DETECT : A novel framework for the detection of attacks to critical infrastructures

• Critical Infrastructure Protection (CIP) against potential threats has become a major issue in modern society. CIP involves a set of multidisciplinary activities and requires the adoption of proper protection mechanisms, usually supervised by centralized monitoring systems. This paper presents the motivation, the working principles and the software architecture of DETECT (DEcision Triggering Event Composer & Tracker), a new framework aimed at the automatic and early detection of threats against critical infrastructures. The framework is based on the fact that non trivial attack scenarios are made up by a set of basic steps which have to be executed in a predictable sequence (with possible variants). Such scenarios are identified during Vulnerability Assessment which is a fundamental phase of the Risk Analysis for critical infrastructures. DETECT operates by performing a model-based logical, spatial and temporal correlation of basic events detected by the sensorial subsystem (possibly including intelligent video-surveillance, wireless sensor networks, etc.). In order to achieve this aim, DETECT is based on a detection engine which is able to reason about heterogeneous data, implementing a centralized application of "data fusion". The framework can be interfaced with or integrated in existing monitoring systems as a decision support tool or even to automatically trigger adequate countermeasures. 

Ämnesord

TEKNIK OCH TEKNOLOGIER  -- Elektroteknik och elektronik -- Datorsystem (hsv//swe)

ENGINEERING AND TECHNOLOGY  -- Electrical Engineering, Electronic Engineering, Information Engineering -- Computer Systems (hsv//eng)

Nyckelord

Attack scenarios

Centralized monitoring systems

Critical infrastructure protection

Decision support tools

Early detection

Heterogeneous data

Intelligent video

Model-based

Monitoring system

Multi-disciplinary activities

Non-trivial

Potential threats

Protection mechanisms

Spatial and temporal correlation

Vulnerability assessments

Working principles

Data fusion

Decision support systems

Monitoring

Public works

Reliability analysis

Reliability theory

Risk analysis

Risk assessment

Risk perception

Security systems

Software architecture

Wireless sensor networks

Critical infrastructures

Publikations- och innehållstyp

ref (ämneskategori)

kon (ämneskategori)