Research Projects

Project Title Project Team Abstract
Thrust : Incidence Response: Forensics and Recovery
Scalable Hybrid Honeypot Infrastructure for IoT Threat Intelligence and Response

Project manager: Angie Ng

PI: Prof Zhou Jianying, SUTD

Researchers: Dr Yan Lin Aung, SUTD

Large-scale malware campaigns against IoT are a major threat to critical infrastructures. Due to the heterogeneity of IoT devices and the massive numbers of devices, it is challenging to foresee new attack waves. In this project we propose to build a hybrid (low and high interaction) honeypot, designed to scale to various kinds of devices, and to collect real-time data on attacks running on the wild. This data will be analyzed using lean machine-learning based techniques, in order to effectively provide threat intelligence on known and possibly unknown attacks. The honeypot will integrate data from other initiatives (such as the one hosted by the Global Cybersecurity Alliance) and will also provide threat intelligence as a service.
Automated Incident Response and Recovery in ICS

Project manager: Siti Nadhirah Shaik Nasair Johar

PI: Prof Zhou Jianying, SUTD In the current industrial control systems (ICS), response and recovery actions are determined and performed manually by a human operator once an attack has been detected. In this project, we aim to address challenges associated with automated synthesis of defence and incident response in ICS, and answer the following research questions: [RQ1] How to respond to an on-going attack on-the-fly, by performing actions to disable the attacker’s access to the system? [RQ2] How to recover from a successful attack by performing actions to move the system state from an unsafe to a safe state? We will develop a distributed monitoring technique that can coordinate multiple, component-specific monitors with an automatic synthesize protocol. We will also develop a technique for automatically synthesizing response and recovery actions in case of an active attacker.
Thrust : Attestation and Assessment
Towards Practical Attestation Solutions for Countering Advanced Attacks to Industrial Control Systems

Project manager: Siti Nadhirah Shaik Nasair Johar

PI: Assoc Prof Binbin Chen, SUTD

Co-PIs: Assoc Prof. Sun Jun, SMU; 
Prof Zbigniew Kalbarczyk, ADSC

Researchers: Dr Chen Yuqi, SMU; Lin Wei, ADSC

Industrial control systems (ICS) monitor and operate critical infrastructures via logic implemented on their component devices — e.g., programmable logic controllers (PLCs). The PLC code may be maliciously modified in different ways, e.g., through runtime memory modification or tampering with the binary code. Once the PLC code is modified, the safety and security of CPS can be compromised. This project seeks to develop practical defender attestation techniques that can be applied to iTrust ICS testbeds and eventually to real-world systems. The developed solution will be able to cope with the lack of hardware support and software privilege and also ensure that attestation does not affect the ICS operations. We will also play the role of attacker to develop advanced techniques for attacking existing attestation techniques and co-evolve the defender and attacker to develop effective attestation techniques that are resilient against the sophisticated attackers.
Thrust : Digital Twinning
LEarning from Network and Process data to secure Water Distribution Systems (LENP-WDS)

Project manager: Angie Ng

PI: Assoc Prof Stefano Galelli, SUTD

Co-PI: Dr Riccardo Taormina, TU Delft

Researchers: Dr Andres Murillo

Collaborator: Prof Nils Ole Tippenhauer, CISPA

Modern water distribution systems rely on networks of digital devices, which offer a vast attack surface to unauthorized users. In this project, we plan to develop novel data-driven solutions for detecting and responding to cyber-attacks. In particular, we will work with both network and process (SCADA) data generated by our first contribution, that is, a digital twin. The availability of such data will propel two additional contributions: (1) attack detection and localization algorithms, and (2) real-time response strategies. The detection (and localization) process will rely on the idea of pairing process and traffic data to reduce the number of false positives, identify both physical and digital assets under attack, and disclose threats earlier in the kill chain. This information will be then harnessed by a Deep Reinforcement Learning agent, which will learn the best response strategies through repeated interactions with the digital twin.
Automated Framework for Generating Cyber-physical Range for Smart Grid PI: Dr Daisuke Mashima, ADSC

Co-PIs: Prof Ee-Chien Chang, NUS;
Prof David Nicol, ADSC;
Dr Partha Biswas, ADSC

Researchers: Dr Muhammad Roomi, ADSC; WeiZhe Huang, ADSC; Dr. Muhammad Suhail Hussain Shaik, NUS; Mr. Kian Wee Chua, NUS


Cyber range is a virtual representation of cyber-physical systems, and is demanded not only as a venue for evaluating compatibility and performance of ICS devices as well as ICS security solutions before deployment but also as sandbox for training and education. There are several desired properties for cyber range to be effective: fidelity to real systems, consistent cyber-physical systems emulation, flexibility in configuration, and scalability to support large-scale cyber-physical systems. Besides, it is desired to have accessibility and portability so that developed models can be shared with the community. In this project, focusing on smart power grid system, we develop expressive modelling framework to describe cyber range and associated tool chain to facilitate the instantiation of the cyber range according to the user-defined models. We further plan to demonstrate the technology by showcasing a cyber range of a real smart power grid system such as SUTD’s EPIC testbed.
Digital twinning of secure water treatment facilities PI: Assoc Prof Adrian Law, NTU

Co-PIs: Asst Prof Chong Tzyy Haur, NTU;
Asst Prof Zhang Limao, NTU

Researchers: Tang Di, NTU; Wei Yuying, NTU

This project aims to develop a digital-twin system concept, termed as “Smart Digital Water Twins (SDWT)”, to protect and optimize critical water infrastructures. This project is in collaboration with CAD-IT Consultants (Asia). SDWT shall build on the ThingWorx commercial platform for real-time data communication and management. It will leverage on advanced machine learning algorithms for predictive analysis, to provide effective and instant safeguards against operational anomalies and cyber/physical-attacks in critical water treatment infrastructures. The concept of SDWT will be examined independently in SUTD’s lab-scale Secure Water Treatment (SWaT) iTrust Testbed. Predictive maintenance for the simulated units will be carried out to evaluate the amount of material and energy savings for the known intake conditions, and cyber/physical-attacks will also be simulated with and without simultaneous technical anomalies to test the capability of SDWT in protecting the system operations.
Cyber-Physical Attacks in Transmission Systems Using Digital Twin PI: Assoc Prof So Ping Lam, NTU

