We started the project in May 2018 with a kick-off meeting in the Agora Centre of the University of Jyväskylä, in Finland, who were hosting this event.
All the participants from the Technical University of Sofia, Bulgaria, the Kharkiev National University of Radioelectronics in Ukraine, the University of Jyväskylä in Finland and ECAM-EPMI Graduate School of Engineering in Paris, France, gathered to set the foundation of the future project work.
We discussed how each of the teams will fit in the project research with their respective area of expertise. We set a schedule for the execution of the various activities during the three phases of the project and generally finished a lot of administrative work concerning the logistics of the whole project.
While waiting for the next meeting with the colleagues from ECAM-EPMI, NURE and JYU, and to give them some base data to start working on their poisoning and immunisation algorithms, the team from the TU (Technical University – Sofia) started developing the architecture of the Intelligent Control System, which will be the intelligent control layer on top of the SCADA software that will be connected to the updated industrial logistics systems on premise.
We considered two possible scenarios.
Luggage conveyor line at an airport, which is equipped with some sort of intelligent bomb detection system. The aim here is use computer vision as the detection method, and then use image data poisoning to trick the system into thinking something is or is not a bomb, as per the desires of a potential attacker.The conveyor line scenario is very simple and includes a regular SCADA logic, where crates are destined to specific exits, based on their barcodes. The intelligent part of the system is a camera, recognising potential “bomb” crate, which is then redirected to exit the system through a specific station.
In order to ease our colleagues from NURE we provided them with a dataset consisting of test images and and a spreadsheet with target vectors (image name and bomb classifier), where if the crate contains a bomb the class is 1, if there is no bomb the class is 0
The second system will be an automated storage facility, part of a critical national infrastructure. The idea here is to disrupt the operation of the production facility by attempting to mess the storage and retrieval routines in the system.The intelligent control system is designed to dynamically designate address values for the crates, based on their load-type and weight. The address will be retrieved from a data-base, which will store information on what storage sells are taken and free. Then another module of the control system, independent from the first one, will check if the given solutions are executed correctly, by comparing the expected and real-time cycle values for the handling equipment. If there are discrepancies the system will take the necessary actions to prevent damage.
Here is a draft schematic of the system architecture:
Between 27th and the 31st of August 2018, we gathered for the first training session in the premisses of the Technical University of Sofia, Bulgaria, where the logistic infrastructure will be the target for our efforts to build intelligent cyber defence mechanisms for.
The University’s department of Engineering Logistics has an experimental industrial facility with various production and warehousing equipment, which under this project will be updated to an Industry 4.0 setting. Later the participants from Kharkiev National University of Radioelectronics will be attempting to break in and disrupt the operations in two of the process lines, by “infecting” the intelligent control solutions with so called data poisoning attacks on artificial neural networks.
We discussed possible structures for our our intelligent defence system and elaborated on what methodologies could possibly work for what we strive to achieve.
Participants in the training: Karim LABADI (ECAM-EPMI), Mariia GOLOVIANKO (NURE), Svitlana GRYSHKO (NURE), Timo TIIHONEN (JYU), Samir HAMACI (ECAM-EPMI).
The visit to ECAM-EPMI started by a warm welcome by Maurice Chayet, Deputy Director of ECAM-EPMI, who gave a detailed presentation of ECAM-EPMI. Subsequently, the participants visit the campus and the Laboratories of ECAM-EPMI. The rest of the day was devoted to training participants, by Karim LABADI and Samir HAMACI, in using the Production line at ECAM-EPMI, which will be part of the simulation environment for evaluating cyber-attacks based on real life industrial production system.
The second day was devoted to training the participants in the modelling capabilities of Petri Nets, which could be used in developing the software part of the project. In this context, Karim Labadi presented the benefits of working with Petri nets at the seminar, organised on this occasion: “Petri Nets for modelling, analysis and control, Theory and application”.
The remainder of the day was devoted to discussion among participants on the possibilities of using Petri nets as part of the NATO G5511 project.
