• Corpus ID: 622729

Big Data in Critical Infrastructures Security Monitoring: Challenges and Opportunities

  title={Big Data in Critical Infrastructures Security Monitoring: Challenges and Opportunities},
  author={Leonardo Aniello and Andrea Bondavalli and Andrea Ceccarelli and Claudio Ciccotelli and Marcello Cinque and Flavio Frattini and Antonella Guzzo and Antonio Pecchia and Andrea Pugliese and Leonardo Querzoni and Stefano Russo},
Critical Infrastructures (CIs), such as smart power grids, transport systems, and financial infrastructures, are more and more vulnerable to cyber threats, due to the adoption of commodity computing facilities. Despite the use of several monitoring tools, recent attacks have proven that current defensive mechanisms for CIs are not effective enough against most advanced threats. In this paper we explore the idea of a framework leveraging multiple data sources to improve protection capabilities… 

Figures from this paper

Big Data Based Security Analytics for Protecting Virtualized Infrastructures in Cloud Computing

A novel big data based security analytics approach to detecting advanced attacks in virtualized infrastructures using Hadoop Distributed File System and MapReduce parser based identification of potential attack paths.

VSOC - A Virtual Security Operating Center

A Virtual Security Operation Center (VSOC) that allows to collect, analyse and visualize security related data from multiple sources, but is deployed as a cloud-based solution with the additional benefit of using big data processing tools to handle large volumes of data.

Data clustering-based anomaly detection in industrial control systems

A clustering based approach for detecting cyber attacks that cause anomalies in NCI is proposed and various clustering techniques are explored to choose the most suitable for clustering the time-series data features, thus classifying the states and potential cyber attacks to the physical system.

Big Data based Security Analytics to Protect the Virtualized Infrastructure

This paper proposes a novel enormous information based security examination way to deal with recognizing propelled attacks in virtualized infrastructures through two-advance machine learning.

Secure Virtualization Environment Based on Advanced Memory Introspection

This paper proposes a model of virtual machine (VM) security monitoring based on memory introspection that can automatically reconstruct the comprehensive running state of a target VM without any prior knowledge and is strongly resistant to attacks with high reliability.

Scalable Detection of Cyber Attacks

This work builds on previous work on topological vulnerability analysis, and proposes an automated framework to manage very large attack graphs and monitor high volumes of incoming alerts for the occurrence of known attack patterns in real-time.

Scalable Analysis of Attack Scenarios

This work proposes a novel framework to analyze massive amounts of alerts in real time, and measure the impact of current and future attacks, and introduces attack scenario graphs, which combine dependency and attack graphs, bridging the gap between known vulnerabilities and the services that could be ultimately affected by the corresponding exploits.

Towards secure monitoring and control systems: Diversify!

Stuxnet is a recent worm that well emphasizes the strong technical advances achieved by the attackers' community and can remain undetected for many months because it is able to fool the SCADA system by emulating regular monitoring signals.

Intrusion Detection with Hypergraph-Based Attack Models

An hypergraph-based attack model for intrusion detection is proposed that allows the specification of various kinds of constraints on possible attacks and provides a high degree of flexibility in representing many different security scenarios.

Identifying Compromised Users in Shared Computing Infrastructures: A Data-Driven Bayesian Network Approach

A Bayesian network approach is used to correlate data provided by different security tools and information related to the users' profiles to identify compromised users, i.e., the users whose credentials have been stolen.

A Statistical Anomaly-Based Algorithm for On-line Fault Detection in Complex Software Critical Systems

An anomalybased approach for the detection of online faults, which is able to cope with highly variable and non-stationary environment and to work without any initial training phase is proposed.

Event Logs for the Analysis of Software Failures: A Rule-Based Approach

A rule-based approach is proposed to make logs effective to analyze software failures and leverages artifacts produced at system design time and puts forth a set of rules to formalize the placement of the logging instructions within the source code.

Distributed cyber attack detection for power network systems

A framework of distributed cyber attack detection system for synchronized large-scale power network is constructed, where active power flow in power network system is modeled by the swing equation and cyber attacks are modeled as unknown power generation or consumption.

Mining Invariants from SaaS Application Logs (Practical Experience Report)

This paper proposes a framework and a tool to automatically discover invariants from application logs and to online detect their violation and shows the usefulness of the approach to detect runtime issues from logs in the form of violations of selected invariants.

Detection of Software Failures through Event Logs: An Experimental Study

  • A. PecchiaS. Russo
  • Computer Science
    2012 IEEE 23rd International Symposium on Software Reliability Engineering
  • 2012
Analysis of a data set of 17,387 experiments where failures have been induced by means of software fault injection into three systems shows that characteristics, such as system architecture, placement of the logging instructions and specific supports provided by the execution environment, significantly increase accuracy of logs at runtime.