecting attacks and improving the detection accuracy. Few studies exist on metrics that interpret anomaly detection results. Different analysis metrics are required depending on the characteristics of the industrial control system data used for anomaly detection and the type of attack they contain. We focused on the fact that industrial control system data are time series data. The accuracy and F1-score are used as metrics for interpreting anomaly detection results. However, these metrics are not suitable for evaluating anomaly detection in time series data. Because it is not possible to accurately determine the start and end of an attack, range-based performance metrics must be used. Therefore, in this study, when evaluating anomaly detection performed on time series data, we propose a range-based performance metric with an improved algorithm. The previously studied range-based performance metric time-series aware precision and recall (TaPR) evaluated all attacks equally. In this study, improved performance metrics were studied by deriving ambiguous instances according to the characteristics of each attack and redefining the algorithm of the TaPR metric. This study provides accurate assessments when performing anomaly detection on time series data and allows predictions to be evaluated based on the characteristics of the attack. Full article
Show Figures

Figure 1

17 pages, 2033 KiB  
Article
Towards Development of a High Abstract Model for Drone Forensic Domain
by Amel Ali Alhussan, Arafat Al-Dhaqm, Wael M. S. Yafooz, Shukor Bin Abd Razak, Abdel-Hamid M. Emara and Doaa Sami Khafaga
Electronics 2022, 11(8), 1168; https://doi.org/10.3390/electronics11081168 - 7 Apr 2022
Cited by 14 | Viewed by 2481
Abstract
Drone Forensics (DRF) is one of the subdomains of digital forensics, which aims to capture and analyse the drone’s incidents. It is a diverse, unclear, and complex domain due to various drone field standards, operating systems, and infrastructure-based networks. Several DRF models and [...] Read more.
Drone Forensics (DRF) is one of the subdomains of digital forensics, which aims to capture and analyse the drone’s incidents. It is a diverse, unclear, and complex domain due to various drone field standards, operating systems, and infrastructure-based networks. Several DRF models and frameworks have been designed based on different investigation processes and activities and for the specific drones’ scenarios. These models make the domain more complex and unorganized among domain forensic practitioners. Therefore, there is a lack of a generic model for managing, sharing, and reusing the processes and activities of the DRF domain. This paper aims to develop A Drone Forensic Metamodel (DRFM) for the DRF domain using the metamodeling development process. The metamodeling development process is used for constructing and validating a metamodel and ensuring that the metamodel is complete and consistent. The developed DRFM consists of three main stages: (1) identification stage, (2) acquisition and preservation stage, and (3) examination and data analysis stage. It is used to structure and organize DRF domain knowledge, which facilitates managing, organizing, sharing, and reusing DRF domain knowledge among domain forensic practitioners. That aims to identify, recognize, extract and match different DRF processes, concepts, activities, and tasks from other DRF models in a developed DRFM. Thus, allowing domain practitioners to derive/instantiate solution models easily. The consistency and applicability of the developed DRFM were validated using metamodel transformation (vertical transformation). The results indicated that the developed DRFM is consistent and coherent and enables domain forensic practitioners to instantiate new solution models easily by selecting and combining concept elements (attribute and operations) based on their model requirement. Full article
Show Figures

Figure 1

12 pages, 3150 KiB  
Article
Optimized URL Feature Selection Based on Genetic-Algorithm-Embedded Deep Learning for Phishing Website Detection
by Seok-Jun Bu and Hae-Jung Kim
Electronics 2022, 11(7), 1090; https://doi.org/10.3390/electronics11071090 - 30 Mar 2022
Cited by 23 | Viewed by 3155
Abstract
Deep learning models for phishing URL classification based on character- and word-level URL features achieve the best performance in terms of accuracy. Various improvements have been proposed through deep learning parameters, including the structure and learning strategy. However, the existing deep learning approach [...] Read more.
Deep learning models for phishing URL classification based on character- and word-level URL features achieve the best performance in terms of accuracy. Various improvements have been proposed through deep learning parameters, including the structure and learning strategy. However, the existing deep learning approach shows a degradation in recall according to the nature of a phishing attack that is immediately discarded after being reported. An additional optimization process that can minimize the false negatives by selecting the core features of phishing URLs is a promising avenue of improvement. To search the optimal URL feature set and to fully exploit it, we propose a combined searching and learning strategy that effectively models the URL classifier for recall. By incorporating the deep-learning-based URL classifier with the genetic algorithm to search the optimal feature set that minimizing the false negatives, an optimized classifier that guarantees the best performance was obtained. Extensive experiments on three real-world datasets consisting of 222,541 URLs showed the highest recall among the deep learning models. We demonstrated the superiority of the method by 10-fold cross-validation and confirmed that the recall improved compared to the latest deep learning method. In particular, the accuracy and recall were improved by 4.13%p and 7.07%p, respectively, compared to the convolutional–recurrent neural network in which the feature selection optimization was omitted. Full article
Show Figures

Figure 1

18 pages, 269 KiB  
Article
Data Protection and Cybersecurity Certification Activities and Schemes in the Energy Sector
by Iheanyi Nwankwo, Marc Stauch, Panagiotis Radoglou-Grammatikis, Panagiotis Sarigiannidis, George Lazaridis, Anastasios Drosou and Dimitrios Tzovaras
Electronics 2022, 11(6), 965; https://doi.org/10.3390/electronics11060965 - 21 Mar 2022
Cited by 4 | Viewed by 4107
Abstract
Cybersecurity concerns have been at the forefront of regulatory reform in the European Union (EU) recently. One of the outcomes of these reforms is the introduction of certification schemes for information and communication technology (ICT) products, services and processes, as well as for [...] Read more.
Cybersecurity concerns have been at the forefront of regulatory reform in the European Union (EU) recently. One of the outcomes of these reforms is the introduction of certification schemes for information and communication technology (ICT) products, services and processes, as well as for data processing operations concerning personal data. These schemes aim to provide an avenue for consumers to assess the compliance posture of organisations concerning the privacy and security of ICT products, services and processes. They also present manufacturers, providers and data controllers with the opportunity to demonstrate compliance with regulatory requirements through a verifiable third-party assessment. As these certification schemes are being developed, various sectors, including the electrical power and energy sector, will need to access the impact on their operations and plan towards successful implementation. Relying on a doctrinal method, this paper identifies relevant EU legal instruments on data protection and cybersecurity certification and their interpretation in order to examine their potential impact when applying certification schemes within the Electrical Power and Energy System (EPES) domain. The result suggests that the EPES domain employs different technologies and services from diverse areas, which can result in the application of several certification schemes within its environment, including horizontal, technological and sector-specific schemes. This has the potential for creating a complex constellation of implementation models and would require careful design to avoid proliferation and disincentivising of stakeholders. Full article
Back to TopTop