Abstract
Until now, in most organizations, physical access systems and logical security systems have operated as two independent elements, and have been managed by completely separate departments. The lack of interoperability between the two sectors often resulted in a security hole of the overall infrastructure. An attacker who has physical access can not only steal a PC or confidential data, but can also compromise network security. Therefore, a combination of physical and logical security definitively allows for a more effective protection of the organization. In this work we present a correlation system which aims at bringing a significant advancement in the convergence of physical and logical security technologies. By “convergence” we mean effective cooperation (i.e. a coordinated and results-oriented effort to work together) among previously disjointed functions. The holistic approach and enhanced awareness technology of our solution allows dependable (i.e. accurate, timely, and trustworthy) detection and diagnosis of attacks. This ultimately results in the achievement of two goals of paramount importance, and precisely guaranteeing the protection of citizens and assets, and improving the perception of security by citizens. The effectiveness of the proposed solution is demonstrated in a scenario that deals with the protection of a real Critical Infrastructure. Three misuse cases have been implemented in a simulation environment in order to show how the correlation system allows for the detection of different attack patterns.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Tips to reduce false security alarms with proper installation, education and training. http://www.sourcesecurity.com/news/articles/co-2173-ga.4866.html
Repp, N., Berbner, R., Heckmann, O., Steinmetz, R.: A cross-layer approach to performance monitoring of web services. In: Proceedings of the Workshop on Emerging Web Services Technology, CEUR-WS, December 2006
Yu-Sung, W., Bagchi, S., Garg, S., Singh, N.: SCIDIVE: a stateful and cross protocol intrusion detection architecture for voice-over-IP environments. In: Proceedings of Dependable Systems and Networks Conference, 28 June 2004, pp. 433–442 (2004)
Vigna, G., Robertson, W., Vishal, K., Kemmerer, R.A.: A stateful intrusion detection system for World-Wide Web servers. In: Proceedings of the 19th Annual Computer Security Applications Conference, 8–12 December 2003, pp. 34–43 (2003)
Verssimo, P., Correia, M., Neves, N., Sousa, P.: Intrusion-resilient middleware design and validation. In: Information Assurance, Security and Privacy Services (Handbooks in Information Systems, vol. 4), Emerald Group Pub. Ltd., pp. 615–678 (2009)
Sousa, P.: Proactive Resilience. In: Proceedings of the 6th European Dependable Computing Conference (EDCC-6) Supplemental Volume, Coimbra, Portugal, October (2006)
Dondossola, G., Deconinck, G., Di Giandomenico, F., Donatelli, S., Kaaniche, M., Verssimo, P.: Critical utility infrastructure resilience. In: Workshop on Security and Networking in Critical Real-Time and Embedded Systems (CRTES’06), with RTAS’06, San Jose, California, April (2006)
Ficco, M., Daidone, A., Coppolino, L., Bondavalli, A.: An event correlation approach for fault diagnosis in SCADA infrastructures. In: Proceedings of the 13th European Workshop on Dependable Computing (EWDC 2011), Pisa, Italy, May 2011, pp. 15–20. ACM Press (2011). doi:10.1145/1978582.1978586
Ficco, M., Romano, L.: A generic intrusion detection and diagnoser system based on complex event processing. In: Proceedings of the 1st International Conference on Data Compression, Communications and Processing (CCP 2011), Palinuro, Italy, June 2011, pp. 275–284. IEEE CS Press (2011). doi:10.1109/CCP.2011.43
Wang, W., Lu, Z.: Cyber security in the smart grid: survey and challenges. Comput. Netw. 57(5), 1344–1371 (2013). doi:10.1016/j.comnet.2012.12.017
Coppolino, L., D’Antonio, S., Esposito, M., Romano, L.: Exploiting diversity and correlation to improve the performance of intrusion detection systems. In: Proceedings of the International Conference on Network and Service Security, N2S’09, Paris, June 2009, pp. 24–26 (2009)
Coppolino, L., D’Antonio, S., Formicola, V., Romano, L.: Enhancing SIEM Technology to Protect Critical Infrastructures. Critical Information Infrastructures Security Lecture Notes in Computer Science 7722, 10–21 (2013)
Rosa, L., Alves, P., Cruz, T., Simes, P., Monteiro, E.: A comparative study of correlation engines for security event management. In: Proceedings of the 10th International Conference on Cyber Warfare and Security (ICCWS-2015), Kruger National Park, South Africa (2015)
Myers, J., Grimaila, M.R., Mills, R.F.: Log-based distributed security event detection using simple event correlator. In: System Sciences (HICSS), 2011 44th Hawaii International Conference, Kauai, 4–7 January 2011. doi:10.1109/HICSS.2011.288
Giacobe, N.A.: Application of the JDL data fusion process model for cyber security. In: Proceedings of the SPIE 7710, Multisensor, Multisource Information Fusion: Architectures, Algorithms, and Applications 2010, 77100R, 28 April 2010. doi:10.1117/12.850275
Coppolino, L., D’Antonio, S., Formicola, V., Massei, C., Romano, L.: Use of the Dempster Shafer theory to detect account takeovers in mobile money transfer services. J. Ambient Intell. Humaniz. Comput. (April 2015). doi:10.1007/s12652-015-0276-9
Multi Sensor Data Fusion: Hugh Durrant-Whyte, Australian Centre for Field Robotics, The University of Sydney NSW 2006, Australia (2006)
Apache Storm. https://storm.apache.org/ (2015). Accessed 15 April 2015
EsperTech Esper: http://www.espertech.com/esper/index_redirected.php (2015). Accessed 15 April 2015
Acknowledgments
The research leading to these results has received funding from the European Commission within the context of the Seventh Framework Programme (FP7/2007–2013) under Grant Agreement No. 313034 (Situation AWare Security Operation Center, SAWSOC Project). It has been also partially supported by the TENACE PRIN Project (n. 20103P34XC) funded by the Italian Ministry of Education, University and Research, and by the Embedded Systems in critical domains POR Project (CUP B25B09000100007) funded by the Campania region in the context of the POR Campania FSE 2007–2013, Asse IV and Asse V.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Cerullo, G., Coppolino, L., D’Antonio, S., Formicola, V., Papale, G., Ragucci, B. (2016). Enabling Convergence of Physical and Logical Security Through Intelligent Event Correlation. In: Novais, P., Camacho, D., Analide, C., El Fallah Seghrouchni, A., Badica, C. (eds) Intelligent Distributed Computing IX. Studies in Computational Intelligence, vol 616. Springer, Cham. https://doi.org/10.1007/978-3-319-25017-5_40
Download citation
DOI: https://doi.org/10.1007/978-3-319-25017-5_40
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-25015-1
Online ISBN: 978-3-319-25017-5
eBook Packages: EngineeringEngineering (R0)