Safeguarding the Future: Detecting attacks in real time on Critical Systems

“Detecting ‘normal looking’ behaviour as malicious in real time while maintaining network performance is a monumental challenge.”

d-risq - modelworks image

By detecting precursors to cyber-attacks, the project empowers operators to not only identify ongoing attacks but also predict their potential next steps. This proactive stance provides critical reaction time, especially when subsequent malicious actions are suspected. Employing formal methods for proof ensures that the software consistently identifies malevolent behaviour, distinguishing it from statistical anomalies or false positives. However, determining the specific attack plan in motion necessitates parallel exploration of possible scenarios. While cloud-based elastic computing may not be feasible for embedded real-time systems, alternative strategies are sought to fulfil this requirement.

The project capitalizes on Field Programmable Gate Arrays (FPGAs) to achieve the requisite computing concurrency. This involves translating verified models into FPGA-configurable silicon. The use of the functional language 'Haskell' serves as a bridge between formal models and VHDL, which is loaded onto FPGAs using Commercial Off-The-Shelf(COTS) tools. The Haskell description preserves essential parallelism while facilitating proof considerations. The automatic translation process from formal models to VHDL eliminates the need for specialized skills. After verifying desired model properties, the FPGA's alignment with these properties is confirmed through meticulous testing and comparison.

Though still in development, the project holds immense promise, with scalability issues in the crosshairs. Once resolved, democratizing the technique for non-experts becomes the next frontier. Automation streamlines the translation from formal descriptions to VHDL, and while user interfaces may require refinement, a comprehensive formal description of the MITRE ATT&CK Framework for ICS is now available for wider use. Successful demonstrations will pave the way for designing effective detection notification methods for operators. Additionally, avenues for countering attacks while safeguarding assets will be explored.

The collaboration between this project and DSTL has set the stage for a positive shift in real-time cyber-attack detection for Industrial Control Systems and analogous platforms. By melding Swarm Based Network Defence and In Silico AI, this initiative rises to the challenge of combating deceptive cyber threats head-on. Through innovative methodologies rooted in mathematics, formalization, FPG Autilization, and expert collaboration, the project holds the promise of revolutionizing the landscape of cybersecurity.

Need help with control system software? Contact us today to find out more

Get in touch
D-Risq - Logo