Towards Automatic Critical Infrastructure Protection through Machine Learning

  • Lorena Cazorla
  • Cristina Alcaraz
  • Javier Lopez
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8328)


Critical Infrastructure Protection (CIP) faces increasing challenges in number and in sophistication, which makes vital to provide new forms of protection to face every day’s threats. In order to make such protection holistic, covering all the needs of the systems from the point of view of security, prevention aspects and situational awareness should be considered. Researchers and Institutions stress the need of providing intelligent and automatic solutions for protection, calling our attention to the need of providing Intrusion Detection Systems (IDS) with intelligent active reaction capabilities. In this paper, we support the need of automating the processes implicated in the IDS solutions of the critical infrastructures and theorize that the introduction of Machine Learning (ML) techniques in IDS will be helpful for implementing automatic adaptable solutions capable of adjusting to new situations and timely reacting in the face of threats and anomalies. To this end, we study the different levels of automation that the IDS can implement, and outline a methodology to endow critical scenarios with preventive automation. Finally, we analyze current solutions presented in the literature and contrast them against the proposed methodology.


Critical Infrastructure Protection Machine Learning Intrusion Detection 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    European Commission: COM(2011) 163 Achievements and Next Steps: Towards Global Cyber-Security. Publications Office (2011)Google Scholar
  2. 2.
    European Commission: COM(2009) 149 Protecting Europe from Large Scale Cyber-Attacks and Disruptions: Enhancing Preparedness, Security and Resilience. Publications Office (2009)Google Scholar
  3. 3.
    Scarfone, K., Mell, P.: Guide to Intrusion Detection and Prevention Systems (IDPS). NIST Special Publication SP 800-94 (2012)Google Scholar
  4. 4.
    Chertoff, M.: National Infrastructure Protection Plan. Department of Homeland Security (DHS), Washington (2009)Google Scholar
  5. 5.
    Alcaraz, C., Lopez, J.: Wide-Area Situational Awareness for Critical Infrastructure Protection. IEEE Computer 46(4), 30–37 (2013), CrossRefGoogle Scholar
  6. 6.
    Burbeck, K., Nadjm-Tehrani, S.: Adaptive Real-Time Anomaly Detection with Incremental Clustering. Information Security Technical Report 12(1), 56–67 (2007)CrossRefGoogle Scholar
  7. 7.
    Witten, I., Frank, E., Hall, M.: Data Mining: Practical Machine Learning Tools and Techniques. M. Kaufmann (2011)Google Scholar
  8. 8.
    Roosta, T., Nilsson, D., Lindqvist, U., Valdes, A.: An Intrusion Detection System for Wireless Process Control Systems. In: 5th IEEE International Conference on Mobile Ad Hoc and Sensor Systems, MASS 2008, pp. 866–872. IEEE (2008)Google Scholar
  9. 9.
    Düssel, P., Gehl, C., Laskov, P., Bußer, J., Störmann, C., Kästner, J.: Cyber-Critical Infrastructure Protection using Real-Time Payload-Based Anomaly Detection. Critical Information Infrastructures Security, 85–97 (2010)Google Scholar
  10. 10.
    D’Antonio, S., Oliviero, F., Setola, R.: High-Speed Intrusion Detection in Support of Critical Infrastructure Protection. Critical Information Infrastructures Security, 222–234 (2006)Google Scholar
  11. 11.
    Yang, D., Usynin, A., Hines, J.: Anomaly-based Intrusion Detection for SCADA Systems. In: 5th Intl. Topical Meeting on Nuclear Plant Instrumentation, Control and Human Machine Interface Technologies (NPIC&HMIT 2005), pp. 12–16 (2006)Google Scholar
  12. 12.
    Hadziosmanovic, D., Bolzoni, D., Hartel, P., Etalle, S.: MELISSA: Towards Automated Detection of Undesirable User Actions in Critical Infrastructures (2011)Google Scholar
  13. 13.
    Carcano, A., Fovino, I., Masera, M., Trombetta, A.: State-Based Network Intrusion Detection Systems for SCADA Protocols: a Proof of Concept. Critical Information Infrastructures Security, 138–150 (2010)Google Scholar
  14. 14.
    Reeves, J., Ramaswamy, A., Locasto, M., Bratus, S., Smith, S.: Intrusion Detection for Resource-Constrained Embedded Control Systems in the Power Grid. International Journal of Critical Infrastructure Protection (2012)Google Scholar
  15. 15.
    Cheung, S., Dutertre, B., Fong, M., Lindqvist, U., Skinner, K., Valdes, A.: Using Model-based Intrusion Detection for SCADA Networks. In: Proceedings of the SCADA Security Scientific Symposium, pp. 127–134 (2007)Google Scholar
  16. 16.
    Lin, H., Slagell, A., Martino, C.D., Kalbarczyk, Z., Iyer, R.: Adapting Bro into SCADA: Building a Specification-based Intrusion Detection System for the DNP3 Protocol (2012)Google Scholar
  17. 17.
    Raciti, M., Nadjm-Tehrani, S.: Embedded cyber-physical anomaly detection in smart meters. In: Hämmerli, B.M., Kalstad Svendsen, N., Lopez, J. (eds.) CRITIS 2012. LNCS, vol. 7722, pp. 34–45. Springer, Heidelberg (2013)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2013

Authors and Affiliations

  • Lorena Cazorla
    • 1
  • Cristina Alcaraz
    • 1
  • Javier Lopez
    • 1
  1. 1.Network, Information and Computer Security (NICS) LabUniversity of MalagaSpain

Personalised recommendations