Skip to main content
Book cover

International Workshop on Critical Information Infrastructures Security

CRITIS 2013: Critical Information Infrastructures Security pp 133–141Cite as

Real Time Threat Prediction, Identification and Mitigation for Critical Infrastructure Protection Using Semantics, Event Processing and Sequential Analysis

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNSC,volume 8328)

Abstract

Seamless and faultless operational conditions of multi stakeholder Critical Infrastructures (CIs) are of high importance for today’s societies on a global scale. Due to their population impact, attacks against their interconnected components can create serious damages and performance degradation which eventually can result in a societal crisis. Therefore it is crucial to effectively and timely protect these high performance - critical systems against any type of malicious cyber-physical intrusions. This can be realized by protecting CIs against threat consequences or by blocking threats to take place at an early stage and preventing further escalation or predicting threat occurrences and have the ability to rapidly react by eliminating its roots. In this paper a novel architecture is proposed in which these three ways of confronting with cyber – physical threats are combined using a novel semantics based risk methodology that relies on real time behavioral analysis. The final prototype provides the CI operator with a decision tool (DST) that imprints the proposed approach and which is capable of alerting on new unknown threats, generate suggestions of the required counter-actions and alert of probable threat existence. The implemented architecture has been tested and validated in a proof of concept scenario of an airport CI with simulated monitoring data.

Keywords

  • Real Time Threat Detection
  • Critical Infrastructures
  • Semantics
  • Event Processing
  • Sequential Analysis
  • CUSUM Statistic

This is a preview of subscription content, access via your institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-319-03964-0_12
  • Chapter length: 9 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   59.99
Price excludes VAT (USA)
  • ISBN: 978-3-319-03964-0
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   79.99
Price excludes VAT (USA)
Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Polunchenko, A., Tartakovsky, A.: State-of-the-Art in Sequential Change-Point Detection. Methodology and Computing in Applied Probability Journal 14(3), 649–684 (2012)

    CrossRef  MATH  MathSciNet  Google Scholar 

  2. Kostopoulos, D., Leventakis, G., Tsoulkas, V., Nikitakos, N.: An Intelligent Fault Moni-toring and Risk Management Tool for Complex Critical Infrastructures: The SERSCIS Approach in Air-Traffic Surface Control. In: 14th International Conference on Computer Modelling and Simulation (UKSim 2012), pp. 205–210. IEEE Xplore (2012)

    Google Scholar 

  3. Teixeira, A., Dán, G., Sandberg, H., Johansson, K.H.: A Cyber Security Study of a SCADA Energy Management System: Stealthy Deception Attacks on the State Estimator. In: 18th IFAC World Congress, Milan, Italy, IFAC (2011)

    Google Scholar 

  4. Sandberg, H., Teixeira, A., Johansson, K.H.: On security indices for state estimators in power networks. In: 1st Workshop on Secure Control Systems, CPS Week, Stockholm, Sweden (2010)

    Google Scholar 

  5. Schaberreiter, T., Aubert, J., Khadraoui, D.: Critical infrastructure security modeling and resci-monitor: A risk based critical infrastructure model. In: IST-Africa Conference Proceedings, pp. 1–9 (2011)

    Google Scholar 

  6. Aubert, J., Schaberreiter, T., Incoul, C., Khadraoui, D., Gateau, B.: Risk-Based Methodology for Real-Time Security Monitoring of Interdependent Services in Critical Infrastructures. In: International Conference on Availability, Reliability and Security (ARES 2010), pp. 262–267 (2010)

    Google Scholar 

  7. Oliva, G., Panzieri, S., Setola, R.: Agent-based input–output interdependency model. International Journal of Critical Infrastructure Protection 3(2), 76–82 (2010)

    CrossRef  Google Scholar 

  8. Esper - Complex Event Processing, http://esper.codehaus.org

  9. Adar, E., Wuchner, A.: Risk management for critical infrastructure protection (CIP) challenges, best practices & tools. In: First IEEE International Workshop on Critical Infrastructure Protection, pp. 8–16 (2005)

    Google Scholar 

  10. Garvey, P.R.: Analytical Methods for Risk Management: A Systems Engineering Perspective Analytical Methods for Risk Management: A Systems Engineering Perspective. Chapman and Hall/CRC, Boca Raton (2009)

