Abstract
Attacks on Critical Infrastructures are increasing and becoming more sophisticated. In addition to security issues of Supervisory Control And Data Acquisition systems, new threats come from the recent adoption of Wireless Sensor Network (WSN) technologies. Traditional security solutions for solely Information Technology (IT) based infrastructures, such as the Security Information and Events Management (SIEM) systems, can be strongly enchanced to address such issues. In this paper we analyze limits of current SIEMs to protect CIs and propose a framework developed in the MASSIF Project to enhance services for data treatment. We present the Generic Event Translation and introduce the Resilient Storage modules to collect data from heterogeneous sources, improve the intelligence of the SIEM periphery, reliably store information of security breaches. Particularly, by focusing on the first two features, we illustrate how they can improve the detection of attacks targeting the WSN of a dam monitoring and control system.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Seung, H.K., Qiu-Hong, W., Johannes, B.U.: A comparative study of cyberattacks. Commun. ACM 55(3), 66–73 (2012), doi:10.1145/2093548.2093568
Symantec ® Applied Research: Symantec 2010 Critical Infrastructure Protection Study (Global Results) (October 2010)
Buttyan, L., Gessner, D., Hessler, A., Langendoerfer, P.: Application of wireless sensor networks in critical infrastructure protection: challenges and design options. Security and Privacy in Emerging Wireless Networks. IEEE Wireless Communications 17(5), 44–49 (2010), doi:10.1109/MWC.2010.5601957
Bai, X., Meng, X., Du, Z., Gong, M., Hu, Z.: Design of Wireless Sensor Network in SCADA System for Wind Power Plant. In: Proceedings of the IEEE International Conference on Automation and Logistics, Qingdao, China (2008)
Minteos DamWatch (2011), http://www.minteos.com/wp-content/uploads/2011/02/Microsoft-Word-minteos-damwatch_ita.pdf
Stouffer, K., Falco, J., Scarfone, K.: Guide to Industrial Control Systems (ICS) Security. National Institute of Standards and Technology (NIST), SP 800-82 (2011)
MASSIF project, http://www.massif-project.eu/
Bankovic, Z., Vallejo, J.C., Malagon, P., Araujo, I., Moya, J.M.: Eliminating routing protocol anomalies in wireless sensor networks using AI techniques. In: Proceedings of the 3rd ACM Workshop on Artificial Intelligence and Security (AISec 2010), pp. 8–13. ACM, New York (2010), doi:10.1145/1866423.1866426
Coppolino, L., D’Antonio, S., Romano, L., Spagnuolo, G.: An Intrusion Detection System for Critical Information Infrastructures using Wireless Sensor Network technologies. In: 5th International Conference on Critical Infrastructure (CRIS), pp. 1–8 (2010)
Wang, Q., Wang, S., Meng, Z.: Applying an Intrusion Detection Algorithm to Wireless Sensor Networks. In: Second International Workshop on Knowledge Discovery and Data Mining, WKDD 2009, pp. 284–287 (2009)
MASSIF project. Scenario requirements Deliverable D2.1.1, Project MASSIF (April 2011)
RSATM Security: RSA enVisionTM Universal Device Support Guide (2008)
AlienVaultTM: Available OSSIM Plugin List (2010)
ArcSightTM: ArcSightTM Smartconnector (2009)
Q1LabsTM: Supported devices, http://q1labs.com/products/supported-devices.aspx
The Committee on the Judiciary House of Representatives: Federal Rules of Evidence (December 2010), http://judiciary.house.gov/hearings/printers/111th/evid2010.pdf
Sousa, P., Bessani, A., Correia, M., Neves, N., Verissimo, P.: Highly available intrusion-tolerant services with proactive-reactive recovery. IEEE Transactions on Parallel and Distributed Systems 21(4) (2010)
BSD Syslog Protocol, RFC 3164, http://www.ietf.org/rfc/rfc3164.txt
Campanile, F., Cilardo, A., Coppolino, L., Romano, L.: Adaptable Parsing of Real-Time Data Streams. In: Proceedings of the 15th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP 2007), pp. 412–418. IEEE Computer Society, Washington, DC (2007), doi:10.1109/PDP.2007.16
Home of SMC: the State Machine Compiler, http://smc.sourceforge.net/
Shoup, V.: Practical Threshold Signatures. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 207–220. Springer, Heidelberg (2000)
Zhu, Q., Hsu, W.W.: Fossilized Index: The Linchpin of Trustworthy Non-Alterable Electronic Records. In: Proceedings of the ACM International Conference on Management of Data, Baltimore, Maryland, pp. 395–406 (June 2005)
Langner, R.: Stuxnet: Dissecting a Cyberwarfare Weapon. IEEE Security and Privacy 9(3), 49–51 (2011), doi:10.1109/MSP.2011.67
Parthasarathy, R., Peterson, N., Song, W.Z., Hurson, A., Behrooz Shirazi, A.: Over the Air Programming on Imote2-Based Sensor Networks. In: 43rd Hawaii International Conference on System Sciences, pp. 1–9 (2010)
McNabb, J.: Vulnerabilities of Wireless Water Meter Networks. In: DEF.CON Hacking Conference (2011)
Mango, Open Surce M2M, http://mango.serotoninsoftware.com/
LibeliumTM Waspmote, http://www.libelium.com/products/waspmote
SnortTM, Network IDS/IPS, http://www.snort.org/
OSSIM AlienVaultTM, http://www.alienvault.com/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Romano, L., D’Antonio, S., Formicola, V., Coppolino, L. (2012). Protecting the WSN Zones of a Critical Infrastructure via Enhanced SIEM Technology. In: Ortmeier, F., Daniel, P. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2012. Lecture Notes in Computer Science, vol 7613. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33675-1_20
Download citation
DOI: https://doi.org/10.1007/978-3-642-33675-1_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33674-4
Online ISBN: 978-3-642-33675-1
eBook Packages: Computer ScienceComputer Science (R0)