Real Time Threat Prediction, Identification and Mitigation for Critical Infrastructure Protection Using Semantics, Event Processing and Sequential Analysis

  • Dimitris Kostopoulos
  • Vasilis Tsoulkas
  • George Leventakis
  • Prokopios Drogkaris
  • Vasiliki Politopoulou
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8328)


Seamless and faultless operational conditions of multi stakeholder Critical Infrastructures (CIs) are of high importance for today’s societies on a global scale. Due to their population impact, attacks against their interconnected components can create serious damages and performance degradation which eventually can result in a societal crisis. Therefore it is crucial to effectively and timely protect these high performance - critical systems against any type of malicious cyber-physical intrusions. This can be realized by protecting CIs against threat consequences or by blocking threats to take place at an early stage and preventing further escalation or predicting threat occurrences and have the ability to rapidly react by eliminating its roots. In this paper a novel architecture is proposed in which these three ways of confronting with cyber – physical threats are combined using a novel semantics based risk methodology that relies on real time behavioral analysis. The final prototype provides the CI operator with a decision tool (DST) that imprints the proposed approach and which is capable of alerting on new unknown threats, generate suggestions of the required counter-actions and alert of probable threat existence. The implemented architecture has been tested and validated in a proof of concept scenario of an airport CI with simulated monitoring data.


Real Time Threat Detection Critical Infrastructures Semantics Event Processing Sequential Analysis CUSUM Statistic 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Polunchenko, A., Tartakovsky, A.: State-of-the-Art in Sequential Change-Point Detection. Methodology and Computing in Applied Probability Journal 14(3), 649–684 (2012)CrossRefzbMATHMathSciNetGoogle Scholar
  2. 2.
    Kostopoulos, D., Leventakis, G., Tsoulkas, V., Nikitakos, N.: An Intelligent Fault Moni-toring and Risk Management Tool for Complex Critical Infrastructures: The SERSCIS Approach in Air-Traffic Surface Control. In: 14th International Conference on Computer Modelling and Simulation (UKSim 2012), pp. 205–210. IEEE Xplore (2012)Google Scholar
  3. 3.
    Teixeira, A., Dán, G., Sandberg, H., Johansson, K.H.: A Cyber Security Study of a SCADA Energy Management System: Stealthy Deception Attacks on the State Estimator. In: 18th IFAC World Congress, Milan, Italy, IFAC (2011)Google Scholar
  4. 4.
    Sandberg, H., Teixeira, A., Johansson, K.H.: On security indices for state estimators in power networks. In: 1st Workshop on Secure Control Systems, CPS Week, Stockholm, Sweden (2010)Google Scholar
  5. 5.
    Schaberreiter, T., Aubert, J., Khadraoui, D.: Critical infrastructure security modeling and resci-monitor: A risk based critical infrastructure model. In: IST-Africa Conference Proceedings, pp. 1–9 (2011)Google Scholar
  6. 6.
    Aubert, J., Schaberreiter, T., Incoul, C., Khadraoui, D., Gateau, B.: Risk-Based Methodology for Real-Time Security Monitoring of Interdependent Services in Critical Infrastructures. In: International Conference on Availability, Reliability and Security (ARES 2010), pp. 262–267 (2010)Google Scholar
  7. 7.
    Oliva, G., Panzieri, S., Setola, R.: Agent-based input–output interdependency model. International Journal of Critical Infrastructure Protection 3(2), 76–82 (2010)CrossRefGoogle Scholar
  8. 8.
    Esper - Complex Event Processing,
  9. 9.
    Adar, E., Wuchner, A.: Risk management for critical infrastructure protection (CIP) challenges, best practices & tools. In: First IEEE International Workshop on Critical Infrastructure Protection, pp. 8–16 (2005)Google Scholar
  10. 10.
    Garvey, P.R.: Analytical Methods for Risk Management: A Systems Engineering Perspective Analytical Methods for Risk Management: A Systems Engineering Perspective. Chapman and Hall/CRC, Boca Raton (2009)Google Scholar
  11. 11.
    Basseville, M., Nikiforov, I.V.: Detection of abrupt changes: theory and application. Prentice-Hall, Inc., Upper Saddle River (1993)Google Scholar
  12. 12.
    Vaculín, R.: Semantic Monitoring of Service-Oriented Business Processes. In: Handbook of Research on E-Business Standards and Protocols: Documents, Data and Advanced Web Technologies, pp. 467–494. IGI Global (2012)Google Scholar
  13. 13.
    Moustakides, G.: Optimal procedures for detecting changes in distributions. Ann. Statist. 14(4), 1379–1387 (1986)CrossRefzbMATHMathSciNetGoogle Scholar
  14. 14.
    Moustakides, G.V.: Decentralized CUSUM Change Detection. In: 9th International Conference on Information Fusion, pp. 1–6 (2006)Google Scholar
  15. 15.
    Hermit OWL Reasoner,
  16. 16.
    Surridge, M., Chakravarthy, A., Hall-May, M., Chen, X., Nasser, B., Nossal, R.: SERSCIS: Semantic Modelling of Dynamic, Multi-Stakeholder Systems. In: 2nd SESAR Innovations Days, Braunschweig (2012)Google Scholar
  17. 17.
    Chakravarthy, A., Surridge, M., Hall-May, M., Nasser, B., Chen, W., Leonard, T.: System modelling tools: Full Prototype Implementation. SERSCIS Deliverable D2.2 v1.5 (2013)Google Scholar
  18. 18.
    Della Valle, E., Ceri, S., Barbieri, D.F., Braga, D., Campi, A.: A First Step Towards Stream Reasoning. In: Domingue, J., Fensel, D., Traverso, P. (eds.) FIS 2008. LNCS, vol. 5468, pp. 72–81. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  19. 19.
    Touzeau, J., Hamon, E., Krempel, M., Gölz, B., Madarasz, R., Alemany, J.: SESAR DEL16.02.01-D03: SESAR ATM Preliminary Security Risk Assessment Method (2011)Google Scholar
  20. 20.
    Pollak, M.: Optimal Detection of a Change in Distribution. The Annals of Statistics 13, 206–227 (1985)CrossRefzbMATHMathSciNetGoogle Scholar
  21. 21.
    Pellet: OWL 2 Reasoner for Java,
  22. 22.
    Malini, S., Poobalan, A.: Semantic Web Standard in Cloud Computing. International Journal of Soft Computing and Engineering (IJSCE) 1, 1–5 (2012)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2013

Authors and Affiliations

  • Dimitris Kostopoulos
    • 1
  • Vasilis Tsoulkas
    • 1
  • George Leventakis
    • 1
    • 2
  • Prokopios Drogkaris
    • 1
    • 2
  • Vasiliki Politopoulou
    • 1
    • 2
  1. 1.Center for Security Studies (KEMEA), Ministry of Public Order and Citizen ProtectionAthensGreece
  2. 2.Department of Information and Communication Systems EngineeringUniversity of the AegeanSamosGreece

Personalised recommendations