In recent years the monitoring and control devices in charge of supervising the critical processes of Critical Infrastructures have been victims of cyber attacks. To face such threat, organizations providing critical services are increasingly focusing on protecting their network infrastructures. Security Information and Event Management (SIEM) frameworks support network protection by performing centralized correlation of network asset reports. In this work we propose an extension of a commercial SIEM framework, namely OSSIM by AlienVault, to perform the analysis of the reports (events) generated by monitoring, control and security devices of the dam infrastructure. Our objective is to obtain evidences of misuses and malicious activities occurring at the dam monitoring and control system, since they can result in issuing hazardous commands to control devices. We present examples of misuses and malicious activities and procedures to extend OSSIM for analyzing new event types.
|Titolo:||Integration of a System for Critical Infrastructure Protection with the OSSIM SIEM Platform: A dam case study|
|Autori interni:||COPPOLINO, Luigi|
|Data di pubblicazione:||2011|
|Rivista:||LECTURE NOTES IN COMPUTER SCIENCE|
|Appare nelle tipologie:||2.1 Contributo in volume (Capitolo o Saggio)|