Scroll Top

Cyber DefenSe 

The concept of cyber defense is understood as the system’s ability to predict, detect and respond to possible attacks in (near) real time. These attacks are usually evidenced in corporate networks whose resources and infrastructures are considered critical by nature and whose services are essential for society. This level of criticality implies not only those aspects related to situational awareness to provide a clear explanation of what is happening at any given moment [1], but also all those preventive and corrective actions that guarantee resilience. Therefore, maintaining business continuity and creating attack-resistant environments is the main mission of cyber defense.

In this sense, NICS Lab participates in different ways, either through its involvement in national and international R&D projects, doctoral theses, and scientific publications. Among the projects, we highlight SYNAPSE and AIAS, which are distinguished by their full dedication to addressing the core problem of cyber defense, where it is essential to protect critical systems against dangerous and stealthy attacks, including adversarial attacks and Advanced Persistent Threats (APTs). As for SYNAPSE, there is an unstoppable search for intelligent tools that covers cyber threat intelligence, prediction, detection and response, but also preparedness from the training to avoid (or mitigate) navigations among energy and health resources [2]. Here, NICS Lab plays a relevant role, especially by providing an attack prediction module together with a recommendation system. In AIAS, NICS Lab, on the contrary, concentrates its experience on deception. Through innovative deception strategies combined with digital twins, virtual personas and high-interaction honeypots, it is possible to find ways to attract, learn and enhance artificial intelligence-based systems, including the respective defense systems, embedded in SMEs.

Research lines

Situational awareness also extends to OPTIMA-DOMES by applying new technologies for detection and retraining, but also to SEGRES and SADCIP where the objective is to detect and trace APT-type threats in time. It should be noted that in SEGRES, NICS Lab has developed a response mechanism capable of intensifying the defense according to the level of aggressiveness of the attacker, and effectively maintaining the resilience of the system against them. The solutions proposed in SEGRES and SADCIP are based not only on Machine-Learning models but also on consensus-based models to delimit the level of threat in terms of geography, time and criticality [3]. In this regard, NICS Lab has demonstrated that Opinion Dynamics is the most suitable consensus technique for live attack traceability, proving it through practical experiments and comparative analysis. Among the analyses, we highlight those comparatives based on clustering [4], weighted-average and mode [3]. The latter work was explicitly modeled for charging stations controlled by a collaborative detection system [3], but we have also showed its applicability for general-purpose cyber-physical systems [5], IIoT-based systems [3] and their respective communications [6].

As indicated above, traceability approaches are primarily based on anomaly detection strategies. This condition means that NICS Lab has been able to develop the capability, and points out that detection is a process that itself requires a special dedication to adapt the approach to each application context, its devices and its data [3]. Any selection may involve the need to look at the degree of retraining and accuracy, the types of threats and their classification [7], but also the technologies involved for cyber defense, which can help to enhance the experience and results obtained, such as multi-agent systems [8] and digital twins [9]. Agents can enable intelligent distribution of defense mechanisms, while simulation could complement the detection process by monitoring the functional operations of the observed systems [9]. Both technologies have been integrated as part of the goals of Smart and Secure EV Urban Lab II and  SADECEI-4.0, respectively; but there is other related work in which NICS Lab has also been especially involved. In SADCIP, the research team has explored the state of the art on traditional intrusion detection systems to discern the possible needs from an academic and industrial perspective [9], as well as expected detection trends in industrial control systems in view of new industrial paradigms [3]; a set of detection requirements and metrics were identified to enhance defense [10].

To close the cyber defense lifecycle, it is also essential to provide resilience, both from a preventive and corrective perspective [11]. This also means that resilience helps to add robustness against attacks and ensures survivability and dependability against possible exploits [12]. Several resilience techniques have been identified, such as activation of adaptive techniques, deception, segmentation and redundant systems [13]. However, finding an approach capable of combining selective solutions that guarantee absolute stability at optimal times is not a trivial task. Through CAIN, NICS Lab has proposed several approaches, both preventives based on the prediction of anomalous states [14] and correctives based on reconfiguration [15] and recovery of control states [16]. The latter mainly focuses on link reconnection, either between nearby or strategic controllers [14] or considering additional cloud/edge-based infrastructures [17] and checkpoints [18]. The effectiveness of reconnection can also be combined with access control strategies to prevent major overloads while the system ensures immediate reconnection of control [19].

