SynERGY: Cross-correlation of operational and contextual data to timely detect and mitigate attacks to cyber-physical systems. (October 2020)
- Record Type:
- Journal Article
- Title:
- SynERGY: Cross-correlation of operational and contextual data to timely detect and mitigate attacks to cyber-physical systems. (October 2020)
- Main Title:
- SynERGY: Cross-correlation of operational and contextual data to timely detect and mitigate attacks to cyber-physical systems
- Authors:
- Skopik, Florian
Landauer, Max
Wurzenberger, Markus
Vormayr, Gernot
Milosevic, Jelena
Fabini, Joachim
Prüggler, Wolfgang
Kruschitz, Oskar
Widmann, Benjamin
Truckenthanner, Kevin
Rass, Stefan
Simmer, Michael
Zauner, Christoph - Abstract:
- Abstract: The degree of sophistication of modern cyber-attacks has increased in recent years, and in the future these attacks will more and more target cyber-physical systems (CPS). Unfortunately, today's security solutions that are used for enterprise information technology (IT) infrastructures are not sufficient to protect CPS, which have largely different properties, involve heterogeneous technologies, and have an architecture that is tailored to specific physical processes. The objective of the synERGY project was to develop new methods, tools and processes for cross-layer anomaly detection (AD) to enable the early discovery of both cyber- and physical-attacks with impact on CPS. To this end, synERGY developed novel machine learning approaches to understand a system's normal behaviour and detect consequences of security issues as deviations from the norm. The solution proposed by synERGY are flexibly adaptable to specific CPS layers, thus improving the detection capabilities. Moreover, synERGY interfaces with various organizational data sources, such as asset databases, configuration management, and risk data to facilitate the semi-automatic interpretation of detected anomalies. The synERGY approach was evaluated in a utility provider's environment. This paper reports on the general architecture and the specific pitfalls that needed to be solved, during the design, implementation and deployment of the synERGY system. We foresee this work to be of benefit for researchersAbstract: The degree of sophistication of modern cyber-attacks has increased in recent years, and in the future these attacks will more and more target cyber-physical systems (CPS). Unfortunately, today's security solutions that are used for enterprise information technology (IT) infrastructures are not sufficient to protect CPS, which have largely different properties, involve heterogeneous technologies, and have an architecture that is tailored to specific physical processes. The objective of the synERGY project was to develop new methods, tools and processes for cross-layer anomaly detection (AD) to enable the early discovery of both cyber- and physical-attacks with impact on CPS. To this end, synERGY developed novel machine learning approaches to understand a system's normal behaviour and detect consequences of security issues as deviations from the norm. The solution proposed by synERGY are flexibly adaptable to specific CPS layers, thus improving the detection capabilities. Moreover, synERGY interfaces with various organizational data sources, such as asset databases, configuration management, and risk data to facilitate the semi-automatic interpretation of detected anomalies. The synERGY approach was evaluated in a utility provider's environment. This paper reports on the general architecture and the specific pitfalls that needed to be solved, during the design, implementation and deployment of the synERGY system. We foresee this work to be of benefit for researchers and practitioners, who design and implement security systems that correlate massive data from computer logs, the network or organizational context sources, to timely detect cyber attacks. … (more)
- Is Part Of:
- Journal of information security and applications. Volume 54(2020)
- Journal:
- Journal of information security and applications
- Issue:
- Volume 54(2020)
- Issue Display:
- Volume 54, Issue 2020 (2020)
- Year:
- 2020
- Volume:
- 54
- Issue:
- 2020
- Issue Sort Value:
- 2020-0054-2020-0000
- Page Start:
- Page End:
- Publication Date:
- 2020-10
- Subjects:
- Cyber security -- Anomaly detection -- Security information correlation -- Log and network data -- Cyber incident handling
Computer security -- Periodicals
Information technology -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/ ↗
- DOI:
- 10.1016/j.jisa.2020.102544 ↗
- Languages:
- English
- ISSNs:
- 2214-2126
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 22441.xml