Lorena Cazorla, Cristina Alcaraz and Javier Lopez. Towards Automatic Critical Infrastructure Protection through Machine Learning. CRITIS 13 - 8th International Conference on Critical Information Infrastructure Security, September 16-18th, 2013, Amsterdam, The Netherlands.

Abstract. Critical Infrastructure Protection (CIP) faces increasing challenges in number and in sophistication, which makes vital to provide new forms of protection to face every day’s threats. In order to make such protection holistic, covering all the needs of the systems from the point of view of security, prevention aspects and situational awareness should be considered. Researchers and Institutions stress the need of providing intelligent and automatic solutions for protection, calling our attention to the need of providing Intrusion Detection Systems (IDS) with intelligent active reaction capabilities. In this paper, we support the need of automating the processes implicated in the IDS solutions of the critical infrastructures and theorize that the introduction of Machine Learning (ML) techniques in IDS will be helpful for implementing automatic adaptable solutions capable of adjusting to new situations and timely reacting in the face of threats and anomalies. To this end, we study the different levels of automation that the IDS can implement, and outline a methodology to endow critical scenarios with preventive automation. Finally, we analyze current solutions presented in the literature and contrast them against the proposed methodology.



Cristina Alcaraz, Javier Lopez. FACIES: online identification of Failure and Attack on interdependent Critical InfrastructurES. In European CIIP Newsletter, vol. 7, pp. 11-13, Nov 2013.

Abstract. FACIES aims to protect water treatment systems and their control systems against accidental or intentional incidents such as failures, anomalies and cyber-attacks with a particular emphasis on stealth attacks.



Cristina Alcaraz, Javier Lopez. Diagnosis Mechanism for Accurate Monitoring in Critical Infrastructure Protection. In Computer Standards & Interfaces, vol. 36, issue 3, pp. 501-512, Elsevier, 2014.

Abstract. Wide-area situational awareness for critical infrastructure protection has become a topic of interest in recent years. As part of this interest, we propose in this paper a smart mechanismto: control real states of the observed infrastructure fromanywhere and at any time, respond to emergency situations and assess the degree of accuracy of the entire control system. Particularly, the mechanism is based on a hierarchical configuration of sensors for control, the ISA100.11a standard for prioritization and alarm management, and the F-Measure technique to study the level of accuracy of a sensor inside a neighborhood.



Cristina Alcaraz, Javier Lopez. WASAM: a Dynamic Wide-Area Situational Awareness Model for Critical Domains in Smart Grids. In Future Generation Computer Systems, vol. 30, pp. 146-154, Elsevier, 2014.

Abstract. Control from anywhere and at anytime is nowadays a matter of paramount importance in critical systems. This is the case of the Smart Grid and its domains which should be monitored through intelligent and dynamic mechanisms able to anticipate, detect and respond before disruptions arise within the system. Given this fact and its importance for social welfare and the economy, a model for wide-area situational awareness is proposed in this paper. The model is based on a set of current technologies such as the wireless sensor networks, the ISA100.11a standard and cloud-computing together with a set of highlevel functional services. These services include global and local support for prevention through a simple forecast scheme, detection of anomalies in the observation tasks, response to incidents, tests of accuracy and maintenance, as well as recovery of states and control in crisis situations.


Constantinos Heracleous, Zinon Zinonos, Christos G. Panayiotou. Water Supply Optimization: An IPA Approach. 12th IFAC – WODES 14 - IEEE International Workshop on Discrete Event Systems, May 14-16th, 2014, Cachan, France.

Abstract. In this paper we address the problem of deciding whether a water source should be used by a water utility such that the production cost as well as the penalty cost due to water shortages is minimized while certain constraints are satisfied. The problem is modeled using composition of multiple open hybrid automata while the decision logic depends on certain parameters that need to be optimized. Subsequently, infinitesimal perturbation analysis (IPA) is used to optimize these parameters. The proposed approach is non-parametric in the sense that it does not depend on any assumptions on the stochastic processes that drive the system dynamics and it can be used online to continuously adjust the control parameters even when the input processes are not stationary.



Estefanía Etchevés Miciolino, Roberto Setola, Federica Pascucci, Javier Lopez, Marios M. Polycarpou. FACIES: a Testbed for Distributed Fault and Attack Identification in Interdependent Critical Infrastructures. 2nd International SCADA LAB Workshop, May 28th, 2014, Seville, Spain.

