University of Luxembourg SnT
Available

Testing and Improving the Deployability of Process-aware Intrusion Detection for OT Networks

IoT Security Master Thesis Kirchberg Campus

Overview

Process-aware Intrusion Detection is a relatively new research domain that aims to detect cyberattacks mostly during the final stages of the MITRE ATT&CK Matrix, such as False Data Injection (FDI) attacks. To detect such attacks, process-aware Intrusion Detection Systems (IDSs) analyze the time series data of sensor readings and control commands to detect any unexpected behavior.

While these systems produce exceptional results in small testbeds, their deployment into real-world systems remains challenging. Long training times, even for a small set of sensor readings, leave uncertainty about the performance of these systems in the real world. Therefore, in this thesis, we want to optimize a promising candidate IDS, namely GeCo, and ready it for real-world deployments as well as analyze its applicability to new previously unexplored domains (e.g., railway systems).

Requirements

  • Strong coding background, e.g., in Python
  • Knowledge of networking protocols and willingness to learn about OT specific protocols such as ModbusTCP or S7
  • Background in cybersecurity is a plus

Expected Outcomes

  • A more scalable version of the GeCo process-aware intrusion detection system
  • Insights into the deployability of GeCo in new domains
  • Potential for publication in leading cybersecurity conferences

References

  1. Wolsing, K., Wagner, E., Lux, L., Wehrle, K., and Henze, M. GeCos Replacing Experts: Generalizable and Comprehensible Industrial Intrusion Detection. In USENIX Security’25.
  2. Wolsing, K., Wagner, E., Saillard, A., and Henze, M. IPAL: breaking up silos of protocol-dependent and domain-specific industrial intrusion detection systems. In _R_AID’22.
  3. Urbina, D.I., Giraldo, J.A., Cardenas, A.A., Tippenhauer, N.O., Valente, J., Faisal, M., Ruths, J., Candell, R., and Sandberg, H. Limiting the impact of stealthy attacks on industrial control systems. In CCS’16.
  4. Feng, C., Palleti, V.R., Mathur, A., and Chana, D. A Systematic Framework to Generate Invariants for Anomaly Detection in Industrial Control Systems. In NDSS’19.

Note: You may be subject to a coding challenge during the application process

Interested in this project?

Contact the supervisor directly via email to discuss this opportunity.

Apply Now