|
Detection, Correlation, and Visualization of Attacks against Critical Infrastructure Systems
by Dr. Linda Briesemeister, Dr. Steven Cheung, Dr. Ulf Lindqvist & Alfonso Valdes.
Eighth Annual Conference on Privacy, Security and Trust.
Ottawa, Ontario, Canada. August 17-19, 2010, pp. 15-22.
Abstract
Digital control systems are essential to the safe and
efficient operation of a variety of industrial processes in sectors
such as electric power, oil and gas, water treatment, and manufacturing.
Modern control systems are increasingly connected
to other control systems as well as to corporate systems. They
are also increasingly adopting networking technology and system
and application software from conventional enterprise systems.
These trends can make control systems vulnerable to cyber
attack, which in the case of control systems may impact physical
processes causing environmental harm or injury.
We present some results of the DATES (Detection and Analysis
of Threats to the Energy Sector) project, wherein we adapted
and developed several intrusion detection technologies for control
systems. The suite of detection technologies was integrated and
connected to a commercial security event correlation framework
from ArcSight. We demonstrated the efficacy of our detection and
correlation solution on two coupled testbed environments. We
particularly focused on detection, correlation, and visualization
of a network traversal attack, where an attacker penetrates
successive network layers to compromise critical assets that
directly control the underlying process. Such an attack is of
particular concern in the layered architectures typical of control
system implementations.
BibTEX Entry
@InProceedings{Briesemeister:2010:PST,
author = "Linda Briesemeister and Steven Cheung and Ulf Lindqvist and Alfonso Valdes",
title = "Detection, Correlation, and Visualization of Attacks against Critical Infrastructure Systems",
booktitle = "Eighth Annual Conference on Privacy, Security and Trust",
address = "Ottawa, Ontario, Canada",
month = aug # "~17--19,",
year = 2010
}
@INPROCEEDINGS{5593242,
author={Briesemeister, L. and Cheung, S. and Lindqvist, U. and Valdes, A.},
booktitle={Privacy Security and Trust (PST), 2010 Eighth Annual International Conference on}, title={Detection, correlation, and visualization of attacks against critical infrastructure systems},
year={2010},
pages={15-22},
keywords={security of data;DATES;commercial security event correlation framework;cyber attack;digital control systems;intrusion detection technologies;network traversal attack;Control systems;Correlation;Intrusion detection;Monitoring;Process control;Servers;alert correlation;anomaly detection;control system security;critical infrastructure security;intrusion;security information event management},
doi={10.1109/PST.2010.5593242},}
Files
Final published version available at IEEE Xplore |
|