Abstract. In this paper a testbed for a water distribution system is described, developed in the framework of the FACIES Project. It aims to validate a general distributed approach for the early detection of faults and attacks to interdependent Critical Infrastructures, deploying a complex architecture where a number of systems interact to generate the adequate alarms and countermeasures for these types of events. Moreover, some experimental results are provided, suggesting the effectiveness of this approach.



Cristina Alcaraz, Lorena Cazorla and Gerardo Fernandez. Context-Awareness using Anomaly-based Detectors for Smart Grid Domains. CRISIS 2014 - 9th International Conference on Risks and Security of Internet and Systems, August 27-29th, 2014, Trento, Italy. {Accepted}

Abstract. Anomaly-based detection applied in strongly interdependent systems, like Smart Grids, has become one of the most challenging research areas in recent years. Early detection of anomalies so as to detect and prevent unexpected faults or stealthy threats is attracting a great deal of attention from the scientific community because it offers potential solutions for context-awareness. These solutions can also help explain the conditions leading up to a given situation and help determine the degree of its severity. However, not all the existing approaches within the literature are equally effective in covering the needs of a particular scenario. It is necessary to explore the control requirements of the domains that comprise a Smart Grid, identify, and even select, those approaches according to these requirements and the intrinsic conditions related to the application context, such as technological heterogeneity and complexity. Therefore, this paper analyses the functional features of existing anomaly-based approaches so as to adapt them, according to the aforementioned conditions. The result of this investigation is a guideline for the construction of preventive solutions that will help improve the context-awareness in the control of Smart Grid domains in the near future.



Constantinos Heracleous, Estefanía Etchevés Miciolino, Roberto Setola, Federica Pascucci, Demetrios G. Eliades, Georgios Ellinas, Christos G. Panayiotou and Marios M. Polycarpou. Critical Infrastructure Online Fault Detection: Application in Water Supply Systems. CRITIS 14 - 9th International Conference on Critical Information Infrastructures Security, October 13-15, 2014, Limassol, Cyprus. {Accepted}

Abstract. In this paper we first introduce a testbed that is able to emulate the operation and common faults of a water supply system, as well as its interaction with a SCADA system. Then we implement an online fault detection algorithm based on a fault diagnosis architecture for nonlinear uncertain discrete-time systems, that we apply and test with the testbed. We finally present some experimental results illustrating the effectiveness of this approach.



Lorena Cazorla, Estefanía Etchevés Miciolino, Cristina Alcaraz, Javier Lopez. Injection-based Stealth Attacks in Critical Infrastructures. CRITIS 14 - 9th International Conference on Critical Information Infrastructures Security, October 13-15, 2014, Limassol, Cyprus. {Accepted}

Abstract. Current critical infrastructures (CIs) are complex interconnected industrial systems that have incorporated in the recent years information and communications technologies such as the connection to the Internet and commercial off-the-shelf  components, which make them easier to operate and maintain, but open them to the threats and attacks that inundate the conventional networks and systems. This paper focuses on the study of injection-based stealth attacks targeting CIs, where the adversary finely tunes his actions in order to avoid detection while pursuing his objectives. We analyze injection attacks at two levels, lowlevel attacks against the state estimation system and high-level attacks against the communication networks. We determine the stages of the stealth attacks and provide a taxonomy to illustrate the risks they pose, offering an overview of the applicable countermeasures against these attacks.



Roberto Setola. Identificazione Automatica di Guasti Accidentali e Dolosi: il Progetto FACIES. H2O AccaDueO 2014 – XII International Exhibition of Technologies for the Treatment and Distribution of Drinking Water and Wastewater Treatment, October 22-24th, 2014, Bologna, Italy.


Estefanía Etchevés Miciolino, Roberto Setola, Federica Pascucci, Javier Lopez, Marios M. Polycarpou. Physical and Cyber Fault and Attack Detection in Interdependent CIs – The FACIES Testbed. IJSSE – International Journal of System of Systems Engineering {Submitted}

Abstract. In the framework of the FACIES Project, regarding the distributed detection of fault and attacks to interdependent Critical Infrastructures, a physical testbed for the emulation of a water supply and distribution system has been developed. In this paper such testbed is described, as well as the complex architecture built for its correct operation, consisting of a number of modules that opportunely interact to gather information, events and alarms during the operation, with the aim to early detect accidental and malicious faults and attacks to the infrastructure, evaluating the impact on the other Cis that interact with it, and generating the adequate countermeasures. Moreover, experimental results are reported, which confirm the validity and effectiveness of the approach deployed.