STOP-IT REAL-TIME ANOMALY DETECTOR (RTAD)

ICS were designed with automation reliability in mind and most communication technologies were proprietary with no compatibility with TCP/IP Stack. Nowadays most devices have connectivity features inheriting attacks that do not require physical access to plant or systems and organizations are dedicating resources to protect their assets converging physical, logical and IT resources. Task 5.5 objective is to detect known and unknown threats to ICS systems affecting integrated sensors or actuators and SCADA systems by monitoring and learning from its normal behaviour and giving the ICS operators the ability to detect advanced attacks and anomalies before they can cause damage or spread inside the network. Machine Learning techniques and custom attacks were developed for those purposes in order to identify attack patterns and unwanted behaviour before they can interact with sensors/actuators or spoof SCADA reporting messages for removing visibility of the threat to the operator.