NICS LAB OBTAINS THE ERCIM STM PhD AWARD 2023
One of the PhD thesis produced at NICS Lab, more precisely by the student Juan E. Rubio, that had been already recognized in Spain with the best doctoral thesis Award by RENIC, also has received another award at international level, the well-recognized ERCIM STM (Security and Trust Management) PhD Award.
The thesis, entitled “Analysis and Design of Security Mechanisms in the Context of Advanced Persistent Threats Against Critical Infrastructures”, and supervised by Cristina Alcaraz and Javier Lopez, addresses the design of a consensus-based framework for detection and traceability of Advanced Persistent Threats (APTs) in Industry 4.0 environments and applications. It aims to bridge the gap between classical intrusion detection systems and the requirements imposed by APTs in Critical Infrastructures, taking a first step in this area for a practical solution that understands the shortcomings of the main works in the literature.
The premise has been to combine mechanisms capable of monitoring all devices and processes that are interconnected within an organization, retrieving data on the production chain at all levels (alarms, network logs, raw traffic, etc.) and correlating events in a distributed manner to trace the stages of one of these attacks throughout its entire life cycle. These measures provide the ability to holistically detect and anticipate APTs in a timely and autonomous manner to prevent the spread of the attack and minimize its impact.
To address these cybersecurity objectives, the framework extracts the most important advances from state-of-the-art techniques in Industry 4.0, based on advanced correlation algorithms that analyze an industrial network in a distributed manner, leveraging data mining and machine learning mechanisms. Taken together, the resulting framework serves as a guide for the future design and development of advanced sensing systems that meet a set of security and detection requirements aligned with the technological advances experienced in these environments.
Summarizing, the thesis covers the following points:
- Coverage of all possible interactions and elements of Industry 4.0, to cope with the evolving nature of these infrastructures.
- Intelligence to consider the existence of new attack vectors and incorporate more advanced detection techniques, based on real-time behavioral analysis.
- Symbiosis with other protection mechanisms, such as prevention systems and authorization policies, but also with other leading Industry 4.0 services, such as “digital twins”.
As a result, this research is of particular interest to raise awareness of the security issues surrounding the critical infrastructures that control our society, highlighting the accuracy and effectiveness of these solutions for decision-making, risk prevention and, ultimately, reducing the impact (and therefore costs) caused by APTs.