Abstract. Wireless Sensor Networks (WSN) are being investigated by the research community for resilient distributed monitoring. Multiple sensor data fusion has proven as a valid technique to improve detection effectiveness and reliability. In this paper we propose a theoretical framework for correlating events detected by WSN in the context of critical infrastructure protection. The aim is to develop a decision support and early warning system used to effectively face security threats by exploiting the advantages of WSN. The research addresses two relevant issues: the development of a middleware for the integration of heterogeneous WSN (SeNsIM, Sensor Networks Integration and Management) and the design of a model-based event correlation engine for the early detection of security threats (DETECT, DEcision Triggering Event Composer & Tracker). The paper proposes an overall system architecture for the integration of the SeNsIM and DETECT frameworks and provides example scenarios in which the system features can be exploited.
The security of railway and mass-transit systems is increasingly dependant on the effectiveness of integrated Security Management Systems (SMS), which are meant to detect threats and to provide operators with information required for alarm verification purposes. In order to lower the false alarm rate and improve the detection reliability of threat scenarios, event correlation capabilities need to be integrated into the SMS. In this paper an existing approach based on a-priori defined event patterns is extended using a heuristic situation recognition approach which is more robust to both imperfect scenario modeling (human faults) and missed detections (sensor faults). The approach is based on similarity analysis between the event trees representing scenarios and it is effective both on-line and off-line. Applied on-line, it allows for an earlier and more fault-tolerant threat detection, since scenario matching is not required to be complete nor exact. Applied off-line, its effectiveness is twofold: first, it allows for detecting redundancies when updating the scenario repository; secondly, it enhances the post-event forensic search of suspicious behaviors not previously stored in the scenario repository. The strategy is being experimented in the context of railway protection
Abstract. Video content analytics is being increasingly employed for the security surveillance of mass-transit systems. The growing number of cameras, the presence of legacy networks, the limited bandwidth of wireless links, are some of the issues which highlight the importance of evaluating the performance of motion tracking against different levels of video compression. In this paper, we report the results of such an evaluation considering falsenegative and false-positive metrics applied to videos captured from cameras installed in a real metro-railway environment. The evaluation methodology is based on the manual generation of the Ground Truth on selected videos at growing levels of MJPEG compression, and on its comparison with the Algorithm Result automatically generated by the Motion Tracker. The computation of reference performance metrics is automated by a tool developed in Matlab. Results are discussed with respect to the main causes of false detections, and hints are provided for further industrial applications.
Cyber Physical Systems are facing huge and diverse set of security risks, especially cyber-attacks that can cause disruption to physical services or create a national disaster. Information and communication technology (ICT) has made a remarkable impact on the society. A Cyber Physical System (CPS) relies basically on information and communication technology, which puts the system's assets under certain risks especially cyber ones, and hence they must be kept under control by means of security countermeasures that generate confidence in the use of these assets. And so there is a critical need to give a great attention on the cybersecurity of these systems, which consequently leads to the safety of the physical world. This goal is achieved by adopting a solution that applies processes, plans and actions to prevent or reduce the effects of threats. Traditional IT risk assessment methods can do the job, however, and because of the characteristics of a CPS, it is more efficient to adopt a solution that is wider than a method, and addresses the type, functionalities and complexity of a CPS. This chapter proposes a framework that breaks the restriction to a traditional risk assessment method and encompasses wider set of procedures to achieve a high level strategy that could be adopted in the risk management process, in particular the cybersecurity of cyber-physical systems.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.