Pedro Merino Laso
Directeur(s): John Puentes
Encadrant(s): David Brosset

SUJET DE THÈSE
Detection of Malfunctions and Malicious Acts Based on Multi-Sensor Data Quality Models
The first thesis defense took place on December 7, 2017, and Pedro Merino Laso obtained and received the PhD degree from IMT Atlantique.
Cyber-physical systems are now widely used in various domains such as transportation, industry, smart homes, and the Internet of Things. Due to their importance and critical nature, securing these systems has become a major challenge. The naval sector represents a particular case of cyber-physical systems, where an onboard sensor network ensures safe navigation along optimal routes. These constantly evolving systems often integrate external connections that enable remote monitoring and control.
However, cyber-physical systems have traditionally been designed with a strong focus on optimal and high-performance operation, often at the expense of security. As a result, processing speed has been prioritized over security considerations. Currently, conventional threat detection and response systems are not suitable for cyber-physical systems, particularly in naval applications, due to constraints such as real-time response limitations. The objective of this thesis is to define a methodology for detecting anomalies—especially cyberattacks—within sensor data streams by assessing the quality of the data and the resulting information. By detecting such anomalies, we aim to prevent or adjust decisions based on erroneous information, depending on the nature of the issue.
Work Conducted
First Year
The research began with an extensive review of existing work on the various aspects of the topic. The specific characteristics of cyber-physical systems, particularly those embedded in naval vessels (such as SCADA systems), were analyzed in detail. In parallel, the field of anomaly and cyberattack detection was studied to identify weaknesses and explore how data quality could offer a new perspective on this issue. Similarly, a state-of-the-art review on data quality was conducted. The lack of prior research specifically addressing cyber-physical systems guided the subsequent direction of the thesis. This stage concluded with a report summarizing the state of the art.
The identified research avenues were explored in detail, leading to the publication of a first paper. This paper extended the concept of data quality to cyber-physical systems by analyzing their quality dimensions and introducing a methodology for measuring the quality of their data streams.
Second Year
Through various experiments, we demonstrated that anomalies and cyberattacks (considered as induced anomalies) have a measurable impact on data quality. As a result, an anomaly detection method was proposed based on quality measurements. This finding led to the publication of a second paper presenting a technique for detecting and categorizing anomalies in cyber-physical systems.
Both papers were initially rejected due to the lack of a solid case study and real-world experimental data. Consequently, the search for relevant datasets became a key focus of the second year. A radar data simulator provided by Thales was explored, and collaborations with other research organizations were pursued, but they did not yield the desired results. Eventually, the platform used in the inter-military cyber challenge provided a more relevant case study, allowing the papers to be accepted for publication. Additionally, the acquisition of an aerial drone opened new possibilities for addressing this issue.
Third Year
The third year began with the creation of a dataset based on experiments conducted with the platform. This dataset includes 15 log files featuring different types of intrusions on a critical subsystem, which will be shared with other researchers through an upcoming publication. A second application case was developed, involving two aerial drones and the study of eleven risk scenarios. A journal article is currently under submission.
Thesis Defense
The defense jury was composed of the following members:
- Eloi BOSSE (Jury President), Researcher at McMaster
- Joaquin GARCIA-ALFARO (Reviewer), Professor at Télécom SudParis
- Martine COLLARD (Reviewer), Professor at the University of the Antilles
- Michaël HAUSPIE, Associate Professor at the University of Lille
- David BROSSET, Associate Professor at the Naval Academy
- John PUENTES, HDR Associate Professor at IMT Atlantique
- Philippe LEROY (Guest), from Thales Communications Security
- Patrick HEBRARD (Guest), from Naval Group
Since obtaining his PhD, Pedro Merino Laso has joined ENSM in Nantes and continues his research activities in the maritime and cybersecurity fields.
Publications
- Merino Laso, D. Brosset, J. Puentes, Monitoring Approach of Cyber-physical Systems by Quality Measures. 7th European Alliance for Innovation International Conference on Sensor Systems and Software (S-Cube), décembre 2016. 12 pp.
- Merino Laso, D. Brosset, J. Puentes, Analysis of Quality Measurements to Categorize Anomalies in Sensor Systems. IEEE Science and Information Conference (SAI) Londres, juillet 2017. 9 pp.
- Brosset, Y. Kermarrec, P. Merino Laso, B. Costé, C. Cavelier, Cr@ck3n: a cyber alerts visualization object. International Conference on Cyber Situational Awareness, Data Analytics and Assessment 2017 (CyberSA 2017), London, UK
- Yvon Kermarrec, Xavier Boudvin, Gael Héno, David Brosset, Benjamin Costé and Pedro Merino Laso. Generating data sets as inputs of reference for Cyber security issues and industrial control systems (ICS). IEEE Eleventh International Conference on Research Challenges in Information Science, 2017, Brighton, United Kindgom
- Merino Laso, D. Brosset, J. Puentes, Dataset of anomalies and malicious acts on a cyber-physical subsystem. Data in brief. Elsevier Journal.
- Merino Laso, Détection de dysfonctionements et d'actes malveillants basée sur des modèles de qualité de données multi-capteurs , Thèse de doctorat en Informatique.