Big Data in Critical Infrastructures Security Monitoring: Challenges and Opportunities

Critical Infrastructures (CIs), such as smart power grids, transport systems, and financial infrastructures, are more and more vulnerable to cyber threats, due to the adoption of commodity computing facilities. Despite the use of several monitoring tools, recent attacks have proven that current defensive mechanisms for CIs are not effective enough against most advanced threats. In this paper we explore the idea of a framework leveraging multiple data sources to improve protection capabilities of CIs. Challenges and opportunities are discussed along three main research directions: i) use of distinct and heterogeneous data sources, ii) monitoring with adaptive granularity, and iii) attack modeling and runtime combination of multiple data analysis techniques.

[1]  Qiang Fu,et al.  Mining Invariants from Console Logs for System Problem Detection , 2010, USENIX Annual Technical Conference.

[2]  Giuseppe De Pietro,et al.  MobiFuzzy: A Fuzzy Library to Build Mobile DSSs for Remote Patient Monitoring , 2012, AIS.

[3]  Sushil Jajodia,et al.  Scalable Analysis of Attack Scenarios , 2011, ESORICS.

[4]  Stefano Russo,et al.  Detection of Software Failures through Event Logs: An Experimental Study , 2012, 2012 IEEE 23rd International Symposium on Software Reliability Engineering.

[5]  Domenico Saccà,et al.  Intrusion Detection with Hypergraph-Based Attack Models , 2013, GKR.

[6]  Domenico Cotroneo,et al.  Towards secure monitoring and control systems: Diversify! , 2013, 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[7]  Mihai Budiu,et al.  Hunting for Problems with Artemis , 2008, WASL.

[8]  Andrea Bondavalli,et al.  A Statistical Anomaly-Based Algorithm for On-line Fault Detection in Complex Software Critical Systems , 2011, SAFECOMP.

[9]  Domenico Cotroneo,et al.  Assessing time coalescence techniques for the analysis of supercomputer logs , 2012, IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012).

[10]  Domenico Cotroneo,et al.  Event Logs for the Analysis of Software Failures: A Rule-Based Approach , 2013, IEEE Transactions on Software Engineering.

[11]  Stefano Russo,et al.  Mining Invariants from SaaS Application Logs (Practical Experience Report) , 2014, 2014 Tenth European Dependable Computing Conference.

[12]  V. S. Subrahmanian,et al.  Fast Activity Detection: Indexing for Temporal Stochastic Automaton-Based Activity Models , 2013, IEEE Transactions on Knowledge and Data Engineering.

[13]  Hideaki Hashimoto,et al.  Distributed cyber attack detection for power network systems , 2011, IEEE Conference on Decision and Control and European Control Conference.

[14]  Domenico Cotroneo,et al.  Identifying Compromised Users in Shared Computing Infrastructures: A Data-Driven Bayesian Network Approach , 2011, 2011 IEEE 30th International Symposium on Reliable Distributed Systems.

[15]  Sushil Jajodia,et al.  Scalable Detection of Cyber Attacks , 2011, CISIM.

[16]  V. S. Subrahmanian,et al.  MAGIC: A Multi-Activity Graph Index for Activity Detection , 2007, 2007 IEEE International Conference on Information Reuse and Integration.

[17]  Andrea Bondavalli,et al.  Experimental analysis of the first order time difference of indicators used in the monitoring of complex systems , 2013, 2013 IEEE International Workshop on Measurements & Networking (M&N).

[18]  Cristian Molinaro,et al.  PASS: A Parallel Activity-Search System , 2014, IEEE Transactions on Knowledge and Data Engineering.

[19]  Shahaboddin Shamshirband,et al.  Anomaly Detection Using Cooperative Fuzzy Logic Controller , 2013, FIRA.

[20]  Haifeng Chen,et al.  Fault detection and localization in distributed systems using invariant relationships , 2013, 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).