PROCESS-AWARE ATTACK DETECTION. MONITORING FRAMEWORK.
Industrial Control Systems are increasingly extended with automated controls and communication capabilities. This leads to concerns about exposure to attacks that threaten to disrupt operations, and aim to harm the physical process in the system and the wellbeing of its operators. Established security practices from the IT domain do not translate well for such environments with legacy components due to the protocols and network topologies used. We address those issues through physical process-aware attack detection leveraging process data gathered passively in the system.
Process-aware attack detection. We are researching estimation and simulation of the physical process state in real-time. This allows us to compare the reported system state to our expected one, and to quickly detect deviations between the two. Processes are modelled through physicsbased models, simulation frameworks, and machine-learned models.
Monitoring Framework. We investigate approaches to complement existing systems with additional features to allow legacy-compliant authentication of messages and detection of manipulations. In addition, we assess the security of commercial industrial devices and platforms, and propose systems that are secure by design.