CEASED – Collaborative Intrusion Detection for Smart Edge

1.    Project Overview

Computing trends are creating complex, interconnected yet distributed information technology (IT) infrastructures while cyber-attack technology continues to pose attack detection challenges for security teams with increasing use of sophisticated attack techniques. These trends combined are giving rise to the “de-perimeterisation” of enterprise security wherein the traditional perimeter security model has given ways to Zero Trust security model such as Zero Trust that seek to minimise the “implicit trust zones” for principals by moving the access control policy decision and control points closer to the resource to create an area where all entities are trusted to the same level.

 

The main goal of the project is to develop a state-of-the-art distributed and federated anomaly detection framework to improve attack detection in Zero Trust (ZT) information (IT) and operations technology (OT) systems. The project aims at:

Objective 1 – Formulate a concrete zoning solution for ICS

Objective 2 – To enable attack detection with multiple anomaly detection models per endpoint

Objective 3 –To provide Federated Learning support for distributed anomaly detection model training

2.Project Structure

The CEAZE hierarchical anomaly detection architecture consists of two levels of endpoint and zone, as shown in Figure 1. Each endpoint has a collection of “event level” AD models, and each endpoint output can be fed to a zone level anomaly correlation function which aggregates the outputs from multiple models.

The project is structured in four packages:

  • Zoning definition
  • On-endpoint data sources modalities characterizing
  • Multi-source data and context-awareness fusion
  • Federated Learning support for distributed anomaly detection model training
    • Context-aware
    • Heterogeneity of the computing and communication capabilities of the zone endpoints
    • Parallel training of multiple, different AD models
    • Privacy protection
CEAZE Distributed AD

3.Contributions

Innovative technologies e.g. IoT, edge computing, AI are often seen as a threat to cyber security– through the introduction of new vulnerabilities and attack vectors. This can hinder the uptake of these technologies and lead to lost market opportunities. The CEAZE project outputs can improve innovation capacity by helping counter this threat perception by reducing the attack surface of these technologies while advanced AI based anomaly detection can lead to quicker and more effective defence techniques. CEAZE also has a strong focus to improve cyber security for Irish SMEs. Boosting SME cyber security will help these companies grow stronger and complete more effectively and create new possibilities for Irish companies.

 

4. Deliverable

More details coming soon

Sponsors