This document illustrates the activities aimed at analyzing cyber security aspects with particular reference to ICT architectures developed through emerging infrastructure. IoT Fog Cloud technologies and virtualization and orchestration environments are becoming increasingly important in various sectors, including the electro-energy sector. For this reason, the study and emulation of attack processes targeting the energy system is particularly relevant to identify defense measures that also consider these types of solutions, as they are increasingly widely used.
The activities were carried out both through modeling and simulation analyses, and through laboratory experiments in order to synergistically integrate one with the other.
Artificial Intelligence and Machine Learning algorithms were studied and applied with the aim of identifying cyber anomalies, starting from traffic and network events.
Simulation tools allowed studying in more detail some indicators relating to patterns of attacks on IoT infrastructure in which sensors send measurements and receive commands from control applications through MQTT communications. Some attack processes were then analyzed using probabilistic graphic tools in order to evaluate some indicators. Furthermore, the various steps taken by the attacker were identified and performed using an emulation tool; the anomaly detection platform was developed and tested for the collection and analysis of significant events from a cyber perspective. The attack processes and their detection were focused in particular on aspects of innovative architectures (IoT communications, virtualization, and use of Docker containers) and control protocols such as MMS. Thanks to the detection platform using data streaming and big data analysis techniques, anomalous behaviors cold be identified via appropriate tools and algorithms.