Abstract
In recent years the monitoring and control devices in charge of supervising the critical processes of Critical Infrastructures have been victims of cyber attacks. To face such threat, organizations providing critical services are increasingly focusing on protecting their network infrastructures. Security Information and Event Management (SIEM) frameworks support network protection by performing centralized correlation of network asset reports. In this work we propose an extension of a commercial SIEM framework, namely OSSIM by AlienVault, to perform the analysis of the reports (events) generated by monitoring, control and security devices of the dam infrastructure. Our objective is to obtain evidences of misuses and malicious activities occurring at the dam monitoring and control system, since they can result in issuing hazardous commands to control devices. We present examples of misuses and malicious activities and procedures to extend OSSIM for analyzing new event types.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Regan, P.J.: Dams as systems - a holistic approach to dam safety. In: 30th Annual USSD Conference Sacramento, California (2010)
White Paper, Global Energy Cyberattacks: “Night Dragon”, McAfee® Foundstone®Professional Services and McAfee Labs (2011)
White Paper, Symantec®Intelligence Quarterly Report, Targeted Attacks on Critical Infrastructures, http://bit.ly/g8kpvz (October-December, 2010)
Jeon, J., Lee, J., Shin, D., Park, H.: Development of dam safety management system. Advances in Engineering Software 40(8), 554–563 (2009) ISSN 0965-9978
Farinha, F., Portela, E., Domingues, C., Sousa, L.: Knowledge-based systems in civil engineering: Three case studies. In: Advances in Engineering Software. Selected papers from Civil-Comp 2003 and AICivil-Comp 2003, vol. 36(11-12), pp. 729–739 (November-December 2005) ISSN 0965-9978
Ingelrest, F., Barrenetxea, G., Schaefer, G., Vetterli, M., Couach, O., Parlange, M.: SensorScope: Application-specific sensor network for environmental monitoring. ACM Trans. Sen. Netw. 6(2) Article 17 (2010)
Briesemeister, L., Cheung, S., Lindqvist, U., Valdes, A.: Detection, correlation, and visualization of attacks against critical infrastructure systems. In: Eighth Annual International Conference on Privacy Security and Trust (PST), 2010, August 17-19, pp. 15–22 (2010), doi:10.1109/PST.2010.5593242
Madrid, J.M., Munera, L.E., Montoya, C.A., Osorio, J.D., Cardenas, L.E., Bedoya, R., Latorre, C.: Functionality, reliability and adaptability improvements to the OSSIM information security console. In: IEEE Latin-American Conference on Communications, LATINCOM 2009, September 10-11, pp. 1–6 (2009)
Myers, B.K., Dutson, G.C., Sherman, T.: City of Salem Utilizing Automated Monitoring for the Franzen Reservoir Dam Safety Program. In: 25th USSD Annual Meeting and Conference Proceedings (2005)
Parekh, M., Stone, K., Delborne, J.: Coordinating Intelligent and Continuous Performance Monitoring with Dam and Levee Safety Management Policy. In: Association of State Dam Safety Officials Conference Proceedings, at the 2010 Dam Safety Conference (2010)
Karg, D., Casal, J.: Ossim: Open source security information management. Tech. report, OSSIM (2008)
AlienVault®, http://alienvault.com/
AlienVault OSSIM Available Plugins, http://alienvault.com/community/plugins
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Coppolino, L., D’Antonio, S., Formicola, V., Romano, L. (2011). Integration of a System for Critical Infrastructure Protection with the OSSIM SIEM Platform: A dam case study. In: Flammini, F., Bologna, S., Vittorini, V. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2011. Lecture Notes in Computer Science, vol 6894. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-24270-0_15
Download citation
DOI: https://doi.org/10.1007/978-3-642-24270-0_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-24269-4
Online ISBN: 978-3-642-24270-0
eBook Packages: Computer ScienceComputer Science (R0)