    Google Scholar 

  11. Basseville, M., Nikiforov, I.V.: Detection of abrupt changes: theory and application. Prentice-Hall, Inc., Upper Saddle River (1993)

    Google Scholar 

  12. Vaculín, R.: Semantic Monitoring of Service-Oriented Business Processes. In: Handbook of Research on E-Business Standards and Protocols: Documents, Data and Advanced Web Technologies, pp. 467–494. IGI Global (2012)

    Google Scholar 

  13. Moustakides, G.: Optimal procedures for detecting changes in distributions. Ann. Statist. 14(4), 1379–1387 (1986)

    CrossRef  MATH  MathSciNet  Google Scholar 

  14. Moustakides, G.V.: Decentralized CUSUM Change Detection. In: 9th International Conference on Information Fusion, pp. 1–6 (2006)

    Google Scholar 

  15. Hermit OWL Reasoner, http://www.hermit-reasoner.com

  16. Surridge, M., Chakravarthy, A., Hall-May, M., Chen, X., Nasser, B., Nossal, R.: SERSCIS: Semantic Modelling of Dynamic, Multi-Stakeholder Systems. In: 2nd SESAR Innovations Days, Braunschweig (2012)

    Google Scholar 

  17. Chakravarthy, A., Surridge, M., Hall-May, M., Nasser, B., Chen, W., Leonard, T.: System modelling tools: Full Prototype Implementation. SERSCIS Deliverable D2.2 v1.5 (2013)

    Google Scholar 

  18. Della Valle, E., Ceri, S., Barbieri, D.F., Braga, D., Campi, A.: A First Step Towards Stream Reasoning. In: Domingue, J., Fensel, D., Traverso, P. (eds.) FIS 2008. LNCS, vol. 5468, pp. 72–81. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  19. Touzeau, J., Hamon, E., Krempel, M., Gölz, B., Madarasz, R., Alemany, J.: SESAR DEL16.02.01-D03: SESAR ATM Preliminary Security Risk Assessment Method (2011)

    Google Scholar 

  20. Pollak, M.: Optimal Detection of a Change in Distribution. The Annals of Statistics 13, 206–227 (1985)

    CrossRef  MATH  MathSciNet  Google Scholar 

  21. Pellet: OWL 2 Reasoner for Java, http://clarkparsia.com/pellet/

  22. Malini, S., Poobalan, A.: Semantic Web Standard in Cloud Computing. International Journal of Soft Computing and Engineering (IJSCE) 1, 1–5 (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Center for Security Studies (KEMEA), Ministry of Public Order and Citizen Protection, Athens, GR-10177, Greece

    Dimitris Kostopoulos, Vasilis Tsoulkas, George Leventakis, Prokopios Drogkaris & Vasiliki Politopoulou

  2. Department of Information and Communication Systems Engineering, University of the Aegean, Samos, GR-83200, Greece

    George Leventakis, Prokopios Drogkaris & Vasiliki Politopoulou

Authors
  1. Dimitris Kostopoulos
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vasilis Tsoulkas
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. George Leventakis
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Prokopios Drogkaris
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Vasiliki Politopoulou
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. TNO Defence, Safety and Security, Oude Waalsdorperweg 63, 2597 AK, The Hague, The Netherlands

    Eric Luiijf

  2. Distributed and Embedded Security Group, University of Twente, P.O. Box 217, 7500 AE, Enschede, The Netherlands

    Pieter Hartel

Rights and permissions

Reprints and Permissions

Copyright information

© 2013 Springer International Publishing Switzerland

About this paper

Cite this paper

Kostopoulos, D., Tsoulkas, V., Leventakis, G., Drogkaris, P., Politopoulou, V. (2013). Real Time Threat Prediction, Identification and Mitigation for Critical Infrastructure Protection Using Semantics, Event Processing and Sequential Analysis. In: Luiijf, E., Hartel, P. (eds) Critical Information Infrastructures Security. CRITIS 2013. Lecture Notes in Computer Science, vol 8328. Springer, Cham. https://doi.org/10.1007/978-3-319-03964-0_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-03964-0_12

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-03963-3

  • Online ISBN: 978-3-319-03964-0

  • eBook Packages: Computer ScienceComputer Science (R0)