À la Une

Soutenance de thèse Anastasija Collen

AnastasijaCollen.jpg  

Mme Anastasija Collen soutiendra en anglais, en vue de l'obtention du grade de docteur ès économie et management, mention systèmes d'information, sa thèse intitulée:

AUTOMATED RISK ASSESSMENT FOR CYBER THREATS INDENTIFICATION IN IoT ENVIRONMENTS

Date: Lundi 25 avril 2022 à 10h00

Lieu: Battelle A, auditoire rez-de-chausséeZoom: contactez Prof. Katarzyna Wac

 

Jury : 

  • Prof. Katarzyna WAC, présidente du jury, GSEM, Centre universitaire d’informatique (CUI)
  • Dr. Niels NIJDAM, co-directeur de thèse, GSEM, Centre universitaire d’informatique (CUI)
  • Prof. Dimitri KONSTANTAS, co-directeur de thèse, GSEM, Centre universitaire d’informatique (CUI)
  • Prof. Jean-Henri MORIN, Faculté SDS, Centre universitaire d’informatique (CUI)
  • Prof. Sokratis KATSIKAS, Norwegian University of Science and Technology (NTNU)

Abstract:

Internet of Things (IoT) enabled systems are steadily expanding their presence in all facets of industry and consumer lives. They enable regular citizens, consumers and manufacturers to easily interact with the digital world. A plethora of composing IoT objects is gradually employed in almost every domain. As their normal operation is becoming critical for society, abnormal behaviour of such system’s composing elements poses significant implications – cyber risks – for their end-users, related to financial loss, privacy violation, critical services’ outage or even human lives endangering. This is where a well established field of the Risk Assessment (RA) becomes indispensable. It studies various aspects of the identification of hazards and threats, analysis of their causes and consequences, and representation of the corresponding risks for further decision-making based on derived probabilities of encountered uncertainties. RA in Information Security shares a common notion of a future prediction, necessary to be equipped with, to understand the risk in a given situation. While traditionally performed in a static way, where analysis operates on historical and snapshot data of today, it is widely accepted that the future of RA relies on the Dynamic Risk Assessment (DRA) with conditions monitoring.

In this work, a complete framework on the DRA is applied to the one of the most prominent examples of conjunction of physical and digital worlds – smarthomes. Stipulated by the studies on the challenges associated with the mobile properties of the IoT objects, we have conceptualised the representation of the generic object model – IoT Stack – and applied it to the DRA. On this side, our work began with the definition of the theoretical foundation for the establishment of the RA and its application in IoT environments through the evolution of the reference architecture from conceptualisation to deployment in real settings. Governed by the constantly evolving user and functional requirements, we have designed a complete workflow from data capture and network analysis to anomaly detection and operational DRA. It was further extended with the usability focused visualisation of the user interfaces for control and monitoring to support the decision-making process. Constant evolution of those requirements also shaped the input and output interfacing of the DRA, shifting the initial focus of behaviour comparison to anomaly processing integration into the RA process. We have integrated support of the real-time adjustment of the deployment infrastructure for a stronger system-level resilience. Finally, this work explored the possibilities to eliminate human interference in the RA process, aiming to develop a high level of automation for the decision-making to mitigate the confronted risks.

Bound by operating in the IoT environment, we faced the associated constraints and limitations on hardware and software level of the IoT objects. Automation, not always being possible or even desirable by lay users due to their risk perception, proved to be of  crucial importance in the decision-making process. The DRA framework  provides the tools for understanding, monitoring and addressing the risks encountered in the digital arena of our lives.

AnastasijaCollen_illustration.jpg