AnoKo - Detection of anomalies in communication of industrial equipment 4.0 to defend against cyber-attacks

text

problem

Due to the future development in the context of Industry 4.0, the networking of the individual components continues to rise sharply, as cyber-physical systems increasingly interact autonomously with each other. Vulnerabilities in production systems in the form of design, implementation and configuration errors can therefore have dramatic consequences for the entire networked application. Vulnerabilities offer potential for unauthorized access and unwanted interventions in the production system and can lead, for example, to faulty production, the standstill of the plant or even to personal injury.

objective

The aim of this project is to detect unauthorised interventions in production systems. This is to be achieved by permanently analyzing the industrial communication system of a production plant for deviations. In the context of IT security, this process is called anomaly detection. In the AnoKo project, an anomaly detection system is to be further developed and tested, on the basis of which central monitoring within a real-time capable industrial application is also made possible. Such an anomaly detection system enables operators to more comprehensively protect their production facilities or their assets against attacks.

approach

analysis
Investigation and analysis of selected communication technologies. The focus is on PROFINET and OPC-UA. The risk analysis concerns the protocol structure and the associated services.

expansion
The existing test environment will be extended by additional industrial components in order to be able to analyze both the state of the art and newly emerging Industry 4.0 systems.

Anomaly detection
Development of an anomaly detection and monitoring system to protect against cyberattacks. The communication history is checked in real time and anomaly information is visualized appropriately.

Test specification & Test execution
Test execution based on a real production process. The results can be used to formulate recommendations for action for future Industry 4.0 automation systems.

Project management: Christian Siegwart, M.Sc.

Project manager: Prof. Dr.-Ing. Georg Frey

Project partners: KORAMIS GmbH

The project was funded by the Federal Ministry of Education and Research under the funding code 01IS16041.

Category: Industrial security

Other projects