Skip to main content
SpringerLink
Log in

Enhancing SIEM Technology to Protect Critical Infrastructures

  • Conference paper
Critical Information Infrastructures Security

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7722))

Abstract

Coordinated and targeted cyber-attacks on Critical Infrastructures (CIs) and Supervisory Control And Data Acquisition (SCADA) systems are increasing and becoming more sophisticated. Typically, SCADA has been designed without having security in mind, which is indeed approached by reusing solutions to protect solely Information Technology (IT) based infrastructures, such as the Security Information and Events Management (SIEM) systems. According to the National Institute of Standards and Technology (NIST), these systems are often ineffective for CIs protection. In this paper we analyze limits of current SIEMs and propose a framework developed in the MASSIF Project to enhance services for data treatment. Particularly, the Generic Event Translation (GET) module collects security data from heterogeneous sources, by providing intelligence at the edge of the SIEM; the Resilient Storage (RS), reliably stores data related to relevant security breaches. We illustrate a prototypal deployment for the dam monitoring and control case study.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 49.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Kim, S.H., Wang, Q., Ullrich, J.B.: A comparative study of cyberattacks. Commun. ACM 55(3), 66–73 (2012), doi:10.1145/2093548.2093568

    Article  Google Scholar 

  2. Symantec ® Applied Research. Symantec 2010 Critical Infrastructure Protection Study (Global Results) (October 2010)

    Google Scholar 

  3. White Paper, Symantec ® Intelligence Quarterly Report: October-December. Targeted Attacks on Critical Infrastructures (2010)

    Google Scholar 

  4. White Paper, Global Energy Cyberattacks: “Night Dragon”, McAfee ® FoundstonerProfessional Services and McAfee Labs (February 10, 2011)

    Google Scholar 

  5. Baker, S., Waterman, S., Ivanov, G.: In the Crossfire: Critical Infrastructure in the Age of Cyber War. McAffee© (2010), http://resources.mcafee.com/content/NACIPReport

  6. Stouffer, K., Falco, J., Scarfone, K.: Guide to Industrial Control Systems (ICS) Security. National Institute of Standards and Technology (NIST), SP 800-82 (June 2011)

    Google Scholar 

  7. MASSIF project, http://www.massif-project.eu/

  8. MASSIF project, Scenario requirements Deliverable D2.1.1 (April 2011)

    Google Scholar 

  9. INSPIRE project

    Google Scholar 

  10. Zeng, W., Chow, M.Y.: A trade-off model for performance and security in secured networked control systems. In: Proc. IEEE ISIE, pp. 1997–2002 (2011)

    Google Scholar 

  11. Xu, Y., Song, R., Korba, L., Wang, L., Shen, W., Lang, S.: Distributed device networks with security constraints. IEEE Trans. Ind. Informat. 1(4), 217–225 (2005)

    Article  Google Scholar 

  12. Landau, S.: Security and Privacy Landscape in Emerging Technologies. IEEE Security & Privacy 6(4), 74–77 (2008), doi:10.1109/MSP.2008.95

    Article  Google Scholar 

  13. RSATM Security. RSA enVisionTM Universal Device Support Guide (2008)

    Google Scholar 

  14. AlienVaultTM, Available OSSIM Plugin List (2010)

    Google Scholar 

  15. ArcSightTM, ArcSightTM Smartconnector (2009)

    Google Scholar 

  16. Q1LabsTM, Supported devices, http://q1labs.com/products/supported-devices.aspx

  17. Federal Rules of Evidence, The Committee on the Judiciary House of Representatives (December 1, 2010), http://judiciary.house.gov/hearings/printers/111th/evid2010.pdf

  18. Sousa, P., Bessani, A., Correia, M., Neves, N., Verissimo, P.: Highly available intrusion-tolerant services with proactive-reactive recovery. IEEE Transactions on Parallel and Distributed Systems 21(4) (2010)

    Article  Google Scholar 

  19. BSD Syslog Protocol, RFC 3164, http://www.ietf.org/rfc/rfc3164.txt

  20. Campanile, F., Cilardo, A., Coppolino, L., Romano, L.: Adaptable Parsing of Real-Time Data Streams. In: Proceedings of the 15th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP 2007), pp. 412–418. IEEE Computer Society, Washington, DC (2007), doi:10.1109/PDP.2007.16

