Post-Doctoral Research Visit F/M Accurate detection and modelling of Advanced Persistent Threats in ICS using Machine-Learning techniques

Resist team at Inria Nancy and the University of Abomey-Calvi (UAC) have started in 2024 an associate team focusing on the cyber security of Industrial Control Systems. These systems refer to specialized computer systems and networks that manage and control industrial processes. ICS are employed in various industries, including manufacturing, energy production, transportation, etc. They are fundamental in monitoring and regulating industrial processes, ensuring efficiency, safety, and reliability. They include Supervisory Control and Data Acquisition (SCADA) systems, a type of ICS that collects data from sensors remotely and provides a human-machine interface for operators to make real-time decisions. For instance, Benin has initiated projects to modernize the Electrical grid of the ”Société Béninoise d’Energie Electrique (SBEE)”. For this, Benin has built “a National Distribution Control Center (Dispatching)” for the intelligent management of its electrical grid. Indeed, the National Distribution Control Center is a modern infrastructure based on SCADA system allowing real-time monitoring and control of the power distribution network and data collection. This SCADA Electrical grid supervision system enables the analysis of data collected on the Electrical grid to make remote decisions in real time and detect breakdowns to intervene remotely. The smart grid’s optimal and secure data management has become an significant challenge for the Beninese government. This associated team project and the research that will be conducted will be of great help to meet the challenges of securing and analyzing threats of the communication systems widely deployed in such smart grids.

A vast literature exists regarding the detection and analysis of Advanced Persistent Threat (APT) in ICS. However, these approaches are still missing enough detection accuracy and they still fail in operational environments by raising a high number of false positives. This is mainly due to the heterogeneity of these environments with a large number of legacy systems and proprietary applications. For instance, in such environments, many safety processes are deployed and may raise alerts by intrusion detection systems since they have irregular behavior when activating for instance an emergency command to stop the industrial system. In addition, false positive alerts may be issued due to device failure or dysfunction.
The objective of this Postdoc work is to build more accurate and very low positive rate detection systems for ICS while considering advanced threats that usually have low activity profiles. We will leverage Machine Learning (ML) techniques, in particular, deep learning algorithms over Graph Neural Networks (GNN) to better contextualize observed alerts and to check whether they are really due to an attack, a failure, or an unobserved legitimate action. We will rely on publicly available datasets in the literature and on our own ones for building and evaluating these models.

Machine Learning, Cyber security, some knowledge on Industrial Control Systems will be benefit

• Subsidized meals
• Partial reimbursement of public transport costs
• Leave: 7 weeks of annual leave + 10 extra days off due to RTT (statutory reduction in working hours) + possibility of exceptional leave (sick children, moving home, etc.)
• Possibility of teleworking (after 6 months of employment) and flexible organization of working hours
• Professional equipment available (videoconferencing, loan of computer equipment, etc.)
• Social, cultural and sports events and activities
• Access to vocational training
• Social security coverage

2788€ gross/month