ELEGANT: Security of Critical Infrastructures With Digital Twins

Detalhes bibliográficos
Autor(a) principal: Sousa, Bruno
Data de Publicação: 2021
Outros Autores: Arieiro, Miguel, Pereira, Vasco, Correia, João, Lourenço, Nuno, Cruz, Tiago
Tipo de documento: Artigo
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: http://hdl.handle.net/10316/100876
https://doi.org/10.1109/ACCESS.2021.3100708
Resumo: The past years have witnessed an increasing interest and concern regarding the development of security monitoring and management mechanisms for Critical Infrastructures, due to their vital role in ensuring the availability of many essential services. This task is not easy due to the speci c characteristics of such systems, and the natural resistance of Critical Infrastructures operators against actions implying downtime. Digital Twins, as accurate virtual models of physical objects or processes, can provide a faithful environment for security analysis or evaluation of potential mitigation strategies to be deployed in face of speci c situations. Nonetheless, their on-premises deployment can be expensive, implying a signi cant CAPEX whose return will depend on the ability to plan and deploy a suitable support infrastructure, as well as implementing ef cient and scalable data collection and processing mechanisms capable of taking advantage of the acquired resources. This paper presents an off-premises approach to design and deploy Digital Twins to secure critical infrastructures, developed in the scope of the ELEGANT project. Such Digital Twins are built using real-time, high delity replicas of Programming Logic Controllers, coupled with scalable and ef cient data collection processes, supporting the development and validation of Machine Learning models to mitigate security threats like Denial of Service attacks. The validation approach of ELEGANT, which leveraged from the capabilities of the Fed4Fire federated testbeds evaluated the feasibility of using cloudi ed Digital Twins, thus converting a signi cant part of the projected CAPEX for the in-premises model into ondemand, pay-as-you-go OPEX, eventually paving the way for the establishment of a DTaaS (Digital Twin as a Service) paradigm. The achieved results demonstrate that the data pipelines providing support for the ELEGANT Digital Twins have low impact in terms of resource usage in Denial of Service and Distributed Denial of Service attack scenarios, when higher volumes of data are generated.
id RCAP_d18fafe7807ce3dfb06333d0ffa7fb68
oai_identifier_str oai:estudogeral.uc.pt:10316/100876
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling ELEGANT: Security of Critical Infrastructures With Digital TwinsDigital TwinsSCADApipelinessecurityprogrammable logic controllersDTaaSThe past years have witnessed an increasing interest and concern regarding the development of security monitoring and management mechanisms for Critical Infrastructures, due to their vital role in ensuring the availability of many essential services. This task is not easy due to the speci c characteristics of such systems, and the natural resistance of Critical Infrastructures operators against actions implying downtime. Digital Twins, as accurate virtual models of physical objects or processes, can provide a faithful environment for security analysis or evaluation of potential mitigation strategies to be deployed in face of speci c situations. Nonetheless, their on-premises deployment can be expensive, implying a signi cant CAPEX whose return will depend on the ability to plan and deploy a suitable support infrastructure, as well as implementing ef cient and scalable data collection and processing mechanisms capable of taking advantage of the acquired resources. This paper presents an off-premises approach to design and deploy Digital Twins to secure critical infrastructures, developed in the scope of the ELEGANT project. Such Digital Twins are built using real-time, high delity replicas of Programming Logic Controllers, coupled with scalable and ef cient data collection processes, supporting the development and validation of Machine Learning models to mitigate security threats like Denial of Service attacks. The validation approach of ELEGANT, which leveraged from the capabilities of the Fed4Fire federated testbeds evaluated the feasibility of using cloudi ed Digital Twins, thus converting a signi cant part of the projected CAPEX for the in-premises model into ondemand, pay-as-you-go OPEX, eventually paving the way for the establishment of a DTaaS (Digital Twin as a Service) paradigm. The achieved results