Critical Infrastructures (CIs) use Supervisory Control And Data Acquisition (SCADA) systems for remote control and monitoring. Sophisticated security measures are needed to address malicious intrusions, which are steadily increasing in number and variety due to the massive spread of connectivity and standardisation of open SCADA protocols. Traditional Intrusion Detection Systems (IDSs) cannot detect attacks that are not already present in their databases. Therefore, in this paper, we assess Machine Learning (ML) for intrusion detection in SCADA systems using a real data set collected from a gas pipeline system and provided by the Mississippi State University (MSU). The contribution of this paper is two-fold: 1) The evaluation of four techniques for missing data estimation and two techniques for data normalization, 2) The performances of Support Vector Machine (SVM), and Random Forest (RF) are assessed in terms of accuracy, precision, recall and F 1 score for intrusion detection. Two cases are differentiated: binary and categorical classifications. Our experiments reveal that RF detect intrusions effectively, with an F 1 score of respectively > 99%.

As of IEEE 802.11n, a wireless Network Interface Card (NIC) uses Channel State Information (CSI) to optimize the transmission over multiple antennas. CSI contain radio-metrics such as amplitude and phase. Due to scattering during hardware production these metrics exhibit unique properties. Since these information are transmitted unencrypted, they can be captured by a passive observer. We show that these information can be used to create a unique fingerprint of a wireless device, based on as little as 100 CSI packets per device collected with an off-the-shelf Wi-Fi card. For our proof of concept we captured data from seven smartphones including two identical models. We were able to identify more than 90% when using out-of-the-box Random Forrest (RF).

Industrial and Automation Control systems traditionally achieved security thanks to the use of proprietary protocols and isolation from the telecommunication networks. Nowadays, the advent of the Industrial Internet of Things poses new security challenges. In this paper, we first highlight the main security challenges that advocate for new risk assessment and security strategies. To this end, we propose a security framework and advanced tools to properly manage vulnerabilities, and to timely react to the threats. The proposed architecture fills the gap between computer science and control theoretic approaches. The physical layers connected to Industrial Control Systems are prone to disrupt when facing cyber-attacks. Considering the modules of the proposed architecture, we focus on the development of a practical framework to compare information about physical faults and cyber-attacks. This strategy is implemented in the ATENA architecture that has been designed as an innovative solution for the protection of critical assets.