Type of work: Master's or Bachelor's thesis (then with reduced scope), project work.
Technical background:
Fieldbuses connect sensors and actuators in automation systems. These are found, for example, in vehicles, buildings and industrial plants. We are conducting research in several projects for the safety of fieldbuses. We want to develop universal and protocol-independent security mechanisms and systems that do not require major manual intervention. Examples of such systems would be intrusion detection and firewalls. For this purpose, the respective protocol is to be recognised. In the case of unknown protocols, the structure of the packets/telegrams/transmissions should be analysed. Furthermore, it should be determined where important information, such as addresses, can be found in the packets.
Task description:
A concept and prototype are to be developed with the help of which some known fieldbus protocols can be recognised on the basis of individual transmissions. In addition, important fields in the packet structure are to be recognised for unknown protocols. These include header fields such as addresses, flags, priorities, data types and similar.
The following questions are to be answered:
- Can all or at least some protocols be recognised and reliably distinguished on the basis of individual, a few or many recorded data streams on the data link layer (bit streams)?
- Which methods are suitable for this?
- Can this information be used for security analysis?
Possible work steps:
- Consideration of the application area (safety in fieldbuses) and the recorded data.
- Development of quality parameters
- Consideration of possible evaluation algorithms and procedures
- Design of a prototype for at least one method
- Implementation of a prototype
- Testing and evaluation on the basis of the quality parameters
- The exact definition of the topic is done in consultation with the supervisor.
Literature and resources:
- Peters, M., Goltz, J., Wiedenmann, S., & Mundt, T. (2019, July). Using Machine Learning to Find Anomalies in Field Bus Network Traffic. In International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage (pp. 336-353). Springer, Cham.
Supervisor: Dr. Thomas Mundt (thomas.mundt@uni-rostock.de)
Prerequisites: Basic skills in the field of data analysis are advantageous.