Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
SpringerLink
Log in

High-Speed Intrusion Detection in Support of Critical Infrastructure Protection

  • Conference paper
Critical Information Infrastructures Security (CRITIS 2006)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 4347))

Abstract

Telecommunication network plays a fundamental role in the management of critical infrastructures since it is largely used to transmit control information among the different elements composing the architecture of a critical system. The health of a networked system strictly depends on the security mechanisms that are implemented in order to assure the correct operation of the communication network. For this reason, the adoption of an effective network security strategy is seen as an important and necessary task of a global methodology for critical infrastructure protection. In this paper we present 2 contributions. First, we present a distributed architecture that aims to secure the communication network upon which the critical infrastructure relies. This architecture is composed of an intrusion detection system (IDS) which is built on top of a customizable flow monitor. Second, we propose an innovative method to extrapolate real-time information about user behavior from network traffic. This method consists in monitoring traffic flows at different levels of granularity in order to discover ongoing attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Dunn, M., Wigert, I.: An Inventory and Analysis of Protection Policies in Fourteen Countries. In: Wenger, A., Metzger, J. (eds.) International CIIP (Critical Information Infrastructure Protection) Handbook 2004, ETH Swiss Federal Institute fo Technology Zurich (2004)

    Google Scholar 

  2. U.S. Government, The National Strategy for The Physical Protection of Critical Infrastructures and Key Assets. The White House, Washington, USA (2003)

    Google Scholar 

  3. U.S. Government,Green Paper on a European Programme for Critical Infrastructure Protection COM (2005)576, Brussels (2005)

    Google Scholar 

  4. Byres, E., Lowe, J.: The Myths and Facts behind Cyber Security Risks for Industrial Control Systems, British Columbia Institute of Technology

    Google Scholar 

  5. Lavalle, L., Balducelli, C., Vicoli, G.: Anomaly Detection Approach to Safeguard Critical Infrastructures: A Knowledge Engineering Process on a SCADA Case Study. In: Proceedings of Complex Network and Infrastructure Protection (CNIP 2006) (March 2006)

    Google Scholar 

  6. Communication from the Commission to the Council and the European Parliament Critical Infrastructure Protection in the fight against terrorism COM (704)2004, Brussels (October 2004)

    Google Scholar 

  7. Shea, D.A.: Critical Infrastructure: Control Systems and the Terrorist Threat, in Report for Congress RL31534. The Library of Congress (Febraury 2003)

    Google Scholar 

  8. Davis, P.: Abuse and Misuse of Firewalls in SCADA and Control Systems Environments. In: Proceedings of Complex Network and Infrastructure Protection (CNIP 2006) (March 2006)

    Google Scholar 

  9. Esposito, M., Mazzariello, C., Oliviero, F., Romano, S.P., Sansone, C.: Evaluating Pattern Recognition Techniques in Intrusion Detection Systems. In: Proceedings of 5th Workshop on Pattern Recognition in Information Systems (PRIS 2005) (May 2005)

    Google Scholar 

  10. D’Antonio, S., Mazzariello, C., Oliviero, F., Salvi, D.: A distributed multi-purpose IP flow monitor. In: Proceedings of 3rd International Workshop on Internet Performance, Simulation, Monitoring and Measurement (IPS-MoMe 2005) (March 2005)

    Google Scholar 

  11. Vigna, G., Kemmerer, R.: Netstat: a network based intrusion detection system. Journal of Computer Security 7(1) (1999)

    Google Scholar 

  12. Anderson, D.: Detecting usual program behavior using the statistical component of the next-generation intrusion detection expert system (nides), Technical report, Computer Science Laboratory (1995)

    Google Scholar 

  13. Tyson, M.: Derbi: Diagnosys explanation and recovery from computer break-ins, Technical report, SRI International (2000)

    Google Scholar 

  14. Rebecca Gurley Bace. Intrusion Detection. Macmillan Technical Publishing, Basingstoke (January 2000)

    Google Scholar 

  15. Lakhina, A., Crovella, M., Diot, C.: Mining anomalies using traffic feature distributions. In: Proceedings of ACM SIGCOMM 2005 (August 2005)

