Nicolas Pelissero

Analysis and Evaluation Model of Anomaly Propagation in Maritime Cyber-Physical Systems

Consult Nicolas Pelissero's thesis on HAL.

A particular type of intelligent machines is emerging. Besides robots, these machines are highly efficient in performing specific tasks.

Some representative examples include personal assistants (such as Siri, Google Now, Cortana, and Alexa) and online assistants or chatbots. These intelligent machines are defined by several theoretical properties, such as autonomy, modularity, connectivity, and dynamic knowledge of the environment [1], which are intrinsically necessary to detect and respond to attacks against cyber-physical systems [2]. This thesis proposal has two objectives: 1) to build an intelligent machine based on graphs, prior knowledge, and the quality of data and information; 2) to use this intelligent machine to detect anomalies and attacks, in order to suggest appropriate responses based on their characteristics.

Problem Statement

Multiple strategies seek to protect cyber-physical systems against attacks [3-6], including identifying vulnerable elements, implementing protective devices, using antivirus and firewalls at multiple levels, conducting security audits and periodic updates, as well as applying detection and response mechanisms. The latter strategy is the focus of this thesis. The main challenge is to identify potential threats in advance, providing diagnostic scenarios, potential propagation analysis, and response strategies to assist operators in their decision-making.

The goal is to define, develop, and evaluate an intelligent machine capable of dynamically analyzing its operating context and leveraging prior knowledge to identify threats, assess the risks of potential propagation, and determine an appropriate response. This behavior will be guided by monitoring data flows from multiple sensors within the cyber-physical system [7]. The research will focus primarily on constructing and enriching knowledge models, learning algorithms, data quality analysis [8], and information sharing between processing modules, which are essential for designing and validating the proposed intelligent machine.

Research Question

The overall objective of the thesis is to define a robust and efficient architecture for an intelligent machine capable of countering cyberattacks on naval cyber-physical systems. The research will address the following question: Based on variable sensor data streams from the naval cyber-physical system, how can an optimized intelligent machine be built, incorporating pre-configured components?

The research aims to develop an autonomous and context-aware detection system capable of suggesting appropriate responses. Instead of relying on a single approach, we propose leveraging the conceptual richness of intelligent machines. This includes integrating knowledge-based and machine learning models, enriched by dynamic factors such as contextual perception, continuous data quality assessment, and dependency, observation, and propagation graphs.

The intelligent machine must explicitly define the operational modalities of its various processing modules and the overall system. The comprehensible description of recommended actions will rely on individual and grouped process traceability, as well as the data processed. This will allow for monitoring the impact of modeling parameters and facilitate the interpretation of the algorithms. Consequently, the intelligent machine's architecture will incorporate an algorithm traceability mechanism, including identifying key processing steps and results, describing causal relationships, verifying their relevance, semantics, and associated reasoning.

The research problems addressed in this thesis are as follows:

Characterization and learning of normal operation, acceptable variations, and anomalies based on different contexts.

Characterization and learning of contextual perception.

Development and updating mechanisms for knowledge bases.

Design of dependency graphs structured at different levels of the cyber-physical system, covering observation, data quality assessment, and contextual perception.

Analysis of algorithm traceability and machine learning approaches to prevent data loss depending on the type of threat.

Structuring the intelligent machine to detect and respond to cyberattacks.

The main challenge of this thesis is to design the intelligent machine by combining methodologies and tools that may initially seem unrelated but offer complementary benefits. In this perspective, we propose to examine six scientific challenges:

Understanding the behavior and importance of each parameter within the protected naval cyber-physical system. This involves identifying significant and essential patterns for monitoring normal and abnormal system behavior over time.

Determining how to identify and track contextual dynamics and their impact on the machine's processing and actions. This will be addressed through knowledge bases, activity logs, and machine learning models.

Defining the type of knowledge required to describe system components, their various states, transitions, and cycles, as well as critical relationships between components in case of anomalies and attacks. A flexible and comprehensive knowledge representation model will be used, compatible with contextual understanding, information extraction, and dependency graphs.

Designing and developing a multi-level dependency graph model to monitor the dynamic behavior of cyber-physical system data flows.

This model will be supported by system knowledge bases, as well as parameter analysis and contextual evolution results.

Establishing links between algorithm traceability, contextual analysis, types of threats, potential consequences, and data loss prevention mechanisms to differentiate cyberattacks based on their origin—internal vs. external—and identify both abnormal behavior from an authorized internal user and an external attacker.

Defining and developing a relevant model for the autonomous and modular intelligent machine, incorporating new algorithms for exploiting multi-level dependency graphs and knowledge bases. The application modes will be thoroughly tested. This final phase will examine how the intelligent machine regulates its functioning based on the cyber-physical system's behavior, identifying anomalies, threats, and cyberattacks.

Références bibliographiques

[1] J. Kelly III, S. Hamm. Smart Machines: IBM’s Watson and the Era of Cognitive Computing, Columbia University Press, 2013, 160 pp.

[2] G. Loukas. Cyber-Physical Attacks: A Growing Invisible Threat, Butterworth-Heinemann, 2015, 270 pp.

[3] F. Pasqualetti, F. Dörfler, F. Bullo, Attack detection and identification in cyber-physical systems, IEEE Transactions on Automatic Control, 58(11), 2013, pp. 2715-2729.

[4] H. Fawzi, P. Tabuada, S. Diggavi, Secure estimation and control for cyber-physical systems under adversarial attacks, IEEE Transactions on Automatic Control, 59(6), 2014, pp. 1454-1467.

[5] B. Genge, I. Kiss, P. Haller, A system dynamics approach for assessing the impact of cyber-attacks on critical infrastructures, International Journal of Critical Infrastructure Protection, 10, 2015, pp. 3–17.

[6] R. Mitchell, I-R. Chen, Modeling and analysis of attacks and counter defense mechanisms for cyber-physical systems, IEEE Transactions on Reliability, 65(1), 2016, pp. 350-358.

[7] P. Merino Laso, D. Brosset, J. Puentes. Monitoring Approach of Cyber-physical Systems by Quality Measures, Proc. 7th International Conference on Sensor Systems and Software (S-Cube), European Alliance for Innovation, Nice, France, December 1-2, 2016,

[8] P. Merino Laso, D. Brosset, J. Puentes, Analysis of Quality Measurements to Categorize Anomalies in Sensor Systems, Proc. IEEE Computing – Science and Information Conference, London, England, July 18-20, 2017.