During the third day Mariia Golovianko introduced the concept of artificial intelligence, while emphasising the possibilities offered by this research discipline as part of the analysis of the cyber-security of smart factories. Subsequently, a discussion took place between the participants on the algorithms that will be developed for the framework of NATO G5511 project.
The fourth day, was devoted to a reflection between the participants to see how to use the Petri nets and artificial intelligence to develop algorithms related to the cyber-security of smart factories. At the end of the day, the debate focused on the future steps of the project, and possibly the technical difficulties, that may slow down the progress of the project.
Participants in the work meeting: Mariia GOLOVIANKO (NURE), Svitlana GRYSHKO (NURE), Timo TIIHONEN (JYU), Vagan TERZIYAN (JYU), Konstantin DIMITROV (TU-SOFIA), Alexander GRANTCHAROV (TU-SOFIA).
The Bulgarian, Ukrainian and Finish teams met in Sofia, Bulgaria for a week of quality face-to-face work session from 22nd to 27th of July 2019. The first day started by the Bulgarian team with a demonstration of the operational capabilities of the two newly upgraded logistical systems (The Interroll Conveyer and the ASRS) and their automated control solutions, built on Siemens automation technology. The team members discussed the logic behind the control solutions and the behaviours of the systems.
Screenshot from the SCADA used to monitor and operate the InterROLL conveyer
Screenshot from the SCADA used to monitor and operate the Automated Storage and Retrieval System (ASRS)
The second day was spent on discussions on the general architecture of the cyber defence solution, incorporating an intelligent control layer for each of the logistics systems and an immune system on top of the intelligence layer, to protect the intelligent decision making process. The teams then went into details, discussing various attack scenarios and mitigation strategies.
The teams discussed various options for acquiring the necessary data for the training of the neural networks, the labelling process and different classification approaches. This day turned out to be very productive and at the end of it the teams had a good understanding of what will be the different modules of the systems and how data would flow between those modules.
Discussing the architecture of the intelligence cyber defence system
Draft version of the architecture of the intelligence cyber defence system to be developed an implemented on the experimental logistics systems in TU-Sofia and ECAM-EPMI
The rest of the time the teams had to spent together was devoted to discussing interoperability issues, interfaces and generally how to make the system work seamlessly over distance and in different development environments.
Participants in the work meeting: Mariia GOLOVIANKO (NURE), Svitlana GRYSHKO (NURE), Timo TIIHONEN (JYU), Vagan TERZIYAN (JYU), Konstantin DIMITROV (TU-SOFIA), Alexander GRANTCHAROV (TU-SOFIA), Moumen DARCHERIF (ECAM-EPMI), Samir HAMACI (ECAM-EPMI), Karim LABADI (ECAM-EPMI).
The Bulgarian, Ukrainian and Finish teams visited ECAM-EPMI for a coordination meeting, to discuss some administrative topics, but also to work on the integration of the experimental pharmaceutical production line, which ECAM-EPMI have on premise, within the general Immune System coverage. Also, various ways to merge the fields of Machine Learning and PetriNets were discussed.
This month was the conclusion of the project. The team gathered for an online meeting to give a summary of everything achieved during the project term. All work done during the past two years is summarised in a few documents with more in-depth scientific explanations.
For those less inclined to go through the documents and delve deeper into the science part, we prepared a video summary of the project, which will give you a good understanding of the goals set forward and the achieved so far.
Under Phase 1 of the project Technical University – Sofia had to upgrade some hardware components and control logic for two of its experimental logistics systems. The following document presents those changes:
Under Phase 2 the team at the Technical University – Sofia worked on setting up the pilot installations with the necessary logic to operate as the desired simulated real-life systems (luggage conveyor and warehouse storage & retrieval systems), as well as the creation of the intelligent control layer, capable of detecting and tracking the load units. The following document describes this process:
The team from ECAM-EPMI worked on the establishment of a cyber-attack and security simulator platform, based on their pharmaceutical production and packaging line, which was to be used for the experiments in that phase of the project:
In Phase 2 the teams at NURE and JYU were experimenting with different generative adversarial network architectures and various training techniques in order to develop a proof-of-concept immune system for the intelligent control layers for the three pilot demonstrators: