An Architecture for Securing Communications in Critical Infrastructure

Christian Callegari, Alessandro Cantelli Forti, Giuseppe D'Amore, Enrique de la Hoz, David Echarri Santamaria, Ivan García-Ferreira, German López-Civera


The disruption of communications in critical infrastructures could have a serious impact on the health, safety, security or economic well-being of citizens or even prevent the effective functioning of governments or other agencies. For this reason, in this paper we present a distributed architecture, named CYBERSENS, aimed at preventing, early detecting, and mitigating cyber attacks to critical infrastructure networks. CYBERSENS is an advanced IDS/IPS system specially tailored for securing communications in critical infrastructures. It’s federated architecture, the combination of misuse detection techniques and novel anomaly detection approaches, and the inclusion of mechanisms for self-obfuscation and self-protection, makes our proposal specially suit- able for these scenarios.


  1. Bace, R. G. (2000). Intrusion detection. Sams Publishing.
  2. Bray, R., Cid, D., and Hay, A. (2008). OSSEC host-based intrusion detection guide. Syngress.
  3. Callegari, C., Di Pietro, A., Giordano, S., Pepe, T., and Procissi, G. (2012). The loglog counting reversible sketch: A distributed architecture for detecting anomalies in backbone networks. In Communications (ICC), 2012 IEEE International Conference on, pages 1287-1291.
  4. Callegari, C., Gazzarrini, L., Giordano, S., Pagano, M., and Pepe, T. (2010). When randomness improves the anomaly detection performance. In Proceedings of the International Symposium on Applied Sciences in Biomedical and Communication Technologies (ISABEL).
  5. Callegari, C., Giordano, S., and Pagano, M. (2015). Network and System Security: 9th International Conference, NSS 2015, New York, NY, USA, November 3- 5, 2015, Proceedings, chapter Enforcing Privacy in Distributed Multi-Domain Network Anomaly Detection, pages 439-446. Springer International Publishing, Cham.
  6. Carlen, P. L. (2013). Traffic flow confidentiality mechanisms and their impact on traffic. In Military Communications and Information Systems Conference (MCC), 2013, pages 1-6. IEEE.
  7. Claise, B. (2004). Cisco systems netflow services export version 9.
  8. Cormode, G. and Muthukrishnan, S. (2005). An improved data stream summary: the count-min sketch and its applications. Journal of Algorithms, 55(1):58 - 75.
  9. Durand, M. and Flajolet, P. (2003). Loglog counting of large cardinalities. In In ESA, pages 605-617.
  10. Enumeration, C. A. P. (2013). Classification (capec). URL https://capec. mitre. org.
  11. EUCommission (2004). Critical Infrastructure Protection in the Fight against Terrorism.
  12. Flajolet, P. and Martin, G. N. (1985). Probabilistic counting algorithms for data base applications. J. Comput. Syst. Sci., 31(2):182-209.
  13. Schweller, R., Gupta, A., Parsons, E., and Chen, Y. (2004). Reversible sketches for efficient and accurate change detection over network data streams. In Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, IMC 7804, pages 207-212, New York, NY, USA. ACM.
  14. Spitzner, L. (2003). The honeynet project: Trapping the hackers. IEEE Security & Privacy, (2):15-23.
  15. Woodring, S. (2001). Port mirroring in channel directors and switches. US Patent App. 10/026,706.
  16. Zhang, F., Zhou, S., Qin, Z., and Liu, J. (2003). Honeypot: a supplemented active defense system for network security. In Parallel and Distributed Computing, Applications and Technologies, 2003. PDCAT'2003. Proceedings of the Fourth International Conference on, pages 231-235. IEEE.

Paper Citation

in Harvard Style

Callegari C., Cantelli Forti A., D'Amore G., de la Hoz E., Santamaria D., García-Ferreira I. and López-Civera G. (2016). An Architecture for Securing Communications in Critical Infrastructure . In - DCCI, (ICETE 2016) ISBN , pages 0-0. DOI: 10.5220/0006016801110120

in Bibtex Style

author={Christian Callegari and Alessandro Cantelli Forti and Giuseppe D'Amore and Enrique de la Hoz and David Echarri Santamaria and Ivan García-Ferreira and German López-Civera},
title={An Architecture for Securing Communications in Critical Infrastructure},
booktitle={ - DCCI, (ICETE 2016)},

in EndNote Style

JO - - DCCI, (ICETE 2016)
TI - An Architecture for Securing Communications in Critical Infrastructure
SN -
AU - Callegari C.
AU - Cantelli Forti A.
AU - D'Amore G.
AU - de la Hoz E.
AU - Santamaria D.
AU - García-Ferreira I.
AU - López-Civera G.
PY - 2016
SP - 0
EP - 0
DO - 10.5220/0006016801110120