    Chapter  Google Scholar 

  21. Coppolino, L., D’Antonio, S., Esposito, M., Romano, L.: Exploiting diversity and correlation to improve the performance of intrusion detection systems. In: International Conference on Network and Service Security, N2S 2009, June 24-26 (2009) ISBN: 978-2-9532-4431-1

    Google Scholar 

  22. Home of SMC: the State Machine Compiler, http://smc.sourceforge.net/

  23. Afzaal, M., Di Sarno, C., Coppolino, L., D’Antonio, S., Romano, L.: A Resilient Architecture for Forensic Storage of Events in Critical Infrastructures. In: 2012 IEEE 14th International Symposium on High-Assurance Systems Engineering (HASE), October 25-27, pp. 48–55 (2012), doi:10.1109/HASE.2012.9

    Google Scholar 

  24. Shoup, V.: Practical threshold signatures. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 207–220. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  25. Buttyan, L., Gessner, D., Hessler, A., Langendoerfer, P.: Application of wireless sensor networks in critical infrastructure protection: challenges and design options (Security and Privacy in Emerging Wireless Networks). IEEE Wireless Communications 17(5), 44–49 (2010), doi:10.1109/MWC.2010.5601957

    Article  Google Scholar 

  26. Wolmarans, V., Hancke, G.: Wireless Sensor Networks in Power Supply Grids. In: SATNAC 2008. Wild Coast Sun (September 2008)

    Google Scholar 

  27. Bai, X., Meng, X., Du, Z., Gong, M., Hu, Z.: Design of Wireless Sensor Network in SCADA System for Wind Power Plant. In: Proceedings of the IEEE International Conference on Automation and Logistics, Qingdao, China (September 2008)

    Google Scholar 

  28. Minteos DamWatch, http://www.minteos.com/wp-content/uploads/2011/02/Microsoft-Word-minteos-damwatch_ita.pdf

  29. Langner, R.: Stuxnet: Dissecting a Cyberwarfare Weapon. IEEE Security and Privacy 9(3), 49–51 (2011), doi:10.1109/MSP.2011.67

    Article  Google Scholar 

  30. Bondavalli, A., Daidone, A., Coppolino, L., Romano, L.: A hidden Markov model based intrusion detection system for wireless sensor networks. International Journal of Critical Computer-Based Systems (IJCCBS) 3(3) (2012)

    Google Scholar 

  31. OSSIM AlienVaultTM, http://www.alienvault.com/

  32. Coppolino, L., D’Antonio, S., Formicola, V., Romano, L.: Integration of a System for Critical Infrastructure Protection with the OSSIM SIEM Platform: A dam case study. In: Flammini, F., Bologna, S., Vittorini, V. (eds.) SAFECOMP 2011. LNCS, vol. 6894, pp. 199–212. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Technology, University of Naples “Parthenope”, Naples, Italy

    Luigi Coppolino, Salvatore D’Antonio, Valerio Formicola & Luigi Romano

  2. Epsilon S.r.l., Naples, Italy

    Luigi Coppolino

Authors
  1. Luigi Coppolino
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Salvatore D’Antonio
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Valerio Formicola
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Luigi Romano
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Hochschule Luzern - Technik und Architektur, CEO Acris GmbH, Bodenhofstrasse 29, 6005 Luzern, Switzerland and Gjøvik University College, Teknologivegen 22, 2815, Gjøvik, Norway

    Bernhard M. Hämmerli

  2. Faculty of Computer Science and Media Technology, Gjøvik University College, Teknologivegen 22, 2815, Gjøvik, Norway

    Nils Kalstad Svendsen

  3. Department of Computer Science, E.T.S. Ingenieria Informatica, University of Malaga, Campus de Teatinos s/n, 29071, Malaga, Spain

    Javier Lopez

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Coppolino, L., D’Antonio, S., Formicola, V., Romano, L. (2013). Enhancing SIEM Technology to Protect Critical Infrastructures. In: Hämmerli, B.M., Kalstad Svendsen, N., Lopez, J. (eds) Critical Information Infrastructures Security. Lecture Notes in Computer Science, vol 7722. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41485-5_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-41485-5_2

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-41484-8

  • Online ISBN: 978-3-642-41485-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation