Quentin Saint-Christophe
Directeur(s): Abdel-Ouahab Boudraa
Encadrant(s): Christophe Osswald & Cyril Ray
SUJET DE THÈSE
Detection of Malfunctions and Malicious Acts Based on Multi-Source Vulnerable Information Fusion
Abstract
Information fusion enables the combination of multiple sources to generate knowledge or extract more coherent intelligence than would be possible with individual sources alone. These sources include GPS, surveillance cameras, databases, navigation systems, or acquired knowledge. To verify the integrity of information in the context of vulnerable data sources, a key strategy is to identify and discard falsified or altered information. Such compromised data can bias and mislead decision-making in the fusion process. Therefore, identifying and flagging the sources responsible for producing this compromised data helps to prevent future degradation of information quality.
Objective :
The goal of this study is to detect altered information sources to enable the synthesis of exclusively reliable information through fusion. The increasing number of interconnected embedded systems presents a growing threat to the integrity of exchanged information within these networks, which include sensors, databases, and even human observations describing the surrounding environment. The information originating from these sources is often asynchronous, heterogeneous, and vulnerable, with this vulnerability leading to inconsistencies across the multi-source environment. Detecting and classifying the origin and vector of these inconsistencies helps to prevent potential manipulations.
Methodology :
Single-source anomaly detection is often ineffective for real-time processing. In a multi-source information environment, it is assumed that the majority of sources are reliable and provide an accurate description of the environment. By assessing the coherence of the entire dataset, it is possible to detect and isolate sources that contribute to inconsistencies.
To achieve this, a hysteresis thresholding algorithm is developed based on multiple criteria, including:
- Definition of criteria for information sources: These criteria include data attributes such as topology, temporal coherence, source dependencies, and overall consistency. They serve as additional information about the sources.
- Development of a trust propagation function tailored to the context: This function establishes an initial level of trust for each source, which is then dynamically updated based on its reliability over time.
- Formulation of a robust discordance criterion to identify and filter out altered sources.
- Adaptation of a fusion rule for information from verified reliable sources, along with a decision-making method for the fused information.
- Design of a classification algorithm to categorize altered sources into two types:
- Degraded sources: Cases such as sensor degradation due to environmental conditions or other non-malicious factors should be detected and flagged accordingly.
- Maliciously tampered sources: Intentional modifications, such as cyber-attacks, sensor manipulation, or unauthorized intrusions into information systems, represent deliberate falsifications and should be treated as security threats.
Conclusion
The vulnerability of information systems is increasing alongside the growing volume of exchanged information, posing a significant threat to operational environments. The ability of information sources to be compromised is directly linked to the rise in data exchange, making it crucial to extract new contextual information both a priori and in real time. By developing single-source characterization techniques, inter-source discordance metrics, and multi-source decision-making tools, this research ultimately seeks to leverage the increasing flow of data to enhance the integrity of information systems.
