Government Communications Headquarters, commonly known as GCHQ, is an intelligence and security organisation responsible for providing signals intelligence and information assurance to the government and armed forces of the United Kingdom.
Cyber-Physical Attack Detector for Buildings
Detecting Cyber Attacks Using Secondary IoT Sensors in Smart Buildings
Most Common Approach: Cyber-attacks on Industrial Control Systems (ICS) are monitored through traditional techniques such as Network Traffic Analysis (NTA). While we acknowledge the merit of NTA, more sophisticated attacks (example below) will evade NTA approaches by spoofing the readings from the sensors making ICS significantly vulnerable. Let us consider a scenario: if an attacker intends to overheat a system, they could alter the fan behaviour (e.g., speed). At the same time, the attacker may also maliciously control the connected temperature sensors to prevent reporting increased temperatures back to the control system, which leads to overheating.
To detect such sophisticated attacks, I propose to develop a secondary low-cost IoT sensor network which combines sensors data and state-of-the-art deep learning techniques to detect anomalies. Further, this secondary IoT sensors would use a secondary network (e.g., Bluetooth, ZigBee) and stay as an air-gapped system to reduced potential parallel attacks. For example, an unexpected fan shutdown might be detected through changes in temperature, or absence of noise where all parameters can be captured through sensors (i.e., physical observations).
This fellowship aims to explore how can we use low-cost multi-sensors (e.g., temperature, vibration, motion, etc.) to detect anomalies in a given environment to detect potential cyber attacks against ICS. Malicious actors always try to find sophisticated ways to carry-out attacks (e.g.Stuxnet, Ukraine, power-grid cyberattack). To prevent attacks that evade NTA, we aim to develop a secondary layer of protection based on physical behaviour to mitigate the weaknesses of NTA. It is important to note that our intention is not to ignore NTA based techniques. Instead, our objective is to add more resilient to BMS network by adding a secondary protection layer of security.
Team
Funding
Government Communications Headquarters (GCHQ)
Partners
The Landing
The Landing @ MediaCity UK is workspace, community, business support, user testing labs, maker lab and events. The Landing is the technology enterprise incubator for high-growth companies at the heart of MediaCityUK.
Outcomes
Journal
Yasar Majib, Mohammed Alosaimi, Andre Asaturyan, and Charith Perera Dataset for Cyber-Physical Anomaly Detection in Smart Homes, Frontiers in the Internet of Things, Volume 2, 2023, pp, 1–15
Journal
Yasar Majib, Mahmoud Barhamgi, Behzad Momahed Heravi, Sharadha Kariyawasam, Charith Perera Detecting Anomalies within Smart Buildings using Do-It-Yourself Internet of Things, Journal of Ambient Intelligence and Humanized Computing (JAIHC), September 2022
Journal
Hakan Kayan, Yasar Majib, Wael Alsafery, Mahmoud Barhamgi, Charith Perera AnoML-IoT: An end to end re-configurable multi-protocol anomaly detection pipeline for Internet of Things, Elsevier Internet of Things (Elsevier IOT) Volume 16, 100437, December 2021