Funded By NWO and DHS
Duration: September 2014 until September 2018
Contact: Sandro Etalle
It is well-known that network-based targeted attacks (like StuxNet) form a persistent threat to our critical infrastructure and that present security solutions (even state-of-the-art ones) are only partly suitable for detecting and providing an adequate response to them. This is because standard (signature-based) detection systems are not suitable to detect targeted attacks, and even the most advanced anomaly-based systems, are only partly able to support an adequate response. In fact, one of the main shortcomings of anomaly-based systems is that they are often imprecise and they cannot provide insight in the possible nature of the anomaly they detect, leaving the Security Officer with the burden of discovering, each time an alert is raised, what is happening and how to respond to it. This project aims at delivering a major leap forward in the detection of and response to targeted, network-based attacks on Industrial Control and SCADA systems. We intend to achieve this by bridging the bottom-up learning-based approach developed at the University of Twente, with the top-down, specification-based approach developed at the University of Illinois. As we will explain, these two approaches are radically different while sharing a common viewpoint, which makes them compatible.