Safeguarding information intensive critical infrastructures against novel types of emerging failures

Abstract The complexity of information intensive critical infrastructures, like electricity networks, telecommunication networks and public transportation networks is today augmented much more than in the past: such complexity augments the number of possible failures and anomalous working conditions and consequently decreases the survivability of the infrastructures. In this paper, the possibility is investigated to detect early anomalies and failures inside information intensive critical infrastructures by the introduction of anomaly detectors being “self-aware” about the normal working conditions of the infrastructure itself. This approach has the objective to improve the performance of the most popular signature-based algorithms for intrusion detection, and makes use of different classes of time-oriented algorithms based on artificial intelligence paradigm. It has the advantage to work also in presence of unknown and unexpected types of attacks or failures. The tests, to evaluate the performance of the utilised detectors, are executed inside an emulated supervisory control and data acquisition (SCADA) system of an electrical power transmission grid, and a proposal for the future integration inside real SCADA systems is also reported.

[1]  Nancy R. Mead,et al.  The Survivability Imperative: Protecting Critical Systems , 2000 .

[2]  Stephanie Forrest,et al.  Operating system stability and security through process homeostasis , 2002 .

[3]  Enrico Tronci,et al.  Electric Power System Anomaly Detection Using Neural Networks , 2004, KES.

[4]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[5]  Sotiris B. Kotsiantis,et al.  Local voting of weak classifiers , 2005, Int. J. Knowl. Based Intell. Eng. Syst..

[6]  Partha Pal,et al.  Defense-enabled applications , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[7]  Bruce Schneier,et al.  Secrets and Lies: Digital Security in a Networked World , 2000 .

[8]  Nancy R. Mead,et al.  Survivable Network Systems: An Emerging Discipline , 1997 .

[9]  TERRAN LANE,et al.  Temporal sequence learning and data reduction for anomaly detection , 1999, TSEC.

[10]  Qiang Yang,et al.  ActiveCBR: An Agent System That Integrates Case-Based Reasoning and Active Databases , 2001, Knowledge and Information Systems.

[11]  Ian Witten,et al.  Data Mining , 2000 .

[12]  Nancy R. Mead,et al.  Survivable Network System Analysis: A Case Study , 1999, IEEE Softw..

[13]  John A. Zinky,et al.  Open implementation toolkit for building survivable applications , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[14]  Nancy R. Mead,et al.  Survivability: Protecting Your Critical Systems , 1999, IEEE Internet Comput..

[15]  Mohammad Shahidehpour,et al.  The IEEE Reliability Test System-1996. A report prepared by the Reliability Test System Task Force of the Application of Probability Methods Subcommittee , 1999 .

[16]  Suresh L. Konda,et al.  A Simulation Model for Managing Survivability of Networked Information Systems , 2000 .