Co-PI: Asst Prof Amer Ghias, NTU;
Asst Prof Jun Zhao, NTU;
Dr Koh Leong Hai, NTU

Researchers: Dr Mansoor Ali, NTU; Dr Bowen Zou, NTU; Huang Zhouxian, NTU; Muhammad Baqer Mollah, NTU; 

This project aims to investigate the possible cyber, physical and cyber-physical attacks in the transmission system of the power grid using the digital twin technique and to develop mitigation techniques for such attacks to secure the transmission system. This research will help the grid operator to understand the system vulnerability under various topology attacks while the developed mitigation techniques will facilitate the stability, reliability and robustness of the transmission system. The project will base on model-based design that involves the simulation of the cyber, physical and cyber-physical attacks in the transmission system of the power grid using the available open-source software commonly used in the power system industry, such as PyPSA, GNU Octave, MatPower, OpenDSS and OpenModelica.
Thrust : Attack Prevention
Enhancing Dynamic Analysis of Firmware in IoT Infrastructures via Component Functionality Inference PI: Assoc Prof Liang Zhenkai, NUS

Researchers: Lin Qixiao, NUS; Chen Yinfang, NUS

Dynamic analysis in IoT environments is often hindered by the lack of knowledge in certain critical components. This project aims to develop techniques to bridge the gap and enable effective dynamic analysis. Based on our research in traditional binaries, we found that important functionalities of components, such as dataflow-related semantics, can be inferred from observing inputs and outputs of a component. We will further the investigation of this technique in the domain of IoT components, using inference-based techniques to model components missing in virtual machines. With the model of IoT components, we can further drive the execution of firmware in dynamic analysis, and thus exposing more of its functionality to analysis, such as fuzzing and taint analysis.
Design and reinforcement security on smart grids against cyber-physical attack

Project manager: Hor Miao Yun

PI: Assoc Prof Yuen Chau, SUTD

Co-PIs: Assoc Prof Tay Wee Peng, NTU;
Assoc Prof Roland Bouffanais, SUTD;
Prof Dusit Niyato, NTU;
Asst Prof Christopher Lee, NTU;
Dr Koh Leong Hai, NTU 

Researchers: Dr Wen Tai Li, SUTD; Dr Penfeng Lin, SUTD


Smart grid is a well-known cyber-physical system. However, its complex nature introduces a new level of security vulnerabilities that reveals urgent needs of security reinforcement against malicious attacks. In this research project, to improve the security level of smart grid, a new security reinforcement process is proposed with three stages; namely (1) Design, (2) Monitoring, and (3) Operation, involved with the aspects of prevention, protection, detection, and control mechanisms. Specifically, we study three tasks with particular emphasis on defense-in-depth though novel techniques. To this end, first, an intelligent method is proposed to evaluate the vulnerable points and the corresponding impact of smart grid subject to various attack strategies. Then, a robust detection framework is developed that leverages the correlation between abnormal/attack incidents and normal signals/states in both the cyber and physical domains. Finally, a game-changing approach based control mechanism is proposed with fully distributed, high secure, and robust characteristics.
Thrust : Novel Approaches to design secure CI
A two-track approach to CPS Reconnaissance: causal-graphs and axiomatic design

Project manager: Angie Ng

PI: Assoc Prof Arlindo Silva, SUTD

Co-PIs: Dr Christopher Poskitt, SMU;
Dr Venkata Palleti, IIPE

Researchers: Dr Andrew Yoong Cheah Huei, SUTD

In this project we will develop two novel and complementary approaches in the context of CPS design. First, we will investigate axiomatic design theory, in which the functional requirements of the CPS are related to a set of design parameters, and systematically analysed using matrix methods. Second, we will investigate design graphs, in which causal relations and dependencies are modelled, and used to analytically identify different clusters of CPS components, as well as ‘weaker’ nodes of the system that could be targeted by an attacker. Finally, we will combine the approaches by deriving invariants for the implemented CPS based on the conditions and relations identified in the design stage. These methods will be applied to water supply, distribution, and cascading effects.
FBI – Featherlight Blockchain for IoT

Project manager: Hor Miao Yun

PI: Asst Prof Dinh Tien Tuan Anh, SUTD

Co-PI: Prof Yuval Elovici, SUTD/BGU 

Researchers: Dr Daniel Petrus Reijsbergen,SUTD; Aung Maw, SUTD; Yang Dianshi, SUTD 

Blockchains provide several interesting features, for example, decentralisation, immutability, non-repudiation, accountability, availability, and transparency. Some of these are compelling to use in an IoT context, namely to ensure and decentralise trust in the IoT infrastructure. We propose to design and build a Featherlight Blockchain Infrastructure (FBI) that will serve as a trust anchor for IoT devices. The smart contracts, consensus protocol, and identity and access management of the FBI will be tailored towards IoT services, particularly Advanced Metering Infrastructures. We will identity and make appropriate trade-offs between security and performance of the blockchain infrastructure. We will focus on three case studies to demonstrate how FBI helps with data security, recovery, and anomaly detection: Secure Logging, Secure Timestamping, and Secure Firmware Updates. To achieve this, we will interface the FBI with real-world IoT devices in the Critical Infrastructure labs of iTrust.