Integration of a System for Critical Infrastructure Protection with the OSSIM SIEM Platform: A dam case study

Coppolino, Luigi; D’Antonio, Salvatore; Formicola, Valerio; Romano, Luigi

doi:10.1007/978-3-642-24270-0_15

Cited by 17 publications

(6 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The Response Module receives the output of the ARIES Analysis Engine and generates security events based on the AlienVault Open Source SIEM (OSSIM) [ 49 , 50 ] format. Moreover, based on the information originating from the three detection layers of ARIES, it activates appropriate firewall rules to mitigate timely the potential intrusions.…”

Section: Aries Architecturementioning

confidence: 99%

ARIES: A Novel Multivariate Intrusion Detection System for Smart Grid

Radoglou-Grammatikis

Sarigiannidis

Efstathopoulos³

et al. 2020

Sensors

View full text Add to dashboard Cite

The advent of the Smart Grid (SG) raises severe cybersecurity risks that can lead to devastating consequences. In this paper, we present a novel anomaly-based Intrusion Detection System (IDS), called ARIES (smArt gRid Intrusion dEtection System), which is capable of protecting efficiently SG communications. ARIES combines three detection layers that are devoted to recognising possible cyberattacks and anomalies against (a) network flows, (b) Modbus/Transmission Control Protocol (TCP) packets and (c) operational data. Each detection layer relies on a Machine Learning (ML) model trained using data originating from a power plant. In particular, the first layer (network flow-based detection) performs a supervised multiclass classification, recognising Denial of Service (DoS), brute force attacks, port scanning attacks and bots. The second layer (packet-based detection) detects possible anomalies related to the Modbus packets, while the third layer (operational data based detection) monitors and identifies anomalies upon operational data (i.e., time series electricity measurements). By emphasising on the third layer, the ARIES Generative Adversarial Network (ARIES GAN) with novel error minimisation functions was developed, considering mainly the reconstruction difference. Moreover, a novel reformed conditional input was suggested, consisting of random noise and the signal features at any given time instance. Based on the evaluation analysis, the proposed GAN network overcomes the efficacy of conventional ML methods in terms of Accuracy and the F1 score.

show abstract

Section: Aries Architecturementioning

confidence: 99%

ARIES: A Novel Multivariate Intrusion Detection System for Smart Grid

Radoglou-Grammatikis

Sarigiannidis

Efstathopoulos³

et al. 2020

Sensors

View full text Add to dashboard Cite

show abstract

“…SIEM System. The KONFIDO SIEM will extend some existing SIEM solutions [3,4], and customize them based on the specific requirements of a federated environment compliant to the OpenNCP model. The KONFIDO SIEM will be able to analyse information and events collected using a holistic approach at the different levels of the monitored system to discover possible ongoing attacks, or anomalous situations.…”

Section: Puf-based Random Number Generatormentioning

confidence: 99%

KONFIDO: An OpenNCP-Based Secure eHealth Data Exchange System

Staffa

Coppolino

Sgaglione

et al. 2018

Communications in Computer and Information Science

Self Cite

View full text Add to dashboard Cite

Allowing cross-border health-care data exchange by establishing a uniform QoS level of health-care systems across European states, represents one of the current main goals of the European Commission. For this purpose epSOS project was funded with the objective to overcome interoperability issues in patients health information exchange among European healthcare systems. A main achievement of the project was the OpenNCP platform. Settled over the results of the epSOS project, KONFIDO aims at increasing trust and security of eHealth data exchange by adopting a holistic approach, as well as at increasing awareness of security issues among the healthcare community. In this light, the paper describes the KONFIDO project's approach and discusses its design and its representation as a system of interacting agents. It finally discusses the deployment of the provided platform.

show abstract

“…Both types of collectors execute format translation tasks, but do not perform content analysis and advanced data manipulation such as aggregation, filtering, correlation, anonymization and content-based encryption. Coppolino, et al [7] have demonstrated that the OSSIM SIEM system can be used to protect critical infrastructures in a non-intrusive manner (i.e., without modifying SIEM framework components). They also show how to process physical layer data on the OSSIM server.…”

Section: Related Workmentioning

confidence: 99%

Assessing the Impact of Cyber Attacks on Wireless Sensor Nodes That Monitor Interdependent Physical Systems

Formicola

Pietro

Alsubaie

et al. 2014

Progress in Pattern Recognition, Image Analysis, Computer Vision, and Applications

Self Cite

View full text Add to dashboard Cite

This paper describes a next-generation security information and event management (SIEM) platform that performs real-time impact assessment of cyber attacks that target monitoring and control systems in interdependent critical infrastructures. To assess the effects of cyber attacks on the services provided by critical infrastructures, the platform combines security analysis with simulations produced by the Infrastructure Interdependencies Simulator (i2Sim). The approach is based on the mixed holistic reductionist (MHR) methodology that models the relationships between functional components of critical infrastructures and the provided services. The effectiveness of the approach is demonstrated using a scenario involving a dam that feeds a hydroelectric power plant. The scenario considers an attack on a legacy SCADA system and wireless sensor network that reduces electricity production and degrades the services provided by the interdependent systems. The results demonstrate that the attack is detected in a timely manner, risk assessment is performed effectively and service level variations can be predicted. The paper also shows how the impact of attacks on services can be estimated when limits are imposed on information sharing.

show abstract

Integration of a System for Critical Infrastructure Protection with the OSSIM SIEM Platform: A dam case study

Cited by 17 publications

References 5 publications

ARIES: A Novel Multivariate Intrusion Detection System for Smart Grid

ARIES: A Novel Multivariate Intrusion Detection System for Smart Grid

KONFIDO: An OpenNCP-Based Secure eHealth Data Exchange System

Assessing the Impact of Cyber Attacks on Wireless Sensor Nodes That Monitor Interdependent Physical Systems

Contact Info

Product

Resources

About