An Architecture for Securing Communications in Critical Infrastructure

@inproceedings{Callegari2016AnAF,
  title={An Architecture for Securing Communications in Critical Infrastructure},
  author={Christian Callegari and Alessandro Cantelli Forti and Giuseppe D'Amore and Enrique de la Hoz and David Echarri Santamaria and Iv{\'a}n Garc{\'i}a-Ferreira and German Lopez-Civera},
  booktitle={DCNET},
  year={2016}
}
The disruption of communications in critical infrastructures could have a serious impact on the health, safety, security or economic well-being of citizens or even prevent the effective functioning of governments or other agencies. For this reason, in this paper we present a distributed architecture, named CYBERSENS, aimed at preventing, early detecting, and mitigating cyber attacks to critical infrastructure networks. CYBERSENS is an advanced IDS/IPS system specially tailored for securing… 

Figures from this paper

Adversarial Fingerprinting of Cyber Attacks Based on Stateful Honeypots

TLDR
The main goal is to fingerprint each attacker by observing and registering his adopted methods, tools and actions, so that the adversary is redirected to his specific environment that preserves the history of his previous operations including the installation of rootkits or backdoors.

References

SHOWING 1-10 OF 14 REFERENCES

Honeypot: a supplemented active defense system for network security

  • Feng ZhangShijie ZhouZ. QinJinde Liu
  • Computer Science
    Proceedings of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies
  • 2003
A honeypot is a supplemented active defense system for network security. It traps attacks, records intrusion information about tools and activities of the hacking process, and prevents attacks

The LogLog counting reversible sketch: A distributed architecture for detecting anomalies in backbone networks

TLDR
A novel distributed architecture is proposed that represents a general framework for the detection of network anomalies and the performance analysis demonstrates the effectiveness of the proposed architecture.

Traffic Flow Confidentiality mechanisms and their impact on traffic

  • Per Carlen
  • Computer Science
    2013 Military Communications and Information Systems Conference
  • 2013
TLDR
Results show that limited TFC can be provided in the network while achieving good performance for traffic, whereas investigated mechanisms concealing packets and frames in a way that it resembles serial links, have a negative impact on traffic in certain setups.

When randomness improves the anomaly detection performance

TLDR
This paper shows that, in two distinct cases, the use of the sketches strongly improves the achieved performance of well-known methods for network anomaly detection by performing a random aggregation of the data, before looking for the anomalies.

Reversible sketches for efficient and accurate change detection over network data streams

TLDR
Evaluated with netflow traffic traces of a large edge router, it is demonstrated that the reverse hashing can quickly infer the keys of culprit flows even for many changes with high accuracy.

The Honeynet Project: Trapping the Hackers

TLDR
The Honeynet Project gathers information by deploying networks that are designed to be compromised, and studies the bad guys and shares the lessons learned.

OSSEC Host-Based Intrusion Detection Guide

Cisco Systems NetFlow Services Export Version 9

This document specifies the data export format for version 9 of Cisco Systems' NetFlow services, for use by implementations on the network elements and/or matching collector programs. The version 9

Loglog counting of large cardinalities

Using an auxiliary memory smaller than the size of this abstract, the LOGLOG algorithm makes it possible to estimate in a single pass and within a few percents the number of different words in the

Probabilistic Counting Algorithms for Data Base Applications