High-speed intrusion detection in support of critical infrastructure protection

  • Authors:

  • Salvatore D'Antonio;Francesco Oliviero;Roberto Setola

  • Affiliations:

  • Lab. ITeM – Consorzio Interuniversitario Nazionale per l'Informatica, CINI;Dipartimento di Informatica e Sistemistica, University of Napoli Federico II;Complex Systems & Security Lab, University CAMPUS Bio-Medico of Roma

  • Venue:
  • CRITIS'06 Proceedings of the First international conference on Critical Information Infrastructures Security
  • Year:
  • 2006

Quantified Score

Hi-index 0.00

Visualization

Abstract

Telecommunication network plays a fundamental role in the management of critical infrastructures since it is largely used to transmit control information among the different elements composing the architecture of a critical system. The health of a networked system strictly depends on the security mechanisms that are implemented in order to assure the correct operation of the communication network. For this reason, the adoption of an effective network security strategy is seen as an important and necessary task of a global methodology for critical infrastructure protection. In this paper we present 2 contributions. First, we present a distributed architecture that aims to secure the communication network upon which the critical infrastructure relies. This architecture is composed of an intrusion detection system (IDS) which is built on top of a customizable flow monitor. Second, we propose an innovative method to extrapolate real-time information about user behavior from network traffic. This method consists in monitoring traffic flows at different levels of granularity in order to discover ongoing attacks.