Generate & Learn & Detect – Detection by AI of falsification of business data with generation of tests on attack patterns

Summary of the GeLeaD project proposal: Defense control systems (type C2, C4ISR)1 and civil (type SCADA, Robotics 4.0, IoT, connected vehicle,...) are exposed to cyber attacks by falsification of business data. These attacks, commonly known as FDIA - False Data Injection Attacks - are difficult to detect because they alter the semantics of the data while preserving their syntactic correction and logical coherence. The underlying motivation is to mislead the control system / human controller through subtle and intelligent falsification (modification or addition) of data at the semantic level. The GeLeaD project aims at improving the detection of FDIA attacks by IA components driven by automatic generation of tests from attack patterns. The use of Machine Learning for the detection of security anomalies, malware analysis and pattern and signature recognition, is an extremely active topic both in research and in the cybersecurity industry. Supervised and unsupervised approaches to analysis are used to extract weak signals (a rare or deviant element concerning behavioural patterns) and to demonstrate correlation on cyberattack patterns. These techniques are currently being developed on low-level traces, and do not concern the semantics of business data because of the specific nature of FDIA attacks in each domain. For example, an FDIA attack on a Smart Grid (SCADA energy) may involve a fine-tuning of data from production nodes, while an attack on a defence air traffic control system may involve falsification of runway data in controlled airspace. Another important constraint is the availability of falsified, representative data to train the Machine Learning component. The GeLeaD project addresses 3 research questions in this field: To what extent is it possible to train a Machine Learning component for detection of FDIA attacks in a given domain using automatic test generation techniques based on attack patterns applied to control systems? - Will this training limit the class of attacks detected? - What are the errors produced by the approach in terms of false positive and false negative rates? The GeLeaD project relies on a strong know-how of partners in automatic generation of cybersecurity tests based on models and Machine Learning. Their combination is an innovative approach for real time detection of falsifications of business data on control systems. The GeLeaD project will develop a TRL4 level demonstrator that will be tested in two business areas:

  • civil and military air traffic control on ADS-B protocols,
  • an IoT system of noise and pollution sensors.