High-speed intrusion detection in support of critical infrastructure protection

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 4347 LNCS, Issue , 2006, Pages 222-234

  D'Antonio, Salvatore ^a   Oliviero, Francesco ^b   Setola, Roberto ^c  

^a Lab ITeM   (Italy)

^b UNIVERSITY OF NAPLES FEDERICO II   (Italy)

^c UNIVERSITY CAMPUS BIO MEDICO   (Italy)

Author keywords

Critical information infrastructure protection (CIIP); Critical infrastructure protection (CIP); Flow monitoring; Intrusion detection; SCADA; Security management

Indexed keywords

CRITICAL INFORMATION INFRASTRUCTURE PROTECTIONS; CRITICAL INFRASTRUCTURE PROTECTION; FLOW MONITORING; SCADA; SECURITY MANAGEMENT;

BEHAVIORAL RESEARCH; CRITICAL INFRASTRUCTURES; INTRUSION DETECTION; NETWORK SECURITY; PUBLIC WORKS; TELECOMMUNICATION NETWORKS; TRAFFIC CONTROL;

INFORMATION MANAGEMENT;

EID: 80052933495     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/11962977_18     Document Type: Conference Paper

References (28)

1. Dunn, M., Wigert, I., An Inventory and Analysis of Protection Policies in Fourteen Countries, International CIIP (Critical Information Infrastructure Protection) Handbook 2004, edited by A. Wenger and J. Metzger, ETH Swiss Federal Institute fo Technology Zurich, 2004.
2. U.S. Government, The National Strategy for The Physical Protection of Critical Infrastructures and Key Assets, Washington, USA: The White House, Feb. 2003.
3. E.U. Commission, Green Paper on a European Programme for Critical Infrastructure Protection COM(2005)576, Brussels, 2005.
4. Byres, E., Lowe, J., The Myths and Facts behind Cyber Security Risks for Industrial Control Systems, British Columbia Institute of Technology
5. Lavalle, L., Balducelli, C., Vicoli, G., Anomaly Detection Approach to Safeguard Critical Infrastructures: A Knowledge Engineering Process on a SCADA Case Study, in Proceedings of Complex Network and Infrastructure Protection (CNIP'06), March 2006.
6. Communication from the Commission to the Council and the European Parliament Critical Infrastructure Protection in the fight against terrorism COM (704)2004, Brussels, October 2004.
7. Shea, D. A., Critical Infrastructure: Control Systems and the Terrorist Threat, in Report for Congress RL31534. The Library of Congress, Febraury 2003
8. Davis, P., Abuse and Misuse of Firewalls in SCADA and Control Systems Environments, in Proceedings of Complex Network and Infrastructure Protection (CNIP'06), March 2006.
9. Esposito, M., Mazzariello, C., Oliviero, F., Romano, S.P., Sansone, C., Evaluating Pattern Recognition Techniques in Intrusion Detection Systems, in Proceedings of 5th Workshop on Pattern Recognition in Information Systems (PRIS '05), May 2005.
10. D'Antonio, S., Mazzariello, C., Oliviero, F., Salvi, D., A distributed multi-purpose IP flow monitor, in Proceedings of 3rd International Workshop on Internet Performance, Simulation, Monitoring and Measurement (IPS-MoMe '05), March 2005.
11. Vigna, G., Kemmerer, R., Netstat: a network based intrusion detection system, Journal of Computer Security, 7(1), 1999.
12. Anderson, D., Detecting usual program behavior using the statistical component of the next-generation intrusion detection expert system (nides), Technical report, Computer Science Laboratory, 1995.
13. Tyson, M., Derbi: Diagnosys explanation and recovery from computer break-ins, Technical report, SRI International, 2000.
14. Rebecca Gurley Bace, Intrusion Detection, Macmillan Technical Publishing, January 2000.
15. Lakhina, A., Crovella, M., Diot, C., Mining anomalies using traffic feature distributions, in Proceedings of ACM SIGCOMM '05, August 2005.
16. Matthew Vincent Mahoney, Network traffic anomaly detection based on packet bytes, in Proceedings of ACM SAC 03, 2003.
17. Baker, A. R., Caswell, B., Poor, M., Snort 2.1 Intrusion Detection - Second Edition, Syngress, 2004.
18. Vern Paxson and Brian Terney, Bro reference manual, 2004
19. Lindqvist, U., Porras, P., A., Detecting computer and network misuse through the production-based expert system toolset (p-best), in Proceedings of the 1999 IEEE Symposium on Security and Privacy, pages 146-161, Oakland, California, May 1999.
20. Wenke Lee, W., Stolfo, S. J., A framework for constructing features and models for intrusion detection systems, ACM Transactions on Information and System Security (TISSEC), 3(4):227261, November 2000.
21. Barbara, D., Couto, J., Jajodia, S., Popyack, L., Wu, N., Adam: Detecting intrusion by data mining, in Proceedings of the Workshop on Information Assurance and Security, 2001.
22. Sadasivan, G., Brownlee, N., Claise, B., Quittek, J., Ipfix working group internet draft, architecture model for ip flow information export, Internet draft, IETF, January 2005.
23. Kitatsuji, Y., Yamazaki, K., A distributed real-time tool for ip-flow measurement, in Proceedings of the 2004 International Symposium on Applications and the Internet, 2004.
24. Falko Dressler, F., Carle, G., History - high speed network monitoring and analysis, in Proceedings of 24th IEEE Conference on Computer Communications (IEEE INFOCOM 2005), March 2005.
25. Abad, C., Li Y., Lakkaraju, K., Yin, X., Yurcik, W., Correlation between netflow system and network views for intrusion detection, in Proceedings of Workshop on Link Analysis, Counter-terrorism, and Privacy held in conjunction with SDM 2004.
26. Yin, X., Yurcik, W., Treaster, M., Li, Y., Lakkaraju, K., Visflowconnect: netflow visualizations of link relationships for security situational awareness, in Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, pages 26-34, ACM Press, 2004.
27. Abad, C., Taylor, J., Sengul, C., Yurcik, W., Zhou, Y., Rowe, K., Log correlation for intrusion detection: A proof of concept, in Proceedings of the 19th Annual Computer Security Applications Conference (ACSAC), 2003.
28. Li, Z., Taylor, J., Partridge, E., Zhou, Y., Yurcik, W., Abad, C., Barlow, J., Rosendale, J., Uclog: A unified, correlated logging architecture for intrusion detection, in Proceedings of the 12th International Conference on Telecommunication Systems, Modeling and Analysis (ICTSM), 2004.