Machine Learning based Anomaly Detection for Cybersecurity Monitoring of Critical Infrastructures
Authors
Publication date
8 February 2022
Publisher
Università degli studi di Genova
Doi
Abstract
openManaging critical infrastructures requires to increasingly rely on Information and Communi-
cation Technologies. The last past years showed an incredible increase in the sophistication
of attacks. For this reason, it is necessary to develop new algorithms for monitoring these
infrastructures. In this scenario, Machine Learning can represent a very useful ally. After a
brief introduction on the issue of cybersecurity in Industrial Control Systems and an overview
of the state of the art regarding Machine Learning based cybersecurity monitoring, the
present work proposes three approaches that target different layers of the control network
architecture. The first one focuses on covert channels based on the DNS protocol, which can
be used to establish a command and control channel, allowing attackers to send malicious
commands. The second one focuses on the field layer of electrical power systems, proposing
a physics-based anomaly detection algorithm for Distributed Energy Resources. The third
one proposed a first attempt to integrate physical and cyber security systems, in order to face
complex threats. All these three approaches are supported by promising results, which gives
hope to practical applications in the next future.openXXXIV CICLO - SCIENZE E TECNOLOGIE PER L'INGEGNERIA ELETTRONICA E DELLE TELECOMUNICAZIONI - Elettromagnetismo, elettronica, telecomunicazioniGaggero, GIOVANNI BATTIST