Security in Mission Critical Communication Systems: Approach for Intrusion Detection

Introduction

A mission critical system is essential to the survival of a business or organization. When a mission critical system is attacked or failed, business operations and organizations are significantly impacted. For some governmental organizations and some IT sectors, databases are considered as Mission Critical systems. For the internet applications, servers are considered as Mission Critical systems. For public safety organizations, the systems must be reliable and available around the clock to guarantee instant responses in order to save lives. The security in mission-critical systems and wireless communications has attracted a great attention, especially with its rapid development. Security considerations in mission critical systems and wireless communications act as a challenging research area due to the increase of security-critical applications in which a reliable intrusion detection mechanism is needed. Mission-critical communications are extensively used by public safety responders and organizations where connections and communications have to be done reliably and instantly. Public safety organizations also use the Mission Critical systems to monitor major crime and large scale disasters. The mission Critical systems have three main elements:

• 1.

  Interoperability where the communications can be taken instantaneously with different organizations.

• 2.

  Critical Networks which offers security to the users of the system.

• 3.

  Mission Critical data where the important data needed to secure the network can be easily accessed.

The reliability in Mission Critical Systems is highly needed for the survival of the purpose that they are built for. Securing these systems from attacks increases their reliability greatly. Thus, the security in Mission Critical Systems is one of the important concerns to be addressed in those systems. One of the security issues to be addressed is to detect the intrusions that may attack the devices used in the communications as intrusions can greatly affect the performance of the Mission critical systems or may do unwanted manipulation with the critical data sent over the network. The real-time security monitoring for the Mission-critical systems is highly recommended to protect these systems.

In this chapter, an intrusion detection paradigm is introduced. This paradigm introduces an unsupervised learning algorithm and a supervised learning algorithm to detect intrusions. The algorithms can be embedded in the devices used in the Mission critical systems to detect intrusions. Each one of the algorithms builds a set of the intrusion detection rules. The intrusion detection rules generated from both algorithms are structured in the form of a binary tree which decreases the complexity of reaching a decision. The proposed algorithms provided a high detection accuracy using only 10% of the data for training in addition to less number of features, compared to previous work for intrusion detection, which decreased the complexity and the processing time. An enhancement for J48 classification algorithm is also proposed which decreases the size of the algorithm's decision tree and makes it suitable to be used for intrusion detection in memory constrained devices that are used in mission critical systems.