Benjamin Coste

Contextual Detection of Cyberattacks through Trust Management on Board a Ship

A ship receives information about its environment from multiple sources. These pieces of information, which vary in nature (temperature, geographical position, heading, roll, external conditions, etc.), come from sources that may be interrelated (dependency, geographical proximity, etc.). There are methods to verify the integrity of information or authenticate the source. However, these methods are ineffective when the source itself is malicious. This thesis aims to address the issue of detecting attacks targeting naval information systems through trust in the entities that constitute the system.

This research seeks to use trust metrics for detecting cyberattacks on board ships. Originally, this topic was oriented toward recommendation systems. In web, marketing, and e-commerce domains, recommendation aims to suggest content to users based on their interactions. Although recommendation was not retained as the main approach, it shares several interesting concepts with our detection objective: integrating context into an analysis system, extracting information, and even propagating trust. Some recommendation systems rely on trust networks to propose content relevant to a given user. The concept of trust, whether for recommendation or security purposes, is therefore particularly significant. Upon reviewing the literature, it quickly became evident that trust is a difficult concept to define, as it is highly contextual—its definition depends on the field in which it is studied (economics, social psychology, computer science, etc.).

The second year of the thesis focused on defining and measuring trust in information sources. Several criteria emerge from the literature regarding trust in a source. In particular, in the context of information sources, trust relies on notions of competence and sincerity. We thus defined our trust model based on these two criteria. To evaluate trust in a source, it is necessary to model the source itself. Although the information provided can take different forms (numbers, text, images, sound, video, etc.), our approach is based on sensor-type sources that transmit numerical data. These sources are particularly present in navigation systems, and their vulnerabilities have been demonstrated. Based on attacks found in the literature, we tested and validated our approach through three publications.

During the final year of the thesis, we aimed to evaluate the overall trust in the ship's information system. First, drawing from complex systems theory, we modeled the system as a set of functional blocks. Indeed, sources are not the only components of the system—other elements receive and process the information they generate. These functional blocks, the elementary components of the information system in our model, form more complex entities (e.g., subsystems) until they constitute the overall system.

Based on our modeling of the information system as a complex system, we then developed a trust measure that accounts for the various entities and the relationships between them. We proposed two types of propagation: horizontal and vertical. First, once the trust in the sources is measured, it propagates to other blocks that receive their information. Then, trust propagates vertically from functional blocks to a macroscopic level, where the system is viewed as a single entity. Through successive applications, these two types of propagation allow us to measure trust in the overall system.