Critical Infrastructure Protection (CIP) against potential threats has become a major issue in modern society. CIP involves a set of multidisciplinary activities and requires the adoption of proper protection mechanisms, usually supervised by centralized monitoring systems. This paper presents the motivation, the working principles and the software architecture of DETECT (DEcision Triggering Event Composer & Tracker), a new framework aimed at the automatic and early detection of threats against critical infrastructures. The framework is based on the fact that non trivial attack scenarios are made up by a set of basic steps which have to be executed in a predictable sequence (with possible variants). Such scenarios are identified during Vulnerability Assessment which is a fundamental phase of the Risk Analysis for critical infrastructures. DETECT operates by performing a model-based logical, spatial and temporal correlation of basic events detected by the sensorial subsystem (possibly including intelligent video-surveillance, wireless sensor networks, etc.). In order to achieve this aim, DETECT is based on a detection engine which is able to reason about heterogeneous data, implementing a centralized application of “data fusion”. The framework can be interfaced with or integrated in existing monitoring systems as a decision support tool or even to automatically trigger adequate countermeasures.
DETECT: a novel framework for the detection of attacks to critical infrastructures / Flammini F; Gaglione A; Mazzocca N; Pragliola C. - STAMPA. - 1:(2009), pp. 105-112. (Intervento presentato al convegno European Safety & Security Conference 2008 tenutosi a Valencia (SPAIN) nel 22-25 September 2008).
DETECT: a novel framework for the detection of attacks to critical infrastructures
Flammini F;
2009
Abstract
Critical Infrastructure Protection (CIP) against potential threats has become a major issue in modern society. CIP involves a set of multidisciplinary activities and requires the adoption of proper protection mechanisms, usually supervised by centralized monitoring systems. This paper presents the motivation, the working principles and the software architecture of DETECT (DEcision Triggering Event Composer & Tracker), a new framework aimed at the automatic and early detection of threats against critical infrastructures. The framework is based on the fact that non trivial attack scenarios are made up by a set of basic steps which have to be executed in a predictable sequence (with possible variants). Such scenarios are identified during Vulnerability Assessment which is a fundamental phase of the Risk Analysis for critical infrastructures. DETECT operates by performing a model-based logical, spatial and temporal correlation of basic events detected by the sensorial subsystem (possibly including intelligent video-surveillance, wireless sensor networks, etc.). In order to achieve this aim, DETECT is based on a detection engine which is able to reason about heterogeneous data, implementing a centralized application of “data fusion”. The framework can be interfaced with or integrated in existing monitoring systems as a decision support tool or even to automatically trigger adequate countermeasures.
| File | Dimensione | Formato | |
|---|---|---|---|
|
ESREL'08.pdf
Accesso chiuso
Licenza:
Tutti i diritti riservati
Dimensione
207.06 kB
Formato
Adobe PDF
|
207.06 kB | Adobe PDF | Richiedi una copia |
I documenti in FLORE sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
