Key information:
| Student | Charles Hutchins |
| Academic Supervisors | Leonardo Aniello, Enrico Gerding, Basel Halak |
| Cohort | 2 |
| Pure Link | Active Project |
APT or Advanced Persistent Threats are attacks that employ stealthy and sophisticated methods to infiltrate or disrupt IT systems. They are used by criminal organisations in high budget cyber-warfare to disrupt government services and public infrastructure. Conventional cyber defences, which train on previous attack signatures, are becoming less effective due to the as-yet uncharacterised components of new APT attacks.
Recent literature attempts to generalise over the threat landscape and create better defensive measures against never-before-seen attacks. Some environments have been constructed with partial observability, which takes into account the imbalance of information between the attacker and defender. Game-theoretic models, such as Stackelberg Security Games, are becoming increasingly popular as they calculate the optimal allocation of defensive resources in environments with numerous vulnerable devices. Solving Stackelberg Security Games yields a policy which maximises the defence coverage using the fewest resources. Modelling industrial control systems as Stackelberg Security Games allows us to strategically allocate resources to protect systems which are resource constrained and control critical infrastructure. Power distribution and manufacturing plants are just some examples of critical infrastructure where disruption needs to be kept to a minimum.
During the initial stages of the project, we explored unsupervised learning techniques, such as anomaly detection, to characterize normal device operation and identify malicious actions. While these methods are proven to be effective, they rely on tuning a thresholding value. If this thresholding value is set too low, this can lead to the generation of false positives. Conversely, if the value is set too high, this can result in the misclassification of cyber-attacks as benign user actions.
The aim of this PhD project is to develop policies in realistic environments which take into account the complex interactions of all agents involved. These optimal policies can then be used to secure IoT systems where previous models have been known to make too many assumptions, or generate too many false positive results, for real world deployment.