The recent advances in Internet-of-Things, Machine Learning, Big Data analytics, Cloud and Fog computing are enablers for the Smart Industry transformation (or Industry 4.0). The factory is becoming smart integrating data, applications, computing platforms and physical components. Smart factories improve the flexibility of the production and the quality of the final products in a sustainable way, but at the same time are prone to cyber risks more than traditional factories.
This project, hereafter SmartDefence, aims to develop models, algorithms and mechanisms to enhance smart factories with self-protection capabilities. A system with self-protection features is capable to automatically detect cyber-attacks and autonomously plan response strategies, without human intervention. Self-protection capabilities are extremely important for complex and large-scale system where is impractical a human assisted detection and response to cyber-attacks.
SmartDefense will develop:
- new protocols and mechanisms for the detection of cyber-attacks to Industrial Internet-of-Things applications
- new algorithms and mechanisms for the detection and response of attacks to industrial control applications
- innovative Machine Learning based models and algorithm to plan defense strategies in a smart factory
- a prototype implementation of the "SmartDefense Self-protection Manager" that integrates the above-mentioned protocols, mechanisms, models and algorithms.
SmartDefence is framed in the national and international initiative on Smart Industry. Specifically the national Cyber4.0 a Highly Specialized Competence Center Dedicated to Cyber-Security lead by Sapienza (DD MISE 29.01.2018) and more in general the EC strategy on Digital Single Market - Smart Industry.
Moreover, SmartDefense foreseen the collaboration with the Department of Engineering and Computer Science at Mississippi State University, USA.
SmartDefense contributes to enhance the state-of-the-art techniques to reduce cyber risks in the Smart Industry, like: safety of worker, customers and citizens; and financial loss due to industrial espionage, disruptions of services, impairment of products quality, damage of the reputation. Specifically, SmartDefense proposes:
1) Innovative algorithms and mechanisms for detecting cyber-attacks to IIoT applications and industrial control applications
2) New models and algorithms to learn attack-response behavior and to automatically plan response or mitigation actions
3) An implementation of the SmartDefense Self-protection Manager that integrates the proposed intrusion detection mechanisms and the learning and planning algorithms to demonstrate how the solution could enhance the security of a smart factory.
The state of the art will be enhanced as what follow. (Citations refer to the BIBLIOGRAPHY in the previous section)
INTRUSION DETECTION IN IIOT AND CONTROL APPLICATIONS
As mentioned in the State-of-the-Art section, interoperable IoT devices are used in IIoT applications and a technique to protect them in remote attestation. Some recent run-time remote attestation schemes [29, 30, 31] have been proposed but they perform attestation only on single devices. Additional research works [32, 33, 34] run attestation over a large number of devices but do not consider the interoperability.
SmartDefense will enhance the state-of-the-art focusing on interoperable IoT devices and applications by showing that due to the communication data exchanged between application components, a compromised one can affect the integrity of the other legitimate invoked application components that interact with the compromised component. In particular, a compromised component may maliciously deviate the control-flow of the legitimate invoked component towards a valid but non-authorized state. To this end, SmartDefense aims to check the integrity of IIoT applications by proposing a RA protocol to detects the control-flow deviation of legitimate application components, which is affected by an adversary who has not directly compromised this component but has compromised another component that interacts with the former.
As mentioned in the previous section (milestone M4), attacks to industrial control applications aims to modify the behavior of the control algorithm in two ways, modifying the control application or feeding it with modified system state values. The first type of attacks can be detected using RA-based approaches. The second type of attacks, till now have been detected mixing Secure State Estimation [11,12,14] and ML techniques [21, 23, 25, 26].
SmartDefense will enhance the state-of-the-art by proposing: a new asynchronous modular verification mechanism based on control state replication and verification; and a prevention and mitigation mechanism based on control application and control state rejuvenation. The detection and mitigation mechanism proposed does not require complex computation and are designed to be executed on resource limited devices.
SELF-PROTECTION
As before mentioned in the state-of-the-art section, self-protection systems are classified according to their level of automation, ranging from simple static attack-response mappings (e.g., [5], [6]) to more sophisticated solutions which require an accurate model of the system to produce a defense policy (e.g., [7], [9]). However, the use of a stateful model-based planning technique for large scale systems has two drawbacks: is time prohibitive and is impractical to build the system model.
SmartDefense will enhance the state-of-the-art studying and developing a Deep Learning based algorithm to detect attacks and to plan response or mitigation actions. As before mentioned this is an unsupervised (or semi-supervised) ML approach that has two advantages: firstly, labeled data are not required; secondly, it is capable to detect un-known attacks and plan new (un-known) sequence of defense actions (i.e. defense strategies). Moreover, Deep learning algorithms converge with less learning episodes than supervised learning approach, that will require less computational capacity. The solution proposed then could be deployed on resource limited devices.