Embedded Files
The context
The context
A Cyber Physical System (CPS) can be defined as the integration of computing, communication, and control capabilities for monitoring and managing physical objects. The "Industry 4.0" paradigm is pushing for a broad adoption of CPS in a number of fields such as intelligent manufacturing, smart vehicles, and telecommunication systems. In this context, the security of CPS is critical and challenging since it concerns several aspects such as data collection, information transmission, and processing and control subsystems.
The design of effective anomaly detection systems has been widely addressed in the literature. They can be grouped in two classes: the first foresees the manual setting of alert thresholds that are monitored by experts, whereas the second relies on an automatic approach that can be based on artificial intelligence. The latter systems have proven to be more effective, adaptive with respect to traffic variations (without the need to manually recalibrate the thresholds) and require a reduced human intervention.
The approach proposed in ISEEYOO relies on the exploitation of machine learning techniques for anomaly detection based on a 2D representation of the data to be analyzed. A significant improvement with respect to the state-of-the-art is in the fact that, despite deep learning techniques have been successfully applied in many research fields related to image processing, only few works have been proposed for anomaly detection in CPSs.
The contribution
The contribution
The main achievement of ISEEYOO will be the improvement of the state of the art. In fact, while network anomaly detection is a widely investigated topic, ISEEYOO presents an innovative approach that exploits a two-dimensional representation of traffic data.
The results achieved during the project can pave the way for the application of a similar strategy in different scenarios. As an example, instead of analyzing only the traffic data, the 2D representation could be used for other types of distributed information collected in a CPS (e.g. sensor measurements).
ISEEYOO can be used as a standalone tool for detecting a wide range of attacks in communication systems that foresee the deployment of sensors or it can be adopted as building block of a more complex system (e.g., the CCASPER framework proposed in [1]). In addition, a similar approach could be beneficial for anomaly detection in other research fields with minimum modification of the proposed architecture. As a consequence, ISEEYOO impact will not be limited to the specific use case addressed in this project.
We expect the project to have a major impact on the research community. This will happen through the dissemination of the methodology and the architecture envisaged as well as of the results obtained. This system will be exploited as an analysis and reaction tool in the definition of more general safety architectures both in the context of European research projects or in practical application scenarios.
The excellence of the project will be guaranteed by the advisory board made up of experts in the field. In particular, researchers from the Institute of Communications and Computer Systems (ICCS, Greece) and from the Ericsson Telecomunicazioni S.p.A. group (TEI, Italy) will be part of the advisory board. On one hand, the advisory board guarantees high-level scientific support, on the other it provides expertise in the technological transfer of the results obtained. Since the project involves members of national and international universities, research centers and a company, this project can lay the foundation for the preparation of a consortium and the submission of a european project.
[1] Baldoni S, Celozzi G, Neri A, Carli M, Battisti F. Inferring Anomaly Situation from Multiple Data Sources in Cyber Physical Systems. Cyber-Physical Security for Critical Infrastructures Protection. 2021;12618:67-76. Published 2021 Jan 28. doi:10.1007/978-3-030-69781-5_5
The timeline
The research will be directed towards the definition, design, and test of the proposed anomaly detection system and the activities to be carried out are organized in Work Packages (WP) and Tasks (T). The achievement of intermediate objectives will be monitored through Deliverables (D) and Milestones (MI). More specifically, in ISEEYOO 4 WPs are foreseen:
WP1 Project organization and dissemination (M1-M24)
T1.1 Planning of the research activities, resource allocation, monitoring of the project status and timing (M1-M24)
T1.2 Dissemination of intermediate and final results through publications in international conferences and journals (M1-M24)
WP2 System architecture (M1-M14)
T2.1 State of the art on anomaly detection systems (M1-M6)
T2.2 State of the art on available datasets (M1-M6)
T2.3 Definition of the system requirements (M6-M7)
T2.4 Definition of the 2D representations of data (M7-M8)
T2.5 Definition of the ISEEYOO architecture (M8-M14)
Outputs:
D2.1 Survey on anomaly detection systems and available datasets (M6)
D2.2 System requirements (M7)
MI1 Preliminary ISEEYOO architecture design (M12)
WP3 System implementation (M10 - M18)
T3.1 Dataset selection (M10-M12)
T3.2 Dataset organization (M12-M14)
T3.3 ISEEYOO implementation and optimization (M14-M18)
Outputs:
D3.1 Consolidated ISEEYOO architecture (M18)
WP4 System evaluation (M18 - M24)
T4.1 Selection of the attacks to be tested (M18-M20)
T4.2 Algorithm testing on the available datasets with different types of attack (single type or combined) (M20-M23)
T4.3 Performance analysis (M23-M24)
Outputs:
D4.1 ISEEYOO performance evaluation (M24)
Page updated
Google Sites
Report abuse