Logo des Repositoriums

Auflistung nach Autor:in "Yatagha, Romarick"

1 - 5 von 5
  • Konferenzbeitrag
    AI Defenders: Machine learning driven anomaly detection in critical infrastructures
    (INFORMATIK 2024, 2024) Nebebe, Betelhem; Kröckel, Pavlina; Yatagha, Romarick; Edeh, Natasha; Waedt, Karl
    Previous studies have evaluated the suitability of different machine learning (ML) models for anomaly detection in critical infrastructures, which are pivotal due to the potential consequences of disruptions that can lead to safety risks, operational downtime, and financial losses. Ensuring robust anomaly detection for these systems within a company is vital to mitigate risks and maintain continuous operation. In this paper, we utilize a time-series labeled dataset obtained from a hydraulic model simulator (ELVEES simulator) to conduct a comprehensive and comparative analysis of various ML models. The study aims to demonstrate how different models effectively identify and respond to anomalies, underscoring the potential artificial intelligence (AI) driven systems to mitigate attacks. With the chosen approach, we expect to achieve the best performance in detecting two types of anomalies: point anomaly and contextual anomaly.
  • Konferenzbeitrag
    Ensuring trustworthy AI for sensitive infrastructure using Knowledge Representation
    (INFORMATIK 2024, 2024) Mejri, Oumayma; Waedt, Karl; Yatagha, Romarick; Edeh, Natasha; Sebastiao, Claudia Lemos
    Artificial intelligence (AI) has become increasingly integrated into various aspects of society, from healthcare and finance to law enforcement and hiring processes. More recently, sensitive infrastructure such as nuclear plants is engaging AI in aspects of safety. However, these systems are not immune to biases and ethical concerns. This paper explores the role of knowledge representation in addressing ethics and fairness in AI, examining how biased or incomplete representations can lead to unfair outcomes and unreliable decision-making. It proposes strategies to mitigate these risks.
  • Konferenzbeitrag
    Integrating Dynamic Thresholding in Anomaly Detection on Water Treatment Facilities
    (INFORMATIK 2024, 2024) Yatagha, Romarick; Oeztuerk, Esin; Nebebe, Betelhem; Edeh, Natasha; Mejri, Oumayma
    With the growing complexity of cyber-physical systems (CPS), adaptive and robust monitoring solutions are increasingly crucial for ensuring operational reliability and safety. Anomaly detection is a critical component of monitoring systems, particularly in dynamic environments such as water management systems, where operational regimes can vary significantly over time. Traditional static thresholding techniques, which use a single fixed threshold for the entire monitoring process, are often inadequate due to their inability to adapt to changing data patterns, leading to high rates of false positives and missed detections. This paper explores the limitations of static thresholding and presents a comparative analysis with more adaptive approaches. We first discuss the use of static thresholds for each regime shift, which provides some improvement but still falls short in accommodating gradual or unexpected changes. Subsequently, we introduce a dynamic thresholding method based on the Autoregressive Integrated Moving Average (ARIMA) model. This approach continuously adjusts thresholds in real time, effectively accounting for evolving data patterns and regime shifts. Our evaluation, conducted on synthetic water level data with known anomalies, demonstrates that dynamic thresholding significantly outperforms static methods. Specifically, dynamic thresholding achieves an accuracy of 99%, precision of 78%, recall of 88%, and an F1-score of 82%, highlighting its robustness and adaptability. These results underscore the potential of dynamic thresholding techniques to enhance anomaly detection in complex, variable environments.
  • Konferenzbeitrag
    Security challenges and best practices for resilient IIoT Networks: Network Segmentation
    (INFORMATIK 2023 - Designing Futures: Zukünfte gestalten, 2023) Yatagha, Romarick; Waedt, Karl; Schindler, Josef; Kirdan, Erkan
    The surging prominence of the Industrial Internet of Things (IIoT) introduces both unique prospects and complex issues for industrial control systems, notably within the cybersecurity sphere. Cybersecurity concerns are particularly acute for smart factories, entities that leverage IIoT capabilities like networked sensors and machine learning to streamline production. The heterogeneous devices from diverse manufacturers and vast interconnected networks heighten their susceptibility to cyber threats. This paper examines the contemporary cybersecurity landscape within smart factories, pinpointing current vulnerabilities and imminent threats. Drawing on this analysis, we put forth a suite of best practices and strategic measures to fortify IIoT networks, including but not limited to network segmentation and stringent access controls. We pay specific attention to network segmentation, a technique used to break down a computer network into manageable subnetworks, thus mitigating the risk of attacks. We propose an innovative network segmentation policy that leverages clustering, an unsupervised learning algorithm. This algorithm classifies network traffic into distinct categories based on, but not limited to, source and destination IP addresses, employed protocol, and packet size. This data-driven classification simplifies network segmentation and configuration, minimizing their complexity. The paper also underlines the critical role of employee training and awareness in establishing robust security practices, particularly for the design, integration, and deployment of IIoT devices and edge computing. Our findings offer actionable insights for industrial control systems operators and cybersecurity professionals, empowering them to fortify their IIoT networks against cyber threats effectively.
  • Konferenzbeitrag
    Understanding stegomalware in ICS: Attacks and Prevention
    (INFORMATIK 2024, 2024) Edeh, Natasha; Yatagha, Romarick; Mejri, Oumayma; Waedt, Karl
    This research investigates the growing threat of stego-malware in Industrial Control Systems (ICS), where attackers utilize steganography to embed malicious code covertly. Such attacks pose significant challenges due to their ability to evade traditional detection methods. The study reviews current cybersecurity frameworks and detection techniques, highlighting their strengths and limitations against stego-malware. It explores various detection approaches, including signature-based, anomaly-based, and AI/ML-based methods, assessing their effectiveness within the context of ISO/IEC 27001 and IEC 62443 standards. Case studies such as Havex and Industroyer underscore the real-world impact of stego-malware on ICS infrastructure. The research advocates for enhanced integration of AI and machine learning to bolster steganalysis capabilities, and proposes improvements to existing cybersecurity frameworks to address steganographic threats more effectively. By bridging gaps in current knowledge, this study contributes to advancing cybersecurity measures tailored to protect critical ICS environments against evolving cyber threats.