    Google Scholar 

  16. Mahoney, M.V.: Network traffic anomaly detection based on packet bytes. In: Proceedings of ACM SAC 2003 (2003)

    Google Scholar 

  17. Baker, A.R., Caswell, B., Poor, M.: Snort 2.1 Intrusion Detection, 2nd edn., Syngress (2004)

    Google Scholar 

  18. Paxson, V., Terney, B.: Bro reference manual (2004)

    Google Scholar 

  19. Lindqvist, U., Porras, P.A.: Detecting computer and network misuse through the production-based expert system toolset (p-best). In: Proceedings of the 1999 IEEE Symposium on Security and Privacy, Oakland, California, May 1999, pp. 146–161 (1999)

    Google Scholar 

  20. Wenke Lee, W., Stolfo, S.J.: A framework for constructing features and models for intrusion detection systems. ACM Transactions on Information and System Security (TISSEC) 3(4), 227–261 (2000)

    Article  Google Scholar 

  21. Barbara, D., Couto, J., Jajodia, S., Popyack, L., Wu, N.: Adam: Detecting intrusion by data mining. In: Proceedings of the Workshop on Information Assurance and Security (2001)

    Google Scholar 

  22. Sadasivan, G., Brownlee, N., Claise, B., Quittek, J.: Ipfix working group internet draft, architecture model for ip flow information export, Internet draft, IETF (January 2005)

    Google Scholar 

  23. Kitatsuji, Y., Yamazaki, K.: A distributed real-time tool for ip-flow measurement. In: Proceedings of the 2004 International Symposium on Applications and the Internet (2004)

    Google Scholar 

  24. Falko Dressler, F., Carle, G.: History - high speed network monitoring and analysis. In: Proceedings of 24th IEEE Conference on Computer Communications (IEEE INFOCOM 2005) (March 2005)

    Google Scholar 

  25. Abad, C., Li, Y., Lakkaraju, K., Yin, X., Yurcik, W.: Correlation between netflow system and network views for intrusion detection. In: Proceedings of Workshop on Link Analysis, Counter-terrorism, and Privacy held in conjunction with SDM 2004 (2004)

    Google Scholar 

  26. Yin, X., Yurcik, W., Treaster, M., Li, Y., Lakkaraju, K.: Visflowconnect: netflow visualizations of link relationships for security situational awareness. In: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, pp. 26–34. ACM Press, New York (2004)

    Chapter  Google Scholar 

  27. Abad, C., Taylor, J., Sengul, C., Yurcik, W., Zhou, Y., Rowe, K.: Log correlation for intrusion detection: A proof of concept. In: Proceedings of the 19th Annual Computer Security Applications Conference (ACSAC) (2003)

    Google Scholar 

  28. Li, Z., Taylor, J., Partridge, E., Zhou, Y., Yurcik, W., Abad, C., Barlow, J., Rosendale, J.: Uclog: A unified, correlated logging architecture for intrusion detection. In: Proceedings of the 12th International Conference on Telecommunication Systems, Modeling and Analysis (ICTSM) (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Lab. ITeM – Consorzio Interuniversitario Nazionale per l’Informatica, CINI,  

    Salvatore D’Antonio

  2. Dipartimento di Informatica e Sistemistica, University of Napoli Federico II,  

    Francesco Oliviero

  3. Complex Systems & Security Lab, University CAMPUS Bio-Medico of Roma,  

    Roberto Setola

Authors
  1. Salvatore D’Antonio
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Francesco Oliviero
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Roberto Setola
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Information and Communication Technologies, University of A Coruña, Spain

    Javier Lopez

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

D’Antonio, S., Oliviero, F., Setola, R. (2006). High-Speed Intrusion Detection in Support of Critical Infrastructure Protection. In: Lopez, J. (eds) Critical Information Infrastructures Security. CRITIS 2006. Lecture Notes in Computer Science, vol 4347. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11962977_18

Download citation

  • DOI: https://doi.org/10.1007/11962977_18

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-69083-2

  • Online ISBN: 978-3-540-69084-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation