NSoE DeST-SCI Research Projects

Thrust : Incidence Response: Forensics and Recovery

Project Title: Scalable Hybrid Honeypot Infrastructure for IoT Threat Intelligence and Response
Duration: Sep 2019 to Jun 2022
PIProf Zhou Jianying
ResearchersDr Yan Lin Aung, SUTD; Dr. Trupil Gordhan Limbasiya, SUTD; Wang Cheng, SUTD
Project manager: Angie Ng

Large-scale malware campaigns against IoT are a major threat to critical infrastructures. Due to the heterogeneity of IoT devices and the massive numbers of devices, it is challenging to foresee new attack waves. In this project we propose to build a hybrid (low and high interaction) honeypot, designed to scale to various kinds of devices, and to collect real-time data on attacks running on the wild. This data will be analyzed using lean machine-learning based techniques, in order to effectively provide threat intelligence on known and possibly unknown attacks. The honeypot will integrate data from other initiatives (such as the one hosted by the Global Cybersecurity Alliance) and will also provide threat intelligence as a service.

Project Title: Automated Incident Response and Recovery in ICS
Duration: Nov 2019 to May 2021
PIProf Zhou Jianying
Project manager: Siti Nadhirah Shaik Nasair Johar

In the current industrial control systems (ICS), response and recovery actions are determined and performed manually by a human operator once an attack has been detected. In this project, we aim to address challenges associated with automated synthesis of defence and incident response in ICS, and answer the following research questions: [RQ1] How to respond to an on-going attack on-the-fly, by performing actions to disable the attacker’s access to the system? [RQ2] How to recover from a successful attack by performing actions to move the system state from an unsafe to a safe state? We will develop a distributed monitoring technique that can coordinate multiple, component-specific monitors with an automatic synthesize protocol. We will also develop a technique for automatically synthesizing response and recovery actions in case of an active attacker.

Thrust : Attestation and Assessment

Project Title: Towards Practical Attestation Solutions for Countering Advanced Attacks to Industrial Control Systems
Duration: Oct 2019 to Dec 2022
PIAssoc Prof Binbin Chen,
Co-PIs: Assoc Prof. Sun Jun, SMU; Prof Zbigniew Kalbarczyk, ADSC
Researchers: Dr Chen Yuqi, SMU; Lin Wei, ADSC
Project manager: Siti Nadhirah Shaik Nasair Johar

Industrial control systems (ICS) monitor and operate critical infrastructures via logic implemented on their component devices — e.g., programmable logic controllers (PLCs). The PLC code may be maliciously modified in different ways, e.g., through runtime memory modification or tampering with the binary code. Once the PLC code is modified, the safety and security of CPS can be compromised. This project seeks to develop practical defender attestation techniques that can be applied to iTrust ICS testbeds and eventually to real-world systems. The developed solution will be able to cope with the lack of hardware support and software privilege and also ensure that attestation does not affect the ICS operations. We will also play the role of attacker to develop advanced techniques for attacking existing attestation techniques and co-evolve the defender and attacker to develop effective attestation techniques that are resilient against the sophisticated attackers.

Thrust : Digital Twinning

Project Title: LEarning from Network and Process data to secure Water Distribution Systems (LENP-WDS)
Duration: Oct 2019 to Sep 2022
PI: Assoc Prof Stefano Galelli, SUTD
Co-PIs: Dr Riccardo Taormina, TU Delft
Researchers: Dr Andres Murillo
Collaborator: Prof Nils Ole Tippenhauer, CISPA
Project manager: Siti Nadhirah Shaik Nasair Johar

Modern water distribution systems rely on networks of digital devices, which offer a vast attack surface to unauthorized users. In this project, we plan to develop novel data-driven solutions for detecting and responding to cyber-attacks. In particular, we will work with both network and process (SCADA) data generated by our first contribution, that is, a digital twin. The availability of such data will propel two additional contributions: (1) attack detection and localization algorithms, and (2) real-time response strategies. The detection (and localization) process will rely on the idea of pairing process and traffic data to reduce the number of false positives, identify both physical and digital assets under attack, and disclose threats earlier in the kill chain. This information will be then harnessed by a Deep Reinforcement Learning agent, which will learn the best response strategies through repeated interactions with the digital twin.

