Buildings and factories are currently monitored by networks (network control systems). However, these networks are also our enemy at times. Everything that is protected by smart digital environments can be hacked. Cyber attacks are the consequence.
“And they can be disastrous,” says Marco Caselli from the University of Twente (UT), “just think about a failure in a nuclear power station for example.” Caselli defended his PhD cum laude on this subject and he shows a new approach to network control systems based on the integration of knowledge and a filtering technique to distinguish between malicious activity and false alarm.
Network control systems consist of, among other things, industrial control systems and automation systems. Infrastructures that currently play an important role in our daily lives. For example, these systems manage our energy and water supply as well as smart environments, including The Internet of Things and suchlike. Now that most of the protection is often integrated with the Internet we are affected by threats. So-called black-hat hackers (such as Anonymous) can gain remote access to network systems; they can then take over infrastructures and possibly put human lives at risk.
Targeted cyber attacks
“This is why our infrastructure must be protected against possible cyber attacks and especially against the highly targeted attacks, such as Stuxnet, a type of malicious worm in a computer program. Many present-day security solutions are still not well-equipped to transfer accurate information to operators and are unable to identify dangerous situations quickly and beyond all doubt.”
Doctoral thesis
In his thesis Caselli describes effective security solutions for network control systems. “With Network Intrusion Detection (a filter technique to distinguish between malicious activities and false alarm) you can passively monitor and evaluate the infrastructure. At the same time we gain knowledge about the monitored infrastructure and the detection process. In this way, you learn how to improve the feedback provided to the operators about the systems.”
Knowledge about monitored systems
Caselli presents a new approach to the protection of network control systems based on the integration between the knowledge-gathering techniques regarding the systems and Network Intrusion Detection. “Our work starts with the identification and evaluation of valuable information sources in order to gain knowledge about the systems monitored. We then show how this knowledge contributes to the improvement of Network Intrusion Detection. In addition, we use a specific type of Network Intrusion Detection to strengthen the link between system knowledge and network security. We achieve this by automating the development of Network Intrusion Detection so that data is collected autonomously. From the network control system we try, after analysis, to describe infrastructure expected behaviour and guess hacker’s intentions.”
