Cyber-security platform for the transparent cyber-attack detection in energy supply infrastructures
Conference: ETG Kongress 2023 - ETG-Fachtagung
05/25/2023 - 05/26/2023 at Kassel, Germany
Proceedings: ETG-Fb. 170: ETG Kongress 2023
Pages: 7Language: englishTyp: PDF
Authors:
Kummerow, Andre; Nicolai, Steffen (Fraunhofer IOSB, IOSB-AST, Ilmenau, Germany)
Henneke, Matthias; Krackruegge, Simon (eoda GmbH, Kassel, Germany)
Bachmann, Paul; Laessig, Joerg (Hochschule Zittau-Görlitz, Germany)
Abstract:
The increasing IT/OT convergence as well as new legal requirements (e.g. “IT-Sicherheitsgesetz 2.0”) in energy supply systems introduces new challenges for a secure integration of new computation and communication technologies. Especially cyber-attacks arise as constantly emerging threat and can cause serious impact on energy supply infrastructures (e.g. BlackEnergy). Network based intrusion detection systems (NIDS) and artificial intelligence (AI) as a promising approach still shows insufficient reliability (e.g. high false alarm rate) for new anomalies or attack patterns and lack trustfulness on their model decisions. This prevents a widespread use of AI-based NIDS solutions in industry as well as the integration into corresponding IT systems. Representative training and test datasets with realistic examples of network anomalies and attacks are particularly lacking for energy supply infrastructures, making it difficult to develop energy-specific intrusion detection methods. This paper presents a simulation platform for the development of transparent AI-based intrusion detection algorithms especially designed for energy supply infrastructures. An agent-based network traffic simulator creates benign, abnormal and vicious network traces for different user behaviors and network services. An integrated multi-stage modelling approach adds realistic anomaly and attack patterns to the simulated network traffic, which are explicitly designed for energy supply infrastructures. This enables the development of transparent AI based anomaly and attack detection algorithms, which are coupled with an expert interface to understand and recalibrate the model decisions. An additional virtual firewall within the network simulation system processes AI model decisions to investigate intrusion prevention capabilities.