论文信息 - Novelty detection and management to safeguard information-intensive critical infrastructures

Novelty detection and management to safeguard information-intensive critical infrastructures

When the complexity of a system increases, the number of possible faults and anomalous working conditions becomes very high; on the contrary, the number of 'normal' behaviours is generally low and often well determined by rules and constraints defined by the characteristics of the furnished services. In this paper, after a general overview of the SAFEGUARD system, a more detailed description of the agents, dedicated to early detection of anomalies and failures inside a Supervisory and Control and Data Acquisition (SCADA) system of an electricity transmission network is given. The paper also describes how it is possible to correlate the detected novelty events and to decide the right recovery policies avoiding inappropriate reactions caused by false alarms. A test benchmark of the novelty detection agents will be executed inside a simulated SCADA electricity transmission system and the layout of the utilised testing environment is described in the paper.

[1] Stephanie Forrest,et al. Architecture for an Artificial Immune System , 2000, Evolutionary Computation.

[2] Qiang Yang,et al. ActiveCBR: An Agent System That Integrates Case-Based Reasoning and Active Databases , 2001, Knowledge and Information Systems.

[3] Hervé Debar,et al. Aggregation and Correlation of Intrusion-Detection Alerts , 2001, Recent Advances in Intrusion Detection.

[4] TERRAN LANE,et al. Temporal sequence learning and data reduction for anomaly detection , 1999, TSEC.

[5] Laura Painton Swiler,et al. A graph-based network-vulnerability analysis system , 1997, S&P 1998.

[6] Michael D. Ernst,et al. Dynamically discovering likely program invariants , 2000 .

[7] James M. Kendra,et al. Creativity in Emergency Response After The World Trade Center Attack , 2002 .

[8] Andrew P. Moore,et al. Attack Modeling for Information Security and Survivability , 2001 .

[9] Frédéric Cuppens,et al. Alert correlation in a cooperative intrusion detection framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[10] Deborah A. Frincke,et al. CONCERNS ABOUT INTRUSIONS INTO REMOTELY ACCESSIBLE SUBSTATION CONTROLLERS AND SCADA SYSTEMS , 2000 .