A Distributed Real-Time Event Correlation Architecture for SCADA Security

Abstract : Supervisory control and data acquisition (SCADA) systems require real-time threat monitoring and early warning systems to identify cyber attacks. Organizations typically employ intrusion detection systems to identify attack events and to provide situational awareness. However, as cyber attacks become more sophisticated, intrusion detection signatures of single events are no longer adequate. Indeed, effective intrusion detection solutions require the correlation of multiple events that are temporally and/or spatially separated. This paper proposes an innovative event correlation mechanism for cyber threat detection, which engages a semantic event hierarchy. Cyber attacks are specified via low-level events detected in the communications and computing infrastructure and correlated to identify attacks of a broader scope. The paper also describes a distributed architecture for real-time event capture, correlation and dissemination. The architecture employs a publish/subscribe mechanism, which decentralizes limited computing resources to distributed field agents in order to enhance real-time attack detection while limiting unnecessary communications overhead.
Type de document :
Communication dans un congrès
Jonathan Butts; Sujeet Shenoi. 7th International Conference on Critical Infrastructure Protection (ICCIP), Mar 2013, Washington, DC, United States. Springer, IFIP Advances in Information and Communication Technology, AICT-417, pp.81-93, 2013, Critical Infrastructure Protection VII. 〈10.1007/978-3-642-45330-4_6〉
Liste complète des métadonnées

Littérature citée [17 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01456894
Contributeur : Hal Ifip <>
Soumis le : lundi 6 février 2017 - 09:45:48
Dernière modification le : lundi 6 février 2017 - 09:49:06
Document(s) archivé(s) le : dimanche 7 mai 2017 - 12:31:03

Fichier

978-3-642-45330-4_6_Chapter.pd...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Yi Deng, Sandeep Shukla. A Distributed Real-Time Event Correlation Architecture for SCADA Security. Jonathan Butts; Sujeet Shenoi. 7th International Conference on Critical Infrastructure Protection (ICCIP), Mar 2013, Washington, DC, United States. Springer, IFIP Advances in Information and Communication Technology, AICT-417, pp.81-93, 2013, Critical Infrastructure Protection VII. 〈10.1007/978-3-642-45330-4_6〉. 〈hal-01456894〉

Partager

Métriques

Consultations de la notice

73

Téléchargements de fichiers

239