DCCI 2016 Abstracts


Full Papers
Paper Nr: 1
Title:

A Novel Histogram-based Network Anomaly Detection

Authors:

Christian Callegari, Michele Pagano, Stefano Giordano and Fabrizio Berizzi

Abstract: The ability of capturing unknown attacks is an attractive feature of anomaly-based intrusion detection and it is not surprising that research on such a topic represents one of the most promising directions in the field of network security. In this work we consider two different traffic descriptors and evaluate their ability in capturing different kinds of anomalies, taking into account three different measures of similarity in order to discriminate between the normal network behaviour and the presence of anomalies. An extensive performance analysis, carried out over the publicly available MAWILab dataset, has highlighted that a proper choice of the relevant traffic descriptor and the similarity measure can be particularly efficient in the case of unknown attacks, i.e. those attacks that cannot be detected by standard misuse-based systems.

Paper Nr: 2
Title:

An Architecture for Securing Communications in Critical Infrastructure

Authors:

Christian Callegari, Alessandro Cantelli Forti, Giuseppe D'Amore, Enrique de la Hoz, David Echarri Santamaria, Ivan García-Ferreira and German López-Civera

Abstract: The disruption of communications in critical infrastructures could have a serious impact on the health, safety, security or economic well-being of citizens or even prevent the effective functioning of governments or other agencies. For this reason, in this paper we present a distributed architecture, named CYBERSENS, aimed at preventing, early detecting, and mitigating cyber attacks to critical infrastructure networks. CYBERSENS is an advanced IDS/IPS system specially tailored for securing communications in critical infrastructures. It’s federated architecture, the combination of misuse detection techniques and novel anomaly detection approaches, and the inclusion of mechanisms for self-obfuscation and self-protection, makes our proposal specially suit- able for these scenarios.

Paper Nr: 3
Title:

TOWER: Topology Optimization for netWork Enhanced Resilience

Authors:

Enrique de la Hoz, Jose Manuel Gimenez-Guzman, German Lopez-Civera, Ivan Marsa-Maestre and David Orden

Abstract: Nowadays society is more and more dependent on critical infrastructures. Critical network infrastructures (CNI) are communication networks whose disruption can create a severe impact on other systems including critical infrastructures. In this work, we propose TOWER, a framework for the provision of adequate strategies to optimize service provision and system resilience in CNIs. The goal of TOWER is being able to compute new network topologies for CNIs under the event of malicious attacks. For doing this, TOWER takes into account a risk analysis of the CNI, the results from a cyber-physical IDS and a multilayer model of the network, for taking into account all the existing dependences. TOWER analyses the network structure in order to determine the best strategy for obtaining a network topology, taking into account the existing dependences and the potential conflicting interests when not all requirements can be met. Finally, we present some lines for further development of TOWER.

Paper Nr: 4
Title:

A New SDN Traffic Control Application for Security Routing in Critical Infrastructures

Authors:

Davide Adami, Stefano Giordano, Giuseppe D'Amore, Mauro Alberto Brignoli, Enrique de la Hoz and German Lopez-Civera

Abstract: In the framework of the EU-FP7 SCOUT project, RECOVER is a subsystem that enables a satellite infrastructure, and more specifically the ground control segment, with traffic control capabilities. Basically, RECOVER applies rules (forward, drop, re-route) to traffic flows. In this paper, we discuss the preliminary architecture of the RECOVER subsystem. The design is based on SDN, a novel approach for computer networking that allows network administrators to manage network services through the abstraction of higher-level functionalities. The core of the subsystem is a new traffic control application that provides policy-based secure routing, i.e., the ability to take on routing decisions driven by physical or network security targets.

Paper Nr: 5
Title:

Distributed Physical Sensors Network for the Protection of Critical Infrastractures Against Physical Attacks

Authors:

M. P. Jarabo-Amores, M. Rosa-Zurera, D. de la Mata-Moya, A. Capria, A. L. Saverino, C. Callegari, F. Berizzi, P. Samczynski, K. Kulpa, M. Ummenhofer, H. Kuschel, A. Meta, S. Placidi, K. Lukin and G. D’Amore

Abstract: The SCOUT project is based on the use of multiple innovative and low impact technologies for the protection of space control ground stations and the satellite links against physical and cyber-attacks, and for intelligent reconfiguration of the ground station network (including the ground node of the satellite link) in the case that one or more nodes fail. The SCOUT sub-system devoted to physical attacks protection, SENSNET, is presented. It is designed as a network of sensor networks that combines DAB and DVB-T based passive radar, noise radar, Ku-band radar, infrared cameras, and RFID technologies. The problem of data link architecture is addressed and the proposed solution described.

Paper Nr: 6
Title:

Dataset Analysis for Anomaly Detection on Critical Infrastructures

Authors:

German Lopez-Civera and Enrique de la Hoz

Abstract: Anomaly Detection techniques allow to create robust security measures that provides early detection and are able to identify novel attacks that could not be prevented otherwise. Datasets represent a critical component in the process of designing and evaluating any kind of anomaly detection method. For this reason, in this paper we present the evaluation of two datasets showing the dependencies that arise between the techniques employed and the dataset itself. We also describe the characteristics that have to be taken into account while selecting a dataset to evaluate a detection algorithm in a critical infrastructure context.