果冻传媒

The digitalisation of our society has profoundly transformed our economy and the technological landscape, leading to an unprecedented dependency on networked systems, such as computers, smartphones, and IoT devices like CCTV camera.

Some of these environments can perform physical actions, and they collect, process and store large volumes of users' (personal) data to do so. While these technologies and operations yield many benefits, they also introduce new threats, which can have a critical impact on the 鈥榮afeness鈥� of their users, i.e., their physical safety and digital privacy.

Attacks targeting cyber-physical systems can influence machines鈥� behaviour, ultimately hurting users physically. In addition, cyber criminals stealing and abusing personal data can impact individuals by using their data to commit fraud or extortion.

Traditional approach

Protecting safeness-critical environments can be achieved with the use of a strategy called 鈥渘etwork security monitoring鈥�. It is a well-established concept in the 鈥榯raditional鈥� information technology world where a number of solutions such as intrusion detection systems have been developed to protect mostly computers and servers.

However, it is unclear how the current solutions perform in the context of safeness-critical environments and their unique specificities: how able are these solutions to also protect newer systems such as IoT devices and cyber-physical systems?

To answer this question Dupont investigated two environments that can be regarded as safeness-critical: healthcare delivery organisations (e.g., hospitals) and modern cars. Recent security research and real-life incidents have demonstrated the risks to their users' safeness, calling for effective security measures to protect their networks and devices (and ultimately their users).

The objective of this thesis is to identify the requirements for network security monitoring, and to provide the means to create and evaluate intrusion detection systems for these two environments.

Novel approaches

Both studies started with an analysis of the environment's technological landscape and related threats. This first phase sheds light on the technologies and security challenges, and it helps to identify gaps with regards to current network security monitoring capabilities. The researcher then investigated the limitations of the monitoring solutions applied in the environment. Finally, he developed novel approaches suited for the specificities of the environment, as well as methods to evaluate them.

Dupont鈥檚 work yields a number of contributions, including a device classification method helping identify devices on a network, the discovery of vulnerabilities in communication protocols used in hospitals, a classification of intrusion detection systems for automotive networks, as well as a framework for the evaluation of these systems.

Three requirements for security monitoring

These results enable us to identify three main requirements for the application of network security monitoring in safeness-critical environments.

First, one needs extensive (technical) information about the devices connected to the network: the types of devices, their function, etc. Second, one requires information about communication between devices: the transmission patterns, what kind data is exchanged, etc. Third, one needs the ability to evaluate network security monitoring tools such as intrusion detection systems and assess their performance.

Once these requirements are met, we can design effective network monitoring capabilities to better protect the environment and its users from cyber threats.

Guillaume Dupont, , supervisors: Sandro Etalle, Jerry den Hartog.