Research projects

An overview of the research projects of the Cybersecurity Learning Lab for Energy and Water Supply.

AICAS

Project AICAS - Innovative Testbed for Testing a New Generation of IT/OT Security Systems

© Fraunhofer IOSB-AST

In the project AICAS (FKZ 16KIS1064), which runs from November 2019 to September 2021 and is funded by the BMBF, the topic of AI-assisted detection of security incidents was addressed.

 

Under the funding guideline "German-Israeli Cooperation in the Research Fields of Civil Security and IT Security", two leading industrial partners in this field, Rhebo GmbH from Leipzig and Radiflow Ltd from Tel Aviv, were involved in addition to Fraunhofer IOSB and Fraunhofer IOSB-AST. The aim of the project was to test the use of AI for intrusion detection systems (IDS) and to evaluate it on the basis of various use cases and scenarios in the domains of "industrial production" and "energy supply".

 

In the research project, different machine learning methods were investigated and evaluated for their applicability to anomaly detection in industrial environments. These included anomaly and attack detection based on network traffic, as well as on recordings from monitoring solutions and other sources of information such as log files. The primary goal within the project, besides the detection of attacks or anomalies, was the classification and assignment to known attack methods. For this purpose, two testbeds were designed and implemented within the project which could provide exemplary, realistic data sets for the development and testing of AI methods for the two domains "industrial production" and "energy supply". For data generation, known attack patterns and techniques were defined as scenarios and implemented within the testbeds.

 

Based on these datasets of various IT attacks, the commercial systems of the industry partners could be tested in the lab environment and their behavior could be included for downstream AI approaches for classification. As a result of the AICAS project, the generated datasets will be published and can be used as benchmark datasets for e.g. system vendors. Furthermore, with the data generator realized in the project, it is possible to create data sets specifically adapted to the requirements of industrial customers from the aforementioned domains for the most diverse attack scenarios and techniques.