Project Title: Automated Framework for Generating Cyber-physical Range for Smart Grid
Duration: Oct 2019 to Sep 2022
PI: Dr Daisuke Mashima, ADSC
Co-PIs: Prof Ee-Chien Chang, NUS; Prof David Nicol, ADSC; Dr Partha Biswas, ADSC
Researchers: Dr Muhammad Roomi, ADSC; WeiZhe Huang, ADSC; Dr. Muhammad Suhail Hussain Shaik, NUS

Cyber range is a virtual representation of cyber-physical systems, and is demanded not only as a venue for evaluating compatibility and performance of ICS devices as well as ICS security solutions before deployment but also as sandbox for training and education. There are several desired properties for cyber range to be effective: fidelity to real systems, consistent cyber-physical systems emulation, flexibility in configuration, and scalability to support large-scale cyber-physical systems. Besides, it is desired to have accessibility and portability so that developed models can be shared with the community. In this project, focusing on smart power grid system, we develop expressive modelling framework to describe cyber range and associated tool chain to facilitate the instantiation of the cyber range according to the user-defined models. We further plan to demonstrate the technology by showcasing a cyber range of a real smart power grid system such as SUTD’s EPIC testbed.

Project Title: Digital twinning of secure water treatment facilities
Duration: Nov 2019 to Apr 2022
PIAssoc Prof Adrian Law, NTU
Co-PIs: Asst Prof Chong Tzyy Haur, NTU; Asst Prof Zhang Limao, NTU
Researchers: Dr Akshay Maan, NTU; Tang Di, NTU; Wei Yuying, NTU

This project aims to develop a digital-twin system concept, termed as “Smart Digital Water Twins (SDWT)”, to protect and optimize critical water infrastructures. This project is in collaboration with CAD-IT Consultants (Asia). SDWT shall build on the ThingWorx commercial platform for real-time data communication and management. It will leverage on advanced machine learning algorithms for predictive analysis, to provide effective and instant safeguards against operational anomalies and cyber/physical-attacks in critical water treatment infrastructures. The concept of SDWT will be examined independently in SUTD’s lab-scale Secure Water Treatment (SWaT) iTrust Testbed. Predictive maintenance for the simulated units will be carried out to evaluate the amount of material and energy savings for the known intake conditions, and cyber/physical-attacks will also be simulated with and without simultaneous technical anomalies to test the capability of SDWT in protecting the system operations.

Project Title: Cyber-Physical Attacks in Transmission Systems Using Digital Twin
Duration: Apr 2020 to Jan 2023
PI: Asst Prof Amer Ghias, NTU
Co-PIs: Asst Prof Jun Zhao, NTU; Dr Koh Leong Hai, NTU
Researchers: Huang Zhouxian, NTU; Muhammad Baqer Mollah, NTU

This project aims to investigate the possible cyber, physical and cyber-physical attacks in the transmission system of the power grid using the digital twin technique and to develop mitigation techniques for such attacks to secure the transmission system. This research will help the grid operator to understand the system vulnerability under various topology attacks while the developed mitigation techniques will facilitate the stability, reliability and robustness of the transmission system. The project will base on model-based design that involves the simulation of the cyber, physical and cyber-physical attacks in the transmission system of the power grid using the available open-source software commonly used in the power system industry, such as PyPSA, GNU Octave, MatPower, OpenDSS and OpenModelica.


