SRI Logo
About Us|R and D Divisions|Careers|Newsroom|Contact Us|SRI Home
     
  SRI Logo

Detection, Correlation, and Visualization of Attacks against Critical Infrastructure Systems
 by Dr. Linda Briesemeister, Dr. Steven Cheung, Dr. Ulf Lindqvist & Alfonso Valdes.

Eighth Annual Conference on Privacy, Security and Trust.
Ottawa, Ontario, Canada.
August 17-19, 2010, pp. 15-22.


Abstract
Digital control systems are essential to the safe and efficient operation of a variety of industrial processes in sectors such as electric power, oil and gas, water treatment, and manufacturing. Modern control systems are increasingly connected to other control systems as well as to corporate systems. They are also increasingly adopting networking technology and system and application software from conventional enterprise systems. These trends can make control systems vulnerable to cyber attack, which in the case of control systems may impact physical processes causing environmental harm or injury. We present some results of the DATES (Detection and Analysis of Threats to the Energy Sector) project, wherein we adapted and developed several intrusion detection technologies for control systems. The suite of detection technologies was integrated and connected to a commercial security event correlation framework from ArcSight. We demonstrated the efficacy of our detection and correlation solution on two coupled testbed environments. We particularly focused on detection, correlation, and visualization of a network traversal attack, where an attacker penetrates successive network layers to compromise critical assets that directly control the underlying process. Such an attack is of particular concern in the layered architectures typical of control system implementations.
BibTEX Entry
@InProceedings{Briesemeister:2010:PST,
  author =       "Linda Briesemeister and Steven Cheung and Ulf Lindqvist and Alfonso Valdes",
  title =        "Detection, Correlation, and Visualization of Attacks against Critical Infrastructure Systems",
  booktitle =    "Eighth Annual Conference on Privacy, Security and Trust",
  address =      "Ottawa, Ontario, Canada",
  month =        aug # "~17--19,",
  year =         2010
}

@INPROCEEDINGS{5593242,
author={Briesemeister, L. and Cheung, S. and Lindqvist, U. and Valdes, A.},
booktitle={Privacy Security and Trust (PST), 2010 Eighth Annual International Conference on}, title={Detection, correlation, and visualization of attacks against critical infrastructure systems},
year={2010},
pages={15-22},
keywords={security of data;DATES;commercial security event correlation framework;cyber attack;digital control systems;intrusion detection technologies;network traversal attack;Control systems;Correlation;Intrusion detection;Monitoring;Process control;Servers;alert correlation;anomaly detection;control system security;critical infrastructure security;intrusion;security information event management},
doi={10.1109/PST.2010.5593242},}
Files
Final published version available at IEEE Xplore
 













 

About Us  |  R&D Divisions  |  Careers  |  Newsroom  |  Contact Us
© 2017 SRI International 333 Ravenswood Avenue, Menlo Park, CA 94025-3493
SRI International is an independent, nonprofit corporation. Privacy policy