Abstract
Critical Infrastructure Protection (CIP) faces increasing challenges in number and in sophistication, which makes vital to provide new forms of protection to face every day’s threats. In order to make such protection holistic, covering all the needs of the systems from the point of view of security, prevention aspects and situational awareness should be considered. Researchers and Institutions stress the need of providing intelligent and automatic solutions for protection, calling our attention to the need of providing Intrusion Detection Systems (IDS) with intelligent active reaction capabilities. In this paper, we support the need of automating the processes implicated in the IDS solutions of the critical infrastructures and theorize that the introduction of Machine Learning (ML) techniques in IDS will be helpful for implementing automatic adaptable solutions capable of adjusting to new situations and timely reacting in the face of threats and anomalies. To this end, we study the different levels of automation that the IDS can implement, and outline a methodology to endow critical scenarios with preventive automation. Finally, we analyze current solutions presented in the literature and contrast them against the proposed methodology.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
European Commission: COM(2011) 163 Achievements and Next Steps: Towards Global Cyber-Security. Publications Office (2011)
European Commission: COM(2009) 149 Protecting Europe from Large Scale Cyber-Attacks and Disruptions: Enhancing Preparedness, Security and Resilience. Publications Office (2009)
Scarfone, K., Mell, P.: Guide to Intrusion Detection and Prevention Systems (IDPS). NIST Special Publication SP 800-94 (2012)
Chertoff, M.: National Infrastructure Protection Plan. Department of Homeland Security (DHS), Washington (2009)
Alcaraz, C., Lopez, J.: Wide-Area Situational Awareness for Critical Infrastructure Protection. IEEE Computer 46(4), 30–37 (2013), http://doi.ieeecomputersociety.org/10.1109/MC.2013.72
Burbeck, K., Nadjm-Tehrani, S.: Adaptive Real-Time Anomaly Detection with Incremental Clustering. Information Security Technical Report 12(1), 56–67 (2007)
Witten, I., Frank, E., Hall, M.: Data Mining: Practical Machine Learning Tools and Techniques. M. Kaufmann (2011)
Roosta, T., Nilsson, D., Lindqvist, U., Valdes, A.: An Intrusion Detection System for Wireless Process Control Systems. In: 5th IEEE International Conference on Mobile Ad Hoc and Sensor Systems, MASS 2008, pp. 866–872. IEEE (2008)
Düssel, P., Gehl, C., Laskov, P., Bußer, J., Störmann, C., Kästner, J.: Cyber-Critical Infrastructure Protection using Real-Time Payload-Based Anomaly Detection. Critical Information Infrastructures Security, 85–97 (2010)
D’Antonio, S., Oliviero, F., Setola, R.: High-Speed Intrusion Detection in Support of Critical Infrastructure Protection. Critical Information Infrastructures Security, 222–234 (2006)
Yang, D., Usynin, A., Hines, J.: Anomaly-based Intrusion Detection for SCADA Systems. In: 5th Intl. Topical Meeting on Nuclear Plant Instrumentation, Control and Human Machine Interface Technologies (NPIC&HMIT 2005), pp. 12–16 (2006)
Hadziosmanovic, D., Bolzoni, D., Hartel, P., Etalle, S.: MELISSA: Towards Automated Detection of Undesirable User Actions in Critical Infrastructures (2011)
Carcano, A., Fovino, I., Masera, M., Trombetta, A.: State-Based Network Intrusion Detection Systems for SCADA Protocols: a Proof of Concept. Critical Information Infrastructures Security, 138–150 (2010)
Reeves, J., Ramaswamy, A., Locasto, M., Bratus, S., Smith, S.: Intrusion Detection for Resource-Constrained Embedded Control Systems in the Power Grid. International Journal of Critical Infrastructure Protection (2012)
Cheung, S., Dutertre, B., Fong, M., Lindqvist, U., Skinner, K., Valdes, A.: Using Model-based Intrusion Detection for SCADA Networks. In: Proceedings of the SCADA Security Scientific Symposium, pp. 127–134 (2007)
Lin, H., Slagell, A., Martino, C.D., Kalbarczyk, Z., Iyer, R.: Adapting Bro into SCADA: Building a Specification-based Intrusion Detection System for the DNP3 Protocol (2012)
Raciti, M., Nadjm-Tehrani, S.: Embedded cyber-physical anomaly detection in smart meters. In: Hämmerli, B.M., Kalstad Svendsen, N., Lopez, J. (eds.) CRITIS 2012. LNCS, vol. 7722, pp. 34–45. Springer, Heidelberg (2013)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer International Publishing Switzerland
About this paper
Cite this paper
Cazorla, L., Alcaraz, C., Lopez, J. (2013). Towards Automatic Critical Infrastructure Protection through Machine Learning. In: Luiijf, E., Hartel, P. (eds) Critical Information Infrastructures Security. CRITIS 2013. Lecture Notes in Computer Science, vol 8328. Springer, Cham. https://doi.org/10.1007/978-3-319-03964-0_18
Download citation
DOI: https://doi.org/10.1007/978-3-319-03964-0_18
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-03963-3
Online ISBN: 978-3-319-03964-0
eBook Packages: Computer ScienceComputer Science (R0)