Thrust : Attack Prevention

Project Title: Enhancing Dynamic Analysis of Firmware in IoT Infrastructures via Component Functionality Inference
Duration: Sep 2019 to Sep 2022
PI: Assoc Prof Liang Zhenkai, NUS
Researchers: Lin Qixiao, NUS; Ahmad Soltani, NUS

Dynamic analysis in IoT environments is often hindered by the lack of knowledge in certain critical components. This project aims to develop techniques to bridge the gap and enable effective dynamic analysis. Based on our research in traditional binaries, we found that important functionalities of components, such as dataflow-related semantics, can be inferred from observing inputs and outputs of a component. We will further the investigation of this technique in the domain of IoT components, using inference-based techniques to model components missing in virtual machines. With the model of IoT components, we can further drive the execution of firmware in dynamic analysis, and thus exposing more of its functionality to analysis, such as fuzzing and taint analysis.

Project Title: Design and reinforcement security on smart grids against cyber-physical attack
Duration: Oct 2019 to Mar 2023
PI: Assoc Prof Yuen Chau, SUTD
Co-PIs: Assoc Prof Tay Wee Peng, NTU; Prof Dusit Niyato, NTU; Asst Prof Christopher Lee, NTU; Dr Koh Leong Hai, NTU
Researchers: Dr Wen Tai Li, SUTD; Dr Yang Tianci, SUTD; Dr Ran Xiaohong, NTU; 
Project manager: Hor Miao Yun

Smart grid is a well-known cyber-physical system. However, its complex nature introduces a new level of security vulnerabilities that reveals urgent needs of security reinforcement against malicious attacks. In this research project, to improve the security level of smart grid, a new security reinforcement process is proposed with three stages; namely (1) Design, (2) Monitoring, and (3) Operation, involved with the aspects of prevention, protection, detection, and control mechanisms. Specifically, we study three tasks with particular emphasis on defense-in-depth though novel techniques. To this end, first, an intelligent method is proposed to evaluate the vulnerable points and the corresponding impact of smart grid subject to various attack strategies. Then, a robust detection framework is developed that leverages the correlation between abnormal/attack incidents and normal signals/states in both the cyber and physical domains. Finally, a game-changing approach based control mechanism is proposed with fully distributed, high secure, and robust characteristics.


Thrust : Novel Approaches to design secure CI

Project Title: A two-track approach to CPS Reconnaissance: causal-graphs and axiomatic design
Duration: Oct 2019 to Mar 2023
PI: Assoc Prof Arlindo Silva, SUTD
Co-PIs: Dr Christopher Poskitt, SMU; Dr Venkata Palleti, IIPE
Researchers: Dr Andrew Yoong Cheah Huei, SUTD
Project manager: Angie Ng

In this project we will develop two novel and complementary approaches in the context of CPS design. First, we will investigate axiomatic design theory, in which the functional requirements of the CPS are related to a set of design parameters, and systematically analysed using matrix methods. Second, we will investigate design graphs, in which causal relations and dependencies are modelled, and used to analytically identify different clusters of CPS components, as well as ‘weaker’ nodes of the system that could be targeted by an attacker. Finally, we will combine the approaches by deriving invariants for the implemented CPS based on the conditions and relations identified in the design stage. These methods will be applied to water supply, distribution, and cascading effects.

Project Title: FBI – Featherlight Blockchain for IoT
Duration: Oct 2019 to Mar 2022
PI: Asst Prof Dinh Tien Tuan Anh, SUTD
Researchers: Dr Daniel Petrus Reijsbergen,SUTD; Aung Maw, SUTD
Project manager: Hor Miao Yun

Blockchains provide several interesting features, for example, decentralisation, immutability, non-repudiation, accountability, availability, and transparency. Some of these are compelling to use in an IoT context, namely to ensure and decentralise trust in the IoT infrastructure. We propose to design and build a Featherlight Blockchain Infrastructure (FBI) that will serve as a trust anchor for IoT devices. The smart contracts, consensus protocol, and identity and access management of the FBI will be tailored towards IoT services, particularly Advanced Metering Infrastructures. We will identity and make appropriate trade-offs between security and performance of the blockchain infrastructure. We will focus on three case studies to demonstrate how FBI helps with data security, recovery, and anomaly detection: Secure Logging, Secure Timestamping, and Secure Firmware Updates. To achieve this, we will interface the FBI with real-world IoT devices in the Critical Infrastructure labs of iTrust.