A forensics and compliance auditing framework for critical infrastructure protection

Detalhes bibliográficos
Autor(a) principal: Henriques, João
Data de Publicação: 2023
Outros Autores: Caldeira, Filipe, Cruz, Tiago, Simões, Paulo
Tipo de documento: Artigo
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: http://hdl.handle.net/10400.19/8175
Resumo: Contemporary societies are increasingly dependent on products and services provided by Critical Infrastructure (CI) such as power plants, energy distribution networks, transportation systems and manufacturing facilities. Due to their nature, size and complexity, such CIs are often supported by Industrial Automation and Control Systems (IACS), which are in charge of managing assets and controlling everyday operations. As these IACS become larger and more complex, encompassing a growing number of processes and interconnected monitoring and actuating devices, the attack surface of the underlying CIs increases. This situation calls for new strategies to improve Critical Infrastructure Protection (CIP) frameworks, based on evolved approaches for data analytics, able to gather insights from the CI. In this paper, we propose an Intrusion and Anomaly Detection System (IADS) framework that adopts forensics and compliance auditing capabilities at its core to improve CIP. Adopted forensics techniques help to address, for instance, post-incident analysis and investigation, while the support of continuous auditing processes simplifies compliance management and service quality assessment. More specifically, after discussing the rationale for such a framework, this paper presents a formal description of the proposed components and functions and discusses how the framework can be implemented using a cloud-native approach, to address both functional and non-functional requirements. An experimental analysis of the framework scalability is also provided.
id RCAP_0f844dda6d790c86ac600c1ba7bb8b57
oai_identifier_str oai:repositorio.ipv.pt:10400.19/8175
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling A forensics and compliance auditing framework for critical infrastructure protectionForensicsCompliance auditingCritical infrastructure protectionCybersecurityBig dataData analyticsDistributed computingContemporary societies are increasingly dependent on products and services provided by Critical Infrastructure (CI) such as power plants, energy distribution networks, transportation systems and manufacturing facilities. Due to their nature, size and complexity, such CIs are often supported by Industrial Automation and Control Systems (IACS), which are in charge of managing assets and controlling everyday operations. As these IACS become larger and more complex, encompassing a growing number of processes and interconnected monitoring and actuating devices, the attack surface of the underlying CIs increases. This situation calls for new strategies to improve Critical Infrastructure Protection (CIP) frameworks, based on evolved approaches for data analytics, able to gather insights from the CI. In this paper, we propose an Intrusion and Anomaly Detection System (IADS) framework that adopts forensics and compliance auditing capabilities at its core to improve CIP. Adopted forensics techniques help to address, for instance, post-incident analysis and investigation, while the support of continuous auditing processes simplifies compliance management and service quality assessment. More specifically, after discussing the rationale for such a framework, this paper presents a formal description of the proposed components and functions and discusses how the framework can be implemented using a cloud-native approach, to address both functional and non-functional requirements. An experimental analysis of the framework scalability is also provided.Repositório Científico do Instituto Politécnico de ViseuHenriques, JoãoCaldeira, FilipeCruz, TiagoSimões, Paulo2024-01-15T11:28:24Z2023-062024-01-14T15:14:26Z2023-06-01T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articleapplication/pdfhttp://hdl.handle.net/10400.19/8175engHenriques, J., Caldeira, F., Cruz, T., & Simões, P. (2023). A forensics and compliance auditing framework for critical infrastructure protection. International Journal of Critical Infrastructure Protection, 42, 100613. https://doi.org/10.1016/j.ijcip.2023.100613cv-prod-328712910.1016/j.ijcip.2023.100613info:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2024-01-20T02:30:45Zoai:repositorio.ipv.pt:10400.19/8175Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-20T01:52:24.322374Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv A forensics and compliance auditing framework for critical infrastructure protection
title A forensics and compliance auditing framework for critical infrastructure protection
spellingShingle A forensics and compliance auditing framework for critical infrastructure protection
Henriques, João
Forensics
Compliance auditing
Critical infrastructure protection
Cybersecurity
Big data
Data analytics
Distributed computing
title_short A forensics and compliance auditing framework for critical infrastructure protection
title_full A forensics and compliance auditing framework for critical infrastructure protection
title_fullStr A forensics and compliance auditing framework for critical infrastructure protection
title_full_unstemmed A forensics and compliance auditing framework for critical infrastructure protection
title_sort A forensics and compliance auditing framework for critical infrastructure protection
author Henriques, João
author_facet Henriques, João
Caldeira, Filipe
Cruz, Tiago
Simões, Paulo
author_role author
author2 Caldeira, Filipe
Cruz, Tiago
Simões, Paulo
author2_role author
author
author
dc.contributor.none.fl_str_mv Repositório Científico do Instituto Politécnico de Viseu
dc.contributor.author.fl_str_mv Henriques, João
Caldeira, Filipe
Cruz, Tiago
Simões, Paulo
dc.subject.por.fl_str_mv Forensics
Compliance auditing
Critical infrastructure protection
Cybersecurity
Big data
Data analytics
Distributed computing
topic Forensics
Compliance auditing
Critical infrastructure protection
Cybersecurity
Big data
Data analytics
Distributed computing
description Contemporary societies are increasingly dependent on products and services provided by Critical Infrastructure (CI) such as power plants, energy distribution networks, transportation systems and manufacturing facilities. Due to their nature, size and complexity, such CIs are often supported by Industrial Automation and Control Systems (IACS), which are in charge of managing assets and controlling everyday operations. As these IACS become larger and more complex, encompassing a growing number of processes and interconnected monitoring and actuating devices, the attack surface of the underlying CIs increases. This situation calls for new strategies to improve Critical Infrastructure Protection (CIP) frameworks, based on evolved approaches for data analytics, able to gather insights from the CI. In this paper, we propose an Intrusion and Anomaly Detection System (IADS) framework that adopts forensics and compliance auditing capabilities at its core to improve CIP. Adopted forensics techniques help to address, for instance, post-incident analysis and investigation, while the support of continuous auditing processes simplifies compliance management and service quality assessment. More specifically, after discussing the rationale for such a framework, this paper presents a formal description of the proposed components and functions and discusses how the framework can be implemented using a cloud-native approach, to address both functional and non-functional requirements. An experimental analysis of the framework scalability is also provided.
publishDate 2023
dc.date.none.fl_str_mv 2023-06
2023-06-01T00:00:00Z
2024-01-15T11:28:24Z
2024-01-14T15:14:26Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/article
format article
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10400.19/8175
url http://hdl.handle.net/10400.19/8175
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv Henriques, J., Caldeira, F., Cruz, T., & Simões, P. (2023). A forensics and compliance auditing framework for critical infrastructure protection. International Journal of Critical Infrastructure Protection, 42, 100613. https://doi.org/10.1016/j.ijcip.2023.100613
cv-prod-3287129
10.1016/j.ijcip.2023.100613
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv
_version_ 1799137014938861568

Registros relacionados