References

  1. Cristina Alcaraz (2021): Situational Awareness for CPS. In: Encyclopedia of Cryptography, Security and Privacy, pp. 1–3, Springer Berlin Heidelberg, Berlin, Heidelberg, 2021, ISBN: 978-3-642-27739-9.
  2. Panagiotis Bountakas, Konstantinos Fysarakis, Thomas Kyriakakis, Panagiotis Karafotis, Sotiropoulos Aristeidis, Maria Tasouli, Cristina Alcaraz, George Alexandris, Vassiliki Andronikou, Tzortzia Koutsouri, Romarick Yatagha, George Spanoudakis, Sotiris Ioannidis, Fabio Martinelli, Oleg Illiashenko (2024): SYNAPSE – An Integrated Cyber Security Risk & Resilience Management Platform, With Holistic Situational Awareness, Incident Response & Preparedness Capabilities. 4th International Workshop on Advances on Privacy Preserving Technologies and Solutions(IWAPS) , Forthcoming.
  3. (): . .
  4. Juan E. Rubio and Rodrigo Roman and Cristina Alcaraz and Yan Zhang (2018): Tracking Advanced Persistent Threats in Critical Infrastructures through Opinion Dynamics. In: European Symposium on Research in Computer Security (ESORICS 2018), pp. 555-574, Springer Springer, Barcelona, Spain, 2018.
  5. Alberto Garcia and Cristina Alcaraz and Javier Lopez (2023): MAS para la convergencia de opiniones y detección de anomalías en sistemas ciberfísicos distribuidos. In: VIII Jornadas Nacionales de Investigación en Ciberseguridad (JNIC), Vigo, 2023.
  6. Juan E. Rubio and Mark Manulis and Cristina Alcaraz and Javier Lopez (2019): Enhancing Security and Dependability of Industrial Networks with Opinion Dynamics. In: European Symposium on Research in Computer Security (ESORICS2019), pp. 263-280, 2019.
  7. Juan E. Rubio and Rodrigo Roman and Javier Lopez (2018): Analysis of cybersecurity threats in Industry 4.0: the case of intrusion detection. In: The 12th International Conference on Critical Information Infrastructures Security, pp. 119-130, Springer Springer, 2018.
  8. Cristina Alcaraz and Alberto Garcia and Javier Lopez (2022): Implicaciones de seguridad en MAS Desplegados en Infraestructuras de Carga basadas en OCPP. In: VII Jornadas Nacionales en Investigación en Ciberseguridad (JNIC 2022), pp. 172-179, 2022, ISBN: 978-84-88734-13-6.
  9. Cristina Alcaraz and Javier Lopez (2024): Digital Twin-assisted anomaly detection for industrial scenarios. In: International Journal of Critical Infrastructure Protection, vol. 47, pp. 100721, 2024, ISSN: 1874-5482.
  10. Lorena Cazorla and Cristina Alcaraz and Javier Lopez (2015): A Three-Stage Analysis of IDS for Critical Infrastructures. In: Computers & Security, vol. 55, no. November, pp. 235-250, 2015, ISSN: 0167-4048.
  11. Lorena Cazorla and Cristina Alcaraz and Javier Lopez (2015): Awareness and Reaction Strategies for Critical Infrastructure Protection. In: Computers and Electrical Engineering, vol. 47, pp. 299-317, 2015, ISSN: 0045-7906.
  12. Francesco Flammini and Cristina Alcaraz and Emanuele Bellini and Stefano Marrone and Javier Lopez and Andrea Bondavalli (2022): Towards Trustworthy Autonomous Systems: Taxonomies and Future Perspectives. In: IEEE Transactions on Emerging Topics in Computing, 2022, ISSN: 2168-6750.
  13. Andrew D. Syrmakesis and Cristina Alcaraz and Nikos D. Hatziargyriou (2022): Classifying resilience approaches for protecting smart grids against cyber threats. In: International Journal of Information Security, vol. 21, pp. 1189–1210, 2022, ISSN: 1615-5262.
  14. Cristina Alcaraz and Javier Lopez (2016): Safeguarding Structural Controllability in Cyber-Physical Control Systems. In: The 21st European Symposium on Research in Computer Security (ESORICS 2016), pp. 471-489, Springer Springer, Crete, Greece, 2016, ISBN: 978-3-319-45741-3.
  15. Andrew D. Syrmakesis and Cristina Alcaraz and Nikos D. Hatziargyriou (2024): DAR-LFC: A data-driven attack recovery mechanism for Load Frequency Control. In: International Journal of Critical Infrastructure Protection, vol. 45, iss. 100678, pp. 100678, 2024, ISSN: 1874-5482.
  16. Javier Lopez and Juan E. Rubio and Cristina Alcaraz (2018): A Resilient Architecture for the Smart Grid. In: IEEE Transactions on Industrial Informatics, vol. 14, pp. 3745-3753, 2018, ISSN: 1551-3203.
  17. Cristina Alcaraz (2018): Cloud-Assisted Dynamic Resilience for Cyber-Physical Control Systems. In: IEEE Wireless Communications, vol. 25, no. 1, pp. 76-82, 2018, ISSN: 1536-1284.
  18. Cristina Alcaraz and Javier Lopez (2018): A Cyber-Physical Systems-Based Checkpoint Model for Structural Controllability. In: IEEE Systems Journal, vol. 12, pp. 3543-3554, 2018, ISSN: 1932-8184.
  19. Cristina Alcaraz and Javier Lopez and Kim-Kwang Raymond Choo (2017): Resilient Interconnection in Cyber-Physical Control Systems. In: Computers & Security, vol. 71, pp. 2-14, 2017, ISSN: 0167-4048.