demonstrate that the data pipelines providing support for the ELEGANT Digital Twins have low impact in terms of resource usage in Denial of Service and Distributed Denial of Service attack scenarios, when higher volumes of data are generated.2021info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articlehttp://hdl.handle.net/10316/100876http://hdl.handle.net/10316/100876https://doi.org/10.1109/ACCESS.2021.3100708eng2169-3536Sousa, BrunoArieiro, MiguelPereira, VascoCorreia, JoãoLourenço, NunoCruz, Tiagoinfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2022-07-18T20:38:08Zoai:estudogeral.uc.pt:10316/100876Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T21:18:10.324085Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv ELEGANT: Security of Critical Infrastructures With Digital Twins
title ELEGANT: Security of Critical Infrastructures With Digital Twins
spellingShingle ELEGANT: Security of Critical Infrastructures With Digital Twins
Sousa, Bruno
Digital Twins
SCADA
pipelines
security
programmable logic controllers
DTaaS
title_short ELEGANT: Security of Critical Infrastructures With Digital Twins
title_full ELEGANT: Security of Critical Infrastructures With Digital Twins
title_fullStr ELEGANT: Security of Critical Infrastructures With Digital Twins
title_full_unstemmed ELEGANT: Security of Critical Infrastructures With Digital Twins
title_sort ELEGANT: Security of Critical Infrastructures With Digital Twins
author Sousa, Bruno
author_facet Sousa, Bruno
Arieiro, Miguel
Pereira, Vasco
Correia, João
Lourenço, Nuno
Cruz, Tiago
author_role author
author2 Arieiro, Miguel
Pereira, Vasco
Correia, João
Lourenço, Nuno
Cruz, Tiago
author2_role author
author
author
author
author
dc.contributor.author.fl_str_mv Sousa, Bruno
Arieiro, Miguel
Pereira, Vasco
Correia, João
Lourenço, Nuno
Cruz, Tiago
dc.subject.por.fl_str_mv Digital Twins
SCADA
pipelines
security
programmable logic controllers
DTaaS
topic Digital Twins
SCADA
pipelines
security
programmable logic controllers
DTaaS
description The past years have witnessed an increasing interest and concern regarding the development of security monitoring and management mechanisms for Critical Infrastructures, due to their vital role in ensuring the availability of many essential services. This task is not easy due to the speci c characteristics of such systems, and the natural resistance of Critical Infrastructures operators against actions implying downtime. Digital Twins, as accurate virtual models of physical objects or processes, can provide a faithful environment for security analysis or evaluation of potential mitigation strategies to be deployed in face of speci c situations. Nonetheless, their on-premises deployment can be expensive, implying a signi cant CAPEX whose return will depend on the ability to plan and deploy a suitable support infrastructure, as well as implementing ef cient and scalable data collection and processing mechanisms capable of taking advantage of the acquired resources. This paper presents an off-premises approach to design and deploy Digital Twins to secure critical infrastructures, developed in the scope of the ELEGANT project. Such Digital Twins are built using real-time, high delity replicas of Programming Logic Controllers, coupled with scalable and ef cient data collection processes, supporting the development and validation of Machine Learning models to mitigate security threats like Denial of Service attacks. The validation approach of ELEGANT, which leveraged from the capabilities of the Fed4Fire federated testbeds evaluated the feasibility of using cloudi ed Digital Twins, thus converting a signi cant part of the projected CAPEX for the in-premises model into ondemand, pay-as-you-go OPEX, eventually paving the way for the establishment of a DTaaS (Digital Twin as a Service) paradigm. The achieved results demonstrate that the data pipelines providing support for the ELEGANT Digital Twins have low impact in terms of resource usage in Denial of Service and Distributed Denial of Service attack scenarios, when higher volumes of data are generated.
publishDate 2021
dc.date.none.fl_str_mv 2021
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/article
format article
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10316/100876
http://hdl.handle.net/10316/100876
https://doi.org/10.1109/ACCESS.2021.3100708
url http://hdl.handle.net/10316/100876
https://doi.org/10.1109/ACCESS.2021.3100708
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv 2169-3536
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv
_version_ 1799134076872949760

Registros relacionados